 Okay, so this work is Essentially a very minor contribution of mine to what I think is a very interesting story. So I'm kind of pleased to present the story There are kind of two components to it. There are prioritized model checking problems which in general are known to be undecidable. So that's fairly negative and Then there are concurrent pushdown systems so which model checking is also known to be undecidable. So that's another negative thing, but um As any sort of primary school mathematician knows if you take two negative things you multiply them together you get something positive So in this case the positive thing is that parameterized model checking problems for concurrent pushdown systems are decidable So if you think I've just performed some kind of sleight of hand here Then you'd be right and the rest of the talk is to explain how the situation arises To make sure you all know what I've actually done I just state my main theorem and if you know the story, then you can probably fall asleep for a bit So we're going to take two pushdown systems. So we have one C and one U So C is a pushdown system that we can think of as a controller process and I'm going to put these two systems in parallel So we're going to take one copy of C and an arbitrary number of U So the whole point is that this number of copies is not fixed from the start It's part of the problem to discover how many copies of U we can get away with And then we're going to take these processors put them in parallel and they're going to communicate through a global store called G So G can have many variables, but for the purpose of this talk, we'll just have one And the processors what they can do is they can write to this store or they can read from this store Now they cannot do this at the same time They cannot check a value and then set it so if they want to look at the value and then write to it They have to do that in two operations So in between those two operations, obviously anything can happen. So that's what we mean by non-atomic And the result is that if you take this problem Yeah, and you say are there a number of U's that we can put with the system To make sure whether a state's reachable and we can decide that in double the exponential time So that's my result and I'll go through the history of this result and why I think it's an interesting story So we're going to begin with the parameterized model checking problem. So this says Given a schematic program P. So that's basically it's a program defined with an input end and How what how this program looks depends on the input end? And we ask is there some value of n that we can pick such that the program that's defined by this end satisfies a certain property fine in this case and it was shown by Aptin-Cosen in 1986 this problem is undecidable and That's even holds true even if each particular pn is finite state And the reason this is undecidable is because well, it's a very kind of simple reasons is that if you take a Turing machine You say that your nth program is the finite state machine that runs a Turing machine for n steps So in n steps, you can only use n cells of your tape. So you have a finite state machine And of course when n becomes a parameter you says do that does there exist an end what you're saying is Does there exist an end such that my machine terminates in n steps? You're solving the whole team problem. So immediately you're undecidable So and they do this for parallel results for systems, but it's very simply parallel in that You put lots of systems together, but you only care about one of them So this is a very pathological result It's very unlikely that you're going to define your program to be run a Turing machine for n steps So we start to say what about more natural instances of this problem So the first result on this that I know of is by Suzuki in 1988 And what he does is he considers ring networks with n nodes on the ring So all of the nodes are identical and they're just in a ring So they can talk to the neighbor on the left and they can talk to the neighbor on the right They store some finite information Themselves and they have a token they pass around So this is a much more natural problem, but unfortunately we're still undecidable and the reason this is is because Thinking about Turing machines again, if we're going to use n cells in our tape We have a network with n nodes where each node is responsible for playing the part of a single cell in the tape So what it does is it stores the value of the cell and the read right head is contained By one of the cells and if it wants to move the head to the right it passes it to its right neighbor If it wants to move it to the left it poops it to its left neighbor So they can simulate Turing machine by passing this control head around And obviously we say is there some size such that blah blah blah and we get undecidability So now we're still undecidable. So you have to think about why is this problem being undecidable? So in this case, we've got a ring communication structure We definitely know the whole simulation works because if you want to move the Turing machine head to the left We talk to our left neighbor. If you want to move to our right, we talk to our right neighbor So it very much depends on being able to talk to your left and talk to your right So the first decided built side wall results in this area basically said well let's break this whole system and Have the situation where we don't know who we're talking to anymore So if you want to talk to our left neighbor, we can try we can send a message to our left But we've no guarantee that we'll actually go to the left. It could go to the right It could go miles way over there if you break this kind of idea So if you want to communicate you have to communicate with some node in the network not with a particular node Then you get decidability so this is a result by Gemini and sister in 1987 and They say for finite state finite state system C in the finite state system you just as I said at the start where you put See the controller in parallel with any number of use then we have decidability and this result is by Petrinets So essentially because you is finite state a Petrinet can be thought of as vector addition system where we have a number of counters you want to see em So because you is finite states we can have a counter for each state of the system They count how many Processes we have in that state and if you want to move a process from state one state two We decrement the first counter increment the second counter. It's very easy and using Petrinet reachability. We get the decidable system