A From LTL to Deterministic Automata A Safraless Compositional Approach

Transcription

1 A From LTL to Deterministic Automt A Sfrless Compositionl Approch JAVIER ESPARZA, Fkultät für Informtik, Technische Universität München, Germny JAN KŘETÍNSKÝ, IST Austri SALOMON SICKERT, Fkultät für Informtik, Technische Universität München, Germny We present new lgorithm to construct (generlized) deterministic Rbin utomton for n LTL formul ϕ. The utomton is the product of co-büchi utomton for ϕ nd n rry of Rbin utomt, one for ech G-subformul of ϕ. The Rbin utomton for Gψ is in chrge of recognizing whether FGψ holds. This informtion is pssed to the co-büchi utomton tht decides on cceptnce. As opposed to stndrd procedures bsed on Sfr s determiniztion, the sttes of ll our utomt hve cler logicl structure, which llows for vrious optimiztions. Experimentl results show improvement in the sizes of the resulting utomt compred to existing methods. 1. INTRODUCTION Liner temporl logic (LTL) is the most populr lnguge for the specifiction of properties of single computtions of progrm. The verifiction problem for LTL consists of deciding if ll computtions of progrm stisfy given LTL-formul formlizing property. In the utomt-theoretic pproch to this problem [Vrdi nd Wolper 1986; 1994; Vrdi 1999], the negtion of the formul is trnslted into n ω-utomton, nd the product of this utomton with the trnsition system describing the semntics of the progrm is nlyzed. In prticulr, if this trnsition system or some suitble bstrction of it hs finite number of sttes, then the product cn be exhustively explored by serch lgorithm, nd the property cn be checked utomticlly, t lest in principle. While the size of the ω-utomton cn be exponentil or even double-exponentil in the length of the formul (depending on the kind of ω-utomton), typicl formule used in prctice re either smll, or belong to clsses for which this blowup does not hppen. However, since the trnsition system is often very lrge, generting smll ω-utomt is still crucil for the efficiency of the pproch: Even reduction of few sttes in the ω-utomton cn led to much lrger reduction in the product. For functionl LTL verifiction (s opposed to the probbilistic verifiction discussed in the next prgrph), verifiction lgorithms only require to trnsform the LTL formul into non-deterministic ω-utomton, typiclly Büchi or generlized Büchi utomton nd, thnks to intense reserch in the lst decde, the problem of generting smll utomt is well understood, e.g. [Gerth et l. 1995; Couvreur 1999; Gstin nd Oddoux 2001]. Severl tools implement number of heuristic simplifictions (of the formul, of intermedite utomt generted during the trnsltion, nd of the finl result), nd generte Büchi utomt of miniml or nerly miniml size for most common specifictions, e.g. [Bbik et l. 2012; Duret-Lutz 2013]. An importnt fctor for this success is the fct tht the sttes of the utomton re LTL formule, which llows one to use informtion bout logicl equivlence or impliction between formule to merge sttes. The picture is still very different for quntittive LTL verifiction of probbilistic systems, i.e., for the problem of computing the probbility with which n LTL property is stisfied, or deciding whether it exceeds given bound. The stndrd pproch to this problem requires to trnslte the LTL formul into deterministic ω-utomton [Bier nd Ktoen 2008; Chtterjee et l. 2013], typiclly deterministic Rbin utomton (DRA). Contrry to the functionl cse, up to 2012 there were no lgorithms providing direct trnsltion, ll lgorithms vilble proceeded in two steps: first, the formul Journl of the ACM, Vol. V, No. N, Article A, Publiction dte: Jnury YYYY.

2 ws trnslted into non-deterministic Büchi utomton (NBA), nd then Sfr s construction [Sfr 1988] or improvements on it [Pitermn 2006; Schewe 2009] ws pplied to trnsform the NBA into DRA. (Alterntively, the determiniztion step cn be replced by semi-determiniztion [Courcoubetis nd Ynnkkis 1988].) At the time of writing this pper this is lso the defult pproch dopted in PRISM [Kwitkowsk et l. 2011], leding probbilistic model checker, which reimplements the optimized Sfr s construction of the ltl2dstr tool [Klein 2005]. While Sfr s construction is milestone of the theory of ω-utomt, it is lso difficult to implement (see e.g. [Kupfermn 2012]). In prticulr, it is monolithic construction tht cn be pplied to ny NBA, nd therefore does not exploit the structure of LTL formule. In 2011 the second uthor initited reserch progrm for the design nd implementtion of direct LTL-to-DRA trnsltion tht bypsses Sfr s construction. As first result, trnsltion for the LTL frgment contining only the temporl opertors F nd G ws presented in [Křetínský nd Esprz 2012]. The trnsltion yields deterministic generlized Rbin utomton (DGRA), which cn then be degenerlized into stndrd DRA. Alterntively, verifiction lgorithm ws proposed in [Chtterjee et l. 2013] which does not require to degenerlize, nd exhibits the sme worst-cse complexity. In both cses much smller utomt were obtined for mny formule. (For instnce, while the stndrd pproch trnsltes conjunction of three firness constrints into n utomton with over million sttes, the lgorithm of [Křetínský nd Esprz 2012] yields DGRA with one single stte (when cceptnce is defined on trnsitions), nd DRA with 462 sttes.) Subsequently, the pproch ws extended to lrger frgments of LTL contining the X opertor nd restricted ppernces of U [Giser et l. 2012; Křetínský nd Ledesm-Grz 2013]. However, generl lgorithm remined elusive. In this pper we present novel pproch ble to hndle full LTL. The pproch is compositionl: the DGRA is obtined s prllel composition of utomt running in lockstep 1. More specificlly, the utomton for formul ϕ is the prllel composition of co-büchi utomton ( specil cse of DRA) nd n rry of DRAs, one for ech G-subformul of ϕ. Intuitively, the stte of the co-büchi utomton fter reding finite word corresponds to the formul tht remins to be fulfilled (we sy tht the utomton monitors the remining formul). For exmple, if ϕ = ( X) XXG, then the remining formul fter reding {} is tt, nd fter reding {} it is XG. In prticulr, if the utomton reches the stte tt, it ccepts. If the co-büchi utomton never reches tt, then it needs informtion from the DRAs to decide on cceptnce. The DRA for G-subformul Gψ checks whether Gψ eventully holds, i.e., whether FGψ holds. Like the co-büchi utomton, the DRA lso monitors the remining formul, but only prtilly: more precisely, it does not monitor ny G-subformul of ψ, becuse other DRAs re responsible for them. For instnce, if ψ = Gb Gc, then the DRA for Gψ checks FG, nd delegtes checking FGb nd FGc to other utomt. Further, nd crucilly, the DRA for Gψ my lso provide the informtion tht not only FGψ, but stronger formul FG(ψ ψ ) holds. For exmple, the run of the DRA for G( Xc) on the word c ω supplies the informtion tht not only FG( Xc), but lso the stronger formul FG(( Xc) Xc) FGXc holds. The cceptnce condition of the full prllel composition is disjunction over ll possible subsets G of G-subformule, nd ll possible sets of stronger formule F tht the DRAs cn check together. Intuitively, the prllel composition ccepts word w by mens of the disjunct for G nd F when w stisfies FG (mening tht w stisfies FGψ 1 We could lso spek of product of utomt, but the opertionl view behind the term prllel composition helps to convey the intuition. 2

