Determinization of Büchi Automata Ghila Castelnuovo Tel Aviv University

Agenda Brief Review on Definitions: Büchi, Muller and Rabin Automata Deterministic Büchi Automata, Nondeterministic Automata and their unequivalence between them A bad tentative: Power-set construction on Büchi Automata. Determinization of Büchi Automata: Safra Construction

Definition of ω-Automaton Let Σ = {a,b,..} a finite alphabet. By Σω we denote the set of infinite words over Σ . A ω-automaton over Σ is a quintuple A = <Q, Σ , δ, qI, Acc>, where: Q is a finite set of states, Σ is a finite alphabet. δ : Q×Σ → 2Q (or δ : Q×Σ → 2Q for the non-deterministic one), is the state transition function qI∈ Q is the initial state Acc is the acceptance component.

Büchi Acceptance Condition An ω-automaton A = (Q, Σ, δ, qI, F) with acceptance component F ⊆ Q is called Büchi automaton if it is used with the following acceptance condition (Büchi acceptance component): A word α ∈ Σω is accepted by A iff there exists a run ρ of A on α satisfying the condition: Inf(ρ) ∩ F ≠∅.

Muller Acceptance Condition An ω-automaton A = (Q, Σ, δ, qI, F) with acceptance component F ⊆ Q is called Muller automaton if it is used with the following acceptance condition (Muller acceptance component): A word α ∈ Σω is accepted by A iff there exists a run ρ of A on α satisfying the condition: Inf(ρ) ∈ F

Rabin Acceptance Condition An ω-automaton A = (Q, Σ, δ, qI, Ω) with acceptance component Ω = {(E1, F1), . . . , (Ek, Fk)} with Ei, Fi ⊆ Q is called Rabin automaton if it is used with the following acceptance condition (Rabin acceptance component): A word α ∈ Σω is accepted by A iff there exists a run ρ of A on α satisfying the condition: ∃(E,F)  Ω : (Inf(ρ) ∩ E = ∅) ∧ (Inf(ρ) ∩ F ≠ ∅).

Deterministic versus Nondeterministic Büchi Automata This automaton A accepts the language L := {α ∈ {a, b}ω | b(α) < ∞}, where b(α) denotes the number of ‘b’s occurring in word α. We saw in the first lecture that there does not exist a deterministic Automata which recognizes this language.

Deterministic versus Nondeterministic Büchi Automata From this we understand that not for all the nondeterministic Büchi Automata there exists an equivalent deterministic one.

Then, how do we determinize? We saw in the first lecture the following equivalence. Therefore what we can do is to determinize a Büchi non deterministic Automaton to a Muller deterministic Automaton or to a Rabin deterministic Automaton

Determinization of Büchi Automata: Power Set Construction {p,q} a,b {p,q, r} a b F = {{p,q}, {p,q,r}}. This automata A’ also recognizes the word (ab)ω  L. The reason why the Power set Construction doesn’t work is because there if we look at the accepting run  = {p} {p,q} {p,q,r} {p,q,r} {p,q,r} … in A’, we cannot extract a run of A from it, where we visit infinite times f.

Determinization of Büchi Automata: Power Set Construction The problem is due to the fact that we can’t really simulate the original run since the number of nodes in each level in the tree is unbounded. Therefore what we do is that we approximate it and we represent each level by the states that we visited in the level. In this way we represent much more paths than in the original tree, and especially we represent also a good path that didn’t originally exist.

Safra’s Construction By given a Büchi non deterministic Automaton B it creates a Muller deterministic Automaton M or a Rabin deterministic Automaton R, such that L(B) = L(M) = L(R).

How do we do that? Safra’s Trees The Construction

Safra’s Trees Q is a fixed set of states. A Safra Tree  over Q is tree over a vocabulary V, and where each node is labeled by λ ∈ {2Q \  }x{‘’,‘!’} and which satisfies the following conditions: The union of brother macrostates is a proper subset of their parent macrostate. Brother macrostates are disjoint.

Safra’s Trees Example Q = {qI, f, g}, V={1,2,3} 1 2 3 {f} {g}

Safra’s Trees Lemma 1: The number of nodes in a Safra tree is bounded by |Q|. Proof: By induction on the height of Safra trees over Q. Base: If n is 0 or n is 1, then the tree is empty or only a root and then it is trivial.

Safra’s Trees Induction’s Step: Each one of the sons of the root are Safra trees over disjoint sets Qi of states. By induction, the number of nodes in each one of the subtree is ≤ |Qi|, then the total number of nodes is ≤ ∑|Qi| + 1. By Condition 1 we also have that ∑|Qi| < |Q|, then we get that the total number ≤ |Q|

Safra’s Trees In each level we have at least one node. Corollary 1: The height of a Safra trees is at most |Q|. In each level we have at least one node. Corollary 2: Safra trees are finitely branching, and a node has at most |Q|-1 sons. Otherwise we will get more than |Q| nodes.

