## Avoiding determinization (2006)

Venue: | In Proc. 21st IEEE Symp. on Logic in Computer Science |

Citations: | 6 - 2 self |

### BibTeX

@INPROCEEDINGS{Kupferman06avoidingdeterminization,

author = {Orna Kupferman},

title = {Avoiding determinization},

booktitle = {In Proc. 21st IEEE Symp. on Logic in Computer Science},

year = {2006}

}

### OpenURL

### Abstract

Automata on infinite objects are extensively used in system specification, verification, and synthesis. While some applications of the automata-theoretic approach have been well accepted by the industry, some have not yet been reduced to practice. Applications that involve determinization of automata on infinite words have been doomed to belong to the second category. This has to do with the intricacy of Safra’s optimal determinization construction, the fact that the state space that results from determinization is awfully complex and is not amenable to optimizations and a symbolic implementation, and the fact that determinization requires the introduction of acceptance conditions that are more complex than the Büchi acceptance condition. Examples of applications that involve determinization and belong to the unfortunate second category include model checking of ω-regular properties, decidability of branching temporal logics, and synthesis and control of open systems. We offer an alternative to the standard automatatheoretic approach. The crux of our approach is avoiding determinization. Our approach goes instead via universal co-Büchi automata. Like nondeterministic automata, universal automata may have several runs on every input. Here, however, an input is accepted if all of the runs are accepting. We show how the use of universal automata simplifies significantly known complementation constructions for automata on infinite words, known decision procedures for branching temporal logics, known synthesis algorithms, and other applications that are now based on determinization. Our algorithms are less difficult to implement and have practical advantages like being amenable to optimizations and a symbolic implementation.

### Citations

811 |
Design and Validation of Computer Protocols
- Holzmann
- 1990
(Show Context)
Citation Context ...s are typically required to specify the property by deterministic Büchi automata (it is easy to complement a deterministic automaton [26]), or to supply the automaton for the negation of the property =-=[16]-=-. Similarly, specification formalisms like ETL [53], which have automata within the logic, involve complementation of automata, and the difficulty of complementing Büchi automata is an obstacle to pra... |

621 |
An automata-theoretic approach to automatic program verification
- Vardi, Wolper
- 1986
(Show Context)
Citation Context ...e key to the solution of several fundamental decision problems in mathematics and logic [47]. Today, automata on infinite objects are used for specification and verification of nonterminating systems =-=[49, 27, 51]-=-. The automata-theoretic approach separates the logical and the combinatorial aspects of reasoning about systems. The translation of specifications to automata handles the logic and shifts all the com... |

506 |
Automata on infinite objects
- Thomas
- 1990
(Show Context)
Citation Context ...mework has proved to be very powerful. Automata, and their tight relation to second-order monadic logics were the key to the solution of several fundamental decision problems in mathematics and logic =-=[47]-=-. Today, automata on infinite objects are used for specification and verification of nonterminating systems [49, 27, 51]. The automata-theoretic approach separates the logical and the combinatorial as... |

361 |
On a decision method in restricted second order arithmetic
- Büchi
- 1960
(Show Context)
Citation Context ...ts were first introduced in the 60’s. Motivated by decision problems in mathematics and logic, Büchi, McNaughton, and Rabin developed a framework for reasoning about infinite words and infinite trees =-=[4, 28, 36]-=-. The framework has proved to be very powerful. Automata, and their tight relation to second-order monadic logics were the key to the solution of several fundamental decision problems in mathematics a... |

357 |
On the synthesis of a reactive module
- Pnueli, Rosner
- 1989
(Show Context)
Citation Context ...utomata on infinite words that are associated with linear requirements in the formula. More progress was attained by improved algorithms for the nonemptiness problem of nondeterministic tree automata =-=[8, 35]-=-. The introduction of alternating automata on infinite trees [9, 31] simplified this approach further. In the now standard approach for checking whether a formula ψ is satisfiable, one constructs an a... |

