A Saturation Method for the Modal Mu-Calculus with Backwards Modalities over Pushdown Systems
aa r X i v : . [ c s . F L ] J un A Saturation Method for the ModalMu-Calculus with Backwards Modalities overPushdown Systems
M. Hague and C.-H. L. Ong
Oxford University Computing Laboratory
[email protected] [email protected]
Abstract.
We present an extension of an algorithm for computing di-rectly the denotation of a modal µ -calculus formula χ over the configu-ration graph of a pushdown system to allow backwards modalities. Ourmethod gives the first extension of the saturation technique to the fullmodal µ -calculus with backwards modalities. Recently we introduced a saturation method for directly computing the denota-tion of a modal µ -calculus formula over the configuration graph of a pushdownsystem [2]. Here we show how this algorithm can be extended to allow backwardsmodalities. This article is intended as a companion to our previous work, and assuch, does not repeat many of the details. Since we extend our definition of modal µ -calculus, we give the full details here.The reader is directed to our previous work for the remaining preliminaries [2].Given a set of propositions AP and a disjoint set of variables Z , formulas ofthe modal µ -calculus are defined as follows (with x ∈ AP and Z ∈ Z ): ϕ := x | ¬ x | Z | ϕ ∧ ϕ | ϕ ∨ ϕ | (cid:3) ϕ | ♦ ϕ | µZ.ϕ | νZ.ϕ . Thus we assume that the formulas are in positive form , in the sense that negationis only applied to atomic propositions. Over a pushdown system, the semantics ofa formula ϕ are given with respect to a valuation V : Z → P ( C ) which maps eachfree variable to its set of satisfying configurations and an environment ρ : AP →P ( C ) mapping each atomic proposition to its set of satisfying configurations. Wehen have, J x K P V = ρ ( x ) J ¬ x K P V = C \ ρ ( x ) J Z K P V = V ( Z ) J ϕ ∧ ϕ K P V = J ϕ K P V ∩ J ϕ K P V J ϕ ∨ ϕ K P V = J ϕ K P V ∪ J ϕ K P V J (cid:3) ϕ K P V = (cid:8) c ∈ C (cid:12)(cid:12) ∀ c ′ .c ֒ → c ′ ⇒ c ′ ∈ J ϕ K P V (cid:9) J ♦ ϕ K P V = (cid:8) c ∈ C (cid:12)(cid:12) ∃ c ′ .c ֒ → c ′ ∧ c ′ ∈ J ϕ K P V (cid:9) J (cid:3) ϕ K P V = (cid:8) c ∈ C (cid:12)(cid:12) ∀ c ′ .c ′ ֒ → c ⇒ c ′ ∈ J ϕ K P V (cid:9) J ♦ ϕ K P V = (cid:8) c ∈ C (cid:12)(cid:12) ∃ c ′ .c ′ ֒ → c ∧ c ′ ∈ J ϕ K P V (cid:9) J µZ.ϕ K P V = T n S ⊆ C (cid:12)(cid:12)(cid:12) J ϕ K P V [ Z S ] ⊆ S o J νZ.ϕ K P V = S n S ⊆ C (cid:12)(cid:12)(cid:12) S ⊆ J ϕ K P V [ Z S ] o where V [ Z S ] updates the valuation V to map the variable Z to the set S .The operators (cid:3) ϕ and ♦ ϕ assert that ϕ holds after all possible transitions andafter some transition respectively; (cid:3) and ♦ are their backwards time counter-parts; and the µ and ν operators specify greatest and least fixed points. Anotherinterpretation of these operators is given below. For a full discussion of the modal µ -calculus we refer the reader to a survey by Bradfield and Stirling [1]. Without loss of generality, assume all pushdown commands are p a → p ′ ε , p a → p ′ b , or p a → p ′ bb ′ .The extensions to our earlier work [2] are given in Procedures 1 and 2. Werefer the reader to the original article for a description of the notations used.For a control state p and characters a, b , let P op ( p ) = { ( p ′ , a ′ ) | p ′ a ′ → p ε } ,and Rew ( p, a ) = { ( p ′ , a ′ ) | p ′ a ′ → p b } , P ush ( p, a, b ) = { ( p ′ , a ′ ) | p ′ a ′ → p ab } ,and together P re ( p, a, b ) = P op ( p ) ∪ Rew ( p, a ) ∪ P ush ( p, a, b ). The new procedures defined here add extra cases to the termination proof [2].We show these cases here and refer the reader to the original article for anexplanation of the notation and concepts.
