Mathematik / Informatik

Size: px

Start display at page:

Download "Mathematik / Informatik"

Shon Wilkinson
6 years ago
Views:

1 .. UNIVERSITAT TRIER Mathematik / Informatik Forschungsbericht Nr Fast and Simple Nested Fixpoints Helmut Seidl FB IV { Informatik Universitat Trier D{54286 Trier, Germany seidl@psi.uni-trier.de Electronic copies of technical reports are available: Printed copies: Via FTP: Via WWW: Via URL ftp://ftp.informatik.uni-trier.de/pub/users-root/reports URL Send a mail to ftpmail@ftp.informatik.uni-trier.de, subject HELP, for detailed instructions Trierer Forschungsberichte Fachbereich IV - Mathematik / Informatik.. Universitat Trier D Trier ISSN

2 Fast and Simple Nested Fixpoints Helmut Seidl FB IV { Informatik Universitat Trier D{54286 Trier, Germany seidl@psi.uni-trier.de March 1, 1996 Abstract We give an alternative proof of the result of Long et al. in [11] that nested xpoint expressions e of alternation depth d > 0 can be evaluated over a complete lattice of height h in time O((h jej) d=2+2 ). The advantage of our proof is that it is both extremely short and extremely simple. 1 Introduction Since Kozen's seminal paper [10] on modal { calculus in 1983, this logic has been widely used for the specication of properties of concurrent processes (see, e.g., [12, 13]). Especially, the model checking problem, i.e., the question to determine whether or not a given system satises a formula, has attracted attention. In [7], Emerson and Lei presented an algorithm where the exponent in the worstcase complexity is given by d + 1 where d is the alternation depth of the formula to be veried. Their method has been rened by Cleaveland, Klein and Steen [6]. For formulas of alternation depth 0, even linear algorithms have been proposed (see, e.g., [2], [1] or [5]). For other important fragments of {calculus, Emerson, Jutla and Sistla exhibited polynomial algorithms [8]. A major improvement in the general case has been achieved by Long et al. [11]. They pointed out that the exponent in the worst case complexity can be lowered even to \about" d=2+1. Their paper explains the method for certain special kinds of formulas. Nevertheless, the argumentation is non{trivial and involved. Their result itself, however, is (at least to our opinion) so important that a simpler explanation is worthwhile. In fact, our argumentation turns out to be almost trivial. Our idea consists in removing one sort of xpoint iterations simply by syntactical iteration, i.e., unfolding. The whole art consists in doing so without overly increasing the size of the resulting system. 1 To make our idea precise, this short note is organized as follows. Section 2 introduces basic notions concerning (hierarchical) systems of equations. Section 3 deals with the case of alternation depth 0. Section 4 formalizes our idea of syntactical removal of xpoint iterations and derives the main result. Section 5 contains a brief discussion of our method and concludes. 2 A Fixpoint Calculus In essence, the model checking problem for { formulas boils down to the evaluation of a xpoint expression like x 1 :f 1 (x 2 :f 2 (h(x 1 ); x 2 ); y:g(h(x 1 ); y) over some nite complete lattice. Instead of dening such kinds of expressions (together with their semantics) formally, we prefer to introduce the slightly more exible concept of

