#### DMCA

## Timed lossy channel systems (2012)

Venue: | In: Proc. FSTTCS ’05, 32nd Conf. on Foundations of Software Technology and Theoretical Computer Science |

Citations: | 3 - 1 self |

### BibTeX

@INPROCEEDINGS{Abdulla12timedlossy,

author = {Parosh Aziz Abdulla and Mohamed Faouzi Atig and Jonathan Cederberg},

title = {Timed lossy channel systems},

booktitle = {In: Proc. FSTTCS ’05, 32nd Conf. on Foundations of Software Technology and Theoretical Computer Science},

year = {2012}

}

### OpenURL

### Abstract

Abstract Lossy channel systems are a classical model with applications ranging from the modeling of communication protocols to programs running on weak memory models. All existing work assume that messages traveling inside the channels are picked from a finite alphabet. In this paper, we extend the model by assuming that each message is equipped with a clock representing the age of the message, thus obtaining the model of Timed Lossy Channel Systems (TLCS). The main contribution of the paper is to show that the control state reachability problem is decidable for TLCS. ACM Subject Classification D.2.4 Keywords and phrases Lossy channel systems, timed automata, model checking Introduction During the last two decades there has been a large amount of work devoted to the verification of discrete program models that have infinite state spaces such as Petri nets, pushdown systems, counter automata, and channel machines. In particular lossy channel systems have been studied extensively as a model of communication protocols. Such protocols are designed to work correctly even in the case where the underlying medium is unreliable in the sense that it can lose messages In this paper, we show decidability of the control state reachability problem for TLCS. We show the decidability result through a novel reduction formulated in two steps. First, we introduce a new model called Dynamic Lossy Channel Systems (DLCS) which is a generalization of (untimed) LCS. More precisely, a DLCS contains, in addition to a (fixed) finite set of lossy channels, a dynamic part that contains an a priori unbounded number of channels. The dynamic part behaves as a second-order lossy channel, i.e., a "lossy channel of lossy channels". We show that each DLCS induces a transition system that is well quasiordered in the sense of The complexity of the reachability problem for TLCS is not primitive recursive as it is not primitive recursive already for untimed LCS Preliminaries Notation We use N and R ≥0 to denote the sets of natural numbers resp. non-negative reals. For a real number r ∈ R ≥0 , we define Int(r) as the greatest n ∈ N such that n ≤ r, and Frac(r) as r − Int(r). We call Int(r) the integer part and Frac(r) the fractional part of r respectively. An open interval is written as (i, j) where i ∈ N and j ∈ N ∪ {∞}. Intervals can also be closed in one or both directions, e.g. We use (A → B) to denote the set of total functions from A to B. We say that a function f : N → N is strictly increasing if whenever i < j we also have f (i) < f (j). We use A * to denote the set of finite words over A. For words w 1 , w 2 ∈ A * , we use w 1 · w 2 to denote the concatenation of w 1 and w 2 . We use to denote the empty word. For a word w = a 1 · · · a n , we use w[i] to denote the ith symbol a i in w, and we will write a ∈ w if a = w[i] for some i : 1 ≤ i ≤ n. We will use a similar notation for tuples. We recall the classical subword ordering on the set A * of words, where a 1 . . . a m a 1 · · · a n if there is a strictly increasing injection g : . To simplify the notation, we write ω ∈ (A * ) * as w 1 · · · w n where w 1 , · · · , w n are words in A * . We extend the ordering to (A * ) * in such a way that Transition Systems A transition system is a pair S = Γ, −→ where Γ is the set of configurations, and −→⊆ Γ×Γ is a binary relation on the set of configurations. As usual, we write γ 1 −→ γ 2 instead of γ 1 , γ 2 ∈−→. We use * −→ to denote the reflexive transitive closure of −→. For a set Γ ⊆ Γ of configurations, we define the set P re (Γ ) := {γ| ∃γ ∈ Γ . γ −→ γ }. Sometimes, we equip Parosh Aziz Abdulla, Mohamed Faouzi Atig, and Jonathan Cederberg 3 the set Γ with an ordering and write the transition system as a triple Γ, −→, . We say that S is monotone (wrt. ) if whenever γ 1 −→ γ 2 and γ 1 γ 3 then γ 2 * −→ γ 4 for some γ 4 with γ 3 γ 4 . We say that is a well quasi-ordering (wqo for short), if, for all sequences γ 0 , γ 1 , γ 2 , . . ., there are i < j with γ i γ j . A set U ⊆ Γ is upward closed if whenever γ 1 ∈ U and γ 1 γ 2 then γ 2 ∈ U . The upward closure of a set Γ ⊆ Γ is defined by Γ ↑:= {γ ∈ Γ| ∃d ∈ Γ . d γ}. For sets Γ 1 ⊆ Γ 2 ⊆ Γ, we say that Γ 1 is a minor of Γ 2 if (i) for each γ 2 ∈ Γ 2 there is a γ 1 ∈ Γ 1 such that γ 1 γ 2 , and (ii) γ 1 γ 2 implies γ 1 = γ 2 for all γ 1 , γ 2 ∈ Γ 1 . If is a wqo, then each minor is finite. However, in general, a set may have several different minors. In the applications of this paper, each set Γ has a unique minor, denoted min(Γ ). An instance of the coverability problem consists of two configurations γ 1 and γ 2 . The task is to check whether γ 1 * −→ γ 2 ↑. A transition system Γ, −→, is said to be well quasi-ordered if the following conditions are satisfied: (i) is computable, i.e., for given configurations γ, γ , we can check whether γ 1 γ , (ii) is a wqo, (iii) −→ is monotone wrt. , (iv) for a configuration γ, we can compute the (finite) set min (P re ({γ}↑)). Notice that, since the transition relation is monotone with respect to , it follows that the set P re ({γ}↑) is upward closed. The classical framework of well quasi-ordered transition systems Theorem 1. The coverability problem is decidable for well quasi-ordered transition systems. Timed Lossy Channel Systems In this section, we introduce TLCS, define their operational semantics, and present the reachability problem. Furthermore, we show that it is sufficient to consider a class of "normalized" TLCS where initial ages of messages and new values assigned to clocks are always 0. A TLCS has three parts, a control part, a finite set of clocks, and a finite set of channels. The control part is a finite-state labeled transition system, where the labels are either clock operations or channel operations. The control part can be used to model the total behavior of a number of processes that communicate through the channels. The clocks assume real values, while the channels are unbounded lossy FIFO buffers. Model A Timed Lossy Channel System (TLCS for short) is a tuple T = S, s init , C, M, X, ∆ , where S is a finite set of (control) states, s init ∈ S is the initial control state, C is a finite set of channels, M is a finite set of messages, X is a finite set of clocks, and ∆ is a finite set of transitions. A transition t ∈ ∆ is a triple s 1 , op, s 2 where s 1 , s 2 ∈ S are states and op is an operation of one of the following forms: 1. nop is an empty operation that does not check or update the clock values or the channel contents. 2. c!(m ∈ I) appends a new message m ∈ M to the end of the channel c ∈ C. The initial age of the new message is selected non-deterministically from I ∈ I. 3. c?(m ∈ I) removes (receives) the message at the head of the channel c ∈ C provided that this message is m ∈ M and that its age lies in I ∈ I. 4. x ∈ I checks whether the value of x ∈ X belongs to the interval I ∈ I. 5. x ← I assigns non-deterministically a value to x ∈ X from I ∈ I. Timed Lossy Channel Systems Configurations A configuration γ of T is a triple s, X, ν , where s ∈ S is a control state, X ∈ X → R ≥0 defines the clock values (assigns a real number to each clock), and ν ∈ C → (M × R ≥0 ) * defines the content of each channel (the content of a channel is represented by a word, where each message is represented by a pair containing its name and its age). Transition Relation We define a transition relation on configurations 1. op = nop, X 2 = X 1 , and ν 2 = ν 1 . The empty operation does not affect the clock values or the channel contents. , and δ ∈ I. The transition appends a new message to the end of the channel c with name m, and with an age that belongs to the interval