Bisimulation Equivalence of First-Order Grammars is ACKERMANN-Complete

01/22/2019
by   Petr Jancar, et al.
0

Checking whether two pushdown automata with restricted silent actions are weakly bisimilar was shown decidable by Sénizergues (1998, 2005). We provide the first known complexity upper bound for this famous problem, in the equivalent setting of first-order grammars. This ACKERMANN upper bound is optimal, and we also show that strong bisimilarity is primitive-recursive when the number of states of the automata is fixed.

READ FULL TEXT VIEW PDF
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

page 2

page 3

page 4

03/20/2019

Reachability in Vector Addition Systems is Primitive-Recursive in Fixed Dimension

The reachability problem in vector addition systems is a central questio...
03/01/2018

Sequentialization and Procedural Complexity in Automata Networks

In this article we consider finite automata networks (ANs) with two kind...
05/09/2020

Playing odds and evens with finite automata

This paper is concerned with asymptotic behaviour of a repeated game of ...
04/05/2020

#P-completeness of counting update digraphs, cacti, and a series-parallel decomposition method

Automata networks are a very general model of interacting entities, with...
05/17/2018

The Synchronizing Probability Function for Primitive Sets of Matrices

Motivated by recent results relating synchronizing automata and primitiv...
04/20/2018

On the Post Selection Inference constant under Restricted Isometry Properties

Uniformly valid confidence intervals post model selection in regression ...
11/17/2021

Context-Bounded Verification of Thread Pools

Thread pooling is a common programming idiom in which a fixed set of wor...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1. Introduction

Bisimulation equivalence plays a central role among the many notions of semantic equivalence studied in verification and concurrency theory [11]. Indeed, two bisimilar processes always satisfy exactly the same specifications written in modal logics [2] or in the modal -calculus [14], allowing one to replace for instance a naive implementation with a highly optimised one without breaking the conformance. As a toy example, the two recursive Erlang functions below implement the same stateful message relaying service, that either receives {upd, M1} and updates its internal message from M to M1, or receives {rel,C} and sends the message M to the client C.

1serverA(M) ->                     serverB(M) ->
2  receive                           M2 = receive
3    {upd, M1} -> serverA(M1);         {upd, M1} -> M1;
4    {rel, C }  -> C!M,                {rel, C }  -> C!M, M;
5                  serverA(M);       end,
6  end.                            ,,serverB(M2).

The two programs are weakly bisimilar if we only observe the input (receive) and output (C!M) actions, but the one on the left is not tail-recursive and might perform poorly compared to the one on the right.

In a landmark 1998 paper, Sénizergues [32, 34] proved the decidability of bisimulation equivalence for rooted equational graphs of finite out-degree. The proof extends his previous seminal result [31, 33], which is the decidability of language equivalence for deterministic pushdown automata (DPDA), and entails that weak bisimilarity of pushdown processes where silent actions are deterministic is decidable; a silent action (also called an -step) is deterministic if it has no alternative when enabled. Because the control flow of a first-order recursive program is readily modelled by a pushdown process, one can view this result as showing that the equivalence of recursive programs (like the two Erlang functions above) is decidable as far as their observable behaviours are concerned, provided silent moves are deterministic. Regarding decidability, Sénizergues’ result is optimal in the sense that bisimilarity becomes undecidable if we consider either nondeterministic (popping) -steps [21], or second-order pushdown processes with no -steps [4]. Note that the decidability border was also refined in [39] by considering branching bisimilarity, a stronger version of weak bisimilarity.

Computational Complexity

While this delineates the decidability border for equivalences of pushdown processes, the computational complexity of the bisimilarity problem is open. Sénizergues’ algorithm consists in two semi-decision procedures, with no clear means of bounding its complexity, and subsequent works like [17] have so far not proven easier to analyse. We know however that this complexity must be considerable, as the problem is TOWER-hard in the real-time case (i.e., without silent actions, hence for strong bisimilarity) [1] and ACKERMANN-hard in the general case (with deterministic silent actions) [18]—we are employing here the ‘fast-growing’ complexity classes defined in [29], where is the lowest non elementary class and the lowest non primitive-recursive one.

