Parametric runtime verification is NP-complete and coNP-complete

Accepted Manuscript Parametric Runtime Verification is NP-complete and coNP-complete

Zhe Chen

PII: DOI: Reference:

S0020-0190(17)30033-9 http://dx.doi.org/10.1016/j.ipl.2017.02.006 IPL 5511

To appear in:

Information Processing Letters

Received date: Revised date: Accepted date:

30 November 2014 14 September 2016 20 February 2017

Please cite this article in press as: Z. Chen, Parametric Runtime Verification is NP-complete and coNP-complete, Inf. Process. Lett. (2017), http://dx.doi.org/10.1016/j.ipl.2017.02.006

This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to our customers we are providing this early version of the manuscript. The manuscript will undergo copyediting, typesetting, and review of the resulting proof before it is published in its final form. Please note that during the production process errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain.

Highlights • • • •

We solve an important open problem - the computational complexity of parametric runtime verification against regular properties. We show that parametric runtime verification of regular properties is NP-complete and coNP-complete. Our result gives a rigorous proof and a formal explanation of the inherent intractability of parametric runtime verification. We study the membership problem of existential and universal parametric languages.

Parametric Runtime Verification is NP-complete and coNP-complete Zhe Chen College of Computer Science and Technology Nanjing University of Aeronautics and Astronautics 29 Jiangjun Avenue, 211106 Nanjing, Jiangsu, China Email: [email protected]

Abstract In this article, we solve an important open problem - the computational complexity of parametric runtime verification against regular properties. To achieve this, we first formulate the membership problem of existential and universal parametric languages, then show that the membership problem of existential parametric regular languages is NP-complete, and the membership problem of universal parametric regular languages is coNP-complete. These computational complexity results show that parametric runtime verification of regular properties is NP-complete and coNP-complete. This gives a rigorous proof and a formal explanation of the inherent intractability of parametric runtime verification, which has been shown by the empirical experiments in the literature. In this sense, our work has moved one significant step on the theoretical aspect of runtime monitoring and verification. Keywords: runtime monitoring, runtime verification, complexity, regular languages, membership problems, parametric words 1. Introduction Recently, parametric runtime verification has received great attentions from the software verification community [1][2]. For example, runtime verification tools such as Movec [1], Tracematches [3][4] and JavaMOP [5][6] can analyze the parametric actions and execution traces of a program against non-parametric properties. As an example of parametric runtime verification, suppose a Java program that can perform parametric actions update, create and next on a Preprint submitted to IPL

February 28, 2017

collection object c1 and two iterator objects i1 , i2 . A parametric trace is a sequence of parametric actions in an execution trace of a program, e.g., createc1 i1  nexti1  updatec1  createc1 i2  nexti2  updatec1  nexti2  is a parametric trace. Then we specify the property that, there should not exist a parameter instance of c, i such that, “some collections are updated while accessed through iterators”. This property can be formalized as a regular expression E = update∗ create next∗ update+ next as well as the language L(E), and matching the expression means violation of the property. Parametric runtime verification aims at checking the correctness of these parametric program traces against these non-parametric properties, i.e., whether some or all of the corresponding subsequences of an execution trace with respect to the possible instances of parameters satisfy a property. In our example, the trace slice of parameter instance c1 , i1 , say create next update update, does not match the expression, whereas the trace slice of c1 , i2 , say update create next update next, matches it. Thus the parametric trace violates the property. More realistic examples of monitoring Java or C programs can be found in [5][1]. However, the inherent computational complexity of runtime verification still remains an open question, although there are many available implementations and empirical studies in the literature. Let us consider runtime verification of non-parametric traces against regular properties in the theoretical aspect, we specify a property as a language L, and check whether an execution trace w satisfies the property L by deciding the membership problem w ∈ L. Thus its complexity is equivalent to the complexity of the membership problem of regular languages. However, for runtime verification of parametric traces, the complexity question is more complex and still open, due to the lack of an appropriate underlining theory. In this article, we will prove that the computational complexity of parametric runtime verification of regular properties is NP-complete and coNPcomplete, by formulating and studying the membership problems of existential and universal parametric regular languages, which will be shown to be NP-complete and coNP-complete, respectively. To the best of our knowledge, we are the first to study the inherent computational complexity of parametric runtime monitoring and verification. The computational complexity result shows that, parametric runtime verification may be intractable in practice due to the potentially huge and even unlimited number of parameter instances. It is challenging to correctly and efficiently monitor a regular property for different parameter instances, especially when 2

