Towards a Regular Theory of Parameterized Concurrent Systems - - PowerPoint PPT Presentation

Towards a Regular Theory of Parameterized Concurrent Systems

Benedikt Bollig

• Laboratoire Spécification et Vérification

ENS Cachan & CNRS, France

Reports on joint works with Paul Gastin, Akshay Kumar, and Jana Schubert.

ACTS 2015 Chennai Mathematical Institute

The verification problem for parmeterized systems:

«Is a system correct independently of the number of processes / the way they are arranged?»

Talks by Arnaud Sangnier and Pierre Ganty. 2

The verification problem for parmeterized systems:

«Is a system correct independently of the number of processes / the way they are arranged?»

Talks by Arnaud Sangnier and Pierre Ganty. 2

In this talk, we study language-theoretic questions / expressiveness:

• We are looking for «robust» models of parameterized systems.

Complementation Equivalent characterization in terms of MSO logic Nonemptiness

The verification problem for parmeterized systems:

«Is a system correct independently of the number of processes / the way they are arranged?»

Talks by Arnaud Sangnier and Pierre Ganty. 2

In this talk, we study language-theoretic questions / expressiveness:

• We are looking for «robust» models of parameterized systems.

Complementation Equivalent characterization in terms of MSO logic Nonemptiness

There have been robust models for fixed process architectures:

Thomas: On logical definability of trace languages. ASMICS 1990. Henriksen-Mukund-Narayan Kumar-Sohoni-Thiagarajan: A Theory of Regular MSC Languages. I&C 2005. Genest-Kuske-Muscholl: A Kleene theorem and model checking algorithms for existentially bounded communicating

• automata. I&C 2006.

Finite Automata

finite automaton

s2 s3 s4 s1 s0 s5 s6 a a a b b b

3

b

Finite Automata

finite automaton

s2 s3 s4 s1 s0 s5 s6 a a a b b b s2 s3 s4 s1 s0 b s5

determinization

a b a a b s6

3

b

∅

Finite Automata

finite automaton

s2 s3 s4 s1 s0 s5 s6 a a a b b b s2 s3 s4 s1 s0 b s5

determinization

a b a a b s6

complementation

s2 s3 s4 s1 s0 b s5 a b a a b s6

3

b

∅ ∅

Finite Automata

∀x(a(x) → ∃y(succ(x, y) ∧ b(y)))

Theorem [Büchi-Elgot-Trakhtenbrot 1960s]: Finite Automata = MSO

finite automaton

s2 s3 s4 s1 s0 s5 s6 a a a b b b s2 s3 s4 s1 s0 b s5

determinization

a b a a b s6

complementation

s2 s3 s4 s1 s0 b s5 a b a a b s6

3

b

∅ ∅

Finite Automata

∀x(a(x) → ∃y(succ(x, y) ∧ b(y)))

Theorem [Büchi-Elgot-Trakhtenbrot 1960s]: Finite Automata = MSO

finite automaton

s2 s3 s4 s1 s0 s5 s6 a a a b b b s2 s3 s4 s1 s0 b s5

determinization

a b a a b s6

complementation

s2 s3 s4 s1 s0 b s5 a b a a b s6

3

b

∅ ∅

Proof: free variables extended alphabet

Finite Automata

∀x(a(x) → ∃y(succ(x, y) ∧ b(y)))

Theorem [Büchi-Elgot-Trakhtenbrot 1960s]: Finite Automata = MSO

finite automaton

s2 s3 s4 s1 s0 s5 s6 a a a b b b s2 s3 s4 s1 s0 b s5

determinization

a b a a b s6

complementation

s2 s3 s4 s1 s0 b s5 a b a a b s6

3

b

∅ ∅

Proof: free variables extended alphabet existential quantification projection

Finite Automata

∀x(a(x) → ∃y(succ(x, y) ∧ b(y)))

Theorem [Büchi-Elgot-Trakhtenbrot 1960s]: Finite Automata = MSO

finite automaton

s2 s3 s4 s1 s0 s5 s6 a a a b b b s2 s3 s4 s1 s0 b s5

determinization

a b a a b s6

complementation

s2 s3 s4 s1 s0 b s5 a b a a b s6

3

b

∅ ∅

Proof: free variables extended alphabet existential quantification projection negation complementation

Finite Automata

∀x(a(x) → ∃y(succ(x, y) ∧ b(y)))

Theorem [Büchi-Elgot-Trakhtenbrot 1960s]: Finite Automata = MSO

finite automaton

s2 s3 s4 s1 s0 s5 s6 a a a b b b s2 s3 s4 s1 s0 b s5

determinization

a b a a b s6

complementation

s2 s3 s4 s1 s0 b s5 a b a a b s6

Outline

3

b

∅ ∅

Proof: free variables extended alphabet existential quantification projection negation complementation

s2 s3 s4 s1 s0 s5 s6 a a a b b b a

4

Parameterized Communicating Automata (PCA) over Rings

s2 s3 s4 s1 s0 s5 s6 a a a b b b a s2 s3 s4 s1 s0 s5 s6 a a a b b b a

4

Parameterized Communicating Automata (PCA) over Rings

s2 s3 s4 s1 s0 s5 s6 a a a b b b a s2 s3 s4 s1 s0 s5 s6 a a a b b b a s2 s3 s4 s1 s0 s5 s6 a a a b b b a

