Shortest Paths in OneCounter Systems
 2 Citations
 8 Mentions
 630 Downloads
Abstract
We show that any onecounter automaton with n states, if its language is nonempty, accepts some word of length at most \(O(n^2)\). This closes the gap between the previously known upper bound of \(O(n^3)\) and lower bound of \(\mathrm {\Omega }(n^2)\). More generally, we prove a tight upper bound on the length of shortest paths between arbitrary configurations in onecounter transition systems (weaker bounds have previously appeared in the literature).
Keywords
Short Path Reachability Setting Simple Cycle Negative Cycle Intermediate Configuration1 Introduction
Extremal combinatorial questions are ubiquitous in today’s theory of computing: How many steps does an algorithm take in the worst case when traversing a data structure? How large is the most compact automaton for a formal language? While some specific questions of this form are best seen as standalone puzzles, only interesting for their own sake, others can be used as basic building blocks for more involved arguments.
We look into the following extremal problem: Given a onecounter automaton \(\mathcal A\) with n states, how long can the shortest word accepted by \(\mathcal A\) be? It is folklore that, unless the language of \(\mathcal A\) is empty, \(\mathcal A\) accepts some word of length at most polynomial in n. This fact and a number of related results of similar form have appeared as auxiliary lemmas in the literature on formal languages, analysis of infinitestate systems, and applications of formal methods [12, Lemma 6], [11, Sect. 8.1], [8, Lemma 5], [1, Lemma 11], [9, Lemmas 28 and 29], [7, Sect. 5].
A closer inspection reveals that the arguments behind these results deliver (or can deliver) an upper bound of \(O(n^3)\), while the best known lower bound comes from examples of onecounter automata with shortest accepted words of length \(\mathrm {\Theta }(n^2)\). In other words, the true value is at least quadratic and at most cubic.
The main result of this paper is that we close this gap by showing a quadratic upper bound, \(O(n^2)\). We also extend this result to a more general reachability setting: in any onecounter (transition) system with n control states, whenever there is a path from a configuration \(\alpha \) to a configuration \(\beta \)—recall that configurations are pairs of the form (q, c) where \(q \in Q\) is the control state, \(Q = n\), and c is a counter value, a nonnegative integer—there is also a path from \(\alpha \) to \(\beta \) that has length at most \(O(n^2 + n \cdot \max (c_\alpha , c_\beta ))\) where \(c_\alpha \) and \(c_\beta \) are the counter values of \(\alpha \) and \(\beta \). We discuss our contribution in more detail in Sect. 2.
Related Work and Motivation. Reachability is a fundamental problem in theoretical computer science and in its applications in verification, notably via analysis of infinitestate systems [2, 4, 14, 17]. Among such systems, counterbased models of computation are a standard abstraction that has attracted a lot of attention [3]; machines with a single counter are, of course, the most basic. Nevertheless, while our main motivation has been purely theoretical, we note that bounds on the length of shortest paths in onecounter systems have appeared as building blocks in the literature on rather diverse topics.
More specifically, a polynomial upper bound is used by Etessami et al. [8] in an analysis of probabilistic onecounter systems (which are equivalent to socalled discretetime quasibirthdeath processes, QBDs). They prove that in the \((q, 1) \leadsto (q', 0)\)reachability setting the counter does not need to grow higher than \(n^2\) and provide examples showing that this bound is tight. However, they only deduce upper bounds of \(n^3\) and \(n^4\) on the length of shortest paths without and with zero tests, respectively. A simple corollary shows that if a state q can eventually reach a state \(q'\) with a nonzero probability, then this probability is lowerbounded by \(p^{\,\mathrm {poly}(n)}\) where p is the smallest among positive probabilities associated with transitions. This becomes a step in the proof that a (decomposed) Newton’s method approximates termination probabilities of the system in time polynomial in its size, n; the results of the present paper reduce the (theoretical) worstcase upper bounds on the number of steps roughly by a factor of n.
In a subsequent work, Hofman et al. [9] reuse the auxiliary lemmas on the length of shortest paths from [8] and show that (strong and weak) trace inclusion for a onecounter system and a finitestate process is decidable in PSPACE (and is, in fact, PSPACEcomplete).
One may note that a stronger upper bound of \(O(n^3)\) on the length of shortest paths can be derived from the above bound on the largest needed counter value even in the presence of zero tests. This value, \(O(n^3)\), seems to be a recurring theme in the literature on onecounter systems; it already appears in the pumping lemma for onecounter languages due to Latteux [13] as the pumping constant: a number N such that any accepted word longer than N can be pumped. In fact, the formulation in [13] does not permit removals of factors from an accepted word, but even such a version would only yield the same upper bound of \(O(n^3)\) on the length of shortest paths. While the arguments of the present paper do not lead to an improvement in the pumping constant for onecounter languages, we nevertheless show that in the reachability setting the optimal value (the length of the shortest path) is actually \(O(n^2)\).
A cubic upper bound on the largest needed counter value (for the reachability setting) in onecounter systems without zero tests, also known as onecounter nets, appears in the work of Lafourcade et al. [11, 12]. This result is applied in the context of the DolevYao intruder model, where the question of whether a passive eavesdropper (an intruder) can obtain a piece of information is reduced to the decision problem for a deduction system. For several such systems, Lafourcade et al. show that, under certain assumptions, the problem is decidable in polynomial time. They construct a onecounter system where states represent terms from a finite set and the counter value corresponds to the number of applications of a free unary function symbol to a term. After this, the upper bound on counter values along shortest paths is extended to an upper bound on the size of terms that can be used in a minimal deductive proof; needless to say, an improvement in the upper bound extends in a natural way.