the parametric word is long and the number of parameter instances is large. In this sense, our work has moved one significant step on the theoretical aspect of runtime monitoring and verification. This article is organized as follows. In Section 2, we recall the preliminaries about partial functions. In Section 3, we formally define parametric words and parametric languages, and highlight two special classes of parametric languages that are constructed from ordinary non-parametric languages in an existential or universal manner. We formulate the membership problem of parametric languages, and highlight the membership problems of the two special classes of parametric languages. In Section 4, we study parametric regular languages and the computational complexity of their membership problems. We discuss related work and conclude in Section 5. 2. Preliminaries In this section we recall some basic notions of partial functions, parametric words [6] and finite automata [7]. 2.1. Partial Functions Definition 1. Let X, V be two sets, and [X  V ] be the set of partial functions from X to V . Let θ ∈ [X  V ] be a partial function, the domain of θ is the set Dom(θ) = {x ∈ X | θ(x) is defined}. Let ⊥ ∈ [X  V ] be the partial function such that Dom(⊥) = ∅, i.e., θ(x) is undefined for each x ∈ X.  In words, a partial function is an information carrier. If a partial function θ is defined on an element x, then θ carries the information θ(x) about x ∈ X. Definition 2. Let θ, θ ∈ [X  V ] be two partial functions, then: 1. θ and θ are compatible, if and only if θ(x) = θ (x) for any x ∈ Dom(θ)∩ Dom(θ ). 2. θ is less informative than θ , denoted θ  θ , if and only if Dom(θ) ⊆ Dom(θ ) and θ(x) = θ (x) for any x ∈ Dom(θ). 3. θ is strictly less informative than θ , denoted θ  θ , if and only if θ  θ and θ = θ . 

3

2.2. Parametric Words Definition 3 (Parametric symbols and words). Let Σ be a finite alphabet, X be a finite set of parameters and V be a finite set of parameter values. We denote the parametric alphabet by ΣX, i.e., a set of parametric symbols aθ, where a ∈ Σ is a base symbol and θ is a partial function (i.e., parameter instance) in [X  V ]. We say that aDom(θ) is the prototype of the parametric symbol. A parametric word w is a finite sequence of parametric symbols from ΣX, i.e., w ∈ ΣX∗ .  Definition 4 (Parametric word slicing). Let w ∈ ΣX∗ be a parametric word and θ ∈ [X  V ] be a partial function, the θ-word slice w θ is a non-parametric word in Σ∗ defined as: • θ = , where  is the empty word, and  (wθ )a when θ  θ  • (waθ )θ = when θ 

θ wθ



In words, the word slicing operation w θ filters out all the parametric symbols that are not relevant for the partial function θ, and the remaining symbols are relevant. Note that word slices are non-parametric, since the parameters are only used to select relevant symbols for parameter instances. 2.3. Finite Automata and Regular Languages Definition 5. A nondeterministic finite automaton (NFA) is a tuple A = (Q, Σ, δ, q0 , F ), where Q is a finite set of states, Σ is a finite input alphabet, δ is a transition function mapping Q × Σ → 2Q , q0 ∈ Q is the initial state, and F ⊆ Q is a set of accepting states. A deterministic finite automaton (DFA) is a tuple A = (Q, Σ, δ, q0 , F ), where Q, Σ, q0 , F are as for NFAs, and δ is a transition function mapping Q×Σ → Q. Note that a sink state is counted for DFAs, since their transition functions are total.  Definition 6. An alternating finite automaton (AFA) is a tuple A = (Q, Σ, δ, q0 , F ), where Q, Σ, q0 , F are as for NFAs, and δ is a transition function mapQ ping Q × Σ → {0, 1}{0,1} . Here we identify the logical values false and true with 0 and 1 and write {0, 1}Q for the set of finite functions from Q Q into {0, 1}, and {0, 1}{0,1} for the set of Boolean formulae mapping {0, 1}Q into {0, 1}.  4

