DP Lower Bounds for Equivalence-Checking and Model-Checking of One-Counter Automata 2

Transcription

1 DP Lower Bounds for Equivlence-Checking nd Model-Checking of One-Counter Automt 2 Petr Jnčr,1, Antonín Kučer,1, Fron Moller c, Zdeněk Sw,1 Dept. of Computer Science, FEI, Technicl University of Ostrv, 17. listopdu 15, CZ Ostrv, Czech Repulic. {Petr.Jncr,Zdenek.Sw}@vs.cz Fculty of Informtics, Msryk University, Botnická 68, CZ Brno, Czech Repulic. tony@fi.muni.cz c Dept. of Computer Science, University of Wles Swnse, Singleton Prk, Swnse SA2 8PP, Wles. F.G.Moller@swnse.c.uk Astrct We present generl method for proving DP-hrdness of prolems relted to forml verifiction of one-counter utomt. For this we show reduction of the SAT-UNSAT prolem to the truth prolem for frgment of (Presurger) rithmetic. The frgment contins only specil formuls with one free vrile, nd is prticulrly pt for trnsforming to simultion-like equivlences on one-counter utomt. In this wy we show tht the memership prolem for ny reltion susuming isimilrity nd susumed y simultion preorder is DP-hrd (even) for one-counter nets (where the counter cnnot e tested for zero). We lso show DP-hrdness for deciding simultion etween one-counter utomt nd finite-stte systems (in oth directions), nd for the model-checking prolem with onecounter nets nd the rnching-time temporl logic EF. Key words: One-Counter Mchines, Equivlence-Checking, Model-Checking 1 Introduction In concurrency theory, process is typiclly defined to e stte in trnsition system, which is triple T = (S, Σ, ) where S is set of sttes, Σ is set of ctions nd S Σ S is trnsition reltion. We write s t insted of (s,, t), nd we extend this nottion in the nturl wy to elements of Σ. A stte t is rechle from stte s, written s t, iff s w t for some w Σ. 1 Supported y the Grnt Agency of the Czech Repulic, grnt No. 201/00/ The pper is sed on results which previously ppered in [7,11]. Preprint sumitted to Elsevier Science 12 April 2008

2 We consider processes generted y one-counter utomt, nondeterministic finitestte utomt operting on single counter vrile which tkes vlues from the set N = {0, 1, 2,...}. Formlly this is tuple A = (Q, Σ, δ =, δ >, q 0 ) where Q is finite set of control sttes, Σ is finite set of ctions, δ = : Q Σ P(Q {0, 1}) nd δ > : Q Σ P(Q { 1, 0, 1}) re trnsition functions (where P(M) denotes the power-set of M), nd q 0 Q is distinguished initil control stte. δ = represents the trnsitions which re enled when the counter vlue is zero, nd δ > represents the trnsitions which re enled when the counter vlue is positive. A is one-counter net if nd only if for ll pirs (q, ) Q Σ we hve tht δ = (q, ) δ > (q, ). To the one-counter utomton A we ssocite the trnsition system T A = (S, Σ, ), where S = {p(n) : p Q, n N} nd is defined s follows: n = 0, nd (q, i) δ = (p, ); or p(n) q(n + i) iff n > 0, nd (q, i) δ > (p, ). Note tht ny trnsition increments, decrements, or leves unchnged the counter vlue; nd decrementing trnsition is only possile if the counter vlue is strictly positive. Also oserve tht when n > 0 the immedite trnsitions of p(n) do not depend on the ctul vlue of n. Finlly note tht one-counter net cn in sense test if its counter is nonzero (tht is, it cn perform some trnsitions only on the proviso tht its counter is nonzero), ut it cnnot test in ny sense if its counter is zero. For ese of presenttion, we understnd finite-stte systems (corresponding to trnsition systems with finitely mny sttes) to e one-counter nets where δ = = δ > nd the counter is never chnged. Thus, the prts of T A rechle from p(i) nd p(j) re isomorphic nd finite for ll p Q nd i, j N. Remrk 1 The clss of trnsition systems generted y one-counter nets is the sme (up to isomorphism) s tht generted y the clss of lelled Petri nets with (t most) one unounded plce. The clss of trnsition systems generted y onecounter utomt is the sme (up to isomorphism) s tht generted y the clss of reltime pushdown utomt (i.e. pushdown utomt without ε-trnsitions) with single stck symol (prt from specil ottom-of-stck mrker). The equivlence-checking pproch to the forml verifiction of concurrent systems is sed on the following scheme: the specifiction S (i.e., the intended ehviour) nd the ctul implementtion I of system re defined s sttes in trnsition systems, nd then it is shown tht S nd I re equivlent. There re mny wys to cpture the notion of process equivlence (see, e.g., [19]); however, simultion 2