3 for every Gψ G) nd lso FGF. The co-büchi utomton is in chrge of checking the conditionl property tht if w stisfies FGG nd FGF, then it lso stisfies ϕ. A previous version of our compositionl lgorithm ppered in [Esprz nd Křetínský 2014]. Since the construction ws involved nd hd number of corner cses, the third uthor mechniclly verified it in the Isbelle theorem prover. The exercise reveled tht, s expected, some minor corrections were necessry, but lso exposed more serious bug requiring substntil chnge in lemm. An nlysis reveled tht the smllest to us known formul for which the construction of [Esprz nd Křetínský 2014] would hve produced wrong result is G(X GXb), which hs high chnce of surviving lrge mount of testing. Relted work. There re mny constructions trnslting LTL to NBA, e.g., [Gerth et l. 1995; Couvreur 1999; Dniele et l. 1999; Etessmi nd Holzmnn 2000; Somenzi nd Bloem 2000; Gstin nd Oddoux 2001; Ginnkopoulou nd Lerd 2002; Fritz 2003; Bbik et l. 2012; Duret-Lutz 2013]. The one recommended by ltl2dstr nd used in PRISM is LTL2BA [Gstin nd Oddoux 2001]. The version of Sfr s construction described in [Klein nd Bier 2007], which includes number of optimiztions, hs been implemented in ltl2dstr [Klein 2005], nd re-implemented in PRISM [Kwitkowsk et l. 2011]. A comprison of LTL trnsltors into deterministic ω-utomt cn be found in [Blhoudek et l. 2013]. Our compositionl construction shres the ide of recursive use of utomt with the construction tht uses temporl testers. However, testers re inherently nondeterministic [Pnueli nd Zks 2008], wheres ll our utomt re deterministic. Sfr s construction cn lso be used s intermedite step to solve other trnsltion problems, nd bypssing it by mens of sfrless pproches hs been the subject of severl ppers [Kupfermn nd Vrdi 2005; Kupfermn et l. 2006; Gimpolo et l. 2010]. Outline. The pper is orgnized s follows: After Section 2, which introduces bsic definitions bout LTL nd ω-utomt, the next four sections present LTL-to-DGRA constructions for incresingly generl LTL frgments. As wrm-up, Section 3 considers the cse of G-free formule. Section 4 considers the cse of formule FGϕ, where ϕ hs no occurrence of G. Loosely speking, it gives the recipe to construct single element of the rry of DRAs, Section 5 constructs DGRA for n rbitrry formul FGϕ s n rry of DRAs. Section 6 shows how to construct the co-büchi utomton nd the full prllel composition for n rbitrry formul. All four sections hve the sme structure. First, we obtin logicl chrcteriztion of the words tht stisfy formul of the corresponding frgment, nd then derive the corresponding utomton from it. The pper continues with Section 7, which describes some optimiztions tht reduce the number of sttes of the finl DGRA, nd the size of its cceptnce condition. Section 8 contins some remrks bout the worst-cse complexity of our construction. Finlly, Section 9 introduces Rbinizer, the tool implementing our construction, nd presents number of experimentl results on different test suites of LTL formule. As mentioned bove, the correctness proof of our construction hs been mechnized using the Isbelle theorem prover. Section 10 shows how to ccess the mechnized proofs, nd the reltion between this pper nd the forml proof. In prticulr, in the pper we sometimes omit cses in proofs by structurl induction tht do not provide specil insight. Finlly, Section 11 presents our conclusions. Some technicl proofs re presented in Appendix. 3

4 2. BASIC DEFINITIONS We recll bsic definitions of ω-utomt nd Liner Temporl Logic, nd estblish some nottions. In this pper, N denotes the set of nturl numbers including zero. We sy tht property holds for lmost every n N if it holds for ll but finitely mny nturl numbers Alphbets nd words An lphbet is ny finite set Σ. The elements of Σ re clled letters. A word is n infinite sequence of elements of Σ. The set of ll words is denoted by Σ ω. A finite word is finite sequence of elements of Σ, nd the set of ll finite words is denoted by Σ. The ith letter of word w Σ ω is denoted by w[i], i.e. w = w[0]w[1]. Given i, j N, we denote by w ij the finite word w[i]w[i + 1] w[j 1] if i < j, nd the empty word if j i. We denote by w i or sometimes w i the suffix w[i]w[i + 1]. A (finite or infinite) set of words is clled lnguge Liner Temporl Logic Liner Temporl Logic (LTL) extends propositionl logic with temporl opertors Syntx nd semntics Definition 2.1 (LTL Syntx). Let Ap be finite set of tomic propositions. The formule of liner temporl logic (LTL) over Ap re given by the syntx where Ap. ϕ ::= tt ff ϕ ϕ ϕ ϕ ϕ Xϕ Fϕ Gϕ ϕuϕ Formule re interpreted on words over the lphbet 2 Ap. Tht is, letter is subset of Ap. Definition 2.2 (LTL Semntics). The stisfction reltion = between words nd formule is inductively defined s follows: w = tt w = ff w = iff w[0] w = ϕ iff w = ϕ w = ϕ ψ iff w = ϕ nd w = ψ w = ϕ ψ iff w = ϕ or w = ψ w = Xϕ iff w 1 = ϕ w = Fϕ iff k N : w k = ϕ w = Gϕ iff k N : w k = ϕ w = ϕuψ iff k N : w k = ψ nd 0 j < k : w j = ϕ Given two formule φ, ψ, we sy tht φ entils ψ, denoted by φ = ψ, if w = φ implies w = ψ for every w (2 Ap ) ω. We sy tht φ nd ψ re equivlent, denoted by φ ψ, if φ = ψ nd ψ = φ Negtion norml-form. In LTL negtions cn be pushed inwrds ; for instnce, we hve FG G G GF. By pushing negtions inwrds until ll negtions pper only in front of tomic propositions, we obtin the negtion norml form: Definition 2.3 (Negtion norml form). form if it is given by the syntx: where Ap. A formul of LTL is in negtion norml ϕ ::=tt ff ϕ ϕ ϕ ϕ Xϕ Fϕ Gϕ ϕuϕ PROPOSITION 2.4 (NORMAL FORM THEOREM). to formul in negtion norml form. 4 Every formul of LTL is equivlent

