kleene algebra with tests: a tutorial - part ii [1em]
TRANSCRIPT
![Page 1: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/1.jpg)
Kleene Algebra with Tests: A Tutorial
Part II
Dexter KozenCornell University
RAMiCS, September 17–18, 2012
![Page 2: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/2.jpg)
Today
automata on guarded strings (AGS)
schematic KAT (SKAT)
strictly deterministic automata and flowchart programs
Kleene coalgebra (KC) and Kleene coalgebra with tests (KCT)
automata theory and program schematology
the Brzozowski derivative
minimization as finality
automatic extraction of equivalence proofs and relation toproof-carrying code
![Page 3: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/3.jpg)
Automata on Guarded Strings (AGS)
A generalization of classical automata theory to include Booleans
An ε-transition is really a 1-transition (i.e., an ordinary automatonwith ε-transitions is an AGS over the two-element Boolean algebra)
Classical constructions of ordinary finite-state automata generalizereadily
determinization
state minimization
Kleene’s theorem
![Page 4: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/4.jpg)
Automata on Guarded Strings (AGS)
Labeled transition system with states Q,start states S ⊆ Q, accept states F ⊆ Q
atomic action symbols Σ, atomic test symbols T ,B = the free Boolean algebra generated by T ,At = {atoms of B}
action transitions sp−→ t, p ∈ Σ
test transitions s b−→ t, b ∈ B
inputs are guarded strings α0p0α1p1 · · ·αn−1pn−1αn
traces s0q0s1q1 · · · sn−1qn−1sn where siqi−→ si+1, qi ∈ Σ ∪ B
x accepted if ∃ trace s0q0s1q1 · · · sn−1qn−1sn such that s0 ∈ S ,sn ∈ F , x ∈ G (q0, . . . , qn−1)
![Page 5: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/5.jpg)
Automata on Guarded Strings (AGS)
b
a + b
pb
q
b
a
a
ab p ab q ab q ab p abN
trace: bpqbaqpb
![Page 6: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/6.jpg)
Automata on Guarded Strings (AGS)
b
a + b
pb
q
b
a
a
ab p ab q ab q ab p abN
trace: bpqbaqpb
![Page 7: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/7.jpg)
Automata on Guarded Strings (AGS)
b
a + b
pb
q
b
a
a
ab p ab q ab q ab p abN
trace: bpqbaqpb
![Page 8: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/8.jpg)
Automata on Guarded Strings (AGS)
b
a + b
pb
q
b
a
a
ab p ab q ab q ab p abN
trace: bpqbaqpb
![Page 9: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/9.jpg)
Automata on Guarded Strings (AGS)
b
a + b
pb
q
b
a
a
ab p ab q ab q ab p abN
trace: bpqbaqpb
![Page 10: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/10.jpg)
Automata on Guarded Strings (AGS)
b
a + b
pb
q
b
a
a
ab p ab q ab q ab p abN
trace: bpqbaqpb
![Page 11: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/11.jpg)
Automata on Guarded Strings (AGS)
b
a + b
pb
q
b
a
a
ab p ab q ab q ab p abN
trace: bpqbaqpb
![Page 12: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/12.jpg)
Automata on Guarded Strings (AGS)
b
a + b
pb
q
b
a
a
ab p ab q ab q ab p abN
trace: bpqbaqpb
![Page 13: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/13.jpg)
Automata on Guarded Strings (AGS)
b
a + b
pb
q
b
a
a
ab p ab q ab q ab p abN
trace: bpqbaqpb
![Page 14: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/14.jpg)
Automata on Guarded Strings (AGS)
b
a + b
pb
q
b
a
a
ab p ab q ab q ab p abN Accept!
