Tree automata techniques for the verification of infinite - PowerPoint PPT Presentation

Functional program : rev [Thomas Genet, Val´ erie Viet Triem Tong, LPAR 01]. Timbuk. app ( nil , y ) = y � � � � app cons ( x, y ) , z = cons x, app ( y, z ) rev ( nil ) = nil � � � � rev cons ( x, y ) = app rev ( y ) , cons ( x, nil ) set of initial config.: rev ( ℓ ) where ℓ ∈ q ℓ 01 , list of 0 ’s followed by 1 ’s q 0 := 0 q 1 := 1 q ℓ 1 := nil | cons ( q 1 , q ℓ 1 ) q ℓ 01 := nil | cons ( q 0 , q ℓ 1 ) | cons ( q 0 , q ℓ 01 ) q rev := rev ( q ℓ 01 ) 25 / 200

Functional program cntd set of reachable configurations: by completion of equations for initial configurations q 0 := 0 q 1 := 1 q ℓ 1 := nil | cons ( q 1 , q ℓ 1 ) | cons ( q 1 , q nil ) | app ( q nil , q ℓ 1 ) nil | cons ( q 0 , q ℓ 1 ) | cons ( q 0 , q ℓ 01 ) q ℓ 01 := rev ( q ℓ 01 ) | nil | app ( q ℓ 10 , q nil ) q rev := q ℓ 10 := rev ( q ℓ 01 ) | app ( q ℓ 1 , q ℓ 0 ) q nil := nil | rev ( q nil ) cons ( q 0 , q nil ) | app ( q nil , q ℓ 0 ) | app ( q ℓ 0 , q ℓ 0 ) q ℓ 0 := property expected: rev ( ℓ ) not reachable when ℓ | = ∃ x, y x < y ∧ 0( x ) ∧ 1( y ) . verification The intersection of q rev and the above set is empty. 26 / 200

Imperative programs p ::= 0 | X | p · p | p � p ◮ 0 : null process (termination) ◮ X : program point ◮ p · p : sequential composition ◮ p � p : parallel composition Transition rules ◮ procedure call: X → Y · Z ( Z = return point) ◮ procedure call with global state: Q · X → Q ′ · Y · Z ◮ procedure return: Q · Y → Q ′ ◮ global state change: Q · X → Q ′ · X ◮ dynamic thread creation: X → Y � Z ◮ handshake : X � Y → X ′ � Y ′ 27 / 200

Imperative program [Bouajjani Touili CAV 02] → Y · X ( r 1 ) void X() { X → Y t ( r 2 ) while(true) { → ( r 3 ) if Y() { Y f t · X → X � Z ( r 4 ) thread_create(&t1,Z) → 0 ( r 5 ) } else { return } f } } The set of reachable configurations is infinite but regular. 28 / 200

Related models of imperative programs ◮ Pushdown systems (sequential programs with procedure calls) X 1 · . . . · X n → Y 1 · . . . · Y m ◮ Petri nets (multi-threaded programs) X 1 � . . . � X n → Y 1 � . . . � Y m ◮ PA processes X 1 → Y 1 · . . . · Y m , X 1 → Y 1 � . . . � Y m ◮ Process rewrite systems (PRS) [Bouajjani, Touili RTA 05] X 1 · . . . · X n → Y 1 · . . . · Y m , X 1 � . . . � X n → Y 1 � . . . � Y m ◮ Dynamic pushdown networks [Seidl CIAA 09] 29 / 200

Tree languages modulo In the above model, ◮ · is associative, ◮ � is associative and commutative. The terms of the above algebra correspond to unranked trees, ◮ ordered (modulo A) and ◮ unordered (modulo AC). (models for XML processing) 30 / 200

Overview Verification of other infinite-states systems. ◮ configuration = tree (ranked or unranked) ◮ process, ◮ message exchanged in a protocol, ◮ local network with a tree shape, ◮ tree data structure in memory, with pointers (e.g. binary search trees)... ◮ (infinite) set of configurations = tree language L ◮ transition relation between configurations ◮ safety: transitive closure ( L init ) ∩ L error = ∅ . 31 / 200

Different kinds of trees ◮ finite ranked trees (terms in first order logic) ◮ finite unranked ordered trees ◮ finite unranked unordered trees ◮ infinite trees... ⇒ several classes of tree automata. 32 / 200

Overview: properties of automata ◮ determinism, ◮ Boolean closures, ◮ closures under transformations (homomorphismes, transducers, rewrite systems...) ◮ minimization, ◮ decision problems, complexity, ◮ membership, ◮ emptiness, ◮ universality, ◮ inclusion, equivalence, ◮ emptiness of intersection, ◮ finiteness... ◮ pumping and star lemma, ◮ expressiveness, correspondence with logics. 33 / 200

