Reachability analysis of first-order definable pushdown systems

# Reachability analysis of first-order definable pushdown systems

Lorenzo Clemente University of Warsaw Sławomir Lasota University of Warsaw
###### Abstract

We study pushdown systems where control states, stack alphabet, and transition relation, instead of being finite, are first-order definable in a fixed countably-infinite structure. We show that the reachability analysis can be addressed with the well-known saturation technique for the wide class of oligomorphic structures. Moreover, for the more restrictive homogeneous structures, we are able to give concrete complexity upper bounds. We show ample applicability of our technique by presenting several concrete examples of homogeneous structures, subsuming, with optimal complexity, known results from the literature. We show that infinitely many such examples of homogeneous structures can be obtained with the classical wreath product construction.

automata theory, pushdown systems, sets with atoms, saturation technique.

Lorenzo Clemente and Sławomir Lasota

\subjclass

F.1.1 [Computation by Abstract Devices]: Models of Computation; F.2.2 [Nonnumerical Algorithms and Problems]: Computations on discrete structures; F.3.1 [Specifying and Verifying and Reasoning about Programs]: Mechanical verification; F.4.1 [Mathematical Logic]: Logic and constraint programming.

\serieslogo\EventShortName\DOI

10.4230/LIPIcs.xxx.yyy.p

## 1 Introduction

### Context.

Pushdown automata (PDS) are a well-known model of recursive programs, with applications in areas as diverse as language processing, data-flow analysis, security, computational biology, and program verification. Many interesting analyses reduce to checking reachability in the infinite configuration graph generated by a PDS, which can be done in PTIME with the popular saturation algorithm [7, 18] (cf. also the recent survey [11]). Saturation shows a slightly more general property of PDS graphs, which is sometimes called effective preservation of regularity: For a regular set of target configurations of a given PDS, the set of all configurations which can reach the target in a finite number of steps is effectively regular too. The preservation is effective in the sense that there exists a procedure which produces, from an NFA recognizing the target set, an NFA recognizing the predecessors. This is a central theoretical result in the analysis of PDS, with immediate practical applications as demonstrated by the prominent tool MOPED [17]. Therefore, it is of interest to extend this conceptually simple and yet powerful method to more general settings.

Several generalizations of the pushdown structure yielding PDS-like models admitting effective preservation of regularity are known, e.g., tree-pushdown systems [20], ordered multi-pushdown systems [9, 4], annotated higher-order pushdown systems [25, 10], and strongly normed multi-pushdown systems [14]. In this paper, instead of generalizing the pushdown structure itself, we generalize the contents of the pushdown, by allowing the pushdown symbols to be drawn from an infinite set. Our model is parametric in the choice of a countably-infinite logical structure , called atoms. We introduce and study first-order definable pushdown systems (FO-definable PDS) over , which are like usual PDS, except that control locations, stack alphabet, and transition relation are FO-definable sets over , instead of ordinary finite sets. Thus, we do not invent a new model, but we reinterpret the classical model in a new setting. This covers ordinary PDS as a special case, and allows the study of non-trivial yet decidable classes of PDS over infinite alphabets. For instance, by taking to be equality atoms , i.e., a countably-infinite set where only equality testing is allowed, we obtain (and slightly generalize) pushdown register automata [12, 6, 26].

### Contributions and organization.

The technical results of this paper and its structure are as follows. In Sec. 2, we recall the setting of FO-definable sets, FO-definable relations, and FO-definable NFA. In Sec. 3, we introduce FO-definable PDS. This is done by reinterpreting the classical model in the FO-definable framework. Our approach has the advantage that we do not need to define a new model. Instead, we reinterpret the classical model in a generic logical framework. In Sec. 4, we consider oligomorphic atoms111A structure is oligomorphic if for every , the product is orbit-finite. with a decidable first-order theory, and we show effective preservation of regularity for the backward reachability relation of configuration graphs of FO-definable PDS. This is obtained via a symbolic implementation of the classical saturation method, which comes along with a simple proof of correctness. In Sec. 5, we provide an upper complexity bound in the special case of homogeneous atoms, and in particular an ExpTime bound in the case of tractable homogenous atoms, matching the known ExpTime-hardness for equality atoms from [26]. In Sec. 6, we provide many interesting examples of tractable homogeneous atoms for which we can apply our results, including equality atoms [26] (as remarked above), but also: total order atoms , which can be used for modeling densely-ordered data values; equivalence atoms , where is an equivalence relation of infinite index s.t. each equivalence class is infinite, which can be used to model nested data values; universal tree atoms, which can be used to model dynamic topologies of concurrent programs with process creation and termination; as well as other structures, such as universal partial order atoms, universal tournament atoms, and universal graph atoms [24]. In the same section, we also show that the classic wreath product construction can be used to generate infinitely many new tractable examples from previous ones. Our logical approach has the advantage to highlight the general principle behind decidability, and we can thus prove correctness once and for all for all structures satisfying the mild assumptions above. As a byproduct, we also obtain tight complexity results for PDS over natural classes of infinite alphabets. Infinitely many such natural structures can be found by using the wreath product construction. In Sec. 7, we conclude with some directions for future work.

