Event-Clock Visibly Pushdown Automata Mizuhito Ogawa (JAIST) with Nguyen Van Tang SOFSEM

Model checking as an inclusion problem Paths generated by a model M is those that allowed by a specification S –L( M ) ⊆ L( S ) ⇔ L( M ) ∩ L( S ) C = φ Possible combinations –M, S : Finite Automata –M : Pushdown Automaton, S : Finite Automaton –M, S : Pushdown Automata Possible extensions –Timed constraints ? –S : beyond finite automata ? OK

Timed automata (Alur, et.al. 94) OffOnMenu press next press x:=0 x ≧ 1? x ＜ 1? y:=0 y ≦ 5?; y:=0 y ＞ 5? y ≦ 5?; y:=0 y ≦ 5? y ＞ 5? y ≦ 5? Press quickly twice, it will enter to “menu”. –Add time constraints : e.g., quickly = “less-than 1” –It sleeps (“Off”) when left “more-than 5”. Remark: Time constraints contains integers only. Accepts: (press,2) (press, 2.5) (next,3) (next,4.4) (press,8) Dense time

Decidable properties of Timed Automata Boolean operations –Decidable: Union, intersection, emptiness –Undecidable: Complement, universality (2 clocks) Inclusion L( M ) ⊆ L( S ) –S has ≦ 1 clock : decidable (Ouaknine, et.al. 04) –S has ＞ 1 clocks : undecidable (Alur, et.al. 94)

Event-clock automata (Alur, et.al. 94) q0q0 q1q1 q2q2 a b b x a =1 L 1 = {(a,t 1 )(b,t 2 )…(b,t n )| t n –t 1 =1} q0q0 q1q1 q2q2 a a b y b <1 L 2 ={(a,t 1 )…(a,t n-1 )(b,t n ) | t n – t 1 <1} Def. The event-clock for a ∈ Σ is a pair of clocks x a, y a x a : event-recording ⇔ record time since last “a” y a : event-predicting ⇔ record time until next “a” e.g., e.g., Spec. like “ack must come in 1” can be described.

Properties of ECA Boolean operations –Decidable : all boolean operations. –Determinizable (subset construction works) Language class relation –ECA ⊂ TA (An ECA can be encoded as a TA.) –The class of ECA is incomparable to the class of deterministic TA.

Encoding ECA to TA (Alur, et.al. 94) Event-recording clocks C R = { x a | a ∈ Σ } –Reset x a ∈ C R when “a” is read. Event-predicting clocks C P = { y a | a ∈ Σ } –Let Φ P be the set of all event-predicting constraints. –The set Q of states enlarged to Q×Φ P. –Add fresh clocks z (y a ~c) for each y a ~c ∈ Φ P. yaya c “y a ~c” made“a” read z (y a ~c) 0c 0 Memorize event-predicting constraints “z (y a ~c) ~c is valid”. (i.e., next “a” has not yet read.)

Interval alphabet (D’Souza 03) Notation. Let ν(a i,t i ) be a vector of clock values at t i –uw((a 1,t 1 )…(a n,t n )) = (a 1,I 1 )…(a n,I n ) with ν(a i,t i ) ∈ I i –tw((a 1,I 1 )…(a n,I n )) = { (a 1,t 1 )…(a n,t n ) | ν(a i,t i ) ∈ I i } Lemma. If ν(t i ) depends only on an input timed word –For v ∈ Π*, tw(v) ≠φ implies uw(tw(v)) = v –For a timed word w, w ∈ tw(uw(w)) Def. Interval alphabet Π = Σ× Intv |C Σ | where C Σ = { x a, y a | a ∈ Σ} : clocks Intv ={ [r i,r i ], (r i,r i+1 ), (r n,∞) | 0 ≦ r 1 ＜ … ＜ r n } All integers appearing in event-clock constraints