Finally, we would like to mention the work of Alur and Černý [1], who use a related model of onecounter systems with counter values in \(\mathbb Z\) and without zero tests. They reduce the equivalence problem for socalled streaming datastring transducers to \((q, 0) \leadsto (q', 0)\)reachability in such counter systems: the transducers produce output at the end of the computation, and the counter is used to track the accumulated distance between a distinguished pair of symbols in the output. Since these transducers are designed to model listmanipulating programs (in two syntactically restricted models), decision procedures for equivalence of such programs can rely on the upper bounds for shortest paths to efficiently prune the search space. In [1], the upper bound on the path length is the familiar \(O(n^3)\); this gives an upper bound on the length of smallest counterexamples to equivalence. Our upper bound of \(O(n^2)\) extends to this model of counter systems too; because of space constraints, details are only given in the full version of the paper. The reduction to reachability in onecounter systems was recently implemented by Thakkar et al. [16] on top of ARMC, an abstractionrefinement model checker [15], for the purpose of verifying retransmission protocols over noisy channels.
2 Summary
OneCounter Systems. In this paper we work in the framework of onecounter systems, which are an abstract version of onecounter automata. More precisely, they are onecounter automata without input alphabet (see below).
Formally, a onecounter system (OCS)\(\mathcal O\) consists of a finite set of states Q, a set of nonzero transitions \(T_{>0} \subseteq Q \times \{1,0,1\} \times Q\), and a set of zero tests \(T_{=0} \subseteq Q \times \{0, 1\} \times Q\). A configuration of the OCS \(\mathcal O\) is a pair in \(Q \times \mathbb {N}\). We define a binary relation \(\longrightarrow \) on the set \(Q \times \mathbb {N}\) as follows: \((p, c) \longrightarrow (q, c+d)\) whenever (i) \(c \ge 1\) and \((p, d, q) \in T_{>0}\) or (ii) \(c = 0\) and \((p, d, q) \in T_{=0}\). The reflexive transitive closure of \(\longrightarrow \) is denoted by \(\longrightarrow {}^*\); we say that a configuration \(\beta \) is reachable from \(\alpha \) if \(\alpha \longrightarrow {}^* \beta \). This reachability is witnessed by a path in OCS \(\mathcal O\), which is simply a path in the infinite directed graph with vertices \(Q \times \mathbb {N}\) and edge relation \(\longrightarrow {}\); vertices and edges along the path can be repeated. The length of the path is the number of (not necessarily distinct) edges that occur on it.
Our Contribution. We first formulate our results in terms of onecounter systems. Our first result is on paths between configurations with zero counter values.
Theorem 1
Let \(\mathcal O\) be a onecounter system with n states. Suppose a configuration \(\beta =(p_\beta ,0)\) is reachable from a configuration \(\alpha =(p_\alpha ,0)\) in \(\mathcal O\). Then \(\mathcal O\) has a path from \(\alpha \) to \(\beta \) of length at most \(14 n^2\).
We then generalize the result to arbitrary source and target configurations.
Theorem 2
Let \(\mathcal O\) be a onecounter system with n states. Suppose a configuration \(\beta =(p_\beta ,c_\beta )\) is reachable from a configuration \(\alpha =(p_\alpha ,c_\alpha )\) in \(\mathcal O\). Then \(\mathcal O\) has a path from \(\alpha \) to \(\beta \) of length at most \(14 n^2 + n \cdot \max (c_\alpha ,c_\beta )\).
The proof of Theorem 1 is the main technical contribution of this work. For this reason, in this extended abstract we focus on proving Theorem 1, while the reasoning leading to Theorem 2, as well as an extension to OCS with negative counter values, can be found in the full version of the paper. The full version contains also the proofs of all the statements marked with \(\spadesuit \).
OneCounter Automata. We now restate our contribution in terms of onecounter automata (which are the original motivation for this work).
Take any finite set \(\mathrm {\Sigma }\). The set of all finite words over \(\mathrm {\Sigma }\) is denoted by \(\mathrm {\Sigma }^*\), and the empty word by \(\varepsilon \). A (nondeterministic) onecounter automaton \(\mathcal A\) over \(\mathrm {\Sigma }\) is a onecounter system where every transition \(t \in T_{>0} \cup T_{=0}\) is associated with a label, \(\lambda (t) \in \mathrm {\Sigma }\cup \{\varepsilon \}\), and where some subsets \(I \subseteq Q\) and \(F \subseteq Q\) are distinguished as sets of initial and final states respectively. The labeling function \(\lambda \) is extended from transitions to edges \(\longrightarrow {}\) and to paths in a natural way; the automaton accepts all words that are labels of paths from \(I \times \{0\}\) to \(F \times \mathbb {N}\). The language of a onecounter automaton \(\mathcal A\) is the set of all words accepted by \(\mathcal A\).
Corollary 1
(\(\spadesuit \)). Let \(\mathcal A\) be a nondeterministic onecounter automaton with n states. If the language of \(\mathcal A\) is nonempty, then \(\mathcal A\) accepts some word of length at most \(14 n^2\).
As a concrete example, from Corollary 1 it follows that any nondeterministic onecounter automaton that accepts the singleton unary language \(\{ a^n \}\) —a basic version of counting to n— must have at least \(\mathrm {\Omega }(\sqrt{n})\) states. This lower bound is tight and shows that nondeterminism does not help to “count to n”, because deterministic onecounter automata can also do this using \(\mathrm {\Theta }(\sqrt{n})\) states [5].
Lower Bounds. As we already said, the lower bound on the length of the shortest path is \(\mathrm {\Omega }(n^2)\). We present constructions of OCS that match the upper bounds of Theorems 1 and 2. Note that Examples 1 and 2 seem to use different phenomena.
