Automata theory - TUM

Automata theoryAn algorithmic approach

0

Lecture Notes

Javier Esparza

February 15, 2021

2

3

Please read this!

Many years ago — I don’t want to say how many, it’s depressing — I taught a course on theautomata-theoretic approach to model checking at the Technical University of Munich, basing iton lectures notes for another course on the same topic that Moshe Vardi had recently taught inIsrael. Between my lectures I extended and polished the notes, and sent them to Moshe. At thattime he and Orna Kupferman were thinking of writing a book, and the idea came up of doing ittogether. We made some progress, but life and other work got in the way, and the project has beenpostponed so many times that it I don’t dare to predict a completion date.

Some of the work that got in the way was the standard course on automata theory in Munich,which I have been teaching for a number of years. The syllabus of the course both automata onfinite and infinite words, and for the latter I used our notes. Each time I had to teach the courseagain, I took the opportunity to add some new material about automata on finite words, which alsorequired to reshape the chapters on infinite words, and the notes kept growing and evolving. Nowthey’ve reached the point where they are in sufficiently good shape to be shown not only to mystudents, but to a larger audience. So, after getting Orna and Moshe’s very kind permission, I’vedecided to make them available here.

Despite several attempts I haven’t yet convinced Orna and Moshe to appear as co-authors of thenotes. But I don’t give up: apart from the material we wrote together, their influence on the rest ismuch larger than they think. Actually, my secret hope is that after they see this material in my homepage we’ll finally manage to gather some morsels of time here and there and finish our joint project.If you think we should do so, tell us! Send an email to: [email protected], [email protected], [email protected].

Sources

I haven’t yet compiled a careful list of the sources I’ve used, but I’m listing here the main ones. Iapologize in advance for any omissions.

• The chapter on automata for fixed-length languages (“Finite Universes’)’ was very influ-enced by Henrik Reif Andersen’s beautiful introduction to Binary Decision Diagrams, avail-able at www.itu.dk/courses/AVA/E2005/bdd-eap.pdf.

• The short chapter on pattern matching is influenced by David Eppstein’s lecture notes for hiscourse on Design and Analysis of Algorithms, see http://www.ics.uci.edu/ eppstein/teach.html.

• As mentioned above, the chapters on operations for Buchi automata and applications toverification are heavily based on notes by Orna Kupferman and Moshe Vardi.

• The chapter on the emptiness problem for Buchi automata is based on several research pa-pers:

4

– Jean-Michel Couvreur: On-the-Fly Verification of Linear Temporal Logic. WorldCongress on Formal Methods 1999: 253-271

– Jean-Michel Couvreur, Alexandre Duret-Lutz, Denis Poitrenaud: On-the-Fly Empti-ness Checks for Generalized Buchi Automata. SPIN 2005: 169-184.

– Kathi Fisler, Ranan Fraer, Gila Kamhi, Moshe Y. Vardi, Zijiang Yang: Is There a BestSymbolic Cycle-Detection Algorithm? TACAS 2001:420-434

– Jaco Geldenhuys, Antti Valmari: More efficient on-the-fly LTL verification with Tar-jan’s algorithm. Theor. Comput. Sci. (TCS) 345(1):60-82 (2005)

– Stefan Schwoon, Javier Esparza: A Note on On-the-Fly Verification Algorithms. TACAS2005:174-190.

and on lecture notes by Stefan Schwoon.

• The chapter on Linear Arithmetic is heavily based on the work of Bernard Boigelot, PierreWolper, and their co-authors, in particular the paper “An effective decision procedure forlinear arithmetic over the integers and reals”, published in ACM. Trans. Comput. Logic 6(3)in 2005.

Acknowledgments

I thank Orna Kupferman and Moshe Vardi for all the reasons explained above (if you haven’tread the section “Please read this” yet, please do it now!). Many thanks to Michael Blondin, JorgKreiker, Jan Kretinsky, Michael Luttenberger, and Salomon Sickert for many discussions on thetopic of this notes, and for their contributions to several chapters. All five of them helped me toteach the automata course of different ocassions. In particular, Jan contributed a lot to the chapteron pattern matching. Breno Faria helped to draw many figures. He was funded by a program ofthe Computer Science Department Technical University of Munich. Thanks also to Hardik Arora,Joe Bedard, Fabio Bove, Birgit Engelmann, Moritz Fuchs, Matthias Heizmann, Stefan Krusche,Philipp Muller, Martin Perzl, Marcel Ruegenberg, Franz Saller, Hayk Shoukourian, Radu Vintan,and Daniel Weißauer, who provided very helpful comments.

Contents

1 Introduction and Outline 13

I Automata on Finite Words 19

2 Automata Classes and Conversions 212.1 Regular expressions: a language to describe languages . . . . . . . . . . . . . . . 212.2 Automata classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

2.2.1 Deterministic finite automata . . . . . . . . . . . . . . . . . . . . . . . . . 222.2.2 Non-deterministic finite automata . . . . . . . . . . . . . . . . . . . . . . 272.2.3 Non-deterministic finite automata with ε-transitions . . . . . . . . . . . . . 282.2.4 Non-deterministic finite automata with regular expressions . . . . . . . . . 292.2.5 A normal form for automata . . . . . . . . . . . . . . . . . . . . . . . . . 30

2.3 Conversion Algorithms between Finite Automata . . . . . . . . . . . . . . . . . . 302.3.1 From NFA to DFA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312.3.2 From NFA-ε to NFA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

2.4 Conversion algorithms between regular expressions and automata . . . . . . . . . 382.4.1 From regular expressions to NFA-ε . . . . . . . . . . . . . . . . . . . . . 382.4.2 From NFA-ε to regular expressions . . . . . . . . . . . . . . . . . . . . . 41

2.5 A Tour of Conversions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

3 Minimization and Reduction 573.1 Minimal DFAs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 583.2 Minimizing DFAs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

3.2.1 Computing the language partition . . . . . . . . . . . . . . . . . . . . . . 633.2.2 Quotienting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 663.2.3 Hopcroft’s algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

3.3 Reducing NFAs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 703.3.1 The reduction algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

3.4 A Characterization of the Regular Languages . . . . . . . . . . . . . . . . . . . . 73

5

6 CONTENTS

4 Operations on Sets: Implementations 834.1 Implementation on DFAs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

4.1.1 Membership. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 844.1.2 Complement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 844.1.3 Binary Boolean Operations . . . . . . . . . . . . . . . . . . . . . . . . . . 854.1.4 Emptiness. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 884.1.5 Universality. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 884.1.6 Inclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 894.1.7 Equality. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

4.2 Implementation on NFAs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 904.2.1 Membership. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 904.2.2 Complement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 914.2.3 Union and intersection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 924.2.4 Emptiness and Universality. . . . . . . . . . . . . . . . . . . . . . . . . . 944.2.5 Inclusion and Equality. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

5 Applications I: Pattern matching 1075.1 The general case . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1075.2 The word case . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

5.2.1 Lazy DFAs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

6 Operations on Relations: Implementations 1196.1 Encodings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1206.2 Transducers and Regular Relations . . . . . . . . . . . . . . . . . . . . . . . . . . 1216.3 Implementing Operations on Relations . . . . . . . . . . . . . . . . . . . . . . . . 123

6.3.1 Projection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1236.3.2 Join, Post, and Pre . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

6.4 Relations of Higher Arity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

7 Finite Universes 1377.1 Fixed-length Languages and the Master Automaton . . . . . . . . . . . . . . . . . 1377.2 A Data Structure for Fixed-length Languages . . . . . . . . . . . . . . . . . . . . 1397.3 Operations on fixed-length languages . . . . . . . . . . . . . . . . . . . . . . . . 1417.4 Determinization and Minimization . . . . . . . . . . . . . . . . . . . . . . . . . . 1477.5 Operations on Fixed-length Relations . . . . . . . . . . . . . . . . . . . . . . . . 1487.6 Decision Diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

7.6.1 Decision Diagrams and Kernels . . . . . . . . . . . . . . . . . . . . . . . 1557.6.2 Operations on Kernels . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

CONTENTS 7

8 Applications II: Verification 1678.1 The Automata-Theoretic Approach to Verification . . . . . . . . . . . . . . . . . . 1678.2 Programs as Networks of Automata . . . . . . . . . . . . . . . . . . . . . . . . . 169

8.2.1 Parallel Composition of Languages . . . . . . . . . . . . . . . . . . . . . 1738.2.2 Asynchronous Product . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1748.2.3 State- and action-based properties. . . . . . . . . . . . . . . . . . . . . . . 176

8.3 Concurrent Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1768.3.1 Expressing and Checking Properties . . . . . . . . . . . . . . . . . . . . . 178

8.4 Coping with the State-Explosion Problem . . . . . . . . . . . . . . . . . . . . . . 1808.4.1 On-the-fly verification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1808.4.2 Compositional Verification . . . . . . . . . . . . . . . . . . . . . . . . . . 1828.4.3 Symbolic State-space Exploration . . . . . . . . . . . . . . . . . . . . . . 184

8.5 Safety and Liveness Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

9 Automata and Logic 1979.1 First-Order Logic on Words . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

9.1.1 Expressive power of FO(Σ) . . . . . . . . . . . . . . . . . . . . . . . . . 2009.2 Monadic Second-Order Logic on Words . . . . . . . . . . . . . . . . . . . . . . . 201

9.2.1 Expressive power of MSO(Σ) . . . . . . . . . . . . . . . . . . . . . . . . . 202

10 Applications III: Presburger Arithmetic 21910.1 Syntax and Semantics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21910.2 An NFA for the Solutions over the Naturals . . . . . . . . . . . . . . . . . . . . . 221

10.2.1 Equations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22510.3 An NFA for the Solutions over the Integers . . . . . . . . . . . . . . . . . . . . . 226

10.3.1 Equations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22910.3.2 Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

II Automata on Infinite Words 235

11 Classes of ω-Automata and Conversions 23711.1 ω-languages and ω-regular expressions . . . . . . . . . . . . . . . . . . . . . . . 23711.2 Buchi automata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

11.2.1 From ω-regular expressions to NBAs and back . . . . . . . . . . . . . . . 24011.2.2 Non-equivalence of NBAs and DBAs . . . . . . . . . . . . . . . . . . . . 243

11.3 Generalized Buchi automata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24311.4 Other classes of ω-automata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

11.4.1 Co-Buchi Automata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24511.4.2 Muller automata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24911.4.3 Rabin automata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

8 CONTENTS

11.4.4 Streett automata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25411.4.5 Parity automata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25511.4.6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

12 Boolean operations: Implementations 26112.1 Union and intersection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26112.2 Complement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264

12.2.1 The problems of complement . . . . . . . . . . . . . . . . . . . . . . . . 26412.2.2 Rankings and level rankings . . . . . . . . . . . . . . . . . . . . . . . . . 26612.2.3 A complement automaton . . . . . . . . . . . . . . . . . . . . . . . . . . 27012.2.4 The size of A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273

13 Emptiness check: Implementations 27913.1 Algorithms based on depth-first search . . . . . . . . . . . . . . . . . . . . . . . . 279

13.1.1 The nested-DFS algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . 28213.1.2 An algorithm based on strongly connected components . . . . . . . . . . . 287

13.2 Algorithms based on breadth-first search . . . . . . . . . . . . . . . . . . . . . . . 29713.2.1 Emerson-Lei’s algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . 29813.2.2 A Modified Emerson-Lei’s algorithm . . . . . . . . . . . . . . . . . . . . 30013.2.3 Comparing the algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . 302

14 Applications I: Verification and Temporal Logic 30514.1 Automata-Based Verification of Liveness Properties . . . . . . . . . . . . . . . . . 305

14.1.1 Checking Liveness Properties . . . . . . . . . . . . . . . . . . . . . . . . 30614.2 Linear Temporal Logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30914.3 From LTL formulas to generalized Buchi automata . . . . . . . . . . . . . . . . . 312

14.3.1 Satisfaction sequences and Hintikka sequences . . . . . . . . . . . . . . . 31214.3.2 Constructing the NGA for an LTL formula . . . . . . . . . . . . . . . . . 31614.3.3 Size of the NGA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

14.4 Automatic Verification of LTL Formulas . . . . . . . . . . . . . . . . . . . . . . . 319

15 Applications II: Monadic Second-Order Logic and Linear Arithmetic 32715.1 Monadic Second-Order Logic on ω-Words . . . . . . . . . . . . . . . . . . . . . . 327

15.1.1 Expressive power of MSO(Σ) on ω-words . . . . . . . . . . . . . . . . . . 32815.2 Linear Arithmetic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329

15.2.1 Encoding Real Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . 32915.2.2 Constructing an NBA for the Real Solutions . . . . . . . . . . . . . . . . . 33115.2.3 An NBA for the Solutions of a · xF ≤ β . . . . . . . . . . . . . . . . . . . 333

CONTENTS 9

III Solutions to exercises 337

Solutions for Chapter 2 339














10 CONTENTS

Why this book?

There are excellent textbooks on automata theory, ranging from course books for undergraduatesto research monographies for specialists. Why another one?

During the late 1960s and early 1970s the main application of automata theory was the de-velopment of lexicographic analyzers, parsers, and compilers. Analyzers and parsers determinewhether an input string conforms to a given syntax, while compilers transform strings conformingto a syntax into equivalent strings conforming to another. With these applications in mind, it is nat-ural to look at automata as abstract machines that accept, reject, or transform input strings, and thisview deply influenced the textbook presentation of automata theory. Results about the expressivepower of machines, equivalences between models, and closure properties, received much attention,while constructions on automata, like the powerset or product construction, often played a subor-dinate role as proof tools. To give a simple example, in many textbooks of the time—and in latertextbooks written in the same style—the product construction is not introduced as an algorithmthat, given two NFAs recognizing languages L1 and L2, constructs a third NFA recognizing theirintersection L1 ∩ L2. Instead, the text contains a theorem stating that regular languages are closedunder intersection, and the product construction is hidden in its proof. Moreover, it is not presentedas an algorithm, but as the mathematical, static definition of the sets of states, transition relation,etc. of the product automaton. Sometimes, the simple but computationally important fact that onlystates reachable from the initial state need be constructed is not even mentioned.

I claim that this presentation style, summarized by the slogan automata as abstract machines,is no longer adequate. In the second half of the 1980s and in the 1990s program verificationemerged as a new and exciting application of automata theory. Automata were used to describe thebehaviour—or intended behaviour—of hardware and software systems, not their syntax, and thisshift from syntax to semantics had important consequences. While automata for lexical or syntac-tical analysis typically have at most some thousands of states, automata for semantic descriptionscan easily have tens of millions. In order to handle automata of this size it became imperative topay special attention to efficient constructions and algorithmic issues, and research in this directionmade great progress. Moreover, automata on infinite words, a class of automata models originallyintroduced in the 60s to solve abstract problems in logic, became necessary to specify and verifyliveness properties of software. These automata run over words of infinite length, and so they canhardly be seen as machines accepting or rejecting an input: they could only do so after infinitetime!

11

12 CONTENTS

This book intends to reflect the evolution of automata theory. Modern automata theory putsmore emphasis on algorithmic questions, and less on expressivity. This change of focus is capturedby the new slogan automata as data structures. Just as hash tables and Fibonacci heaps are bothadequate data structures for representing sets depending when the operations one needs are those ofa dictionary or a priority queue, automata are the right data structure for represent sets and relationswhen the required operations are union, intersection, complement, projections and joins. In thisview the algorithmic implementation of the operations gets the limelight, and, as a consequence,they constitute the spine of this book.

The shape of the book is also very influenced by two further design decisions. First, experiencetells that automata-theoretic constructions are best explained by means of examples, and that exam-ples are best presented with the help of pictures. Automata on words are blessed with a graphicalrepresentation of instantaneous appeal. We have invested much effort into finding illustrative, non-trivial examples whose graphical representation stillfits in one page. Second, for students learningdirectly from a book, solved exercises are a blessing, an easy way to evaluate progress. Moreover,thay can also be used to introduce topics that, for expository reasons, cannot be presented in themain text. The book contains a large number of solved exercises ranging from simple applicationsof algorithms to relatively involved proofs.

Chapter 1

Introduction and Outline

Courses on data structures show how to represent sets of objects in a computer so that operationslike insertion, deletion, lookup, and many others can be efficiently implemented. Typical represen-tations are hash tables, search trees, or heaps.

These lecture notes also deal with the problem of representing and manipulating sets, but withrespect to a different set of operations: the boolean operations of set theory (union, intersection,and complement with respect to some universe set), some tests that check basic properties (ifa set is empty, if it contains all elements of the universe, or if it is contained in another one), andoperations on relations. Table 1.1 formally defines the operations to be supported, where U denotessome universe of objects, X,Y are subsets of U, x is an element of U, and R, S ⊆ U ×U are binaryrelations on U:Observe that many other operations, for example set difference, can be reduced to the ones above.Similarly, operations on n-ary relations for n ≥ 3 can be reduced to operations on binary relations.

An important point is that we are not only interested on finite sets, we wish to have a datastructure able to deal with infinite sets over some infinite universe. However, a simple cardinalityargument shows that no data structure can provide finite representations of all infinite sets: aninfinite universe has uncountably many subsets, but every data structure mapping sets to finiterepresentations only has countably many instances. (Loosely speaking, there are more sets to berepresented than representations available.) Because of this limitation every good data structurefor infinite sets must find a reasonable compromise between expressibility (how large is the set ofrepresentable sets) and manipulability (which operations can be carried out, and at which cost).These notes present the compromise offered by word automata, which, as shown by 50 years ofresearch on the theory of formal languages, is the best one available for most purposes. Wordautomata, or just automata, represent and manipulate sets whose elements are encoded as words,i.e., as sequences of letters over an alphabet1.

Any kind of object can be represented by a word, at least in principle. Natural numbers, for

1There are generalizations of word automata in which objects are encoded as trees. The theory of tree automata isalso very well developed, but not the subject of these notes. So we shorten word automaton to just automaton.

13

14 CHAPTER 1. INTRODUCTION AND OUTLINE

Operations on setsComplement(X) : returns U \ X.Intersection(X, Y) : returns X ∩ Y .Union(X, Y) : returns X ∪ Y .

Tests on setsMember(x, X) : returns true if x ∈ X, false otherwise.Empty(X) : returns true if X = ∅, false otherwise.Universal(X) : returns true if X = U, false otherwise.Included(X,Y) : returns true if X ⊆ Y , false otherwise.Equal(X,Y) : returns true if X = Y , false otherwise.

Operations on relationsProjection 1(R) : returns the set π1(R) = x | ∃y (x, y) ∈ R.Projection 2(R) : returns the set π2(R) = y | ∃x (x, y) ∈ R.Join(R, S ) : returns the relation R S = (x, z) | ∃y ∈ X (x, y) ∈ R ∧ (y, z) ∈ S Post(X, R) : returns the set postR(X) = y ∈ U | ∃x ∈ X (x, y) ∈ R.Pre(X, R) : returns the set preR(X) = y ∈ U | ∃x ∈ X (y, x) ∈ R.

Table 1.1: Operations and tests for manipulation of sets and relations

instance, are represented in computer science as sequences of digits, i.e., as words over the al-phabet of digits. Vectors and lists can also be represented as words by concatenating the wordrepresentations of their elements. As a matter of fact, whenever a computer stores an object in afile, the computer is representing it as a word over some alphabet, like ASCII or Unicode. So wordautomata are a very general data structure. However, while any object can be represented by aword, not every object can be represented by a finite word, that is, a word of finite length. Typicalexamples are real numbers and non-terminating executions of a program. When objects cannot berepresented by finite words, computers usually only represent some approximation: a float insteadof a real number, or a finite prefix instead of a non-terminating computation. In the second part ofthe notes we show how to represent sets of infinite objects exactly using automata on infinite words.While the theory of automata on finite words is often considered a “gold standard” of theoreticalcomputer science—a powerful and beautiful theory with lots of important applications in manyfields—automata on infinite words are harder, and their theory does not achieve the same degree of“perfection”. This gives us a structure for Part II of the notes: we follow the steps of Part I, alwayscomparing the solutions for infinite words with the “gold standard”.

Outline

Part I presents data structures and algorithms for the well-known class of regular languages.

15

Chapter 2 introduces the classical data structures for the representation of regular languages: reg-ular expressions, deterministic finite automata (DFA), nondeterministic finite automata (NFA), andnondeterministic automata with ε-transitions. We refer to all of them as automata. The chapterpresents some examples showing how to use automata to finitely represent sets of words, num-bers or program states, and describes conversions algorithms between the representations. Allalgorithms are well known (and can also be found in other textbooks) with the exception of thealgorithm for the elimination of ε-transitions.Chapter 3 address the issue of finding small representations for a given set. It shows that there is aunique minimal representation of a language as a DFA, and introduces the classical minimizationalgorithms. It then shows how to the algorithms can be extended to reduce the size of NFAs.Chapter 4 describes algorithms implementing boolean set operations and tests on DFAs and NFAs.It includes a recent, simple improvement in algorithms for universality and inclusion.Chapter 5 presents a first, classical application of the techniques and results of Chapter 4: PatternMatching. Even this well-known problem gets a new twist when examined from the automata-as-data-structures point of view. The chapter presents the Knuth-Morris-Pratt algorithm as the designof a new data structure, lazy DFAs, for which the membership operation can be performed veryefficiently.Chapter 6 shows how to implement operations on relations. It discusses the notion of encoding(which requires more care for operations on relatrions than for operations on sets), and introducestransducers as data structure.Chapter 7 presents automata data structures for the important special case in which the universeU of objects is finite. In this case all objects can be encoded by words of the same length, and theset and relation operations can be optimized. In particular, one can then use minimal DFAs as datastructure, and directly implement the algorithms without using any minimization algorithm. In thesecond part of the chapter, we show that (ordered) Binary Decision Diagrams (BDDs) are just afurther optimization of minimal DFAs as data structure. We introduce a slightly more general classof deterministic automata, and show that the minimal automaton in this more general class (whichis also unique) has at most as many states as the minimal DFA. We then show how to implementthe set and relation operations for this new representation.Chapter 8 applies nearly all the constructions and algorithms of previous chapters to the problemof verifying safety properties of sequential and concurrent programs with bounded-range variables.In particular, the chapter shows how to model concurrent programs as networks of automata, howto express safety properties using automata or regular expressions, and how to automatically checkthe properties using thealgorithmic constructions of previous chapters.Chapter 9 introduces first-order logic (FOL) and monadic-second order logic (MSOL) on words asrepresentation allowing us to described a regular language as the set of words satisfying a property.The chapter shows that FOL cannot describe all regular languages, and that MSOL does.Chapter 10 introduces Presburger arithmetic, and an algorithm to computes an automaton en-coding all the solutions of a given formula. In particular, it presents an algorithm to compute anautomaton for the solutions of a linear inequality over the naturals or over the integers.


Part II presents data structures and algorithms for ω-regular languages.