3 nd isimultion equivlence [15,17] re of specil importnce, s their ccompnying theory hs found its wy into mny prcticl pplictions. Given trnsition system T = (S, Σ, ), simultion is inry reltion R S S stisfying the following property: whenever (s, t) R, if s s then t t for some t with (s, t ) R. s is simulted y t, written s t, iff (s, t) R for some simultion R; nd s nd t re simultion equivlent, written s t, iff s t nd t s. The union of fmily of simultion reltions is clerly itself simultion reltion; hence, the reltion, eing the union of ll simultion reltions, is in fct the mximl simultion reltion, nd is referred to s the simultion preorder. A chrcteristic property is tht s t iff the following holds: if s s then t t for some t with s t. A isimultion is symmetric simultion reltion, nd s nd t re isimultion equivlent, or isimilr, written s t, if they re relted y isimultion. Simultions nd isimultions cn lso e used to relte sttes of different trnsition systems; formlly, we cn consider two trnsition systems to e single one y tking the disjoint union of their stte sets. Let P nd Q e clsses of processes. The prolem of deciding whether given process s of P is simulted y given process t of Q is denoted y P Q; similrly, the prolem of deciding if s nd t re simultion equivlent (or isimilr) is denoted y P Q (or P Q, respectively). The clsses of ll one-counter utomt, one-counter nets, nd finite-stte systems re denoted A, N, nd F, respectively. In the model-checking pproch to forml verifiction, one defines the desired properties of the implementtion s formul in suitle temporl logic, nd then it is shown tht the implementtion stisfies the formul. There re mny temporl logics which cn e clssified ccording to vrious spects (see, e.g., [3,18] for n overview). The simplest (rnching-time nd ction-sed) temporl logic is Hennessy-Milner logic (HML) [15]. The syntx is given y Ψ ::= true Ψ 1 Ψ 2 Ψ Ψ Here rnges over countle lphet of ctions. Given trnsition system T = (S, Σ, ) nd n HML formul Ψ, we inductively define the denottion of Ψ, denoted [Φ], which is the set of ll sttes of T where the formul holds: [true] = S [Φ 1 Φ 2 ] = [Φ 1 ] [Φ 2 ] [ Φ] = S [Φ] 3

4 [ Φ] = {s S t S : s t t [Φ]} As usul, we write s = Φ insted of s [Φ]. The opertor dul to is [] defined y []Φ Φ. The other propositionl connectives re introduced in the stndrd wy. The logic EF is otined y extending HML with the (rechility) opertor. Its semntics is defined s follows: [ Φ] = {s S t S : s t t [Φ]} The formul Φ cn e phrsed there Exists Future stte such tht Φ holds ; this justifies the EF cronym. The dul opertor to is, defined y Φ Φ. The logic EF cn lso e seen s nturl frgment of CTL [3]. The stte of the rt: The N N prolem ws first considered in [1], where it ws shown tht if two one-counter net processes re relted y some simultion, then they re lso relted y semiliner simultion (i.e. simultion definle in Presurger rithmetic), which suffices for semidecidility (nd thus decidility) of the positive sucse. (The negtive sucse is semidecidle y stndrd rguments.) A simpler proof ws given lter in [8] y employing certin geometric techniques which llow you to conclude tht the simultion preorder (over given one-counter net) is itself semiliner. Moreover, it ws shown there tht the A A prolem is undecidle. The decidility of the A A prolem ws demonstrted in [4] y showing tht the gretest isimultion reltion over the sttes of given one-counter utomton is lso semiliner. The reltionship etween simultion nd isimultion prolems for processes of one-counter utomt hs een studied in [6] where it ws shown tht one cn effectively reduce certin simultion prolems to their isimultion counterprts y pplying technique proposed in [12]. The complexity of isimilrity-checking with one-counter utomt ws studied in [10], where the prolem N N is shown to e conp-hrd nd the prolem of wek isimilrity [15] etween N nd F processes even DP-hrd; moreover, the prolem A F ws shown to e solvle in polynomil time. Complexity ounds for simultionchecking were given in [11], where it ws shown tht the prolems N F nd F N (nd thus lso N F) re in P, while A F nd A F re conphrd (nd solvle in exponentil time). As for model-checking, we cn trnsfer upper complexity ounds from the results which were chieved for pushdown processes, ecuse A cn e seen s (proper) suclss of pushdown utomt (cf. Remrk 1). Hence, model-checking with logics like EF, CTL, CTL [3], or even the modl µ-clculus [9], is decidle in exponentil time for one-counter utomt processes [20]. However, the techniques for lower complexity ounds do not crry over to A. Another simple oservtion is tht model-checking for HML nd A processes is in P. This is ecuse the (in)vlidity of given HML formul Φ in stte s depends only on those sttes which re rechle from s long pth consisting of t most d trnsitions, where d is the nesting depth of the opertor 4

5 in Φ. Since the numer of sttes which re rechle from given one-counter utomt process p(i) is clerly polynomil in d nd the size of the underlying one-counter utomton, we cn esily design polynomil time model-checking lgorithm. (It contrsts with other models like BPA or BPP where model-checking HML is PSPACE-complete [13]). Our contriution: We generlize the technique used in [10] for estlishing lower complexity ounds for certin equivlence-checking prolems, nd present generl method for showing DP-hrdness of equivlence-checking nd model-checking prolems for one-counter utomt. (The clss DP [16] consists of those lnguges which re expressile s difference of two lnguges from NP, nd is generlly conjectured to e lrger thn the union of NP nd conp. Section 2.2 contins further comments on DP.) The generic prt of the method is presented in Section 2, where we define simple frgment of Presurger rithmetic, denoted OCL ( One- Counter Logic ) which is sufficiently powerful so tht stisfiility nd unstisfiility of oolen formuls re oth polynomilly reducile to the prolem of deciding the truth of formuls of OCL, which implies tht this ltter prolem is DP-hrd (Theorem 3); yet sufficiently simple so tht the prolem of deciding the truth of OCL formuls is polynomilly reducile to vrious equivlence-checking nd model-checking prolems (thus providing the ppliction prt of the proposed method). The reduction is typiclly constructed inductively on the structure of OCL formuls, thus mking the proofs redle nd esily verified. In Section 3.1 we pply the method to the N N prolem where is ny reltion which susumes isimilrity nd is susumed y simultion preorder (thus, esides isimilrity nd simultion equivlence lso, e.g., redy simultion equivlence or 2-nested simultion equivlence), showing DP-hrdness of these prolems (Theorem 6). In prticulr, we improve the conp lower ound for the N N prolem estlished in [10]. In Section 3.2 we concentrte on simultion prolems etween one-counter nd finite-stte utomt, nd prove tht A F, F A, nd A F re ll DP-hrd (Theorem 8). Section 3.3 is devoted to the complexity of model-checking with one-counter processes. As lredy mentioned, the modelchecking prolem for HML nd one-counter utomt processes is in P. We show tht model-checking with the logic EF is lredy intrctle: it is DP-hrd even for processes of one-counter nets nd fixed EF formul (Theorem 11). In prctice, temporl formuls re usully quite smll; hence, the fct tht the EF formul cn e fixed provides stronger evidence of computtionl intrctility. Finlly, in Section 4 we drw some conclusions nd present detiled summry of known results. 5

