On Determinism in Modal Transition Systems

Transcription

1 On Determinism in Modl Trnsition Systems N. Beneš,2, J. Křetínský,3, K. G. Lrsen 5, J. Sr,4 Deprtment of Computer Siene, Alorg University, Selm Lgerlöfs Vej 300, 9220 Alorg Øst, Denmrk Astrt Modl trnsition systems (MTS) is formlism whih extends the lssil notion of lelled trnsition systems y introduing trnsitions of two types: must trnsitions tht hve to e present in ny implementtion of the MTS nd my trnsitions tht re llowed ut not required. The MTS frmework hs proved to e useful s speifition formlism of omponent-sed systems s it supports ompositionl verifition nd stepwise refinement. Nevertheless, there re some limittions of the theory, nmely tht the nturlly defined notions of modl refinement nd modl omposition re inomplete with respet to the semnti view sed on the sets of the implementtions of given MTS speifition. Reent work indites tht some of these limittions might e overome y onsidering deterministi systems, whih seem to e more mngele ut still interesting for severl pplition res. In the present rtile, we provide omprehensive ount of the MTS frmework in the deterministi setting. We study numer of prolems previously onsidered on MTS nd point out to wht extend we n expet etter results under the restrition of determinism. Key words: ompositionl verifition, modl trnsition systems, deterministi speifitions, refinement, onsisteny Corresponding uthor, phone no.: , fx no.: Emil ddresses: xenes3@fi.muni.z (N. Beneš), xkretins@fi.muni.z (J. Křetínský), kgl@s.u.dk (K. G. Lrsen), sr@s.u.dk (J. Sr) Permnent ddress: Fulty of Informtis, Msryk University, Botniká 68, Brno, Czeh Repuli 2 N. Beneš hs een prtilly supported y the Grnt Ageny of the Czeh Repuli, grnt No. GA20/09/ J. Křetínský hs een prtilly supported y the reserh entre Institute for Theoretil Computer Siene (ITI), projet No. M J. Sr hs een prtilly supported y Ministry of Edution of the Czeh Repuli, projet No. MSM K.G. Lrsen hs een prtilly supported y the VKR Center of Exellene MT-LAB. Preprint sumitted to Elsevier July, 2009

2 . Introdution The development of orret onurrent systems nd proesses onstitutes diffiult nd surprisingly sutle prolem in omputer siene, hving given rise to numer of proposed speifition formlisms nd verifition methods over the yers. The proposls my roughly e seen to fll within two min tegories: the logil pproh, in whih speifition is formul of some (temporl or modl) logi, nd verifition is model-heking tivity sed on denottionl understnding of the speifition; the ehviourl pproh, where speifitions re ojets of the sme kind s implementtions, in prtiulr, speifitions hve opertionl interprettions. In this pproh, verifition is sed on omprison etween the opertionl ehviours of the speifition nd implementtion. Idelly, we wnt speifition formlism tht supports stepwise refinement nd omponent-sed development of systems. Tht is, strting from n initil speifition, series of smll nd suessive refinements re mde until eventully speifition is rehed from whih n implementtion n e extrted diretly. Eh refinement step is reltively smll, onsisting typilly in either onjoining dditionl requirements or in the replement of single omponent of the urrent speifition with more onrete/implementle one. In the ltter se, the orretness of suh refinement step ought to e immeditely implied y the orretness of the refinement of the repled omponent, s this oviously will gretly simplify the tsk of verifition. Tht is, we wnt our methodology to support ompositionl verifition. Also, we im t generlity in design nd proofs: when designing system there re often ertin omponents or ehviourl spets whih re outside the sope (or ontrol) of the design proess in prtiulr third prty omponents, sy. Thus it is neessry tht the design nd orretness proof of the system only rely on the (prtil) speifitions of these unontrollle omponents. Modl trnsition systems (MTS) were introdued some 20 yers go [, 2] y Lrsen nd Thomsen speifilly in order to otin n opertionl, yet expressive nd mngele speifition formlism meeting the ove properties. In prtiulr, MTSs re vrition of the lssil model of lelled trnsition systems, where trnsitions ome in two flvours: those tht ny refinement of the given speifition must possess, nd those tht it my, ut is not required to, hve. As suh, MTSs llow loose or prtil speifitions to e expressed, nd enle the introdution of modl refinement reltion extending in nturl mnner the lssil notion of isimultion on lelled trnsition systems. By implementtions we then understnd lssil lelled trnsition systems (where my nd must trnsitions oinide) tht modlly refine given modl speifition. Viewing lssil lelled trnsition systems s implementtions, the four MTSs in Figure offer series of vending mhine speifitions. VM is very loose requiring nothing. VM 2 my e viewed s the preferred speifition of the owner requiring implementtions to hve oin-trnsition ut it does not gurntee tht there will fterwrds e offee or te-trnsition. Similrly 2

3 te te VM oin VM 2 oin offee offee te te VM 3 oin VM 4 oin offee offee offee VM A oin VM B oin VM C oin te oin offee offee offee VM D oin offee oin te VM E oin VM F te offee Figure : Four speifitions of Vending Mhine, VM -VM 4, nd six different implementtions VM A -VM F. Admissile trnsitions re shown using dshed rrows nd required trnsitions re shown using full rrows. the offee drinking ustomer s speifition, VM 3, is refinement of speifition VM, requiring offee fter oin-insertion. VM 4 is ompromise refining oth the owner nd ustomer speifitions in ft it is the onjuntion of the two speifitions. Finlly, VM B -VM E provide four, quite different, implementtions of VM 4, vrying in the degree of ility to offer te to the user. Note tht VM A nd VM F do not implement VM 4, ut VM A implements VM nd VM 2, nd VM F implements VM nd VM 3. The notions of modl refinement nd of n implementtion re formlly introdued in Definitions 2. nd 2.6. Construts for omining implementtions (i.e. lelled trnsition systems) my e extended to MTSs in strightforwrd mnner. E.g. Figure 2 (,) give omposition of User with the vending mhine VM 3, where synhroniztions re either left unhnged or mde invisile (using τ-tions). Figure 2() speifies the type of User s who for sure will mke pulition fter hving een given up of offee. Given up of te, on the other hnd, the User needs dditionl time to think. Semntilly, we my identify n MTS speifition with its set of implementtions (i.e. the set of lelled trnsition systems refining it). The notions of modl refinement nd modl omposition re sound with respet to this semnti view. Thus whenever S is modl refinement of T, then ny implementtion of S is indeed n implementtion of T. Similrly, whenever P nd Q re implementtions of S nd T (respetively) nd is omposition opertor, then P Q is n implementtion of S T. On severl osions, these properties hve proved suffiient in the stepwise nd ompositionl development of on- 3

