Page 1

Reachability Problems in Piecewise FIFO Systems

NAGHMEH GHAFARI

Critical Systems Labs

and

ARIE GURFINKEL

Software Engineering Institute, Carnegie Mellon University

and

NILS KLARLUND

Google Inc.

and

RICHARD TREFLER

David R. Cheriton School of Computer Science, University of Waterloo

Systems consisting of several finite components that communicate via unbounded perfect FIFO

channels (i.e. FIFO systems) arise naturally in modeling distributed systems. Despite well-known

difficulties in analyzing such systems, they are of significant interest as they can describe a wide

range of communication protocols.

In this article, we study the problem of computing the set of reachable states of a FIFO system

composed of piecewise components.This problem is closely related to calculating the set of

all possible channel contents, i.e. the limit language, for each control location. We present an

algorithm for calculating the limit language of a system with a single communication channel.

For multi-channel systems, we show that the limit language is piecewise if the initial language

is piecewise. Our construction is not effective in general; however, we provide algorithms for

calculating the limit language of a restricted class of multi-channel systems in which messages are

not passed around in cycles through different channels. We show that the worst case complexity of

our algorithms for single-channel and important subclasses of multi-channel systems is exponential

in the size of the initial content of the channels.

Categories and Subject Descriptors: D.2.4 [Software Engineering]: Model checking

General Terms: Verification

Additional Key Words and Phrases: FIFO systems, reachability analysis, verification, infinite-

state systems

1.INTRODUCTION

Concurrent systems consisting of a set of finite state machines that communicate via un-

bounded First-In First-Out (FIFO) channels are a common model of computation for de-

scribingdistributedprotocolssuchas IP-telecommunicationprotocols,interactingwebser-

vices, and System on Chip (SoC) architectures (e.g.,[Brand and Zafiropulo1983; Boigelot

et al. 1997; Abdulla et al. 1999; Pachl 1987; Cece et al. 1996; Bond et al. 2001; Wodey

et al. 2003]). Even though all physically constructible systems have finite size channels,

their size is often an implementation parameter that is typically left unspecified. Modeling

such systems with unbounded channels often makes reasoning about them simpler. The

abstraction may of course fail to reveal certain deadlock situations that occur if the chan-

ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY, Pages 1–33.

Page 2

2

·

Naghmeh Ghafari et al.

feature 1feature 2feature 3

callee

callercallee

caller

Fig. 1. BoxOS call structure.

nels fill up, but the abstract system behaves otherwise essentially as the system with finite

channels.

Unboundednessof communicationchannels providesa useful modeling abstraction, but

it does in a theoretical sense complicate analysis if compared to a system of a given fixed

size, say with queues of length 1024. In fact, Brand and Zafiropulo [Brand and Zafiropulo

1983] showed that a single unbounded channel is already sufficient to simulate the tape of

a Turing machine. Hence, verification of any non-trivial property, such as reachability, is

undecidable. Despite these results, a substantial effort has gone into identifying subclasses

of FIFO systems for which the verificationproblemis decidable (e.g.,[Abdulla et al. 1999;

Abdulla and Jonsson 1993; Boigelot 1998; Boigelot and Godefroid 1999; Boigelot et al.

1997; Bouajjani et al. 2000; Bouajjani et al. 2001; Cece et al. 1996; Pachl 1987]).

In this article, we study the class of piecewise FIFO systems. These systems can be used

for modeling distributed protocols such as IP-telecommunicationprotocols and interacting

web services. A piecewise FIFO system is composed of components whose behaviors can

be expressed by piecewise languages. Intuitively, a language is piecewise if it is accepted

by a non-deterministic finite state automaton whose only non-trivial strongly connected

components are states with self-loops. Formally, a piecewise language is a union of sets of

strings, where each set is given by a regularexpressionof the form M∗

here, each Miis a subset of the alphabet Σ and each aiis an element of Σ.

0a0M∗

1···an−1M∗

n;

1.1

Although piecewise languages may look restrictive, they can be used to express descrip-

tions of IP-telephonyfeatures [Ghafari and Trefler 2006] and seem amenable to describing

composite web services specified in Business Process Execution Language (BPEL) [IBM

2007]. For example, [Ghafari and Trefler 2006] studied the behavior of the telephony fea-

tures in BoxOS which is a generation of telecommunication service over IP developed at

AT&T Research [Bond et al. 2001; Jackson and Zave 1998]. As shown in Fig. 1, an active

call is represented by a graph of telephony features (referred to as boxes) while communi-

cationbetweenneighboringboxesis handledvia unboundedperfectFIFO channels. Boxes

at the endpoints representtelephones,intermediateboxesrepresentcall features, forexam-

ple call-forwarding-on-busy. At a sufficient level of abstraction, boxes may all be viewed

as finite state transducers. Communicationin these protocolsbeginswith an initiatortrying

to reacha givendestination. A call is built recursively. The current endpointbegins the call

initiation protocol with a chosen neighbor, the callee. If this initiation results in a stable

connection, the callee becomes the new endpoint and the call construction continues. Call

termination is required to proceed in a reverse order and in general required to begin at a

call endpoint.

In order to manage inter-feature communication, it is desired that communication be-

tween features have certain pattern [Bond et al. 2001]. Thus, all of the feature boxes

Motivating Example

ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.