Recall that regular languages are the languages that can be accepted by NFAs, DFAs or AFAs [7]. Therefore, without loss of generality, in this article, we will consider the regular languages given by NFAs, DFAs or AFAs. 3. Parametric Languages and the Membership Problem In this section, we introduce parametric languages and formulate the membership problem of parametric languages by extending the classic membership problem. In general, a parametric language is a set of parametric words. In this article, we are only interested in the following ones that have some relationships with non-parametric languages. Definition 7 (Parametric languages). Let Σ be a finite alphabet, X be a finite set of parameters and V be a finite set of parameter values. A parametric language is a set of parametric words from ΣX∗ . Let L ⊆ Σ∗ be a non-parametric language, we consider the two following classes of parametric languages that are constructed from L. • ∃X.L is an existential parametric language that contains the parametric words that, for some partial function θ ∈ [X  V ], the θ-word slice wθ is in L, i.e., ∃X.L = {w ∈ ΣX∗ | ∃θ ∈ [X  V ], wθ ∈ L} • ∀X.L is a universal parametric language that contains the parametric words that, for each partial function θ ∈ [X  V ], the θ-word slice wθ is in L, i.e., ∀X.L = {w ∈ ΣX∗ | ∀θ ∈ [X  V ], wθ ∈ L} 

We say L is a base language.

A parametric language is of the type L, if and only if it has a base language of the type L. For example, if L is a regular language, then ∃X.L and ∀X.L are parametric regular languages, and more specifically, they are existential parametric regular language and universal parametric regular language, respectively. In the classic theory of formal languages, the membership problem is to decide whether a word w ∈ Σ∗ is in a language L ⊆ Σ∗ , i.e., w ∈ L. 5

A similar membership problem is to decide whether the θ-word slice of a parametric word w ∈ ΣX∗ is in a language L ⊆ Σ∗ , i.e., wθ ∈ L, since each word slice is also a non-parametric word in Σ∗ . However, when we consider the membership problem of deciding whether a complete parametric word, instead of its word slices, is in a language L ⊆ Σ∗ , we must redefine the membership problem by taking into account parameter instances. In general, the membership problem of parametric languages is to decide whether a parametric word is in a parametric language. In this article, we are only interested in the membership problem of the two classes of parametric languages ∃X.L and ∀X.L. If the base language is fixed, we define the following fixed membership problem. Definition 8 (The fixed membership problem of existential and universal parametric languages). Fix a language L ⊆ Σ∗ . Given a parametric word w ∈ ΣX∗ , the fixed membership problem of the parametric languages ∃X.L and ∀X.L is to decide whether w ∈ ∃X.L and w ∈ ∀X.L, respectively.  A natural generalization is the general membership problem as follows. Definition 9 (The general membership problem of existential and universal parametric languages). Given a language L ⊆ Σ∗ and a parametric word w ∈ ΣX∗ , the general membership problem of the parametric languages ∃X.L and ∀X.L is to decide whether w ∈ ∃X.L and w ∈ ∀X.L, respectively.  We can formulate the necessary and sufficient conditions of membership as follows. Definition 10 (Conditions of membership). Let L ⊆ Σ∗ be a language and w ∈ ΣX∗ be a parametric word, w ∈ ∃X.L if and only if wθ ∈ L for some partial function θ ∈ [X  V ], and w ∈ ∀X.L if and only if wθ ∈ L for each partial function θ ∈ [X  V ].  By the above definition, it is easy to infer the following theorem. This theorem shows that the membership problem of existential parametric languages and the complement of the membership problem of universal parametric languages can be reduced to each other. ¯ where L ¯ = Σ∗ − L. Theorem 11. w ∈ ∃X.L if and only if not w ∈ ∀X.L,

