Presentation is loading. Please wait.

Presentation is loading. Please wait.

Second case study: Guarded Fragment

Published byNeal Norris Modified over 7 years ago

Similar presentations

Presentation on theme: "Second case study: Guarded Fragment"— Presentation transcript:

1 Second case study: Guarded Fragment
Decidability via the tree model property and Rabin’s theorem More efficient decidability via translation to automata

2 The Guarded Fragment GF formulas are built up from atomic formulas Ai(x1...xn) using the boolean connectives: If ½1, ½22 GF, then so is ½1 Æ ½2 , ½1 Ç ½2 , : ½1 In addition, if ½ 2 GF then 8 y1…yn [R(x1…xm y1…yn)!½(…)]2GF 9 y1…yn [R(x1…xm y1…yn)Æ ½(…)]2GF provided that the free variables of ½ are all contained in the free variables of R(x1…xm y1…yn)

3 New issues with GF GF is like ML but: arbitrary arity
formulas no longer need to “look forward”

4 Examples of GF formulas
Any ML formula is in GF: 8 y [R(x,y) ! U(y)] But we can do more in GF: 8 xyz [T(x,y,z)! 9uv T(z,u,v)] 8 xy [R(x,y) ! S(x,y)] 8 x [U(x)! 9y R(x,y)Æ V(y)] 9 xy R(x,y)Æ R(y,x) However, the following sentences are not in GF: 9 xyz R(x,y) Æ R(y,z) Æ R(z,x) 8 xyz [R(x,y) Æ R(y,z) Æ R(z,x) ! S(x,z)] 9 xy R(x,y)Æ 8 y’ [R(x,y’)! T(y,y’)] 8 xyz [R(x,y) Æ R(y,z) ! R(x,z)]

5 What do we mean by a tree model for GF?
There are GF sentences that are satisfiable, but not satisfiable over any tree. 9 x y z [ T(x,y,z) Æ R(x, y) Æ R(y,z) Æ R(z,x) Æ U(x)Æ U(y) Æ U(z) ] 8 x U(x) ! [ 9 y z U(y) Æ U(z) Æ T(x,y,z) Æ R(x,y) Æ R(y,z) Æ R(z,x) ] .... ....

6 What do we mean by a tree model for GF?
.... .... ... ...

7 What do we mean by a tree model for GF?
Fix a number k. Consider a tree over a signature with the following unary relations: one unary relation F for each fact over elements {1…k} for each i, j · k, a unary relation Eqi,j A node labelled with a bunch of these unary relations describes a small piece of the structure, of size at most k. Eqi,j asserts that the element i in a child is equal to element j in the parent (in the slides we sometimes write this as #i=#j). We call trees over this signature k tree codes.

8 What do we mean by a tree model for GF?
3 2 2 1 1 L3 L2 L1 2 1 3 L1 3 1 L3, #2=#3 L2, #2=#3 2 1 3 1

9 Tree model property: statement
The width of a formula is the maximum number of free variables in any subformula. For GF, the width is equal to the maximal arity of any relation in the formula. Proposition: for every GF formula ½ of width k, if ½ is satisfiable, then there is a model that has a k tree code Recall plan for Modal Logic: define a notion of bisimulation, show that bisimulations preserve ML formulas define a notion of unravelling of a structure show that the unravelling of M is a tree-like structure bisimilar to M thus if Á satisfied by some M, it is satisfied by the unravelling of M

10 Tree model property: statement
The width of a formula is the maximum number of free variables in any subformula. For GF, the width is equal to the maximal arity of any relation in the formula. Proposition: for every GF formula ½ of width k, if ½ is satisfiable, then there is a model that has a k tree code Modification for GF: define a notion of guarded bisimulation, show that guarded bisimulations preserve ML formulas GF sentences define a notion of guarded unravelling of a structure show that the guarded unravelling of M is a tree-like structure guarded bisimilar to M thus if Á satisfied by some M, it’s satisfied by guarded unravelling of M

11 Recall: Bisimulation Given two Kripke Structures M and M’ a bisimulation between M and M’ is a mapping B relating elements of M with elements of M’ such that whenever B(x,x’) holds: (Partial Isomorphism) x satisfies the same unary predicates in M as x’ does in M’ (Back) For every y with R(x,y) in M, there is y’with R(x’,y’) in M’ with B(y,y’) (Forth) For every y’ with R(x’,y’) in M’, there is y with R(x,y) in M with B(y,y’) We say (M,x) and (M’,x’) are bisimilar if there is a bisimulation relating x and x’.