5 PROOF. Exhustive ppliction of the following well-known rewrite rules (which replce formul by n equivlent one) brings every formul in negtion norml form: Xϕ X φ, Fϕ G φ, Gϕ F φ, (ϕuψ) ( ψu( ϕ ψ)) Gψ. Observe tht, due to the lst rule, the formul obtined by exhustive rewriting cn be exponentilly longer thn the originl formul. However, if the formul is stored s dg insted of tree, then the dg of the formul in negtion norml form is only linerly lrger thn the dg of the originl formul. In the rest of the pper we ssume tht formule of LTL re in negtion norml form, nd spek of formul insted of formul in negtion norml form Propositionl entilment, equivlence, nd substitution. Loosely speking, given two formule ϕ nd ψ, we sy tht ϕ propositionlly entils ψ if ϕ = ψ cn be proved using only propositionl resoning. So, for instnce, G propositionlly implies G Gb, but G does not propositionlly imply F. Definition 2.5 (Propositionl impliction nd equivlence). A formul of LTL is proper if it is not conjunction or disjunction (i.e., if the root of its syntx tree is not or ). The set of proper formule of LTL over Ap is denoted by PF (Ap). A propositionl ssignment, or just n ssignment, is mpping A: PF (Ap) {0, 1}. Given ϕ PF (Ap), we write A = ϕ iff A(ϕ) = 1, nd extend the reltion = P to rbitrry formule by: A = P ϕ ψ iff A = P ϕ nd A = P ψ A = P ϕ ψ iff A = P ϕ or A = P ψ We sy tht ϕ propositionlly entils ψ, denoted by ϕ = P ψ, if A = P ϕ implies A = P ψ for every ssignment A. Finlly, ϕ nd ψ re propositionlly equivlent, denoted by ϕ P ψ, if ϕ = P ψ nd ψ = P ϕ. We denote by [ϕ] P the equivlence clss of ϕ under the equivlence reltion P. (Observe tht ϕ P ψ implies ϕ ψ holds.) Definition 2.6 (Propositionl substitution). Let ψ, χ be formule, nd let Ψ be set of proper LTL-formule. The formul ψ[ψ/χ] P is inductively defined s follows: If ψ = ψ 1 ψ 2 then ψ[ψ/χ] P = ψ 1 [Ψ/χ] P ψ 2 [Ψ/χ] P. If ψ = ψ 1 ψ 2 then ψ[ψ/χ] P = ψ 1 [Ψ/χ] P ψ 2 [Ψ/χ] P. If ψ is proper formul nd ψ Ψ then ψ[ψ/χ] P = χ, else ψ[ψ/χ] P = ψ The After Function f (ϕ, w). Given formul ϕ nd finite word w, we define formul f (ϕ, w), red ϕ fter w. Intuitively, if word ww (where w is finite word) stisfies ϕ, then f (ϕ, w) is the formul tht holds fter hving red w, tht is, the formul stisfied by w. As shown in Proposition 2.10 below, the converse lso holds: if w stisfies f (ϕ, w), then ww stisfies ϕ. Definition 2.7. follows: Let ϕ be formul nd ν 2 Ap. We define the formul f (ϕ, ν) s f (tt, ν) = tt f (ff, ν) = ff { tt if ν f (, ν) = ff if / ν { ff if ν f (, ν) = tt if / ν f (ϕ ψ, ν) = f (ϕ, ν) f (ψ, ν) f (ϕ ψ, ν) = f (ϕ, ν) f (ψ, ν) f (Xϕ, ν) = ϕ f (Gϕ, ν) = f (ϕ, ν) Gϕ f (Fϕ, ν) = f (ϕ, ν) Fϕ f (ϕuψ, ν) = f (ψ, ν) (f (ϕ, ν) ϕuψ) 5

6 We extend the definition to finite words: f (ϕ, ɛ) = ϕ; nd f (ϕ, νw) = f (f (ϕ, ν), w) for every ν 2 Ap nd every finite word w. Finlly, we sy tht ψ is rechble from ϕ if ψ = f (ϕ, w) for some finite word w. Exmple 2.8. Let Ap = {, b, c} nd ϕ = (b U c). We hve f (ϕ, {}) = tt f (ϕ, {b}) = (b U c), f (ϕ, {c}) = tt, nd f (ϕ, ) = ff. We collect number of simple properties of f, proved in the Appendix. LEMMA 2.9. For every formul ϕ nd every finite word w (2 Ap ) : (1) f (ϕ, w) is boolen combintion of proper subformule of ϕ. (2) If f (ϕ, w) = tt, then f (ϕ, ww ) = tt for every w (2 Ap ), nd nlogously for ff. (3) If ϕ 1 P ϕ 2, then f (ϕ 1, w) P f (ϕ 2, w). (4) If ϕ hs n proper subformule, then the set of formule rechble from ϕ hs t most 2 2n equivlence clsses of formule with respect to propositionl equivlence. Observe tht, by Lemm 2.9(3), the function f cn be lifted to equivlence clsses of formule w.r.t. propositionl equivlence. Abusing lnguge, we lso denote this lifted function by f. We now stte the fundmentl property of the After function, lso proved in the Appendix: word ww stisfies formul ϕ iff fter reding w the rest of the word, i.e., the word w, stisfies f (ϕ, w). PROPOSITION Let ϕ be formul, nd let ww (2 Ap ) ω be n rbitrry word. Then ww = ϕ iff w = f (ϕ, w) Trnsition systems nd ω-utomt A deterministic trnsition system (DTS) over n lphbet Σ is tuple T = (Q, Σ, δ, q 0 ) where Q is set of sttes, Σ is n lphbet, δ : Q Σ Q is trnsition function, nd q 0 Q is the initil stte. If δ(q, ) = q then we cll the triple t = (q,, q ) trnsition, nd sy tht q,, nd q re the source, the letter, nd the trget of t. We denote by T the set of trnsitions of T. A run of T is n infinite sequence ρ = t 0 t 1 of trnsitions such tht the source of t 0 is the initil stte q 0, nd for every i 0 the trget of t i is equl to the source of t i+1. A trnsition t occurs in ρ if t = t i for some i 0. A stte q occurs in ρ if it is the source or trget of some t i. Given word w = 0 1 Σ ω, we denote by ρ(w) the unique run t 0 t 1 t 2 of T such tht for every i 0 the letter of t i is i. The product of two DTSs T 1 = (Q 1, Σ, δ 1, q 01 ) nd T 2 = (Q 2, Σ, δ 2, q 02 ) is the DTS T 1 T 2 = (Q, Σ, δ, q 0 ), where Q = Q 1 Q 2, δ((q 1, q 2 ), ) = (δ 1 (q 1, )δ(q 2, ) for every q 1 Q 1, q 2 Q 2, Σ, nd q 0 = (q 01, q 02 ) Acceptnce conditions nd ω-utomt. A stte-bsed cceptnce condition for T is positive boolen formul over the forml vribles V Q = {Inf (S), Fin(S) S Q}. Acceptnce conditions re interpreted over runs. Given run ρ of T nd n cceptnce condition α, we consider the truth ssignment tht sets the vrible Inf (S) to iff ρ visits (some stte of) S infinitely often, nd sets Fin(S) to iff ρ visits (ll sttes of) S finitely often. The run ρ stisfies α if this truth-ssignment mkes α. The size of condition α is its length s boolen formul. A trnsition-bsed cceptnce condition for T is defined exctly s stte-bsed cceptnce condition, but replcing the set V Q by the set V T = {Inf (U), Fin(U) U T }. In this pper we use stte-bsed or trnsition-bsed cceptnce conditions, depending on wht is more convenient. It is well-known tht stte-bsed conditions cn be trnsformed into n equivlent trnsition-bsed one (i.e., condition stisfied by the sme runs). It suffices to replce ech occurrence of Inf (S) by Inf ( S), where S 6

