arxiv: v2 [cs.fl] 23 Apr 2018

Transcription

1 EFFICIENT REDUCTION OF NONDETERMINISTIC AUTOMATA WITH APPLICATION TO LANGUAGE INCLUSION TESTING LORENZO CLEMENTE AND RICHARD MAYR b rxiv: v2 [cs.fl] 23 Apr 2018 University of Wrsw, Fculty of Mthemtics, Informtics nd Mechnics, Bnch 2, Wrszw, Polnd b University of Edinburgh, School of Informtics, LFCS, 10 Crichton Street, Edinburgh EH89AB, UK ABSTRACT. We present efficient lgorithms to reduce the size of nondeterministic Büchi word utomt (NBA) nd nondeterministic finite word utomt (NFA), while retining their lnguges. Additionlly, we describe methods to solve PSPACE-complete utomt problems like lnguge universlity, equivlence, nd inclusion for much lrger instnces thn ws previously possible ( 1000 sttes insted of ). This cn be used to scle up pplictions of utomt in forml verifiction tools nd decision procedures for logicl theories. The lgorithms re bsed on new techniques for removing trnsitions (pruning) nd dding trnsitions (sturtion), s well s extensions of clssic quotienting of the stte spce. These techniques use criteri bsed on combintions of bckwrd nd forwrd trce inclusions nd simultion reltions. Since trce inclusion reltions re themselves PSPACE-complete, we introduce lookhed simultions s good polynomil time computble pproximtions thereof. Extensive experiments show tht the verge-cse time complexity of our lgorithms scles slightly bove qudrticlly. (The spce complexity is worst-cse qudrtic.) The size reduction of the utomt depends very much on the clss of instnces, but our lgorithm consistently reduces the size fr more thn ll previous techniques. We tested our lgorithms on NBA derived from LTL-formule, NBA derived from mutul exclusion protocols nd mny clsses of rndom NBA nd NFA, nd compred their performnce to the well-known utomt tool GOAL [68]. 1. INTRODUCTION Nondeterministic Büchi utomt (NBA) re fundmentl dt structure to represent nd mnipulte ω-regulr lnguges [67]. They pper in mny utomt-bsed forml softwre verifiction methods, s well s in decision procedures for logicl theories. For exmple, in LTL softwre model checking [40, 25], temporl logic specifictions re converted into NBA. In other cses, different versions of progrm (obtined by bstrction or refinement of the originl) re trnslted into utomt whose lnguges re then compred. Testing the conformnce of n implementtion with its requirements specifiction thus reduces to lnguge inclusion problem. Another ppliction of NBA in softwre engineering is progrm termintion nlysis by the size-chnge termintion method [51, 28]. Vi n bstrction of the effect of progrm opertions on dt, the termintion problem cn often be reduced to lnguge inclusion problem between two derived NBA. Extended version of results presented t POPL 2013 [19] ACM Subject Clssifiction: F.1.1; D.2.4. Key words nd phrses: Automt reduction; Inclusion testing; Simultion. LOGICAL METHODS IN COMPUTER SCIENCE DOI: /LMCS-??? c L. Clemente nd R. Myr Cretive Commons 1

2 2 L. CLEMENTE AND R. MAYR Our gol is to improve the efficiency nd sclbility of utomt-bsed forml softwre verifiction methods. Our contribution is threefold: We describe very effective utomt reduction lgorithm, which is bsed on novel, efficiently computble lookhed simultions, nd we conduct n extensive experimentl evlution of our reduction lgorithm. This pper is prtly bsed on results presented t POPL 13 [19], but contins severl lrge prts tht hve not ppered previously. While [19] only considered nondeterministic Büchi utomt (NBA), we dditionlly present corresponding results on nondeterministic finite utomt (NFA). We lso present more extensive empiricl results for both NBA nd NFA (cf. Sec. 9). Moreover, we dded section on the new sturtion technique (cf. Sec. 10). Finlly, we dded some notes on the implementtion (cf. Sec. 11) Automt reduction. We propose novel, efficient, prcticl, nd very effective lgorithm to reduce the size of utomt, in terms of both sttes nd trnsitions. It is well-known tht, in generl, there re severl non-isomorphic nondeterministic utomt of miniml size recognizing given lnguge, nd even testing the minimlity of the number of sttes of given utomton is PSPACE-complete [45]. Insted, our lgorithm produces smller utomton recognizing the sme lnguge, though not necessrily one with the bsolute miniml possible number of sttes, thus voiding the complexity bottleneck. The reson to perform reduction is tht smller utomt re in generl more efficient to hndle in subsequent computtion. Thus, there is n lgorithmic trdeoff between the effort for the reduction nd the complexity of the problem lter considered for this utomton. If only computtionlly esy lgorithmic problems re considered, like rechbility or emptiness (which re solvble in LOGSPACE), then extensive reduction does not py off since in these cses it is fster to solve the initil problem directly. Insted, the min pplictions re the following. (1) PSPACE-complete utomt problems like lnguge universlity, equivlence, nd inclusion [49]. Since exct lgorithms re exponentil for these problems, one should first reduce the utomt s much s possible before pplying them. (2) LTL model checking [40], where one serches for loops in grph tht is the product of lrge system specifiction with n NBA derived from n LTL-formul. Smller utomt often mke this esier, though in prctice it lso depends on the degree of nondeterminism [63]. Our reduction lgorithm, bsed on trnsition pruning techniques, yields utomt tht re not only smller, but lso sprser (fewer trnsitions per stte, on verge), nd thus contin less nondeterministic brnching. (3) Procedures tht combine nd modify utomt repetedly. Model checking lgorithms nd utomt-bsed decision procedures for logicl theories (cf. the TPAS tool [53]) compute utomt products, unions, complements, projections, etc., nd thus the sizes of utomt grow rpidly. Another exmple is in the use of utomt for the rechbility nlysis of sfe Petri nets [61]. Thus, it is importnt to intermittently reduce the utomt to keep their size mngeble. Our reduction lgorithm combines the following techniques: The removl of ded sttes. These re sttes tht trivilly do not contribute to the lnguge of the utomton, either becuse they cnnot be reched from ny initil stte or becuse no ccepting loop in the NBA (resp. no ccepting stte in the NFA) is rechble from them. Quotienting. Here one finds suitble equivlence reltion on the set of sttes nd quotients w.r.t. it, i.e., one merges ech equivlence clss into single stte.

3 EFFICIENT REDUCTION OF NONDET. AUTOMATA WITH APPLICATION TO LANGUAGE INCLUSION TESTING 3,b $ p,b,b,b $ 0 p 1 p 2 p n p FIGURE 1. Fmily of NBA ccepting lnguges L n = {,b} {,b} n 1 $ ω for which the miniml WDBA hs size Ω(2 n ). Trnsition pruning (i.e., removing trnsitions) nd trnsition sturtion (i.e., dding trnsitions), using suitble criteri such tht the lnguge of the utomton is preserved. The first technique is trivil nd the second one is well-understood [26, 16]. Here, we investigte thoroughly trnsition pruning nd trnsition sturtion. For pruning, the ide is tht certin trnsitions cn be removed, becuse other better trnsitions remin. The better criterion compres the source nd trget sttes of trnsitions w.r.t. certin semntic preorders, e.g., forwrd nd bckwrd simultions nd trce inclusions. We provide complete picture of which combintions of reltions re correct to use for pruning. Pruning trnsitions reduces not only the number of trnsitions, but lso, indirectly, the number of sttes. By removing trnsitions, some sttes my become ded, nd cn thus be removed from the utomton without chnging its lnguge. The reduced utomt re generlly much sprser thn the originls (i.e., use fewer trnsitions per stte nd less nondeterministic brnching), which yields dditionl performnce dvntges in subsequent computtions. Dully, for sturtion, the ide is tht certin trnsitions cn be dded, becuse other better trnsitions re lredy present. Agin, the better criterion relies on compring the source/trget sttes of the trnsitions w.r.t. semntic preorders like forwrd nd bckwrd simultions nd trce inclusions. We provide complete picture of which combintions of reltions re correct to use for sturtion. Adding trnsitions does not chnge the number of sttes, but it my pve the wy for further quotienting tht does. Moreover, dding some trnsitions might llow the subsequent pruning of other trnsitions, nd the finl result might even hve fewer trnsitions thn before. It often hppens, however, tht there is trdeoff between the numbers of sttes nd trnsitions. Finlly, it is worth mentioning tht the minimistion problem cn sometimes be solved efficiently if one considers minimistion within restricted clss of lnguges. For instnce, for the clss of wek deterministic Büchi lnguges ( strict subclss of the ω-regulr lnguges) it is wellknown tht given wek deterministic Büchi utomton (WDBA) one cn find in time O(nlogn) miniml equivlent utomton in the sme clss [54] (essentilly by pplying Hopcroft s DFA minimistion lgorithm [41]). However, it is possible tht wek deterministic lnguge dmits only lrge WDBA, but succinct NBA; cf. Fig. 1 (this is similr to wht hppens for DFA vs. NFA over finite words). Thus, minimising WDBA in the clss of WDBA nd minimising WDBA in the lrger clss of NBA re two distinct problems. Since in this pper we consider size reduction of NBA (nd thus WDBA) in the lrger clss of ll NBA, our method nd the one of [54] re incomprble Lookhed simultions. Simultion preorders ply centrl role in utomt reduction vi pruning, sturtion nd quotienting, becuse they provide PTIME-computble under-pproximtions of the PSPACE-hrd trce inclusions. However, the qulity of the pproximtion is insufficient in mny prcticl exmples. Multipebble simultions [24] yield better under-pproximtions of trce inclusions, but these re not esily computed in prctice.

4 4 L. CLEMENTE AND R. MAYR We introduce lookhed simultions s n efficient nd prcticl method to compute good under-pproximtions of trce inclusions nd multipebble simultions. For fixed lookhed, lookhed simultions re computble in PTIME, nd it is correct to use them insted of the more expensive trce inclusions nd multipebble simultions. Lookhed itself is clssic concept, which hs been used in prsing nd mny other res of computer science, like in the uniformiztion problem of regulr reltions [42], in the composition of e-services (under the nme of lookhed delegtors [34, 62, 14, 55]), nd in infinite gmes [39, 30, 47, 48]. However, lookhed cn be defined in mny different vrints. Our contribution is to identify nd formlly describe the lookhed-vrint for simultion preorders tht gives the optiml compromise between efficient computbility nd mximizing the sizes of the reltions; cf. Sec. 6. From prcticl point of view, we use degrees of lookhed rnging from 4 to 25 steps, depending on the size nd shpe of the utomt. Our experiments show tht even moderte lookhed helps considerbly in obtining good pproximtions of trce-inclusions nd multipebble simultions. Notions very similr to the ones we introduce re discussed in [43] under the nme of multi-letter simultions nd buffered simultions [44]; cf. Remrk 6.4 for comprison of multi-letter nd buffered simultions w.r.t. lookhed simultions Experimentl results. We performed n extensive experimentl evlution of our techniques bsed on lookhed simultions on tsks of utomt reduction nd lnguge universlity/inclusion testing. (The rw dt of the experiments is stored together with the rxiv version of this pper [20].) Automt reduction. We pplied our reduction lgorithm on utomt of up-to sttes. These included 1) rndom utomt ccording to the Tbkov-Vrdi model [66], 2) utomt obtined from LTL formule, nd 3) rel-world mutul exclusion protocols. The empiriclly determined verge-cse time complexity on rndom utomt is slightly bove qudrtic, while the (never observed) worst-cse complexity is O(n 4 ). The worst-cse spce complexity is qudrtic. Our lgorithm reduces the size of utomt much more strongly, on verge, thn previously vilble prcticl methods s implemented in the populr GOAL utomt tool [68]. However, the exct dvntge vries, depending on the type of instnces; cf. Sec. 9. For exmple, consider rndom utomt with sttes, binry lphbet nd vrying trnsition density td. Rndom utomt with td = 1.4 cnnot be reduced much by ny method. The only substntil effect is chieved by the trivil removl of ded sttes which, on verge, yields utomt of 78% of the originl size. On the other hnd, for td = 1.8,...,2.2, the best previous reduction methods yielded utomt of 85% 90% of the originl size on verge, while our lgorithm yielded utomt of 3% 15% of the originl size on verge. Lnguge universlity/inclusion. Lnguge universlity nd inclusion of NBA/NFA re PSPACEcomplete problems [49], but mny prcticlly efficient methods hve been developed [22, 23, 60, 5, 28, 29, 3, 4]. Still, these ll hve exponentil worst-cse time complexity nd do not scle well. Typiclly they re pplied to utomt with sttes (unless the utomton hs prticulrly simple structure), nd therefore one should first reduce the utomt before pplying these exct exponentil-time methods. Even better, lredy the polynomil time reduction lgorithm lone cn solve mny instnces of the PSPACE-complete universlity, equivlence, nd inclusion problems. E.g., n utomton might be reduced to the trivil universl utomton, thus witnessing lnguge universlity, or when one checks inclusion of two utomt, it my compute smll (polynomil size) certificte for lnguge

5 EFFICIENT REDUCTION OF NONDET. AUTOMATA WITH APPLICATION TO LANGUAGE INCLUSION TESTING 5 reltions on NBA complexity quotienting inclusion pruning (1) direct simultion di PTIME [65, 25] [22] [15], Thm. 5.4 fir simultion f PTIME [26] [37] Fig. 5() delyed simultion de PTIME [26] [26] Fig. 5() bckwrd direct sim. bw-di PTIME [65] Thm. 4.1 Thm. 5.3 direct trce inclusion di PSPACE [24] obvious Thm. 5.1, 5.3 fir trce inclusion f PSPACE Fig. 2 [16] obvious cf. Thm. 5.5 delyed trce inclusion de PSPACE Fig. 2 [16] obvious cf. Thm. 5.5 bwd. direct trce incl. bw-di PSPACE Thm. 3.6 Thm. 4.1 Thm. 5.2, 5.4 direct lookhed sim. k-di PTIME (2) Lemm 6.1 Lemm 6.1 Sec. 7.1 delyed lookhed sim. k-de PTIME (2) Lemm 6.1 Lemm 6.1 Sec. 7.1 fir lookhed sim. k-f PTIME (2) by fir sim. Lemm 6.1 Sec. 7.1 reltions on NFA forwrd direct sim. di PTIME Thm. 3.7 Thm. 4.2 Thm. 5.8, 5.9 bwd. finite-word sim. bw PTIME Thm. 3.7 Thm. 4.2 Thm. 5.8, 5.9 fwd. finite trce incl. fw PSPACE Thm. 3.7 Thm. 4.2 Thm bwd. finite trce incl. bw PSPACE Thm. 3.7 Thm. 4.2 Thm fwd. di. lookhed sim. k-di PTIME (2) Sec. 7.2 Sec. 7.2 Sec. 7.2 bwd. lookhed sim. k-bw PTIME (2) Sec. 7.2 Sec. 7.2 Sec. 7.2 TABLE 1. Summry of old nd new results for simultion-like reltions on NBA nd NFA. (1) For pruning, cf. lso Tble 2 in Sec. 5.1 for NBA, nd Sec. 5.2 for NFA. (2) PTIME for fixed lookhed. inclusion in the form of (lookhed-)simultion. Thus, the complete exponentil time methods bove need only be invoked in minority of the cses, nd on much smller instnces. This llows to scle lnguge inclusion testing to much lrger instnces (e.g., utomt with 1000 sttes) which re beyond previous methods Nondeterministic finite utomt. We present our methods mostly in the frmework of nondeterministic Büchi utomt (NBA), but they directly crry over to the simpler cse of nondeterministic finite-word utomt (NFA). The min differences re the following: Since NFA ccept finite words, it mtters in exctly which step n ccepting stte is reched (unlike for NBA where the cceptnce criterion is to visit ccepting sttes infinitely often). Therefore, lookhed-simultions for NFA need to tret ccepting sttes in wy which is more restrictive thn for NBA. Thus, in NFA, one is limited to smller rnge of semntic preorders/equivlences, nmely direct nd bckwrd simultions (nd the corresponding multipebble simultions, lookhed simultions nd trce inclusions), while more relxed notions (like delyed nd fir simultions) cn be used for NBA. On the other hnd, unlike NBA, n NFA cn lwys be trnsformed into n equivlent NFA with just one ccepting stte without ny outgoing trnsitions (unless the lnguge contins the empty word). This specil form mkes it much esier to compute good pproximtions of direct nd bckwrd trce inclusion, which gretly helps in the NFA reduction lgorithm.