## 2 Preliminaries

### Sets with atoms.

Let be a countably-infinite logical structure with finite vocabulary. An element of the structure we call atom, and the whole structure we call atoms. Examples of atoms are equality atoms , i.e., an arbitrary countable infinite set with equality, and total order atoms , i.e., the rationals with the dense order. More examples of atoms will be discussed in Sec. 6. In the study of atoms, the group of automorphisms222An automorphism is a bijection of atoms that preserves all relations from the vocabulary. of plays a central role. For instance, automorphisms of equality atoms are all permutations of , and automorphisms of total order atoms are monotonic permutations of . By using atoms, we can build sets containing either previously built sets, or atoms themselves. For example, we build tuples of fixed length, or disjoint unions thereof. On such sets, we will consider the natural action of , which renames atoms while keeping intact the remaining structure. For instance, on tuples of atoms the natural action is the point-wise renaming: for and , . Similarly, on disjoint unions the action is component-wise. The action induces the notion of orbit, which is the set of elements that can be reached via renaming, i.e., . The sets in the sequel will always be equivariant, i.e., invariant under action of automorphisms333More generally, one can consider finitely supported sets. A set is supported by if it is invariant under automorphisms that preserve elements of . The results of this paper can be straightforwardly generalized to finitely supported sets.. Every orbit is equivariant by definition, and every equivariant set is a disjoint union of orbits. For instance, in total order atoms , the set is the disjoint union of 3 orbits, , , and ; and is the disjoint union of 16 orbits. A central notion is that of orbit-finite sets, which are finite unions of orbits (as opposed to arbitrary unions). Intuitively, an orbit-finite set has only finitely many elements up to renaming by atom automorphisms. Orbit-finiteness generalizes finiteness, and a substantial portion of results from automata theory carry over to the more general orbit-finite setting [5]. This paper can be seen as such a case study for the specific case of pushdown automata. For the sake of concreteness, we restrict in the rest of the paper to FO-definable sets, to be defined now; we only note that the results of this paper can be straightforwardly generalized to all orbit-finite sets with atoms.

### FO-definable sets.

Fix a structure over a finite vocabulary. We describe infinite sets symbolically using first-order logic over the vocabulary of , which we assume to always include the equality relation . A first-order formula (where we explicit list all free variables according to an implicit order) with free variables defines the subset of tuples that satisfy , i.e., . This set is always equivariant, since a formula can only compare atoms by using symbols from the signature, and automorphisms by definition respect this signature. The dimension of is the number of free variables of , denoted by . We also allow the tautologically true formula ; by convention, we take and is a singleton (for a fixed atom in ). A FO-definable set over is a finite indexed union of such sets, i.e.,

 X=⋃l∈L{l}×[φl], where L % is a finite index set.

When we want to omit the formal indexing, we just write as the finite disjoint union . Since FO-definable sets are unions of equivariant sets, they are equivariant too. When for every , then is finite and has the same number of elements as . Thus, FO-definable sets generalize finite sets.

We use FO-definable sets for control locations and alphabets of automata. In the former case, an index may be understood as a control location, and a tuple as a valuation of registers. Under this intuition, is an invariant that constrains register valuations in a control location . We do not assume that all component sets have the same dimension, i.e., the number of registers may vary from one control location to another.

### FO-definable relations.

Along the same lines, we define FO-definable binary relations. Consider two FO-definable sets and . An FO-definable relation is an FO-definable set where the indexing set is the Cartesian product , and every component set satisfies . In particular, . Relations of greater arities can be obtained by iterating the construction above. We use FO-definable relations to define transition relations of automata. The formula may be understood as a constraint on a transition from control location to control location , prescribing how a valuation of registers in before the transition relates to a valuation of registers in after the transition.