In fact, the precise complexity of deciding equivalences for pushdown automata and their restrictions is often not known—as is commonplace with infinite-state processes [35]. For instance, language equivalence of deterministic pushdown automata is ¶-hard and was shown to be in TOWER by Stirling [37] (see [18] for an explicit upper bound), and bisimilarity of BPAs (i.e., real-time pushdown processes with a single state) is EXPTIME-hard [22] and in 2EXPTIME [5] (see [16] for an explicit proof). There are also a few known completeness results in restricted cases: bisimilarity of normed BPAs is ¶-complete [13] (see [10] for the best known upper bound), bisimilarity of real-time one-counter processes (i.e., of pushdown processes with a singleton stack alphabet) is -complete [3], and bisimilarity of visibly pushdown processes is EXPTIME-complete [36].

Contributions

In this paper, we prove that the bisimilarity problem for pushdown processes is in , even the weak bisimilarity problem when silent actions are deterministic. Combined with the already mentioned lower bound from [18], this shows the problem to be ACKERMANN-complete. This is the first instance of a complexity completeness result in the line of research originating from Sénizergues’ work [31, 32, 33, 34]; see Tab. 1.

Problem Lower bound Upper bound
DPDA lang. equ. TOWER [37, 18]
strong bisim. TOWER [1] ACKERMANN [this paper]
weak bisim. ACKERMANN [18] ACKERMANN [this paper]
  • silent actions must be deterministic

Table 1. The complexity of equivalence problems over pushdown processes.

Rather than working with rooted equational graphs of finite out-degree or with pushdown processes with deterministic silent actions, our proof is cast in the formalism of first-order grammars (see Sec. 2), which are term rewriting systems with a head rewriting semantics, and are known to generate the same class of graphs [7].

Our proof heavily relies on the main novelty from [17]: the bisimilarity of two arbitrary terms according to a first-order grammar essentially hinges on a finite basis of pairs of non-equivalent terms, which can be constructed from the grammar independently of the terms provided as input. The basis provides a number that allows us to compute a bound on the ‘equivalence-level’ of two non-equivalent terms; this is the substance of the decision procedure (see Sec. 3). Both in [17] and in its reworked version in [20], such a basis is obtained through a brute force argument, which yields no complexity statement. In Sec. 4 we exhibit a concrete algorithm computing the basis, and we analyse its complexity in the framework of [28, 29, 30] in Sec. 5, yielding the ACKERMANN upper bound.

Finally, although our results do not match the TOWER lower bound of Benedikt et al. [1] in the case of real-time pushdown processes, we nevertheless show in Sec. 6 that bisimilarity becomes primitive-recursive in that case if additionally the number of control states of the pushdown processes is fixed.

2. First-Order Grammars

First-order grammars are labelled term rewriting systems with a head rewriting semantics. They are a natural model of first-order functional programs with a call-by-name semantics, and were shown to generate the class of rooted equational graphs of finite out-degree by Caucal [6, 7], where they are called term context-free grammars. Here we shall use the terminology and notations from [20].

2.1. Regular Terms

Let be a finite ranked alphabet, i.e., where each symbol in  comes with an arity in , and a countable set of variables, all with arity zero. We work with possibly infinite regular terms over  and Var, i.e., terms with finitely many distinct subterms. Let denote the set of all regular terms over  and Var. We further use for nonterminals, and for terms, possibly primed and/or with subscripts.

Representations

Such terms can be represented by finite directed graphs as shown in Fig. 1, where each node has a label in and a number of ordered outgoing arcs equal to its arity. The unfolding of the graph representation is the desired term, and there is a bijection between the nodes of the least graph representation of a term  and the set of subterms of .