4

Parameterized Communicating Automata (PCA) over Rings

s2 s3 s4 s1 s0 s5 s6 a a a b b b a s2 s3 s4 s1 s0 s5 s6 a a a b b b a s2 s3 s4 s1 s0 s5 s6 a a a b b b a s2 s3 s4 s1 s0 s5 s6 a a a b b b a

4

Parameterized Communicating Automata (PCA) over Rings

s2 s3 s4 s1 s0 s5 s6 a a a b b b a s2 s3 s4 s1 s0 s5 s6 a a a b b b a s2 s3 s4 s1 s0 s5 s6 a a a b b b a s2 s3 s4 s1 s0 s5 s6 a a a b b b a

4

Parameterized Communicating Automata (PCA) over Rings

non-fixed & unbounded

| {z }

l r l r l r l r s2 s3 s4 s1 s0 s5 s6 a a a b b b a s2 s3 s4 s1 s0 s5 s6 a a a b b b a s2 s3 s4 s1 s0 s5 s6 a a a b b b a s2 s3 s4 s1 s0 s5 s6 a a a b b b a

4

Parameterized Communicating Automata (PCA) over Rings

non-fixed & unbounded

| {z }

l r l r l r l r s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0 4

Parameterized Communicating Automata (PCA) over Rings

A PCA is given by: finite automaton over (here: ) acceptance condition

{l, r} × {!, ?} × Msg Msg = {0, 1}

l r l r l r l r s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0 4

Parameterized Communicating Automata (PCA) over Rings

A PCA is given by: finite automaton over (here: ) acceptance condition

{l, r} × {!, ?} × Msg Msg = {0, 1}

l r l r l r l r s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0 4

Parameterized Communicating Automata (PCA) over Rings

A PCA is given by: finite automaton over (here: ) acceptance condition

{l, r} × {!, ?} × Msg Msg = {0, 1}

l r l r l r l r s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0 4

Parameterized Communicating Automata (PCA) over Rings

A PCA is given by: finite automaton over (here: ) acceptance condition

{l, r} × {!, ?} × Msg Msg = {0, 1}

l r l r l r l r s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0 4

Parameterized Communicating Automata (PCA) over Rings

rendez-vous

A PCA is given by: finite automaton over (here: ) acceptance condition

{l, r} × {!, ?} × Msg Msg = {0, 1}

l r l r l r l r s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0 4

Parameterized Communicating Automata (PCA) over Rings

rendez-vous

l r l r l r l r s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0 4

Parameterized Communicating Automata (PCA) over Rings

Remark: Behavior abstracts away message contents from (like states, or stack symbols in pushdown automata).

Msg = {0, 1}

rendez-vous

l r l r l r l r s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0 4

Parameterized Communicating Automata (PCA) over Rings

l r l r l r l r s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0 4

Parameterized Communicating Automata (PCA) over Rings

l r l r l r l r s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0 4

Parameterized Communicating Automata (PCA) over Rings

l r l r l r l r s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0 4

Parameterized Communicating Automata (PCA) over Rings

l r l r l r l r s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0 4

Parameterized Communicating Automata (PCA) over Rings

l r l r l r l r s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0 4

Parameterized Communicating Automata (PCA) over Rings

l r l r l r l r s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0 4

Parameterized Communicating Automata (PCA) over Rings

l r l r l r l r s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0 4

Parameterized Communicating Automata (PCA) over Rings

l r l r l r l r s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0 4

Parameterized Communicating Automata (PCA) over Rings

l r l r l r l r s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0 4

Parameterized Communicating Automata (PCA) over Rings

l r l r l r l r s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s4 s5 s6 s6

4

Parameterized Communicating Automata (PCA) over Rings

l r l r l r l r s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s4 s5 s6

Acceptance condition: MSO formula over rings whose nodes are labeled with states. Signature:

• Thus, there are no constant processes (e.g., no «first» or «last» process).

s(x) x

r l y

s6

4

Parameterized Communicating Automata (PCA) over Rings

l r l r l r l r s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s4 s5 s6 s6

4

Parameterized Communicating Automata (PCA) over Rings

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

l r l r l r l r s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s4 s5 s6

4

s6

4

Parameterized Communicating Automata (PCA) over Rings

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

| =

l r l r l r l r s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s4 s5 s6

4

s6

4

Parameterized Communicating Automata (PCA) over Rings

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

| =

Token-Ring Protocol

l r l r l r l r s4 s5 s6

4

s6 s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 r!1 r!0 r!0 l?0 r!1 4

Parameterized Communicating Automata (PCA) over Rings

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

| =

l r l r l r l r s4 s6 s4 s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 r!1 r!0 r!0 l?0 r!1