6 6 L. CLEMENTE AND R. MAYR Outline of the pper. A summry of old nd new results bout simultion-like preorders s used in inclusion checking, quotienting, nd pruning trnsitions cn be found in Fig. 1. The rest of the pper is orgnized s follows. In Sec. 2, we define bsic nottion for utomt nd lnguges. Sec. 3 introduces bsic semntic preorders nd equivlences between sttes of utomt nd considers quotienting methods, while Sec. 4 shows which preorders witness lnguge inclusion. In Sec. 5, we present the min results on trnsition pruning. Lookhed simultions re introduced in Sec. 6 nd used in the lgorithms for utomt reduction nd lnguge inclusion testing in Sections 7 nd 8, respectively. These lgorithms re empiriclly evluted in Sec. 9. In Sec. 10 we describe nd evlute n extended reduction lgorithm tht dditionlly uses trnsition sturtion methods. Sec. 11 describes some lgorithmic optimiztions in the implementtion, nd Sec. 12 contins summry nd directions for future work. 2. PRELIMINARIES A preorder R is reflexive nd trnsitive reltion, prtil order is preorder which is ntisymmetric (xry yrx x = y), nd strict prtil order is n irreflexive ( xrx), symmetric (xry yrx), nd trnsitive reltion. We often denote preorders by, nd when we do so, with we denote its strict version, i.e., x y if x y nd y x; we follow similr convention for. A nondeterministic Büchi utomton (NBA) A is tuple (Σ,Q,I,F,δ) where Σ is finite lphbet, Q is finite set of sttes, I Q is the set of initil sttes, F Q is the set of ccepting sttes, nd δ Q Σ Q is the trnsition reltion. We write p q for (p,,q) δ. A stte of Büchi utomton is ded if either it is not rechble from ny initil stte, or it cnnot rech ny ccepting loop (i.e., loop tht contins t lest one ccepting stte). In our simplifiction techniques, we lwys remove ded sttes, since this does not ffect the lnguge of the utomton. To simplify the presenttion, we ssume tht utomt re forwrd nd bckwrd complete, i.e., for ny stte p Q nd symbol Σ, there exist sttes q 0,q 1 Q s.t. q 0 p q 1. Every utomton cn be converted into n equivlent complete one by dding t most two sttes nd t most 2 ( Q + 2) Σ trnsitions. 1 A Büchi utomton A describes set of infinite words (its lnguge), i.e., subset of Σ ω. An infinite trce of A on n infinite word w = 0 1 Σ ω (or w-trce) strting in stte q 0 Q is n infinite sequence of trnsitions π = q q1. Similrly, finite trce on finite word w = 0 1 m 1 Σ (or w-trce) strting in stte q 0 Q nd ending in stte q m Q is finite sequence of trnsitions π = q m 1 q1 qm. By convention, finite trce over the empty word ε is just single stte π = q (where the trce both strts nd ends). For n infinite trce π nd index i 0, we denote by π[0..i] the finite prefix trce π[0..i] = q 0 i 1 0 qi, nd by π[i..] the infinite suffix trce π[i..] = q i i+1 i qi+1. A finite or infinite trce is initil if it strts in n initil stte q 0 I, nd finite trce is finl if it ends in n ccepting stte q m F. A trce is fir if it is infinite nd q i F for infinitely mny i s. A trnsition is trnsient if it ppers t most once in ny trce of the utomton. The lnguge of n NBA A is L(A) = {w Σ ω A hs n initil nd fir trce on w}. A nondeterministic finite utomton (NFA) A = (Σ,Q,I,F,δ) hs the sme syntx s n NBA, nd ll definitions from the previous prgrph crry over to NFA. (Sometimes, ccepting sttes in NBA re clled finl in the context of NFA.) However, since NFA recognize lnguges of finite words, their semntics is different. The lnguge of n NFA A is thus defined s L(A) = {w Σ A hs n initil nd finl trce on w}. 1 For efficiency resons, our implementtion works directly on incomplete utomt. Completeness is only ssumed to simplify the technicl development.

7 EFFICIENT REDUCTION OF NONDET. AUTOMATA WITH APPLICATION TO LANGUAGE INCLUSION TESTING 7 When the distinction between NBA nd NFA is not importnt, we just cll A n utomton. Given two utomt A nd B we write A B if L(A) L(B) nd A B if L(A) = L(B). 3. QUOTIENTING REDUCTION TECHNIQUES An interesting problem is how to simplify n utomton while preserving its semntics, i.e., its lnguge. Generlly, one tries to reduce the number of sttes/trnsitions. This is useful becuse the complexity of decision procedures usully depends on the size of the input utomt. A clssicl opertion for reducing the number of sttes of n utomton is tht of quotienting, where sttes of the utomton re identified ccording to given equivlence, nd trnsitions re projected ccordingly. Since in prctice we obtin quotienting equivlences from suitble preorders, we directly define quotienting w.r.t. preorder. In the rest of the section, fix n utomton A = (Σ,Q,I,F,δ), nd let be preorder on Q, with induced equivlence := ( ). Given stte q Q, we denote by [q] its equivlence clss w.r.t. (which is left implicit for simplicity), nd, for set of sttes P Q, [P] is the set of equivlence clsses [P] = {[p] p P}. Definition 3.1. The quotient of A by is A/ = (Σ,[Q],[I],[F],δ ), where δ = {([q 1 ],,[q 2 ]) q 1 [q 1 ],q 2 [q 2] (q 1,,q 2 ) δ}, i.e., trnsitions re induced element-wise. Clerly, every trce q q1 in A immeditely induces corresponding trce [q0 ] [q 1 ] 1 in A/, which is fir/initil/finl if the former is fir/initil/finl, respectively. Consequently, A (A/ ) for ny preorder. If, dditionlly, (A/ ) A, then we sy tht the preorder is good for quotienting (GFQ). Definition 3.2. A preorder is good for quotienting (GFQ) if A A/. GFQ preorders re downwrd closed (since smller preorder induces smller equivlence, which quotients less ). We re interested in finding corse nd efficiently computble GFQ preorders for NBA nd NFA. Clssicl exmples re given by forwrd simultion reltions (Sec. 3.1) nd forwrd trce inclusions (Sec. 3.3), which re well known GFQ preorders for NBA. A less known GFQ preorder for NBA is given by their respective bckwrd vrints (Sec. 3.5). For completeness, we lso consider suitble simultions nd trce inclusions for NFA (Sec. 3.6). In Sec. 4, the previous preorders re pplied to lnguge inclusion for both NBA nd NFA. In Sec. 5, we present novel lnguge-preserving trnsition pruning techniques bsed on simultions nd trce inclusions. While simultions re efficiently computble, e.g., in PTIME, trce inclusions re PSPACE-complete. In Sec. 6, we present lookhed simultions, which re novel efficiently computble GFQ reltions corser thn simultions Forwrd simultion reltions. Forwrd simultion [59, 57] is binry reltion on the sttes of A; it reltes sttes whose behviors re step-wise relted, which llows one to reson bout the internl structure of utomton A i.e., how word is ccepted, nd not just whether it is ccepted. Formlly, simultion between two sttes p 0 nd q 0 cn be described in terms of gme between two plyers, Spoiler nd Duplictor, where the ltter wnts to prove tht q 0 cn step-wise mimic ny behvior of p 0, nd the former wnts to disprove it. The gme strts in the initil configurtion (p 0,q 0 ). Inductively, given gme configurtion (p i,q i ) t the i-th round of the gme, Spoiler chooses symbol i Σ nd trnsition p i i pi+1. Then, Duplictor responds by choosing mtching trnsition q i i qi+1, nd the next configurtion is (p i+1,q i+1 ). Since the utomton is ssumed to be complete, the gme goes on forever, nd the two plyers build two infinite trces 0

8 8 L. CLEMENTE AND R. MAYR π 0 = p p1 nd π1 = q q1. The winning condition for Duplictor is predicte on the two trces π 0,π 1, nd it depends on the type of simultion. For our purposes, we consider direct [22], delyed [26] nd fir simultion [37]. Let x {di, de, f}. Duplictor wins the ply if C x (π 0,π 1 ) holds, where C di (π 0,π 1 ) (i 0) p i F = q i F C de (π 0,π 1 ) (i 0) p i F = ( j i) q j F C f (π 0,π 1 ) if π 0 is fir, then π 1 is fir Intuitively, direct simultion requires tht ccepting sttes re mtched immeditely (the strongest condition), while in delyed simultion Duplictor is llowed to ccept only fter finite dely. In fir simultion (the wekest condition), Duplictor must visit ccepting sttes infinitely often only if Spoiler does so. Thus, the three conditions re presented in incresing degree of corseness. We define x-simultion reltion x Q Q, for x {di,de,f}, by stipulting tht p 0 x q 0 holds if Duplictor hs winning strtegy in the x-simultion gme, strting from configurtion (p 0,q 0 ). Thus, di de f. Simultion between sttes in different utomt A nd B cn be computed s simultion on their disjoint union. Lemm 3.1 ([22, 36, 37, 26]). For x {di,de,f}, x-simultion x is PTIME computble preorder. For y {di,de}, y is GFQ on NBA. Notice tht fir simultion f is not GFQ. A simple counterexmple cn be found in [26] (even for fir bisimultion); cf. lso the utomton from Fig. 2, where ll sttes re fir bisimultion equivlent, nd thus the quotient utomton would recognise Σ ω. However, the interest in fir simultion stems from the fct tht it is PTIME computble under-pproximtion of fir trce inclusion (introduced in the next Sec. 3.3). Trce inclusions between certin sttes cn be used to estblish lnguge inclusion between utomt, s discussed in Sec. 4; this is prt of our inclusion testing presented in Sec Multipebble simultions. While simultions re efficiently computble, their use is often limited by their size, which cn be much smller thn other GFQ preorders. Multipebble simultions [24] offer generliztion of simultions where Duplictor is given severl pebbles tht he cn use to hedge his bets nd dely the resolution of nondeterminism. This incresed power of Duplictor yields corser GFQ preorders. Lemm 3.2 ([24]). Multipebble direct nd delyed simultions re GFQ preorders on NBA corser thn direct nd delyed simultions, respectively. They re PTIME computble for fixed number of pebbles. However, computing multipebble simultions is PSPACE-hrd in generl [17], nd in prctice it is exponentil in the number of pebbles. For this reson, we study (cf. Sec. 6) lookhed simultions, which re efficiently computble under-pproximtions of multipebble simultions, nd, more generlly, of trce inclusions, which we introduce next Forwrd trce inclusions. There re other generliztions of simultions (nd their multipebble extensions) tht re GFQ. One such exmple of corser GFQ preorders is given by trce inclusions, which re obtined through the following modifiction of the simultion gme. In simultion gme, the plyers build two pths π 0,π 1 by choosing single trnsitions in n lternting fshion. Tht is, Duplictor moves by single trnsition by knowing only the next single trnsition chosen

9 EFFICIENT REDUCTION OF NONDET. AUTOMATA WITH APPLICATION TO LANGUAGE INCLUSION TESTING 9 de p q r s p q p r s q r s [p] [r] [s] The originl utomton A Delyed trce inclusion The quotient utomton A/ de FIGURE 2. Delyed trce inclusion de is not GFQ. by Spoiler. We cn obtin corser reltions by llowing Duplictor certin mount of lookhed on Spoiler s chosen trnsitions. In the extreml cse of infinite lookhed, i.e., where Spoiler hs to revel her entire pth in dvnce, we obtin trce inclusions. Anlogously to simultions, we define direct, delyed, nd fir trce inclusion, s binry reltions on Q. Formlly, for x {di,de,f}, x-trce inclusion holds between p nd q, written p x q if, for every word w = 0 1 Σ ω, nd for every infinite w-trce π 0 = p p1 strting t p0 = p, there exists n infinite w-trce π 1 = q q1 strting t q0 = q, s.t. C x (π 0,π 1 ) holds. (Recll the definition of C x (π 0,π 1 ) from Sec. 3.1). Like simultions, trce inclusions re preorders. Clerly, direct trce inclusion di is subset of delyed trce inclusion de, which, in turn, is subset of fir trce inclusion f. Moreover, since Duplictor hs more power in the trce inclusion gme thn in the corresponding simultion gme, trce inclusions subsume the corresponding simultion (nd even the corresponding multipebble simultion 2 ). In prticulr, fir trce inclusion f is not GFQ, since it subsumes fir simultion f which we hve lredy observed not to be GFQ in Sec We further observe tht even the finer delyed trce inclusion de is not GFQ. Consider the utomton A on the left in Fig. 2 (tken from [16]). The sttes p nd q re equivlent w.r.t. delyed trce inclusion (nd re the only two equivlent sttes), nd thus [p] = [q], but merging them induces the quotient utomton A/ de on the right in the figure, which ccepts the new word ω tht ws not previously ccepted. It thus remins to decide whether direct trce inclusion di is GFQ. This is the cse, since di in fct coincides with multipebble direct simultion, which is GFQ by Lemm 3.2. Lemm 3.3 ([24, 16]). Forwrd trce inclusions re PSPACE computble preorders. Moreover, direct trce inclusion di is GFQ for NBA, while delyed de nd fir f trce inclusions re not. The fct tht direct trce inclusion di is GFQ lso follows from more generl result presented in the next section, where we consider different wy to give lookhed to Duplictor Fixed-word simultions. Fixed-word simultion [16] is vrint of simultion where Duplictor hs infinite lookhed only on the input word w, but not on Spoiler s ctul w-trce π 0. Formlly, for x {di,de,f}, one considers the fmily of preorders indexed by infinite words { fx-x w } w Σ ω, where fx-x w for fixed infinite word w is like x-simultion, but Spoiler is forced to ply the word w. Then, x-fixed-word simultion fx-x is defined by requiring tht Duplictor wins for every infinite 2 It turns out tht multipebble direct simultion with the mximl number of pebbles in fct coincides with direct trce inclusion, while the other inclusions re strict for the delyed nd fir vrints [17].