1

2

3

1

2

1

2

1

2

3

1

2

2

1

1

2

3

1

2

2

1
Figure 1. Graph representations of two finite terms and , and of an infinite regular term .
Size and Height

We define the size of a term  as its number of distinct subterms. For instance, , , and in Fig. 1. For two terms and , we also denote by the number of distinct subterms of and ; note that can be smaller than , as they might share some subterms. For instance, in Fig. 1. We let denote the number of distinct subterms of  with root labels in ; e.g., in Fig. 1. A term  is thus finite if and only if its graph representation is acyclic, in which case it has a height , which is the maximal length of a path from the root to a leaf; for instance in Fig. 1. Finally, we let denote the set of variables occurring in , and let ; e.g., in Fig. 1.

2.2. Substitutions

A substitution  is a map whose support is finite. This map is lifted to act over terms by

for all in Var, in , and in . For instance, in Fig. 1, if and .

2.3. Grammars

A first-order grammar is a tuple where is a finite ranked alphabet of nonterminals, a finite alphabet of actions, and a finite set of labelled term rewriting rules of the form where , , and is a finite term in with .

Head Rewriting Semantics

A first-order grammar defines an infinite labelled transition system

over as set of states, as set of actions, and with a transition relation for each , where each rule of  induces a transition

for every substitution . This means that rewriting steps can only occur at the root of a term, rather than inside a context. For instance, the rules and give rise on the terms of Fig. 1 to the transitions and . The transition relations are extended to for words in the standard way.

Note that variables are ‘dead’, in that no transitions can be fired from a variable. In fact, in Sec. 3.1 we discuss that for technical reasons we could formally assume that each variable  has its unique action  and a transition .

Grammatical Constants

Let us fix a first-order grammar . We define its size as

(1)
Let rhs be the set of terms appearing on the right-hand sides of  (which are finite terms by definition). We let
(2)
hinc (3)
sinc (4)

bound respectively the maximal arity of its nonterminals, its maximal height increase in one transition step, and its maximal size increase in one transition step.

If in  for some in  and in , then we call  an -sink word. Observe that , hence with in  and , where either and or ‘sinks’ to  when applying . Thus, for each and we can compute some shortest -sink word by dynamic programming; in the cases where no -sink word exist, we can formally put . In turn, this entails that the maximal length of shortest sink words satisfies

(5)

here and in later instances, we let .

Finally, the following grammatical constant from [20] is important for us:

(6)

note that  is at most doubly exponential in the size of . This was chosen in [20] so that each can be written as where and , and it is guaranteed that each path where can be presented as where . Put simply: bounds the number of depth- subterms for each term .

3. Bisimulation Equivalence

Bisimulation equivalence has been introduced independently in the study of modal logics [2] and in that of concurrent processes [25, 26]. We recall here the basic notions surrounding bisimilarity before we introduce the key notion of candidate bases as defined in [20].

3.1. Equivalence Levels

Consider a labelled transition system

like the one defined by a first-order grammar, with set of states , set of actions , and a transition relation for each in . We work in this paper with image-finite labelled transition systems, where is finite for every  in  and in . In this setting, the coarsest (strong) bisimulation  can be defined through a chain

of equivalence relations over : let and for each  in , let if and

[]

(zig):

if for some , then there exists such that and , and

(zag):

if for some , then there exists such that and .

We put ; hence .

For each pair of states in , we may then define its equivalence level in  as

(7)

Here we should add that—to be consistent with [20]—we stipulate that when ; in particular when . This would automatically hold if we equipped each with a special transition in , as we already mentioned. This stipulation guarantees that .

Two states are (strongly) bisimilar if , which is if and only if . We will later show an algorithm computing the equivalence level of two given terms in the labelled transition system defined by a given first-order grammar. The main decision problem in which we are interested is the following.

Problem (Bisimulation).

[]

input:

A first-order grammar and two terms in .

question:

Is in the labelled transition system ?

3.2. Bisimulation Game

Observe that the following variant of the bisimulation problem is decidable.

Problem (Bounded Equivalence Level).

[]

input:

A first-order grammar , two terms in , and in .

question:

Is in the labelled transition system ?