Chapter 11 introduces ω-regular expressions and several different classes of ω-automata: de-terministic and nondterministic Buchi, generalized Buchi, co-Buchi, Muller, Rabin, and Streetautomata. It explains the advantages and disadvantages of each class, in particular whether theautomata in the class can be determinized, and presents conversion algorithms between the classes.Chapter 12 presents implementations of the set operations (union, intersection and complementa-tion) for Buchi and generalized Buchi automata. In particular, it presents in detail a complementa-tion algorithm for Buchi automata.Chapter 13 presents different implementations of the emptiness test for Buchi and generalizedBuchi automata. The first part of the chapter presents two linear-time implementations based ondepth-first-search (DFS): the nested-DFS algorithm and the two-stack algorithm, a modificationof Tarjan’s algorithm for the computation of strongly connected components. The second partpresents further implemntations based on breadth-first-search.Chapter 14 applies the algorithms of previous chapters to the problem of verifying liveness prop-erties of programs. After an introductory example, the chapter presents Linear Temporal Logicas property specification formalism, and shows how to algorithmically translate a formula into anequivalent Buchi automaton, that is, a Buchi automaton recognizing the language of all words sat-isfying the formula. The verification algorithm can then be reduced to a combination of the booleanoperations and emptiness check.Chapter 15 extends the logic approach to regular languages studied in Chapters 9 and 10 to ω-words. The first part of the chapter introduces monadic second-order logic on ω-words, and showshow to construct a Buchi automaton recognizing the set of words satisfying a given formula. Thesecond part introduces linear arithmetic, the first-order theory of thereal numbers with addition,and shows how to construct a Buchi automaton recognizing the encodings of all the real numberssatisfying a given formula.

Legend

Explain exercises sys-tem here and remove“for authors” instruc-tions.

Difficulty Symbol For authors

Easy \beginexeasy

Medium \beginexmedium

Harder \beginexhard

Type Symbol

General \beginex

Construction \beginexconstruct

Algorithm design ` \beginexalgorithm

Algorithm execution 3 \beginexmechanical

Proofs \beginexproof

Extra material \beginexextra

17


Part I

Automata on Finite Words

19

Chapter 2

Automata Classes and Conversions

In Section 2.1 we introduce basic definitions about words and languages, and then introduce reg-ular expressions, a textual notation for defining languages of finite words. Like any other formalnotation, it cannot be used to define each possible language. However, the next chapter shows thatthey are an adequate notation when dealing with automata, since they define exactly the languagesthat can be represented by automata on words.

2.1 Regular expressions: a language to describe languages

An alphabet is a finite, nonempty set. The elements of an alphabet are called letters. A finite,possibly empty sequence of letters is a word. A word a1a2 . . . an has length n. The empty word isthe only word of length 0 and it is written ε. The concatenation of two words w1 = a1 . . . an andw2 = b1 . . . bm is the word w1w2 = a1 . . . anb1 . . . bm, sometimes also denoted by w1 · w2. Noticethat ε · w = w = w · ε = w. For every word w, we define w0 = ε and wk+1 = wkw.

Given an alphabet Σ, we denote by Σ∗ the set of all words over Σ. A set L ⊆ Σ∗ of words is alanguage over Σ.

The complement of a language L is the language Σ∗ \ L, which we often denote by L (noticethat this notation implicitly assumes the alphabet Σ is fixed). The concatenation of two languagesL1 and L2 is L1 · L2 = w1w2 ∈ Σ∗ | w1 ∈ L1,w2 ∈ L2. The iteration of a language L ⊆ Σ∗ is thelanguage L∗ =

⋃i≥0 Li, where L0 = ε and Li+1 = Li · L for every i ≥ 0.

In this book we use automata to represent sets of objects encoded as languages. Languages canbe mathematically described using the standard notation of set theory, but this is often cumbersome.For a concise description of simple languages, regular expressions are often the most suitablenotation.

Definition 2.1 Regular expressions r over an alphabet Σ are defined by the following grammar,where a ∈ Σ

r ::= ∅ | ε | a | r1r2 | r1 + r2 | r∗

21

22 CHAPTER 2. AUTOMATA CLASSES AND CONVERSIONS

The set of all regular expressions over Σ is written RE(Σ). The language L (r) ⊆ Σ∗ of a regularexpression r ∈ RE(Σ) is defined inductively by

L (∅) = ∅ L (r1r2) = L (r1) · L (r2) L (r∗) = L (r)∗

L (ε) = ε L (r1 + r2) = L (r1) ∪ L (r2)L (a) = a

A language L is regular if there is a regular expression r such that L = L (r).

We often abuse language, and identify a regular expression and its language. For instance, whenthere is no risk of confusion we write “the language r” instead of “the language L (r).”

Example 2.2 Let Σ = 0, 1. Some examples of languages expressible by regular expressions are:

• The set of all words: (0 + 1)∗. We often use Σ as an abbreviation of (0 + 1), and so Σ∗ as anabreviation of (0 + 1)∗.

• The set of all words of length at most 4: (0 + 1 + ε)4.

• The set of all words that begin and end with 0: 0Σ∗0.

• The set of all words containing at least one pair of 0s exactly 5 letters apart. Σ∗0Σ40Σ∗.

• The set of all words containing an even number of 0s:(1∗01∗01∗

)∗.• The set of all words containing an even number of 0s and an even number of 1s:

(00 + 11 +

(01 + 10)(00 + 11)∗(01 + 10))∗.

2.2 Automata classes

We briefly recapitulate the definitions of deterministic and nondeterministic finite automata, as wellas nondeterministic automata with ε-transitions and regular expressions.

2.2.1 Deterministic finite automata

From an operational point of view, a deterministic automaton can be seen as the control unit of amachine that reads input from a tape divided into cells by means of a reading head (see Figure2.1). Initially, the automaton is in the initial state, the tape contains the word to be read, and thereading head is positioned on the first cell of the tape, see Figure 2.1. At each step, the machinereads the content of the cell occupied by the reading head, updates the current state according tothe transition function, and advances the head one cell to the right. The machine accepts a word ifthe state reached after reading it completely is final.

2.2. AUTOMATA CLASSES 23

...b a n a n a n o n a

q7

Figure 2.1: Tape with reading head.

Definition 2.3 A deterministic automaton (DA) is a tuple A = (Q,Σ, δ, q0, F), where

• Q is a nonempty set of states,

• Σ is an alphabet,

• δ : Q × Σ→ Q is a transition function,

• q0 ∈ Q is the initial state, and

• F ⊆ Q is the set of final states.

A run of A on input a0a1 . . . an−1 is a sequence q0a0−−−→ q1

a1−−−→ q2 . . .

an−1−−−−→ qn, such that qi ∈ Q for

0 ≤ i ≤ n, and δ(qi, ai) = qi+1 for 0 ≤ i < n − 1. A run is accepting if qn ∈ F. The automaton Aaccepts a word w ∈ Σ∗ if it has an accepting run on input w. The language recognized by A is theset L (A) = w ∈ Σ∗ | w is accepted by A.

A deterministic finite automaton (DFA) is a DA with a finite set of states.

Notice that a DA has exactly one run on a given word. Given a DA, we often say “the word wleads from q0 to q”, meaning that the unique run of the DA on the word w ends at the state q.

Graphically, non-final states of a DFA are represented by circles, and final states by doublecircles (see the example below). The transition function is represented by labeled directed edges:if δ(q, a) = q′ then we draw an edge from q to q′ labeled by a. We also draw an edge into the initialstate.

Example 2.4 Figure 2.2 shows the graphical representation of the DFA A = (Q,Σ, δ, q0, F), whereQ = q0, q1, q2, q3, Σ = a, b, F = q0, and δ is given by the following table

δ(q0, a) = q1 δ(q1, a) = q0 δ(q2, a) = q3 δ(q3, a) = q2δ(q0, b) = q3 δ(q1, b) = q2 δ(q2, b) = q1 δ(q3, b) = q0

The runs of A on aabb and abbb are

q0a−−→ q1

a−−→ q0

b−−→ q3

b−−→ q0

q0a−−→ q1

b−−→ q2

b−−→ q1

b−−→ q2


The first one is accepting, but the second one is not. The DFA recognizes the language of all wordsover the alphabet a, b that contain an even number of a’s and an even number of b’s. The DFA isin the states on the left, respectively on the right, if it has read an even, respectively an odd, numberof a’s. Similarly, it is in the states at the top, respectively at the bottom, if it has read an even,respectively an odd, number of b’s.

a

a

b b

a

bb

a

q0 q1

q3 q2

Figure 2.2: A DFA

Trap states. Consider the DFA of Figure 2.3 over the alphabet a, b, c. The automaton recog-nizes the language ab, ba. The pink state on the right is often called a trap state or a garbagecollector: if a run reaches this state, it gets trapped in it, and so the run cannot be accepting. DFAsoften have a trap state with many ingoing transitions, and this makes difficult to find a nice graph-ical representation. So when drawing DFAs we often omit the trap state. For instance, we onlydraw the black part of the automaton in Figure 2.3. Notice that no information is lost: if a state qhas no outgoing transition labeled by a, then we know that δ(q, a) = qt, where qt is the trap state.

a, b, c

c

a, c

ba

ab

b, c

a, b, c

Figure 2.3: A DFA with a trap state


Using DFAs as data structures

In this book we look at DFAs as a data structure. A DFA is a finite representation of a possiblyinfinite language. In applications, a suitable encoding is used to represent objects (numbers, pro-grams, relations, tuples . . . ) as words, and so a DFA actually represents a possibly infinite set ofobjects. Here are four examples of DFAs representing interesting sets.

Example 2.5 The DFA of Figure 2.4 (drawn without the trap state!) recognizes the strings over thealphabet −, · , 0, 1, . . . , 9 that encode real numbers with a finite decimal part. We wish to exclude002, −0, or 3.10000000, but accept 37, 10.503, or −0.234 as correct encodings. A description ofthe strings in English is rather long: a string encoding a number consists of an integer part, followedby a possibly empty fractional part; the integer part consists of an optional minus sign, followed bya nonempty sequence of digits; if the first digit of this sequence is 0, then the sequence itself is 0;if the fractional part is nonempty, then it starts with ., followed by a nonempty sequence of digitsthat does not end with 0; if the integer part is −0, then the fractional part is nonempty.

0

·

− ·

1, . . . , 9

1, . . . , 9

· 00, . . . , 9

1, . . . , 9

0

0

1, . . . , 9

Figure 2.4: A DFA for decimal numbers

Example 2.6 The DFA of Figure 2.5 recognizes the binary encodings of all the multiples of 3. Forinstance, it recognizes 11, 110, 1001, and 1100, which are the binary encodings of 3, 6, 9, and 12,respectively, but not, say, 10 or 111.

Example 2.7 The DFA of Figure 2.6 recognizes all the nonnegative integer solutions of the in-equation 2x − y ≤ 2, using the following encoding. The alphabet of the DFA has four letters,namely [

00

],

[01

],

[10

], and

[11

].


0 1

1 0

1 0

Figure 2.5: A DFA for the multiples of 3 in binary

A word like [10

] [01

] [10

] [10

] [01

] [01

]encodes a pair of numbers, given by the top and bottom rows, 101100 and 010011. The binaryencodings start with the least significant bit, that is

101100 encodes 20 + 22 + 23 = 13, and010011 encodes 21 + 24 + 25 = 50

We see this as an encoding of the valuation (x, y) := (13, 50). This valuation satisfies the inequation,and indeed the word is accepted by the DFA.

[10

],

[11

]

[10

] [11

]

[01

][00

],

[01

]

[10

],

[11

]

[10

]

[00

] [01

]

[00

],

[01

]

[10

] [00

],

[11

]

[00

],

[11

] [01

]

Figure 2.6: A DFA for the solutions of 2x − y ≤ 2.

Example 2.8 Consider the following program with two boolean variables x, y:

1 while x = 1 do2 if y = 1 then3 x← 04 y← 1 − x5 end


A configuration of the program is a triple [`, nx, ny], where ` ∈ 1, 2, 3, 4, 5 is the current value ofthe program counter, and nx, ny ∈ 0, 1 are the current values of x and y. The initial configurationsare [1, 0, 0], [1, 0, 1], [1, 1, 0], [1, 1, 1], i.e., all configurations in which control is at line 1. The DFAof Figure 2.7 recognizes all reachable configurations of the program. For instance, the DFA accepts[5, 0, 1], indicating that it is possible to reach the last line of the program with values x = 0, y = 1.

1

0

2

5

4

3

1

1

0

0, 1

1

0, 11

0

Figure 2.7: A DFA for the reachable configurations of the program of Example 2.8

2.2.2 Non-deterministic finite automata

In a deterministic automaton the next state is completely determined by the current state and theletter read by the head. In particular, this implies that the automaton has exactly one run for eachword. Nondeterministic automata have the possibility to choose the state out of a set of candidates(which may also be empty), and so they may have zero, one, or many runs on the same word. Theautomaton is said to accept a word if at least one of these runs is accepting.

Definition 2.9 A non-deterministic automaton (NA) is a tuple A = (Q,Σ, δ,Q0, F), where Q, Σ,and F are as for DAs, Q0 is a nonempty set of initial states and

• δ : Q × Σ→ P(Q) is a transition relation.

A run of A on input a0a1 . . . an is a sequence p0a0−−−→ p1

a1−−−→ p2 . . .

an−1−−−−→ pn, such that pi ∈ Q for

0 ≤ i ≤ n, p0 ∈ Q0, and pi+1 ∈ δ(pi, ai) for 0 ≤ i < n − 1. A run is accepting if pn ∈ F.A word w ∈ Σ∗ is accepted by A if at least one run of A on w is accepting. The language

recognized by A is the set w ∈ Σ∗L (A) = w ∈ Σ∗ | w is accepted by A.A nondeterministic finite automaton (NFA) is a NA with a finite set of states.

We often identify the transition function δ of a DA with the set of triples (q, a, q′) such that q′ =

δ(q, a), and the transition relation δ of a NFA with the set of triples (q, a, q′) such that q′ ∈ δ(q, a);so we often write (q, a, q′) ∈ δ, meaning q′ = δ(q, a) for a DA, or q′ ∈ δ(q, a) for a NA.


If a NA has several initial states, then its language is the union of the sets of words accepted byruns starting at each initial state.

Example 2.10 Figure 2.8 shows a NFA A = (Q,Σ, δ,Q0, F) where Q = q0, q1, q2, q3, Σ = a, b,Q0 = q0, F = q3, and the transition relation δ is given by the following table

δ(q0, a) = q1 δ(q1, a) = q1 δ(q2, a) = ∅ δ(q3, a) = q3

δ(q0, b) = ∅ δ(q1, b) = q1, q2 δ(q2, b) = q3 δ(q3, b) = q3

A has no run for any word starting with a b. It has exactly one run for abb, and four runs for abbb,namely

q0a−−→ q1

b−−→ q1

b−−→ q1

b−−→ q1 q0

a−−→ q1

b−−→ q1

b−−→ q1

b−−→ q2

q0a−−→ q1

b−−→ q1

b−−→ q2

b−−→ q3 q0

a−−→ q1

b−−→ q2

b−−→ q3

b−−→ q3

Two of these runs are accepting, the other two are not. L (A) is the set of words that start with aand contain two consecutive bs.

a b b

a, b

q0 q1 q2 q3

a, b

Figure 2.8: A NFA.

After a DA reads a word, we know if it belongs to the language or not. This is no longerthe case for NAs: if the run on the word is not accepting, we do not know anything; there mightbe a different run leading to a final state. So NAs are not very useful as language acceptors.However, they are very important. From the operational point of view, it is often easier to find aNFA for a given language than to find a DFA, and, as we will see later in this chapter, NFAs canbe automatically transformed into DFAs. From a data structure point of view, there are two furtherreasons to study NAs. First, many sets can be represented far more compactly as NFAs than asDFAs. So using NFAs may save memory. Second, and more importantly, when we describe DFA-and NFA-implementations of operations on sets and relations in Chapters 4 and Chapter 6 , wewill see that one of them takes as input a DFA and returns a NFA. Therefore, NFAs are not onlyconvenient, but also necessary to obtain a data structure implementing all operations.

2.2.3 Non-deterministic finite automata with ε-transitions

The state of an NA can only change by reading a letter. NAs with ε-transitions can also changetheir state “spontaneously”, by executing an “internal” transition without reading any input. Toemphasize this we label these transitions with the empty word ε (see Figure 2.9).


ε ε

0 1 2

Figure 2.9: A NFA-ε.

Definition 2.11 A non-deterministic automaton with ε-transitions (NA-ε) is a tuple A = (Q,Σ, δ,Q0, F),where Q, Σ, Q0, and F are as for NAs and

• δ : Q × (Σ ∪ ε)→ P(Q) is a transition relation.

The runs and accepting runs of NA-ε are defined as for NAs. A accepts a word a1 . . . an ∈ Σ∗ ifthere exist numbers k0, k1, . . . , kn ≥ 0 such that A has an accepting run on the word

εk0a1εk1 . . . εkn−1anε

kn ∈ (Σ ∪ ε)∗ .

A nondeterministic finite automaton with ε-transitions (NFA-ε) is a NA-ε with a finite set ofstates.

Notice that the number of runs of a NA-ε on a word may be infinite. This is the case when somecycle of the NA-ε only contains ε-transitions, and some final state is reachable from the cycle.

NA-ε are useful as intermediate representation. In particular, later in this chapter we automati-cally transform a regular expresion into a NFA in two steps; first we translate the expression into aNFA-ε, and then we translate the NFA-ε into a NFA.

2.2.4 Non-deterministic finite automata with regular expressions

We generalize NA-ε even further. Both letters and ε are instances of regular expressions. Now weallow arbitrary regular expressions as transition labels (see Figure 2.10).

c

ε ε d

b∗a∗

Figure 2.10: A NFA with transitions labeled by regular expressions.

A run leading to a final state accepts all the words of the regular expression obtained by con-catenating all the labels of the transitions of the run into one single regular expression. We call these


automata NA-reg. They are very useful to formulate conversion algorithms between automata andregular expressions, because they generalize both. Indeed, a regular expression can be seen as anautomaton with only one transition leading from the initial state to a final state, and labeled by theregular expression.

Definition 2.12 A non-deterministic automaton with regular expression transitions (NA-reg) is atuple A = (Q,Σ, δ,Q0, F), where Q, Σ, Q0, and F are as for NAs, and where

• δ : Q × RE(Σ) → P(Q) is a relation such that δ(q, r) = ∅ for all but a finite number of pairs(q, r) ∈ Q × RE(Σ).

Accepting runs are defined as for NAs. A accepts a word w ∈ Σ∗ if A has an accepting run onr1 . . . rk such that w = L (r1) · . . . · L (rk).

A nondeterministic finite automaton with regular expression transitions (NFA-reg) is a NA-regwith a finite set of states.

2.2.5 A normal form for automata

For any of the automata classes we have introduced, if a state is not reachable from any initialstate, then removing it does not change the language accepted by the automaton. We say that anautomaton is in normal form if every state is reachable from initial ones.

Definition 2.13 Let A = (Q,Σ, δ,Q0, F) be an automaton. A state q ∈ Q is reachable from q′ ∈ Qif q = q′ or if there exists a run q′

a1−−−→ . . .

an−−−→ q on some input a1 . . . an ∈ Σ∗. A is in normal form

if every state is reachable from some initial state.

Obviously, for every automaton there is an equivalent automaton of the same kind in normal form.In this book we follow this convention:

Convention: Unless otherwise stated, we assume that automata are in normal form.In particular, we assume that if an automaton is an input to an algorithm, then theautomaton is in normal form. If the output of an algorithm is an automaton, then thealgorithm is expected to produce an automaton in normal form. This condition is aproof obligation when showing that the algorithm is correct.

2.3 Conversion Algorithms between Finite Automata

We show that all our data structures can represent exactly the same languages. Since DFAs are aspecial case of NFA, which are a special case of NFA-ε, it suffices to show that every languagerecognized by an NFA-ε can also be recognized by an NFA, and every language recognized by anNFA can also be recognized by a DFA.

2.3. CONVERSION ALGORITHMS BETWEEN FINITE AUTOMATA 31

2.3.1 From NFA to DFA.

The powerset construction transforms an NFA A into a DFA B recognizing the same language. Wefirst give an informal idea of the construction. Recall that a NFA may have many different runs ona word w, possibly leading to different states, while a DFA has exactly one run on w. Denote byQw the set of states q such that some run of A on w leads from some initial state to q. Intuitively, B“keeps track” of the set Qw: its states are sets of states of A, with Q0 as initial state (A starts at someinitial state), and its transition function is defined to ensure that the run of B on w leads from Q0 toQw (see below). It is then easy to ensure that A and B recognize the same language: it suffices tochoose the final states of B as the sets of states of A containing at least one final state, because forevery word w:

B accepts wiff Qw is a final state of Biff Qw contains at least a final state of Aiff some run of A on w leads to a final state of Aiff A accepts w.

Let us now define the transition function of B, say ∆. “Keeping track of the set Qw” amounts tosatisfying ∆(Qw, a) = Qwa for every word w. But we have Qwa =

⋃q∈Qw δ(q, a), and so we define

∆(Q′, a) =⋃q∈Q′

δ(q, a)

for every Q′ ⊆ Q. Notice that we may have Q′ = ∅; in this case, ∅ is a state of B, and, since∆(∅, a) = ∅ for every a ∈ ∆, a “trap” state.

Summarizing, given A = (Q,Σ, δ,Q0, F) we define the DFA B = (Q,Σ,∆, q0,F) as follows:

• Q = P(Q);

• ∆(Q′, a) =⋃q∈Q′

δ(q, a) for every Q′ ⊆ Q and every a ∈ Σ;

• q0 = Q0; and

• F = Q′ ∈ Q | Q′ ∩ F , ∅.

Notice, however, that B may not be in normal form: it may have many states non-reachablefrom Q0. For instance, assume A happens to be a DFA with states q0, . . . , qn−1. Then B has 2n

states, but only the singletons q0, . . . , qn−1 are reachable. The following conversion algorithmconstructs only the reachable states.


NFAtoDFA(A)Input: NFA A = (Q,Σ, δ,Q0, F)Output: DFA B = (Q,Σ,∆, q0,F) with L (B) = L (A)

1 Q,∆,F ← ∅; q0 ← Q0

2 W = Q0

3 while W , ∅ do4 pick Q′ from W

5 add Q′ to Q

6 if Q′ ∩ F , ∅ then add Q′ to F

7 for all a ∈ Σ do8 Q′′ ←

⋃q∈Q′

δ(q, a)

9 if Q′′ < Q then add Q′′ to W

10 add (Q′, a,Q′′) to ∆

The algorithm is written in pseudocode, with abstract sets as data structure. Like nearly all thealgorithms presented in the next chapters, it is a workset algorithm. Workset algorithms maintaina set of objects, the workset, waiting to be processed. Like in mathematical sets, the elements ofthe workset are not ordered, and the workset contains at most one copy of an element (i.e., if anelement already in the workset is added to it again, the workset does not change). For most of thealgorithms in this book, the workset can be implemented as a hash table.

