CS3172: Advanced Algorithms Automata-based Verification —...
25
CS3172: Advanced Algorithms Automata-based Verification — II Finite Word Automata and Model Checking Howard Barringer Rm2.20: Kilburn Building Email: [email protected] March 2006 1 Motivation In the first section of notes on Automata-based Verification, we saw how finite state machine like structures, Kripke structures, could be used to represent (i) the dynamic behaviour of a concurrent program, as a set of execution state traces, and (ii) the models of a temporal logic formula. In particular, we showed how one can use reachability analysis algorithms to determine answers to interesting questions such as, for example, whether a given program has some execution path to some specified state (probably denoting an undesirable situation). However, we have not, as yet, seen how to answer the question of whether a program satisfies some given behavioural specification (given as temporal logic formula). A little more formally, let paths(K ) denote the prefixed closed 1 set of paths of a Kripke structure K . Now, given two Kripke Structures K M odel and K Spec , corresponding to, say, a program and some specification, we wish to determine whether paths(K M odel ) ⊆ path(K Spec ) To address this question, we will recast it in terms of finite word automata, and then treat it as a language recognition problem. We therefore start this section with a quick review of finite word automata and associate operations. 2 Finite Word Automata Informally, a finite word automaton is a mathematical structure that represents a set of finite words, usually referred to as the language of the automaton. Finite word automata 1 Given a finite path σ = 〈s 0 ,s 1 ,s 2 , ..., s n-1 ,s n 〉 then the prefix closure of the set containing σ is the set containing all prefixes of σ, i.e. {〈〉, 〈s 0 〉, 〈s 0 ,s 1 〉, ..., σ}. Note the prefix closed set of a finite path is itself a finite set. If σ were an infinite path then the prefix closure of the set containing σ is still defined as the set of all finite prefixes of σ, however, note that this set is now of infinite size. 1
Transcript of CS3172: Advanced Algorithms Automata-based Verification —...
CS3172: Advanced Algorithms
Automata-based Verification — II
Finite Word Automata and Model Checking
Howard BarringerRm2.20: Kilburn Building
Email: [email protected]
March 2006
1 Motivation
In the first section of notes on Automata-based Verification, we saw how finite statemachine like structures, Kripke structures, could be used to represent (i) the dynamicbehaviour of a concurrent program, as a set of execution state traces, and (ii) the modelsof a temporal logic formula. In particular, we showed how one can use reachabilityanalysis algorithms to determine answers to interesting questions such as, for example,whether a given program has some execution path to some specified state (probablydenoting an undesirable situation). However, we have not, as yet, seen how to answerthe question of whether a program satisfies some given behavioural specification (givenas temporal logic formula).
A little more formally, let paths(K) denote the prefixed closed1set of paths of a Kripkestructure K. Now, given two Kripke Structures KModel and KSpec, corresponding to,say, a program and some specification, we wish to determine whether
paths(KModel) ⊆ path(KSpec)
To address this question, we will recast it in terms of finite word automata, and thentreat it as a language recognition problem. We therefore start this section with a quickreview of finite word automata and associate operations.
2 Finite Word Automata
Informally, a finite word automaton is a mathematical structure that represents a set offinite words, usually referred to as the language of the automaton. Finite word automata
1Given a finite path σ = 〈s0, s1, s2, ..., sn−1, sn〉 then the prefix closure of the set containing σ is the
set containing all prefixes of σ, i.e. {〈〉, 〈s0〉, 〈s0, s1〉, ..., σ}. Note the prefix closed set of a finite path is
itself a finite set. If σ were an infinite path then the prefix closure of the set containing σ is still defined
as the set of all finite prefixes of σ, however, note that this set is now of infinite size.
1
are very common and exist in most language processing tools, from pattern matching incommand shell processing to lexical analysis in (programming) language compilers.
A finite word automaton is like a finite state machine whose transitions between statesare labelled by symbols of some given alphabet. Look at the graph structure depictedbelow.
initial state
10sp q
final state
s
This represents a two state deterministic finite word automaton over an alphabet contain-ing letters p and q. For our purposes, we will consider automata as language recognisers.The automaton informally represented by the above diagram accepts finite words overits alphabet {p, q}, i.e. sequences formed using the letters p and q. The automaton hastwo sets of distinguished states, namely, final states, as well as initial states. A finiteword is accepted if its letters can be traced by a path from an initial state to a finalstate. Thus, the finite words p, pq, pqq and pqqq are all accepted, whereas the words q,qpq and pp, for example, are not accepted. Using regular expression notation, the set ofall words accepted by the above machine is pq∗, and the set of all words not accepted bythe automaton is pq∗.