6 2 The OCL Frgment of Arithmetic In this section, we introduce frgment of (Presurger) rithmetic, denoted OCL ( One-Counter Logic ). We then show how to encode the prolems of stisfiility nd unstisfiility of oolen formuls in OCL, nd thus deduce DP-hrdness of the truth prolem for (closed formuls of) OCL. (The nme of the lnguge is motivted y reltionship to one-counter utomt which will e explored in the next section.) 2.1 Definition of OCL OCL cn e viewed s certin set of first-order rithmetic formuls. We shll riefly give the syntx of these formuls; the semntics will e ovious. Since we only consider the interprettion of OCL formuls in the stndrd structure of nturl numers N, the prolem of deciding the truth of closed OCL formul is well defined: Prolem: TRUTHOCL INSTANCE: A closed formul Q OCL. QUESTION: Is Q true? Let x nd y rnge over (first-order) vriles. A formul Q OCL cn hve t most one free vrile x (i.e., outside the scope of quntifiers); we shll write Q(x) to indicte the free vrile (if there is one) of Q; tht is, Q(x) either hs the one free vrile x, or no free vriles t ll. For numer k N, k stnds for specil term denoting k; we cn think of k s SS...S0, i.e., the successor function S pplied k times to 0. We stipulte tht size( k ) = k+1 (which corresponds to representing numers in unry). The formuls Q of OCL re defined inductively s follows; t the sme time we inductively define their size (keeping in mind the unry representtion of k ): Q size(q) () x = 0 1 () k x ( k divides x ; k>0) k+1 (c) k x ( k does not divide x ; k>0) k+1 (d) Q 1 (x) Q 2 (x) size(q 1 ) + size(q 2 ) + 1 (e) Q 1 (x) Q 2 (x) size(q 1 ) + size(q 2 ) + 1 (f) y x : Q (y) (x nd y distinct) size(q ) + 1 (g) x : Q (x) size(q ) + 1 6

7 We shll need to consider the truth vlue of formul Q(x) in vlution ssigning numer n N to the (possily) free vrile x; this is given y the formul Q[n/x] otined y replcing ech free occurrence of the vrile x in Q y n. Slightly using nottion, we shll denote this y Q(n). (Symols like i, j, k, n rnge over nturl numers, not vriles.) For exmple, if Q(x) is the formul y x : ((3 y) (2 y)), then Q(5) is true while Q(2) is flse; nd if Q(x) is closed formul, then the truth vlue of Q(n) is independent of n. 2.2 DP-hrdness of TRUTHOCL Recll the following prolem: Prolem: SAT-UNSAT INSTANCE: A pir (ϕ, ψ) of oolen formuls in conjunctive norml form (CNF). QUESTION: Is it the cse tht ϕ is stisfile while ψ is unstisfile? This prolem is DP-complete, which corresponds to n intermedite level in the polynomil hierrchy, hrder thn oth Σ p 1 nd Πp 1 ut still contined in Σp 2 nd Π P 2 (cf., e.g., [16]). Our im here is to show tht SAT-UNSAT is polynomil-time reducile to TRUTHOCL. In prticulr, we show how, given oolen formul ϕ in CNF, we cn in polynomil time construct (closed) formul of OCL which clims tht ϕ is stisfile, nd lso formul of OCL which clims tht ϕ is unstisfile (Theorem 3). First we introduce some nottion. Let Vr(ϕ) = {x 1,..., x m } denote the set of (oolen) vriles in ϕ. Furthermore, let π j (for j 1) denote the j th prime numer. For every n N define the ssignment ν n : Vr(ϕ) {true, flse} y true, if π j n, ν n (x j ) = flse, otherwise. Note tht for n ritrry ssignment ν there exists n n N such tht ν n = ν; it suffices to tke n = Π{ π j : 1 j m nd ν(x j )=true}. By ϕ ν we denote the truth vlue of ϕ under the ssignment ν. Lemm 2 There is polynomil-time lgorithm which, given oolen formul ϕ in CNF, constructs OCL-formuls Q ϕ (x) nd Q ϕ (x) such tht oth size(q ϕ ) nd size(q ϕ ) re in O( ϕ 3 ), nd such tht for every n N Q ϕ (n) is true iff Q ϕ (n) is flse iff ϕ νn = true. 7