trace: bpqbaqpb
![Page 15: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/15.jpg)
Deterministic Automata
1 exactly one start state
2 each state is an action state or a test state, not both
3 action states: exactly one transition for each element of Σ
4 test states: exiting tests are propositionally pairwise exclusive andexhaustive
5 every cycle contains at least one action state
6 all final states are action states
![Page 16: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/16.jpg)
Some Facts
Kleene’s theorem (nondeterministic automaton constructed is linearin the size of the KAT expression)
PSPACE -completeness
can determinize with a subset construction
can minimize via a variant of Myhill–Nerode
minimal OBDDs are a special case of this construction
![Page 17: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/17.jpg)
Schematic KAT (SKAT)
x := s ; y := t = y := t[x/s] ; x := s (y 6∈ FV(s))
x := s ; y := t = x := s ; y := t[x/s] (x 6∈ FV(s))
x := s ; x := t = x := t[x/s]
ϕ[x/t] ; x := t = x := t ; ϕ
In particular,
x := s ; y := t = y := t ; x := s (x 6∈ FV(t), y 6∈ FV(s))
ϕ ; x := t = x := t ; ϕ (x 6∈ FV(ϕ))
![Page 18: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/18.jpg)
Scheme EquivalenceExample of Paterson from [Manna 74]
start
y1 := x
y4 := f (y1)
y1 := f (y1)
y2 := g(y1, y4)
y3 := g(y1, y1)
P(y1)
y1 := f (y3)
P(y4)
P(y2)y2 := f (y2) P(y3)
z := y2
halt
T
F
TF T
T
FF
start
y := f (x)
P(y)
y := g(y , y)
P(y)
loop
y2 := f (f (y))
z := y
halt
T
F
FT
![Page 19: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/19.jpg)
Scheme EquivalenceExample of Paterson from [Manna 74]
x1 p41 p11 q214 q311 a1 p13 a4 a2 a3 z2
a2p22a1 a4
a3
s a q a
a
z
r
x1p41p11q214q311(a1p11q214q311)∗a1p13
ooo((a4 + a4(a2p22)∗a2a3p41p11)q214q311(a1p11q214q311)∗a1p13)∗
ooooooa4(a2p22)∗a2a3z2z
= saq(araq)∗az
![Page 20: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/20.jpg)
Strictly Deterministic Automata
Flowchart programs correspond to a limited class of AGS called strictlydeterministic.
Intuitively:
An input is an infinite sequence of atoms provided by an externalagent
The automaton responds to each atom in sequence deterministicallyaccording to its transition function—either
emits an action symbol and moves to a new state,
halts, or
fails
![Page 21: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/21.jpg)
Strictly Deterministic Automata
Formally, a strictly deterministic automaton over Σ,T is astructure
M = (Q, δ, start)
where Q is a set of states, start ∈ Q is a start state, and
δ : (Q × At) → (Σ× Q) + {halt, fail},
(Note: halt, fail are not states)
![Page 22: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/22.jpg)
Strictly Deterministic Automata
Given a state s and an infinite sequence of atoms σ ∈ Atω, there is atmost one finite or infinite guarded string gs(s, σ) obtained by running theautomaton starting in state s.
Formally, define a partial map
gs : (Q × Atω) → (At · Σ)∗ · At + (At · Σ)ω
coinductively:
gs(s, α σ)def=
α · p · gs(t, σ), if δ(s, α) = (p, t)
α, if δ(s, α) = haltundefined, if δ(s, α) = fail
The set of (finite) guarded strings represented by M is
gs(M)def= {gs(start, σ) | σ ∈ Atω} ∩ (At · Σ)∗ · At.
![Page 23: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/23.jpg)
Bisimulation Between Strictly Deterministic Automata
A bisimulation between M and N is a binary relation ≡ between QM andQN such that
startM ≡ startN , and
if s ≡ t then
δM(s, α) = halt ⇔ δN(t, α) = halt;
δM(s, α) = fail ⇔ δN(t, α) = fail;
δM(s, α) = (p, s ′) ∧ δN(t, α) = (q, t′) ⇒ p = q ∧ s ′ ≡ t′.
![Page 24: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/24.jpg)
Bisimulation Between Strictly Deterministic Automata
TheoremIf M and N are bisimilar, then gs(M) = gs(N).
Moreover, the converse is true ifM never fails,every reachable state in M can reach halt.
Proof.
(⇐) Define s ≡ t def⇐⇒ ∀σ ∈ Atω gsM(s, σ) = gsN(t, σ).Property 2 is easy to check. For property 1, wantgsM(startM , σ) = gsN(startN , σ) for all σ. Since gs(M) = gs(N), ifgsM(startM , σ) is finite, then so is gsN(startN , σ) and they are equal. Thus
gsM(startM ,−) : Atω → (At · Σ)∗ · At + (At · Σ)ω
gsN(startN ,−) : Atω → (At · Σ)∗ · At + (At · Σ)ω
agree on the set {σ | gsM(startM , σ) is finite}. This set is dense in Atω.Moreover, the two functions are continuous, and continuous functions thatagree on a dense set must agree everywhere.
![Page 25: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/25.jpg)
Strictly Deterministic Automata
Every while program is equivalent to a strictly deterministic automaton:
while b do {while c do q;p;
}
0
2
halt
1
3
b
b
c
c
p
q
0
halt
1
bcqbcp
bcbc
bcpbcp bcq
bcq
The converse is false (Ashcroft & Manna 1972)
![Page 26: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/26.jpg)
The Böhm–Jacopini Theorem
Theorem (Böhm–Jacopini 1966)Every deterministic flowchart program is equivalent to a while program.