10 10 L. CLEMENTE AND R. MAYR forwrd simultions multipebble simultions fixed-word simultions trce inclusions di di n fx-di di GFQ de de n fx-de de not GFQ f f n fx-f f FIGURE 3. Forwrd-like preorders on NBA word w, tht is, fx-x = w Σ ω fx-x w. Thus, x-fixed-word simultion, by definition, flls between x-simultion nd x-trce inclusion. Wht is surprising is tht delyed fixed-word simultion fx-de is corser thn multipebble delyed simultion (nd thus direct trce inclusion di, since this one turns out to coincide with direct multipebble simultion di n, which is included in de n by definition), nd not incomprble s one could hve ssumed; this fct is non-trivil [16]. Since delyed fixed-word simultion is GFQ for NBA, this completes the clssifiction of GFQ preorders for NBA nd mkes fx-de the corsest simultion-like GFQ preorder known to dte. The reder is referred to [16] for more exhustive discussion of the results depicted in Fig. 3. Lemm 3.4 ([16]). Delyed fixed-word simultion fx-de is PSPACE-complete GFQ preorder. The simultions nd trce inclusions considered so fr explore the stte spce of the utomton in forwrd mnner. Their reltionship nd GFQ sttus re summrized in Fig. 3, where n rrow mens inclusion nd double rrow mens equlity. Notice tht there is bckwrd rrow from fixed-word direct simultion to multipebble direct simultion, nd not the other wy round s one might expect [16]. In dul fshion, one cn exploit the bckwrd behvior of the utomton to recognize structurl reltionships llowing for quotienting sttes, which is the topic of the next section Bckwrd direct simultion nd bckwrd direct trce inclusion. Another wy of obtining GFQ preorders is to consider vrints of simultion/trce inclusion which go bckwrds w.r.t. trnsitions. Bckwrd direct simultion bw-di (clled reverse simultion in [65]) is defined like ordinry simultion, except tht trnsitions re tken bckwrds: From configurtion (p i,q i ), Spoiler selects trnsition p i i+1 pi, Duplictor replies with trnsition q i i+1 qi, nd the next configurtion is (p i+1,q i+1 ). Let π 0 = 1 0 p1 p0 nd π 1 = 1 0 q1 q0 be the two infinite bckwrd trces built in this wy. The corresponding winning condition CI,F bw requires Duplictor to mtch both ccepting nd initil sttes: C bw I,F (π 0,π 1 ) (i 0) p i F = q i F nd p i I = q i I Then, p bw-di q holds if Duplictor wins the bckwrd simultion gme strting from (p,q) with winning condition CI,F bw. Bckwrd simultion bw-di is n efficiently computble GFQ preorder [65] on NBA incomprble with forwrd simultions. Lemm 3.5 ([65]). Bckwrd simultion bw-di is PTIME computble GFQ preorder on NBA.

11 EFFICIENT REDUCTION OF NONDET. AUTOMATA WITH APPLICATION TO LANGUAGE INCLUSION TESTING 11 The corresponding notion of bckwrd direct trce inclusion bw-di is defined s follows: p bw-di q if, for every finite word w = 0 1 m 1 Σ, nd for every initil, finite w-trce π 0 = p 0 0 p 1 m 1 1 pm ending in p m = p, there exists n initil, finite w-trce π 1 = q q1 m 1 q m ending in q m = q, s.t. CF bw(π 0,π 1 ) holds, where CF bw (π 0,π 1 ) (0 i m) p i F = q i F Note tht bckwrd direct trce inclusion dels with finite trces (unlike forwrd trce inclusions), which is due to the symmetry between pst nd future in ω-utomt. As for their forwrd counterprts, bckwrd direct simultion bw-di is included in bckwrd direct trce inclusion bw-di. Notice tht there is slight mismtch between the two notions, since the winning condition of the former is defined over infinite trces, while the ltter is on finite ones. In ny cse, inclusion holds thnks to the utomton being bckwrd complete. Indeed, ssume p bw-di q, nd let π 0 be n initil, finite w-trce strting in some p 0 I nd ending in p. We ply the bckwrd direct simultion gme from (p,q) by letting Spoiler tke trnsitions ccording to π 0 until configurtion (p 0,q 0 ) is reched for some stte q 0, nd from there we let Spoiler ply for ever ccording to ny strtegy (which is possible since the utomton is bckwrd complete). We obtin bckwrd infinite pth π 0 with suffix π 0 for Spoiler, nd corresponding π 1 with suffix π 1 for Duplictor s.t. CI,F bw(π 0,π 1 ). Since p 0 I, we obtin q 0 I. Similrly, ccepting sttes re mtched ll long, s required in the winning condition for bckwrd direct trce inclusion. Thus, p bw-di q. In Lemm 3.5 we reclled tht bckwrd direct simultion bw-di is GFQ on NBA. We now prove tht even bckwrd direct trce inclusion bw-di is GFQ on NBA, thus generlizing the previous result. Theorem 3.6. Bckwrd direct trce inclusion bw-di is PSPACE-complete GFQ preorder on NBA. Proof. We first show tht bw-di is GFQ. Let w = 0 1 L(A/ bw-di ), nd we show w L(A). There exists n initil nd fir w-trce π = [q 0 ] 0 [q1 ] 1. For i 1, let wi = 0 1 i (with w 1 = ε), nd, for i 0, let π[0..i] be the w i 1 -trce prefix of π ending in [q i ]. For ny i 0, we build by induction n initil nd finite w i 1 -trce π i of A ending in q i nd visiting t lest s mny ccepting sttes s π[0..i] (nd t the sme time s π[0..i] does). For i = 0, just tke the empty ε-trce π 0 = q 0. For i > 0, ssume tht n initil w i 2 -trce π i 1 of A ending in q i 1 hs lredy been built. We hve the trnsition [q i 1 ] i 1 [q i ] in A/ bw-di. There exist ˆq [q i 1 ] nd ˆq [q i ] s.t. we hve trnsition ˆq i 1 ˆq in A. W.l.o.g. we cn ssume tht ˆq = q i, since [ ˆq ] = [q i ]. By q i 1 bw-di ˆq, there exists n initil nd finite w i 1 -trce π of A ending in ˆq. By the definition of bckwrd direct trce inclusion, π visits t lest s mny ccepting sttes s π i 1, which, by inductive hypothesis, visits t lest s mny ccepting sttes s π[0..i 1]. Therefore, π i := π i 1 qi is n initil nd finite w i 1 -trce of A ending in q i. Moreover, if [q i ] F = [F], then, since bckwrd direct trce inclusion respects ccepting sttes, [q i ] F, hence q i F, nd, consequently, π i visits t lest s mny ccepting sttes s π[0..i]. Since π is fir, we hve thus built sequence of finite nd initil trces π 0,π 1, visiting unboundedly mny ccepting sttes. Since A is finitely brnching, by König s Lemm there exists n initil nd fir (infinite) w-trce π ω. Therefore, w L(A). Regrding complexity, PSPACE-hrdness follows from n immedite reduction from lnguge inclusion of NFA, nd membership in PSPACE cn be shown by reducing to rechbility problem in finite grph G of exponentil size. Since rechbility in grphs is in LOGSPACE, we get the desired complexity. The finite grph G = (V, ) is obtined by product construction combined

12 12 L. CLEMENTE AND R. MAYR GFQ bckwrd direct simultion bw-di bckwrd direct trce inclusion bw-di FIGURE 4. Bckwrd-like preorders on NBA with bckwrd determiniztion construction: Vertices re those in V = {(p, ˆp) Q 2 Q p F = ˆp F} nd there is n edge (q, ˆq) (p, ˆp) if there exists symbol Σ s.t. p q nd for every s ˆq there exists r ˆp s.t. r s. Consider the trget set of vertices T = I { ˆp Q ˆp I = /0}. We clerly hve p bw-di q iff from vertex (p,{q}) we cn rech T. The results on bckwrd-like simultions estblished in this section re summrized in Fig. 4, where the rrow indictes inclusion. Notice tht bckwrd reltions re in generl incomprble with the corresponding forwrd notions from Fig. 3. In the next section we explore suitble GFQ reltions for NFA Simultions nd trce inclusions for NFA. The preorders presented so fr were designed for NBA (i.e., infinite words). For NFA (i.e., finite words), the picture is much simpler. Both forwrd nd bckwrd direct simultions di, bw-di re GFQ lso on NFA. However, over finite words one cn consider bckwrd simultion corser thn bw-di where only initil sttes hve to be mtched (but not necessrily finl ones). In bckwrd finite-word simultion bw the two plyers ply s in bckwrd direct simultion, except tht Duplictor wins the gme when the following corser condition is stisfied C bw I (π 0,π 1 ) (i 0) p i I = q i I The corresponding trce inclusions re s follows. In forwrd finite trce inclusion fw Spoiler plys finite, finl trce, nd Duplictor hs to mtch it with finl trce. Dully, in bckwrd finite trce inclusion bw, moves re bckwrd nd initil trces must be mtched. Clerly, direct simultion di is included in fw, nd similrly for bw nd bw. While fw, bw, bw re not GFQ for NBA (they re not designed to consider the infinitry cceptnce condition of NBA, which cn be shown with trivil exmples) they re for NFA. The following theorem cn be considered s folklore nd its proof is just n dpttion of similr proofs for NBA in the simpler setting of NFA. The PSPACE-completeness is n immedite consequence of the fct tht lnguge inclusion for NFA is lso PSPACE-complete [56]. Theorem 3.7. Forwrd direct simultion di nd bckwrd finite-word simultion bw re PTIME GFQ preorders on NFA. Forwrd fw nd bckwrd bw finite trce inclusions re PSPACEcomplete GFQ preorders on NFA.

13 EFFICIENT REDUCTION OF NONDET. AUTOMATA WITH APPLICATION TO LANGUAGE INCLUSION TESTING LANGUAGE INCLUSION When utomt re viewed s finite representtions of lnguges, it is nturl to sk whether two different utomt represent the sme lnguge, or, more generlly, to compre these lnguges for inclusion. Recll tht, for two utomt A nd B over the sme lphbet Σ, we write A B iff L(A) L(B), nd A B iff L(A) = L(B). The lnguge inclusion/equivlence problem consists in determining whether A B or A B holds, respectively. For nondeterministic finite nd Büchi utomt, lnguge inclusion nd equivlence re PSPACE-complete [56, 49]. This entils tht, under stndrd theoretic-complexity ssumptions, there exists no efficient deterministic lgorithm for inclusion/equivlence testing. Therefore, we consider suitble under-pproximtions thereof. Remrk 4.1. A prtil pproch to NBA lnguge inclusion testing hs been described by Kurshn in [50]. Given n NBA B with n sttes, Kurshn s construction builds n NBA B with 2n sttes such tht L(B) L(B ), i.e., B over-pproximtes the complement of B. Moreover, if B is deterministic then L(B) = L(B ). This yields sufficient test for inclusion, since L(A) L(B ) = /0 implies L(A) L(B) (though generlly not vice-vers). This condition cn be checked in polynomil time. Of course, for generl NBA, this sufficient inclusion test cnnot replce complete test. Depending on the input utomton B, the over-pproximtion L(B) L(B ) could be rther corse. The following definition cptures in which sense preorder on sttes cn be used s sufficient inclusion test. Definition 4.1. Let A = (Σ,Q A,I A,F A,δ A ) nd B = (Σ,Q B,I B,F B,δ B ) be two utomt. A preorder on Q A Q B is good for inclusion (GFI) if either one of the following two conditions holds: 1. whenever p I A q I B p q, then A B, or 2. whenever p F A q F B p q, then A B. In other words, GFI preorders give sufficient condition for inclusion, by either mtching initil sttes of A with initil sttes of B (cse 1), or by mtching ccepting sttes of A with ccepting sttes of B (cse 2). However, GFI preorder is not necessry for inclusion in generl 3. Usully, forwrd-like simultions re GFI for cse 1, nd bckwrd-like simultions re GFI for cse 2. Moreover, if computing GFI preorder is efficient, then this leds to sufficient test for inclusion. Finlly, if preorder is GFI, then ll smller preorders re GFI too, i.e., GFI is -downwrd closed. It is obvious tht fir trce inclusion is GFI for NBAs (by mtching initil sttes of A with initil sttes of B). Therefore, ll vrints of direct, delyed, nd fir simultion from Sec. 3.1, nd the corresponding trce inclusions from Sec. 3.3, re GFI. We notice here tht bckwrd direct trce inclusion bw-di is GFI for NBA (by mtching ccepting sttes of A with ccepting sttes of B), which entils tht the finer bckwrd direct simultion is GFI s well. Theorem 4.1. Bckwrd direct simultion bw-di nd bckwrd direct trce inclusion bw-di re GFI preorders for NBA. Proof. Every ccepting stte in A is in reltion with n ccepting stte in B. Let w = 0 1 L(A), nd let π 0 = p p1 be n initil nd fir w-pth in A. Since π0 visits infinitely mny ccepting sttes, nd since ech such stte is bw-di -relted to n ccepting stte in B, by using the definition of bw-di it is possible to build in B longer nd longer finite, initil trces in 3 In the presence of multiple initil B sttes it might be the cse tht inclusion holds but the lnguge of A is not included in the lnguge of ny of the initil sttes of B, only in their union.

14 14 L. CLEMENTE AND R. MAYR B visiting unboundedly mny ccepting sttes. Since B is finitely brnching, by König s Lemm there exists n initil nd fir (infinite) w-trce π ω in B. Thus, w L(B). For NFA, we observe tht forwrd finite trce inclusion fw is GFI by mtching initil sttes, nd bckwrd finite trce inclusion bw is GFI by mtching ccepting sttes. The proof of the following theorem is immedite. Theorem 4.2. Forwrd fw nd bckwrd bw finite trce inclusions re GFI preorders on NFA. 5. TRANSITION PRUNING REDUCTION TECHNIQUES While quotienting-bsed reduction techniques reduce the number of sttes by merging them, we explore n lterntive method which prunes (i.e., removes) trnsitions. The intuition is tht certin trnsitions cn be removed from n utomton without chnging its lnguge when other better trnsitions remin. Definition 5.1. Let A = (Σ,Q,I,F,δ) be n utomton, let P δ δ be reltion on δ, nd let mxp be the set of mximl elements of P, i.e., mxp = {(p,,r) δ (p,,r ) δ ((p,,r),(p,,r )) P} The pruned utomton is defined s Prune(A,P) := (Σ,Q,I,F,δ ), where δ = mxp. In most prcticl cses, P will be strict prtil order, but this condition is not bsolutely required. While the computtion of P depends on δ in generl, ll subsumed trnsitions re removed in prllel, nd thus P is not re-computed even if the removl of single trnsition chnges δ, nd thus P itself. This is importnt for computtionl resons. Computing P my be expensive, nd thus it is beneficil to remove t once ll trnsitions tht cn be witnessed with the P t hnd. E.g., one might remove thousnds of trnsitions in single step without re-computing P. On the other hnd, removing trnsitions in prllel mkes rguing bout correctness much more difficult due to potentil mutul dependencies between the involved trnsitions. Regrding correctness, note tht removing trnsitions cnnot introduce new words in the lnguge, thus Prune(A, P) A. When lso the converse inclusion holds (so the lnguge is preserved), we sy tht P is good for pruning (GFP). Definition 5.2. A reltion P δ δ is good for pruning (GFP) if Prune(A,P) A. Like GFQ, lso GFP is -downwrd closed in the spce of reltions. We study specific GFP reltions obtined by compring the endpoints of trnsitions over the sme input symbol. Formlly, given two binry stte reltions R b,r f Q Q for the bckwrd nd forwrd endpoints, respectively, we define P(R b,r f )= {((p,,r),(p,,r )) δ δ p R b p nd r R f r }. (5.1) P(, ) is monotone in both rguments. In the following section, we explore which stte reltions R b,r f induce GFP reltions P(R b,r f ) for NBA. In Sec. 5.2, we present similr GFP reltions for NFA.

