Formally Verified Algorithms for Upper-Bounding State Space Diameters

A completeness threshold is required to guarantee the completeness of planning as satisfiability, and bounded model checking of safety properties. We investigate completeness thresholds related to the diameter of the underlying transition system. A valid threshold, the diameter is the maximum element in the set of lengths of all shortest paths between pairs of states. The diameter is not calculated exactly in our setting, where the transition system is succinctly described using a (propositionally) factored representation. Rather, an upper bound on the diameter is calculated compositionally, by bounding the diameters of small abstract subsystems, and then composing those. We describe our formal verification in HOL4 of compositional algorithms for computing a relatively tight upper bound on the system diameter. Existing compositional algorithms are characterised in terms of the problem structures they exploit, including acyclicity in state-variable dependencies, and acyclicity in the state space. Such algorithms are further distinguished by: (1) whether the bound calculated for abstractions is the diameter, sublist diameter or recurrence diameter, and (2) the “direction” of traversal of the compositional structure, either top-down or bottom-up. As a supplement, we publish our library—now over 14k lines—of HOL4 proof scripts about transition systems. That shall be of use to future related mechanisation efforts, and is carefully designed for compatibility with hybrid systems.