Reachability Problems in Piecewise FIFO Systems.
ABSTRACT Systems consisting of several finite components that communicate via unbounded perfect FIFO channels (i.e., FIFO systems) arise naturally in modeling distributed systems. Despite wellknown difficulties in analyzing such systems, they are of significant interest as they can describe a wide range of communication protocols. In this article, we study the problem of computing the set of reachable states of a FIFO system composed of piecewise components. This problem is closely related to calculating the set of all possible channel contents, that is, the limit language, for each control location. We present an algorithm for calculating the limit language of a system with a single communication channel. For multichannel systems, we show that the limit language is piecewise if the initial language is piecewise. Our construction is not effective in general; however, we provide algorithms for calculating the limit language of a restricted class of multichannel systems in which messages are not passed around in cycles through different channels. We show that the worst case complexity of our algorithms for singlechannel and important subclasses of multichannel systems is exponential in the size of the initial content of the channels.

Conference Paper: Erroneous State Detection in Piecewise FIFO System
[Show abstract] [Hide abstract]
ABSTRACT: Distributed systems normally use concurrent systems which communicate via unbounded FIFO channels. Despite wellknown difficulties in analyzing such systems, they are of significant interest as they can describe a wide range of communication protocols. In this paper, we have studied the problem of computing the set of reachable states of a FIFO system composed of piecewise components. This problem is closely related to computing the set of all possible channel contents. For each control location which can be realized by the sequence diagrams produced by the SPIN. We present a model checking approach to find set of reachable states of FIFO channels via different paths in which some of the paths end in an erroneous state.2012 World Congress on Information and Communication Technology; 10/2012
Page 1
Reachability Problems in Piecewise FIFO Systems
NAGHMEH GHAFARI
Critical Systems Labs
and
ARIE GURFINKEL
Software Engineering Institute, Carnegie Mellon University
and
NILS KLARLUND
Google Inc.
and
RICHARD TREFLER
David R. Cheriton School of Computer Science, University of Waterloo
Systems consisting of several finite components that communicate via unbounded perfect FIFO
channels (i.e. FIFO systems) arise naturally in modeling distributed systems. Despite wellknown
difficulties in analyzing such systems, they are of significant interest as they can describe a wide
range of communication protocols.
In this article, we study the problem of computing the set of reachable states of a FIFO system
composed of piecewise components.This problem is closely related to calculating the set of
all possible channel contents, i.e. the limit language, for each control location. We present an
algorithm for calculating the limit language of a system with a single communication channel.
For multichannel systems, we show that the limit language is piecewise if the initial language
is piecewise. Our construction is not effective in general; however, we provide algorithms for
calculating the limit language of a restricted class of multichannel systems in which messages are
not passed around in cycles through different channels. We show that the worst case complexity of
our algorithms for singlechannel and important subclasses of multichannel systems is exponential
in the size of the initial content of the channels.
Categories and Subject Descriptors: D.2.4 [Software Engineering]: Model checking
General Terms: Verification
Additional Key Words and Phrases: FIFO systems, reachability analysis, verification, infinite
state systems
1.INTRODUCTION
Concurrent systems consisting of a set of finite state machines that communicate via un
bounded FirstIn FirstOut (FIFO) channels are a common model of computation for de
scribingdistributedprotocolssuchas IPtelecommunicationprotocols,interactingwebser
vices, and System on Chip (SoC) architectures (e.g.,[Brand and Zafiropulo1983; Boigelot
et al. 1997; Abdulla et al. 1999; Pachl 1987; Cece et al. 1996; Bond et al. 2001; Wodey
et al. 2003]). Even though all physically constructible systems have finite size channels,
their size is often an implementation parameter that is typically left unspecified. Modeling
such systems with unbounded channels often makes reasoning about them simpler. The
abstraction may of course fail to reveal certain deadlock situations that occur if the chan
ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY, Pages 1–33.
Page 2
2
·
Naghmeh Ghafari et al.
feature 1feature 2feature 3
callee
callercallee
caller
Fig. 1. BoxOS call structure.
nels fill up, but the abstract system behaves otherwise essentially as the system with finite
channels.
Unboundednessof communicationchannels providesa useful modeling abstraction, but
it does in a theoretical sense complicate analysis if compared to a system of a given fixed
size, say with queues of length 1024. In fact, Brand and Zafiropulo [Brand and Zafiropulo
1983] showed that a single unbounded channel is already sufficient to simulate the tape of
a Turing machine. Hence, verification of any nontrivial property, such as reachability, is
undecidable. Despite these results, a substantial effort has gone into identifying subclasses
of FIFO systems for which the verificationproblemis decidable (e.g.,[Abdulla et al. 1999;
Abdulla and Jonsson 1993; Boigelot 1998; Boigelot and Godefroid 1999; Boigelot et al.
1997; Bouajjani et al. 2000; Bouajjani et al. 2001; Cece et al. 1996; Pachl 1987]).
In this article, we study the class of piecewise FIFO systems. These systems can be used
for modeling distributed protocols such as IPtelecommunicationprotocols and interacting
web services. A piecewise FIFO system is composed of components whose behaviors can
be expressed by piecewise languages. Intuitively, a language is piecewise if it is accepted
by a nondeterministic finite state automaton whose only nontrivial strongly connected
components are states with selfloops. Formally, a piecewise language is a union of sets of
strings, where each set is given by a regularexpressionof the form M∗
here, each Miis a subset of the alphabet Σ and each aiis an element of Σ.
