Static Analysis and Stochastic Search for Reachability Problem

This paper focuses on a major improvement on the analysis of reachability properties in large-scale dynamical biological models. To tackle such models, where classical model checkers fail due to state space explosion led by exhaustive search. Alternative static analysis approaches have been proposed, but they may also fail in certain cases due to non-exhaustive search. In this paper, we introduce a hybrid approach ASPReach, which combines static analysis and stochastic search to break the limits of both approaches. We tackle this issue on a modeling framework we recently introduced, Asynchronous Binary Automata Network (ABAN). We show that ASPReach is able to analyze eﬃciently some reachability properties which could not be solved by existing methods. We studied also various cases from biological literature, emphasizing the merits of our approach in terms of conclusiveness and performance. keyword: Model checking, Reachability problem, Asynchronous Binary Automata Network, Local Causality Graph, Heuristics, Answer Set Programming.


Introduction
With increasing quantities of available data provided by new technologies, e.g. DNA microarray [22], there is a growing need for expressive modelings and their related high-performance analytic tools. Among them, works on concurrent systems have been of interest in systems biology for over a decade [4,5,35]. If model validation is a major concern, one of the main challenges nowadays is predicting the behavior of these systems.
Reachability problem on formal models is a critical challenge where both validation problems (whether the model satisfies the a priori knowledge) and prediction problems (properties to be discovered) meet. From a formal point of view, numerous biological properties in computational models can be transformed to reachability properties. For example, the reachability of state 0/1 of a could represent the activation/inhibition of certain gene or synthesis of a protein, while initial state could represent initial observation in an experiment. If the reachability of a certain state contradicts with the a priori knowledge, one can modify the model and/or design a new experiment to verify whether there is an error in the a priori knowledge or former observation. Also, reachability analysis is of help to medicine design: for example if one wants to prevent the carcinogenesis of a cell (target state), one possible solution is to find the critical pathways towards the target state and design a medicine to cut them in order to keep the cell healthy.
In the domain of model checking, reachability has been of great interest for over 30 years [10,11]. Various modeling frameworks and semantics in bioinformatics have been studied: Boolean network [2], Petri nets [23,14], timedautomata [12,36]. These approaches rely on global search and thus face state explosion problem as the state space grows exponentially with the number of variables. In [28], it has been shown that the reachability problem of Petri net is exponential time-hard and exponential space-hard, and this conclusion does not change even under some specific conditions [14]. For 1-safe Petri nets, the complexity of reachability analysis is generally PSPACE-complete [8]. Li et al. [20,21] investigated theoretically the stability, the controllability and the reachability of Switched Boolean Networks, but their method remains computationally expensive; Saadatpour et al. [30] researched only the reachability of fixed points.
To tackle the complexity issue, symbolic model checking [6] based on ordered binary decision diagrams (OBDDs) and SAT-solvers (satisfiability) [1] have been studied over years, but still fail to analyze big biological systems with more than 1000 variables. Bounded Model Checking (BMC) [9] is an efficient approach but generally not complete as its searching depth is limited to a given integer k.
Beside these approaches, abstraction is an efficient strategy to deal with such models of big scale. It aims at approximating the model while keeping the most important parts influencing the reachability. Abstract methods often have better time-memory performance but with a loss of information. They solve usually a simplified version of the original model, i.e. the results from these approaches are not necessarily compatible with all the properties of the original model. While studying reachability problems, the system dynamics is abstracted to static causalities between states and transitions.
We have designed a new discrete modeling framework for a concurrent system [7]: Asynchronous Binary Automata Network (ABAN). In ABAN, we applied the approach developed by Paulevé et al. [25,15,26] to address reachability problem. This approach refers to a static abstraction of the reachability (with an over-approximation and an under-approximation of the real dynamics). It is based on an abstract interpretation: Local Causality Graph (LCG). This interpretation drastically reduces the searching state-space thus avoids costly global search [27]. However, this pure static analysis is not complete as there are inconclusive cases which can not be decided reachable or not.
