Parosh Aziz AbdullaPritha MahataAletta Nylén

Uppsala University

Downward Closed Language Generators

Outline

Reachability Approaches Downward-closed languages Recognizability of Reachable sets Simple Regular Expressions Downward closed language generators Hierarchical dlgs Timed Petri Net Ongoing Work

Transition Systems

Systems and properties

(Set of states, set of initial states, alphabet, transition rules)

Safety Properties ( Nothing bad will ever happen)

Verification of Safety property Reachability of a bad state in the system

Reachability AnalysisForward Reachability

Backward Reachability

Reachability Approaches

Forward Reachability

Bad statesInitial statePost*

Backward ReachabilityInitial states

Bad statePre*

Reachability Approaches(contd.)

- Backward reachability set is sometimes computable, e.g LCS[AJ96b].

Still, Forward Reachability is an appealing approach.

Why ?

- Forward Reachability set is usually not computable , e.g LCS[CFI96].

Forward Reachability

Set of reachable states of a system – R

Computability of R • Symbolic graph G (V, E)

l

v1v2

l

V = partitions of R wrt some criterion E : v1 v2 iff

(e.g control states)

• (finite state) abstraction

Forward Reachability

Set of reachable states of a system – R

Computability of R • Symbolic graph G (V, E)

l

v1 v2

f hl

V = partitions of R wrt some criterion E : v1 v2 iff

(e.g control states)

• (finite state) abstraction

Forward Reachability (contd.)

If G satisfies a safetyproperty

G simulates the transition system.

Same result holds for the concrete system.

Verification is easier in G.

Problem : R is often not computable.

But, is R recognizable !

Yes, if R is downward-closed [ABJ98] !!

- finite alphabet

- substring relation on *

L - a language over *

If x L and y x => y L,then L is downward closed.

y

x

L

Downward Closed Languages

•

•x - downward closed set

x - upward closed set

Why downward closed languages ?

TPN - TPN has monotonicity wrt a preorder on markings.

M1M2 and M1 M3

M2 M4M3M4

LCS – Channel Language is downward closed. A channel can always lose messages and become empty.

Reachability set is downward-closed for LCS .

Why downward closed languages ?

Note : Considering safety properties only, markings can be made downward-closed in TPN.

Timed Petri Net, N Lossy TPN, N’

Set of Bad States, Bad (upward closed)

Initial states, I Initial states, I

M

Ml

M

MlM

and Ml B

loss

Bad

Bad

B’

B

M B’

B B’

Is R recognizable ?

Question : Can we find some generator such that R = L() ?

R is upward closed.

If a language R A* is downward closed, then

R is characterized by finite set of minimal elements {w1,….,wm}. [Higman]

R = w1 U …. U wm

R = w1 …. wm

U U

If (A, ) is wqo, (A*, *) is a wqo. (Higman)

(AA, ) is wqo if for each a1,a2,…. A, there is i,j such that

i < j and ai aj

Is R recognizable ? (contd.)

Answer : We can find some generator such that R = L() if

for a word w in A*, w = L() and

generators are closed under intersection.

Question : Can we find s such that w1 , w2 , e are expressed by s ?

1. Let A = {a,b,c} and w1 = ab, w2 = bc,

then w1 = A* a A* b A* , w2 = A* b A* c A* and

w1 = (A\a)*(a+)(A\b)* w2 = (A\b)*(b+)(A\c)* = (b+c)*(a+)(c+a)* = (c+a)*(ba+b)*

2. e = w1 w2 = c* a* + c* (b + ) b* (a + ) a* + c* (a + ) (a + c)* a*

U

Simple Regular Expressions

Generators – simple regular expressions.

M - a finite alphabet.

Atomic expression e over M - a regular expression of the form (a + ) where a M (a1 + a2 + …. +am )*, where a1,a2,….,am M

A product p over M - a concatenation (possibly empty)

(e1 • e2 ••••• en ), where e1,e2,….,en are atomic expressions over M.

Simple regular expression over M - has the form

p1 + p2 + …. + pn , where p1,p2,….,pn are products over M.

R is recognizable !

e = c* a* + c* (b + ) b* (a + ) a* + c* (a + ) (a + c)* a*

Products of atomic expressions

e = sum of products – an SRE

w1 = (b+c)*(a+)(c+a)*

w2 = (c+a)*(b+)(a+b)*

atomic expressions

Lossy Channel System

M – Finite alphabet of messages

State – (s, w) s - control state, w M* - channel content

Set of reachable states of LCS is downward closed and can be

expressed by SREs.

c?m

c!n

Channel

Control ( LTS)

Well Quasi Ordering

(N N , ) is wqo x1,x2……natural numbers, there is i,j such that

i < j and xi xj

Natural numbers

(A A , = ) is wqo, if A is finite,a1,a2, a3,a4,b, a5,a6, a7,a8,b, a9….