4 pu offee () think oin te pu offee () think oin te pu τ () (d) think τ τ τ τ pu think Figure 2: Speifition of User (), omposition with VM 3 (, ), nd Determiniztion (d). urrent systems gurnteed to e orret with respet to some given overll requirements. However, s hs een shown lredy in [, 3], oth modl refinement nd modl omposition re inomplete with respet to the semnti view. In prtiulr, there re MTSs S nd T, where the set of implementtions of S is inluded in tht of T without S eing modl refinement of T. Similrly, there re MTSs S nd T, where the omposed MTS S T ontins stritly more implementtions thn wht n e otined y omposing implementtions of S nd T. Reent results [4, 5, 6, 7] hrterizing the (high) omplexity of semnti refinement (nd semnti onsisteny) for MTSs point to the ler dvntges of using the hep notion of modl refinement (nd modl omposition) despite its inompleteness. Moreover, in most prtil ses, where omponent speifitions re deterministi e.g. in our Vending Mhine exmple nd s dvoted in the reent work y Henzinger nd Sifkis [8, 9] modl refinement nd modl omposition seem to e omplete, though they hve not een studied in depth yet. In [8] the uthors disuss two min hllenges in emedded systems design: the hllenge to uild preditle systems, nd tht to uild roust systems. They suggest how preditility n e formlized s form of determinism, nd roustness s form of ontinuity. Thus, the purpose of this rtile is to mke thorough investigtion of the MTS frmework in the setting of determinism. In prtiulr, we study the ompleteness of modl refinement nd modl omposition for deterministi MTSs s well s some other questions relted to the ommon implementtion prolem. As seen from our Vending Mhine exmple (Figure 2), the result of omposing deterministi MTSs my well e nondeterministi MTS. To llow the development nd nlysis to e ontinued using only deterministi MTSs, we provide determiniztion onstrution on MTS, yielding for ny given (possily nondeterministi) MTS its lest deterministi over-pproximtion. The outline of the pper is s follows. In Setion 2 we provide si definitions of MTS s well s modl nd semnti (thorough) refinements. Setion 3 reltes these notions of refinements with prtiulr emphsis on deterministi 4

5 MTSs. Setion 4 shows the low omplexity of oth refinements in the deterministi se. Setion 5 provides the omplexity results for onsisteny (ommon implementtion) etween deterministi MTSs showing tht onsisteny of fixed numer of speifitions is NL-omplete, wheres the omplexity of onsisteny etween n ritrry numer of MTSs remins hrd even in the se of determinism (PSPACE-omplete). Setion 6 reonsiders the onsisteny prolem in terms of the existene of ommon deterministi implementtion, showing tht it is EXPTIME-omplete. Finlly, Setion 7 onsiders the extension of omposition opertors to MTSs nd shows the generl lk of ompleteness even for deterministi MTSs; nevertheless, speifi onditions gurnteeing ompleteness re identified. 2. Definitions A modl trnsition system (MTS) over n tion lphet Σ is triple (P,, ), where P is set of proesses nd P Σ P re must nd my trnsition reltions, respetively. The lss of ll MTSs is denoted y MTS. We write S if there exists some S suh tht S S, nd S if no suh S exists; similrly for. An MTS is deterministi if for eh S P nd Σ there is t most one S suh tht S S. The lss of ll deterministi MTSs is denoted dmts. An MTS is n implementtion if =. The lss of ll implementtions is denoted imts. Note tht euse in implementtions the must nd my reltions oinide, we n onsider suh systems s the stndrd lelled trnsition systems. We use pitl letters for proesses nd lligrphi letters for sets of proesses. Moreover, letters S, T, U,... re used to denote proesses in generl, letters D, E, F,... re reserved for deterministi proesses, nd letters I, J,... re used to denote implementtions. Beuse in MTS whenever S S then neessrily lso S S, we dopt the onvention of not drwing my trnsitions etween proesses where must trnsitions re present. Whenever ler from the ontext, we refer to proesses without expliitly mentioning their underlying MTSs. We lso write e.g. S dmts, mening tht the underlying MTS of the proess S is in dmts. Definition 2.. Let M = (P,, ), M 2 = (P 2, 2, 2 ) e MTSs over the sme tion lphet nd S P, T P 2 e proesses. We sy tht S modlly refines T, written S m T, if there is reltion R P P 2 suh tht (S, T ) R nd for every (A, B) R nd every Σ:. if A A then there is trnsition B 2 B s.t. (A, B ) R, nd 2. if B 2 B then there is trnsition A A s.t. (A, B ) R. We often omit the indies in the trnsition reltions nd use symols nd whenever it is ler from the ontext wht trnsition system we hve in mind. 5

6 S T Figure 3: S t T, ut S m T Remrk 2.2. Note tht on implementtions modl refinement oinides with the lssil notion of strong isimilrity, nd on modl trnsition systems without ny must trnsitions it orresponds to the well studied simultion preorder. We will now extend the stndrd gme-theoreti hrteriztion of isimilrity [0, ] to the gme hrteriztion of modl refinement. A modl refinement gme (or simply modl gme) on pir of proesses (S, T ) is two-plyer gme etween Attker nd Defender. The gme is plyed in rounds. In eh round the plyers hnge the urrent pir of proesses (A, B) (initilly A = S nd B = T ) ording to the following rule:. Attker hooses n tion Σ nd one of the proesses A or B. If he hose A then he performs move A A for some A ; if he hose B then he performs move B B for some B. 2. Defender responds y hoosing trnsition under in the other proess. If Attker hose the move from A, Defender hs to nswer y move B B for some B ; if Attker hose the move from B, Defender hs to nswer y move A A for some A. 3. The new urrent pir of proesses eomes (A, B ) nd the gme ontinues with next round. The gme is similr to stndrd isimultion gme with the exeption tht Attker is only llowed to ttk on the left-hnd side using my trnsitions (nd Defender nswers y my trnsitions on the other side), while on the right-hnd side Attker ttks using must trnsitions (nd Defender nswers y must trnsitions in the left-hnd side proess). Any ply (of the modl gme) thus orresponds to sequene of pirs of proesses formed ording to the ove rule. A ply (nd the orresponding sequene) is finite iff one of the plyers gets stuk (nnot mke move). The plyer who got stuk lost the ply nd the other plyer is the winner. If the ply is infinite then Defender is the winner. The following proposition is y stndrd rgument in nlogy with strong isimultion gmes (see lso [0, ]). Proposition 2.3. It holds tht S m T iff Defender hs winning strtegy in the modl gme strting with the pir (S, T ); nd S m T iff Attker hs winning strtegy. Exmple 2.4. Consider proesses S nd T in Figure 3. We prove tht S does not modlly refine T. Indeed, Attker hs the following winning strtegy in the 6

