Regular Properties

Definition 4.27. Nondeterministic B¨ uchi Automaton (NBA)

words, while we need an acceptor for infinite words. Automata models that recognize languages of infinite words are called ω-automata. The accepting runs of anω-automaton have to “check” the entire input word (and not just a finite prefix thereof), and thus have to be infinite. This implies that acceptance criteria for infinite runs are needed.

In this monograph, the simplest variant of ω-automata, called nondeterministic B¨uchi automata (NBAs), suffices. The syntax of NBAs is exactly the same as for nondeterministic finite automata (NFAs). NBAs and NFAs differ, however, in their semantics: the accepted language of an NFAAis a language of finite words, i.e.,L(A)⊆Σ^∗, whereas the accepted language of NBA A (denoted Lω(A) is an ω-language, i.e., Lω(A) ⊆ Σ^ω. The intuitive meaning of the acceptance criterion named after B¨uchi is that the accept set ofA(i.e., the set of accept states in A) has to be visited infinitely often. Thus, the accepted language Lω(A) consists of all infinite words that have a run in which some accept state is visited infinitely often.

Automata on Infinite Words 175 Since the state space Q of an NBA A is finite, each run for an infinite word σ ∈ Σ^ω is infinite, and hence visits some state q ∈ Qinfinitely often. Acceptance of a run depends on whether or not the set of all states that appear infinitely often in the given run contains an accept state. The definition of an NBA allows for the special case whereF =∅, which means that there are no accept states. Clearly, in this case, no run is accepting. Thus Lω(A) =∅ifF =∅. There are also no accepting runs whenever,Q0 =∅as in this case, no word has a run.

Example 4.28.

Consider the NBA of Figure 4.7 with the alphabet Σ ={A,B,C}. The wordC^ω has only

A B

C

B

B q₃ q₂

q₁

Figure 4.7: An example of an NBA.

one run in A, namely q1q1q1q1 . . ., or in short, q₁^ω. Some other runs are q1q2q₃^ω for the wordAB^ω, (q1q1q2q3)^ωfor the word (CABB)^ω, and (q1q2q3)ⁿq₁^ω for the word (ABB)ⁿC^ω where n0.

The runs that go infinitely often through the accept state q3 are accepting. For instance, q1q2q^ω₃ and (q1q1q2q3)^ω are accepting runs. q₁^ω is not an accepting run as it never visits the accept state q3, while runs of the form (q1q2q3)ⁿq^ω₁ are not accepting as they visit the accept state q3 only finitely many times. The language accepted by this NBA is given by theω-regular expression:

C^∗AB

B⁺ + BC^∗ABω

Later in this chapter (page 198 ff.), NBAs are used for the verification of ω-regular prop- erties – in the same vein as NFAs were exploited for the verification of regular safety properties. In that case, Σ is of the form Σ = 2^AP. As explained on page 159, proposi- tional logic formulae are used as a shorthand notation for the transitions of such NBAs.

For instance, ifAP={a, b}, then the labela∨bfor an edge fromq topmeans that there are three transitions from q to p: one for the symbol{a}, one for the symbol {b}, and one for the symbol{a, b}.

Example 4.29. Infinitely Often Green

LetAP={green,red}or any other set containing the propositiongreen. The language of wordsσ =A0A1. . .∈2^AP satisfying the LT property “infinitely oftengreen” is accepted by the NBA Adepicted in Figure 4.8.

q0 q1

green

¬green

¬green green

Figure 4.8: An NBA accepting “infinitely often green”.

The automaton A is in the accept state q1 if and only if the last input set of symbols (i.e., the last setAi) contains the propositional symbolgreen. Therefore,Lω(A) is exactly the set of all infinite words A0A1. . . with infinitely many sets Ai with green ∈ Ai. For example, for the input word

σ = {green} { } {green} { } {green} { }. . .

we obtain the accepting runq0q1q0q1. . .. The same run q0q1q0q1. . . is obtained for the word

σ = ({green,red} { } {green} {red})^ω

or any other word A0A1A2 . . . ∈ (2^AP)^ω with green ∈ A2j and green ∈/ A2j+1 for all j 0.

Example 4.30. Request Response Many liveness properties are of the form

“Whenever some event aoccurs,

some eventb will eventually occur in the future”

For example, the property “once a request is provided, eventually a response occurs” is of this form. An associated NBA with propositions req and resp is indicated in Figure 4.9.

It is assumed that {req,resp} ⊆AP, i.e., we assume the NBA to have alphabet 2^APwith APcontaining at leastreqandresp. It is not difficult to see that this NBA accepts exactly those sequences in which each request is always eventually followed by a response. Note that an infinite trace in which only responses occur, but never a request (or finitely many requests) is also accepting.