47 47

s6

4

Parameterized Communicating Automata (PCA) over Rings

6| = 9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

L

5

Parameterized Communicating Automata (PCA) over Rings

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

L =

                                                                                                                     

l r

5

Parameterized Communicating Automata (PCA) over Rings

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

L =

                                                                                                                     

l r

5

Parameterized Communicating Automata (PCA) over Rings

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

L =

                                                                                                                     

l r

5

Parameterized Communicating Automata (PCA) over Rings

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

L =

…

                                                                                                                     

l r

5

Parameterized Communicating Automata (PCA) over Rings

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

Complementation

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

L

6

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

Complementation

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

L =

                                                                                                                     

6

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

Complementation

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

L =

                                                                                                                     

6

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

Complementation

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

L =

                                                                                                                     

6

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

Complementation

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

L =

                                                                                                                     

6

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

Complementation

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

L

…

=

                                                                                                                     

6

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

Negative Results

Theorem [B.-Gastin-Kumar; FSTTCS 2014]: PCAs over rings are not complementable.

7

Negative Results

Theorem [B.-Gastin-Kumar; FSTTCS 2014]: PCAs over rings are not complementable. Proof:

7

… … … … … …

… … …

Negative Results

Theorem [B.-Gastin-Kumar; FSTTCS 2014]: PCAs over rings are not complementable. Proof:

… … … …

… …

7

Behaviors encode grids.

… … … … … …

… … …

Negative Results

Theorem [B.-Gastin-Kumar; FSTTCS 2014]: PCAs over rings are not complementable. Proof:

… … … …

… …

7

Behaviors encode grids. Grid automata are not closed under complementation [Matz-Schweikardt-Thomas ’02].

… … … … … …

… … …

Negative Results

Theorem [Emerson-Namjoshi 2003]: Emptiness is undecidable for PCAs over rings (even token-passing systems, unless ).

|Msg| = 1

Theorem [B.-Gastin-Kumar; FSTTCS 2014]: PCAs over rings are not complementable. Proof:

… … … …

… …

7

Behaviors encode grids. Grid automata are not closed under complementation [Matz-Schweikardt-Thomas ’02].

… … … … … …

… … …

Negative Results

Theorem [Emerson-Namjoshi 2003]: Emptiness is undecidable for PCAs over rings (even token-passing systems, unless ).

|Msg| = 1

Theorem [B.-Gastin-Kumar; FSTTCS 2014]: PCAs over rings are not complementable. Proof:

… … … …

… …

7

Behaviors encode grids. Grid automata are not closed under complementation [Matz-Schweikardt-Thomas ’02].

… … … … … …

… … …

Context-Bounded PCAs

8

Context-Bounded PCAs

Idea: Every process is contrained to a bounded number of contexts.

8

Context-Bounded PCAs

Idea: Every process is contrained to a bounded number of contexts. There are several possible definitions of a context that lead to positive results.

8

Context-Bounded PCAs

Idea: Every process is contrained to a bounded number of contexts. There are several possible definitions of a context that lead to positive results. Here: Process only sends XOR only receives from one fixed neighbor.

8

Context-Bounded PCAs

Idea: Every process is contrained to a bounded number of contexts. There are several possible definitions of a context that lead to positive results. Here: Process only sends XOR only receives from one fixed neighbor.

8

Context-Bounded PCAs

Idea: Every process is contrained to a bounded number of contexts. There are several possible definitions of a context that lead to positive results. Here: Process only sends XOR only receives from one fixed neighbor.

8

Context-Bounded PCAs

Idea: Every process is contrained to a bounded number of contexts. There are several possible definitions of a context that lead to positive results. Here: Process only sends XOR only receives from one fixed neighbor.

8

Context-Bounded PCAs

Idea: Every process is contrained to a bounded number of contexts. There are several possible definitions of a context that lead to positive results. Here: Process only sends XOR only receives from one fixed neighbor.

8

Context-Bounded PCAs

Idea: Every process is contrained to a bounded number of contexts. There are several possible definitions of a context that lead to positive results. Here: Process only sends XOR only receives from one fixed neighbor.

8

Context-Bounded PCAs

Idea: Every process is contrained to a bounded number of contexts. There are several possible definitions of a context that lead to positive results. Here: Process only sends XOR only receives from one fixed neighbor.

8

Context-Bounded PCAs

Idea: Every process is contrained to a bounded number of contexts. There are several possible definitions of a context that lead to positive results. Here: Process only sends XOR only receives from one fixed neighbor.

8

Context-Bounded PCAs

Idea: Every process is contrained to a bounded number of contexts. There are several possible definitions of a context that lead to positive results. Here: Process only sends XOR only receives from one fixed neighbor.

8

3-bounded

Context-Bounded PCAs

Idea: Every process is contrained to a bounded number of contexts. There are several possible definitions of a context that lead to positive results. Here: Process only sends XOR only receives from one fixed neighbor.

8

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0 9

Definition: A PCA is k-bounded if the finite automaton restricts to k contexts.