Finite sets

(NN*, *) is wqo

w1 * w2 w1 = 2 . 3 . 4

w2 = 1 . 3 . 2 . 5 . 3 . 7 . 1 . 1

*

Strings

SRE Downward Closed Language Generators

(M, =) , M : finite alphabet A wqo (A , )

(M*, =*) , =* : substring

e.g Let A = NN, B = {3} and L(~B) = {0,1,2} U {}

(AA*, *) is wqo

(a1 + a2 + …. +am )* s.t a1,a2,….,am M

~B*

e.g Let A = NN, B = {3} and L(~B) = {0,1,2}* = (L(~B))**

Atomic expressions : Let B A.

(a + ) s.t a M ~B : L(~B) = {a | a A and a is not larger

or equal to any element of B}

Downward Closed Language Generators

Assume a wqo (A, )

Let B A

Atomic expressions are of the form ~ B or B

• L(~ B) = Set of elements in A which are not larger or equal to any element in B.

• L( B) = (L(~ B) )* ~

~

• A product p over A

L(e1 ••••• en ) = {w1 ….. wn | w1 L (e1), ….. , wn L (en)}

where e1,e2,….,en are atomic expressions over A.

• DLG over A – L(p1 + p2 + …. + pn) = L(p1) U ….. U L(pn) ,

where p1,p2,….,pn are products over A.

DLGAnswer : For a downward closed language R, we

can find some generator such that R = L() if

1. for a word w in A*, w = L() and

2. dlgs are closed under intersection.

1. Let (NN, ) be the wqo. and w1 = 2 • 3, w2 = 1 • 2,

then w1 = N* 2 N* 3 N* and w2 = N* 1 N* 2 N*

w1 = {0,1}*(N U 0,1,2}* w2 = 0*(N U {}){0,1}*

~ = L( 2) L(~ ø) L( 3)~ ~ = L( 1) L(~ ø) L( 2)~

2

= L( 2 • 3)~ ~ = L( 1 • 2)~ ~

1

DLG (contd.)

2. R = w1 w2

= {0}* (N U {0,1}* + {0}* {0,1, } {0,1}* {0,1, } {0,1}* + {0}* {0, } {0}* {0,1,2, } {0,1}*

= L( {1} • ( {2}) ) + L(………………) + L(……………..)

= L( {1}) L(~ ø) L( {2}) + ……………… + ………………~ ~

~

= L( {1} • ( {2}) + ……………… + ……………..)~ ~

~

Bags

(AB, B) is wqo

Application : Markings of a Petri Net are represented by bags.

(A, ) is wqo and is equality.

B1 B B2

B1 B2

B1, B2 : N N N N

Dlg for bags

L

L()

A bag dlg, - ~{3} ~ {1}*

= {0,1,2} 0*

L()

DLGs for bags DLGs for words with operator • both associative and commutative.

0 0 0 2

1 0 0

0 0 3

String of Bags

S1

S2

S1 * S2

((AB)*, *) is wqo

Dlg for String of Bags

A dlg for string of bags, s = ~{bag} ~ {bag}*

=

32 6 2 3*

0

125 3 9

2 1 0

5 8e.g

~~ + ~

= ~ ~

6* ~4 ~7 ~3*

+ +

~4 ~4 ~6*

~ + ~ 3* ~4 ~2*

+

*

are in language of s.

Bag dlg

Bag dlg*

21

16 210

5 3 2 1

3 3

Dlg for String of Bags(contd.)

A dlg for string of bags, s =

=

a2 b

a a

e.g

~~ + ~

~

{a,b}* ~{b,c} ~{b,c}

~b*

+ +

~{b,c} ~{a,c}

~a*

are in language of s.

Bag dlg

a b

b b c c c c

A = {a,b,c} : a finite alphabet

a b

a c

a a c c

c c c c c

Hierarchical DLGs

(A, ) (A*, *)is wqo implies is a wqo ( Higman’s Theorem).

If L A* is downward closed, then L is recognizable by some dlg .

We can hierarchically define dlgs over A.

Example :

(A, )

(AB, B)

((AB)*, *)

Ldc AB is recognizable by a dlg.

Strings of Bags(A)

Bags(A)

A wqo

Atomic expressions are dlgs for bag.

L’dc (AB)* is recognizable by a dlg.

Timed Petri Net

4.0

0.0

3.0

P1

P3

P2

P4

[1:3] [2:4]

[4:5] [1:6][4:5]

[0:1] [2:5]

[4:5]

2.0

Tokens have “ages” : Real numbers.

Conditions on “ages” : Intervals.