2.1 Finite word automaton, more formally ...
Definition 2.1 A finite word automaton is a structure
FA = (S, Σ, T, S0, F )
whereS is a set of statesΣ is an alphabetT is a labelled transition relation, ⊆ (S × Σ × S)S0 is a distinguished set of initial states, ⊆ S
F is a distinguished set of final states, ⊆ S
Example 2.1 Formally, the finite word automaton depicted as a diagram above is astructure FA = (S, Σ, T, S0, F ) where
S = {s0, s1}Σ = {p, q}T = {(s0, p, s1), (s1, q, s1)}S0 = {s0}F = {s1}
Definition 2.2 A finite word w over an alphabet Σ is a finite sequence of symbols of Σ,i.e. w ∈ Σ∗.
Definition 2.3 A run r of a finite word automaton FA = (S, Σ, T, S0, F ) on finiteword w is a sequence of states r = s0s1s2 . . . s|w| such that (si, wi, si+1) ∈ T for alli ∈ {0..|w| − 1}.
2
Definition 2.4 A finite word w is accepted by an finite word automaton FA = (S, Σ, T, S0, F )if there is a run r on w and s0 ∈ S0 and s|w| ∈ F .
Definition 2.5 The language L(FA) of a finite word automaton FA = (S, Σ, T, S0, F )is the subset of finite words w over Σ accepted by FA.
Example 2.2 Consider the finite word automaton
p0 s1
p qs
over alphabet Σ = {p, q}, with S = {s0, s1}, S0 = {s0} and F = {s1}.The following are examples of runs the automaton:-
s0s1 is a run on word p
s0s1s1 is a run on word pq
s0s1s0 is a run on word pp
s0s1s0s1s0s1 is a run on word ppppp
s0s1s0s1s1s0s1s1s1s0 is a run on word pppqppqqp
but only the following are accepting runs — the run must end in a final state, i.e. s1.
s0s1 is an accepting run on word p
s0s1s1 is an accepting run on word pq
s0s1s0s1s0s1 is an accepting run on word ppppp
The language defined by the machine is the set of words denoted by the regular expression
p(q∗pp)∗
.
Exercise 2.1 Consider the finite word automaton
p0 s1
p p qs
over alphabet Σ = {p, q}, with S = {s0, s1}, S0 = {s0} and F = {s1}.Give examples of finite words that are accepted and their associated runs. Give exam-
ples of words that are not accepted by the automaton. Write down a regular expressionthat denotes the set of all accepted finite words for this automaton.
Definition 2.6 A finite word automaton FA = (S, Σ, T, S0, F ) is said to be a determinis-tic finite word automaton if there are no states s, t and uvin S, with t and u distinct, suchthat there is some letter a ∈ Σ such that both (s, a, t) and (s, a, u) are labelled transitionsin T . A finite word automaton which is not deterministic is said to be nondeterministic.
3
Deterministic finite word automata have a clear computational advantage when beingused as word recognisers; each input symbol uniquely defines the next state of the au-tomaton. If using a nondeterministic as a recogniser then some form of backtracking willbe necessary; this is computationally costly. Fortunately, we have the following result.
Theorem 2.1 Nondeterministic and deterministic finite word automata over an alphabetσ recognize the same class of languages, namely the regular languages.
This fundamental result means that given a language L recognized by a nondeterministicfinite word automaton NFA, then there exists a deterministic finite word automaton FA
that will recognize the same language. In fact, there is an algorithm for transforming anondeterministic automaton into an equivalent deterministic one.
Exercise 2.2 Is the finite word automaton, represented by
p0 s1
p p qs
over alphabet Σ = {p, q}, with S = {s0, s1}, S0 = {s0} and F = {s1}, determinis-tic? If not, construct a deterministic automaton that will represent (recognize) the samelanguage.
Although deterministic finite word automata have clear advantages when used toimplement language recognizers, their nondeterministic counterparts are usually morecompact, using fewer states. The latter can be of considerable advantage when using thestructure to represent sets of behaviours (execution paths, etc.).
