A relation over a set is a quasi-ordering if it is reflexive and transitive, and a partial ordering if it is antisymmetric as well. It is well-founded if it has no infinite descending chain. A quasi-ordering is a well-quasi-ordering (resp. well partial order), wqo (resp. wpo) for short, if for every infinite sequence , there exist such that . This is strictly stronger than being well-founded.
One example of well-quasi-ordering is the componentwise ordering of tuples over . More formally, is well-quasi-ordered by where, for every , if and only if for every . We extend to where for every . ordered componentwise is also well-quasi-ordered. Let be a finite alphabet. We write to denote the set of finite words over . For every , we write if is a subword of , i.e. can be obtained from by removing zero, one or multiple letters. is well-quasi-ordered by .
2 Well Structured Transition Systems
2.1 Well structured transition systems: wqo and monotony
An ordered (labeled) transition system is a triple such that is a (labeled) transition system and is a quasi-ordering. An ordered transition system is a well structured transition system (WSTS) if is a well-quasi-ordering and is monotone, i.e. for all and such that and , there exists such that and . Many other types of monotonicities were defined in the literature (see ), but, for our purposes, we only need to introduce strong monotonicities. We say that has strong monotonicity if for all and , and implies for some . We say that has strong-strict monotonicity111Strong-strict monotonicity should not be confused with strong and strict monotonicities. Here strongness and strictness have to hold at the same time. if it has strong monotonicity and for all and , and implies for some .
There are two main techniques for proving these decidability results: backward and forward analysis. The backward coverability algorithm allows to compute the finite basis of the set of all predecessors of the upward closure of a state. The forward coverability algorithm computes the finite reduced reachability tree and the finite (extended) Karp-Miller tree (under supplementary hypothesis): these two forward algorithms operate with inductive downward closed invariants.
2.2 A short story of well structured transition systems
Well structured transition systems (initially called structured transition systems in ) were initially defined and studied as monotone transition systems equipped with a well-quasi-ordering on their set of states. Termination was shown decidable for well structured transition systems with transitive monotonicity, while boundedness was shown decidable for well structured transition systems with strict monotonicity in . For a subclass of finitely branching labeled well structured transition systems with strong-strict monotonicity, now called very well structured transition systems in , a generalization of the Karp-Miller algorithm was shown to compute their coverability sets [11, 6]. In , the coverability problem was shown to be decidable for a subclass of well structured transition systems, i.e. labeled well structured transition systems with strong monotonicity [3, Def. 3.4] and satisfying an additional effective hypothesis: the existence of an algorithm to compute the finite set of minimal elements of , where is the set of immediate predecessors of the upward-closure of a state . In , mathematical properties were distinguished from effective properties, and the coverability problem was shown decidable for the entire class of well structured transition systems satisfying the similar additional effective hypothesis that there exists an algorithm to compute the finite set , i.e., the hypotheses of transitions labeling and strong monotonicity made in  turned out to be superfluous.
Today, following the presentation of , what is mathematically known as well structured transition systems (or shortly well structured systems) is exactly the original class of structured transition systems ; and necessary effective hypotheses are added for obtaining decidability of properties such as termination, control-state reachability, coverability and boundedness.
3 From Programs to Well Structured Transition Systems
3.1 The general method
Given a program and a safety property , let’s describe two steps for verifying that satisfies by using WSTS:
The first step is to build a transition system associated with . This is well known as the operationnal semantics of the program and we are used to this. But the problem is the hudge size of the associated transition system. In general we will define and compute an abstraction of the original program because we may (and must) forget some useless parts of the program that have no effect on property . A kind of such activities is the (static and dynamic) slicing that computes parts of the program that may modify a set of variables and this computation can be done with a small cost. There exist other techniques to build abstractions of the program that produce smaller and tractable programs. We have also to translate the property on into a state-property in (sometimes a formula in a logic) that would be decidable for WSTS.