Formulated and proved in a first-order setting
Their construction introduced extra auxiliary variables
Are the auxiliary variables necessary?
![Page 27: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/27.jpg)
A Negative Result
Theorem (Ashcroft & Manna 1972)There is a deterministic flowchart program that cannot be converted to awhile program without auxiliary variables.
Formulated and proved in a first-order setting
Counterexample has 13 states
![Page 28: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/28.jpg)
—from (Ashcroft & Manna 1972)
![Page 29: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/29.jpg)
Kosaraju’s Counterexample
—from (Kosaraju 1973) halt
p1
p1
p2
p2
a
. . . is not a counterexample: while p1p2 do a
![Page 30: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/30.jpg)
Kosaraju’s Counterexample
—from (Kosaraju 1973) halt
p1
p1
p2
p2
a
. . . is not a counterexample: while p1p2 do a
![Page 31: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/31.jpg)
The Loop Hierarchy
Theorem (Kosaraju 1973)Every deterministic flowchart is equivalent to a loop program withmultilevel breaks. Moreover, there is a strict hierarchy depending on thelevel of breaks allowed.
loop {...loop {
...break 1;...
}← break 1 comes here...
}
loop {...loop {
...break 2;...
}...
}← break 2 comes here
![Page 32: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/32.jpg)
—from (Kosaraju 1973)
![Page 33: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/33.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02
α0
α2p12
α0p10
α1
α0p20
α1p21
α2
![Page 34: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/34.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2
0
α1
An innermostaccessible loop
![Page 35: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/35.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2
0
1
α1
α1p01
![Page 36: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/36.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1
α1p01
![Page 37: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/37.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1
2
α1p01
α2p12
![Page 38: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/38.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1
21
α1p01
α2p12
α1p21
![Page 39: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/39.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1
21
2
α1p01
α2p12
α1p21
α2p12
![Page 40: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/40.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1Error!
21
2
α1p01
α2p12
α1p21
α2p12
α1
![Page 41: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/41.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1
21
α1p01
α2p12
α1p21
![Page 42: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/42.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1
21
2
α1p01
α2p12
α1p21
α2
α2p12
![Page 43: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/43.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1
2
α1p01
α2p12
![Page 44: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/44.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1
0
2
α1p01
α2p12
![Page 45: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/45.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1
02
2
α1p01
α2p02
α2p12
![Page 46: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/46.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1
02
0
2
α1p01
α2p02
α0p20
α2p12
![Page 47: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/47.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1
02
0
2Error!
α1p01
α2p02
α0p20
α2
α2p12
![Page 48: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/48.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1
02
2
α1p01
α2p02
α2p12
![Page 49: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/49.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1
02
02
α1p01
α2p02
α0
α2p12
α0p20
![Page 50: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/50.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1
02
α1p01
α2p12
α0p20
![Page 51: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/51.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1
02
α1p01
α2p12
α0p20
![Page 52: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/52.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1
0
02
α1p01
α0p10
α2p12
α0p20
![Page 53: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/53.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1
02
02
α1p01
α0p10
α2p02
α2p12
α0p20
![Page 54: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/54.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1
02
1
02
α1p01
α0p10
α2p02
α1p21
α2p12
α0p20
![Page 55: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/55.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1
02
1
0Error!
2
α1p01
α0p10
α2p02
α1p21
α0
α2p12
α0p20
![Page 56: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/56.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1
02
02
α1p01
α0p10
α2p02
α2p12
α0p20
![Page 57: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/57.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1 Error!
02
02
α1p01
α0p10
α2p02
α1
α2p12
α0p20
![Page 58: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/58.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1
0
02
α1p01
α0p10
α2p12
α0p20
![Page 59: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/59.jpg)
A 3-State SDA not Equivalent to Any While Program
halt
0
1 2
α1p01
α2p02α0
α2p12
α0p10
α1
α0p20
α1p21
α2 1
0
02 Error!
α1p01
α0p10
α2
α2p12
α0p20
![Page 60: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/60.jpg)
A 3-State SDA not Equivalent to Any While Program
If there is no state bisimilar to 0or 2 inside the loop, the loop isequivalent to
while α1 {p01;if α1 then halt;
}
. . . which is equivalent to
if α1 then {p01;if α1 then halt;
}
1
02
α1p01
α0p10
α0 + α2
α2p12
![Page 61: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/61.jpg)
A 3-State SDA not Equivalent to Any While Program
If there is no state bisimilar to 0or 2 inside the loop, the loop isequivalent to
while α1 {p01;if α1 then halt;
}
. . . which is equivalent to
if α1 then {p01;if α1 then halt;
}
1
02
α1p01
α0p10
α0 + α2
α2p12
![Page 62: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/62.jpg)
Loops Programs are Sufficient
Theorem (Kosaraju 73)Every program is equivalent to a program with loops and multilevelbreaks but without gotos.
