EventClock Visibly Pushdown Automata Mizuhito Ogawa JAIST with

Event-Clock Visibly Pushdown Automata Mizuhito Ogawa (JAIST) with Nguyen Van Tang SOFSEM 2009. 1. 27

Model checking as an inclusion problem • Paths generated by a model M is those that allowed by a specification S – L(M) ⊆ L(S) ⇔ L(M) ∩ L(S)C = φ • Possible combinations OK – M , S : Finite Automata – M : Pushdown Automaton, S : Finite Automaton – M , S : Pushdown Automata • Possible extensions – Timed constraints ? – S : beyond finite automata ?

Timed automata (Alur, et. al. 94) y＞ 5? press y≦ 5? press x: =0 Off On y: =0 press x≧ 1? y≦ 5? next press Menu x＜ 1? y≦ 5? ; y: =0 y＞ 5? • Press quickly twice, it will enter to “menu”. – Add time constraints : e. g. , quickly = “less-than 1” – It sleeps (“Off”) when left “more-than 5”. Accepts: (press, 2) (press, 2. 5) (next, 3) (next, 4. 4) (press, 8) • Remark: Time constraints contains integers only. Dense time

Decidable properties of Timed Automata • Boolean operations – Decidable: Union, intersection, emptiness – Undecidable: Complement, universality (2 clocks) • Inclusion L(M) ⊆ L(S) – S has ≦ 1 clock : decidable (Ouaknine, et. al. 04) – S has ＞ 1 clocks : undecidable (Alur, et. al. 94)

Event-clock automata (Alur, et. al. 94) Def. The event-clock for a∈Σ is a pair of clocks xa, ya üxa : event-recording ⇔ record time since last “a” üya : event-predicting ⇔ record time until next “a” q 0 a b e. g. , a q 1 b q 2 xa=1 q 0 a q 1 yb<1 b q 2 L 1= {(a, t 1)(b, t 2)…(b, tn)| tn–t 1=1} L 2={(a, t 1)…(a, tn-1)(b, tn) | tn– t 1<1} • e. g. , Spec. like “ack must come in 1” can be described.

Properties of ECA • Boolean operations – Decidable : all boolean operations. – Determinizable (subset construction works) • Language class relation – ECA ⊂ TA (An ECA can be encoded as a TA. ) – The class of ECA is incomparable to the class of deterministic TA.

Encoding ECA to TA (Alur, et. al. 94) • Event-recording clocks CR = { xa | a∈Σ } – Reset xa∈CR when “a” is read. • Event-predicting clocks CP = { ya | a∈Σ } – Let ΦP be the set of all event-predicting constraints. – The set Q of states enlarged to Q×ΦP. – Add fresh clocks z(ya~c) for each ya~c ∈ΦP. “ya~c” made c 0 ya z(ya~c) 0 “a” read c Memorize event-predicting constraints “z(ya~c)~c is valid”. (i. e. , next “a” has not yet read. )

Interval alphabet (D’Souza 03) Def. Interval alphabet Π = Σ× Intv|CΣ| where üCΣ = { xa, ya | a ∈Σ} : clocks üIntv ={ [ri, ri], (ri, ri+1), (rn, ∞) | 0 ≦ r 1 ＜ … ＜ rn } All integers appearing in event-clock constraints • Notation. Let ν(ai, ti) be a vector of clock values at ti – uw((a 1, t 1)…(an, tn)) = (a 1, I 1)…(an, In) with ν(ai, ti) ∈ Ii – tw((a 1, I 1)…(an, In)) = { (a 1, t 1)…(an, tn) | ν(ai, ti) ∈ Ii } • Lemma. If ν(ti) depends only on an input timed word – For v∈Π*, tw(v) ≠φ implies uw(tw(v)) = v – For a timed word w, w∈tw(uw(w))