The Construction B = (Q, Σ, qI, δ, F) is non-deterministic Büchi automaton. We will create a new deterministic Muller automaton M = (Q’, Σ’, qI’, δ’, F) or a new deterministic Rabin automaton R = (Q’, Σ’, qI’, δ’, Ω) such that: Q’ is a set of Safra trees. qI’ is a Safra tree. δ’: Q’ x Σ → Q’ is the states’ transition function.

The Construction - Running Example Q = {qI,f,g}, F = {f,g}

The Construction The vocabulary V = {1,2,…,2|Q|} – This is sufficient because the number of nodes is bounded by |Q| and in the intermediate states we add at most |Q| nodes. The initial state qI’ is a single node labeled with macrostate {qI}. 1 {qI} qI’ =

The Construction The value of the transition function δ’(T, a) is computed as follows: Step 1: Remove all marks ‘!’ in the Safra tree T. Step 2: For every node v with macrostate M such that M ∩ F ≠∅, create a new node v ∈ (V \N), such that v becomes the youngest son of v and carries the macrostate M ∩ F. Step 3: Apply the powerset construction on every node v, i.e. replace its macrostate M by {q ∈ Q| ∃(m, a, q) ∈ Δ : m ∈ M}.

The Construction Step 4 (horizontal merge): For every node v with macrostate M and state q ∈ M, such that q also belongs to an older brother of v, remove q from M. Step 5: Remove all nodes with empty macrostates. Step 6 (vertical merge): For every node whose label is equal to the union of the labels of its sons, remove all the descendants of v and mark v with ‘!’

The Construction - Running Example Computing δ(1−{qI}, a) : Step 1: Step 2: Step 3: 1 {qI} a Remove all marks ‘!’ in the Safra tree T. For every node v with macrostate M such that M ∩ F = ∅, create a new node v ∈ (V \N), such that v becomes the youngest son of v and carries the macrostate M ∩ F. 1 {qI} a 1 {qI} {qI,f} a Apply the powerset construction on every node v, i.e. replace its macrostate M by {q ∈ Q| ∃(m, a, q) ∈ Δ : m ∈ M}.

The Construction - Running Example Computing δ(1−{qI}, c) : Step 1: Step 2: Step 3: 1 {qI,f} a {qI} c Remove all marks ‘!’ in the Safra tree T. For every node v with macrostate M such that M ∩ F = ∅, create a new node v ∈ (V \N), such that v becomes the youngest son of v and carries the macrostate M ∩ F. 1 {qI,f} a {qI} c 1 {qI,f} a {qI} ∅ c Apply the powerset construction on every node v, i.e. replace its macrostate M by {q ∈ Q| ∃(m, a, q) ∈ Δ : m ∈ M}.

The Construction - Running Example Computing δ(1−{qI}, c) : Step 4: Step 5: 1 {qI,f} a {qI} ∅ c For every node v with macrostate M and state q ∈ M, such that q also belongs to an older brother of v, remove q from M. Remove all nodes with empty macrostates. a 1 {qI} c ε {qI,f}

The Construction - Running Example Computing δ(1−{qI,f}, c) : Step 1: Step 2: Step 3: a 1 {qI} {qI,f} c ε Remove all marks ‘!’ in the Safra tree T. For every node v with macrostate M such that M ∩ F = ∅, create a new node v ∈ (V \N), such that v becomes the youngest son of v and carries the macrostate M ∩ F. a 1 {qI} {qI,f} c ε 2 {f} a 1 {qI} {qI,f} c ε {f} 2 Apply the powerset construction on every node v, i.e. replace its macrostate M by {q ∈ Q| ∃(m, a, q) ∈ Δ : m ∈ M}.

The Construction - Running Example Computing δ(1−{qI,f}, c) : Step 4: Step 5: Step 6: For every node v with macrostate M and state q ∈ M, such that q also belongs to an older brother of v, remove q from M. a 1 {qI} {qI,f} c ε {f} 2 a 1 {qI} {qI,f} c ε {f} 2 Remove all nodes with empty macrostates. a 1 {qI} {qI,f} c ε {f} ! For every node whose label is equal to the union of the labels of its sons, remove all the descendants of v and mark v with ‘!’

The Construction – Muller Automaton A Muller automaton is obtained by choosing the acceptance component as follows: A set S ⊆ Q of Safra trees is in the system F of final state sets if for some node v ∈ V the following holds: Muller 1: v appears in all Safra trees of S, and Muller 2: v is marked at least once in S.