8 PROOF. Let Vr(ϕ) = {x 1,..., x m }. Given literl l (tht is, vrile x j or its negtion x j ), define the OCL-formul Q l (x) s follows: Q xj (x) = π j x nd Q xj (x) = π j x. Clerly, Q l (n) is true iff Q l (n) is flse iff l νn = true. Formul Q ϕ (x) is otined from ϕ y replcing ech literl l with Q l (x). It is cler tht Q ϕ (n) is true iff ϕ νn = true. Formul Q ϕ (x) is otined from ϕ y replcing ech,, nd l with,, nd Q l (x), respectively. It is redily seen tht Q ϕ (n) is true iff ϕ νn = flse. It remins to evlute the size of Q ϕ nd Q ϕ. Here we use well-known fct from numer theory (cf, e.g., [2]) which sys tht π m is in O(m 2 ). Hence size(q l ) is in O( ϕ 2 ) for every literl l of ϕ. As there re O( ϕ ) literl occurrences nd O( ϕ ) oolen connectives in ϕ, we cn see tht size(q ϕ ) nd size(q ϕ ) re indeed in O( ϕ 3 ). We now come to the min result of the section. Theorem 3 Prolem SAT-UNSAT is reducile in polynomil time to TRUTHOCL. Therefore, TRUTHOCL is DP-hrd. PROOF. We give polynomil-time lgorithm which, given n instnce (ϕ, ψ) of SAT-UNSAT, constructs closed OCL-formul Q, with size(q) in O( ϕ 3 + ψ 3 ), such tht Q is true iff ϕ is stisfile nd ψ is unstisfile. Expressing the unstisfiility of ψ is strightforwrd: y Lemm 2, ψ is unstisfile iff the OCL-formul x : Q ψ (x) is true. Thus, let Q 2 e this formul. Expressing the stisfiility of ϕ is rther more involved. Let g = π 1 π 2...π m, where Vr(ϕ) = {x 1,..., x m }. Clerly ϕ is stisfile iff there is some n g such tht ϕ νn = true. Hence ϕ is stisfile iff the OCL-formul y x : Q ϕ (y) is true for ny vlution ssigning some i g to x. As it stnds, it is uncler how this might e expressed; however, we cn oserve tht the equivlence still holds if we replce the condition i g with i is multiple of g. In other words, ϕ is stisfile iff for every i N we hve tht either i = 0, or g i, or there is some n i such tht Q ϕ (n) is true. This cn e written s x : x = 0 ( π 1 x π m x) y x : Q ϕ (y) 8

9 We thus let Q 1 e this formul. Hence, (ϕ, ψ) is positive instnce of the SAT-UNSAT prolem iff the formul Q = Q 1 Q 2 is true. To finish the proof, we oserve tht size(q) is indeed in O( ϕ 3 + ψ 3 ). 2.3 TRUTHOCL is in Π p 2 The conclusions we drw for our verifiction prolems re tht they re DP-hrd, s we reduce the DP-hrd prolem TRUTHOCL to them. We cnnot improve this lower ound y much using the reduction from TRUTHOCL, s TRUTHOCL is in Π p 2. In this section we sketch the ides of proof of this fct. Theorem 4 TRUTHOCL is in Π p 2 PROOF. We strt y first proving tht for every formul Q(x) of OCL there is d with 0 < d 2 size(q) such tht Q(i) = Q(i d) for every i > 2 size(q). Hence, x : Q(x) holds iff x 2 size(q) : Q(x) holds. (Note tht x 2 size(q) : Q(x) is not formul of OCL.) We prove the existence of d for every formul Q(x) y induction on the structure of Q(x). If Q(x) is x = 0 then we cn tke d = 1; nd if Q(x) is k x or k x then we cn tke d = k. If Q(x) is Q 1 (x) Q 2 (x) or Q 1 (x) Q 2 (x), then we my ssume y the induction hypothesis the existence of the relevnt d 1 for Q 1 nd d 2 for Q 2. We cn then tke d = d 1 d 2 to give the desired property tht Q(i) = Q(i d) for every i > 2 size(q). If Q(x) is y x : Q (y) (x nd y distinct) then y the induction hypothesis there is d with 0 < d 2 size(q ) such tht Q (i) = Q (i d ) for every i > 2 size(q ). It follows tht if Q (i) is true for some i, then it is true for some i 2 size(q ) < 2 size(q) (recll tht size(q) = size(q ) + 1). Furthermore, if Q (i) is true for some i then Q(j) is true for every j i; on the other hnd, if Q (i) is flse for every i, then Q(j) is flse for every j. Thus we cn tke d = 1. If Q(x) is y : Q (y), then x is not free in Q (y), so the truth vlue of Q(i) does not depend on i nd we cn tke d = 1. 9

