Decidability and complexity issues for subclasses of counter systems - PowerPoint PPT Presentation

Decidability and complexity issues for subclasses of counter systems Lecture 4 Counter automata with finite monoid property and flatness St´ ephane Demri demri@lsv.ens-cachan.fr LSV, ENS Cachan, CNRS, INRIA Course 2.9 – MPRI – 2010/2011 “Verification of parametrized and dynamic systems”

Plan of the lecture • Previous lectures: VASS, reversal-bounded CA. • Today’s lecture: • Other reachability problems for reversal-bounded CA. • Affine counter systems with flatness and finite monoid property. Reachability sets are effectively semilinear. • Exercises. 2

Repeated reach. pb. for reversal-bounded CA 3

Reminder (see previous lecture) Theorem: Let ( S , ( q 0 ,� x )) be r -reversal-bounded for some r ≥ 0. For each control state q f , the set y ∈ N n : ∃ run ( q 0 ,� x ) ∗ R = { � → ( q f ,� y ) } − is effectively semilinear. . . . but this result is not sufficient to answer questions about existence of infinite runs satisfying specific properties ! 4

Decidability • Control state repeated reachability problem restricted to reversal-bounded initialized counter automata is decidable. [Dang & Ibarra & San Pietro, FSTTCS’01] • ∃ -P RESBURGER INFINITELY OFTEN PROBLEM Input: Initialized CA ( S , ( q ,� x )) of dimension n that is r -reversal-bounded and a temporal formula of the form ψ = GF ϕ ( x 1 , . . . , x n ) where ϕ is a Presburger formula on counters. Question: Is there an infinite run from ( q ,� x ) satisfying ψ ? • ∃ -Presburger infinitely often problem is decidable. [Dang & San Pietro & Kemmerer, TCS 03] 5

Proof for the decidability of control state repeated reachability problem • r -reversal-bounded initialized CA ( S , ( q 0 , � x 0 )) and q f ∈ Q . • Property ( ⋆ ): there is an infinite run from ( q 0 , � x 0 ) such that q f is repeated infinitely often. • We reduce ( ⋆ ) to a reachability question for a new reversal-bounded counter automaton S ′ . • Property ( ⋆⋆ ): there exists a finite run t 1 t l ′ t l ( q 0 , � x 0 ) → ( q 1 , � x 1 ) · · · → ( q l ′ , � x l ′ ) · · · → ( q l , � x l ) such that − − − 1 q l = q l ′ = q f , x l ′ � � x l , � 2 3 if X ⊆ [ 1 , n ] is the set of counters tested to zero between ( q l , � x l ) and ( q l ′ , � x l ′ ) , then � x l ′ ( X ) = � x l ( X ) = � 0. 6

Equivalence • ( ⋆ ) is equivalent to ( ⋆⋆ ). • ( ⋆⋆ ) shall provide a characterization with a finite witness run that can be encoded as a reachability question. • ( ⋆⋆ ) implies ( ⋆ ): t l ′ t 1 t l • ρ = ( q 0 , � x 0 ) → ( q 1 , � x 1 ) · · · → ( q l ′ , � x l ′ ) · · · → ( q l , � x l ) . − − − • Infinite ρ ′ is defined with t 1 · · · t l ′ ( t l ′ + 1 · · · t l ) ω . • q f is repeated infinitely often. • Zero-tests are also successful (why?). 7

( ⋆ ) implies ( ⋆⋆ ) t 1 t 2 • ρ = ( q 0 , � x 0 ) → ( q 1 , � x 1 ) → ( q 2 , � x 2 ) · · · with q f repeated − − infinitely often. • X : set of counters that are successfully tested to zero in ρ infinitely often. • By reversal-boundedness, there is I ≥ 0 s.t. for k ≥ I , we x k ( X ) = � have � 0. • There exists I ≤ k 1 < k 2 < k 3 < . . . s.t. for 1 ≤ j < j ′ , we have q k j = q f and between ( q k j , � x k j ) and ( q k j ′ , � x k j ′ ) , exactly the counters in X are tested to zero. • By Dickson’s Lemma, there exists J < J ′ such that x k J � � x k J ′ . � 8

Reduction to a reachability question S ′ = ( Q ′ , q 0 , 3 × n , δ ′ ) s.t. ( ⋆ ⋆ ) iff ( q 0 , � x 0 ) ∗ → ( q new ,� 0 ) in S ′ . − S X 0 zero-test ( X 0 ) ; zero-test ( X 0 ) ; copy x i → x i + n check x i + n ≤ x i “ S X = S\ zero-tests for X ” q new dec ( i ) S X = [ 1 , n ] \ X def zero-test ( X 2 n − 1 ) ; zero-test ( X 2 n − 1 ) ; copy x i → x i + n check x i + n ≤ x i S X 2 n − 1 9