0a0M∗
1···an−1M∗
n;
1.1
Although piecewise languages may look restrictive, they can be used to express descrip
tions of IPtelephonyfeatures [Ghafari and Trefler 2006] and seem amenable to describing
composite web services specified in Business Process Execution Language (BPEL) [IBM
2007]. For example, [Ghafari and Trefler 2006] studied the behavior of the telephony fea
tures in BoxOS which is a generation of telecommunication service over IP developed at
AT&T Research [Bond et al. 2001; Jackson and Zave 1998]. As shown in Fig. 1, an active
call is represented by a graph of telephony features (referred to as boxes) while communi
cationbetweenneighboringboxesis handledvia unboundedperfectFIFO channels. Boxes
at the endpoints representtelephones,intermediateboxesrepresentcall features, forexam
ple callforwardingonbusy. At a sufficient level of abstraction, boxes may all be viewed
as finite state transducers. Communicationin these protocolsbeginswith an initiatortrying
to reacha givendestination. A call is built recursively. The current endpointbegins the call
initiation protocol with a chosen neighbor, the callee. If this initiation results in a stable
connection, the callee becomes the new endpoint and the call construction continues. Call
termination is required to proceed in a reverse order and in general required to begin at a
call endpoint.
In order to manage interfeature communication, it is desired that communication be
tween features have certain pattern [Bond et al. 2001]. Thus, all of the feature boxes
Motivating Example
ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.
Page 3
Reachability Problems in Piecewise FIFO Systems
·
3
implementa communicationtemplate that consists of three phases (cf. [Bond et al. 2001]):
setup phase, transparent phase, and teardown phase. Fig. 2 describes a transparent box
that represents such a communication template. The transparent box communicates with
two neighbors across four separate channels. Messages to/from the upstream (initiating),
caller, are sent/received via ro/ri channels. Messages to/from the downstream (receiving),
callee, are sent/received via eo/ei channels. A message is received with the ‘?’ symbol
and sent with the ‘!’ symbol. For example ri?setup indicates a call setup message re
ceived from the ri channel. Interestingly, this communication template can be expressed
by piecewise languages. To achieve piecewiseness, we have abstracted the transparent box
by replacing the original LINKED state and its left and right neighbors, shown in shaded
rectangle on the top right corner of Fig. 2, by the LINKED state, shown in the shaded
rectangle in the middle of the figure. Both of these states have the same functionality. The
difference is the addition of conditional actions of the form ri?status → eo!status, where
the status message is sent to the callee only if the status message has been received from
the caller first.
It is crucial to be able to reason about safety and deadlock properties of BoxOS imple
mentations with multiple features, somethings that the techniques in [Bond et al. 2001]fell
short to address.
1.2
The ability to calculate all possible channelcontentsthat mayarise froman initial state, i.e.
the limit language, plays a central role for automated verification of nontrivial properties
of FIFO systems. This problem is undecidable in general. Moreover, the limit language is
not necessarily regular, even if the initial language is [Cece et al. 1996], and even when the
limit language is known to be regular, determining it may still be undecidable [Cece et al.
1996].
In this article, we show that piecewise languages play an important role in the analysis
of FIFO channel systems. In particular, we focus on computing the limit languages in
piecewise FIFO systems. Our main contributions are summarized as below:
Our Contributions
—For singlechannel piecewise FIFO systems, we show in Sec. 4 that the limit language
is regular (piecewise) if the initial channel language is regular (piecewise). We provide
an algorithm to compute the limit language and discuss its complexity.
—For multichannel piecewise FIFO systems, we show in Sec. 5 that the limit language
is regular, in fact piecewise, if the initial channel language is piecewise. However, the
construction of the limit language may not always be effective. In Sec. 6, we show for
systems with acyclic communication graph the limit language is piecewise if the initial
channel language is piecewise. We present an algorithm to calculate the limit language
and discuss its complexity.
The rest of the article is organized as follows. An overview of piecewise languages and
their properties is given in Sec. 2, and is followed by a description of the system model
in Sec. 3. Our main contributions are presented in Sec. 4, Sec. 5, and Sec. 6. We review
related work in Sec. 7, and conclude in Sec. 8.
ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.
Page 4
4
·
Naghmeh Ghafari et al.
LINKING1
INIT
LINKING2
LINKING3
UNLINK2
UNLINK7
UNLINK3UNLINK8
UNLINK5
UNLINK6
UNLINK9 UNLINK10
UNLINK11
END
UNLINK4
END
UNLINK1
ri?setup
eo!setup
ei?avail
ro!avail
ri?teardownei?teardown
eo!teardown
ei?downack
ei?teardown
eo!downack
ei?status
ei?downack
ro!downack
ro!teardown
ri?status
ri?downack
ri?teardown
ro!downackri?downack
eo!downack
ei?unavail
ei?unknown
ro!unavail
ro!unknown
ERROR
ri?status
ei?status
LINKEDTRANS1TRANS2
ri?status
eo!status
ei?status
ro!status
ro!status
ri?status
eo!status
LINKED
Fig. 2.Transparent feature box.
2.
In this section, we introduce some preliminary notation and give an overview of piecewise
languages and their properties.
Let Σ be a finite alphabet and ? the empty string. Let w1and w2be two strings in
Σ∗. In the sequel, w1+ w2denotes the nondeterministic choice between w1and w2and
w1· w2denotes concatenation of the elements of w1and w2. We sometimes omit ‘·’, i.e.
we may write w1w2instead of w1· w2. A regular expression (RE) over Σ is defined by
the following grammar R ::= a ∈ Σ  R · R  R + R  R∗ 0  1. The symbol 0 denotes
the empty language, and 1 denotes the language {?}; in particular, we have 1 = 0∗. We
sometimes write ? instead of 1.
The language L(R) of a RE R is defined in the usual way. We sometimes write R to
mean L(R). In a further abuse of notation, we often regard a set M ⊆ Σ ∪ {?} as an
RE, namely the sum of elements in M. For a language L ⊆ Σ∗, we use ?L to denote the
ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.