The Construction – Rabin Automaton To obtain a Rabin automaton, one takes all pairs (Ev, Fv), v ∈ V, as acceptance component, where Rabin 1: Ev consists of all Safra trees without a node v, and Rabin 2: Fv consists of all Safra trees with node v marked ‘!’.

The Construction - Running Example

Q’ consists of Safra Trees Before proving the Algorithm’s correctness, we need to prove that we are indeed getting a Muller/Rabin Automaton. For this, we need to prove that δ’(T, a) ∈ Q’. Step 1 -> Removing all the marks ‘!’ preserves the conditions 1 and 2.

Q’ consists of Safra Trees Step 2 may violate Condition 1 because if M ⊆ F, then the son has the same macrostate as the father. Step 3 (PowerSet) can violate even more: Brothers may share a state q ∈ Q’. The new computed macrostate can be an empty set. The Union of brothers macrostates can be equal to the father’s macrostate.

Q’ consists of Safra Trees Step 4, Step 5, and Step 6 deal with these problems. Step 4 ensures Condition 2 by horizontal merge of brother macrostates. Step 5 removes nodes with empty macrostates. By vertical merge Step 6 fixes situations where Condition 1 is violated. Thus, we finally obtain after all six steps a Safra tree.

Intuition behind Safra’s Construction The Safra’s construction uses three tricks. Trick 1: Initialize new runs of macrostates starting from recurring states. The idea behind this is to look at the paths which comes out from recurring states. This allows the construction of an accepting run of the original Automaton.

Intuition behind Safra’s Construction Trick 2: Keep track of joining runs of the nondeterministic Büchi automaton just once. Lets consider two finite runs: q1q2 . . . fqi . . . qj−1qj . . . qnqn+1 and q’1q’2. . . q’i−1q’i . . . f’q’j . . . q’nqn+1 As we converge at the end into the same state, and we visited a recurring states in both the runs, then we don’t actually care which one of the recurring states states we visited when we get to qn+1, then we can merge the macrostates into one.

Intuition behind Safra’s Construction Trick 3: If all states in a macrostate have a recurring state as predecessor, delete the corresponding components. If there is some node where the union of all its sons’s macrostate is equal to its macrostate, it means that all the states in the macrostate have a recurring state as predecessor, which means that in the original run, each time before that we get to any of the states in the macrostate we must visit a recurring state.

Algorithm’s Correctness Let B = (Q, Σ, qI, δ, F) be a nondeterministic Büchi automaton. Let M = (Q’, Σ, qI’, δ’, F’) be the deterministic Muller and R = (Q’, Σ, qI’, δ’, Ω) be the deterministic Rabin automaton obtained by Safra’s construction. Then L(B) = L(M) = L(R).

Part 1 - Completeness We need to prove that L(B) ⊆ L(M) and L(B) ⊆ L(R). Let α ∈ L(B), we need to prove that α ∈ L(M) and α ∈ L(R); the initial state and the run ρ’ are the same on both the Automata. We will first prove there exists some node v in the tree of run ρ’ such that Claim 1: v – from a certain point on – is a node of all Safra trees in ρ’ and Claim 2: v is marked ‘!’ infinitely often.

Part 1 – Completeness for Muller If the claims hold then: Inf(ρ’) ∈ F. Indeed the Muller Conditions hold for v. Condition 1: It holds because a Safra tree of ρ’ not including v is not in Inf(ρ’) – because of Claim 1. v is marked ‘!’ infinitely often in ρ’ and Q’ is a finite set, therefore there exists some Safra tree in Inf(ρ’) with with v marked ‘!’. Therefore ρ’ is an accepting run for M which means that α ∈ L(M).

Part 1 – Completeness for Rabin Also, if the claims hold then: The Rabin Conditions hold for v. Inf(ρ’)∩Ev = ∅ because of Claim 1 Inf(ρ’)∩Fv ≠ ∅ because of Claim 2 ρ’ is an accepting run of the deterministic Rabin automaton R, and we obtain α ∈ L(R).

Part 1 – Prove of the claims We will prove that there exists such a v on which both the claims hold. The root node respects Claim 1: α ∈ L(B), then there exists an accepting run ρ in the nondeterministic Büchi automaton B. Thus the root of all Safra trees occurring in the run is nonempty: the root macrostate of the i-th Safra tree in ρ’ includes ρ(i) and therefore cannot be removed in Step 5 of the Safra construction.