Lemma 1 (Termination).
The algorithm satisfies the following properties.1. Each subroutine introduces a fixed set of new states, independent of the au-tomaton A given as input (but may depend on the other parameters). Tran-sitions are only added to these new states.2. For two input automata A and A (giving valuations of the same environ-ments) such that A (cid:22) A , then the returned automata A ′ and A ′ , respec-tively, satisfy A ′ (cid:22) A ′ .3. The algorithm terminates. rocedure 1 BackBox ( A, ϕ , c, P ) (( Q , Σ, ∆ , , F ) , I ) = Dispatch ( A, ϕ , c, P ) A ′ = ( Q ∪ I ∪ Q int , Σ, ∆ ∪ ∆ ′ , , F )where I = (cid:8) ( p, (cid:3) ϕ , c ) | p ∈ P (cid:9) and Q int = (cid:8) ( p, (cid:3) ϕ , c, a ) | p ∈ P ∧ a ∈ Σ (cid:9) and ∆ ′ = (( p, (cid:3) ϕ , c ) , a, Q ) (cid:12)(cid:12)(cid:12)(cid:12)(cid:12)(cid:12)(cid:12)(cid:12)(cid:12)(cid:12)(cid:12)(cid:12)(cid:12)(cid:12)(cid:12)(cid:12)(cid:12)(cid:12)(cid:12) Q = (cid:8) ( p, (cid:3) ϕ , c, a ) (cid:9) ∪ Q pop ∪ Q rew ∧ P op ( p ) = { ( p , a ) , . . . , ( p n , a n ) } ∧ V ≤ j ≤ n (cid:18) I ( p j ) a j −−→ ∆ Q ′ j a −−→ ∆ Q popj (cid:19) ∧ Q pop = Q pop ∪ · · · ∪ Q popn ∧ Rew ( p, a ) = { ( p ′ , a ′ ) , . . . , ( p ′ n ′ , a ′ n ′ ) } ∧ V ≤ j ≤ n ′ (cid:18) I ( p ′ j ) a ′ j −−→ ∆ Q rewj (cid:19) ∧ Q rew = Q rew ∪ · · · ∪ Q rewn ∪ (cid:0) ( p, (cid:3) ϕ , c, a ) , b, Q (cid:1) (cid:12)(cid:12)(cid:12)(cid:12)(cid:12)(cid:12)(cid:12)(cid:12) P re ( p, a, b ) = { ( p , a ) , . . . , ( p n , a n ) } ∧ V ≤ j ≤ n (cid:18) I ( p j ) a j −−→ ∆ Q pushj (cid:19) ∧ Q = Q push ∪ · · · ∪ Q pushn ∪ (cid:8) (cid:0) ( p, (cid:3) ϕ , c ) , a, { q ∗ } (cid:1) | ∀ b.P re ( p, a, b ) = ∅ (cid:9) ∪ (cid:8) (cid:0) ( p, (cid:3) ϕ , c ) , ⊥ , (cid:8) q εf (cid:9)(cid:1) | ∀ a.P re ( p, ⊥ , a ) = ∅ (cid:9) ∪ (cid:8) (cid:0) ( p, (cid:3) ϕ , c, a ) , b, { q ∗ } (cid:1) (cid:12)(cid:12) P ush ( p, a, b ) = ∅ (cid:9) ∪ (cid:8) (cid:0) ( p, (cid:3) ϕ , c, a ) , ⊥ , (cid:8) q εf (cid:9)(cid:1) (cid:12)(cid:12) P ush ( p, a, ⊥ ) = ∅ (cid:9) return ( A ′ , I ) Procedure 2
