Difference bound matrix

Last updated

In model checking, a field of computer science, a difference bound matrix (DBM) is a data structure used to represent some convex polytopes called zones. This structure can be used to efficiently implement some geometrical operations over zones, such as testing emptyness, inclusion, equality, and computing the intersection and the sum of two zones. It is, for example, used in the Uppaal model checker; where it is also distributed as an independent library. [1]

Contents

More precisely, there is a notion of canonical DBM; there is a one-to-one relation between canonical DBMs and zones and from each DBM a canonical equivalent DBM can be efficiently computed. Thus, equality of zone can be tested by checking for equality of canonical DBMs.

Zone

A difference bound matrix is used to represents some kind of convex polytopes. Those polytopes are called zone. They are now defined. Formally, a zone is defined by equations of the form , , and , with and some variables, and a constant.

Zones have originally be called region, [2] but nowadays this name usually denote region, a special kind of zone. Intuitively, a region can be considered as a minimal non-empty zones, in which the constants used in constraint are bounded.

Given variables, there are exactly different non-redundant constraints possible, constraints which use a single variable and an upper bound, constraints which uses a single variable and a lower bound, and for each of the ordered pairs of variable , an upper bound on . However, an arbitrary convex polytope in may require an arbitrarily great number of constraints. Even when , there can be an arbitrary great number of non-redundant constraints , for some constants. This is the reason why DBMs can not be extended from zones to convex polytopes.

Example

As stated in the introduction, we consider a zone defined by a set of statements of the form , , and , with and some variables, and a constant. However some of those constraints are either contradictory or redundant. We now give such examples.

We also give example showing how to generate new constraints from existing constraints. For each pair of clocks and , the DBM has a constraint of the form , where is either < or . If no such constraint can be found, the constraint can be added to the zone definition without loss of generality. But in some case, a more precise constraint can be found. Such an example is now going to be given.

Actually, the two first cases above are particular cases of the third cases. Indeed, and can be rewritten as and respectively. And thus, the constraint added in the first example is similar to the constraint added in the third example.

Definition

We now fix a monoid which is a subset of the real line. This monoid is traditionally the set of integers, rationals, reals, or their subset of non-negative numbers.

Constraints

In order to define the data structure difference bound matrix, it is first required to give a data structure to encode atomic constraints. Furthermore, we introduce an algebra for atomic constraints. This algebra is similar to the tropical semiring, with two modifications:

Definition of constraints

The set of satisfiable constraints is defined as the set of pairs of the form:

  • , with , which represents a constraint of the form ,
  • , with , where is not a minimal element of , which represents a constraint of the form ,
  • , which represents the absence of constraint.

The set of constraint contains all satisfiable constraints and contains also the following unsatisfiable constraint:

  • .

The subset can not be defined using this kind of constraints. More generally, some convex polytopes can not be defined when the ordered monoid does not have the least-upper-bound property, even if each of the constraints in its definition uses at most two variables.

Operation on constraints

In order to generate a single constraint from a pair of constraints applied to the same (pair of) variable, we formalize the notion of intersection of constraints and of order over constraints. Similarly, in order to define a new constraints from existing constraints, a notion of sum of constraint must also be defined.

Order on constraints

We now define an order relation over constraints. This order symbolize the inclusion relation.

First, the set is considered as an ordered set, with < being inferior to . Intuitively, this order is chosen because the set defined by is strictly included in the set defined by . We then state that the constraint is smaller than if either or ( and is less than ). That is, the order on constraints is the lexicographical order applied from right to left. Note that this order is a total order. If has the least-upper-bound property (or greatest-lower-bound property) then the set of constraints also have it.

Intersection of constraints

The intersection of two constraints, denoted as , is then simply defined as the minimum of those two constraints. If has the greatest-lower bound property then the intersection of an infinite number of constraints is also defined.

Sum of constraints

Given two variables and to which are applied constraints and , we now explain how to generate the constraint satisfied by . This constraint is called the sum of the two above-mentioned constraint, is denoted as and is defined as .

Constraints as an algebra

Here is a list of algebraic properties satisfied by the set of constraints.