Page 3

Reachability Problems in Piecewise FIFO Systems

·

3

implementa communicationtemplate that consists of three phases (cf. [Bond et al. 2001]):

setup phase, transparent phase, and teardown phase. Fig. 2 describes a transparent box

that represents such a communication template. The transparent box communicates with

two neighbors across four separate channels. Messages to/from the upstream (initiating),

caller, are sent/received via ro/ri channels. Messages to/from the downstream (receiving),

callee, are sent/received via eo/ei channels. A message is received with the ‘?’ symbol

and sent with the ‘!’ symbol. For example ri?setup indicates a call setup message re-

ceived from the ri channel. Interestingly, this communication template can be expressed

by piecewise languages. To achieve piecewiseness, we have abstracted the transparent box

by replacing the original LINKED state and its left and right neighbors, shown in shaded

rectangle on the top right corner of Fig. 2, by the LINKED state, shown in the shaded

rectangle in the middle of the figure. Both of these states have the same functionality. The

difference is the addition of conditional actions of the form ri?status → eo!status, where

the status message is sent to the callee only if the status message has been received from

the caller first.

It is crucial to be able to reason about safety and deadlock properties of BoxOS imple-

mentations with multiple features, somethings that the techniques in [Bond et al. 2001]fell

short to address.

1.2

The ability to calculate all possible channelcontentsthat mayarise froman initial state, i.e.

the limit language, plays a central role for automated verification of non-trivial properties

of FIFO systems. This problem is undecidable in general. Moreover, the limit language is

not necessarily regular, even if the initial language is [Cece et al. 1996], and even when the

limit language is known to be regular, determining it may still be undecidable [Cece et al.

1996].

In this article, we show that piecewise languages play an important role in the analysis

of FIFO channel systems. In particular, we focus on computing the limit languages in

piecewise FIFO systems. Our main contributions are summarized as below:

Our Contributions

—For single-channel piecewise FIFO systems, we show in Sec. 4 that the limit language

is regular (piecewise) if the initial channel language is regular (piecewise). We provide

an algorithm to compute the limit language and discuss its complexity.

—For multi-channel piecewise FIFO systems, we show in Sec. 5 that the limit language

is regular, in fact piecewise, if the initial channel language is piecewise. However, the

construction of the limit language may not always be effective. In Sec. 6, we show for

systems with acyclic communication graph the limit language is piecewise if the initial

channel language is piecewise. We present an algorithm to calculate the limit language

and discuss its complexity.

The rest of the article is organized as follows. An overview of piecewise languages and

their properties is given in Sec. 2, and is followed by a description of the system model

in Sec. 3. Our main contributions are presented in Sec. 4, Sec. 5, and Sec. 6. We review

related work in Sec. 7, and conclude in Sec. 8.

ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.

Page 4

4

·

Naghmeh Ghafari et al.

LINKING1

INIT

LINKING2

LINKING3

UNLINK2

UNLINK7

UNLINK3UNLINK8

UNLINK5

UNLINK6

UNLINK9 UNLINK10

UNLINK11

END

UNLINK4

END

UNLINK1

ri?setup

eo!setup

ei?avail

ro!avail

ri?teardownei?teardown

eo!teardown

ei?downack

ei?teardown

eo!downack

ei?status

ei?downack

ro!downack

ro!teardown

ri?status

ri?downack

ri?teardown

ro!downackri?downack

eo!downack

ei?unavail

ei?unknown

ro!unavail

ro!unknown

ERROR

ri?status

ei?status

LINKEDTRANS1TRANS2

ri?status

eo!status

ei?status

ro!status

ro!status

ri?status

eo!status

LINKED

Fig. 2.Transparent feature box.

2.

In this section, we introduce some preliminary notation and give an overview of piecewise

languages and their properties.

Let Σ be a finite alphabet and ? the empty string. Let w1and w2be two strings in

Σ∗. In the sequel, w1+ w2denotes the non-deterministic choice between w1and w2and

w1· w2denotes concatenation of the elements of w1and w2. We sometimes omit ‘·’, i.e.

we may write w1w2instead of w1· w2. A regular expression (RE) over Σ is defined by

the following grammar R ::= a ∈ Σ | R · R | R + R | R∗| 0 | 1. The symbol 0 denotes

the empty language, and 1 denotes the language {?}; in particular, we have 1 = 0∗. We

sometimes write ? instead of 1.

The language L(R) of a RE R is defined in the usual way. We sometimes write R to

mean L(R). In a further abuse of notation, we often regard a set M ⊆ Σ ∪ {?} as an

RE, namely the sum of elements in M. For a language L ⊆ Σ∗, we use ?L to denote the

ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.

PRELIMINARIES AND NOTATIONS

Page 5

Reachability Problems in Piecewise FIFO Systems

·

5

complement of L: Σ∗\L. The expression test(R) is 1 if L(R) ?= ∅ and 0 if L(R) = ∅.

We now introduce a new fragment of regular languages called piecewise languages.

Definition 2.1 (Piecewise Languages) A language is simply piecewise if it can be ex-

pressed by an RE of the form M∗

Σ ∪ {?}. A piecewise language is a finite (possibly empty) union of simply piecewise lan-

guages. A language is simply repetition piecewise if it can be expressed by an RE of the

form M∗

finite (possibly empty) union of simply repetition piecewise languages.

0a0M∗

1···an−1M∗

n, where each Mi ⊆ Σ and ai ∈

0a0M∗

1···an−1M∗

n, where for all i, aiis ?. A repetition piecewise language is a

For example, (a + b)∗c is simply piecewise, where M0= {a,b} and a0= c, but (ab)∗

is not piecewise according to a simple application of the pumping lemma. For completion,

we give the definition of a finite state automaton.

