ebook img

The Power of Priority Channel Systems PDF

0.71 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview The Power of Priority Channel Systems

The Power of Priority Channel Systems ∗ Christoph Haase Sylvain Schmitz Philippe Schnoebelen LSV, ENS Cachan & CNRS, France 3 Abstract 1 We introduce Priority Channel Systems, a new class of channel sys- 0 tems where messages carry a numeric priority and where higher-priority 2 messagescansupersedelower-prioritymessagesprecedingtheminthefifo n communication buffers. The decidability of safety and inevitability prop- a erties is shown via the introduction of a priority embedding, a well-quasi- J ordering that has not previously been used in well-structured systems. 9 We then show how Priority Channel Systems can compute Fast-Growing 2 functions and prove that the aforementioned verification problems are F -complete. ] ε0 O L 1 Introduction . s c Channel systems are a family of distributed models where concurrent agents [ communicatevia(usuallyunbounded)fifocommunicationbuffers,called“chan- 2 nels”. These models are well-suited for the formal specification and algorith- v mic analysis of communication protocols and concurrent programs (Boigelot 0 and Godefroid, 1999; Bouajjani and Habermehl, 1999; C´ec´e and Finkel, 2005). 0 Theyarealsoafundamentalmodelofcomputation,closelyrelatedtoPost’stag 5 5 systems. . A particularly interesting class of channel systems are the so-called lossy 1 0 channel systems (LCSs), where channels are unreliable and may lose mes- 3 sages (C´ec´e et al., 1996; Abdulla and Jonsson, 1996; Bouyer et al., 2012). For 1 LCSs, several important behavioral properties, like safety or inevitability, are : v decidable. This is because these systems are well-structured: transitions are i monotonicwrt.a(decidable)well-quasi-orderingoftheconfigurationspace(Ab- X dulla et al., 2000; Finkel and Schnoebelen, 2001). Beyond their applications in r a verification, LCSs have turned out to be an important automata-theoretic tool for decidability or hardness in areas like Timed Automata, Metric Temporal Logic, modal logics, etc. (Abdulla et al., 2005; Kurucz, 2006; Ouaknine and Worrell, 2007; Lasota and Walukiewicz, 2008). They are also a fundamental model of computation capturing the F -complexity level in Wainer et al.’s ωω Fast-Growing Hierarchy, see (Chambart and Schnoebelen, 2008; Schmitz and Schnoebelen, 2011, 2012). Despite their wide applicability, LCSs reveal shortcomings when applied to modeling systems or protocols that treat messages discriminatingly according ∗WorkpartiallyfundedbytheReacHardprojectANR11BS0200101. 1 to some specified rule set. An example is the prioritisation of messages, which iscentraltoensuringquality of service (QoS)propertiesinnetworkingarchitec- tures, and is usually implemented by allowing for tagging messages with some relative priority. For instance, the Differentiated Services (DiffServ) architec- ture, described in RFC 2475, allows for a field specifying the relative priority of an IP packet with respect to a finite set of priorities, and network links may decide to arbitrarily drop IP packets of lower priority in favor of higher priority packets once the network congestion reaches a critical point. Our contributions Inthispaper,weintroducePriority Channel Systems,or PCSsforshort,afamilyofchannelsystemswhereeachmessageisequippedwith aprioritylevel,andwherehigher-prioritymessagescansupersedelower-priority messages(thataredropped). Ourmodelabstractsfromthecontentsofmessages by just considering the priority levels (but see App. D