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

Context-Bounded PCAs

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

2-bounded PCA

9

Definition: A PCA is k-bounded if the finite automaton restricts to k contexts.

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

Context-Bounded PCAs

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

2-bounded PCA

Theorem [B.-Gastin-Kumar; FSTTCS 2014]: For every bounded PCA , there is a PCA such that .

A B L(B) = L(A)

9

Definition: A PCA is k-bounded if the finite automaton restricts to k contexts.

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

Context-Bounded PCAs

Proof Outline

nondeterminism disambiguation

every behavior has a unique run

complementation

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

k-bounded

10

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

Proof Outline

nondeterminism disambiguation

every behavior has a unique run

complementation

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

A

ϕ

k-bounded

10

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

Proof Outline

nondeterminism disambiguation

every behavior has a unique run

complementation

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

A

ϕ

A

¬ϕ

!

k-bounded

10

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

Proof Outline

nondeterminism disambiguation

every behavior has a unique run

complementation

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

A

ϕ

A

¬ϕ

! ?

k-bounded

Powerset construction not applicable due to message contents.

10

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

Proof Outline

nondeterminism disambiguation

every behavior has a unique run

complementation

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

A

ϕ

A

¬ϕ

! ?

k-bounded

Powerset construction not applicable due to message contents.

10

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

Disambiguation through summaries:

Alur-Madhusudan: Visibly pushdown languages. STOC 2004. La Torre-Madhusudan-Parlato: The language theory of bounded context switching. LATIN 2010. La Torre-Napoli-Parlato: Scope-bounded pushdown languages. DLT 2014.

Disambiguation of context-bounded PCAs

11

Disambiguation of context-bounded PCAs

11

Disambiguation of context-bounded PCAs

11

Disambiguation of context-bounded PCAs

11

Disambiguation of context-bounded PCAs

11

Disambiguation of context-bounded PCAs

Every process traverses a bounded number of zones.

11

Disambiguation of context-bounded PCAs

Every process traverses a bounded number of zones. Zone numbers can be computed unambiguously by a PCA.

11

Disambiguation of context-bounded PCAs

Every process traverses a bounded number of zones. Zone numbers can be computed unambiguously by a PCA.

0,0,0 0,0,0 0,0,0

11

0,0,0

Disambiguation of context-bounded PCAs

Every process traverses a bounded number of zones. Zone numbers can be computed unambiguously by a PCA.

0,0,0 1,1,1 0,0,0 0,0,0 2,1,0 1,2,1 0,1,1

11

r l

0,0,0

Disambiguation of context-bounded PCAs

Every process traverses a bounded number of zones. Zone numbers can be computed unambiguously by a PCA.

0,0,0 1,1,1 0,0,0 0,0,0 2,1,0 1,2,1 0,1,1

11

r l

0,0,0

Disambiguation of context-bounded PCAs

Every process traverses a bounded number of zones. Zone numbers can be computed unambiguously by a PCA.

0,0,0 1,1,1 0,0,0 0,0,0 2,1,0 1,2,1 0,1,1

11

r l

0,0,0

6=

Disambiguation of context-bounded PCAs

Every process traverses a bounded number of zones. Zone numbers can be computed unambiguously by a PCA.

0,0,0 1,1,1 1,2,3 0,0,0 0,0,0 2,1,0 1,2,1 0,1,1 2,3,1

11

r l

0,0,0

Disambiguation of context-bounded PCAs

Every process traverses a bounded number of zones. Zone numbers can be computed unambiguously by a PCA.

0,0,0 1,1,1 1,2,3 0,0,0 0,0,0 2,1,0 1,2,1 0,1,1 0,2,2 2,3,1 2,2,3

11

r l

0,0,0

Disambiguation of context-bounded PCAs

Every process traverses a bounded number of zones. Zone numbers can be computed unambiguously by a PCA.

0,0,0 1,1,1 1,2,3 0,0,0 0,0,0 2,1,0 1,2,1 0,1,1 0,2,2 2,3,1 2,3,1 2,2,3 2,2,3

11

r l

0,0,0

Disambiguation of context-bounded PCAs

R1 R2 R3 Ri ⊆ S3 × S3

11

Disambiguation of context-bounded PCAs

Every process traverses a bounded number of zones. Zone numbers can be computed unambiguously. Sending processes deterministically compute summaries for zones.

R1 R2 R3 Ri ⊆ S3 × S3

11

Disambiguation of context-bounded PCAs

Every process traverses a bounded number of zones. Zone numbers can be computed unambiguously. Sending processes deterministically compute summaries for zones.

R1 R2 R3 Ri ⊆ S3 × S3

11

Disambiguation of context-bounded PCAs

Every process traverses a bounded number of zones. Zone numbers can be computed unambiguously. Sending processes deterministically compute summaries for zones. Acceptance condition checks if summaries correspond to accepting run.