6

4. Computational Complexity of the Membership Problem In this section, we study the computational complexity of the membership problem of parametric regular languages, whose base languages are specified by NFAs, DFAs or AFAs. Let us first consider the computational complexity of the general and fixed membership problems of existential parametric regular languages. Lemma 12. The general and fixed membership problems of existential parametric regular languages are both in NP. Proof. Let L ⊆ Σ∗ be an arbitrary non-parametric regular language specified by an automaton A, and w = a1 θ1  · · · am θm  ∈ ΣX∗ be an arbitrary parametric word. The input is (A, w) for the general problem and w for the fixed problem, where the size of input is n. Recall that w ∈ ∃X.L iff there is a parameter instance θ such that wθ ∈ L. Based on this characterization, we can obtain a nondeterministic decision procedure for the membership problem as follows. At first, the procedure nondeterministically guesses a parameter instance θ ∈ [X  V ]. That is, for each parameter that appears in w, the procedure guesses a value from V or designates the value “undefined”. This step needs O(n2 ) time, and the size of θ is O(n). Then the procedure obtains the θ-word slice of w. That is, it traverses each parametric symbol ai θi  of w from left to right (1 ≤ i ≤ m), if θi is less informative than θ, i.e., θi  θ, then ai is appended to an initially empty word w . Finally, w stores wθ . This step needs O(n2 ) time, and the size of wθ is O(n). Finally, the procedure checks whether the obtained θ-word slice w θ is in L. Note that this is the membership problem of non-parametric regular languages. It is well known that the general membership problem is Lcomplete for DFAs, NL-complete for NFAs and P-complete for AFAs, and the fixed membership problem of regular languages is NC1 -complete [8], thus this step needs at most polynomial time (recall that NC1 ⊆ L ⊆ NL ⊆ P, see [9]). Obviously, all the above steps have been done in NP. This concludes our proof.  Now we show the NP-hardness of the membership problems by a reduction from the well known NP-complete problem 3SAT [9].

7

Lemma 13. The general and fixed membership problems of existential parametric regular languages are both NP-hard. Proof. Let P = {p1 , ..., pn } be a set of propositional variables, and C = c1 ∧ · · · ∧ cm be an instance of 3SAT, where every 3-clause ci in C is of the form ci = li1 ∨ li2 ∨ li3 , where all the lij in ci are literals, i.e., propositional variables from P or negated propositional variables. We encode the formula C into a parametric word h(C) as follows. Let Σ = ¯ F, ¯ ∧} be a finite alphabet, X = P be a finite set of parameters and {T, F, T, V = {T, F} be a finite set of parameter values (in fact, implicitly indicating the logical values true and false of the propositional variables). We define an encoding function h as follows: • h(C) = h(c1 ) ∧ · · · ∧ h(cm ), for a formula C = c1 ∧ · · · ∧ cm of 3SAT. • h(ci ) = h(li1 ) h(li2 ) h(li3 ), for a 3-clause ci = li1 ∨ li2 ∨ li3 in C.  Tp → TFp → F, if lij is of the form p • h(lij ) = ¯ ¯ → F, if lij is of the form ¬p Tp → TFp Note that h(lij ) encodes the literal lij into two consecutive parametric symbols whose parameter instances are incompatible. In semantics, they implicitly correspond to the valuations of p to true and false, respectively. Then h(ci ) encodes the 3-clause ci into 6 consecutive parametric symbols, and h(C) encodes the formula C of 3SAT into a parametric word in ΣX∗ . Note that the encodings of the 3-clauses in h(C) are separated by ∧⊥ (we write ∧ for short). Then we specify a language L that describes all situations making a 3clause true. For example, consider a 3-clause c = l1 ∨ l2 ∨ l3 where l1 , l2 , l3 are literals containing the propositional variables p1 , p2 , p3 respectively. After F encoding, we get a parametric word h(c) of the form aT 1 p1 → Ta1 p1 → F F T F T aT 2 p2 → Ta2 p2 → F a3 p3 → Ta3 p3 → F where every ai belongs to F ¯ ⊆ Σ. Note that, ¯ ⊆ Σ and every a belongs to the set {F, F} the set {T, T} i the 6 parameter instances mapping the variables pi (i=1,2,3) to T or F correspond to valuating the propositional variables by true or false, respectively, while their base symbols correspond to the values of the literals under these valuations. Thus a complete parameter instance, including all the propositional variables in P , corresponds to a valuation of P . Furthermore, since F the parameter instances of aT i pi → T and ai pi → F are incompatible, we 8