PRELIMINARIES AND NOTATIONS
Page 5
Reachability Problems in Piecewise FIFO Systems
·
5
complement of L: Σ∗\L. The expression test(R) is 1 if L(R) ?= ∅ and 0 if L(R) = ∅.
We now introduce a new fragment of regular languages called piecewise languages.
Definition 2.1 (Piecewise Languages) A language is simply piecewise if it can be ex
pressed by an RE of the form M∗
Σ ∪ {?}. A piecewise language is a finite (possibly empty) union of simply piecewise lan
guages. A language is simply repetition piecewise if it can be expressed by an RE of the
form M∗
finite (possibly empty) union of simply repetition piecewise languages.
0a0M∗
1···an−1M∗
n, where each Mi ⊆ Σ and ai ∈
0a0M∗
1···an−1M∗
n, where for all i, aiis ?. A repetition piecewise language is a
For example, (a + b)∗c is simply piecewise, where M0= {a,b} and a0= c, but (ab)∗
is not piecewise according to a simple application of the pumping lemma. For completion,
we give the definition of a finite state automaton.
Definition 2.2 (FSA) A finite state automaton (FSA) A is a tuple (Σ,Q,q0,δ,F), where
Σ is a finite alphabet; Q is a finite set of states; q0∈ Q is the initial state; δ : Q×Σ → 2Q
is the transition relation; and F ⊆ Q is a set of accepting (or final) states. When F is
omitted, it is assumed that F = Q.
a
→ q?to mean that q?∈ δ(q,a). We write q →
q?when we do not distinguish the specific symbol on the transition of q to q?. Given
q ∈ Q, and w ∈ Σ∗, δ(q,w) is defined as usual: δ(q,?) ? {q}, and δ(q,wa) ? {p 
∃r ∈ δ(q,w), p ∈ δ(r,a)}. We say that a word w is accepted by A if and only if
(δ(q0,w)∩F) ?= ∅. ThelanguageofAis definedasL(A) ? {w ∈ Σ∗ δ(q0,w)∩F ?= ∅}.
A run in A is a finite or infinite sequence of states denoted P = q0→ q1→ ... , where
q0is the initial state and for all i, qi → qi+1 ∈ δ. We define the size of an FSA A as:
A ? Q + δ.
We often use RE notation with automata. For example, A1·A2stands for concatenation
of two automata, A1+ A2for an automaton with language L(A1) ∪ L(A2).
Definition 2.3 (POFSA) Apartiallyorderedautomaton(POFSA)isatuple(A,?), where
A = (Σ,Q,q0,δ,F) is an automaton, and ?⊆ Q × Q is a partial order on states such that
∀a ∈ Σ, q?∈ δ(q,a) implies that q ? q?.
Proposition 2.4 A language is piecewise if and only if it is recognized by a POFSA.
For a ∈ Σ we write δ(q,a,q?) or q
PROOF. (⇐)ConsiderthePOFSA A = ((Σ,Q,δ,q0,F),?). Considerall acyclicruns
P = q0
−→ q1
most once and q0 = q0is initial and qk ∈ F is an accepting state. The number of such
runs is finite. For each qiwe can associate Mi, the set of a’s such that δ(qi,a) = qi.
Let LP = M∗
is over all appropriate runs P as just considered. We clearly have that L?⊆ L(A). To
see that L(A) ⊆ L?, we use that automaton A is partially ordered. Consider w ∈ L(A).
Thus, w defines a run P from which an acyclic run P?for a word w?can be constructed
by deleting letters aiin w for which δ(qi,ai) = qi. Then, w?is a scattered subword of
w : w = u0b0...bnun+1, where w?= b0...bnand ui, for 0 ≤ i ≤ n + 1, is in M∗
Hence, w ∈ LP?. As a result, L(A) ⊆ L?.
(⇒) A piecewise language is a finite union of simply piecewise languages. Each sim
ply piecewise language is recognized by a totally ordered automaton. Consider the simply
piecewise language M∗
ton A = (Σ,Q,δ,q0,F), where Q = {q0,q1,...,qk}, q0= q0, and F = {qk}. The
ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.
a0
a1
−→ ...
ak−2
−→ qk−1
ak−1
−→ qk, where any qi ∈ Q for i ∈ [0..k] occurs at
0a0M∗
1...M∗
k. Then, LP ⊆ L(A). Let L?=
?
PLP, where the union
i.
0a0···M∗
k−1ak−1M∗
k. This language is recognized by an automa
Page 6
6
·
Naghmeh Ghafari et al.
transition relation δ is defined as follows:
(q,a,q?) ∈ δ ⇔ (for i ∈ [1..k],q = qi−1∧ q?= qi∧ a = ai−1)∨
(for i ∈ [0..k],q = q?= qi∧ a ∈ Mi)
By construction,fori,j ∈ [0..k], therelationqi? qj⇔ i ≤ j is a total ordersatisfyingthe
constraint of Definition 2.3. Let L = L1+ L2be a piecewise language, where L1and L2
are simply piecewise languages recognized by POFSAs A1 = ((Σ,Q1,δ1,q0
and A2= ((Σ,Q2,δ2,q0
recognized by a POFSA A = ((Σ,Q,δ,q0,F),?), where Q = Q1∪Q2∪q0, and q0is a
new state not appearing in Q1∪ Q2, F = F1∪ F2, and δ is defined as follows:
(q,a,q?) ∈ δ ⇔ (q,q?∈ Q1∧ (q,a,q?) ∈ δ1)∨
(q,q?∈ Q2∧ (q,a,q?) ∈ δ2)∨
(q = q0∧ ((q0
It is easy to see that A is a POFSA with the partial order ? defined as follows:
The following proposition summarizes the properties of the piecewise languages.