15 EFFICIENT REDUCTION OF NONDET. AUTOMATA WITH APPLICATION TO LANGUAGE INCLUSION TESTING 15 R b \ R f id di di di di de f f id bw-di bw-di bw-di bw-di TABLE 2. GFP reltions P(R b,r f ) for NBA. denotes yes, denotes no, nd denotes the cse where GFP does not hold for the trivil reson tht the reltion is not irreflexive.,b p de q p b q bw-di r di b s c () P(id, de ) is not GFP. (b) P(id, di ) P( bw-di,id) is not GFP. FIGURE 5. Two pruning counterexmples Pruning NBA. Our results re summrized in Tble 2. It hs long been known tht P(id, di ) nd P( bw-di,id) re GFP (see [15], where the removed trnsitions re clled little brothers ). However, lredy slightly relxing direct simultion to delyed simultion is incorrect, i.e., P(id, de ) is not GFP. This is shown in the counterexmple in Fig. 5(), where q de p, but removing the dshed trnsition p q (due to p p) mkes the lnguge empty. The essentil problem is tht q de p holds precisely thnks to the presence of trnsition p q, without which we would hve q de p, thus creting cyclicl dependency. Consequently, P(id, f ) nd P(id, f ) re not GFP either. Moreover, while P(id, di ) nd P( bw-di,id) re GFP, their union P(id, di ) P( bw-di,id) (or the trnsitive closure thereof) is not. A counterexmple is shown in Fig. 5(b), where pruning would remove both the trnsitions p r (subsumed by p q with r di q) nd q s (subsumed by r s with q bw-di r), nd c ω would no longer be ccepted. Agin, the essentil issue is cyclicl dependency: r di q holds only if q s is not pruned, nd symmetriclly q bw-di r holds only if p r is not pruned. Therefore, removing ny single one of these two trnsitions is sound, but not removing both. However, it is possible to relx simultion in P(id, di ) nd P( bw-di,id) to direct trce inclusion di, resp., bckwrd trce inclusion bw-di, nd prove tht P(id, di ) nd P( bw-di,id) re GFP. This is shown below in Theorems 5.1 nd 5.2. Theorem 5.1. For every strict prtil order R di, P(id,R) is GFP on NBA. In prticulr, P(id, di ) is GFP. Proof. Let B = Prune(A,P(id,R)). We show A B. If w = 0 1 L(A) then there exists n infinite fir initil trce ˆπ on w in A. We show w L(B).

16 16 L. CLEMENTE AND R. MAYR We cll trce π = q q1 on w in A i-good if it does not contin ny trnsition j q j q j+1 for j < i s.t. there exists n A trnsition q j q j+1 with q j+1 R q j+1 (i.e., no such trnsition is used within the first i steps). Since A is finitely brnching, for every stte nd symbol there exists t lest one R-mximl successor tht is still present in B, becuse R is symmetric nd trnsitive. Thus, for every i-good trce π on w there exists n (i + 1)-good trce π on w s.t. π nd π re identicl on the first i steps nd C di (π,π ), becuse R di. Since ˆπ is n infinite fir initil trce on w (which is trivilly 0-good), there exists n infinite initil trce π on w tht is i-good for every i nd C di (ˆπ, π). Moreover, π is trce in B. Since ˆπ is fir nd C di (ˆπ, π), π is n infinite fir initil trce on w tht is i-good for every i. Therefore π is fir initil trce on w in B nd thus w L(B). Theorem 5.2. For every strict prtil order R bw-di, P(R,id) is GFP on NBA. In prticulr, P( bw-di,id) is GFP. Proof. Let B = Prune(A,P(R,id)). We show A B. If w = 0 1 L(A) then there exists n infinite fir initil trce ˆπ on w in A. We show w L(B). We cll trce π = q q1 on w in A i-good if it does not contin ny trnsition j q j q j+1 for j < i s.t. there exists n A trnsition q j q j+1 with q j R q j (i.e., no such trnsition is used within the first i steps). We show, by induction on i, the following property (P): For every i nd every initil trce π on w in A there exists n initil i-good trce π on w in A s.t. π nd π hve identicl suffixes from step i onwrds nd C di (π,π ). The bse cse i = 0 is trivil with π = π. For the induction step there re two cses. If π is (i + 1)-good then we cn tke π = π. Otherwise there exists trnsition q i i qi+1 with q i R q i. Without restriction (since A is finite nd R is symmetric nd trnsitive) we ssume tht q i is R-mximl mong the i-predecessors of q i+1. In prticulr, the trnsition q i i qi+1 is present in B. Since R bw-di, there exists n initil trce π on w tht hs suffix q i i+1 i qi+1 qi+2... nd C di (π,π ). Then, by induction hypothesis, there exists n initil i-good trce π on w tht hs suffix q i i+1 i qi+1 qi+2... nd C di (π,π ). Since q i is R-mximl mong the i -predecessors of q i+1, we obtin tht π is lso (i + 1)-good. Moreover, π nd π hve identicl suffixes from step i + 1 onwrds. Finlly, by C di (π,π ) nd C di (π,π ), we obtin C di (π,π ). Given the infinite fir initil trce ˆπ on w in A, it follows from property (P) nd König s Lemm tht there exists n infinite initil trce π on w tht is i-good for every i nd C di (ˆπ, π). Therefore π is n infinite fir initil trce on w in B nd thus w L(B). One cn lso compre both endpoints of trnsitions, i.e., using reltions lrger thn the identity s in the previous cses. The following Theorems 5.3 nd 5.4 prove tht P( bw-di, di ), resp., P( bw-di, di ) re GFP. Consequently, P( bw-di, di ) is lso GFP. This is lredy nontrivil fct. To witness this, notice tht while pruning w.r.t. P(id, di )/P( bw-di,id) preserves forwrd/bckwrd simultion, respectively, pruning w.r.t. P(id, di ) disrupts bckwrd simultion, nd pruning w.r.t. P( bw-di,id) disrupts forwrd simultion. Therefore, when pruning simultneously w.r.t. the corser P( bw-di, di ) both simultions re disrupted nd the structure of the utomton cn chnge rdiclly. Let us lso notice tht, while P( bw-di, di ) nd P( bw-di, di ) re GFP on NBA, neither P( bw-di, di ) subsuming the first one, nor P( bw-di, di ) subsuming the second one, re GFP on NBA. Indeed, P( bw-di, di ) is lredy not GFP. A counter-exmple is shown in Fig. 6, where removing the dshed trnsitions p 0 q 0 (due to p 1 q 1 ) nd r 1 s 1 (due to r 0 s 0 ) cuses the word 5 e ω to be no longer ccepted; the extr trnsitions going up from the initil stte to the j j

17 EFFICIENT REDUCTION OF NONDET. AUTOMATA WITH APPLICATION TO LANGUAGE INCLUSION TESTING 17 c,c b p 0 q 0 r 0 s 0 bw-di di bw-di di p 1 q 1 r 1 s 1,d e b d FIGURE 6. P( bw-di, di ) is not GFP. b,c p 0 q 0 r 0 s 0,b bw-di di bw-di di q 1 r 1 s 1 FIGURE 7. P( bw-di, di ) is not GFP. unnmed stte nd to r 0, nd the extr trnsitions going down from q 1 to the unnmed stte nd to the ccepting stte re used in order to ensure tht the trce inclusions re strict, which shows tht the two trnsitions p 0 q 0 nd r 1 s 1 re even strictly subsumed, nd yet they cnnot both be removed, lest the lnguge be ltered. Thus, one cnnot use trce inclusions on both endpoints, i.e., t lest one endpoint must be simultion. Moreover, the endpoint using simultion must ctully use strict simultion, nd not just simultion. In fct, while P( bw-di, di ) nd P( bw-di, di ) re GFP on NBA, neither P( bw-di, di ) nor P( bw-di, di ) is GFP. A counter-exmple for the second cse is shown in Fig. 7 (the first cse is symmetric). If both dshed trnsitions re removed, the utomton stops recognizing ω. Theorem 5.3. The reltion P( bw-di, di ) is GFP on NBA. Proof. Let B = Prune(A,P( bw-di, di )). We show A B. Let w = 0 1 L(A). There exists n infinite fir initil trce ˆπ on w in A. We show w L(B). Let i 0. We cll trce π = q q1 in A on w i-good if there is no j i s.t. there exists stte q j with q j bw-di q j nd there exists n infinite trce π [ j..] from q j on the word j j+1 with C di (π[ j..],π [ j..]). First, we show tht, for every i 0, there re i-good trces in A. For the bse cse, it suffices to choose the stte q 0 to be bw-di -mximl mongst the strting points of ll infinite initil trces π on w s.t. C di (π, ˆπ). (This set is non-empty since it contins

18 18 L. CLEMENTE AND R. MAYR ˆπ.) For the inductive step, let i 1 nd let π be n infinite (i 1)-good trce on w. If π is lso i-good, then we re done. Otherwise, π is not i-good, nd there exist stte q i nd n infinite pth π [i..] from q i s.t. q i bw-di q i nd C di (π[i..],π [i..]). We further choose q i to be bw-di -mximl with the former property. By the definition of q i bw-di q i, there exists n initil pth π [0..i] = 0 j q 0 q 1 i 1 1 q i ending in q i s.t., for every j i, q j bw-di q j. (This lst property uses the fct tht bw-di propgtes bckwrd. Bckwrd direct trce inclusion bw-di does not suffice.) Thus, π = q 0 0 q 1 1 is n initil, infinite, nd fir trce on w. Moreover, it is i-good: By contrdiction, let q j be s.t. q j bw-di q j with j i. It cnnot be the cse tht j = i by the mximlity of q i. Since q j bw-di q j, it lso cnnot be the cse tht j < i since π is (i 1)-good. Thus, π is i-good. Second, by König s Lemm it follows tht there exists n initil, infinite, trce π = q 0 0 q 1 1 on w tht is i-good for every i nd C di (ˆπ, π). In prticulr, this implies tht π is fir. We show tht such π is lso possible in B by ssuming the opposite nd deriving contrdiction. Suppose tht π contins trnsition q j q j+1 tht is not present in B. Then there exists trnsition q j j q j+1 in B s.t. q j bw-di q j nd q j+1 di q j+1. Since q j j q j+1 nd q j+1 di q j+1, there exists n infinite, fir, trce π [ j..] from q j with C di (π[ j..],π [ j..]). Since q j bw-di q j, this contrdicts the fct tht π is j-good. Therefore π is fir initil trce on w in B, nd thus w L(B). Theorem 5.4. The reltion P( bw-di, di ) is GFP on NBA. Proof. Let B = Prune(A,P( bw-di, di )). We show A B. Let w = 0 1 L(A). There exists n infinite fir initil trce ˆπ on w in A. We show w L(B). For n index i 0, we define the following preorder i on infinite initil trces on w: Given two infinite initil trces π,π on w, with π = q q1 nd π = q 0 0 q 1 1, we write π i π whenever the following condition is stisfied: π i π C di (π,π ) nd j i q j di q j, nd we write π i π when, dditionlly, q i di q i. Moreover, we sy tht π is i-good whenever its first i trnsitions re lso possible in B. We show, by induction on i, the following property (PP): For every infinite initil trce π on w nd every i 0, there exists n infinite initil trce π on w s.t. π i π nd π is i-good. The bse cse i = 0 is trivilly true with π = π. For the induction step, consider n infinite initil trce π on w. By induction hypothesis, there exists n infinite initil trce π 1 = q q on w s.t. π i π 1 nd π 1 is i-good. Consequently, π i+1 π 1 holds, nd we my dditionlly ssume tht π 1 is mximl in the sense tht there is no other π which is i-good nd π 1 i+1 π. We rgue tht such mximl π 1 is necessrily (i + 1)-good. By contrdiction, ssume tht the trnsition q 1 i i q 1 i+1 is not in B. Then there exists trnsition q 2 i i q 2 i+1 in B s.t. q 1 i bw-di q 2 i nd q 1 i+1 di q 2 i+1. From the definitions of bw-di nd di it follows tht there 0 exists n infinite initil trce π 2 = q 2 0 q on w s.t. π 1 i+1 π 2. (This lst property uses the fct tht di propgtes forwrd. Direct trce inclusion di does not suffice.) By induction hypothesis, there exists n infinite initil trce π 3 = q q on w s.t. π 2 i π 3 (nd thus π 2 i+1 π 3 ) nd π 3 is i-good. Thus, π 1 i+1 π 3, which contrdicts the mximlity of π 1. Therefore, π 1 is (i + 1)-good. Given the infinite fir initil trce ˆπ on w in A, it follows from property (PP) nd König s Lemm tht there exists n infinite initil trce π on w tht is i-good for every i nd C di (ˆπ, π). Therefore π is n infinite fir initil trce on w in B, nd thus w L(B).