The second step is to look for an ordering having these two desired properties (monotony and well ordering), i.e., such that is WSTS. Let us recall that the termination ordering makes of each transition system a WSTS  but this ordering is undecidable so the obtained WSTS is not effective and we cannot deduce the decidability of usual properties. If we find such decidable ordering , we just verify whether satisfies the state-property . To make this verification, one usually reduces to a coverability property in .
3.2 What can you do when you can’t find a monotone well ordering ?
Let us analyse two cases that are not directly translatable into WSTS.
3.2.1 We found a well ordering which is not strongly monotone
Let us consider the case in which we found a well ordering but is unfortunately not strongly monotone. Apart from the usual well ordering on integers (Dickson), there exist many well orderings on different kinds of sets: let us enumerate, the multiset ordering, the subword ordering on finite words (Higman), the homeomorphic embedding on finite trees (Kruskal), the minor ordering (Robertson Seymour) on finite graphs,…etc. These orderings can be often extended to the infinite. With Jean Goubault-Larrecq, we define in  an algebra allowing the composition of well orderings by many operators like finite cartesian product.
Let us consider a counter machine
. Recall that the usual ordering on positive integers (which extends to vectors of integers) is well (Dickson Lemma) but it is not (strongly) monotone on general counters machines because the guards containing tests to zero are typically not monotone. We may change the original machine into another one which will be a WSTS. We may change the operations and/or the states.
A first drastic action is to remove the tests to zero; another possibility is to replace tests to zero by resets (or by transfers). The new machine is now monotone, hence machine is a WSTS (for the usual ordering) that over-approximates the original counter machine . If never meets a bad state then one may deduce the same for . Other properties like termination, boundedness, non-reachability are also preserved by monotonic abstraction .
We may change the states by abstracting them modulo an equivalence relation or even with an ordering. One may also look for a computable abstraction of where and are an abstraction of such that the new transition relation (between abstract states in ) is monotone with respect to which must be still well and then is a WSTS. The Abstract Interpretation  could be completed in the direction to produce WSTSs.
Another way is to consider general non monotone models and to test if a particular instance of the model is strongly monotone. This question is decidable, for example, for Presburger counter machine .
3.2.2 We found a strongly monotone ordering which is not well
A first possibility is use algorithms in WSTS as semi-algorithms in strongly monotone transition systems. But there is another way. The ordering which is not well on the considered set of states could be well on the subset of reachable states. In general, the reachability set is not computable but in some cases, it is possible to compute an overapproximation of the reachability set on which the ordering is well.
Another way is to consider general strongly monotone non-well ordered transition systems and to test if a particular ordering is well. This question is decidable, for example, for orderings defined by Presburger formulas (Presburger orderings) (see  for the decidability for orderings in ).
4.1 Programs with integers
Many programs can be modeled as counter machines (for example programs with lists ). Presburger counter machines (PCM) are a general model that allows to express guards and operations as Presburger formulas. It is clear that PCM contain Minsky machines and, as an immediate consequence, all non-trivial properties are undecidable for PCM. Let us now illustrate some notions introduced in step of the strategy described before. Let be a Presburger counter machine with a set finite set of control-states and counters. Let us first consider the most natural well ordering on integers that we classically extend on vectors as follows: let where is the equality on the finite set and is the vector ordering component by component. By Dickson Lemma, we know that is still well. We cannot directly decide whether is strongly monotone for but we may decide the strong monotony property for because both the description of and of the strong monotony property can be expressed as Presburger formulas . If is strongly monotone for , we may use the WSTS theory. In the case where is not strongly monotone for , we may use the following (non-terminating) semi-algorithm that enumerates Presburger formulas representing well orderings on and test, for all , whether is strongly -monotone. If there exists an integer such that is well and strongly monotone on , then the termination of the previous semi-algorithm is insured. But if there don’t exist such , this enumeration will never terminate and then it don’t provide an algorithm to decide whether there exists a strongly monotone Presburger well ordering for . Let us define the class of existentially (strongly) well structured Presburger counter machines as follows:
A Presburger counter machine is existentially well structured (resp. existentially strongly well structured) if there exists a Presburger well ordering that is monotone (resp. strongly monotone) for .