7 modl gme strting from (S, T ). Attker plys the my trnsition under the tion on the left-hnd side proess S nd Defender n nswer y entering either the upper or lower rnh in the proess T. In the first se Attker wins y plying the must trnsition under on the right-hnd side, for whih Defender hs no nswer on the left-hnd side (no must trnsition under is ville) nd loses. In the seond se Attker wins y plying the seond my trnsition under in the left-hnd side proess nd Defender loses s well. We shll now oserve tht the modl refinement prolem, i.e. the question whether given proess modlly refines nother given proess, is trtle for finite MTSs. Theorem 2.5. The modl refinement prolem for finite MTSs is P-omplete. Proof. Modl refinement n e omputed in P y the stndrd gretest fixedpoint omputtion, similrly s in the se of strong isimultion (for effiient lgorithms implementing this strtegy see e.g. [2, 3]). P-hrdness of modl refinement follows from the P-hrdness of isimultion ([4], see lso [5]). We proeed with the definition of thorough refinement, reltion tht holds for two modl speifition S nd T iff ny implementtion of S is lso n implementtion of T. This reltion is of our mjor interest sine it ptures the semnti point of view. Definition 2.6. For proess S let us denote y S = {I imts I m S} the set of ll implementtions of S. We sy tht S thoroughly refines T, written S t T, if S T. The following two oservtions re trivil. Lemm 2.7. Reltions m nd t re trnsitive. Lemm 2.8. Let I, J imts. Then I m J if nd only if I t J; nd oth m nd t oinide with strong isimilrity. 3. Modl nd Thorough Refinements In this setion we investigte severl properties of modl nd thorough refinements, with prtiulr fous on deterministi proesses. First, we oserve tht thorough refinement is implied y the modl refinement, irrelevnt whether the proesses re deterministi or not. Lemm 3.. Let S, T e proesses. If S m T then S t T. Proof. For I S we hve I m S m T, hene I m T y Lemm 2.7 nd thus I T. Remrk 3.2. The opposite diretion in Lemm 3. does not hold s we demonstrte in Figure 3. In Exmple 2.4 we lredy rgued tht S m T. However, S hs only implementtions tht n perform t most two onseutive -tions. As ny suh implementtion is lerly lso n implementtion of T, we onlude tht S t T. 7

8 (N, N) m = t (D, N) (N, D) m t (D, D) Figure 4: Reltionship etween refinements on determin. (D) nd nondetermin. (N) systems The ft tht thorough refinement does not imply modl refinement might e onsidered s limittion of the theory developed in the previous studies on modl trnsition systems. Nevertheless, in the ontext of deterministi systems, we show tht thorough nd modl refinement oinide, provided tht the righthnd side proess is deterministi. Lemm 3.3. Let S, D e proesses nd D dmts. If S t D then S m D. Proof. Assume tht S t D nd tht D is deterministi. We define reltion R tht stisfies the onditions of Definition 2.. The reltion R is tken s the smllest reltion suh tht (S, D) R nd whenever (T, E) R, T T nd E E for some then lso (T, E ) R. The reltion R is lerly well defined. Before we prove tht R stisfies the refinement onditions, we mke the lim tht (T, E) R implies T t E. Clerly, this holds for (S, D). Suppose now tht T t E, T T, E E nd I is n ritrry implementtion of T. Then there exists some implementtion I T suh tht I I. But s T t E, I is lso n implementtion of E. Therefore, s E is deterministi, I is n implementtion of E, thus T t E. We n now hek tht R is modl refinement reltion. Let (T, E) R. (i) Suppose tht T T. Then, there exists n implementtion I T tht hs n trnsition. As T t E, I is lso n implementtion of E nd therefore E E for some E. By the definition of R, (T, E ) R. (ii) Suppose tht E E. Then, ll implementtions of E re fored to hve n trnsition. As T t E, this implies tht ll implementtions of T hve n trnsition. Therefore, T T for some T nd (T, E ) R y the definition of R. The lim of Lemm 3.3 does not hold for the inverse se where the refining proess is deterministi nd the refined proess is ritrry. The ounterexmple to this lim ws lredy shown in Figure 3. Figure 4 summrizes the known reltionships etween thorough nd modl refinement for ll possile ses of (non)determinism of the two systems. The onlusion is tht whenever the 8

9 S 2 S S 5 S 3 S4 S 6 {S } {S 2, S 3 } {S4 } {S 3, S 5 } {S 4, S 6 } Figure 5: A proess nd its deterministi hull D(S ) = {S } right-hnd side proess is deterministi, modl nd thorough refinement reltions oinide. If the right-hnd side proess n e nondeterministi, modl refinement is stritly stronger reltion thn thorough refinement. The modl refinement n e heked in polynomil time, s we know from Theorem 2.5, ut the thorough refinement is PSPACE-hrd in generl [5] (it is moreover shown in [5] tht this prolem is in EXPTIME). Therefore, there is ler motivtion to pproximte proesses y deterministi ones, in order to e le to use fster modl refinement proedures insted (t lest for the instnes where the deterministi pproximtion of proess is not exponentilly lrger). For ny two (in generl nondeterministi) proesses S nd T, we hve tht S m T implies S t T. The onverse is not true in generl, ut we will define monotone deterministi over-pproximtion opertor D, so tht S t T implies D(S) m D(T ) (s stted formlly lter on in Lemm 3.6). Moreover, we show tht there exists smllest (w.r.t. refinement) deterministi system refined y the originl system. We ll it the deterministi hull. Definition 3.4 (Constrution of the deterministi hull). Let S e n ritrry proess with (P,, ) eing its underlying MTS. The deterministi hull of S, denoted y D(S), is onstruted y modl extension of the stndrd suset onstrution. For = T P nd n tion let T = {T P T T : T T } e the set of ll my-suessors under the tion. We define n MTS M = (P(P ) \ { }, D, D ) where trnsitions re given s follows: (i) if T, we set T D T, nd (ii) if moreover for ll T T there exists some T T suh tht T then we set lso T D T. T, There re no other trnsitions. Then, the proess D(S) is defined s the singleton set ontining S, i.e. D(S) = {S}. An exmple of this onstrution is given in Figure 5. Theorem 3.5 (Soundness nd minimlity of D(S) onstrution). Let S e n ritrry proess. Then D(S) is deterministi proess suh tht S t D(S) nd for every D dmts, if S t D then D(S) t D. 9

