 Hi, welcome to my talk on our paper complexity of life-ness in parameterized systems This is joint work with Roland and brakash. So we have seen Two talks already on verification this day and it seems that verification is actually a hard problem It's a bit like climbing a mountain so and There are tons of tools that actually perform very well for verification tasks. So Let's represent them by something that is very good in climbing mountains for instance an IPEX on the other side We know that these problems have very hard worst-case complexity. So when we put it on that it's more like this Like pushing a stone up the hill So why is this the case? so what tools can do is they use additional structure of Examples or instances and parameters for their optimization This worst-case complexity is measured in a very rough thing namely the input size only so Why don't we take the parameters that are used by the tools and measure the complexity of the verification tasks in these instead and This is where track A comes into picture. So I will give a short introduction on parameterized complexity This is what we use So what is parameterized complexity? It is the analysis of parameterized problems. Well, what is a parameterized problem? It looks like a usual decision problem. So we have an instance input and a question the input consists of an instance like in classical complexity theory and a list of parameters and these parameters are used to describe the structure of the instance in more detail and The question that we pose is does the instance satisfy a certain? Parameter dependent condition. So everything that is related to parameter is marked blue here Okay, and the goal of this is We want to measure the influence of the parameters on the problems complexity more precise So we want to identify parameters that make the problem hard or Parameters that allow for the construction of fast algorithm. So there's a special class of parameterized problems It's called the fixed parameter tractable problems. They are Almost solvable in polynomial time up to parameters. Okay, what does that mean? We say a parameterized problem is fixed parameter tractable or short f p t If it has an algorithm that runs in time f of k times Poli n f is A computable function that only depends on the parameter. So this is the only part I mean where a non polynomial blower happens The rest or the remaining part is a polynomial in the input size n so it really only depends polynomially on n and Exponentially or more on the parameter k and And the idea is if the parameter k is small in practice, then we obtain a fast algorithm and Usually the running time of such problems is dominated by this f of k. So we denote it by o star f of k Okay, so we are interested in The precise values of such an f and this is usually referred to as fine-crimmed analysis So let's assume we have a problem that is f p t and is solvable in o star f of k then What can such a f be and it can for instance look like the following? It's either 2 power k 2 power root k k power k can be anything the natural question is Once we have such a k such an f is there a smaller one that we can find and Finding a smaller f means we have to find the faster algorithm for the problem The other way is is there a least f that we need to solve the problem they are also approaches to this and This is finding lower bounds. There's something called the exponential time hypothesis that is a standard assumption used for lower bounds and Intuitively this provides us with some sort of speed limits Maybe in that case 2 power small o of k and this in this excludes some of the f's that we have here for instance 2 power root k and 2 power k divided by log k would be excluded from the list So we would know that we need at least for instance 2 power k or 1.4 power k would still work and What we are interested in is we want to find optimal f So in fact we want fast algorithms, but sometimes we cannot avoid having a lower bound So we applied this to a problem called leader contributor lifeness. So the leader contributor model is We have a leader threat and We have a shared memory and we have identical contributor threats. So can be arbitrarily many Both leader and contributors have read and write access to shared memory and we model the whole thing by Non-deterministic finite automaton NF8 pl for the leader We have a memory cell D within some initial value a 0 and We have a family of identical contributors. So these are modeled by NFA's PC. They all look the same Then leader and contributors can read. This is marked by the question mark be or write exclamation mark be from or to the memory and this model is Parameterized so this parameterized is different parameterized than in the complexity world This parameterized means the number of contributor threats. It's not a constant number We don't know it precisely. We only know it's fixed, but it's arbitrary from the beginning This is also different from dynamic threat creation. So the number is fixed a priori, but I mean can be arbitrarily many and Then a leader contributor system Consists of the domain the initial value the leader and the contributor Okay So how does this work? What is the semantics of this model? We have the leader. Let's assume it looks like this. So it reads a it reads B and it can write C and We have a contributor PC This mark green which looks like this Okay, now the space of configurations in this case, let's assume we have one contributor is The states of the leader times the domain of the memory times the state of the contributor and the computation For instance looks like the leader is currently in Q zero the current memory value is a zero the initial value the current position of the contributor is P zero now The contributor can write a to the memory and move to P1. It's that transition Now the memory value changes from a zero to a because it's written a to the memory Now the leader can actually read a and move to Q1 This would be that transition now if we add a second contributor It's market orange then the space of configurations will change. So now we will have Two components for the states of the contributors and it works as expected. I mean like before Let's for instance assume The con the green contributor writes a to the memory then we move to that configuration with current memory value