Georgiana Caltais - Damien Pous - Alexandra Silva Three algorithms for must semantics Filippo Bonchi (ENS Lyon - CNRS) joint work with Georgiana Caltais - Damien Pous - Alexandra Silva (Un)invited speaker (Un)prepared speaker

Checking Language Equivalence of Deterministic Automata

Deterministic Automaton Coinduction Deterministic Automaton (S,i,t,o) S set of states i:1-->S initial state t:S-->SA transition function o:S-->2 final states Bisimulation RÍSxS If xRy then o(x)=o(y) for all a ÎA, t(x)(a) R t(y)(a) cc Coinduction Proof Principle: two states are language equivalent iff there exists a bisimulation relating them

Partition Refinement Algorithm (for Deterministic Automata - Hopcroft '71) Top-Down Compute the greatest bisimulation P0 = { {x | o(x)=0}, {y | o(y)=1} } Pn+1 = F(Pn) when Pn = Pn+1 return Pn

Hopcroft and Karp's Algorithm (for Deterministic Automata - '71) Bottom-Up Construct the smallest bisimulation R containing the initial states Skip the pairs that already belong to R

Partition Refinement Algorithm (for Deterministic Automata - Hopcroft '71) Top-Down Compute the greatest bisimulation P0 = { {x | o(x)=0}, {y | o(y)=1} } Pn+1 = F(Pn) when Pn = Pn+1 return Pn

Brzozowski's Algorithm (for Deterministic Automata - '62) Filippo Bonchi, Marcello M. Bonsangue, Jan J. M. M. Rutten, Alexandra Silva: Brzozowski's Algorithm (Co)Algebraically. Logic and Program Semantics 2012

Checking Bisimilarity of Labeled Transition Systems

Labeled Transition Systems Coinduction Labeled Transition Systems (S,i,t) S set of states i:1-->S initial state t:S-->P(S)A transition function Bisimulation If xRy then for all aÎA, " x' Ît(x)(a), $ y'Ît(y)(a) s.t. x' R y' " y'Ît(y)(a), $ x'Ît(x)(a) s.t. x' R y' Coinduction Proof Principle: two states are bisimilar iff there exists a bisimulation relating them

Partition Refinement Algorithm (for LTSs – Kannelakis and Smolka '83) Top-Down Compute the greatest bisimulation P0 = { {x | xÎX} } Pn+1 = F(Pn) when Pn = Pn+1 return Pn

Hopcroft and Karp's Algorithm (for LTSs – Fernandez and Mounier '92) Bottom-Up Construct the smallest bisimulation R containing the initial states a c less efficient: one needs some sort of backtracking... ...but it can be executed on the fly

Brzozowski's Algorithm It is NOT possible for Labeled Transition Systems

The Linear Time – Branching Time Spectrum The problem of checking one of these semantics is usually reduced to checking bisimilarity... ...then bisimilarity is checked via the partition refinement algorithm We propose instead of exploiting the algorithm for trace semantics!

Checking Language Equivalence of Non Deterministic Automata

Determinization Non Deterministic Automaton (S,i,t,o) S set of states i:1-->P(S) set of initial states t:S-->P(S)A transition function o:S-->2 final states Determinized Automaton (P(S),i,t#,o#) P(S) set of states i:1-->P(S) initial state t#: P(S)-->P(S)A o#: P(S)-->2 final states

Determinization + Partition Refinement The determinized automaton may be exponential

Brzozowski's Algorithm (for Non Deterministic Automata - '62) Bruce Watson: Taxonomies and Toolkits of Regular Language Algorithms - Ph.D Thesis '95 Deian Tabakov, Moshe Y. Vardi: Experimental Evaluation of Classical Automata Constructions. LPAR 2005: 396-411