Example 1
[5, 8] Consider an OCS \(\mathcal O _1\) with 2 n states: \(p_1, \ldots , p_n\) and \(q_1, \ldots , q_n\). Let \(\mathcal O _1\) have, for \(1 \le i < n\), transitions \((p_i, +1 ,p_{i+1})\) and \((q_i, 0, q_{i+1})\), as well as \((q_n, 1,q_1)\) and \((p_n,0,q_1)\). All the transitions are nonzero, except for transition \((p_1, +1, p_2)\), which is a zero test. This OCS is deterministic: every configuration has at most one outgoing transition. The only path from \((p_1,0)\) to \((q_1,0)\) has length \(n^2\).
Example 2
[8] Let k and m be coprime and let OCS \(\mathcal O '_2\) have states \(p_0, \ldots , p_{k1}\), \(q_0, \ldots , q_{m1}\), and \(s_1, s_2\). Let \(\mathcal O '_2\) have, for all \(0 \le i < k\) and \(0 \le j < m\), nonzero transitions \((p_i, +1, p_{i+1\,\mathrm{mod}\,k})\) and \((q_j, 1, q_{j+1\,\mathrm{mod}\,m})\), a nonzero \((p_0,1,q_1)\), and zero tests \((s_1,+1,p_1)\), \((q_0,0,s_2)\). Now paths from \((s_1,0)\) to \((s_2,0)\) correspond to solutions of \(x \cdot k  y \cdot m = 0\); the shortest path takes the first cycle \(x = m\) times and the second cycle \(y = k\) times. Exiting the second cycle uses an additional transition, making the length \(2 k m + 1\). Setting \(k = n\) and \(m = n  1\) gives an OCS \(\mathcal O _2\) with \(2 n + 1\) states where not only does the shortest path have quadratic length, but all such paths also need to use quadratic counter values.
Example 3
This example justifies the need for the term \(n \cdot \max (c_\alpha ,c_\beta )\) in Theorem 2. Modify \(\mathcal O _1\) from Example 1 as follows. Add states \(a_1, \ldots , a_n\), \(b_1, \ldots , b_n\) and the following nonzero transitions: \((a_n,1,a_1)\), \((b_n,+1, b_1)\), and, for all \(0 \le i < n\), \((a_i,0,a_{i+1})\) and \((b_i,0,b_{i+1})\). For each of these nonzero transition, apart from \((a_n,1,a_1)\), introduce also the same transition as a zero test. Finally, add two more zero tests: \((a_n,0, p_1)\) and \((q_1,0,b_1)\). Thus, the obtained OCS \(\mathcal O _3\) has 4n states. Observe that every path in \(\mathcal O _3\) from \((a_1, c_\alpha )\) to \((b_n,c_\beta )\) has to go through \((a_n, 0)\) and \((b_1,0)\) and thus has length at least \(n^2 + n (c_\alpha +c_\beta +2)\).
3 Challenges and Techniques
We now discuss shortly the intuition behind our approach to proving Theorem 1, and where the main challenges lie.
The first, obvious observation is as follows: if some configuration appears more than once on a path, then the segment between any two appearances of this configuration can safely be removed. If we apply this modification exhaustively, then on each “level” — a set of configurations with the same counter value — we cannot see more than n configurations. If the maximum counter value observed on some path were bounded by O(n), then we would immediately obtain a quadratic upper bound on its length. Unfortunately, this is not the case: as Example 2 shows, the counter values in the shortest accepting path can be as large as quadratic. Hence, applying this observation in a straightforward manner cannot lead to any upper bound better than cubic.
Instead, we perform an involved surgery on the path. The first idea is to start with a path \(\rho _\circ \) that is not the shortest, but uses the fewest zero tests; the observation above shows that their number is bounded by n. Each subpath between two consecutive zero tests is called an arc, and we aim at modifying each arc separately to make it short. An arc is called low if it contains only configurations with counter values at most 5n, and high otherwise. The total length of low arcs can again be bounded by \(O(n^2)\) by just excluding repeated configurations, so it suffices to focus on high arcs.
Suppose \(\rho \) is a high arc. Since we observe high counter values on \(\rho \), one can easily find a positive cycle\(\sigma ^+\) in the early parts of \(\rho \), and a negative cycle\(\sigma ^\) in the late parts of \(\rho \). Here by a cycle we mean a sequence of transitions that starts and ends in the same state, and the cycle is positive/negative if the total effect it has on the counter during its traversal is positive/negative. Let A be the (positive) effect of \(\sigma ^+\) on the counter, and \(B\) be the (negative) effect of \(\sigma ^\).
Now comes the crucial idea of the proof: we can modify \(\rho \) by pumping \(\sigma ^+\) and \(\sigma ^\) up many times, thus effectively “lifting” the central part of the path (called cap) to counter levels where there is no threat of hitting counter value zero while performing modifications (see Fig. 1, p. 11). More importantly, the cap can now be unpumped “modulo \(\gcd (A,B)\)” in the following sense: we can exhaustively remove subpaths between configurations that have the same state and whose counter values are congruent modulo \(\gcd (A,B)\). The reason is that any change in the total effect of the cap on the counter that is divisible by \(\gcd (A,B)\) can be compensated by adjusting the number of times we pump cycles \(\sigma ^+\) and \(\sigma ^\). In particular, the length of the cap becomes reduced to at most \(\gcd (A,B)\cdot n\), at the cost of pumping \(\sigma ^+\) and \(\sigma ^\) several times.