Many biological networks are encoded in Boolean style, e.g. [2,18], because BN is a simple formalism but with strong applicability: discretization in BN is a way to handle the imprecision of a priori knowledge on the model. However BN may be not expressive enough. As to the modeling of the dynamic behavior "a ← 1 at moment t + 1 if b = 1 at moment t", one has a(t + 1) = b(t) in BN. a always follows the evolution of b but with a potentially unwanted behavior "a ← 0 when b = 0 at moment t". ABAN models this dynamics as via {b 1 } → a 1 without this redundancy. Besides, BNs are transformable to ABANs, and this property makes our approach applicable to a wider domain (Appendix A).
Our work shares similar concerns but we combine static analysis and bounded model checking. We have developed a heuristic approach PermReach to attack reachability problem [7] which is more conclusive than pure static analysis but time-consuming and still not able to solve reachability problems under certain conditions. In this paper, we propose a hybrid approach ASPReach based on the former LCG reasoning and a non-exhaustive search in the LCG to obtain a more conclusive solution of reachability problems. ASPReach allows one to solve the cases where other static methods fail. Furthermore, it can also solve the reachability of a set of states which to our knowledge has never been done in static way. We assess the value of our contribution using benchmarks on biological examples from the literature. This paper is organized as follows: Section 2 introduces the formal background and the formalization necessary to the understanding of the work; Section 3 presents the concrete methods and algorithms composing the whole approach; Section 4 shows the benchmarks evaluating our approach and other alternatives; Section 5 concludes this paper.

Formalization
Notations: a i means automaton a is taking value i; x :: y is the sequential connector of entities x and y, where x appears just before y; a.next is the immediate successor of a; a.pred is the immediate predecessor of a.
Boolean Network is a traditional and efficient modeling framework, with many biological networks encoded in BN [18]. To describe the dynamical properties more precisely, Automata Network is introduced [7,29]. It can be considered as a subset of communicating finite state machines or safe Petri Nets.
Asynchronous Binary Automata Network (ABAN) is a special case of Automata Network. "Asynchronous" implies the update scheme that no more than one automaton can change its value at a time. Asynchronous update scheme makes a trade-off between the biological reality and complexity. From a given state, biological systems may evolve to multiple future states (e.g. cell differentiation), but it is costly to simulate generalized ANs where arbitrary subsets of automata can be updated simultaneously. "Binary" implies that every automaton has exactly two possible states (0, 1). In Appendix A, we show how to transform a Boolean Network into ABAN. •  To describe the evolution in an ABAN, we use the notion of trajectory.
Definition 4 (State sequence). Given an ABAN AB = (Σ, L, T ) and a global initial state α ∈ L and trajectory t, the state sequence seq = s 1 :: · · · :: s i :: · · · :: s n with s i ∈ LS is formed by the updated local states during the trajectory t.    As to reachability problem, given an ABAN AB = (Σ, L, T ), the joint reachability REACH(α, Ω) is formalized as: joint state Ω is reachable iff there exists a trajectory t s.t. α · t = Ω. Partial reachability reach(α, ω) is defined analogously: local state ω = a i is reachable iff there exists a trajectory t s.t. (α · t)[a] = a i . REACH(α, Ω) and reach(α, ω) take Boolean values True, False or Inconclusive if it cannot be decided. In Fig. 1, Ω = a 1 , b 1 , c 1 , d 1 , e 0 or ω = a 1 is reachable from initial state α via trajectory t, i.e. reach(a 1 ) = True and REACH(α, Ω) = True. In fact, the reachability of a joint state even a global state is equivalent to that of one local state. Given a set of target states {a i , . . . z j }, by adding a new automaton x to Σ, setting its initial state to x 0 and adding transition {a i , . . . z j } → x 1 to T , REACH(α, {a i , . . . z j }) is thus equivalent to reach(α, x 1 ). For convenience, we study partial reachabilities in this paper.