![Page 63: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/63.jpg)
Example
halt
0
1 2
α1p01
α2p02
α0
α2p12
α0p10
α1
α0p20
α1p21
α2
![Page 64: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/64.jpg)
Example
0
1 2
2 1
halt
α1p01 α2p02
α0
α2p12
α0p10
α1
α1p21
α0p20
α2
α1p21
α0p20
α2
α2p12
α0p10
α1
![Page 65: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/65.jpg)
Example
0
1 2
2 1
halt
α1p01 α2p02
α0
α2p12
α0p10
α1
α1p21
α0p20
α2
α1p21
α0p20
α2
α2p12
α0p10
α1
![Page 66: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/66.jpg)
Example
loop {if α0 then break 1;if α1 then {
p01;loop {
if α1 then break 2;if α0 then {
p10;break 1;
} else {p12;if α2 then break 2;if α0 then {
p20;break 1;
}else p21;
}}
} else {p02;loop {
if α2 then break 2;if α0 then {
p20;break 1;
} else {p21;if α1 then break 2;if α0 then {
p10;break 1;
}else p12;
}}
}}
![Page 67: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/67.jpg)
Equational Treatment of Nonlocal Control Flow
A rigorous equational treatment of control constructs involvingnonlocal transfer of control using KAT and AGS
goto `
loop/break n
continue, exception handlers, try-catch-finally
Compositional semantics
Complete equational axiomatization
![Page 68: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/68.jpg)
The Coalgebraic Theory
Kleene coalgebra (KC) and Kleene coalgebra with tests (KCT)
the Brzozowski derivative
minimization as finality
automatic extraction of equivalence proofs and relation toproof-carrying code
![Page 69: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/69.jpg)
Automata as Coalgebras
algebra coalgebraconstructors destructorsinitial algebras final coalgebrasleast fixpoints greatest fixpoints
Example: Σω = infinite streams over Σ with operations
head(a0a1a2a3 · · · ) = a0
tail(a0a1a2a3 · · · ) = a1a2a3 · · ·
A coalgebra of this signature is (S , obs, cont), where obs : S → Σ andcont : S → S .
Every state s ∈ S generates a unique streamh(s) = obs(s), obs(cont(s)), obs(cont2(s)), . . ..
The streams (Σω, head , tail) form the final coalgebra, and the map h isthe unique homomorphism (S , obs, cont)→ (Σω, head , tail).
![Page 70: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/70.jpg)
Automata as CoalgebrasRutten 1998, Bonsangue 2008, Silva 2010
Automata ≈ coalgebras
Myhill-Nerode state minimization ≈ quotient by maximalbisimulation
minimal automaton ≈ final coalgebra
Brzozowski derivative ≈ a coalgebra of expressions
![Page 71: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/71.jpg)
Kleene Coalgebra (KC)A deterministic automaton without a start state
A Kleene coalgebra (KC) over Σ is a structure (S , δ, F ), where
S is a set of states
δp : S → S , p ∈ Σ is the transition function
F : S → 2 are the accept states.