Part 1 – Prove of the claims If the root is marked with ‘!’ infinitely often we are done. Otherwise: Since ρ is an accepting run, there exists an state q ∈ Inf(ρ) ∩ F which occurs infinitely often in the root of the Trees of ρ’. Consider the run after the last occurrence ‘!’ on the root. Since q ∈ F, then it will be put in the root’s youngest son macrostate. After some finite eventual steps all the states of the run ρ will appear in some son of the root (it may be possible that it will be some older brother of this son).

Part 1 – Prove of the claims This son is the new candidate. It cannot be removed by step 5 because it is not empty as it will always carry the states of ρ. It cannot be removed by step 6 because it the root will not ever be marked by ‘!’ So it will appear in each tree of the run. If the son is marked with ‘!’ infinitely often then we are done – otherwise we will choose again one of its sons.

Part 1 – Prove of the claims We will eventually finish because the height of the Safra tree is finite. In addition to this, since α ∈ L(B), it means that the last son that we visited will always carry the states of ρ and in particular its macrostate will include a recurring state infinite times, and since it is the last son it will be marked by ‘!’ infinite times.

Part 2 - Soundness Lemma 1: Let R0…P0…R1!...Ri! a subrun of ρ’, such that Fi = Pi ∩ F. Then for all r ∈ Ri, there exists some p ∈ R0, such that in B moves with input u1v1 … uivi from p to r and it visits the recurring states at least i times. This is because for all Ri, which is a set of states, there exists some recurring state as predecessor. Therefore it means that between each Ri, Ri+1 there is a finite path which visits a recurring state (the paths is the one which starts from Fi).

Part 2 - Soundness Lemma 1: Let R0…P0…R1!...Ri! a subrun of ρ’, such that Fi = Pi ∩ F. Then for all r ∈ Ri, there exists some p ∈ R0, such that in B moves with input u1v1 … uivi from p to r and it visits the recurring states at least i times. This is because for all Ri, which is a set of states, there exists some recurring state as predecessor. Therefore it means that between each Ri, Ri+1 there is a finite path which visits a recurring state (the paths is the one which starts from Fi).

Part 2 - Soundness Lemma 2 (König’s Lemma): A finitely branching infinite tree contains an infinite path. Proof: We will define the path π inductively as following: for each v in π, v has infinitely many children. The root fulfills this by definition. Then, there must exists a son of the root which also fulfills this, as the tree is finitely branching.

Part 2 - Soundness Lemma 3: Let R0…R1!...Ri!... as defined in Lemma 1. Then there is a successful run of B on u1v1 u2v2… beginning with state R0. Proof: Lets look at the directed tree which has (qI,0) as root, and where for each node (r, i) r ∈ Ri and u1v1…uivi leads from qI to Ri. By the lemma, we know that for each r ∈ Ri there exists some r’ ∈ Ri-1 such that there is a path from r’ to r which visits a recurring state from Pi. In this way we will chose the parent, among one of those states (and there is at least one).

Part 2 - Soundness The word ac(aac)ω leads to the following sequence of macrostates: S0 = {qI}, S3i+1 = {f}, i ≥ 0, S3i+2 = {g}, i ≥ 0, and S3i+3 = {f, g}, i ≥ 0. For the parent we choose only one of the nodes in the Si-1 set.

Part 2 - Soundness This is a finitely branching infinite tree, and therefore there exists an infinite path π. In addition to this, the run on the path visits the same final state after each prefix u1v1…uivi.

Part 2 – Soundness’s Proof If α ∈ L(M) or α ∈ L(R), there exists a node v such that from a certain point v appears in all Safra trees and in addition to that it is marked by ‘!’ infinite times. By the claims Therefore there exists some label R such that the label R! occurs infinite times in the run ρ’. By lemma 3 we get that there exists an accepting run ρ in the original automaton which means that α ∈ L(B).

Space complexity of Safra’s Costruction The number of possible Safra trees is 2 (nlog(n)) Let Q = {q1, …, qn} Then in order to describe the Safra tree it is enough to say for each qi who is the node with the lowest level that has this node in its macrostate. Therefore this describes a function {q1, …, qn} -> {0,1,..,2n}

Space complexity of Safra’s Costruction The parent relation is as well a function {0,1,..,2n} -> {0,1,..,2n}. The next older brother is as well a function {0,1,..,2n} -> {0,1,..,2n}. The mark ‘!’ is a function {0,1,..,2n} -> {0,1} = O({0,1,..,2n} -> {0,1,…2n}) Therefore we get that the number of combinations of such maps is bounder by (2n + 1) n+3*2n = (2n + 1) 7n = 2 log (2n + 1) ^ 7n = 2 7n * log (2n + 1) = 2 (nlog(n))