10 Next we note tht every OCL-formul Q(x) cn e trnsformed into formul Q(x) (which need not e in OCL) in (pseudo-)prenex form ( x 1 2 size(q 1) ) ( x k 2 size(q k) ) where ( y 1 z 1 ) ( y l z l ) F(x 1,..., x k, y 1,..., y l ) x i : Q i (x i ) is suformul of Q(x); ech z i {x 1,..., x k, y 1,..., y i 1 }; nd F(x 1,..., x k, y 1,..., y l ) is, -comintion of tomic suformuls of Q(x). This cn e proved y induction on the structure of Q(x). The only cse requiring some cre is the cse when Q(x) is of the form y x : Q (y), ecuse y z : P(y, z) nd z y : P(y, z) re not equivlent in generl, ut they re in our cse, s z never depends on y due to restrictions in OCL. Note tht the size of Q(x) is polynomil in size(q) (ssuming tht 2 size(q 1),..., 2 size(q k) re encoded in inry). We cn construct n lternting Turing mchine which first uses its universl sttes to ssign ll possile vlues (ounded s mentioned ove) to x 1,..., x k, then uses its existentil sttes to ssign ll possile vlues to y 1,..., y l, nd finlly evlutes (deterministiclly) the formul F(x 1,..., x k, y 1,..., y l ). It is cler tht this lternting Turing mchine cn e constructed so tht it works in time which is polynomil in size(q). This implies the memership of TRUTHOCL in Π p 2. 3 Appliction to One-Counter Automt Prolems As we mentioned ove, the lnguge OCL ws designed with one-counter utomt in mind. The prolem TRUTHOCL cn e reltively smoothly reduced to vrious verifiction prolems for such utomt, y providing relevnt constructions ( implementtions ) for the vrious cses ()-(g) of the OCL definition, nd thus it constitutes useful tool for proving lower complexity ounds (DP-hrdness) for these prolems. We shll demonstrte this for the N N prolem, where is ny reltion stisfying tht, nd then lso for the A F, F A, nd A F prolems. For the purposes of our proofs, we dopt grphicl representtion of onecounter utomt s finite grphs with two kinds of edges (solid nd dshed ones) which re lelled y pirs of the form (, i) Σ { 1, 0, 1}; insted of (, 1), (, 1), nd (, 0) we write simply, +, nd, respectively. A solid edge from p to q lelled y (, i) indictes tht the represented one-counter utomton cn mke trnsition p(k) q(k + i) whenever i 0 or k > 0. A dshed 10

11 edge from p to q lelled y (, i) (where i must not e 1) represents zerotrnsition p(0) q(i). Hence, grphs representing one-counter nets do not contin ny dshed edges, nd grphs corresponding to finite-stte systems use only lels of the form (, 0) (rememer tht finite-stte systems re formlly understood s specil one-counter nets). Also oserve tht the grphs cnnot represent non-decrementing trnsitions which re enled only for positive counter vlues; this does not mtter since we do not need such trnsitions in our proofs. The distinguished initil control sttes re indicted y lck circles. 3.1 Results for One-Counter Nets In this section we show tht, for ny reltion stisfying, the prolem of deciding whether two (sttes of) one-counter nets re in is DP-hrd. We first stte n importnt technicl result, ut defer its proof until fter we derive the desired theorem s corollry. Proposition 5 There is n lgorithm which, given formul Q = Q(x) OCL s input, hlts fter O(size(Q)) steps nd outputs one-counter net with two distinguished control sttes p nd p such tht for every k N we hve: if Q(k) is true then p(k) p (k); if Q(k) is flse then p(k) p (k). (Note tht if Q is closed formul, then this implies tht p(0) p (0) if Q is true, nd p(0) p (0) if Q is flse.) Theorem 6 For ny reltion such tht, the following prolem is DP-hrd: INSTANCE: A one-counter net with two distinguished control sttes p nd p. QUESTION: Is p(0) p (0)? PROOF. Given n instnce of TRUTHOCL, i.e., closed formul Q OCL, we use the (polynomil) lgorithm of Proposition 5 to construct one-counter net with the two distinguished control sttes p nd p. If Q is true, then p(0) p (0), nd hence p(0) p (0); nd if Q is flse, then p(0) p (0), nd hence p(0) p (0). Proof of Proposition 5: We proceed y induction on the structure of Q. For ech cse, we show n implementtion, i.e., the corresponding one-counter net N Q with two distinguished control sttes p nd p. Constructions re sketched y figures 11

12 which use our nottionl conventions; the distinguished control sttes re denoted y lck dots (the left one p, the right one p ). It is worth noting tht we only use two ctions, nd. () Q(x) = (x = 0): A suitle (nd esily verifile) implementtion looks s follows: p p (,c) Q(x) = k x or Q(x) = k x, where k>0: Given J { 0, 1, 2,..., k 1 }, let R J (x) = ((x modk) J). We shll show tht the formul R J (x) cn e implemented in our sense; tking J = {0} then gives us the construction for cse (), nd tking J = {1,..., k 1} gives us the construction for cse (c). An implementtion of R J (x), where for the point of illustrtion we hve 1, 2 J ut 0, 3, k 1 J, looks s follows: q 0 = p p q k 1 q 1 q 2 q 3 In this picture, ech node q i hs n outgoing edge going to ded stte; this edge is lelled if i J nd lelled if i J. It is strightforwrd to check tht the proposed implementtion of R J (x) is indeed correct. (d) Q(x) = Q 1 (x) Q 2 (x): We cn ssume (y induction) tht implementtions N Q1 of Q 1 (x) nd N Q2 of Q 2 (x) hve een constructed. N Q is constructed, using N Q1 nd N Q2, s follows: p p p Q1 p Q 1 p Q2 p Q 2 N Q1 N Q2 The dotted rectngles represent the grphs ssocited to N Q1 nd N Q2 (only the distinguished control sttes re depicted). Verifying the correctness of this construction is strightforwrd. (e) Q(x) = Q 1 (x) Q 2 (x): As in cse (d), the construction uses the implementtions of Q 1 (x) nd Q 2 (x); ut the sitution is slightly more involved in this 12