In NFAtoDFA() the workset is called W, in other algorithms just W (we use a calligraphic fontto emphasize that in this case the objects of the workset are sets). Workset algorithms repeatedlypick an object from the workset (instruction pick Q from W), and process it. Picking an objectremoves it from the workset. Processing an object may generate new objects that are added to theworkset. The algorithm terminates when the workset is empty. Since objects removed from thelist may generate new objects, workset algorithms may potentially fail to terminate. Even if the setof all objects is finite, the algorithm may not terminate because an object is added to and removedfrom the workset infinitely many times. Termination is guaranteed by making sure that no objectthat has been removed from the workset once is ever added to it again. For this, objects picked fromthe workset are stored (in NFAtoDFA() they are stored in Q), and objects are added to the worksetonly if they have not been stored yet.

Figure 2.11 shows an NFA at the top, and some snapshots of the run of NFAtoDFA() on it. Thestates of the DFA are labelled with the corresponding sets of states of the NFA. The algorithm picksstates from the workset in order 1, 1, 2, 1, 3, 1, 4, 1, 2, 4. Snapshots (a)-(d) are taken rightafter it picks the states 1, 2, 1, 3, 1, 4, and 1, 2, 4, respectively. Snapshot (e) is taken at theend. Notice that out of the 24 = 16 subsets of states of the NFA only 5 are constructed, because therest are not reachable from 1.

Complexity. If A has n states, then the output of NFAtoDFA(A) can have up to 2n states. To showthat this bound is essentially reachable, consider the family Lnn≥1 of languages over Σ = a, b


a

1 1, 2b

b

1, 3

a

1, 4 1, 2, 4ba

a

1 1, 2b

b

1, 3

a

1, 4 1, 2, 4ba

ba

a

1 1, 2b

b

1, 3

a

a

1 1, 2b

b

1, 3

a

1, 4 1, 2, 4a

ba

a

b

b

a

1 1, 2b

b

1 2 3 4b a

a, b

a, b

(b)(a)

(c) (d)

(e)

Figure 2.11: Conversion of a NFA into a DFA.


given by Ln = (a + b)∗a(a + b)(n−1). That is, Ln contains the words of length at least n whose n-thletter starting from the end is an a. The language Ln is accepted by the NFA with n+1 states shownin Figure 2.12(a): intuitively, the automaton chooses one of the a’s in the input word, and checksthat it is followed by exactly n − 1 letters before the word ends. Applying the subset construction,however, yields a DFA with 2n states. The DFA for L3 is shown on the left of Figure 2.12(b). Thestates of the DFA have a natural interpretation: they “store” the last n letters read by the automaton.If the DFA is in the state storing a1a2 . . . an and it reads the letter an+1, then it moves to the statestoring a2 . . . an+1. States are final if the first letter they store is an a. The interpreted version of theDFA is shown on right of Figure 2.12(b).

We can also easily prove that any DFA recognizing Ln must have at least 2n states. Assumethere is a DFA An = (Q,Σ, δ, q0, F) such that |Q| < 2n and L (An) = Ln. We can extend δ toa mapping δ : Q × a, b∗ → Q, where δ(q, ε) = q and δ(q,wσ) = δ(δ(q,w), σ) for all w ∈ Σ∗

and for all σ ∈ Σ. Since |Q| < 2n, there must be two words u a v1 and u b v2 of length n forwhich δ(q0, u a v1) = δ(q0, u b v2). But then we would have that δ(q0, u a v1 u) = δ(q0, u b v2 u);that is, either both u a v1 u and u b v2 u are accepted by An or neither do. Since, however, |a v1 u| =|b v2 u| = n, this contradicts the assumption that An consists of exactly the words with an a at then-th position from the end.

2.3.2 From NFA-ε to NFA.

Let A be a NFA-ε over an alphabet Σ. In this section we use a to denote an element of Σ, and α, βto denote elements of Σ ∪ ε.

Loosely speaking, the conversion first adds to A new transitions that make all ε-transitionsredundant, without changing the recognized language: every word accepted by A before adding thenew transitions is accepted after adding them by a run without ε-transitions. The conversion thenremoves all ε-transitions, delivering an NFA that recognizes the same language as A.

The new transitions are shortcuts: If A has transitions (q, α, q′) and (q′, β, q′′) such that α = ε

or β = ε, then the shortcut (q, αβ, q′′) is added. (Notice that either αβ = a for some a ∈ Σ, orαβ = ε.) Shortcuts may generate further shortcuts: for instance, if αβ = a and A has a furthertransition (q′′, ε, q′′′), then a new shortcut (q, a, q′′′) is added. We call the process of adding allpossible shortcuts saturation. Obviously, saturation does not change the language of A. If A has arun accepting a nonempty word before saturation, for example

q0ε−−→ q1

ε−−→ q2

a−−→ q3

ε−−→ q4

b−−→ q5

ε−−→ q6

then after saturation it has a run accepting the same word, and visiting no ε-transitions, namely

q0a−−→ q4

b−−→ q6 .

However, removing ε-transitions immediately after saturation may not preserve the language.The NFA-ε of Figure 2.13(a) accepts ε. After saturation we get the NFA-ε of Figure 2.13(b).Removing all ε-transitions yields an NFA that no longer accepts ε. To solve this problem, if A


...1 2 n + 1

a, b

a a, bn

a, ba, b

(a) NFA for Ln.

bbb

babbba

baa

a

a

aab

a

a a

a

b

b

b b

aba

aaa

a

b

b

abb1

1, 31, 2

1, 2, 3

a

a

1, 3, 4

a

a a

a

b

b

b b

1, 2, 4

1, 2, 3, 4

a

b

b

1, 4

b b

a

b b

a

(b) DFA for L3 and interpretation.

Figure 2.12: NFA for Ln, and DFA for L3.


ε ε

0 1 2

(a) NFA-ε accepting L (0∗1∗2∗)

ε ε

0 1 2

1, 20, 1

0, 1, 2

(b) After saturation

0 1 2

0, 1 1, 2

0, 1, 2

(c) After marking the initial state and final and removing all ε-transitions.

Figure 2.13: Conversion of an NFA-ε into an NFA by shortcutting ε-transitions.

accepts ε from some initial state, then we mark that state as final, which clearly does not changethe language. To decide whether A accepts ε, we check if some state reachable from some initialstate by a sequence of ε-transitions is final. Figure 2.13(c) shows the final result. Notice that,in general, after removing ε-transitions the automaton may not be in normal form, because somestates may no longer be reachable. So the naıve procedure runs in four phases: saturation, ε-check,removal of all ε-transitions, and normalization.

We show that it is possible to carry all four steps in a single pass. We present a worksetalgorithm NFAεtoNFA that carries the ε-check while saturating, and generates only the reachablestates. Furthermore, the algorithm avoids constructing some redundant shortcuts. For instance, forthe NFA-ε of Figure 2.13(a) the algorithm does not construct the transition labeled by 2 leadingfrom the state in the middle to the state on the right. the pseudocode for the algorithm is as follows,where α, β ∈ Σ ∪ ε, and a ∈ Σ.


NFAεtoNFA(A)Input: NFA-ε A = (Q,Σ, δ,Q0, F)Output: NFA B = (Q′,Σ, δ′,Q′0, F

′) with L (B) = L (A)1 Q′0 ← Q0

2 Q′ ← Q0; δ′ ← ∅; F′ ← F ∩ Q0

3 δ′′ ← ∅; W ← (q, α, q′) ∈ δ | q ∈ Q0

4 while W , ∅ do5 pick (q1, α, q2) from W6 if α , ε then7 add q2 to Q′; add (q1, α, q2) to δ′; if q2 ∈ F then add q2 to F′

8 for all q3 ∈ δ(q2, ε) do9 if (q1, α, q3) < δ′ then add (q1, α, q3) to W

10 for all a ∈ Σ, q3 ∈ δ(q2, a) do11 if (q2, a, q3) < δ′ then add (q2, a, q3) to W12 else / ∗ α = ε ∗ /

13 add (q1, α, q2) to δ′′; if q2 ∈ F then add q1 to F′

14 for all β ∈ Σ ∪ ε, q3 ∈ δ(q2, β) do15 if (q1, β, q3) < δ′ ∪ δ′′ then add (q1, β, q3) to W

The correctness proof is conceptually easy, but the different cases require some care, and so wedevote a proposition to it.

Proposition 2.14 Let A be a NFA-ε, and let B = NFAεtoNFA(A). Then B is a NFA and L (A) =

L (B).

Proof: To show that the algorithm terminates, observe that every transition that leaves W is neveradded to W again: when a transition (q1, α, q2) leaves W it is added to either δ′ or δ′′, and atransition enters W only if it does not belong to either δ′ or δ′′. Since every execution of the whileloop removes a transition from the workset, the algorithm eventually exits the loop.

To show that B is a NFA we have to prove that it only has non-ε transitions, and that it is innormal form, i.e., that every state of Q′ is reachable from some state of Q′0 = Q0 in B. For thefirst part, observe that transitions are only added to δ′ in line 7, and none of them is an ε-transitionbecause of the guard in line 6. For the second part, we need the following invariant, which can beeasily proved by inspection: for every transition (q1, α, q2) added to W, if α = ε then q1 ∈ Q0, andif α , ε, then q2 is reachable in B (after termination). Since new states are added to Q′ only at line7, applying the invariant we get that every state of Q′ is reachable in B from some state in Q0.

It remains to prove L (A) = L (B). The inclusion L (A) ⊇ L (B) follows from the fact that everytransition added to δ′ is a shortcut, which is shown by inspection. For the inclusion L (A) ⊆ L (B),we first claim that ε ∈ L (A) implies ε ∈ L (B). Let q0

ε−−→ q1 . . . qn−1

ε−−→ qn be a run of A such that

qn ∈ F. If n = 0 (i.e., qn = q0), then we are done. If n > 0, then we prove by induction on n that a


transition (q0, ε, qn) is eventually added to W (and so eventually picked from it), which implies thatq0 is eventually added to F′ at line 13. If n = 1, then (q0, ε, qn) is added to W at line 3. If n > 1,then by hypothesis (q0, ε, qn−1) is eventually added to W, picked from it at some later point, and so(q0, ε, qn) is added to W at line 15, ad teh claim is proved. We now show that for every w ∈ Σ+ , ifw ∈ L (A) then w ∈ L (B). Let w = a1a2 . . . an with n ≥ 1. Then A has a run

q0ε−−→ . . .

ε−−→ qm1

a1−−−→ qm1+1

ε−−→ . . .

ε−−→ qmn

an−−−→ qmn+1

ε−−→ . . .

ε−−→ qm

such that qm ∈ F. We have just proved that a transition (q0, ε, qm1) is eventually added to W. So(q0, a1, qm1+1) is eventually added at line 15, (q0, a1, qm+2), . . . , (q0, a1, qm2) are eventually added atline 9, and (qm2 , a2, qm2+1) is eventually added at line 11. Iterating this argument, we obtain that

q0a1−−−→ qm2

a2−−−→ qm3 . . . qmn

an−−−→ qm

is a run of B. Moreover, qm is added to F′ at line 7, and so w ∈ L (B).

Complexity. Observe that the algorithm processes pairs of transitions (q1, α, q2), (q2, β, q3),where (q1, α, q2) comes from W and (q2, β, q3) from δ (lines 8, 10, 14). Since every transitionis removed from W at most once, the algorithm processes at most |Q| · |Σ| · |δ| pairs (because fora fixed transition (q2, β, q3) ∈ δ there are |Q| possibilities for q1 and |Σ| possibilities for α). Theruntime is dominated by the processing of the pairs, and so it is O(|Q| · |Σ| · |δ|).

2.4 Conversion algorithms between regular expressions and automata

To convert regular expressions to automata and vice versa we use NFA-regs as introduced in Def-inition 2.12. Both NFA-ε’s and regular expressions can be seen as subclasses of NFA-regs: anNFA-ε is an NFA-reg whose transitions are labeled by letters or by ε, and a regular expression r“is” the NFA-reg Ar having two states, the one initial and the other final, and a single transitionlabeled r leading from the initial to the final state.

We present algorithms that, given an NFA-reg belonging to one of this subclasses, produces asequence of NFA-regs, each one recognizing the same language as its predecessor in the sequence,and ending in an NFA-reg of the other subclass.

2.4.1 From regular expressions to NFA-ε

Given a regular expression s over alphabet Σ, it is convenient to do some preprocessing by exhaus-tively applying the following rewrite rules:

∅ · r ∅ r · ∅ ∅

r + ∅ r ∅ + r r∅∗ ε

2.4. CONVERSION ALGORITHMS BETWEEN REGULAR EXPRESSIONS AND AUTOMATA39

Since the left- and right-hand-sides of each rule denote the same language, the regular expressionsbefore and after preprocessing denote the same language. Moreover, if r is the resulting regularexpression, then either r = ∅, or r does not contain any occurrence of the ∅ symbol. In the first case,we can directly produce an NFA-ε. In the second, we transform the NFA-reg Ar into an equivalentNFA-ε by exhaustively applying the transformation rules of Figure 2.14.

r1r2 r1 r2

Rule for concatenation

r1

r2

r1 + r2

Rule for choicer

r∗

εε

Rule for Kleene iteration

Figure 2.14: Rules converting a regular expression given as NFA-reg into an NFA-ε.

It is easy to see that each rule preserves the recognized language (i.e., the NFA-regs before andafter the application of the rule recognize the same language). Moreover, since each rule splits aregular expression into its constituents, we eventually reach an NFA-reg to which no rule can beapplied. Furthermore, since the initial regular expression does not contain any occurrence of the ∅symbol, this NFA-reg is necessarily an NFA-ε.

The two ε-transitions of the rule for Kleene iteration guarantee that the automata before andafter applying the rule are equivalent, even if the source and target states of the transition labeled byr? have other incoming or outgoing transitions. If the source state has no other outgoing transitions,then we can omit the first ε-transition. If the target state has no other incoming transitions, then wecan omit the second.

Example 2.15 Consider the regular expression (a∗b∗ + c)∗d. The result of applying the transfor-mation rules is shown in Figure 2.15 on page 40.


ε

a∗b∗ + c

dε

ε

a∗b∗

c

ε d

c

ε ε d

a b

εε

ε ε

(a∗b∗ + c)∗d

d(a∗b∗ + c)∗

c

ε ε d

b∗a∗

Figure 2.15: The result of converting (a∗b∗ + c)∗d into an NFA-ε.


Complexity. It follows immediately from the rules that the final NFA-ε has the two states of Ar

plus one state for each occurrence of the concatenation or the Kleene iteration operators in r. Thenumber of transitions is linear in the number of symbols of r. The conversion runs in linear time.

2.4.2 From NFA-ε to regular expressions

Given an NFA-ε A, we transform it into an equivalent NFA-reg Ar with two states and one singletransition, labeled by a regular expression r. It is again convenient to apply some preprocessing toguarantee that the NFA-ε has a single initial state without incoming transitions, and a single finalstate without outgoing transitions:

• If A has more than one initial state, or some initial state has an incoming transition, then:Add a new initial state q0, add ε-transitions leading from q0 to each initial state, and replacethe set of initial states by q0.

• If A has more than one final state, or some final state has an outgoing transition, then: Add anew state q f , add ε-transitions leading from each final state to q f , and replace the set of finalstates by q f .

...ε

ε

...q0 ε

ε

... ... q f

Rule 1: Preprocessing

After preprocessing, the algorithm runs in phases. Each phase consist of two steps. The first stepyields an automaton with at most one transition between any two given states:

• Repeat exhaustively: replace a pair of transitions (q, r1, q′), (q, r2, q′) by a single transition(q, r1 + r2, q′).

r1 + r2

r2

r1

Rule 2: At most one transition between two states

The second step reduces the number of states by one, unless the only states left are the initial andfinal ones.


• Pick a non-final and non-initial state q, and shortcut it: If q has a self-loop (q, r, q)1, replaceeach pair of transitions (q′, s, q), (q, t, q′′), where q′ , q , q′′, but possibly q′ = q′′, by ashortcut (q′, sr∗t, q′′). Otherwise, replace it by the shortcut (q′, st, q′′). After shortcutting allpairs, remove q.

. . . . . .. . .

s

. . .

r1s∗s1

r1s∗sm

rns∗s1

rns∗sm

rn sm

s1r1

Rule 3: Removing a state

Salomon: Rename s1,... sm to t1, ... tm. At the end of the last phase we are left with a NFA-reg having exactly two states, the unique initial

state q0 and the unique final state q f . Moreover, q0 has no incoming transitions and q f has nooutgoing transitions, because it was initially so and the application of the rules cannot change it.After applying Rule 2 exhaustively, there is exactly one transition from q0 to q f . The completealgorithm is:

NFAtoRE(A)Input: NFA-ε A = (Q,Σ, δ,Q0, F)Output: regular expression r with L (r) = L (A)

1 apply Rule 1;2 let q0 and q f be the initial and final states of A;3 while Q \ q0, q f , ∅ do4 apply exhaustively Rule 25 pick q from Q \ q0, q f

6 apply Rule 3 to q7 apply exhaustively Rule 28 return the label of the (unique) transition

Example 2.16 Consider the automaton of Figure 2.16(a) on page 43. Parts (b) to(f) of the figureshow some snapshots of the run of NFAtoRE() on this automaton. Snapshot (b) is taken right afterapplying Rule 1. Snapshots (c) to (e) are taken after each execution of the body of the while loop.Snapshot (f) shows the final result.

1Notice that it can have at most one, because otherwise we would have two parallel edges, contradicting that Rule 2was applied axhaustively.


(a)

(c)

(b)

(d)

(e) (f)

bb

a

a

bb

a

a

aa

bb

ab

ba

aa

a

bb

aa

a

bb

a

a

a

a

aa

aa + bb

aa + bbba + ab

ab + ba

εε

b b

ε

εε

εε

ε

aa + bb +

(ab + ba)(aa + bb)∗(ba + ab) ( aa + bb +

(ab + ba)(aa + bb)∗(ba + ab) )∗

Figure 2.16: Run of NFA-εtoRE() on a DFA


Complexity. The complexity of this algorithm depends on the data structure used to store regularexpressions. If regular expresions are stored as strings or trees (following the syntax tree of theexpression), then the complexity can be exponential. To see this, consider for each n ≥ 1 the NFAA = (Q,Σ, δ,Q0, F) where

Q = q0, . . . , qn−1

Σ = ai j | 0 ≤ i, j ≤ n − 1

Q0 = Q

δ = (qi, ai j, q j) | 0 ≤ i, j ≤ n − 1

F = QSalomon: Drop ?

By symmetry, the runtime of the algorithm is independent of the order in which states areeliminated. Consider the order q1, q2, . . . , qn−1. It is easy to see that after eliminating the stateqi the NFA-reg contains some transitions labeled by regular expressions with 3i occurrences ofletters. The exponental blowup cannot be avoided: It can be shown that every regular expressionrecognizing the same language as A contains at least 2(n−1) occurrences of letters.

If regular expressions are stored as acyclic directed graphs by sharing common subexpressionsin the syntax tree, then the algorithm works in polynomial time, because the label for a new transi-tion is obtained by concatenating or starring already computed labels.

2.5 A Tour of Conversions

We present an example illustrating all conversions of this chapter. We start with the DFA of Figure2.16(a) recognizing the words over a, b with an even number of a’s and an even number of b’s.The figure converts it into a regular expression. Now we convert this expression into a NFA-ε:Figure 2.17 on page 45 shows four snapshots of the process of applying rules 1 to 4.

In the next step we convert the NFA-ε into an NFA. The result is shown in Figure 2.18 on page46. Finally, we transform the NFA into a DFA by means of the subset construction. The result isshown in Figure 2.19 on page 46.

Observe that we do not go back to the DFA we started with, but to a different one recognizingthe same language. A last step allowing us to close the circle is presented in the next chapter.

2.5. A TOUR OF CONVERSIONS 45

(c) (d)

(a)

(b)

( aa + bb + (ab + ba)(aa + bb)∗(ab + ba) )∗

(ab + ba)(aa + bb)∗(ab + ba)

ε ε

aa bb

aa + bb

ε ε

bba

aε

bε

b

a

ε ε

ab + ba ab + ba b b

aab

a

aa b

ε ε

bba

a

Figure 2.17: Constructing a NFA-ε for (aa + bb + (ab + ba)(aa + bb)∗(ab + ba))∗


aa b b

a

a

b

b

b a

b

a

aa b

b

a b

bb

aa

a b

11 12

9

87

10

6

4

5

32

1

Figure 2.18: NFA for the NFA-ε of Figure 2.17(d)

3, 7

a

b

2, 6

a

a

a

aa

a

b

b

b

b b

b

4, 5

9, 12 8, 11

10

1

Figure 2.19: DFA for the NFA of Figure 2.18

Exercises

Exercise 1 Give a regular expression for the language of all words over Σ = a, b . . .

(a) . . . beginning and ending with the same letter.

(b) . . . having two occurrences of a at distance 3.


(c) . . . with no occurrence of the subword aa.

(d) . . . containing exactly two occurrences of aa.

(e) . . . that can be obtained from abaab by deleting letters.

Exercise 2 Prove that the language of the regular expression r = (a + ε)(b∗ + ba)∗ is the language A of all words over a, b that do not contain any occurrence of aa.

Exercise 3 Prove or disprove the following claim: the regular expressions (1 + 10)∗ and 1∗(101∗)∗ represent the same language.

Exercise 4 (Lazic)

(a) Prove that for every languages A and B the following holds: A ⊆ B =⇒ A∗ ⊆ B∗.

(b) Prove that the regular expressions ((a+ab)∗+b∗)∗ and Σ∗ represent the same language, whereΣ = a, b and where Σ∗ stands for (a + b)∗.

Exercise 5 (Inspired by P. Rossmanith) Give syntactic characterizations of the regular expressions r satisfying each of the following properties:

(a) L (r) = ∅,

(b) L (r) = ε,

(c) ε ∈ L (r),

(d) (L (r) = L (rr)) =⇒ (L (r) = L (r∗)).

Exercise 6 Use the solution to Exercise 5 to define inductively the boolean predicates IsEmpty(r), IsEpsilon(r) and HasEpsilon(r) defined over regular expressions as follows:

• IsEmpty(r)⇔ (L (r) = ∅);

• IsEpsilon(r)⇔ (L (r) = ε);

• HasEpsilon(r)⇔ (ε ∈ L (r)).

Exercise 7 Let us extend the syntax and semantics of regular expressions as follows. If r and s are regular expressions over Σ, then r and r ∩ s are also valid expressions, where L (r) = L (r)and L (r ∩ s) = L (r) ∩ L (s). We say that an extended regular expression is star-free if it does notcontain any occurrence of the Kleene star operation, e.g. expressions ab and (∅ab∅) ∩ (∅ba∅) arestar-free, but expression ab∗ is not.