Indeed, as is well-known, the zig-zag condition can be recast as a bisimulation game between two players called Spoiler and Duplicator. A position of the game is a pair . Spoiler wants to prove that the two states are not bisimilar, while Duplicator wants to prove that they are bisimilar. The game proceeds in rounds; in each round,

  • Spoiler chooses and a transition (if no such transition exists, Spoiler loses), then

  • Duplicator chooses a transition with the same label  (if no such transition exists, Duplicator loses);

the game then proceeds to the next round from position . Then if and only if Spoiler has a strategy to win in the th round at the latest when starting the game from . Note that this game is determined and memoryless strategies suffice.

Thus, the bounded equivalence level problem can be solved by an alternating Turing machine that first writes the representation of 

and  on its tape, and then plays at most  rounds of the bisimulation game, where each round requires at most a polynomial number of computational steps in the size of the grammar (assuming a somewhat reasonable tape encoding of the terms).

Fact 1.

The bounded equivalence level problem is in .

3.3. Candidate Bases

Consider some fixed first-order grammar . Given three numbers , , and  in —which will depend on —, an -candidate basis for non-equivalence is a set of pairs of terms associated with two sequences of numbers and such that

  1. ,

  2. for each there is such that and ,

  3. , and the remaining numbers are defined inductively by

(8)
(9)

Note that the numbers and are entirely determined by  and , , and . An -candidate basis yields a bound defined by

(10)
Full Bases

For , let

(11)

An -candidate basis  is full below some equivalence level if, for all and all such that we have . We say that  is full if it is full below . In other words and because , is full if and only if, for all , .

Proposition 2 ([20, Prop. 9]).

For any , there is a unique full -candidate basis, denoted by .

Proof.

The full candidate basis  is constructed by induction over . Let and consider the finite set ; has a maximal equivalence level . If , we define . Otherwise, we let as in (9); by induction hypothesis there is a unique full -candidate basis and we set . ∎

The main result from [20] can now be stated.

Theorem 3 ([20, Thm. 7]).

Let be a first-order grammar. Then one can compute a grammatical constant  exponential in  and grammatical constants , , and doubly exponential in  such that, for all terms in with ,

Theorem 3 therefore shows that the bisimulation problem can be reduced to the bounded equivalence level problem, provided one can compute the full -candidate basis for suitable , , and —see Tab. 2 in the appendix for details on how the grammatical constants , , , and  are defined in [20]. Our goal in Sec. 4 will thus be to exhibit a concrete algorithm computing the full candidate basis , in order to derive an upper bound on .

The proof of [20, Thm. 7] relies on the following insight, which we will also need in order to prove the correctness of our algorithm.

Lemma 4 ([20, Eq. 39]).

Let be a first-order grammar, be defined as in Thm. 3, be two terms in  with , and be an -candidate basis full below . Then

4. Computing Candidate Bases

Theorem 3 shows that, in order to solve the bisimulation problem, it suffices to compute  and  and then solve the bounded equivalence problem, for which Fact 1 provides a complexity upper bound. In this section, we show how to compute for an input first-order grammar . Note that this grammatical constant was shown computable in [17, 20] through a brute-force argument, but here we want a concrete algorithm, whose complexity will be analysed in Sec. 5. We proceed in two steps, by first considering a non effective version in Sec. 4.1, whose correctness is straightforward, and then the actual algorithm in Sec. 4.2.

4.1. Non Effective Version

Throughout this section, we consider  as a fixed parameter. We first assume that we have an oracle at our disposal, that returns the equivalence level in ; the parameters will be used in the effective version in Sec. 4.2. The following procedure then constructs full -candidate basis and its associated bound , by progressively adding pairs from the sets  until the candidate basis is full. In order not to clutter the presentation too much, we assume implicitly that the equivalence level  of each pair added to  on line 14 is implicitly stored, thus it does not need to be recomputed on line 19.

procedure CandidateBound(, , , )
      Initialisation
     for  do
               
     
     for  do
               
     
     for  do
10                
11      while   do
12           Main loop
13          
14          
15          if  then If so, then update
16               
17               for  do
18                   
19                   
20                                  
21                              
22      return
Invariant

The procedure maintains as an invariant of its main loop on lines 1121 that is an -candidate basis associated with the numbers  and , and that is its associated bound. This holds indeed after the initialisation phase on lines 28, and is then enforced in the main loop by the update instructions on lines 1521.