2.2 Set theoretic operations on Finite Word Automata
Given a language is nothing but a set of words over a given alphabet, we can applythe usual set-theoretic operations, such as union, intersection and complementation, tolanguages. In particular, given languages LM , for example representing the executionpaths of a program or model, and LS representing the allowable, i.e. specified, paths, wewill want to determine whether LM ⊆ LS in order to know whether the model behavesaccording the given specification. This is equivalent to determining whether
LM ∩ LS = {}
i.e. determining whether the intersection of LM and the complement of LS is empty.What are the corresponding operations on finite word automata? In other words,
given languages L1 and L2 recognized by finite word automata FA1 and FA2, respectively,how do we build an automaton from FA1 and FA2 that will recognize the languageL1 ∪ L2? Similarly for intersection and complementation.
Definition 2.7 Given automata FA1 = (S1, Σ, T1, S01, F1) and FA2 = (S2, Σ, T2, S02, F2)such that S1 and S2 are disjoint sets, define FA1 ∪ FA2 as the finite word automatonstructure (S1 ∪ S2, Σ, T1 ∪ T2, S01 ∪ S02, F1 ∪ F2).
4
Theorem 2.2 The language L(FA1 ∪ FA2) = L(FA1) ∪ L(FA2).
The proof of this is trivial. Let w1 be a word accepted by a run of FA1 starting in somestate sb ∈ S01 and ending in state se ∈ F1. By construction, the same accepting run forword w1 must also be an accepting run of FA1 ∪ FA2. Similarly for an accepting runon word w2 by FA2. Thus, L(FA1) ∪ L(FA2) ⊆ L(FA1 ∪ FA2). On the other hand,suppose w is a word accepted by FA1 ∪FA2. The accepting run starts in an initial statesi ∈ (S1 ∪ S2). As S1 and S2 are disjoint, then either si ∈ S1 or si ∈ S2. If the formerthen clearly the run will follow states and transitions that have come solely from FA1,and vice versa. Thus, L(FA1 ∪ FA2) ⊆ L(FA1) ∪ L(FA2). Hence the languages areindeed identical.
Exercise 2.3 Consider the two (nondeterministic) finite word automata over alphabetΣ = {p, q} depicted below.
t
s0s
t
qpp
p0 1
q pq
q
1
Note that the diagram can also be used to represent the union of the two automata. Whatis the final state set of the union. Write down, as a regular expression, the set of wordsaccepted by the union.
Definition 2.8 Given the finite word automata FA1 = (S1, Σ, T1, S01, F1) and FA2 =(S2, Σ, T2, S02, F2), define FA1 × FA2 as the finite word automaton structure (S1 ×S2, Σ, {((s1, s2), α, (t1, t2)) | (s1, α, t1) ∈ T1 and (s2, α, t2) ∈ T2}, S01×S02, F1×F2), where× applied on sets denotes the cartesian product.
Theorem 2.3 The language L(FA1 × FA2) = L(FA1) ∩ L(FA2).
The proof of this result is again straightforward and takes the following steps. Showfirst that a word w ∈ L(FA1) ∩ L(FA2) is also a member of the product automatonL(FA1×FA2), and then vice versa. Indeed for the former case, there will exist acceptingruns ri = si
0si1...s
i|w| for i = 1, 2 where states si
j ∈ Si for j ∈ {0..|w|} with si0 ∈ S0i, i.e. are
initial states, and si|w| ∈ Fi, i.e. are final states. By definition of the transition relation
for the product machine, there will thus be a run r = (s10, s
20)(s
11, s
21)...(s
1
|w|, s2
|w|) for state
pairs (s1j , s
2j), for all j ∈ {0..|w|}. This run r is also an accepting run as, by construction,
(s10, s
20) is an initial state of the product machine, and (s1
|w|, s2
|w|) is a final state. Theargument that for any accepting run on word w of the product machine there existaccepting runs of the two component automata follows by deconstruction of the productstates of the product machine run into separate runs on the component machines.
Example 2.3 The diagram below shows the product of two component machines.
5
a s0s aa b b20 1t t t
t 0s0 1s 0t t1 t2s1 s1
a
a
a bba
X
b a b1
If we write down the language accepted by the two component automata as regular expres-sions, we have:
(i) b∗a(a|b)∗
(ii) a∗abb∗
the intersection of which is clearlyaa∗bb∗
Note however that the product machine gives, by construction, the language defined bythe regular expression
abb∗|aa∗abb∗
that one can easily simplify to the desired result. The first disjunct defines that an acceptedword has a prefix of one ”a”, whereas the second defines the prefix of ”a”s to be at leasttwo; the disjunction thus defines the prefix of ”a”s to be at least of length one, as in thesimplified expression.