Organization of the tutorial 1. finite ranked tree automata ◮ properties ◮ algorithms ◮ closure under transformation, applications to program verification 2. correspondence with the monadic second order logic of the tree (Thatcher and Wright’s theorem). 3. finite unranked tree automata ◮ ordered = Hedge Automata ◮ unordered = Presburger automata ◮ closure modulo A and AC ◮ XML typing and analysis of transformations 4. tree automata as Horn clause sets 34 / 200

Part I Automata on Finite Ranked Trees Terms in first order logic 35 / 200

Plan Terms TA: Definitions and Expressiveness Determinism and Boolean Closures Decision Problems Minimization Closure under Tree Transformations, Program Verification 36 / 200

Signature Definition : Signature A signature Σ is a finite set of function symbols each of them with an arity greater or equal to 0. We denote Σ i the set of symbols of arity i . Example : { + : 2 , s : 1 , 0 : 0 } , {∧ : 2 , ∨ : 2 , ¬ : 1 , ⊤ , ⊥ : 0 } . We also consider a countable set X of variable symbols. 37 / 200

Terms Definition : Term The set of terms over the signature Σ and X is the smallest set T (Σ , X ) such that: - Σ 0 ⊆ T (Σ , X ) , - X ⊆ T (Σ , X ) , - if f ∈ Σ n and if t 1 , . . . , t n ∈ T (Σ , X ) , then f ( t 1 , . . . , t n ) ∈ T (Σ , X ) . The set of ground terms (terms without variables, i.e. T (Σ , ∅ ) ) is denoted T (Σ) . Example : � � x , ¬ ( x ) , ∧ ∨ ( x, ¬ ( y )) , ¬ ( x ) . 38 / 200

Terms (2) A term where each variable appears at most once is called linear. A term without variable is called ground. Depth h ( t ) : ◮ h ( a ) = h ( x ) = 0 if a ∈ Σ 0 , x ∈ X , ◮ h � � f ( t 1 , . . . , t n ) = max { h ( t 1 ) , . . . , h ( t n ) } + 1 . 39 / 200

Positions A term t ∈ T (Σ , X ) can also be seen as a function from the set of its positions P os ( t ) into Σ ∪ X . The empty position (root) is denoted ε . P os ( t ) is a subset of N ∗ satisfying the following properties: ◮ P os ( t ) is closed under prefix, ◮ for all p ∈ P os ( t ) such that t ( p ) ∈ Σ n ( n ≥ 1 ), � j ∈ N � � � pj ∈ P os ( t ) = { p 1 , ..., pn } , ◮ every p ∈ P os ( t ) such that t ( p ) ∈ Σ 0 ∪ X is maximal in P os ( t ) for the prefix ordering. The size of t is defined by � t � = |P os ( t ) | . Subterm t | p at position p ∈ P os ( t ) : ◮ t | ε = t , ◮ f ( t 1 , . . . , t n ) | ip = t i | p . The replacement in t of t | p by s is denoted t [ s ] p . 40 / 200

Positions (example) Example : t = ∧ ( ∧ ( x, ∨ ( x, ¬ ( y ))) , ¬ ( x )) , t | 11 = x , t | 12 = ∨ ( x, ¬ ( y )) , t | 2 = ¬ ( x ) , t [ ¬ ( y )] 11 = ∧ ( ∧ ( ¬ ( y ) , ∨ ( x, ¬ ( y ))) , ¬ ( x )) . 41 / 200

Contexts Definition : Contexte A context is a linear term. The application of a context C ∈ T (Σ , { x 1 , . . . , x n } ) to n terms t 1 , . . . , t n , denoted C [ t 1 , . . . , t n ] , is obtained by the replacement of each x i by t i , for 1 ≤ i ≤ n . 42 / 200

Plan Terms TA: Definitions and Expressiveness Determinism and Boolean Closures Decision Problems Minimization Closure under Tree Transformations, Program Verification 43 / 200

Bottom-up Finite Tree Automata ( a + b a ∗ b ) ∗ a a b q 0 q 1 b a a b b a word. run on aabba : q 0 − → q 0 − → q 0 − → q 1 − → q 0 − → q 0 . tree. run on a ( a ( b ( b ( a ( ε ))))) : q 0 → a ( q 0 ) → a ( a ( q 0 )) → a ( a ( b ( q 1 ))) → a ( a ( b ( b ( q 0 )))) → a ( a ( b ( b ( a ( q 0 ))))) → a ( a ( b ( b ( a ( ε ))))) with q 0 := ε , q 0 := a ( q 0 ) , q 1 := a ( q 1 ) , q 1 := b ( q 0 ) , q 0 := b ( q 1 ) . 44 / 200

Bottom-up Finite Tree Automata ( a + b a ∗ b ) ∗ a a b q 0 q 1 b a a b b a word. run on aabba : q 0 − → q 0 − → q 0 − → q 1 − → q 0 − → q 0 . tree. run on a ( a ( b ( b ( a ( ε ))))) : a ( a ( b ( b ( a ( ε ))))) → a ( a ( b ( b ( a ( q 0 ))))) → a ( a ( b ( b ( q 0 )))) → a ( a ( b ( q 1 ))) → a ( a ( q 0 )) → a ( q 0 ) → q 0 with ε → q 0 , a ( q 0 ) → q 0 , a ( q 1 ) → q 1 , b ( q 0 ) → q 1 , b ( q 1 ) → q 0 . 45 / 200