326 |
Results on the Propositional µ-calculus
- Kozen
- 1983
(Show Context)
Citation Context ...s has been established by demonstrating an effective reduction to SnS, this approach was no longer appealing when decidability became of practical interest in areas such as formal verification and AI =-=[12, 19]-=-. This is when the original automatatheoretic idea was revived: by going from various logics to automata directly, decision procedures of elementary complexity were obtained for many logics, e.g., [44... |

314 | An automata-theoretic approach to branchingtime model checking - Kupferman, Vardi, et al. |

264 | Reasoning about infinite computations
- Vardi, Wolper
- 1994
(Show Context)
Citation Context ...e key to the solution of several fundamental decision problems in mathematics and logic [47]. Today, automata on infinite objects are used for specification and verification of nonterminating systems =-=[49, 27, 51]-=-. The automata-theoretic approach separates the logical and the combinatorial aspects of reasoning about systems. The translation of specifications to automata handles the logic and shifts all the com... |

258 |
Trace Theory for Automatic Hierarchical Verification of Speed-Independent Circuits. ACM Distinguished Dissertations
- Dill
- 1988
(Show Context)
Citation Context ...tation of it.slinear specifications. When a system is reactive, it interacts with the environment, and a correct system should satisfy the specification with respect to all environments. As argued in =-=[1, 6, 35]-=-, the right way to approach synthesis of reactive systems is to consider the situation as a (possibly infinite) game between the environment and the system. A correct system can be then viewed as a wi... |

210 |
Temporal Logic Can Be More Expressive
- Wolper
- 1983
(Show Context)
Citation Context ... deterministic Büchi automata (it is easy to complement a deterministic automaton [26]), or to supply the automaton for the negation of the property [16]. Similarly, specification formalisms like ETL =-=[53]-=-, which have automata within the logic, involve complementation of automata, and the difficulty of complementing Büchi automata is an obstacle to practical use [3]. In fact, even when the properties a... |

209 |
Automata-Theoretic Techniques in Modal Logics of Programs
- Vardi, Wolper
- 1986
(Show Context)
Citation Context ...19]. This is when the original automatatheoretic idea was revived: by going from various logics to automata directly, decision procedures of elementary complexity were obtained for many logics, e.g., =-=[44, 45, 50]-=-. By the mid 1980s, the focus was on using automata to obtain tighter upper bounds. Safra’s optimal determinization construction has led to a breakthrough progress also in the branching setting. Indee... |

156 |
The Complexity of Tree Automata and Logics of Programs
- Emerson, Jutla
- 1988
(Show Context)
Citation Context ...utomata on infinite words that are associated with linear requirements in the formula. More progress was attained by improved algorithms for the nonemptiness problem of nondeterministic tree automata =-=[8, 35]-=-. The introduction of alternating automata on infinite trees [9, 31] simplified this approach further. In the now standard approach for checking whether a formula ψ is satisfiable, one constructs an a... |

136 |
The complementation problem for Büchi automata with applications to temporal logic
- Sistla, Vardi, et al.
- 1987
(Show Context)
Citation Context ...practical interest in formal verification, and complexity-theoretic considerations started to play a greater role, the problem was re-examined and a construction with 2 O(n2 ) states was suggested in =-=[42]-=-. Only in [40], however, Safra introduced an optimal deO(n log n) terminization construction, which also enabled a 2 complementation construction, matching the known lower bound [30]. Safra’s determin... |

134 | Reasoning about the past with two-way automata
- Vardi
- 1998
(Show Context)
Citation Context ...t the language of Aψ is nonempty. While the above approach yielded significantly improved upper bounds (in some cases reducing the upper time bound from octuply exponential [45] to singly exponential =-=[48]-=-), it proved to be not too amenable to implementation. First, checking the nonemptiness of alternating parity tree automata requires their translation to nondeterministic parity tree automata. Such re... |

122 | Decidability of second order theories and automata on infinite trees - Rabin - 1969 |

