Tree Data Decision Diagrams

In this paper, we present Tree Data Decision Diagrams, a compact data structure of symbolic verification based on term rewriting systems. By this way, we can benefit termination researches in term rewriting systems to improve the model-checking quality. Our experimental implementation uses tree automata technique that provides the capability to maintain the internal representation of data in canonical form.


INTRODUCTION
Tree Data Decision Diagrams (TDDD for short) is a hierarchical version of Data Decision Diagrams (DDD) [2,3] developed in the spirit of the well-known Binary Decision Diagram (BDD) [1].
DDD are a directed acyclic graph structure that manipulates (a priori unbounded) integer domain variables, and which offers a flexible and compositional definition of operations through inductive homomorphisms.In [4], we presented data structure called Set Decision Diagrams (SDD), as an arc of the structure is labeled by a set of values, instead of a single valuation.The set is itself represented by a SDD or DDD, thus in effect we label the arcs of our structure with references to SDD or DDD, introducing hierarchy in the data structure.
TDDD likes DDD structures with representing sets of sequences of assignments of the variables and their values, but each variable has either a value or a sub sequence.
Considering TDDD in term rewriting systems (TRS for short) will be not only compact as SDD (more than DDD) but its operators are also very simpler and more flexibly than the others (more detail in section 3).
Moreover, the two basic techniques used for proving TDDD termination are path orders and semantic labelling.Path orders are direct techniques to prove termination, while semantic labelling is technique for transforming a TRS to another one in such a way that termination of the original TRS can be concluded from (relative) termination of the transformed TRS.For further details we refer to [8,9,11,12].When a model is proved terminating, we call it a well-designed.Consequently, model designed by TRS can detect the non-terminating component and help developers get oriented to the better designed.When a model is well-designed, the model-checker will generate all of reachability states if the system resources are enough.
At the end of this paper, we report on our experience of implementations using tree automata technique [13] that provides the capability to maintain the internal representation of data in canonical form.

Term rewriting systems and termination proving
Term rewriting systems.A signature is a countable set F of function symbols (or operators).Associated with every f ∈ F is a natural number denoting its arity.Function symbols of arity 0 are called constants.Let T (F, V ) be the set of all terms built from F and a countably infinite set V of variables, disjoint from F .If t is a term then V ar(t) denotes the set of variables occurring in t.A term t is called ground if V ar(t) = ∅.The set of all ground terms is denoted by A rewrite rule is a pair (l, r) of terms such that the left-hand side (lhs) l is not a variable and variables which occur in the right-hand side (rhs) r occur also in l, i.e.V ar(r) ⊆ V ar(l).Rewrite rules (l, r) will henceforth be written as l → r.A rewrite rule is collapsing if its rhs is a single variable.A rewrite rule is duplicating if its rhs contains more occurrences of some variable than its lhs.A rewrite rule is left-linear (right-linear) if its lhs (rhs) is a linear term.
A TRS is a pair < F, R > consisting of a signature F and a set R of rewrite rules between terms in T (F, V

Termination proving. Termination of TRS is an undecidable problem even with finite < F, R >.
A rewrite relation that is also a (strict) partial order is called a rewrite order.An order is called well-founded if there is no infinite descending sequence t 1 t 2 ....

An order
on T (F ) is called monotonic if t u ⇒ f (..., t, ...) f (..., u, ...) for all f ∈ F .A TRS < F, R > and an order are called compatible if t u for all rewrite steps t → R u.For compatibility with a monotonic order it suffices to check that lσ rσ for all rules l → r in R and all ground substitution σ.It is well-known that a TRS is terminating iff it is compatible with some monotonic well-founded order.An order on T (F ) is said to have the sub-term property if f (..., t, ...) t for all f ∈ F and t ∈ T (F ).The monotonic order satisfying the sub-term property is called a simplification order.A direct consequence of Kruskal's theorem [8] is that any simplification order over a finite signature is well-founded.
A TRS < F, R > is compatible with a rewrite order on T (F, V ) if l r for every rewrite rule l → r of R. It is easy to show that a TRS is terminating if and only if it is compatible with a well-founded rewrite order.The simplification is as the following: • A simplification order is a rewrite order with the sub-term property, i.e.C[t] t for all contexts C = 2 (with precisely one hole) and terms t. • A TRS is called simplifying if it is compatible with a simplification order.• A TRS is called simply terminating if it is compatible with a well-founded simplification order.
Clearly every simply terminating TRS is both simplifying and terminating.A simplifying TRS (F, R) with F or R finite is simply terminating, as a consequence of Kruskal's Tree Theorem [8].There exists (infinite) simplifying and terminating TRSs that are not simply terminating, see [10].This does not concern us too much as we will deal with decidability issues in the sequel, in which one considers only finite (both with respect to signature and set of rewrite rules) TRSs.
The recursive path order (RPO) is introduced by Dershowitz.Kamin and Levy present the lexicographic path order (LPO), a well-known variant of the RPO.They are defined recursively as follows: Let be any order on the signature F .Then for two ground terms t = f (t 1 , ..., t n ) and u = g(u 1 , ..., u m ) one has t u iff: Here for any order the order lex means the lexicographic extension of to sequences.The lexicographic comparison has to be done in a fixed direction; in the paper it will be from right to left.It should be noted that only sequences of equal length are compared, since they require that every symbol has a fixed arity.It is well-known that lpo is monotonic and has the sub-term property.Further lpo is total on ground terms iff is total on F .
Semantic labelling provides a technique for proving termination, making classical techniques like path orders applicable even for non-simplifying TRS's.Let M be a model for a TRS R over F .Choose for every f ∈ F a non empty set S f of labels and a map π f : M n −→ S f , where n is the arity of f .So TRS < F, R > can be terminating if the < F lab , R lab > is terminating.