Correctness

Let us check that, if it terminates, this non effective version does indeed return the bound  associated with the unique full -candidate basis . By the previous invariant, it suffices to show that  is full when the procedure terminates. Consider for this some index and a pair with for some . By definition of the sets on lines 910 and their updates on lines 13 and 20 in the main loop, the pair must have been added to some  for . Then the pair must have been selected by the condition of the main loop on line 11, and added to .

Termination

Although we are still considering a non effective version of the algorithm, the proof that it always terminates is the same as the one for the effective version in Sec. 4.2. We exhibit a ranking function on the main loop, thereby showing that it must stop eventually. More precisely, each time we enter the main loop on line 11, we associate to the current state of the procedure the ordinal rank below defined by111 Note that this is equivalent to defining the rank as the tuple in , ordered lexicographically, but ordinal notations are more convenient for our analysis in Sec. 5.

(12)

This defines a descending sequence of ordinals

(13)

of ordinals, where is the rank after  iterations of the main loop. Indeed, each time we enter the loop, the cardinal of the set under consideration strictly decreases on line 13, and is not modified by the updates on line 20, which only touch the sets  for . Hence terminates.

4.2. Effective Version

In order to render effective, we provide an implementation of EqLevel that does not require an oracle for the bisimulation problem, but relies instead on Lem. 4 and the bounded equivalence level problem, which as we saw in Sec. 3.2 is decidable.

procedure EqLevel(, , , , )
     if  then
         return
     else
         return      

We establish the correctness of this effective variant in the following theorem, which uses the same reasoning as the proof of [20, Thm. 7].

Theorem 5.

The effective version of procedure terminates and, provided , , , and are defined as in Thm. 3, returns the bound .

Proof.

Termination is guaranteed by the ranking function defined by (12). Regarding correctness, assume the provided , , , and are defined as in Thm. 3, and let us define a (reflexive and symmetric) relation on by if and only if . Clearly, for all  in . We say that an -candidate basis is -complete if, for all , . We call  complete if it is -complete. By the reasoning we used for showing the correctness of the non effective version, when the effective version of terminates, is complete.

It remains to show that is complete if and only if it is full. First observe that, if is full, then it is complete: indeed, being full entails that, for all in , is in , hence .

Conversely, assume that  is complete, and let us show that it is full; it suffices to show that, in that case, . By contradiction, consider a pair with ; without loss of generality, can be assumed minimal among all such pairs. Then is full below : indeed, if and , since was taken minimal, and therefore belongs to  since  is complete. Thus Lem. 4 applies and shows that , a contradiction. ∎

5. Complexity Upper Bounds

In this section, we analyse the procedure to derive an upper bound on the computed . In turn, by theorems 3 and 1, this bound will allow us to bound the complexity of the bisimulation problem. The idea is to analyse the ranking function defined by (12) in order to bound how many times the main loop of can be executed. We rely for this on a so-called ‘length function theorem’ from [28] to bound the length of descending sequences of ordinals like (13

). Finally, we classify the final upper bound using the ‘fast-growing’ complexity classes defined in 

[29]. A general introduction to these techniques can be found in [30]. Throughout this section, we assume that the values of , , , and are the ones needed for Thm. 3 to hold.

5.1. Controlled Descending Sequences

Though all descending sequences of ordinals are finite, we cannot bound their lengths in general; e.g., and are descending sequences of length for all  in . Nevertheless, the sequence (13) produced by is not arbitrary, because the successive ranks are either determined by the input and the initialisation phase, or the result of some computation, hence one cannot use an arbitrary  as in these examples.

This intuition is captured by the notion of controlled sequences. For an ordinal (like the ranks defined by (12)), let us write in Cantor normal form as

with and in , and define its size as

(14)

Let be a natural number in  and a monotone inflationary function, i.e., implies , and . A sequence of ordinals below  is -controlled if, for all in ,

(15)

i.e., the size of the th ordinal