for a generalization to infinitealphabetsofmessagecontents). WeshowthatPCSsarewell-structured whenconfigurationsareorderedbythe(prioritized)supersedingordering,anew well-quasi-orderingthatiscloselyrelatedtothegap-embeddingof(Schu¨tteand Simpson, 1985). This entails the decidability of safety and termination (among other properties) for PCSs. Using techniques from (Schmitz and Schnoebelen, 2011; Schu¨tte and Simp- son,1985),theproofthatthesupersedingorderingisawell-quasi-orderinggives an F upper bound on the complexity of PCS verification, far higher than the ε0 F -complete complexity of LCSs. ωω Inthesecondpartofthispaper,weproveamatchinglowerbound: building upon ideas and techniques developed for less powerful models (Chambart and Schnoebelen,2008;Schnoebelen,2010a;Haddadetal.,2012),weshowhowPCSs canrobustlysimulatethecomputationofFastGrowingFunctionsF (andtheir α inverses) for all ordinals α up to ε . 0 Along the way we show how some other well-quasi-ordered data structures, e.g. trees with strong embedding, can be reflected in strings with priority or- dering, opening the way to F upper bounds in other areas of algorithmic ε0 verification. 2 Priority Channel Systems We define Priority Channel Systems as consisting of a single process since this is sufficient for our purposes in this paper.1 Foreveryd∈N, thelevel-d priority alphabet isΣ d=ef{0,1,...,d}. Alevel-d d priority channel system (a “d-PCS”) is a tuple S = (Σ ,Ch,Q,∆) where Σ is d d as above, Ch = {c ,...,c } is a set of m channel names, Q = {q ,q ,...} is a 1 m 1 2 finitesetofcontrol states,and∆⊆Q×Ch×{!,?}×Σ ×Qisasetoftransition d rules (see below). 1Obviously, systems that are more naturally seen as made up of several concurrent com- ponents can be represented by a single process obtained as an asynchronous product of the components. 2 c!1 c!0 p q c!3 c?3 Figure 1: A simple single-channel 3-PCS. 2.1 Semantics The operational semantics of a PCS S is given under the form of a transition system. WeletConf d=efQ×(Σ∗)m bethesetofallconfigurationsofS,denoted S d C,D,... A configuration C = (q,x ,...,x ) records an instantaneous control 1 m point (a state in Q) and the contents of the m channels (sequences of messages from Σ ). A sequence x ∈ Σ∗ has the form x = a ...a and we let (cid:96) = |x|. d d 1 (cid:96) Concatenationisdenotedmultiplicatively, withεdenotingtheemptysequence. The labeled transition relation between configurations, denoted C →−δ C(cid:48), is generated by the rules in ∆ = {δ ,...,δ }. It is actually convenient to define 1 k three such transition relations, denoted →− , →− , and →− respectively. rel w # Reliable Semantics Westartwith→− thatcorrespondsto“reliable”steps, rel or more correctly steps with no superseding of lower-priority messages. As is standard, for a reading rule of the form δ = (q,c ,?,a,q(cid:48)) ∈ ∆, there is i a step C →−δ C(cid:48) if C = (q,x ,...,x ) and C(cid:48) = (q(cid:48),y ,...,y ) for some rel 1 m 1 m x ,y ,...,x ,y such that x = ay and x = y for all j (cid:54)= i, while for a 1 1 m m i i j j writing rule δ = (q,c ,!,a,q(cid:48)) ∈ ∆, there is a step C →−δ C(cid:48) if y = x a (and i rel i i x = y for all j (cid:54)= i). These “reliable” steps correspond to the behavior of j j queue automata, or (reliable) channel systems, a Turing-powerful computation model. Write-Superseding The actual behavior of PCSs, denoted →− , is best de- w finedasamodificationof→− ,andmorepreciselybymodifyingthesemanticsof rel writing rules. Formally, for δ =(q,c ,!,a,q(cid:48))∈∆, and for C,C(cid:48) as above, there i is a step C →−δ C(cid:48) if