1,F1),?1)
2,F2),?2), respectively, with Q1and Q2 disjoint. Then, L is
1,a,q?) ∈ δ1∨ (q0
2,a,q?) ∈ δ2))
q ? q?⇔
true
q ?1q?
q ?2q?
if q = q0
if q,q?∈ Q1
if q,q?∈ Q2
Proposition 2.5 Piecewise languages are closed under finite unions (+), finite intersec
tions (∩), concatenation(·), shuffle ()1, lettertoletter mappings, and inverse homomor
phisms, but not under complementation and homomorphisms.
PROOF. Finite unions, intersections, and concatenation. Closure under finite unions
and concatenation follows immediately from Definition 2.1. Closure under finite intersec
tions is shown in [Bouajjani et al. 2001], Proposition 1.
Shuffle. To show that piecewise languages are closed under shuffle, we show that PO
FSAs are closed under shuffle. Let L1and L2be two piecewise languages recognized by
POFSAs, A1 = ((Σ,Q1,δ1,q0
tively. Let L = L1L2. Then, L is recognized by a POFSA, A = ((Σ,Q,δ,q0,F),?),
where Q = Q1×Q2, q0= (q0
as follows:
1, F1),?1) and A2 = ((Σ,Q2,δ2,q0
2,F2),?2), respec
1,q0
2), and F = F1×F2. The transition relation δ is defined
((q1,q2),a,(q?
1,q?
2)) ∈ δ ⇔ ((q1,a,q?
1) ∈ δ1∧ q2= q?
2) ∨ ((q2,a,q?
2) ∈ δ2∧ q1= q?
1)
It is easy to see that A is a POFSA, with the partial order ? defined as follows:
(q1,q2) ? (q?
1,q?
2) ⇔
?
q1?1q?
q2?2q?
1
if q2= q?
if q1= q?
2
21
Therefore, by Proposition 2.4, the language of the shuffled automaton A is piecewise.
Lettertoletter mappings. Let T : Σ → Σ be a lettertoletter mapping over a fi
nite alphabet Σ. Consider simply piecewise language M∗
0a0M∗
1...M∗
k, where M0 =
1The shuffle of two words w and w?, ww?, is the set of words that are obtained by interleaving w and w?; for
example abcd = {abcd, acbd,acdb,cabd,cdab,cadb} (). In the sequel, LL?=?
ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.
∀w∈L,w?∈L?ww?.
Page 7
Reachability Problems in Piecewise FIFO Systems
·
7
{b0,...,bi},M1 = {c0,...,cj}, and so on. Applying T on this language results in the
simply piecewise language M?∗
T(a0),M?
Since T distributes overunion, the result follows for arbitrary piecewise languages as well.
Inverse homomorphisms. Let A = ((Σ,Q,δ,q0,F),?) be a partially ordered au
tomaton accepting piecewise language L. Let ∆ be an alphabet, and h a homomorphism
from ∆ to Σ∗. We construct automaton A?over ∆ that accepts h−1(L). Intuitively A?
works by reading a symbol a in ∆ and simulating POFSA A on h(a). Formally, let
A?= ((∆,Q,δ?,q0,F),?), and define δ?(q,a), for q ∈ Q and a ∈ ∆ to be δ(q,h(a)).
Since h(a) may be a long string or ?, δ is defined on all strings by extension. It is easy
to show by induction on x that δ?(q0,x) = δ(q0,h(x)). Therefore, A?accepts x if and
only if A accepts h(x). That is , L(A?) = h−1(L(A)). The transition relation of A?, δ?,
simulates the transition relation of A on h(x) for any symbol x ∈ ∆, thus it respects the
partial order relation on states of A. Hence, L(A?) is also piecewise.
Homomorphism. Piecewise languages are not closed under homomorphisms. For ex
ample, the piecewise language a∗under the homomorphisms [a ?→ (ab)] is (ab)∗, which
is not piecewise.
Complementation. Piecewise languages are not closed under complementation. For
example, consider a piecewise language L = Σ∗aaΣ∗+ Σ∗bbΣ∗, with Σ = {a,b}. The
complement of L is the set of sequences where a’s and b’s alternate — which is not piece
wise.
0a?
0M?∗
1...M?∗
kwhere M?
0= {T(b0),...,T(bi)}, a?
0=
1= {T(c0),...,T(cj)} and so on. Clearly, this is a simply piecewise language.
Proposition 2.6 A language is repetition piecewise if and only if it is recognized by a PO
FSA A = ((Σ,Q,δ,q0,F),?), where F = Q and δ satisfies the following two conditions.
Let qi,qj,ql∈ Q and a,b ∈ Σ. Then,
(I) (qi,a,qj) ∈ δ =⇒ (qj,a,qj) ∈ δ, and
(II) (qi,a,qj) ∈ δ ∧ (qj,b,ql) ∈ δ =⇒ (qi,b,ql) ∈ δ.
PROOF. (⇒) Let L be a simply repetition piecewise language and L = M∗
Let A = ((Σ,Q,δ,q0,F),?) be a POFSA with k + 1 states where Q = {q0,...,qk},
q0= q0, and F = Q. For i,j ∈ [0..k], δ is defined as follows:
(qi,a,qj) ∈ δ ⇔ i ≤ j ∧ a ∈ Mj.
The transition relation δ satisfies the conditions (I) and (II). The partial ordering is defined
as follows: qi? qj⇔ i ≤ j. We show that A recognizes L, i.e., L(A) = L.
Let w be a word in L. Then, w = P0· P1···Pk, where Pi ∈ M∗
partitioning to define an accepting run ρ = ρ(0) → ρ(1) → ... → ρ(n) of A on w as
follows:
ρ(i) = qj⇔ Σj−1
Intuitively,the automatongoes to state qiwhen reading a letter from partition Pi. It is easy
to see that the run is well defined. It is accepting since every state of A is accepting. Thus,
L ⊆ L(A).