By performing this operation (we call it normalization) on all high arcs, we make them normal. After this, we apply an involved amortization scheme to show that the total length of normal arcs is at most quadratic in n. This requires very delicate arguments for bounding (i) the total length of the caps and (ii) the total length of the pumped cycles \(\sigma ^+\) and \(\sigma ^\) throughout all the normal arcs. In particular, for this part of the proof to work we need to assert a number of technical properties of normal arcs; we ensure that these properties hold when we perform the normalization. Most importantly, whenever for two arcs the corresponding cycles \(\sigma ^+\) (or \(\sigma ^\)) lie in the same strongly connected component of the system (looking at the graph induced only by nonzero transitions), we stipulate that in both arcs \(\sigma ^+\) (or \(\sigma ^\)) actually refer to the same cycle. The final amortization is based on the analysis of pairs of strongly connected components to which \(\sigma ^+\) and \(\sigma ^\) belong, for all normal arcs.
At least as of now, arguments of this flavor (inspired by amortized analysis reasoning) are not typical for formal language theory and are more characteristic of the body of work on algorithms and data structures; see, e.g., [6, 10].
4 Preliminaries
In this paper \(\mathbb {N}\) stands for the set of nonnegative integers. For any set X and a word \(w \in X^*\), the length of \(w = x_1 \ldots x_n\), denoted \(\textsc {len}(w)\), is the number n of symbols in w. For \(k\in \mathbb {N}\) and a word w, by \(w^k\) we denote the word w repeated k times. For two positive integers x, y, by \(\gcd (x,y)\) and \(lcm (x,y)\) we denote the greatest common divisor and the least common multiple of x and y, respectively. Recall that \(x\cdot y=\gcd (x,y)\cdot lcm (x,y)\).
We now give all definitions related to onecounter systems that we need later. For the reader’s convenience, concepts from Sect. 2 are defined anew.
A onecounter system (OCS) \(\mathcal O\) consists of a finite set of statesQ, a set of nonzero transitions\(T_{>0} \subseteq Q \times \{1,0,1\} \times Q\), and a set of zero tests\(T_{=0} \subseteq Q \times \{0, 1\} \times Q\). The set of transitions is \(T = T_{>0} \cup T_{=0}\). For a transition \(t = (q, d, q') \in T\), by \(\textsc {src}(t)\) and \(\textsc {targ}(t)\) we denote q and \(q'\), i.e., the source and the target state of t respectively. Further, the effect of the transition \(t = (q, d, q')\) is the number d; we write \(\textsc {eff}(t) = d\). We extend this notion to sequences of transitions: \(\textsc {eff}(t_1 \ldots t_m) = \sum _{i=1}^m \textsc {eff}(t_i)\). A configuration of the OCS \(\mathcal O\) is a pair in \(Q \times \mathbb {N}\). The state of a configuration (q, c) is the state q; we also say that configuration (q, c) has stateq, and write st\(((q, c)) = q\). The counter value of configuration (q, c) is the number c; we write \(\textsc {cnt}((q, c)) = c\).
A transition \(t = (q, d, q') \in T\) can be fired in a configuration \(\gamma = (q, c)\) if either \(t \in T_{>0}\) and \(c > 0\) or \(t \in T_{=0}\) and \(c = 0\). In other words, zero tests can be fired only if the counter value is zero, and nonzero transitions can be fired only if the counter value is positive. The result of firing \((q, d, q')\) in (q, c) is the configuration \(\gamma ' = (q', c+d)\). We then write \(\gamma \mathop {\longrightarrow }\limits ^{t} \gamma '\).
The projection of a path \(\rho \) is the sequence of its transitions \(t_1 t_2 \ldots t_m\); we write \(\textsc {proj}(\rho ) = t_1 t_2 \ldots t_m\). We follow the convention of denoting paths by \(\rho \) and sequences of transitions by \(\sigma \). The effect of a path \(\rho \) is \(\textsc {eff}(\rho )=\textsc {eff}(\textsc {proj}(\rho ))\). A sequence of transitions \(\sigma = t_1 t_2 \dots t_m\) is fireable in a configuration \(\gamma _1\) if there exists a path \(\rho = (\gamma _1, t_1) (\gamma _2, t_2) \ldots (\gamma _m, t_m)\). This path \(\rho \) is called the fastening of \(\sigma \) at \(\gamma _1\), denoted \(\rho = \textsc {fasten}(\gamma _1, \sigma )\). Note that in particular \(\textsc {proj}(\textsc {fasten}(\gamma , \sigma )) = \sigma \) for every \(\gamma \) in which \(\sigma \) is fireable.
A sequence of transitions \(t_1 t_2 \ldots t_m\) is consistent if for all \(i \in \{1, \ldots , m1\}\) it holds that \(\textsc {targ}(t_i) = \textsc {src}(t_{i+1})\). Note that a sequence of transitions fireable in some configuration is always consistent, but the other implication does not hold in general. We extend the notation \(\textsc {src}(\cdot )\) and \(\textsc {targ}(\cdot )\) to consistent sequences of transitions: \(\textsc {src}(t_1 t_2 \ldots t_m)=\textsc {src}(t_1)\) and \(\textsc {targ}(t_1 t_2 \ldots t_m)=\textsc {targ}(t_m)\). The sources and targets of the transitions of \(t_1 t_2 \ldots t_m\) are visited on \(t_1 t_2 \ldots t_m\).
A cycle\(\sigma \) is a consistent sequence of nonzero transitions that starts and finishes in the same state q. This q is called the base state of the cycle\(\sigma \). If the effect of \(\sigma \) is positive (resp. negative), then it is a positive (resp. negative) cycle. A cycle \(\sigma \) is called simple if every state is visited at most once on \(\sigma \), except for the base of \(\sigma \), which is visited only at the start and at the end.