R1 R2 R3 Ri ⊆ S3 × S3

11

Disambiguation of context-bounded PCAs

Every process traverses a bounded number of zones. Zone numbers can be computed unambiguously. Sending processes deterministically compute summaries for zones. Acceptance condition checks if summaries correspond to accepting run.

R1 R2 R3 Ri ⊆ S3 × S3

11

Disambiguation of context-bounded PCAs

Every process traverses a bounded number of zones. Zone numbers can be computed unambiguously. Sending processes deterministically compute summaries for zones. Acceptance condition checks if summaries correspond to accepting run.

R1 R2 R3 Ri ⊆ S3 × S3

11

Disambiguation of context-bounded PCAs

Every process traverses a bounded number of zones. Zone numbers can be computed unambiguously. Sending processes deterministically compute summaries for zones. Acceptance condition checks if summaries correspond to accepting run.

R1 R2 R3 Ri ⊆ S3 × S3

11

Disambiguation of context-bounded PCAs

Every process traverses a bounded number of zones. Zone numbers can be computed unambiguously. Sending processes deterministically compute summaries for zones. Acceptance condition checks if summaries correspond to accepting run.

R1 R2 R3 Ri ⊆ S3 × S3

11

Disambiguation of context-bounded PCAs

Every process traverses a bounded number of zones. Zone numbers can be computed unambiguously. Sending processes deterministically compute summaries for zones. Acceptance condition checks if summaries correspond to accepting run.

R1 R2 R3 Ri ⊆ S3 × S3

11

• riginal acceptance condition

| =

Logical Characterization of Context-Bounded PCAs

l r r r l l r l

12

The Logic: MSO logic over graphs, including process nodes and event nodes.

l r r r l l r l

msg msg msg msg msg proc proc proc proc proc proc init init init init

The Logic: MSO logic over graphs, including process nodes and event nodes.

12

Logical Characterization of Context-Bounded PCAs

l r r r l l r l

msg msg msg msg msg proc proc proc proc proc proc init init init init

Corollary [B.-Gastin-Kumar; FSTTCS 2014]: For every bounded set L of behaviors, the following are equivalent:

L is recognized by some PCA. L is definable in MSO logic.

The Logic: MSO logic over graphs, including process nodes and event nodes.

12

Logical Characterization of Context-Bounded PCAs

Topologies of Bounded Degree

Complementation and MSO characterization hold wrt. the class of all topologies

• ver a fixed set of ports. With 4 ports, this captures rings, binary trees, and grids.

l r r r l l r l

ring

13

Topologies of Bounded Degree

Complementation and MSO characterization hold wrt. the class of all topologies

• ver a fixed set of ports. With 4 ports, this captures rings, binary trees, and grids.

l r r r l l r l

ring

l r

tree

l r r u u u u u

13

Topologies of Bounded Degree

Complementation and MSO characterization hold wrt. the class of all topologies

• ver a fixed set of ports. With 4 ports, this captures rings, binary trees, and grids.

l r r r l l r l

ring

l r

tree

l r r u u u u u

l r r r l l l r r r l l l r r r l l

grid

u u u u u u u u d d d d d d d d

13

Context-Bounded Model Checking

14

Theorem [B.-Gastin-Kumar; FSTTCS 2014]: Context-bounded MSO model checking is decidable over rings.

Input: PCA A ; k ∈ N ; MSO formula ϕ Question: M |

= ϕ for all k-bounded M ∈ L(A) ?

Context-Bounded Model Checking

Theorem [B.-Gastin-Schubert; RP 2014]: Context-bounded nonemptiness checking over rings is PSPACE-complete when the acceptance condition is presented as a finite automaton.

14

Theorem [B.-Gastin-Kumar; FSTTCS 2014]: Context-bounded MSO model checking is decidable over rings.

Input: PCA A ; k ∈ N ; MSO formula ϕ Question: M |

= ϕ for all k-bounded M ∈ L(A) ?

Input: PCA A ; k ∈ N Question: Does L(A) contain some k-bounded behavior ?

Context-Bounded Emptiness Problem

Theorem [B.-Gastin-Schubert; RP 2014]: Context-bounded nonemptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries.

15

Context-Bounded Nonemptiness Problem

Input: PCA A ; k ∈ N Question: Does L(A) contain some k-bounded behavior ?

Context-Bounded Emptiness Problem

Theorem [B.-Gastin-Schubert; RP 2014]: Context-bounded nonemptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries.

15

Context-Bounded Nonemptiness Problem

Input: PCA A ; k ∈ N Question: Does L(A) contain some k-bounded behavior ?

Context-Bounded Emptiness Problem

Theorem [B.-Gastin-Schubert; RP 2014]: Context-bounded nonemptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries.

15

Context-Bounded Nonemptiness Problem

Input: PCA A ; k ∈ N Question: Does L(A) contain some k-bounded behavior ?

Context-Bounded Emptiness Problem

Theorem [B.-Gastin-Schubert; RP 2014]: Context-bounded nonemptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries.

15

Context-Bounded Nonemptiness Problem

Input: PCA A ; k ∈ N Question: Does L(A) contain some k-bounded behavior ?