3 hierarchical systems of equations. By a subsequent example, we hope to convince the reader that xpoint expressions very easily can be translated into our formalism. Assume we are given a nite complete lattice D of height h, i.e., the maximal number of elements in a strictly increasing sequence d d : : d h in D equals h + 1. Let denote a set of operator symbols where each f 2 denotes a monotonic function [f ] : D k! D for some k 1. As right hand sides of equations we allow expressions built up from formal variables from some set Y and constants by application of operators from. The set of all these expressions is denoted by E [D (Y). Every expression f 2 E [D (Y) denotes a function [f ] : (Y! D)! D. This function is monotonic since all operations in are monotonic. A hierarchical system of equations with free variables from F is a pair (S; H). S is the basic set of equations x = f x ; x 2 X, where for every x, f x is an expression in E [D (X [ F), and H is a hierarchy on X. A hierarchy consists of a sequence H = (hx k ; k i; : : : ; hx 1 ; 1 i) of mutually disjoint nonempty sets X j where X X 1 [ : : : [ X k together with qualications j 2 f; g. Intuitively, hierarchy H on S is introduced in order to reect the nesting of scopes of variables within which xpoint iteration is performed. The set X 0 = X n(x 1 [ : : : [ X k ) represents the \non{recursive" auxiliary variables. Therefore, we assume a partial ordering \" on x 2 X 0 such that y 2 X 0 occurs in right hand side f x ; x 2 X 0 only if y < x. Fixpoint iteration is (potentially) performed on the variables in X 1 [ : : : [ X k. These are therefore also called iteration variables. Example 1 Assume we are given a xpoint expression like x 1 :f 1 (x 2 :f 2 (h(x 1 ); x 2 ); y:g(h(x 1 ); y) A representation of this formula by a hierarchical system is obtained by introducing an extra 2 equation for each xpoint subexpression. For our example this gives set S consisting of: x 1 = f 1 (x 2 ; y) x 2 = f 2 (h(x 1 ); x 2 ) y = g(h(x 1 ); y) Hierarchy H now is obtained by dividing the set of xpoint variables of into \layers" within which only xpoints of the same kind occur. Thus for our example formula, H = (hx 2 ; i; hx 1 ; i) where X 1 = fyg and X 2 = fx 1 ; x 2 g. Auxiliary variables can be introduced for returning the result for the whole formula (in case it does not have a xpoint on top level) or to remove multiple occurrences of the same subexpression. In our example, we could introduce a fresh auxiliary variable z to receive the value for h(x 1 ). This results in the following set of equations: x 1 = f 1 (x 2 ; y) x 2 = f 2 (z; x 2 ) y = g(z; y) z = h(x 1 ) Usually, if H is understood, we write S for the hierarchical system. We also denote the fact that X j is qualied with j by X j : j. Fix some 0 j k, and let X 0 = X 0 [ : : :[X j. Then the j{th subsystem S j of S is given by the base set of equations x = f x ; x 2 X 0 ; together with hierarchy H j = (hx j ; j i; : : : ; hx 1 ; 1 i). Note that the free variables of S j are contained in F [ X j+1 [ : : : [ X k. An environment for S is a mapping : F! D. The solution of S relative to environment in D, denoted by [S ], is a mapping X! D. It is dened by induction on length k of hierarchy H. If k = 0, then no xpoint iteration is necessary. Values [S ] x; x 2 X 0 i, are simply obtained by successively evaluating right hand sides according to ordering \". For k > 0, let X 0 = X nx k and S k?1 denote the (k? 1){th subsystem of S. Dene 2

4 R : (F [X k! D)! X 0! D by R (+) x = [[S k?1 ]] ( + ) x whenever x 2 X 0. Note that we use the \+"{operator to combine two functions with disjoint domains into one. Consider monotonic function G : (X k! D)! X k! D given by G x = [f x ] ( + + R ( + )). In case X k is qualied as, let denote the least xpoint of G. Otherwise, let denote the greatest xpoint of G. Then [S ] is dened by [[S]] x = x if x 2 X k and [[S]] x = [[S k?1 ] ( + ) x if x 2 X 0. Fact 1 Assume k > 1 and S is system of equation with hierarchy H given by (hx k ; k i; hx k?1 ; k?1 i; : : : ; hx 1 ; 1 i). If k = k?1 then for every environment, S together with H has the same solution as S together with hierarchy (hx k [ X k?1 ; k i; hx k?2 ; k?2 i; : : : ; hx 1 ; 1 i). 2 Proposition 2 Given a system S of alternation depth 0 and environment for the free variables in S, the solution of S can be computed in time O(h jsj). 2 4 Syntactical Removal of Fixpoint Iterations The idea of our algorithm is based on the trivial observation that in a lattice of height h, the least xpoint is reached after at most h iterations. Dene the n{th iterate of g on d by g 0 d = d and for n > 0, g n d = g(g n?1 d). We have: Observation 3 If g : D! D is monotonic then the least xpoint (resp. greatest xpoint) of g is given by g h? (resp. g h >). 2 It follows that we can always remove successive occurrences of 's or 's in the hierarchy until we end up with a hierarchy (hx k ; k i; : : : ; hx 1 ; 1 i) where j 6= j?1 for all j > 1. Systems with this property are called normalized. If k is the length of the hierarchy of a normalized system then k?1 is also called its alternation depth. 3 Systems with Alternation Depth 0 For simplicity, let us assume that our algorithm is implemented on a Random Access Machine with uniform cost measure, i.e., storing and retrieving elements from D, comparing elements from D for equality and applying operators from are all counted for 1. Accordingly, P we dene the size of system S as jsj = x2x 1 + jf x j. In case the alternation depth of system S equals 0, computation of the solution reduces to the task of computing the least (resp. greatest) solution of an ordinary system of equations over complete lattice D. This can be done by an standard worklist algorithm. We conclude: The same observation holds true for monotonic mapping g : (Y! d)! (Y! d) if exponent h is replaced with exponent q = h #Y. So let S denote a normalized system of alternation depth k with hierarchy (hx k+1 ; k+1 i; : : : ; hx 1 ; 1 i). For every n 1 and : X k+1! D, we construct system S n () with alternation depth k?1. S n () is obtained from S by (syntactically) unroling the iteration on the variables in X k+1. 3 Dene X 00 = fhx; ji j x 2 X ; 0 j < ng, and X 0 = X [ X 00. S n () consists of the equations x = f 0 x ; x 2 X 0, together with hierarchy (hx 0 k; k i; : : : ; hx 0 1; 1 i) where for j = 1; : : : ; k, X 0 j = X j [ fhx; ii j x 2 X j ; 0 i < ng. The right hand sides f 0 x of the equations are dened as follows. If x 2 X k+1, then fx 0 is obtained from f x by replacing each occurrence of variable y 2 X through hy; n? 1i; f 0 = x, and hx;0i for j > 0, f 0 hx;ji is obtained from f x by replacing each occurrence of variables y through hy; j? 1i;