I. , and δ ∈ I. The transition removes the message at the head of the channel c provided that its name is m, and that its age is in the interval I. 4. op = x ∈ I, X 1 (x) ∈ I, X 2 = X 1 , and ν 2 = ν 1 . The transition is enabled only if the value of x belongs to I. The clock values and the channel contents are not affected. Notice that in all five cases the control state changes from s 1 to s 2 . The timed transition relation models the passage of time, in the sense that the values of all clocks and the ages of all messages inside the channels are uniformly increased by (the same) real number. For configurations γ 1 = s, X 1 , ν 1 , γ 2 = s, X 2 , ν 2 , and a real number δ ∈ R ≥0 , the relation γ 1 δ −→ T γ 2 holds if the following two conditions hold: (i) X 2 (x) = X 1 (x) + δ for all x ∈ X, and (ii) for every c ∈ C, if ν 1 (c) is of the form ( . Finally the lossy transition relation allows messages to be lost from the channels at any time. Formally, if γ 1 = s, X, ν 1 and γ 2 = s, X, ν 2 , the relation γ 1 Reachability The initial configuration of a TLCS T is defined by γ init := s init , X init , ν init where X init (x) = 0 for all x ∈ X, and ν init (c) = for all c ∈ C. In other words, T is initiated from a configuration where it is in its initial control state, where all the clocks have a value equal to 0, and where all the channels are empty. A control state s ∈ S is said to be reachable if γ init * −→ T s, X, ν for some X and ν. An instance of the reachability problem consists of an Parosh Aziz Abdulla, Mohamed Faouzi Atig, and Jonathan Cederberg 5 TLCS T = S, s init , C, M, X, ∆ and a control state s ∈ S. The task is to check whether s is reachable. Normalization A TLCS T = S, s init , C, M, X, ∆ such that I = [0, 0] for all s 1 , c!(m ∈ I), s 2 ∈ ∆ is said to be message-normalized. We say that T is clock-normalized if whenever s 1 , x ← I, s 2 ∈ ∆ then I = [0, 0]. Finally, T is normalized if it is both clock-and message-normalized. The following two lemmas show that the reachability problem for general TLCS can be reduced to that for normalized TLCS. Therefore, in the rest of the paper, we assume that all TLCS are normalized. Lemma 2. The reachability problem for TLCS can be reduced to that for message-normalized TLCS. Lemma 3. The reachability problem for TLCS can be reduced to that for clock-normalized TLCS. Dynamic Lossy Channel Systems In this section, we introduce the model of Dynamic Lossy Channel Systems (DLCS for short). The model is a generalization of lossy channel systems Model A DLCS is a tuple D = S, s init , C, Σ, ∆ where S is a finite set of (control) states, s init ∈ S is the initial control state, C is a finite set of channels names, Σ is the channel alphabet, and ∆ is a finite set of transitions. A transition t ∈ ∆ is a triple s 1 , op, s 2 where s 1 , s 2 ∈ S are states and op is an operation of one of the following forms: 1. nop is an empty operation that does not check or update the channels, 2. c!m appends the message m ∈ Σ to the end of the static channel c ∈ C, 3. c?m removes the message m ∈ Σ from the head of the static channel c ∈ C, 6 Timed Lossy Channel Systems 4. send_channel(c) makes a copy of the content of the static channel c to a new dynamic channel, and appends the new channel to the end of the sequence of dynamic channels. 5. receive_channel(c) copies the content of the rightmost dynamic channel to the static channel c ∈ C and then removes this dynamic channel from the sequence of channels. Configurations A configuration d of D is a triple s, ν, ω , where s ∈ S is a control state, ν ∈ (C → Σ * ) is a function that represents the content of the set of static channels C, and ω ∈ (Σ * ) * is the content of the sequence of dynamic channels, also called the dynamic part of D. For configurations d 1 = s 1 , ν 1 , ω 1 , d 2 = s 2 , ν 2 , ω 2 , we say that d 1 d 2 if s 1 = s 2 , ν 1 (c) ν 2 (c) for all c ∈ C, and ω 1 ω 2 (recall the definition of from Section 2). Intuitively, we derive d 1 from d 2 by deleting messages from the channels (both static and dynamic) and by removing dynamic channels.