Context-Bounded Emptiness Problem

Theorem [B.-Gastin-Schubert; RP 2014]: Context-bounded nonemptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries.

15

∈ Summary

Context-Bounded Nonemptiness Problem

Input: PCA A ; k ∈ N Question: Does L(A) contain some k-bounded behavior ?

Context-Bounded Emptiness Problem

Theorem [B.-Gastin-Schubert; RP 2014]: Context-bounded nonemptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries.

15

∈ Summary

Context-Bounded Nonemptiness Problem

Input: PCA A ; k ∈ N Question: Does L(A) contain some k-bounded behavior ?

Context-Bounded Emptiness Problem

Theorem [B.-Gastin-Schubert; RP 2014]: Context-bounded nonemptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries.

15

∈ Summary

Context-Bounded Nonemptiness Problem

Input: PCA A ; k ∈ N Question: Does L(A) contain some k-bounded behavior ?

Context-Bounded Emptiness Problem

Theorem [B.-Gastin-Schubert; RP 2014]: Context-bounded nonemptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries.

15

∈ Summary

Context-Bounded Nonemptiness Problem

Input: PCA A ; k ∈ N Question: Does L(A) contain some k-bounded behavior ?

Context-Bounded Emptiness Problem

Theorem [B.-Gastin-Schubert; RP 2014]: Context-bounded nonemptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries.

15

∈ Summary

Context-Bounded Nonemptiness Problem

Input: PCA A ; k ∈ N Question: Does L(A) contain some k-bounded behavior ?

Context-Bounded Emptiness Problem

Theorem [B.-Gastin-Schubert; RP 2014]: Context-bounded nonemptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries. However, summaries may match locally, but not give rise to an accepting run!

15

∈ Summary

Context-Bounded Nonemptiness Problem

Input: PCA A ; k ∈ N Question: Does L(A) contain some k-bounded behavior ?

Theorem [B.-Gastin-Schubert 2014]: Context-bounded emptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries. However, summaries may match locally, but not give rise to an accepting run! Check causal dependencies.

15

Context-Bounded Nonemptiness Problem

= strict precedence = synchronization

Theorem [B.-Gastin-Schubert 2014]: Context-bounded emptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries. However, summaries may match locally, but not give rise to an accepting run! Check causal dependencies.

15

Context-Bounded Nonemptiness Problem

= strict precedence = synchronization

Theorem [B.-Gastin-Schubert 2014]: Context-bounded emptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries. However, summaries may match locally, but not give rise to an accepting run! Check causal dependencies.

15

Context-Bounded Nonemptiness Problem

= strict precedence = synchronization

Theorem [B.-Gastin-Schubert 2014]: Context-bounded emptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries. However, summaries may match locally, but not give rise to an accepting run! Check causal dependencies.

15

Context-Bounded Nonemptiness Problem

= strict precedence = synchronization

Theorem [B.-Gastin-Schubert 2014]: Context-bounded emptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries. However, summaries may match locally, but not give rise to an accepting run! Check causal dependencies.

15

Context-Bounded Nonemptiness Problem

= strict precedence = synchronization

Theorem [B.-Gastin-Schubert 2014]: Context-bounded emptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries. However, summaries may match locally, but not give rise to an accepting run! Check causal dependencies.

15

Context-Bounded Nonemptiness Problem

= strict precedence = synchronization

Theorem [B.-Gastin-Schubert 2014]: Context-bounded emptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries. However, summaries may match locally, but not give rise to an accepting run! Check causal dependencies.

15

Context-Bounded Nonemptiness Problem

= strict precedence = synchronization

Theorem [B.-Gastin-Schubert 2014]: Context-bounded emptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries. However, summaries may match locally, but not give rise to an accepting run! Check causal dependencies.

15

Context-Bounded Nonemptiness Problem

= strict precedence = synchronization

Theorem [B.-Gastin-Schubert 2014]: Context-bounded emptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries. However, summaries may match locally, but not give rise to an accepting run! Check causal dependencies.

15

Context-Bounded Nonemptiness Problem

= strict precedence = synchronization

Theorem [B.-Gastin-Schubert 2014]: Context-bounded emptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries. However, summaries may match locally, but not give rise to an accepting run! Check causal dependencies.

15

Context-Bounded Nonemptiness Problem

= strict precedence = synchronization

Theorem [B.-Gastin-Schubert 2014]: Context-bounded emptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries. However, summaries may match locally, but not give rise to an accepting run! Check causal dependencies.

15

Context-Bounded Nonemptiness Problem

strict cycle =

⇒ run is not accepting

Theorem [B.-Gastin-Schubert 2014]: Context-bounded emptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries. However, summaries may match locally, but not give rise to an accepting run! Check causal dependencies.

15

Context-Bounded Nonemptiness Problem

q

right

left

right

left

right

left

right

left

right

left

q

right

left

q q q

¯ q

Theorem [B.-Gastin-Schubert 2014]: Context-bounded emptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries. However, summaries may match locally, but not give rise to an accepting run! Check causal dependencies.