### FO-definable NFA.

As an example application of FO-definable sets and relations, we define FO-definable NFA. This model will be used later to recognize regular set of configurations of FO-definable PDS, also defined later. A classical NFA is a tuple , where is a finite input alphabet, is a finite set of states, of which those in are the final ones, and is the transition relation. Once an initial state is chosen, the definitions of run, accepting run, and language recognized by are standard. By simply replacing “finite” with “FO-definable” in the definition above, we obtain FO-definable NFA. To fix notation, an FO-definable NFA will be written as a tuple , where w.l.o.g. we assume that and have the same index set . Notice that is an FO-definable set, while is a first-order formula.

{example}

Let be the total order atoms , and let the alphabet be . Consider the language of non-empty finite words of odd length of alternating growth. This language can be recognized from state by the NFA

 A=(Γ, Q={ℓI}∪{ℓ0}×Q∪{ℓ1}×Q,F={ℓ0}×Q,δ=⨄l,l′∈{ℓI,ℓ0,ℓ1}[δlkl′]).

The initial location does not contain any register, while control locations both contain one register, which is used to guess the next input symbol and to ensure the right ordering. Formally, (we use the notation to emphasize that does not have any register), , , and for the other cases.

## 3 First-order definable pushdown systems

In this section we define FO-definable PDS and their reachability problem. According to the classical definition, a pushdown system (PDS) consists of a finite stack alphabet , a finite set of control states , and a finite set of transition rules , which is partitioned into push rules and pop rules . In this paper, we reinterpret this definition in the setting of FO-definable sets, which yields a more general model. For an atom structure , FO-definable PDS over are obtained by replacing “finite set” with “FO-definable set” in the classical definition. To fix notation, an FO-definable PDS is a tuple

 P=⟨Γ=⨄k∈K[φk], P=⨄ℓ∈L[ξℓ], ρ=ρpush∪ρpop⟩,

where444We could have also considered push rules which do not read the top of the stack, i.e., of the form . However, these would introduce -transitions during our saturation procedure in Sec. 4, which we want to avoid for simplicity. and . As in the classical case, an FO-definable PDS induces an infinite transition system , where the set of configurations is , and there is a transition between two configurations and if, and only if, either there exists a push rule s.t. , or there exists a pop rule s.t. . Let be the reflexive and transitive closure of . For a set of configurations, the backward reachability set of , denoted , is the set of configurations that can reach some configuration in :

 Reach−1P(C)={c∈C|c\lx@stackrel⟶∗c′ for some c′∈C} .
{example}

We define an FO-definable PDS over total order atoms which constructs strictly monotonic stacks, the maximal element being on the top of the stack. Let , where .

This paper concentrates on the reachability analysis for FO-definable PDS. Given an FO-definable PDS , two control locations , and a stack symbol , the reachability problem asks whether . We start with stack and we ignore the stack at the end of the computation. More general analyses can be considered by imposing regular constraints on the initial and final stack contents. These easily reduce to reachability of a regular set of configurations, which is the problem considered in the next section.

## 4 Preservation of regularity I: Oligomorphic atoms

We solve the reachability problem as a corollary of a general effective preservation of regularity result for the backward reachability relation of FO-definable PDS. To this end, we use FO-definable NFA to describe regular sets of configurations. In the following, fix an FO-definable PDS , and an FO-definable NFA s.t. . The NFA recognizes the following language of configurations of ,

 LP(A)={(p,w)∈P×Γ∗|A accepts w from state p}.

Such sets of configurations of we call regular. We assume w.l.o.g. that states of that belong to do not have incoming transitions, i.e. .

{example}

Recall the FO-definable PDS from Example 3 building strictly monotonic stacks (maximal element on top). Let be the following set of configurations

 N={(ℓI,(k,a1)⋯(k,a2n+1))∈P×Γ∗|a1≥a2≤a3≥⋯≤a2n+1}.

This set is regular, and it is recognized by the NFA from Example 2, i.e., . The backward reachability set is

 Reach−1P(N)=N∪{(ℓI,(k,a2)⋯(k,a2n+1))∈P×Γ∗|a2≤a3≥⋯≤a2n+1}.

We will see below how to compute an FO-definable NFA recognizing .