y = za for a factorization x = zz(cid:48) of x where z(cid:48) ∈ Σ∗, w i i i a i.e., where z(cid:48) only contains messages from the level-a priority subalphabet. In other words, after c !a, the channel will contain a sequence y obtained from x i i i by appending a in a way that may drop (erase) any number of suffix messages withpriority≤a,hencethe“z(cid:48) ∈Σ∗”requirement. (Andx =y forallj (cid:54)=i.) a j j Reading steps are unchanged so that C →−δ C(cid:48) implies C →−δ C(cid:48). This gives rel w rise to a transition system S d=ef(Conf ,→− ). w S w For example, the PCS from Figure 1 has the following run: !1 !3 !3 !3 ?3 p,0200→− q,021→− q,03→− q,033→− q,3→− p,ε w w w w w where in every configuration we underline the messages that will be superseded in the next step (and where, for simplicity, we do not write the full rule δ on the steps). Note that, as specified in the semantics, the first step could not be !1 “(p,0200) →− (q,21)”: the written 1 is not allowed to supersede the higher- w priority 2 hence it cannot supersede the 0 that is earlier in the channel. 3 Internal-Superseding Thereisanothersemanticsforpriorities,obtainedby extending reliable steps with internal superseding steps, denoted C c−i−#→k C(cid:48), # which can be performed at any time in an uncontrolled manner. Formally, for two words x,y ∈Σ∗ and k ∈N, we write x#−→k y ⇔def x is some d # a ...a , 1 ≤ k < |x| = (cid:96), a ≤ a and y = a ...a a ...a . In other 1 (cid:96) k k+1 1 k−1 k+1 (cid:96) words,thek-thmessageinxissupersededbyitsimmediatesuccessora ,with k+1 #k the condition that a is not of higher priority. We write x→− y when x−→ y k # # ∗ for some k, and use x←− y when y →− x. The transitive reflexive closure ←− # # # is called the superseding ordering and is denoted by ≤ . Put differently, →− is # # a rewrite relation over Σ∗ according to the rules {aa(cid:48) →a(cid:48) | 0≤a≤a(cid:48) ≤d}. d ThisisextendedtostepsbetweenconfigurationsbyC =(q,x ,...,x )c−i−#→k 1 m # C(cid:48) =(q(cid:48),y ,...,y ) ⇔def q =q(cid:48) and x #−→k y (and x =y for j (cid:54)=i). Further- 1 m i # i j j more, every reliable step is a valid step: for any rule δ, C →−δ C(cid:48) iff C →−δ C(cid:48), # rel givingrisetoasecondtransitionsystemassociatedwithS: S d=ef(Conf ,→− ). # S # E.g., the PCS from Fig. 1 can perform !1 #3 #1 #2 p,0200→− q,02001−→ q,0201−→ q,201−→ q,21 # # # # ∗ while, as we noted earlier, (p,0200)→(cid:54)− (q,21). w 2.2 Relating the Superseding Semantics The Write-Superseding semantics adopts a localized viewpoint, where a single systemorprotocolmanagesseveralprioritylevelsforitscommunicationthrough a fifo channel that can be congested. TheInternal-Supersedingsemanticsallowssupersedingtooccuratanytime (notjustwhenwriting)andanywhereinthechannel. Itisappropriatewhenab- stractingfromsituationswhereend-to-endcommunicationactuallygoesthrough a series of consecutive relays, network switches and buffers, each of them possi- bly handling the incoming traffic with a Write-Superseding policy. When developing the formal theory of PCSs, S , the Internal-Superseding # semantics,ismoreliberalandhardertocontrolthanS . Itisalsofiner-grained w than S (superseding occurs one message at a time) but this is less significant. w The consequence is that, in practice, it is usually easier to design a correct PCS (and proving its correctness) when one assumes the Write-Superseding semantics—aswedoinSection6—,whileitiseasiertodeveloptheformaltheory ofPCSswiththeInternal-Supersedingsemantics—aswedonext. However, the twosemanticsare, inasense, equivalentsinceS andS simulateoneanother: # w Proposition 1 (See App. A). Let C = (q,ε,...,ε) be a configuration with 0 + empty channels, and C be any configuration. Then C →− C if, and only if, f 0 w f + C →− C . 0 # f WeconcludethisdiscussionbyobservingthatPCSscansimulatelossychan- nel systems (in fact they can simulate the dynamic lossy channel systems and the timed lossy channel systems of (Abdulla et al., 2012), see App. B). Hence reachability and termination (see Thm. 2) are at least F -hard for PCSs, and ωω problems like boundedness or repeated control-state reachability (see (Schnoe- belen, 2010b) for more) are undecidable for them. 4 Remark 1 (Astricterpolicy?). Itispossibletodefineastricterpolicyforprior- ities where a higher-priority message may only supersede messages with strictly #k #k lower priority. Write x −→ y when x −→ y and x = a ...a has a < a . (cid:31) # 1 (cid:96) k k+1 This semantics is natural in some situations but the resulting model is Turing- powerful (see App. B) and not amenable to the wqo-based algorithmic tech- niques we develop for PCSs. 2.3 Priority Channel Systems are Well-Structured OurmainresultregardingtheverificationofPCSsisthattheyarewell-structured systems. RecallthatC ≤ D⇔defCissome(p,y ,...,y )andDis(p,x ,...,x ) # 1 m 1 m with x ≤ y for i = 1,...,m, or equivalently, C can be obtained from D by i # i internal superseding steps. Theorem 1 (PCSs are WSTSs). For any PCS S, the transition system S # with configurations ordered by ≤ is a well-structured transition system (with # stuttering compatibility). Proof. There are two conditions to check: 1. wqo: (Conf ,≤ ) is a well-quasi-ordering as will be shown next (see S # Thm. 3 in Section 3). 2. monotonicity: Checking stuttering compatibility (see (Finkel and Sch- noebelen, 2001, def. 4.4)) is trivial with the ≤ ordering. Indeed, assume # that C ≤ D and that C →− C(cid:48) is a step from the “smaller” configu- # # ∗ ration. Then in particular D →− C by definition of →− , so that clearly # # D →−+ C(cid:48) and D can simulate any step from C. # Observethatitwouldnotbesoeasytoprovewell-structurednessforS (to w begin with, another ordering would be required). A consequence of the well-structuredness of PCSs is the decidability of sev- eral natural verification problems. In this paper we focus on “Reachability”2 (givenaPCS,aninitialconfigurationC ,andasetofconfigurationsG⊆Conf , 0 S ∗ doesC →− DforsomeD ∈G?),and“Inevitability”(doallmaximalrunsfrom 0 # C eventually visit G?) which includes “Termination” as a special case. 0 Theorem 2 (Verifying PCSs). Reachability and Inevitability are decidable for PCSs with Internal-Superseding semantics. Proof (Sketch). The generic WSTS algorithms (Finkel and Schnoebelen, 2001) apply after we check the minimal effectivity requirements: the ordering ≤ be- # tweenconfigurationsisdecidable(eveninNLogSpace,seeSection3.2)andthe operational semantics is finitely branching and effective (one can compute the immediate successors of a configuration, and the minimal immediate predeces- sors of an upward-closed set). We note that Reachability and Coverability coincide (even for zero-length + + runs when C has empty channels) since →− coincides with ≥ ◦ →− , and 0 # # # that the answer to a Reachability question only depends on the (finitely many) 2Alsocalled“Safety”whenwewanttocheckthatGisnot reachable. 