Deciding Kleene Algebra Terms (In-)Equivalence in Coq Nelma - PowerPoint PPT Presentation

Deciding Kleene Algebra Terms (In-)Equivalence in Coq Nelma Moreira, David Pereira and Simão Melo de Sousa Tallinn September 2016

Outline Regular Expression (In-)Equivalence Implementation in Coq Experimental Results Deciding Relation Algebra Equations (In-)Equivalence of KAT terms Applications Conclusions and Future Work

Table of Contents Regular Expression (In-)Equivalence Implementation in Coq Experimental Results Deciding Relation Algebra Equations (In-)Equivalence of KAT terms Applications Conclusions and Future Work

Kleene Algebra Idempotent semiring ( K , + , · , 0 , 1 ) : Consider x ≤ y � x + y = y . x + x = x (1) Kleene Algebra (KA): ( K , + , · , ⋆ , 0 , 1 ) x + 0 = x (2) such that the sub-algebra ( K , + , · , 0 , 1 ) x + y = y + x (3) is an idempotent semiring and that the operator ⋆ is characterized by the x + ( y + z ) = ( x + y ) + z (4) following axioms: 0 x = 0 (5) x 0 = 0 (6) 1 + pp ⋆ ≤ p ⋆ (12) 1 x = x (7) 1 + p ⋆ p ≤ p ⋆ (13) x 1 = x (8) q + pr ≤ r → p ⋆ q ≤ r (14) x ( yz ) = ( xy ) z (9) q + rp ≤ r → qp ⋆ ≤ r (15) x ( y + z ) = xy + xz (10) ( x + y ) z = xz + yz . (11) Standard Model of KA: ( RL Σ , ∪ , · , ⋆ , ∅ , { ǫ } )

Regular expressions and Languages ◮ Regular expression: α, β ::= 0 | 1 | a ∈ Σ | α + β | αβ | α ⋆ ◮ Language denoted by a regular expression: L ( 0 ) = ∅ L ( 1 ) = { ǫ } L ( a ) = { a } L ( α ⋆ ) = L ( α ) ⋆ L ( α + β ) = L ( α ) ∪ L ( β ) L ( αβ ) = L ( α ) L ( β ) ◮ Regular expression equivalence: α ∼ β iff L ( α ) = L ( β ) ◮ Nullability: � true if ǫ ∈ L ( α ) ε ( α ) = false if ǫ �∈ L ( α )

Partial Derivatives ◮ Definition of Partial Derivative wrt a ∈ Σ [Mirkin,Antimirov]: ∅ ∂ a ( 0 ) = ∂ a ( 1 ) = ∅ � { 1 } if a ≡ b ∂ a ( b ) = ∅ otherwise ∂ a ( α + β ) = ∂ a ( α ) ∪ ∂ a ( β ) � ∂ a ( α ) β ∪ ∂ a ( β ) if ε ( α ) = true , ∂ a ( αβ ) = ∂ a ( α ) β otherwise . ∂ a ( α ⋆ ) ∂ a ( α ) α ⋆ =

Partial Derivatives (cont.) ◮ Partial Derivatives wrt Words: ∂ ε ( α ) = { α } ∂ wa ( α ) = ∂ a ( ∂ w ( α )) . ◮ Language of Partial Derivative: L ( ∂ a ( α )) = a − 1 ( L ( α )) ◮ Example: ∂ abb ( ab ⋆ ) = ∂ b ( ∂ b ( ∂ a ( ab ⋆ ))) = ∂ b ( ∂ b ( ∂ a ( a ) b ⋆ )) = ∂ b ( ∂ b ( { b ⋆ } )) = ∂ b ( ∂ b ( b ) b ⋆ ) = ∂ b ( { b ⋆ } ) = { b ⋆ } ◮ An interesting consequence: w ∈ L ( α ) ↔ ε ( ∂ w ( α )) = true ◮ Set of all Partial Derivatives: PD ( α ) = � w ∈ Σ ⋆ ( ∂ w ( α )) ◮ Finiteness of PD [Mirkin,Antimirov] : PD ( α ) ≤ | α | Σ + 1

