1 Preliminaries
A relation over a set is a quasiordering if it is reflexive and transitive, and a partial ordering if it is antisymmetric as well. It is wellfounded if it has no infinite descending chain. A quasiordering is a wellquasiordering (resp. well partial order), wqo (resp. wpo) for short, if for every infinite sequence , there exist such that . This is strictly stronger than being wellfounded.
One example of wellquasiordering is the componentwise ordering of tuples over . More formally, is wellquasiordered by where, for every , if and only if for every . We extend to where for every . ordered componentwise is also wellquasiordered. Let be a finite alphabet. We write to denote the set of finite words over . For every , we write if is a subword of , i.e. can be obtained from by removing zero, one or multiple letters. is wellquasiordered by .
2 Well Structured Transition Systems
2.1 Well structured transition systems: wqo and monotony
An ordered (labeled) transition system is a triple such that is a (labeled) transition system and is a quasiordering. An ordered transition system is a well structured transition system (WSTS) if is a wellquasiordering and is monotone, i.e. for all and such that and , there exists such that and . Many other types of monotonicities were defined in the literature (see [14]), but, for our purposes, we only need to introduce strong monotonicities. We say that has strong monotonicity if for all and , and implies for some . We say that has strongstrict monotonicity^{1}^{1}1Strongstrict monotonicity should not be confused with strong and strict monotonicities. Here strongness and strictness have to hold at the same time. if it has strong monotonicity and for all and , and implies for some .
Theorem 1.
There are two main techniques for proving these decidability results: backward and forward analysis. The backward coverability algorithm allows to compute the finite basis of the set of all predecessors of the upward closure of a state. The forward coverability algorithm computes the finite reduced reachability tree and the finite (extended) KarpMiller tree (under supplementary hypothesis): these two forward algorithms operate with inductive downward closed invariants.
2.2 A short story of well structured transition systems
Well structured transition systems (initially called structured transition systems in [11]) were initially defined and studied as monotone transition systems equipped with a wellquasiordering on their set of states. Termination was shown decidable for well structured transition systems with transitive monotonicity, while boundedness was shown decidable for well structured transition systems with strict monotonicity in [11]. For a subclass of finitely branching labeled well structured transition systems with strongstrict monotonicity, now called very well structured transition systems in [6], a generalization of the KarpMiller algorithm was shown to compute their coverability sets [11, 6]. In [3], the coverability problem was shown to be decidable for a subclass of well structured transition systems, i.e. labeled well structured transition systems with strong monotonicity [3, Def. 3.4] and satisfying an additional effective hypothesis: the existence of an algorithm to compute the finite set of minimal elements of , where is the set of immediate predecessors of the upwardclosure of a state . In [14], mathematical properties were distinguished from effective properties, and the coverability problem was shown decidable for the entire class of well structured transition systems satisfying the similar additional effective hypothesis that there exists an algorithm to compute the finite set , i.e., the hypotheses of transitions labeling and strong monotonicity made in [3] turned out to be superfluous.
Today, following the presentation of [14], what is mathematically known as well structured transition systems (or shortly well structured systems) is exactly the original class of structured transition systems [11]; and necessary effective hypotheses are added for obtaining decidability of properties such as termination, controlstate reachability, coverability and boundedness.
3 From Programs to Well Structured Transition Systems
3.1 The general method
Given a program and a safety property , let’s describe two steps for verifying that satisfies by using WSTS:

The first step is to build a transition system associated with . This is well known as the operationnal semantics of the program and we are used to this. But the problem is the hudge size of the associated transition system. In general we will define and compute an abstraction of the original program because we may (and must) forget some useless parts of the program that have no effect on property . A kind of such activities is the (static and dynamic) slicing that computes parts of the program that may modify a set of variables and this computation can be done with a small cost. There exist other techniques to build abstractions of the program that produce smaller and tractable programs. We have also to translate the property on into a stateproperty in (sometimes a formula in a logic) that would be decidable for WSTS.