111 |
On the complexity of ω-automata
- Safra
- 1988
(Show Context)
Citation Context ...rest in formal verification, and complexity-theoretic considerations started to play a greater role, the problem was re-examined and a construction with 2 O(n2 ) states was suggested in [42]. Only in =-=[40]-=-, however, Safra introduced an optimal deO(n log n) terminization construction, which also enabled a 2 complementation construction, matching the known lower bound [30]. Safra’s determinization constr... |

110 | Efficient Büchi automata from LTL Formulae
- Somenzi, Bloem
- 2000
(Show Context)
Citation Context ... to practical use [3]. In fact, even when the properties are specified in LTL, complementation is useful: the translators from LTL into automata have reached a remarkable level of sophistication (cf. =-=[43, 11]-=-). Even though complementation of the automata is not explicitly required, the translations are so involved that it is useful to checks their correctness, which involves complementation1 . Complementa... |

97 |
Testing and generating infinite sequences by a finite automaton
- McNaughton
- 1966
(Show Context)
Citation Context ...ts were first introduced in the 60’s. Motivated by decision problems in mathematics and logic, Büchi, McNaughton, and Rabin developed a framework for reasoning about infinite words and infinite trees =-=[4, 28, 36]-=-. The framework has proved to be very powerful. Automata, and their tight relation to second-order monadic logics were the key to the solution of several fundamental decision problems in mathematics a... |

92 |
Alternating automata on infinite trees
- Muller, Schupp
- 1987
(Show Context)
Citation Context ...ts in the formula. More progress was attained by improved algorithms for the nonemptiness problem of nondeterministic tree automata [8, 35]. The introduction of alternating automata on infinite trees =-=[9, 31]-=- simplified this approach further. In the now standard approach for checking whether a formula ψ is satisfiable, one constructs an alternating parity tree automaton Aψ that accepts all (or enough) tre... |

89 | Small progress measures for solving parity games
- Jurdziński
- 2000
(Show Context)
Citation Context ...ation involves determinization of word automata, and thus involves Safra’s construction 2 . Second, the best-known algorithms for nonemptiness of nondeterministic parity tree automata are exponential =-=[17]-=-. Implementing them on top of the messy state space that results from Safra’s determinization is practically impossible. As a final example, consider the synthesis problem for 2 An alternative constru... |

85 | BThe ForSpec temporal logic: A new temporal propertyspecification language,[ Tools and Algorithms for the Construction and Analysis of Systems: Int
- Armoni, Fix, et al.
(Show Context)
Citation Context ..., specification formalisms like ETL [53], which have automata within the logic, involve complementation of automata, and the difficulty of complementing Büchi automata is an obstacle to practical use =-=[3]-=-. In fact, even when the properties are specified in LTL, complementation is useful: the translators from LTL into automata have reached a remarkable level of sophistication (cf. [43, 11]). Even thoug... |

81 | Weak alternating automata are not that weak
- Kupferman, Vardi
- 1997
(Show Context)
Citation Context ...and have practical advantages like being amenable to optimizations and a symbolic implementation. ∗ The Safraless plot described in this paper is based on joint work with Moshe Y. Vardi, appearing in =-=[21, 24]-=-. † Address:School of Computer Science and Engineering, Hebrew University, Jerusalem 91904, Israel. Email: orna@cs.huji.ac.il. Supported in part by BSF grant 9800096 and by a grant from Minerva. Avoid... |

81 |
Computer Aided Verification of Coordinating Processes
- Kurshan
(Show Context)
Citation Context ...e key to the solution of several fundamental decision problems in mathematics and logic [47]. Today, automata on infinite objects are used for specification and verification of nonterminating systems =-=[49, 27, 51]-=-. The automata-theoretic approach separates the logical and the combinatorial aspects of reasoning about systems. The translation of specifications to automata handles the logic and shifts all the com... |

72 |
Tree automata, µ-calculus and determinacy
- Emerson, Jutla
- 1991
(Show Context)
Citation Context ...ts in the formula. More progress was attained by improved algorithms for the nonemptiness problem of nondeterministic tree automata [8, 35]. The introduction of alternating automata on infinite trees =-=[9, 31]-=- simplified this approach further. In the now standard approach for checking whether a formula ψ is satisfiable, one constructs an alternating parity tree automaton Aψ that accepts all (or enough) tre... |