15

Context-Bounded Nonemptiness Problem

q

right

left

right

left

right

left

right

left

right

left

q

right

left

q q q

¯ q

Theorem [B.-Gastin-Schubert 2014]: Context-bounded emptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries. However, summaries may match locally, but not give rise to an accepting run! Check causal dependencies.

15

Context-Bounded Nonemptiness Problem

q

right

left

right

left

right

left

right

left

right

left

q

right

left

q q q

¯ q

Theorem [B.-Gastin-Schubert 2014]: Context-bounded emptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries. However, summaries may match locally, but not give rise to an accepting run! Check causal dependencies.

15

Context-Bounded Nonemptiness Problem

q

right

left

right

left

right

left

right

left

right

left

q

right

left

q q q

¯ q

Theorem [B.-Gastin-Schubert 2014]: Context-bounded emptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries. However, summaries may match locally, but not give rise to an accepting run! Check causal dependencies.

15

Context-Bounded Nonemptiness Problem

q

right

left

right

left

right

left

right

left

right

left

q

right

left

q q q

¯ q

Theorem [B.-Gastin-Schubert 2014]: Context-bounded emptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries. However, summaries may match locally, but not give rise to an accepting run! Check causal dependencies.

15

Context-Bounded Nonemptiness Problem

q

right

left

right

left

right

left

right

left

right

left

q

right

left

q q q

¯ q

Theorem [B.-Gastin-Schubert 2014]: Context-bounded emptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries. However, summaries may match locally, but not give rise to an accepting run! Check causal dependencies.

15

Context-Bounded Nonemptiness Problem

q

right

left

right

left

right

left

right

left

right

left

q

right

left

q q q

¯ q

no strict cycle =

⇒ run is accepting

Theorem [B.-Gastin-Schubert 2014]: Context-bounded emptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries. However, summaries may match locally, but not give rise to an accepting run! Check causal dependencies.

15

Context-Bounded Nonemptiness Problem

q

right

left

right

left

right

left

right

left

right

left

q

right

left

q q q

¯ q

no strict cycle =

⇒ run is accepting

Theorem [B.-Gastin-Schubert 2014]: Context-bounded emptiness checking over rings is PSPACE-complete.

Finite automaton guesses local states & checks membership in summaries. However, summaries may match locally, but not give rise to an accepting run! Check causal dependencies. Gives PSPACE procedure.

15

Context-Bounded Nonemptiness Problem

Summary of Results

16

Theorem: Context-bounded PCAs are complementable and expressively equivalent to MSO logic.

Summary of Results

Theorem: Context-bounded nonemptiness checking is decidable over rings and trees.

16

Theorem: Context-bounded PCAs are complementable and expressively equivalent to MSO logic.

Summary of Results

Theorem: Context-bounded nonemptiness checking is decidable over rings and trees.

16

Corollary: Context-bounded MSO model checking is decidable over rings and trees. Theorem: Context-bounded PCAs are complementable and expressively equivalent to MSO logic.

Summary of Results

Theorem: Context-bounded nonemptiness checking is decidable over rings and trees.

16

Corollary: Context-bounded MSO model checking is decidable over rings and trees. Theorem: Context-bounded PCAs are complementable and expressively equivalent to MSO logic.

Context-bounded PCAs form a robust automata model.

Application to Verification of Distributed Algorithms

17

8 4 3 1 6

Franklin’s leader-election protocol (1982)

Application to Verification of Distributed Algorithms

17

8 4 3 1 6 8 8 6 6 1 1 4 4 3 3

Franklin’s leader-election protocol (1982)

Application to Verification of Distributed Algorithms

17

8 4 3 1 6 8 8 6 6 1 1 4 4 3 3

Franklin’s leader-election protocol (1982)

Application to Verification of Distributed Algorithms

17

8 4 3 1 6 8 8 6 6 1 1 4 4 3 3

Franklin’s leader-election protocol (1982)

Application to Verification of Distributed Algorithms

17

Distributed algorithms often proceed in rounds/contexts.

8 4 3 1 6 8 8 6 6 1 1 4 4 3 3

1 Round

Franklin’s leader-election protocol (1982)

Application to Verification of Distributed Algorithms

17

Distributed algorithms often proceed in rounds/contexts.

8 4 3 1 6 8 8 6 6 1 1 4 4 3 3 8 8 8 8 8 8 6 6 6 6 6

2 1 Round

Franklin’s leader-election protocol (1982)

Application to Verification of Distributed Algorithms

17

Distributed algorithms often proceed in rounds/contexts.

8 4 3 1 6 8 8 6 6 1 1 4 4 3 3 8 8 8 8 8 8 6 6 6 6 6

leader

2 1 Round

Franklin’s leader-election protocol (1982)

Application to Verification of Distributed Algorithms

17

Distributed algorithms often proceed in rounds/contexts.

