HAL Id: hal-00272667

HAL Id: hal-00272667

https://hal.archives-ouvertes.fr/hal-00272667v8

Preprint submitted on 29 Oct 2008 (v8), last revised 8 Jun 2009 (v12)

HAL

is a multi-disciplinary open access archive for the deposit and dissemination of sci- entific research documents, whether they are pub- lished or not. The documents may come from teaching and research institutions in France or

L’archive ouverte pluridisciplinaire

destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche français ou étrangers, des laboratoires

The General Vector Addition System Reachability Problem by Presburger Inductive Invariants

Jérôme Leroux

To cite this version:

Jérôme Leroux. The General Vector Addition System Reachability Problem by Presburger Inductive

Invariants. 2008. �hal-00272667v8�

The General Vector Addition System Reachability Problem by Presburger Inductive Invariants

Jérôme Leroux

Laboratoire Bordelais de Recherche en Informatique, CNRS, Talence, France leroux@labri.fr

Abstract

The reachability problem for Vector Addition Systems (VAS) is a central problem of net theory. The general prob- lem is known decidable by algorithms exclusively based on the classical Kosaraju-Lambert-Mayr-Sacerdote-Tenney decomposition. This decomposition is used in this pa- per to prove that Parikh images of languages accepted by VAS are semi-pseudo-linear; a class of sets that can be precisely over-approximated by sets definable in the Pres- burger arithmetic. We provide an application of this result;

we prove that if a final configuration is not reachable from an initial one, there exists a Presburger inductive invari- ant proving this property. Since we can decide with any decision procedure for the Presburger arithmetic if formu- las denote inductive invariants, we deduce that there ex- ist checkable certificates of non-reachability. In particular, there exists a simple algorithm for deciding the general VAS reachability problem based on two semi-algorithms. A first one that tries to prove the reachability by fairly enumerat- ing finite sequence of actions and a second one that tries to prove the non-reachability by fairly enumerating Pres- burger formulas.

1 Introduction

Vector Addition Systems (VAS) or equivalently Petri Nets are one of the most popular formal methods for the representation and the analysis of parallel processes [2].

The reachability problem is central since many computa- tional problems (even outside the parallel processes) reduce to the reachability problem. Sacerdote and Tenney provided in [10] a partial proof of the decidability of this problem.

The proof was completed in 1981 by Mayr [9] and sim- plified by Kosaraju [7] from [10, 9]. Ten years later [8], Lambert provided a more simplified version based on [7].

This last proof still remains difficult and the upper-bound complexity of the corresponding algorithm is just known non-primitive recursive. Nowadays, the exact complexity of

the reachability problem for VAS is still an open-problem.

Even an elementary upper-bound complexity is open. In fact, the known general reachability algorithms are ex- clusively based on the Kosaraju-Lambert-Mayr-Sacerdote- Tenney (KLMST) decomposition.

In this paper, by using the KLMST decomposition we prove that Parikh images of languages accepted by VAS are semi-pseudo-linear, a class of sets that can be preciselly over-approximated by Presburger sets, or equivalently by semi-linear sets [3]. We provide an application of this re- sult; we prove that if a final configuration is not reach- able from an initial one, there exists a Presburger induc- tive invariant proving this property. Since we can decide with any decision procedure for the Presburger arithmetic if Presburger formulas denote inductive invariants, we deduce that there exist checkable certificates of non-reachability.

In particular, there exists a simple algorithm for deciding the general VAS reachability problem based on two semi- algorithms. A first one that tries to prove the reachability by fairly enumerating finite sequence of actions and a sec- ond one that tries to prove the non-reachability by fairly enumerating Presburger formulas. Note [5] that in general, reachability sets are not definable in the Presburger arith- metic. Presburger inductive invariants are obtained by ob- serving that reachability sets are semi-pseudo-linear.

Outline of the paper: In Section 2 we introduce the VAS. In Section 3 we define the pseudo-linear sets, a class of sets that can be precisely over-approximated by linear sets called linearization. We also define the finite union of pseudo-linear sets called semi-pseudo-linear sets. In Section 4 the class of pseudo-linear sets is proved stable by linear function images. In Section 5 Parikh images of languages accepted by VAS are proved semi-pseudo- linear. In Section 6 we introduce a dimension function dim :P(^Zn)→ {−∞,0, . . . , n}and we provide few prop- erties satisfied by this function. In Section 7 we prove that dim(L1∩L2)<dim(X1∪X2)whereL1, L2are lineariza- tions of pseudo-linear setsX1, X2such thatX1∩X2=∅.

Finally in section 8 we show that if a final configuration is

not reachable from an initial one, there exists a Presburger inductive invariant proving this property.

2 Vector Addition Systems

In this section, we recall the definition of language ac- cepted by a Vector Addition System.

Some notations : As usual we denote by ^Q,^Q+,^Z,^N respectively the set of rational values, non-negative ratio- nal values, the set of integers and the set of non-negative integers. The cardinal of a finite set X is denoted by

|X|. The components of a vector x ∈ ^Qn are denoted by(x[1], . . . ,x[n]). Given a functionf : E → F where E, F are sets, we denote byf(X) ={f(x) |x∈ X}for any subsetX ⊆ E. This definition naturally defines sets X1+X2 whereX1, X2 ⊆ ^Qn. With slight abuse of no- tation,{x1}+X2andX1+{x2}are simply denoted by x1+X2andX1+x2. The total order≤over^Qis extended component-wise to the partial order≤over^Qn satisfying x ≤ x^′ if and only if x[i] ≤ x^′[i]for any1 ≤ i ≤ n.