12 Guarded bisimulation Given two structure M and M’ a guarded bisimulation between M and M’ is a mapping B relating guarded tuples of M with guarded tuples of M’ such that whenever B(x1...xn,x’1...x’n) holds: (Partial Iso.) x1...xn satisfies the same predicates in M as x’1...x’n does in M’ (Back) For every guarded y1...ym in M, there is guarded y’1... y’m in M’ with B(y1...ym,y’1...y’m) and yi=xj implies y’i=x’j (Forth) For every guarded y’1...y’m in M’, there is guarded y1...ym in M with B(y1...ym,y’1...y’m) and yi=xj implies y’i=x’j We say (M,x1...xn) and (M’,x’1...x’n) are guarded bisimilar if there is a guarded bisimulation relating x1...xn and x’1...x’n.

13 Recall: Bisimulation as a game
Bisimulation game between players Spoiler and Duplicator: Positions of the game are pairs (x,x’) with x2M x’2M’. (Partial Iso.) If x and x’ disagree on a unary predicate Spoiler wins. (Back) Spoiler can play y2 M with R(x,y), and Duplicator must respond with y’2M’ s.t. R(x’,y’). If Duplicator cannot respond, she loses; if she responds with y, play continues from (y, y’). (Forth) Spoiler can play y’2 M with R(x’,y’) in M’, and Duplicator must respond with y2 M s.t. R(x’,y’). If Duplicator cannot respond, she loses; if she responds with y’, then play continues from (y, y’). Duplicator wins if she can play forever or Spoiler cannot play. (M,x) and (M’,x’) are bisimilar if and only if there is a winning strategy for Duplicator starting from (x, x’).

14 Guarded bisimulation as a game
Guarded bisimulation game between Spoiler and Duplicator. Positions of the game are pairs of guarded tuples x1...xn2M , x’1...x’n2 M’ If x1...xn and x’1...x’n disagree on a predicate then Spoiler wins. Spoiler can play guarded y1...ym2 M, and Duplicator must respond with guarded y’1...y’m 2 M’ such that the overlap of yj with xk is the same as y’j with x’k. If Duplicator can not respond, she loses; if she responds play continues from (y1...ym, y’1...y’m). Spoiler can play y’1...y’m2 M’, and Duplicator must respond with guarded y1...ym 2 M’ ... (M,x1...xn) and (M’,x’1...x’n) are guarded bisimilar if and only if there is a winning strategy for Duplicator starting at (x1...xn,x’1...x’n )

15 Guarded Bisimulation

16 Guarded Bisimulation

17 Guarded Bisimulation

18 Guarded Bisimulation

19 Guarded Bisimulation

20 Guarded Bisimulation

21 Guarded Bisimulation (Not!)

22 Guarded bisimulation and GF
Proposition: If (M,c1...cn) and (M’,c’1...c’n) are guarded bisimilar then for any GF formula ½(x1...xn), (M, c1...cn) ² ½ if and only if (M’, c’1...c’n) ² ½

23 Guarded bisimulation and GF
Proposition: If (M,c1...cn) and (M’,c’1...c’n) are guarded bisimilar then for any GF formula ½(x1...xn), (M, c1...cn) ² ½ if and only if (M’, c’1...c’n) ² ½ Induction on formula construction. Base case of A(x1...xn) holds since guarded bisimulation preserves atomic formulas. Æ, Ç, : induction steps are obvious