  • Both operations are associative and commutative,
  • Sum is distributive over intersection, that is, for any three constraints, equals ,
  • The intersection operation is idempotent,
  • The constraint is an identity for the intersection operation,
  • The constraint is an identity for the sum operation,

Furthermore, the following algebraic properties holds over satisfiable constraints:

  • The constraint is a zero for the sum operation,
  • It follows that the set of satisfiable constraints is an idempotent semiring, with as zero and as unity.
  • If 0 is the minimum element of , then is a zero for the intersection constraints over satisfiable constraints.

Over non-satisfiable constraints both operations have the same zero, which is . Thus, the set of constraints does not even form a semiring, because the identity of the intersection is distinct from the zero of the sum.

DBMs

Given a set of variables, , a DBM is a matrix with column and rows indexed by and the entries are constraints. Intuitively, for a column and a row , the value at position represents . Thus, the zone defined by a matrix , denoted by , is .

Note that is equivalent to , thus the entry is still essentially an upper bound. Note however that, since we consider a monoid , for some values of and the real does not actually belong to the monoid.

Before introducing the definition of a canonical DBM, we need to define and discuss an order relation on those matrices.

Order on those matrices

A matrix is considered to be smaller than a matrix if each of its entries are smaller. Note that this order is not total. Given two DBMs and , if is smaller than or equal to , then .

The greatest-lower-bound of two matrices and , denoted by , has as its entry the value . Note that since is the «sum» operation of the semiring of constraints, the operation is the «sum» of two DBMs where the set of DBMs is considered as a module.

Similarly to the case of constraints, considered in section "Operation on constraints" above, the greatest-lower-bound of an infinite number of matrices is correctly defined as soon as satisfies the greatest-lower-bound property.

The intersection of matrices/zones is defined. The union operation is not defined, and indeed, a union of zone is not a zone in general.

For an arbitrary set of matrices which all defines the same zone , also defines . It thus follow that, as long as has the greatest-lower-bound property, each zone which is defined by at least a matrix has a unique minimal matrix defining it. This matrix is called the canonical DBM of .

First definition of canonical DBM

We restate the definition of a canonical difference bound matrix. It is a DBM such that no smaller matrix defines the same set. It is explained below how to check whether a matrix is a DBM, and otherwise how to compute a DBM from an arbitrary matrix such that both matrices represents the same set. But first, we give some examples.

Examples of matrices

We first consider the case where there is a single clock .

The real line

We first give the canonical DBM for . We then introduce another DBM which encode the set . This allow to find constraints which must be satisfied by any DBM.

The canonical DBM of the set of real is . It represents the constraints , , and . All of those constraints are satisfied independently of the value assigned to . In the remaining of the discussion, we will not explicitly describe constraints due to entries of the form , since those constraints are systematically satisfied.

The DBM also encodes the set of real. It contains the constraints and which are satisfied independently on the value of . This show that in a canonical DBM , a diagonal entry is never greater than , because the matrix obtained from by replacing the diagonal entry by defines the same set and is smaller than .

The empty set

We now consider many matrices which all encodes the empty set. We first give the canonical DBM for the empty set. We then explain why each of the DBM encodes the empty set. This allow to find constraints which must be satisfied by any DBM.

The canonical DBM of the empty set, over one variable, is . Indeed, it represents the set satisfying the constraint , , and . Those constraints are unsatisfiable.

The DBM also encodes the empty set. Indeed, it contains the constraint which is unsatisfiable. More generally, this show that no entry can be unless all entries are .

The DBM also encodes the empty set. Indeed, it contains the constraint which is unsatisfiable. More generally, this show that the entry in the diagonal line can not be smaller than unless it is .

The DBM also encodes the empty set. Indeed, it contains the constraints and which are contradictory. More generally, this show that, for each , if , then and are both equal to .

The DBM also encodes the empty set. Indeed, it contains the constraints and which are contradictory. More generally, this show that for each , , unless is .

Strict constraints

The examples given in this section are similar to the examples given in the Example section above. This time, they are given as DBM.