Exercise 2.4 Construct the product of the two finite word automata represented by thefollowing diagrams. Assume the alphabet of both machines is Σ = {p, q}.
t
s0s
q
pt
qpp
0 1q p
q
1
Then write down the language accepted by the product machine in regular expressionnotation.
Let us now consider the complementation of a finite word automaton. In essence,complementation of a finite word automaton should be straightforward. As the automa-ton defines those states that are final states, any word that finishes in a non-final statemust be non accepting. In principle this is right, but in detail this is wrong. There aretwo problems. Firstly, there may be words that are not accepted because there is norun possible, rather than the run finishing in a non-final state. Consider the finite wordautomaton below which accepts the language p(qp)∗.
6
ps0s
q
1
Its complement is NOT given by the following
ps0s
q
1
as the complement of p(qp)∗ will certainly contain the word q which is not accepted bythe above automaton, i.e. there is no run (let alone accepting run) on word q.
Secondly an automaton may be nondeterministic and this again may cause problemsfor complementation. Consider the following nondeterministic finite word automatonover alphabet {p, q}.
ps0s
32 ssq
p
1
which accepts the language with just two words p and pq. If we simply swap the finaland non-final states, we obtain the automaton
ps0s
32 ssq
p
1
which only appears to accept two words, the empty word and the word p. But p mustn’tbe accepted! The problem here has come about because a nondeterministic machineaccepts a word w if there exists an accepting run for that word w — a nondeterministicmachine may also have runs that don’t accept the same word.
7
2.2.1 Completion
The first problem above is addressed by ensuring that the finite word automaton iscomplete; the transition relation must be total with respect to state and transition label.For example, we can complete the automaton
p0 s1
p qs
by adding a new state, say pi, which accepts any word over the alphabet, and then addinga q transition from state s0 to pi. The resulting completed automaton, shown below, isdeterministic and complete.
q
s0s
pi
p
qp
p q
1
The complementation of this automaton can now be obtained by swapping the final andnon-final states, as below.
q
s0s
pi
p
qp
p q
1
2.2.2 Determinisation
The second problem for complementation, a swap of final and non-final states not workingfor a nondeterministic finite word automaton doesn’t achieve the complement automa-ton, is rectified by being able to transform a nondeterministic finite automaton into adeterministic one that accepts the same language.
Theorem 2.4 For every nondeterministic finite word automaton there exists a deter-ministic finite word automaton that accepts the same language.
8
The proof of this is straightforward. We construct a deterministic automaton, which,when run on an accepted word w, in effect, follows all the possible ways the nondeter-ministic automaton could have moved for the given word. We refer to the constructionof the deterministic machine as the subset construction — the states of the deterministicmachine will correspond to subsets of states of the nondeterministic automaton.
Example 2.4 Consider again the nondeterministic automaton over alphabet {p, q} rep-resented below.
ps0s
32 ssq
p
1
The determinised automaton’s states, see diagram below, correspond to sets of states ofthe original automaton. The initial state below thus corresponds to the initial state setof the above machine. From the original, state s0 can nondeterministically choose a p
transition to either state s1 or state s2. These possible successors states are thereforeconsidered as one state in the deterministic machine, the state labelled by {s1, s2}. Asstate s1 was a final state in the original machine, we must treat this new state also as afinal state. Finally, the s2 state was only able to make a q transition to state s3 in theoriginal automaton. Therefore, we add a q transition to the state labelled by the set {s3},which must also be treated as a final state.
2 {s }1{s , s }{s }0 3
p q
Clearly the above machine is deterministic, and it is easy to see that it accepts the samelanguage as the original nondeterministic machine.
Exercise 2.5 Construct a deterministic finite word automaton that accepts the samelanguage as the automaton depicted below. You may assume the alphabet is {a, b}.
a
s1s 2t1tt 0s10s 0t a b ba
a
1
9
2.2.3 Complementation
Bringing the above together, to complement a finite word automaton, perform the fol-lowing steps:
1. First, determinise the automaton, if nececessary.
2. Second, complete the automaton resulting from step 1.
3. Finally, swap the final and non-final states of the automaton resulting from step 2.
2.2.4 Checking for Emptiness
Definition 2.9 A finite word automaton FA = (S, Σ, T, S0, F ) is said to accept theempty language if there are no finite words w over the alphabet σ that are accepted byFA.