24 Guarded bisimulation and GF
If (M,c1...cn) and (M’,c’1...c’n) are guarded bisimilar Then for any GF formula ½(x1...xn), (M, c1... cn) ² ½ if and only if (M’, c’1...c’n) ² ½ Suppose (M,c1...cn)² 9 y1...yk R(x1...xj,y1...yk)Æ Á’ and there is a guarded bisimulation B from (M,c1...cn) to (M’,c’1...c’n). There is e1...ek such that R(c1...cj,e1...ek) and (M, c1...cj,e1...ek)² Á’ Now by (Back) there is e’1...e’k such that R(c’1...c’j,e’1...e’k) and B(c1...cj e1...em, c’1...c’j e’1...e’k) Now by induction (M’, c’1..c’j e’1...e’k)² Á’ so e’1...e’k witnesses (M’,c’1...c’j)² 9 y1...yk R(x1...xj,y1...yk)Æ Á’ Similarly argument starting with (M’,c’1...c’n) ² 9 y1...yk R(x1...xn,y1...yk)Æ Á’

25 Tree model property: statement
Proposition: for every GF formula ½ of width k, if ½ is satisfiable in some model M, then there is a model that has a k tree code Approach: Define an unravelling of M at guarded tuple x1... xn. This will be a model U that is tree like and has a copy x’1...x’n of x1... xn. Show that (M, x1...xn) and (U, x’1...x’n) are guarded bisimilar.

26 Guarded Unravelling

27 Guarded Unravelling

28 Guarded Unravelling

29 Guarded Unravelling

30 Guarded Unravelling

31 Guarded Unravelling ...

32 Guarded unravellings We define the code of the unravelling via the guarded bisimulation game. The sequence of possible plays by Spoiler forms a tree. Each node is associated with a guarded set S, and we associate it with all the structure that is on S in M.

33 Where we are Proposition: for every GF formula ½ of width k, if ½ is satisfiable, then there is a model that has a k tree code So it suffices to check ½ on a structure that is tree-like (has a tree code). But we want to check something on a tree, not a tree-like structure.

34 Translating from structures to trees
ML Theorem: For any ML formula Á(x), if it is satisfied in some model then there is a tree model T such that T, root(T) ² Á We can show: Theorem: For any GF sentence Á and any number k we can construct another sentence Á’ such that: if M has k code TM, then M ² Á if and only if TM ² Á’ We will not be able to get Á’in FO

35 Tree codes ... 9 x y z A(x,y)Æ B(y,z) L3 contains A(1,3)
#2=#2 9 x y z A(x,y)Æ B(y,z) #2=#2 #2=#2 L3 contains A(1,3) #2=#2 L5 #2=#2 L3 #3=#2 L5 contains B(2,3) ...

36 Monadic Second Order Logic (MSO)
MSO extends first-order logic by adding monadic (unary) relation variables X1…Xj Atomic formulas are R(x1…xn) and Xi(x) If ½1, ½22 MSO, then so is ½1 Æ ½2 , ½1 Ç ½2 , : ½1 9 x ½1 , 9 X ½1 Theorem (Rabin): The tree satisfiability problem for MSO is decidable.

37 Mapping from relations to tree codes
Theorem: For any GF sentence Á and any number k we can construct Á’ in MSO such that: if M has k code TM, then M ² Á if and only if TM ² Á’

38 Putting it all together
We have shown: For any GF sentence Á, if it is satisfied in some model then there is a model M with a k tree-like code such that M ² Á where k is the width of Á We have also shown: For any GF sentence Á and any k we can construct MSO Á’ such that: if M has k code TM, then M ² Á if and only if TM ² Á’ Thus: For any GF sentence Á and any k we can construct Á’ in MSO such that: Á is satisfiable iff Á’is satisfiable in a k tree code.

39 Recall Decidability via the tree model property and Rabin’s theorem
More efficient decidability via translation to automata

40 Automata for GF We consider infinite labelled ranked ordered trees:
labelled: we have a set A1....An of node predicates, and each node is labelled with a subset of the A1.... An ranked: every node has r children ordered: the children are numbered first child, second child, etc.