7 denotes the set of trnsitions with trget in S, nd similrly for Fin(S). Conversely, trnsition-bsed condition cn lso be trnsformed into n equivlent stte-bsed one by replicting the sttes. Given DTS T = (Q, Σ, δ, q 0 ) with set T of trnsitions we construct the new DTS T with sttes {q 0 } T, trnsition (q 0,, t) for every trnsition t = (q 0,, q) of T, nd trnsition (t,, t ) for every pir t = (q 1,, q 2 ) nd t = (q 2, b, q 3 ) of trnsitions of T. Then, the condition over the trnsitions of T becomes n equivlent condition over the sttes of T. A deterministic ω-utomton over Σ is tuple A = (Q, Σ, δ, q 0, α), where (Q, Σ, δ, q 0 ) is deterministic trnsition system nd α is n cceptnce condition. A ccepts word w Σ if the run ρ(w) stisfies α. The lnguge of A, denoted by L(A), is the set of words ccepted by A. An cceptnce condition α is Büchi condition if α = Inf (S) for some S Q. co-büchi condition if α = Fin(S) for some S Q. Rbin condition if α = n j=1 (Fin(F j) Inf (I j )) for sets F 1, I 1,..., F n, I n Q. The pir P j = (F j, I j ) is clled Rbin pir. generlized Rbin condition if α = n j=1 (Fin(F j) m j k=1 Inf (I jk)) for sets F 1,..., F n, I 11,..., I nmn Q. Observe tht Büchi nd co-büchi conditions re specil cses of Rbin conditions. Further, every generlized Rbin condition cn be trnsformed into n equivlent Rbin condition, which however my be exponentilly longer. The generlized Rbin condition rises nturlly when considering intersection of Rbin utomt. Observe tht we do not need to consider l j k=1 Fin(F jk), but only Fin(F j ), becuse n j k=1 Fin(F jk) is equivlent to Fin( l j k=1 F jk). A deterministic Büchi, co-büchi, Rbin or generlized Rbin utomton is deterministic ω-utomton with n cceptnce condition of the corresponding kind. In the rest of the pper we shorten deterministic Rbin utomton to DRA, nd the generlized version to DGRA. The following results re well known. PROPOSITION Given DRAs R 1 nd R 2 recognizing lnguges L 1 nd L 2, respectively, we cn construct DRAs, denoted R 1 R 2 nd R 1 R 2, recognizing L 1 L 2 nd L 1 L 2, respectively. Moreover, the trnsition system of both R 1 R 2 nd R 1 R 2 is the product of the trnsition systems of R 1 nd R 2. PROPOSITION Let X be finite set of indices, nd let R i = (Q, Σ, δ, q 0, α i ) be fmily of DRAs, one for every index i belonging to some finite set I of indices, ll of them with the sme underlying trnsition system. Then R = (Q, Σ, δ, q 0, i I α i) is DRA recognizing i X L(R i), nd R = (Q, Σ, δ, q 0, i X α i) is generlized DRA recognizing i X L(R i). 3. AUTOMATA FOR G-FREE FORMULAE We present trnsltion of G-free formule (i.e., formule without ny occurrence of the G-opertor) into deterministic ω-utomton with very simple cceptnce condition, which cn be expressed both s Büchi nd co-büchi condition. The trnsltion is by no mens novel, but it serves s wrm-up for the next sections, which consider more generl clsses of formule. Moreover, the section llows us to introduce the generl scheme we use to design trnsltions: first, we give logicl chrcteriztion theorem chrcterizing the words tht stisfy formul of the given clss, nd then we construct n utomton which ccepts iff the condition of the chrcteriztion holds. 7

8 THEOREM 3.1 (LOGICAL CHARACTERIZATION THEOREM I). Let ϕ be G-free formul nd let w be word. Then w = ϕ iff there exists i > 0 such tht f (ϕ, w 0j ) P tt for every j i. PROOF. By Lemm 2.9(2) it suffices to show tht w = ϕ iff there exists i > 0 such tht f (ϕ, w 0i ) P tt. (In the rest of this proof we use Lemm 2.9(2) without explicitly mentioning it.) ( ): Assume there exists i > 0 such tht f (ϕ, w 0i ) P tt. Then w i = f (ϕ, w 0i ). By Proposition 2.10, we get w = w 0i w i = ϕ. ( ): Assume w = ϕ. We proceed by structurl induction on ϕ. We only consider two representtive cses. ϕ =. Since w = ϕ we hve w = νw for some word w nd for some ν Ap such tht ν. By the definition of f we hve f (, ν) P tt, nd, since ν = w 01, we get f (ϕ, w 01 ) P tt. ϕ = ϕ 1 Uϕ 2. By the semntics of LTL there is k N such tht w k = ϕ 2 nd w l = ϕ 1 for every 0 l < k. By induction hypothesis there exists for every 0 l < k n i l such tht f (ϕ 1, w li ) P tt nd there exists n i k such tht f (ϕ 2, w ki ) P tt. Let j be the mximum of ll those i s. We prove f (ϕ 1 Uϕ 2, w 0j ) P tt vi induction on k. k = 0. k > 0. f (ϕ 1 Uϕ 2, w 0j ) = f (ϕ 2, w 0j ) (f (ϕ 1, w 0j ) f (ϕ 1 Uϕ 2, w 1j )) (def. of f ) P tt f (ϕ 1, w 0j ) f (ϕ 1 Uϕ 2, w 1j )) (f (ϕ 2, w kj ) P tt) P tt f (ϕ 1 Uϕ 2, w 0j ) = f (ϕ 2, w 0j ) (f (ϕ 1, w 0j ) f (ϕ 1 Uϕ 2, w 1j )) (def. of f ) P f (ϕ 2, w 0j ) (tt f (ϕ 1 Uϕ 2, w 1j )) (f (ϕ 1, w 0j ) P tt) P f (ϕ 2, w 0j ) (tt tt) (ind. hyp.) P tt We derive from Theorem 3.1 deterministic ω-utomton for given G-free formul ϕ. The sttes of the utomton re equivlence clsses of formule under propositionl equivlence. The fundmentl design ide is: fter reding finite word w, the current stte of the utomton must be f (ϕ, w 0j ). So we tke the equivlence clss of f (ϕ, ɛ) = ϕ s initil stte, nd the function f itself s trnsition function. By Theorem 3.1, word stisfies ϕ iff its run in this utomton visits the stte [tt] P. Since we hve f (tt, ν) = tt for every ν 2 Ap, the run visits [tt] P iff it visits [tt] P infinitely often, or if it visits ll other sttes only finitely often. So we cn tke F = {[tt] P } s Büchi condition. Definition 3.2. Let ϕ be G-free formul. Let Rech(ϕ) denote the set of equivlence clsses of the formule rechble from ϕ w.r.t. propositionl equivlence. The trnsition system of ϕ is the deterministic trnsition system T (ϕ) = (Q, 2 Ap, q 0, δ) where - Q is the quotient of Rech(ϕ) under propositionl equivlence. (In other words, [ψ] P is stte of T (ϕ) iff f (ϕ, w) = ψ for some finite word w.) - q 0 = [ϕ] P, the equivlence clss of ϕ. - δ([ψ] P, ν) = [f (ψ, ν)] P for every [ψ] P Q nd every ν 2 Ap. ν (I.e., there is trnsition [ϕ] P [ψ] P iff f (ϕ, ν) = ψ.) 8

9 q 1 : (b U c) āb c + āc q 2 : b U c b c ā b c c b c q 3 : tt q 4 : ff Fig. 1: Büchi (or co-büchi) utomton for (b U c). The Büchi utomton for ϕ is the tuple B(ϕ) = (Q, 2 Ap, q 0, δ, F ), where F = {[tt] P }. Observe tht it cn be lso seen s co-büchi utomton with F = Q \ {[tt] P }. Exmple 3.3. Figure 1 shows the utomton for the formul ϕ = (b U c). We ssume Ap = {, b, c}. The lphbet 2 Ap contins 8 elements, nd so every stte hs 8 outgoing trnsitions. To void cluttering the figure, we use boolen-function-like c nottion for trnsitions. For exmple, q 2 q 3 denotes tht there is trnsition from q 2 to q 3 for every subset of 2 Ap c contining c. So, ctully, q 2 q 3 stnds for four different +āc trnsitions. Similrly, q 1 q 3 mens tht there is trnsition from q 1 to q 3 for ech subset of 2 Ap tht either contins, or does not contin nd contins c. THEOREM 3.4. Let ϕ be G-free formul. Then L(B(ϕ)) = L(ϕ) PROOF. Immedite consequence of Theorem 3.1 nd the definition of B(ϕ). 4. DRAS FOR SIMPLE FG-FORMULAE We introduce the min building block of our pper: procedure to construct DRA for formule FGϕ where ϕ is G-free, i.e., contins no occurrence of G. (Notice tht even the formul FG hs no equivlent deterministic Büchi utomton.) As in the previous section, we first chrcterize the words w stisfying formul FGϕ where ϕ is G-free, nd then show how to construct DRA tht ccepts iff the condition of the chrcteriztion holds. However, in this section we divide this step into two prts. We first introduce n uxiliry utomt model, clled Mojmir utomt 2, nd show how to construct Mojmir utomton recognizing L(FGϕ). (Mojmir utomt re designed to mke this construction intuitive nd esy to grsp.) Then we show how to trnsform Mojmir utomt into equivlent DRAs Logicl chrcteriztion The logicl chrcteriztion of the words stisfying FGϕ is n esy consequence of Theorem 3.1. THEOREM 4.1 (LOGICAL CHARACTERIZATION THEOREM II). Let FGϕ be formul such tht ϕ is G-free. Then w = FGϕ iff for lmost every i N there exists j i such tht f (ϕ, w ij ) P tt. PROOF. By the semntics of LTL, w = FGϕ iff w i = ϕ for lmost every i N. By Theorem 3.1, w = FGϕ iff for lmost every i N there exists j i such tht f (ϕ, w ij ) P tt. 2 Nmed in honour of Mojmír Křetínský, fther of one of the uthors 9