Thus, given a finite word automaton FA = (S, Σ, T, S0, F ) if there exists no pathfrom an initial state s0 ∈ S0 to a final state f ∈ F then there can be no words over thegiven alphabet that are accepted by the automaton. To determine whether a path existsfrom some state s to another state t, we can either use a forwards reachability algorithm(looking for a path from s to t), or a backwards reachability algorithm (looking in reverseback from the target state to the source state). The algorithms given in the first set ofnotes will do this.
The reachability algorithms previously presented were based on a depth first search.As an alternative, one could use a breadth first search which computes a frontier (or wave)of successor states from the initial states. Again, this can be computed in a forwards orbackwards direction. The search is terminated when either the target state appears inthe frontier (success) or when no new (unvisited) states appear in the frontier generation.
3 Model Checking using Finite Word Automata
We now have nearly all the ingredients for performing finite word model checking, i.e check-ing whether a program behaves according to some specification representable as a finiteword automaton. The missing part is to be able to convert a Kripke structure, represent-ing the execution behaviour of the program, into a finite word automaton that acceptsa language representing those execution paths. Once we have the program representedby a finite word automaton, we can apply the above automata operations to determinewhether the program executions paths satisfy the desired property.
We construct a FA corresponding to a Kripke structure K such that:
{w|∃σ ∈ paths(K).∀i ∈ {0..|σ| − 1}.I(σi) = wi} = L(FA)
The alphabet Σ is taken as 2AP where AP are the atomic propositions of the Kripkestructure. The state-transition structure of the automaton is obtained by prefixing thatof the Kripke structure with a new (single) initial state, which is connects to the initialstates of the original Kripke structure. The labelling of each state s is then attached toeach of s’s incoming transitions. As we have treated the Kripke structure as denoting theprefixed closed sets of execution paths, we make all states of the automaton final ones.
10
Example 3.1
becomes
qp
p q
qpp q
Finite Word AutomatonKripke structure
q
q
q
p
q
Now you have seen all the ingredients to verify properties, which are expressible as regularexpressions, of concurrent programs. Here’s a summary of the basic steps.
1. First build a Kripke structure corresponding to the concurrent program
2. and convert to a finite word automaton — the program automaton,
3. then construct a Kripke structure corresponding to the desired safety property
4. and convert to a finite word automaton — the property automaton.
5. Complete (which may require determinisation) and then complement the propertyautomaton.
6. Build the product of the program automaton with the complemented propertyautomaton.
7. If the product is empty, the property holds for all of the given program’s behaviours
8. if the product is non-empty, the non-empty product automaton can be used togenerate a counterexample, i.e. an execution path that leads to the state at whichthe property is deemed to have failed.
Example 3.2 Let us conclude this section with an example that brings all of this to-gether. Consider the following concurrent program.
1: while (true) do
2: {3: L11: x = (y*2) mod 3;
4: L12:
5: ||
6: L21: y = (x+1) mod 2;
7: L22:
8: }
and show that there is an execution path where eventually x and y have values 2 and 1,respectively.
11
We can encode the states of this concurrent program via the three variables, x, y
and pc (the program counter). For ease, let us encode the pairings of label values in pc
according to the tableLabel pairs pc value
L11, L21 1L12, L21 2L11, L22 3L12, L22 1
which has the end label of the loop L12, L22 encoded the same as the start. We can thencompute the states of the program and the transition relation of the Kripke structure asin the tables below.
state pc x y
s0 1 0 0s1 2 0 0s2 3 0 1s3 1 0 1s4 1 2 1s5 2 2 1s6 3 2 1
transition state pair
t0 (s0, s1)t1 (s0, s2)t2 (s1, s3)t3 (s2, s4)t4 (s3, s5)t5 (s3, s2)t6 (s4, s5)t7 (s4, s6)t8 (s5, s4)t9 (s6, s4)
which can be graphically drawn out as:-
6s
5s
4s
3s1
2s
s
s0
We can convert this to the finite word automaton below where we label the transitionswith proposition sets formed from the propositions pc1 denoting pc = 1∧ pc 6= 2∧ pc 6= 3,pc2 denoting pc = 2∧ pc 6= 1∧ pc 6= 3, pc3 denoting pc = 3∧ pc 6= 1∧ pc 6= 2, x0 denotingx = 0 ∧ x 6= 2, x2 denoting x = 2 ∧ x 6= 0, y0 denoting y = 0 ∧ y 6= 1 and y1 denoting
12
y = 1 ∧ y 6= 0. We’ll use the following alphabet, where a set of propositions denotes aletter.