Extended bags of Real Numbers : Mapping from real numbers to natural numbers N U {ω}.

B = {4.0, 4.0, 2.0} B(4.0) = 2

Marking M : A Ebag over (Places x Reals). M(P3,4.0) = 2, M(P1, 2.0) = 1

Timed Transitions

2.0

3.0

P1

P3

P2

P4

[1:3][2:4]

[0:0] [0:0]

3.0

4.0

P1

P3

P2

P4

[2:4]

[0:0] [0:0]

[1:3]

t tIncrease of time by 1.0

[4:5]

[0:1] [2:5]

[4:5]

[0:1] [2:5]

[4:5][4:5]

T

Discrete Transitions

2.0

3.0

P1

P3

P2

P4

[1:3][2:4]

[0:0] [0:0]0.0

0.0

P1

P3

P2

P4

[2:4]

[0:0] [0:0]

[1:3]

t tFiring t[0:1]

[2:5]

[4:5]

[4:5]

[0:1] [4:5]

[2:5] [4:5]

D

Transitions

= T DUU

M1

M2

If M1 TM2

or M1 DM2

Remark : A TPN can have unbounded number of tokens !!

Additionally, there are some lossy transitions in lossy TPN.

Ordering on Marking

2.0

3.7

P1

P3

P2

P4

[1:3][2:4]

[0:0] [0:0]

2.2 2.0

4.0

3.5

P1

P3

P2

P4

[2:4]

[0:0] [0:0]

[1:3]

t t[0:1]

[2:5]

[4:5]

[4:5]

[0:1] [4:5]

[2:5] [4:5]

6.2

M1 M2

P1,2.0

P2,3.7

P2,3.5P1,2.2P1,2.

0P4,max

frac = 0 Increasing fractional parts age >= 5

M1

M2

0

3

2

1

1 2 3

• Finite no. of clocks (e.g Timed Automata)

x

y

Two clocks x,y and cmax = 3

Clock values are equivalent in timed automata if they have

same integral parts same ordering of fractional parts clock values beyond cmax are equivalent

0

Regions

• Region R :

x

y

V(x) = 0.6, V(y) = 0.5

V € R1

100

Not Powerful for Timed Petri Nets……

Regions(Example)

Dlgs for LTPN

P1

P3

P2

P4

[1:3] [2:4]

[4:5] [1:5][4:5]

[0:1] [2:5]

[4:5]

cmax = 5

Tokens with same fractional parts are in the same ebag. Ordering of ebags is according to the ordering of fractional parts of ages. Ages of tokens beyond cmax are equivalent.

Unboundedness in two directions :• number of tokens• age of tokens

Abstraction of ages to express sets of markings :

Dlgs for LTPN

Markings are downward closed for LTPN

Constraints = strings of bags over a finite alphabet of (Places x {0,..max})

Sets of markings

and

Constraints are dlgs for strings of bags over a finite set !!!

Universal Regions !

4.2

3.5 3.75

P1

P3

P2

P4

[1:3] [2:4]

[4:5] [1:5][4:5]

[0:1] [2:5]

[4:5]

2.0

Note : M can have at most same number of tokens as R.

If M’ < M, then M’ R

2.0 3.5 4.2 4.2M =

2 0 4*

53

P1

P2 P3 P4

R =

frac = 0 Increasing frac age >= 5

*

3.75

P2

Universal Regions (contd.)

P1

P3

P2

P4

[1:3) [2:4)

[0:5) [1:3)[4:5)

[0:1) [2:5)

[4:5)

t

Let Universal Region R =

cmax = 5

T

dlg

Generates O((max-1)*2 + sizeof(product) + 1) new regions by timed transition.

2 3

Max bagZero bag

2 3 4 2+

4 2 3 4+

3 4 3 max

4 max 4 max

maxmax

+

+

+ +

+ +

Universal Regions (contd.)

Lot of universal regions !!! Solution : Universal Zones !!

t

0

3

2

1

1 2 3 x3

x4

0

Tfollowed by

4

4 5

5

At most one token in P3 and one token in P4with ages as follows :

2 3

Acceleration

Compute Post*

Acceleration - a sequence of transitions at each step

Lossy Channel system - accelerate by arbitrary iteration of control loops

Lossy TPN - accelerate by

arbitrary firing of enabled transitions followed by

timed transitions and

combine atomic expressions of the universal regions

Comparison with earlier TPN work

Forward Reachability Backward Reachability

Compute Post* Compute Pre*

Markings are downward closed(lossy TPN). Markings are upward closed.

Universal region. Existential region.

Maximal number of tokens in a Minimal number of tokens universal region. in an existential region.

Ongoing Work

• Compute Post*(R,t) for all transitions t.

• Apply forward reachability algorithm.

• Define universal zones.