Antichains Algorithms Exploit the “on the fly” nature of Hopcroft and Karp's algorithm They build just a small portion of the determinized automaton Martin De Wulf, Laurent Doyen, Thomas A. Henzinger, Jean-François Raskin: Antichains: A New Algorithm for Checking Universality of Finite Automata. CAV 2006 Parosh Aziz Abdulla, Yu-Fang Chen, Lukás Holík, Richard Mayr, Tomás Vojnar: When Simulation Meets Antichains. TACAS 2010 Filippo Bonchi, Damien Pous: Checking NFA equivalence with bisimulations up to congruence. POPL 2013

Coinduction Non Deterministic Automaton (S,i,t,o) S set of states i:1-->P(S) initial states t:S-->P(S)A transition function o:S-->2 final states Bisimulation RÍP(S)xP(S) If X R Y then o#(X)=o#(Y) for all a, t#(X)(a) R t#(Y)(a) Coinduction Proof Principle: two sets of states are language equivalent iff there exists a bisimulation relating them

Hopcroft and Karp's Algorithm (for Non Deterministic Automata) Bottom-Up Construct the smallest bisimulation R containing the initial states Skip the pairs that already belong to R

Bisimulation up to Congruence RÍP(S)xP(S) If X R Y then o#(X)=o#(Y) for all a, t#(X)(a) c(R) t#(Y)(a) The congruence closure c(R) Theorem: any bisimulation up to congruence is contained in a bisimulation

Hopcroft and Karp up to Congruence (Bonchi and Pous, 2013) Bottom-Up Construct a bisimulation up to congruence R containing the initial states Skip the pairs that already belong to c(R)

Checking Must Semantics of Labeled Transition Systems Failure c

Failure Semantics iff they have the same failures pairs Let (S,i,t) be a LTS and x,y,zÎS, ZÍA,wÎA* I(x)={aÎA | t(x)(a)¹0} Fail(x)={ZÍA | ZÇI(x)=0} (w,Z) is a failure pair of x iff x-w->z and ZÎFail(z) iff they have the same failures pairs { {c} {a} {a,c} } { {b} {a} {a,b} } { {a} }

Decoration & Determinization iff

Coinduction Proof Principle Bisimulation RÍP(S)xP(S) If X R Y then o#(X)=o#(Y) for all a, t#(X)(a) R t#(Y)(a) Coinduction Proof Principle two sets of states are failure equivalent iff there exists a bisimulation relating them

Bisimulation up to Congruence RÍP(S)xP(S) If X R Y then o#(X)=o#(Y) for all a, t#(X)(a) c(R) t#(Y)(a) Theorem: any bisimulation up to congruence is contained in a bisimulation

Hopcroft and Karp up to Congruence (for Failure Equivalence) Bottom-Up Construct a bisimulation up to congruence R containing the initial states Skip the pairs that already belong to c(R) Like for NDA: one needs to modify only the output function o#

Determinization + Partition Refinement (for Must semantics) (Cleveland and Hennessy '89) like for NDA: one needs to modify the output function o# the initial partition P0

Brzozowski's Algorithm (for Failure Semantics) one needs to change reverse and determinize

Reverse and Determinize (for Failure Semantics)

Brzozowski's Algorithm (for Failure Semantics)

Exponential speed-up of HKC After the determinization, we have exponentially many states Since all of them have different behaviour, then the minimal realization is exponentially large So both partition refinement and Brzozowski are very inefficient

Exponential speed-up of HKC The smallest bisimulation has exponential size But HKC builds a linear bisimulation up to congruence

Exponential case After the determinization, we have exponentially many states Also HKC produce a bisimulation of the same size On the opposite, Brzozowski is very efficient

Experimental Evaluation (on a multiway synchronization protocol – Parrow '96)

Conclusions Two novel algorithms to check must equivalence and preorder Algorithms adapted from language equivalence rather than bisimilarity Technology transfert by mean of coalgebras Since the problem is PSPACE, worst-case complexity is not really interesting Empirical evaluation is difficult: no randomized model, few meaningful examples An interactive applet is available at