{ {pc1, x0, y0}, {pc1, x0, y1}, {pc1, x2, y1},{pc2, x0, y0}, {pc2, x0, y1}, {pc2, x2, y1},{pc3, x0, y0}, {pc3, x0, y1}, {pc3, x2, y1}
}
Although not explicitly marked as such, we assume all states as final ones.
0s
s
s2
1 s3
s4
s5
s6
is1 00
yxpc
2 00yxpc
13 0yxpc
1pc x y
01
12pc x y
1
122yxpc
123pc x y
pc x y03 1
1yxpc
2 1
1yxpc
2 1
The property we wish to verify is that there is no execution that leads to stability in thevalues of x and y as 2 and 1 respectively. The negated property automaton is given,therefore, by the following.
t
00yxpc
2 00yxpc
1pc x y
01
pc x y03 1
yxpc3 2 1
pc x y2 2 1
12pc x y
11
yxpc2 1
122yxpc
123pc x y 1t0
1
Next, we construct the product of the two automata to determine whether the intersectionis empty, i.e. whether there are any execution paths that lead to stability. The productconstruction, in this case, yields a machine with identical state transition structure to thetransformed Kripke structure but whose final states as now as marked. Again, for conve-nience, we have removed product states that have neither input nor output transitions.
13
yxpc2 1
1yxpc
2 1
pc x y03 1
123pc x y
122yxpc
12pc x y
1
1pc x y
01
13 0yxpc
2 00yxpc
1 00yxpcis
t0
1t
0t t0 0s
s1 s3
s2 s4
5s
s6
0t
t0 t1
t1
1
Finally, we can check that the product machine is non empty, i.e. that some final state(one of the double ringed states) is reachable from the initial state (t0si). This is clearlythe case, but in practice we would apply a reachability algorithm to check this out. Thuswe have established that the expressed property does not hold and there are indeed pathsthat lead to stability in the values of x and y.
Summary
We have shown here how finite word automata theory can be applied to perform alimited form of model checking. Indeed, there are several useful modelling tools using theabove verification approach, e.g. Labelled Transition System Analyser (LTSA) of J.Mageeand J.Kramer. However, since they’re based on finite word automata, the propertylanguage has limited expressibilty (principally, safety). The majority of model checkersare designed to use some form of temporal logic as the property specification language,thus allowing safety as well liveness properties to be expressed. To handle the moregeneral situation requires an extension of the automata methods to accept infinite words.Then, for example, we would be able to conclude that all infinite paths of the programmodel of the above example indeed resulted in stability of x and y values.
We address the topic of infinite word automata and their application in model check-ing, next.
14
Appendix
As with the previous notes, I thought it might be useful to provide a set of Javaclasses that encode the algorithms/constructions we’ve discussed in this particular sec-tion. This particular version contains no commentary, however, the code is pretty muchself-explanatory.
import java.util.Set;
import java.util.TreeSet;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.HashSet;
public class State implements Comparable<State>{
protected String name;
private int number;
private static int stateNumber = 0;
public State(String givenName){
name = givenName;
number = stateNumber++;
}
public String getName(){
return name;
}
public int getNumber(){
return number;
}
public int hashCode(){
return name.hashCode();
}
public int compareTo(State state){
return name.compareTo(state.name);
}
public boolean equals(Object state){
return compareTo((State)state) == 0;
}
public String toString(){
return "" + name;
}
}
15
public class StatePair extends State{
private final State fst;
private final State snd;
public StatePair(State gfst, State gsnd){
super("(" + gfst.getName() + "," + gsnd.getName() + ")");
fst = gfst;
snd = gsnd;
}
public State fst(){
return fst;
}
public State snd(){
return snd;
}
}
public class Transition extends StatePair{
private final Letter label;
public Transition(State sourceState, Letter givenLabel, State destinationState){
super(sourceState, destinationState);
name = "(" + sourceState.name + "," + givenLabel + "," + destinationState.name + ")";
label = givenLabel;
}
public Letter label(){
return label;
}
}
16
public class Letter implements Comparable<Letter>{
private final String letter;
public Letter(String givenLetter){
letter = givenLetter;
}
public String getLetter(){
return letter;
}
public int compareTo(Letter other){
return letter.compareTo(other.letter);
}
public boolean equals(Object other){