To show L(A) ⊆ L, assume ρ = q0→ ... → qnis an accepting run of A on a word
w, where q0= q0. Then, ρ induces a partitioning P0,...,Pkon w, such that Pi∈ M∗
Hence, w ∈ L. Thus, L(A) ⊆ L.
A repetition piecewise language is a finite union of simply repetition piecewise lan
guages. Consider a repetition piecewise language L = L1+ L2, where L1and L2are
0M∗
1...M∗
k.
i. We use this
t=0Pt ≤ i < Σj
t=0Pt
i.
ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.
Page 8
8
·
Naghmeh Ghafari et al.
two simply repetition piecewise languages that are recognized by POFSAs A1and A2,
respectively,satisfying conditions (I) and (II). Similarly to the proof of Proposition2.4, we
construct POFSA A that recognizes L. It is easy to show that the construction satisfies
conditions (I) and (II).
(⇐) Let A be a POFSA satisfying conditions (I) and (II). For each state qi ∈ Q, let
Mqi= {a  (qi,a,qi) ∈ δ}. Let ρ = q0 → ... → qnbe an acyclic run of A, where
every qi ∈ Q for i ∈ [0..k] occurs at most once, and q0 = q0. The number of such
runs is finite. Let the language Lρbe defined as M∗
Lρ∈ L(A). Similarly, let L?=?Lρover all such acyclic runs. Then, L?⊆ L(A). Since
L(A), and ρ an accepting run of A on w. Let ρ?be a maximal subsequence of ρ in which
every state in Q appears at most once. For example, if ρ is q0→ q0→ q1→ q1, then ρ?is
q0→ q1. Then, ρ?is acyclic, and w ∈ Lρ?. Hence, L(A) ⊆ L?.
The following proposition summarizes the properties of the repetition piecewise lan
guages.
ρ(0)···M∗
ρ(n). It is easy to see that
L?is repetition piecewise, we only need to show that L(A) ⊆ L?. Let w be a word in
Proposition 2.7 Repetition piecewise languages are closed under finite unions and inter
sections, concatenation, shuffle, and lettertoletter mappings, but not under homomor
phisms and inverse homomorphisms.
PROOF. Finite unions, intersections, concatenation, shuffle. Closure under finite
unions and concatenationfollows immediately from Definition 2.1. To show closure under
finite intersections, let L1and L2be two repetition piecewise languages. By Proposi
tion 2.6, they are recognized by POFSAs A1and A2, respectively, such that both A1and
A2satisfy conditions (I) and (II) of the proposition. It is easy to check that conditions (I)
and (II) are preserved by intersection and shuffle. Thus, the automata A1∩A2and A1A2
are POFSAs satisfying conditions (I) and (II). Hence, by Proposition 2.6 their languages
are repetition piecewise.
Lettertolettermapping. The proof is similar to that of piecewise languages (Proposi
tion 2.5).
Homomorphisms. Repetition piecewise languages are not closed under homomor
phisms. For example, repetition piecewise language a∗under the homomorphisms [a ?→
(ab)] is (ab)∗which is not piecewise.
Inverse homomorphisms. Repetition piecewise languages are not closed under inverse
homomorphisms. For example, let Σ = {0}, and Σ?= {a,b}, and h be a homomorphism
from Σ to Σ?∗such that h(0) = ab. Then, the repetition piecewise language L = a∗b∗un
der the inverse homomorphism is h−1(L) = {?,0} which is not repetition piecewise.
For a ∈ Σ and regular expressions R,S, the left residual operation (or derivative [Brzo
zowski and Simon 1973]) is defined as:
a−10 ? 0
a−11 ? 0
a−1b ? test(a ∩ b)
a−1(R · S) ? (a−1R · S) + (test(R ∩ 1) · (a−1S))
a−1(R + S) ? (a−1R) + (a−1S)
a−1(R∗) ? (a−1R) · R∗
ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.
Page 9
Reachability Problems in Piecewise FIFO Systems
·
9
It is easy to see that L(a−1R) = {v  a · v ∈ L(R)}. Similarly, we may define a residual
operation for M∗, where M ⊆ Σ:
(M∗)−10 ? 0
(M∗)−11 ? 1
(M∗)−1a ? a + test(a ∩ M)
(M∗)−1(R · S) ? (((M∗)−1R) · S) + (test(R ∩ M∗) · ((M∗)−1S))
(M∗)−1(R + S) ? ((M∗)−1R) + ((M∗)−1S)
(M∗)−1(R∗) ? (((M∗)−1R) · R∗) + 1
Then, it can be verified that
L((M∗)−1R) = {v  ∃u ∈ L(M∗), u · v ∈ L(R)}.
We conclude this section with a review of recognizable (or regular) relations.
Definition 2.8 (Recognizable Relation) [Yu 1997] A relation ρ ⊆ (Σ∗)Kis recognizable
(or regular) if and only if
ρ =?
for some natural number I and regular expressions Ri
0≤i<IL(Ri
0) × ··· × L(Ri
K−1)
jover Σ.
Similarly, we say that a relation is piecewise if and only if the expressions Ri
piecewise, andsay thatarelationis repetitionpiecewise ifandonlyifexpressionsRi
are repetition piecewise.
jabove are
jabove
Proposition 2.9 [Yu 1997] Let ρ be a Kary relation over Σ∗. Define L#(ρ) ? {w0·
#···#·wK−1 (w0,...,wK−1) ∈ ρ}. Then L#(ρ) is a regular language over Σ∪{#}
if andonly if ρ is recognizable. Moreover, L#(ρ) is piecewise if and only if ρ is a piecewise
relation.
