Reasoning about data repetitionswith counter systems

S. Demri

Joint work with D. Figueira and M. Praveen

Workshop LIA INFINIS, IRIF, Nov. 2016

Logics for Data Words

A fundamental model: data wordsI Timed words [Alur & Dill, TCS 94]

a b c a a b0 0.3 1 2.3 3.5 3.51

I Runs from counter machines

q0 q2 q3 q2 q3 q20 0 1 2 3 4

I Integer arrays [Habermehl & Iosif & Vojnar, FOSSACS’08]

t [0] t [1] t [2] t [3] t [4] t [5] . . .

I Abstract data words [Bouyer & Petit & Therien, IC 03]

I Extension to trees, e.g. data trees for XML documents[Bojanczyk et al., PODS’06; Jurdzinski & Lazic, LICS’07]

Specifying classes of data wordsI Automata

I Register automata [Kaminski & Francez, TCS 94]I Data automata [Bouyer & Petit & Therien, IC 03]I EES automata [Choffrut & Grigorieff, TCS 09]I See the survey [Segoufin, CSL’06]

I First-order languages [Bojanczyk et al., LICS’06]

I Temporal logicsI Temporal logic with λ-abstraction [Lisitsa & Potapov, TIME’05]I Freeze LTL [Demri & Lazic & Nowak, IC 07]I BD-LTL [Kara & Schwentick & Zeume, FSTTCS’10]

I Many other formalismsI Rewriting systems with data [Bouajjani et al., FCT’07]I Hybrid logics [Areces & Blackburn & Marx, JSL 01]I Memory logics

[Areces et al., TABLEAUX’09; Mera, PhD thesis 2009]I . . .

A mechanism for handling dataI A register can store a data value and equality tests are

performed between registers and current data values.

I Storing the value of x in a register:

↓r φ ≈ ∃ yr (yr = x) ∧ φ

I Equality test between a register and a value: ↑r ≈ yr = x.

c

4

b

2

a

7

b

5

a

7

c

5

a

4

b

2

d

4 |= ↓r F(a ∧ ↑r ∧ XF ↑r)

I Generalisation with memory logics, e.g. memory bagshave operations “register”, “forget” and “erase”.

[Mera, PhD thesis 09]

Ubiquity of the freeze operatorI Freeze quantifier in hybrid logics.

[Goranko 94; Blackburn & Seligman, JOLLI 95]

I Temporal semantics of imperative programs.[Manna & Pnueli, 1992]

Program variable x never decreases below its initial value:

∃y (x = y) ∧ G(x ≥ y)

I Freeze quantifier in real-time logics.[Alur & Henzinger, JACM 94]

y · φ(y) binds the variable y to the current time t .

I Predicate λ-abstraction. [Fitting, JLC 02]〈y · F P(y)〉(c): current value of constant c satisfies thepredicate P.

Freeze LTL: LTL↓

I LTL↓ formulae:

φ ::= a | ↑r | ¬φ | φ ∧ φ | φ ∨ φ | φUφ | Xφ | ↓r φ

where a ∈ Σ and r ∈ N+.

I Register valuation f: finite partial map from N+ to N.

I Models: finite or infinite data words over the alphabet Σ.

I Satisfaction relation:

dw, i |=f ↑rdef⇔ r ∈ dom(f) and f(r) = di

dw, i |=f ↓r φdef⇔ dw, i |=f[r 7→di ] φ

(di : data value at position i)

Complexity of satisfiability problems

I Finitary and infinitary satisfiability problem for LTL arePSPACE-complete. [Sistla & Clarke, JACM 85]

I Infinitary satisfiability problem for LTL↓ restricted to X andF and to a single register is undecidable.

I Finitary satisfiability problem for LTL↓ restricted to a singleregister is decidable but nonprimitive recursive.

[Demri & Lazic, TOCL 09](nonprimitive recursiveness uses [Schnoebelen, IPL 02])

I Finitary satisfiability problem for LTL↓ restricted to F andI to a single register is nonprimitive recursive too.I to two registers is undecidable.