Paulevé et al. [26] have proposed Local Causality Graph (LCG) to analyze reachability problems statically. LCG abstracts the original problem through an over-approximation (necessary condition) and an under-approximation (sufficient condition). It is a very efficient tool as there is no global search and all the operations are bounded in polynomial complexity. However LCG does not guarantee to obtain a result, i.e. some inconclusive instances satisfy the necessary condition and fail sufficient conditions. In this paper, we make use of LCG by removing some elements needed only in multivalued networks, then we try to analyze it more deeply to solve inconclusive cases of binary valued systems. In fact, Didier et al. have shown a technique to transform a multivalued network to Boolean network [13], which provides us the applicability to multivalued situations.
Definition 5 (LCG). Given an ABAN AB = (Σ, L, T ), an initial state α and a target state ω, where V state ⊆ LS is the set of local states, V solution ⊆ T is the set of solutions and V a is the set of required local states of sol ai .
Example 2. Fig. 2 shows the LCG for analyzing reach(a 1 ) in Fig. 1. Figure 2: Visualization of LCG, with the squares representing local states and small circles representing solution nodes. ∅ signifies that there is no need to link any transitions, i.e the former state d 0 is in the initial state.
Algorithm 1 describes how to construct an LCG from an ABAN AB = (Σ, L, T ). Starting from a given target state Ls = ω, one can find all the transitions T s ⊆ T reaching ω and add edges ω → T s . Then we find all the heads A of T s and add edges T s → A and replace Ls with A (recursion). Finally, we update the structure until Ls ⊆ α or there is no transition with body in Ls.

Algorithm 1 Construction of LCG
Input: an ABAN AB = (Σ, L, T ), an initial state α, a target state ω Intuitively, when the recursive construction is complete, SLCG is in fact a digraph with state nodes V state and solution nodes V solution . E consists of the edges between local state nodes and solution nodes. To access certain local states, at least one of its successor solutions (corresponding transitions from solution nodes) need to be fired; to make one solution node firable, all of its successor local states need to be satisfied. A recursive reasoning of reachability begins with a state node representing target local state, goes through a i → sol ai → b j · · · and ends with initial state (possibly reachable) or a local state without solution successor (unreachable).
With LCG, it is easy to verify whether their are potential pathways from the target state ω to the initial state α. If there does not exist such a pathway, one can ensure that ω is not reachable from α. [27] explains this local reasoning.
Definition 6 (Pseudo-reachability). Given an LCG l = (V state , V solution , E) with global initial state α, the pseudo-reachability of node v ∈ V state is defined as However, pseudo-reachability is named "pseudo" because it is only an overapproximation of reachability, i.e. it reveals a necessary condition of reachability.
Both a 1 and b 1 are reachable, but they can not be reached simultaneously. In such LCG, there are two branches, a 1 → b 0 and b 1 → a 0 , the automata a and b involve themselves in different branches, the reachability of a 1 impedes the reachability of b 1 and vice versa.
Also, the recursive reasoning does not terminate if there exists cycles in LCG. While computing the pseudo-reachability, self-dependent form reach (l, a i ) = . . . = reach (l, a i ) will appear. Dealing with cycles becomes inevitable.
Definition 7 (Cycle). In an LCG, a cycle is formed by a sequence of nodes linked as follows: To identify cycles, we search instead Strongly Connected Components (SCC) of size greater than one. Because cycles may interlace and there is no such problem in SCC. In other words, a SCC may contain several nested cycles which connect to each other. [33] shows that the detection of SCCs can be done in O(|V | + |E|) time, with |V | the cardinality of the vertices and |E| the cardinality of the edges. LCG is usually a sparse graph, as in biological systems, the components mostly interact with only a part of the system, hence the outdegree can be considered of O(1) and the detection of SCCs 1 can be done in O(|V |), i.e. linear time.
Theorem 1. Given a cycle x → • → · · · → • → x in an LCG, if there is at most one incoming edge to the cycle, the cycle can be removed.