13 cse: p p p 1 p 2 p 3 p Q1 p Q 1 p Q2 p Q 2 To verify correctness, we first consider the cse when Q(k) is true. By induction, either p Q1 (k) p Q 1 (k) or p Q2 (k) p Q 2 (k). In the first cse, p Q1 (k) p Q 1 (k) implies tht p 1 (k) p 2 (k), which in turn implies tht p(k) p (k); similrly, in the second cse, p Q2 (k) p Q 2 (k) implies tht p 1 (k) p 3 (k), which lso implies tht p(k) p (k). Hence in either cse p(k) p (k). Now consider the cse when Q(k) is flse. By induction, p Q1 (k) p Q 1 (k) nd p Q2 (k) p Q 2 (k). Oviously, p Q1 (k) p Q 1 (k) implies tht p 1 (k) p 2 (k), nd p Q2 (k) p Q 2 (k) implies tht p 1 (k) p 3 (k). From this we hve p(k) p (k). (f) Q(x) = y x : Q 1 (y) (where x, y re distinct): We use the following construction: p p p 1 p 2 p 3 + p Q1 p Q 1 To verify correctness, we first consider the cse when Q(k) is true. This mens tht Q 1 (i) is true for some i k, which y induction implies tht p Q1 (i) p Q 1 (i) for this i k. Our result, tht p(k) p (k), follows immeditely from the following: Clim: For ll k, if p Q1 (i) p Q 1 (i) for some i k, then p(k) p (k). Proof: By induction on k. For the se cse (k=0), if p Q1 (i) p Q 1 (i) for some i 0, then p Q1 (0) p Q 1 (0), which implies tht p 1 (0) p 3 (0), nd hence tht p(0) p (0). For the induction step (k>0), if p Q1 (i) p Q 1 (i) for some i k, then either p Q1 (k) p Q 1 (k), which implies tht p 1 (k) p 3 (k) which in turn implies tht p(k) p (k); or p Q1 (i) p Q 1 (i) for some i k 1, which y induction implies tht p(k 1) p (k 1), which implies tht p 1 (k) p 2 (k 1), which in turn implies tht p(k) p (k). Next, we consider tht cse when Q(k) is flse. This mens tht Q 1 (i) is 13

14 flse for ll i k, which y induction implies tht p Q1 (i) p Q 1 (i) for ll i k. Our result, tht p(k) p (k), follows immeditely from the following: Clim: For ll k, if p(k) p (k) then p Q1 (i) p Q 1 (i) for some i k. Proof: By induction on k. For the se cse (k=0), if p(0) p (0) then p 1 (0) p 3 (0), which in turn implies tht p Q1 (0) p Q 1 (0). For the induction step (k>0), if p(k) p (k) then either p 1 (k) p 2 (k 1) or p 1 (k) p 3 (k). In the first cse, p 1 (k) p 2 (k 1) implies tht p(k 1) p (k 1), which y induction implies tht p Q1 (i) p Q 1 (i) for some i k 1 nd hence for some i k; nd in the second cse, p 1 (k) p 3 (k) implies tht p Q1 (k) p Q 1 (k). (g) Q = x : Q 1 (x): The implementtion in the following figure cn e esily verified. + p + p p Q1 p Q 1 For ny Q OCL, the descried construction termintes fter O(size(Q)) steps, ecuse we dd only constnt numer of new nodes in ech sucse except for () nd (c), where we dd O(k) new nodes (recll tht the size of k is k+1). 3.2 Simultion Prolems for One-Counter Automt nd Finite-Stte Systems Now we estlish DP-hrdness of the A F, F A, nd A F prolems. Agin, we use the (inductively defined) reduction from TRUTHOCL; only the prticulr constructions re now slightly different. By n implementtion we now men 4-tuple (A, F, F, A ) where A, A re onecounter utomt, nd F, F re finite-stte systems; the role of distinguished sttes is now plyed y the initil sttes, denoted q for A, f for F, f for F, nd q for A. We gin first stte n importnt technicl result, nd gin defer its proof until fter we derive the desired theorem s corollry. Proposition 7 There is n lgorithm which, given Q = Q(x) OCL s input, hlts fter O(size(Q)) steps nd outputs n implementtion (A, F, F, A ) (where q, f, f nd q re the initil control sttes of A, F, F nd A, respectively) such tht for every k N we hve: Q(k) is true iff q(k) f iff f q (k). 14

15 (Note tht if Q is closed formul, then this implies tht Q is true iff f q (0).) iff q(0) f Theorem 8 Prolems A F, F A, nd A F re DP-hrd. PROOF. Reclling tht TRUTHOCL is DP-hrd, DP-hrdness of the first two prolems redily follows from Proposition 7. DP-hrdness of the third prolem follows from simple (generl) reduction of A F to A F: given one-counter utomton A with initil stte q, nd finite-stte system F with initil stte f, we first trnsform F to F 1 y dding new stte f 1 nd trnsition f 1 f, nd then crete A 1 y tking (disjoint) union of A, F 1 nd dding f 1 q, where f 1 is the copy of f 1 in A 1. Clerly q(k) f iff f 1 (k) f 1. Proof of Proposition 7: We proceed y induction on the structure of Q. In the constructions we use only two ctions, nd ; this lso mens tht stte with non-decresing nd loops is universl, i.e, it cn simulte everything. () Q = (x = 0): A strightforwrd implementtion looks s follows: q f f q A F F A (,c) Q = k x or Q = k x, where k>0: Given J { 0, 1, 2,..., k 1 }, let R J (x) = ((x modk) J). We shll show tht the formul R J (x) cn e implemented in our sense; tking J = {0} then gives us the construction for cse (), nd tking J = {1,..., k 1} gives us the construction for cse (c). An implementtion of R J (x), where 1, 2 J ut 0, 3, k 1 J, looks s 15