if (other instanceof Letter){
return compareTo((Letter)other) == 0;
}
else
return false;
}
public String toString(){
return letter;
}
}
public class Word implements Comparable<Word>{
private ArrayList<Letter> word;
public Word(){
word = new ArrayList<Letter>();
}
public Word(Word givenWord){
word = new ArrayList<Letter>();
word.addAll(givenWord.word);
}
public void add(Letter letter){
word.add(letter);
}
public Word dot(Word extension){
Word concatenatedWord = new Word(this);
concatenatedWord.word.addAll(extension.word);
17
return concatenatedWord;
}
public int compareTo(Word other){
Iterator<Letter> wordIterator = word.iterator();
Iterator<Letter> otherIterator = other.word.iterator();
while (wordIterator.hasNext() && otherIterator.hasNext()) {
int comparison = wordIterator.next().compareTo(otherIterator.next());
if (comparison != 0) return comparison;
}
if (!wordIterator.hasNext()) return 1;
if (!otherIterator.hasNext()) return -1;
return 0;
}
public boolean equals(Object other){
if (other instanceof Word){
return compareTo((Word)other) == 0;
}
else return false;
}
public String toString(){
String result = "";
for (Letter letter: word) result += letter;
return result;
}
}
18
public class Automaton{
private Set<State> states;
private Set<Letter> alphabet;
private Set<Transition> transitions;
private Set<State> initialStates;
public Automaton(){
states = new HashSet<State>();
alphabet = new HashSet<Letter>();
transitions = new HashSet<Transition>();
initialStates = new HashSet<State>();
}
public Automaton(Set<State> givenStates,
Set<Letter> givenAlphabet,
Set<Transition> givenTransitions,
Set<State> givenInitialStates){
states = givenStates;
alphabet = givenAlphabet;
transitions = givenTransitions;
initialStates = givenInitialStates;
}
public Automaton(Automaton givenAutomaton){
this();
states.addAll(givenAutomaton.states);
alphabet.addAll(givenAutomaton.alphabet);
transitions.addAll(givenAutomaton.transitions);
initialStates.addAll(givenAutomaton.initialStates);
}
public Set<State> states(){
return states;
}
public Set<Letter> alphabet(){
return alphabet;
}
public Set<Transition> transitions(){
return transitions;
}
public Set<State> initialStates(){
return initialStates;
}
public void setInitialStates(Set<State> givenInitials){
19
initialStates = givenInitials;
}
public void addState(State state){
states.add(state);
}
public void addTransition(Transition transition){
transitions.add(transition);
}
private static Set<Letter> labels(Set<Transition> transitions){
Set<Letter> letters = new HashSet<Letter>();
for (Transition transition: transitions){
letters.add(transition.label());
}
return letters;
}
public boolean isDeterministic(){
for (State state: states){
Set<Transition> transitions = successors(state);
if (transitions.size() != labels(transitions).size()) return false;
}
return true;
}
private Set<Transition> successors(State s){
Set<Transition> successors = new HashSet<Transition>();
for (Transition transition: transitions){
if (transition.fst().equals(s)){
successors.add(transition);
}
}
return successors;
}
public boolean fReachable(State s, Set<State> targetStates, Set<State> visitedStates){
if (targetStates.contains(s)) return true;
if (visitedStates.contains(s)) return false;
else {
Set<Transition> successors = successors(s);
Iterator<Transition> successor_iterator = successors.iterator();
boolean found = false;
while (!found && successor_iterator.hasNext()){
State successorState = successor_iterator.next().snd();
Set<State> newVisitedStates = new HashSet<State>(visitedStates);
newVisitedStates.add(s);
found = fReachable(successorState, targetStates, newVisitedStates);
}
20
return found;
}
}
public Automaton complete(){
Automaton result = new Automaton(this);
State piState = new State("pi");
boolean changed = false;
for (State state : states){
Set<Letter> letters = labels(successors(state));
for (Letter letter : alphabet){
if (!letters.contains(letter)){
result.addTransition(new Transition(state, letter, piState));
changed = true;
}
}
}
if (changed){
result.addState(piState);
for (Letter letter : alphabet){
result.addTransition(new Transition(piState, letter, piState));
}
}
return result;
}
public boolean isRun(Run givenRun){
Iterator<Transition> givenRunIterator = givenRun.iterator();
while (givenRunIterator.hasNext()){
if (!transitions.contains(givenRunIterator.next()))
return false;
}
return true;
}