19 EFFICIENT REDUCTION OF NONDET. AUTOMATA WITH APPLICATION TO LANGUAGE INCLUSION TESTING 19 Notice tht Theorems 5.1 (bout P(id, di )) nd 5.3 (bout P( bw-di, di )) re incomprble: In the former, we require the source endpoints to be the sme (which is forbidden by the ltter), nd in the ltter we llow the destintion endpoints to be the sme (which is forbidden by the former), nd it is not cler whether one cn find common GFP generliztion. For the sme reson, Theorems 5.2 (bout P( bw-di,id)) nd 5.4 (bout P( bw-di, di )) re lso incomprble. Pruning w.r.t. trnsient trnsitions. Recll tht trnsition is trnsient when it ppers t most once on every pth of the utomton. (Anlogously, one cn define trnsient sttes. E.g., [65] consider vrints of direct/bckwrd simultions tht do not cre bout the ccepting sttus of trnsient sttes.) While t the beginning of the section we observed tht P(id, f ) is not GFP, it is correct to remove trnsition w.r.t. P(id, f ) when it is subsumed by trnsient one [65, Theorem 3]. This motivtes us to define the following trnsient vrint of P(R b,r f ), for R b,r f Q Q: P t (R b,r f )= {((p,,r),(p,,r )) δ δ p R b p,r R f r, nd (p,,r ) is trnsient}. The reltion P t (id, f ) using the very corse fir trce inclusion f is GFP for NBA [65]. We note tht one cnnot relx the source endpoint to go beyond the identity. In fct, P t ( bw-di, f ) nd even P t ( bw-di, de ) is lredy not GFP. A counterexmple is shown in Fig. 8: Both trnsitions p q nd q r re trnsient, nd (q,,r) P t ( bw-di, de ) (p,,q). However, removing the smller trnsition q r chnges the lnguge, since ω is no longer ccepted. However, one cn combine pruning w.r.t. trnsient trnsitions using the corse fir trce inclusion, nd simultneously pruning w.r.t. ll trnsitions using direct trce inclusion. Let R t δ δ be the reltion on trnsitions defined s R t =P(id, di ) P t (id, f ). We will use the fct tht R t is GFP when describing our utomt reduction lgorithm in Sec. 7. The following result thus generlizes Theorem 5.1. Theorem 5.5. The reltion R t is GFP on NBA. Proof. Even though the reltion R t is not trnsitive in generl, it is cyclic since R t P(id, f ). Let B = Prune(A,R t ). To show A B, let w = 0 1 L(A), nd let ˆπ be ny infinite fir initil trce on w in A. We cll trce π = q q1 on w in A i-mximl if it does j j not contin ny trnsition q j q j+1 for j < i s.t. there exists n A trnsition q j q j+1 with (q j, j,q j+1 )R t (q j, j,q j+1 ). Moreover, let tt i(π) be the number of trnsient trnsitions occurring in the first i steps of π. Since A is finitely brnching nd R t is cyclic, for every stte nd symbol there exists t lest one R t -mximl successor tht is still present in B. Thus, for every i-mximl fir trce π on w there exists n (i + 1)-mximl fir trce π on w s.t. π nd π re identicl on the first i steps. Since ˆπ is n infinite fir initil trce on w (which is trivilly 0-mximl), for every i there exists n infinite fir initil trce π i which is i-mximl nd grees with π i 1 on the first i 1 steps. Consider the sequence of these trces π i for incresing i. We hve tt i 1 ( π i 1 ) = tt i 1 ( π i ) tt i ( π i ). Since no trnsient trnsition cn repet twice in run, the limit lim i tt i ( π i ) is bounded by the finite number of trnsient trnsitions in B. Thus there exists finite number N = lim i tt i ( π i ) = tt N ( π N ). Since, for every i N, the trce π i grees with π N on the first N steps, it follows tht π i [N..] does not contin ny trnsient trnsition. Thus for every N i j, C di ( π i [N..], π j [N..]). I.e., fter N steps we re effectively pruning w.r.t. P(id, di ) (nd not P t (id, f )), nd di preserves the position of ccepting sttes. By rrnging the π i s in finitely-brnching tree, by König s lemm there exists infinite fir initil trce π which is i-mximl for every i. Therefore, π is trce in B (by mximlity), nd thus w L(B).

20 20 L. CLEMENTE AND R. MAYR,b p q r b FIGURE 8. P t ( bw-di, de ) is not GFP Pruning NFA. The proofs of the following theorems re entirely similr to their equivlents for NBA from the previous section except for the fct tht simple induction on the length of the word suffices (nd thus König s Lemm is not needed), nd thus they will not be repeted here. The difference is tht forwrd trce inclusion fw needs only to mtch ccepting sttes t the end of the computtion (nd not throughout the computtion s in NBA), nd, symmetriclly, bckwrd trce inclusion bw needs only to mtch initil sttes t the beginning of the computtion (nd not lso ccepting sttes throughout s in NBA). An nlogue of pruning trnsient trnsitions for NBA s in Theorem 5.5 is missing for NFA, since pruning w.r.t. corser cceptnce conditions like in delyed or fir trce inclusion does not pply to finite words. Theorem 5.6. For every strict prtil order R fw, P(id,R) is GFP on NFA. In prticulr, P(id, fw ) is GFP. Theorem 5.7. For every strict prtil order R bw, P(R,id) is GFP on NFA. In prticulr, P( bw,id) is GFP. Theorem 5.8. The reltion P( bw, fw ) is GFP on NFA. Theorem 5.9. The reltion P( bw, di ) is GFP on NFA. 6. LOOKAHEAD SIMULATION While trce inclusions re theoreticlly ppeling s GFQ/GFI/GFP preorders corser thn simultions, it is not fesible to use them in prctice, becuse they re too hrd to compute (even their membership problem is PSPACE-complete [56, 49]). Multipebble simultions ([24]; cf. Sec. 3.2) constitute sound under-pproximtions to trce inclusions, nd by vrying the number of pebbles one cn chieve better trdeoff between complexity nd size thn just computing the full trce inclusion. However, computing multipebble simultions with k > 0 pebbles requires solving gme of size n n k (where n is the number of sttes of the utomton), which is not fesible in prctice, even for modest vlues for k. (Even for k = 2 one hs cubic best-cse complexity, which severely limits the size of n tht cn be hndled.) For this reson, we consider different wy to extend Duplictor s power, i.e., by using lookhed on the moves of Spoiler. While lookhed itself is clssic concept, it cn be defined in severl wys in the context of dversril gmes, like simultion. We compre different vrints for computtionl efficiency nd pproximtion qulity: multistep simultion (Sec. 6.1), continuous simultion (Sec. 6.2), culminting in lookhed simultion (6.3), which offers the best compromise, nd it is the min object of study of this section. We will use lookhed simultion in our utomt reduction (Sec. 7) nd inclusion testing lgorithms (Sec. 8). In the following, we let n be the number of the sttes of the utomton.

21 EFFICIENT REDUCTION OF NONDET. AUTOMATA WITH APPLICATION TO LANGUAGE INCLUSION TESTING Multistep simultion. In k-step simultion the plyers select sequences of trnsitions of length k > 0 insted of single trnsitions. This gives Duplictor more informtion, nd thus yields lrger simultion reltion. In generl, k-step simultion nd k-pebble simultion re incomprble, but k-step simultion is strictly contined in n-pebble simultion. However, the rigid use of lookhed in big-steps cuses t lest two issues: First, for n NBA with mximl out-degree d, in every round we hve to explore up-to d k different moves for ech plyer, which is too lrge in prctice (e.g., d = 4, k = 12). Second, Duplictor s lookhed vries between 1 nd k, depending where she is in her response to Spoiler s long move. Thus, Duplictor might lck lookhed where it is most needed, while hving lrge lookhed in other situtions where it is not useful. In the next notion, we ttempt t meliorting this Continuous simultion. In k-continuous simultion, Duplictor is continuously kept informed bout Spoiler s next k > 0 moves, i.e., he lwys hs lookhed k. Initilly, Spoiler mkes k moves, nd from this point on they lternte mking one move ech (nd mtching the corresponding input symbols). Thus, k-continuous simultion is corser thn k-step simultion. In generl, it is incomprble with k-pebble simultion for k < n, but it is lwys contined in k-pebble simultion for k = n, nd there re exmples where the continment is strict. Note tht here the configurtion of the gme consists not only of the current sttes of Spoiler nd Duplictor, but lso of the nnounced k next moves of Spoiler. While this is rgubly the strongest wy of giving lookhed to Duplictor, it requires storing n 2 d k 1 configurtions (for brnching degree d), which is infesible for non-trivil n nd k (e.g., n = 10000, d = 4, k = 12) Lookhed simultion. We introduce k-lookhed simultion s n optiml compromise between the finer k-step nd the corser k-continuous simultion. Intuitively, we put the lookhed under Duplictor s control, who cn choose t ech round nd depending on Spoiler s move how much lookhed he needs (up to k). Formlly, configurtions re pirs (p i,q i ) of sttes. From configurtion (p i,q i ), one round of the gme is plyed s follows. i+1 i+k 1 Spoiler chooses sequence of k consecutive trnsitions p i pi+1 pi+k. Duplictor chooses degree of lookhed m between 1 nd k. Duplictor responds with sequence of m trnsitions q i i+1 i+m 1 i qi+1 qi+m. i+m i+m+1 i+k 1 The remining k m moves of Spoiler p i+m pi+m+1 pi+k re forgotten, nd the next configurtion is (p i+m,q i+m ); in prticulr, in the next round Spoiler cn chose different ttck from p i+m. In this wy, the plyers build s usul two infinite trces π 0 from p 0 nd π 1 from q 0. Bckwrd simultion is defined similrly with bckwrd trnsitions. For ny cceptnce condition x {di,de,f}, Duplictor wins this ply if C x (π 0,π 1 ) holds, for x = bw-di we require CI,F bw(π 0,π 1 ) (cf. Sec. 3.5), nd for x = bw we require CI bw (π 0,π 1 ) (cf. Sec. 3.6). Definition 6.1. Two sttes (p 0,q 0 ) re in k-lookhed x-simultion, written p 0 k-x q 0, iff Duplictor hs winning strtegy in the bove gme. In generl, greter lookhed yields corser lookhed reltions, i.e., h-x k-x whenever h k, nd moreover it is not difficult to find exmples where the inclusion is ctully strict when h < k. A simple such exmple (not depending on the choice of x) for the cse h = 1 nd k = 2 cn be found in Fig. 9 (which is lso used below to show non-trnsitivity): First, we hve p 0 1 q 0, since Duplictor must choose whether to go to q 1 (nd then Spoiler wins by plying b) or to q 2 (nd then Spoiler wins by plying ). Moreover, p 0 2 q 0 holds, since now with lookhed k = 2 we let i

22 22 L. CLEMENTE AND R. MAYR,b p 0 2 q 0 b 2,b,b q 1 q 2 r 0,b,b r 1 r 2 b b FIGURE 9. A lookehed simultion exmple. Duplictor tke the trnsition vi q 1 or q 2 depending on whether Spoiler plys the word ( + b) or ( + b)b, respectively. Remrk 6.1. k-lookhed simultion is not trnsitive for k 2. Consider gin the exmple in Fig. 9. We hve p 0 k q 0 k r 0 (nd k = 2 suffices), but p 0 k r 0 for ny k > 0. We hve lredy seen bove tht p 0 k q 0 holds for k = 2. Moreover, q 0 k r 0 holds by the following resoning, with k = 2: If Spoiler goes to q 1 or q 2, then Duplictor goes to r 1 or r 2, respectively. Then, it cn be shown tht q 1 k r 1 holds s follows (the cse q 2 k r 2 is similr). If Spoiler tkes trnsitions q 1 q 0 q 1, then Duplictor does r 1 r 1 r 1, nd if Spoiler does q 1 q 0 b q 1, then b r 1. The other cses re similr. Finlly, p 0 k r 0, for ny k > 0: From Duplictor does r 1 r 2 r 0, Duplictor cn ply trce for ny word w of length k > 0, but in order to extend it to trce of length k + 1 for ny w = w or wb, she needs to know whether the lst (k + 1)-th symbol is or b. Thus, no finite lookhed suffices for Duplictor. Non-trnsitivity of lookhed simultion k-x (unless k = 1) is not n obstcle to its pplictions. Since we use it to under-pproximte suitble preorders, we consider its trnsitive closure insted (which is preorder), which we denote by k-x. Moreover, we denote its symmetric restriction by k-x = k-x \( k-x ) 1. Lemm 6.1. For k > 0 nd x {di,de,f,bw-di}, the trnsitive closure of k-lookhed x-simultion k-x is GFI. Moreover, it is GFQ for x f. Proof. Being GFQ/GFI follows from the fct tht lookhed simultion is included in the corresponding trce inclusion/multipebble simultion, which is GFI (cf. Sec. 4, nd in prticulr Theorem 4.1 for bckwrd trce inclusion), nd GFQ for x {di,de} by Lemm 3.4, nd for x = bw-di by Theorem 3.6. Remrk 6.2. While quotienting w.r.t. ordinry simultion (i.e., lookhed k = 1) preserves ordinry simultion itself in the sense tht quotient clss [p] in the quotient utomton A/ k is simultion equivlent to p, this is not the cse when considering lrger lookhed k > 1. This is consequence of lck of trnsitivity; cf. Fig 10, which builds on the previous non-trnsitivity exmple of Fig 9. Here nd in the following we define k s k k, i.e., the lrgest equivlence included in k. (Notice tht A/ k is the sme s A/ k by definition of quotienting.) We hve tht p 0 2 q 0 2 r 0, q 1 2 r 1, q 2 2 r 2, nd q 2 r (which follows from the discussion in Remrk 6.1), nd thus we obtin the quotient utomton A/ 2 on the right. However, {q,r} 2 r, since Spoiler cn ply

23 EFFICIENT REDUCTION OF NONDET. AUTOMATA WITH APPLICATION TO LANGUAGE INCLUSION TESTING 23 {q,r},b q r,b p 0 2 q 0 b 2,b,b,b r 0,b q 1 q 2 r 1 r 2 b b () The originl utomton A {p 0,q 0,r 0 } b,b,b {q 1,r 1 } {q 2,r 2 } b b (b) The quotient utomton A/ 2 FIGURE 10. Lookehed simultion is not preserved under quotienting. {q,r} {p 0,q 0,r 0 } {p 0,q 0,r 0 } nd Duplictor replies with either (1) r r 0, but this is losing since {p 0,q 0,r 0 } 2 r 0 (cf. Remrk 6.1), or (2) r r 0 r 1, but this is losing since Spoiler cn then ply b letter (which is not vilble from r 1 ), or symmetriclly (3) r r 0 r 2, but this is losing too since Spoiler plys in this cse. While lookhed simultion is not preserved under quotienting, the lemm bove shows tht the recognized lnguge is nonetheless preserved, which is ll tht we cre bout for correctness. Lookhed simultion offers better reduction under quotienting thn ordinry (i.e., k = 1) simultion. We will define fmily of utomt A n of size O(n 2 ) which is not compressible w.r.t. ordinry simultion, but which is compressed to size O(n) w.r.t. simultion with lookhed k = 2. Therefore, quotienting w.r.t. lookhed simultion performs better thn w.r.t. ordinry simultion by liner fctor t lest. The construction of A n is s follows. The lphbet is Σ = {,b 1,...,b n }. There is stte p {i, j} for every unordered pir {i, j} {1,...,n}, there is stte q i for every i {1,...,n}, nd finlly we hve stte r. Trnsitions re s follows: p {i, j} q i, p {i, j} q j, Σ\{b i } nd q i r for every unordered pir {i, j} {1,...,n}. This utomton is incompressible w.r.t. ordinry simultion since ech two distinct p {i, j}, p {k,h} re 1 -incomprble: For instnce, ssume w.l.o.g. tht i {k,h}. Spoiler tkes trnsition p {i, j} q i, nd now Duplictor tkes either trnsition p {k,h} q k, which is losing since Spoiler plys b k in this cse, or trnsition p {k,h} q h, which is lso losing since Spoiler plys b h in this cse. On the other hnd, with lookhed k = 2 we cn redily see tht p {i, j} 2 p {h,k} (thus flling in the sme quotient clss), since now Duplictor cn lwys mtch Spoiler s choice in the second round becuse Σ \ {b h } Σ \ {b k } = Σ. Lookhed simultion offers the optiml trdeoff between k-step nd k-continuous simultion. Since the lookhed is discrded t ech round, k-lookhed simultion is (strictly) included in k-continuous simultion (where the lookhed is never discrded). However, this hs the benefit