Bottom-up Finite Tree Automata Definition : Tree Automata A tree automaton (TA) over a signature Σ is a tuple A = (Σ , Q, Q f , ∆) where Q is a finite set of states , Q f ⊆ Q is the sub- set of final states and ∆ is a set of transition rules of the form: f ( q 1 , . . . , q n ) → q with f ∈ Σ n ( n ≥ 0 ) and q 1 , . . . , q n , q ∈ Q . The state q is called the head of the rule. The language of A in state q is recursively defined by � a → q ∈ ∆ � � � L ( A , q ) a ∈ Σ 0 = � � � ∪ f L ( A , q 1 ) , . . . , L ( A , q n ) f ( q 1 ,...,q n ) → q ∈ ∆ � t 1 ∈ L 1 , . . . , t n ∈ L n � � � with f ( L 1 , . . . , L n ) := f ( t 1 , . . . , t n ) . We say that t ∈ L ( A , q ) is accepted, or recognized, by A in state q . � L ( A , q f ) (regular language). The language of A is L ( A ) := q f ∈ Q f 46 / 200

Recognized Languages: Operational Definition Rewrite Relation The rewrite relation associated to ∆ is the smallest binary relation, denoted − − ∆ , containing ∆ and closed under application of contexts. → ∗ The reflexive and transitive closure of − − → is denoted − − ∆ . → ∆ For A = (Σ , Q, Q f , ∆) , it holds that � t − ∗ � � � L ( A , q ) = t ∈ T (Σ) − → q ∆ and hence � t − ∗ q ∈ Q f � � � L ( A ) = t ∈ T (Σ) − → ∆ 47 / 200

Tree Automata: example 1 Example : Σ = {∧ : 2 , ∨ : 2 , ¬ : 1 , ⊤ , ⊥ : 0 } ,   ⊥ → q 0 ⊤ → q 1      ¬ ( q 0 ) → ¬ ( q 1 ) →  q 1 q 0             ∨ ( q 0 , q 0 ) → q 0 ∨ ( q 0 , q 1 ) → q 1     A = Σ , { q 0 , q 1 } , { q 1 } ,   ∨ ( q 1 , q 0 ) → q 1 ∨ ( q 1 , q 1 ) → q 1         ∧ ( q 0 , q 0 ) → q 0 ∧ ( q 0 , q 1 ) → q 0            ∧ ( q 1 , q 0 ) → q 0 ∧ ( q 1 , q 1 ) → q 1  ∧ ( ∧ ( ⊤ , ∨ ( ⊤ , ¬ ( ⊥ ))) , ¬ ( ⊤ )) − − → ∧ ( ∧ ( ⊤ , ∨ ( ⊤ , ¬ ( ⊥ ))) , ¬ ( q 1 )) A − − → ∧ ( ∧ ( q 1 , ∨ ( q 1 , ¬ ( q 0 ))) , ¬ ( q 1 )) − − → ∧ ( ∧ ( q 1 , ∨ ( q 1 , ¬ ( q 0 ))) , q 0 ) A A − − → ∧ ( ∧ ( q 1 , ∨ ( q 1 , q 1 )) , q 0 ) − − → ∧ ( ∧ ( q 1 , q 1 ) , q 0 ) − − → ∧ ( q 1 , q 0 ) − − → q 0 A A A A 48 / 200

Tree Automata: example 2 Example : Σ = {∧ : 2 , ∨ : 2 , ¬ : 1 , ⊤ , ⊥ : 0 } , TA recognizing the ground instances of ¬ ( ¬ ( x )) :   ⊥ → ⊤ →   q q     ¬ ( q ) → q ¬ ( q ) → q ¬     A =  Σ , { q, q ¬ , q f } , { q f } ,   ¬ ( q ¬ ) → q f      ∨ ( q, q ) → q ∧ ( q, q ) → q   Example : Ground terms embedding the pattern ¬ ( ¬ ( x )) : A ∪ {¬ ( q f ) → q f , ∨ ( q f , q ∗ ) → q f , ∨ ( q ∗ , q f ) → q f , . . . } (propagation of q f ). 49 / 200

Linear Pattern Matching Proposition : Given a linear term t ∈ T (Σ , X ) , there exists a TA A recognizing � σ : X → T (Σ) � � � the set of ground instances of t : L ( A ) = tσ . e.g. in regular tree model checking, definition of error configurations by forbidden patterns. 50 / 200

Runs Definition : Run A run of a TA (Σ , Q, Q f , ∆) on a term t ∈ T (Σ) is a function r : P os ( t ) → Q such that for all p ∈ P os ( t ) , if t ( p ) = f ∈ Σ n , r ( p ) = q and r ( pi ) = q i for all 1 ≤ i ≤ n , then f ( q 1 , . . . , q n ) → q ∈ ∆ . The run r is accepting if r ( ε ) ∈ Q f . L ( A ) is the set of ground terms of T (Σ) for which there exists an accepting run. 51 / 200