A language L ⊆ Σ∗ is called star-free if there exists a star-free extended regular expression rsuch that L = L (r), e.g. Σ∗ is star-free, because Σ∗ = L

(∅). Show that the languages of the regular

expressions (a) (01)∗ and (b) (01 + 10)∗ are star-free.


Exercise 8 Let L ⊆ a, b∗ be the language described by the regular expression a∗b∗a∗a.

(a) Give an NFA-ε that accepts L.

(b) Give an NFA that accepts L.

(c) Give a DFA that accepts L.

Exercise 9 Let |w|σ denote the number of occurrences of letter σ in word w. For every k ≥ 2, letLk,σ = w ∈ a, b∗ | |w|σ mod k = 0.

(a) Give a DFA with k states that accepts Lk,σ.

(b) Show that any NFA accepting Lm,a ∩ Ln,b has at least m · n states.

(Hint: consider using the pigeonhole principle.)

Exercise 10 For every language L, let Lpref and Lsuff be respectively the languages of all prefixes ànd suffixes of words in L. For example, if L = abc, d then Lpref = abc, ab, a, ε, d and Lsuff =

abc, bc, c, ε, d.

(a) Given an NFA A, construct NFAs Apref and Asuff that recognize L (A)pref and L (A)suff .

(b) Let r = (ab + b)∗cd. Give a regular expression rpref such that that L(rpref

)= L (r)pref .

(c) More generally, give an algorithm that takes an arbitrary regular expression r as input, andreturns a regular expression rpref such that L

(rpref

)= L (r)pref .

Exercise 11 Consider the regular expression r = (a + ab)∗.3

(a) Convert r into an equivalent NFA-ε A.

(b) Convert A into an equivalent NFA B.

(c) Convert B into an equivalent DFA C.

(d) By inspection of C, give an equivalent minimal DFA D.

(e) Convert D into an equivalent regular expression r′.

(f) Prove formally that L (r) = L (r′).

Exercise 12 The reverse of a word w, denoted by wR, is defined as follows: εR = ε and (a1a2 · · · an)R =àn · · · a2a1. The reverse of a language L is the language LR = wR | w ∈ L.

(a) Give a regular expression for the reverse of ((a + ba)∗ba(a + b))∗ba.


(b) Give an algorithm that takes as input a regular expression r and returns a regular expressionrR such that L

(rR

)= L (r)R.

(c) Give an algorithm that takes an NFA A and returns an NFA AR such that L(AR

)= L (A)R.

(d) Does your construction in (c) work for DFAs? More precisely, does it preserve determinism?

Exercise 13 Prove or disprove: Every regular language is recognized by an NFA . . .

(a) . . . having one single initial state,

(b) . . . having one single final state,

(c) . . . whose initial states have no incoming transitions,

(d) . . . whose final states have no outgoing transitions,

(e) . . . all of the above,

(f) . . . whose states are all initial,

(g) . . . whose states are all final.

Which of the above hold for DFAs? Which ones for NFA-ε?

Exercise 14 Given a regular expression r, construct an NFA A that satisfies L (A) = L (r) and the following properties:

• initial states have no incoming transitions,

• accepting states have no outgoing transitions,

• all input transitions of a state (if any) carry the same label,

• all output transitions of a state (if any) carry the same label.

Apply your construction on r = (a(b + c))∗.

Exercise 15 Convert the following NFA-ε to an NFA using the algorithm NFAεtoNFA: 3

p

q

r

s

ε

ε

b

a

ε


Exercise 16 Prove that every finite language L, i.e. every language containing a finite number of words, is regular. Do so by defining a DFA that recognizes L.

Exercise 17 Let Σn = 1, 2, . . . , n, and let Ln be the set of all words w ∈ Σn such that at least oneletter of Σn does not appear in w. So, for instance, 1221, 32, 1111 ∈ L3 and 123, 2231 < L3.

(a) Give a NFA for Ln with O(n) states and transitions.

(b) Give a DFA for Ln with 2n states.

(c) Show that any DFA for Ln has at least 2n states.

(d) Which of (a), (b) and (c) still hold for Ln?

Exercise 18 Let Mn be the language of the regular expression (0+1)∗0(0+1)n−10(0+1)∗. These arethe words containing at least one pair of 0s at distance n. For example, 101101, 001001, 000000 ∈M3 and 101010, 000111, 011110 < M3.

(a) Give a NFA for Mn with O(n) states and transitions.

(b) Give a DFA for Mn with Ω(2n) states.

(c) Show that any DFA for Mn has at least 2n states.

Exercise 19 Recall that a nondeterministic automaton A accepts a word w if at least one of theruns of A on w is accepting. This is sometimes called the existential accepting condition. Considerthe variant in which A accepts w if all runs of A on w are accepting (in particular, if A has no run onw, then it trivially accepts w). This is called the universal accepting condition. Notice that a DFAaccepts the same language with both the existential and the universal accepting conditions.

Intuitively, we can imagine an automaton with universal accepting condition as executing allruns in parallel. After reading a word w, the automaton is simultaneously in all states reached byall runs labelled by w, and accepts if all those states are accepting.

Consider the language by Ln = ww : w ∈ 0, 1n.

(a) Give an automaton of size O(n) with universal accepting condition that recognizes Ln.

(b) Prove that every NFA (and so in particular every DFA) recognizing Ln has at least 2n states.

(c) Give an algorithm that transforms an automaton with universal accepting condition into aDFA recognizing the same language. This shows that automata with universal acceptingcondition recognize the regular languages.

Exercise 20 The existential and universal accepting conditions can be combined, yielding alter-nating automata. The states of an alternating automaton are partitioned into existential and univer-sal states. An existential state q accepts a word w, denoted w ∈ L (q), if either w = ε and q ∈ F,


or w = aw′ and there exists a transition (q, a, q′) such that w′ ∈ L (q′). A universal state q acceptsa word w if either w = ε and q ∈ F, or w = aw′ and w′ ∈ L (q′) for every transition (q, a, q′). Thelanguage recognized by an alternating automaton is the set of words accepted by its initial state.

Give an algorithm that transforms an alternating automaton into a DFA recognizing the samelanguage.

Exercise 21 In algorithm NFAεtoNFA, no transition that has been added to the workset, processed and removed from the workset is ever added to the workset again. However, transitions may beadded to the workset more than once. Give a NFA-ε and a run of NFAεtoNFA where this happens.

Exercise 22 Execute algorithm NFAεtoNFA on the following NFA-ε over Σ = a1, . . . , an to show 3that the algorithm may increase the number of transitions quadratically:

q0 q1 q2 qn−1 qn

a1

ε

a2

ε

an

ε

Exercise 23 We say that u = a1 · · · an is a scattered subword of w ∈ Σ∗, denoted by u w, if there àre words w0, . . . ,wn ∈ Σ∗ such that w = w0a1w1a2 · · · anwn. The upward closure and downwardclosure of a language L are the following languages:

↑L = u ∈ Σ∗ : w u for some w ∈ L,

↑L = u ∈ Σ∗ : u w for some w ∈ L.

Give algorithms that take a NFA A as input and return NFAs for ↑L (A) and ↓L (A).

Exercise 24 Let L be a regular language over Σ. Show that the following languages are also regular by constructing NFAs:

(a)√

L = w ∈ Σ∗ : ww ∈ L,

(b) Cyc(L) = vu ∈ Σ∗ : uv ∈ L.

Exercise 25 For every n ∈ IN, let msbf(n) be the set of most-significant-bit-first encodings of n, i.e., the words that start with an arbitrary number of leading zeros, followed by n written in binary.For example, msbf(3) = L (0∗11), msbf(9) = L (0∗1001) and msbf(0) = L (0∗). Similarly, letlsbf(n) denote the set of least-significant-bit-first encodings of n, i.e., the set containing for eachword w ∈ msbf(n) its reverse. For example, lsbf(6) = L (0110∗) and lsbf(0) = L (0∗).

(a) Construct and compare DFAs recognizing the set of even numbers w.r.t. the unary encoding(where n is encoded by the word 1n), the msbf-encoding, and the lsbf-encoding.

(b) Do the same for the set of numbers divisible by 3.


(c) Give regular expressions corresponding to the languages of (b).

Exercise 26 Consider the following DFA over the alphabet with letters[00

],[01

],[10

], and

[11

]:

0 1 2

[00

] [11

][10

] [00

]

[01

][11

]

A word w encodes a pair of natural numbers (X(w),Y(w)), where X(w) and Y(w) are obtained byreading the top and bottom rows in MSBF encoding. For instance, the following word encodes(44, 19):

w =

[10

] [01

] [10

] [10

] [01

] [01

]Show that the above DFA recognizes the set of words w such that X(w) = 3 ·Y(w), i.e., the solutionsof the equation x − 3y = 0.

Exercise 27 Algorithm NFAtoRE transforms a finite automaton into a regular expression repre-senting the same language by iteratively eliminating states of the automaton. In this exercise wepresent an algebraic reformulation of the algorithm. We represent a NFA as a system of languageequations with as many variables as states, and solve the system by eliminating variables. A lan-guage equation over an alphabet Σ and a set V of variables is an equation of the form r1 = r2, wherer1 and r2 are regular expressions over Σ ∪ V . For instance, X = aX + b is a language equation. Asolution of a system of equations is a mapping that assigns to each variable X a regular expressionover Σ, such that the languages of the left and right-hand sides of each equation are equal. Forinstance, a∗b is a solution of X = aX + b because L (a∗b) = L (aa∗b + b).

(a) Arden’s Lemma states that given two languages A, B ⊆ Σ∗ with ε < A, the smallest languageX ⊆ Σ∗ satisfying X = AX + B is the language A∗B. Prove Arden’s Lemma.

(b) Consider the following system of equations, where the variables X,Y represent languages(regular expressions) over the alphabet Σ = a, b, c, d, e, f :

X = aX + bY + c

Y = dX + eY + f .

This system has many solutions, but there is again a unique minimal solution, i.e., a solutioncontained in every other solution. Find the smallest solution with the help of Arden’s Lemma.

Hint: As a first step, consider X not as a variable, but as a constant language, and solve theequation for Y using Arden’s Lemma.


(c) We can associate to any NFA A = (Q,Σ, δ, q0, F) a system of linear equations as follows.We take Q as variables, which we call here X,Y,Z, . . ., with X as initial state. The system hasthe following equation for each state Y:

Y =

∑(Y,a,Z)∈δ

aZ if Y < F,

∑(Y,a,Z)∈δ

aZ

+ ε if Y ∈ F.

Consider the DFA of Figure 2.16(a). Let X,Y,Z,W be the states of the automaton, read fromtop to bottom and from left to right. The associated system of linear equations is

X = aY + bZ + ε Y = aX + bW

Z = bX + aW W = bY + aZ.

Compute the solution of this system by iteratively eliminating variables. Start with Y , theneliminate Z, and finally W. Compare with the elimination procedure depicted in Figure 2.16.

Exercise 28 (Inspired by R. Majumdar) Consider a deck of cards (with arbitrary many cards) in which black and red cards alternate, the top card is black, and the bottom card is red. The set ofpossible decks is given by the regular expression (BR)∗. Cut the deck at any point into two piles,and then perform a riffle (also called a dovetail shuffle) to yield a new deck. For example, we cancut a deck with six cards 123456 (with 1 as the top card) into two piles 12 and 3456, and the riffleyields 345162 (we start the riffle with the first pile). Give a regular expression over the alphabetB,R describing the possible configurations of the decks after the riffle.

Hint: After the cut, the last card of the first pile can be black or red. In the first case the two pilesbelong to (BR)∗B and R(BR)∗, and in the second case to (BR)∗ and (BR)∗. Let Rif (r1, r2) be thelanguage of all decks obtained by performing a riffle on decks taken from L (r1) and L (r2). We arelooking for a regular expression for

Rif((BR)∗B,R(BR)∗

)+ Rif

((BR)∗, (BR)∗

).

Use Exercise 27 to set up a system of equations over the variables X = Rif ((BR)∗B,R(BR)∗) andY = Rif ((BR)∗, (BR)∗), and solve it.

Exercise 29 Let L be an arbitrary language over a 1-letter alphabet. Prove that L∗ is regular.

Exercise 30 In contrast to Exercise 29, show that there exists a language L over a two-letter alphabet such that L∗ is not necessarily regular.


Exercise 31 Let Kn be the complete directed graph over nodes 1, . . . , n and edges (i, j) | 1 ≤ i, j ≤ n. A path of Kn is a sequence of nodes, and a circuit of Kn is a path that begins and ends atthe same node. MB: Revise statement and

solution.Consider the family of DFAs An = (Qn,Σn, δn, q0n, Fn) given by

• Qn = 1, . . . , n,⊥ and Σn = ai j | 1 ≤ i, j ≤ n;

• δn(⊥, ai j) = ⊥ for every 1 ≤ i, j ≤ n (that is, ⊥ is a trap state), and

δn(i, a jk) =

⊥ if i , jk if i = j

• q0n = 1 and Fn = 1.

For example, here are K3 and A3:

1 2

3

1 2

3

a12

a13a23

a21

a31

a32

Every word accepted by An encodes a circuit of Kn. For example, the words a12 a21 and a13 a32 a21,which are accepted by A3, encode the circuits 121 and 1321 of K3. Clearly, An recognizes theencodings of all circuits of Kn starting at node 1.

A path expression r over Σn is a regular expression such that every word of L(r) models a pathof Kn. The purpose of this exercise is to show that every path expression for L(An)—and so everyregular expression, because any regular expression for L(An) is a path expression by definition—must have length Ω(2n).

• Let π be a circuit of Kn. A path expression r covers π if L(r) contains a word uwv such that wencodes π. Further, r covers π∗ if L(r) covers πk for every k ≥ 0. Let r be a path expression oflength m starting at a node i. Prove:

(a) Either r covers π∗, or it does not cover π2m.

(b) If r covers π∗ and no proper subexpression of r does, then r = s∗ for some expression s, andevery word of L(s) encodes a circuit starting at a node of π.

• For every 1 ≤ k ≤ n + 1, let [k] denote the permutation of 1, 2, · · · , n + 1 that cyclically shiftsevery index k positions to the right. Formally, node i is renamed to i + k if i + k ≤ n + 1, and toi + k − (n + 1) otherwise. Let π[k] be the result of applying the permutation to π. So, for instance,if n = 4 and π = 24142, we get

π[1] = 35253 π[2] = 41314 π[3] = 52425 π[4] = 13531 π[5] = 24142 = π


(c) Prove that π[k] is a circuit of Kn+1 that does not pass through node k.

• Define inductively the circuit gn of Kn for every n ≥ 1 as follows:

- g1 = 11

- gn+1 = 1 gn[1]2ngn[2]2n

· · · gn[n + 1]2nfor every n ≥ 1

In particular, we have

g1 = 11

g2 = 1 (22)2 (11)2

g3 = 1(2 (33)2 (22)2)4 (

3 (11)2 (33)2 3)4 (

1 (22)2 (11)2)4

(d) Prove using parts (a)-(c) that every path expression covering gn has length at least 2n−1.


Chapter 3

Minimization and Reduction

In the previous chapter we showed through a chain of conversions that the two DFAs of Figure3.1 recognize the same language. Obviously, the automaton on the left of the figure is better as adata structure for this language, since it has smaller size. A DFA (respectively, NFA) is minimal if

a

b

a

a

a

aa

a

b

b

b

b b

b

bb

a

a

bb

a

a

Figure 3.1: Two DFAs for the same language

no other DFA (respectively, NFA) recognizing the same language has fewer states. We show thatevery regular language has a unique minimal DFA up to isomorphism (i.e., up to renaming of thestates). and present an efficient algorithm that “minimizes” a given DFA, i.e., converts it into theunique minimal DFA. In particular, the algorithm converts the DFA on the right of Figure 3.1 intothe one on the left.

From a data structure point of view, the existence of a unique minimal DFA has two importantconsequences. First, as mentioned above, the minimal DFA is the one that can be stored with aminimal amount of memory. Second, the uniqueness of the minimal DFA makes it a canonicalrepresentation of a regular language. As we shall see, canonicity leads to a fast equality check: Inorder to decide if two regular languages are equal, we can construct their minimal DFAs, and check

57

58 CHAPTER 3. MINIMIZATION AND REDUCTION

if they are isomorphic .In the second part of the chapter we show that, unfortunately, computing a minimal NFA is

a PSPACE complete problem, for which no efficient algorithm is likely to exist. Moreover, theminimal NFA is not unique. However, we show that a generalization of the minimization algorithmfor DFAs can be used to at least reduce the size of an NFA while preserving its language.

3.1 Minimal DFAs

We start with a simple but very useful definition.

Definition 3.1 Given a language L ⊆ Σ∗ and w ∈ Σ∗, the residual of L with respect to w is thelanguage Lw = u ∈ Σ∗ | wu ∈ L . A language L′ ⊆ Σ∗ is a residual of L if L′ = Lw for at least onew ∈ Σ∗.

The language Lw satisfies the property

wu ∈ L⇔ u ∈ Lw (3.1)

Moreover, Lw is the only language satisfying this property. In other words, if a language L′ satisfieswu ∈ L⇔ u ∈ L′ for every word u, then necessarily L′ = Lw.

Example 3.2 Let σ = a, b and L = a, ab, ba, aab. We compute Lw for all words w by increasinglength of w.

• |w| = 0. Lε = a, ab, ba, aab

• |w| = 1. La = ε, b, ab, Lb = a.

• |w| = 2. Laa = b, Lab = ε, Lba = ε, Lbb = ∅.

• |w| ≥ 3. Lw =

ε if w = aab∅ otherwise

.

Observe that residuals with respect to different words can be equal. In fact, even thoughσ∗ containsinfinitely many words , L has only six residuals, namely the languages ∅, ε, a, b, ε, b, ab, anda, ab, ba, aab.

Example 3.3 Languages containing infinitely many words can have a finite number of residuals.For example, (a+b)∗ contains infinitely many words, but it has one single residual: indeed, we haveLw = (a+b)∗ for every w ∈ a, b∗. Another example is the language of the two DFAs in Figure 3.1.Recall it is the language of all words over a, b with an even number of a’s and an even number ofb’s. Let us call this language EE in the following1. The language has four residuals, namely thelanguages EE, EO,OE,OO, where EO contains the words with an even number of a’s and an oddnumber of b’s, etc. For example, we have (EE)ε = EE, (EE)a = OE, and (EE)ab = OO.

1Notice that EE is a two-letter name for a language, not a concatenation of two languages!

3.1. MINIMAL DFAS 59

Example 3.4 The languages of Example 3.2 and 3.3 have finitely many residuals, but this not thecase for every language. In general, proving that the number of residuals of a language is finite orinfinite can be complicated. To show that a language L has an infinite number of residuals one canuse the following general proof strategy:

• Define an infinite set W = w0,w1,w2, . . . ⊆ Σ∗.

• Prove that Lwi , Lw j holds for every i , j. For this, show that for every i , j there exists aword wi, j that belongs to exactly one of the sets Lwi and Lw j .

We apply this strategy to two languages:

• Let L = anbn | n ≥ 0.Define W := ak | k ≥ 0. For every two distinct words ai, a j ∈ W (i.e., i , j), we havebi ∈ Lai

, because aibi ∈ L, but bi < La j, because a jbi < L. So L has infinitely many residuals.

• Let L = ww | w ∈ 0, 1∗.Define W := 0n1 | n ≥ 0. For every two distinct words u = 0i1, v = 0 j1 ∈ W (w.l.o.g,i < j), we have u ∈ Lu, because uu ∈ L, but u < Lv, because vu < L. So L has infinitely manyresiduals.

There is a close connection between the states of a DA (not necessarily finite) and the residualsof the language it recognizes. In order to formulate it we introduce the following definition:

Definition 3.5 Let A = (Q,Σ, δ, q0, F) be a DA and let q ∈ Q. The language recognized by q,denoted by LA(q) (or just L (q) if there is no risk of confusion) is the language recognized by A withq as initial state, i.e., the language recognized by the DA Aq = (Q,Σ, δ, q, F).

For every transition qa−−→ q′ of an automaton, deterministic or not, if a word w is accepted from

q′, then the word aw is accepted from q. For deterministic automata the converse also holds: sinceq

a−−→ q′ is the unique transition leaving q labeled by a, if aw is accepted from q, then w is accepted

from q′. So we have aw ∈ L(q′) iff w ∈ L(q) and comparing with Property 3.1 we obtain

For every transition qa−−→ q′ of a DA: L(q′) = L(q)a. (3.2)

More generally, we have:

Lemma 3.6 Let L be a language and let A = (Q,Σ, δ, q0, F) be a DA recognizing L.

(1) Every residual of L is recognized by some state of A. Formally: for every w ∈ Σ∗ there is atleast one state q ∈ Q such that LA(q) = Lw.


(2) Every state of A recognizes a residual of L. Formally: for every q ∈ Q there is at least oneword w ∈ Σ∗ such that LA(q) = Lw.

Proof: (1) Let w ∈ Σ∗, and let q be the state reached by the unique run of A on w, that is, q0w−−→ q.

We prove LA(q) = Lw. By Property 3.1, it suffices to show that every word u satisfies

wu ∈ L⇐⇒ u ∈ LA(q) .

Since A is a DFA, for every word wu ∈ Σ∗ the unique run of A on wu is of the form q0w−−→ q

u−−→ q′.

So A accepts wu iff q′ is a final state, which is the case iff u ∈ LA(q). So LA(q) = Lw.(2) Since A is in normal form, q can be reached from q0 by at least a word w. The proof thatLA(q) = Lw holds is exactly as above.

Example 3.7 Figure 3.2 shows the result of labeling the states of the two DFAs of Figure 3.1 withthe languages they recognize. All these languages are residuals of EE.

a

b

a

a

a

aa

a

b

b

b

b b

b

bb

a

a

bb

a

aEE OE

OOEO

EE

OE

EE

OE EO

EO

OO

Figure 3.2: Languages recognized by the states of the DFAs of Figure 3.1.

We use the notion of a residual to define the canonical deterministic automaton for a givenlanguage L. The states of the canonical DA for a language are themselves languages. Further,“each state recognizes itself”, i.e., the language recognized from the state L is the language Litself. This single property completely determines the initial state, the transitions, and the finalstates of the canonical DA:

• The canonical DA for a language L must recognize L. So the initial state of the canonical DArecognizes L. Since each state “recognizes itself”, the initial state is necessarily the languageL itself.

• Since each state K recognizes the language K, by Property 3.2 all transitions of the canonicalDA are of the form K

a−−→Ka.

3.1. MINIMAL DFAS 61

a, ab, ba, aab

ε, b, ab

a

ε

b

∅

a

b

a

b

a

b

a

b

a, b

a, b

Figure 3.3: Canonical DA for the language a, ab, ba, aab over the alphabet a, b.

• A state q of a DA is final iff it recognizes the empty word. Therefore, a state K of thecanonical DA is final iff ε ∈ K.

We formalize this construction, and prove its correctness.