72 |
Simulating alternating tree automata by nondeterministic automata: New results and new proofs of
- Muller, Schupp
- 1995
(Show Context)
Citation Context ...ce that results from Safra’s determinization is practically impossible. As a final example, consider the synthesis problem for 2 An alternative construction for removal of alternation is described in =-=[33]-=-. Like Safra’s construction, however, this construction is very complicated and we know of no implementation of it.slinear specifications. When a system is reactive, it interacts with the environment,... |

64 |
Automata on infinite objects and Church’s problem
- Rabin
- 1972
(Show Context)
Citation Context ...pty [35]. A finite generator of an infinite tree accepted by this automaton can be viewed as a finite-state system realizing the specification. This is closely related to the approach taken, e.g., in =-=[38]-=-, to solve Church’s solvability problem [5]. In spite of the rich theory developed for system synthesis, little of this theory has been reduced to practice. Some people argue that this is because the ... |

56 | Safraless decision procedures
- Kupferman, Vardi
- 2005
(Show Context)
Citation Context ...and have practical advantages like being amenable to optimizations and a symbolic implementation. ∗ The Safraless plot described in this paper is based on joint work with Moshe Y. Vardi, appearing in =-=[21, 24]-=-. † Address:School of Computer Science and Engineering, Hebrew University, Jerusalem 91904, Israel. Email: orna@cs.huji.ac.il. Supported in part by BSF grant 9800096 and by a grant from Minerva. Avoid... |

47 | From nondeterministic Büchi and Streett automata to deterministic parity automata
- Piterman
(Show Context)
Citation Context ...it affects the range of ranks that the NBT has to guess. In fact, the bound described here is better than the one in [24], and the improvement is due to Piterman’s recent determinization construction =-=[34]-=-. 4 Safraless LTL Realizability and Synthesis Given an LTL formula ψ over the sets I and O of input and output signals, the realizability problem for ψ is to decide whether there is a strategy f : (2 ... |

43 |
Weakly definable relations and special automata
- Rabin
- 1970
(Show Context)
Citation Context ...The synthesis problem for an LTL formula ψ is to find a a transducer that generates a strategy realizing ψ. Known algorithms for the nonemptiness problem can be easily extended to return a transducer =-=[37]-=-. The algorithm we present here also enjoys this property, thus it can be used to solved not only the realizability problem but also the synthesis problem (as well as related richer problems, like sup... |

43 |
Propositional Dynamic Logic of Looping and Converse
- Streett
- 1982
(Show Context)
Citation Context ...19]. This is when the original automatatheoretic idea was revived: by going from various logics to automata directly, decision procedures of elementary complexity were obtained for many logics, e.g., =-=[44, 45, 50]-=-. By the mid 1980s, the focus was on using automata to obtain tighter upper bounds. Safra’s optimal determinization construction has led to a breakthrough progress also in the branching setting. Indee... |

41 |
1991] Modular synthesis of reactive systems
- Rosner
(Show Context)
Citation Context ...theory developed for system synthesis, little of this theory has been reduced to practice. Some people argue that this is because the realizability problem for LTL specifications is 2EXPTIME-complete =-=[35, 39]-=-, but this argument is not compelling. First, experience with verification shows that even nonelementary algorithms can be practical, since the worst-case complexity does not arise often (c.f., the mo... |

40 |
Realizable and unrea.liza.ble concurrent program specifications
- Abadi, mport, et al.
- 1989
(Show Context)
Citation Context ...tation of it.slinear specifications. When a system is reactive, it interacts with the environment, and a correct system should satisfy the specification with respect to all environments. As argued in =-=[1, 6, 35]-=-, the right way to approach synthesis of reactive systems is to consider the situation as a (possibly infinite) game between the environment and the system. A correct system can be then viewed as a wi... |