Definition 2.2 (FSA) A finite state automaton (FSA) A is a tuple (Σ,Q,q0,δ,F), where

Σ is a finite alphabet; Q is a finite set of states; q0∈ Q is the initial state; δ : Q×Σ → 2Q

is the transition relation; and F ⊆ Q is a set of accepting (or final) states. When F is

omitted, it is assumed that F = Q.

a

→ q?to mean that q?∈ δ(q,a). We write q →

q?when we do not distinguish the specific symbol on the transition of q to q?. Given

q ∈ Q, and w ∈ Σ∗, δ(q,w) is defined as usual: δ(q,?) ? {q}, and δ(q,wa) ? {p |

∃r ∈ δ(q,w), p ∈ δ(r,a)}. We say that a word w is accepted by A if and only if

(δ(q0,w)∩F) ?= ∅. ThelanguageofAis definedasL(A) ? {w ∈ Σ∗| δ(q0,w)∩F ?= ∅}.

A run in A is a finite or infinite sequence of states denoted P = q0→ q1→ ... , where

q0is the initial state and for all i, qi → qi+1 ∈ δ. We define the size of an FSA A as:

|A| ? |Q| + |δ|.

We often use RE notation with automata. For example, A1·A2stands for concatenation

of two automata, A1+ A2for an automaton with language L(A1) ∪ L(A2).

Definition 2.3 (PO-FSA) Apartiallyorderedautomaton(PO-FSA)isatuple(A,?), where

A = (Σ,Q,q0,δ,F) is an automaton, and ?⊆ Q × Q is a partial order on states such that

∀a ∈ Σ, q?∈ δ(q,a) implies that q ? q?.

Proposition 2.4 A language is piecewise if and only if it is recognized by a PO-FSA.

For a ∈ Σ we write δ(q,a,q?) or q

PROOF. (⇐)ConsiderthePO-FSA A = ((Σ,Q,δ,q0,F),?). Considerall acyclicruns

P = q0

−→ q1

most once and q0 = q0is initial and qk ∈ F is an accepting state. The number of such

runs is finite. For each qiwe can associate Mi, the set of a’s such that δ(qi,a) = qi.

Let LP = M∗

is over all appropriate runs P as just considered. We clearly have that L?⊆ L(A). To

see that L(A) ⊆ L?, we use that automaton A is partially ordered. Consider w ∈ L(A).

Thus, w defines a run P from which an acyclic run P?for a word w?can be constructed

by deleting letters aiin w for which δ(qi,ai) = qi. Then, w?is a scattered subword of

w : w = u0b0...bnun+1, where w?= b0...bnand ui, for 0 ≤ i ≤ n + 1, is in M∗

Hence, w ∈ LP?. As a result, L(A) ⊆ L?.

(⇒) A piecewise language is a finite union of simply piecewise languages. Each sim-

ply piecewise language is recognized by a totally ordered automaton. Consider the simply

piecewise language M∗

ton A = (Σ,Q,δ,q0,F), where Q = {q0,q1,...,qk}, q0= q0, and F = {qk}. The

ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.

a0

a1

−→ ...

ak−2

−→ qk−1

ak−1

−→ qk, where any qi ∈ Q for i ∈ [0..k] occurs at

0a0M∗

1...M∗

k. Then, LP ⊆ L(A). Let L?=

?

PLP, where the union

i.

0a0···M∗

k−1ak−1M∗

k. This language is recognized by an automa-

Page 6

6

·

Naghmeh Ghafari et al.

transition relation δ is defined as follows:

(q,a,q?) ∈ δ ⇔ (for i ∈ [1..k],q = qi−1∧ q?= qi∧ a = ai−1)∨

(for i ∈ [0..k],q = q?= qi∧ a ∈ Mi)

By construction,fori,j ∈ [0..k], therelationqi? qj⇔ i ≤ j is a total ordersatisfyingthe

constraint of Definition 2.3. Let L = L1+ L2be a piecewise language, where L1and L2

are simply piecewise languages recognized by PO-FSAs A1 = ((Σ,Q1,δ1,q0

and A2= ((Σ,Q2,δ2,q0

recognized by a PO-FSA A = ((Σ,Q,δ,q0,F),?), where Q = Q1∪Q2∪q0, and q0is a

new state not appearing in Q1∪ Q2, F = F1∪ F2, and δ is defined as follows:

(q,a,q?) ∈ δ ⇔ (q,q?∈ Q1∧ (q,a,q?) ∈ δ1)∨

(q,q?∈ Q2∧ (q,a,q?) ∈ δ2)∨

(q = q0∧ ((q0

It is easy to see that A is a PO-FSA with the partial order ? defined as follows:

The following proposition summarizes the properties of the piecewise languages.

1,F1),?1)

2,F2),?2), respectively, with Q1and Q2 disjoint. Then, L is

1,a,q?) ∈ δ1∨ (q0

2,a,q?) ∈ δ2))

q ? q?⇔

true

q ?1q?

q ?2q?

if q = q0

if q,q?∈ Q1

if q,q?∈ Q2

Proposition 2.5 Piecewise languages are closed under finite unions (+), finite intersec-

tions (∩), concatenation(·), shuffle (||)1, letter-to-letter mappings, and inverse homomor-

phisms, but not under complementation and homomorphisms.

PROOF. Finite unions, intersections, and concatenation. Closure under finite unions

and concatenation follows immediately from Definition 2.1. Closure under finite intersec-

tions is shown in [Bouajjani et al. 2001], Proposition 1.