Proof. If there is no incoming edge, the target state y must be in the cycle. The edge y.pred → • → y can be removed, because the reachability of y.pred requires y, but y is the target state, which is never reached before the other local states in the LCG are reached. Thus the transition corresponding to this edge is never fired and the edge can be removed. Similarly, if there is an outside incoming edge a → • → x, a must be the successor of target state y or the target itself, x.pred → • → x can hence be removed. To reach x, we need to reach z, but z cannot depend on x as x is already to be reached. Self-dependence appears: Unfortunately, not all cycles are removable via Theorem 1. Example 5 explains the issue.  Proof. Suppose an arbitrary cycle C = a i → · · · b j → · · · → a i , with → an edge in the LCG. Note that reach (α, a i ) =⇒ reach (α, b j ) =⇒ reach (α, b j .next) =⇒ · · · =⇒ reach (α, a i ). According to the definition of reach , reach (α, a) = True only if ∃c k ∈ C and c k ∈ α. If there exists such c k , C should not exist as the reasoning stops at c k and does not form a cycle, contradiction. reach (α, a i ) = reach (α, b j ) = · · · = False.

ASPReach Algorithm
In this section, we present the main contribution of this paper, our analyzer ASPReach: an algorithm for checking the reachability of a target local state ω from a global initial state α (which can also be partial) in a given ABAN. However, exhaustive search leads to heavy computation and huge need of memory. The algorithm proposed below tries to overcome those shortcomings by combining static analysis and stochastic search into the following hybrid approach. ASPReach: • Input: An ABAN AB, an initial state α, a target state ω and a max number of iterations k -Back to step (iv) • Generate all trajectory that starts with α in l using ASP -If a trajectory t ending with ω is found, return True

return Inconclusive
LCG illustrates the causality between necessary transitions to be fired to reach the target state; the tentative of removing cycles simplifies the LCG and keep the reachability unchanged; pseudo-reachability allows one to filter some unreachable cases based on the topology of LCG. The heuristic approach is the core of our algorithm. Stochastic choices avoid combinatorial explosion on different OR Gates. The ASP part searches thoroughly the result but does not traverse the whole state space (ASP solver starts from constraints, finds one consistent order and terminate the search).  for v ∈ V state do 14: if ∃(v, v ) ∈ E then 15: for v ∈ V state do // Treat each OR gates 26: pick a random element (v, v ) ∈ E 27: (r, t) ← ASPsolve(l ) 29: if r = True then return (True, t) 30: return (Inconclusive, ∅) Algorithm 2 provides the detailed pseudocode of the algorithm taking an LCG l as input whose detailed construction is given in Algorithm 1. Lines 4-8 delete all cycles with at most one incoming edge. After removing cycles, the LCG may contain nodes without successor. Such nodes can be pruned since they do not lead to initial state (Line 9-18). This preprocessing reduces the search space of the stochastic search performed in step 4. Now l is pruned and might be cycle-free. Static analysis of l can then be used as heuristics to check pseudoreachability (Definition 6) in order to detect some unreachability cases (Lines 19-21) which may conclude before searching. LCG shows the dependencies between local states and transitions. A pathway in LCG suggests a possible trajectory of reaching the target state. If pseudoReach(l, ω) = False, we can ensure that ω is unreachable, as pseudo-reachability checks a necessary condition of reachability. If reach (l, ω) = True, static analysis is not sufficient for reachability analysis. When static analysis fails, a stochastic search is performed at most k times (line [22][23][24][25][26][27][28][29] to find a state sequence from the initial state α to target state ω. If there remain cycles with multiple incoming edges, according to Theorem 2, ω is unreachable. The value of k will be discussed later in the evaluation section. Random choices are made to fix a value for each OR gate of the LCG allowing to perform a reachability check by generating all possible variable assignment order using ASP. Keep in mind that every state node is an OR gate, we have to choose one of its successor solution nodes to access the state. A set of OR gate choices is called an assignment.