39 |
Weak monadic second order theory of successor is not elementary recursive
- Meyer
- 1975
(Show Context)
Citation Context ...y of infinite trees. In fact, SnS decidability was the motivation for extending the automatatheoretic framework to infinite trees [36]. The complexity of SnS decidability is known to be nonelementary =-=[29]-=-. Thus, while decidability of many logics has been established by demonstrating an effective reduction to SnS, this approach was no longer appealing when decidability became of practical interest in a... |

38 | Concept language with number restrictions and fixpoints, and its relationship with µ-calculus
- Giacomo, Lenzerini
- 1994
(Show Context)
Citation Context ...s has been established by demonstrating an effective reduction to SnS, this approach was no longer appealing when decidability became of practical interest in areas such as formal verification and AI =-=[12, 19]-=-. This is when the original automatatheoretic idea was revived: by going from various logics to automata directly, decision procedures of elementary complexity were obtained for many logics, e.g., [44... |

33 |
Complementation is more difficult with automata on infinite words
- Michel
- 1988
(Show Context)
Citation Context ... was suggested in [42]. Only in [40], however, Safra introduced an optimal deO(n log n) terminization construction, which also enabled a 2 complementation construction, matching the known lower bound =-=[30]-=-. Safra’s determinization construction is beautiful. In order to obtain the optimal bound, Safra defined each state of the deterministic automaton to be a tree of subset constructions that cleverly ma... |

31 | Mona 1.x: New techniques for WS1S and WS2S
- Elgaard, Klarlund, et al.
- 1998
(Show Context)
Citation Context ...not compelling. First, experience with verification shows that even nonelementary algorithms can be practical, since the worst-case complexity does not arise often (c.f., the model-checking tool MONA =-=[7]-=-). Furthermore, in some sense, synthesis is not harder than verification. Indeed, realizable specifications for which the solution of the synthesis problem is doubly exponential, require systems of do... |

24 | More deterministic” vs. “smaller" Büchi automata for efficient LTL model checking
- Sebastiani, Tonetta
(Show Context)
Citation Context ...implementation is not due to a lack of need: implementations of realizability algorithms exist, but they have to either restrict the specification to one that generates “easy to determinize” automata =-=[41, 52]-=- or give up completeness [15]. In this work we offer an alternative to the standard automata-theoretic approach. The crux of our approach is avoiding the use of Safra’s construction. Instead, we use u... |

21 | On complementing nondeterministic Büchi automata
- Gurumurthy, Kupferman, et al.
- 2003
(Show Context)
Citation Context ...s the removal of an infinite path from G2i+1. Since the width of G0 is bounded by n, it follows that the width of G2i is at most n − i. Hence, G2n is finite, and G2n+1 is empty. In fact, as argued in =-=[13]-=-, the α-less width of G2i is at most n − (|α| + i), implying that G 2(n−|α|)+1 is already empty. Since |α| ≥ 1, we can therefore assume that G2n−1 is empty. Each vertex 〈q, l〉 in G has a unique index ... |

20 | Büchi complementation made tighter
- Friedgut, Kupferman, et al.
(Show Context)
Citation Context ... is roughly (n/e) n . The construction above does better: since (1 + x n )n = e x , the 3 n · (2n − 1) n bound in Theorem 2.2 is equal to (6n) n / √ e. This is still far from Michel’s lower bound. In =-=[10]-=- we improved the construction further and described a construction that results in an NBW with at most (0.96n) n states. The idea is as follows. Let k be the maximal odd rank that some vertex in G has... |

20 | Safraless compositional synthesis
- Kupferman, Piterman, et al.
- 2006
(Show Context)
Citation Context ...worst case. As shown in [13], experimental results show that in the case of word automata the construction typically ends up with a small k. 4.1.3 Ranks for generalized universal co-Büchi automata In =-=[22, 20]-=-, we extended the ranking analysis to universal generalized co-Büchi word and tree automata. Consequently, we can handles LTL formulas by translating them to nondeterministic generalized Büchi automat... |

17 | Observations on determinization of Büchi automata
- Althoff, Thomas, et al.
(Show Context)
Citation Context ...s that have been visited along each run). While being the heart of many complexity results in verification, the construction in [40] is complicated and difficult to implement. Efforts to implement it =-=[46, 2]-=- have to cope with the awfully complex state space of the deterministic automaton, which is amenable to optimizations and a symbolic representation. Almost 20 years have passed since the introduction ... |