Pumping Lemma Lemma : Pumping Lemma Let A = (Σ , Q, Q f , ∆) . L ( A ) � = ∅ iff there exists t ∈ L ( A ) such that h ( t ) ≤ | Q | . Lemma : Iteration Lemma For all TA A , there exists k > 0 such that for all term t ∈ L ( A ) with h ( t ) > k , there exists 2 contexts C, D ∈ T (Σ , { x 1 } ) with D � = x 1 and a term u ∈ T (Σ) such that t = C � � and for all n ≥ 0 , D [ u ] � D n [ u ] � C ∈ L ( A ) . usage: to show that a language is not regular. 52 / 200

Non Regular Languages We show with the pumping and iteration lemmatas that the following tree languages are not regular: � t ∈ T (Σ) } , ◮ { f ( t, t ) � � n ≥ 0 } , ◮ { f ( g n ( a ) , h n ( a )) � � |P os ( t ) | is prime } . ◮ { t ∈ T (Σ) � 53 / 200

Epsilon-transitions We extend the class TA into TA ε with the addition of another type q ′ ( ε -transition). ε of transition rules of the form q − → with the same expressiveness as TA. Proposition : Suppression of ε -transitions For all TA ε A ε , there exists a TA (without ε -transition) A ′ such that L ( A ) = L ( A ε ) . The size of A is polynomial in the size of A ε . pr.: We start with A ε and we add f ( q 1 , . . . , q n ) → q ′ if there exists ε q ′ . f ( q 1 , . . . , q n ) → q and q − → 54 / 200

Top-Down Tree Automata Definition : Top-Down Tree Automata A top-down tree automaton over a signature Σ is a tuple A = (Σ , Q, Q init , ∆) where Q is a finite set of states , Q init ⊆ Q is the subset of initial states and ∆ is a set of transition rules of the form: q → f ( q 1 , . . . , q n ) with f ∈ Σ n ( n ≥ 0 ) and q 1 , . . . , q n , q ∈ Q . ∗ A ground term t ∈ T (Σ) is accepted by A in the state q iff q − − → t . ∆ The language of A starting from the state q is ∗ � q − � � � L ( A , q ) := t ∈ T (Σ) − → t . ∆ � L ( Q, q i ) . The language of A is L ( A ) := q i ∈ Q init 55 / 200

Top-Down Tree Automata (expressiveness) Proposition : Expressiveness The set of top-down tree automata languages is exactly the set of regular tree languages. 56 / 200

Remark: Notations In the next slides TA = Bottom-Up Tree Automata 57 / 200

Plan Terms TA: Definitions and Expressiveness Determinism and Boolean Closures Decision Problems Minimization Closure under Tree Transformations, Program Verification 58 / 200

Determinism Definition : Determinism A TA A is deterministic if for all f ∈ Σ n , for all states q 1 , . . . , q n of A , there is at most one state q of A such that A contains a transition f ( q 1 , . . . , q n ) → q . If A is deterministic, then for all t ∈ T (Σ) , there exists at most one state q of A such that t ∈ L ( A , q ) . It is denoted A ( t ) or ∆( t ) . 59 / 200

Completeness Definition : Completeness A TA A is complete if for all f ∈ Σ n , for all states q 1 , . . . , q n of A , there is at least one state q of A such that A contains a transition f ( q 1 , . . . , q n ) → q . If A is complete, then for all t ∈ T (Σ) , there exists at least one state q of A such that t ∈ L ( A , q ) . 60 / 200

Completion Proposition : Completion For all TA A , there exists a complete TA A c such that L ( A c ) = L ( A ) . Moreover, if A is deterministic, then A c is deterministic. The size of A c is polynomial in the size of A , its construction is PTIME. 61 / 200

Completion Proposition : Completion For all TA A , there exists a complete TA A c such that L ( A c ) = L ( A ) . Moreover, if A is deterministic, then A c is deterministic. The size of A c is polynomial in the size of A , its construction is PTIME. pr.: add a trash state q ⊥ . 62 / 200

Determinization Proposition : Determinization For all TA A , there exists a deterministic TA A det such that L ( A det ) = L ( A ) . Moreover, if A is complete, then A det is complete. The size of A det is exponential in the size of A , its construction is EXPTIME. pr.: subset construction. Transitions: f ( S 1 , . . . , S n ) → { q | ∃ q 1 ∈ S 1 . . . ∃ q n ∈ S n f ( q 1 , . . . , q n → q ∈ ∆ } for all S 1 , . . . , S n ⊆ Q . 63 / 200