Coverability and other properties (see Theorem 1) are decidable for existentially well structured PCMs. We may prove that the monotony property is undecidable  for PCM of dimension one (and for Minsky machines of dimension ) with the usual well ordering on integers and we conjecture that the existentially well structured problem (i.e., whether a PCM is existentially well structured) is also undecidable. Another natural (and still open) question is then to know whether the existential strongly well structured problem is decidable for PCMs.
4.2 Communication protocols
Let us consider a distributed program composed of a finite set of processes (finite automata, pushdown processes,…) that exchanges messages through fifo channels. We know that queue automata also called fifo machines (i.e., a finite automaton that communicates with an unique fifo buffer also called a bi-directional
fifo channel) may simulate Turing machines and counter machines and this is still true for two finite automata communicating through one-directional fifo channels . Let us consider, for simplifying notations, fifo machines (a single sequential control-graph) communicating with channels and the most natural ordering on words, adapted to the fifo behavior, say the prefix ordering that is extended as previously by . Unfortunatly this ordering is not monotone neither well (except in the trivial case where the channel alphabets are reduced to an unique letter). The subword ordering on finite words is well (Higman’s Theorem) and its classical extension is also well but it is not monotone on fifo machines ; however, is monotone on fifo machines with other semantics (like lossy, insertion), hence such non-perfect fifo machines are WSTS for the extended subword ordering. These kind of non-perfect fifo machines over-approximates original perfect fifo machines and we may apply the monotonic abstraction described previously in Section .
4.3 Other programs
There exist many other illustrations of the power of WSTS to verify programs like hardware design, multithreaded programs, distributed systems. Let’s quote programs with pointers and the use of graphs and orderings on graphs (subgraph ordering and minor ordering) to model the state of the memory , parameterized verification of distributed algorithms , programs with time constraints (timed Petri nets), cryptographic protocols , broadcast protocols,…etc.
-  Parosh Aziz Abdulla, Muhsin Atto, Jonathan Cederberg & Ran Ji (2009): Automated Analysis of Data-Dependent Programs with Dynamic Memory. In Zhiming Liu & Anders P. Ravn, editors: Automated Technology for Verification and Analysis, 7th International Symposium, ATVA 2009, Macao, China, October 14-16, 2009. Proceedings, Lecture Notes in Computer Science 5799, Springer, pp. 197–212. Available at https://doi.org/10.1007/978-3-642-04761-9_16.
-  Parosh Aziz Abdulla, Karlis Cerans, Bengt Jonsson & Yih-Kuen Tsay (2000): Algorithmic Analysis of Programs with Well Quasi-ordered Domains. Inf. Comput. 160(1-2), pp. 109–127, doi:http://dx.doi.org/10.1006/inco.1999.2843.
-  Parosh Aziz Abdulla, Giorgio Delzanno, Noomene Ben Henda & Ahmed Rezine (2009): Monotonic Abstraction: on Efficient Verification of Parameterized Systems. Int. J. Found. Comput. Sci. 20(5), pp. 779–801. Available at https://doi.org/10.1142/S0129054109006887.
-  Sébastien Bardin, Alain Finkel, Étienne Lozes & Arnaud Sangnier (2006): From Pointer Systems to Counter Systems Using Shape Analysis. In Ramesh Bharadwaj, editor: Proceedings of the 5th International Workshop on Automated Verification of Infinite-State Systems (AVIS’06), Vienna, Austria. Available at http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BFLS-AVIS-06.pdf.
-  Michael Blondin, Alain Finkel & Jean Goubault-Larrecq (2017): Forward Analysis for WSTS, Part III: Karp-Miller Trees. In Satya Lokam & R. Ramanujam, editors: Proceedings of the 37th Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS’17), Leibniz International Proceedings in Informatics 93, Leibniz-Zentrum für Informatik, Kanpur, India, pp. 16:1–16:15, doi:http://dx.doi.org/10.4230/LIPIcs.FSTTCS.2017.16. Available at https://hal.archives-ouvertes.fr/hal-01736704/.
