About Alternating Automata Daniel Choi Provable Software Laboratory KAIST

Overview About Alternating Automata, Daniel PSWLAB, KAIST2/33 Model checking – Specify requirement properties and build system model – Generate possible states from the model and then check whether given requirement properties are satisfied within the state space OK Error Trace Found or Target Program Requirement Properties Model Checking 

Overview About Alternating Automata, Daniel PSWLAB, KAIST3/33 Model Checking Target Program Requirement Properties 

Overview About Alternating Automata, Daniel PSWLAB, KAIST4/33 LTL to Büchi Automata LTL Formula Negated Formula Automaton Is there a smarter way to express LTL formula? State Explosion!! State Explosion!! Alternating Automata Vardi ’96, ‘97

Content Branching Choices in Automaton – Existential Choice – Universal Choice Alternating Automata Translate LTL into Alternating Automata Future study & Conclusion About Alternating Automata, Daniel PSWLAB, KAIST5/33

Branching Choices in Automaton Existential Choice Automaton A – Accepts an input word w iff there exists an accepting run of A on w About Alternating Automata, Daniel PSWLAB, KAIST6/ A B 3 B A Automaton A A Input word : A + B ω Run 1: ω Run 2: ω Run 1 is accepting run Run 2 is not accepting run

Branching Choices in Automaton Universal Choice Automaton A –Accepts an input word w iff all the runs of A on input word w are accepting About Alternating Automata, Daniel PSWLAB, KAIST7/ A B B A Input word : A + B ω Run 1: ω Run 2: ω Automaton A 4 3 A Run 1 is accepting run Run 2 is accepting run

Deterministic automaton has unique accepting run on input word – Existential Choice There exist one accepting run on input word – Universal Choice There is unique accepting run About Alternating Automata, Daniel PSWLAB, KAIST8/33 Branching Choices in Automaton Deterministic Automaton A C A B,C B Input word : AAB Run : 123 Deterministic automaton has Existential branching choice and Universal branching choice (Trivially)

Branching Choices in Automaton Branching Choices of Several Automatons Nondeterministic Automaton –Existential branching choice For-all Automaton (Z. Mannar, A. Pruneli, 1987) –Nondeterministic automaton Trivial existential branching choice –Universal branching choice Alternating Automaton –Allows both existential and universal branching choices About Alternating Automata, Daniel PSWLAB, KAIST9/33

Content Branching Choices in Automaton – Existential Choice – Universal Choice Alternating Automata Translate LTL into Alternating Automata Future study & Conclusion About Alternating Automata, Daniel PSWLAB, KAIST10/33

Alternating Automata Positive Boolean formulas Positive Formulas – Formula that does not contain the negation symbol – Closed under conjunction and disjunction Definition of B + ( Q ) – Set of positive Boolean formulas over Q – Boolean formulas built from elements in Q using ∧ and ∨ – true and false are allowed – When Y⊆ Q, Y satisfies a formula θ ∈ B + ( Q ) iff the truth assignment that assigns true to the members of Y and assigns false to the members of Q \ Y satisfies θ About Alternating Automata, Daniel PSWLAB, KAIST11/33

Alternating Automata Example of B + ( Q ) Q = {q 1, q 2, q 3 } θ = (q 1 ∨ q 2 ) ∧ q 3 ∈ B + ( Q ) {q 1, q 3 } satisfies θ – Assign true to q 1 and q 3 – Assign false to Q – {q 1, q 3 } θ = (q 1 ∨ q 2 ) ∧ q 3 = (true ∨ false) ∧ true = true {q 1, q 2 } does not satisfies θ – Assign true to q 1 and q 2 – Assign false to Q – {q 1, q 2 } θ = (q 1 ∨ q 2 ) ∧ q 3 = (true ∨ true) ∧ false = false About Alternating Automata, Daniel PSWLAB, KAIST12/33

Alternating Automata Definition of Alternating Automata A = ( Σ, S, s 0, ρ, F) –Σ: finite nonempty alphabet –S : finite nonempty set of states –s 0 : initial state S (unique initial state) –F : set of accepting states –Transition function ρ : S X Σ → B + ( S ) About Alternating Automata, Daniel PSWLAB, KAIST13/33

Transitions of Alternating automata can be arbitrary formulas in B + ( Q ) ρ(s, a ) = (s 1 ∧ s 2 ) ∨ (s 3 ∧ s 4 ) – When it is in the state s, automaton accepts aw If it accepts the word w from both s 1 and s 2 or from both s 3 and s 4 About Alternating Automata, Daniel PSWLAB, KAIST14/33 Alternating Automata Transition of Alternating Automata

Alternating Automata Example of transition ρ(s, A) = (s 1 ∧ s 2 ) ∨ s ρ(s, B) = false ρ(s 1, A) = s 1 ρ(s 2, A) = s 2 ρ(s 1, B) = true ρ(s 2, B) = true About Alternating Automata, Daniel PSWLAB, KAIST15/33 4 ss1s1 A B B A Automaton A 4 s2s2 Input word : AAB A s s s1s1 s2s2 A s1s1 s2s2 A B