10 Proof. The ft tht D(S) is deterministi for ny S is ler from the onstrution. The first lim we need to prove is tht S t D(S). We will do so y showing tht S m D(S) (note tht y Lemm 3. this implies tht S t D(S)). We define the refinement reltion R suh tht (S, T ) R iff S T nd we need to prove tht it stisfies the onditions of Definition 2.. Clerly (S, D(S)) R. Now let (S, T ) R. On the one hnd, suppose tht S S. Then lerly from the previous onstrution T D T nd S T, thus (S, T ) R. On the other hnd, suppose tht T D T. It follows from the onstrution tht T = T, S S for some S nd tht S T, thus (S, T ) R. Hene S m D(S). Now, we need to prove the minimlity of the deterministi hull, i.e. tht for eh deterministi D suh tht S t D we lso get D(S) t D. As for deterministi proesses on the right-hnd side modl nd thorough refinements oinide (Lemm 3. nd Lemm 3.3), it is enough to prove the minimlity w.r.t. m. Let D e deterministi proess suh tht S m D. This mens tht there is reltion R stisfying the onditions of Definition 2.. We show tht D(S) m D y onstruting new reltion Q tht lso stisfies these onditions. The definition of Q is s follows: (T, E) Q if nd only if T {T (T, E) R}. It remins to e proved tht Q stisfies the refinement reltion onditions. Sine (S, D) R, we hve (D(S), D) = ({S}, D) Q. Now, let (T, E) Q. On the one hnd, suppose tht T D T. Then for eh T T, there is t lest one T T suh tht T T (s T = T ). Beuse (T, E) R, there is E suh tht E E with (T, E ) R. Moreover, s E is deterministi, this E is unique nd the sme for ll T T, thus (T, E ) Q. On the other hnd, suppose tht E E. Then, for ll T suh tht (T, E) R, there hs to e some T suh tht T T with (T, E ) R. Moreover, s E is deterministi, it holds tht for ll T with (T, E) R, whenever T T then (T, E ) R. This implies tht T D T, s for eh T T there is n outgoing trnsition, nd lerly T {T (T, E ) R}, thus (T, E ) Q. Therefore, D(S) m D. Lemm 3.6. Let S, T e proesses. If S t T then D(S) m D(T ). Proof. Let S t T. By Theorem 3.5 we know tht T t D(T ) nd from the trnsitivity of t lso S t D(T ). By the minimlity of D(S) (Theorem 3.5) we get D(S) t D(T ) nd y Lemm 3.3 we onlude with D(S) m D(T ). Finlly, note tht the onstrution of the deterministi hull on MTSs whih ontin only my trnsitions is the sme s the determiniztion of finite utomt. Therefore, the exmple of n exponentil low-up in the size [6, pge 65] rries over to our setting nd thus the deterministi hull D(S) might e of exponentil size w.r.t. to some prtiulr finite nondeterministi proess S. 0

11 4. Complexity Results for Refinement Prolems In this setion we study the following deision prolems of modl nd thorough refinement nd rgue out their omplexity. Rell tht we use the nottion where D, E stnd for deterministi proesses nd S, T for generl proesses. Moreover, throughout Setion 4 to Setion 6 whih del with omplexity, ll proesses re impliitly ssumed to e defined over finite MTS. MR D,D = { D, E D m E} TR D,D = { D, E D t E} MR D,N = { D, S D m S} TR D,N = { D, S D t S} MR N,D = { S, D S m D} TR N,D = { S, D S t D} MR N,N = { S, T S m T } TR N,N = { S, T S t T } By Lemm 3. nd 3.3 we know tht MR D,D = TR D,D nd MR N,D = TR N,D. Our first result in this setion sys tht modl refinement is deidle in nondeterministi logrithmi spe, provided tht the right-hnd side proess is deterministi. Theorem 4.. The prolem MR N,D is in NL. In order to prove the ove theorem, let S e n ritrry proess nd let D e deterministi one. We will show tht the prolem of deiding S m D is in NL y redution to the grph rehility prolem, known to e NLomplete [7]. Note tht we re tully reduing the prolem whether S m D to the grph rehility prolem. However, this poses no prolem, s the NL omplexity lss is losed under omplement. The grph will e onstruted in the following wy. The nodes of the grph will e ll pirs (T, E) where T is proess of the MTS for S nd E is proess of the MTS for D. There re three kinds of nodes. (i) Nodes (T, E) suh tht T nd E for some tion. Suh nodes hve no outgoing edges nd re lled mrked. (ii) Nodes (T, E) suh tht E nd T for some tion. As in the previous se, suh nodes hve no outgoing edges nd re lled mrked. (iii) Nodes (T, E) whih do not stisfy onditions (i) or (ii). Suh nodes re lled unmrked nd there is n edge from (T, E) to (T, E ) whenever T T nd E E for some tion. An exmple illustrting the redution is given in Figure 6. We now prove the orretness of the redution. Lemm 4.2. We hve S m D if nd only if mrked node is rehle from the node (S, D). Proof. For the if se, suppose tht there is mrked node rehle from (S, D), i.e. there exists pth (S, D) = (T 0, E 0 ), (T, E ),..., (T n, E n ) where (T n, E n ) is mrked. We n esily show tht Attker hs winning strtegy

12 S S 2 S 3 S 4 S 5 D D 2 (S 2, D 2 ) (S, D ) (S 4, D ) (S 3, D 2 ) (S 4, D 2 ) (S 5, D ) Figure 6: An exmple of two MTSs nd the orresponding grph (mrked nodes re in ox) in the modl gme plyed from (S, D). Attker will simply ply in the lefthnd side proess S following the sequene S = T 0, T,..., T n under the my trnsitions. Beuse the right-hnd side proess is deterministi, Defender n only nswer y going through the proesses D = E 0, E,..., E n. From the pir (T n, E n ) Attker now esily wins. If the pir ws mrked due to ondition (i), then Attker hooses n tion nd n ritrry trnsition T n to whih Defender is unle to respond to. Likewise, if the pir ws mrked due to ondition (ii) ove, then Attker hooses n tion on the right-hnd side nd the unique trnsition E n. Agin, Defender hs no response nd loses. For the only if se, suppose tht no mrked nodes re rehle from (S, D). We show reltion R tht stisfies the onditions of Definition 2.. The reltion R is defined s R = {(T, E) (T, E) is rehle from (S, D) in the grph}. Clerly, (S, D) R. Now suppose tht (T, E) R. If T T then lso, s (T, E) is unmrked, E E nd moreover, (T, E ) R due to the definition of the grph. For the other ondition, suppose tht E E. Then, gin euse (T, E) is unmrked, lso T T for some T nd (T, E ) R from the definition of the grph. Thus, S m D. We hve thus shown tht the MR N,D prolem is in NL. The next theorem estlishes NL-hrdness even for the MR D,D prolem. Theorem 4.3. The prolem MR D,D is NL-hrd. Proof. The proof is done y redution from the grph rehility prolem to MR D,D. In ft, there is folklore result tht strong isimilrity on finite nd deterministi proesses is NL-hrd, whih immeditely implies our theorem. Nevertheless, for the self-ontinment of the presenttion, we sketh simple onstrution demonstrting this ft. Assume given grph G with soure nd trget node. The min ide is tht we mke two identil opies of the grph G nd tret them like implementtions I nd I 2. These implementtions must e deterministi, ut this n 2