So things are looking good. So how can we start to generalize this? So I'm interested in push-down systems as use pizza described in the last talk. They are very interesting systems So we can start to think about this whole network where we've got this kind of confused communication structure a Controller process and some user processes and we say well We know when they're both finite state then we have a good situation But what happens if we let some of these be push-down systems? so Because we're playing with undecidability. I just remind you why push-down systems are undecidable So this is how I draw a push-down system We have our control states which were p and q in the last talk But I've just one two three here and there we have stacks a b a on top of b We can push onto the stack and we can pop from the stack and behave like a push down And as I said at the beginning we have two of these machines communicating. We get undecidability very quickly So the reason this is the case or one proof of this there are many It's because we can use these two two systems to play the part of a Turing machine tape So for a tape we have the part to the left of the set to the left of the Read right head and we have the set the tape to the right So we have our two push-down systems and the first one in its stack is going to store the tape to the right and The second one in its stack is going to store the tape to the left And if it if this guy wants to move its read right head to cell 4 Then that will be simulated just by transferring cell 4 to the other stack And if he wants to move it back into the opposite operation So it doesn't take much for two push-down systems to be able to play the part of a Turing machine and ruin our whole model checking problems So let's go back to this general framework where we have season use If we have the case where these use might be a push-down system and we communicate just by message passing left and right Then we only need a very simple controller that says I'm going to let one process in the cloud be the left and Another process in the cloud be the right So it's going to say only allow one process to be the left and one to be the right And all of the other processors just get stuck doing nothing So in our cloud of millions of push-down systems only two of them are actually doing anything So when these two processors talk, they know they're talking to each other and they can quite happily simulate a Turing machine So if you have this kind of parallel situation and a very simple controller, we're still undecidable Now I guess we're here to that if we get rid of this controller then we're decidable so we have a number of push-down systems you and our machine number in parallel communicating by message passing and we're decidable and The reason this is is because if we want to try and do a Turing machine then There's no controller. So the processors have to guess themselves whether they're going to be left and right. So 20 processors might decide they're on the left 20 processors might decide they're on the right and they'll start trying to talk to each other But because they cannot single out who they're talking to they're just making a confused mess So they carry on talking and in fact by a very simple reachability algorithm. He proved decidability So there's one sort of key sort of property of his proof that I would like to highlight and this is that What he does is he observed that as soon as one push-down system has been capable of performing a single action Then that action can occur as many times as you like it can happen at arbitrary number of times and the reason this is the case is because Suppose some collection of processes together had been able to work together to produce an a action say Then what we can do is we can take that collection of processes and because we're free to choose as big an energy We need we can replicate that collection of processes an arbitrary number of times So as soon as that action happens once it can happen as many times as we like So he does a kind of fixed-point operation saying what actions can be formed with no communication and Then given that those actions can happen one other actions can happen, and he does a fixed point until he knows everything that can happen in the system I was interested in I start to thought how can I just sort of generalize it a bit more so in particular the system loses the controller, so I Thought what well, let's try and put the controller back Secondly the communication is by message passing and I generally think about things in terms of global stores So I thought let's try and put a global store in here, too so at the moment if we have our situation with a controller and our show of users talking via a global store Then we're still undecidable, and this is because in the global store. We can put some locks So if somebody wants to play the left tape, they set the lock to say right Nobody else can play the left and similarly for the right So this is why I have this non-atomic restriction So somebody can read from the state They can look at the lock and see what it is or they can set the lock, but they can't do it a check and set action Atomically so they can try and be the only left process, but in between reading and writing Another 20 processes may also try and be the left so in the case where this read write is non atomic Then we have decidability again in doubly exponential time Okay, so So I have some time so I'll repeat the theorem again. I'll give you a flavor of how the proof works So that's a theorem again in double exponential time. We can solve this reachability problem So we begin with Cologne's observation that as soon as something happened once it can happen an arbitrary number of times So in this case we can't quite be so I know we can be it's a bit little bit more difficult because What the control process does? Can only happen Once really because the control process we can't replicate it So we have to be a bit more careful about what happens, but the user process as soon as the user can do something It can do it as many times as we like so another observation is that we can essentially make Each sort of writes the global store be the responsibility of a single process And that's because in a run say of length M. They're gonna they could be up to M writes to the store so if we want to Replicate this run where all where each process only writes something meaningful once then we just have a Whole collection of processes for each right. We can just duplicate them as many times as we like This sort of act the things that have to happen to the global store