41 Automata on r-ranked ordered trees
An alternating Büchi tree automaton (ABT) is given by (Q,S,q0,d,) where: Q is a finite set of states S is the set of label predicates q0 2 Q is the initial state d : Q £ P(S) → BC+(Dir£Q) is the transition function  is the acceptance condition, which in this case is a subset of Q For now, let Dir = {Down1,…,Downr}, the possible directions the automaton is allowed to move in. BC+(Dir£Q) consists of formulas that are positive boolean combinations of atoms from Dir£Q.

42 Acceptance game for automaton
We can think of a run of an ABT A on a tree t as an acceptance game between two players: Eve: the "existential" player trying to show t is in the language Adam: the opponent trying to show t is not in the language The positions are of the form (q,v) for q a state and v a node in t, or (𝜓,v) for 𝜓 in BC+(Dir£Q) and v a node. The possible moves are: q , v d(q,v) , v 𝜓1 ∨ 𝜓2 , v 𝜓1 , v 𝜓2 , v 𝜓1 ∧ 𝜓2 , v 𝜓1 , v 𝜓2 , v (d,r) , v r , v' controlled by Eve controlled by Adam where v' is the node in direction d of v

43 Acceptance game for automaton
We can think of a run of an ABT A on a tree t as an acceptance game. A play in the game is a series of positions in the game, starting in position (q0,r) for r the root of t. A strategy for Eve is a choice of her next move, given any partial play ending in a position controlled by Eve. A winning strategy for Eve (for the Büchi condition ), is a strategy such that for any play consistent with the strategy, there is some q in  that appears infinitely often in positions of the form (q,v). We say t is accepted by A if there is a winning strategy for Eve in the acceptance game of A on t.

44 Examples Let S = { P1, P2 } and consider languages of binary trees over S. We can construct ABT for the following languages. L1 = { t : there is exactly one P1 node in t } L2 = { t : below every P1 node in t there is a P2 node } L3 = { t : every branch in t has infinitely many P2 } L4 = { t : there is some branch in t with finitely many P2 } L5 = { t : there are finitely many nodes with P1 in t }

45 Special types of automata
2-way alternating Büchi automata (2ABT): the set of directions includes Up and Stay, in addition to Downi 1-way nondeterministic Büchi automaton (1NBT): each transition function formula is a disjunction of formulas of the form (Down1,q1)∧ … ∧(Downr,qr)

46 Decidable emptiness Theorem (Vardi 1998): Language emptiness is decidable in EXPTIME for 2ABT automata. Specifically, it is decidable in time polynomial in the size of the automaton and exponential in the number of states.

47 Alternating automata for ML
Let 𝜙 be a formula in modal logic in NNF. Then define A𝜙 as follows. Q = cl(𝜙), together with True and False q0 = 𝜙(c) and Ω = { True } Transition function 𝛿(P(c),𝜏) := (Stay,True) if P(c) ∈ 𝜏 (Stay,False) otherwise 𝛿(¬P(c),𝜏) := (Stay,False) if P(c) ∈ 𝜏 (Stay,True) otherwise 𝛿(𝜓1 ∨ 𝜓2,𝜏) := (Stay,𝜓1)∨(Stay,𝜓2) 𝛿(𝜓1 ∧ 𝜓2,𝜏) := (Stay,𝜓1)∧(Stay,𝜓2) 𝛿(∃y R(c,y) ∧ 𝜓(y),𝜏) := ⋁1≤i≤r(Downi,𝜓(c)) 𝛿(∀y R(c,y) → 𝜓(y),𝜏) := ⋀1≤i≤r(Downi,𝜓(c))

48 New goal Given a GF sentence Á, we want to construct a 2ABT AÁ such that AÁ accepts exactly the labelled r-ranked trees t such that t ² Á We will use 2ABT on binary trees. In order to do this we need to show that we can use binary trees for our tree codes.

49 Alternative encodings in trees
Our first encoding used equality predicates to explain how neighboring nodes overlap: 3 2 2 1 1 L3 L2 L1 2 1 3 L1 3 1 L3, #2=#3 L2, #2=#3 2 1 1 3

50 Alternative encodings in trees
An alternative is to use a set Uk of 2k names, and indicate overlap in adjacent nodes by using the same names. 3 3 3 1 5 L3 L2 L1 2 4 4 L1 3 1 L3 L2 2 5 4 4 We call this “implicit coding”.