16 follows: f 0 = f q 0 = q q f 1 f 2 f k 1 f q k 1 q 1 q 2 f 3 q 3 A F F A In this picture, node f i hs -loop in F, nd node q i hs n outgoing dshed -edge in A, iff i J. It is strightforwrd to check tht the proposed implementtion of R J (x) is indeed correct. (d) Q(x) = Q 1 (x) Q 2 (x): The elements of the implementtion (A Q, F Q, F Q, A Q ) for Q cn e constructed from the respective elements of the implementtions for Q 1, Q 2 (ssumed y induction): A Q from A Q1 nd A Q2 ; F Q from F Q1 nd F Q2 ; F Q from F Q 1 nd F Q 2 ; nd A Q from A Q 1 nd A Q 2. All these cses follow the schem depicted in the following figure: Q 1 Q 2 Correctness is esily verifile. (e) Q(x) = Q 1 (x) Q 2 (x): We give constructions just for A nd F (the constructions for F nd A re lmost identicl): q q 1 q Q1 q Q2 Q 1 Q 2 f f 1 f 2 u f Q1 f Q2 Q 1, Q 2 For ny k, Q(k) is true iff Q 1 (k) is true or Q 2 (k) is true, which y induction is true iff q Q1 (k) f Q1 or q Q2 (k) f Q2, which is true iff q 1 (k) f 1 or q 1 (k) f 2, which in turn is true iff q(k) f. (f) Q(x) = y x : Q 1 (y) (where x, y re distinct): We use the following 16

17 constructions: q f f q Q 1, Q 1 f 1 f Q Q 1 1 q 1 q 2 u, q Q Q 1 1 A F F A We prove tht the construction is correct for F nd A (the other cse eing similr). Q(k) is true iff Q 1 (i) is true for some i k, which y induction is true iff f Q 1 q Q 1 (i) for some i k, which in turn is true iff f 1 q 2(i) for some i k. Our result, tht this is true iff f q (k), follows immeditely from the following: Clim: For ll k, f q (k) iff f 1 q 2 (i) for some i k. Proof: By induction on k. For the se cse (k=0), the result is immedite. For the induction step (k>0), first note tht f 1 q 1 (k 1) iff f q (k 1), which y induction is true iff f 1 q 2 (i) for some i k 1. Thus f q (k) iff f 1 q 2(k) or f 1 q 1(k 1), which is true iff f 1 q 2(k) or f 1 q 2 (i) for some i k 1, which in turn is true iff f 1 q 2 (i) for some i k. (g) Q = x : Q 1 (x): It is esy to show the correctness of the implementtion in the following figure. + q f f + q u, q Q1 f Q1 f Q 1 q Q 1 A F F A For ny Q OCL, the descried construction termintes fter O(size(Q)) steps, ecuse we dd only constnt numer of new nodes in ech sucse except for () nd (c), where we dd O(k) new nodes. 17

18 3.3 Model-Checking the Logic EF for One-Counter Nets We prove tht the model-checking prolem for the logic EF nd N processes is DP-hrd, even for fixed EF formul. We strt with the following proposition: Proposition 9 There is n lgorithm which, given Q = Q(x) OCL s input, hlts fter O(size(Q)) steps nd outputs one-counter net with distinguished stte q nd n EF formul Φ Q such tht for every k N we hve: Q(k) is true iff q(k) = Φ Q. The constructed EF formul Φ Q is not yet fixed; ctully, it is not cler if the proof of Proposition 9 cn e modified so tht it returns the sme EF formul for every Q OCL. However, it is quite strightforwrd to modify the construction so tht it produces the sme EF formul for ll those Q OCL which cn e otined y pplying the construction of (the proof of) Theorem 3 to some instnce (ϕ, ψ) of TRUTHOCL. Thus we otin Proposition 10 Let Q e n OCL formul which cn e otined y pplying the construction of Theorem 3. There is (fixed) EF formul Φ nd n lgorithm which, given Q on input, hlts fter O(size(Q)) steps nd outputs one-counter net with distinguished stte q such tht for every k N we hve: Q(k) is true iff q(k) = Φ. Theorem 11 The model-checking prolem for the logic EF nd N processes is DP-hrd, even for fixed EF formul. Proof of Proposition 9: We proceed y induction on the structure of Q. All steps re esy to verify nd do not require detiled comments. () Q = (x = 0): q Φ Q = []flse 18

19 (,c) Q = k x or Q = k x, where k>0: q 0 = q q k 1 q 1 q 2 q 3 Φ Q = []flse or Φ Q = true (d,e) Q(x) = Q 1 (x) Q 2 (x) or Q(x) = Q 1 (x) Q 2 (x) q Q 1 Q 2 Φ Q = []Φ Q1 []Φ Q2 or Φ Q = Φ Q1 Φ Q2 (f) Q(x) = y x : Q 1 (y) (where x, y re distinct): q c Q 1 Φ Q = c Φ Q1 Here c is fresh (i.e., previously unused) ction. (g) Q = x : Q 1 (x): q c +, Q 1 Φ Q = [c]φ Q1 Agin, c is fresh ction. Proof of Proposition 10: Note tht the lgorithm of Theorem 3 produces OCL formuls with n lmost fixed structure: for given instnce (ϕ, ψ) of TRUTHOCL, it siclly plugs the ϕ nd ψ (in slightly modified form) into fixed templte. Therefore, we just need to modify the steps (d,e) of the previous lgorithm. (d,e) (i) Q(x) = u i=1 P i (x) v j=1 N j (x) where u + v 2, nd every P i nd 19

