Scope-Bounded Pushdown Languages Salvatore La Torre Università degli Studi di Salerno joint work with Margherita Napoli Università degli Studi di Salerno Gennaro Parlato University of Southampton
Multi-stack Pushdown Automata (MPA) n stacks sharing a finite control – states: s,,, , – transitions : push one symbol onto stack i pop one symbol from stack i internal move: stacks stay unchanged, only control location is altered input is from a one-way read-only tape model of concurrency – captures the control flow of concurrent programs with shared memory and recursive procedure calls 1 2 n
Visible alphabets Alphabet is partitioned into: – calls (cause a push operation) – returns (cause a pop operation) – internals (stacks are not used) For n > 1 stacks, alphabet is also partitioned according to stacks – the stack to operate is uniquely identified by the input symbol (it is visible in the input)
What visibility gains for MPA? Stack usage is synchronized with the input – parallel simulation of multiple runs, cross product construction, subset-like constructions 1-stack (VPL): – intersection and determinization – universality, inclusion and equality n-stacks (MVPL): – just intersection – emptiness is undecidable: the runs of MPA are visible! – checking for emptiness of MVPL equals to decide reachability for MPA
Theme of the talk The formal language theory of visibly n- stack languages of k-scoped words (S MVPL ) Visible alphabet (retns) --st1: a, a’ st2: b, b’ internal: e a e b a a’ a’ b a b’ e b’ a’ scope of matching relation over S: max number of S-contexts between matching call/retn – scope is 2 for GREEN and 3 for RED matching relation (matching call/retn) word is 3-scoped
A few observations.... Interest for restrictions of MPA mainly comes from verification – bugs of concurrent programs are likely to occur within few context-switches [Musuvathi-Qadeer, PLDI ‘07] – efficient sequentializations of multithreaded programs [Lal-Reps,CAV’08] Robust automata theories are useful tools for other domains – Automata-theoretic approach to verification (model- checking) – Pattern matching problems – … K-scoped visibly languages indeed form a robust class…
k-scoped MVPA Closure under Boolean operations Det./nondet. models are equivalent Decidable emptiness [La Torre-Napoli, CONCUR’11], inclusion, equality, and universality Logical characterization (MSO with matching relations) Parikh theorem Sequentializable: computations can be simulated with one stack (rearranging order of inputs) Decidable temporal logic model-checking [La Torre-Napoli,TCS’12] [Atig-Bouajjani-Kumar-Saivasan, ATVA’12]
More related work Visibly pushdown languages [Alur-Madhusudan J. ACM'09] [Melhorn ICALP'80] Restricted MPAs: Emptiness/reachability/closure properties [Carotenuto et al. DLT’07] [Atig et al. DLT’08] [Seth,CAV’10] [LaTorre et al. LATIN'10] [LaTorre et al. MFCS'14] Model-checking [Atig, FSTTCS’10] [Bollig et al. MFCS’11] [Bollig et al. LICS’13] [Bansal-Demri, CSR’13] MSO of multiply nested words [Madhusudan-Parlato POPL'11] [Cyriac et al. CONCUR'12]
Rest of the talk Determinization construction Brief comparison with the known MPA classes of languages Conclusions
MVPL are nondeterministic L = {(ab) i c j d i-j x j y i-j | i,j>0} is inherently nondeterministic for MPA [La Torre-Madhusudan-Parlato, LICS’07] – j is arbitrary and needs to be the same for both stacks – a guess is needed when pushing both stacks L is not S MVPL – For any j, (ab) k c j d k-j x j y k-j is (k+1)-scoped a b a b a b ……… a b c………… d x………… y