51 Tree codes using binary trees
By rearranging and duplicating nodes, we can ensure the tree codes are binary trees. L0 L0 L1 L0 L1 L2 Ln L2 L0 L0 Ln L0

52 Alternating automata for GF
Theorem (essentially Grädel 1999): Let 𝜙 be a sentence in GF in NNF. We can construct in 2EXPTIME a 2ABT A𝜙 such that A𝜙 accepts t iff the decoding of t satisfies 𝜙 and the number of states of A𝜙 is singly exponential in the size of 𝜙. 𝜙 is satisfiable iff L(A𝜙) is non-empty. Corollary: GF satisfiability is decidable in 2EXPTIME.

53 Alternating automata for GF
Let 𝜙 be a sentence in GF in NNF. Then define A𝜙 as follows. Q = cl(𝜙,Uk) (the subformula closure of 𝜙, with names from Uk for free variables) q0 = 𝜙

54 Alternating automata for GF
Let 𝜙 be a sentence in GF in NNF. Then define A𝜙 as follows. 𝛿(R(c1,…,cm),𝜏) is (Stay,False) if c1,…,cm not represented in 𝜏 (Stay,True) if R(c1,…,cm) is in 𝜏 (Up,R(c1,…,cm))∨(Down1,R(c1,…,cm)) ∨(Down2,R(c1,…,cm)) otherwise 𝛿(¬R(c1,…,cm),𝜏) is (Stay,True) if c1,…,cm not represented in 𝜏 (Stay,False) if R(c1,…,cm) is in 𝜏 and (Up,¬R(c1,…,cm))∧(Down1,¬R(c1,…,cm)) ∧(Down2,¬R(c1,…,cm)) otherwise

55 Alternating automata for GF
Let 𝜙 be a sentence in GF in NNF. Then define A𝜙 as follows. 𝛿(𝜓1∨𝜓2,𝜏) := (Stay,𝜓1)∨(Stay,𝜓2) 𝛿(𝜓1∧𝜓2,𝜏) := (Stay,𝜓1)∧(Stay,𝜓2)

56 Alternating automata for GF
Let 𝜙 be a sentence in GF in NNF. Then define A𝜙 as follows. 𝛿(∃y1…yn 𝛼(c1,…,cm,y1,…yn)∧𝜓’(c1,…,cm,y1,…,yn),𝜏) is (Stay,False) if c1,…,cm not represented in 𝜏; otherwise it is a disjunction of 𝜓’(c1,…,cm,d1,…,dn) for all 𝛼(c1,…,cm,d1,…dn) in 𝜏 (Up,∃y1…yn 𝛼(c1,…,cm,y1,…yn)∧𝜓’(c1,…,cm,y1,…,yn)) (Downi,∃y1…yn 𝛼(c1,…,cm,y1,…yn)∧𝜓’(c1,…,cm,y1,…,yn)) 𝛿(∀y1…yn 𝛼(c1,…,cm,y1,…yn)→𝜓’(c1,…,cm,y1,…,yn),𝜏) is (Stay,True) if c1,…,cm not represented in 𝜏; otherwise it is a conjunction of (Up,∀y1…yn 𝛼(c1,…,cm,y1,…yn)→𝜓’(c1,…,cm,y1,…,yn)) (Downi,∀y1…yn 𝛼(c1,…,cm,y1,…yn)→𝜓’(c1,…,cm,y1,…,yn))

57 Alternating automata for GF
Let 𝜙 be a sentence in GF in NNF. Then define A𝜙 as follows. The set F of accepting states are of the form True ¬R(c1,…,cn) ∀y1…yn 𝛼(c1,…,cm,y1,…yn)→𝜓’(c1,…,cm,y1,…,yn)

58 Alternating automata for GF
Since the number of states of this ABT is exponential in the size of the formula (in fact polynomial in the size of the formula and exponential in the width), we get: Theorem: GF satisfiability is decidable in 2EXPTIME. When the maximum arity of relations is fixed, it is decidable in EXPTIME.