10 q 1 q 1 q 1 + āc āb c ā b c + āc āb c ā b c + āc āb c ā b c + āc āb c ā b c q 2 c b c b c b c c b c b c c b c q 2 c b c b c q 4 q 3 q 4 q 3 q 4 q 3 q āc 0 āb c 1, 2 c b c b c ā b c Fig. 2: The top row shows the first four elements of the rry of co-büchi utomt for FG( (b U c)) fter reding bc āb c āb c. At the bottom, the corresponding configurtion of the Mojmir utomton Mojmir utomt By the definition of LTL, we hve w = FGϕ iff w i = ϕ for ll but finitely mny i 0. Let A ϕ be the deterministic co-büchi utomton recognizing L(ϕ). From mthemticl point of view, we cn recognize L(FGϕ) with the help of n infinite rry of copies of A ϕ. The ith utomton reds w i, i.e., it skips the first (i 1) letters of the input word, nd then strts reding. Therefore, the i-th utomton ccepts iff w i = ϕ. The rry ccepts iff lmost every rry element ccepts. Figure 2 shows the first four elements of the rry for the formul FG( (b U c)). The figure shows the stte of the elements fter reding (bc) (āb c) (āb c). For exmple, the utomton on the left hs red ll three letters, nd reched stte q 3, grphiclly displyed by putting token on the stte, while the next one hs only red the lst two letters, nd reched stte q 2. The lst utomton hs not yet red ny letter, nd so it is currently in stte q 1. We now observe tht the complete rry cn be replced by one single utomton tht hndles ll the tokens simultneously. We cll such n utomton Mojmir utomton. The bottom prt of Figure 2 shows the configurtion of the Mojmir utomton corresponding to the rry t the top. After reding (bc) (āb c) (āb c), the utomton hs creted four tokens, lbelled with their birthdtes. Intuitively, when the utomton reds letter it moves ll tokens ccording to the trnsition function, nd then puts fresh token in the initil stte, lbelled with the position of the letter. Initilly there is 10

11 q 1 + āc āb c ā b c q 2 b c c b c q 3 q 4 time token q 1 q 3 q 3 q 3 1 q 1 q 2 q 2 2 q 1 q 2 3 q 1 4 Fig. 3: Mojmir utomton for FG( (b U c)), nd mtrix representtion of run w (token, time) for w = bc āb c āb c. unique token t the initil stte, lbelled by 0. The utomton ccepts if lmost every token eventully reches n ccepting stte. Definition 4.2. A Mojmir utomton is tuple M = (Q, Σ, q 0, δ, F ), where (Q, Σ, q 0, δ) is DTS nd F Q is set of ccepting sttes stisfying δ(f, ν) F for every ν Σ, i.e., sttes rechble from ccepting sttes re lso ccepting. The run of M over word w = w[0]w[1] Σ ω is the infinite sequence where (q 0 0) (q 1 0, q 1 1) (q 2 0, q 2 1, q 2 2) (q 3 0, q 3 1, q 3 2, q 3 3) { qtoken time q0 if token = time, = δ ( q time 1 token, w[time 1]) if token < time The position of token t time in the run is given by the function run w : N N Q { }, defined s follows: { q time token if token time run w (token, time) = if token > time For every time t N, we denote by conf w (t) the function defined by token run w (token, t)) We cll conf w (t) the configurtion of the run of M on w t time t. The run of M on w is ccepting if for lmost every token N there exists time N such tht run w (token, time) F. Given G-free formul ϕ, the Mojmir utomton equivlent to FGϕ hs exctly the sme syntctic structure s the Büchi utomton for ϕ: only the notions of run nd cceptnce re different. Definition 4.3. Let ϕ be G-free formul. The Mojmir utomton for FGϕ is M(ϕ) = (Rech(ϕ), 2 Ap, [ϕ] P, f, {[tt] P }). Since M(ϕ) ccepts iff lmost every token eventully reches n ccepting stte, M(ϕ) ccepts word w iff w = FGϕ, nd so we hve: THEOREM 4.4. Let ϕ be G-free formul. Then L(M(ϕ)) = L(FGϕ). 11

12 Exmple 4.5. Figure 3 shows the Mojmir utomton for FG( (b U c)) nd the mtrix representtion of run w (token, time) for w = bc āb c āb c. The configurtions of the run re given by the columns of the mtrix. For instnce, conf w (2) is the mpping 0 q 3, 1 q 2, 2 q 1, i 3 : i given by the third column, indicting tht fter two steps the tokens 0, 1, 2 re in sttes q 3, q 2, q 1, respectively, nd other tokens do not exist yet. In the rest of the section we show how to construct deterministic Rbin utomton equivlent to given Mojmir utomton. In Section 4.3 we define n bstrction tht ssigns to ech configurtion conf w (t) of run n bstrct object sr w (t), clled stternking. Since the run of M on word w is completely chrcterized by the sequence of configurtions conf w (0) conf w (1) conf w (2), the bstrction lso bstrcts run into the infinite sequence of stte-rnkings sr w (0) sr w (1) sr w (2). Sections 4.4 nd 4.5 show tht the bstrction hs the following properties: (1) There is n esily computble function tht given sr w (t) nd w[t + 1] returns sr w (t + 1). (Lemm 4.11) (2) A run is ccepting iff its corresponding bstrct run stisfies certin Rbin condition. (Definition 4.19) Finlly, Section 4.6 derives the deterministic Rbin utomton. As the reder cn expect, the utomton will hve the stte-rnkings s sttes, the function of (1) s trnsition function, nd the condition of (2) s cceptnce condition Stte-rnkings Intuitively, stte-rnking of Mojmir utomton M is rnking of the sttes of M. Our stte-rnkings re llowed to be prtil, tht is, to leve some sttes unrnked. Definition 4.6. Let M be Mojmir utomton with n sttes. A stte-rnking of M is prtil injective function sr : Q {1,..., n}, such tht if the imge of sr contins i, then it lso contins j for every j < i. When sr(q) is undefined, we write sr(q) =. The set of stte-rnkings of M is denoted by SR. The stte-rnking sr w (t) ssocited to conf w (t) is the result of performing sequence of bstrction steps, which we illustrte on n exmple. Consider Mojmir utomton M with sttes {q 0, q 1, q 2, q 3, q 4, q 5, q 6 }. Assume tht, fter the first 8 steps of its run on some word, M hs reched the following configurtion, where for ech stte we give the set of tokens currently t tht stte: q 0 q 1 q 2 q 3 q 4 q 5 q 6 ( {3, 8} {1, 2} {5, 7} {4} {6} {0} ) Assume further tht sttes q 5, q 6 re sinks, mening tht δ(q 5, ν) = q 5 nd δ(q 6, ν) = q 6 for every lphbet letter ν 3. We strt the bstrction process by discrding the informtion bout tokens in sinks. We use the symbol to denote this, nd obtin: (1) q 0 q 1 q 2 q 3 q 4 q 5 q 6 ( {3, 8} {1, 2} {5, 7} {4} ) We continue by keeping only the oldest token of ech stte (tht is, the one with the smllest number). If the stte is not populted by ny token, gin we just write. We 3 For technicl resons, we lso decree tht the initil stte cnnot be sink. 12