The second step is to look for an ordering having these two desired properties (monotony and well ordering), i.e., such that is WSTS. Let us recall that the termination ordering makes of each transition system a WSTS [14] but this ordering is undecidable so the obtained WSTS is not effective and we cannot deduce the decidability of usual properties. If we find such decidable ordering , we just verify whether satisfies the stateproperty . To make this verification, one usually reduces to a coverability property in .
3.2 What can you do when you can’t find a monotone well ordering ?
Let us analyse two cases that are not directly translatable into WSTS.
3.2.1 We found a well ordering which is not strongly monotone
Let us consider the case in which we found a well ordering but is unfortunately not strongly monotone. Apart from the usual well ordering on integers (Dickson), there exist many well orderings on different kinds of sets: let us enumerate, the multiset ordering, the subword ordering on finite words (Higman), the homeomorphic embedding on finite trees (Kruskal), the minor ordering (Robertson Seymour) on finite graphs,…etc. These orderings can be often extended to the infinite. With Jean GoubaultLarrecq, we define in [12] an algebra allowing the composition of well orderings by many operators like finite cartesian product.
Let us consider a counter machine
. Recall that the usual ordering on positive integers (which extends to vectors of integers) is well (Dickson Lemma) but it is not (strongly) monotone on general counters machines because the guards containing tests to zero are typically not monotone. We may change the original machine into another one which will be a WSTS. We may change the operations and/or the states.
A first drastic action is to remove the tests to zero; another possibility is to replace tests to zero by resets (or by transfers). The new machine is now monotone, hence machine is a WSTS (for the usual ordering) that overapproximates the original counter machine . If never meets a bad state then one may deduce the same for . Other properties like termination, boundedness, nonreachability are also preserved by monotonic abstraction [4].
We may change the states by abstracting them modulo an equivalence relation or even with an ordering. One may also look for a computable abstraction of where and are an abstraction of such that the new transition relation (between abstract states in ) is monotone with respect to which must be still well and then is a WSTS. The Abstract Interpretation [8] could be completed in the direction to produce WSTSs.
Another way is to consider general non monotone models and to test if a particular instance of the model is strongly monotone. This question is decidable, for example, for Presburger counter machine [15].
3.2.2 We found a strongly monotone ordering which is not well
A first possibility is use algorithms in WSTS as semialgorithms in strongly monotone transition systems. But there is another way. The ordering which is not well on the considered set of states could be well on the subset of reachable states. In general, the reachability set is not computable but in some cases, it is possible to compute an overapproximation of the reachability set on which the ordering is well.
Another way is to consider general strongly monotone nonwell ordered transition systems and to test if a particular ordering is well. This question is decidable, for example, for orderings defined by Presburger formulas (Presburger orderings) (see [15] for the decidability for orderings in ).
4 Examples
4.1 Programs with integers
Many programs can be modeled as counter machines (for example programs with lists [5]). Presburger counter machines (PCM) are a general model that allows to express guards and operations as Presburger formulas. It is clear that PCM contain Minsky machines and, as an immediate consequence, all nontrivial properties are undecidable for PCM. Let us now illustrate some notions introduced in step of the strategy described before. Let be a Presburger counter machine with a set finite set of controlstates and counters. Let us first consider the most natural well ordering on integers that we classically extend on vectors as follows: let where is the equality on the finite set and is the vector ordering component by component. By Dickson Lemma, we know that is still well. We cannot directly decide whether is strongly monotone for but we may decide the strong monotony property for because both the description of and of the strong monotony property can be expressed as Presburger formulas [15]. If is strongly monotone for , we may use the WSTS theory. In the case where is not strongly monotone for , we may use the following (nonterminating) semialgorithm that enumerates Presburger formulas representing well orderings on and test, for all , whether is strongly monotone. If there exists an integer such that is well and strongly monotone on , then the termination of the previous semialgorithm is insured. But if there don’t exist such , this enumeration will never terminate and then it don’t provide an algorithm to decide whether there exists a strongly monotone Presburger well ordering for . Let us define the class of existentially (strongly) well structured Presburger counter machines as follows:
Definition 4.1.
A Presburger counter machine is existentially well structured (resp. existentially strongly well structured) if there exists a Presburger well ordering that is monotone (resp. strongly monotone) for .