Untimed Translation Translate event-clock constraints to interval alphabet e. g. , Intv = {[0, 0], (0, 5), [5, 5], (5, 10), [10, 10], (10, ∞)} C = { xa, ya } (a, ([0, 0], *)) a, xa<10 q 1 q 0 (a, ((0, 5), *)) (a, ([5, 5], *)) q 1 (a, ((5, 10), *)) b, ya >5 M q 2 q 0 (b, (*, (5, 10))) (b, (*, [10, 10])) (b, (*, (10, ∞))) ut(M) q 2

Timed Translations Translate Interval alphabet to event-clock constraints q 0 (a, (5, 10)) ut(M) a, (5＜xa∧xa＜ 10)? q 2 q 0 q 2 ec(ut(M)) Lemma. L(ec(ut(M))) = L(M) for an ECA M.

Model checking as an inclusion problem (again) • Paths generated by a model M is those that allowed by a specification S – L(M) ⊆ L(S) ⇔ L(M) ∩ L(S)C = φ • Possible combinations OK – M , S : Finite Automata – M : Pushdown Automaton, S : Finite Automaton – M , S : Pushdown Automata • Possible extensions – Timed constraints ? → Event-clock constraints – S : beyond finite automata ?

Visibly Pushdown Automata (Alur, et. al. 04) q’ Y Z ac / X q Y Z ai ar / Y X q’ q’ Y Z Z ac∈Σc (call) ai∈Σi (local) Classification is universal （visibility） ar∈Σr (return) • Visibility implies height-deterministic and synchronous. (Only an input word decides the stack height. ) → Product construction (intersection) works!

Visibly pushdown languages (VPL) • VPL examples – {an bn } (with a∈Σc, b∈Σr ) – Dyck language (well-balanced parantheses) (with left/right parantheses as in Σc / Σｒ ) e. g. (. . [. . (. . ). . ]. . ) OK, (. . [. . {. . ]. . }. . ) no. • VPL is a proper subclass of DPDA – {an b an } is not a VPL. – words with equal number of a and b is not a VPL, e. g. , abab, abba, baab, …

Properties of VPA and TVPA (Timed VPA) • Boolean operations (of VPA) – Decidable : all boolean operations – Determinizable • Boolean operations (of TVPA) – Decidable : union, intersection, emptiness – Undecidable: Complement, universality (1 clock) • Inclusion L(M) ⊆ L(S) – M, S : (untimed) VPA decidable – M: TVPA, S: TVPA undecidable (Emmi, et. al. 06)

Event-Clock Visibly Pushdown Automata Def. ECVPA = VPA + event clock constraints Th 1. The inclusion problem for ECVPAs is decidable. • Proof (idea): L(M)⊆L(S) ⇔ L(M)∩ L(ec(ut(S)c)) = φ S : ECVPA (untimed translation) → ut(S) : VPA (complement) → ut(S)c : VPA (timed translation) → ec(ut(S)c) : ECVPA with L(S)c = L(ec(ut(S)c))

Inclusion between TVPA and ECVPA Th 2. For a TVPA M and an ECVPA S, the inclusion problem L(M) ⊆ L(S) is decidable. • Proof (idea) : L(M) ⊆ L(S) ⇔ L(M) ∩ L(S’) = φ S : ECVPA (untimed translation) → ut(S) : VPA (complement) → ut(S)c : VPA (timed translation) → ec(ut(S)c) : ECVPA (encoding EC-constraints) → S’ : TVPA with L(S)c = L(S’)

Conclusion • We showed that L(M) ⊆ L(S) – M, S: ECVPA decidable – M: TVPA, S: ECVPA decidable • Compare : L(M) ⊆ L(S) when S has 1 clock – M, S: TA decidable (Oukline, et. al. 04) – M, S: TVPA undecidable (Emmi, et. al. 06) – M, S: Buchi TA undecidable (Abdulla, et. al. 05) • Simple untimed / timed translations avoid complex subset construction argument of VPA. – Buchi extensions of ECVPA are straight forward.