Shuffle. To show that piecewise languages are closed under shuffle, we show that PO-

FSAs are closed under shuffle. Let L1and L2be two piecewise languages recognized by

PO-FSAs, A1 = ((Σ,Q1,δ1,q0

tively. Let L = L1||L2. Then, L is recognized by a PO-FSA, A = ((Σ,Q,δ,q0,F),?),

where Q = Q1×Q2, q0= (q0

as follows:

1, F1),?1) and A2 = ((Σ,Q2,δ2,q0

2,F2),?2), respec-

1,q0

2), and F = F1×F2. The transition relation δ is defined

((q1,q2),a,(q?

1,q?

2)) ∈ δ ⇔ ((q1,a,q?

1) ∈ δ1∧ q2= q?

2) ∨ ((q2,a,q?

2) ∈ δ2∧ q1= q?

1)

It is easy to see that A is a PO-FSA, with the partial order ? defined as follows:

(q1,q2) ? (q?

1,q?

2) ⇔

?

q1?1q?

q2?2q?

1

if q2= q?

if q1= q?

2

21

Therefore, by Proposition 2.4, the language of the shuffled automaton A is piecewise.

Letter-to-letter mappings. Let T : Σ → Σ be a letter-to-letter mapping over a fi-

nite alphabet Σ. Consider simply piecewise language M∗

0a0M∗

1...M∗

k, where M0 =

1The shuffle of two words w and w?, w||w?, is the set of words that are obtained by interleaving w and w?; for

example ab||cd = {abcd, acbd,acdb,cabd,cdab,cadb} (||). In the sequel, L||L?=?

ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.

∀w∈L,w?∈L?w||w?.

Page 7

Reachability Problems in Piecewise FIFO Systems

·

7

{b0,...,bi},M1 = {c0,...,cj}, and so on. Applying T on this language results in the

simply piecewise language M?∗

T(a0),M?

Since T distributes overunion, the result follows for arbitrary piecewise languages as well.

Inverse homomorphisms. Let A = ((Σ,Q,δ,q0,F),?) be a partially ordered au-

tomaton accepting piecewise language L. Let ∆ be an alphabet, and h a homomorphism

from ∆ to Σ∗. We construct automaton A?over ∆ that accepts h−1(L). Intuitively A?

works by reading a symbol a in ∆ and simulating PO-FSA A on h(a). Formally, let

A?= ((∆,Q,δ?,q0,F),?), and define δ?(q,a), for q ∈ Q and a ∈ ∆ to be δ(q,h(a)).

Since h(a) may be a long string or ?, δ is defined on all strings by extension. It is easy

to show by induction on |x| that δ?(q0,x) = δ(q0,h(x)). Therefore, A?accepts x if and

only if A accepts h(x). That is , L(A?) = h−1(L(A)). The transition relation of A?, δ?,

simulates the transition relation of A on h(x) for any symbol x ∈ ∆, thus it respects the

partial order relation on states of A. Hence, L(A?) is also piecewise.

Homomorphism. Piecewise languages are not closed under homomorphisms. For ex-

ample, the piecewise language a∗under the homomorphisms [a ?→ (ab)] is (ab)∗, which

is not piecewise.

Complementation. Piecewise languages are not closed under complementation. For

example, consider a piecewise language L = Σ∗aaΣ∗+ Σ∗bbΣ∗, with Σ = {a,b}. The

complement of L is the set of sequences where a’s and b’s alternate — which is not piece-

wise.

0a?

0M?∗

1...M?∗

kwhere M?

0= {T(b0),...,T(bi)}, a?

0=

1= {T(c0),...,T(cj)} and so on. Clearly, this is a simply piecewise language.

Proposition 2.6 A language is repetition piecewise if and only if it is recognized by a PO-

FSA A = ((Σ,Q,δ,q0,F),?), where F = Q and δ satisfies the following two conditions.

Let qi,qj,ql∈ Q and a,b ∈ Σ. Then,

(I) (qi,a,qj) ∈ δ =⇒ (qj,a,qj) ∈ δ, and

(II) (qi,a,qj) ∈ δ ∧ (qj,b,ql) ∈ δ =⇒ (qi,b,ql) ∈ δ.

PROOF. (⇒) Let L be a simply repetition piecewise language and L = M∗

Let A = ((Σ,Q,δ,q0,F),?) be a PO-FSA with k + 1 states where Q = {q0,...,qk},

q0= q0, and F = Q. For i,j ∈ [0..k], δ is defined as follows:

(qi,a,qj) ∈ δ ⇔ i ≤ j ∧ a ∈ Mj.

The transition relation δ satisfies the conditions (I) and (II). The partial ordering is defined

as follows: qi? qj⇔ i ≤ j. We show that A recognizes L, i.e., L(A) = L.

Let w be a word in L. Then, w = P0· P1···Pk, where Pi ∈ M∗

partitioning to define an accepting run ρ = ρ(0) → ρ(1) → ... → ρ(n) of A on w as

follows:

ρ(i) = qj⇔ Σj−1

Intuitively,the automatongoes to state qiwhen reading a letter from partition Pi. It is easy

to see that the run is well defined. It is accepting since every state of A is accepting. Thus,

L ⊆ L(A).

To show L(A) ⊆ L, assume ρ = q0→ ... → qnis an accepting run of A on a word

w, where q0= q0. Then, ρ induces a partitioning P0,...,Pkon w, such that Pi∈ M∗

Hence, w ∈ L. Thus, L(A) ⊆ L.

A repetition piecewise language is a finite union of simply repetition piecewise lan-

guages. Consider a repetition piecewise language L = L1+ L2, where L1and L2are

0M∗

1...M∗

k.

i. We use this

t=0|Pt| ≤ i < Σj

t=0|Pt|

i.

ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.

Page 8

8

·

Naghmeh Ghafari et al.

two simply repetition piecewise languages that are recognized by PO-FSAs A1and A2,

respectively,satisfying conditions (I) and (II). Similarly to the proof of Proposition2.4, we

construct PO-FSA A that recognizes L. It is easy to show that the construction satisfies

conditions (I) and (II).

(⇐) Let A be a PO-FSA satisfying conditions (I) and (II). For each state qi ∈ Q, let

Mqi= {a | (qi,a,qi) ∈ δ}. Let ρ = q0 → ... → qnbe an acyclic run of A, where

every qi ∈ Q for i ∈ [0..k] occurs at most once, and q0 = q0. The number of such

runs is finite. Let the language Lρbe defined as M∗

Lρ∈ L(A). Similarly, let L?=?Lρover all such acyclic runs. Then, L?⊆ L(A). Since

L(A), and ρ an accepting run of A on w. Let ρ?be a maximal subsequence of ρ in which

every state in Q appears at most once. For example, if ρ is q0→ q0→ q1→ q1, then ρ?is

q0→ q1. Then, ρ?is acyclic, and w ∈ Lρ?. Hence, L(A) ⊆ L?.

The following proposition summarizes the properties of the repetition piecewise lan-

guages.

ρ(0)···M∗

ρ(n). It is easy to see that

L?is repetition piecewise, we only need to show that L(A) ⊆ L?. Let w be a word in

Proposition 2.7 Repetition piecewise languages are closed under finite unions and inter-

sections, concatenation, shuffle, and letter-to-letter mappings, but not under homomor-

phisms and inverse homomorphisms.

PROOF. Finite unions, intersections, concatenation, shuffle. Closure under finite

unions and concatenationfollows immediately from Definition 2.1. To show closure under

finite intersections, let L1and L2be two repetition piecewise languages. By Proposi-

tion 2.6, they are recognized by PO-FSAs A1and A2, respectively, such that both A1and

A2satisfy conditions (I) and (II) of the proposition. It is easy to check that conditions (I)

and (II) are preserved by intersection and shuffle. Thus, the automata A1∩A2and A1||A2

are PO-FSAs satisfying conditions (I) and (II). Hence, by Proposition 2.6 their languages

are repetition piecewise.

Letter-to-lettermapping. The proof is similar to that of piecewise languages (Proposi-

tion 2.5).

Homomorphisms. Repetition piecewise languages are not closed under homomor-

phisms. For example, repetition piecewise language a∗under the homomorphisms [a ?→

(ab)] is (ab)∗which is not piecewise.

Inverse homomorphisms. Repetition piecewise languages are not closed under inverse

homomorphisms. For example, let Σ = {0}, and Σ?= {a,b}, and h be a homomorphism

from Σ to Σ?∗such that h(0) = ab. Then, the repetition piecewise language L = a∗b∗un-

der the inverse homomorphism is h−1(L) = {?,0} which is not repetition piecewise.

For a ∈ Σ and regular expressions R,S, the left residual operation (or derivative [Brzo-

zowski and Simon 1973]) is defined as:

a−10 ? 0

a−11 ? 0

a−1b ? test(a ∩ b)

a−1(R · S) ? (a−1R · S) + (test(R ∩ 1) · (a−1S))

a−1(R + S) ? (a−1R) + (a−1S)

a−1(R∗) ? (a−1R) · R∗

ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.

Page 9

Reachability Problems in Piecewise FIFO Systems

·

9

It is easy to see that L(a−1R) = {v | a · v ∈ L(R)}. Similarly, we may define a residual

operation for M∗, where M ⊆ Σ:

(M∗)−10 ? 0

(M∗)−11 ? 1

(M∗)−1a ? a + test(a ∩ M)

(M∗)−1(R · S) ? (((M∗)−1R) · S) + (test(R ∩ M∗) · ((M∗)−1S))

(M∗)−1(R + S) ? ((M∗)−1R) + ((M∗)−1S)

(M∗)−1(R∗) ? (((M∗)−1R) · R∗) + 1

Then, it can be verified that

L((M∗)−1R) = {v | ∃u ∈ L(M∗), u · v ∈ L(R)}.

We conclude this section with a review of recognizable (or regular) relations.

Definition 2.8 (Recognizable Relation) [Yu 1997] A relation ρ ⊆ (Σ∗)Kis recognizable

(or regular) if and only if

ρ =?

for some natural number I and regular expressions Ri

0≤i<IL(Ri

0) × ··· × L(Ri

K−1)

jover Σ.

Similarly, we say that a relation is piecewise if and only if the expressions Ri

piecewise, andsay thatarelationis repetitionpiecewise ifandonlyifexpressionsRi

are repetition piecewise.

jabove are

jabove

Proposition 2.9 [Yu 1997] Let ρ be a K-ary relation over Σ∗. Define L#(ρ) ? {w0·

#···#·wK−1| (w0,...,wK−1) ∈ ρ}. Then L#(ρ) is a regular language over Σ∪{#}

if andonly if ρ is recognizable. Moreover, L#(ρ) is piecewise if and only if ρ is a piecewise

relation.

It is easy to see that regular and piecewise relations are closed under finite unions and

intersections.

3.

In this section, we review the definition of FIFO systems and the reachability problem for

them.

A channel over an alphabet Σ is a FIFO queue whose contents is given by a word w ∈

Σ∗. We define two types of channel actions: read a, denoted by ?a, and write a, denoted

by !a, that stand for reading and writing a letter a from/to a channel, respectively. We use

f : w to denote the application of an action f to a word w. For example, ?a : abb = bb and

!a : bb = bba.