15 | State space reductions for alternating Büchi automata
- Fritz, Wilke
- 2002
(Show Context)
Citation Context ... to practical use [3]. In fact, even when the properties are specified in LTL, complementation is useful: the translators from LTL into automata have reached a remarkable level of sophistication (cf. =-=[43, 11]-=-). Even though complementation of the automata is not explicitly required, the translations are so involved that it is useful to checks their correctness, which involves complementation1 . Complementa... |

13 |
Progress measures for complementation of ω-automata with applications to temporal logic
- Klarlund
- 1991
(Show Context)
Citation Context ...complexity is improved). In addition, they give rise to several significant optimizations and heuristics. The idea of avoiding determinization was first suggested in the context of complementation in =-=[18]-=-, which described a 2 O(n log n) Safraless complementation construction. The analysis of runs of universal co-Büchi automata that we do here is similar to the progress-measures introduced there. Unfor... |

13 | From complementation to certification
- Kupferman, Vardi
- 2004
(Show Context)
Citation Context ...worst case. As shown in [13], experimental results show that in the case of word automata the construction typically ends up with a small k. 4.1.3 Ranks for generalized universal co-Büchi automata In =-=[22, 20]-=-, we extended the ranking analysis to universal generalized co-Büchi word and tree automata. Consequently, we can handles LTL formulas by translating them to nondeterministic generalized Büchi automat... |

13 |
Language containment using non-deterministic omega-automata
- Tasiran, Hojati, et al.
- 1995
(Show Context)
Citation Context ...s that have been visited along each run). While being the heart of many complexity results in verification, the construction in [40] is complicated and difficult to implement. Efforts to implement it =-=[46, 2]-=- have to cope with the awfully complex state space of the deterministic automaton, which is amenable to optimizations and a symbolic representation. Almost 20 years have passed since the introduction ... |

11 | A new algorithm for strategy synthesis in LTL games
- Harding, Ryan, et al.
- 2005
(Show Context)
Citation Context ...ck of need: implementations of realizability algorithms exist, but they have to either restrict the specification to one that generates “easy to determinize” automata [41, 52] or give up completeness =-=[15]-=-. In this work we offer an alternative to the standard automata-theoretic approach. The crux of our approach is avoiding the use of Safra’s construction. Instead, we use universal automata. Like nonde... |

11 |
Complementing Deterministic Büchi Automata
- Kurshan
- 1987
(Show Context)
Citation Context ...sts. Due to the lack of a simple complementation construction, users are typically required to specify the property by deterministic Büchi automata (it is easy to complement a deterministic automaton =-=[26]-=-), or to supply the automaton for the negation of the property [16]. Similarly, specification formalisms like ETL [53], which have automata within the logic, involve complementation of automata, and t... |

10 | Solving Games Without Determinization - Henzinger, Piterman - 2006 |

9 | Complementation constructions for nondeterministic automata on infinite words
- Kupferman, Vardi
- 2005
(Show Context)
Citation Context ...uction and the optimizations have been implemented and they significantly reduce the size of the state space of A ′ . 2.1.5 Safraless complementation of nondeterministic Rabin and Streett automata In =-=[23]-=-, we extended the ranking technique to Rabin and Streett automata, and use the analysis in order to describe simple complementation constructions for NRW and NSW. Thus, also in these classes, it is po... |

7 | Lower bounds for complementation of ω-automata via the full automata technique
- Yan
(Show Context)
Citation Context ...tial level rankings, and lead to the (0.96n) n bound. We note that the lower bound for NBW complementation was recently tightened too: a new technique by Yan implies a (0.76n) n ∗ poly(n) lower bound =-=[54]-=-. Thus, there is still a gap between the upper and lower bounds, but it is less significant than the gap between Safra’s and Michel’s bound. 2.1.2 Finding the minimal rank required A drawback of our c... |