Alternating Automata Definition of Tree Due to the universal choice, run of an alternating automaton is a tree Definition – Tree has one node as a root (denoted by ε) – Every non-root node has a unique parent s is the parent of t and t is a child of s if there is an edge from s to t – Level |x| : distance from the root ε to x level of root is 0 – Branch β = x 0, x 1, … a maximal sequence of nodes s.t. x 0 is root and x i is the parent of x i+1 for all i > 0 About Alternating Automata, Daniel PSWLAB, KAIST16/33

Alternating Automata Example of Tree Root : s 0 s 0 is parent of s 1 and s 1 is child of s 0 Level of s 2 : |s 2 | = 2 Branch β 1 = s 0 s 1 s 2 s 3 Branch β 2 = s 0 s 1 s 4 s 5 About Alternating Automata, Daniel PSWLAB, KAIST17/33 s0s0 s1s1 s2s2 s4s4 s3s3 s5s5

Alternating Automata Run of Alternating Finite Automata Run of Alternating Finite Automata A – Run of AFA is Σ -labeled tree ( τ, T ) For a finite alphabet where τ is a tree and T is a mapping from nodes( τ ) to Σ – Run of A on finite word w =a 0,a 1,…,a n-1 When r is S-labeled tree, – If |x| = i < n, r (x) = s, and ρ (s, a i ) = θ, then x has k children x 1, …, x k for some k ≤ |S |, and { r (x 1 ), …, r (x k )} satisfies θ If ρ ( r (x), a i ) = true, then x does not need to have any children If ρ ( r (x), a i ) = false, then x can not have any children About Alternating Automata, Daniel PSWLAB, KAIST18/33

Alternating Automata Run of Alternating Büchi Automata Run of Alternating Büchi Automata A – Run of ABA is Σ -labeled tree ( τ, T ) For a finite alphabet where τ is a tree and T is a mapping from nodes( τ ) to Σ – Run of A on infinite word w =a 0,a 1,…,a n-1 When r is S-labeled tree, – If |x| = i, r (x) = s, and ρ (s, a i ) = θ, then x has k children x 1, …, x k for some k ≤ |S |, and { r (x 1 ), …, r (x k )} satisfies θ If ρ ( r (x), a i ) = true, then x does not need to have any children If ρ ( r (x), a i ) = false, then x can not have any children About Alternating Automata, Daniel PSWLAB, KAIST19/33

Alternating Automata AFA vs ABA Accepting Run – Every branch in an accepting run has to hit the true transition or hit an accepting state after reading all the input word Accepting Run of ABA – Every infinite branch in r includes infinitely many labels in F – Or, run can also have finite branches if |x| = i, r (x) = s, and ρ (s, a i ) = true About Alternating Automata, Daniel PSWLAB, KAIST20/33

Alternating Automata Example: AFA and ABA About Alternating Automata, Daniel PSWLAB, KAIST21/33 ρ(s, A) = (s 1 ∧ s 2 ) ∨ s ρ(s, B) = false ρ(s 1, A) = s 1 ρ(s 2, A) = s 2 ρ(s 1, B) = true ρ(s 2, B) = true 4 ss1s1 A B B A Automaton A 4 s2s2 A s s s1s1 s2s2 s1s1 s2s2 s s s1s1 s2s2 s1s1 s2s2 Input word : AABInput word : AAB ω

Alternating Automata Example: AFA and ABA About Alternating Automata, Daniel PSWLAB, KAIST22/33 ρ(s, A) = (s 1 ∧ s 2 ) ∨ s ρ(s, B) = false ρ(s 1, A) = s 1 ρ(s 2, A) = s 2 ρ(s 1, B) = s 1 ρ(s 2, B) = s 2 4 ss1s1 A B B A Automaton A 4 s2s2 A s s s1s1 s2s2 s1s1 s2s2 s s s1s1 s2s2 s1s1 s2s2 Input word : AABInput word : AAB ω ……

Content Branching Choices in Automaton – Existential Choice – Universal Choice Alternating Automata Translate LTL into Alternating Automata Future study & Conclusion About Alternating Automata, Daniel PSWLAB, KAIST23/33

Translate LTL into Alternating Automata Meaning of ABA which denotes LTL formula LTL formula φ, ABA A φ = ( Σ, S, s 0, ρ, F) –Σ = 2 Prop – S: Set of states (S consist all subformulas of and their negation) |S| is in O(|φ|) – Initial state : s 0 – Set F of accepting states consists of all formulas in S of the form ¬ ( φ 1 U φ 2 ) φ 1 U φ 2 does not ensure that φ 1 U φ 2 holds at that point, since it does not ensure that eventually holds φ 2 ¬ ( φ 1 U φ 2 ) ensures that φ 1 U φ 2 indeed fails at that point, since φ 2 fails from that point on About Alternating Automata, Daniel PSWLAB, KAIST24/33