20 N j is of the form k i x nd k j x, respectively. q P 1 P u N 1 N v ΦQ = Φ P Φ N Here Φ P = []flse nd Φ N = true re the (fixed) formuls constructed for P i (x) nd N j (x), respectively. Also note tht if, e.g., u = 0, then the node q in the ove grph hs no -successors, ut the formul Φ Q keeps its form. (ii) Q(x) = u i=1 P i (x) v j=1 N j (x) where u + v 2, nd every P i nd N j is of the form k i x nd k j x, respectively. We construct the sme net s in (i) nd put Φ Q = []Φ P []Φ N. (iii) Q(x) = R 1 (x) R n (x) where n 2 nd every R i (x) is conjunction of the form discussed in (ii). q R 1 R m ΦQ = Φ R Here Φ R = []Φ P []Φ N is the (fixed) formul constructed for R i (x). (iv) Q(x) = R 1 (x) R n (x) where n 2 nd every R i (x) is disjunction of the form discussed in (i). We construct the sme net s in (iii) nd put Φ Q = []Φ R where Φ R = Φ P Φ N is the (fixed) formul constructed for R i (x). 4 Conclusions Intuitively, the reson why we could not lift the DP lower ound to some higher complexity clss (e.g., PSPACE) is tht there is no pprent wy to implement step-wise guessing of ssignments which would llow us to encode, e.g., the QBF prolem. The difficulty is tht if we modify the counter vlue, we were not le to find wy to check tht the old nd new vlues encode comptile ssignments which gree on certin suset of propositionl constnts. Ech such ttempt resulted in n exponentil low-up in the numer of control sttes. Known results out equivlence-checking with one-counter utomt re summrized in the following tle where rows correspond to different equivlences, resp. preorders, ( denotes wek isimilrity) nd columns correspond to different pirs 20

21 of checked systems: A A N N A F N F decidle [4] decidle [4] in P [10] in P [10] DP-hrd DP-hrd in EXPTIME in EXPTIME DP-hrd [10] DP-hrd [10] DP-hrd [10] DP-hrd [10] undecidle [8] decidle [1,8] in EXPTIME in P [11] DP-hrd DP-hrd undecidle [8] decidle [1,8] in EXPTIME in P [11] DP-hrd DP-hrd undecidle [8] decidle [1,8] in EXPTIME in P [11] DP-hrd DP-hrd Recently, it hs een shown in [14] tht the prolems N N nd A A re lredy undecidle. The EXPTIME upper ound of prolems A F, N F, A F, F A nd A F is due to the fct tht ll of the mentioned prolems cn e esily reduced to the model-checking prolem with pushdown systems (see, e.g., [5,12]) nd the modl µ-clculus which is EXPTIME-complete [20]. Known results for model-checking of one-counter utomt cn e summrized s follows: The model-checking prolem for HML nd A processes is in P. Model-checking with ny logic which susumes the logic EF nd which is susumed y the modl µ-clculus (it pplies to, e.g., EF, CTL, CTL, µ-clculus) is DP-hrd nd in EXPTIME. The lower complexity ound holds even for fixed formul. References [1] P. Adull nd K. Čer āns. Simultion is decidle for one-counter nets. InProceedings of CONCUR 98, volume 1466 of LNCS, pges Springer, [2] E. Bch nd J. Shllit. Algorithmic Numer Theory. Vol. 1, Efficient Algorithms. The MIT Press,

22 [3] E. Emerson. Temporl nd modl logic. Hndook of Theoreticl Computer Science, B: , [4] P. Jnčr. Decidility of isimilrity for one-counter processes. Informtion nd Computtion, 158(1):1 17, [5] P. Jnčr, A. Kučer, nd R. Myr. Deciding isimultion-like equivlences with finitestte processes. Theoreticl Computer Science, 258(1 2): , [6] P. Jnčr, A. Kučer, nd F. Moller. Simultion nd isimultion over one-counter processes. In Proceedings of STACS 2000, volume 1770 of LNCS, pges Springer, [7] P. Jnčr, A. Kučer, F. Moller, nd Z. Sw. Equivlence-checking with one-counter utomt: A generic method for proving lower ounds. In Proceedings of FoSSCS 2002, volume 2303 of LNCS, pges Springer, [8] P. Jnčr, F. Moller, nd Z. Sw. Simultion prolems for one-counter mchines. In Proceedings of SOFSEM 99, volume 1725 of LNCS, pges Springer, [9] D. Kozen. Results on the propositionl µ-clculus. Theoreticl Computer Science, 27: , [10] A. Kučer. Efficient verifiction lgorithms for one-counter processes. In Proceedings of ICALP 2000, volume 1853 of LNCS, pges Springer, [11] A. Kučer. On simultion-checking with sequentil systems. In Proceedings of ASIAN 2000, volume 1961 of LNCS, pges Springer, [12] A. Kučer nd R. Myr. Simultion preorder over simple process lgers. Informtion nd Computtion, 173(2): , [13] R. Myr. Strict lower ounds for model checking BPA. ENTCS, 18, [14] R. Myr. Undecidility of wek isimultion equivlence for 1-counter processes. In Proceedings of ICALP 2003, LNCS. Springer, [15] R. Milner. Communiction nd Concurrency. Prentice-Hll, [16] C. Ppdimitriou. Computtionl Complexity. Addison-Wesley, [17] D. Prk. Concurrency nd utomt on infinite sequences. In Proceedings 5 th GI Conference, volume 104 of LNCS, pges Springer, [18] C. Stirling. Modl nd temporl logics. Hndook of Logic in Comp. Sci., 2: , [19] R. vn Gleek. The liner time rnching time spectrum. Hndook of Process Alger, pges 3 99, [20] I. Wlukiewicz. Pushdown processes: Gmes nd model-checking. Informtion nd Computtion, 164(2): ,