-  Daniel Brand & Pitro Zafiropulo (1983): On Communicating Finite-State Machines. J. ACM 30(2), pp. 323–342. Available at https://doi.org/10.1145/322374.322380.
-  Patrick Cousot & Radhia Cousot (1977): Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints. In Robert M. Graham, Michael A. Harrison & Ravi Sethi, editors: Conference Record of the Fourth ACM Symposium on Principles of Programming Languages, Los Angeles, California, USA, January 1977, ACM, pp. 238–252. Available at https://doi.org/10.1145/512950.512973.
-  Giorgio Delzanno & Jan Stückrath (2014): Parameterized Verification of Graph Transformation Systems with Whole Neighbourhood Operations. In Joël Ouaknine, Igor Potapov & James Worrell, editors: Reachability Problems - 8th International Workshop, RP 2014, Oxford, UK, September 22-24, 2014. Proceedings, Lecture Notes in Computer Science 8762, Springer, pp. 72–84. Available at https://doi.org/10.1007/978-3-319-11439-2_6.
-  Emanuele D’Osualdo & Felix Stutz (2019): Decidable Inductive Invariants for Verification of Cryptographic Protocols with Unbounded Sessions. CoRR abs/1911.05430. Available at http://arxiv.org/abs/1911.05430.
-  Alain Finkel (1987): A generalization of the procedure of Karp and Miller to well structured transition system. In Thomas Ottmann, editor: Proceedings of the 14th International Colloquium on Automata, Languages and Programming (ICALP’87), Lecture Notes in Computer Science 267, Springer-Verlag, Karlsruhe, Germany, pp. 499–508, doi:http://dx.doi.org/10.1007/3-540-18088-5_43. Available at http://www.lsv.fr/Publis/PAPERS/PDF/F-icalp87.pdf.
-  Alain Finkel & Jean Goubault-Larrecq (2009): Forward Analysis for WSTS, Part I: Completions. In Susanne Albers & Jean-Yves Marion, editors: 26th International Symposium on Theoretical Aspects of Computer Science, STACS 2009, February 26-28, 2009, Freiburg, Germany, Proceedings, LIPIcs 3, Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, Germany, pp. 433–444. Available at https://doi.org/10.4230/LIPIcs.STACS.2009.1844.
-  Alain Finkel & Philippe Schnoebelen (1998): Fundamental Structures in Well-Structured Infinite Transition Systems. In Claudio L. Lucchesi & Arnaldo V. Moura, editors: Proceedings of the 3rd Latin American Symposium on Theoretical Informatics (LATIN’98), Lecture Notes in Computer Science 1380, Springer, Campinas, Brasil, pp. 102–118, doi:http://dx.doi.org/10.1007/BFb0054314. Available at http://www.lsv.ens-cachan.fr/Publis/PAPERS/PS/FinSch-latin98.ps.
-  Alain Finkel & Philippe Schnoebelen (2001): Well-Structured Transition Systems Everywhere! Theoretical Computer Science 256(1-2), pp. 63–92, doi:http://dx.doi.org/10.1016/S0304-3975(00)00102-X. Available at http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/FinSch-TCS99.pdf.
-  Ekanshdeep Gupta & Alain Finkel (2019): The well structured problem for Presburger counter machines. In Arkadev Chattopadhyay & Paul Gastin, editors: Proceedings of the 39th Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS’19), Leibniz International Proceedings in Informatics, Leibniz-Zentrum für Informatik, Bombay, India, pp. 41:1–41:15, doi:http://dx.doi.org/10.4230/LIPIcs.FSTTCS.2019.41. Available at https://drops.dagstuhl.de/opus/frontdoor.php?source_opus=11603.
-  Bernard Vauquelin & Paul Franchi-Zannettacci (1980): Automates a File. Theor. Comput. Sci. 11, pp. 221–225. Available at https://doi.org/10.1016/0304-3975(80)90047-X.