F can infer that, for any parameter instance θ, the symbols aT i and ai never appear together in the θ-word slice h(c)θ . Thus, if there exists a parameter ¯ F} ¯ and there instance θ such that h(c)θ = a1 a2 a3 where a1 , a2 , a3 ∈ {T, F, T, ¯ then the corresponding valuation makes the 3-clause is an i with ai ∈ {T, F}, c true. For this reason, we define

¯ F} ¯ and ∃i, 1 ≤ i ≤ 3, with ai ∈ {T, F}.} ¯ L = {a1 a2 a3 | a1 , a2 , a3 ∈ {T, F, T, To make a conjunction of 3-clauses true, we must make every conjunct true. Consequently, we define our existential parametric language as ∃X.(L∧)∗ L, where (L∧)∗ L is a language consisting of strings that connect words from L by ¯ F} ¯ using the symbol ∧. Since the length of each word in L is 3 and {T, F, T, is a finite set, we can infer that L is a finite language, as well as a regular language. Hence, (L∧)∗ L is also a regular language, and ∃X.(L∧)∗ L is an existential parametric regular language. It is easy to see that the following equivalence holds: C is satisfiable if and only if h(C) ∈ ∃X.(L∧)∗ L. Obviously, the reduction h(C) can be computed in constant space (in fact, no additional space) besides the space for input and output, and the language (L∧)∗ L can be constructed in constant time and constant space, since it does not depend on the input. Furthermore, note that whether the language (L∧)∗ L is fixed or considered as a part of the input does not affect our complexity results. Thus, we have shown that the 3SAT problem can be reduced to both of the general and fixed membership problems. Since the 3SAT problem is NP-complete, this shows that the membership problems are NP-hard.  In conclusion, we have the following theorem by the two above lemmas. Theorem 14. The general and fixed membership problems of existential parametric regular languages are both NP-complete.  Now let us consider the computational complexity of the general and fixed membership problems of universal parametric regular languages. ¯ by Theorem 11, where L ¯= Recall that we have w ∈ ∀X.L iff not w ∈ ∃X.L ∗ Σ − L. Thus we would expect that the membership problems of universal parametric regular languages are coNP-complete. However, the results are not so straight forward by noting the complement operation on L, i.e., the ¯ is missing. reduction from L to L For the fixed membership problem, i.e., if the base language L is assumed ¯ is trivial, i.e., constant time in to be fixed, then the reduction from L to L the length of w. Thus, we obtain the following corollary to Theorem 14. 9