13 obtin: q 0 q 1 q 2 q 3 q 4 q 5 q 6 ( ) We cll tokens 3, 1, 5 nd 4 the senior tokens of the configurtion, or just the seniors. Since run hs infinitely mny tokens, the number of possible bstrct configurtions of the utomton is still infinite. So we discrd even more informtion. We throw wy the identities of the senior tokens, nd keep only their reltive seniority rnk: the oldest senior token hs rnk 1, the second oldest rnk 2, etc. We obtin the stte-rnking q 0 q 1 q 2 q 3 q 4 q 5 q 6 ( ) It is useful to think of the set of tokens t stte s the prtners of prtnership firm. The senior prtner is the oldest token. The nme of the firm is the rnk of the senior prtner. For instnce, the firm 2 t stte q 0 hs tokens 3 nd 8 s prtners. Let us formlly define the rnk rk w (τ, t) of token τ t time t, nd the stte-rnking sr w (t) t time t. Definition 4.7. Let M = (Q, Σ, q 0, δ, F ) be Mojmir utomton with n sttes. A stte q Q is sink if q q 0 nd δ(q, ν) = q for every ν Σ. Let w Σ ω be word, nd consider the run of M on w. Given two tokens τ, τ N, we sy tht τ is older thn τ if τ < τ. The senior of token τ t time t > τ is the oldest token τ such tht run w (τ, t) = run w (τ, t). If token is its own senior, then we cll τ senior (t time t). The rnk of token τ t time t > τ, denoted by rk w (τ, t), is defined s follows: If run w (τ, t) is sink, then rk w (τ, t) = (we sy tht τ is unrnked t time t). If run w (τ, t) is not sink, then let s be the senior of token τ t time t. The rnk rk w (τ, t) is the number of senior tokens τ such tht run w (τ, t) is not sink nd τ s. (Observe tht run w (τ, t) = run w (τ, t) implies tht τ nd τ hve the sme seniors, nd so tht rk w (τ, t) = rk w (τ, t); so ll tokens t the sme stte get the sme rnk.) Finlly, the stte-rnking t time t, denoted by sr w (t), is the mpping Q N tht ssigns to ech stte q Q its stte-rnking sr w (t, q) {1,..., n}, defined s follows: - If q is sink, then sr w (t, q) =. - If q is not sink nd no token τ stisfies run w (τ, t) = q, then sr w (t, q) =. - If q is not sink nd some token τ stisfies run w (τ, t) = q, then sr w (t, q) = rk w (τ, t). Exmple 4.8. Consider for exmple token 7 in the configurtion (1). The senior of 7 is 5. The seniors re 3, 1, 5, 4. Since ll seniors re t lest s old s 5, the rnk of token 7 is 4. Since the configurtion is the result of reding the first 8 letters of word w, we hve rk w (7, 8) = 4. While the birthdte of token does not chnge long run, its rnk cn chnge, nd for two different resons. Assume the current rnk of token τ is 4. If the firm of rnk, sy, 3, moves to sink, then it disppers, nd the rnk of τ is upgrded to 3. If the token s firm merges with the firm of rnk, sy, 2, the rnk of τ is upgrded to 2. In both cses, we observe tht, s long s the token does not rech sink, its rnk cn only improve (get older) long run. LEMMA 4.9. Let M = (Q, Σ, q 0, δ, F ) be Mojmir utomton nd let w Σ ω be word. For every token τ N: 13

14 - if rk w (τ, t) = for some t N, then rk w (τ, t ) = for every t t. - if t t nd rk w (τ, t), rk w (τ, t ) N, then rk w (τ, t) rk w (τ, t ). PROOF. Follows esily from the definitions Computing the successor of stte-rnking Recll tht the run of Mojmir utomton on word w is completely determined by the sequence of configurtions conf w (0) conf w (1) conf w (2). To this sequence corresponds sequence sr w (0) sr w (1), sr w (2) of stte-rnkings. We show tht sr w (t + 1) cn be directly computed from sr w (t) nd the letter w[t+1]. More precisely, we define function nxt : SR Σ SR nd show tht it stisfies nxt(sr w (t), w[t + 1]) = sr w (t + 1) for every time t. Let sr w (t) be the stte-rnking q 0 q 1 q 2 q 3 q 4 q 5 q 6 ( ) Assume w[t + 1] = ν for some ν Σ, nd ssume further tht δ(q 0, ν) = q 5 δ(q 1, ν) = q 2 = δ(q 3, ν) δ(q 4, ν) = q 3 We obtin sr w (t + 1) in four steps: (i) Move ll senior tokens ccording to δ. The token of rnk 2 t q 0 moves to the sink q 5 (recll tht q 5 nd q 6 re sinks) nd disppers. The tokens of rnks 1 nd 4 move to stte q 2. The token of rnk 3 t q 4 moves to q 3. We obtin: q 0 q 1 q 2 q 3 q 4 q 5 q 6 ( {1, 4} 3 ) (ii) If stte holds more thn one token, keep only the most senior token. Only the token of rnk 1 survives in q 2. Intuitively, the firms with rnk 1 nd 4 merge, nd 1 becomes the senior prtner. q 0 q 1 q 2 q 3 q 4 q 5 q 6 ( 1 3 ) (iii) Recompute the seniority rnks of the remining tokens. The token of rnk 3 is upgrded to rnk 2. q 0 q 1 q 2 q 3 q 4 q 5 q 6 ( 1 2 ) (iv) If there is no token on the initil stte, dd one with the next lowest seniority rnk. We dd token to q 0 of rnk 3. The corresponding forml definition is: q 0 q 1 q 2 q 3 q 4 q 5 q 6 ( ) Definition Let M = (Q, Σ, q 0, δ, F ) be Mojmir utomton with n sttes nd set S of sinks. Let sr be stte-rnking of M, nd let ν Σ. For every q Q, the set of rnks of sr tht move to q under ν, denoted by mvto(q), is given by: { {sr(q ) sr(q ) δ(q, ν) = q} if q q mvto(q) = 0 {sr(q ) sr(q ) δ(q, ν) = q} {n} if q = q 0 14