Coverability and other properties (see Theorem 1) are decidable for existentially well structured PCMs. We may prove that the monotony property is undecidable [15] for PCM of dimension one (and for Minsky machines of dimension ) with the usual well ordering on integers and we conjecture that the existentially well structured problem (i.e., whether a PCM is existentially well structured) is also undecidable. Another natural (and still open) question is then to know whether the existential strongly well structured problem is decidable for PCMs.
4.2 Communication protocols
Let us consider a distributed program composed of a finite set of processes (finite automata, pushdown processes,…) that exchanges messages through fifo channels. We know that queue automata also called fifo machines (i.e., a finite automaton that communicates with an unique fifo buffer also called a bidirectional
fifo channel) may simulate Turing machines and counter machines
[16] and this is still true for two finite automata communicating through onedirectional fifo channels [7]. Let us consider, for simplifying notations, fifo machines (a single sequential controlgraph) communicating with channels and the most natural ordering on words, adapted to the fifo behavior, say the prefix ordering that is extended as previously by . Unfortunatly this ordering is not monotone neither well (except in the trivial case where the channel alphabets are reduced to an unique letter). The subword ordering on finite words is well (Higman’s Theorem) and its classical extension is also well but it is not monotone on fifo machines ; however, is monotone on fifo machines with other semantics (like lossy, insertion), hence such nonperfect fifo machines are WSTS for the extended subword ordering. These kind of nonperfect fifo machines overapproximates original perfect fifo machines and we may apply the monotonic abstraction described previously in Section .4.3 Other programs
There exist many other illustrations of the power of WSTS to verify programs like hardware design, multithreaded programs, distributed systems. Let’s quote programs with pointers and the use of graphs and orderings on graphs (subgraph ordering and minor ordering) to model the state of the memory [2], parameterized verification of distributed algorithms [9], programs with time constraints (timed Petri nets), cryptographic protocols [10], broadcast protocols,…etc.
References
 [1]
 [2] Parosh Aziz Abdulla, Muhsin Atto, Jonathan Cederberg & Ran Ji (2009): Automated Analysis of DataDependent Programs with Dynamic Memory. In Zhiming Liu & Anders P. Ravn, editors: Automated Technology for Verification and Analysis, 7th International Symposium, ATVA 2009, Macao, China, October 1416, 2009. Proceedings, Lecture Notes in Computer Science 5799, Springer, pp. 197–212. Available at https://doi.org/10.1007/9783642047619_16.
 [3] Parosh Aziz Abdulla, Karlis Cerans, Bengt Jonsson & YihKuen Tsay (2000): Algorithmic Analysis of Programs with Well Quasiordered Domains. Inf. Comput. 160(12), pp. 109–127, doi:http://dx.doi.org/10.1006/inco.1999.2843.
 [4] Parosh Aziz Abdulla, Giorgio Delzanno, Noomene Ben Henda & Ahmed Rezine (2009): Monotonic Abstraction: on Efficient Verification of Parameterized Systems. Int. J. Found. Comput. Sci. 20(5), pp. 779–801. Available at https://doi.org/10.1142/S0129054109006887.
 [5] Sébastien Bardin, Alain Finkel, Étienne Lozes & Arnaud Sangnier (2006): From Pointer Systems to Counter Systems Using Shape Analysis. In Ramesh Bharadwaj, editor: Proceedings of the 5th International Workshop on Automated Verification of InfiniteState Systems (AVIS’06), Vienna, Austria. Available at http://www.lsv.enscachan.fr/Publis/PAPERS/PDF/BFLSAVIS06.pdf.
 [6] Michael Blondin, Alain Finkel & Jean GoubaultLarrecq (2017): Forward Analysis for WSTS, Part III: KarpMiller Trees. In Satya Lokam & R. Ramanujam, editors: Proceedings of the 37th Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS’17), Leibniz International Proceedings in Informatics 93, LeibnizZentrum für Informatik, Kanpur, India, pp. 16:1–16:15, doi:http://dx.doi.org/10.4230/LIPIcs.FSTTCS.2017.16. Available at https://hal.archivesouvertes.fr/hal01736704/.