Corollary 15. The fixed membership problem of universal parametric regular languages is coNP-complete.  For the general membership problem, if the base language L is specified ¯ is linear. Thus, we obtain the by a DFA, then the reduction from L to L following corollary. Corollary 16. Assume that the base language is given by a DFA. Then, the general membership problem of universal parametric regular languages is coNP-complete.  However, if the base language L is specified by an NFA or an AFA, then these reductions are not polynomial since they involve the potentially exponential construction of the complement automaton for an NFA or an AFA. Thus we have to develop another proof. Let us consider the complements of the general and fixed membership problems of universal parametric regular languages, i.e., whether w ∈ ∀X.L for a language L and a parametric word w. Note that w ∈ ∀X.L iff not w ∈ ∀X.L, where ∀X.L = ΣX∗ − ∀X.L and the universe ΣX∗ is a trivial to recognize set. Therefore, we will first show the complements of the membership problems are NP-complete, then it follows immediately that the membership problems are coNP-complete. Lemma 17. The complements of the general and fixed membership problems of universal parametric regular languages are both in NP. Proof. The proof is similar to that of Lemma 12. The first two steps are exactly the same as the decision procedure in the proof of Lemma 12. But in the last step, the procedure checks whether the obtained θ-word slice w θ is NOT in L. Note that this is the complement of the membership problem of non-parametric regular languages. It is well known that the general membership problem is L-complete for DFAs, NL-complete for NFAs and P-complete for AFAs, and the fixed membership problem of regular languages is NC1 -complete [8], as well as their complements since these classes are closed under complement. Thus this step needs at most polynomial time (recall that NC1 ⊆ L ⊆ NL ⊆ P, see [9]). Obviously, all the above steps have been done in NP. This concludes our proof.  Now we show the NP-hardness of the complements of the membership problems by a reduction from the well known NP-complete problem 3SAT [9]. 10

Lemma 18. The complements of the general and fixed membership problems of universal parametric regular languages are both NP-hard. Proof. The proof reuses that of Lemma 13. We also encode the formula C into a parametric word h(C) using the same encoding function h. Then we define the following languages: ¯ F} ¯ and there is an i, 1 ≤ i ≤ 3, • LTc = {a1 a2 a3 | a1 , a2 , a3 ∈ {T, F, T, ¯ with ai ∈ {T, F}.} is a finite language that describes all situations making a 3-clause true. ¯ is a finite language that describes • LFc = {a1 a2 a3 | a1 , a2 , a3 ∈ {F, T}} all situations making a 3-clause false. • Lcc = LTc ∪ LFc is a finite language that describes all complete 3-clauses, each of which may be true or false. The term “complete” means containing the encodings of all three literals. ¯ F}∪{a ¯ ¯ ¯ • Lic = {}∪{T, F, T, 1 a2 | a1 , a2 ∈ {T, F, T, F}} is a finite language that describes all incomplete 3-clauses. That is, some encodings of the three literals are missing, and only 0, 1 or 2 literals are included in a 3-clause. • Lc = Lcc ∪ Lic is a finite language that describes all complete or incomplete 3-clauses. Note that, for any parameter instance θ, the θ-word slice h(ci )θ must be in Lc . • LFf = (Lcc ∧)∗ LFc (∧Lcc )∗ is a regular language that describes all situations making the formula C false. • Lif = (Lc ∧)∗ Lic (∧Lc )∗ is a regular language that describes all incomplete formulae. That is, some encodings of the 3-clauses are incomplete. To make a conjunction of 3-clauses false, we must make at least one conjunct false. Consequently, we define our universal parametric language as ∀X.L, where L = LFf ∪ Lif . Since LTc , LFc , Lcc , Lic , Lc are all finite languages, we can infer that LFf and Lif are regular languages. Hence, L = LFf ∪ Lif is also a regular language, and ∀X.L is a universal parametric regular language. It is easy to see that the following equivalence holds: C is satisfiable if and only if h(C) ∈ ∀X.L. Obviously, the reduction h(C) can be computed in constant space (in fact, no additional space) besides the space for input 11