The set of minimal elements for≤of a setX ⊆^Nnis de- noted bymin(X). As(^Nn,≤)is a well partially ordered set, note that min(X) is finite and X ⊆ min(X) + ^Nn for any X ⊆ ^Nn. An alphabet is a non-empty finite set Σ. Set of words over Σ are denoted by Σ^∗. The num- ber of occurrences a ∈ Σin a wordσ ∈ Σ^∗ is denoted by |σ|a. A Parikh image of a language L ⊆ Σ^∗ is a set X = {(|σ|a1, . . . ,|σ|a_n)| σ ∈ L}wherea1, . . . , an is a finite sequence inΣ.

A Vector Addition System (VAS) is a tupleV = (Σ, n, δ) where Σ is an alphabet, n ∈ ^N is the dimension, and δ ∈ Σ → ^Zn is the displacement function. A configura- tion is a vector in^Nn. The binary relation−→^a Vwherea∈Σ over the set of configurations is defined bys−→^a V s^′ if and only ifs^′=s+δ(a). Given a wordσ=a1. . . akofk∈^N elements ai ∈ Σ, we denote by −→^σ V the binary relation over the set of configurations that is equal to the concate- nation−→^a1 V · · · −→^ak V if k ≥ 1 and that is equal to the identity binary relation ifk= 0. We also denote by→Vthe reachability binary relation over the set of configurations defined bys→V s^′ if and only if there existsσ∈Σ^∗such thats−→^σ V s^′. The language accepted by a tuple(s,V,s^′) where(s,s^′)are two configurations of a VAS V is the set L(s,V,s^′) ={σ∈Σ^∗|s−→^σ V s^′}.

3 Semi-pseudo-linear Sets

In this section we recall the definition of semi-linear sets and we introduce the class of pseudo-linear sets and semi- pseudo-linear sets. Intuitively, a pseudo-linear setX is a set that can be precisely over-approximated by a linear set

Lcalled a linearization ofX, and a semi-pseudo-linear set is a finite union of pseudo-linear sets.

Let us first recall the definition of semi-linear sets. The sub-monoïd of(^Zn,+)generated by a setX ⊆^Zn is de- noted byX^∗={0} ∪ {Pk

i=1xi|k≥1xi∈X}. A finite setP ⊆^Znis called a set of periods. A setL⊆^Znis said linear [3] if there exists a vectorb∈^Znand a set of periods P ⊆^Znsuch thatL=b+P^∗. A semi-linear setS ⊆^Zn is a finite union of linear setsLi ⊆^Zn. Recall [3] that sets definable inFO (^Z,+,≤)are exactly the semi-linear sets and sets definable inFO (^N,+,≤)also called Presburger sets are exactly the non-negative semi-linear sets.

The definition of pseudo-linear sets is based on the no- tion of the interior of monoïds. The interior of a monoïdM is the setI(M)of vectorsa∈M such that for anyx∈M there exists an integerN ∈^Nsuch thatNa∈x+M. We denote byI(M)the interior ofM. The following Lemma 3.1 characterizes the setI(P^∗)wherePis a set of periods.

In particular, this lemma shows thatI(P^∗)is non empty.

Lemma 3.1 LetP ={p1, . . . ,pk}be a set of periods with k ∈ ^N. We haveI(P^∗) = {0} if k = 0 andI(P^∗) = P^∗∩((^Q+\{0})p1+· · ·+ (^Q+\{0})pk)ifk≥1.

Proof : Since the case k = 0 is immediate, we assume thatk ≥ 1. Let us first consider an interior vectora ∈ I(P^∗). AsPk

j=1pj ∈ P^∗ anda ∈ I(P^∗), there exists N ∈ ^Nsuch thatNa ∈ (Pk

j=1pj) +P^∗. Letp ∈ P^∗ such that Na = Pk

j=1pj +p. As p+a ∈ P^∗, there exists a sequence (Nj)1≤j≤k of elements in ^N such that p+a = Pk

j=1Njpj. Combining this equality with the previous one provides a = Pk

j=1 1+Nj

1+N pj. Thus a ∈ (^Q+\{0})p1+· · ·+ (^Q+\{0})pk. Conversely, let us con- sidera ∈P^∗∩((^Q+\{0})p1+· · ·+ (^Q+\{0})pk). Ob- serve that there exists an integerd ≥1large enough such thatda∈(^N\{0})p1+· · ·+ (^N\{0})pk. In particular for anyx∈P^∗there existsN ∈^Nsuch thatN da∈x+P^∗.

Example 3.2 Let P = {(1,1),(1,0)}. We have P^∗ = {x ∈ ^N2 | x[2] ≤ x[1]} and the interior ofP^∗ is equal toI(P^∗) ={x∈^N2|0<x[2]<x[1]}.

A setX ⊆ ^Zn is said pseudo-linear if there existsb∈

Z

nand a set of periodsP ⊆^Znsuch thatX ⊆b+P^∗and such that for any finite setR ⊆ I(P^∗)there existsx∈X such thatx+R^∗⊆X. In this case,Pis called a linearizator ofXand the linear setL=b+P^∗is called a linearization ofX. A semi-pseudo-linear set is a finite union of pseudo- linear sets.

Example 3.3 The setP ={(1,1),(1,0)}is a linearizator of the pseudo-linear set X = {x ∈ ^N2 | x[2] ≤ x[1] ≤ 2^x[2]}. MoreoverP^∗is a linearization ofX.

4 Pseudo-Linear Set Images

In this section, the class of pseudo-linear sets is proved stable by linear function images.

A functionf :^Zn →^Zn′ is said linear if there exists a matrixM ∈^Zn×n′and a vectorv∈^Zn′ such thatf(x) = Mx+vfor anyx∈^Zn.

Proposition 4.1 ImagesX^′ =f(X)of pseudo-linear sets X by a linear functionf are pseudo-linear. Moreover the linear setL^′ = f(L)is a linearization ofX^′ for any lin- earizationLofX.