Determinization of SMPA Summaries of computations for SMPA – Linear interfaces – Switching masks PDA computing linear interfaces – linear interface automaton (LIA) Simulation of SMPA by deterministic composition of deterministic LIAs (using switching masks)
View of runs by stacks stack 1 stack 2 stack 3 g1g1 q1q1 q2q2 r1r1 q2q2 q3q3 g2g2 q3q3 q4q4 b1b1 q4q4 q5q5 r2r2 q5q5 q6q6 Input word (contexts) w = g 1 r 1 g 2 b 1 r 2 b 2 r 3 b 3 r 4 g 3 Run (without stacks) q 1 q 2 q 3 q 4 q 5 q 6 q 7 q 8 q 9 q 10 q 11 g3g3 q 10 q 11 r3r3 q7q7 q8q8 r4r4 q9q9 q 10 b2b2 q6q6 q7q7 b3b3 q8q8 q9q9 g1g1 g2g2 g3g3 r1r1 r2r2 r3r3 r4r4 b1b1 b2b2 b3b3
b1b1 b2b2 b3b3 r1r1 r2r2 r3r3 r4r4 g3g3 g2g2 g1g1 Linear Interface (LI) stack 1stack 2stack 3 q1q1 q2q2 q2q2 q3q3 q3q3 q4q4 q4q4 q5q5 q5q5 q6q6 q 10 q 11 q7q7 q8q8 q9q9 q6q6 q7q7 q8q8 q9q9 q 10 k-LI for a stack S just summarizes starting and ending control states for k consecutive contexts of S in a run (starting from stack S empty) 3-LI for stack 1 2-LI for stack 2
b1b1 b2b2 b3b3 r1r1 r2r2 r3r3 r4r4 g3g3 g2g2 g1g1 Switching Mask (SM) stack 1 stack 2stack 3 q1q1 q2q2 q2q2 q3q3 q3q3 q4q4 q4q4 q5q5 q5q5 q6q6 q 10 q 11 q7q7 q8q8 q9q9 q6q6 q7q7 q8q8 q9q9 q 10 a tuple of LI, one for each stack a function Nxt that links contexts of LI’s Switching mask Nxt function given by purple arrows
Control state (h, M) h: current stack M: switching mask Move within a context: just update LI of stack h Es: M: h=3 MPA transition from q 5 to p 5 on stack-3 symbol (h is not changed) Simulating MPA with SMs (1) b1b1 r1r1 g2g2 g1g1 q1q1 q2q2 q2q2 q3q3 q3q3 q4q4 q4q4 q5q5 q1q1 q2q2 q2q2 q3q3 q3q3 q4q4 q4q4 p5p5 q5q5
Simulating MPA with SMs (2) Context-switch 1 (accumulated stack content needed): add a new context to an existing LI Es: h=3, and MPA moves from q 5 to p 5 on a stack-2 symbol M: then h=2 and the SM is b1b1 r1r1 g2g2 g1g1 q1q1 q2q2 q2q2 q3q3 q3q3 q4q4 q4q4 q5q5 q1q1 q2q2 q2q2 q3q3 q3q3 q4q4 q4q4 q5q5 q5q5 p5p5
Simulating MPA with SMs (3) Context-switch 2 (accumulated stack content no longer needed): start a new LI Es: h=3, and MPS moves from q 5 to p 5 on a stack-2 symbol M: then h=2 and the SM is b1b1 r1r1 g2g2 g1g1 q1q1 q2q2 q2q2 q3q3 q3q3 q4q4 q4q4 q5q5 q1q1 q2q2 q3q3 q4q4 q4q4 q5q5 q5q5 p5p5
PDA accumulating LIs Given a PDA P over an alphabet , symbols , # a k linear interface automaton (k-LIA) for P is a PDA s.t. input is over { , # } w 11 # w 12 # # w 1i 1 w 21 # w 22 # # w 2i 2 .... control states are h-LIs of P for h k on , simulates P on the last state of the LI on #, a new context is appended to the current LI (provided that it is a h-LI with h k-1) on , a new LI is started and stack is reset (a bottom-of-the-stack symbol is pushed onto the stack to avoid the use of previously pushed symbols)
( k)-LIs suffice for SMPA Theorem. By restricting to k-scoped inputs, h-LIs with h k suffice to simulate the behavior of an MPA with switching masks Thus, for each stack of an SMPA, we can restrict to k-LIAs
Determinization of SMPA (1) For an SMPA A construct the LIA A h for each stack h construct D h by determinizing each A h as in [Alur-Madhusudan, STOC’04] construct the deterministic SMPA D (equiv. to A) – cross product of the D h ‘s – parallel simulation of A with all the generated SMs (subset construction)
Determinization of SMPS (2) a state of D is of the form (h, Q 1,...,Q n, ) where – h is the current stack – Q 1,...,Q n is a state of the cross product – is a set of switching masks within a context of stack h, D simulates D h (the Q h –component and all the switching masks in gets updated accordingly) on context-switching from stack h to stack i (a call/return of stack i is read), D simulates in parallel – D h on either # or – D i on the input symbol the size of D is exp in the size of A and 2exp in the number of stacks and the bound k