Non-deterministic Top-down finite tree automaton
A Non-deterministic Top-down finite tree automaton [13] (NFTA for short) over F is a tuple A = (Q, F, I, ) where Q is a set of states (states are unary symbols), I ⊆ Q is a set of initial states, and is a set of rewrite rules of the following type: where n ≥ 0, f ∈ F, q, q 1 , ..., q n ∈ Q, t 1 , ..., t n ∈ T .
When n = 0, i.e. when the symbol is a constant symbol c, a transition rule of NFTA is of the form q(c) −→ c.For simplifying the automata representation, we can name the state c ∈ Q for each corresponding constant symbol c.Ex: An automaton starts at the root and moves downward, associating along a run a state with each sub-term inductively.
The tree language L(A) recognized by A is the set of all ground terms t for which there is an initial state q in I such that q(t) −→ * A t.
We can organize data structure for finite tree automaton (i.e.no cycle exists in the tree automaton) with respecting the canonicity.It should be noted that a canonical finite tree automaton has not always a minimal state number.
In infinite case, we must use minimization algorithm for Non-deterministic tree automaton like bisimulation minimization [14,15], etc.

Data Decision Diagrams and Set Decision Diagrams
Data Decision Diagrams [2,3] are a directed acyclic graph structure that manipulates (a priori unbounded) integer domain variables, and which offers a flexible and compositional definition of operations through inductive homomorphisms.
DDD are data structure for representing finite sets of assignments sequences of the form e 1 − − → 1 where e i are variables and x i are the assigned integer values.When an ordering on the variables is fixed and the values are boolean, DDD coincides with the well-known Binary Decision Diagram.However DDD assume no variable ordering and, even more, the same variable may occur many times in the same assignment sequence.Moreover, variables are not assumed to be part of all paths.Therefore, the maximal length of a sequence is not fixed, and sequences of different lengths can coexist in a DDD.This feature is very useful when dealing with dynamic structures like queues.
Operators on these structures are not hard-coded, but a class of operators, called homomorphisms, is introduced to allow transition rules coding.A special kind of homomorphisms uses only local information to a node in its definition.Together with composition, concatenation, union, etc operations, general homomorphisms are defined.
DDD have two terminals : as usual for decision diagram, 1-leaves stand for accepting terminators and 0-leaves for non-accepting ones.Since there is no assumption on the variable domains, the non-accepted sequences are suppressed from the structure.0 is considered as the default value and is only used to denote the empty set of sequence.[4] are data structures for representing sequences of assignments of the form e 1 ∈ a 1 ; e 2 ∈ a 2 ; ...e n ∈ a n ; where e i are variables and a i are sets of values.SDD can therefore simply be seen as a different encoding for set of assignment sequences of the same form as those of DDD, obtained by flattening the structure, i.e. as a DDD defined as ∪ x1∈a1 ∪ x2∈a2 ...

Set Decision Diagrams
We represent ground term set as an extension of term t: On term sets, we have the following linear properties: where α is either reducible or irreducible symbol.
The set of upper-case (or lower-case) symbols appearing in a term set s is denoted by F U N (s) (or f un(s)).