public Automaton union(Automaton other){
Automaton result = new Automaton();
result.states.addAll(states);
result.states.addAll(other.states);
result.alphabet.addAll(alphabet);
result.alphabet.addAll(other.alphabet);
result.transitions.addAll(transitions);
result.transitions.addAll(other.transitions);
result.initialStates.addAll(initialStates);
result.initialStates.addAll(other.initialStates);
return result;
}
public static Set<State> product(Set<State> fstStateSet, Set<State> sndStateSet){
Set<State> result = new HashSet<State>();
21
for (State fstState: fstStateSet){
for (State sndState: sndStateSet){
result.add(new StatePair(fstState, sndState));
}
}
return result;
}
private static Set<Transition> productLT(Set<Transition> fstTransitionSet,
Set<Transition> sndTransitionSet){
Set<Transition> result = new HashSet<Transition>();
for (Transition fstTransition: fstTransitionSet){
for (Transition sndTransition: sndTransitionSet){
if (fstTransition.label().equals(sndTransition.label())){
result.add(new Transition(
new StatePair(fstTransition.fst(), sndTransition.fst()),
fstTransition.label(),
new StatePair(fstTransition.snd(), sndTransition.snd())));
}
}
}
return result;
}
public Automaton product(Automaton other){
Automaton result = new Automaton();
result.states.addAll(product(this.states,other.states));
result.alphabet.addAll(this.alphabet);
result.transitions.addAll(productLT(this.transitions, other.transitions));
result.initialStates.addAll(product(this.initialStates, other.initialStates));
return result;
}
public String toString(){
return "\n States: " + states +
"\n Alphabet: " + alphabet +
"\n Transitions: " + transitions +
"\n InitialStates: " + initialStates;
}
}
22
public class FiniteWordAutomaton extends Automaton{
private Set<State> finalStates;
public FiniteWordAutomaton(){
super();
finalStates = new HashSet<State>();
}
public FiniteWordAutomaton(Automaton givenAutomaton,
Set<State> givenFinalStates){
super(givenAutomaton);
finalStates = givenFinalStates;
}
public FiniteWordAutomaton(Set<State> givenStates,
Set<Letter> givenAlphabet,
Set<Transition> givenTransitions,
Set<State> givenInitialStates,
Set<State> givenFinalStates){
super(givenStates, givenAlphabet, givenTransitions, givenInitialStates);
finalStates = givenFinalStates;
}
public FiniteWordAutomaton complete(){
Set<State> finalCopy = new HashSet<State>();
finalCopy.addAll(finalStates);
FiniteWordAutomaton result =
new FiniteWordAutomaton(super.complete(), finalStates);
return result;
}
public FiniteWordAutomaton complement(){
if (isDeterministic()){
FiniteWordAutomaton completed = complete();
Set<State> newFinals = new HashSet<State>();
for (State state : completed.states()){
if (!completed.finalStates.contains(state)) {
newFinals.add(state);
}
}
completed.finalStates = newFinals;
return completed;
}
else{
System.out.println("Needs to be determinised");
return null;
}
}
23
public FiniteWordAutomaton union(FiniteWordAutomaton other){
Set<State> tempSet = new HashSet<State>();
tempSet.addAll(this.finalStates);
tempSet.addAll(other.finalStates);
FiniteWordAutomaton temp =
new FiniteWordAutomaton(((Automaton)this).union((Automaton)other), tempSet);
return temp;
}
public FiniteWordAutomaton product(FiniteWordAutomaton other){
FiniteWordAutomaton temp =
new FiniteWordAutomaton(((Automaton)this).product((Automaton)other),
super.product(this.finalStates, other.finalStates));
return temp;
}
public boolean isEmpty(){
for (State initialState: initialStates()){
if (fReachable(initialState, finalStates, new HashSet<State>()))
return false;
}
return true;
}
public String toString(){
return super.toString() + "\n FinalStates: " + finalStates;
}
}
class Run implements Iterable{
private ArrayList<Transition> transitionSequence;
public Run(){
transitionSequence = new ArrayList<Transition>();
}
public void add(Transition givenTransition){
transitionSequence.add(givenTransition);
}
public State startState(){
return transitionSequence.get(0).fst();
}
public State finishState(){
return transitionSequence.get(transitionSequence.size()-1).snd();
}
24
public Iterator<Transition> iterator(){
return transitionSequence.iterator();
}
public Word word(){
Word result = new Word();
for (Transition transition: transitionSequence){
result.add(transition.label());
}
return result;
}
public boolean runOnWord(Word givenWord){
return word().equals(givenWord);
}
public String toString(){
return "" + transitionSequence;
}
}
25