13 D P o 0 Figure 7: () A negtive instne of mcvp. () Proesses D nd P o suh tht D m P o. e esily omplished y tking fixed ordering of suessors of eh node in the originl grph nd y lelling the trnsitions in the implementtions with nturl numers ordingly. The two deterministi implementtions I nd I 2 now differ only in one detil. In I we introdue loop on the trget node under some fresh tion. Clerly, the trget node is rehle in G iff I m I 2. Thus MR D,D is NL-hrd. Corollry 4.4. Prolems MR D,D, TR D,D, MR N,D, TR N,D re NL-omplete. Proof. By Lemm 3., Lemm 3.3, Theorem 4. nd Theorem 4.3. We now ontinue with studying the omplexity of modl refinement for the sitution when the right-hnd side proess my e nondeterministi. First, we prove P-hrdness of the prolem MR D,N. Note tht this ft does not diretly follow from P-hrdness of strong isimilrity euse the redutions provided in [4, 5] use nondeterministi systems on oth sides. Theorem 4.5. The prolem MR D,N is P-hrd. The proof is done y redution from P-omplete prolem mcvp (monotone iruit vlue prolem) [7]. A monotone Boolen iruit is finite direted yli grph in whih the nodes re either of indegree zero (input nodes) or of indegree two nd there is extly one node of outdegree zero (output node). Eh non-input node is lelled either with or. An input of the iruit is n ssignment of vlues 0 or to the input nodes. Given n input, the iruit omputes the output vlue s follows: the vlue of n input node is given y the input ssignment, the vlue of node lelled with or is the onjuntion or disjuntion of vlues of its predeessors, respetively. The output vlue of the iruit is the vlue of the output node. The mcvp prolem is, given monotone Boolen iruit nd its input, to deide whether the output vlue is. An exmple of monotone Boolen iruit with n input ssignment nd omputed vlues t eh node is given in Figure 7(). Given monotone Boolen iruit nd its input, we onstrut two proesses D nd P o. The proess D hs only two trnsitions D D nd D D. The 3

14 proess P o is onstruted s follows. For eh input node u we dd proess P u with the loops P u P u nd P u P u where is the vlue ssigned to the node u. For eh node v lelled with we dd proess P v with trnsitions P v P v, P v P v, P v P v nd P v P v where v nd v re the predeessors of v in the Boolen iruit. Similrly, for eh node w lelled with we dd proess P w with trnsitions P w P w nd P w P w where w nd w re the predeessors of w. We ssume tht P o denotes the proess representing the output node of the iruit. The redution for the mcvp of Figure 7() is illustrted in Figure 7(). We now show the orretness of the redution. Lemm 4.6. The output vlue of the iruit is if nd only if D m P o. Proof. For the if se, suppose tht the output vlue of the iruit is 0. We show tht Attker hs winning strtegy in the modl gme strting from (D, P o ). From eh urrent pir (D, P v ) Attker deides wht to ply ording to the type of node v. If v is lelled with, then t lest one predeessor of v hs vlue 0, sy w, nd Attker hooses P v P w, to whih the Defender responds y plying D D. If v is lelled with, then ll predeessors of v hve vlue 0. Attker then hooses D D, to whih the Defender responds with ny of the two possiilities. Clerly, this wy the ply only proeeds through pirs of proesses (D, P v ) where v hs the vlue 0 nd finlly it rrives into the pir (D, P i ) where i is n input node with ssigned vlue 0. Attker then plys 0 P i P i to whih Defender hs no response nd Attker wins. For the only if se, suppose tht the output vlue of the iruit is. We define modl refinement reltion R y R = {(D, P v ) v is node with vlue }. Clerly, (D, P o ) R s the output of the iruit is. Now suppose tht (D, P v ) R. The only my trnsition of D is D D. If v is n input node then it is n input with ssigned vlue of nd then P v P v nd (D, P v ) R. If v is non-input node then it hs to hve t lest one predeessor with vlue (otherwise it ould not hve the vlue of itself), sy u. Then P v P u nd (D, P u ) R. For the other prt, suppose tht P v P w. But D D nd the must trnsition of P v implies tht v is lelled with, therefore ll its predeessors must hve the vlue of nd (D, P w ) R. Thus D m P o. After we hve shown P-hrdness of the MR D,N prolem, we n onlude with the following orollry of Theorem 4.5 nd Theorem 2.5. Corollry 4.7. The prolems MR D,N nd MR N,N re P-omplete. 4

15 Note tht the omplexity of the TR N,N prolem ws reently settled to EXPTIME-ompleteness [4], improving thus the previously known PSPACEhrdness result [5]. Regrding the TR D,N prolem we know only its ontinment in EXPTIME nd o-np-hrdness [7]. 5. Complexity Results for Common Implementtion Prolem The ommon implementtion prolem (CI for short) is the prolem of deiding, given two or more proesses of modl trnsition systems, whether there is single proess tht implements ll these proesses t the sme time. For the generl se, where proesses n e nondeterministi, it is known tht the CI prolem is EXPTIME-omplete [6] nd if the numer of the proesses is fixed, the prolem is P-omplete. The ontinment in P is proved in [8] nd P-hrdness follows from [4, 5], s isimilrity is speil se of CI for two proesses where oth proesses re implementtions. We will now look t speilized vrint of this prolem, where the given proesses re ssumed to e deterministi. This restrited prolem is lled CI D (or CI k D if the numer of proesses is fixed to e k) nd its forml definition is s follows. CI k D = { D,..., D k I : I D D k nd D,..., D k dmts} CI D = k=2 CI k D When given n instne of the CI D prolem, we will use two prmeters to desrie its size: k the numer of the proesses nd n = D + D D k the size of the whole input. Our first omplexity result is tht the existene of ommon implementtion for proesses D,...,D k n e deided in nondeterministi O(k log n) spe. Proving this lim will give us the following theorem. Theorem 5.. The prolem CI D is in PSPACE. The prolem CI k D (for ny fixed k) is in NL. We show this y reduing the prolem of nonexistene of ommon implementtion to the grph rehility prolem, whih is known to e deidle in nondeterministi O(log N) spe, where N is the size of the grph [7]. The grph we re going to onstrut is of size n k nd moreover, the onstrution n e done on the fly, so tht no dditionl spe is needed, thus yielding the result. The grph we re going to onstrut will hve lels on its edges. This is tehnil detil tht does not influene the omplexity of the grph rehility prolem, ut will prove useful lter, when we disuss the orretness. The si ide of the onstrution is tht the grph represents n implementtion tht in eh step inludes only those trnsitions tht re required y t lest one of the proesses. The mrked nodes then represent situtions where ll these requirements re impossile to stisfy. 5