 [7] Daniel Brand & Pitro Zafiropulo (1983): On Communicating FiniteState Machines. J. ACM 30(2), pp. 323–342. Available at https://doi.org/10.1145/322374.322380.
 [8] Patrick Cousot & Radhia Cousot (1977): Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints. In Robert M. Graham, Michael A. Harrison & Ravi Sethi, editors: Conference Record of the Fourth ACM Symposium on Principles of Programming Languages, Los Angeles, California, USA, January 1977, ACM, pp. 238–252. Available at https://doi.org/10.1145/512950.512973.
 [9] Giorgio Delzanno & Jan Stückrath (2014): Parameterized Verification of Graph Transformation Systems with Whole Neighbourhood Operations. In Joël Ouaknine, Igor Potapov & James Worrell, editors: Reachability Problems  8th International Workshop, RP 2014, Oxford, UK, September 2224, 2014. Proceedings, Lecture Notes in Computer Science 8762, Springer, pp. 72–84. Available at https://doi.org/10.1007/9783319114392_6.
 [10] Emanuele D’Osualdo & Felix Stutz (2019): Decidable Inductive Invariants for Verification of Cryptographic Protocols with Unbounded Sessions. CoRR abs/1911.05430. Available at http://arxiv.org/abs/1911.05430.
 [11] Alain Finkel (1987): A generalization of the procedure of Karp and Miller to well structured transition system. In Thomas Ottmann, editor: Proceedings of the 14th International Colloquium on Automata, Languages and Programming (ICALP’87), Lecture Notes in Computer Science 267, SpringerVerlag, Karlsruhe, Germany, pp. 499–508, doi:http://dx.doi.org/10.1007/3540180885_43. Available at http://www.lsv.fr/Publis/PAPERS/PDF/Ficalp87.pdf.
 [12] Alain Finkel & Jean GoubaultLarrecq (2009): Forward Analysis for WSTS, Part I: Completions. In Susanne Albers & JeanYves Marion, editors: 26th International Symposium on Theoretical Aspects of Computer Science, STACS 2009, February 2628, 2009, Freiburg, Germany, Proceedings, LIPIcs 3, Schloss Dagstuhl  LeibnizZentrum fuer Informatik, Germany, pp. 433–444. Available at https://doi.org/10.4230/LIPIcs.STACS.2009.1844.
 [13] Alain Finkel & Philippe Schnoebelen (1998): Fundamental Structures in WellStructured Infinite Transition Systems. In Claudio L. Lucchesi & Arnaldo V. Moura, editors: Proceedings of the 3rd Latin American Symposium on Theoretical Informatics (LATIN’98), Lecture Notes in Computer Science 1380, Springer, Campinas, Brasil, pp. 102–118, doi:http://dx.doi.org/10.1007/BFb0054314. Available at http://www.lsv.enscachan.fr/Publis/PAPERS/PS/FinSchlatin98.ps.
 [14] Alain Finkel & Philippe Schnoebelen (2001): WellStructured Transition Systems Everywhere! Theoretical Computer Science 256(12), pp. 63–92, doi:http://dx.doi.org/10.1016/S03043975(00)00102X. Available at http://www.lsv.enscachan.fr/Publis/PAPERS/PDF/FinSchTCS99.pdf.
 [15] Ekanshdeep Gupta & Alain Finkel (2019): The well structured problem for Presburger counter machines. In Arkadev Chattopadhyay & Paul Gastin, editors: Proceedings of the 39th Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS’19), Leibniz International Proceedings in Informatics, LeibnizZentrum für Informatik, Bombay, India, pp. 41:1–41:15, doi:http://dx.doi.org/10.4230/LIPIcs.FSTTCS.2019.41. Available at https://drops.dagstuhl.de/opus/frontdoor.php?source_opus=11603.
 [16] Bernard Vauquelin & Paul FranchiZannettacci (1980): Automates a File. Theor. Comput. Sci. 11, pp. 221–225. Available at https://doi.org/10.1016/03043975(80)90047X.
Comments
There are no comments yet.