5 minimal elements of G. One can even compute Pre∗(G) for G given, e.g., as a regular subset of Conf . S For Inevitability, the algorithms in (Abdulla et al., 2000; Finkel and Sch- + noebelen, 2001) assume that G is downward-closed but, in our case where →− # + and ≥ ◦ →− coincide, decidability can be shown for arbitrary (recursive) G, # # as in (Schnoebelen, 2010b, Thm. 4.4). Remark 2. With Prop. 1 and standard coding tricks, Thm. 2 directly pro- vides decidability for Reachability and Termination when one assumes Write- Superseding semantics. 3 Priority Embedding This section focuses on the superseding ordering ≤ on words and establishes # the fundamental properties we use for reasoning about PCSs. Recall that ≤ d=ef ←−∗ , the reflexive transitive closure of the inverse of →− ; we prove # # # that (Σ∗,≤ ) is a well-quasi-ordering (a wqo). Recall that a quasi-ordering p # (X,(cid:52))isawqoifanyinfinitesequencex ,x ,x ,...overX containsaninfinite 0 1 2 increasing subsequence x (cid:52)x (cid:52)x (cid:52)··· i0 i1 i2 3.1 Embedding with Priorities Fortwowordsx,y ∈Σ∗, weletx(cid:118) y ⇔def x=a ···a andy canbefactoredas d p 1 (cid:96) y =z a z a ···z a with z ∈Σ∗ for i=1,...,(cid:96). For example, 201(cid:118) 22011 1 1 2 2 (cid:96) (cid:96) i ai p but 120 (cid:54)(cid:118) 10210 (factoring 10210 as z 1z 2z 0 needs z = 1 (cid:54)∈ Σ∗). If x (cid:118) y p 1 2 3 3 0 p then x is a subword of y and x can be obtained from y by removing factors of messages with priority not above the first preserved message to the right of the ∗ factor. In particular, x(cid:118) y implies y →− x, i.e., x≤ y. p # # The definition immediately yields: ε(cid:118) y iff y =ε, (1) p x (cid:118) y and x (cid:118) y imply x x (cid:118) y y , (2) 1 p 1 2 p 2 1 2 p 1 2 x x (cid:118) y imply ∃y (cid:119) x :∃y (cid:119) x :y =y y . (3) 1 2 p 1 p 1 2 p 2 1 2 Lemma 1. (Σ∗,(cid:118) ) is a quasi-ordering (i.e., is reflexive and transitive). d p Proof. Reflexivityisobviousfromthedefinition. Fortransitivity,considerx(cid:48) (cid:118) p x(cid:118) ywithx=a ···a andy =z a ···z a . InviewofEqs.(1–3)itisenough p 1 (cid:96) 1 1 (cid:96) (cid:96) to show x(cid:48) (cid:118) y in the case where |x(cid:48)|=1. Consider then x(cid:48) =a. Now x(cid:48) (cid:118) x p p implies a = a and a ≥ a , hence Σ∗ ⊆ Σ∗, for all i = 1,...,(cid:96). Letting (cid:96) i ai a z d=efz a ···z a z yields y =za for z ∈Σ∗. Hence x(cid:48) (cid:118) z. 1 1 (cid:96)−1 (cid:96)−1 (cid:96) a p We can now relate superseding and priority orderings with: Proposition 2. For all x,y ∈Σ∗, x(cid:118) y iff x≤ y. d p # #k Proof. Obviously, y −→ x allows x(cid:118) y with z being the superseded message # p k (and z = ε for i (cid:54)= k), so that ≤ is included in (cid:118) by Lem. 1. In the other i # p direction x(cid:118) y entails x≤ y as noted earlier. p # 6 3.2 Canonical Factorizations and Well-quasi-ordering For our next development, we define the height, written h(x), of a sequence x ∈ Σ∗ as being the highest priority occurring in x (by convention, we let d h(ε) d=ef −1). Thus, x ∈ Σ∗ iff h ≥ h(x). (We further let Σ d=ef ∅.) Any h −1 x∈Σ∗ has a unique canonical factorization x=x hx h···x hx where k is d 0 1 k−1 k the number of occurrences of h = h(x) in x and where the k+1 residuals x , 0 x ,...,x are in Σ∗ . 1 k h−1 Thepointofthisdecompositionisthefollowingsufficientconditionforx(cid:118) p y. Lemma 2. Let x=x h···hx and y =y h···hy be canonical factorizations 0 k 0 m with h = h(x) = h(y). If there is a sequence 0 = j < j < j < ··· < j < 0 1 2 k−1 j =m of indexes s.t. x (cid:118) y for all i=0,...,k then x(cid:118) y. k i p ji p ∗ ∗ Proof. We show x≤ y. Note that hy h →− h for all i = 1,...,m, so y →− # i # # y(cid:48) d=ef y hy hy ···hy (recall that 0 = j and m = j ). From x (cid:118) y we j0 j1 j2 jk 0 k i p ji deduce y →−∗ x for all i=0,...,k, hence y(cid:48) →−∗ x h···hx =x. ji # i # 0 k TheconditioninthestatementofLemma2isusuallywritten(cid:104)x ,...,x (cid:105)(cid:22) 0 k ∗ (cid:104)y ,...,y (cid:105), using the sequence extension of (cid:118) on sequences of residuals. 