Stochastic Search
As every OR gate has multiple choices, to avoid combinatorial explosion, we use a simple heuristic: choose randomly one assignment for each trial. Then we can construct a new LCG without OR gate, every state node has exactly one successor solution node.
After applying heuristics to delete OR gates, we use ASP (Answer Set Programming) [3] to analyze the newly obtained LCG with only AND gates. ASP is a prolog-like declarative programming paradigm. It uses description and constraints of the problem (called rule) instead of imperative orders. ASP solver tackles problems by generating all the possibilities respecting the constraints. We use Clingo [16] which is a combination of grounder Gringo and solver Clasp. Given an input program with first-order variables, grounder computes an equivalent ground (variable-free) program for an ASP program, while solver selects admissible solutions (answer sets) in the ground.
A rule is in the following form: a 0 ← a 1 , . . . , a m , not a m+1 , . . . , not a n .
where the element on the left of the arrow is called head and the ones on the right called body. a 0 is True if a 1 , . . . , a m are True and a m+1 , . . . , a n are False. Some special rules are noteworthy. A rule where m = n = 0 is called a fact and is useful to represent data because the left-hand atom a 0 is thus always True. It is often written without the central arrow. On the other hand, a rule where n > 0 and a 0 =⊥ is called a constraint. As ⊥ can never become True, if the right-hand side of a constraint is True, this invalidates the whole solution.
Constraints are thus useful to filter out unwanted solutions. The symbol ⊥ is usually omitted in a constraint. Programs can yield no answer set, one answer set, or several answer sets. For example, the program b:-not c. c:-not b. produces two answer sets: {b} and {c}. Indeed, the absence of c makes b true, and conversely absence of b makes c true. Cardinality constraints are another way to obtain multiple answer sets. The most usual way of using a cardinality is in place of a 0 : . . . , q k }u ← a 1 , . . . , a m , not a m+1 , . . . , not a n .
where k ≥ 0, l is an integer and u is an integer or ∞. Such cardinality means that under the condition that the body is satisfied, the answer set X must contain at least l and at most u atoms from the set {q 1 , . . . , q m }, or, in other words: l ≤ |{q 1 , . . . , q m } ∩ X| ≤ u.
After the facts, we want the nodes to appear in an order by which we can fire all the transitions sequentially from initial state to target state.
The rough idea is: If different states of one automaton a appear, e.g. a 0 and a 1 . One of them must be in initial state (suppose a 0 ). The transitions with head a 0 have to be fired before a 0 flipping to a 1 , otherwise there is no solution node in the LCG which allows a 1 return to a 0 . In other words, the predecessor of a 0 must appear before a 1 . Core rule describes this constraint.
Notation: a b means a appears before b. When analyzing the LCG in Fig. 3, Rule 1 gives b 0 a 1 , a 1 c 1 , a 0 b 1 , b 1 c 1 ; Rule 2 gives a 0 c 1 and b 0 c 1 ; Rule 3 gives a 1 b 1 and b 1 a 1 which is impossible, therefore there does not exist a state sequence to reach c 1 from initial state. c 1 is unreachable.
If we find a state sequence consistent with all the order constraints, we can obtain its corresponding trajectory, thus we are sure that the target state is reachable. Still, ASPReach is not complete. A counter-example is shown in Fig. 6, when there are multiple branches of one OR gate leading to unreachability, the result can be inconclusive. There is a tricky way to deal with this issue when |ORgates| is not big: we set a limit n, if |ORgates| < n, we shift the heuristics on the assignment of OR gates to the enumeration of all possible assignments. This "hacking" can deal with some inconclusiveness. In the benchmarks in the next section, inconclusive instances appear neither in biological examples nor in random generated tests.
We also show some algorithmic properties of ASPReach: Theorem 3 (ASPReach termination and correctness). Let l = (V state , V solution , E) be an LCG with initial state α and target local state ω and k > 0 be an integer. The call ASPReach(l,k) terminates.