a now The leader can read a then the next contributor writes B to the memory now the leader can actually read B and then The leader can write C to the memory and both contributors can now move back to their Initial state and actually we can loop in this configuration. So we can repeat the whole process Now for this model and that is semantics. We look at the life-ness problem What is life-ness or what do I mean with life-ness in this context is? Can the leader repeatedly reach a final state? So formally We're given as input a leader contributor system s and a set of final states f of the leader and the question is Does there exists a computation such that a final state in this computation sigma occurs infinitely often? I mean the usual repeated reach ability problem the problem is known to be NP complete since 2015 and We perform a parameterized complexity analysis for this problem in the parameters of the Corresponding reach ability problem that was investigated last year. So what are these parameters? so first of all we look at the states or the number of states of the leader as Is the first parameter we look at the size of the domain and We look at the number of states of the contributor So these are the three parameters that we look at and we want FPT algorithms for these and it turns out that I mean the two most interesting parameterizations are first by the States of the leader and the size of the domain and the second by the states of the contributor. So what are the results? First of all we prove some sort of meta theory that says we can divide the life-ness problem into reachability and cycle finding problem like it is also the case for many other systems and The life-ness problem LCL can be solved in time reach times cycle So reach is the time we need to solve the reachability problem cycle is the time we need to solve the cycle detection problem. So We are solving LCR the reachability problem and we solve the cycle finding problem and it was already known that LCR can be solved in two power C on last year. This is what's also proven to be optimal What we did in the paper is we looked at other parameterization in LND and solved it in L plus D O of L plus D and proved it to be optimal and we also solved the cycle finding problem and Surprisingly this was possible in polynomial time. This is Roughly a fixed point iteration mixed with Tachan's algorithm for finding SECs Okay, and if we put things together, so We can I mean combine it with this meta theory to get an algorithm for LCL One that runs in two power C the other one that runs in L plus D power O L plus D and This is also optimal because the lower bounds from the reachability problem actually carry over to the life-ness problem and And for the remaining talk, I will give you a slight intuition of how the algorithm for that theorem actually works Okay, so we solved the reachability problem now. What is the reachability problem? we're given like an life-ness problem a leader contributor system and a set of final states F and We want to know whether there's a computation sigma such that in the Configuration that I reach see the leader is in a final state. So pi Lz is just a projection to the component of the leader Also, this problem is NP complete and There's a deterministic algorithm from last year that runs in L times D power O L times D this algorithm is basically an iteration over witnesses a witness is just a short form of representing a run in Instead of an iteration what we did is we did a dynamic programming and We did not work with witnesses directly. We worked with short witnesses and these two ingredients were enough to get a better running time okay, so What are witnesses? Witnesses are actually there for one thing to make computation short again Okay, so what is the leader doing during a computation? well The leader runs through some states q1 q2 q3 until it ends in some state q then let's assume We have two contributors namely a green one that does something and orange one that also does something okay, now the first step to obtain a witness is we Projects the computation just to the run of the leader and we ignore reads. So what do I mean by that? well The first step is the leader starts in q1 and writes an a so we put q1 comma a It goes to q2 and reads a b The only thing that we remember is it goes to q2 and it read something. So we just put the bottom symbol there Then it is in q3 and write c we mark that and so on and the run of the leader ends actually in state q now What we remember from the contributors is only the first right positions a first right is when a value of The memory is written for the first time by a contributor This happens here with right b Let's say when the leader is actually in state q2 and it happens here write d when the leader is in q4 Why is this important? Well first rights are important because Once a contributor has provided a certain symbol we can assume an arbitrary number of contributors providing a symbol This is the power of this parameterized model. This is also called the copycat lemma so we can actually assume that Whenever I need this symbol for the leader, it is just there. There is some contributor that can provide it okay, and remembering these Positions of the first rights is just a map from one to the number of first rights into the witness Okay, and the witness in short is the word w. So let's just put it as w q sigma Okay, so having such a witness When does it actually corresponds to a actual computation? This is something that we have to define Let's assume we have this witness of the second thing that we did when representing Runs by witnesses is we forgot about the precise values of the first right. We only mark positions, right? So the first thing that we need is so-called first right sequences. These are just sequences of distinct data values and Now we can define it along this sequence beta. So x is valid so Valid later means it corresponds to an actual computation x is valid if it is leader valid and contributor valid Okay, so what does this mean? leader valid means The witness actually encodes a proper run of the leader So whenever there's a right in the witness There's also a transition in the leader whenever there's a read and this is not a point The read is from a earlier first right. This is why you remember the first rights Okay, and