Definition 3.8 Let L ⊆ Σ∗ be a language. The canonical DA for L is the DA CL = (QL,Σ, δL, q0L, FL),where:

• QL is the set of residuals of L; i.e., QL = Lw | w ∈ Σ∗;

• δL(K, a) = Ka for every K ∈ QL and a ∈ Σ;

• q0L = L; and

• FL = K ∈ QL | ε ∈ K.

Example 3.9 Figure 3.3 shows the canonical DA for the language of Example 3.2. Since thelanguage has six residuals, the DA has six states. Observe that every state “recognizes itself”.For example, the language recognized from the state ε, b, ab is ε, b, ab. The final states are theresiduals containing ε, that is, the two residuals ε, b, ab and ε.

Example 3.10 The canonical DA for the language EE of Example 3.3 is the one shown on the leftof Figure 3.2. It has four states, corresponding to the four residuals of EE. Since, for instance,EEa = OE, the canonical DA has a transition EE

a−−→OE. The initial state is EE. Since the

empty word has an even number of a and b (naemly zero in both cases), we have ε ∈ EE, andε < EO,OE,OO. So the only final state is EE.

Proposition 3.11 For every language L ⊆ Σ∗, the canonical DA for L recognizes L.


Proof: Let CL be the canonical DA for L. We prove L (CL) = L.Let w ∈ Σ∗. We prove by induction on |w| that w ∈ L iff w ∈ L (CL).If |w| = 0 then w = ε, and we have

ε ∈ L (w = ε)⇔ L ∈ FL (definition of FL)⇔ q0L ∈ FL (q0L = L)⇔ ε ∈ L (CL) (q0L is the initial state of CL)

If |w| > 0, then w = aw′ for some a ∈ Σ and w′ ∈ Σ∗, and we have

aw′ ∈ L⇔ w′ ∈ La (definition of La)⇔ w′ ∈ L (CLa) (induction hypothesis)⇔ aw′ ∈ L (CL) (δL(L, a) = La)

We now prove that CL is the unique minimal DFA recognizing a regular language L (up toisomorphism). The informal argument goes as follows. Since every DFA for L has at least onestate for each residual, and CL has exactly one state for each residual, CL has a minimal numberof states. Further, every other minimal DFA for L also has exactly one state for each residual.It remains to show that all these minimal DFAs are isomorphic. For this we observe that, if weknow which state recognizes which residual, we can infer which is the initial state, which are thetransitions, and which are the final states. In other words, the transitions, initial and final states of aminimal DFA are completely determined by the residual recognized by each state. Indeed, if stateq recognizes residual R, then the a-transition leaving q necessarily leads to the state recognizingRa; further, q is initial iff R = L, and q is final iff ε ∈ R. A more formal proof looks as follows:

Theorem 3.12 If L is regular, then CL is the unique minimal DFA up to isomorphism that recog-nizes L.

Proof: Let L be a regular language, and let A = (Q,Σ, δ, q0, F) be an arbitrary DFA recognizing L.By Lemma 3.6 the number the number of states of A is greater than or equal to the number of statesof CL, and so CL is a minimal automaton for L. To prove uniqueness of the minimal automaton upto isomorphism, assume A is minimal, and let LA be the mapping that assigns to each state q of Athe language L(q) recognizied from q. By Lemma 3.6(2), LA assigns to each state of A a residualof L, and so LA : Q → QL. We prove that LA is an isomorphism between A and CL. First, LA

is bijective because it is surjective (Lemma 3.6(2)), and |Q| = |QL| (A is minimal by assumption).Moreover, if δ(q, a) = q′, then LA(q′) = (LA(q))a, and so δL(LA(q), a) = LA(q′). Also, LA maps theinitial state of A to the initial state of CL: LA(q0) = L = q0L. Finally, LA maps final to final andnon-final to non-final states: q ∈ F iff ε ∈ LA(q) iff LA(q) ∈ FL.

3.2. MINIMIZING DFAS 63

The following simple corollary is often useful to establish that a given DFA is minimal:

Corollary 3.13 A DFA is minimal if and only if different states recognize different languages, i.e.,L (q) , L (q′) holds for every two states q , q′.

Proof: (⇒): By Theorem 3.12, the number of states of a minimal DFA is equal to the number ofresiduals of its language. Since every state of recognizes some residual, each state must recognizea different residual.

(⇐): If all states of a DFA A recognize different languages, then, since every state recognizessome residual, the number of states of A is less than or equal to the number of residuals. So A hasat most as many states as CL(A), and so it is minimal.

3.2 Minimizing DFAs

We present an algorithm that converts a given DFA into (a DFA isomorphic to) the unique minimalDFA recognizing the same language. The algorithm first partitions the states of the DFA intoblocks, where a block contains all states recognizing the same residual. We call this partition thelanguage partition. Then, the algorithm “merges” the states of each block into one single state, anoperation usually called quotienting with respect to the partition. Intuitively, this yields a DFA inwhich every state recognizes a different residual. These two steps are described in Section 3.2.1and Section 3.2.2.

For the rest of the section we fix a DFA A = (Q,Σ, δ, q0, F) recognizing a regular language L.

3.2.1 Computing the language partition

We need some basic notions on partitions. A partition of Q is a finite set P = B1, . . . , Bn ofnonempty subsets of Q, called blocks, such that Q = B1 ∪ . . . ∪ Bn, and Bi ∩ B j = ∅ for every1 ≤ i , j ≤ n. The block containing a state q is denoted by [q]P. A partition P′ refines or is arefinement of another partition P if every block of P′ is contained in some block of P. If P′ refinesP and P′ , P, then P is coarser than P′.

The language partition, denoted by P`, puts two states in the same block if and only if theyrecognize the same language (i.e, the same residual). To compute P` we iteratively refine an initialpartition P0 while maintaining the following

Invariant: States in different blocks recognize different languages.

P0 consists of two blocks containing the final and the non-final states, respectively (or just one ofthe two if all states are final or all states are nonfinal). That is, P0 = F,Q \ F if F and Q \ Fare nonempty, P0 = F if Q \ F is empty, and P0 = Q \ F = Q if F is empty. Notice that P0satisfies the invariant, because every state of F accepts the empty word, but no state of Q \ F does.

A partition is refined by splitting a block into two blocks. To find a block to split, we firstobserve the following:


Fact 3.14 If L (q1) = L (q2), then L (δ(q1, a)) = L (δ(q2, a)) for every a ∈ Σ.

Now, by contraposition, if L (δ(q1, a)) , L (δ(q2, a)), then L (q1) , L (q2), or, rephrasing in terms ofblocks: if δ(q1, a) and δ(q2, a) belong to different blocks, but q1 and q2 belong to the same block B,then B can be split, because q1 and q2 can be put in different blocks while respecting the invariant.

Definition 3.15 Let B, B′ be (not necessarily distinct) blocks of a partition P, and let a ∈ Σ. Thepair (a, B′) splits B if there are q1, q2 ∈ B such that δ(q1, a) ∈ B′ and δ(q2, a) < B′. The result ofthe split is the partition Ref P[B, a, B′] = (P \ B) ∪ B0, B1, where

B0 = q ∈ B | δ(q, a) < B′ and B1 = q ∈ B | δ(q, a) ∈ B′ .

A partition is unstable if it contains blocks B, B′ such that (a, B′) splits B for some a ∈ Σ, and stableotherwise.

The partition refinement algorithm LanPar(A) iteratively refines the initial partition of A untilit becomes stable. The algorithm terminates because every iteration increases the number of blocksby one, and a partition can have at most |Q| blocks.

LanPar(A)Input: DFA A = (Q,Σ, δ, q0, F)Output: The language partition P`.

1 if F = ∅ or Q \ F = ∅ then return Q2 else P← F,Q \ F3 while P is unstable do4 pick B, B′ ∈ P and a ∈ Σ such that (a, B′) splits B5 P← Ref P[B, a, B′]6 return P

Notice that if all states of a DFA are nonfinal then every state recognizes ∅, and if all arefinal then every state recognizes Σ∗. In both cases all states recognize the same language, and thelanguage partition is Q.

Example 3.16 Figure 3.4 shows a run of LanPar on the DFA on the right of Figure 3.1. Statesthat belong to the same block have the same color. The initial partition, shown at the top, consistsof the yellow and the pink states. The yellow block and the letter a split the pink block into thegreen block (pink states with an a-transition to the yellow block) and the rest (pink states with ana-transition to other blocks), which stay pink. In the final step, the green block and the letter b splitthe pink block into the magenta block (pink states with a b transition into the green block) and therest, which stay pink.

We prove correctness of LanPar in two steps. First, we show that it computes the coarsest stablerefinement of P0, denoted by CSR; in other words, we show that after termination the partition P iscoarser than every other stable refinement of P0. Then we prove that CSR is equal to P`.


a

b

a

a

a

aa

a

b

b

b

b b

b

a

b

a

a

a

aa

a

b

b

b

b b

b

a

b

a

a

a

aa

a

b

b

b

b b

b

Figure 3.4: Computing the language partition for the DFA on the left of Figure 3.1


Lemma 3.17 LanPar(A) computes CSR.

Proof: LanPar(A) clearly computes a stable refinement of P0. We prove that after termination Pis coarser than any other stable refinement of P0, or, equivalently, that every stable refinement ofP0 refines P. Actually, we prove that this holds not only after termination, but at any time.

Let P′ be an arbitrary stable refinement of P0. Initially P = P0, and so P′ refines P. Now,we show that if P′ refines P, then P′ also refines Ref P[B, a, B′]. For this, let q1, q2 be two statesbelonging to the same block of P′. We show that they belong to the same block of Ref P[B, a, B′].Assume the contrary. Since the only difference between P and Ref P[B, a, B′] is the splitting of Binto B0 and B1, exactly one of q1 and q2, say q1, belongs to B0, and the other belongs to B1. Sothere exists a transition (q2, a, q′2) ∈ δ such that q′2 ∈ B′. Since P′ is stable and q1, q2 belong to thesame block of P′, there is also a transition (q1, a, q′1) ∈ δ such that q′1 ∈ B′. But this contradictsq1 ∈ B0.

Theorem 3.18 CSR is equal to P`.

Proof: The proof has three parts:

(a) P` refines P0. Obvious.

(b) P` is stable. By Fact 3.14, if two states q1, q2 belong to the same block of P`, then δ(q1, a), δ(q2, a)also belong to the same block, for every a. So no block can be split.

(c) Every stable refinement P of P0 refines P`. Let q1, q2 be states belonging to the same blockB of P. We prove that they belong to the same block of P`, i.e., that L (q1) = L (q2). Bysymmetry, it suffices to prove that, for every word w, if w ∈ L (q1) then w ∈ L (q2). Weproceed by induction on the length of w. If w = ε then q1 ∈ F, and since P refines P0 , wehave q2 ∈ F, and so w ∈ L (q2). If w = aw′, then there is (q1, a, q′1) ∈ δ such that w′ ∈ L

(q′1

).

Let B′ be the block containing q′1. Since P is stable, B′ does not split B, and so there is(q2, a, q′2) ∈ δ such that q′2 ∈ B′. By induction hypothesis, w′ ∈ L

(q′1

)iff w′ ∈ L

(q′2

). So

w′ ∈ L(q′2

), which implies w ∈ L (q2).

3.2.2 Quotienting

It remains to define the quotient of A with respect to a partition. It is convenient to define it not onlyfor DFAs, but more generally for NFAs. The states of the quotient are the blocks of the partition,and there is a transition (B, a, B′) from block B to block B′ if A contains some transition (q, a, q′)for states q and q′ belonging to B and B′, respectively. Formally:

Definition 3.19 The quotient of a NFA A with respect to a partition P is the NFA A/P = (QP,Σ, δP,Q0P, FP)where


• QP is the set of blocks of P;

• (B, a, B′) ∈ δP if (q, a, q′) ∈ δ for some q ∈ B, q′ ∈ B′;

• Q0P is the set of blocks of P that contain at least one state of Q0; and

• FP is the set of blocks of P that contain at least one state of F.

Example 3.20 Figure 3.5 shows on the right the result of quotienting the DFA on the left withrespect to its language partition. The quotient has as many states as colors, and it has a transitionbetween two colors (say, an a-transition from pink to magenta) if the DFA on the left has such atransition.

a

b

a

a

a

aa

a

b

b

b

b b

b

bb

a

a

bb

a

a

Figure 3.5: Quotient of a DFA with respect to its language partition

We show that A/P`, the quotient of a DFA A with respect to the language partition, is theminimal DFA for L. The main part of the argument is contained in the following lemma. Looselyspeaking, it says that any refinement of the language partition, i.e., any partition in which statesof the same block recognize the same language, “is good” for quotienting, because the quotientrecognizes the same language as the original automaton. Moreover, if the partition not only refinesbut is equal to the language partition, then the quotient is a DFA.

Lemma 3.21 Let A be a NFA, and let P be a partition of the states of A. If P refines P`, thenLA(q) = LA/P(B) for every state q of A, where B is the block of P containing q; in particularL(A/P) = L(A). Moreover, if A is a DFA and P = P`, then A/P is a DFA.

Proof: Let P be any refinement of P`. We prove that for every w ∈ Σ∗ we have w ∈ LA(q) iffw ∈ LA/P(B). The proof is by induction on |w|.|w| = 0. Then w = ε and we have


ε ∈ LA(q)iff q ∈ Fiff B ⊆ F (P refines P`, and so also P0)iff B ∈ FP

iff ε ∈ LA/P(B)

|w| > 0. Then w = aw′ for some a ∈ Σ. So w ∈ LA(q) iff there is a transition (q, a, q′) ∈ δsuch that w′ ∈ LA(q′). Let B′ be the block containing q′. By the definition of A/P we have(B, a, B′) ∈ δP, and so:

aw′ ∈ LA(q)iff w′ ∈ LA(q′) (definition of q′)iff w′ ∈ LA/P(B′) (induction hypothesis)iff aw′ ∈ LA/P(B) ( (B, a, B′) ∈ δP )

For the second part, show that (B, a, B1), (B, a, B2) ∈ δP` implies B1 = B2. By definition thereexist (q, a, q1), (q′, a, q2) ∈ δ for some q, q′ ∈ B, q1 ∈ B1, and q2 ∈ B2. Since q, q′ belong tothe same block of the language partition, we have LA(q) = LA(q′). Since A is a DFA, we getLA(q1) = LA(q2). Since P = P`, the states q1 and q2 belong to the same block, and so B1 = B2.

Proposition 3.22 The quotient A/P` is the minimal DFA for L.

Proof: By Lemma 3.21, A/P` is a DFA, and its states recognize residuals of L. Moreover, twostates of A/P` recognize different residuals by definition of the language partition. So A/P` has asmany states as residuals, and we are done.

3.2.3 Hopcroft’s algorithm

Algorithm LanPar leaves the choice of an adequate refinement triple [B, a, B′] open. While everyexhaustive sequence of refinements leads to the same result, and so the choice does not affect thecorrectness of the algorithm, it affects its runtime. Hopcroft’s algorithm is a modification of LanParwhich carefully selects the next triple. When properly implemented, Hopcroft’s algorithm runs intime O(mn log n) for a DFA with n states over a m-letter alphabet. A full analysis of the algorithmis beyond the scope of this book, and so we limit ourselves to presenting its main ideas.

It is convenient to start by describing an intermediate algorithm, not as efficient as the finalone. The intermediate algorithm maintains a workset of pairs (a, B′), called splitters. Initially, theworkset contains all pairs (a, B′) where a is an arbitrary letter and B′ is a block of the originalpartition (that is, either B′ = F or B′ = Q \ F). At every step, the algorithm chooses a splitterfrom the workset, and uses it to split every block of the current partition (if possible). Whenevera block B is split by (a, B′) into two new blocks B0 and B1, the algorithm adds to the workset allpairs (b, B0) and (b, B1) for every letter b ∈ Σ.

It is not difficult to see that the intermediate algorithm is correct. The only point requiring amoment of thought is that it suffices to use each splitter at most once. A priori a splitter (a, B′)


could be required at some point of the execution, and then later again. To discard this observe that,by the definition of split, if (a, B′) splits a block B into B0 and B1, then it does not split any subsetof B0 or B1. So, after (a, B′) is used to split all blocks of a partition, since all future blocks are strictsubsets of the current blocks, (a, B′) is not useful anymore.

Hopcroft’s algorithm improves on the intermediate algorithm by observing that when a blockB is split into B0 and B1, it is not always necessary to add both (b, B0) and (b, B1) to the workset.The fundamental for this is the following proposition:

Proposition 3.23 Let A = (Q,Σ, δ, q0, F), let P be a partition of Q, and let B be a block of P.Suppose we refine B into B0 and B1. Then, for every a ∈ Σ, refining all blocks of P with respectto any two of the splitters (a, B), (a, B0), and (a, B1) gives the same result as refining them withrespect to all three of them.

Proof: Let C be a block of P. Every refinement sequence with respect to two of the splitters(there are six possible cases) yields the same partition of C, namely C0,C1,C2, where C0 and C1contain the states q ∈ Q such that δ(q, a) ∈ B0 and δ(q, a) ∈ B1, respectively, and C2 contains thestates q ∈ Q such that δ(q, a) < B.

Now, assume that (a, B′) splits a block B into B0 and B1. For every b ∈ Σ, if (b, B) is in the workset,then adding both (b, B0) and (b, B1) is redundant, because we only need two of the three. In thiscase, Hopcroft’s algorithm chooses to replace (b, B) in the workset by (b, B0) and (b, B1) (that is,to remove (b, B) and to add (b, B0) and (b, B1)). If (b, B) is not in the workset, then in principle wecould have two possible cases.

• If (b, B) was already removed from the workset and used to refine, then we only need to addone of (b, B0) and (b, B1). Hopcroft’s algorithm adds the smaller of the two (i.e., (b, B0) if|B0| ≤ |B1|, and (b, B1) otherwise).

• If (b, B) has not been added to the workset yet, then it looks as if we would still have to addboth of (b, B0) and (b, B1). However, a more detailed analysis shows that this is not the case,it suffices again to add only one of (b, B0) and (b, B1), and Hopcroft’s algorithm adds againthe smaller of the two.

These considerations lead to the following pseudocode for Hopcroft’s algorithm, where (b,minB0, B1)denotes the smaller of (b, B0) and (b, B1):


Hopcroft(A)Input: DFA A = (Q,Σ, δ, q0, F)Output: The language partition P`.

1 if F = ∅ or Q \ F = ∅ then return Q2 else P← F,Q \ F3 W← (a,minF,Q \ F) | a ∈ Σ

4 while W , ∅ do5 pick (a, B′) from W

6 for all B ∈ P split by (a, B′) do7 replace B by B0 and B1 in P8 for all b ∈ Σ do9 if (b, B) ∈W then replace (b, B) by (b, B0) and (b, B1) in W

10 else add (b,minB0, B1) to W

11 return P

We sketch an argument showing that the while loop is executed at most O(mn log n) times,where m = |Σ| and n = |Q|. Fix a state q ∈ Q and a letter a ∈ Σ. It is easy to see that at everymoment during the execution of Hopcroft the workset contains at most one splitter (a, B) such thatq ∈ B (in particular, if (a, B) is in the workset and B is split at line 9, then q goes to either B0 or toB1). We call this splitter (if present) the a-q-splitter, and define its size as the size of the block B.So during the execution of the algorithm there are alternating phases in which the workset containsone or zero a-q-splitters, respectively. Let us call them one-phases and zero-phases, respectively. Itis easy to see that during a one-phase the size of the a-q-splitter (defined as the number of states inthe block) can only decrease (at line 9). Moreover, if at the end of a one-phase the a-q-splitter hassize k, then, because of line 10, at the beginning of the next one-phase it has size at most k/2. So thenumber of a-q-splitters added to the workset throughout the execution of the algorithm is O(log n),and therefore the total number of splitters added to the workset is O(mn log n). So the while loop isexecuted O(mn log n) times. If the algorithm is carefully implemented (which is non-trivial), thenit also runs in O(mn log n) time.

3.3 Reducing NFAs

a

a a

a

Figure 3.6: Two minimal NFAs for aa∗.

There is no canonical minimal NFA for a given regular language. The simplest witness of this

3.3. REDUCING NFAS 71

fact is the language aa∗, which is recognized by the two non-isomorphic, minimal NFAs of Figure3.6. Moreover, computing any of the minimal NFAs equivalent to a given NFA is computationallyhard. In Chapter 4 we will show that the universality problem for NFAs is PSPACE-complete:given a NFA A over an alphabet Σ, decide whether L (A) = Σ∗. Using this result, we can easilyprove that deciding the existence of a small NFA equivalent to a given one is PSPACE-complete.

Theorem 3.24 The following problem is PSPACE-complete: given a NFA A and a number k ≥ 1,decide if there exists an NFA equivalent to A having at most k states.

Proof: To prove membership in PSPACE, observe first that if A has at most k states, then we cananswer A. So assume that A has more than k states. We use NPSPACE = PSPACE = co-PSPACE.Since PSPACE = co-PSPACE, it suffices to give a procedure to decide if no NFA with at mostk states is equivalent to A. For this we construct all NFAs with at most k states (over the samealphabet as A), reusing the same space for each of them, and check that none of them is equivalentto A. Now, since NPSPACE=PSPACE, it suffices to exhibit a nondeterministic algorithm that,given a NFA B with at most k states, checks that B is not equivalent to A (and runs in polynomialspace). The algorithm nondeterministically guesses a word, one letter at a time, while maintainingthe sets of states in both A and B reached from the initial states by the word guessed so far. Thealgorithm stops when it observes that the current word is accepted by exactly one of A and B.

PSPACE-hardness is easily proved by reduction from the universality problem. If an NFA isuniversal, then it is equivalent to an NFA with one state, and so, to decide if a given NFA A isuniversal we can proceed as follows: Check first if A accepts all words of length 1. If not, then Ais not universal. Otherwise, check if some NFA with one state is equivalent to A. If not, then A isnot universal. Otherwise, if such a NFA, say B, exists, then, since A accepts all words of length 1,B is the NFA with one final state and a loop for each alphabet letter. So A is universal.

However, we can reuse part of the theory for the DFA case to obtain an efficient algorithm topossibly reduce the size of a given NFA.

3.3.1 The reduction algorithm

We fix for the rest of the section an NFA A = (Q,Σ, δ,Q0, F) recognizing a language L. Recall thatDefinition 3.19 and the first part of Lemma 3.21 were defined for NFA. So L (A) = L (A/P) holdsfor every refinement P of P`, and so any refinement of P` can be used to reduce A. The largestreduction is obtained for P = P`, but P` is hard to compute for NFA. On the other extreme, thepartition that puts each state in a separate block is always a refinement of P`, but it does not provideany reduction.

To find a reasonable trade-off we examine again Lemma 3.17, which proves that LanPar(A)computes CSR for deterministic automata. Its proof only uses the following property of stablepartitions: if q1, q2 belong to the same block of a stable partition and there is a transition (q2, a, q′2) ∈δ such that q′2 ∈ B′ for some block B′, then there is also a transition (q1, a, q′1) ∈ δ such that q′1 ∈ B′.