in order for a process to do a particular Right that we wanted to do so in this case We might have to read in a reader be right to see read it He write me in order to eventually write this G, which is what we're actually interested in Begin with this and we start making some abstractions So first of all I said that this process is only really responsible for this right at the end So these rights in the middle we can kind of abstract them a bit and just replace them by hash actions So this hash action generally Corresponds to writing something to the store, but something that will not be used by any of the processes So this is going to be kind of a clearing of the store writing an empty value to the store So this alteration is sound because if you destroyed the store you're only blocking things from happening and It's complete because if this particular right happens to be important We just create another set of processes that are responsible for that particular right So it's both sound and complete to do the next observation is that these are just What the process sees happens to the store the process can close its eyes whenever it likes and not look at the store at all So in between any of these actions Anything could happen so it could be that between this reading this a and reading this be then 20 rights occurred to the store We just didn't pay attention Similarly we could decide at any point between here to destroy the value of the store with a hash and just rely on another process To erase our nasty mess that we just made So what we have here is a context-free language defined by the first time system you and we've taken the upwards closure of it We can say as long as this is a sub word word and anything else happens in between them We're okay, so we've taken the upwards closure and due to result by Attica tell in 2008 the outputs closure of a context-free language is regular So that's immediately a nice situation We've gone from having lots of pushdown systems in parallel to having one pushdown system in parallel with some regular systems so then what we do is we Do a kind of product construction utilizing this observation at the top and we Play around with the runs and prove that it all works out fine And we essentially just have to model check a pushdown system The pushdown system is a doubly exponential size because building this up with closure is quite an expensive operation So I'd just like to say a few words on the upwards closure So they're kind of main proof I've done with but I just want to say how I did it so They result by Attica tell I didn't actually know when I wrote the paper and it was pointed out by a reviewer So I actually did a different proof that the opposite closure is regular and I kind of like it So I thought I'd mention it. So there's a result by Aaron fruit and Rosenberg in 1985 Which is I think only cited three times according to Google which I think is a shame because it's kind of a nice result And the paper is very nice to read So what they say is that they talk about strong iterative pairs of a context-free language and what they mean by strong iterative pair are words u x v y and w Such that whenever it is the case that u x to the n v y to the n w is in your language for every n It must also be the case that you can break this connection between x to the n and y to the n and say x to the n y to the n so If that's the case, then you're regular So the reason you can think about this if you know the pumping lemma you know stuff like this So somehow the essence of a context-free language is that these x's and these y's can be connected together to occur the same number of times So if it's the case that This connection is not actually true We could have wires many times as we like irrespective of how many times we have x and we in fact have a regular language So they proved that when these strong iterative pairs are all like this then we have a regular language and it's quite a nice paper and That proof wasn't constructive So I had to do a bit of work just to make sure that we could actually build our autonomous okay, so time to conclude so again to repeat we have a parameterize reachability problem where we have a control process Then I'll show my views and processes each of these are push-down systems They communicate via a global store, but they cannot interact with the store atomically Then we have reachability There are a number of things I'd like to kind of continue from this work so First of all the reason I actually thought of this in the first place was due to weak memory models So if you don't know about weak memory models, so you kind of take what processes actually do rather than what we'd like them to do so in Theory we always think of Concurrent processes as being like an interleaving of the processes But what processes do is they start doing caching and weird things so when you try and construct what actually happened on your processor It's not necessarily necessarily an interleaving anymore So this made me think of these parameterized problems where the communication is not quite as reliable as you'd like it to be Unfortunately, it turns out that this problem is even harder than normal push-down model checking. So there's still some work to be done Another area is the complexity. So I've given a doubly exponential algorithm But in fact I can only prove that it's NP complete and this is not very good It's a bit of a gap, but there are kind of questions. So I'm kind of it seems like a weak system But you can do some nasty things. So I Think that this upwards closure technique at least my proof technique has to be doubly exponential I mean you can get an exponential low bound easily because you can Write a push-down system that produces a string exponentially long. So a regular automaton must be exponentially sized. I Think Attica L might have got a 2x below a bound for the model checking they were thinking about So maybe that implies that their upwards closure should also be double exponential But somehow because you can't really have much control with the global store then Maybe it should only be NP, but I can't think for an MPR There's also some applications to ping pong protocol. So as far as I have a paper where he shows that these ping pong protocols are essentially Systems where as soon as an action happens once it can happen an option number of times But they do not have this control process in their model So I'm wondering whether by adding this control process we can extend their research in some way Okay, I think that's everything. Yeah, great. So that's everything. So thank you very much for your attention