24 24 L. CLEMENTE AND R. MAYR of only requiring to store n 2 configurtions, which mkes computing lookhed simultion spceefficient. On the other hnd, when Duplictor lwys chooses mximl reply m = k we recover k-step simultion, which is thus included in k-lookhed simultion. Moreover, thnks to the fct tht Duplictor controls the lookhed, most rounds of the gme cn be solved without ever reching the mximl lookhed k: 1) for fixed ttck by Spoiler, we only consider Duplictor s responses for smll m = 1,2,...,k until we find winning one, nd 2) lso Spoiler s ttcks cn be built incrementlly since, if she loses for some lookhed, then she lso loses for ny lrger one. In prctice, this gretly speeds up the computtion, nd llows us to use lookheds in the rnge 4-25, depending on the size nd structure of the utomt; see Sec. 9 for the experimentl evlution nd benchmrk ginst the GOAL tool [68]. Remrk 6.3. k-lookhed simultion cn lso be expressed s restriction of n-pebble simultion, where Duplictor is llowed to split pebbles mximlly (thus n-pebbles), but fter number m k rounds (where m is chosen dynmiclly by Duplictor) he hs to discrd ll but one pebble. Then Duplictor is llowed to split pebbles mximlly gin, etc. Thus, k-lookhed simultion is contined in n-pebble simultion, though it is generlly incomprble with k-pebble simultion. Remrk 6.4. In [43, 44] very similr lookhed-like simultions re presented. In prticulr, [43] defines two vrints of wht they cll multi-letter simultions. The sttic vrint is the sme s multistep simultion from Sec. 6.1, nd the dynmic vrint corresponds to the cse where Duplictor chooses the mount of lookhed t ech round, independently of Spoiler s ttck; thus, dynmic multi-letter simultion is included in lookhed simultion, since in the ltter, Duplictor chooses the mount of lookhed ctully used (i.e., the length of the response) depending on Spoiler s ttck. Moreover, [44] introduces wht they cll buffered simultions, which extend multi-letter simultions by considering unbounded lookhed. In prticulr, wht they cll look-hed buffered simultions correspond to lookhed simultions s presented in Sec. 6.3 without uniform bound on the mximl mount of lookhed tht Duplictor cn choose t ech round, nd they prove tht they re PSPACE-complete to compute. Similrly, the more liberl vrint tht they cll continuous look-hed buffered simultions corresponds to continuous simultions s presented in Sec. 6.2, nd they show tht they re EXPTIME-complete to compute. While in principle it might seem tht buffered simultions subsume lookhed/continuous simultions, in fct from the results of [47] it cn be estblished tht n exponentil mount of lookhed suffices in both cses, nd thus buffered simultions coincide with lookhed/continuous simultions from this section for sufficiently lrge (but fixed in dvnce) lookhed Fixpoint logic chrcteriztion. We conclude this section by giving chrcteriztion of lookhed simultion in the modl µ-clculus. While this chrcteriztion could be used s the bsis of n lgorithm to compute lookhed simultions symboliclly by using fixpoint itertion, it is more efficient to consider lookhed simultions s specil cse of multipebble simultions, s described in Remrk 6.3. See Section 11 for detils on efficient implementtions. The µ-clculus chrcteriztion follows from the following preservtion property enjoyed by lookhed simultion: Let x {di, de, f, bw-di} nd k > 0. When Duplictor plys ccording to winning strtegy, in ny configurtion (p i,q i ) of the resulting ply, p i k-x q i holds. Thus, k- lookhed simultion (without cceptnce condition) cn be chrcterized s the lrgest X Q Q which is closed under certin monotone predecessor opertor. For convenience, we tke the point of view of Spoiler, nd compute the complement reltion W x = (Q Q)\ k-x insted. This is prticulrly useful for delyed simultion, since we cn void recording the obligtion bit (see [26]) by using the technique of [46].

25 EFFICIENT REDUCTION OF NONDET. AUTOMATA WITH APPLICATION TO LANGUAGE INCLUSION TESTING Direct nd bckwrd simultion. Consider the following monotone (w.r.t. ) predecessor opertor CPre di (X), for ny set X Q Q: CPre di (X) = {(p 0,q 0 ) (p k 1 p1 pk ) (q m 1 q1 qm ) 4 with 0 < m k, either (0 j m) p j F nd q j F, or (p m,q m ) X}. Intuitively, (p,q) CPre di (X) iff, from position (p,q), in one round of the gme Spoiler cn either force the gme in X, or win immeditely by violting the winning condition for direct simultion. For bckwrd simultion, CPre bw-di (X) is defined nlogously, except tht trnsitions re reversed nd lso initil sttes re tken into ccount: CPre bw-di (X) = {(p 0,q 0 ) (p k 1 p1 pk ) (q m 1 q1 qm ) with 0 < m k, either (0 j m) p j F nd q j F, or (0 j m) p j I nd q j I, or (p m,q m ) X}. Remrk 6.5. The definition of CPre x (X) requires tht the utomton hs no dedlocks; otherwise, Spoiler would incorrectly lose if she cn only perform t most k < k trnsitions. We ssume tht the utomton is complete to keep the definition simple, but our implementtion works with generl utomt. For X = /0, CPre x (X) is the set of sttes from which Spoiler wins in t most one step. Thus, Spoiler wins iff she cn eventully rech CPre x (/0). Formlly, for x {di,bw-di}, W x = µw CPre x (W) Delyed nd fir simultion. We introduce more elborte three-rguments predecessor opertor CPre(X,Y, Z). Intuitively, configurtion belongs to CPre(X,Y, Z) iff Spoiler cn mke move s.t., for ny Duplictor s reply, t lest one of the following conditions holds: (1) Spoiler visits n ccepting stte, while Duplictor never does so; then, the gme goes to X. (2) Duplictor never visits n ccepting stte; the gme goes to Y. (3) The gme goes to Z (without ny further condition). CPre(X,Y,Z) = {(p 0,q 0 ) (p k 1 p1 pk ) (q m 1 q1 qm ) with 0 < m k, either (0 i m) p i F, (i j m) q j F,(p m,q m ) X, or (0 j m) q j F,(p m,q m ) Y, or (p m,q m ) Z}. 4 b Here nd in the following, this is shorthnd for 0 b (q0 1 b m 1 q1 qm ) with 0 = b 0,..., m 1 = b m 1.

26 26 L. CLEMENTE AND R. MAYR For fir simultion, Spoiler wins iff, except for finitely mny rounds (lest fixpoint µz), she visits ccepting sttes infinitely often while Duplictor does not visit ny ccepting stte t ll (gretest nd lest fixpoints νxµy ): W f = µz νx µy CPre(X,Y,Z). Indeed, for fixed X nd Z, configurtion belongs to µy CPre(X,Y,Z) if Spoiler cn force the gme in finite number of steps to either visit n ccepting stte nd go to X (while Duplictor never visits n ccepting stte), or go to Z (with the possibility tht Duplictor visits n ccepting stte). Thus, for fixed Z, configurtion belongs to νx µy CPre(X,Y,Z) if Spoiler cn visit ccepting sttes infinitely often while Duplictor never visits n ccepting stte, or go to Z. Finlly, configurtion belongs to W f if Spoiler cn force the gme in finite number of steps to configurtion from where she cn visit infinitely mny ccepting sttes while Duplictor never visits n ccepting stte, s required by the fir winning condition for Spoiler. For delyed simultion, Spoiler wins if, fter finitely mny rounds, 1) she cn visit n ccepting stte, nd from this moment on 2) she cn prevent Duplictor from visiting ccepting sttes in the future. For condition 1), let CPre 1 (X,Y ) := CPre(X, /0,Y ), nd, for 2), CPre 2 (X,Y ) := CPre(/0,X,Y ). From the definition, configurtion belongs to CPre 1 (X,Y ) if Spoiler cn in one step either visit n ccepting stte (while Duplictor does not do so) nd go to X, or go to Y. Similrly, configurtion belongs to CPre 2 (X,Y ) if Spoiler cn in one step either force the gme to X while Duplictor does not visit n ccepting stte, or force the gme to Y. Then, W de = µw CPre 1 (νx CPre 2 (X,W),W). Indeed, for ny fixed X, µw CPre 1 (X,W) is the set of configurtions from which Spoiler cn force visit to n ccepting stte in finite number of steps (nd Duplictor does not visit n ccepting stte fter Spoiler hs done so) nd go to X, nd for ny fixed W, νx CPre 2 (X,W) is the lrgest set of configurtions from where Spoiler cn prevent Duplictor from visiting ccepting sttes, or go to W. Therefore configurtion is in W de if Spoiler cn force visit to n ccepting stte in finite number of steps, fter which she cn prevent Duplictor from visiting ccepting sttes ever fter, s required by the delyed winning condition for Spoiler. 7. THE AUTOMATA REDUCTION ALGORITHM 7.1. Nondeterministic Büchi Automt. We reduce nondeterministic Büchi utomt by the quotienting nd trnsition pruning techniques from Sections 3 nd 5. While trce inclusions would be n idel bsis for such techniques, they (i.e., their membership problems) re PSPACE-complete. Insted, we use the lookhed simultions from Sec. 6 s efficiently computble under-pproximtions; in prticulr, we use direct lookhed simultion k-di in plce of direct trce inclusion di, delyed lookhed simultion k-de in plce of delyed fixed-word simultion fx-de, fir lookhed simultion k-f in plce of fir trce inclusion f, nd bckwrd direct lookhed simultion k-bw-di in plce of bckwrd direct trce inclusion bw-di. For quotienting, we employ delyed k-de, nd bckwrd k-lookhed k-bw-di simultions, which re GFQ by Lemm 6.1. For pruning, we pply the results of Sec. 5 nd the substitutions bove to obtin the following incomprble GFP reltions:

27 EFFICIENT REDUCTION OF NONDET. AUTOMATA WITH APPLICATION TO LANGUAGE INCLUSION TESTING 27 P(id, k-di ) (by Theorem 5.1), P( k-bw-di,id) (by Theorem 5.2), P( bw-di, k-di ) (by Theorem 5.3), P( k-bw-di, di ) (by Theorem 5.4), nd P t (id, k-f ) (by Theorem 5.5). Below we describe two possible wys to combine our simplifiction techniques: Hevy-k nd Light-k (which re prmeterized by the lookhed vlue k) Hevy-k. We dvocte the following reduction procedure, which repetedly pplies ll the techniques described in this pper until the utomton cnnot be further modified: Remove ded sttes. Prune trnsitions w.r.t. the GFP reltions bove (using lookhed k). Quotient w.r.t. k-de nd k-bw-di. The resulting simplified utomton cnnot be further reduced by ny of these techniques. In this sense, it is locl minimum in the spce of utomt (w.r.t. this set of reduction techniques). Mny different vrints re possible where the techniques bove re pplied in different orders. In prticulr, pplying the techniques in different order might produce different locl minimum. In generl, there does not exist n optiml order tht works best in every instnce. One reson for this is tht one needs to decide whether to first quotient w.r.t. bckwrd simultion nd then to quotient w.r.t. forwrd simultion or vice-vers; cf. Fig. 11. In prctice, the order is determined by efficiency considertions nd esily computble opertions re used first. More exctly, our implementtion uses nested loop, where the inner loop uses only lookhed 1 (until fixpoint is reched), while the outer loop uses lookhed k. In other words, the lgorithm uses expensive opertions only when chep opertions hve no more effect. For detils bout the precise order of the techniques in our implementtion, the reder is referred to [1] (lgorithms/minimiztion.jv). Remrk 7.1. Quotienting w.r.t. simultion is idempotent, since quotienting itself preserves simultion. However, in generl this is not true for lookhed simultions, becuse these reltions re not preserved under quotienting. Moreover, quotienting w.r.t. forwrd simultions does not preserve bckwrd simultions, nd vice-vers. Our experiments showed tht repetedly nd lterntingly quotienting w.r.t. k-de nd k-bw-di (in ddition to our pruning techniques) yields the best reduction effect. The Hevy-k procedure strictly subsumes ll simultion-bsed utomt reduction methods described in the literture (removing ded sttes, quotienting, pruning of little brother trnsitions, medited preorder (see Sec. 7.3)), except for the following two: (1) The fir simultion reduction of [35] is implemented in GOAL [68], nd works by tenttively merging fir simultion equivlent sttes nd then checking if this opertion preserved the lnguge. (In generl, fir simultion is not GFQ.) It potentilly subsumes quotienting with de, provided tht the chosen merged sttes re not only fir simultion equivlent, but lso delyed simultion equivlent. However, it does not subsume quotienting with k-de. We benchmrked our methods ginst it nd found Hevy-k to be much better in both effect nd efficiency; cf. Sec. 9. (2) The GFQ jumping-sfe preorders of [16, 17] re incomprble to the techniques described in this pper. If pplied in ddition to Hevy-k (for quotienting only, since they re GFQ but

28 28 L. CLEMENTE AND R. MAYR p b c q r s b,b u p {q,r},b b c s,b u t A/ bw p {q,r,s},b c t (A/ bw )/ fw,b u t The originl NFA A p,c b {q,t} r b,b u p,c b {q,t} r b,b u s A/ fw s (A/ fw )/ bw = A/ fw FIGURE 11. There is no universlly optiml order of pplying quotienting opertions. In this exmple, it is best to first quotient the NFA A w.r.t. bckwrd simultion nd then to quotient it w.r.t. forwrd simultion. Thus one obtins n irrecucible NFA with 4 sttes (first row bove), while the reverse order yields n irrecucible NFA with 5 sttes (second row bove). To obtin dul exmple where it is best to first quotient w.r.t. forwrd simultion, just reverse the direction of ll trnsitions in the originl utomton A nd mke stte u initil insted of p. To obtin similr exmple for Büchi utomt, just dd self-loop with ction d t stte u (resp. t stte p for the dul exmple). not GFP), they yield modest extr reduction effect. In our experiments in Sec. 9 we lso benchmrked n extended version of Hevy-k, clled Hevy-k-jump, tht dditionlly uses the jumping-sfe preorders of [16, 17] for quotienting Light-k. This reduction procedure is defined purely for comprison resons. It demonstrtes the effect of the lookhed k in single quotienting opertion nd works s follows: Remove ll ded sttes nd then quotient w.r.t. k-de. Although Light-k chieves much less thn Hevy-k, it is not necessrily fster. This is becuse it uses the more expensive to compute reltion k-de directly, while Hevy-k pplies other cheper (pruning) opertions first nd only then computes k-de on the resulting smller utomton Nondeterministic Finite Automt. Most of the techniques from Sec. 7.1 crry over to NFA, except for the following differences. Delyed nd fir simultion do not pply to NFA. Thus, pruning w.r.t. P t (id, k-f ) is omitted. Moreover, insted of quotienting with the trnsitive closures of lookhed delyed