Proof : Let us consider a linear functionf : ^Zn → ^Zn′ defined by a matrixM ∈^Zn×n′ and a vectorv∈^Zn′. Let us consider a pseudo-linear setX ⊆^Zn. AsX is pseudo- linear, there exists a linearizationL ofX. We are going to prove thatL^′ = f(L)is a linearization ofX^′ = f(X).

There exists a vectorb∈^Znand a set of periodsP ⊆^Zn such that L = b+P^∗. Let us considerb^′ = f(b)and P^′ ={Mp| p∈P}and observe thatL^′ =b^′+ (P^′)^∗. In particular L^′ is a linear set. Since X ⊆ Lwe deduce thatX^′ ⊆ L^′. Let us consider a setR^′ = {r^′₁, . . . ,r_d^′} included in the interior of(P^′)^∗. Asr^′_i∈(P^′)^∗there exists pi ∈ P^∗ such thatr^′_i = Mpi. Lemma 3.1 shows thatr^′_i is a sum of vectors of the form λi,pMpover allp ∈ P whereλi,p >0is a rational value. There exists an integer ni ≥ 1 large enough such that niλi,p ∈ ^N\{0} for any p∈P. We deduce thatri =P

p∈Pniλi,ppis a vector in P^∗. Moreover, form Lemma 3.1 we deduce thatriis in the interior ofP^∗. Observe thatnir^′_i =Mri. Let us consider the setRof vectorsri+kipi whereki is an integer such that0 ≤ ki < ni. Asriis in the interior ofP^∗andpi ∈ P^∗we deduce thatri+kipiis also in the interior ofP^∗. We have proved thatR ⊆ I(P^∗). As Lis a linearization ofX, there exists x ∈ X such thatx+R^∗ ⊆ X. We deduce that f(x) +M R^∗ ⊆ X^′. Let us considerx^′ = f(x) +M(Pd

i=1r_i)and let us prove thatx^′+ (R^′)^∗⊆X^′. Considerr^′ ∈ (R^′)^∗. There exists a sequence(µ^′i)1≤i≤d

of integers in ^N such that r^′ = Pd

i=1µ^′_ir^′_i. The Euclid division ofµ^′_ibynishows thatµ^′_i=ki+niµiwhereµi ∈

Nand0 ≤ ki < ni. Fromnir^′_i = Mri we deduce that x^′+r^′=f(x)+M(Pd

i=1(ri+kipi)+Pd

i=1µiri).Observe thatri+kipiandriare both inR. We have proved that x^′+r^′ ∈f(x) +M R^∗. Thusx^′+ (R^′)^∗ ⊆X^′. We have proved thatL^′is a linearization ofX^′.

5 Parikh Images

LetV be a VAS and lets,s^′ be two configurations. In this section, we prove that Parikh images ofL(s,V,s^′)are semi-pseudo-linear. In sub-section 5.1 we recall the clas- sical Kosaraju-Lambert-Mayr-Sacerdote-Tenney (KLMST) decomposition. This decomposition is used in the next sub- section 5.2 to establish the semi-pseudo-linearity of Parikh images ofL(s,V,s^′).

5.1 The KLMST decomposition

We recall the KLMST decomposition by following nota- tions introduced by Lambert [8].

We first extend the set of integers^Zwith an additional el- ement⊤. The addition function+ :^Z×^Z→^Zis extended to the totally-defined function in(^Z∪ {⊤})×(^Z∪ {⊤} → (^Z∪ {⊤})satisfyingx1+x2 =⊤ifx1 =⊤orx2 =⊤.

With slight abuse of notation we denote by⊤ −xthe ele- ment⊤whenx∈^Z.

In the sequel, the element ⊤ is either interpreted as a

“very large integer” or a “don’t care integer”. More for- mally, we denote by^N⊤the set^N∪ {⊤}. The total order

≤over^Nis extended over^N_⊤ byx1 ≤ x2 if and only if x2=⊤ ∨(x1, x2∈^N∧x1≤x2). The equality=over^N is also extended to a partial orderover^N_⊤byx1x2if and only ifx2 =⊤ ∨(x1, x2 ∈^N∧x1 =x2). Intuitively element⊤denotes a “very large integer” for the total order

≤whereas it denotes a “don’t care integer” for the partial order. Given a sequence(xi)i≥0 in^N⊤, we denote by x= limi→+∞xithe elementx=⊤if for anyr∈^Nthere existsi0 ≥0such thatxi ≥rfor anyi ≥i0and the ele- mentx∈^Nif there existsi0 ≥0such thatxi =xfor any i ≥i0. Whenx= limi→+∞xi exists we say that(xi)i≥0

converges towardx.

We also extends the semantics of VAS. A vector in^Nn_⊤is called an extended configuration ofV. With slight abuse of notation, the binary relation−→^a Vwherea∈Σis extended over the set of extended configurations byx−→^a V x^′ if and only ifx^′ =x+δ(a). Given a wordσ=a1. . . akofk∈^N elementsai∈Σ, we denote by−→^σ Vthe binary relation over the set of extended configurations that is equal to the con- catenation−→^a1 V · · · −→^ak Vifk≥1and that is equal to the identity binary relation ifk = 0. Given an extended con- figurationxwe denote byx−→^σ Vif there exists an extended configurationx^′such thatx−→^σ V x^′ and symmetrically for any extended configurationx^′we denote by−→^σ Vx^′if there exists an extended configurationxsuch thatx−→^σ Vx^′.

