Regular Properties

Definition 4.9. Deterministic Finite Automaton (DFA)

LetA= (Q,Σ, δ, Q0, F) be an NFA.Ais calleddeterministicif|Q0|1 and|δ(q,A)|1 for all states q ∈ Q and all symbols A ∈ Σ. We will use the abbreviation DFA for a deterministic finite automaton.

Automata on Finite Words 157 DFAA is called total if|Q0|= 1 and |δ(q,A)|= 1 for allq ∈Q and allA∈Σ.

Stated in words, an NFA is deterministic if it has at most a single initial state and if for each symbolAthe successor state of each state q is either uniquely defined (if |δ(q,A)|= 1) or undefined (if δ(q,A) =∅). Total DFAs provide unique successor states, and thus, unique runs for each input word. Any DFA can be turned into an equivalent total DFA by simply adding a nonfinal trap state, qtrap say, that is equipped with a self-loop for any symbol A∈Σ. From any stateq=qtrap, there is a transition toqtrap for any symbolA for which q has noA-successor in the given nontotal DFA.

Total DFA are often written in the formA= (Q,Σ, δ, q0, F) whereq0 stands for the unique initial state and δ is a (total) transition function δ : Q×Σ → Q. Also, the extended transition function δ^∗ of a total DFA can be viewed as a total functionδ^∗ :Q×Σ^∗ →Q, which for given state q and finite word w returns the unique state p = δ^∗(q,w) that is reached from state q for the input wordw. In particular, the accepted language of a total DFAA= (Q,Σ, δ, q0, F) is given by

L(A) ={w∈Σ^∗|δ^∗(q0,w)∈F}.

The observation that total DFAs have exactly one runfor each input word allows comple- menting a total DFAAby simply declaring all states to be final that are nonfinal inAand vice versa. Formally, if A= (Q,Σ, δ, q0, F) is a total DFA thenA= (Q,Σ, δ, q0, Q\F) is a total DFA withL(A) = Σ^∗\ L(A). Note that the operatorA → Aapplied to a nontotal DFA (or NFA with proper nondeterministic choices) fails to provide an automaton for the complement language (why?).

It remains to explain how to construct for a given NFAA= (Q,Σ, δ, Q0, F) an equivalent total DFA Adet. This can be done by a powerset construction, also often called asubset construction, since the states of Adet are the subsets of Q. This allows Adet to simulate A by moving the prefixes A1. . .Ai of the given input word w = A1. . .An ∈ Σ to the set of states that are reachable in A for A1. . .Ai. That is, Adet starts in Q0, the set of initial states in A. If Adet is in state Q (which is a subset of A’s state space Q), then Adet moves the input symbolA to Q =

q∈Qδ(q,A). If the input word has been consumed and Adet is in a state Q that contains a state in A’s set of accept states, then Adet accepts. The latter means that there exists an accepting run inAfor the given input word wthat ends in an accept state, and hence, w∈ L(A). The formal definition ofAdet

is Adet = (2^Q,Σ, δdet, Q0, Fdet) where

F_det ={Q⊆Q|Q ∩ F =∅}

and where the total transition functionδdet : 2^Q×Σ→2^Q is defined by δ_det(Q,A) =

q∈Q

δ(q,A).

Clearly, Adet is a total DFA and, for all finite words w∈Σ^∗, we have δ_det^∗ (Q0,w) =

q0∈Q0

δ^∗(q0,w).

Thus, by Lemma 4.5, L(Adet) =L(A).

Example 4.10. Determinizing a Nondeterministic Finite Automaton

Consider the NFA depicted in Figure 4.1 on page 153. This automaton is not deterministic as on input symbol B in state q0 the next state is not uniquely determined. The total DFA that is obtained through the powerset construction is depicted in Figure 4.2.

{q0} {q0, q1}

{q0, q2} {q₀, q₁, q₂} A

B B

A B A

A

B

Figure 4.2: A DFA accepting L((A+B)^∗B(A+B)).

The powerset construction yields a total DFA that is exponentially larger than the orig- inal NFA. In fact, although DFAs and NFAs have the same power (both are equivalent formalisms for regular languages), NFAs can be much more efficient. The regular language given by the regular expression Ek = (A+B)^∗B(A+B)^k (where k is a natural number) is accepted by an NFA with k+2 states (namely?), but it can be shown that there is no equivalent DFA with less than 2^kstates. The intuitive argument for the latter is that each DFA forL(Ek) needs to “remember” the positions of the symbolBamong the lastkinput symbols which yields Ω(2^k) states.

We finally mention that for any regular languageLthere is a unique DFAAwithL=L(A) where the number of states is minimal under all DFAs for L. Uniqueness is understood up to isomorphism, i.e., renaming of the states. (This does not hold for NFA. Why?) There is an algorithm to minimize a given DFA with N states into its equivalent minimal DFA which is based on partition refinement and takes O(N·logN) time in the worst case.

The concepts of this minimization algorithm are outside the scope of this monograph and can be found in any textbook on automata theory. However, in Chapter 7 a very similar partitioning-refinement algorithm will be presented for bisimulation minimization.

Model-Checking Regular Safety Properties 159

4.2 Model-Checking Regular Safety Properties

In this section, it will be shown how NFAs can be used to check the validity of an important class of safety properties. The main characteristic of these safety properties is that all their bad prefixes constitute a regular language. The bad prefixes of these so-called regular safety properties can thus be recognized by an NFA. The main result of this section is that checking a regular safety property on a finite transition system can be reduced to invariant checking on the product of TS and an NFA A for the bad prefixes. Stated differently, if one wants to check whether a regular safety property holds forTS, it suffices to perform a reachability analysis in the productTS⊗Ato check a corresponding invariant on TS⊗ A.

4.2.1 Regular Safety Properties

Recall that safety properties are LT properties, i.e., sets of infinite words over 2^AP, such that every trace that violates a safety property has a bad prefix that causes a refutation (cf. Definition 3.22 on page 112). Bad prefixes are finite, and thus the set of bad prefixes constitutes a language of finite words over the alphabet Σ = 2^AP. That is, the input symbols A ∈ Σ of the NFA are now sets of atomic propositions. For instance, if AP = {a, b}, then Σ ={A1,A2,A3,A4}consists of the four input symbolsA1 ={},A2 ={a}, A3={b}, andA4 ={a, b}.¹