16 D E,d F D 2 E 2,d D 3 e d E 3 F 3 G 3 Figure 8: Do (D, D 2, D 3 ) hve ommon implementtion? (D, D 2, D 3 ) (E, D 2, D 3 ) (F, E 2, F 3 ) d (F, D 2, G 3 ) I d Figure 9: The grph onstruted for (D, D 2, D 3 ) nd the orresponding ommon implementtion I of (D, D 2, D 3 ). The onstrution is done in the following wy. Eh node of the grph is k-tuple (E,..., E k ), where E i is proess of the MTS underlying D i for ll i. The initil node is (D,..., D k ). Nodes (E,..., E k ) where there exists n tion suh tht E i E i for some i, ut some E j hs no outgoing trnsition, re onsidered mrked. The edges in the grph re defined s follows. (E,..., E k ) (F,..., F k ) i : E i F i nd j : E j F j The onstrution is illustrted in Figures 8 nd 9, where Figure 9 ontins only the nodes rehle from (D, D 2, D 3 ). We shll now prove the following lemm tht sserts orretness of this redution. Lemm 5.2. Proesses D,...,D k hve ommon implementtion if nd only if there re no mrked nodes rehle from the node (D,..., D k ). Proof. For the if se, suppose tht there re no mrked nodes rehle from (D,..., D k ). We show ommon implementtion of ll D i. As it hs lels on its edges, the grph itself my e seen s MTS where =. Then, the node (D,..., D k ) my e seen s proess. We show tht this proess is ommon implementtion of ll D i, i k. Let us so fix ny numer i from to k. We define R i = {( (E,..., E k ), E i ) (E,..., E k ) is node in the grph } 6

17 nd show tht R i is reltion of modl refinement. Clerly ((D,..., D k ), D i ) R i. Suppose tht ((E,..., E k ), E i ) R i. If it is the se tht (E,..., E k ) (F,..., F k ) then lerly E i F i y the definition. Conversely, if E i F i then, s (E,..., E k ) is not mrked, ll E j hve n trnsition to some F j nd therefore (E,..., E k ) (F,..., F k ). For the only if se, we use two oservtions. The first oservtion is tht whenever (E,..., E k ) (F,..., F k ) then ny ommon implementtion I of E,...,E k hs to hve n trnsition to ommon implementtion J of F,...,F k. This is esily seen from the modl gme hrteriztion. As t lest one E i F i, y plying this trnsition Attker enfores I J. By plying I J on the other side, Attker then enfores J to e ommon implementtion of F,...,F k s ll these proesses re deterministi nd Defender hs no other hoie plying on their side. The seond oservtion is tht whenever (G,..., G k ) is mrked node, then there n e no ommon implementtion of G,...,G k whih is ler from the definition of the grph. By onsidering these oservtions together, we n onlude tht if mrked node is rehle from (D,..., D k ) then there n e no ommon implementtion of D,...,D k. We hve thus estlished n upper ound on the omplexity of CI D. As the spe omplexity is polynomil in k nd logrithmi in n, we hve proved Theorem 5.. We shll now prove tht the upper ounds in this theorem re tight, i.e. tht CI D is PSPACE-omplete nd CI k D for ny fixed k is NL-omplete. The ltter lim follows from the ft tht deiding isimilrity on finite deterministi proesses is NL-omplete (see the proof of Theorem 4.3) nd n erlier oservtion tht isimilrity is speil se of ommon implementtion for two proesses, whih re lredy implementtions. Thus, we get the following result. Theorem 5.3. The prolem CI k D for ny fixed k is NL-hrd. The remining hrdness result regrding the CI D prolem is sserted y the following theorem. Theorem 5.4. The prolem CI D is PSPACE-hrd. The proof is done y redution from the eptne prolem for deterministi liner ounded utomt (LBA). A deterministi LBA is tuple M = (Q, Σ, Γ,,, q 0, q, q rej, δ) where Q is finite set of sttes, Σ is finite input lphet, Γ Σ is finite tpe lphet,, Γ\Σ re the left nd right end mrkers, q 0, q, q rej Q re the initil, ept nd rejet sttes, respetively, nd δ : Q \ {q, q rej } Γ Q Γ {L, R} is omputtion step funtion, suh tht whenever δ(q, X) = (q, Y, d) nd one of X, Y is then oth X nd Y re nd d = R; similrly if one of X, Y is then oth X nd Y re nd d = L. We n w.l.o.g. ssume tht the input lphet is inry, tht is Σ = {, } nd tht the tpe lphet only ontins symols from the input lphet nd the end mrkers, tht is Γ = {,,, }. 7