5 Proof of Theorem 1
5.1 Proof Overview and Notation
Let us fix the OCS \(\mathcal O\) we work with; let Q be its state set and let \(n=Q\). Suppose \(\rho _0\) is a path from \(\alpha \) to \(\beta \), and let \(\rho _0\) be chosen such that it has the smallest possible number of configurations with counter value zero. Note that \(\rho _0\) does not have to be the shortest path between \(\alpha \) and \(\beta \). The first step is to divide \(\rho _0\) into subpaths, called arcs, between consecutive configurations with counter value zero. Then we modify the arcs separately. If a counter value in an arc does not exceed 5n, then we say that the arc is low, otherwise it is high. The low arcs will not be changed at all, and the reason is that we can bound quadratically the total number of configurations with counter value at most 5n using the following straightforward proposition. It is similar, in the spirit, to pumping lemmas, but simply removes a part of the path.
Proposition 1
However, the high arcs will be heavily modified. Roughly speaking, if an arc is high, then it contains both a positive cycle near its beginning and a negative cycle near its end. We can use these cycles to pump the middle part of the path as much up as we like. Thus, the modified path will consist of a short prefix; then several iterations of a positive cycle pumping it up; then a so called cap: a part of the path with only high counter values; then several iterations of a negative cycle pumping it down; and finally a short suffix. We show in the sequel how to perform this construction in such a way that the total length of pumping cycles, short prefixes and suffixes, and caps is quadratic. The construction itself (with arclevel length estimates) is presented in the following Subsect. 5.2, and the upper bound on the length of the entire path is given in Subsect. 5.3.
Transition multigraph. One can view a transition \((p, c, q) \in Q \times \{1, 0, 1\} \times Q\) also as an edge \((p, q) \in Q \times Q\) labelled by a number \(c \in \{1, 0, 1\}\). In the proof we will many times switch back and forth between these two perspectives. In order to keep the mathematical precision we introduce a bit of notation.
The transition multigraph\(G = (V, E, \ell )\) of an OCS consists of a set of nodes V, a multiset of directed edges E, and a labeling \(\ell : E \rightarrow \{1, 0, 1\}\). Set V equals the set of states Q. Every nonzero transition \(t = (p, c, q) \in T_{>0}\) in \(\mathcal O\) gives rise to an edge \(e = (u, v) \in E\) with \(\ell (e) = c\). Note that the definition of the transition multigraph does not take into account the zero transitions.
In the proof we pay a special attention to strongly connected components (SCCs) of G. Recall that two vertices \(p,q\in V\) are said to communicate if G has a walk from p to q and a walk from q to p. Communication is an equivalence relation, and its equivalence classes are called the strongly connected components of G. Let \(\mathfrak {S}\) be the set of all strongly connected components of G. For a strongly connected component \(S\in \mathfrak {S}\), by \(n_S\) we denote the number of vertices in S. We say that a cycle \(\sigma \) is contained in S if each state appearing on \(\sigma \) belongs to S. Note that every cycle is contained in some SCC, and a simple cycle contained in S has length at most \(n_S\). We say that an SCC S is positively enabled if it contains a cycle that has a positive effect. Similarly, S is negatively enabled if it contains a cycle that has a negative effect. Note that an SCC S can be both positively and negatively enabled.
Lemma 1
(\(\spadesuit \)). Let G be a transition multigraph of an OCS and S a positively (respectively, negatively) enabled SCC. Then there exists a positive (respectively, negative) cycle \(\sigma \) contained in S that is simple.
For every positively enabled SCC S we distinguish one, arbitrarily chosen, simple cycle with positive effect contained in S; we denote it by \(\sigma ^{+}_S\). Its existence is guaranteed by Lemma 1. Similarly, for every negatively enabled S we distinguish one simple cycle with negative effect contained in S, and we denote it by \(\sigma ^{}_S\). The base states of these cycles are chosen arbitrarily.
5.2 Normal Paths

\(\rho _\textsc {pref}\) and \(\rho _\textsc {suff}\) are low;

\(\textsc {proj}(\rho _\textsc {up}) = (\sigma _\textsc {up})^k\) for some \(k \in \mathbb {N}\), where \(\sigma _\textsc {up}= \sigma ^{+}_S\);

\(\textsc {proj}(\rho _\textsc {down}) = (\sigma _\textsc {down})^\ell \) for some \(\ell \in \mathbb {N}\), where \(\sigma _\textsc {down}= \sigma ^{}_T\);

st\((\textsc {src}(\rho _\textsc {cap}))\) is the base state of \(\sigma _\textsc {up}\); and

st\((\textsc {targ}(\rho _\textsc {cap}))\) is the base state of \(\sigma _\textsc {down}\).
We say that an arc \(\rho \) is normal if it is (S, T)normal for some \(S,T\in \mathfrak {S}\). See Fig. 1 for an illustration. Then a path \(\rho '\) is normal if it is a concatenation of normal arcs (possibly for different pairs (S, T)) and low arcs.
In the remaining part of the proof we will show that if \(\beta \) is reachable from \(\alpha \), where \(\textsc {cnt}(\alpha ) = \textsc {cnt}(\beta ) = 0\), then there exists a short normal path from \(\alpha \) to \(\beta \). We start by analyzing a single arc. The following lemma, which is the most technically involved step in this paper, shows that we can restrict ourselves to normal arcs that have a very special structure.