(In-)Equivalence Through Iterated Derivation � � α ∼ ε ( α ) ∪ a ( ∂ a ( α )) (16) a ∈ Σ If α ∼ β , then by (16) : � � � � ε ( α ) ∪ a ( ∂ a ( α )) ∼ ε ( β ) ∪ a ( ∂ a ( β )) (17) a ∈ Σ a ∈ Σ By (17) and knowing that w ∈ L ( α ) ↔ ε ( ∂ w ( α )) = true , we obtain: ( ∀ w ∈ Σ ⋆ , ε ( ∂ w ( α )) = ε ( ∂ w ( β ))) ↔ α ∼ β. (18) for some w ∈ Σ ⋆ . ε ( ∂ w ( α )) � = ε ( ∂ w ( β ))) → α �∼ β, (19)

The Procedure equivP Require: S = { ( { α } , { β } ) } , H = ∅ Ensure: true or false 1: procedure EquivP( S , H ) while S � = ∅ do 2: ( S α , S β ) ← POP ( S ) 3: ◮ Construct a bisimulation that leads to if ε ( S α ) � = ε ( S β ) then 4: (18) or finds a counter-example that 5: return false prove that such a bisimulation does 6: end if not exist (19). H ← H ∪ { ( S α , S β ) } 7: for a ∈ Σ do ◮ S : Derivatives yet to be processed 8: β ) ← ∂ a ( S α , S β ) 9: ( S ′ α , S ′ ◮ H : Processed derivatives ( H is finite) if ( S ′ α , S ′ β ) �∈ H then 10: ◮ if false , then counter-example S ← S ∪ { ( S ′ α , S ′ β ) } 11: 12: end if 13: end for 14: end while 15: return true 16: end procedure

The Procedure equivP, an example ◮ Consider α = ( ab ) ⋆ a and β = a ( ba ) ⋆ . ◮ Then s 0 = ( { α, β } ) = ( { ( ab ) ⋆ a } , { a ( ba ) ⋆ } ) ◮ We must show that equivP ( { s 0 } , ∅ ) = true . ◮ equivP for such α and β computes s 1 = ( { 1 , b ( ab ) ⋆ a } , { ( ba ) ⋆ } ) and s 2 = ( ∅ , ∅ ) . ◮ Execution traces: i S i H i drvs. { s 0 } ∅ 0 ∂ a ( s 0 ) = s 1 , ∂ b ( s 0 ) = s 2 { s 1 , s 2 } { s 0 } 1 ∂ a ( s 1 ) = s 2 , ∂ b ( s 1 ) = s 0 { s 2 } { s 0 , s 1 } 2 ∂ a ( s 2 ) = s 2 , ∂ b ( s 2 ) = s 2 ∅ { s 0 , s 1 , s 2 } 3 true

Table of Contents Regular Expression (In-)Equivalence Implementation in Coq Experimental Results Deciding Relation Algebra Equations (In-)Equivalence of KAT terms Applications Conclusions and Future Work

Ingredient 1 : Representation of Derivatives ◮ Derivatives as dependent records : Record Drv ( α β :re) := mkDrv { dp :> set re * set re ; w : word ; cw : dp = ( ∂ w ( α ) , ∂ w ( β ) ) }. Example (Original regular expression) Definition Drv_1st ( α β :re) : Drv α β . refine(mkDrv ({ α },{ β }) ǫ _). abstract(reflexivity). Defined.

Ingredient 2 : Derivation of Drv terms ◮ Derivation of Drv terms wrt a ∈ Σ : Definition Drv_pdrv(x:Drv α β )( a :A) : Drv α β . refine(match x with | mkDrv α β p w H ⇒ mkDrv α β (pdrvp p a ) ( w ++[ a ]) _ end). abstract( (* Proof of ∂ a ( ∂ w ( α ) , ∂ w ( β )) = ( ∂ wa ( α ) , ∂ wa ( β )) *) ). Defined. ◮ Derivation of Drv terms wrt a set of symbols: Definition Drv_pdrv_set(x:Drv α β )(Sig:set A) : set (Drv α β ) := fold (fun a:A ⇒ add (Drv_pdrv α β x a)) Sig ∅ . ◮ Ignoring already existing derivatives in H : Definition Drv_pdrv_set_filtered(x:Drv α β ) ( H :set(Drv α β ))(sig:set A ):set (Drv α β ) := filter (fun y ⇒ negb ( y ∈ H )) (Drv_pdrv_set x sig).