Define L : S → Σ∗ → 2 (i.e., L : S → 2Σ∗) coinductively:
L(s)(ε) = F (s)
L(s)(px) = L(δp(s))(x)
Then
L(s)(x) = 1 iff x is accepted starting from state s
L is the unique KC-homomorphism to the final coalgebra
its kernel is the unique maximal autobisimulation
![Page 72: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/72.jpg)
Brzozowski Derivative (Brzozowski 1964)
A certain Kleene coalgebra (2Σ∗ , D, E ):
Dp : 2Σ∗ → 2Σ∗ defined by Dp(A) = {x | px ∈ A}
E : 2Σ∗ → 2 defined by E (A) =
{1 if ε ∈ A0 if ε 6∈ A
This is the final KC over Σ
![Page 73: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/73.jpg)
Brzozowski Derivative, Syntactic Form
Another Kleene coalgebra (RExpΣ, D, E ):
Dp : RExpΣ → RExpΣ E : RExpΣ → 2
Dp(e + e′) = Dp(e) + Dp(e′) E (e + e′) = E (e) + E (e′)Dp(ee′) = Dp(e) · e′ + E (e) · Dp(e′) E (ee′) = E (e) · E (e′)
Dp(e∗) = Dp(e) · e∗ E (e∗) = 1Dp(p) = 1 E (p) = 0, p ∈ Σ
Dp(q) = 0, q 6= p E (1) = 1Dp(1) = Dp(0) = 0 E (0) = 0
L(e) = the regular subset of Σ∗ represented by e
Kernel of L is KA equivalence = maximal autobisimulation
![Page 74: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/74.jpg)
Coinductive Equivalence Proofs
To prove e = e′, suffices to establish a bisimulation ≡ between{Dx(e) | x ∈ Σ∗} and {Dx(e′) | x ∈ Σ∗} with e ≡ e′
Bisimulation:
e ≡ e′ ⇒ Dp(e) ≡ Dp(e′), p ∈ Σ
e ≡ e′ ⇒ E (e) = E (e′)
The set {Dx(e) | x ∈ Σ∗} is finite modulo the axioms of idempotentsemirings
Can generate the maximal ≡ automatically (if one exists)
![Page 75: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/75.jpg)
Extension to KAT (Chen & Pucella 2003)
Automatic proof generation for proof-carrying code (Necula & Lee1997)
There is a PSPACE decision procedure for KAT, but it only gives aone-bit answer
Equational proofs require "cleverness", whereas coalgebraic proofscan be produced purely mechanically (Chen & Pucella 2003)
Not true, actually (Worthington 2008)
can produce equational proofs in PSPACE
exponential length in the worst case (but probably unavoidable, sincePSPACE -complete)
![Page 76: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/76.jpg)
Kleene Coalgebra with Tests (KCT)Deterministic AGS without a start state
A KCT over Σ,T is a structure (S , δ, ε), where
δ : At · Σ→ S → S ε : At→ S → 2δαp : S → S εα : S → 2
Define L : S → G → 2 coinductively:
L(s)(α) = εα(s) L(s)(αpx) = L(δαp(s))(x)
Then
L(s)(x) = 1 iff x is accepted starting from state s
L is the unique KCT-homomorphism to the final coalgebra
![Page 77: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/77.jpg)
The Brzozowski Derivative
A KCT (2G , D, E ) where
D : At · Σ→ 2G → 2G E : At→ 2G → 2
Dαp : 2G → 2G Eα : 2G → 2Dαp(A) = {x | αpx ∈ A} Eα(A) = 1 if α ∈ A, 0 if α 6∈ A
L : 2G → G → 2L(A)(α) = Eα(A) L(A)(αpx) = L(Dαp(A))(x)
L(A)(x) = 1 iff x ∈ A
![Page 78: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/78.jpg)
Syntactic Form
Another KCT (RExpΣ,T , D, E )
Dαp : RExpΣ,T → RExpΣ,T Eα : RExpΣ,T → 2
Dαp(e + e′) = Dαp(e) + Dαp(e′) Eα(e + e′) = Eα(e) + Eα(e′)Dαp(ee′) = Dαp(e) · e′ + Eα(e) · Dαp(e′) Eα(ee′) = Eα(e) · Eα(e′)
Dαp(e∗) = Dαp(e) · e∗ Eα(e∗) = 1Dαp(p) = 1 Eα(p) = 0, p ∈ Σ
Dαp(q) = 0, q 6= p Eα(b) =
{1 if α ≤ b, b ∈ B0 if not
Dαp(1) = Dαp(0) = 0
L(e) = the regular set of guarded strings represented by e
![Page 79: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/79.jpg)
Complexity
LemmaAny KAT expression e has at most 2|e| derivatives modulo the semiringaxioms.
TheoremCan generate coinductive equivalence proofs (bisimulations) andinequivalence proofs (witnesses to the nonexistence of a bisimulation)automatically in PSPACE (matches (Worthington 2008) for equationalproofs in KAT)
Proof.Construct two nondeterministic finite automata by Kleene’s theorem forKAT expressions, determinize by the subset construction,nondeterministically guess a counterexample to bisimiliarity in PSPACE .Make deterministic by Savitch’s theorem.
![Page 80: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/80.jpg)
What I Haven’t Talked About. . .
alternative and weaker axiomatizations (left-handed, non-strict,non-idempotent. . . )
total correctness, concurrency
domain KA, Kleene modules
ω-KA
applications (compiler optimization, static analysis, pointer analysis,. . . )
complexity issues
implementations
![Page 81: Kleene Algebra with Tests: A Tutorial - Part II [1em]](https://reader035.vdocuments.site/reader035/viewer/2022071603/613d7993736caf36b75dc3b6/html5/thumbnails/81.jpg)
Thanks!