BackDiamond ( A, ϕ , c, P ) (( Q , Σ, ∆ , , F ) , I ) = Dispatch ( A, ϕ , c, P ) A ′ = ( Q ∪ I ∪ Q int , Σ, ∆ ∪ ∆ ′ , , F )where I = (cid:8) ( p, ♦ ϕ , c ) | p ∈ P (cid:9) and Q int = (cid:8) ( p, (cid:3) ϕ , c, a ) | p ∈ P ∧ a ∈ Σ (cid:9) and ∆ ′ = (( p, ♦ ϕ , c ) , a, Q ) (cid:12)(cid:12)(cid:12)(cid:12)(cid:12)(cid:12) ( p ′ , a ′ ) ∈ P op ( p ) ∧ I ( p ′ ) a ′ −−→ ∆ Q ′ a −−→ ∆ Q ∪ (( p, ♦ ϕ , c ) , a, Q ) (cid:12)(cid:12)(cid:12)(cid:12)(cid:12)(cid:12) ( p ′ , a ′ ) ∈ Rew ( p, a ) ∧ I ( p ′ ) a ′ −−→ ∆ Q ∪ (cid:8) (( p, ♦ ϕ , c ) , a, (cid:8) ( p, ♦ ϕ , c, a ) (cid:9) ) (cid:9) ∪ (( p, ♦ ϕ , c, a ) , b, Q ) (cid:12)(cid:12)(cid:12)(cid:12)(cid:12)(cid:12) ( p ′ , a ′ ) ∈ P ush ( p, a, b ) ∧ I ( p ′ ) a ′ −−→ ∆ Q . return ( A ′ , I ) roof. The first of these conditions is trivially satisfied by all constructions,hence we omit the proofs. Similarly, termination is trivial. The second and thirdconditions will be shown by mutual induction over the recursion (structure ofthe formula). The new cases follow.
Case
BackBox ( A, ϕ , c, P ) and BackDiamond ( A, ϕ , c, P ):It can be observed that all new transitions in A are derived from transitions I ( p ′ ) a −→ A Q (or are independent of A and A ′ ). Since A (cid:22) A ′ it follows that alltransitions have a counterpart I ( p ′ ) a −→ A ′ Q ′ with Q ′ ≪ Q . Hence the propertyfollows in a similar manner to the previous cases. The new procedures change the complexity of the algorithm slightly, althoughthe algorithm remains in EXPTIME. In particular, the algorithm is now expo-nential in the number of control states, the size of the stack alphabet and the sizeof the formula. Let m be the nesting depth of the fixed points of the formula and n be the number of states in A V . We introduce at most k = O ( |P| · | χ | · m · | Σ | )states to the automaton. Hence, there are at most O ( n + k ) states in the au-tomaton during any stage of the algorithm. The fixed point computations iterateup to an O (cid:0) O ( n + k ) (cid:1) number of times. Each iteration has a recursive call, whichtakes up to O (cid:0) O ( n + k ) (cid:1) time. Hence the algorithm is O (cid:0) O ( n + k ) (cid:1) overall. We extend the proofs of correctness. We refer the reader to our previous workfor the full details [2].
Definition 1 (Correctness Conditions).
The correctness conditions are asfollows. Let A be the input automaton, ϕ be the input formula , c be the inputlevel and A ′ be the result.1. We only introduce level c states.2. If A is V -sound, A ′ is V cϕ -sound.3. If A is V -complete, A ′ is V cϕ -complete. The first condition is obvious. The remaining conditions are shown by induc-tion and require the addition of proof cases for the new procedures.
Lemma 2 (Valuation Soundness).