59 Summary Decidability via the tree model property and Rabin’s theorem
More efficient decidability via translation to ABT over infinite trees

Download ppt "Second case study: Guarded Fragment"

Similar presentations

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
CPSC 121: Models of Computation Unit 6 Rewriting Predicate Logic Statements Based on slides by Patrice Belleville and Steve Wolfman.

CPSC 121: Models of Computation Unit 6 Rewriting Predicate Logic Statements Based on slides by Patrice Belleville and Steve Wolfman.
1 Partial Order Reduction. 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes.

1 Partial Order Reduction. 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes.
Determinization of Büchi Automata

Determinization of Büchi Automata
A Semantic Characterization of Unbounded-Nondeterministic Abstract State Machines Andreas Glausch and Wolfgang Reisig 1.

A Semantic Characterization of Unbounded-Nondeterministic Abstract State Machines Andreas Glausch and Wolfgang Reisig 1.
1 Finite Model Theory Lecture 10 Second Order Logic.

1 Finite Model Theory Lecture 10 Second Order Logic.
1 Finite Model Theory Lecture 13 FO k, L k 1, ,L  1, , and Pebble Games.

1 Finite Model Theory Lecture 13 FO k, L k 1, ,L  1, , and Pebble Games.
1 Theorem proving Alexander Serebrenik. 2 TP for FM FM: proving properties of programs. Theorem proving: proving statements in first-order logics (FOL).

1 Theorem proving Alexander Serebrenik. 2 TP for FM FM: proving properties of programs. Theorem proving: proving statements in first-order logics (FOL).
Witness and Counterexample Li Tan Oct. 15, 2002.

Witness and Counterexample Li Tan Oct. 15, 2002.
Review of the automata-theoretic approach to model-checking.

Review of the automata-theoretic approach to model-checking.
Witness and Counterexample Li Tan Oct. 15, 2002.

Witness and Counterexample Li Tan Oct. 15, 2002.
Monadic Predicate Logic is Decidable Boolos et al, Computability and Logic (textbook, 4 th Ed.)

Monadic Predicate Logic is Decidable Boolos et al, Computability and Logic (textbook, 4 th Ed.)
1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)

1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)
Flavio Lerda 1 LTL Model Checking Flavio Lerda. 2 LTL Model Checking LTL –Subset of CTL* of the form: A f where f is a path formula LTL model checking.

Flavio Lerda 1 LTL Model Checking Flavio Lerda. 2 LTL Model Checking LTL –Subset of CTL* of the form: A f where f is a path formula LTL model checking.
1 First order theories. 2 Satisfiability The classic SAT problem: given a propositional formula , is  satisfiable ? Example:  Let x 1,x 2 be propositional.

1 First order theories. 2 Satisfiability The classic SAT problem: given a propositional formula , is  satisfiable ? Example:  Let x 1,x 2 be propositional.
Second Order Monadic Theory of One Successor Presented By: Tamar Aizikowitz Spring 2007 Automata Seminar.

Second Order Monadic Theory of One Successor Presented By: Tamar Aizikowitz Spring 2007 Automata Seminar.
15-820A 1 LTL to Büchi Automata Flavio Lerda. 15-820A 2 LTL to Büchi Automata LTL Formulas Subset of CTL* –Distinct from CTL AFG p  LTL  f  CTL. f.

15-820A 1 LTL to Büchi Automata Flavio Lerda A 2 LTL to Büchi Automata LTL Formulas Subset of CTL* –Distinct from CTL AFG p  LTL  f  CTL. f.
Languages of nested trees Swarat Chaudhuri University of Pennsylvania (with Rajeev Alur and P. Madhusudan)

Languages of nested trees Swarat Chaudhuri University of Pennsylvania (with Rajeev Alur and P. Madhusudan)
INTRODUCTION TO THE THEORY OF COMPUTATION INTRODUCTION MICHAEL SIPSER, SECOND EDITION 1.

INTRODUCTION TO THE THEORY OF COMPUTATION INTRODUCTION MICHAEL SIPSER, SECOND EDITION 1.

Similar presentations

Ads by Google