15 q 1 : (b U c) āb c (1, ) t 1 : + c t 2 : ā b c + c q 3 : tt c q 2 : b U c b c b c ā b c q 4 : ff t 3 : āb c (2, 1) t 6 : c t 7 : b c t 8 : ā b c t 4 : b c t 5 : āb c Fig. 4: A Mojmir utomton for (b U c) nd its corresponding DRA. The stte-rnking nxt(sr, ν) is defined with min( ) = by: { {q Q \ S min(mvto(q )) min(mvto(q))} if q / S nd mvto(q) nxt(sr, ν, q) = otherwise We get the following lemm. LEMMA Let M be Mojmir utomton nd let w be word. Then sr w (t + 1) = nxt(sr w (t), w[t + 1]) for every t 0. PROOF. (Sketch.) The key observtion for the proof is tht nxt(sr w (t), w[t + 1]) computes for stte q the set of senior sttes q t time t + 1 nd then tkes the crdinlity of this set s vlue. This coincides with the definition of sr w (t + 1). We lredy hve ll we need to define the sttes nd trnsition function of the DRA equivlent to given Mojmir utomton (lthough not the cceptnce condition). The sttes of the Rbin utomton re the stte-rnkings, nd the trnsition function is given by nxt. Exmple Figure 4 shows our running exmple on the left, nd the sttes nd trnsitions of its corresponding Rbin utomton on the right. Since sttes q 3 nd q 4 re sinks, stte rnkings only rnk sttes q 1 nd q 2. The initil stte-rnking is (1, ). The only other stte-rnking rechble from it turns out to be (2, 1) Deciding cceptnce of n bstrct run We define Rbin cceptnce condition tht turns the trnsition system bove into DRA equivlent to the Mojmir utomton. We strt by clssifying the tokens of run of the Mojmir utomton. Definition Let M = (Q, Σ, δ, q 0, F ) be Mojmir utomton nd let w be word. A token τ N of the run of M on w squts if it never reches sink (tht is, if run w (τ, t) Q \ S for every t N); fils if it eventully reches non-ccepting sink (tht is, if there exists t N such tht run w (τ, t) S \ F ); succeeds if it eventully reches n ccepting stte, sink or non-sink (tht is, if there exists t N such tht run w (τ, t) F ). 15

16 Further, we sy tht token succeeds t rnk i if it hs rnk i immeditely before entering the set of ccepting sttes, i.e., if there is t N such tht run w (τ, t) / F \ {q 0 }, run w (τ, t + 1) F, nd rk w (τ, t) = i. 4 Observe tht the three clsses re not disjoint. More precisely, token either fils, succeeds, or squts in non-ccepting sttes. By definition, Mojmir utomton ccepts word w if ll but finitely mny of the tokens generted during the run on w succeed (recll tht tokens tht rech n ccepting stte sty within the set of ccepting sttes). So, given the bstrct run of M on w, our tsk is to find Rbin condition equivlent to only finitely mny tokens fil nd only finitely mny tokens squt in non-ccepting sttes. The condition equivlent to only finitely mny tokens fil is simple: since token fils when it moves into non-ccepting sink, we stipulte tht trnsitions moving tokens into non-ccepting sinks cn only occur finitely often. Finding condition equivlent to only finitely mny tokens squt in non-ccepting sttes is bit more involved. Observe tht, since squtter τ never reches sink, it hs rnk t every moment in time. So, if infinitely mny tokens squt in non-ccepting sttes, then, since they re ll confined within Q \ (S F ), infinitely mny firm merges must tke plce in this set of sttes. This suggests the following definition: Definition Let M = (Q, Σ, δ, q 0, F ) be Mojmir utomton nd let w be word. Let τ, τ N be two tokens such tht τ < τ. We sy tht τ nd τ merge during the run of M on w if there is t N nd stte q / F such tht run w (τ, t) = q = run w (τ, t), nd one of the two following conditions hold: τ < t nd run w (τ, t 1) run w (τ, t 1). (Both tokens lredy existed t time t 1, nd were t different sttes) τ = t. (Token τ is creted t time t.) Further, we sy tht the tokens merge t rnk i if rk w (τ, t) = i. Notice the condition q / F in the definition: we reserve the term merge for the merges occurring in non-ccepting sttes. If two tokens merge t some time t, then from tht moment on they follow the sme trjectory, nd so we hve: LEMMA Let M = (Q, Σ, δ, q 0, F ) be Mojmir utomton nd let w be word. Let τ, τ N be two tokens tht merge long the run of M on w. Then either both τ nd τ fil, or both succeed t the sme rnk, or both squt. PROOF. By the definition of merge there is time t 0 such tht run w (τ, t 0 ) = q / F nd run w (τ, t) = run w (τ, t) for ll t t 0. We proceed by cse distinction nd only consider two cses. τ fils. This mens tht the token τ moves t some point to non-ccepting sink nd stys there forever. Let us cll this time t. Without loss of generlity we ssume tht the merge hppens outside the sinks S nd we hve t > t 0. Hence we hve run w (τ, t ) = run w (τ, t ) = q s nd thus τ lso fils. τ succeeds t rnk i. Thus the token τ moved t some time t > t 0 from the nonccepting sttes to the ccepting sttes with rnk i. Since τ nd τ lredy merged nd tokens tht re in the sme stte hve the sme rnk, lso τ succeeds with rnk i. 4 observe tht in the specil cse q 0 F (ll sttes re ccepting), the first move of ech token is considered succeeding. 16

17 We cn now formulte nd prove the min theorem of the section, presenting conditions equivlent to only finitely mny tokens fil (condition (1)), nd only finitely mny tokens squt in non-ccepting sttes (condition (2)): THEOREM Let M = (Q, Σ, δ, q 0, F ) be Mojmir utomton nd let w be word. M ccepts w if nd only if the run of M on w stisfies the following two conditions: (1) Finitely mny tokens fil. (2) There is rnk i such tht (2.1) infinitely mny tokens succeed t rnk i, nd (2.2) finitely mny pirs of tokens merge t rnk older thn i, i.e. with rnk j < i. PROOF. ( ): Assume M ccepts w. Then lmost every token of the run of M on w succeeds. Therefore, since no token cn succeed nd fil, (1) holds. Let i be the smllest rnk stisfying (2.1) (since lmost ll tokens succeed nd the number of rnks re finite, such n i exists). We prove tht i stisfies (2.2). Let M i be the set of pirs (τ, τ ) of tokens such tht τ < τ nd τ nd τ merge t rnk older thn i. We prove tht M i is finite. By Lemm 4.15 either both τ nd τ succeed, or none succeeds. Let S i be the set of pirs (τ, τ ) M i such tht both τ nd τ succeed. Since M ccepts w, lmost every token succeeds, nd so M i \ S i is finite. It remins to prove tht S i is finite. By the definition of i, it suffices to prove tht for every (τ, τ ) S i both τ nd τ succeed t rnk older thn i. Let t 0 be the time t which τ nd τ merge. By the definition of merge, t time t 0 neither τ nor τ hve reched the set of ccepting sttes. Since τ nd τ merge t rnk older thn i nd two merged tokens lwys hve the sme rnk, we hve rk w (τ, t 0 ) < i. Let t 1 > t 0 be the time t which both tokens enter the set of ccepting sttes. By Lemm 4.9(2), we hve rk w (τ, t 1 ) < i nd rk w (τ, t 1 ) < i, nd so both τ nd τ succeed t rnk older thn i. ( ): If q 0 F then by the definition of Mojmir utomt M ccepts every word, nd we re done. So ssume q 0 / F. By the definition of squtting, token τ squts iff rk w (τ, t) N for every t τ. By Lemm 4.9, the rnk of τ cn only get older, nd so there is time t such tht rk w (τ, t) = rk w (τ, t ) for every t t. We cll this rnk the stble rnk of τ, denoted by strk w (τ). The following lemm, proved in the Appendix, shows tht ll stble rnks re old. LEMMA strk w (τ) < i. Let i be the rnk of condition (2). If the rnk of τ stbilizes, then We now use the lemm to prove the result by contrdiction. Assume M does not ccept w. Then, infinitely mny tokens do not succeed in the run of M on w. Since by (1) only finitely mny tokens fil, infinitely mny tokens squt in non-ccepting sttes. By Lemm 4.17, their stble rnks re ll older thn i. So there is rnk j < i such tht infinitely mny tokens hve stble rnk j. Let τ be one of these tokens, nd let t be the time t which its rnk stbilizes. All tokens born fter t whose rnk stbilize t j eventully merge with τ. Therefore, infinitely mny pirs (τ, τ ) merge t rnk i. But this contrdicts our ssumption tht (2.2) holds. We conclude the section with definition tht will be importnt in Section 6. Definition Let M be Mojmir utomton nd let w be word. We sy tht M ccepts w t rnk i if M ccepts w nd the rnk of condition (2) in Theorem 4.16 is i. 17