It is easy to see that regular and piecewise relations are closed under finite unions and
intersections.
3.
In this section, we review the definition of FIFO systems and the reachability problem for
them.
A channel over an alphabet Σ is a FIFO queue whose contents is given by a word w ∈
Σ∗. We define two types of channel actions: read a, denoted by ?a, and write a, denoted
by !a, that stand for reading and writing a letter a from/to a channel, respectively. We use
f : w to denote the application of an action f to a word w. For example, ?a : abb = bb and
!a : bb = bba.
Let Σrw? {?,!} × Σ denote the read/write(rw)alphabet over Σ. For a set of channels
C = {c1,...,ck} this alphabet is extended as follows: Σrw(C) ? [1..k] × Σrw. Thus, an
action 4?a corresponds to reading a from channel c4, and 6!b corresponds to writing b to
channel c6. In the sequel, we drop C from the notation when it is clear from the context.
We call Σrwan action alphabet, and any subset of Σ∗
A channel configuration for a system with k channels is a ktuple w ∈ (Σ∗)k. We use
?w1,...,wk? to denote a tuple, where wiis the content of channel i. In singlechannel
ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.
FIFO SYSTEMS AND THE REACHABILITY PROBLEM
rwan action language.
Page 10
10
·
Naghmeh Ghafari et al.
1
2
3
Fig. 3. An example of a communication graph for a set of actions Act = {1?a →
2!a,2?b → 3!b,3?b → 1!a,2?b → 2!b}.
systems, a configuration is just the content of the single channel. We use bold fonts to
differentiate between channel configurations in multichannel and singlechannel systems.
Let w[i] denote the content of channel i in w and w[i ?→ y] denote a channel configuration
obtained from w by replacing the content of channel i with y.
In the singlechannel case, for X ⊆ Σ∗
result of applyinga sequence of actions from X to a wordin W. This is called the concrete
semantics of actions and is defined as follows:
rwand W ⊆ Σ∗, we use X : W to denote the
Definition 3.1 (Action Language Semantics) Let W ⊆ Σ∗be a set of words over Σ, and
X an action language, then X : W is defined as follows:
?a : W ? (a−1)W
{x · y} : W ? y : (x : W)
!a : W ? W · a
X : W ?
?
x∈X
(x : W)
For example, ({?a!b , ?a!c} : a) = {b , c}.
Definition 3.1 is extended to a kchannel system as follows. Given w ∈ (Σ∗)kand an
action language X, then X : w for a single action is defined as shown below:
i?a : w ? w[i ?→ (?a : w[i])]
and is extended to words identically to Definition 3.1. For example, given a 2channel
system, ({1?a 2!b,1?a 2!c} : ?ab,b?) = {?b,bb?,?b,bc?}.
We write ?a →!b for a conditional action that means “b is written only if a is first read.”
In other words, ?a →!b is an abbreviationfor a sequence of simple actions: ?a!b. Given an
action alphabet Σrw(C) over a set of channels C, we define a conditional action alphabet
Σrwc(C) that treats conditional actions as letters:
i!a : w ? w[i ?→ (!a : w[i])]
Σrwc(C) ? Σrw(C) ∪ ((C × {?} × Σ) · (C × {!} × Σ)).
For example, given Σ = {a} and C = {1}, then Σrwc(C) = {1?a,1!a,1?a → 1!a}.
For a set of actions Act ⊆ Σrwc(C), a communication graph of Act, CG(Act), is
a digraph (C,E), with an edge (i,j) ∈ E if and only if there are a and b in Σ such
that i?a → j!b is in Act. For example, given Act = {1?a → 2!a,2?b → 3!b,3?b →
1!a,2?b → 2!b}, CG(Act) is a digraph with 3 nodes and 4 edges one for each conditional
action in Act (see Fig. 3).
Definition 3.2 (FIFO System) A FIFO system is a tuple S = (Σ,C,Q,q0,δ), where Σ is
a finite alphabet; C = {c1,...,ck} is a finite set of channels; Q is a finite set of control
locations; q0∈ Q is the initial controllocation; and δ ⊆ Q×Σrwc×Q is a set of transition
rules.
ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.
Page 11
Reachability Problems in Piecewise FIFO Systems
·
11
1!a
A₁
2?b 2?d
2?c
2?d
A₂
1?a2!b1?a2!d
2!d
2!c
channel 1 channel 2
1
2
3
4
1
23
Fig. 4.An example of a FIFO system consisting of two processes and two channels.
Note that in Definition 3.2, a FIFO system is defined with respect to a conditional action
alphabet Σrwc. A global state of S is a pair (q,w) where q is a state in Q and w is
a channel configuration. The transition relation of S, ∆, is a set of triples of the form
((q,w),op,(q?,w?)), where op ∈ Σrwc, (q,op,q?) ∈ δ, and w?∈ (op : w).
A FIFO system S is piecewise if there exists a partial order ? on Q such that q?∈
δ(q,op) implies that q ? q?.
Most often a FIFO system is represented as a set {Ai}n
througha set of channels,C. Each process is a finite state automaton,Ai= (Σ,Qi,δi,q0
The corresponding FIFO system, S = (Σ,C,Q,q0,δ), is constructed by computing the
cross product of these automata. Thus, Q ? Πn
built up fromthe transitionrelations of the Ai’s such that everytransition in ∆ corresponds
to exactly one transition in some δi. Formally,
iof n processes communicating
i).
i=1Qiand the transition relation ∆ of S is
(((q1,...,qn),w),op,((q?
1,...,q?
∀j ?= i, qj= q?
n),w?)) ∈ ∆ if and only if
j ∧ q?
∃i,
i∈ δi(qi,op) ∧ w?∈ (op : w).