and output, and the language L can be constructed in constant time and constant space, since it does not depend on the input. Furthermore, note that whether the language L is fixed or considered as a part of the input does not affect our complexity results. Thus, we have shown that the 3SAT problem can be reduced to both of the complements of the general and fixed membership problems. Since the 3SAT problem is NP-complete, this shows that the complements of the membership problems are NP-hard.  In conclusion, we have the following theorem by the two above lemmas. Theorem 19. The complements of the general and fixed membership problems of universal parametric regular languages are both NP-complete.  Then we immediately have the following theorem. Note that this result is also consistent with our previous corollaries, but it does not have any constraint on how the base language should be specified. Theorem 20. The general and fixed membership problems of universal parametric regular languages are both coNP-complete.  5. Related Work and Conclusion This work was largely motivated by the research of runtime monitoring and verification [2]. There are numerous runtime monitoring and verification tools for the analysis of parametric traces, such as Movec [1], Tracematches [3][4] and JavaMOP [5][6]. To use these tools for runtime monitoring and verification of a program, the user usually first defines some concerned parametric actions of the program, such as function calls and invocations with formal parameters. When running the program, a parametric execution trace, i.e., a sequence of concerned parametric actions with parameter instances, is automatically extracted from the execution. The user also needs to specify a property (e.g., using regular expressions or finite automata). The tools can automatically check whether the parametric trace satisfies the property with respect to some or all of the possible parameter instances. Empirical experiments show that parametric runtime verification may be intractable in practice due to the potentially huge and even unlimited number of parameter instances [3][5]. It is challenging to correctly and efficiently monitor a regular property for different parameter instances, especially when the parametric word is long and the number of parameter instances is large. Our theory provides a theoretical foundation for parametric runtime monitoring and verification. Indeed, we may model the concerned parametric 12

actions of a program as a set of parametric symbols, and model the parametric execution traces as parametric words. In this case, runtime verification is equivalent to deciding the membership problem of parametric languages that are constructed from ordinary non-parametric languages (specified by properties) in an existential or universal manner. In particular, checking whether a parametric trace matches a property is exactly the membership problem of existential parametric languages, whereas checking whether a parametric trace always adheres to a property is exactly the membership problem of universal parametric languages. The concept of parameters could also be used in other ways. For example, Liu et al. [10] addressed the problem whether a graph matches a parametric regular path query (or simply, a pattern), i.e., a regular expression whose terminals have parameters, and these parameters could be variables, whereas we are addressing the problem whether the slices of a parametric word match a regular expression whose terminals do not have parameters or variables. Liu et al. proposed the algorithms for solving parametric regular path queries, and analyzed the complexity of the algorithms. However, they did not study the inherent computational complexity of the problem itself, i.e., the complexity class that the problem belongs to. As a future work, we may consider how to extend our results to these cases. There are many works that discuss the complexity issues of other verification problems. For example, Kurshan [11] proved that the complexity of automata-theoretic verification using model checking is PSPACE-complete. Esparza and Ganty [12] proved that, although unrestricted verification is undecidable for abstracted multithreaded programs with recursive procedures and PSPACE-complete for abstracted multithreaded while-programs, pattern-based verification is NP-complete for both classes. Esparza [13] summarized some complexity results on the automatic verification of parameterized anonymous programs, i.e., systems composed of arbitrarily many components running exactly the same finite-state program. It shows that deciding whether all components will stay safe is EXPSPACE-complete or NP-complete, depending on the used communication mechanism. In the runtime verification domain, a few complexity issues have been studied yet, as the complexity of verifying non-parametric execution traces is obvious. Bonakdarpour et al. studied the instrumentation optimization problems in time-triggered runtime verification using external monitors [14] and inline monitors [15]. The first problem is deciding whether there exists a set of instrumentation points less than a given number for storing history, 13