The algorithm is V -sound. For cases such as
And ( A, ϕ , ϕ , c, P ) we take, as appropriate ϕ = ϕ ∧ ϕ . roof. Case
BackBox ( A, ϕ , c, P ):We assume that A is valuation sound with respect to some valuation V . Byinduction the result A of the recursive call is valuation sound with respect to V cϕ . We show that A ′ is valuation sound with respect to V c (cid:3) ϕ .We observe that no ( p ′ , (cid:3) ϕ , c ) are reachable from a state ( p, (cid:3) ϕ, c, a ), hencewe show soundness for the latter states first.The first case is for some b with P ush ( p, a, b ) = ∅ . In this case, the valuationof ( p, (cid:3) ϕ, c, a ) contains all words of the form bw . Hence soundness is immediatelysatisfied.Otherwise, P ush ( p, a, b ) = { ( p , a ) , . . . , ( p n , a n ) } such that for all 1 ≤ j ≤ n , h p j , a i w i ֒ → h p, abw i . Take a new transition (( p, (cid:3) ϕ , c, a ) , b, Q ) derived from theruns I ( p j ) a j −−→ A Q j for all 1 ≤ j ≤ n , with Q = Q ∪ Q n . Suppose for some w , w ∈ V c (cid:3) ϕ ( q ) for all q ∈ Q . By valuation soundness of A we know a j w ∈ V c (cid:3) ϕ ( I ( p j ))and hence, since all transitions to h p, abw i are from configurations satisfying ϕ ,we have bw ∈ V c (cid:3) ϕ ( p, (cid:3) ϕ , c, a ) as required.The remaining states are of the form ( p, (cid:3) ϕ , c ). We first deal with the casewhen for all b we have P re ( p, a, b ) = ∅ . In this case, the valuation of (cid:3) ϕ containsall words of the form aw for some w . Hence, all added transitions are triviallysound.Otherwise, take a new transition (( p, (cid:3) ϕ , c ) , a, Q ) derived from some b ,the value of P op ( p ) = { ( p , a ) , . . . , ( p n , a n ) } and for all 1 ≤ j ≤ n , theruns I ( p j ) w j −−→ A Q ′ j b −−→ A Q popj , with Q pop = Q pop ∪ Q popn , and the value of Rew ( p, =) { ( p ′ , a ′ ) , . . . , ( p ′ n ′ , a ′ n ′ ) } and for all 1 ≤ j ≤ n ′ , the runs I ( p ′ j ) a ′ j −−→ A Q rewj , with Q rew = Q rew ∪ Q rewn . Finally, Q = (cid:8) ( p, (cid:3) ϕ , c, a, b ) (cid:9) ∪ Q pop ∪ Q rew .Suppose for some w , w ∈ V c (cid:3) ϕ ( q ) for all q ∈ Q pop . By valuation soundnessof A we know a j aw ∈ V c (cid:3) ϕ ( I ( p j )) and hence all pop transitions leading to h p, aw i are from configurations satisfying ϕ .Now suppose for some aw , aw ∈ V c (cid:3) ϕ ( q ) for all q ∈ Q rew . By valuationsoundness of A we know a j w ∈ V c (cid:3) ϕ ( I ( p j )) and hence all rewrite transitionsleading to h p, aw i are from configurations satisfying ϕ .Finally, consider some bw in the valuation of ( p, (cid:3) ϕ , c, a ). From the sound-ness of this state, shown above, we have that all push transitions leading to h p, abw i are from configurations satisfying ϕ .Putting the three cases together, we have for all abw ∈ V c (cid:3) ϕ ( p, (cid:3) ϕ , c ) asrequired.The above cases do not cover the case ⊥∈ V c (cid:3) ϕ ( p, (cid:3) ϕ , c ). However, sinceno push transition can reach this stack, we just require the first two cases andthat ( p, (cid:3) ϕ , c, ⊥ ) = q εf . 