Fig. 4 shows an example of a piecewise FIFO system consisting of two processes and
two channels. Initially, we assume that both of the processes are in their initial states and
both of the channels are empty, thus, the initial global state of the system is ((1,1),??,??).
Then, process A1writes a on channel 1 and moves from state 1 to 2. The new global state
of the system is ((2,1),?a,??). Therefore, (((1,1),??,??),1!a,((2,1),?a,??)) ∈ ∆.
In this article, we are interested in the reachability problem:
FIFO Systems Reachability Problem. Given a FIFO system S and a set of config
urations I (called initial), find the set of all global states reachable from I.
The set of all reachable global states of a FIFO system can be partitioned based on the
control locations. Each partition represents the set of all reachable channel configurations
at a particular control location. Thus, in order to calculate the set of all reachable global
states, we need to calculate the set of all reachable channel configurations at each control
location. This problem can be reduced to computing the semantics (Definition 3.1) of a
regular action language.
Proposition 3.3 Let S = (Σ,C,Q,q0,δ) be a FIFO system, q ∈ Q some control location,
and I a set of configurations. Then, the set of all reachable configurations of S at control
ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.
Page 12
12
·
Naghmeh Ghafari et al.
?a
!a
?d
S
?c
!b
?c
1
2
34
FIFO System Initial Channel
Content
I
Reachable Configurations
L(A₁) : I
(?d)* : I
L(A₂) : I
(?d)* ?a (?c !a)* : I
L(A₃) : I
(?d)* ?a (?c !a)* !b (?c)* : I
L(A₄) : I
(?d)* ?a (?c !a)* ?c : I
Fig. 5. An example illustrating the calculation of all reachable global states by computing
the semantics of a regular action language.
location q is (L(Aq) : I), where Aq = (Σrwc,Q,q0,δ,{q}) is a finite automaton with
accepting state q.
Fig. 5 is an example illustrating this reduction. On the left, we show an example of a
FIFO system and on the right the set of all reachable configurations at control locations 1,
2, 3, and 4.
Finally, computing the semantics of a regular action language is itself reducible to the
limit language problem: given a regular language of actions Laand a regular language of
channelcontentW, computethe languageof(L∗
FIFO systems, Lais further restricted to subsets of Σrwc. This is the problem we study in
the rest of the article.
a: W). Inthe particularcase of piecewise
Proposition 3.4 For regular (piecewise) L, it holds that (?a : L), (!a : L), and (?a →!b :
L) are regular (piecewise).
PROOF. For a single write action, (!a : L) = L · a. For a read action, we have (?a :
L) = a−1L followingfromthe definitionof derivative. For the conditionalaction, we have
(?a →!b : L) = (a−1L) · b.
4.ANALYSIS OF SINGLECHANNEL PIECEWISE SYSTEMS
In this section, we focus on the analysis of a singlechannel piecewise FIFO system. We
present an algorithm for calculating the limit language, show its correctness, and discuss
its worst case complexity.
Fig. 6 shows the algorithm SINGLELIMIT for calculating the limit language. The inputs
to the algorithm are an automaton AIrepresenting a set of singlechannel configurations
I ⊆ Σ∗, and a set Act ⊆ Σrwcof actions; the output is an automaton that accepts the
limit language (Act∗: I). For notational convenience, in the examples we use regular
expressions instead of automata to represent channel configurations.
The algorithm has two phases. In the first phase, called PHASE1 (lines 3 – 6 of the
SINGLELIMIT), the algorithmiterativelycomputesall configurationsreachableby(i)read
ing the current channel content completely, and (ii) writing the result of conditional and
other write actions. Each iteration of PHASE1 is done using the function APPLY. Let
Act ⊆ Σrwcbe partitioned into unconditional write actions Actw = {!a !a ∈ Act},
and the rest Actr = Act \ Actw. In each iteration, if V is the set of currently reachable
ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.
Page 13
Reachability Problems in Piecewise FIFO Systems
·
13
1: function AUT SINGLELIMIT(Aut AI, Set Act)
2:
R := ?, F := AI
3:
while L(F) ? L(R) do
4:
R := R + F
5:
F := APPLY(F,Act)
6:
return PHASE2(R,Act)
Fig. 6.The SINGLELIMITalgorithm.
configurations, APPLY computes V?such that
V?? {v  ∃u ∈ V, v ∈ (Actu
Note that APPLY misses some reachable configurations. For example, let Act = {?a →
!c,?b →!d,!e} and I = ab. Then, APPLY results in L(e∗ce∗de∗) and misses reachable
configurations in L(be∗ce∗). This is fixed in the second phase, called PHASE2. Let W be
a set of reachable configurations, the result of PHASE2 is a set W?such that
W?? {w  ∃u,v,z, (v · u ∈ W) ∧ (u · z = w) ∧ (z ∈ APPLY({v},Act))}.
These two phases are implemented using automata as described below.
r
: u)}  (Act∗
w: ?) .
PHASE1. As inputs PHASE1 takes an automaton A = (Σ,Q,δ,q0,F), and a set of ac
tions Act. Then, it iteratively computes a set of reachable configurations using function
APPLY. Given automaton A and a set of actions Act, APPLY constructs an automaton
A?= (Σ,Q,δ?,q0,F), where δ?consists of tuples of the form:
—(q,?,q?) if for some a it holds that δ(q,a,q?) and ?a ∈ Act, or
—(q,b,q?) if for some a it holds that δ(q,a,q?) and ?a →!b ∈ Act, or
—(q,c,q) if !c ∈ Act.
Intuitively, the first rule of δ?corresponds to unconditional reads, the second – to renam
ing the labels of the transitions according to the conditional actions, and the third – to
unconditional writes.