Proof is given in Appendix B.

Evaluation
In this section we evaluate our approach through various experiments. All tests were run on a Intel Core i7-3770 CPU, 3.4GHz with 8Gb of RAM computer. To validate our approach, we first tested a small model, λ-phage model [34] to compare with an alternative reachability analyzer Pint [27] implementing solely analysis using LCG [25,15,26]. In this model with 4 automata and 12 transitions (without taking consideration of the self-regulations), our result shows complete conclusiveness while Pint cannot (Fig. 7). PermReach [7] is not able either to handle some of the special cases where multiple states of one automaton appear in different branches (Fig. 8). Theses cases are solvable by ASPReach. The whole approach is implemented in Python3 2 . The call of ASP is done by package pyasp 3 .
To evaluate the scalability in in silico networks, we take T-cell Receptor model (TCR) [31] and epidermal growth factor receptor model (EGFR) [32] as examples, with the former one containing 95 automata and 206 transitions and the latter one containing 104 automata and 389 transitions respectively.
These models are originally Boolean networks. According to the approach in Appendix A, BNs are transformed into ABANs. Here, we ran the same test as in [15]. In the TCR model, we take 3 automata as input (cd4 cd28 tcrlig), varying exhaustively their initial states combinations (2 3 ), take the reachability of states of 5 automata (sre ap1 nfkb nfat sigmab) as output. Similarly we carried a bigger test on EGFR model with 13 automata as input and 12 automata as output. We first tested the performance of traditional model checkers, Mole 4 and NuSMV 5 , in which Mole turns out to be memory-out for 6 in 12 outputs, and all memory-out for NuSMV in model EGFR. Due to the big state space, traditional model checkers are not applicable. In the TCR tests, our approach gives exactly the same result as Pint did. As for EGFR tests, ASPReach returned no inconclusive output. As seen in Table 1, our approach can be more conclusive than Pint for ABANs. In the configuration of heuristics, we set a threshold for OR gates. If there are less than 10 OR gates after preprocessing, the computation will be shifted from heuristic to the enumeration of all combinations of OR gates.
Here is the case for these three benchmarks. The experiments show the ability of ASPReach is already more conclusive than Pint in "simple" cases.
To test the global applicability of ASPReach, we ran two sets of tests on random models generated as follows: Given the number of transitions, for every transition tr, the head a h is randomly chosen from LS, the first element of the body A 1 is chosen from Fig. 9(a) shows the average run time of ASPReach on randomly generated   [15].
ABAN. In this experiment, we fixed the number of transitions to |Σ| × 3 and each transition has a random number of heads from 1 to |Σ − 1|, with Σ the number of automata of the generated ABAN. For traditional model checkers like NuSMV and Mole, memory-out cases begin to appear when |Σ| > 50, so the runtime results are not displayable in Fig. 9(a). Also, Pint is not able to check all test sets of any |Σ|. Even though the curve of average runtime of our approach shows an exponential-like tendency, ASPReach is very fast for |Σ| < 100 (less than 0.03s) and can also perform on models with 1000 automata. Moreover, the longest runtime among the test sets is less than 20s. Because we stop the computation if one reachability check takes more than 20s and we note it as timeout. This result suggests that the heuristic approach of ASPReach has a good performance in conclusiveness in general as the testing models are generated randomly. Another test is on the different density with the same number of automata. In Fig. 9(b), we fixed |Σ| = 20 and vary the number of the transitions per automaton (density) from 1 to 12. The runtime peak is at density 8, a possible explanation is that even the topology of the network is more complex with the growth of density, more available transitions lead to more pathways from the initial state to the target state, thus the heuristics may end with less trials.
These experimental evaluations show that ASPReach has a better scalability on reachabilty analysis than traditional exhaustive model checkers and a better performance regarding conclusiveness than existing static analyzer.

