Equivalence-Checking on Infinite-State Systems: Techniques and Results

The paper presents a selection of recently developed and/or used techniques for equivalence-checking on infinite-state systems, and an up-to-date overview of existing results (as of September 2004)

Safety verification of asynchronous pushdown systems with shaped stacks

In this paper, we study the program-point reachability problem of concurrent pushdown systems that communicate via unbounded and unordered message buffers. Our goal is to relax the common restriction that messages can only be retrieved by a pushdown process when its stack is empty. We use the notion of partially commutative context-free grammars to describe a new class of asynchronously communicating pushdown systems with a mild shape constraint on the stacks for which the program-point coverability problem remains decidable. Stacks that fit the shape constraint may reach arbitrary heights; further a process may execute any communication action (be it process creation, message send or retrieval) whether or not its stack is empty. This class extends previous computational models studied in the context of asynchronous programs, and enables the safety verification of a large class of message passing programs

Decidable Models of Recursive Asynchronous Concurrency

Asynchronously communicating pushdown systems (ACPS) that satisfy the empty-stack constraint (a pushdown process may receive only when its stack is empty) are a popular decidable model for recursive programs with asynchronous atomic procedure calls. We study a relaxation of the empty-stack constraint for ACPS that permits concurrency and communication actions at any stack height, called the shaped stack constraint, thus enabling a larger class of concurrent programs to be modelled. We establish a close connection between ACPS with shaped stacks and a novel extension of Petri nets: Nets with Nested Coloured Tokens (NNCTs). Tokens in NNCTs are of two types: simple and complex. Complex tokens carry an arbitrary number of coloured tokens. The rules of NNCT can synchronise complex and simple tokens, inject coloured tokens into a complex token, and eject all tokens of a specified set of colours to predefined places. We show that the coverability problem for NNCTs is Tower-complete. To our knowledge, NNCT is the first extension of Petri nets, in the class of nets with an infinite set of token types, that has primitive recursive coverability. This result implies Tower-completeness of coverability for ACPS with shaped stacks

Towards weak bisimilarity on a class of parallel processes.

A directed labelled graph may be used, at a certain abstraction, to represent a system's behaviour. Its nodes, the possible states the system can be in; its arrows labelled by the actions required to move from one state to another. Processes are, for our purposes, synonymous with these labelled transition systems. With this view a well-studied notion of behavioural equivalence is bisimilarity, where processes are bisimilar when whatever one can do, the other can match, while maintaining bisimilarity. Weak bisimilarity accommodates a notion of silent or internal action. A natural class of labelled transition systems is given by considering the derivations of commutative context-free grammars in Greibach Normal Form: the Basic Parallel Processes (BPP), introduced by Christensen in his PhD thesis. They represent a simple model of communication-free parallel computation, and for them bisimilarity is PSPACE-complete. Weak bisimilarity is believed to be decidable, but only partial results exist. Non-bisimilarity is trivially semidecidable on BPP (each process has finitely many next states, so the state space can be explored until a mis-match is found); the research effort in proving it fully decidable centred on semideciding the positive case. Conversely, weak bisimilarity has been known to be semidecidable for a decade, but no method for semideciding inequivalence has yet been found - the presence of silent actions allows a process to have infinitely many possible successor states, so simple exploration is no longer possible. Weak bisimilarity is defined coinductively, but may be approached, and even reached, by its inductively defined approximants. Game theoretically, these change the Defender's winning condition from survival for infinitely many turns to survival for K turns, for an ordinal k, creating a hierarchy of relations successively closer to full weak bisimilarity. It can be seen that on any set of processes this approximant hierarchy collapses: there will always exist some K such that the kth approximant coincides with weak bisimilarity. One avenue towards the semidecidability of non- weak bisimilarity is the decidability of its approximants. It is a long-standing conjecture that on BPP the weak approximant hierarchy collapses at o x 2. If true, in order to semidecide inequivalence it would suffice to be able to decide the o + n approximants. Again, there exist only limited results: the finite approximants are known to be decidable, but no progress has been made on the wth approximant, and thus far the best proven lower-bound of collapse is w1CK (the least non-recursive ordinal number). We significantly improve this bound to okx2(for a k-variable BPP); a key part of the proof being a novel constructive version of Dickson's Lemma. The distances-to-disablings or DD functions were invented by Jancar in order to prove the PSPACE-completeness of bisimilarity on BPP. At the end of his paper is a conjecture that weak bisimilarity might be amenable to the theory; a suggestion we have taken up. We generalise and extend the DD functions, widening the subset of BPP on which weak bisimilarity is known to be computable, and creating a new means for testing inequivalence. The thesis ends with two conjectures. The first, that our extended DD functions in fact capture weak bisimilarity on full BPP (a corollary of which would be to take the lower bound of approximant collapse to and second, that they are computable, which would enable us to semidecide inequivalence, and hence give us the decidability of weak bisimilarity

Decisive Markov Chains

We consider qualitative and quantitative verification problems for infinite-state Markov chains. We call a Markov chain decisive w.r.t. a given set of target states F if it almost certainly eventually reaches either F or a state from which F can no longer be reached. While all finite Markov chains are trivially decisive (for every set F), this also holds for many classes of infinite Markov chains. Infinite Markov chains which contain a finite attractor are decisive w.r.t. every set F. In particular, this holds for probabilistic lossy channel systems (PLCS). Furthermore, all globally coarse Markov chains are decisive. This class includes probabilistic vector addition systems (PVASS) and probabilistic noisy Turing machines (PNTM). We consider both safety and liveness problems for decisive Markov chains, i.e., the probabilities that a given set of states F is eventually reached or reached infinitely often, respectively. 1. We express the qualitative problems in abstract terms for decisive Markov chains, and show an almost complete picture of its decidability for PLCS, PVASS and PNTM. 2. We also show that the path enumeration algorithm of Iyer and Narasimha terminates for decisive Markov chains and can thus be used to solve the approximate quantitative safety problem. A modified variant of this algorithm solves the approximate quantitative liveness problem. 3. Finally, we show that the exact probability of (repeatedly) reaching F cannot be effectively expressed (in a uniform way) in Tarski-algebra for either PLCS, PVASS or (P)NTM.Comment: 32 pages, 0 figure