18 Note tht word cn be ccepted t severl rnks. In Section 6.2 we will show tht the rnks t which the utomton M(ϕ) of formul ϕ ccepts word crry useful informtion From Mojmir utomt to deterministic Rbin utomt From Theorem 4.16 we cn esily derive deterministic Rbin utomton equivlent to given Mojmir utomton. More precisely, we show how to construct n utomton with Rbin condition on trnsitions. Applying the construction of Section 2.3.1, this utomton cn be trnsformed into one with Rbin condition on sttes. Definition Let M = (Q, Σ, i, δ, F ) be Mojmir utomton with set S of sinks. The deterministic Rbin utomton R(M) = (Q R, Σ, q 0R, δ R, α R ) is defined s follows: Q R is the set SR of stte-rnkings of M; q 0R is the stte-rnking stisfying q 0R (q 0 ) = 1 nd q 0R (q) = for every q q 0 ; δ R (sr, ν) = nxt(sr, ν) for every stte-rnking sr nd letter ν; α R = Q i=1 P i, where the ith Rbin pir is P i = (fil merge(i), succeed(i)), nd the sets fil, merge(i), nd succeed(i) re defined s follows. A trnsition (sr, ν, sr ) δ R belongs to fil if there exists q Q such tht sr(q) N nd δ(q, ν) S \ F. succeed(i) if there exists q / F such tht sr(q) = i nd δ(q, ν) F, or q 0 F nd sr(q 0 ) = i. 5 merge(i) if there exists stte q Q \ F nd distinct sttes q 1, q 2 Q such tht δ(q 1, ν) = q = δ(q 2, ν), sr(q 1 ) < i, nd sr(q 2 ) ; or q 0 / F, nd there exists stte q such tht δ(q, ν) = q 0 nd sr(q) < i. 6 R(M) ccepts word w t rnk j if P j is n ccepting pir on the run of R(M) on w. Exmple Let us determine the ccepting pirs of the DRA on the right of Figure 4. We exmine severl representtive cses. t 1 moves tokens from q 1 to the ccepting sink q 3. Since sr(q 1 ) = 1, trnsition t 1 belongs to succeed(1). Since we cn sfely ignore sinks (q 3, q 4 ) nd sttes tht re empty (q 2 ) for testing membership, we re done with t 1. t 2 tkes tokens from the initil stte nd moves them to the non-ccepting sink q 4. This mtches the definition of fil, with sr(q 1 ) N nd δ(q 1, ā b c) = q 4 S \ F. Hence t 2 fil. t 3 moves tokens from q 1 to q 2. Since q 2 is neither sink nor n ccepting stte, t 3 is not contined in fil or in ny succeed set. Moreover, since sr(q 2 ) =, it does not belong to ny merge set either. t 8 moves tokens from q 1 nd q 2 to the non-ccepting sink q 3. Hence t 8 fil. Moreover, the trnsition mkes the firms from q 1 nd q 2 to merge in q 3 with rnk sr(q 1 ) = 1, nd so t 8 is lso contined in merge(2). Altogether we obtin fil = {t 2, t 7, t 8 } merge(1) = merge(2) = {t 5, t 8 } succeed(1) = {t 1, t 6 } succeed(2) = {t 4, t 6, t 7 } 5 If q 0 is ccepting then, by the definition of Mojmir utomton, ll sttes rechble from q 0 re ccepting. This condition covers the corner cse in which no trnsition into n ccepting stte is possible, becuse ll sttes re ccepting stte. 6 In this cse there is merge between the firm t q nd the token newly creted on stte q 0. 18

19 It is esy to see tht the runs ccepted by the pir P 1 re those tht tke t 2, t 7, t 8 only finitely often, nd visit (1, ) infinitely often. They re ccepted t rnk 1. The runs ccepted t rnk 2 re those ccepted by P 2 but not by P 1. They tke t 1, t 2, t 5, t 6, t 7, t 8 finitely often, nd so they re exctly the runs with t ω 4 suffix. LEMMA Let M = (Q, Σ, i, δ, F ) be Mojmir utomton, nd let R(M) be its corresponding Rbin utomton. For every word w, the sequence conf w (0)conf w (1) is the run of M on w iff sr w (0)sr w (1) is the run of R(M) on w. The Rbin condition of this utomton checks conditions (1) nd (2) of Theorem Consider trnsition conf w (t) conf w (t + 1) between two configurtions of M in which some token moves into non-ccepting sink. Then the trnsition sr w (t) sr w (t+1) clerly belongs to the set fil, nd vice vers. Similrly, trnsitions of succeed(i) correspond to trnsitions of M tht mke some token succeed t rnk i, nd trnsitions of merge(i) correspond to trnsitions of M tht merge two tokens t rnk i. So we obtin: THEOREM Let M be Mojmir utomton, nd let R(M) be its corresponding Rbin utomton. Then L(M) = L(R(M)). Moreover, for every w L(M) both M nd R(M) ccept w t the sme rnks. 5. DRAS FOR ARBITRARY FG-FORMULAE We show how to trnslte formule of the form FGϕ into DRAs. Thnks to the results of Section 4, it suffices to trnslte them into Mojmir utomt. We show tht the Mojmir utomton for formul cn be defined compositionlly, s n intersection of Mojmir utomt. The next proposition shows tht Mojmir utomt re closed under union nd intersection (the proof cn be found in the Appendix). PROPOSITION 5.1. Let M 1 = (Q 1, Σ, q 01, δ 1, F 1 ) nd M 2 = (Q 2, Σ, q 02, δ 2, F 2 ). Let Q = Q 1 Q 2, let q 0 = (q 01, q 02 ), nd let δ : Q Σ Q be the function given by δ(q 1, q 2, ν) = (δ 1 (q 1, ν), δ 2 (q 2, ν)) Then the tuples M 1 M 2 = ( ) Q, Σ, q 0, δ, F 1 F 2 M 1 M 2 = ( Q, Σ, q 0, δ, (F 1 Q 2 ) (Q 1 F 2 ) ) re lso Mojmir utomt, nd moreover L(M 1 M 2 ) = L(M 1 ) L(M 2 ) nd L(M 1 M 2 ) = L(M 1 ) L(M 2 ) A compositionl construction: Intuition We present the intuition behind the construction by mens of n exmple. Consider the formul ϕ = FG(F (G( Fb) c))) We use the bbrevitions ψ 2 = Fb nd ψ 1 = F (Gψ 2 c), nd so we lso refer to the formul s FGψ 1. We cnnot directly pply the construction of the lst section becuse FGψ 1 contins the G-subformul Gψ 2. However, since ψ 2 does not contin ny G-subformul, we cn construct Mojmir utomton M(ψ 2 ) for FGψ 2. We use this fct to define the utomton M(ψ 1 ) s the union of two Mojmir utomt: The first utomton recognizes ll words stisfying FGψ 1 but not FGψ 2 (nd perhps some other words stisfying FGψ 2 ), while the second recognizes ll words stisfying FGψ 1 nd FGψ 2 (nd perhps some other words stisfying FGψ 1 ). Consider for exmple the words w 1 = ( b c ā bc) ω w 2 = (ābc) ω w 3 = (ā bc) ω 19