8 4 3 1 6 8 8 6 6 1 1 4 4 3 3 8 8 8 8 8 8 6 6 6 6 6

leader

8 8 8 8 8 8

2 3 1 Round

Franklin’s leader-election protocol (1982)

Application to Verification of Distributed Algorithms

17

Distributed algorithms often proceed in rounds/contexts. Number of rounds is sometimes logarithmic in the number of processes.

8 4 3 1 6 8 8 6 6 1 1 4 4 3 3 8 8 8 8 8 8 6 6 6 6 6

leader

8 8 8 8 8 8

2 3 1 Round

Franklin’s leader-election protocol (1982)

Application to Verification of Distributed Algorithms

17

Distributed algorithms often proceed in rounds/contexts. Number of rounds is sometimes logarithmic in the number of processes.

8 4 3 1 6 8 8 6 6 1 1 4 4 3 3 8 8 8 8 8 8 6 6 6 6 6

leader

8 8 8 8 8 8

2 3 1 Round

Franklin’s leader-election protocol (1982)

rec( r ) ; r < id rec( r ) ; r > id

Application to Verification of Distributed Algorithms

17

Distributed algorithms often proceed in rounds/contexts. Number of rounds is sometimes logarithmic in the number of processes. MSO can trace back origin of unique process identifiers (pids).

8 4 3 1 6 8 8 6 6 1 1 4 4 3 3 8 8 8 8 8 8 6 6 6 6 6

leader

8 8 8 8 8 8

2 3 1 Round

Franklin’s leader-election protocol (1982)

rec( r ) ; r < id rec( r ) ; r > id

Application to Verification of Distributed Algorithms

17

Distributed algorithms often proceed in rounds/contexts. Number of rounds is sometimes logarithmic in the number of processes. MSO can trace back origin of unique process identifiers (pids).

8 4 3 1 6 8 8 6 6 1 1 4 4 3 3 8 8 8 8 8 8 6 6 6 6 6

leader

8 8 8 8 8 8

2 3 1 Round

Franklin’s leader-election protocol (1982)

rec( r ) ; r < id rec( r ) ; r > id

Application to Verification of Distributed Algorithms

17

Distributed algorithms often proceed in rounds/contexts. Number of rounds is sometimes logarithmic in the number of processes. MSO can trace back origin of unique process identifiers (pids). Underapproximate verification of distributed algorithms that send and compare pids.

8 4 3 1 6 8 8 6 6 1 1 4 4 3 3 8 8 8 8 8 8 6 6 6 6 6

leader

8 8 8 8 8 8

2 3 1 Round

Franklin’s leader-election protocol (1982)

rec( r ) ; r < id rec( r ) ; r > id

Beyond Context Bounds …

18

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

weak PCA

Beyond Context Bounds …

msg msg msg msg msg proc proc proc proc proc proc

l r r r l l r l

init init init init

18

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

weak PCA weak logic

Beyond Context Bounds …

msg msg msg msg msg proc proc proc proc proc proc

18

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

weak PCA weak logic

Beyond Context Bounds …

msg msg msg msg msg proc proc proc proc proc proc

18

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

weak PCA weak logic

Beyond Context Bounds …

msg msg msg msg msg proc proc proc proc proc proc

18

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

weak PCA weak logic

Beyond Context Bounds …

msg msg msg msg msg proc proc proc proc proc proc

Theorem [B.; CSL-LICS 2014]: Let T be any of the following topology classes: rings, grids, binary trees.

18

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

weak PCA weak logic

Beyond Context Bounds …

msg msg msg msg msg proc proc proc proc proc proc

Theorem [B.; CSL-LICS 2014]: Let T be any of the following topology classes: rings, grids, binary trees. For every set L of behaviors over a topology from T the following are equivalent:

L is recognized by some weak PCA. L is definable in weak EMSO logic (projection of weak-FO-definable language).

18

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

weak PCA weak logic

Beyond Context Bounds …

msg msg msg msg msg proc proc proc proc proc proc

Theorem [B.; CSL-LICS 2014]: Let T be any of the following topology classes: rings, grids, binary trees. For every set L of behaviors over a topology from T the following are equivalent:

L is recognized by some weak PCA. L is definable in weak EMSO logic (projection of weak-FO-definable language).

18

s2 s3 s4 s1 s0 s5 s6

l?0 r!1 l?1 l?0 r!1 r!0 r!0

9x(s4(x) ^ 8y(y 6= x ! s5(y) _ s6(y)))

weak PCA weak logic

Proof uses [Schwentick-Barthelmann 1999] & [Genest-Kuske-Muscholl 2006].

Topologies of unbounded degree (unranked trees, stars, …) Other Future Work

19

Temporal logics and efficient model checking Split-width for parameterized systems

[Aiswarya-Gastin-Narayan Kumar 2012]

Topologies of unbounded degree (unranked trees, stars, …)

Thank You!

Other Future Work

19

Temporal logics and efficient model checking Split-width for parameterized systems

[Aiswarya-Gastin-Narayan Kumar 2012]