18 A onfigurtion of M is given y the stte, the position of the hed nd the ontent of the tpe; we write it s triple from Q N Γ. A step of omputtion is reltion etween onfigurtions, denoted y, tht is defined using the δ funtion in the usul wy. Given word w Σ, the initil onfigurtion of M is (q 0, 0, w ). A onfigurtion is lled epting, if it is of the form (q, i, z), nd is lled rejeting, if it is of the form (q rej, i, z). A omputtion of M on word w is mximl sequene of onfigurtions tht egins with the initil onfigurtion (q 0, 0, w ) nd suh tht the omputtionl step reltion holds etween ny two suessive onfigurtions. The mhine M epts word w Σ, if the omputtion of M on w ends in n epting onfigurtion. The omputtion of n LBA is unique nd in wht follows we ssume tht it is lwys finite (s ny deterministi LBA with infinite omputtions n e trnsformed into n equivlent non-looping deterministi LBA). The prolem whether given deterministi LBA M epts given word w Σ is PSPACEomplete (see e.g. [7]). We n now proeed with the desription of the redution. Let M e deterministi LBA nd w = w w 2... w n n input word of length n. We onstrut n (n + 3)-tuple of deterministi proesses (D trl, D 0, D,..., D n, D n+ ) suh tht they hve ommon implementtion if nd only if M epts w. Eh of the D i proesses simultes one tpe ell, the D trl proess simultes the ontrol unit nd the hed. The tion lphet of the proesses is At = {,, r,,, t 0, t n+, s 0, s n+ } {t i, s i, s i i n}. For ll i from to n, the MTS underlying D i hs the set of proesses {P, i P i, T, i T i } nd the trnsitions re defined s: P i t i T i P i t i T i T i P i T i P i P i x P i P i s i P i P i s i P i T i P i T i P i P i y P i for ll x At \ {r, t i, s i } nd y At \ {r, t i, s i }. The proess D i is then defined s D i = Pw i i. The proesses D 0 nd D n+ re defined s D 0 = P 0 nd D n+ = P n+ with trnsitions: P 0 P 0 x P 0 t 0 T 0 T 0 T 0 P 0 P n+ y P n+ T n+ P n+ P 0 P n+ t n+ T n+ T n+ P n+ for ll x At \ {r, t 0 } nd y At \ {r, t n+ }. The MTSs underlying D i re shown in Figure 0. The MTS underlying D trl is defined s follows. The set of proesses is {U q,i,α q Q, 0 i n +, α {,,,,?,!}}. The trnsitions re defined s: U q,i,? U q,i,? t i Uq,i,! U q,i,! z U q,i,z U q,i,x s i y U p,j,? t i s i y Uq,i,! U q,i,x U p,j,? U qrej,i,? U qrej,i,? r U qrej,i,? r U qrej,i,? 8

19 P 0 T 0 t 0 At\{r,t 0} P i T i T i t i s i t i P i s i At\{r,t i,s i } At\{r,t i,s i } t n+ T n+ P n+ At\{r,t n+} Figure 0: MTS underlying D 0, D i for i n, nd D n+ t i U q,i,? U q,i,! U q,i, U p,i,? s i s i r U q,i, U qrej,i+,? Figure : An exmple of trnsitions for proesses U q,i,x for ll q Q \ {q, q rej }, 0 i n +, for ll z {,,, } nd for ll x, y {,,, } nd p Q suh tht δ(q, x) = (p, y, d) nd j = i if d = L nd j = i + if d = R. Other proesses (most notly U q,i,?) hve no trnsitions. The proess D trl is then defined s U q0,0,?. This onstrution is illustrted y n exmple in Figure. The depited trnsitions represent the steps δ(q, ) = (p,, L) nd δ(q, ) = (q rej,, R). Wht remins to e proved is the orretness of this onstrution. Before we do tht, we prove useful lemm out orrespondene etween onfigurtion steps nd (n + )-tuples of proesses. This orrespondene is represented y the following mpping ϕ (note tht z 0 = nd z n+ = ). ϕ(q, i, z 0... z n+ ) = (U q,i,?, P 0 z 0,..., P n+ z n+ ) Lemm 5.5. Let (q, i, z) nd (q, i, z ) e two onseutive onfigurtions nd let I e ommon implementtion of ϕ(q, i, z). Then ny pth going out from I hs t lest three trnsitions nd moreover, fter ny three trnsitions the implementtion I hnges into ommon implementtion of ϕ(q, i, z ). Proof. Clerly, if (q, i, z) nd (q, i, z ) re two onseutive onfigurtions then either i = i (nd i ) or i = i+ (nd i n), nd z nd z n only differ on their ith position. Moreover, this step is ording to the funtion δ suh tht δ(q, z i ) = (q, z i, d) where either d = R (if i = i+) or d = L (if i = i ). The proof will use the gme hrteriztion of the modl refinement. Let I e ommon implementtion of (U q,i,?, Pz 0 0,..., Pz n+ n+ ). Attker n fore three steps of I y plying the t i trnsition of U q,i,?, then the z i trnsition 9

20 of Tz i i nd finlly the s i z trnsition of U i q,i,zi. Moreover, I n hve no other ehviour thn tht strting with the sequene t i, z i, s i z nd whenever I does i these three steps, it hnges into J where J is ommon implementtion of (U q,i,?, Pz 0 0,..., Pz i i, Pz i, P i+ i z i+,..., Pz n+ n+ ), whih is extly ϕ(q, i, z ). Both these properties of I n e enfored y Attker plying on the side of I. Lemm 5.6. Let M e deterministi LBA nd w = w w 2... w n. Then M epts w if nd only if (U q0,0,?, P, 0 Pw,..., Pw n n, P n+ ) hve ommon implementtion. Proof. We first note tht there is no ommon implementtion of the proesses (U qrej,p,?, Pz 0 0,..., Pz n+ n+ ) s none of the Pz i i proesses llows the trnsition r wheres U qrej,p,? requires it. On the other hnd there is lwys ommon implementtion of (U q,p,?, Pz 0 0,..., Pz n+ n+ ) it is simply the implementtion with no trnsitions t ll. If M epts w then the existene of ommon implementtion is strightforwrd pplition of Lemm 5.5. For the other diretion, if M rejets w, Lemm 5.5 shows tht ny ommon implementtion must e le to reh stte tht implements (U qrej,i,?, Pz 0 0,..., Pz n+ n+ ), ut there is no suh ommon implementtion. Corollry 5.7. The prolem CI k D is NL-omplete for ny fixed k nd CI D is PSPACE-omplete. 6. Complexity Results for Deterministi Implementtion Prolem In this setion we investigte the prolem whether given olletion of (nondeterministi) proesses hve ommon deterministi implementtion. This prolem is omputtionlly hrd (EXPTIME-omplete) not only for n ritrry numer of proesses ut lso for fixed numer of them. In ft, we show tht it is EXPTIME-omplete even for single proess nd the question whether it hs deterministi implementtion or not. Definition 6.. Let S e (possily nondeterministi) proess. The set of deterministi implementtions of S, denoted y S D, is defined s S D = S dmts. The prolems tht we study in this setion re defined s follows. dci k = { S,..., S k I : I S D S k D } dci = dci k k= We shll now rgue tht dci is EXPTIME-omplete nd lter on use this ft to onlude tht dci k is lso EXPTIME-omplete, even for k =. In order to pture wht ommon deterministi implementtion of given set of (nondeterministi) proesses hs to fulfill, we introdue the following 20