The DBM represents the set satisfying the constraints and . As mentioned in the Example section, both of those constraints implies that . It means that the DBM encodes the same zone. Actually, it is the DBM of this zone. This shows that in any DBM , for each , the constraint is smaller than the constraint .

As explained in the Example section, the constant 0 can be considered as any variable, which leads to the more general rule: in any DBM , for each , the constraint is smaller than the constraint .

Three definition of canonical DBM

As explained in the introduction of the section Difference Bound Matrix, a canonical DBM is a DBM whose rows and columns are indexed by , whose entries are constraints. Furthermore, it follows one of the following equivalent properties.

The last definition can be directly used to compute the canonical DBM associated to a DBM. It suffices to apply the Floyd–Warshall algorithm to the graph and associates to each entry the shortest path from to in the graph. If this algorithm detects a cycle of negative length, this means that the constraints are not satisfiable, and thus that the zone is empty.

Operations on zones

As stated in the introduction, the main interest of DBMs is that they allow to easily and efficiently implements operations on zones.

We first recall operations which were considered above:

We now describe operations which were not considered above. The first operations described below have clear geometrical meaning. The last ones become corresponds to operations which are more natural for clock valuations.

Sum of zones

The Minkowski sum of two zones, defined by two DBMs and , is defined by the DBM whose entry is . Note that since is the «product» operation of the semiring of constraints, the operation over DBMs is not actually an operation of the module of DBM.

In particular, it follows that, in order to translate a zone by a direction , it suffices to add the DBM of to the DBM of .

Projection of a component to a fixed value

Let a constant.

Given a vector , and an index , the projection of the -th component of to is the vector . In the language of clock, for , this corresponds to resetting the -th clock.

Projecting the -th component of a zone to consists simply in the set of vectors of with their -th component to . This is implemented on DBM by setting the components to and the components to

Future and past of a zone

Let us call the future the zone and the past the zone . Given a point , the future of is defined as , and the past of is defined as .

The names future and past comes from the notion of clock. If a set of clocks are assigned to the values , , etc. then in their future, the set of assignment they'll have is the future of .

Given a zone , the future of are the union of the future of each points of the zone. The definition of the past of a zone is similar. The future of a zone can thus be defined as , and hence can easily be implemented as a sum of DBMs. However, there is even a simpler algorithm to apply to DBM. It suffices to change every entries to . Similarly, the past of a zone can be computed by setting every entries to .

See also

Related Research Articles

<span class="mw-page-title-main">Cumulative distribution function</span> Probability that random variable X is less than or equal to x

In probability theory and statistics, the cumulative distribution function (CDF) of a real-valued random variable , or just distribution function of , evaluated at , is the probability that will take a value less than or equal to .

<span class="mw-page-title-main">Generalized mean</span> N-th root of the arithmetic mean of the given numbers raised to the power n

In mathematics, generalized means are a family of functions for aggregating sets of numbers. These include as special cases the Pythagorean means.

In probability theory, the central limit theorem (CLT) states that, under appropriate conditions, the distribution of a normalized version of the sample mean converges to a standard normal distribution. This holds even if the original variables themselves are not normally distributed. There are several versions of the CLT, each applying in the context of different conditions.

In mathematics, the Lp spaces are function spaces defined using a natural generalization of the p-norm for finite-dimensional vector spaces. They are sometimes called Lebesgue spaces, named after Henri Lebesgue, although according to the Bourbaki group they were first introduced by Frigyes Riesz.

In mathematics, a power series is an infinite series of the form

<span class="mw-page-title-main">Convex function</span> Real function with secant line between points above the graph itself

In mathematics, a real-valued function is called convex if the line segment between any two distinct points on the graph of the function lies above the graph between the two points. Equivalently, a function is convex if its epigraph is a convex set. In simple terms, a convex function graph is shaped like a cup , while a concave function's graph is shaped like a cap .

In mathematics, Fatou's lemma establishes an inequality relating the Lebesgue integral of the limit inferior of a sequence of functions to the limit inferior of integrals of these functions. The lemma is named after Pierre Fatou.