[Figueira & Segoufin, MFCS’09]

A Logic for Repeating Values

Models & basic constraints

I σ : [0, `− 1]→ (VAR→ N), ` ≥ 1:

x

y

...z

9

7

0

9

4

7

8

5

4

7

4

5

4

4

2

2

1

9

8 4 2 4 8 4 2 4 4

......

......

......

......

...

I Local constraints:x ≈ Xy ¬(x ≈ X2y) ¬(z ≈ Xz)

↓x1 X ↑y1 ¬ ↓x1 X2 ↑y1 ¬ ↓z1 X ↑z1I Global (repeating) constraints:

x ≈ 〈>?〉y y ≈ 〈φ?〉y

↓x1 XF(>∧ ↑y1) ↓y1 XF(φ∧ ↑y1)

I + standard LTL operators.

Syntax & semantics

φ ::= x ≈ Xiy | x ≈ 〈φ?〉y | x 6≈ 〈φ?〉y | φ∧φ | ¬φ | Xφ | φUφ | X−1φ | φSφ

σ, i |= x ≈ Xjy iff i + j < |σ| and σ(i)(x) = σ(i + j)(y)

σ, i |= x ≈ 〈φ?〉y iff there exists j such that i < j < |σ|,σ(i)(x) = σ(j)(y) and σ, j |= φ

σ, i |= x 6≈ 〈φ?〉y iff there exists j such that i < j < |σ|,σ(i)(x) 6= σ(j)(y) and σ, j |= φ

σ, i |= Xφ iff i + 1 < |σ| and σ, i + 1 |= φ

σ, i |= φSφ′ iff there is 0 ≤ j ≤ i such that σ, j |= φ′ andfor every j < l ≤ i we have σ, l |= φ.

Related work

I Decidability of SAT(LRV>) by translation into thereachability problem for VASS.

[Demri & D’Souza & Gascon, JLC 09]

I Satisfiability for FO2 “equivalent” to the reachabilityproblem for VASS. [Bojanczyk et al., LICS’06]

I Satisfiability of basic data LTL “equivalent” to thereachability problem for VASS.

[Kara & Schwentick & Zeume, FST&TCS’10]

I Basic data LTL BD-LTL+ extends LRV and in 2EXPSPACE.[Decker et al., CONCUR’14]

Repeating Values and Counting

Restricting test formulae to >

I There is a polynomial-time reduction from SAT(LRV) intoSAT(LRV≈).

I Introduction of variables to eliminate the subformulae ofthe form x 6≈ 〈ψ?〉y and ¬(x 6≈ 〈ψ?〉y).

I There is a polynomial-time reduction from SAT(LRV≈) toSAT(LRV>).

From satisfiability to reachabilityI Vector addition systems with states (VASS).

c2++ c1−−

c3++

c2++

c1−−

I Reachability problem: 〈q0,0〉∗−→ 〈qf ,0〉?

Control state reachability: 〈q0,0〉∗−→ 〈qf ,x〉 for some x?

I φ ∈ LRV> is satisfiable iff 〈q0,0〉∗−→ 〈qf ,0〉 in Aφ.

I x ≈ 〈>?〉y ∧ x ≈ 〈>?〉z ∧ ¬(x ≈ Xy) ∧ ¬(x ≈ Xz) createsan obligation for the current value of x to appear on y andon z.

I Increment the counter {y,z}.

I Decrement the counter {y,z} when the obligation issatisfied, even partially.

From reachability to control state reachability

I φ ∈ LRV> is satisfiable iff 〈q0,0〉∗−→ 〈qf ,0〉 in Aφ.

(bookkeepping of obligations)

I 〈q0,0〉∗−→ 〈qf ,0〉 in Aφ iff 〈q0,0〉

∗−→gainy 〈qf ,0〉 in Ainc.(structural properties of Aφ, Ainc slight variant of Aφ)

I 〈q0,0〉∗−→gainy 〈qf ,0〉 in Ainc iff 〈qf ,0〉

∗−→lossy 〈q0,0〉 in Adec= reverse of Ainc. –by the reverse construction.