21 notion of possile suessor. Consider deterministi I implementing ll proesses from set S. Then some must -suessor of I hs to implement ll must -suessors of the proesses from S, nd moreover, when some of the proesses in S do not hve ny must -suessors then they need to hve t lest my -suessor in order to mth the must trnsition of the implementtion. We formlize this onsidertion y the following definition of the set of ll possile -suessors of S. MustSu (S) = {S S S : S S } PossileSu (S) = {MustSu (S) T S S. T T : S T } Definition 6.2. A set of deterministilly onsistent susets (DCS) on set of proesses P of n MTS M = (P,, ) is set R P(P ) suh tht for every tion, whenever S R nd MustSu (S) then PossileSu (S) R. In other words, if every ommon implementtion of proesses in S hs to ontinue (one of the proesses hs must trnsition) then there hs to e possile suessor in R, whih thus gin hs deterministi ontinution. Sine the union of DCSs is gin DCS, we n onsider the gretest DCS. Definition 6.3. Let M y MTS. By R M we denote the gretest set of deterministilly onsistent susets of P. Lemm 6.4. Let M e n MTS, then R M ontins preisely those sets of its proesses tht hve ommon deterministi implementtion. Moreover, R M is omputle in EXPTIME. Proof. Soundness. Let S R M. We onstrut deterministi ommon implementtion of ll proesses in S. Let M d = (R M,, ) e n MTS where the trnsitions re given s follows: for every tion nd T R M, if MustSu (T ) then we set T T for some ritrry (ut fixed) T PossileSu (T ). This is deterministi refinement of M with the refining reltion {(T, T ) T R M, T T }, sine trnsition in the implementtion is lwys llowed y ll proesses in T, in prtiulr y T, nd the implementtion inludes ll must-suessors of T, too. Hene S, s proess of M d, is the desired ommon deterministi implementtion of ll proesses from S. Completeness. Let S e set of proesses hving ommon deterministi implementtion I. Assume tht eh proess J rehle from I is lelled y the set of ll proesses of M tht J implements. We show tht the set R, onsisting of ll lels of proesses rehle from I, is DCS on M. For tehnil onveniene, we identify the nmes of the proesses rehle from I with their lels. Sine every T R hs deterministi implementtion, then for eh tion, if MustSu (T ) then there is preisely one -trnsition T T for some T. Beuse T is ommon implementtion of ll proesses from T, we 2

22 S M : T U V M 2 : T S (,) (,2) (,) (,2) (,2) (,) U V Figure 2: Input instne M of CI nd the onstruted instne M B of dci where B = 2. hve MustSu (T ) T nd for every T T there is T T with T T. We n so onlude tht T R. Complexity. We n ompute R M in exponentil time y the stndrd oindutive lgorithm: we egin with inluding ll sets of proesses nd then we keep repetedly removing ny inonsistent sets, until we reh fixed point, giving us extly R M. The exponentil running time follows from the ft tht P(P ) = 2 P. We now turn our ttention to the hrdness of the deterministi ommon implementtion prolem nd provide redution for the EXPTIME-omplete prolem CI (see [6]) to dci. We hve to modify the given instne of ommon implementtion prolem suh tht the instne hs (nondeterministi) ommon implementtion if nd only if the newly onstruted instne of dci hs deterministi ommon implementtion. We proeed in two steps. First, we modify the given proesses (instne of CI) so tht their new must trnsition reltion does not inlude more thn one trnsition under the sme tion while preserving the (non)existene of ommon implementtion. Seond, we prove tht CI nd dci oinide on MTSs with suh must trnsition reltion. We strt with the desription of the modifition of the input proesses for the CI prolem. Let M = (P,, ) e their underlying MTS over n lphet Σ nd let B e the size of the reltion. We ssign different numers from to B to the must trnsitions nd denote this ssignment funtion y f. We now onstrut n MTS M B = (P, B, B ) over the lphet Σ = Σ {,..., B}. The new must trnsitions re now distinguished y their indies, nd ll my trnsitions re now llowed under ll possile indies. Formlly, for every S T we set S (,f(s T )) B T, nd for every S T we set S (,i) B T for ll i B. (,i) (,i) Note tht fter the trnsformtion if S T nd S 2 T 2 then S = S 2 nd T = T 2. An exmple of the redution is given in Figure 2. Lemm 6.5. Proesses S,..., S k P hve ommon implementtion s proesses of M iff they hve ommon implementtion s proesses of M B. 22

23 Proof. For the only if prt, let I e ommon implementtion of S,..., S k s proesses of M. We hnge the leling of the trnsitions so tht it eomes n implementtion I B of S,..., S k P s proesses of M B. If there is n - trnsition in I, we put there (, i)-trnsitions for ll indies i {,..., B}. Now I B is ommon implementtion of S,..., S k in M B sine ll must trnsitions re implemented, nd the my trnsitions in the implementtion I B originted from I, thus eing implementtions of the originl my trnsitions, whih re now llowed s pir with ll possile indies in the seond omponent. For the if prt, s M is equivlent to M B where indies re forgotten, the ommon implementtion of proesses of M B is turned into ommon implementtion of proesses of M simply y forgetting the indies too. In the following, we show tht if there re no must trnsitions under the sme tion, then we n modify ny ommon (nondeterministi) implementtion into deterministi one. Lemm 6.6. Let M = (P,, ) e n MTS suh tht for every proesses S, S 2, T, T 2 P nd ny tion, if S T nd S 2 T 2 then S = S 2 nd T = T 2. Then, for every S,..., S k P, if S... S k then S D... S k D. Proof. Let I e ommon implementtion with R eing refinement reltion ontining (I, S i ) for i k. We show tht we n prune I so tht we get deterministi ommon implementtion. For every proess J from the underlying system of I nd n tion, if there re (unique) T, T P with T T nd (J, T ) R, then there is t lest one J J with (J, T ) R, we keep this -trnsition in J nd omit the others; otherwise, we omit ll - trnsitions from J. We show tht R is still refinement reltion (ontining (I, S i ) for i k). Sine the new my trnsition reltion in I is smller, we only need to show tht ll must trnsitions re still relized. Let (J, T ) R nd T T. Suh T n T re unique, hene the respetive trnsition J J with (J, T ) hs een preserved. Corollry 6.7. The prolem dci is EXPTIME-omplete. Proof. The ontinment follows from Lemm 6.4, nd the hrdness from Lemm 6.5 nd 6.6 nd the ft tht M B hs must trnsition reltion with every trnsition hving unique lel. We re now redy to prove the equivlene of dci nd dci nd onlude with the following theorem. Theorem 6.8. The prolem dci is EXPTIME-omplete. Proof. We show tht dci redues to dci. Consider S,..., S k. We onstrut new proess S suh tht S S, S S 2,..., S S k 23