We extend the definition of stability to NFAs so that stable partitions still satisfy this property: wejust replace condition

δ(q1, a) ∈ B′ and δ(q2, a) < B′

of Definition 3.15 by

δ(q1, a) ∩ B′ , ∅ and δ(q2, a) ∩ B′ = ∅.

Definition 3.25 (Refinement and stability for NFAs) Let B, B′ be (not necessarily distinct) blocksof a partition P, and let a ∈ Σ. The pair (a, B′) splits B if there are q1, q2 ∈ B such that δ(q1, a)∩B′ ,∅ and δ(q2, a)∩B′ = ∅. The result of the split is the partition Ref NFA

P [B, a, B′] = (P\ B)∪B0, B1,where

B0 = q ∈ B | δ(q, a) ∩ B′ = ∅ and B1 = q ∈ B | δ(q, a) ∩ B′ , ∅ .

A partition is unstable if it contains blocks B, B′ such that B′ splits B, and stable otherwise.

Using this definition we generalize LanPar(A) to NFAs in the obvious way: allow NFAs asinputs, and replace Ref P by Ref NFA

P as new notion of refinement. Lemma 3.17 still holds: thealgorithm still computes CSR, but with respect to the new notion of refinement. Notice that in thespecial case of DFAs it reduces to LanPar(A), because Ref P and Ref NFA

P coincide for DFAs.

CSR(A)Input: NFA A = (Q,Σ, δ,Q0, F)Output: The partition CSR of A.

1 if F = ∅ or Q \ F = ∅ then P← Q2 else P← F,Q \ F3 while P is unstable do4 pick B, B′ ∈ P and a ∈ Σ such that (a, B′) splits B5 P← Ref NFA

P [B, a, B′]6 return P

Notice that line 1 of CSR(A) is different from line 1 in algorithm LanPar. If all states of aNFA are nonfinal then every state recognizes ∅, but if all are final we can no longer conclude thatevery state recognizes Σ∗, as was the case for DFAs. In fact, all states might recognize differentlanguages.

In the case of DFAs we had Theorem 3.18, stating that CSR is equal to P`. The theorem doesnot hold anymore for NFAs, as we will see later. However, part (c) of the proof, which showed thatCSR refines P`, still holds, with exactly the same proof. So we get:

Theorem 3.26 Let A = (Q,Σ, δ,Q0, F) be a NFA. The partition CSR refines P`.

Now, Lemma 3.21 and Theorem 3.26 lead to the final result:

3.4. A CHARACTERIZATION OF THE REGULAR LANGUAGES 73

Corollary 3.27 Let A = (Q,Σ, δ,Q0, F) be a NFA. Then L (A/CSR) = L (A).

Example 3.28 Consider the NFA at the top of Figure 3.7. CSR is the partition indicated by thecolors. A possible run of CSR(A) is graphically represented at the bottom of the figure as a tree.Initially we have the partition with two blocks shown at the top of the figure: the block 1, . . . , 14of non-final states and the block 15 of final states. The first refinement uses (a, 15) to splitthe block of non-final states, yielding the blocks 1, . . . , 8, 11, 12, 13 (no a-transition to 15) and9, 10, 14 (an a-transition to 15). The leaves of the tree are the blocks of CSR.

In this example we have CSR , P`. For instance, states 3 and 5 recognize the same language,namely (a + b)∗aa(a + b)∗, but they belong to different blocks of CSR.

The quotient automaton is shown in Figure 3.8.

We finish the section with a remark.

Remark 3.29 If A is an NFA, then A/P` might not be a minimal NFA for L. The NFA of Figure 3.9is an example: all states accept different languages, and so A/P` = A, but the NFA is not minimal,since, for instance, the state at the bottom can be removed without changing the language.

It is not difficult to show that if two states q1, q2 belong to the same block of CSR, then they notonly recognize the same language, but also satisfy the following far stronger property: for everya ∈ Σ and for every q′1 ∈ δ(q1, a), there exists q′2 ∈ δ(q2, a) such that L

(q′1

)= L

(q′2

). This can

be used to show that two states belong to different blocks of CSR. For instance, consider states 2and 3 of the NFA on the left of Figure 3.10. They recognize the same language, but state 2 has ac-successor, namely state 4, that recognizes d, while state 3 has no such successor. So states 2and 3 belong to different blocks of CSR. A possible run of of the CSR algorithm on this NFA isshown on the right of the figure. For this NFA, CSR has as many blocks as states.

3.4 A Characterization of the Regular Languages

We present a useful byproduct of the results of Section 3.1.

Theorem 3.30 A language L is regular iff it has finitely many residuals.

Proof: If L is not regular, then no DFA recognizes it. Since, by Proposition 3.11, the canonicalautomaton CL recognizes L, then CL necessarily has infinitely many states, and so L has infinitelymany residuals.

If L is regular, then some DFA A recognizes it. By Lemma 3.6, the number of states of A isgreater than or equal to the number of residuals of L, and so L has finitely many residuals.

This theorem provides a useful technique for proving that a given language L ⊆ Σ∗ is not regular:exhibit an infinite set of words W ⊆ Σ∗ such that Lw , Lv for every two distinct words w, v ∈ W (seealso Example 3.4). In Example 3.4 we showed using this technique that the languages anbn | n ≥ 0and ww | w ∈ Σ∗ have infinitely many residuals, and so that they are not regular. We give here athird example:


a a a a

6

a, b

a a a a

a, ba, b

a, b a, b a, b

a

a a

a a

a

a

a

a

a

a a

aa

1 2

7

1211 13

8

4

9

14 15

10

53

2, 7, 12

(a, 4, 8)

7, 12 2

(b, 6, 11)

6, 11

6 11

1, . . . , 8, 11, 12, 13

(a, 15)

1, . . . , 14

9, 10, 14

(a, 9, 10, 14)

15

(a, 3, 4, 5, 8, 13)

1, 2, 6, 7, 11, 12

1, 6, 11

(b, 1, 6, 11)

1

3, 4, 5, 8, 13

(b, 3, 4, 5, 8, 13)

4, 8 3, 5, 13

(a, 4, 8)

3 5, 13

Figure 3.7: An NFA and a run of CSR() on it.


a, b

a

a

a

a, b

a

a, b a, b

a, b

aa

a

a

a

a

aaa

a a

Figure 3.8: The quotient of the NFA of Figure 3.7.

a

a b

a, b

Figure 3.9: An NFA A such that A/P` is not minimal.


1, 3

(b, 1, 3)

1 3

(c, 5)

1, 2, 3

2

1, 2, 3, 5

(e, 7)

5

4, 6

(e, 7)

4 6

c

d, e

c

c d

ea

b

1

2

3

5

6

7

4 (d, 7)

1, . . . , 6 7

Figure 3.10: An NFA such that CSR , P`.

• an2| n ≥ 0. Let W = an2

| n ≥ 0 (W = L in this case). For every two distinctwords ai2 , a j2 ∈ W (i.e., i , j), we have that a2i+i belongs to the ai2-residual of L, becauseai2+2i+1 = a(i+1)2

, but not to the a j2-residual, because a j2+2i+1 is only a square number fori = j.


Exercises

Exercise 32 Determine the residuals of the following languages over alphabet Σ = a, b:

(a) (ab + ba)∗,

(b) (aa)∗,

(c) anbncn : n ≥ 0.

Exercise 33 Consider the most-significant-bit-first (MSBF) encoding of natural numbers over alphabet Σ = 0, 1. Recall that every number has infinitely many encodings, because all thewords of 0∗w encode the same number as w. Construct the minimal DFAs accepting the followinglanguages, where Σ4 denotes all words of length 4:

(a) w : MSBF−1(w) mod 3 = 0 ∩ Σ4.

(b) w : MSBF−1(w) is a prime ∩ Σ4.

Exercise 34 Let A and B be respectively the following DFAs: 3

q0

q1

q2

q3

q4

q5

q6

a

b

a

b

a

b

b

a

a

b

a

b

a

b

q0 q1

q2 q3

q4

b

a a b b

a

b

a

a, b

(a) Compute the language partitions of A and B.

(b) Construct the quotients of A and B with respect to their language partitions.


(c) Give regular expressions for L(A) and L(B).

Exercise 35 Consider the language partition algorithm LanPar. Since every execution of its whileloop increases the number of blocks by one, the loop can be executed at most |Q| − 1 times. Showthat this bound is tight, i.e. give a family of DFAs for which the loop is executed |Q| − 1 times.

Hint: There exists a family with a one-letter alphabet.

Exercise 36 For each of the two NFAs below: 3

(a) Compute the coarsest stable refinements (CSR),

(b) Construct the quotients with respect to their CSRs,

(c) Say whether the obtained automata minimal.

q0

q1 q2

q3 q4

q5

a

a

b

a

a

a

a

b

a, b

a, b

a

a

q1 q2 q3

q4

a a

a

a ba b

a

Exercise 37 Let A1 and A2 be DFAs with n1 and n2 states such that L (A1) , L (A2). Show thatthere exists a word w of length at most n1 + n2−2 such that w ∈ (L (A1) \ L (A2))∪ (L (A2) \ L (A1)).

Hint: Consider the NFA obtained by putting A1 and A2 “side by side”, and compute CSR(A).

Exercise 38 Let Σ = a, b. Let Ak be the minimal DFA such that L (Ak) = ww : w ∈ Σk.

(a) Construct A2.

(b) Construct a DFA that accepts L (Ak).


(c) How many states does Ak contain for k > 2?

Exercise 39 For every language L ⊆ Σ∗ and word w ∈ Σ∗, let wL = u ∈ Σ∗ | uw ∈ L. A languageL′ ⊆ Σ∗ is an inverse residual of L if L′ = wL for some w ∈ Σ∗.

(a) Determine the inverse residuals of the first two languages of Exercise 32: (ab+ba)∗ and (aa)∗.

(b) Show that a language is regular iff it has finitely many inverse residuals.

(c) Does a language always have as many residuals as inverse residuals?

Exercise 40 Design an efficient algorithm Res(r, a), where r is a regular expression over an alpha- `bet Σ and a ∈ Σ, that returns a regular expression satisfying L (Res(r, a)) = L (r)a.

Exercise 41 A DFA A = (Q,Σ, δ, q0, F) is reversible if no letter can enter a state from two distinct states, i.e. for every p, q ∈ Q and σ ∈ Σ, if δ(p, σ) = δ(q, σ), then p = q.

(a) Give a reversible DFA that accepts L = ab, ba, bb.

(b) Show that the minimal DFA that accepts L is not reversible.

(c) Is there a unique minimal reversible DFA that accepts L (up to isomorphism)? Justify.

Exercise 42 Prove or disprove the following statements:

(a) A subset of a regular language is regular.

(b) A superset of a regular language is regular.

(c) If L1 and L1L2 are regular languages, then L2 is regular.

(d) If L2 and L1L2 are regular languages, then L1 is regular.

Exercise 43 A DFA with negative transitions (DFA-n) is a DFA whose transitions are partitioned TBDinto positive and negative transitions. A run of a DFA-n is accepting if:

• it ends in a final state and the number of occurrences of negative transitions is even, or

• it ends in a non-final state and the number of occurrences of negative transitions is odd.

The intuition is that taking a negative transition “inverts the polarity” of the acceptance condition:after taking the transition we accept iff we would not accept were the transition positive.

• Prove that the languages recognized by DFAs with negative transitions are regular.

• Give a DFA-n for a regular language having fewer states than the minimal DFA for thelanguage.


• Show that the minimal DFA-n for a language is not unique (even for languages whose mini-mal DFA-n’s have fewer states than their minimal DFAs).

Exercise 44 We say that a residual of a regular language L is composite if it is the union of other TBD

residuals of L, and that it is prime otherwise. Show that every regular language L is recognized byan NFA whose number of states is equal to the number of prime residuals of L.

Exercise 45 (T. Henzinger) Which of these languages over the alphabet 0, 1 are regular?

1. The set of words containing the same number of 0’s and 1’s.

2. The set of words containing the same number of occurrences of the strings 01 and 10.(E.g., 01010001 contains three occurrences of 01 and two occurrences of 10.)

3. Same for the pair of strings 00 and 11, the pair 001 and 110, and the pair 001 and 100.

Exercise 46 A word w = a1 . . . an is a subword of v = b1 . . . bm, denoted by w v, if there areindices 1 ≤ i1 < i2 . . . < in ≤ m such that ai j = b j for every j ∈ 1, . . . n. Higman’s lemma statesthat every infinite set of words over a finite alphabet contains two words w1, w2 such that w1 w2.

A language L ⊆ Σ∗ is upward-closed, resp. downward-closed), if for every two words w, v ∈ Σ∗,if w ∈ L and w v, then v ∈ L, resp. if w ∈ L and w v, then v ∈ L. The upward-closure of alanguage L is the upward-closed language obtained by adding to L all words v such that w v forsome v ∈ L.

1. Prove using Higman’s lemma that every upward-closed language is regular.Hint: Consider the minimal words of L, i.e., the words w ∈ L such that no proper subwordof w belongs to L.

2. Prove that every downward-closed language is regular.

3. Give regular expressions for the upward and downward closures of anbn min n ≥ 0.

4. Give algorithms that transform a regular expression r for a language into regular expressionsr⇑ and r⇓ for its upward-closure and its downward-closure.

5. Give algorithms that transform an NFA A recognizing a language into NFAs A ⇑ and A ⇓recognizing its upward-closure and its downward-closure.

Exercise 47 (Abdulla, Bouajjani, and Jonsson) An atomic expression over an alphabet Σ∗ is anexpression of the form ∅, ε, (a + ε) or (a1 + . . . + an)∗, where a, a1, . . . , an ∈ Σ. A product is aconcatenation e1 e2 . . . en of atomic expressions. A simple regular expression is a sum p1 + . . .+ pn

of products.

1. Prove that the language of a simple regular expression is downward-closed (see Exercise 46).


2. Prove that every downward-closed language can be represented by a simple regular expres-sion.Hint: since every downward-closed language is regular, it is represented by a regular expres-sion. Prove that this expression is equivalent to a simple regular expression.

Exercise 48 Consider the alphabet Σ = up, down, left, right. A word over Σ corresponds to a linein a grid consisting of concatenated segments drawn in the direction specified by the letters. In thesame way, a language corresponds to a set of lines. For example, the set of all staircases can bespecified as the set of lines given by the regular language (up right)∗. It is a regular language.

1. Specify the set of all skylines as a regular language (i.e., formalize the intuitive notion ofskyline). From the lines below, the one on the left is a skyline, while the other two are not.

2. Show that the set of all rectangles is not regular.

Exercise 49 A NFA A = (Q,Σ, δ,Q0, F) is reverse-deterministic if (q1, a, q) ∈ δ and (q2, a, q) ∈trans implies q1 = q2, i.e., no state has two input transitions labelled by the same letter. Further, Ais trimmed if every state accepts at least one word, i.e., if LA(q) , ∅ for every q ∈ Q.

Let A be a reverse-deterministic, trimmed NFA with one single final state q f . Prove thatNFAtoDFA(A) is a minimal DFA.

Hint: Show that any two distinct states of NFAtoDFA(A) recognize different languages, andapply Corollary 3.13.

Exercise 50 Let Rev(A) be the algorithm of Exercise 12 that, given a NFA A as input, returns atrimmed NFA AR such that L(AR) =

(L(A))R, where LR denotes the reverse of L (see Exercise 12).

Recall that a NFA is trimmed if every state accepts at least one word (see Exercise 49). Prove thatfor every NFA A the DFA

NFAtoDFA(

Rev(

NFAtoDFA( Rev(A) )) )

is the unique minimal DFA recognizing L(A).

Exercise 51 (Sickert)

1. Let Σ = 0, 1 be an alphabet.

Find a language L ⊆ Σ∗ that has infinitely many residuals and |Lw| > 0 for all w ∈ Σ∗.

2. Let Σ = a be an alphabet.

Find a language L ⊆ Σ∗, such that Lw = Lw′ =⇒ w = w′ for all words w,w′ ∈ Σ∗.

What can you say about the residuals for such a language L? Is such a language regular?


Chapter 4

Operations on Sets: Implementations

Recall the list of operations on sets that should be supported by our data structures, where U is theuniverse of objects, X,Y are subsets of U, x is an element of U:

Member(x, X) : returns true if x ∈ X, false otherwise.Complement(X) : returns U \ X.Intersection(X, Y) : returns X ∩ Y .Union(X, Y) : returns X ∪ Y .Empty(X) : returns true if X = ∅, false otherwise.Universal(X) : returns true if X = U, false otherwise.Included(X,Y) : returns true if X ⊆ Y , false otherwise.Equal(X,Y) : returns true if X = Y , false otherwise.

We fix an alphabet Σ, and assume that there exists a bijection between U and Σ∗, i.e., we assumethat each object of the universe is encoded by a word, and each word is the encoding of some object.Under this assumption, the operations on sets and elements become operations on languages andwords. For instance, the first two operations become

Member(w, L) : returns true if w ∈ L, false otherwise.Complement(L) : returns L.

The assumption that each word encodes some object may seem too strong. Indeed, the languageE of encodings is usually only a subset of Σ∗. However, once we have implemented the operationsabove under this strong assumption, we can easily modify them so that they work under a muchweaker assumption, that almost always holds: the assumption that the language E of encodings isregular. Assume, for instance, that E is a regular subset of Σ∗ and L is the language of encodingsof a set X. Then, we implement Complement(X) so that it returns, not L, but Intersection(L, E).

For each operation we present an implementation that, given automata representations of the

83

84 CHAPTER 4. OPERATIONS ON SETS: IMPLEMENTATIONS

operands, returns an automaton representing the result (or a boolean, when that is the return type).Sections 4.1 and 4.2 consider the cases in which the representation is a DFA and a NFA, respec-tively.

4.1 Implementation on DFAs

In order to evaluate the complexity of the operations we must first make explicit our assumptionson the complexity of basic operations on a DFA A = (Q,Σ, δ, q0, F). We assume that dictionaryoperations (lookup, add, remove) on Q and δ can be performed in constant time using hashing. Weassume further that, given a state q, we can decide in constant time if q = q0, and if q ∈ F, and thatgiven a state q and a letter a ∈ Σ, we can find in constant time the unique state δ(q, a).

4.1.1 Membership.

To check membership for a word w we just execute the run of the DFA on w. It is convenientfor future use to have an algorithm Member[A](w, q) that takes as parameter a DFA A, a word w,and a state q, and a and checks if w is accepted with q as initial state. Member(w, L) can then beimplemented by Mem[A](w, q0), where A is the automaton representing L. Writing head(aw) = aand tail(aw) = w for a ∈ Σ and w ∈ Σ∗, the algorithm looks as follows:

MemDFA[A](w, q)Input: DFA A = (Q,Σ, δ,Q0, F), state q ∈ Q, word w ∈ Σ∗,Output: true if w ∈ L(q), false otherwise

1 if w = ε then return q ∈ F2 else return Member[A]( tail(w) , δ(q, head(w)) )

The complexity of the algorithm is O(|w|).

4.1.2 Complement.

Implementing the complement operations on DFAs is easy. Recall that a DFA has exactly one runfor each word, and the run is accepting iff it reaches a final state. Therefore, if we swap final andnon-final states, the run on a word becomes accepting iff it was non-accepting, and so the new DFAaccepts the word iff the new one did not accept it. So we get the following linear-time algorithm:

CompDFA(A)Input: DFA A = (Q,Σ, δ,Q0, F),Output: DFA B = (Q′,Σ, δ′,Q′0, F

′) with L (B) = L (A)

1 Q′ ← Q; δ′ ← δ; q′0 ← q0; F′ = ∅

2 for all q ∈ Q do3 if q < F then add q to F′

4.1. IMPLEMENTATION ON DFAS 85

Observe that complementation of DFAs preserves minimality. By construction, each state ofCompDFA(A) recognizes the complement of the language recognized by the same state in A. There-fore, if the states of A recognize pairwise different languages, so do the states of CompDFA(A).Apply now Corollary 3.13, stating that a DFA is minimal iff their states recognize different lan-guages.

4.1.3 Binary Boolean Operations

Instead of specific implementations for union and intersection, we give a generic implementationfor all binary boolean operations. Given two DFAs A1 and A2 and a binary boolean operationlike union, intersection, or difference, the implementation returns a DFA recognizing the result ofapplying the operation to L (A1) and L (A2). The DFAs for different boolean operations always havethe same states and transitions, they differ only in the set of final states. We call this DFA with ayet unspecified set of final states the pairing of A1 and A2, denoted by [A1, A2]. Formally:

Definition 4.1 Let A1 = (Q1,Σ, δ1, q01, F1) and A2 = (Q2,Σ, δ2, q02, F2) be DFAs. The pairing[A1, A2] of A1 and A2 is the tuple (Q,Σ, δ, q0) where:

• Q = [q1, q2] | q1 ∈ Q1, q2 ∈ Q2;

• δ = ([q1, q2], a, [q′1, q′2]) | (q1, a, q′1) ∈ δ1, (q2, a, q′2) ∈ δ2;

• q0 = [q01, q02].

The run of [A1, A2] on a word of Σ∗ is defined as for DFAs.

It follows immediately from this definition that the run of [A1, A2] over a word w = a1a2 . . . an isalso a “pairing” of the runs of A1 and A2 over w. Formally,

q01a1−−−→ q11

a2−−−→ q21 . . . q(n−1)1

an−−−→ qn1

q02a1−−−→ q12

a2−−−→ q22 . . . q(n−1)2

an−−−→ qn2

are the runs of A1 and A2 on w if and only if[q01q02

]a1−−−→

[q11q12

]a2−−−→

[q21q22

]. . .

[q(n−1)1q(n−1)2

]an−−−→

[qn1qn2

]is the run of [A1, A2] on w.

DFAs for different boolean operations are obtained by adding an adequate set of final states to[A1, A2]. For intersection, [A1, A2] must accept w if and only if A1 accepts w and A2 accepts w.This is achieved by declaring a state [q1, q2] final if and only if q1 ∈ F1 and q2 ∈ F2. For union,we just replace and by or. For difference, [A1, A2] must accept w if and only if A1 accepts w andA2 does not accepts w, and so we declare [q1, q2] final if and only if q1 ∈ F1 and not q2 ∈ F2.


Example 4.2 Figure 4.2 shows at the top two DFAs over the alphabet Σ = a. They recognizethe words whose length is a multiple of 2 and a multiple of three, respectively. We denote theselanguages by Mult(2) and Mult(3). The Figure then shows the pairing of the two DFAs (for clar-ity the states carry labels x, y instead of [x, y]), and three DFAs recognizing Mult(2) ∩ Mult(3),Mult(2) ∪ Mult(3), and Mult(2) \Mult(3), respectively.