We solve the reachability problem for PDS over oligomorphic atoms.555One could also consider PDS defined by general prefix rewriting, i.e., with transitions in . For oligomorphic atoms, our simplified push/pop model can simulate prefix rewriting while preserving reachability properties (but not configuration graph isomorphism, or even bisimilarity), like in the classical case. . Oligomorphicity is an important notion in model theory [24]. Formally, a structure is oligomorphic if, and only if, for every , the set is orbit-finite. Not all structures are oligomorphic, as shown in the following example. {remark}[Timed atoms] Timed atoms is a well-known example of non-oligomorphic structure. They extend total order atoms with the successor relation . Automorphisms of timed atoms are monotone bijections of that preserve unit intervals, i.e., . To see why timed atoms are non oligomorphic, it suffices to see that already has infinitely-many orbits. Indeed, for each , has a disjoint orbit . (Since automorphisms preserve unit intervals, they preserve all integer distances.) Working in non-oligomorphic structures like timed atoms requires the use of specialized techniques, and the generic algorithm presented in this section does not terminate. We have thoroughly studied the reachability problem for FO-definable pushdown systems and automata over timed atoms in [13].

Since oligomorphic atoms are very general, we can merely state decidability of the reachability problem, without any complexity bounds. The only additional assumption that we require is decidability of the first-order satisfiability problem in the structure , which asks, given a first-order formula , whether some valuation of its free variables satisfies . {theorem} Let be an oligomorphic structure with a decidable first-order satisfiability problem. For FO-definable PDS over and an FO-definable NFA over recognizing a regular set of configurations , one can effectively construct an FO-definable NFA over recognizing . We prove Theorem 4 by using the classical saturation technique [7, 18]. We first describe a simple abstract algorithm manipulating infinite sets of transitions, and then we show how this can be implemented symbolically at the level of formulas. As in the classical case, the FO-definable NFA which is computed by the algorithm is of the form with , i.e., it is obtained by adding certain transitions to . For any relation , let be the following set of triples:

 forced(α)={(q,a,q′)|∃(q,a,q′′,b,c)∈ρpush,∃(q′′,b,q′′′)∈α,∃(q′′′,c,q′)∈α}.

The abstract saturation algorithm is shown in Fig. 1.

The algorithm is partially correct for every structure (even though it might not terminate). This follows directly from the observation that the saturated NFA has a transition between states of if, and only if, admits a run (we use here the assumption that no transition of ends in a state of ). However, on arbitrary structures saturation does not terminate, either because the inclusion checking on line is not decidable, or because it never actually holds. The first issue is addressed by the requirement that has a decidable first-order satisfiability problem, and the second one by the fact that is an oligomorphic structure.

We implement the abstract algorithm from Fig. 1 symbolically, by manipulating formulas instead of actual transitions. We assume w.l.o.g. that the index set of (the control locations of ) is the same as the index set of (the states of ). First, notice that the set is FO-definable whenever is so, since it can be expressed as follows:

 forced(α)ℓkℓ′(→x,→y,→x′):=⋁ℓ′′,ℓ′′′∈L,k′,k′′∈K ∃→x′′,→y′,→y′′,→x′′′⋅ρpushℓkℓ′′k′k′′(→x,→y,→x′′,→y′,→y′′) ∧ αℓ′′k′ℓ′′′(→x′′,→y′,→x′′′) ∧ αℓ′′′k′′ℓ′(→x′′′,→y′′,→x′),

where is the index set of , and is the index set of . Steps (0) (initialization of ) and (2) (update of ) of the algorithm are implemented by disjunction of FO-definable sets, therefore at each stage of the algorithm is an FO-definable set, and thus an equivariant set (i.e, a union of orbits). The test (3) is computable whenever first order satisfiability is so. We obtain the concrete algorithm in Fig. 2. Termination is guaranteed since is oligomorphic, which implies orbit-finiteness of . Indeed, is always a union of orbits at every stage, and therefore at least one orbit is added to at every iteration.

{example}

We apply the concrete saturation algorithm to the PDS and NFA from Example 4. Recall that , with , and , with , , (omitting the trivial cases). For the first iteration, let . We compute , for which the only nontrivial case is , which equals

 ∃y′,y′′,x′′′⋅(y

By removing quantifiers (thanks to the density of ), the former is equivalent to . Therefore, extends with the new transition . Since is not equivalent to , we go to the next iteration. We compute , for which the only new case is , which equals

 ∃y′,y′′,x′′′⋅(y

The latter is equivalent to , which is clearly unsatisfiable. Therefore is equivalent to , and the algorithms stops. It is immediate to check that recognizes precisely , where .