Conclusion
In this paper, we present the ABAN modeling framework and its model-related reachability analyzer ASPReach. Facing the two critical challenges: complexity and conclusiveness, we combine static analysis and Answer Set Programming for a good performance on both criteria. ASPReach performs normally on models We are now considering an incorporation of heuristics in the preprocessing phase, like the work of [19], to improve the performance of our approach regarding runtime. The development of dedicated heuristic for the orientation of the random search in ASPReach remains also a future work.
As to biological application, one path of research is the interfacing of our approach with model inference approaches. Biological models can be inferred from experimental data through machine learning techniques (e.g. [17]), but obtained models are not necessarily consistent with the a priori background knowledge about the dynamics of system. Thus it is important to check these obtained models and revise them to make them consistent with such background knowledge. In the case of reachability properties, our approach could be use as a model checker and a mean to enforce such properties in a model under construction.
The call ASPReach(l,k) terminates. ASP Reach(l, k)=(False, ∅) only if t a trajectory in l from α to ω. ASP Reach(l, k)=(True, t) only if ∃t a trajectory in l from α to ω.
Proof. 1: The algorithm starts by breaking all cycles of the LCG and according to Theorem 1 it terminates and does not affect the reachability of α in l.
2: Then all nodes of V state and (resp. solution) with no (resp. missing) outgoing edges are removed. Such nodes cannot be part of a trajectory leading to initial state α and thus this operation does not affect the reachability of α in l. The internal for loop of this operation iterates over V state which is finite. To continue looping, it requires one state deletion thus this operation will terminate atleast when V state becomes ∅.
Conclusion 1: ASP Reach(l, k) = False only if t a trajectory in l from α to v ∈ V solution .
Conclusion 2: the call ASPReach(l,k) terminates. Conclusion 3: After this pre-processing, pseudo reachability is checked and according to [27], it terminates and is correct. It is the only possibility for ASPReach to output False.
Conclusion 4: Stochastic search follows by randomly reducing each OR gate of l to one of its edges to form l . This operation is run a finite time k and iterates over V state which is finite and thus it terminates. This operation does not create new edges, i.e. E ⊆ E. ASP solve(l ) generates all possible trajectories of l leading to α. The number of possible trajectory is finite and thus ASP solve(l ) terminates.
Furthermore when ASP solve(l ) = (True, t), t is a trajectory of l proving reachability of α in l and it is the only possibility for ASPReach to output True.
Conclusion 3: ASP Reach(l, k) = (True, t) only if ∃t a trajectory in l from α to v ∈ V solution .
Theorem 6 (ASPReach complexity). Let l = (V state , V solution , E) be an LCG with initial state α and k > 0 be an integer. Let s = |V solution | be the number of target state of l. Let v = |V state | be the number of vertices of l. Let e = |E| be the number of edges of l. The complexity of ASP Reach(l, k) is O(v + s + e + (v + s)/2 × v × e × s + v 2 × e + v × e + k × (v × e 2 + 2 v )) which is bound by O(k × 2 v ).
Proof. 1: computing SCC(l) has a complexity of O(v + s + e). In worst case |SCC(l)| = (v + s)/2 and breaking one cycle of SCC(l) is O(v × e × s), thus complexity of removing cycle is op1 = O(v + e + s + (v + s)/2 × v × e × s) 2: To remove useless nodes ASPReach iterates over all states and checking if one state has no successor in l requires to iterates over all edges. In worst case all states will be removed one by one and thus the complexity of this operation is op2 = O(v × (v + s) × e).
3: Computing pseudo reachability over l which have no loop correspond to perform a depth first search on all branch of a tree and thus bound to op3 = O((v + s) × e).
4: the stochastic search iterates atmost k times. Treating each OR gate to form l have a cost of O(v × e × e) ASP solve(l ) generates trajectories that can prove reachability of α in l . Each trajectory is a sequence where each element of |V state | appears exactly once. It correspond to the number of total order of |V state | which is 2 v . Thus ASP solve(l ) is bound by O(2 v ) and the whole stochastic search by op4 = O(k × (v × e 2 + 2 v )).