Definition 3.2 (Rules set)
. Rules set R is represented under form: l → r, where l, r are terms containing variables ranging over T, i.e. l, r ∈ T (F, V ) with the variables in V are denoted as x, y, z, ....
A term is closed if it does not containing variable.Notice that term set we consider are finite and may be repeated by an acyclic NFTA which is defined in section 2.2: where f ∈ F, q, q 1 , q 2 ∈ Q, t 1 , t 2 are terms.
We are interested in the tree language L(A), the term set s ⊆ L(A) is considered as a set of t which each t ∈ s there is an initial state q in I such that q(t) −→ * A t.
We say that term set is irreducible if it does not contain any reducible symbol (i.e.F U N (s) = 0), we called it TDDD tree.DDD are also term sets where term is under form f (i , t) with i is a constant.

Definition 3.3 (Root reduction)
. The root reduction s = R (s) is defined as the reduction of term set s with H is the root of < F, R > and s, s are irreducible term sets.
Definition 3.4 (Fixed point computation).The fixed point F P R (s) of a rules set R from an initial term set s is defined recursively like: We aim at finding the solution (or partial solution) for the termination problem of root reduction ( R (s)) and fixed point computation (F P R (s)).
Sometime, TRS design requires only an unary symbol H.In this case, special symbol $ will occur on the left sub-term position for a binary representation, ex H($, t).

Example 1
The corresponding TRSs of a value increment of variable c : The interesting questions are: • How to enumerate every reached terms from an initial term set: • Whether R (s) = H($, s) and fixed point (F P R (s) = H * ($, s)) are terminating?

Termination proving
We consider in this section some researches about termination of TRS.This is an undecidable problem even if F, R finited.A rewrite relation that is also a (strict) partial order is called a rewrite order.An order is called well-founded if there is no infinite descending sequence t 1 t 2 ....
A TRS < F, R > is compatible with a rewrite order on T (F, V ) if l r for every rewrite rule l → r of R. It is easy to show that a TRS is terminating if and only if it is compatible with a well-founded rewrite order.This is well-known that H($, a(x, y)) rpo a(x, H($, y)) since: H a, H($, a(x, y)) rpo x and local fixpoints technique (like in DDD and SDD) into TDDD will progress the time complexity of this model-checker in this case.

CONCLUSION
We proposed a new extension of DDD for symbolic verification in TRS.It is not only compact as SDD (more than DDD) but its operators are also very simpler and more flexibly than the others on account of TRS interface.
Moreover, we prove successfully the termination of models for DDD and TDDD in some particular cases and support model design orientation for developers.On the other hand, presenting terms by tree automata technique provides the capability to maintain the internal representation of data in canonical form though the time complexity of the factorization is still a challenge.

∪ xn∈an e 1 x1−→ e 2 x2−
→ ...e n xn − − → 1. SDD allows to generalize some of these patterns of good decision diagram usage, in an open and flexible framework, inductive homomorphisms.SDD are naturally adapted to the representation of state spaces composed in parallel behavior, with event based synchronizations.The structure of a model is reflected in the hierarchy of the decision diagram encoding, allowing sharing of both operations and state representation.SDD allow to flexibly compute local fixpoints.We consider four kinds of symbols: Reducible symbols (Upper-case characters) are denoted by Γ = {A, B, C, ...}.Irreducible symbols or dummies (Lower-case characters) are denoted by = {a, b, c, ...}.Constant symbols (Values symbols): C = {... − 1, 0, 1, 2, ...} and a special termination symbol $.We notice the signature (or function symbols set) F = ∪ Γ ∪ C ∪ {$}.Definition 3.1 (TDDD terms set).A term t in T (F ) is defined inductively by:

Example 2
We come back to example 1: Let be an order on F : The designation term is restricted to members of T (F, V ).A context may contain zero, one or more holes.If C is a context with n holes and t 1 , ..., t n are terms then C[t 1 , ..., t n ] denotes the result of replacing from left to right the holes in C by t 1 , ..., t International Workshop on Verification and Evaluation of Computer and Communication SystemsVECoS 2008 1 T (F ).A term t is called linear if it does not contain multiple occurrences of the same variable.The root symbol of a term t is defined as follows: root(t) = t if t is a variable and root(t) = f if t = f (t 1 , ..., t n ).The size |t| of a term t is the number of variables and function symbols occurring in t.We introduce a fresh constant symbol 2, named hole.A context C is a term in T (F ∪ {2}, V ).
).If (F, R) is a TRS then → R denotes the smallest rewrite relation on T (F, V ) containing R. So t → R s if there exists a rewrite rule l → r in R, a substitution σ and a context C such that t = C[lσ] and s = C[rσ].The sub-term lσ of t is called a redex and we say that t rewrites to s by contracting redex lσ.We call t → R s a rewrite or reduction step.If C = 2 then we speak of a root reduction.The transitive closure of → R is denoted by → + R and → * R denotes the transitive-reflexive closure of R. If t → * R s we say that t reduces to s.
n, or • f g and t u i for all i = 1, ..., m, or • f