Let Σrw? {?,!} × Σ denote the read/write(rw)-alphabet over Σ. For a set of channels

C = {c1,...,ck} this alphabet is extended as follows: Σrw(C) ? [1..k] × Σrw. Thus, an

action 4?a corresponds to reading a from channel c4, and 6!b corresponds to writing b to

channel c6. In the sequel, we drop C from the notation when it is clear from the context.

We call Σrwan action alphabet, and any subset of Σ∗

A channel configuration for a system with k channels is a k-tuple w ∈ (Σ∗)k. We use

?w1,...,wk? to denote a tuple, where wiis the content of channel i. In single-channel

ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.

FIFO SYSTEMS AND THE REACHABILITY PROBLEM

rwan action language.

Page 10

10

·

Naghmeh Ghafari et al.

1

2

3

Fig. 3. An example of a communication graph for a set of actions Act = {1?a →

2!a,2?b → 3!b,3?b → 1!a,2?b → 2!b}.

systems, a configuration is just the content of the single channel. We use bold fonts to

differentiate between channel configurations in multi-channel and single-channel systems.

Let w[i] denote the content of channel i in w and w[i ?→ y] denote a channel configuration

obtained from w by replacing the content of channel i with y.

In the single-channel case, for X ⊆ Σ∗

result of applyinga sequence of actions from X to a wordin W. This is called the concrete

semantics of actions and is defined as follows:

rwand W ⊆ Σ∗, we use X : W to denote the

Definition 3.1 (Action Language Semantics) Let W ⊆ Σ∗be a set of words over Σ, and

X an action language, then X : W is defined as follows:

?a : W ? (a−1)W

{x · y} : W ? y : (x : W)

!a : W ? W · a

X : W ?

?

x∈X

(x : W)

For example, ({?a!b , ?a!c} : a) = {b , c}.

Definition 3.1 is extended to a k-channel system as follows. Given w ∈ (Σ∗)kand an

action language X, then X : w for a single action is defined as shown below:

i?a : w ? w[i ?→ (?a : w[i])]

and is extended to words identically to Definition 3.1. For example, given a 2-channel

system, ({1?a 2!b,1?a 2!c} : ?ab,b?) = {?b,bb?,?b,bc?}.

We write ?a →!b for a conditional action that means “b is written only if a is first read.”

In other words, ?a →!b is an abbreviationfor a sequence of simple actions: ?a!b. Given an

action alphabet Σrw(C) over a set of channels C, we define a conditional action alphabet

Σrwc(C) that treats conditional actions as letters:

i!a : w ? w[i ?→ (!a : w[i])]

Σrwc(C) ? Σrw(C) ∪ ((C × {?} × Σ) · (C × {!} × Σ)).

For example, given Σ = {a} and C = {1}, then Σrwc(C) = {1?a,1!a,1?a → 1!a}.

For a set of actions Act ⊆ Σrwc(C), a communication graph of Act, CG(Act), is

a digraph (C,E), with an edge (i,j) ∈ E if and only if there are a and b in Σ such

that i?a → j!b is in Act. For example, given Act = {1?a → 2!a,2?b → 3!b,3?b →

1!a,2?b → 2!b}, CG(Act) is a digraph with 3 nodes and 4 edges one for each conditional

action in Act (see Fig. 3).

Definition 3.2 (FIFO System) A FIFO system is a tuple S = (Σ,C,Q,q0,δ), where Σ is

a finite alphabet; C = {c1,...,ck} is a finite set of channels; Q is a finite set of control

locations; q0∈ Q is the initial controllocation; and δ ⊆ Q×Σrwc×Q is a set of transition

rules.

ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.

Page 11

Reachability Problems in Piecewise FIFO Systems

·

11

1!a

A₁

2?b 2?d

2?c

2?d

A₂

1?a2!b1?a2!d

2!d

2!c

channel 1 channel 2

1

2

3

4

1

23

Fig. 4.An example of a FIFO system consisting of two processes and two channels.

Note that in Definition 3.2, a FIFO system is defined with respect to a conditional action

alphabet Σrwc. A global state of S is a pair (q,w) where q is a state in Q and w is

a channel configuration. The transition relation of S, ∆, is a set of triples of the form

((q,w),op,(q?,w?)), where op ∈ Σrwc, (q,op,q?) ∈ δ, and w?∈ (op : w).

A FIFO system S is piecewise if there exists a partial order ? on Q such that q?∈

δ(q,op) implies that q ? q?.

Most often a FIFO system is represented as a set {Ai}n

througha set of channels,C. Each process is a finite state automaton,Ai= (Σ,Qi,δi,q0

The corresponding FIFO system, S = (Σ,C,Q,q0,δ), is constructed by computing the

cross product of these automata. Thus, Q ? Πn

built up fromthe transitionrelations of the Ai’s such that everytransition in ∆ corresponds

to exactly one transition in some δi. Formally,

iof n processes communicating

i).

i=1Qiand the transition relation ∆ of S is

(((q1,...,qn),w),op,((q?

1,...,q?

∀j ?= i, qj= q?

n),w?)) ∈ ∆ if and only if

j ∧ q?

∃i,

i∈ δi(qi,op) ∧ w?∈ (op : w).

Fig. 4 shows an example of a piecewise FIFO system consisting of two processes and

two channels. Initially, we assume that both of the processes are in their initial states and

both of the channels are empty, thus, the initial global state of the system is ((1,1),??,??).