Determinization (example) Exercice : Determinise and complete the previous TA (pattern matching of ¬ ( ¬ ( x )) ):   ⊥ → ⊤ →   q q     ¬ ( q ) → q ¬ ( q ) → q ¬           A = Σ , { q, q ¬ , q f } , { q f } , ¬ ( q ¬ ) → ¬ ( q f ) → q f q f     ∨ ( q, q ) → q ∧ ( q, q ) → q           ∨ ( q f , q ∗ ) → q f ∨ ( q ∗ , q f ) → q f   64 / 200

Top-Down Tree Automata and Determinism Definition : Determinism A top-down tree automaton (Σ , Q, Q init , ∆) is deterministic if | Q init | = 1 and for all state q ∈ Q and f ∈ Σ , ∆ contains at most one rule with left member q and symbol f . The top-down tree automata are in general not determinizable . Proposition : There exists a regular tree language which is not recognizable by a deterministic top-down tree automaton. 65 / 200

Top-Down Tree Automata and Determinism Definition : Determinism A top-down tree automaton (Σ , Q, Q init , ∆) is deterministic if | Q init | = 1 and for all state q ∈ Q and f ∈ Σ , ∆ contains at most one rule with left member q and symbol f . The top-down tree automata are in general not determinizable . Proposition : There exists a regular tree language which is not recognizable by a deterministic top-down tree automaton. � � pr.: L = f ( a, b ) , f ( b, a ) . 66 / 200

Boolean Closure of Regular tree Languages Proposition : Closure The class of regular tree languages is closed under union, intersection and complementation. op. technique computation time and size of automata ∪ disjoint ∪ ∩ Cartesian product ¬ determinization, completion, invert final / non-final states (lower bound) Remark : For the deterministic TA, the construction for the complementation is polynomial. 67 / 200

Boolean Closure of Regular tree Languages Proposition : Closure The class of regular tree languages is closed under union, intersection and complementation. op. technique computation time and size of automata ∪ disjoint ∪ linear ∩ Cartesian product ¬ determinization, completion, invert final / non-final states (lower bound) Remark : For the deterministic TA, the construction for the complementation is polynomial. 68 / 200

Boolean Closure of Regular tree Languages Proposition : Closure The class of regular tree languages is closed under union, intersection and complementation. op. technique computation time and size of automata ∪ disjoint ∪ linear ∩ Cartesian product quadratic ¬ determinization, completion, invert final / non-final states (lower bound) Remark : For the deterministic TA, the construction for the complementation is polynomial. 69 / 200

Boolean Closure of Regular tree Languages Proposition : Closure The class of regular tree languages is closed under union, intersection and complementation. op. technique computation time and size of automata ∪ disjoint ∪ linear ∩ Cartesian product quadratic ¬ determinization, completion, exponential invert final / non-final states (lower bound) Remark : For the deterministic TA, the construction for the complementation is polynomial. 70 / 200

Plan Terms TA: Definitions and Expressiveness Determinism and Boolean Closures Decision Problems Minimization Closure under Tree Transformations, Program Verification 71 / 200

Cleaning Definition : Clean A state q of a TA A is called inhabited if there exists at least one t ∈ L ( A , q ) . A TA is called clean if all its states are inhabited. Proposition : Cleaning For all TA A , there exists a clean TA A clean such that L ( A clean ) = L ( A ) . The size of A clean is smaller than the size of A , its construc- tion is PTIME. � � pr.: state marking algorithm, running time O | Q | × � ∆ � . 72 / 200

State Marking Algorithm We construct M ⊆ Q containing all the inhabited states. ◮ start with M = ∅ ◮ for all f ∈ Σ , of arity n ≥ 0 , and all q 1 , . . . , q n ∈ M st there exists f ( q 1 , . . . , q n ) → q in ∆ , add q to M (if it was not already). We iterate the last step until a fixpoint M ∗ is reached. Lemma : q ∈ M ∗ iff ∃ t ∈ L ( A , q ) . 73 / 200

Membership Problem Definition : Membership a TA A over Σ , a term t ∈ T (Σ) . INPUT: QUESTION: t ∈ L ( A ) ? Proposition : Membership The membership problem is decidable in polynomial time. Exact complexity: ◮ non-deterministic bottom-up: LOGCFL-complete ◮ deterministic bottom-up: unknown (LOGDCFL) ◮ deterministic top-down: LOGSPACE-complete. 74 / 200

Emptiness Problem Definition : Emptiness INPUT: a TA A over Σ . L ( A ) = ∅ ? QUESTION: Proposition : Emptiness The emptiness problem is decidable in linear time. 75 / 200

Emptiness Problem Definition : Emptiness INPUT: a TA A over Σ . L ( A ) = ∅ ? QUESTION: Proposition : Emptiness The emptiness problem is decidable in linear time. pr.: quadratic: clean, check if the clean automaton contains a final state. linear: reduction to propositional HORN-SAT. linear bis: optimization of the data structures for the cleaning (exo). Remark : The problem of the emptiness is PTIME-complete. 76 / 200