Comparisons CSL S MVPL R MVPL [LPM10] P MVPL [LMP07] VPL [AM04] O MVPL [BCCC96] [MCP07] [ABH08] CFL T MVPL [LNP14]
Decision Problems VPL CFL R MVPL S MVPL T MVPL P MVPL O MVPL CSL
Conclusions S MVPL form a robust theory of visibly languages (the largest among those closed under determinization) Sequentialization is nice for analysis purposes – Computations of MPA can be analyzed via computations of PDA – used in software verification Scope-bounded words meaningfully extends to – words – Describe infinite on-going interaction among different threads
Theory on infinite words? Little it is known on MPS over –words visibly pushdown Büchi automata [Alur-Madhusudan,J. ACM, 2009] - the model is not determinizable emptiness for k-scoped Büchi MPA is PSPACE- complete [La Torre-Napoli,TCS’12] closure under union and intersection are simple
1-stack Pushdown Automaton Standard pushdown automaton Acceptors of Context-free languages (CFL) Not a robust FL theory: – not determinizable DCFL CFL – not closed under complementation and intersection – universality, inclusion and equivalence are undecidable (This can be improved by making the stack operations VISIBLE in the input) T M Conf abac c
What visibility gains for MPA? For n-stacks (MVPL): – intersection holds – restrict to Context-Sensitive Languages (CSL) What about emptiness? Still undecidable – the runs of MPA are visible! – checking for emptiness of MVPL equals to decide reachability for MPA ― -moves are not allowed
Other papers on theory of MVPL theory of visibly pushdown languages (VPL) [Alur-Madhusudan, STOC’04] – as theory of nested words [Alur-Madhusudan, J. ACM, 2009] theory of bounded-phase switching (P MVPL ) [La Torre-Madhusudan-Parlato, LICS’07] theory of bounded-context switching (R MVPL ) [La Torre-Madhusudan-Parlato, LATIN’10]
Observations the size of D is – exp in the size of A and – 2exp in the number of stacks and the bound k For RMPS, the construction is simpler – total number of contexts is bounded – we do not need to reset LIs in the LIAs – switching masks are not needed if computations are arranged in round-robin schedulings [La Torre-Madhusudan-Parlato, LATIN’10]
R MVPL S MVPL P MVPL 1.R MVPL S MVPL – k-context word is also k-scoped 2.R MVPL P MVPL – k-context word is also k-phase (context phase) 3.Let L 1 = { a h b i c h d i (ab) j | h,i,j>0} (stack1: a,c - stack2: b,d) a a a b b c c c d d a b a b …… a b, 2-scoped L 1 is 2-phase h=3, i=2 requires unboundedly many contexts (2j+4 for j>0), but
O MVPL vs. P/R/S MVPL : incomparable 1.In L 1, pops are according to stack ordering a a a b b c c c d d a b a b …… a b L 1 is O MVPL (but not R MVPL ) 2.Let L 2 = { a h b i c j d i c h-j | h>j>0, i>0} (stack1: a,c - stack2: b,d) L 2 is R MVPL (thus P MVPL, S MVPL ) but not O MVPL : every word in L 2 a a a b b c c d d c (h=3,i=2,j=2) – is not ordered a a a b b c c d d c stack1 is empty! stack 1 is not empty – has 5 contexts
P MVPL,S MVPL : incomparable 1.Let L 3 = { a i b j c i d j | i,j>0}* 2.Let L 4 = { (a b) i c i d i | i>0} a b a b ………a b c … c c d … d d (i+1)-scoped, a…ab…bc…cd…d ………… 2-scoped, unboundedly many phases 2-phase
Summary of comparisons CSL S MVPL R MVPL P MVPL VPL O MVPL CFL T MVPL
Multi-stack Pushdown System (MPS) Interesting model – captures the control flow of concurrent programs with shared memory and recursive procedure calls Too expressive ( equivalent to Turing machines) finite control head ( -moves required)