Lemma 2

(i)\(\textsc {proj}(\rho _\textsc {up}) = (\sigma _\textsc {up})^a\), \(\textsc {eff}(\sigma _\textsc {up}) = A\) for some \(a, A \in \mathbb {N}\);

(ii)\(\textsc {proj}(\rho _\textsc {down}) = (\sigma _\textsc {down})^b\), \(\textsc {eff}(\sigma _\textsc {down}) = B\) for some \(b, B \in \mathbb {N}\);

(iii)\(a \cdot A \le 2\cdot \textsc {len}(\rho _\textsc {cap}) + 2\cdot lcm (A, B)\);

(iv)\(b \cdot B \le 2\cdot \textsc {len}(\rho _\textsc {cap}) + 2\cdot lcm (A, B)\);

(v) no infix of \(\textsc {proj}(\rho _\textsc {cap})\) is a cycle with effect divisible by \(\gcd (A, B)\);

(vi)\(\textsc {cnt}(\textsc {targ}(\rho _\textsc {up})),\textsc {cnt}(\textsc {src}(\rho _\textsc {down}))>n\); and

(vii) all configurations appearing on \(\rho _\textsc {pref}\) and \(\rho _\textsc {suff}\) are pairwise different.
We now explain some intuition behind this statement. First note that, by condition (vii), the total number of configurations appearing on \(\rho _\textsc {pref}\) and \(\rho _\textsc {suff}\) is at most \(5 n \cdot n\), since n is the number of states of the OCS \(\mathcal O\) and both of these paths are low (so counter values 5n and above do not occur). Thus, \(\textsc {len}(\rho _\textsc {pref}) + \textsc {len}(\rho _\textsc {suff}) \le 5 n^2\). Second, we can conclude from condition (v) that every state \(q \in Q\) can occur in configurations appearing in \(\rho _\textsc {cap}\) at most \(\gcd (A, B)\) times; hence, \(\textsc {len}(\rho _\textsc {cap}) \le n \cdot \gcd (A, B) \le n^2\). Finally, condition (i) implies \(\textsc {len}(\rho _\textsc {up}) \le a \cdot n\); if, for instance, \(a \le \mathrm {const}\cdot n\), then \(\textsc {len}(\rho _\textsc {up}) \le \mathrm {const}\cdot n^2\); similarly, \(\textsc {len}(\rho _\textsc {down}) \le \mathrm {const}\cdot n^2\). Combined together, these bounds would in this case show that \(\textsc {len}(\rho )\) is at most quadratic in n.
However, this reasoning would be insufficient for our purposes, since the number of normal arcs itself can be linear in n. This motivates more subtle upper bounds (iii) and (iv) and the finegrained choice of parameter in (v). We show how to use Lemma 2 to obtain a quadratic upper bound on the size of the entire path in the following Subsect. 5.3; the remainder of the present subsection provides an intuitive sketch of the proof of Lemma 2.
Since \(\rho _\circ \) is not low, for each \(k=0,1,2,\ldots ,5n\) we can distinguish the first configuration \(\gamma _{i_k}\) on \(\rho _\circ \) that has counter value k. Consider configurations \(\gamma _{i_k}\) for \(2n\le k\le 3n\). Among these configurations, some state p repeats in two configurations \(\gamma _{i_k}\) and \(\gamma _{i_{k'}}\), for some \(2n\le k<k'\le 3n\). This means that the part of \(\rho _\circ \) between \(\gamma _{i_k}\) and \(\gamma _{i_{k'}}\) corresponds to a cycle \(\sigma \) in the transition multigraph. This cycle has a positive effect on the counter, and hence it is contained in a positively enabled strongly connected component \(S\in \mathfrak {S}\). Recall that we cannot simply pump the cycle \(\sigma \) in order to create \(\rho _\textsc {up}\), because by the definition of a normal arc, the cycle that creates \(\rho _\textsc {up}\) has to be the prechosen cycle \(\sigma _S^+\) assigned to S. This, however, poses no real difficulty for the following reason. Since p is contained in the same strongly connected component as \(\sigma _S^+\), we can travel through S from p to the base of \(\sigma _S^+\), then pump it arbitrarily many times, and then go back to p. The part \(\rho _\textsc {down}\) is defined in a symmetric manner.
More precisely, the consecutive parts \(\rho _\textsc {pref}\), \(\rho _\textsc {up}\), \(\rho _\textsc {cap}\), \(\rho _\textsc {down}\) and \(\rho _\textsc {suff}\) are defined as follows; the reader is advised to check the description against Fig. 2 while reading. First, \(\rho _\textsc {pref}\) is constructed by taking the prefix of \(\rho _\circ \) up to configuration \(\gamma _{i_k}\), and then traveling along a path \(\sigma _{pq}\) within S from p to q, the base state of \(\sigma _S^+\). Then we repeat cycle \(\sigma _S^+\) a number of times, say a, thus creating \(\rho _\textsc {up}\). The reader should think of a as of a variable, because the possibility of changing this number will be essential for the constructions to follow. Note that we chose k so that \(k\ge 2n\) in order to make sure that during these manipulations we never hit nonpositive counter values.
In a symmetrical manner we define \(\rho _\textsc {suff}\) and \(\rho _\textsc {down}\). First, we find a configuration \(\gamma _{j_{\bar{k}}}\) on \(\rho _\circ \) such that it has some counter value \(\bar{k}\) with \(2n\le \bar{k}\le 3n\), all the configurations later on \(\rho _\circ \) have smaller counter values, and its state \(\bar{p}\) belongs to a negatively enabled strongly connected component T. Let \(\bar{q}\) be the base state of \(\sigma _T^\). Then \(\rho _\textsc {suff}\) is the suffix of \(\rho _\circ \) starting from \(\gamma _{j_{\bar{k}}}\), with a path \(\sigma _{\bar{q}\bar{p}}\) appended in the front, where \(\sigma _{\bar{q}\bar{p}}\) leads from \(\bar{q}\) to \(\bar{p}\) within T. Also, \(\rho _\textsc {down}\) is constructed by repeating \(\sigma _{T}^\) a number of times, say b. We denote \(A=\textsc {eff}(\sigma _S^+)\) and \(B=\textsc {eff}(\sigma _T^)\).