Instance-Membership Problem Definition : Instance-Membership (IM) INPUT: a TA A over Σ , a term t ∈ T (Σ , X ) . QUESTION: does there exists σ : vars ( t ) → T (Σ) s.t. tσ ∈ L ( A ) ? Proposition : Instance-Membership 1. The problem IM is decidable in polynomial time when t is linear. 2. The problem IM is NP-complet when A is deterministic. 3. The problem IM is EXPTIME-complete in general. 77 / 200

Problem of the Emptiness of Intersection Definition : Emptiness of Intersection n TA A 1 , . . . , A n over Σ . INPUT: QUESTION: L ( A 1 ) ∩ . . . ∩ L ( A n ) = ∅ ? Proposition : Emptiness of Intersection The problem of the emptiness of intersection is EXPTIME-complete. 78 / 200

Problem of the Emptiness of Intersection Definition : Emptiness of Intersection n TA A 1 , . . . , A n over Σ . INPUT: QUESTION: L ( A 1 ) ∩ . . . ∩ L ( A n ) = ∅ ? Proposition : Emptiness of Intersection The problem of the emptiness of intersection is EXPTIME-complete. pr.: EXPTIME: n applications of the closure under ∩ and emptiness decision. EXPTIME-hardness: APSPACE = EXPTIME reduction of the problem of the existence of a successful run (starting from an initial configuration) of an alternating Turing machine (ATM) M = (Γ , S, s 0 , S f , δ ) . [Seidl 94], [Veanes 97] 79 / 200

Let M = (Γ , S, s 0 , S f , δ ) be a Turing Machine ( Γ : input alphabet, S : state set, s 0 initial state, S f final states, δ : transition relation). First some notations. ◮ a configuration of M is a word of Γ ∗ Γ S Γ ∗ where Γ S = { a s | a ∈ Γ , s ∈ S } . In this word, the letter of Γ S indicates both the current state and the current position of the head of M . ◮ a final configuration of M is a word of Γ ∗ Γ S f Γ ∗ . ◮ an initial configuration of M is a word of Γ s 0 Γ ∗ . ◮ a transition of M (following δ ) between two configurations v and v ′ is denoted v ✄ v ′ The initial configuration v 0 is accepting iff there exists a final configuration v f and a finite sequence of transitions v 0 ✄ . . . ✄ v f ? This problem whether v 0 is accepting is undecidable in general. If the tape is polynomially bounded (we are restricted to configurations of length n = | v 0 | c , for some fixed c ∈ N ), the problem is PSPACE complete. M alternating: S = S ∃ ⊎ S ∀ . Definition accepting configurations: 80 / 200

◮ every final configuration (whose state is in S f ) is accepting ◮ a configuration c whose state is in S ∃ is accepting if it has at least one successor accepting ◮ a configuration c whose state is in S ∀ is accepting if all its successors are accepting Theorem (Chandra, Kozen, Stockmeyer 81) APSPACE = EXPTIME In order to show EXPTIME-hardness, we reduce the problem of deciding whether v 0 is accepting for M alternating and polynomially bounded. Hypotheses (non restrictive): ◮ s 0 ∈ S ∃ or s 0 ∈ S ∀ ∩ S f ◮ s 0 is non reentering (it only occurs in v 0 ) ◮ every configuration with state in S ∀ has 0 or 2 successors ◮ final configurations are restricted to ♭ S f ♭ ∗ where ♭ ∈ Γ is the blank symbol. 81 / 200

◮ S f is a singleton. 2 technical definitions: for k ≤ n , view ( v, k ) = v [ k ] v [ k + 1] if k = 1 v [ k − 1] v [ k ] if k = n v [ k − 1] v [ k ] v [ k + 1] otherwise view ( v, v 1 , v 2 , k ) = � view ( v, k ) , view ( v 1 , k ) , view ( v 2 , k ) � v ✄ k � v 1 , v 2 � iff 1. if v [ k ] ∈ Γ S , then ∃ w ✄ w 1 , w 2 s.t. view ( v, v 1 , v 2 , k ) = view ( w, w 1 , w 2 , k ) 2. if v [ k ] = a ∈ Γ , then v 1 [ k ] ∈ { a } ∪ a S and v 2 = ε or v 2 [ k ] ∈ { a } ∪ a S . first item: around position k , we have two correct transitions of M . This can be tested by the membership of view ( v, v 1 , v 2 , k ) to a given set which only depends on M . Lemma v ✄ v 1 , v 2 iff ∀ k ≤ n v ✄ k � v 1 , v 2 � . 82 / 200