5 If x 2 X nx k+1, then f 0 x f x, and for all j, f 0 hx;ji is obtained from f x by replacing each occurrence of y 2 X with hy; ji. Intuitively, S n () is obtained by taking n extra copies of S. The variables hx; ji, x 2 X k+1, are meant to receive the j{th iteration for variable x. hx; 0i receives the start value x for the iteration whereas for j > 0, the value of hx; ji is computed relative to the values of hx i 0; j? 1i, i.e., the former approximations. Finally, variables x receive the values of the n{th approximation. Example 2 Consider the system of equations from our last example and assume we are going to compute its solution over lattice D = 1g with height 1. Removing least xpoint iteration on fx 1 ; x 2 g results in: x 1 = f 1 (hx 2 ; 1i; hy; 1i) x 2 = f 2 (hz; 1i; hx 2 ; 1i) hx 1 ; 1i = f 1 (hx; 0i; hy; 0i) hx 2 ; 1i = f 2 (hz; 0i; hx; 0i) hx 1 ; 0i =? hx 2 ; 0i =? y = g(z; y) hy; 1i = g(hz; 1i; hy; 1i) hy; 0i = g(hz; 0i; hy; 0i) z = h(x 1 ) hz; 1i = h(hx 1 ; 1i) hz; 0i = h(hx; 0i) with hierarchy H = (hx 1 ; i) where X 1 = fy; hy; 1i; hy; 0ig. Note that variables x i ; hx i ; ji now have become auxiliary js n ()j (n + 1) jsj. 2. S n () can be constructed from S in time O((n + 1) jsj). 3. If h #X k+1 n and X k+1 : then [S ] x = [S n (?)] x for all x 2 X where variable assignment? maps every x 2 X k+1 to?. In case X k+1 :, the same holds true if? is replaced with >, mapping every x 2 X k+1 to >. 2 We combine Fact 1 together with Prop. 4 to derive our main Theorem: Theorem 1 Assume S is a normalized hierarchical system of alternation depth d > 0 with n iteration variables. Then there exists a system S 0 of alternation depth 0 with identical set of free variables such that the following holds: 1. If d is odd, js 0 j ( hn d+1 + 1)(d+1)=2 jsj; If d is even, js 0 j ( hn d + 1)d=2+1 jsj; 2. js 0 j can be constructed in time proportional to its size; 3. [S ] x = [S 0 ] x for every environment and every variable x of S. Proof. Iteratedly applying Prop. 4 to the subsystems of S we either may remove from the hierarchy all subsets qualied with or all subsets qualied with. Subsequent normalization according to Fact 1 yields the desired system S 0. It remains to estimate the size of S 0. Let n 1 ; : : : ; n s be the sequence of sizes of the sets in the hierarchy qualied as and m 1 ; : : : ; m t the corresponding sequence for sets qualied as. If we remove all sets qualied from the hierarchy, we obtain from Prop. 4: We have: Proposition 4 Let be an environment for S (and hence also for each S n ()). Then the following holds: 4 js 0 j (n 1 h + 1) (n s h + 1) jsj Likewise, if we remove all sets qualied from the hierarchy, we obtain js 0 j (m 1 h + 1) (m t h + 1) jsj

