Model Checking Parameterized Asynchronous Shared-Memory Systems

We characterize the complexity of liveness verification for parameterized systems consisting of a leader process and arbitrarily many anonymous and identical contributor processes. Processes communicate through a shared, bounded-value register. While each operation on the register is atomic, there is no synchronization primitive to execute a sequence of operations atomically. We analyze the case in which processes are modeled by finite-state machines or pushdown machines and the property is given by a B"uchi automaton over the alphabet of read and write actions of the leader. We show that the problem is decidable, and has a surprisingly low complexity: it is NP-complete when all processes are finite-state machines, and is PSPACE-hard and in NEXPTIME when they are pushdown machines. This complexity is lower than for the non-parameterized case: liveness verification of finitely many finite-state machines is PSPACE-complete, and undecidable for two pushdown machines. For finite-state machines, our proofs characterize infinite behaviors using existential abstraction and semilinear constraints. For pushdown machines, we show how contributor computations of high stack height can be simulated by computations of many contributors, each with low stack height. Together, our results characterize the complexity of verification for parameterized systems under the assumptions of anonymity and asynchrony.

💡 Research Summary

The paper investigates the model‑checking problem for liveness properties in a parameterized asynchronous shared‑memory setting. The system consists of a distinguished leader process and an unbounded number of identical contributor processes, all communicating through a single bounded‑value register. Each read or write on the register is atomic, but there is no primitive for executing a sequence of operations atomically, which captures the asynchronous nature of the model.

The authors formalize the system as languages over appropriate alphabets: the leader’s behavior is an ω‑language D, the contributors’ behavior is an ω‑language C (the same for every contributor), and the register’s admissible sequences of reads and writes form a language S. The k‑instance of the network, containing one leader and k contributors, is expressed as a combination of shuffle (‖) and asynchronous product (⋈) operators: N(k) = D ⋈ S ⋈ G^k C, where G^k C denotes k copies of C. The overall network N is the infinite union over all k ≥ 1 of N(k).

A central notion introduced is compatibility: a leader word u ∈ D is compatible with a multiset M of contributor words if there exists a witness s ∈ S such that the interleaving (u ‖ s ‖ ⋈_{v∈M} v) is non‑empty. The authors prove a stuttering property for S, showing that extra repetitions of contributor actions preserve compatibility, and from this derive the copy‑cat lemma, which allows arbitrary duplication of any contributor word already present in M.

The model‑checking problem is defined as follows: given a leader automaton D, a contributor automaton C, and a Büchi automaton A over the leader’s alphabet (representing the ω‑regular liveness property), decide whether the language N ∩ L(A) is non‑empty. The paper studies this problem for two classes of automata: finite‑state machines (FSM) and pushdown machines (PDM).

Finite‑state case (FSM, FSM).
The authors construct an existential abstraction that over‑approximates the set of possible infinite executions. They encode the interaction between the leader, the register, and the contributors as a system of linear (semilinear) constraints over the counts of contributor actions of each type. Compatibility reduces to the existence of a solution to these constraints together with a reachable loop in the leader’s Büchi automaton. Since the constraints are linear and the loop can be guessed nondeterministically, the problem lies in NP. NP‑hardness follows from a reduction of 3‑SAT, establishing NP‑completeness. The key insight is that, despite the unbounded number of contributors, the effect of all contributors can be summarized by a finite vector of counts, thanks to the anonymity and the stuttering property.

Pushdown case (PDM, PDM).
When both leader and contributors are pushdown machines, the situation is more delicate because contributors may need arbitrarily large stack heights to realize certain infinite behaviours. The authors introduce the concept of effective stack height and prove a distribution lemma: any run whose effective stack height exceeds a certain bound can be simulated by a collection of runs each with bounded effective stack height, provided enough contributors are available. Consequently, a pushdown system with bounded effective stack height can be simulated by a finite‑state machine whose size is exponential in the bound. This yields an NEXPTIME algorithm: guess a bound, construct the exponential‑size FSM, and apply the NP‑procedure from the finite‑state case. PSPACE‑hardness is inherited from the known PSPACE‑completeness of reachability for a single pushdown system, giving the lower bound.

Thus the main results are:

• MC(FSM, FSM) is NP‑complete.
• MC(PDM, PDM) is PSPACE‑hard and lies in NEXPTIME.
• The parameterized setting exhibits lower complexity than the corresponding non‑parameterized problems (where liveness for finitely many FSMs is PSPACE‑complete and for two pushdown systems is undecidable).

The paper interprets these findings as an illustration of the “noisy” effect of having arbitrarily many anonymous contributors: the abundance of processes limits the ability to enforce intricate synchronisations, thereby simplifying verification. This phenomenon parallels known results for lossy channel systems, where imperfections in communication lower verification complexity.

In conclusion, the work provides a thorough complexity classification for liveness verification of parameterized asynchronous shared‑memory systems, introduces novel technical tools (existential abstraction with semilinear constraints, effective stack height distribution), and highlights how anonymity and asynchrony can make otherwise intractable verification problems tractable. Future directions include extending the model to multiple registers, richer communication primitives, or more expressive temporal logics.