I 〈qf ,0〉∗−→lossy 〈q0,0〉 in Adec 〈qf ,0〉

∗−→ 〈q0,x〉 in Adec forsome x. –losses can be moved to the end.

I 2EXPSPACE: control state reachability for VASS is inEXPSPACE and |Adec| ∈ O(2p(|φ|)) – use of [Rackoff, TCS 78].

Counter systems with chained countersI VASS ≈ FSA with n counters, no zero-tests but increments

and decrements.

I Chain system ≈ FSA with n chains of counters ofexponential length and access to counters via pointers.

c0 c1 · · · ci−1 ci ci+1 · · · c2N−1

↑

I Updates and guards on transitions (α ∈ [1,n]):

{inc(α),dec(α),next(α),prev(α),first(α)?,first(α)?, last(α)?, last(α)?}

I Control-state reachability problem for chain systems is in2EXPSPACE. (EXPSPACE-complete for VASS)

I Chain system ≈ VASS with a succinct representation of anexponential number of counters.

2EXPSPACE lower boundI EXPSPACE-hardness of the control state reachability

problem for VASS. [Lipton, TR 76]I Reduction from the halting problem for counter automata

with counters bounded doubly exponentially.

I CA has zero-tests, VASS has no such tests.

I Each counter c in CA is simulated by c, c with the invariant

c + c = 22NK

I O(NK ) auxiliary counters (22i+1= 22i × 22i

).

I 2EXPSPACE-hardness for chain systems by adaptingLipton’s proof.

I O(NK ) chains (instead of O(2NK) counters with VASS).

I To factorize the encoding for all counters by just movingpointers.

SAT(LRV) is 2EXPSPACE-hard (ideas)

I Chain system A with n chains of size 2N .

I We build a formula over the alphabet of transitions.(model = accepting run)

I Standard counter-blind conditions easily expressible.

I Variables x and xαinc ,xαdec ,x

αi for every chain α and for

every i ∈ [1,N].

I The values for x and for the xαi ’s determine a counter c in[0,2N − 1].

I Any two positions have different values of xαinc .

I For each position operating on c containing an instruction‘first(α)?’ , we have c = 0.

I For each position operating on c, if it contains aninstruction ‘next(α)’ , then the next position operates onc + 1.

Extensions

Past obligations – PLRV

x

y

...z

0

0

0

9

4

0

8

5

4

7

4

5

4

4

2

2

1

9

8 7 4 4 8

⇑4 2 4 4

......

......

......

......

|= y ≈ 〈>?〉−1z

I There is a polynomial-time reduction from SAT(PLRV) intoSAT(PLRV>).

I SAT(PLRV>) is decidable [Demri & D’Souza & Gascon, JLC 09].

I Polynomial-space reduction from Reach(VASS) intoSAT(PLRV).

I Same proof as the one in [Bojanczyk et al., LICS’06] forFO2(∼, <,+1) except that PLRV is used.

Robustness

I SATω(LRV) is 2EXPSPACE-complete.

I SATω(PLRV) is decidable.

I For every k ≥ 1, SAT(LRV>k ) is PSPACE-complete.(use of Rackoff’s result on the covering problem for VASS)

I SAT(LRV1) is 2EXPSPACE-hard.

I SAT(LRVvec(X,U)) is undecidable.

σ, i |= (x1,x2) ≈ 〈ϕ?〉(y1,y2) iff there exists j s.t. i < j < |σ|, σ, j |= ϕ,σ(i)(x1) = σ(j)(y2) & σ(i)(x2) = σ(j)(y2).

Concluding remarks

LRV>k : PSPACE-complete

LRV ≡ LRV> ≡ LRV1 ≡ LRV + {⊕1, . . . ,⊕k} : 2EXPSPACE-complete

PLRV ≡ PLRV> ≡ PLRV1≡ Reach(VASS)

LRV>vec : undecidable