then we call this L-valid beta of x then we can do the same thing for the contributor so The contributors have to provide the first rights at certain positions This is what we have to ensure and this is exactly what contribute a validity is so we'll not go into Too many details here one thing that we need to ensure is that We can provide all the reads that the contributor needs to provide the first right in the end and this is many less see valid and together This is just called validity. Of course, there's a criterion for this then there exists a computation that leads to a final state even only if there is a witness and a first right sequence beta Such that x is valid along beta Okay, this Validity is something that we can evaluate in polynomial time. So the first idea for an algorithm would be Yeah, let's just iterate over all witnesses and first right sequences and Just evaluate valid beta One can do this but this is too slow. This is expensive a Better idea is to change the notion of witnesses a bit so in fact we will we will switch to short witnesses and This will be done by somehow cutting out loops that appear in the witness itself. So if it looks like this Then we know the leader runs in a loop from q1 to q4. It's actually the same state so why not cutting out this loop and just obtain q1 and we immediately go to q5 then and The only thing that we need to ensure is that the first rights that appear on the loop will now appear on the state Where the loop starts and ends? Okay, so in a short witness the leader states are distinct I mean something we can define the only thing that we have to prove now is that Validity is somehow compatible with this shrinking. I mean it has to be compatible with the short with the notion of short witnesses now How do we ensure this well a witness X is always the product of short witnesses, okay? so this is a witness rather long and We just mark the runs from sigma one for instance to sigma 2 by x2 for sigma 2 to sigma 3 by x3 These are all short witness short witnesses. There's no point between first rights for the leader to run in a loop so Actually, we have that x the whole witness is the product of x1 up to xl where each xi is the run between two first rights now Assume we already know that the run x1 x2 x3 is l valid. So it's a proper run of the leader Now we want to know whether when we append x4 is this still a proper run of the leader and The problem is that this y is not a short witness this y can be very long So what is happening on the leader in? x1 x2 x3 or in y so it is some run on the leader and now We know that beta 1 beta 2 beta 3 they occur during this run at some point but we want to append x4 the green run and we want to know whether is this still a proper run a run on the leader and The only thing that we need to remember for this is we already know tell Till this state it is already a proper run, but there's no point in remembering this loop I mean we can just cut it out. This is nothing that we need to remember when we check for leader validity We can just cut this out and see yeah actually This is a proper run if and only this is a proper run So what we get from this is that we can actually shrink this y and Test leader validity on this instead the advantage of this is that these two witnesses are actually short again so This allows us to check this leader validity inductively on short witnesses okay, so the same thing a bit more involved can be done for contributor validity and One can turn this into a recursion which we can then solve via dynamic dynamic programming So what is happening here is we define the notion of short validity. So we have to define when a short Witness is actually valid and what we do is I have a short witness set we split this into two witnesses x and y so we have x and y and Intuitively x is the run from beta 1 to beta i minus 1 and y is the rest and both are short Then we test whether the product x and y is L valid This can be done in polynomial time. We test whether the product is computer valid This can also be done in polynomial time We only have to ensure Now we work only on short witnesses We only have to ensure that the remaining part x is also short valid again So we get rid of this y and this is precisely the recursion that we need and the criterion that we saw before for validity carries over to the notion of short validity and The algorithm for I mean for computing this recurrence or recursion is We come up with a table the table is indexed by set all short witnesses And beta 1 up to beta i all data sequences or all first-right sequences and we fill this table up I mean for instance bottom up and then the complexity is the number of short witnesses times the number of first-right sequences this is the number of entries and Computing an entry is just this branching over short witnesses and this gets us the running time that we actually wanted Thank you What do you gain from this result? So At the end of this we have a nice explanation why they work well or some application or you have a nice explanation why So the first thing is that We somehow so we see inside or we have insights into this combinatorial nature of this verification task that has not been there before so Of course, it is a theoretical study. We did not implement this but I think we do understand too less about this kind of problems and We just gain more theoretical and also combinatorial insights for this So this does not directly explain why tools work well, but I mean it is the first hint to this direction I would say Are there any tools In their tools for parameterized verification, right and they should also be capable of implementing this model The shared variable let's say we have Some number then we can of course always go to the product domain and I mean as long as this number is constant or not too large These things will still apply When you have too many variables though, I would guess that all of this could becomes piece-based complete the problem Apply Okay, usually this for NP complete problems but Because if you think about problems like QBF there would also be a two-power K algorithm, right? So, okay, this I would have to think about for longer I would say Maybe for some of these problems it would work I mean there would also be interesting parameters for piece-based complete problems