Finally, we modify \(\rho _\textsc {cap}\) by unpumping it “modulo \(\gcd (A,B)\)” exhaustively: as long as there are two configurations that have the same state, and their counter values are congruent modulo \(\gcd (A,B)\), we remove the whole subpath between these configurations. When performing such an operation, the total effect of \(\rho _\textsc {cap}\) on the counter changes by a number divisible by \(\gcd (A,B)\). Hence, by adjusting once more the numbers a and b we can compensate for this change.
From the description above, it should be relatively clear that the construction yields a normal path satisfying all the conditions apart from the quantitative ones: (iii) and (iv). For this, some arithmetic calculations are needed to ensure that we can choose a and b small enough so that (iii) and (iv) hold, while all the necessary properties of a and b are satisfied. We remark that in this sketch we have glossed over some technicalities that are used to satisfy conditions (iii) and (iv).
5.3 Length of Shortest Paths
First we show that the sum of the lengths of low parts of \(\rho \) (more precisely, of low arcs, of \(\rho ^i_\textsc {pref}\) and \(\rho ^i_\textsc {suff}\)) is small. The following claim follows from a simple application of Proposition 1.
Lemma 3
Now we will estimate the length of the rest of the path \(\rho \). First, however, we have to prepare a toolbox of lemmas. We introduce the following notation. For \(S,T\in \mathfrak {S}\), let \(\mathcal {N}_{(S,T)}\subseteq \mathcal {N}\) be the set of all those indices i for which \(\rho ^i\) is (S, T)normal. Moreover, let \(\mathcal {N}_{(S,\cdot )}=\bigcup _{T'\in \mathfrak {S}} \mathcal {N}_{(S,T')}\) and \(\mathcal {N}_{(\cdot ,T)}=\bigcup _{S'\in \mathfrak {S}} \mathcal {N}_{(S',T)}\).
Lemma 4
(\(\spadesuit \)). Let \(S,T\in \mathfrak {S}\). Suppose \(i\in \mathcal {N}_{(S,\cdot )}\) and \(j\in \mathcal {N}_{(\cdot ,T)}\) for some i, j with \(1\le i<j\le k\). Then there are no two configurations \(\delta _i\) and \(\delta _j\) appearing on \(\rho ^i_\textsc {cap}\) and \(\rho ^j_\textsc {cap}\) respectively such that st\((\delta _i) = {\textsc {st}}(\delta _j)\) and \(\textsc {cnt}(\delta _i)  \textsc {cnt}(\delta _j)\) is divisible by \(\gcd (\textsc {eff}(\sigma ^{+}_S), \textsc {eff}(\sigma ^{}_T))\).
In the proof of Lemma 4 we observe that if such configurations \(\delta _i\) and \(\delta _j\) existed, then one could repeat \(\sigma ^+_S\) on \(\rho ^i\) and \(\sigma ^_T\) on \(\rho _j\) more times so that the “lifted” configurations \(\delta _i\) and \(\delta _j\) would have the same counter value. Then we could cut the whole part of the path between them, thus reducing the number of configurations with counter value zero; this would be a contradiction with the choice of \(\rho _\circ \). The following lemma is a simple corollary of Lemma 4.
Lemma 5
(\(\spadesuit \)). Let \(S,T\in \mathfrak {S}\). Then \(\mathcal {N}_{(S,T)}\le \gcd (\textsc {eff}(\sigma ^{+}_S), \textsc {eff}(\sigma ^{}_T))\).
Total length of caps. We have now all the necessary ingredients to establish the desired upper bounds on the lengths of caps. Recall that for a strongly connected component \(S\in \mathfrak {S}\) we denote by \(n_S\) the number of vertices in S.
Lemma 6
Proof
For (1), assume towards a contradiction that \(\sum _{i\in \mathcal {N}_{(S,\cdot )}} \textsc {len}(\rho ^i_\textsc {cap})>A_S\cdot n\). Then by the pigeonhole principle there exists two configurations \(\delta \) and \(\delta '\) on the paths \(\rho ^i_\textsc {cap}\) for \(i\in \mathcal {N}_{(S,\cdot )}\) which have the same state and the same counter value modulo \(A_S\). Assume w.l.o.g. that \(\delta \) is earlier in the path than \(\delta '\). By property (v) of Lemma 2, configurations \(\delta \) and \(\delta '\) cannot appear in the same path \(\rho ^i_\textsc {cap}\). Indeed, otherwise the projection of the part of \(\rho ^i_\textsc {cap}\) between \(\delta \) to \(\delta '\) would be a cycle with effect divisible by \(A_S\), so also by \(\gcd (A_S, \textsc {eff}(\sigma ^{}_T))\), where T is the SCC for which \(\rho ^i\) is (S, T)normal. Therefore they have to belong to different arcs. Let \(\delta \) belong to \(\rho ^i\) and \(\delta '\) belong to \(\rho ^j\), where \(j\in \mathcal {N}_{(S,T)}\) for some \(T\in \mathfrak {S}\). However, by Lemma 4, there are no two configurations \(\delta \) and \(\delta '\) on \(\rho ^i\) and \(\rho ^j\), respectively, such that their states are the same and the difference in counter values is divisible by \(\gcd (A_S, \textsc {eff}(\sigma ^{}_T))\). Contradiction, as \(\delta \) and \(\delta '\) are such configurations: the difference of its counter values is divisible by \(A_S\), so also by \(\gcd (A_S, \textsc {eff}(\sigma ^{}_T))\). Thus (1) is proved, and (2) follows from a symmetric reasoning. The bound (3) follows by summing (1) through all \(S\in \mathfrak {S}\) and using the facts that \(\textsc {eff}(\sigma ^{+}_S)\le n_S\) and \(\sum _{S\in \mathfrak {S}} n_S=n\). \(\square \)
Total length of positive and negative cycles. We now show that the total sum of the lengths of \(\rho ^i_\textsc {up}\) and \(\rho ^i_\textsc {down}\) is at most \(8 n^2\). This is the case where we need the key estimations (iii) and (iv) in Lemma 2.