0 m p Theorem 3. (Σ∗,(cid:118) ) is a well-quasi-ordering (a wqo). d p Proof. Byinductionond. Thebasecased=−1istrivialsinceΣ∗ is∅∗ ={ε}, −1 a singleton. For the induction step, consider an infinite sequence x ,x ,... 0 1 over Σ∗. We can extract an infinite subsequence, where all x ’s have the same d i height h (since h(x ) is in a finite set) and, since the residuals are in Σ∗ , i d−1 a wqo by ind. hyp., further extract an infinite subsequence where the first and the last residuals are increasing, i.e., x (cid:118) x (cid:118) x (cid:118) ··· and i0,0 p i1,0 p i2,0 p x (cid:118) x (cid:118) x (cid:118) ···. Now recall that, by Higman’s Lemma, the se- i0,k0 p i1,k1 p i2,k2 p quenceextension((Σ∗ )∗,(cid:22) )isawqosince,byind.hyp.,(Σ∗ ,(cid:118) )isawqo. d−1 ∗ d−1 p We may thus further extract an infinite subsequence that is increasing for (cid:22) ∗ on the residuals, i.e., with (cid:104)x ,x ,...,x (cid:105) (cid:22) (cid:104)x ,x ,...,x (cid:105) (cid:22) i0,0 i0,1 i0,k0 ∗ i1,0 i1,1 i1,k1 ∗ (cid:104)x ,x ,...,x (cid:105) (cid:22) ··· With Lemma 2 we deduce x (cid:118) x (cid:118) x (cid:118) i2,0 i2,1 i2,k2 ∗ i0 p i1 p i2 p ···. Hence (Σ∗,(cid:118) ) is a wqo. d p Remark 3. Thm. 3 and Prop. 2 prove that ≤ is a wqo on configurations # of PCSs, as we assumed in Section 2.3. There we also assumed that ≤ is # decidable. We can now see that it is in NLogSpace, since, in view of Prop. 2, onecancheckwhetherx≤ y byreadingxandy simultaneouslywhileguessing # nondeterministically a factorization z a ···z a of y, and checking that z ∈ 1 1 (cid:96) (cid:96) i Σ∗ . ai 4 Applications of Priority Embedding to Trees In this section we show how tree orderings can be reflected into sequences over a priority alphabet. This serves two purposes. First, it illustrates the “power” of priority embeddings, reproving that strong tree embeddings form a wqo as a byproduct. Second,thereflectiondefinedwillsubsequentlybeusedinSection6 to provide an encoding of ordinals that PCSs can manipulate “robustly.” 7 4.1 Encoding Bounded Depth Trees Given an alphabet Γ, the set of finite, ordered, unranked labeled trees (aka variadic terms) over Γ, noted T(Γ), is the smallest set such that, if f is in Γ and t ,...,t are n ≥ 0 trees in T(Γ), then the tree f(t ···t ) is in T(Γ). A 1 n 1 n context C is defined as usual as a tree with a single occurrence of a leaf labeled by a distinguished variable x. Given a context C and a tree t, we can form a tree C[t] by plugging t instead of that x-labeled leaf. LetdbeadepthinNand•beanodelabel. WeconsiderthesetT =T ({•}) d d oftreesofdepthatmostdwith•assinglepossiblelabel;forinstance,T ={•()} 0 contains a single tree, and the two trees shown in Figure 2 are in T : 2 Figure 2: Two trees in T . 2 It is a folklore result that one can encode bounded depth trees into finite sequencesusingcanonicalfactorizations. Herewepresentanaturalvariantthat is rather well-suited for our constructions in Section 6. We encode trees of bounded depth using the function s :T →Σ∗ defined by induction on d as d d+1 d (cid:40) ε if n=0, s (•(t ···t ))d=ef (4) d 1 n s (t )d···s (t )d otherwise. d−1 1 d−1 n For instance, if we fix d = 1, the left tree in Figure 2 is encoded as “111” and the right one as “0011”. Note that the encoding depends on the choice of d: for d = 2 we would have encoded the trees