5 ase BackDiamond ( A, ϕ , c, P ):We assume that A is valuation sound with respect to some valuation V . Byinduction the result A of the recursive call is valuation sound with respect to V cϕ . We show that A ′ is valuation sound with respect to V c ♦ ϕ .We begin with the states ( p, ♦ , c, a ). Take a transition (( p, ♦ , c, a ) , b, Q ).Then there is some ( p ′ , a ′ ) ∈ P ush ( p, a, b ) such that I ( p ′ ) a ′ −→ QA . From thesoundness of A we know for all w with w ∈ V c ♦ ϕ ( q ) for all q ∈ Q we have a ′ w ∈ V c ♦ ϕ ( I ( p ′ )). Since h p ′ , a ′ w i ֒ → h p, abw i we have h p, abw i satisfies ϕ and hence bw ∈ V c ♦ ϕ ( p, ♦ , c, a ) and the transition is sound.For the remaining states, take a new transition (( p, ♦ ϕ , c ) , a, Q ). There arethree cases.If the transition was derived from some ( p ′ , a ′ ) ∈ P op ( p ) and the run I ( p ′ ) a ′ a −−→ A Q , then suppose for some w , w ∈ V c ♦ ϕ ( q ) for all q ∈ Q . By valuation soundness of A we know a ′ aw ∈ V c ♦ ϕ ( I ( p ′ )) and hence, since there is a transition h p ′ , a ′ aw i ,a configuration satisfying ϕ , to h p, aw i we obtain aw ∈ V c ♦ ϕ ( p, ♦ ϕ , c ) as re-quired.If the transition was derived from some ( p ′ , a ′ ) ∈ Rew ( p, a ) and the run I ( p ′ ) a ′ −−→ A Q , then suppose for some w , w ∈ V c ♦ ϕ ( q ) for all q ∈ Q . By valuationsoundness of A we know a ′ w ∈ V c ♦ ϕ ( I ( p ′ )) and hence, since there is a transition h p ′ , a ′ w i , a configuration satisfying ϕ , to h p, aw i we obtain aw ∈ V c ♦ ϕ ( p, ♦ ϕ , c )as required.Finally, if Q = (cid:8) ( p, ♦ , c, a ) (cid:9) then soundness is immediate from the definitionof V c ♦ ϕ . Lemma 3 (Valuation Completeness).
The algorithm is V -complete.Proof. Case
BackBox ( A, ϕ , c, P ):We are given that A is valuation complete with respect to some valuation V ,and by induction we have completeness of the result A of the recursive call withrespect to V cϕ . We show A ′ is complete with respect to V c (cid:3) ϕ .As in the soundness proof, we begin with the states ( p, (cid:3) ϕ , c, a ). In thecase P ush ( p, a, b ) = ∅ for some b , we either have b = ⊥ and the transition from( p, (cid:3) ϕ , c, a ) to n q εf o witnesses completeness, or we have a = ⊥ and the transitionto { q ∗ } witnesses completeness.Otherwise P ush ( p, a, b ) = { ( p , a ) , . . . , ( p n , a n ) } . Take some bw such that abw ∈ V c (cid:3) ϕ ( p, (cid:3) ϕ , c, a ). Then we have a j w ∈ V c (cid:3) ϕ ( p j , ϕ , c ) for all 1 ≤ j ≤ n .From completeness of A we have a transition I ( p j ) a j −→ Q j with w ∈ V c (cid:3) ϕ ( q )for all q ∈ Q j . Hence, we have a complete b -transition from ( p, (cid:3) ϕ , c, a ) asrequired. 