Then, process A1writes a on channel 1 and moves from state 1 to 2. The new global state

of the system is ((2,1),?a,??). Therefore, (((1,1),??,??),1!a,((2,1),?a,??)) ∈ ∆.

In this article, we are interested in the reachability problem:

FIFO Systems Reachability Problem. Given a FIFO system S and a set of config-

urations I (called initial), find the set of all global states reachable from I.

The set of all reachable global states of a FIFO system can be partitioned based on the

control locations. Each partition represents the set of all reachable channel configurations

at a particular control location. Thus, in order to calculate the set of all reachable global

states, we need to calculate the set of all reachable channel configurations at each control

location. This problem can be reduced to computing the semantics (Definition 3.1) of a

regular action language.

Proposition 3.3 Let S = (Σ,C,Q,q0,δ) be a FIFO system, q ∈ Q some control location,

and I a set of configurations. Then, the set of all reachable configurations of S at control

ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.

Page 12

12

·

Naghmeh Ghafari et al.

?a

!a

?d

S

?c

!b

?c

1

2

34

FIFO System Initial Channel

Content

I

Reachable Configurations

L(A₁) : I

(?d)* : I

L(A₂) : I

(?d)* ?a (?c !a)* : I

L(A₃) : I

(?d)* ?a (?c !a)* !b (?c)* : I

L(A₄) : I

(?d)* ?a (?c !a)* ?c : I

Fig. 5. An example illustrating the calculation of all reachable global states by computing

the semantics of a regular action language.

location q is (L(Aq) : I), where Aq = (Σrwc,Q,q0,δ,{q}) is a finite automaton with

accepting state q.

Fig. 5 is an example illustrating this reduction. On the left, we show an example of a

FIFO system and on the right the set of all reachable configurations at control locations 1,

2, 3, and 4.

Finally, computing the semantics of a regular action language is itself reducible to the

limit language problem: given a regular language of actions Laand a regular language of

channelcontentW, computethe languageof(L∗

FIFO systems, Lais further restricted to subsets of Σrwc. This is the problem we study in

the rest of the article.

a: W). Inthe particularcase of piecewise

Proposition 3.4 For regular (piecewise) L, it holds that (?a : L), (!a : L), and (?a →!b :

L) are regular (piecewise).

PROOF. For a single write action, (!a : L) = L · a. For a read action, we have (?a :

L) = a−1L followingfromthe definitionof derivative. For the conditionalaction, we have

(?a →!b : L) = (a−1L) · b.

4.ANALYSIS OF SINGLE-CHANNEL PIECEWISE SYSTEMS

In this section, we focus on the analysis of a single-channel piecewise FIFO system. We

present an algorithm for calculating the limit language, show its correctness, and discuss

its worst case complexity.

Fig. 6 shows the algorithm SINGLELIMIT for calculating the limit language. The inputs

to the algorithm are an automaton AIrepresenting a set of single-channel configurations

I ⊆ Σ∗, and a set Act ⊆ Σrwcof actions; the output is an automaton that accepts the

limit language (Act∗: I). For notational convenience, in the examples we use regular

expressions instead of automata to represent channel configurations.

The algorithm has two phases. In the first phase, called PHASE1 (lines 3 – 6 of the

SINGLELIMIT), the algorithmiterativelycomputesall configurationsreachableby(i)read-

ing the current channel content completely, and (ii) writing the result of conditional and

other write actions. Each iteration of PHASE1 is done using the function APPLY. Let

Act ⊆ Σrwcbe partitioned into unconditional write actions Actw = {!a |!a ∈ Act},

and the rest Actr = Act \ Actw. In each iteration, if V is the set of currently reachable

ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.

Page 13

Reachability Problems in Piecewise FIFO Systems

·

13

1: function AUT SINGLELIMIT(Aut AI, Set Act)

2:

R := ?, F := AI

3:

while L(F) ? L(R) do

4:

R := R + F

5:

F := APPLY(F,Act)

6:

return PHASE2(R,Act)

Fig. 6.The SINGLELIMITalgorithm.

configurations, APPLY computes V?such that

V?? {v | ∃u ∈ V, v ∈ (Act|u|

Note that APPLY misses some reachable configurations. For example, let Act = {?a →

!c,?b →!d,!e} and I = ab. Then, APPLY results in L(e∗ce∗de∗) and misses reachable

configurations in L(be∗ce∗). This is fixed in the second phase, called PHASE2. Let W be

a set of reachable configurations, the result of PHASE2 is a set W?such that

W?? {w | ∃u,v,z, (v · u ∈ W) ∧ (u · z = w) ∧ (z ∈ APPLY({v},Act))}.

These two phases are implemented using automata as described below.

r

: u)} || (Act∗

w: ?) .

PHASE1. As inputs PHASE1 takes an automaton A = (Σ,Q,δ,q0,F), and a set of ac-

tions Act. Then, it iteratively computes a set of reachable configurations using function

APPLY. Given automaton A and a set of actions Act, APPLY constructs an automaton

A?= (Σ,Q,δ?,q0,F), where δ?consists of tuples of the form:

—(q,?,q?) if for some a it holds that δ(q,a,q?) and ?a ∈ Act, or

—(q,b,q?) if for some a it holds that δ(q,a,q?) and ?a →!b ∈ Act, or

—(q,c,q) if !c ∈ Act.

Intuitively, the first rule of δ?corresponds to unconditional reads, the second – to renam-

ing the labels of the transitions according to the conditional actions, and the third – to

unconditional writes.