in Figure 2 as “222” and “1122”, respectively. Not every string in Σ∗ is the encoding of a tree according to s : for −1 ≤ d d a≤d, we let P d=ef(P {a})∗ be the set of proper encodings of height a, with a a−1 further P d=ef {ε}. Then P d=ef (cid:83) P is the set of proper words in Σ∗. A −1 a≤d a d proper word x is either empty or belongs to a unique P with a = h(x), and a has then a canonical factorization of the form x=x a···x a with every x in 1 m j P . Putdifferently,anon-emptyx=a ···a isinP ifandonlyifa =h(x) a−1 1 (cid:96) a (cid:96) anda −a ≤1foralli<(cid:96)(wesaythatxhas no jumps: alongproperwords, i+1 i priorities only increase smoothly, but can decrease sharply). For example, 02 is not proper (it has a jump) while 012 is proper; 233123401234 is proper too. Given a depth a, we see that s is a bijection between T and P , with a a+1 a the inverse defined by τ(ε)d=ef•(), (5) τ(x=x h(x)···x h(x))d=ef•(τ(x )···τ(x )). (6) 1 m 1 m 4.2 Strong Tree Embeddings One can provide a formal meaning to the notion of a wqo (B,(cid:52) ) being more B powerful than another one (A,(cid:52) ) through order reflections, i.e. through the A existence of a mapping r:A→B such that r(x)(cid:52) r(y) implies x(cid:52) y for all B A 8 x,y inA. ObservethatifB reflectsA,i.e.,thereisanorderreflectionfromAto B, and (B,(cid:52) ) is a wqo, then (A,(cid:52) ) is necessarily a wqo. We show here that B A (Σ∗,(cid:118) ) reflects bounded-depth trees endowed with the strong tree-embedding d p relation. Lettandt(cid:48) betwotreesinT . Wesaythattstrongly embeds intot(cid:48),written d t(cid:118) t(cid:48),ifitcanbeobtainedfromt(cid:48) bydeletingwholesubtrees,i.e.(cid:118) isthere- T T flexive transitive closure of the relation t(cid:64)1 t(cid:48) ⇔def t=C[•(t ···t t ···t )] T 1 i−1 i+1 n and t(cid:48) =C[•(t ···t t t ···t )] for some context C and subtrees t ,...,t . 1 i−1 i i+1 n 1 n Strongtreeembeddingsrefinethehomeomorphictreeembeddings usedinKruskal’s Tree Theorem; in general they do not give rise to a wqo, but in the case of bounded depth trees they do. The two trees in Figure 2 are not related by any homeomorphic tree embedding, and thus neither by strong tree embedding. Observe that the leaf •() strongly embeds into any other tree: •() (cid:118) t for T all t. Let us consider the extension operation “@” on trees, which is defined for n≥0 by •(t ···t )@td=ef•(t ···t t); (7) 1 n 1 n in particular, •()@t=•(t). Also observe that, if y is in P and z in P , then a a−1 τ(yza)=τ(y)@τ(z). (8) Finally observe that (cid:118) is a precongruence for @: T t (cid:118) t(cid:48) and t (cid:118) t(cid:48) imply t @t (cid:118) t(cid:48) @t(cid:48) , (9) 1 T 1 2 T 2 1 2 T 1 2 t(cid:118) t@t(cid:48). (10) T Proposition 3. The function s is an order reflection from (T ,(cid:118) ) to d d+1 T (Σ∗,(cid:118) ). d p Proof. Let x and x(cid:48) be two proper words in P with x (cid:118) x(cid:48); we show by d p induction on x that τ(x)(cid:118) τ(x(cid:48)). If x is empty, then x(cid:118) x(cid:48) requires x(cid:48) =x T p Otherwise, we consider the canonical factorization x=x d···x dzd for k ≥0. 