Scope of matching relations Visible alphabet (retns): stack 1: a, a’ stack 2: b, b’ e – internal a e b a a’ a’ b a b’ e b’ a’ scope of matching relation over S: max number of S-contexts between matching call/retn – scope is 2 for GREEN and 3 for RED matching relation (matching call/retn)
Ingredients of MPS undecidability 1.Move arbitrarily many symbols from a stack S to another stack S’ (slinky move) 2.Repeat slinky moves unboundedly many times from S to S’ and viceversa (for at least two stacks S and S’) ― -moves are not allowed
Bounded context-switching (CMPS) Visible alphabet (retns): stack 1: a, a’ stack 2: b, b’ e – internal a e b a a’ a’ b a b’ e b’ a’ Bounded context-switching MPS / R MVPL : just inputs with bounded number of contexts (slinky moves only for a bounded portion of stacks and for a bounded number of times) round 1round 2round 3 context: only 1 stack is active
Phase-bounded MPS (PMPS) Visible alphabet (retns): stack 1: a, a’ stack 2: b, b’ e – internal a e b a a’ a’ b a b’ e b’ a’ Phase-bounded MPS / P MVPL : just inputs with bounded number of phases (only a bounded number of slinky moves) phase: only 1 stack is popped
Stack ordering Ordered MPS / O MVPL : – pop only from the non-empty least indexed stack (slinky moves are possible only from S i to S j, i<j) Visible alphabet (retns): stack 1: a, a’ stack 2: b, b’ e – internal a e b a a’ a’ b a b’ e b’ a’ a e b a a’ a’ b b’ e b’ a a’ (ordered) is ordered? NO!
A bit of history and motivation Bounded context-switching introduced in program verification [Qadeer-Rehof,TACAS’05] Reachability is NP-complete [Qadeer-Rehof, TACAS’05] [Lal-Touili-Kidd-Reps, TACAS’08] effective technique for bug detection – bugs of concurrent programs are likely to occur within few context-switches [Musuvathi-Qadeer, PLDI ‘07] implemented in verification tools directly or to sequentialize multi-threaded programs – cross product free sequentialization [Lal-Reps,CAV’08] very reach literature
A bit of history and motivation Bounded number of phases introduced as an extension of bounded context-switching to maintain decidability and robustness [La Torre- Madhusudan-Parlato, LICS’07] characterization of 2Etime via infinite automata [La Torre-Madhusudan-Parlato, CSL’08] decidability of concurrent queue systems [La Torre- Madhusudan-Parlato,TACAS’08] global reachability [Seth,CAV’10], model-checking [Bollig-Cyriac-Gastin-Zeitoun, MFCS’11], [Bollig- Kuske-Mennicke,LICS’13], [Bansal-Demri, CSR’13] parity games [Seth, LFCS’09]
A bit of history and motivation Bounded scope of matching relations natural generalization of bounded context-switching to handle unboundedly many context-switches and “non- trivial” –computations [La Torre-Napoli, CONCUR’11] fixed point algorithm and sequentialization [La Torre-Parlato, FSTTCS’12] extension to –computations and model-checking with concurrent TL [La Torre-Napoli,TCS’12] LTL model-checking [Atig-Bouajjani-Kumar-Saivasan, ATVA’12]
A bit of history and motivation Ordered stacks restriction introduced outside verification to study formal grammars and languages [Breveglieri-Cherubini-Citrini-CrespiReghizzi,J. FOCS, 1996] 2-stack visible MPS [Carotenuto-Murano-Peron, DLT’07] LTL model-checking [Atig, FSTTCS’10] concurrent TL model-checking [La Torre-Napoli,TCS’12] complexity of reachability [Atig-Bollig-Habermehl,DLT’08].....
Outline Restrictions Summary of the results Determinization Words over a visible alphabet as trees – Complementation – Emptiness Conclusions