In mathematics, especially in the field of algebra, a polynomial ring or polynomial algebra is a ring formed from the set of polynomials in one or more indeterminates with coefficients in another ring, often a field.

<span class="mw-page-title-main">Bump function</span> Smooth and compactly supported function

In mathematics, a bump function is a function on a Euclidean space which is both smooth and compactly supported. The set of all bump functions with domain forms a vector space, denoted or The dual space of this space endowed with a suitable topology is the space of distributions.

In mathematics, a norm is a function from a real or complex vector space to the non-negative real numbers that behaves in certain ways like the distance from the origin: it commutes with scaling, obeys a form of the triangle inequality, and is zero only at the origin. In particular, the Euclidean distance in a Euclidean space is defined by a norm on the associated Euclidean vector space, called the Euclidean norm, the 2-norm, or, sometimes, the magnitude of the vector. This norm can be defined as the square root of the inner product of a vector with itself.

<span class="mw-page-title-main">Real coordinate space</span> Space formed by the n-tuples of real numbers

In mathematics, the real coordinate space or real coordinate n-space, of dimension n, denoted Rn or , is the set of all ordered n-tuples of real numbers, that is the set of all sequences of n real numbers, also known as coordinate vectors. Special cases are called the real lineR1, the real coordinate planeR2, and the real coordinate three-dimensional spaceR3. With component-wise addition and scalar multiplication, it is a real vector space.

<span class="mw-page-title-main">Dyadic transformation</span> Doubling map on the unit interval

The dyadic transformation is the mapping

In the mathematical theory of probability, a Doob martingale is a stochastic process that approximates a given random variable and has the martingale property with respect to the given filtration. It may be thought of as the evolving sequence of best approximations to the random variable based on information accumulated up to a certain time.

In probability theory and theoretical computer science, McDiarmid's inequality is a concentration inequality which bounds the deviation between the sampled value and the expected value of certain functions when they are evaluated on independent random variables. McDiarmid's inequality applies to functions that satisfy a bounded differences property, meaning that replacing a single argument to the function while leaving all other arguments unchanged cannot cause too large of a change in the value of the function.

In mathematics, specifically in algebraic combinatorics and commutative algebra, the complete homogeneous symmetric polynomials are a specific kind of symmetric polynomials. Every symmetric polynomial can be expressed as a polynomial expression in complete homogeneous symmetric polynomials.

Inequalities are very important in the study of information theory. There are a number of different contexts in which these inequalities appear.

Fourier amplitude sensitivity testing (FAST) is a variance-based global sensitivity analysis method. The sensitivity value is defined based on conditional variances which indicate the individual or joint effects of the uncertain inputs on the output.

In mathematics, a submodular set function is a set function that, informally, describes the relationship between a set of inputs and an output, where adding more of one input has a decreasing additional benefit. The natural diminishing returns property which makes them suitable for many applications, including approximation algorithms, game theory and electrical networks. Recently, submodular functions have also found utility in several real world problems in machine learning and artificial intelligence, including automatic summarization, multi-document summarization, feature selection, active learning, sensor placement, image collection summarization and many other domains.

In mathematical analysis and its applications, a function of several real variables or real multivariate function is a function with more than one argument, with all arguments being real variables. This concept extends the idea of a function of a real variable to several variables. The "input" variables take real values, while the "output", also called the "value of the function", may be real or complex. However, the study of the complex-valued functions may be easily reduced to the study of the real-valued functions, by considering the real and imaginary parts of the complex function; therefore, unless explicitly specified, only real-valued functions will be considered in this article.

In probability theory, a subgaussian distribution, the distribution of a subgaussian random variable, is a probability distribution with strong tail decay. More specifically, the tails of a subgaussian distribution are dominated by the tails of a Gaussian. This property gives subgaussian distributions their name.

References

  1. "UPPAAL DBM Library". GitHub . 16 July 2021.
  2. Dill, David L (1990). "Timing assumptions and verification of finite-state concurrent systems". Automatic Verification Methods for Finite State Systems. Lecture Notes in Computer Science. Vol. 407. pp. 197–212. doi: 10.1007/3-540-52148-8_17 . ISBN   978-3-540-52148-8.