such that any path between two instrumentation points for sampling is no less than the given sampling period [14]. The second problem is deciding whether there exists a set of instrumentation points less than a given number for sampling, such that any path between two instrumentation points is at most the given sampling period [15]. They showed that the two problems are both NP-complete. However, note that the verification process (not the instrumentation optimization) is still polynomial, because they are verifying non-parametric execution traces at runtime. To the best of our knowledge, we are the first to study the inherent computational complexity of runtime monitoring and verification of parametric traces. The computational complexity results show that parametric runtime verification of regular properties is NP-complete and coNP-complete, since it is equivalent to the membership problems of existential and universal parametric regular languages. This means, there is no polynomial algorithm for parametric runtime verification of regular properties, unless P=NP holds. We believe that this is a rigorous proof and a formal explanation of the inherent intractability of parametric runtime verification, which has been shown by the empirical experiments in the literature. In this sense, our work has moved one significant step on the theoretical aspect of runtime monitoring and verification. Besides, our results may also inspire researchers to apply well-studied approaches for solving classic NP-complete problems to implement parametric runtime verification tools, since it can also be reduced to classic NP-complete problems in theory. Acknowledgement This work was supported by the Fundamental Research Funds for the Central Universities (NS2016092). We would like to thank the anonymous referees for their constructive comments, which have improved the quality of this article. References [1] Z. Chen, Z. Wang, Y. Zhu, H. Xi, Z. Yang, Parametric runtime verification of C programs, in: Proceedings of the 22nd International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2016), volume 9636 of Lecture Notes in Computer Science, Springer, 2016, pp. 299–315. 14

[2] M. Leucker, C. Schallhart, A brief account of runtime verification, Journal of Logic and Algebraic Programming 78 (2009) 293–303. [3] C. Allan, P. Avgustinov, A. S. Christensen, L. J. Hendren, S. Kuzins, O. Lhot´ak, O. de Moor, D. Sereni, G. Sittampalam, J. Tibble, Adding trace matching with free variables to AspectJ, in: R. E. Johnson, R. P. Gabriel (Eds.), Proceedings of the 20th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2005), ACM, 2005, pp. 345–364. [4] P. Avgustinov, J. Tibble, O. de Moor, Making trace monitors feasible, in: R. P. Gabriel, D. F. Bacon, C. V. Lopes, J. Guy L. Steele (Eds.), Proceedings of the 22nd Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2007), ACM, 2007, pp. 589–608. [5] F. Chen, G. Rosu, MOP: an efficient and generic runtime verification framework, in: Proceedings of the 22nd Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2007), ACM, 2007, pp. 569–588. [6] G. Rosu, F. Chen, Semantics and algorithms for parametric monitoring, Logical Methods in Computer Science 8 (2012) 1–47. [7] J. E. Hopcroft, J. D. Ullman, Introduction to Automata Theory, Languages, and Computation, Addison-Wesley, Reading MA, 1979. [8] M. Holzer, M. Kutrib, Descriptional and computational complexity of finite automata - a survey, Information and Computation 209 (2011) 456–470. [9] C. H. Papadimitriou, Computational Complexity, Addison-Wesley, Reading MA, 1994. [10] Y. A. Liu, T. Rothamel, F. Yu, S. D. Stoller, N. Hu, Parametric regular path queries, in: W. Pugh, C. Chambers (Eds.), Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2004), ACM, 2004, pp. 219–230.

15

[11] R. P. Kurshan, The complexity of verification, in: F. T. Leighton, M. T. Goodrich (Eds.), Proceedings of the 26th Annual ACM Symposium on Theory of Computing, ACM, 1994, pp. 365–371. [12] J. Esparza, P. Ganty, Complexity of pattern-based verification for multithreaded programs, in: T. Ball, M. Sagiv (Eds.), Proceedings of the 38th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2011, ACM, 2011, pp. 499–510. [13] J. Esparza, Keeping a crowd safe: On the complexity of parameterized verification, in: E. W. Mayr, N. Portier (Eds.), Proceedings of the 31st International Symposium on Theoretical Aspects of Computer Science (STACS 2014), volume 25 of LIPIcs, Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 2014, pp. 1–10. [14] B. Bonakdarpour, S. Navabpour, S. Fischmeister, Sampling-based runtime verification, in: M. J. Butler, W. Schulte (Eds.), Proceedings of the 17th International Symposium on Formal Methods, FM 2011, volume 6664 of Lecture Notes in Computer Science, Springer, 2011, pp. 88–102. [15] B. Bonakdarpour, J. J. Thomas, S. Fischmeister, Time-triggered program self-monitoring, in: Proceedings of the 2012 IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2012, IEEE Computer Society, 2012, pp. 260–269.

16