Construction of S ′ • Let S ′ = ( Q ′ , q 0 , 3 × n , δ ′ ) s.t. ( ⋆ ⋆ ) iff ( q 0 , � x 0 ) ∗ → ( q new ,� 0 ) in S ′ . − • Essentially, runs for S ′ are also runs for S . • One can effectively build ϕ s.t. REL ( ϕ ) = { � x : ( q 0 , � x 0 ) ∗ → ( q new ,� x ) in S ′ } − • S ′ is made of 2 n + 1 copies of S plus some extra control states such as q new . • It includes an initial distinguished copy of S . • For X ⊆ [ 1 , n ] , the control states of the X -copy ( S X ) are among Q × { X } × P ( X ) . • Third component records the counters that have been tested to zero since the run has entered in the X -copy. 10

Entering into the X -copy • For X ⊆ [ 1 , n ] , we consider a sequence of transitions from q f to ( q f , X , ∅ ) whose effect is to perform a zero-test on counters in X and to copy the value of each counter i ∈ X into the counter n + i . • copy x i → x i + n : 1 Decrement the counter i until zero and for each decrement, the counters n + i and 2 n + i are incremented. 2 When counter i is equal to zero, decrement the counter 2 n + i until zero while incrementing the counter i at each step. 3 The number of reversals is at most augmented by 2. 11

Transitions in the X -copy ϕ • ( q , X , Y ) → ( q ′ , X , Y ′ ) is a transition whenever there is a − ϕ ′ → q ′ in S for which transition q − • ϕ performs the same instruction as ϕ ′ , • for i ∈ X , ϕ ′ is a not a zero-test on i , • if ϕ = zero ( j ) , then Y ′ = Y ∪ { j } otherwise Y ′ = Y . • When all the counters in X have been tested to zero at least once and q f is reached, we may jump to q new . 12

Final step • Consider a sequence of transitions from ( q f , X , X ) to q new performing the following tasks: 1 for i ∈ X , perform a zero-test on counter i , 2 for i ∈ X , test whether the counter value for i is greater or equal to the counter value for n + i , 3 empty all the counters. • check x i + n ≤ x i : decrement i and n + i simultaneously and nondeterministically test whether the counter n + i has value zero. • ( S ′ , ( q 0 , � x 0 )) is ( r + 3 ) -reversal-bounded. 13

Undecidable Model-Checking Problems 14

Universal problem for one-counter automaton • One-counter automaton with alphabet: FSA + 1 counter. • The universal problem for 1-reversal-bounded one-counter automata with alphabet is undecidable [Ibarra, MST 79]. • One-counter automata with alphabet defines context-free languages. 15

A simple undecidable temporal fragment • The ∃ -P RESBURGER - ALWAYS PROBLEM : Input: Initialized CA ( S , ( q ,� x )) that is r -reversal-bounded and a formula ψ = G ϕ ( x 1 , . . . , x n ) where ϕ is a Presburger formula on counters. Question: Is there an infinite run from ( q ,� x ) satisfying ψ ? • The ∃ -Presburger-always problem for reversal-bounded counter automata is undecidable. [Dang & San Pietro & Kemmerer, TCS 03] • By reduction from halting problem for Minsky machines: one counter is encoded by two increasing counters, counting the number of increments and decrements, respectively. 16

Reduction from the halting problem • Proof analogous to the undecidability of the reachability problem for reversal-bounded CA augmented with guards x i = x i ′ and x i � = x i ′ . [Ibarra et al., TCS 02] • Given a Minsky machine S with halting state q h , we build a 0-reversal-bounded counter automaton S ′ such that • counter i in S ′ records the increments of counter i in S , • counter i + 2 in S ′ records the decrements of counter i in S . • zero-test on counter i in S is simulated by formula x i = x i + 2 . • W.l.o.g., we can assume that • S = ( Q , 2 , δ ) is a deterministic CA, • Halting control states in Q h ⊆ Q (no outgoing transitions), • Q 1 , Q 2 ⊆ Q contains exactly the control states that are reached after zero-tests on counter 1 and counter 2, respectively. 17

Building S ′ by erasing zero-tests • 0-reversal-bounded CA S ′ = ( Q , 5 , δ ′ ) : inc ( i ) inc ( i ) • q → q ′ ∈ δ implies q → q ′ ∈ δ ′ . − − − − dec ( i ) inc ( i + 2 ) • q → q ′ ∈ δ implies q → q ′ ∈ δ ′ . − − − − − − zero ( i ) inc ( 5 ) → q ′ ∈ δ implies q → q ′ ∈ δ ′ . • q − − − − • No halting control state is reached from ( q ,� 0 ) in S iff there 0 ) in S ′ satisfying is an infinite run from ( q ,� no negative counter values no halting state reached simulation of zero − tests � �� � � �� � � �� � � � � � ( q ⇒ x i = x i + 2 )) ∧ G ( ¬ q G ( x i ≥ x i + 2 ) ∧ G ( ) i ∈{ 1 , 2 } q ∈ Q i i ∈{ 1 , 2 } q ∈ Q h • Control states can be eliminated by adding increasing counters whose differences encode control states. 18

Affine counter systems with finite monoid property 19

Overview • Introduction to the class of admissible counter systems. • Reachability relation is effectively semilinear. • First part of next lecture: decidability of Presburger LTL model-checking over the class of admissible counter systems. 20