Translate LTL into Alternating Automata Transition function Transition function ρ About Alternating Automata, Daniel PSWLAB, KAIST25/33

Translate LTL into Alternating Büchi Automata Example : Eventually p φ = true U p A φ = (2 {p}, { φ, ¬ φ, ¬ p, p}, φ, ρ, { ¬ φ }) About Alternating Automata, Daniel PSWLAB, KAIST26/33 s ρ (s, {p}) ρ (s, {}) φ true φ ¬φ¬φ false ¬φ¬φ ptruefalse ¬p¬p true

About Alternating Automata, Daniel PSWLAB, KAIST27/33 Translate LTL into Alternating Büchi Automata Example : ㅁ ⋄p LTL formula φ, ABA A φ = ( Σ, S, s 0, ρ, F) –Σ = 2 {p} – S: { ㅁ ⋄p, ¬ ㅁ ⋄p, ⋄p, ¬ ⋄p, p, ¬ p} – s 0 : ㅁ ⋄p – F: { ¬ (true U ¬ ⋄p ), ¬ ⋄p } – ρ ( true U ¬ ⋄p, a) = ¬ ( ρ (⋄p, a)) ∨ ( ρ ( true, a) ∧ true U ¬ ⋄p) = ¬ ( ρ ( true U p, a)) ∨ ( true U ¬ ⋄p) = ¬ ( ρ (p, a) ∨ ( ρ ( true, a) ∧ ⋄p)) ∨ ( true U ¬ ⋄p) = ¬ ( ρ (p, a) ∨ ⋄p) ∨ ( true U ¬ ⋄p) – ρ ( ¬( true U ¬ ⋄p), a) = ¬ ( ρ (⋄p, a)) ∨ ( ρ ( true, a) ∧ true U ¬ ⋄p) = ¬ ( ρ ( true U p, a)) ∨ ( true U ¬ ⋄p) = ¬ ( ρ (p, a) ∨ ( ρ ( true, a) ∧ ⋄p)) ∨ ( true U ¬ ⋄p) = ( ρ (p, a) ∨ ⋄p) ∧ ¬ ( true U ¬ ⋄p)

About Alternating Automata, Daniel PSWLAB, KAIST28/33 s ρ (s, {p}) ρ (s, {}) φφ ⋄p ∧ φ ¬φ¬φ ¬φ¬φ ¬ ⋄p ∨ ¬ φ ⋄p⋄p true ⋄p⋄p ¬⋄p¬⋄p false ¬⋄p¬⋄p ptruefalse ¬p¬p true Translate LTL into Alternating Büchi Automata Example : ㅁ ⋄p A φ = ( Σ, S, s 0, ρ, F) Σ = 2 {p} S: { ㅁ ⋄p, ¬ ㅁ ⋄p, ⋄p, ¬ ⋄p, p, ¬ p} s 0 : ㅁ ⋄p F: { ¬ (true U ¬ ⋄p ), ¬ ⋄p } Input: ¬ p, ¬ p, p, … φ ⋄p⋄p φ ⋄p⋄p⋄p⋄p φ φ …

Compare with Generalized Büchi Automaton About Alternating Automata, Daniel PSWLAB, KAIST29/33 Translate LTL into Alternating Büchi Automata Example : ㅁ ⋄p

Content Branching Choices in Automaton – Existential Choice – Universal Choice Alternating Automata Translate LTL into Alternating Automata Future study & Conclusion About Alternating Automata, Daniel PSWLAB, KAIST30/33

Conclusion Size of alternating automaton – Linear in the size of formula (exponentially succinct) Alternating automata have same expressive power as nondeterministic automata Translate specification into alternating Büchi automaton – automaton is simplified – Translate simplified automaton into a nondeterministic Büchi automaton About Alternating Automata, Daniel PSWLAB, KAIST31/33

Future study Study about other variation of Alternating Automata – Weak Alternating Automata – Two-way Alternating Automata – Alternating Tree Automata Other properties of Alternating Automata – Memoryless property – Fixed point logic and alternating automata – Converting alternating Büchi automata to nondeterministic Büchi automata Alternating-time Temporal Logic – R. Alur, T. Henzinger and Kupferman, “Alternating-time Temporal Logic,” COMPOS’97 About Alternating Automata, Daniel PSWLAB, KAIST32/33

Reference Checking Finite Traces using Alternating Automata by Bernd Finkbeiner and Henny Sipma In FMSD Vol. 24, Issu e 2 (March 2004) Weak Alternating Automata Are Not That Weak by Orna Kupferman and Moshe Y. Vardi In ISTCS'97 An Automata Theoretic Approach to Linear Temporal Logic by Moshe Y. Vardi In BANFF’94 Tree Automata Technique and Applications, Chapter 7 by H. Comon, M Dauchet, R. Gilleron, F Jacquemard, D. Lugiez, S. Tison and M. Tommasi, At About Alternating Automata, Daniel PSWLAB, KAIST33/33