Next we recall some elements of graph theory. A graph Gis a tupleG= (Q,Σ, T)whereQis a non-empty finite set of states,Σis an alphabet, andT ⊆Q×Σ×Qis a finite

set of transitions. A pathπis a wordπ=t1. . . tkofk∈^N transitionsti ∈ T such that there exists q0, . . . , qk ∈ Q anda1, . . . , ak ∈ Σsuch that ti = (qj−1, aj, qj)for any 1≤j≤k. In this case we say thatπis a path fromq0toqk

labelled byσ=a1. . . akand we denoteπbyq0

−→σ Gqkor simplyq0 →G qk. Given a transitiont ∈T, we denote by

|π|tthe number of occurrences oftinπ. Whenq0=qk, the pathπis called a cycle. Let us recall the following lemma.

Lemma 5.1 (Euler Cycles) Let G = (Q,Σ, T) be a strongly connected graph. For any sequence(µt)t∈T of in- tegersµt>0satisfying the following equality for any state q0 ∈ Q, there exists a cycleπsuch that|π|t =µtfor any transitiont∈T:

X

t=(q,a,q0)∈T

µt= X

t^′=(q0,a,q^′)∈T

µt^′

A graph vector G = (Q,Σ, T)forV is a graph such thatQ⊆^Nn_⊤is a non-empty finite set of extended config- urations, andT ⊆Q×Σ×Qis a finite set of transitions (x, a,x^′)such thatx−→^a V x^′. Even if the proof of the fol- lowing lemma is immediate by induction over the length of σ, it is central in the KLMST decomposition. In fact a path x−→^σ Gx^′implies the relationx−→^σ Vx^′.

Lemma 5.2 (Graph vector paths) For anyx −→^σ V x^′, for any sequences(xc)c∈N and(x^′_c)c∈N of extended configu- rations that converge towardx = limc→+∞xc andx^′ = limc→+∞x^′_c, there exists c0 ∈ ^Nsuch thatx_c −→^σ V and

−→σ Vx^′_cfor anyc≥c0.

A marked graph vector forVis a tuple(m,x, G,x^′,m^′) whereGis a graph vector,x,x^′are two states of this graph vector, andmxandm^′x^′ are two extended configu- rations.

A marked graph vector sequences (MGVS) for(s,V,s^′) is an alternating sequence U of marked graph vectors for V and actions of the following form wherem0 = sand m^′_k=s^′:

(m0,x0, G0,x^′₀,m^′₀), a1, . . . , ak,(mk,xk, Gk,x^′_k,m^′_k) The language accepted by a MGVS U is the setL(U)of words of the form σ0a1σ1. . . akσk such that for any0 ≤ j ≤kthere exists a pathxj

σj

−→G_j x^′_jand there exists two configurationssjmjands^′_jm^′_jsuch that:

s0 σ0

−→Vs^′₀−→^a1 Vs1 σ1

−→V s^′₁. . .s^′_k−1−→^ak Vsk σ_k

−→Vs^′_k We observe that L(U) ⊆ L(s,V,s^′) since (s₀,s^′_k) = (s,s^′).

We now associate a characteristic linear system to a MGVSU. Denoting byµj,tthe number of occurrences of

a transitiont ∈ Tj in the pathxj σj

−→G_j x^′_j we get a non- negative sequence(µj,t)tindexed byt∈Tj. We also obtain a sequenceξ= (sj,(µj,t)t,s^′_j)j indexed by0≤j ≤ksaid associated toσ. We observe thatξis a non-negative integral solution of the following linear system called the character- istic system of the MGVSUwhereχx(q) = 1ifq=xand whereχx(q) = 0otherwise:



























































for all1≤j≤k s^′_j−1+δ(aj) =sj

for all0≤j≤k sj+ X

t=(q,a,q^′)∈Tj

µj,tδ(a) =s^′_j

for all0≤j≤kand for all1≤i≤n sj[i] =mj[i]ifmj[i]∈^N

s^′_j[i] =m^′_j[i]ifm^′_j[i]∈^N

for all0≤j≤kand for allqj ∈Qj

χxj(qj) + X

t=(q,a,qj)∈T

µj,t=χx^′_j(qj) + X

t^′=(qj,a,q^′)∈T

µj,t^′

Naturally there exists non-negative integral solutions ξof the characteristic system that are not associated to accepted words. In particular even if there exists non-negative inte- gral solutions of the characteristic linear system we cannot conclude that L(U) 6= ∅. However, under the following perfect condition, we can prove thatL(U)6=∅.

The homogeneous form of the characteristic system, ob- tained by replacing constants by zero is called the homo- geneous characteristic system ofU. In the sequel, a solu- tion of the homogeneous characteristic system is denoted byξ0= (s0,j,(µ0,j,t)t,s0,j′)j.

A perfect MGVSUis an MGVS such that the graphGj

is strongly connected andxj =x^′_jfor any0 ≤j ≤k, the characteristic system has an integral solution, there exists a non-negative rational solutionξ0 = (s0,j,(µ0,j,t)t,s0,j′)j

of the homogeneous characteristic system satisfying the following additional inequalities where 0 ≤ j ≤ k and 1≤i≤n:

• s0,j[i]>0ifmj[i] =⊤, and

• s^′_0,j[i]>0ifm^′_j[i] =⊤, and

• µ0,j,t>0for anyt∈Tj.

and such that for any0≤j≤kand1≤i≤n:

• there exists a cycle θj = (xj wj

−−→Gj xj) such that m_j −−→^wj V and such that m_j +δ(wj) ≥ m_j and δ(wj)[i]>0ifm_j[i]∈^Nandx_j[i] =⊤, and

• there exists a cycle θ^′_j = (x^′_j ^w

′j

−−→Gj x^′_j) such that

w_j^′

−−→V m^′_j and such that m^′_j − δ(w^′_j) ≥ m^′_j and

−δ(w_j^′)[i]>0ifm^′_j[i]∈^Nandx^′_j[i] =⊤.

In the sequel, even ifxj = x^′_j for any0 ≤ j ≤ k, we still use both notationsxj andx^′_j in order to keep results symmetrical.

Let us recall without proof the fundamental decomposi- tion theorem.

Theorem 5.3 (Fundamental Decomposition[8]) For any tuple(s,V,s^′), we can effectively compute a finite sequence of perfect MGVSU1, . . . ,Ulfor this tuple such that:

L(s,V,s^′) =L(U1)∪. . .∪L(Ul)

In the remaining of this section, we associate to a perfect MGVSU, a non-negative integral solutionξof its charac- teristic system and a non-negative integral solution ξ0 of its homogeneous characteristic system that explains why L(U) 6= ∅. These two solutionsξandξ0are respectively defined in Lemma 5.4 and Lemma 5.5.

Lemma 5.4 There exists a non-negative integral solution ξ= (sj,(µj,t)t,s^′_j)jof the characteristic system of a perfect MGVS such thatµj,t > 0for any0 ≤j ≤kandt ∈ Tj

and such thats_j−−→^wj Vand ^w

j′

−−→Vs^′_jfor any0≤j≤k.

Lemma 5.5 There exists a non-negative integral solution ξ0 = (s0,j,(µ0,j,t)t,s^′_0,j)j of the homogeneous charac- teristic system of a perfect MGVS U such that µ0,j,t >

|θj|t+|θ_j^′|t for any0 ≤ j ≤ k andt ∈ Tj, and such that for any0≤j≤kand1≤i≤n:

• s_0,j≥0ands_0,j[i]>0if and only ifm_j[i] =⊤.

• s^′_0,j≥0ands^′_0,j[i]>0if and only ifm^′_j[i] =⊤.

• s0,j+δ(wj)≥0and(s0,j+δ(wj))[i]>0if and only ifxj[i] =⊤.

• s^′_0,j−δ(w_j^′)≥0and(s0,j′−δ(w^′_j))[i]>0if and only ifx^′_j[i] =⊤.

Now, let us consider a perfect MGVSUand let us fix two tuplesξ = (sj,(µj,t)t,s^′_j)j andξ0 = (s0,j,(µ0,j,t)t,s^′_0,j)j

satisfying respectively Lemma 5.4 and Lemma 5.5. As µj,t > 0 for any t ∈ Tj andGj is strongly connected, Lemma 5.1 shows that there exists a cycleπj= (x_j −→^σj Gj

x^′_j)such thatµj,t=|πj|tfor anyt∈Tj. Note that we have s_j+δ(σj) =s^′_j. Moreover, asµj,t− |θj|t+|θj′|t>0for anyt∈ Tjwe also deduce that there exists a cycleπ0,j =

(xj σ0,j

−−→G_j x^′_j)such that|π0,j|t=µ0,j,t−(|θj|t+|θj^′|t) for anyt∈Tj. Note that we haves0,j+δ(wj) +δ(σ0,j) + δ(w^′_j) =s^′_0,j.

In the sequel we provide technical lemmas that prove to- gether thatL(U)6= ∅. These lemmas are also used in the next sub-section 5.2.

Lemma 5.6 For anyc≥0we have:

s_j+cs0,j w_j^c

−−→V s_j+c(s_0,j+δ(wj)) s^′_j+c(s^′_0,j−δ(wj^′)) ^(w

′j)^c

−−−→V s^′_j+cs^′_0,j

Lemma 5.7 There existsc0≥0such that for anyc≥c0: sj+c(s0,j+δ(wj)) ^σ

c 0,j

−−→V sj+c(s^′_0,j−δ(w^′_j))

Lemma 5.8 There existsc^′ ≥0such that for anyc≥c^′: sj+c(s^′_0,j−δ(w^′_j)) −→^σj V s^′_j+c(s^′_0,j−δ(w_j^′)) Now, let us consider an integerc ≥ 0 satisfying c ≥ c0andc ≥ c^′ wherec0 andc^′ are respectively defined by Lemma 5.7 and Lemma 5.8. Note that we have proved the following relation:

sj+cs0,j

w^c_jσ^c_0,jσ_j(w^′_j)^c

−−−−−−−−−→V s^′_j+cs^′_0,j

Therefore there exists a word inL(U)associated toξ+cξ0. In particular we have proved thatL(U)6=∅.

5.2 Parikh images of perfect MGVS

Parikh images ofL(U)are proved pseudo-linear for any perfect MGVS U for (s,V,s^′). From Theorem 5.3 we deduce that Parikh images ofL(s,V,s^′)are semi-pseudo- linear.

Let us consider a perfect MGVSUfor(s,V,s^′):

(m0,x0, G0,x^′₀,m^′₀), a1, . . . , ak,(mk,xk, Gk,x^′_k,m^′_k) We denote byH the non-negative integral solutions of the characteristic system of U and we denote by H^′ the sub- set of H corresponding to the sequenceξ associated to a word inL(U). Observe that Parikh images ofL(U)are im- ages by linear functions ofH^′. From Proposition 4.1 it is sufficient to prove that H^′ is pseudo-linear. Intuitively, a linearizator forH^′is obtained by considering the setH0of non-negative integral solutions of the homogeneous charac- teristic system. More formally, we are going to prove that P0= min(H0\{0})is a linearizator forH^′.

Let us considerξ ∈H andξ0 ∈ H0 satisfying the fol- lowing Lemma 5.9. SinceH0 =P₀^∗, we deduce thatH^′ is included in the linear setξ−ξ0+P₀^∗.

Lemma 5.9 There exists ξ ∈ H andξ0 ∈ H0 such that ξ0+H ⊆ξ+H0.

Now, let us consider a setR0 ={ξ1, . . . , ξd}included in the interior ofH0. We are going to prove that there ex- istsξ^′ ∈ H^′ such thatξ^′+R^∗₀ ⊆ H^′. We first prove the following lemma.

Lemma 5.10 For anyξi= ((s_i,j)j,(µi,j,t)j,t,(s^′_i,j)j)inte- rior vector ofH0there exists a cycleπi,j= (xj

σ_i,j

−−→G_j x^′_j) such thatµi,j,t=|πi,j|tfor anyt∈Tjand any0≤j≤k.

Now, let us consider a solution ξ of the characteristic system and a solutionξ0of the homogeneous characteristic system satisfying respectively Lemma 5.4 and Lemma 5.5.

Lemma 5.11 There existsci≥0such that for any1≤j≤ kandc≥ci:

sj+c(s0,j+δ(wj)) +si,j σ_i,j

−−→V

sj+c(s0,j+δ(wj)) +s^′_i,j

Now, let us consider an integerc ≥0such thatc ≥c0, c ≥ c^′ andc ≥ ci for any1 ≤ i ≤ dwherec0, c^′, ciare respectively defined in Lemma 5.7, Lemma 5.8 and Lemma 5.11. From these lemmas and Lemma 5.6 we deduce that for any sequencen1, . . . , nd ∈ ^N we have the following relation:

sj+cs0,j+

d

X

i=1

nisi,j

w_j^cσⁿ¹_1,j...σ^nd_d,jσ_jσ^c0,j(w^′_j)^c

−−−−−−−−−−−−−−−−→V

s^′_j+cs^′_0,j+

d

X

i=1

nis^′_i,j

We have proved that there exists a word inL(U)associated withξ+cξ0+Pd

i=1niξi. Letξ^′ =ξ+cξ0. We deduce thatξ^′+R^∗₀ ⊆H^′. ThusH^′ is pseudo-linear. We deduce the following proposition:

Proposition 5.12 Parikh images ofL(U)are pseudo-linear for any perfect MGVSU for(s,V,s^′).

From Theorem 5.3 and the previous Proposition 5.12, we get the following Theorem 5.13.

Theorem 5.13 Parikh images of L(s,V,s^′) are semi- pseudo-linear.

6 Dimension

In this section, we introduce a dimension functiondim : P(^Zn)→ {−∞,0, . . . , n}.

The dimensiondim(X)of a non-empty setX ⊆^Zn is the minimal integerd∈ {0, . . . , n}such that:

sup

k≥0

|X∩ {−k, . . . , k}ⁿ|

|{−k, . . . , k}^d| <+∞

The dimension of the empty-set set is denoted bydim(∅) =

−∞. Let us observe some immediate properties satisfied by the dimension function. First of all, we havedim(X)≤0 if and only ifXis finite. The dimension function is mono- tonicdim(X1) ≤dim(X2)for anyX1 ⊆ X2. Moreover it satisfies dim(X1 ∪X2) = max{dim(X1),dim(X2)}

anddim(X1+X2) ≤ dim(X1) + dim(X2). In particu- lardim(v+X) = dim(X)for anyv ∈ ^Zn and for any X ⊆^Zn.

7 Pseudo-linear Intersections

In this section we prove that linearizations L1, L2 of two pseudo-linear sets X1, X2 with an empty intersection X1∩X2=∅satisfy the strict inequalitydim(L1∩L2)<

dim(X1∪X2). In sub-section 7.1 we characterize the di- mension of linear sets and pseudo-linear sets. This charac- terization is used in the next sub-section 7.2 to prove the strict inequality.

In these two sub-sections, vector spaces are used. A vec- tor space V of^Qn is a subset V ⊆ ^Qn that contains the zero vector0∈ V, that is stable by additionV +V ⊆ V and that is stable by productλv ∈ V for anyλ ∈ ^Qand for anyv ∈ V. Observe that for any setX ⊆ ^Qn the set V = {0} ∪ {Pk

i=1λixi | k ≥1λi ∈ ^Qxi ∈ X}is the unique minimal for the inclusion vector space that contains X. This vector space is called the vector space generated by X. Recall that for any vector spaceV of^Qn there exists a finite setX ⊆V that generatesV. The minimal for≤inte- gerd∈^Nsuch that there exists a finite setXthat generated V is called the rank ofV and it is denoted byrank(V).

7.1 Dimension of (pseudo-)linear sets

In this section, we prove that the dimension of a pseudo- linear setXis equal to the rank of the vector spaceV gen- erated by any linearizatorPofX.

We first prove the following Lemmas 7.1.

Lemma 7.1 We havedim(M) =rank(V)whereV is the vector space generated by a monoïdM.

Proof : SinceM ⊆ ^Zn ∩V it is sufficient to prove that dim(M)≥rank(V)anddim(^Zn∩V)≤rank(V). Let us denote by||x||_∞ = max{|x[1]|, . . . ,|x[k]|}the usual∞- norm of a vectorx∈^Qn. AsM generates the vector space V recall that there exists a sequencem1, . . . ,md ∈ M withd= rank(V)that generatesV. Since the cased= 0 is immediate we assume that d ≥ 1. We denote by f :

Q

d→V the rational linear functionf(x) =Pd

i=1x[i]mi. Let us first prove thatdim(M) ≥d. By minimality of d= rank(V)note thatf is injective. In particular the car- dinal of f({0, . . . , k}^d)is equal to (1 +k)^d. Note that a vectormin this set satisfies||m||_∞≤kPd

i=1||mi||_∞and m∈M. We deduce thatdim(M)≥d.

Now, let us prove thatdim(^Zn∩V)≤d. Since for any matrix, the rank of the column vectors is equal to the rank of the line vectors, there exists a sequence1≤j1<· · ·<

jd ≤nsuch that the rational linear functiong :^Qn → ^Qd defined byg(x) = (x[j1], . . . ,x[jd])satisfiesh=g◦f is a bijective rational linear function. In particular we deduce that for any v ∈ ^Zn ∩V ∩ {−k, . . . , k}ⁿ there exists a vectorx=g(v)∈ {−k, . . . , k}^dsuch thatv=f◦h⁻¹(x).

Therefore|^Zn∩V ∩ {−k, . . . , k}ⁿ| ≤(1 + 2k)^dfor any k∈^N. We deduce thatdim(^Zn∩V)≤d.

Lemma 7.2 For any pseudo-linear setX ⊆ ^Zn, we have dim(X) = rank(V)whereV is the vector space generated by any linearizatorPofX.

Proof : Let P be a linearizator of a pseudo-linear setX and letV be the vector space generated byP. Note that there exists a vectorb∈^Znsuch thatX ⊆b+P^∗. From Lemma 7.1 we havedim(b+P^∗) = rank(V). In particular dim(X)≤rank(V). Conversely, let us consider an interior vectora∈ I(P^∗)and observe thatR={a} ∪(a+P)⊆ I(P^∗). AsXis pseudo-linear, there existsx∈Xsuch that x+R^∗⊆X. Note that the vector space generated byRis equal toV. Thus, from Lemma 7.1 we deduce thatdim(x+ R^∗) = rank(V). In particulardim(X) ≥ rank(V). We have proved the equalitydim(X) = rank(V).

7.2 Pseudo-linear sets intersection

In this section we prove that linearizationsL1, L2of two pseudo-linear setsX1, X2with an empty intersectionX1∩ X2=∅satisfydim(L1∩L2)<dim(X1∪X2).

We first characterize the intersection of two linear sets.

Lemma 7.3 For any set of periodsP1, P2there exists a set of periodsP such thatP₁^∗∩P₂^∗ =P^∗. Moreover, for any b₁,b₂ ∈ ^Zn, there exists a finite set B ⊆ ^Zn such that (b1+P₁^∗)∩(b2+P₂^∗) =B+ (P₁^∗∩P₂^∗).

Proof : Let us consider an enumeration pi,1, . . . ,pi,k_i of the ki ≥ 0vectors in Pi wherei ∈ {1,2}. Ifk1 = 0or ifk2 = 0thenP₁^∗ ={0}orP₂^∗ ={0}and the lemma is immediate. Thus, we can assume thatk1, k2≥1.

Let us consider the set X of vectors (λ1, λ2) ∈

N

k1 × ^Nk2 such that b1 + Pk1

j=1λ1[j]p1,j = b2 + Pk2

j=1λ2[j]p2,j. Let us also consider the set X0 of vec- tors(λ1, λ2) ∈ ^Nk1 ×^Nk2 such thatPk1

j=1λ1[j]p_1,j = Pk2

j=1λ2[j]p2,j. Observe thatX=Z+X0whereZis the finite setZ = min(X)andX0=Z₀^∗whereZ0is the finite setZ0= min(X0\{0}).

Let us denote by B the finite set of vectorsb ∈ ^Zn such that there exists (λ1, λ2) ∈ Z satisfying b₁ + Pk1

j=1λ1[j]p1,j=b=b₂+Pk2

j=1λ2[j]p2,j. Let us also denote byPthe finite set of vectorsp∈^Znsuch that there exists (λ1, λ2) ∈ Z0 satisfyingPk1

j=1λ1[j]p1,j = p = Pk2

j=1λ2[j]p2,j. Remark that(b1+P₁^∗)∩(b2+P₂^∗) = B+P^∗andP₁^∗∩P₂^∗=P^∗. In order to prove the following proposition, we introduce the definition of groups. A groupGof^Zn is a monoïd of

Z

nsuch that any element admits an inverse−G⊆G. Ob- serve that for any setX⊆^Zn, the setG=X^∗−X^∗is the unique minimal for the inclusion sub-group of(^Zn,+)that containsX. This group is called the sub-group of^Zngen- erated byX. Now, let us consider the groupG=M−M generated by a monoïdM and observe that a vectorais in the interior ofM if and only if for anyg∈Gthere exists N ∈^Nsuch thatg+Na∈M.

Lemma 7.4 For any vectorv ∈ V whereV is the vector space generated by a groupG, there exists an integerd≥1 such thatdv∈G.

Proof : A vectorv ∈ V can be decomposed into a sum v = Pk

i=1λigiwithk ∈ ^N,λi ∈^Qandgi ∈ G. Let us consider an integerd≥ 1such thatdλi ∈ ^Zand observe

thatdv∈G.

Now, we prove the main result of this section.

Proposition 7.5 Let L1, L2 be linearizations of pseudo- linear setsX1, X2 ⊆^Znwith an empty intersectionX1∩ X2=∅. We have:

dim(L1∩L2)<dim(X1∪X2)

Proof : Let L1, L2 be linearizations of two pseudo-linear setsX1, X2⊆^Zn. For the moment, we do not assume that X1∩X2is empty. There exists some linearizatorsP1, P2

of the pseudo-linear setsX1, X2and vectorsb₁,b₂ ∈ ^Zn

such thatL1 =b1+P₁^∗andL2=b2+P₂^∗are lineariza- tions ofX1, X2. Let us denote byV1, V2the vector spaces generated by P1, P2. Lemma 7.2 shows thatdim(X1) = rank(V1) anddim(X2) = rank(V2). From Lemma 7.3 there exists a set of periods P and a finite set B ⊆ ^Zn such thatP₁^∗∩P₂^∗=P^∗andL1∩L2=B+P^∗. Observe that ifB = ∅the proposition is immediate. Thus, we can assume that there existsb∈B. LetV be the vector space generated byP. Lemma 7.1 shows thatdim(B +P^∗) = rank(V). Observe thatV ⊆ V1∩V2. Thus, if there ex- istsj ∈ {1,2}such thatV is strictly included inVj then rank(V) < rank(Vj)and in this casedim(L1 ∩L2) <

max{dim(X1),dim(X2)}= dim(X1∪X2).

So we can assume thatV1 =V =V2. We prove in the sequel that X1 ∩X2 6= ∅. We denote by G1, G, G2 the groups generated respectively byP1, P, P2. Note that the vector spaces generated byG1, G, G2are equal toV1, V, V2. Leta be an interior vector ofP^∗ and let us prove that a ∈ I(P₁^∗)∩ I(P₂^∗). Letj ∈ {1,2}. Note thata∈P^∗ ⊆ P_j^∗. Letp ∈ I(P_j^∗). Since−p∈ V andV is the vector space generated byG, Lemma 7.4 shows that there exists an integerd≥1 such that−dp∈ G. Froma−dp∈ G anda ∈ I(P^∗)we deduce that there existsN ∈ ^Nsuch thata−dp+Na∈ P^∗. FromP^∗ ⊆P_j^∗ we deduce that a∈ _1+N¹ (dp+P_j^∗). Fromp∈ I(P_j^∗)and Lemma 3.1 we geta∈ I(P_j^∗).

LetRj = {a} ∪(a+Pj). Froma ∈ I(P_j^∗), Lemma 3.1 shows thatRj ⊆ I(P_j^∗). AsXjis pseudo-linear, there existsxj ∈ Xj such that xj+R^∗_j ⊆ Xj. From b,xj ∈ b_j+Pj^∗we deduce thatx_j−b∈Gj. As the group generated by Rj is equal to Gj, there exists r_j,r^′_j ∈ R^∗_j such that x_j+r_j=b+r^′_j.

AsV is the vector space generated byG1andr^′₂∈R^∗₂⊆ V2=V, Lemma 7.4 shows that there exists an integerd1≥ 1 such that d1r^′₂ ∈ G1. Asa ∈ I(P₁^∗), there exists an integerN1 ≥ 0 such thatd1r^′₂+N1a ∈ P₁^∗. AsP₁^∗ ⊆ R^∗₁−^Na, we deduce that there exists an integerN₁^′ ≥ 0 such thatd1r^′₂+ (N1+N₁^′)a∈R^∗₁. We denote byr^′′₁this vector. Symmetrically, there exist some integers d2 ≥ 1 andN2, N₂^′ ≥0 such that the vectord2r^′₁+ (N2+N₂^′)a denoted byr^′′₂is inR^∗₂. We get:

x1+r1+ (d2−1)r^′₁+r^′′₁+ (N2+N₂^′)a

=b+d2r^′₁+d1r^′₂+ (N1+N₁^′ +N2+N₂^′)a x2+r2+ (d1−1)r^′2+r^′′₂+ (N1+N₁^′)a

=b+d1r^′₂+d2r^′₁+ (N2+N₂^′ +N1+N₁^′)a We have proved that these two last vectors are equal. We deduce that(x1+R₁^∗)∩(x2+R₂^∗)is non empty. In par-

ticularX1∩X26=∅.

8 Separators

The reachability problem for a tuple (s,V,s^′)consists to decide if s →V s^′. This problem can be reformu- lated by introducing the definition of separators. A pair (S, S^′)of configuration sets is called a separator forV if post^∗_V(S)∩pre^∗_V(S^′) = ∅wherepost^∗_V(S)andpre^∗_V(S^′) are respectively the set of reachable states fromSand the set of co-reachable states fromS^′formally defined by:

post^∗_V(S) ={s^′∈^Nn| ∃s∈S s→Vs^′} pre^∗V(S^′) ={s∈^Nn| ∃s^′∈S^′ s→Vs^′} Naturally, a pair(s,s^′)is in the complement of the reach- ability relation→V if and only if the pair ({s},{s^′})is a separator. A separator(I, I^′)is said inductive ifIis a for- ward invariantpost^a_V(I)⊆IandI^′is a backward invariant pre^a_V(I^′)⊆I^′for anya∈Σwherepost^aV(S)andpre^a_V(S^′) are defined for anyS, S^′⊆^Nnby:

post^aV(S) ={s^′∈^Nn | ∃s∈S s−→^a V s^′} pre^aV(S^′) ={s∈^Nn | ∃s^′∈S^′ s−→^a V s^′} As(post^∗_V(S),pre^∗_V(S^′))is an inductive separator for any separator (S, S^′), we deduce that separators are included into inductive separators.

We are interested in inductive separators definable in the decidable Presburger logicFO (^N,+,≤). Note that a pair (ψ(x), ψ^′(x))of Presburger formulas denotes an inductive separator(I, I^′)if and only ifψ(x)∧ψ^′(x)and the follow- ing formulas are unsatisfiable for anya∈Σ. In particular we can effectively decide if (ψ(x), ψ^′(x))denotes an in- ductive separator.

ψ(x) ∧ x^′=x+δ(a) ∧ ¬ψ(x^′) ψ^′(x^′) ∧ x^′=x+δ(a) ∧ ¬ψ^′(x)

That means a pair(φ(x), φ(x^′))of Presburger formulas de- noting an inductive separators provides a checkable certifi- cate of non-reachability for any pair(c, c^′)of configurations satisfying(φ(x), φ(x^′).

1 Reachability(s∈^Nn,V = (Σ, n, T)a VAS,s^′ ∈^Nn)

2 repeatforever

3 fairly select σ∈Σ^∗

4 ifs−→^σ V s^′

5 return‘‘reachable’’

6 fairly select (ψ(x), ψ^′(x))

7 formulas in FO (^N,+,≤)

8 if(ψ(x), ψ^′(x))

9 inductive separator for({s},{s^′})

10 return‘‘unreachable’’