## 5 Preservation of regularity II: Homogeneous atoms

Relational homogeneous structures are a well-behaved subclass of oligomorphic structures, for which we are able to give precise complexity upper bounds for our saturation construction. A relational structure (i.e., with no function symbols in the vocabulary) is homogeneous if every isomorphism between two finite induced substructures666An induced substructure is a structure obtained by restricting the universe to a subset of atoms.of extends to an automorphism of the whole . This immediately implies that is oligomorphic.

###### Proposition 1.

Let be a relational homogeneous structure. For , the number of orbits of is bounded by .

###### Proof.

A tuple of elements can be seen as an induced substructure of , where elements are additionally labelled with the positions . Two such induced substructures are isomorphic exactly when the elements and satisfy the same relations in the vocabulary of . Therefore, there number of isomorphism classes is bounded by . Since is homogeneous, every isomorphism between and extends to an automorphism of the whole , and thus and are in the same orbit. Consequently, the same bound applies to the number of orbits of . ∎

All structures listed in the introduction are homogeneous relational structures. However, not all oligomorphic relational structures are homogeneous as the example below shows.

{example}

[Bit vector atoms] Let a bit vector be any infinite sequence of zeros and ones with only finitely many ones. A bit vector can be represented by a finite sequence, by cutting off the infinite zero suffix. Consider the relational structure , consisting of the set of all bit vectors, together with a unary predicate that distinguishes the zero vector, and the ternary relation that describes point-wise addition modulo 2. Automorphisms of are precisely linear mappings, i.e., bijections s.t. and . The orbit of a tuple is determined by its addition type, i.e., by the the set of all equalities of the form satisfied by . Indeed, for two tuples having the same addition type, consider the partial bijection defined as . By using the Steinitz exchange lemma, the function can be extended to a linear mapping on the whole , and thus and are in the same orbit. Therefore, the number of orbits of is finite. On the other hand, is not homogeneous. For instance, the two induced substructures and are isomorphic. Define, e.g., , and if . The reason why is an isomorphism is that needs to respect only inside its domain, and any combination of two vectors from falls outside of . However, the isomorphism does not extend to an automorphism of , since vectors in are not independent777The notion of homogeneity can be extended to structures with relations and functions, but one must consider finitely-generated induced substructures of instead of finite ones. Note that becomes homogeneous if is considered as a binary function, instead of a relation. The reason is that, in the presence of the functional symbol , the homogeneity condition for quantifies over finite induced substructures that are closed w.r.t. , unlike the substructures in our example.. It is worth mentioning that, while some atom structures are not homogenous, sometimes adding extra relational symbols (thus restricting the notion of isomorphic substructure) can make it homogeneous; cf. the example of universal tree order atoms from Sec. 6, where adding one extra relational symbol turns a non-homogeneous structure it into a homogeneous one.

Fix a homogeneous relational structure . We give a precise complexity upper-bound for the complexity of the concrete saturation procedure from Fig. 2 and, thus, for reachability. This depends on the complexity of the induced substructure problem for . The (finite) induced substructure problem for asks whether a given finite structure over the same vocabulary is an induced substructure of . This amounts to find an isomorphism mapping elements from into atoms s.t. all relations from the vocabulary are preserved. Assume that the induced substructure problem for is decidable in time , where is the size of the input. The complexity estimations below are always understood with respect to the sizes of the representing formulas. Let the width of a formula be the number of its variables. Let be the width of an input automaton, defined as the greatest width of the formulas appearing in its definition, and let be its size, defined as the sum of sizes of the defining formulas. By -relative pseudo-polynomial time complexity we mean the time complexity

 2poly(n)⋅poly(m)⋅T(poly(n)),

i.e., exponential in the width but polynomial in the size . Note that this is relative to the complexity of the induced substructure problem. {theorem} Let be a homogeneous structure with induced substructure problem decidable in time . For FO-definable PDS over and an FO-definable NFA recognizing a regular set of configurations , one can construct in -relative pseudo-polynomial time an FO-definable NFA recognizing . As a consequence, reachability in FO-definable PDS over is decidable in -relative pseudo-polynomial time.