For example, let Act = {?a →!b,?b →!a,?c,!a} and I = (ac)∗aba∗. Fig. 7(a) shows
automatonA recognizingL(I). To construct A?= APPLY(A,Act), the transitions labeled
by a are relabeled to b, transitions labeled by b are relabeled to a, and transitions labeled
by c are replaced by ?transitions. In addition, selfloop transitions labeled by a are added
to every state. Fig. 7(b) shows automaton A?. Similarly, we can construct automaton
A??= APPLY(A?,Act) and A???= APPLY(A??,Act) which are shown in Fig. 7(c) and (d),
respectively. As can be seen, applying APPLY once more results in automaton A??, thus,
we have reached a fixpoint.
PHASE2. LetA = (Σ,Q,q0,δ,F)beanautomatonandsbeastate inQ. We constructtwo
automata: A1= (Σ,Q,q0,δ,{s}) and A2= (Σ,Q,{s},δ,F). Let A?
constructed by applying APPLY to A1, i.e., A?
of A2· A?
accepted by A via a run passing through the state s, and (ii) z ∈ APPLY({v},Act). We
call this operation PREFIX(A,s,Act). It is easy to see that:
1be the automaton
1= APPLY(A1,Act). Then, the language
1contains a word u · z if and only if (i) there exists a word v such that v · u is
PHASE2(A,Act) =
?
s∈Q
PREFIX(A,s,Act).
ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.
Page 14
14
·
Naghmeh Ghafari et al.
a
b
c
a
b
a
b
a
a
a
a
b
b
b
b
a
a
a
εε
APPLY ¹
APPLY ²
(a)(b)(c)
b
a
a
a
a
b
b
b
ε
APPLY ³
(d)
AA' A''A'''
Fig. 7. An example illustrating PHASE1 with automaton A and Act = {?a →!b,?b →
!a,?c,!a} as inputs.
For our running example, Fig. 8 shows how PREFIX(A,s,Act) is implemented us
ing automata. The leftmost automaton in Fig. 8 (automaton A) recognizes the language
I = (ac)∗aba∗. To compute PREFIX(A,s,Act), we break A on state s (see Fig. 8), which
results in two automata A1and A2. We compute A?
we concatenate A2and A?
shown on the rightmost of the Fig. 8.
1by applying APPLY to A1. Then,
1. The resulting automaton represents PREFIX(A,s,Act) and is
The algorithm in Fig. 6 always terminates. Given an automaton A, APPLY produces an
automatonwith the same numberof states as A. Thus, the set {APPLYi(A,Act)}iis finite,
and the algorithm always terminates.
Theorem 4.1 Let AIbe an automatonrepresenting a set of configurations,Act be a set of
actions, and ALbe the automaton returned by SINGLELIMIT(AI,Act). Then, L(AL) =
(Act∗: L(AI)).
PROOF. According to the SINGLELIMIT algorithm shown in Fig. 6,
??
Note that since in each iteration APPLY produces an automaton with the same number of
states as AI,?
the current channel content completely (and writing the results of conditional and other
write actions) zero or more times, and then reading the resulting content partially. Let # –
a fresh letter not in Σ, be a marker at the end of the initial channel content. The maker #
is used only for establishing the proof and is eliminated later using ERASE#. Then,
L(AL) = PHASE2
i∈ ?
APPLYi(AI,Act),Act
?
.
iAPPLYi(AI,Act) is a finite union.
Let w ∈ (Act∗: L(AI)) be a reachable channel content. Then, w is reached by reading
w ∈ (Act∗: L(AI)) ⇔ ∃u,v, (u · v) = w ∧
∃p,q, (u#v) ∈ (((Act∗(?#)(!#))p(Act)q) : (L(AI) · #)).
At the end of each iteration of APPLY, # is read and then written again on the channel
to mark the beginning of the new iteration.
ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.
Page 15
Reachability Problems in Piecewise FIFO Systems
·
15
a
b
c
a
ε
APPLY
ac
a
b
c
a
b
a
a
Concatenate
A₂ and A'₁
a
b
c
a
b
a
ε
s
A
A₁
A₂
A'₁
break
on s
s
s
Fig. 8. An example illustrating PREFIX operation with automaton A, state s, and Act =
{?a →!b,?b →!a,?c,!a} as inputs.
The theorem follows from the following two facts:
(APPLY(L(A),Act) · #) = (Act∗(?#)(!#)) : (L(A) · #)
and
PHASE2(L(A),Act) = ERASE#(Act∗: (L(A) · #)).
where ERASE#projects out the letter #.
ComplexityAnalysis. Leth = AIdenotethesizeofAI–theautomatonrepresentingthe
set of initial configurations. As discussed above, APPLY(AI,Act) produces an automaton
with the same numberof states as AIby relabeling the transitions of AI. In the worst case,
each transition can be updated at most Σ times. Thus, the worst case complexity of the
SINGLELIMIT algorithm is Σh.
Theorem 4.2 Let AIbe anautomatonoverafinitealphabetΣ representingaset of single
channel configurations, and h = AI. Then, in the worst case, the running time of the
SINGLELIMIT algorithm is O(Σh).
5.
In this section, we focus on the limit language problem for a set of actions, Act, on a k
channel system, and a set of channel configurations L. A configuration ?w1,...,wk? of
a kchannel system is represented by a word of the form w1· #···# · wk, where # is a
fresh letter not in Σ. Thus, a channel configuration can be seen as an element of a relation.
In the sequel, a set of channel configurations correspond to a relation over Σ∗. A regular
configuration is a set of channel configurations that correspond to a regular relation and a
DECIDABILITY RESULTS ON MULTICHANNEL PIECEWISE SYSTEMS
ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.
View other sources
Hide other sources
 Available from Nils Klarlund · Jun 2, 2014
 Available from utexas.edu