Automata on Infinite Words 177

q0 q1

req∧ ¬resp

¬req ∨ resp resp ¬resp

Figure 4.9: An NBA accepting “on each request, eventually a response is provided”.

Remark 4.31. NBA and Regular Safety Properties

In Section 4.2, we have seen that there is a strong relationship between bad prefixes of regular safety properties and NFAs. In fact, there is also a strong relationship between NBAs and regular safety properties. This can be seen as follows. Let Psafe be a regular safety property over AP and A= (Q,2^AP, δ, Q0, F) an NFA recognizing the language of all bad prefixes ofPsafe. Each accept stateqF ∈F may be assumed to be a trapping state, i.e., qF−−→A qF for all A⊆AP. This assumption is justified since each extension of a bad prefix is a bad prefix. (As a bad prefix contains a ”bad” event that causes the violation of P_safe, each extension of this prefix contains this event.)

When interpreting A as an NBA, it accepts exactly the infinite words σ ∈ (2^AP)^ω that violate Psafe, i.e.,

Lω(A) = (2^AP)^ω\Psafe.

Here, it is important that A accepts all bad prefixes, and not just the minimal ones (see Exercise 4.18).

IfAis a total deterministic automaton, i.e., in each state there is a single possible transition for each input symbol, then the NBA obtained by

A =

Q,2^AP, δ, Q0, Q\F

accepts the language Lω

A

=Psafe.

This is exemplified by means of a concrete case. Consider again the property “a red light phase should be immediately preceded by a yellow light phase” for a traffic light system. We have seen before (see Example 4.13 on page 161) that the bad prefixes of this safety property constitute a regular language and are accepted by the NFA shown in Figure 4.10. Note that this NFA is total. Applying the procedure described just above to this automaton yields the NBA depicted in Figure 4.11. It is easy to see that the infinite language accepted by this NBA consists exactly of all sequences of the form σ =A0A1A2. . . such thatred∈Aj implies j >0 and yellow∈Aj−1.

The accepted languages of the NBA examples have so far beenω-regular. It is now shown

q1 q0 red q2

¬red∧yellow

¬yellow

yellow ¬red∧ ¬yellow true

Figure 4.10: An NFA for the set of all bad prefixes of Psafe.

q1 q0 red q2

¬red∧yellow

¬yellow

yellow ¬red∧ ¬yellow true

Figure 4.11: An NBA for the LT property “red should be preceded by yellow”.

that this holds for any NBA. Moreover, it will be shown that any ω-regular language can be described by an NBA. Thus, NBAs are as expressive as ω-regular languages. This result is analogous to the fact that NFAs are as expressive as regular languages, and thus may act as an alternative formalism to describe regular languages. In the same spirit, NBAs are an alternative formalism for describing ω-regular languages. This is captured by the following theorem.

Theorem 4.32. NBAs and ω-Regular Languages

The class of languages accepted by NBAs agrees with the class of ω-regular languages.

The proof of Theorem 4.32 amounts to showing that (1) any ω-regular language is rec- ognized by an NBA (see Corollary 4.38 on page 182) and (2) that the language Lω(A) accepted by the NBA A isω-regular (see Lemma 4.39 on page 183).

We first consider the statement that ω-regular languages are contained in the class of languages recognized by an NBA. The proof of this fact is divided into the following three steps that rely on operations for NBAs to mimic the building blocks of ω-regular expressions:

(1) For any NBAA¹ and A² there exists an NBA accepting Lω(A¹)∪ Lω(A²).

(2) For any regular languageL(of finite words) withε /∈ Lthere exists an NBA accepting L^ω.

Automata on Infinite Words 179 (3) For regular languageL and NBAA there exists an NBA accepting L.Lω(A).

These three results that are proven below form the basic ingredients to construct an NBA for a given ω-regular expression G=E1.F^ω₁ +. . .+En.F^ω_n withε∈Fi. This works as follows. As an initial step, (2) is exploited to construct NBAA1, . . . ,Anfor the expressions F^ω₁, . . . ,F^ω_n. Then, (3) is used to construct an NBA for the expressionsEi.F^ω_i, for 1in.

Finally, these NBA are combined using (1) to obtain an NBA for G.