1 k Writing y = x d···x d, by (3), x(cid:48) = y(cid:48)z(cid:48) with y (cid:118) y(cid:48) and zd (cid:118) z(cid:48) where y(cid:48) 1 k p p and z(cid:48) are both in P . The canonical factorization of z(cid:48) as z(cid:48)d···z(cid:48) d yields d 1 m z (cid:118) z(cid:48) with z(cid:48) in P , as there is no other way of disposing of the other p 1 1 d−1 occurrences of d in z(cid:48). Then τ(x)=τ(y)@τ(z) (by (8)) (cid:118) τ(y(cid:48))@τ(z(cid:48)) (by ind. hyp. and (9)) T 1 (cid:118) τ(y(cid:48))@τ(z(cid:48))@···@τ(z(cid:48) ) (by (10)) T 1 m =τ(x(cid:48)). Corollary 1. For each d, (T ,(cid:118) ) is a wqo. d T 4.3 Further Applications As stated in the introduction to this section, our main interest in strong tree embeddingsisinconnectionwithstructuralorderingsofordinals; seeSection6. Bounded depth trees are also used in the verification of infinite-state systems as a means to obtain decidability results, in particular for tree pattern rewrit- ing systems (Genest et al., 2008) in XML processing, and, using elimination trees (see Ossona de Mendez and Neˇsetˇril, 2012), for bounded-depth graphs 9 used e.g. in the verification of ad-hoc networks (Delzanno et al., 2010), the π- calculus (Meyer, 2008), and programs (Bansal et al., 2013). These applications consider labeled trees, which are dealt with thanks to a generalization of (cid:118) to p pairs (a,w) where a is a priority and w a symbol from some wqo (Γ,≤); see App. D. This generalization of (cid:118) also allows to treat another wqo on trees, the p tree minor ordering, using the techniques of Gupta (1992) to encode them in prioritizedalphabets. Thetreeminororderingiscoarserthanthehomeomorphic embedding (e.g. in Figure 2, the left tree is a minor of the right tree), but the upside is that trees of unbounded depth can be encoded into strings. Theexactcomplexityofverificationproblemsintheaforementionedmodels is currently unknown (Genest et al., 2008; Delzanno et al., 2010; Meyer, 2008; Bansal et al., 2013). Our encoding suggests them to be F -complete. We ε0 hope to see PCS Reachability employed as a “master” problem for F for such ε0 results, like LCS Reachability for F , which is used in reductions instead of ωω more difficult proofs based on Turing machines and Hardy computations. 5 Fast-Growing Upper Bounds The verification of infinite-state systems and WSTSs in particular turns out to require astronomic computational resources expressed as subrecursive func- tions (L¨ob and Wainer, 1970; Fairtlough and Wainer, 1998) of the input size. We show in this section how to bound the complexity of the algorithms pre- sented in Section 2.3 and classify the Reachability and Inevitability problems using fast-growing complexity classes (Schmitz and Schnoebelen, 2012). 5.1 Subrecursive Hierarchies Throughoutthispaper,weuseordinalterms inductivelydefinedbythefollowing grammar (Ω(cid:51)) α,β,γ ::= 0|ωα |α+β where addition is associative, with 0 as the neutral element (the empty sum). Equivalently, we can then see a term other than 0 as a tree over the alphabet {+}; for instance the two trees in Figure 2 represent 3 and ω2+1 respectively, whenputtingtheordinaltermsundertheformα=(cid:80)k ωαi. Suchatermis0 i=1 if k =0, otherwise a successor if α =0 and a limit otherwise. We often write k 1 as short-hand for ω0, and ω for ω1. The symbol λ is reserved for limit ordinal terms. We can associate a set-theoretic ordinal o(α) to each term α by interpreting +asthedirectsumoperatorandω asN;thisgivesrisetoawell-foundedquasi- orderingα<β ⇔def o(α)<o(β). Atermα=(cid:80)k ωαi isinCantor normal form i=1 (CNF)ifα ≥α ≥···≥α andeachα isitselfinCNFfori=1,...,k. Terms 1 2 k i in CNF and set-theoretic ordinals below ε are in bijection; it will however be 0 convenient later in Section 6 to manipulate terms that are not in CNF. Withanylimittermλ,weassociateafundamentalsequenceofterms(λn)n∈N, given by n (cid:122) (cid:125)(cid:124) (cid:123) (γ+ωβ+1)n d=efγ+ωβ ·n=γ+ωβ +···+ωβ , (11) (γ+ωλ(cid:48))n d=efγ+ωλ(cid:48)n . 10

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.