Untimed Translation q0q0 q2q2 q1q1 a, x a <10 b, y a >5 q0q0 q1q1 (a,((0,5),*)) (a,([0,0],*)) (a,([5,5],*)) (a,((5,10),*)) q0q0 q2q2 (b,(*,(5,10))) (b,(*,[10,10])) (b,(*,(10,∞))) M ut(M) Translate event-clock constraints to interval alphabet e.g., Intv = {[0,0], (0,5), [5,5], (5,10), [10,10], (10,∞)} C = { x a, y a }

Timed Translations a, (5 ＜ x a ∧ x a ＜ 10)? ec(ut(M))ut(M) Translate Interval alphabet to event-clock constraints Lemma. L(ec(ut(M))) = L(M) for an ECA M. q0q0 q2q2 (a,(5,10)) q0q0 q2q2

Model checking as an inclusion problem (again) Paths generated by a model M is those that allowed by a specification S –L( M ) ⊆ L( S ) ⇔ L( M ) ∩ L( S ) C = φ Possible combinations –M, S : Finite Automata –M : Pushdown Automaton, S : Finite Automaton –M, S : Pushdown Automata Possible extensions –Timed constraints ? → Event-clock constraints –S : beyond finite automata ? OK

Visibly Pushdown Automata (Alur, et.al. 04) Visibility implies height-deterministic and synchronous. (Only an input word decides the stack height.) → Product construction (intersection) works! q Y Z q’ X Z aiai Z Y Y a c / X a r / Y Z a c ∈ Σ c (call) a i ∈ Σ i (local) a r ∈ Σ r (return) Classification is universal （ visibility ）

VPL examples –{a n b n } (with a ∈ Σ c, b ∈ Σ r ) –Dyck language (well-balanced parantheses) (with left/right parantheses as in Σ c / Σ ｒ ) e.g. (.. [.. (..).. ].. ) OK, (.. [.. {.. ].. }.. ) no. VPL is a proper subclass of DPDA –{a n b a n } is not a VPL. –words with equal number of a and b is not a VPL, e.g., abab, abba, baab, … Visibly pushdown languages (VPL)

Properties of VPA and TVPA (Timed VPA) Boolean operations (of VPA) –Decidable : all boolean operations –Determinizable Boolean operations (of TVPA) –Decidable : union, intersection, emptiness –Undecidable: Complement, universality (1 clock) Inclusion L( M ) ⊆ L( S ) –M,S : (untimed) VPA decidable –M: TVPA, S: TVPA undecidable (Emmi, et.al. 06)

Event-Clock Visibly Pushdown Automata Proof (idea): L(M) ⊆ L(S) ⇔ L(M)∩ L(ec(ut(S) c )) = φ S : ECVPA (untimed translation) → ut(S) : VPA (complement) → ut(S) c : VPA (timed translation) → ec(ut(S) c ) : ECVPA with L(S) c = L(ec(ut(S) c )) Def. ECVPA = VPA + event clock constraints Th 1. The inclusion problem for ECVPAs is decidable.

Inclusion between TVPA and ECVPA Proof (idea) : L(M) ⊆ L(S) ⇔ L(M) ∩ L(S’) = φ S : ECVPA (untimed translation) → ut(S) : VPA (complement) → ut(S) c : VPA (timed translation) → ec(ut(S) c ) : ECVPA (encoding EC-constraints) → S’ : TVPA with L(S) c = L(S’) Th 2. For a TVPA M and an ECVPA S, the inclusion problem L(M) ⊆ L(S) is decidable.

Conclusion We showed that L(M) ⊆ L(S) –M, S: ECVPA decidable –M: TVPA, S: ECVPA decidable Compare : L(M) ⊆ L(S) when S has 1 clock –M, S: TA decidable (Oukline, et.al.04) –M, S: TVPA undecidable (Emmi, et.al. 06) –M, S: Buchi TA undecidable (Abdulla, et.al. 05) Simple untimed / timed translations avoid complex subset construction argument of VPA. –Buchi extensions of ECVPA are straight forward.