Term representations of runs: rem. a run of M is not a sequence of configurations but a tree of configurations (because of alternation). Signature Σ : ∅ : constant, Γ : unary, S : unaires, p binary. Notation: if v = a 1 . . . a n , v ( x ) denotes a n ( a n − 1 ( . . . a 1 ( x ))) . Term representations of runs: ◮ v f ( p ( ∅ , ∅ )) with v f final configuration, ◮ v ( p ( t 1 , t 2 )) with v ∀ -configuration, t 1 = v ′ 1 ( p ( t 1 , 1 , t 1 , 2 )) , t 2 = v ′ 2 ( p ( t 2 , 1 , t 2 , 2 )) are two term representations of runs, and v 1 ✄ v ′ 1 , v 2 ✄ v ′ 2 ◮ v ( p ( t 1 , ∅ )) with v ∃ -configuration, t 1 = v ′ 1 ( p ( t 1 , 1 , t 1 , 2 )) term representations of run, and v 1 ✄ v ′ 1 . notations for t 1 = v ′ 1 ( p ( t 1 , 1 , t 1 , 2 )) : ◮ head ( t 1 ) = v 1 ◮ left ( t 1 ) = t 1 , 1 ◮ right ( t 1 ) = t 1 , 2 . This recursive definition suggest the construction of a TA recognizing term representations of successful runs. The difficulty 83 / 200

is the conditions v 1 ✄ v ′ 1 , v 2 ✄ v ′ 2 , for which we use the above lemma. We build 2 n deterministic automata : for all 1 < k < n , A k recognizes ◮ v f ( p ( ∅ , ∅ )) (recall there is only 1 final configuration by hyp.) ◮ v ( p ( t 1 , t 2 )) such that t 1 � = ∅ and ◮ v ✄ k � � head ( t 1 ) , head ( t 2 ) ◮ left ( t 1 ) ∈ L ( A k ) , right ( t 1 ) ∈ L ( A k ) ∪ {∅} , ◮ t 2 = ∅ or left ( t 2 ) ∈ L ( A k ) , right ( t 2 ) ∈ L ( A k ) ∪ {∅} idea: A k memorizes view ( head ( t 1 ) , k ) and view ( head ( t 2 ) , k ) and compare with view ( v, k ) . for all 1 < k < n , A ′ k recognizes the terms v 0 ( p ( t 1 , t 2 )) with t 1 = t 2 = ∅ (if s 0 universal and final) or t 2 = ∅ (if s 0 existential, not final) and t 1 , t 2 ∈ T , minimal set of terms without s 0 containing ◮ ∅ ◮ v ( p ( t 1 , t 2 )) such that t 1 � = ∅ and ◮ v ✄ k � � head ( t 1 ) , head ( t 2 ) ◮ left ( t 1 ) ∈ T , right ( t 1 ) ∈ T , 84 / 200

◮ t 2 = ∅ or left ( t 2 ) ∈ T , right ( t 2 ) ∈ T n � L ( A k ) ∩ L ( A ′ representations of successful runs = k ) . k =1 85 / 200

Problem of Universality Definition : Universality INPUT: a TA A over Σ . QUESTION: L ( A ) = T (Σ) Proposition : Universality The problem of universality is EXPTIME-complete. 86 / 200

Problem of Universality Definition : Universality INPUT: a TA A over Σ . QUESTION: L ( A ) = T (Σ) Proposition : Universality The problem of universality is EXPTIME-complete. pr.: EXPTIME: Boolean closure and emptiness decision. EXPTIME-hardness: again APSPACE = EXPTIME. Remark : The problem of universality is decidable in polynomial time for the deterministic (bottom-up) TA. pr.: completion and cleaning. 87 / 200

Problems of Inclusion an Equivalence Definition : Inclusion INPUT: two TA A 1 and A 2 over Σ . QUESTION: L ( A 1 ) ⊆ L ( A 2 ) Definition : Equivalence two TA A 1 and A 2 over Σ . INPUT: QUESTION: L ( A 1 ) = L ( A 2 ) Proposition : Inclusion, Equivalence The problems of inclusion and equivalence are EXPTIME-complete. 88 / 200

Problems of Inclusion an Equivalence Definition : Inclusion INPUT: two TA A 1 and A 2 over Σ . QUESTION: L ( A 1 ) ⊆ L ( A 2 ) Definition : Equivalence two TA A 1 and A 2 over Σ . INPUT: QUESTION: L ( A 1 ) = L ( A 2 ) Proposition : Inclusion, Equivalence The problems of inclusion and equivalence are EXPTIME-complete. pr.: L ( A 1 ) ⊆ L ( A 2 ) iff L ( A 1 ) ∩ L ( A 2 ) = ∅ . 89 / 200

Problems of Inclusion an Equivalence Definition : Inclusion INPUT: two TA A 1 and A 2 over Σ . QUESTION: L ( A 1 ) ⊆ L ( A 2 ) Definition : Equivalence two TA A 1 and A 2 over Σ . INPUT: QUESTION: L ( A 1 ) = L ( A 2 ) Proposition : Inclusion, Equivalence The problems of inclusion and equivalence are EXPTIME-complete. pr.: L ( A 1 ) ⊆ L ( A 2 ) iff L ( A 1 ) ∩ L ( A 2 ) = ∅ . EXPTIME-hardness: universality is T (Σ) = L ( A 2 ) ? Remark : � � If A 1 and A 2 are deterministic, it is O �A 1 � × �A 2 � . 90 / 200