###### Proof.

Fix a homogeneous relational structure , and suppose that its induced substructure problem is decidable in time . We show that the concrete saturation algorithm from Fig. 2 terminates in -relative pseudo-polynomial time. We use quantifier-free formulas over the vocabulary of in legal disjunctive normal form, to be defined below. A positive literal is a predicate of the form , where are variables, and is a relational symbol in the vocabulary of . A negative literal is the negation of a positive literal, and a literal is either a positive or a negative literal. We treat equality in the same way as other relations of , thus there are also equality and inequality literals. A clause is a conjunction of pairwise different literals. A clause is complete if, for every positive literal over the variables of , either or its negation appears in , but not both. A complete clause is consistent if

• the equality literals define an equivalence over the variables of , and

• the literals of are invariant under this equivalence relation, i.e., replacing variables appearing in a literal of with equivalent ones yields a literal that also appears in .

A consistent clause gives rise to a finite structure over the same vocabulary as , whose elements are equivalence classes of variables, and where a relation holds if, and only if, appears in (the choice of representative variables is irrelevant since is consistent). Thus, valuations satisfying are in one-to-one correspondence with embeddings of into , by which we mean injective homomorphisms that both preserve and reflect relations. A consistent clause is legal if, and only if, the structure is isomorphic to an induced substructure of , i.e., if there exists an embedding of into , written . Thus, a clause is legal if, and only if, it is satisfiable.

###### Proposition 2.

Legality of a complete clause of size is decidable in time .

We consider two clauses to be equal when they contain the same literals. A formula is in legal disjunctive normal form (ldnf) if it is a disjunction of pairwise different legal clauses over the same variables. We use the convention that the empty clause and the empty ldnf represent, respectively, true and false. For two formulas and with the same free variables, we say that they are equivalent, written , when , i.e., when they define the same set of tuples.

###### Proposition 3.

A quantifier-free formula can be transformed into an equivalent formula in ldnf in -relative pseudo-polynomial time.

###### Proof.

Enumerate exhaustively all complete clauses over the variables of , and keep only those clauses which are legal (which is efficiently checkable by Proposition 2), and that satisfy (computable in time polynomial in the size of ). Take . Clearly, . The time complexity claim follows since the number of complete clauses is exponential in the number of variables, but independent from the size of . ∎

For homogeneous structures, the previous claim can be strengthened to first-order formulas. Essentially, this follows from the fact that, in a homogeneous structure, existential quantification can always be resolved positively.

###### Proposition 4.

A first-order formula can be transformed to an equivalent formula in ldnf in -relative pseudo-polynomial time.

###### Proof.

As the first step, transform the input formula into prenex normal form. Then, transform the quantifier-free subformula into an equivalent ldnf, using Proposition 3. Finally, eliminate the quantifiers in sequence, starting from the innermost one, keeping the quantifier-free subformula in ldnf. Elimination of one existential quantifier is done as follows. First, distribute it over the disjunction of clauses,

 φ≡∃x⋅ψ1∨…∨ψn≡∃x⋅ψ1 ∨ … ∨ ∃x⋅ψn

and then replace every disjunct with the clause obtained from by removing those literals that contain . We claim that, after elimination of duplicates,

 φ≡ψ′1 ∨ … ∨ ψ′n′ ,

where the right-hand side is in ldnf. To this end, we show that each is legal, and that . Let and be the two substructures of defined by the two clauses. Clearly, , which immediately implies legality of by transitivity. The left-to-right inclusion of the equivalence between and is immediate, since is more discriminating. For the other inclusion , let . Let be the natural embedding of into mapping each equivalence class of variables in to the corresponding element in . Similarly, since , there exists a tuple and an embedding of into , where . The substructure induced by is isomorphic to that induced by . Let be such an isomorphism. Since is homogeneous, extends to a full automorphism of . Define . Then, , and thus .