3 4aa

a

5

a a a a a2, 51, 3 2, 4 1, 5 2, 3 1, 4

a a a a a2, 51, 3 2, 4 1, 5 2, 3 1, 4

a a a a a2, 51, 3 2, 4 1, 5 2, 3 1, 4

a a a a a2, 51, 3 2, 4 1, 5 2, 3 1, 4

a

a

a

a

a

a

21

Figure 4.1: Two DFAs, their pairing, and DFAs for the intersection, union, and difference of theirlanguages.

Example 4.3 The tour of conversions of Chapter 2 started with a DFA for the language of allwords over a, b containing an even number of a’s and an even number of b’s. This language isthe intersection of the language of all words containing an even number of a’s, and the language ofall words containing an even number of b’s. Figure 4.2 shows DFAs for these two languages, andthe DFA for their intersection.

We can now formulate a generic algorithm that, given two DFAs recognizing languages L1, L2and a binary boolean operation, returns a DFA recognizing the result of “applying” the booleanoperation to L1, L2. First we formally define what this means. Given an alphabet Σ and a binary


a

a

a

a

b b

bb

a

a

bb

1 2 3 4b

b

a a

1, 3 2, 3

2, 41, 4

Figure 4.2: Two DFAs and a DFA for their intersection.

boolean operator : true, false × true, false → true, false, we lift to a function : 2Σ∗ ×

2Σ∗ → 2Σ∗ on languages as follows

L1L2 = w ∈ Σ∗ | (w ∈ L1) (w ∈ L2)

That is, in order to decide if w belongs to L1L2, we first evaluate (w ∈ L1) and (w ∈ L2) to trueof false, and then apply to the results. For instance we have L1 ∩ L2 = L1∧L2. The genericalgorithm, parameterized by , looks as follows:

BinOp[](A1, A2)Input: DFAs A1 = (Q1,Σ, δ1,Q01, F1), A2 = (Q2,Σ, δ2,Q02, F2)Output: DFA A = (Q,Σ, δ,Q0, F) with L (A) = L (A1) L (A2)

1 Q, δ, F ← ∅2 q0 ← [q01, q02]3 W ← q0

4 while W , ∅ do5 pick [q1, q2] from W6 add [q1, q2] to Q7 if (q1 ∈ F1) (q2 ∈ F2) then add [q1, q2] to F8 for all a ∈ Σ do9 q′1 ← δ1(q1, a); q′2 ← δ2(q2, a)

10 if [q′1, q′2] < Q then add [q′1, q

′2] to W

11 add ([q1, q2], a, [q′1, q′2]) to δ

Popular choices of boolean language operations are summarized in the left column below, whilethe right column shows the corresponding boolean operation needed to instantiate BinOp[].


Language operation b1 b2

Union b1 ∨ b2Intersection b1 ∧ b2Set difference (L1 \ L2) b1 ∧ ¬b2Symmetric difference (L1 \ L2 ∪ L2 \ L1) b1 ⇔ ¬b2

The output of BinOp is a DFA with O(|Q1| · |Q2|), states, regardless of the boolean operationbeing implemented. To show that the bound is reachable, let Σ = a, and for every n ≥ 1 let Mult(n)denote the language of words whose length is a multiple of n. As in Figure 4.2, the minimal DFArecognizing Mult(n) is a cycle of n states, with the initial state being also the only final state. Forany two relatively prime numbers n1 and n2 (i.e., two numbers without a common divisor), we haveMult(n1)∩Mult(n2) = Mult(n1 · n2). Therefore, any DFA for Mult(n1 · n2) has at least n1 · n2 states.In fact, if we denote the minimal DFA for Mult(k) by Ak, then BinOp[∧](An, Am) = An·m.

Notice however, that in general minimality is not preserved: the product of two minimal DFAsmay not be minimal. In particular, given any regular language L, the minimal DFA for L ∩ L hasone state, but the result of the product construction is a DFA with the same number of states as theminimal DFA for L.

4.1.4 Emptiness.

A DFA accepts the empty language if and only if it has no final states (recall our normal form,where all states must be reachable!).

Empty(A)Input: DFA A = (Q,Σ, δ,Q0, F)Output: true if L (A) = ∅, false otherwise

1 return F = ∅

The runtime depends on the implementation. If we keep a boolean indicating whether the DFAhas some final state, then the complexity of Empty() is O(1). If checking F = ∅ requires a linearscan over Q, then the complexity is O(|Q|).

4.1.5 Universality.

A DFA accepts Σ∗ iff all its states are final, again an algorithm with complexity O(1) given normalform, and O(|Q|) otherwise.

UnivDFA(A)Input: DFA A = (Q,Σ, δ,Q0, F)Output: true if L (A) = Σ∗, false otherwise

1 return F = Q


4.1.6 Inclusion.

Given two regular languages L1, L2, the following lemma characterizes when L1 ⊆ L2 holds.

Lemma 4.4 Let A1 = (Q1,Σ, δ1,Q01, F1) and A2 = (Q2,Σ, δ2,Q02, F2) be DFAs. L (A1) ⊆ L (A2)if and only if every state [q1, q2] of the pairing [A1, A2] satisfying q1 ∈ F1 also satisfies q2 ∈ F2.

Proof: Let L1 = L (A1) and L2 = L (A2). We have

L1 * L2⇔ L1 \ L2 , ∅

⇔ at least one state [q1, q2] of the DFA for L1 \ L2 is final⇔ q1 ∈ F1 and q2 < F2.

The condition of the lemma can be checked by slightly modifying BinOp. The resulting algorithmchecks inclusion on the fly:

InclDFA(A1, A2)Input: DFAs A1 = (Q1,Σ, δ1,Q01, F1), A2 = (Q2,Σ, δ2,Q02, F2)Output: true if L (A1) ⊆ L (A2), false otherwise

1 Q← ∅;2 W ← [q01, q02]3 while W , ∅ do4 pick [q1, q2] from W5 add [q1, q2] to Q6 if (q1 ∈ F1) and (q2 < F2) then return false7 for all a ∈ Σ do8 q′1 ← δ1(q1, a); q′2 ← δ2(q2, a)9 if [q′1, q

′2] < Q then add [q′1, q

′2] to W

10 return true

4.1.7 Equality.

For equality, just observe that L (A1) = L (A2) holds if and only if the symmetric difference ofL (A1) and L (A2) is empty. The algorithm is obtained by replacing Line 6 of IncDFA(A1, A2) by

if ((q1 ∈ F1) and q2 < F2)) or ((q1 < F1) and (q2 ∈ F2)) then return false .

Let us call this algorithm EqDFA. An alternative procedure is to minimize A1 and A2, and thencheck if the results are isomorphic DFAs. In fact, the isomorphism check is not even necessary:one can just apply CSR to the NFA A1 ∪ A2 = (Q1 ∪ Q2,Σ, δ1 ∪ δ2, q01, q02, F1 ∪ F2). It is


easy to see that in this particular case CSR still computes the language partition, and so we haveL (A1) = L (A2) if and only if after termination the initial states of A1 and A2 belong to the sameblock.

If Hopcroft’s algorithm is used for computing CSR, then the equality check can be performedin O(n log n) time, where n is the sum of the number of states of A1 and A2. This complexity islower than that of EqDFA. However, EqDFA has two important advantages:

• It works on-the-fly. That is, L (A1) = L (A2) can be tested while constructing A1 and A2. Thisallows to stop early if a difference in the languages is detected. On the contrary, minimizationalgorithms cannot minimize a DFA while constructing it. All states and transitions must beknown before the algorithm can start.

• It is easy to modify EqDFA so that it returns a witness when L (A1) , L (A2), that is, a wordin the symmetric difference of L (A1) and L (A2). This is more difficult to achieve with theminimization algorithm. Moreover, to the best of our knowledge it cancels the complexityadvantage. This may seem surprising, because, as shown in Exercise ??, the shortest elementin the symmetric difference of L (A1) and L (A2) has length n1+n2−2, where n1 and n2 are thenumbers of states of A1 and A2, respectively. However, this element is computed by trackingfor each pair of states the shortest word in the symmetric difference of the languages theyrecognize. Since there are O(n1 · n2) pairs, this takes O(n1 · n2) time. There could be a moreefficient way to compute the witness, but we do not know of any.

4.2 Implementation on NFAs

For NFAs we make the same assumptions on the complexity of basic operations as for DFAs.For DFAs, however, we had the assumption that, given a state q and a letter a ∈ Σ, we can findin constant time the unique state δ(q, a). This assumption no longer makes sense for NFA, sinceδ(q, a) is a set.

4.2.1 Membership.

Membership testing is slightly more involved for NFAs than for DFAs. An NFA may have manyruns on the same word, and examining all of them one after the other in order to see if at least oneis accepting is a bad idea: the number of runs may be exponential in the length of the word. Thealgorithm below does better. For each prefix of the word it computes the set of states in which theautomaton may be after having read the prefix.

4.2. IMPLEMENTATION ON NFAS 91

MemNFA[A](w)Input: NFA A = (Q,Σ, δ,Q0, F), word w ∈ Σ∗,Output: true if w ∈ L(A), false otherwise

1 W ← Q0;2 while w , ε do3 U ← ∅4 for all q ∈ W do5 add δ(q, head(w)) to U6 W ← U7 w← tail(w)8 return (W ∩ F , ∅)

Example 4.5 Consider the NFA of Figure 4.3, and the word w = aaabba. The successive valuesof W, that is, the sets of states A can reach after reading the prefixes of w, are shown on the right.Since the final set contains final states, the algorithm returns true.

1

2

3

4

a

b

aa, b

b

a, b

a

ab

Prefix read W

ε 1a 2aa 2, 3aaa 1, 2, 3aaab 2, 3, 4aaabb 2, 3, 4aaabba 1, 2, 3, 4

Figure 4.3: An NFA A and the run of Mem[A](aaabba) .

For the complexity, observe first that the while loop is executed |w| times. The for loop is exe-cuted at most |Q| times. Each execution takes at most time O(|Q|), because δ(q, head(w)) containsat most |Q| states. So the overall runtime is O(|w| · |Q|2).

4.2.2 Complement.

Recall that an NFA A may have multiple runs on a word w, and it accepts w if at least one isaccepting. In particular, an NFA can accept w because of an accepting run ρ1, but have anothernon-accepting run ρ2 on w. It follows that the complementation operation for DFAs cannot beextended to NFAs: after exchanging final and non-final states the run ρ1 becomes non-accepting,


but ρ2 becomes accepting. So the new NFA still accepts w (at least ρ2 accepts), and so it does notrecognize the complement of L (A).

For this reason, complementation for NFAs is carried out by converting to a DFA, and comple-menting the result.

CompNFA(A)Input: NFA A,Output: DFA A with L

(A)

= L (A)

1 A← CompDFA (NFAtoDFA(A))

Since making the NFA deterministic may cause an exponential blow-up in the number of states,the number of states of A may be O(2|Q|).

4.2.3 Union and intersection.

On NFAs it is no longer possible to uniformly implement binary boolean operations. The pairingoperation can be defined exactly as in Definition 4.1. The runs of a pairing [A1, A2] of NFAs on agiven word are defined as for NFAs. The difference with respect to the DFA case is that the pairingmay have multiple runs or no run at all on a word. But we still have that

q01a1−−−→ q11

a2−−−→ q21 . . . q(n−1)1

an−−−→ qn1

q02a1−−−→ q12

a2−−−→ q22 . . . q(n−1)2

an−−−→ qn2

are runs of A1 and A2 on w if and only if

[q01q02

]a1−−−→

[q11q12

]a2−−−→

[q21q22

]. . .

[q(n−1)1q(n−1)2

]an−−−→

[qn1qn2

]

is a run of [A1, A2] on w.Let us now discuss separately the cases of intersection, union, and set difference.

Intersection. Let [q1, q2] be a final state of [A1, A2] if q1 is a final state of A1 and q2 is a finalstate of q2. Then it is still the case that [A1, A2] has an accepting run on w if and only if A1 has anaccepting run on w and A2 has an accepting run on w. So, with this choice of final states, [A1, A2]recognizes L (A1) ∩ L (A2). So we get the following algorithm:


IntersNFA(A1, A2)Input: NFA A1 = (Q1,Σ, δ1,Q01, F1), A2 = (Q2,Σ, δ2,Q02, F2)Output: NFA A1 ∩ A2 = (Q,Σ, δ,Q0, F) with L (A1 ∩ A2) = L (A1) ∩ L (A2)

1 Q, δ, F ← ∅; Q0 ← Q01 × Q02

2 W ← Q0

3 while W , ∅ do4 pick [q1, q2] from W5 add [q1, q2] to Q6 if (q1 ∈ F1) and (q2 ∈ F2) then add [q1, q2] to F7 for all a ∈ Σ do8 for all q′1 ∈ δ1(q1, a), q′2 ∈ δ2(q2, a) do9 if [q′1, q

′2] < Q then add [q′1, q

′2] to W

10 add ([q1, q2], a, [q′1, q′2]) to δ

Notice that we overload the symbol ∩, and denote the output by A1∩A2. The automaton A1∩A2 isoften called the product of A1 and A2. It is easy to see that, as operation on NFAs, ∩ is associativeand commutative in the following sense:

L ((A1 ∩ A2) ∩ A3) = L (A1) ∩ L (A2) ∩ L (A3) = L (A1 ∩ (A2 ∩ A3))L (A1 ∩ A2) = L (A1) ∩ L (A2) = L (A2 ∩ A1)

For the complexity, observe that in the worst case the algorithm must examine all pairs (q1, a, q′1) ∈δ1, (q2, a, q′2) ∈ δ2 of transitions, but every pair is examined at most once. So the runtime isO(|δ1||δ2|).

Example 4.6 Consider the two NFAs of Figure 4.4 over the alphabet a, b. The first one recog-nizes the words containing at least two blocks with two consecutive a’s each, the second one thosecontaining at least one block. The result of applying IntersNFA() is the NFA of Figure 3.7 in page74. Observe that the NFA has 15 states, i.e., all pairs of states are reachable.

Observe that in this example the intersection of the languages recognized by the two NFAsis equal to the language of the first NFA. So there is an NFA with 5 states that recognizes theintersection, which means that the output of IntersNFA() is far from optimal in this case. Even afterapplying the reduction algorithm for NFAs we only obtain the 10-state automaton of Figure 3.8.

Union. The argumentation for intersection still holds if we replace and by or, and so an algorithmobtained from IntersNFA() by substituting or for and correctly computes a NFA for L (A1)∪L (A2).However, this is unnecessary. To obtain such a NFA, it suffices to put A1 and A2 “side by side”:take the union of its states, transitions, initial, and final states (where we assume that these sets aredisjoint):


a, b

a a a a

a, ba, b

a a

a, ba, b

Figure 4.4: Two NFAs

UnionNFA(A1, A2)Input: NFA A1 = (Q1,Σ, δ1,Q01, F1), A2 = (Q2,Σ, δ2,Q02, F2)Output: NFA A1 ∪ A2 = (Q,Σ, δ,Q0, F) with L (A1 ∪ A2) =

L (A1) ∪ L (A2)

1 Q← Q1 ∪ Q2

2 δ← δ1 ∪ δ2

3 Q0 ← Q01 ∪ Q02

4 F ← F1 ∪ F2

Set difference. The generalization of the procedure for DFAs fails. Let [q1, q2] be a final state of[A1, A2] if q1 is a final state of A1 and q2 is not a final state of q2. Then [A1, A2] has an acceptingrun on w if and only if A1 has an accepting run on w and A2 has a non-accepting run on w. But“A2 has a non-accepting run on w” is not equivalent to “A2 has no accepting run on w”: this onlyholds in the DFA case. An algorithm producing an NFA A1 \ A2 recognizing L (A1) \ L (A2) can beobtained from the algorithms for complement and intersection through the equality L (A1)\L (A2) =

L (A1) ∩ L (A2).

4.2.4 Emptiness and Universality.

Emptiness for NFAs is decided using the same algorithm as for DFAs: just check if the NFA has atleast one final state.

Universality requires a new algorithm. Since an NFA may have multiple runs on a word, anNFA may be universal even if some states are non-final: for every word having a run that leads to anon-final state there may be another run leading to a final state. An example is the NFA of Figure4.3, which, as we shall show in this section, is universal.

A language L is universal if and only if L is empty, and so universality of an NFA A can bechecked by applying the emptiness test to A. Since complementation, however, involves a worst-case exponential blowup in the size of A, the algorithm requires exponential time and space.


We show that the universality problem is PSPACE-complete. That is, the superpolynomialblowup cannot be avoided unless P = PS PACE,which is unlikely.

Theorem 4.7 The universality problem for NFAs is PSPACE-complete

Proof: We only sketch the proof. To prove that the problem is in PSPACE, we show that it belongsto NPSPACE and apply Savitch’s theorem. The polynomial-space nondeterministic algorithm foruniversality looks as follows. Given an NFA A = (Q,Σ, δ,Q0, F), the algorithm guesses a run ofB = NFAtoDFA(A) leading from q0 to a non-final state, i.e., to a set of states of A containing nofinal state (if such a run exists). The algorithm does not store the whole run, only the current stateof B, and so it only needs linear space in the size of A.

We prove PSPACE-hardness by reduction from the acceptance problem for linearly boundedautomata. A linearly bounded automaton is a deterministic Turing machine that always halts andonly uses the part of the tape containing the input. A configuration of the Turing machine on aninput of length k is encoded as a word of length k. The run of the machine on an input can beencoded as a word c0#c1 . . . #cn, where the ci’s are the encodings of the configurations.

Let Σ be the alphabet used to encode the run of the machine. Given an input x, the machineaccepts if there exists a word w of (Σ∪ #)∗ (we assume # < Σ) satisfying the following properties:

(a) w has the form c0#c1 . . . #cn, where the ci’s are configurations;

(b) c0 is the initial configuration;

(c) cn is an accepting configuration; and

(d) for every 0 ≤ i ≤ n − 1: ci+1 is the successor configuration of ci according to the transitionrelation of the machine.

The reduction shows how to construct in polynomial time, given a linearly bounded automatonM and an input x, an NFA AM,x accepting all the words of Σ∗ that do not satisfy at least one of theconditions (a)-(d) above. We then have

• If M accepts x, then there is a word wM,x encoding the accepting run of M on x, and soL(AM,x

)= Σ∗ \ wM,x.

• If M rejects x, then no word encodes an accepting run of M on x, and so L(AM,x

)= Σ∗.

So M accepts x if and only if L(AM,x

)= Σ∗, and we are done.

A Subsumption Test. We show that it is not necessary to completely construct A. First, theuniversality check for DFA only examines the states of the DFA, not the transitions. So insteadof NFAtoDFA(A) we can apply a modified version that only stores the states of A, but not itstransitions. Second, it is not necessary to store all states.


Definition 4.8 Let A be a NFA, and let B = NFAtoDFA(A). A state Q′ of B is minimal if no otherstate Q′′ satisfies Q′′ ⊂ Q′.

Proposition 4.9 Let A be a NFA, and let B = NFAtoDFA(A). A is universal iff every minimal stateof B is final.

Proof: Since A and B recognize the same language, A is universal iff B is universal. So A isuniversal iff every state of B is final. But a state of B is final iff it contains some final state of A,and so every state of B is final iff every minimal state of B is final.

Example 4.10 Figure 4.5 shows a NFA on the left, and the equivalent DFA obtained through theapplication of NFAtoDFA() on the right. Since all states of the DFA are final, the NFA is universal.Only the states 1, 2, and 3, 4 (shaded in the picture), are minimal.

b

a

1

3

4

2, 3, 4, 12, 3, 4

2, 3, 12, 3

a

b

aa, b

b

a, b

a

ab

2

b

b

a

b

a

a

b

ab

b

a

b

b

a

a

a

a

a

1, 3, 4

1

3, 42

Figure 4.5: An NFA, and the result of converting it into a DFA, with the minimal states shaded.

Proposition 4.9 shows that it suffices to construct and store the minimal states of B. AlgorithmUnivNFA(A) below constructs the states of B as in NFAtoDFA(A), but introduces at line 8 a sub-sumption test: it checks if some state Q′′ ⊆ δ(Q′, a) has already been constructed. In this case eitherδ(Q′, a) has already been constructed (case Q′′ = δ(Q′, a)) or is non-minimal (case Q′′ ⊂ δ(Q′, a)).In both cases, the state is not added to the workset.


UnivNFA(A)Input: NFA A = (Q,Σ, δ,Q0, F)Output: true if L (A) = Σ∗, false otherwise

1 Q← ∅;2 W← Q0

3 while W , ∅ do4 pick Q′ from W

5 if Q′ ∩ F = ∅ then return false6 add Q′ to Q

7 for all a ∈ Σ do8 Q′′ ←

⋃q∈Q′ δ(q, a)

9 if W ∪ Q contains no Q′′′ ⊆ Q′′ then add Q′′ to W

10 return true

The next proposition shows that UnivNFA(A) constructs all minimal states of B. If UnivNFA(A)would first generate all states of A and then would remove all non-minimal states, the proof wouldbe trivial. But the algorithm removes non-minimal states whenever they appear, and we must showthat this does not prevent the future generation of other minimal states.

Proposition 4.11 Let A = (Q,Σ, δ,Q0, F) be a NFA, and let B = NFAtoDFA(A). After terminationof UnivNFA(A), the set Q contains all minimal states of B.

Proof: Let Qt be the value of Q after termination of UnivNFA(A). We show that no path of B leadsfrom a state of Qt to a minimal state of B not in Qt. Since q0 ∈ Qt and all states of B are reachablefrom q0, it follows that every minimal state of B belongs to Qt.

Assume there is a path π = Q1a1−−−→Q2 . . .Qn−1

an−−−→Qn of B such that Q1 ∈ Qt, Qn < Qt, and

Qn is minimal. Assume further that π is as short as possible. This implies Q2 < Qt (otherwiseQ2 . . .Qn−1

an−−−→Qn is a shorter path satisfying the same properties), and so Q2 is never added to

the workset. On the other hand, since Q1 ∈ Qt, the state Q1 is eventually added to and pickedfrom the workset. When Q1 is processed at line 7 the algorithm considers Q2 = δ(Q1, a1), butdoes not add it to the workset in line 8. So at that moment either the workset or Q contain a stateQ′2 ⊂ Q2. This state is eventually added to Q (if it is not already there), and so Q′2 ∈ Qt. So B

has a path π′ = Q′2a2−−−→Q′3 . . .Q

′n−1

an−−−→Q′n for some states Q′3, . . . ,Q

′n. Since Q′2 ⊂ Q2 we have

Q′2 ⊂ Q2,Q′3 ⊆ Q3, . . . ,Q′n ⊆ Qn (notice that we may have Q′3 = Q3). By the minimality of Qn, weget Q′n = Qn, and so π′ leads from Q′2, which belongs to Qt, to Qn, which is minimal and not in toQt. This contradicts the assumption that π is as short as possible.

Notice that the complexity of the subsumption test may be considerable, because the new setδ(Q′, a) must be compared with every set in W ∪ Q. Good use of data structures (hash tables orradix trees) is advisable.