29 EFFICIENT REDUCTION OF NONDET. AUTOMATA WITH APPLICATION TO LANGUAGE INCLUSION TESTING 29 simultion k-de nd lookhed bckwrd direct simultion k-bw-di, we quotient NFA with the trnsitive closures of lookhed forwrd direct simultion k-di nd lookhed bckwrd simultion k-bw. Those re included in forwrd fw nd bckwrd bw finite trce inclusion, respectively, nd thus they re GFQ on NFA by Theorem 3.7. The trnsition pruning techniques use k-bw insted of k-bw-di. The correctness for NFA follows from the theorems in Sec Unlike NBA, every NFA cn be trnsformed into n equivlent one with just single ccepting stte without ny outgoing trnsitions (unless the lnguge contins the empty word; this cse cn be hndled seprtely), s follows: 1) Add new ccepting stte cc. 2) For every trnsition p q where q is ccepting nd q cc, dd trnsition p cc. 3) Mke cc the only ccepting stte. This trnsformtion dds just one stte, but possibly mny trnsitions. In this new form, the direct forwrd nd bckwrd (lookhed) simultions re significntly lrger, becuse the cceptnce conditions re esier to stisfy. This gretly increses the effect of the remining quotienting nd pruning reduction methods, nd prtly offsets the negtive effect cused by the loss of the delyed nd fir simultion bsed methods. A vrint of the GFQ jumping-sfe preorders of [16, 17] cn lso be pplied to NFA. Unlike the version for NBA, it does not mke use of (jumping) delyed simultion, but uses (jumping) direct forwrd nd bckwrd simultions. It is implemented only in the extended Hevy-k-jump version of the NFA reduction lgorithm; cf. Sec Quotienting w.r.t. medited simultion. We show tht the quotienting nd trnsition pruning techniques described bove subsume quotienting w.r.t. medited preorder [6, 7] (but not vice-vers), in the sense tht fter pplying our reduction lgorithm, quotienting w.r.t. medited preorder provbly does not yield ny further reduction. Medited preorder ws originlly defined for lternting Büchi utomt s n ttempt t combining bckwrd nd forwrd simultions for utomt reduction. Here, we consider its restriction to nondeterministic Büchi utomt (nd the rguments crry over directly to NFA). Definition 7.1 ([6, 7]). A reltion M Q Q is medited simultion 5 if 1) M di bw-di nd 2) M di M. It cn be shown tht medited simultions re closed under union nd composition, nd thus there exists lrgest medited simultion preorder m which is the union of ll medited simultions, nd [6, 7] further shows tht m is GFQ. However, n utomton A tht hs been reduced by the techniques described bove cnnot be further reduced by medited preorder. First, we hve A = A/ bw-di = A/ di by repeted quotienting. Second, there cnnot exist ny (distinct) sttes p nd q in A s.t. p di q nd p bw-di q by the pruning techniques bove (used with simultions s pproximtions for trce inclusions) nd the removl of ded sttes. Indeed, if such sttes p nd q exist, then p is removed: First, every forwrd trnsition p p from p is subsumed by corresponding trnsition q q from q s.t. p di q. Similrly, every bckwrd trnsition to p is subsumed by corresponding trnsition to q. Therefore, fter pruning wy ll these trnsitions w.r.t. P( bw-di, di ), stte p becomes ded, nd it is thus removed. Under these conditions, further quotienting with medited preorder hs no effect, s the following theorem shows. 5 For two reltions A,B Q Q, we write A B for the reltion A B Q Q s.t. (x,y) A B iff there exists z s.t. (x,z) A nd (z,y) B.

30 30 L. CLEMENTE AND R. MAYR Lemm 7.1. Let A be n utomton s.t. (1) di di = id, (2) bw-di bw-di = id, nd (3) di bw-di = id. Then, m m = id, i.e., A = A/ m. Proof. Let x m y nd y m x. By definition of m, there exist meditors z nd w s.t. x di z nd y bw-di z, nd x bw-di w nd y di w. Since m di m we hve x m w. Thus, there exists meditor k s.t. x di k nd w bw-di k. By trnsitivity of bw-di, we lso hve x bw-di k. By (3), we get x = k. Thus, x bw-di w nd w bw-di x. By (2), we get x = w. Thus, y di w = x di z, nd, by trnsitivity, y di z. Moreover, y bw-di z s bove. By (3) we get z = y. Thus, x di z = y nd y di w = x. By (1), we get x = y. 8. LANGUAGE INCLUSION CHECKING In most of this section we consider the lnguge inclusion problem for NBA. For the simpler cse of lnguge inclusion on NFA see Sec The generl lnguge inclusion problem A B is PSPACE-complete [49]; the complexity reduces to PTIME in certin specil instnces, for exmple when B is deterministic [50] or, more generlly, strongly unmbiguous [13]. It cn be solved vi complementtion of B [64, 68] nd, more efficiently, by rnk-bsed (cf. [27] nd references therein) or Rmsey-bsed methods [28, 29, 3, 4], or vrints of Pitermn s construction [60, 68]; simultion reltions [22] or succinct pseudocomplementtion constructions [50] (cf. Remrk 4.1) cn provide PTIME under-pproximtions for this problem, but do not lwys mnge to prove ll cses when inclusion holds. Since the exct lgorithms ll hve exponentil time complexity, it helps significntly to first reduce the utomt in preprocessing step. Better reduction techniques, s described in the previous sections, mke it possible to solve significntly lrger instnces. However, our simultion-bsed techniques cn not only be used in preprocessing to reduce the size of utomt, but ctully solve most instnces of the inclusion problem directly by reducing to trivil instnces. This is significnt, becuse simultion scles polynomilly (lmost qudrtic verge-cse complexity; cf. Sec. 9) Inclusion-preserving reduction techniques. Inclusion testing lgorithms generlly benefit from lnguge-preserving reduction preprocessing (cf. Sec. 7). However, precisely preserving the lnguges of A nd B in the preprocessing is not ctully necessry when one is only interested in the nswer to the query A B. A preprocessing on A,B is sid to be inclusion-preserving iff it produces utomt A,B s.t. A B A B (regrdless of whether A A or B B ). In the following, we consider two inclusion-preserving preprocessing steps Simplify A. In theory, the problem A B is only hrd in B, but polynomil in the size of A. However, this is only relevnt if one ctully constructs the exponentil-size complement of B, which is, of course, to be voided. For polynomil simultion-bsed lgorithms it is crucil to lso reduce A. The ide is to remove trnsitions in A which re covered by better trnsitions in B. The development below is similr to the pruning of trnsitions in Sec. 5, except tht we compre trnsitions of A with trnsitions of B. Definition 8.1. Given A = (Σ,Q A,I A,F A,δ A ), B = (Σ,Q B,I B,F B,δ B ), let P δ A δ B. The pruned version of A is Prune(A,B,P) := (Σ,Q A,I A,F A,δ ) with δ = {(p,,r) δ A (p,,r ) δ B.(p,,r)P(p,,r )}.

31 EFFICIENT REDUCTION OF NONDET. AUTOMATA WITH APPLICATION TO LANGUAGE INCLUSION TESTING 31 A B implies Prune(A,B,P) B, since Prune(A,B,P) A. When lso the other direction holds (so tht pruning is inclusion-preserving), we sy tht P is good for A,B-pruning. Intuitively, pruning is correct when the removed trnsitions do not llow A to ccept ny word which is not lredy ccepted by B. In other words, if there is counter exmple to inclusion in A, then it cn even be found in Prune(A,B,P). Definition 8.2. A reltion P δ A δ B is good for A,B-pruning if A B Prune(A,B,P) B. As in Eq. 5.1, we compre trnsitions by looking t their endpoints: For stte reltions R b,r f Q A Q B, the reltion P A,B (R b,r f ) on trnsitions is defined s P A,B (R b,r f )= {((p,,r),(p,,r )) δ A δ B p R b p nd r R f r }. Since inclusion-preserving pruning does not need to respect the lnguge, we cn use much corser reltions for compring endpoints. Recll tht fir trce inclusion f sks to mtch infinite trces contining infinitely mny ccepting sttes (cf. Sec. 3.3), while tht bckwrd finite trce inclusion bw disregrds ccepting sttes entirely nd only sks to mtch finite trces tht strt in initil sttes (cf. Sec. 3.6). Theorem 8.1. P A,B ( bw, f ) is good for A,B-pruning. Proof. Let P =P A,B ( bw, f ), nd we wnt to prove tht A B iff Prune(A,B,P) B. The only if direction is trivil, s remrked bove. For the if direction, by contrposition, ssume Prune(A,B,P) B, but A B. There exists w L(A) s.t. w / L(B). There exists n initil fir trce π = q q1 on w in A. There re two cses. (1) π does not contin ny trnsition q i i qi+1 tht is not present in Prune(A,B,P). Then π is lso n initil fir trce on w in Prune(A,B,P), nd thus we obtin w L(Prune(A,B,P)) nd w L(B). Contrdiction. (2) π contins trnsition q i i qi+1 tht is not present in Prune(A,B,P). Therefore there exists trnsition q i i q i+1 in B s.t. q i bw q i nd q i+1 f q i+1. Thus there exists n initil fir trce on w in B nd thus w L(B). Contrdiction. We cn pproximte bw with the trnsitive closure k-bw of the corresponding k-lookhed simultion k-bw. (Recll tht k-bw is defined like k-bw-di, except tht only initil sttes re considered, i.e., the winning condition is CI bw insted of CI,F bw ; cf. Sec. 3.6.) Since good for A,B-pruning is -downwrd closed nd P A,B (, ) is monotone, we obtin the following corollry of Theorem 8.1. Corollry 8.2. P A,B ( k-bw, k-f ) is good for A,B-pruning Simplify B. The following technique is independent of the use of simultion-bsed reduction, but it is nonetheless worth mentioning, nd moreover we include it in our reduction lgorithm. Let A B be the synchronized product of A nd B. The ide is to remove sttes in B which cnnot be reched in A B. Let R be the set of sttes in A B rechble from I A I B, nd let X Q B be the projection of R to the B-component. We obtin B from B by removing ll sttes not in X nd their ssocited trnsitions. Although B B, this opertion is clerly inclusion-preserving. Note tht first simplifying A s in Sec yields fewer rechble sttes in A B nd thus increses the effect of the technique for simplifying B.

32 32 L. CLEMENTE AND R. MAYR 8.2. Jumping fir simultion s better GFI reltion. We further generlize the GFI preorder k-f by llowing Duplictor even more freedom. The ide is to llow Duplictor to tke jumps during the simultion gme (in the spirit of [17]). For preorder on Q, in the gme for - jumping k-lookhed simultion, Duplictor is llowed to jump to -lrger sttes before tking trnsition. Thus, Duplictor s move is of the form q i q i i qi+1 q i+1 i+m 1 i+1 qi+m, nd he eventully builds n infinite -jumping trce. We sy tht this trce is ccepting t step i iff q i F.q i q i q i, nd fir iff it is ccepting infinitely often. As usul, -jumping k-lookhed fir simultion holds iff Duplictor wins the corresponding gme, with the fir winning condition lifted to jumping trces. Not ll preorders induce GFI jumping simultions. The preorder is clled jumping-sfe [17] if, for every word w, there exists -jumping initil fir trce on w iff there exists n initil fir non-jumping one. Thus, jumping-sfe preorders llows to convert jumping trces into non-jumping ones. Consequently, for jumping-sfe preorder, -jumping k-lookhed fir simultion is GFI. One cn esily prove tht bw-di is jumping-sfe, while bw is not. We even improve bw-di to slightly more generl jumping-sfe reltion bw-c, by only requiring tht Duplictor visits t lest s mny ccepting sttes s Spoiler does, but not necessrily t the sme time. Formlly, p m bw-c q m iff, for every initil w-trce π 0 = p m 1 p1 pm, there exists n initil w-trce π 1 = q m 1 q1 qm, s.t. {i p i F} {i q i F}. Theorem 8.3. The preorder bw-c is jumping-sfe. Proof. Since bw-c is reflexive, the existence of n initil fir trce on w directly implies the existence of bw-c -jumping initil fir trce on w. Now, we show the reverse impliction. Given two initil bw-c -jumping trces on w π 0 = p 0 bw-c p 0 0 p1 bw-c p 1 1 nd π1 = q 0 bw-c q 0 0 q1 bw-c q 1 1 we define C j c(π 0,π 1 ) iff {i j p i F. p i bw-c p i bw-c p i } {i j q i F.q i bw-c q i bw-c q i }. We sy tht n initil bw-c -jumping trce on w is i-good iff it does not jump within the first i steps. We show, by induction on i, the following property (P): For every i nd every infinite bw-c - jumping initil trce π = p 0 bw-c p 0 0 p1 bw-c p 1 1 on w there exists n i-good bw-c - jumping initil trce π i = q q1 i qi on w s.t. Ci c(π,πi ) nd the suffixes of the trces re identicl, i.e., q i = p i nd π[i..] = π i [i..]. For the cse bse i = 0 we tke π 0 = π. Now we consider the induction step. By induction hypothesis we get n initil i-good trce π i s.t. Ci c(π,πi ) nd q i = p i nd π[i..] = π i [i..]. If π i is (i+1)-good then we cn tke π i+1 = π i. Otherwise, π i contins step q i bw-c q i i qi+1. First we consider the cse where there exists q i F s.t. q i bw-c q i bw-c q i. (Note tht the i-th step in πi cn count s ccepting in C c becuse q i F, even if q i nd q i re not ccepting.) By the definition of bw-c there exists n initil trce π on prefix of w tht ends in q i nd visits ccepting sttes t lest s often s the non-jumping prefix of π i tht ends in q i. Agin by definition of bw-c there exists n initil trce π on prefix of w tht ends in q i nd visits ccepting sttes t lest s often s π. Thus π visits ccepting sttes t lest s often s the jumping prefix of π i tht ends in q i (by the definition of C c ). By composing the trces we get π i+1 = π (q i i qi+1 )π i [i + 1..]. Thus π i+1 is n (i + 1)-good initil trce on w nd π[i + 1..] = π i [i + 1..] = π i+1 [i + 1..] nd Ci+1 c (πi,π i+1 ) nd Ci+1 c (π,πi+1 ). The other cse where there is no q i F s.t. q i bw-c q i bw-c q i is similr, but simpler. Let π be n initil bw-c -jumping fir trce on w. By property (P) nd König s Lemm there exists n infinite initil non-jumping fir trce π on w. Thus bw-c is jumping-sfe.