The universal quantifier is handled with the equivalence : First we replace by an equivalent formula in ldnf by applying Proposition 3. Then, we apply the procedure above to remove the existential quantifier in , and we thus obtain another formula in ldnf s.t. . Finally, a further application of Proposition 3 to yields a formula in ldnf s.t. . ∎

By repeatedly using Proposition 4, we can implement the saturation algorithm in -relative pseudo-polynomial time: First, transform all the formulas defining states and transitions of the input automata and into ldnf. Then, in every iteration, the formula is also transformed into ldnf. Step (2) is implemented by computing the union of clauses, and the implication in step (3) reduces to the inclusion of the sets of clauses of into those of . Thus, one iteration of the algorithm requires relative pseudo-polynomial time. The total number of iterations is bounded by the number of orbits of the set , since in every iteration at least one orbit is added to . By Proposition 1, the number of orbits in bounded by where is the dimension of . Therefore, the concrete saturation algorithm runs in -relative pseudo-polynomial time for homogeneous atoms. ∎

As a consequence of Theorem 5, under a bound on the width of input automata, the PDS reachability problem is in PTime, independently of the complexity of the induced substructure problem. Moreover, the proof of Theorem 5 reveals that the polynomial above does not depend on the bound on width888We are grateful to Mikołaj Bojańczyk for noticing this fact.. {corollary} The PDS reachability problem is fixed-parameter PTime, with the width of the input automaton as the parameter.

In Theorem 5 we have shown that the complexity of the saturation procedure/reachability can be upper-bounded once we have a bound on the complexity of the induced substructure problem. We show below that, depending on the homogeneous structure, the latter problem (and thus reachability) can be of arbitrarily high complexity, or even undecidable. Therefore, the bound on the time complexity of induced substructure problem in Theorem 5 is a necessary assumption. {theorem} Let be a set of natural numbers. There exists a homogeneous structure s.t. membership in is many-one reducible to the induced substructure problem for .

###### Proof.

Let be an arbitrary set of natural numbers. Intuitively, we effectively encode the set of natural numbers in an infinite antichain of finite tournaments, and we construct a homogeneous structure s.t., for every natural number , if, and only if, the encoding of is an induced substructure of . We use the instantiation of the embedding partial order to finite directed graphs: if is isomorphic to an induced subgraph of . A tournament is a directed graph s.t., for every pair of vertices , either , or , but not both. It is known that there exists a countably infinite -antichain of finite tournaments [21]. Let be an efficiently computable bijective mapping between natural numbers and tournaments in the antichain . Let be those finite tournaments in with for some . The construction of uses the following result.

###### Proposition 5 ([24]; see also [21]).

For every -upward-closed family of finite tournaments, there is a homogeneous directed graph such that, for every finite tournament ,

Let be the homogeneous directed graph obtained by applying the proposition above to the upward closure of the antichain . Then, for a natural number , we have if, and only if, the finite tournament is in , which is the same as being in the upward-closure of , since is by construction in the antichain . By the proposition above, the latter property is equivalent to ask whether . Therefore, we can reduce membership in to the induced substructure problem in . ∎

## 6 Examples of homogeneous structures

The purpose of this section is to provide concrete examples of homogeneous structures for which we can efficiently solve the reachability problem of FO-definable PDS. Those are well known in the model-theoretic community (cf. [24]), and we present them here in order to show the wide applicability of our results. We also present a general technique, called wreath product, which can be used to derive new homogeneous structures from known ones. Recall that, by Theorem 5, if is the time complexity of the induced substructure problem of a homogeneous structure , then reachability of FO-definable PDS over is decidable in -relative pseudo-polynomial time. When the former problem is in PTime, reachability can be solved in ExpTime by the following corollary of Theorem 5. {corollary} Let be a homogeneous relational structure with a PTime induced substructure problem. For FO-definable PDS over and an FO-definable NFA recognizing a regular set of configurations , one can construct in ExpTime an FO-definable NFA recognizing . In particular, the FO-definable PDS reachability problem over is in ExpTime. All the concrete examples that we provide in the sequel, and all infinitely many examples that can be obtained by applying the wreath product, have a PTime induced substructure problem, and thus reachability is in ExpTime.

### Equality.

Equality atoms consist of a countably-infinite set together with the equality relation. Automorphisms are permutations of . Homogeneity follows from the fact that any finite partial bijection can be extended to a permutation of the whole set . This is arguably the simplest homogeneous structure. The induced substructure problem is in PTime, since it amounts to check whether the interpretation of in a given finite structure is the equality relation. By Corollary 6, reachability for FO-definable PDS over equality atoms is in ExpTime. This subsumes the result of [26], which considers a special case of our model where, among other restrictions, the input and stack alphabets are 1-dimensional, and the transition relation is quantifier-free definable (instead of FO-definable). Additionally, [26] shows that the problem is ExpTime-hard for equality atoms.