Problem of Finiteness Definition : Finiteness INPUT: a TA A QUESTION: is L ( A ) finite? Proposition : Finiteness The problem of finiteness is decidable in polynomial time. 91 / 200

Plan Terms TA: Definitions and Expressiveness Determinism and Boolean Closures Decision Problems Minimization Closure under Tree Transformations, Program Verification 92 / 200

Theorem of Myhill-Nerode Definition : A congruence ≡ on T (Σ) is an equivalence relation such that for all f ∈ Σ n , if s 1 ≡ t 1 ,. . . , s n ≡ t n , then f ( s 1 , . . . , s n ) ≡ f ( t 1 , . . . , t n ) . Given L ⊆ T (Σ) , the congruence ≡ L is defined by: � � s ≡ L t if for all context C ∈ T Σ , { x } , C [ s ] ∈ L iff C [ t ] ∈ L . Theorem : Myhill-Nerode The three following propositions are equivalent: 1. L is regular 2. L is a union of equivalence classes for a congruence ≡ of finite index 3. ≡ L is a congruence of finite index 93 / 200

Proof Theorem of Myhill-Nerode 1 ⇒ 2. A deterministic, def. s ≡ A t iff A ( s ) = A ( t ) . 2 ⇒ 3. we show that if s ≡ t then s ≡ L t , hence the index of ≡ L ≤ index of ≡ (since we have ≡⊆≡ L ). If s ≡ t then C [ s ] ≡ C [ t ] for all C [ ] (induction on C ), hence C [ s ] ∈ L iff C [ t ] ∈ L , i.e. s ≡ L t . 3 ⇒ 1. we construct A min = ( Q min , Q f min , ∆ min ) , ◮ Q min = equivalence classes of ≡ L , � s ∈ L } , ◮ Q f � min = { [ s ] ◮ ∆ min = { f � � � � → } [ s 1 ] , . . . , [ s n ] f ( s 1 , . . . , s n ) Clearly, A min is deterministic, and for all s ∈ T (Σ) , A min ( s ) = [ s ] L , i.e. s ∈ L ( A min ) iff s ∈ L . 94 / 200

Minimization Corollary : For all DTA A = (Σ , Q, Q f , ∆) , there exists a unique DTA A min whose number of states is the index of ≡ L ( A ) and such that L ( A min ) = L ( A ) . 95 / 200

Minimization Let A = (Σ , Q, Q f , ∆) be a DTA, we build a deterministic minimal automaton A min as in the proof of 3 ⇒ 1 of the previous theorem for L ( A ) (i.e. Q min is the set of equivalence classes for ≡ L ( A ) ). We build first an equivalence ≈ on the states of Q : ◮ q ≈ 0 q ′ iff q, q ′ ∈ Q f ou q, q ′ ∈ Q \ Q f . ◮ q ≈ k +1 q ′ iff q ≈ k q ′ et ∀ f ∈ Σ n , ∀ q 1 , . . . , q i − 1 , q i +1 , . . . , q n ∈ Q ( 1 ≤ i ≤ n ), f ( q 1 , . . . , q i − 1 , q ′ , q i +1 , . . . , � � � ≈ k ∆ ∆ f ( q 1 , . . . , q i − 1 , q, q i +1 , . . . , q n ) Let ≈ be the fixpoint of this construction, ≈ is ≡ L ( A ) , hence A min = (Σ , Q min , Q f min , ∆ min ) with : � q ∈ Q } , � ◮ Q min = { [ q ] ≈ � q f ∈ Q f } , ◮ Q f min = { [ q f ] ≈ � ◮ ∆ min = � � � � � � f [ q 1 ] ≈ , . . . , [ q n ] ≈ → f ( q 1 , . . . , q n ) . ≈ recognizes L ( A ) . and it is smaller than A . 96 / 200

Algebraic Characterization of Regular Languages Corollary : A set L ⊆ T (Σ) is regular iff there exists ◮ a Σ -algebra Q of finite domain Q , ◮ an homomorphism h : T (Σ) → A , ◮ a subset Q f ⊆ Q such that L = h − 1 ( Q f ) . operations of Q : for each f ∈ Σ n , there is a function f Q : Q n → Q . 97 / 200

Plan Terms TA: Definitions and Expressiveness Determinism and Boolean Closures Decision Problems Minimization Closure under Tree Transformations, Program Verification Tree Homomorphisms Tree Transducers Term Rewriting Tree Automata Based Program Verification 98 / 200

Tree Transformations, Verification ◮ formalisms for the transformation of terms (languages): rewrite systems, tree homomorphisms, transducers... = transitions in an infinite states system, = evaluation of programs, = transformation of XML documents, updates... ◮ problem of the type checking: given: ◮ L in ⊆ T (Σ) , (regular) input language ◮ h transformation T (Σ) → T (Σ ′ ) ◮ L out ⊆ T (Σ ′ ) (regular) output language question: do we have h ( L in ) ⊆ L out ? 99 / 200

Tree Homomorphisms 100 / 200