6 We may remove that kind of qualication where sizes sum up to n=2. W.l.o.g. assume that this is again the case for, i.e., n 1 + : : : + n s n. First assume d is odd. Then s = t = (d + 1)=2. Hence, (n 1 h + 1) (n s h + 1) ( nh 2s + 1)s ( nh d )(d+1)=2 Now consider the case where d is even. Since s + t = d + 1 and js? tj 1, we have: d=2 s; t d= Therefore, (n 1 h + 1) (n s h + 1) ( nh 2s + 1)s and our assertion follows. ( nh d Finally applying Prop. 2, we conclude: + 1)d=2+1 Corollary 2 The solution of a normalized system S of alternation depth d > 0 and with n iteration variables can be computed in time O(( hn d + 1)d=2+1 h jsj). 2 Corollary 3 A xpoint expression e with alternation depth d > 0 and n occurrences of or can be evaluated in time O(( hn d +1)d=2+1 h jej). 2 5 Discussion and Conclusion We presented a simple method for computing the solution of hierarchical system S of equations. The algorithm has the same or even slightly better estimation of its worstcase complexity than the one sketched in [11]. Additional benet is gained from the new distinction between iteration variables and auxiliary ones. In light of our exposition, the algorithmic idea of Long et al. in [11] can be interpreted as evaluating system S 0 (which we constructed by syntactical xpoint removal) without explicitly 5 constructing S 0. Their hope is that usually xpoints are reached after much fewer iterations than theoretically possible. It seems, however, that this potential gain may as well be achieved by our method if we do not construct S 0 in advance but create an algorithmic description of it and apply some general demand{driven equation solver (e.g., the one from [9]) which builds up the system to be evaluated \by need". Acknowledgement: Many thanks to Andre Arnold whose patiently listened to rough sketches of the ideas and encouraged submission for publication. 6 References [1] H.R. Andersen: Model Checking and Boolean Graphs. Proc. ESOP'92, LNCS 582, 1{19, 1992 [2] A. Arnold, P. Crubille: A Linear Time Algorithm for Solve Fixpoint Equations on Transition Systems. Inf. Proc. Letters (29), 57{66, 1988 [3] O. Bernholtz, M.V. Vardi, P. Wolper: An Automata{Theoretic Approach to Branching{ Time Model Checking (Extended Abstract). Proc. Conf. Computer Aided Verication, LNCS 818, 142{155, 1994 [4] J.R. Burch, E.M. Clarke, K.L. McMillan: Symbolic Model Checking States and Beyond. Inf. and Comput. 98, 142{170, 1992 [5] R. Cleaveland, B. Steen: A Linear Time Model Checking Algorithm for the Alternation{Free Modal {Calculus. Proc. 3rd CAV'91, LNCS 575, 1991 [6] R. Cleaveland, M. Klein, B. Steen: Faster Model Checking for the Modal {Calculus. Proc. of fourth CAV'92, LNCS 663, 410{422, 1996 [7] E.A. Emerson, C.{L. Lei: Ecient Modell Checking in Fragments of the Propositional { Calculus. Proc. 1st IEEE Symp. on Logic in Computer Science, 267{278, 1986 [8] E.A. Emerson, C.S. Jutla, A.P. Sistla: On Model{Checking for Fragments of {Calculus. Proc. Conf. on Computer Aided Verication, LNCS 697, 385{396, 1993

7 [9] C. Fecht, H. Seidl: An Even More Ecient Solver for General Systems of Equations. Tech. Report Saarbrucken and Trier, 1996 [10] D. Kozen: Results on the Propositional { Calculus. TCS 27, 333{354, 1983 [11] D.E. Long, A. Browne, E.M. Clarke, S. Jha, W.R. Marrero: An Improved Algorithm for the Evaluation of Fixpoint Expressions. Proc. Conf. on Computer Aided Verication, LNCS 818, 338{350, 1994 [12] C. Stirling: Modal and Temporal Logics. In: S. Abramsky, D. Gabbay, and T. Maibaum (eds.): Handbook of Logic in Computer Science, 477{563, 1992 [13] M.Y. Vardi: A Temporal Fixpoint Calculus. Proc. 15th POPL, 250{259, 1988 [14] M.Y. Vardi, P. Wolper: Automata{Theoretic Techniques for Modal Logics of Programs. JCSS 32, 183{221,

Model Checking Real-Time Properties. of Symmetric Systems? E. Allen Emerson and Richard J. Treer. Computer Sciences Department and

Model Checking Real-Time Properties of Symmetric Systems? E. Allen Emerson and Richard J. Treer Computer Sciences Department and Computer Engineering Research Center University of Texas, Austin, TX, 78712,