All the examples below generalize equality atoms by adding more relations to the vocabulary. We omit equality, which is assumed to always be in the vocabulary.

### Equivalence.

Equivalence atoms consist of a countably-infinite set and an infinite-index equivalence relation over s.t. each one of the infinitely-many equivalence classes is itself an infinite subset of . An automorphism of equivalence atoms is a bijection of which respects , in the sense that, for every , if, and only if, . Equivalence atoms are homogeneous. (We will see later that equivalence atoms are isomorphic with the wreath product of equality atoms with itself.) This can model hierarchically nested data, where one can check whether two elements belong to the same equivalence class, and, if so, whether they actually are the same element. Higher nested equivalence atoms can be obtained by iterating this process: -nested equivalence atoms are just equality atoms; and for any , -nested equivalence atoms can be seen as the disjoint union of infinitely many copies of -nested equivalence atoms, with one additional equivalence relation that relates a pair of elements iff they belong to the same copy.

### Total, betweenness, and cyclic order.

Total order atoms can be presented as the rational numbers together with the natural total order . Automorphisms are monotonic bijections of rational numbers. Homogeneity follows from the fact that is dense: A monotonic bijection over a finite domain extends to an automorphism of . The induced substructure problem is in PTime, since it amounts to check whether the interpretation of in a given finite structure is a total order. This can be used to model qualitative time, where events are totally ordered, but no information is available on the distance between them. Another instance is given by data-centric applications [16].

Betweenness order atoms use the betweenness relation , which is obtained by considering the order up to reversal: holds when lies between and , i.e., either or . This can be used to model time where one is not interested on the order between the events themselves, but rather on whether an event happened between two other events. Cyclic order atoms use the ternary cyclic ordering obtained by bending the total order into a circle. Formally, if either , or , or . This can model a notion of qualitative cyclic time, where events cyclically repeat, but no precise timing information is available. For both betweenness and cyclic order atoms, the induced substructure problem is in PTime.

### Universal partial order and preorder.

Every relational homogeneous structure is obtained as the Fraissé limit of the set of all its finite induced substructures [19]. (We do not formally define here the notion of Fraissé limit, which is a central tool for constructing homogeneous structures; cf. [24].) For instance, total order atoms are the Fraissé limit of all finite total orders. Partial order atoms are obtained as the Fraissé limit of the set of all finite partial orders. The induced substructure problem amounts to determine whether the interpretation of in a given finite structure is a partial order, which can clearly be done in PTime. This can be used to model the ordering of events in distributed systems. Along the same lines one obtains preorder atoms.

### Universal tree order.

A tree order (or semilinear order) is a partially ordered structure s.t. a) every two elements have an common upper bound, and b) for every element, its upward closure is totally ordered. Tree order atoms are obtained as the Fraissé limit of the set of all finite tree orders. Intuitively, tree order atoms consists of a countably-infinite tree order where each maximal path is isomorphic to total order atoms. Tree order atoms as presented here are not homogeneous. Intuitively, this happens because isomorphic substructures have least upper bounds outside the structures themselves, and they might relate to those in an incomparable way. This can be amended by introducing be the following ternary relation: holds when the lub of and is incomparable with . Then, is homogeneous, and it can be obtained as the Fraissé limit of the set of all extended finite tree orders . The induced substructure problem is in PTime for .

### Universal graph and tournament.

Universal graph atoms are obtained as the Fraissé limit of the set of all finite graphs. This is also known as Rado’s graph or the random graph. The induced substructure problem is trivial since the universal graph contains an isomorphic copy of every finite graph. Similarly, universal tournament atoms are the Fraissé limit of the set of all finite tournaments, where a tournament is an irreflexive graph s.t., for every two nodes , either , or . Given a graph, it is clearly checkable in PTime whether it is actually a tournament, thus the induced substructure problem is in PTime also in this case.

### Wreath products.

We conclude this section by giving a construction which allows to compose homogeneous structures in order to produce new ones. Given two relational structures and , their wreath product is the relational structure , where if , and if and . Intuitively, is obtained by replacing each element in with a disjoint copy of . It can be checked that, if the two structures and are homogeneous, then the same holds for their wreath product . The induced substructure problem for reduces in PTime to the same problem for and : is an induced substructure of if, and only if, is an induced substructure of , and for every , is an induced substructure of . Therefore, if both and have a