33 EFFICIENT REDUCTION OF NONDET. AUTOMATA WITH APPLICATION TO LANGUAGE INCLUSION TESTING 33 As direct consequence, bw-c -jumping k-lookhed fir simultion is GFI. Since bw-c is difficult to compute, we pproximte it by corresponding lookhed-simultion k-bw-c which, in the sme spirit, counts nd compres the number of visits to ccepting sttes in every round of the k-lookhed bckwrd simultion gme. Let k-bw-c be the trnsitive closure of k-bw-c. Corollry 8.4. k-bw-c -jumping k-lookhed fir simultion is GFI. An orthogonl lterntive to k-bw-c is lso implemented in [1]. One cn use jumping-sfe preorder (clled segmented jumping) tht is defined directly w.r.t. k-lookhed bckwrd simultions. Here Duplictor must visit t lest one ccepting stte in ech of his long moves, regrdless of whether Spoiler visited ny ccepting sttes, i.e., in ech round of the gme Duplictor must ccept t lest once but possibly less often thn Spoiler. However, combining segmented jumping with k-bw-c (i.e., tking their union) would not be jumping-sfe ny more. First, since their union is not necessrily trnsitive, one would need to consider the trnsitive closure of the union to obtin preorder. Moreover, the size nd structure of the segments in the segmented jumping reltion re not fixed -priori but chosen dynmiclly in the computtion of the k-lookhed bckwrd simultion. Thus the trnsitive closure of the union would llow scenrio where first the segmented reltion decreses the number of visits to ccepting sttes while preserving t lest one visit per segment. Then k-bw-c could shift the loction of these visits to ccepting sttes to positions erlier in the run while preserving their number. Then the segmented reltion could gin decrese the number of visits to ccepting sttes, since they re now in different segments. Repeting this lterntion of counting nd segmented reltions could yield sitution where only one visit to n ccepting stte remins in the entire run, which is not jumping-sfe ny more. A further generliztion of the jumping-simultion method hs lso been implemented in [1] (ctivted by using option -jf2 insted of the bsic option -jf). Given some jumping-sfe preorder R, Duplictor is not only llowed to jump to sttes tht re R-lrger thn Duplictor s current stte, but lso to sttes tht re R-lrger thn Spoiler s current stte. Note tht Duplictor my only jump to sttes in his own utomton B, nd not to sttes in Spoiler s utomton A. It is esy to see tht this more liberl use of jumping still yields (potentilly lrger) GFI reltions. However, in prctice it rrely gives ny dvntge, nd it is sometimes considerbly slower to compute, due to the higher degree of brnching in Duplictor s moves The inclusion testing lgorithm. Given these techniques, we propose the following lgorithm for testing inclusion A B. (1) Use the Hevy-k procedure to perform lnguge-preserving reduction to A nd B seprtely, nd dditionlly pply the inclusion-preserving reduction techniques from Sec. 8.1 simultneously to A (discussed in Sec ) nd to B (discussed in Sec ). Lookhed simultions re computed not only on A nd B, but lso between them (i.e., on their disjoint union). Since they re GFI, we check whether they lredy witness inclusion. Since mny simultions re computed between prtly reduced versions of A nd B, this witnesses inclusion much more often thn checking fir simultion between the originl versions. This step either stops showing inclusion, or produces smller inclusion-equivlent utomt A,B. (2) Check the GFI k-bw-c -jumping k-lookhed fir simultion from Sec. 8.2 between A nd B, nd stop if the nswer is yes. (3) If inclusion ws not estblished in steps (1) or (2) then try to find counterexmple to inclusion. This is best done by Rmsey-bsed method (optionlly using simultion-bsed

34 34 L. CLEMENTE AND R. MAYR subsumption techniques), e.g., [4, 1]. Use smll timeout vlue, since in most non-included instnces there exists very short counterexmple. Stop if counterexmple is found. (4) If steps (1)-(3) filed (rre in prctice), use ny complete method, (e.g., Rnk-bsed, Rmseybsed or Pitermn s construction) to test A B. At lest, it will benefit from working on the smller instnce A,B produced by step (1). Note tht steps (1)-(3) tke polynomil time, while step (4) tkes exponentil time. (For the ltter, we recommend the improved Rmsey method of [4, 1] nd the on-the-fly vrint of Pitermn s construction [60] implemented in GOAL [68].) This lgorithm llows to solve much lrger instnces of the inclusion problem thn previous methods [64, 68, 27, 28, 29, 3, 4, 60], i.e., utomt with sttes insted of sttes; cf. Sec. 9. The currently implemented version of the bove lgorithm ([1]; RABIT v. 2.3) uses some dditionl tricks. E.g., it hedges its bets in order to be fst on both the included nd non-included instnces, by dding n initil step (0) in the lgorithm. In step (0) it performs quick lightweight reduction nd serches for short counterexmples, in order to quickly ctch esy instnces where inclusion does not hold. Moreover, it cn run steps (2), (3) nd (4) concurrently in prllel threds (if invoked with option -pr), nd stops s soon s n nswer is found Lnguge Inclusion Testing for NFA. Just like in the reduction lgorithm of Sec. 7, one cn lso dpt the lnguge inclusion checking lgorithm to NFA. The differences cn be summrized s follows: (1) We use the modified Hevy-k reduction lgorithm for NFA with the chnges described in Sec In prticulr, the NFA re trnsformed into the form with only one ccepting stte, nd delyed nd fir (lookhed) simultions re not used. Still, the direct forwrd nd bckwrd (lookhed) simultions re GFI nd cn witness lnguge inclusion, s consequence of Theorem 4.2. The inclusion-preserving reduction of A from Sec needs to be dpted to use direct trce inclusion di (pproximted by direct lookhed simultion k-di ) insted of fir trce inclusion f. I.e., we use P A,B ( k-bw, k-di ) for A,B-pruning. The inclusion-preserving reduction of B from Sec crries over directly to NFA. (2) The GFI jumping simultions of Sec. 8.2 cn lso be dpted to NFA. For the forwrd direction we use direct lookhed simultion, insted of fir lookhed simultion. For the jumping-sfe reltion we cn use the lrger cceptnce-blind bckwrd trce inclusion bw (pproximted by the trnsitive closure of the corresponding k-lookhed simultion k-bw ), insted of the counting bckwrd trce inclusion bw-c (nd its pproximtion k-bw-c ). (3) If the steps bove did not witness inclusion, then one cn pply complete method to test inclusion A B on the derived smller instnce A,B. One type of complete methods re bsic ntichin-bsed methods [71] tht use subsumption techniques to reduce the serch spce in the serch for counterexmple. More recent methods [5, 52] use stronger subsumption techniques in the serch for counterexmple, which rely on simultion preorder (or similr pproximtions of lnguge inclusion). Another complete method to check NFA inclusion is the bisimultion modulo congruence technique of [12]. It cn, roughly, be understood s collective subsumption, insted of the individul one-on-one subsumption of [71, 5, 52]. An element of the serch spce my be discrded becuse set of other elements (insted of just one other element) mkes it redundnt. This potentilly llows to reduce the size of the serch spce even more. The higher computtionl effort to check

35 EFFICIENT REDUCTION OF NONDET. AUTOMATA WITH APPLICATION TO LANGUAGE INCLUSION TESTING 35 this collective subsumption yields higher worst-cse complexity thn methods bsed on one-on-one subsumption, but for typicl prcticl instnces it is often much fster. Unlike for Büchi utomt (where our inclusion lgorithm hs significnt dvntge over previous ones; cf. Sec ), the version for NFA is not necessrily lwys fster thn the pure ntichin (resp. congruence) bsed ones in [71, 5, 52] (resp. [12]). For NFA, the serch spce for counterexmples hs simpler structure thn for NBA. Thus the disdvntges of ntichinbsed methods re less relevnt for NFA. Moreover, NFA llow the construction of congruence bses s in [12]. It is open whether similr kind of congruences cn be estblished for NBA. On mny instnces of NFA inclusion, the ntichin-bsed tool of [52] nd the congruence-bsed tool of [12] outperform our implementtion [1], though it cn still be fster on some instnces where the ntichin (resp. congruence bse) hppen to be very lrge. 9. EXPERIMENTS We test the effectiveness of Hevy-k reduction on Tbkov-Vrdi rndom Büchi utomt [66], on utomt derived from LTL formule, nd on utomt derived from mutul exclusion protocols, nd compre it to the best previously vilble techniques implemented in GOAL [68]. A sclbility test shows tht Hevy-k hs lmost qudrtic verge-cse complexity nd it is vstly more efficient thn GOAL. We lso test our methods for lnguge inclusion on lrge instnces nd compre their performnce to previous techniques. Moreover, we lso test the NFA version of Hevy-k reduction on rndom NFA. Unless otherwise stted, the experiments were run with GOAL [68] version with Jv 6 nd RABIT/Reduce [1] version with Jv 7 on Intel Xeon X GHz nd 14GB of memory. (The rw dt of the experiments is included in the rxiv version of this pper [20].) 9.1. Büchi utomt Reduction of rndom NBA. The Tbkov-Vrdi model [66] genertes rndom utomt ccording to the following prmeters: The number of sttes n. The size of the lphbet Σ. The trnsition density td. It determines the number of trnsitions in the utomton s follows. For every symbol in Σ there re n td trnsitions lbeled with this symbol. The cceptnce density d. This is the percentge of sttes tht re ccepting. Aprt from these prmeters, Tbkov-Vrdi rndom utomt do not hve ny specil structure tht could be exploited to mke the reduction problem or the lnguge inclusion problem esier. Rndom utomt provide generl reproducible test cses, on verge. Moreover, they re the only test cses tht re gurnteed to be unbised towrds ny prticulr method. Thus, it is prticulr sign of qulity if method performs well even on these hrd cses. The inherent difficulty of the reduction problem, nd thus lso the effectiveness of reduction methods, depends strongly on the clss of rndom utomt, i.e., on the prmeters listed bove. Thus, one needs to compre the methods over the whole rnge, not just for one exmple. Vritions in the cceptnce density d do not ffect Hevy-k much, but very smll vlues mke reduction hrder for the other methods. By fr the most importnt prmeter is the trnsition density td, nd thus we compre different techniques cross different vlues of td. Fig. 12 nd 13 compre the effect

36 36 L. CLEMENTE AND R. MAYR 100 Number of sttes fter reduction RD Light-1 GOAL Hevy-1 Light-12 Hevy Trnsition density FIGURE 12. We consider Tbkov-Vrdi Büchi utomt with n = 100, Σ = 2, d = 0.5 nd the rnge of td = 1.0,1.1,...,3.0. Ech curve represents different method, nd we plot the number of sttes fter reduction. Ech dt point is the verge of 300 rndom utomt. 100 Number of sttes fter reduction Hevy-12 Hevy-12 jump Hevy-19 jump Trnsition density FIGURE 13. Moreover, we plotted the effects of two methods tht ugment our Hevy reduction lgorithm by quotienting with ( vrint of) the jumping-sfe preorders of [16, 17]: Hevy-12 jump nd Hevy-19 jump. These yield nother slight improvement in reduction, but re slower to compute.

37 EFFICIENT REDUCTION OF NONDET. AUTOMATA WITH APPLICATION TO LANGUAGE INCLUSION TESTING 37 of different techniques. Ech curve represents different method: RD (just remove ded sttes), Light-1, Light-12, Hevy-1, Hevy-12, nd GOAL. The GOAL curve shows the best effort of ll previous techniques (s implemented in GOAL), which include RD, quotienting with bckwrd nd forwrd simultion, pruning of little brother trnsitions nd the fir simultion reduction of [35]. Sprse utomt with low td hve more ded sttes. Thus the RD method chieves certin reduction t low td, but this effect vnishes s td gets higher. For td 1.4 the effect of RD domintes. In tht rnge, the other techniques hve only very smll effect. In the rnge 1.5 td 2.0, GOAL still hs hrdly ny effect (prt from tht of RD), but Light-12 nd Hevy-12 chieve significnt reduction. For td 2.0, GOAL begins to hve n effect, but it is much smller thn tht of our best techniques. Generlly, GOAL reduces just slightly worse thn Hevy-1, but it is no mtch for our best techniques like Hevy-12. Hevy-12 vstly outperforms ll other previous techniques, prticulrly in the interesting rnge between td = 1.4 nd td = 2.5. Moreover, the reduction of GOAL (in prticulr the fir simultion reduction of [35]) is very slow. For GOAL, the verge reduction time per utomton vries between 39s (t td = 1.0) nd 612s (mximl t td = 2.9). In contrst, for Hevy-12, the verge reduction time per utomton vries between 0.012s (t td = 1.0) nd 1.482s (mx. t td = 1.7). So Hevy-12 reduces not only much better, but lso t lest 400 times fster thn GOAL (see lso the sclbility tests below). The computtion time of Hevy-k depends both on the density td nd on the lookhed k. Fig. 14 shows the verge computtion time of Hevy-k on utomt with 100 sttes, d = 0.5, Σ = 2 nd vrying trnsition density td nd lookhed k. The most difficult cses re those where size reduction is possible (nd thus the lgorithm does not give up quickly), but where the size of the instnce is not mssively reduced. (If some step in the lgorithm gretly reduced the size of n instnce, then subsequent computtions on the now smller utomton would be much fster.) For Hevy-k, the pek of the verge computtion time is round td = 1.6, 1.7 (like in the sclbility test; see below). For td 2.0, Hevy-12 yields very smll utomt. Mny of these re even universl, i.e., with just one stte nd universl loop. However, this frequent universlity is not due to trivil resons (otherwise simpler techniques like Light-1 nd GOAL would lso recognize this). For exmple, we rgue tht in the tested intervl of prmeters n, Σ nd td, there re not sufficiently mny trnsitions to lone explin tht the utomton is universl nd thus there re more interesting non-locl structurl resons which mke the utomt universl. Given Tbkov-Vrdi rndom utomt with prmeters n, Σ nd td, let U(n, Σ,td) be the probbility tht every stte hs t lest one outgoing trnsition for every symbol in Σ. Such n utomton would be trivilly universl if d = 1. (Note tht ( n k) = 0 for k > n.) Theorem 9.1. We hve U(n, Σ,td) = (α(n,t )/β(n,t )) Σ, where T = n td, β(n,t ) = ( ) n 2 T, nd ) α(n,t ) = n2 m=n n i=0 ( 1) i( ) n. ( m n T n i )( m in 1 n 1 Proof. For ech symbol in Σ there re T = n td trnsitions nd n 2 possible plces for trnsitions, described s grid. α(n,t ) is the number of wys T items cn be plced onto n n n grid s.t. every row contins 1 item, i.e., every stte hs n outgoing trnsition. β(n,t ) is the number of possibilities without this restriction, which is trivilly ( ) n 2 T. Since the Tbkov-Vrdi model chooses trnsitions for different symbols independently, we hve U(n, Σ,td) = (α(n,t )/β(n,t )) Σ. It remins to compute α(n,t ). For the i-th row let x i {1,...,n} be the mximl column contining

38 38 L. CLEMENTE AND R. MAYR F IGURE 14. Averge computtion time for reduction with Hevy-k on TbkovVrdi rndom Bu chi utomt with n = 100 sttes, Σ = 2, d = 0.5 nd vrying trnsition density td nd lookhed k. n item. The remining T n items cn only be distributed to lower columns. Thus α(n, T ) = ( xi ) n. With m = xi nd stndrd dice-sum problem [58] the result follows. x1,...,xn T n For n = 100, Σ = 2 we obtin the following vlues for U(n, Σ, td): for td = 2.0, for td = 3.0, 0.03 for td = 4.0, 0.3 for td = 5.0, 0.67 for td = 6.0, nd 0.95 for td = 8.0. So this trnsition sturtion effect is negligible in our tested rnge with td 3.0. While Hevy-12 performs very well, n even smller lookhed cn lredy be sufficient for good reduction. However, this depends very much on the density td of the utomt. Fig. 15 shows the effect of the lookhed by compring Hevy-k for vrying k on different clsses of rndom utomt with different density Density of simultions on NBA. The big dvntge of Hevy-12 over Light-12 is due to the pruning techniques. However, these only rech their full potentil t higher lookheds (thus the smller difference between Hevy-1 nd Light-1). Indeed, the simultion reltions get much denser with higher lookhed k, s Fig. 16 shows. Fir nd delyed simultion reltions re not much lrger thn direct simultion for k = 1, but they benefit strongly from higher k. Bckwrd simultion increses only slightly (e.g., from 363 pirs for lookhed 1 to 397 pirs for lookhed 15 in the cse of d = 0.9). Initilly, it seems s if bckwrd/direct simultion does not benefit from higher k if d is smll (on rndom utomt),