Let us start with the union operator on two NBAs. Let A¹ = (Q1,Σ, δ1, Q0,1, F1) and A2= (Q2,Σ, δ2, Q0,2, F2) be NBAs over the same alphabet Σ. Without loss of generality, it may be assumed that the state spaces Q1 and Q2 of A1 and A2 are disjoint, i.e., Q1∩Q2 =∅. Let A¹+A² be the NBA with the joint state spaces of A¹ and A², and with all transitions in A1 and A2. The initial states ofA are the initial states of A1 and A2, and similarly, the accept states ofAare the accept states of A1 and A2. That is,

A1+A2 = (Q1∪Q2,Σ, δ, Q0,1∪Q0,2, F1∪F2)

where δ(q,A) =δi(q,A) if q ∈Qi fori=1,2. Clearly, any accepting run in Ai is also an accepting run in A1+A2, and vice versa, each accepting run in A1+A2 is an accepting run in either A¹ orA². This yieldsLω(A¹+A²) =Lω(A¹) ∪ Lω(A²). We thus obtain:

Lemma 4.33. Union Operator on NBA

For NBA A¹ andA² (both over the alphabet Σ) there exists an NBA A such that:

Lω(A) =Lω(A1) ∪ Lω(A2) and |A|=O(|A1|+|A2|).

Now consider (2). We will show that for any regular languageL ⊆Σ^∗there exists an NBA over the alphabet Σ that accepts the ω-regular language L^ω. To do so, we start with a representation of L by an NFAA.

Lemma 4.34. ω-Operator for NFA

For each NFA A withε /∈ L(A) there exists an NBA A such that Lω(A) =L(A)^ω and |A|=O(|A|).

Proof: LetA= (Q,Σ, δ, Q0, F) be an NFA withε /∈ L(A). Without loss of generality, we may assume that all initial states inAhave no incoming transitions and are not accepting.

Any A that does not possess this property, can be modified into an equivalent NFA as follows. Add a new initial (nonaccept) state qnew to Q with the transitions qnew−−→A q if and only if q0−−→A q for some initial state q0 ∈ Q0. All other transitions, as well as the accept states, remain unchanged. The stateqnew is the single initial state of the modified NFA, is not accept, and, clearly, has no incoming transitions. This modification neither affects the accepted language nor the asymptotic size of A.

In the sequel, we assume that A = (Q,Σ, δ, Q0, F) is an NFA such that the states in Q0 do not have any incoming transitions and Q0∩F = ∅. We now construct an NBA A = (Q,Σ, δ, Q₀, F) with Lω(A) =L(A)^ω. The basic idea of the construction of A is to add for any transition in Athat leads to an accept state new transitions leading to the initial states of A. Formally, the transition relation δ in the NBA A is given by

δ(q,A) = δ(q,A) ifδ(q,A)∩F =∅ δ(q,A) ∪ Q0 otherwise.

The initial states in the NBA A agree with the initial states inA, i.e., Q₀ =Q0. These are also the accept states in A, i.e., F =Q0.

Let us check that Lω(A) =L(A)^ω. This is proven as follows.

⊆: Assume that σ ∈ L^ω(A) and let q0q1q2. . . be an accepting run for σ in A. Hence, qi ∈ F = Q0 for infinitely many indices i. Let i0 = 0 < i1 < i2 < . . . be the strictly increasing sequence of natural numbers with {qi₀, qi₁, qi₂, . . .} ⊆ Q0 and qj ∈/ Q0 for all j ∈ IN\ {i0, i1, i2, . . .}. The word σ can be divided into infinitely many nonempty finite subwords wi ∈ Σ^∗ yielding σ = w1w2w3. . . such that qi_k ∈ δ^∗(qi_k−1,wk) for all k 1.

(The extension of δ to a function δ^∗:Q×Σ^∗ →2^Q is as for an NFA, see page 154.) By definition of A and since the states qi_k ∈ Q0 do not have any predecessor in A, we get δ^∗(qi_k−1,wk)∩F =∅. This yieldswk∈ L(A) for all k1, which gives usσ∈ L(A)^ω.

⊇: Let σ=w1w2w3. . .∈Σ^ω such thatwk∈ L(A) for allk1. For each k, we choose an accepting run q^k₀q₁^k. . . q^k_nk for wk inA. Hence, q₀^k ∈Q0 and q_n^k_k ∈F. By definition of A, we have q₀^k+1∈δ^∗(q^k₀,w_k) for allk1. Thus,

q₀¹. . . q¹_n1−1q²₀. . . q_n²₂₋₁q³₀. . . q_n³₃₋₁. . . is an accepting run for σ inA. Hence, σ∈ Lω(A).

Example 4.35. ω-Operator for an NFA

Consider the NFA depicted in the left upper part of Figure 4.12. It accepts the language A^∗B. In order to obtain an NBA recognizing (A^∗B)^ω, we first apply the transformation