For example, let Act = {?a →!b,?b →!a,?c,!a} and I = (ac)∗aba∗. Fig. 7(a) shows

automatonA recognizingL(I). To construct A?= APPLY(A,Act), the transitions labeled

by a are relabeled to b, transitions labeled by b are relabeled to a, and transitions labeled

by c are replaced by ?-transitions. In addition, self-loop transitions labeled by a are added

to every state. Fig. 7(b) shows automaton A?. Similarly, we can construct automaton

A??= APPLY(A?,Act) and A???= APPLY(A??,Act) which are shown in Fig. 7(c) and (d),

respectively. As can be seen, applying APPLY once more results in automaton A??, thus,

we have reached a fixpoint.

PHASE2. LetA = (Σ,Q,q0,δ,F)beanautomatonandsbeastate inQ. We constructtwo

automata: A1= (Σ,Q,q0,δ,{s}) and A2= (Σ,Q,{s},δ,F). Let A?

constructed by applying APPLY to A1, i.e., A?

of A2· A?

accepted by A via a run passing through the state s, and (ii) z ∈ APPLY({v},Act). We

call this operation PREFIX(A,s,Act). It is easy to see that:

1be the automaton

1= APPLY(A1,Act). Then, the language

1contains a word u · z if and only if (i) there exists a word v such that v · u is

PHASE2(A,Act) =

?

s∈Q

PREFIX(A,s,Act).

ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.

Page 14

14

·

Naghmeh Ghafari et al.

a

b

c

a

b

a

b

a

a

a

a

b

b

b

b

a

a

a

εε

APPLY ¹

APPLY ²

(a)(b)(c)

b

a

a

a

a

b

b

b

ε

APPLY ³

(d)

AA' A''A'''

Fig. 7. An example illustrating PHASE1 with automaton A and Act = {?a →!b,?b →

!a,?c,!a} as inputs.

For our running example, Fig. 8 shows how PREFIX(A,s,Act) is implemented us-

ing automata. The leftmost automaton in Fig. 8 (automaton A) recognizes the language

I = (ac)∗aba∗. To compute PREFIX(A,s,Act), we break A on state s (see Fig. 8), which

results in two automata A1and A2. We compute A?

we concatenate A2and A?

shown on the rightmost of the Fig. 8.

1by applying APPLY to A1. Then,

1. The resulting automaton represents PREFIX(A,s,Act) and is

The algorithm in Fig. 6 always terminates. Given an automaton A, APPLY produces an

automatonwith the same numberof states as A. Thus, the set {APPLYi(A,Act)}iis finite,

and the algorithm always terminates.

Theorem 4.1 Let AIbe an automatonrepresenting a set of configurations,Act be a set of

actions, and ALbe the automaton returned by SINGLELIMIT(AI,Act). Then, L(AL) =

(Act∗: L(AI)).

PROOF. According to the SINGLELIMIT algorithm shown in Fig. 6,

??

Note that since in each iteration APPLY produces an automaton with the same number of

states as AI,?

the current channel content completely (and writing the results of conditional and other

write actions) zero or more times, and then reading the resulting content partially. Let # –

a fresh letter not in Σ, be a marker at the end of the initial channel content. The maker #

is used only for establishing the proof and is eliminated later using ERASE#. Then,

L(AL) = PHASE2

i∈ ?

APPLYi(AI,Act),Act

?

.

iAPPLYi(AI,Act) is a finite union.

Let w ∈ (Act∗: L(AI)) be a reachable channel content. Then, w is reached by reading

w ∈ (Act∗: L(AI)) ⇔ ∃u,v, (u · v) = w ∧

∃p,q, (u#v) ∈ (((Act∗(?#)(!#))p(Act)q) : (L(AI) · #)).

At the end of each iteration of APPLY, # is read and then written again on the channel

to mark the beginning of the new iteration.

ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.

Page 15

Reachability Problems in Piecewise FIFO Systems

·

15

a

b

c

a

ε

APPLY

ac

a

b

c

a

b

a

a

Concatenate

A₂ and A'₁

a

b

c

a

b

a

ε

s

A

A₁

A₂

A'₁

break

on s

s

s

Fig. 8. An example illustrating PREFIX operation with automaton A, state s, and Act =

{?a →!b,?b →!a,?c,!a} as inputs.

The theorem follows from the following two facts:

(APPLY(L(A),Act) · #) = (Act∗(?#)(!#)) : (L(A) · #)

and

PHASE2(L(A),Act) = ERASE#(Act∗: (L(A) · #)).

where ERASE#projects out the letter #.

ComplexityAnalysis. Leth = |AI|denotethesizeofAI–theautomatonrepresentingthe

set of initial configurations. As discussed above, APPLY(AI,Act) produces an automaton

with the same numberof states as AIby relabeling the transitions of AI. In the worst case,

each transition can be updated at most |Σ| times. Thus, the worst case complexity of the

SINGLELIMIT algorithm is |Σ|h.

Theorem 4.2 Let AIbe anautomatonoverafinitealphabetΣ representingaset of single-

channel configurations, and h = |AI|. Then, in the worst case, the running time of the

SINGLELIMIT algorithm is O(|Σ|h).

5.

In this section, we focus on the limit language problem for a set of actions, Act, on a k-

channel system, and a set of channel configurations L. A configuration ?w1,...,wk? of

a k-channel system is represented by a word of the form w1· #···# · wk, where # is a

fresh letter not in Σ. Thus, a channel configuration can be seen as an element of a relation.

In the sequel, a set of channel configurations correspond to a relation over Σ∗. A regular

configuration is a set of channel configurations that correspond to a regular relation and a

DECIDABILITY RESULTS ON MULTI-CHANNEL PIECEWISE SYSTEMS

ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY.