Kleene Algebra and Kleene Algebra with Tests: An Introduction Warsaw University, December 2015 Outline Today: A Little History. Models and Axiomatizations. Still Today (if time): A digression on bisimulation. Tomorrow: Expressiveness, Completeness, Complexity. Saturday: The Coalgebraic Theory. Automata and Program Schematology. Slide credits: Dexter Kozen Today – Models and Axiomatizations Axiomatizations Salomaa’s axiomatization KA and KAT Conway’s R-algebras *-continuity closed semirings (!-complete semirings) complete idempotent semirings (S-algebras, quantales) ideal completion Models relational models language models trace models matrices over a KA or KAT Tomorrow – Completeness and Complexity KAT and Hoare logic completeness for the equational theory completeness for the Hoare theory (reasoning under assumptions) completeness and incompleteness results for PHL complexity (PSPACE completeness) typed KA and KAT and relation to type theory Saturday – The Coalgebraic Theory Kleene coalgebra (KC) and Kleene coalgebra with tests (KCT) relation to automata theory and program schematology the Brzozowski derivative minimization as finality automatic extraction of equivalence proofs and relations to proof-carrying code Kleene Algebra (KA) Kleene Algebra (KA) Kleene algebra is an algebraic system that captures axiomatically the properties of a natural class of structures arising in logic and computer science. Named for Stephen Cole Kleene, who among his many other achievements, invented finite automata and regular expressions. Kleene algebra is the algebraic theory of these objects. It has many natural and useful interpretations. Stephen Cole Kleene (1909–1994) Kleene’s Theorem (1956) 0 1 0 (0 + 1(01∗0)∗1)∗ fmultiples of 3 in binaryg 1 0 1 a (ab)∗a = a(ba)∗ fa; aba; ababa;:::g b (a + b)∗ = a∗(ba∗)∗ a + b fall strings over fa; b}g Foundations of the Algebraic Theory J. H. Conway. Regular Algebra and Finite Machines. Chapman and Hall, London, 1971 (out of print). John Horton Conway (1937–) Kleene Algebra Kleene algebras arise in various guises in many contexts: relational algebra, semantics and logics of programs, program analysis and compiler optimization, automata and formal language theory, design and analysis of algorithms. Many authors have contributed to the development of Kleene algebra over the years: Anderaa, Archangelsky, Backhouse, Bloom, Boffa, Conway, Desharnais, Esik, Kleene, Krob, Kuich, Meyer, Möller, Pratt, Redko, Sakarovich, Salomaa, Stockmeyer, Struth to name a few. There are various competing axiomatizations, and one topic of our study will be to understand the relationships between these definitions. PDL (Fischer & Ladner 1979) In program logic, KA formed an essential component of Propositional Dynamic Logic (PDL) (Fischer & Ladner 1979) along with Boolean algebra and modal logic. PDL is a theoretically appealing and practical system for reasoning about computation at the propositional level. From a practical point of view, many arguments do not require the full power of PDL, but can be carried out in a purely equational subsystem using Kleene algebra. But the Boolean component is essential, as it is needed to model conventional programming constructs such as conditionals and while loops that rely on Boolean tests. PDL subsumes proposition Hoare logic and is semantically well-grounded and deductively complete, but is complex to decide. We will define later a variant of Kleene algebra, called Kleene algebra with tests (KAT), for reasoning equationally with Kleene and Boolean constructs. Practical Applications in Program Verification lazy caching and concurrency control (Cohen 1994) verifying low-level compiler optimizations (many authors) data restructuring operations in parallelizing compilers (Pingali 2001), pointer analysis (Möller 1997, 2000) and other kinds of static analysis Kleene Algebra A Kleene algebra is an algebraic structure (K; +; ·; ∗; 0; 1) consisting of a set K with distinguished operations and constants operation intuition arity + addition, choice, join 2 · multiplication, sequential composition, meet 2 ∗ asterate, iteration 1 0 additive identity, fail, false 0 1 multiplicative identity, skip, true 0 satisfying certain axioms. The intuitive meaning of the operations depends on the model. A term over this language is called a regular expression. The set of regular expressions over an alphabet Σ is denoted RExpΣ. Models of KA Language-Theoretic Models Let Σ∗ denote the set of finite-length strings over a finite alphabet Σ, including the null string ". For A; B ⊆ Σ∗: A + B def= A [ B A · B def= fxy j x 2 A; y 2 Bg def 0 = ? 1 def= f"g: Thus the operation ·, applied to two sets of strings A and B, produces the set of all strings obtained by concatenating a string from A with a string from B, in that order. The operator symbol · is often omitted, and we just write AB for A · B. Properties of +, ·, 0, 1 These operations have several agreeable properties: Associativity of + and ·, commutativity of + Idempotence of +: A + A = A Left distributivity: A(B + C) = AB + AC Right distributivity: (A + B)C = AC + BC Additive identity: 0 + A = A + 0 = A Multiplicative identity: 1A = A1 = A Annihilation: 0A = A0 = 0. These are the laws of idempotent semirings. Asterate Define the powers of A with respect to · inductively: A0 def= f"g An+1 def= A · An: Then n A = fx1 ··· xn j xi 2 A; 1 ≤ i ≤ ng: The unary operation ∗ on sets of strings is defined as follows: ∗ def [ n A = A = fx1 ··· xn j n ≥ 0; xi 2 A; 1 ≤ i ≤ ng: n≥0 By convention, the concatenation of the empty set of strings is "; this is the case n = 0. Thus " is always a member of A∗ for any A, including ?. The operation ∗ is known as asterate. Language-Theoretic Models ∗ Any subset of 2Σ containing ? and f"g and closed under the operations of [, ·, and ∗ is a Kleene algebra (but there are others!). The algebra of regular sets over Σ, denoted RegΣ, is the smallest ∗ subalgebra of 2Σ containing all sets fag for a 2 Σ. The standard interpretation is the unique homomorphism R : RExpΣ ! RegΣ such that R(a) = fag. Examples: R(a∗b∗) = fanbm j n; m ≥ 0g R(a(ba)∗) = fa; aba; ababa; abababa;:::g R((a + b)∗) = fall strings of a’s and b’sg Specification of Regular Sets Regular sets can be specified by Regular expressions Finite automata Systems of linear inequalities (regular grammars) The equivalence of the first two representations was proved by Kleene (1956) and is known in this context as Kleene’s theorem. The equivalence of the third was argued by Chomsky (1956). Proofs can be found in any introductory text in automata and computability. Relational Models Another useful interpretation involves binary relations on a set X .A binary relation on X is just a set of ordered pairs of elements of X . Thus a binary relation on X is a subset of X × X . The set of all binary relations on a set X forms a Kleene algebra, where + is interpreted as union and · is interpreted as relational composition: R + S def= R [ S R ◦ S def= f(x; z) j 9y 2 X (x; y) 2 R and (y; z) 2 Sg: y RS>Z Z s Z x Z~- z R ◦ S s s Relational Models Here 0 is the empty relation ? and 1 is the identity relation: def def 0 = ? 1 = f(x; x) j x 2 X g: These are identities for [ and ◦, respectively. Under +, ·, 0, and 1, the binary relations form an idempotent semiring. ∗ as Reflexive Transitive Closure Recall that a relation R is reflexive if (x; x) 2 R for all x 2 X ; that is, if R includes the identity relation as a subset; transitive if (x; z) 2 R whenever both (x; y) 2 R and (y; z) 2 R; in other words, R is transitive if R ◦ R ⊆ R. The smallest reflexive and transitive relation containing R is called the reflexive transitive closure of R and is denoted R∗. This coincides with the sum of all finite powers of R. def [ R∗ = Rn; n≥0 where R0 def= f(x; x) j x 2 X g Rn+1 def= R ◦ Rn: ∗ as Reflexive Transitive Closure Equivalently, there is an R∗ edge from x to z iff there is an R-path of length 0 or greater from x to z. R - RRR R HH ¨¨*HH s s Hj¨ s Hj R HH x s s -Hj z R∗ s s Relational Models A relational Kleene algebra is any subset of 2X ×X closed under these operations. These models are useful in programming language semantics, because they can be used to represent the input/output relations of programs. Trace Models A labeled transition system (LTS) is a set X of states along with a mapping π :Σ ! 2X ×X , where Σ is a set of atomic actions. A trace is an alternating sequence of states and atomic actions s0 p0 s1 p1 ··· sn−1 pn−1 sn; beginning and ending with a state, such that (si ; si+1) 2 π(pi ), 0 ≤ i ≤ n − 1. p s1 1- s2 p2 ··· pn−2 HH ¨¨*HH p0 Hj¨ Hj s s s H pn−1 sn−1 H s0 s s Hj sn s s Trace Models Two traces σ, τ can be fused to get στ if the last state of σ is the same as the first state of τ (last σ = first τ; the extra copy of the state is suppressed). This is called fusion product. If last σ 6= first τ, then στ does not exist. Now build a Kleene algebra from sets of traces. For A; B 2 2{Traces}, define A + B def= A [ B A · B def= fστ j σ 2 A; τ 2 B; στ existsg def 0 = ? 1 def= fs j s 2 X g = ftraces of length 0g def [ A∗ = An: n≥0 Axioms of KA Idempotent Semiring Axioms p + (q + r) = (p + q) + r p(qr) = (pq)r p + q = q + p 1p = p1 = p p + 0 = p p0 = 0p = 0 p + p = p p(q + r) = pq + pra ≤ b ()def a + b = b (p + q)r = pr + qr Axioms for ∗ 1 + pp∗ ≤ p∗ q + px ≤ x ) p∗q ≤ x 1 + p∗p ≤ p∗ q + xp ≤ x ) qp∗ ≤ x Axioms of KA Some basic facts about ≤: ≤ is a partial order (reflexive, antisymmetric, transitive – depends heavily on idempotence) 0 is the least element All operations are monotone with respect to ≤ (that is, if p ≤ q, then p + r ≤ q + r, pr ≤ qr, rp ≤ rq, and p∗ ≤ q∗ Significance of the ∗ Axioms Axioms for ∗ 1 + pp∗ ≤ p∗ q + px ≤ x ) p∗q ≤ x Axioms for ∗ q + pp∗q ≤ p∗qq + px ≤ x ) p∗q ≤ x p∗q is the least solution to q + px ≤ x Systems of Linear Inequalities Theorem Any system of n linear inequalities in n unknowns has a unique least solution q1 + p11x1 + p12x2 + ··· p1nxn ≤ x1 .