6or the states of the form ( p, (cid:3) ϕ , c ) we first deal with the case when for all b we have P re ( p, a, b ) = ∅ . In this case we immediately have transitions witnessingcompleteness.Otherwise, take some abw ∈ V c (cid:3) ϕ ( p, (cid:3) ϕ , c ). Then, for all ( p ′ , a ′ ) ∈ P op ( p ),we have a ′ abw ∈ V c (cid:3) ϕ ( I ( p ′ )); and for all ( p ′ , a ′ ) ∈ Rew ( p, a ) we have a ′ bw ∈ V c (cid:3) ϕ ( I ( p ′ )); and for all ( p ′ , a ′ ) ∈ P ush ( p, a, b ) we have a ′ w ∈ V c (cid:3) ϕ I ( p ′ ). Fromcompleteness of A we have a complete run I ( p ′ ) a ′ −−→ A Q ′ a −−→ A Q for each ( p ′ , a ′ ) ∈ P op ( p ) and a complete run I ( p ′ ) a ′ −−→ A Q for each ( p ′ , a ′ ) ∈ Rew ( p, a ). Sincewe know bw ∈ V c (cid:3) ϕ ( p, (cid:3) ϕ , c, a ) there must be some complete transition from( p, (cid:3) ϕ , c ) as required.The only case not covered by the above is the case ⊥∈ V c (cid:3) ϕ ( p, (cid:3) , ϕ , c ).In this case there are no push transitions reaching this configuration. That is P ush ( p, ⊥ , b ) = ∅ for all b . Note also that we equated all ( p, (cid:3) ϕ , c, ⊥ ) with q εf .Hence, from the pop and rewrite cases above, and that ( p, (cid:3) ϕ , c, ⊥ ) = q εf wehave completeness as required. Case
BackDiamond ( A, ϕ , c, P ):We are given that A is valuation complete with respect to some valuation V ,and by induction we have completeness of the result A of the recursive call withrespect to V cϕ . We show A ′ is complete with respect to V c ♦ ϕ . There are threecases.Assume some aw such that aw ∈ V c ♦ ϕ ( p, ♦ ϕ , c ) by virtue of some ( p ′ , a ′ ) ∈ P op ( p ) such that we have h p ′ , a ′ aw i ∈ V c ♦ ϕ ( I ( p ′ )). By completeness of A wehave a run I ( p ′ ) a ′ a −−→ A Q such hat for all q ∈ Q , w ∈ V c ♦ ϕ ( q ). Hence, thetransition (( p, ♦ ϕ , c ) , a, Q ) witnesses completeness.Otherwise, take some aw such that aw ∈ V c ♦ ϕ ( p, ♦ ϕ , c ) from some ( p ′ , a ′ ) ∈ Rew ( p, a ) such that we have h p ′ , a ′ w i ∈ V c ♦ ϕ ( I ( p ′ )). By completeness of A we have a run I ( p ′ ) a ′ −−→ A Q such that for all q ∈ Q , w ∈ V c ♦ ϕ ( q ). Hence, thetransition (( p, ♦ ϕ , c ) , a, Q ) witnesses completeness.Finally, take some abw such that abw ∈ V c ♦ ϕ ( p, ♦ ϕ , c ) from some ( p ′ , a ′ ) ∈ P ush ( p, a, b ) such that we have h p ′ , a ′ w i ∈ V c ♦ ϕ ( I ( p ′ )). By completeness of A we have a run I ( p ′ ) a ′ −−→ A Q such that for all q ∈ Q , w ∈ V c ♦ ϕ ( q ). Hence,the transitions (( p, ♦ ϕ , c ) , a, (cid:8) ( p, ♦ , c, a ) (cid:9) ) and (( p, ♦ ϕ , c, a ) , a, Q ) witness com-pleteness. 7 Conclusion and Future Work
In previous work, we have introduced a saturation method for directly computingthe denotation of a modal µ -calculus formula over the configuration graph ofa pushdown system. Here, we have shown how to extend this work to allowbackwards modalities. References
1. J. C. Bradfield and C. P. Stirling. Modal logics and mu-calculi: An introduction. In
Handbook of Process Algebra , pages 293–330, 2001.2. M. Hague and C.-H. L. Ong. A saturation method for the modal mu-calculus overpushdown systems, 2010. To appear in Information and Computation., pages 293–330, 2001.2. M. Hague and C.-H. L. Ong. A saturation method for the modal mu-calculus overpushdown systems, 2010. To appear in Information and Computation.