Ingredient 3 : One Step of Computation ◮ proceed : continue the iterative process; Inductive step_case ( α β :re) : Type := ◮ termtrue : the procedure must |proceed : step_case α β terminate and use the parameter as |termtrue : set (Drv α β ) → step_case a witness of equivalence; α β |termfalse : Drv α β → step_case α β . ◮ termfalse : the procedure must terminate and use the parameter as a counter-example of equivalence. (*step = lines 8-13, for loop of EquivP*) Definition step ( H S :set (Drv α β ))(sig:set A ) : ((set (Drv αβ ) * set (Drv α β )) * step_case α β ) := match choose s with |None ⇒ (( H , S ),termtrue α β H ) |Some ( S α , S β ) ⇒ if c_of_Drv _ _ ( S α , S β ) then let H ′ := add ( S α , S β ) H in let S ′ := remove ( S α , S β ) S in let ns := Drv_pdrv_set_filtered α β ( S α , S β ) H ′ sig in (( H ′ ,ns ∪ S ′ ),proceed α β ) else (( H , S ),termfalse α β ( S α , S β ) ) end.

Ingredient 4 : Termination ◮ Considering step α β H S = (( H ′ , S ′ ),proceed α β ) and S ∩ H = ∅ ◮ the termination is ensured by: ( 2 ( | α | Σ + 1 ) × 2 ( | β | Σ + 1 ) + 1 ) −| H ′ | < ( 2 ( | α | Σ + 1 ) × 2 ( | β | Σ + 1 ) + 1 ) −| H |

Ingredient 4 : Main function ◮ iterator : Function iterate( α β :re)( H S :set (Drv α β )) ( sig :set A )( D :DP α β h s){wf (LLim α β ) H }: term_cases α β := let (( H ′ , S ′ ,next) := step H S in match next with |termfalse x ⇒ NotOk α β x |termtrue h ⇒ Ok α β h |progress ⇒ iterate α β H ′ S ′ sig (DP_upd α β H S sig D ) end. ◮ where DP is defined as Inductive DP (h s:set (Drv α β )) : Prop := | is_dpt : h ∩ s = ∅ → ε (h) = true → DP h s.

The function equivP ◮ wrap iterate into a Boolean function: Definition equivP_aux( α β :re)( H S :set(Drv α β )) ( sig :set A )( D :DP α β H S ):= let H ′ := iterate α β H S sig D in match H ′ with | Ok _ ⇒ true | NotOk _ ⇒ false end. ◮ instantiate with the correct arguments: Definition equivP ( α β :re) := equivP_aux α β ∅ {Drv_1st α β } (setSy α ∪ setSy β ) (mkDP_ini α β ).

Correctness Lemma equiv_re_false : ∀ α β , equivP α β = false → α �∼ β 1. this only happens when : iterate H S = NotOk α β ( S α , S β ) 2. which means that: step H ′ S ′ = termfalse α β ( S α , S β ) 3. be definition of step we know that: ε ( S α ) � = ε ( S β ) 4. thus: α �∼ β

Correctness Lemma equiv_re_true : ∀ α β , equivP α β = true → α ∼ β 1. define the following invariant: INV ( H , S ) = def ∀ x , x ∈ H → ∀ a ∈ Σ , ∂ a ( x ) ∈ S ∪ H 2. prove that it holds for step : INV ( H , S ) → step H S = (( H ′ , S ′ ) , proceed ) → INV ( H ′ , S ′ ) 3. prove that all derivatives are computed : INV ( H , S ) → iterate H S = Ok _ _ H ′ → INV ( H ′ , ∅ ) 4. prove that all derivatives ( S α , S β ) verify ε ( S α ) = ε ( S β ) 5. thus we obtain ∀ w ∈ Σ ⋆ , ε ( ∂ w ( α )) = ε ( ∂ w ( β ))) 6. from which follows α ∼ β

Completeness Obtained by trivial case analysis: ◮ α ∼ β : 1. if equivP α β = true : trivial from correctness proof; 2. if equivP α β = false : contradiction ◮ α �∼ β : by similar reasoning