Lemma 7
Proof
Notes
Acknowledgements
The authors are grateful to Christoph Haase and Aditya Kanade for discussions and comments.
References
 1.Alur, R., Černý, P.: Streaming transducers for algorithmic verification of singlepass listprocessing programs. In: Proceedings of the 38th ACM SIGPLANSIGACT Symposium on Principles of Programming Languages, POPL 2011, Austin, TX, USA, 26–28 January 2011, pp. 599–610 (2011)Google Scholar
 2.Atig, M.F., Bouajjani, A., Kumar, K.N., Saivasan, P.: On bounded reachability analysis of shared memory systems. In: 34th International Conference on Foundation of Software Technology and Theoretical Computer Science, FSTTCS 2014, 15–17 December 2014, New Delhi, India, pp. 611–623 (2014)Google Scholar
 3.Barrett, C., Demri, S., Deters, M.: Witness runs for counter machines. In: Fontaine, P., Ringeissen, C., Schmidt, R.A. (eds.) FroCoS 2013. LNCS, vol. 8152, pp. 120–150. Springer, Heidelberg (2013)CrossRefGoogle Scholar
 4.Bouajjani, A., Esparza, J., Maler, O.: Reachability analysis of pushdown automata: application to modelchecking. In: Mazurkiewicz, A., Winkowski, J. (eds.) CONCUR 1997. LNCS, vol. 1243, pp. 135–150. Springer, Heidelberg (1997)CrossRefGoogle Scholar
 5.Chistikov, D.: Notes on counting with finite machines. In: 34th International Conference on Foundation of Software Technology and Theoretical Computer Science, FSTTCS 2014, 15–17 December 2014, New Delhi, India, pp. 339–350 (2014)Google Scholar
 6.Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms 2nd (edn.) The MIT Press and McGrawHill Book Company. ISBN 0262032937 (2001)Google Scholar
 7.Demri, S., Gascon, R.: The effects of bounding syntactic resources on Presburger LTL. J. Log. Comput. 19(6), 1541–1575 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
 8.Etessami, K., Wojtczak, D., Yannakakis, M.: Quasibirthdeath processes, treelike QBDs, probabilistic 1counter automata, and pushdown systems. Perform. Eval. 67(9), 837–857 (2010)CrossRefGoogle Scholar
 9.Hofman, P., Mayr, R., Totzke, P.: Decidability of weak simulation on onecounter nets. In: 28th Annual ACM/IEEE Symposium on Logic in Computer Science. LICS 2013, New Orleans, LA, USA, 25–28 June 2013, pp. 203–212 (2013)Google Scholar
 10.Kozen, D.C.: Design and Analysis of Algorithms. Texts and Monographs in Computer Science. Springer, New York (1992). ISBN: 9783540976875CrossRefGoogle Scholar
 11.Lafourcade, P., Lugiez, D., Treinen, R.: Intruder deduction for AClike equational theories with homomorphisms. Research report LSV0416, Laboratoire Spécification et Vérification, ENS Cachan, France, p. 69, November 2004. http://www.lsv.enscachan.fr/Publis/RAPPORTS_LSV/PS/rrlsv200416.rr.ps
 12.Lafourcade, P., Lugiez, D., Treinen, R.: Intruder deduction for AClike equational theories with homomorphisms. In: Giesl, J. (ed.) RTA 2005. LNCS, vol. 3467, pp. 308–322. Springer, Heidelberg (2005)CrossRefGoogle Scholar
 13.Latteux, M.: Langages à un compteur. J. Comput. Syst. Sci. 26(1), 14–33 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
 14.Leroux, J., Schmitz, S.: Demystifying reachability in vector addition systems. In: 30th Annual ACM/IEEE Symposium on Logic in Computer Science. LICS 2015, 6–10 July 2015, Kyoto, Japan, pp. 56–67 (2015)Google Scholar
 15.Podelski, A., Rybalchenko, A.: ARMC: the logical choice for software model checking with abstraction refinement. In: Hanus, M. (ed.) PADL 2007. LNCS, vol. 4354, pp. 245–259. Springer, Heidelberg (2007)CrossRefGoogle Scholar
 16.Thakkar, J., Kanade, A., Alur, R.: Transducerbased algorithmic verification of retransmission protocols over noisy channels. In: Beyer, D., Boreale, M. (eds.) FORTE 2013 and FMOODS 2013. LNCS, vol. 7892, pp. 209–224. Springer, Heidelberg (2013)CrossRefGoogle Scholar
 17.Thomas, W.: The reachability problem over infinite graphs. In: Frid, A., Morozov, A., Rybalchenko, A., Wagner, K.W. (eds.) CSR 2009. LNCS, vol. 5675, pp. 12–18. Springer, Heidelberg (2009)CrossRefGoogle Scholar