4.2.5 Inclusion and Equality.

Recall Lemma 4.4: given two DFAs A1, A2, the inclusion L (A1) ⊆ L (A2) holds if and only if everystate [q1, q2] of [A1, A2] having q1 ∈ F1 also has q2 ∈ F2. This lemma no longer holds for NFAs.To see why, let A be any NFA having two runs for some word w, one of them leading to a finalstate q1, the other to a non-final state q2. We have L (A) ⊆ L (A), but the pairing [A, A] has a run onw leading to [q1, q2].

To obtain an algorithm for checking inclusion, we observe that L1 ⊆ L2 holds if and only ifL1 ∩ L2 = ∅. This condition can be checked using the constructions for intersection and for theemptiness check. However, as in the case of universality, we can apply a subsumption check.

Definition 4.12 Let A1, A2 be NFAs, and let B2 = NFAtoDFA(A2). A state [q1,Q2] of [A1, B2] isminimal if no other state [q′1,Q

′2] satisfies q′1 = q1 and Q′2 ⊂ Q2.

Proposition 4.13 Let A1 = (Q1,Σ, δ1,Q01, F1), A2 = (Q2,Σ, δ2,Q02, F2) be NFAs, and let B2 =

NFAtoDFA(A2). L (A1) ⊆ L (A2) iff every minimal state [q1,Q2] of [A1, B2] having q1 ∈ F1 alsohas Q2 ∩ F2 , ∅.

Proof: Since A2 and B2 recognize the same language,

L (A1) ⊆ L (A2)⇔ L (A1) ∩ L (A2) = ∅

⇔ L (A1) ∩ L (B2) = ∅

⇔ [A1, B2] has no state [q1,Q2] such that q1 ∈ F1 and Q2 ∩ F2 = ∅

⇔ [A1, B2] has no minimal state [q1,Q2] such that q1 ∈ F1 and Q2 ∩ F2 = ∅

So we get the following algorithm to check inclusion:

InclNFA(A1, A2)Input: NFAs A1 = (Q1,Σ, δ1,Q01, F1), A2 = (Q2,Σ, δ2,Q02, F2)Output: true if L (A1) ⊆ L (A2), false otherwise

1 Q← ∅;2 W ← [q01,Q02] | q01 ∈ Q01

3 while W , ∅ do4 pick [q1,Q′2] from W5 if (q1 ∈ F1) and (Q′2 ∩ F2 = ∅) then return false6 add [q1,Q′2] to Q7 for all a ∈ Σ, q′1 ∈ δ1(q1, a) do8 Q′′2 ←

⋃q2∈Q′2

δ2(q2, a)9 if W ∪ Q contains no [q′′1 ,Q

′′′2 ] s.t. q′′1 = q′1 and Q′′′2 ⊆ Q′′2 then

10 add [q′1,Q′′2 ] to W

11 return true


Notice that in unfavorable cases the overhead of the subsumption test may not be compensatedby a reduction in the number of states. Without the test, the number of pairs that can be added tothe workset is at most |Q1|2|Q2 |. For each of them we have to execute the for loop O(|Q1|) times,each of them taking O(|Q2|

2) time. So the algorithm runs in |Q1|22O(|Q2 |) time and space.

As was the case for universality, the inclusion problem is PSPACE-complete, and so the expo-nential cannot be avoided unless P = PS PACE.

Proposition 4.14 The inclusion problem for NFAs is PSPACE-complete

Proof: We first prove membership in PSPACE. Since PSPACE=co-PSPACE=NPSPACE, it suf-fices to give a polynomial space nondeterministic algorithm that decides non-inclusion. GivenNFAs A1 and A2, the algorithm guesses a word w ∈ L (A1) \ L (A2) letter by letter, maintaining thesets Q′1, Q′2 of states that A1 and A2 can reached by the word guessed so far. When the guessingends, the algorithm checks that Q′1 contains some final state of A1, but Q′2 does not.

Hardness follows from the fact that A is universal iff Σ ⊆ L (A), and so the universality problem,which is PSPACE-complete, is a subproblem of the inclusion problem.

There is however an important case with polynomial complexity, namely when A2 is a DFA.The number of pairs that can be added to the workset is then at most |Q1||Q2|. The for loop is stillexecuted O(|Q1|] times, but each of them takes O(1) time. So the algorithm runs in O(|Q1|

2|Q2|)time and space.

Equality. Equality of two languages is decided by checking that each of them is included in theother. The equality problem is again PSPACE-complete. The only point worth observing is that,unlike the inclusion case, we do not get a polynomial algorithm when A2 is a DFA.


Exercises

Exercise 52 Consider the following languages over alphabet Σ = a, b: 3

• L1 is the set of all words where between any two occurrences of b’s there is at least one a;

• L2 is the set of all words where every maximal sequence of consecutive a’s has odd length;

• L3 is the set of all words where a occurs only at even positions;

• L4 is the set of all words where a occurs only at odd positions;

• L5 is the set of all words of odd length;

• L6 is the set of all words with an even number of a’s.

Construct an NFA for the language

(L1 \ L2) ∪ (L3 4 L4) ∩ L5 ∩ L6,

where L4 L′ denotes the symmetric difference of L and L′, while sticking to the following rules:

• Start from NFAs for L1, . . . , L6;

• Any further automaton must be constructed from already existing automata via an algorithmintroduced in the chapter, e.g. Comp, BinOp, UnionNFA, NFAtoDFA, etc.

Exercise 53 Prove or disprove: the minimal DFAs recognizing a language L and its complementL have the same number of states.

Exercise 54 Give a regular expression for the words over 0, 1 that do not contain 010 as subword.

Exercise 55 Find a family of NFAs Ann≥1 with O(n) states such that every NFA recognizing thecomplement of L (An) has at least 2n states. Hint: See Exercise 19.

Exercise 56 Consider again the regular expressions (1 + 10)∗ and 1∗(101∗)∗ of Exercise 3. 3

• Construct NFAs for these expressions and use InclNFA to check if their languages are equal.

• Construct DFAs for the expressions and use InclDFA to check if their languages are equal.

• Construct minimal DFAs for the expressions and check whether they are isomorphic.

Exercise 57 Consider the variant of IntersNFA in which line 7

if (q1 ∈ F1) and (q2 ∈ F2) then add [q1, q2] to F

is replaced by


if (q1 ∈ F1) or (q2 ∈ F2) then add [q1, q2] to F

Let A1⊗A2 be the result of applying this variant to two NFAs A1 and A2. An NFA A = (Q,Σ, δ,Q0, F)is complete if δ(q, a) , ∅ for every q ∈ Q and every a ∈ Σ.

• Prove the following: If A1 and A2 are complete NFAs, then L (A1 ⊗ A2) = L (A1) ∪ L (L2).

• Give NFAs A1 and A2 which are not complete and such that L (A1 ⊗ A2) = L (A1) ∪ L (L2).

Exercise 58 The even part of a word w = a1a2 . . . an over alphabet Σ is the word a2a4 . . . abn/2c. Given an NFA A, construct an NFA A′ such that L (A′) is the even parts of the words of L (A).

Exercise 59 Let Li = w ∈ a∗ | the length of w is divisible by i.

(a) Construct an NFA for L := L4 ∪ L6 with a single initial state and at most 11 states.

(b) Construct the minimal DFA for L.

Exercise 60 Modify algorithm Empty so it returns a witness that when the automatin is nonempty, ì.e., a word accepted by the automaton. Explain how could you further return a shortest witness.What is the complexity of your procedure?

Exercise 61 Use the algorithm UnivNFA to test whether the following NFA is universal. 3

q0

q1 q2

q3 q4

b

b

a, b

a

a, ba

a

a, b

Exercise 62 Let Σ be an alphabet. We define the shuffle operator ||| : Σ∗ ×Σ∗ → P(Σ∗) inductively as follows, where a, b ∈ Σ and w, v ∈ Σ∗:

w ||| ε = w,

ε ||| w = w,

aw ||| bv = au : u ∈ w ||| bv ∪ bu : u ∈ aw ||| v.

For example we have:

b ||| d = bd, db, ab ||| d = abd, adb, dab, ab ||| cd = cabd, acbd, abcd, cadb, acdb, cdab.

Given DFAs recognizing languages L1, L2 ⊆ Σ∗ construct an NFA recognizing their shuffle

L1 ||| L2 =⋃

u∈L1,v∈L2

u ||| v.


Exercise 63 The perfect shuffle of two languages L, L′ ∈ Σ∗ is a variant of the shuffle introduced in Exercise 62 defined as:

L ||| L′ = w ∈ Σ∗ : ∃a1, . . . , an, b1, . . . , bn ∈ Σ s.t. a1 · · · an ∈ L and

b1 · · · bn ∈ L′ and

w = a1b1 · · · anbn.

Give an algorithm that returns a DFA accepting L(A) ||| L(B) from two given DFAs A and B.

Exercise 64 Let Σ1,Σ2 be two alphabets. A homomorphism is a map h : Σ∗1 → Σ∗2 such thath(ε) = ε and h(uv) = h(u)h(v) for every u, v ∈ Σ∗1. Observe that if Σ1 = a1, . . . , an, then h iscompletely determined by the values h(a1), . . . , h(an). Let h : Σ∗1 → Σ∗2 be a homomorphism.

(a) Construct an NFA for the language h(L (A)) = h(w) | w ∈ L (A) where A is an NFA over Σ1.

(b) Construct an NFA for h−1(L (A)) = w ∈ Σ∗1 | h(w) ∈ L (A) where A is an NFA over Σ2.

(c) Recall that the language 0n1n | n ∈ IN is not regular. Use the preceding results to show that(01k2)n3n | k, n ∈ IN is also not regular.

Exercise 65 Let L1 and L2 be regular languages over alphabet Σ. The left quotient of L1 by L2 isthe language

L2L1 = v ∈ Σ∗ | ∃u ∈ L2 s.t. uv ∈ L1.

Note that L2L1 is different from the set difference L2 \ L1.

(a) Given NFAs A1 and A2, construct an NFA A such that L (A) = L (A1)L (A2).

(b) Do the same for the right quotient, defined as L1L2 = u ∈ Σ∗ | ∃v ∈ L2 s.t. uv ∈ L1.

(c) Determine the inclusion relations between these languages: L1, (L1L2)L2, and (L1L2)L2.

Exercise 66 Given alphabets Σ and ∆, a substitution is a map f : Σ→ 2∆∗ assigning to each letter à ∈ Σ a language La ⊆ ∆∗. A subsitution f can be canonically extended to a map 2Σ∗ → 2∆∗ bydefining f (ε) = ε, f (wa) = f (w) f (a), and f (L) =

⋃w∈L f (w). Note that a homomorphism can be

seen as the special case of a substitution in which all La’s are singletons.Let Σ = Name, Tel, :, #, let ∆ = A, . . . ,Z, 0, 1, . . . , 9, :, #, and let f be the substitution:

f (Name) = (A + · · · + Z)∗

f (:) = :

f (Tel) = 0049(1 + . . . + 9)(0 + 1 + . . . + 9)10 + 00420(1 + . . . + 9)(0 + 1 + . . . + 9)8

f (#) = #

(a) Draw a DFA recognizing L = Name:Tel(#Tel)∗.


(b) Sketch an NFA recognizing f (L).

(c) Give an algorithm that takes as input an NFA A, a substitution f , and for every a ∈ Σ an NFArecognizing f (a), and returns an NFA recognizing f (L (A)).

Exercise 67 Let A1 and A2 be two NFAs with respectively n1 and n2 states. Let

B = NFAtoDFA(IntersNFA(A1, A2)) and C = IntersDFA(NFAtoDFA(A1),NFAtoDFA(A2)).

A superficial analysis shows that B and C have O(2n1·n2) and O(2n1+n2) states, respectively, wronglysuggesting that C might be more compact than B. Show that, in fact, B and C are isomorphic, andso in particular have the same number of states.

Exercise 68 Let A = (Q,Σ, δ, q0, F) be a DFA. A word w ∈ Σ∗ is a synchronizing word of A if reading w from any state of A leads to a common state, i.e. if there exists q ∈ Q such that for everyp ∈ Q, p

w−→ q. A DFA is synchronizing if it has a synchronizing word.

(a) Show that the following DFA is synchronizing:

p q

r s

a

b

a

ba

b

a

b

(b) Give a DFA that is not synchronizing.

(c) Give an exponential time algorithm to decide whether a DFA is synchronizing.

Hint: use the powerset construction.

(d) Show that a DFA A = (Q,Σ, δ, q0, F) is synchronizing iff for every p, q ∈ Q, there existw ∈ Σ∗ and r ∈ Q such that p

w−−→ r and q

w−−→ r.

(e) Give a polynomial time algorithm to test whether a DFA is synchronizing. Hint: use (d).

(f) Show that (d) implies that every synchronizing DFA with n states has a synchronizing wordof length at most (n2 − 1)(n − 1). Hint: you might need to reason in terms of pairing.


(g) Show that the upper bound obtained in (f) is not tight by finding a synchronizing word oflength (4 − 1)2 for the following DFA:

q0 q1

q3 q2

a

b

a

b

a, b

a

b

Exercise 69

(a) Prove that the following problem is PSPACE-complete:

Given: DFAs A1, . . . , An over the same alphabet Σ;Decide: whether

⋂ni=1 L (Ai) = ∅.

Hint: Reduce from the acceptance problem for deterministic linearly bounded automata.

(b) Prove that if the DFAs are acyclic, but the alphabet is arbitrary, then the problem is coNP-complete. Here, acyclic means that the graph induced by transitions has no cycle, apart froma self-loop on a trap state. Hint: Reduce from 3-SAT.

(c) Prove that if Σ is a one-letter alphabet, then the problem is coNP-complete.

Exercise 70 Let A = (Q,Σ, δ,Q0, F) be an NFA. Show that with the universal accepting conditionof Exercise 19 the automaton A′ = (Q,Σ, δ, q0,Q \ F) recognizes the complement of L (A).

Exercise 71 Recall the model of alternating automata introduced in Exercise 20.

(a) Show that alternating automata can be complemented by exchanging existential and univer-sal states, and final and nonfinal states. More precisely, let A = (Q1,Q2,Σ, δ, q0, F) be analternating automaton, where Q1 and Q2 are respectively the sets of existential and universalstates, and where δ : (Q1 ∪ Q2) × Σ → P(Q1 ∪ Q2). Show that the alternating automatonA = (Q2,Q1,Σ, δ, q0,Q \ F) recognizes the complement of the language recognized by A.

(b) Give linear time algorithms that take two alternating automata recognizing languages L1 andL2, and that deliver a third alternating automaton recognizing L1 ∪ L2 and L1 ∩ L2.

Hint: The algorithms are very similar to UnionNFA.


(c) Show that the emptiness problem for alternating automata is PSPACE-complete.

Hint: Use Exercise 69.


Chapter 5

Applications I: Pattern matching

As a first example of a practical application of automata, we consider the pattern matching problem.Given w,w′ ∈ Σ∗, we say that w′ is a factor of w if there are words w1,w2 ∈ Σ∗ such that w =

w1w′w2. If w1 and w1w′ have lengths i and j, respectively, we say that w′ is the [i, j]-factor of w.The pattern matching problem is defined as follows: Given a word t ∈ Σ+ (called the text), anda regular expression p over Σ (called the pattern), determine the smallest j ≥ 0 such that some[i, j]-factor of t belongs to L (p). We call j the first occurrence of p in t.

Example 5.1 Let t = aabab and p = a(aba)∗b. The [1, 3]-, [3, 5]-, and [0, 5]-factors of t are aba,ab, and aabab, respectively. All of them belong to L (p). The first occurrence of p in t is 3.

Usually one is interested not only in finding the ending position j of the [i, j]-factor, but also thestarting position i. Adapting the algorithms to also provide this information is left as an exercise.

5.1 The general case

We present two different solutions to the pattern matching problem, using nondeterministic anddeterministic automata, respectively.

Solution 1. Some word of L (p) occurs in t if and only if some prefix of t belongs to L (Σ∗p). Sowe construct an NFA Ap for the regular expression Σ∗p using the rules of Figure 2.14 on page 39,and then remove the ε-transitions by means of NFAεtoNFA on page given on 36. Let us call theresulting algorithm RegtoNFA. Once Ap is constructed, we simulate it on t as in MemNFA[A](q0,t)on page 84. Recall that the simulation algorithm reads the text letter by letter, maintaining the setof states reachable from the initial state by the prefix read so far. So the simulation reaches a setof states containing a final state if and only if the prefix read so far belongs to L (Σ∗p). Here is thepseudocode for this algorithm:

107

108 CHAPTER 5. APPLICATIONS I: PATTERN MATCHING

PatternMatchingNFA(t, p)Input: text t = a1 . . . an ∈ Σ+, pattern pOutput: the first occurrence of p in t, or ⊥ if no such occurrence exists.

1 A← RegtoNFA(Σ∗p)2 S ← Q0

3 for all k = 0 to n − 1 do4 if S ∩ F , ∅ then return k5 S ← δ(S , ak+1)6 return ⊥

Let us estimate the complexity of PatternMatchingNFA for a text of length n over a k-letter alphabetΣ, where k ≤ n, and a pattern of length m. RegtoNFA is the concatenation of RegtoNFAε andNFAεtoNFA. Since Σ∗p has size O(k + m), RegtoNFAε takes time O(k + m), and outputs a NFAεwith O(k + m) states and O(k + m) transitions. When applied to this output, NFAεtoNFA takestime O(k(k + m)2), and outputs a NFA with O(m) states and O(km2) transitions (see page 38 forthe complexity of NFAεtoNFA). The loop is executed at most n times, and, for an automaton withO(m) states, each line of the loop’s body takes a time of at most O(m2). So the loop runs in timeO(k(k + m)2 + nm2). If k can be considered a constant—for example, when searching in standardEnglish books, where the alphabet always consists of 26 letters, 14 punctuation marks, and theblank symbol — then this reduces to a time of O(nm2). If the alphabet is implicitly defined by thetext, and can be of similar size to it, then, since k ≤ n, we obtain a time of O(n(n + m)2 + nm2),which for the typical case n > m reduces to O(n3).

Solution 2. We proceed as in the previous case, but constructing a DFA for Σ∗p instead of a NFA:

PatternMatchingDFA(t, p)Input: text t = a1 . . . an ∈ Σ+, pattern pOutput: the first occurrence of p in t, or ⊥ if no such occurrence exists.

1 A← NFAtoDFA(RegtoNFA(Σ∗p))2 q← q0

3 for all k = 0 to n − 1 do4 if q ∈ F then return k5 q← δ(q, ak+1)6 return ⊥

Notice that there is trade-off: while the conversion to a DFA can take (much) longer than the conver-sion to a NFA, the membership check for a DFA is faster. The complexity of PatternMatchingDFAfor a word of length n and a pattern of length m can be easily estimated: RegtoNFA(p) runs in timeO(k(k + m)2 + nm2), but it outputs a NFA with only O(m) states. The equivalent DFA produced

5.2. THE WORD CASE 109

by NFAtoDFA has 2O(m) states and k · 2O(m) transitions. However, transitions for letters that do notappear in p necessarily go to a trap state, and do not need to be explicitly constructed. Since phas at most m different letters, we can construct the DFA in time m · 2O(m) = 2O(m). Since the loopis executed at most n times, and each line of the body takes constant time, the overall runtime isO(n) + 2O(|Σ|+m). Again, for a fixed alphabet this reduces to O(n) + 2O(m).

5.2 The word case

We study the special but very common case of the pattern-matching problem in which we wish toknow if a given word appears in a text. In this case the pattern p is the word itself. For the restof the section we consider an arbitrary but fixed text t = a1 · · · an and an arbitrary but fixed wordpattern p = b1 · · · bm. We do not assume that the alphabet has fixed size, but only that it has sizeO(n + m).

It is easy to find a faster algorithm for this special case, without any use of automata theory:just move a “window” of length m over the text t, one letter at a time, and check after each movewhether the contents of the window is p. The number of moves is n − m + 1, and a check requiresO(m) letter comparisons, giving a runtime of O(nm), independently of the size of the alphabet. Inthe rest of the section we present a faster algorithm with time complexity O(m + n). Notice that inmany applications n is very large, and so, even for a relatively small m the difference between nmand m + n can be significant.

Figure 5.1(a) shows the obvious NFA Ap recognizing Σ∗p for the case p = nano. In general,Ap = (Q,Σ, δ, q0, F), where Q = 0, 1, . . . ,m, q0 = 0, F = m, and

δ = (i, bi+1, i + 1) | i ∈ [0,m − 1] ∪ (0, a, 0) | a ∈ Σ .

Clearly, Ap can reach state k whenever the word read so far ends with b0 . . . bk. We define the hitand miss letters for each state of Ap. Intuitively, the hit letter makes Ap “progress” towards readingp, while the miss letters “throw it back”.

Definition 5.2 A letter a ∈ Σ is a hit for state i of Ap if δ(i, a) = i + 1; otherwise it is a miss for i.

Figure 5.1(b) shows the DFA Bp obtained by applying NFAtoDFA to Ap. It has as many statesas Ap, and there is a natural correspondence between the states of Ap and Bp: each state of Ap isthe largest element of exactly one state of Bp. For instance, 3 is the largest element of 3, 1, 0, and4 is the largest element of 4, 0.

Definition 5.3 The head of a state S ⊆ 0, . . . ,m of Bp, denoted by h(S ), is the largest element ofS . The tail of S , denoted by t(S ), is the set t(S ) = S \ h(S ). The hit for a state S of Bp is definedas the hit of the state h(S ) in Ap.

If we label a state with head k by the word b1 · · · bk, as shown in Figure 5.1(c), then we see thatthe states of Bp keep track of how close is the automaton to finding nano. For instance:


0 21(a) 3 4

Σ

n a n o

0 2, 01, 0(b)

other n

n a

a

n

n

other

other3, 1, 0n o

otherother

4, 0

ε nan(b)

other n

n a

a

n

n

other

othernann o

otherother

nano

Figure 5.1: NFA Ap and DFA Bp for p = nano.

• if Bp is in state n and reads an a (a hit for this state), then it “makes progress”, and moves tostate na;

• if Bp is in state nan and reads an a (a miss for this state), then it is “thrown back” to state na.Not to state ε, because if the next two letters are n and o, then Bp should accept!

Bp has another property that will be very important later on: for each state S of Bp (with theexception of S = 0) the tail of S is again a state of Bp. For instance, the tail of 3, 1, 0 is 1, 0,which is also a state of Bp. We show that this property and the ones above hold in general, and notonly in the special case p = nano. Formally, we prove the following invariant of NFAtoDFA whenapplied to a word pattern p. (NFAtoDFA is shown again in Table 5.2 for convenience.)


NFAtoDFA(A)Input: NFA A = (Q,Σ, δ,Q0, F)Output: DFA B = (Q,Σ,∆,Q0,F) with L (B) = L (A)

1 Q,∆,F ← ∅; Q0 ← q0

2 W = Q0

3 while W , ∅ do4 pick S from W

5 add S to Q

6 if S ∩ F , ∅ then add S to F

7 for all a ∈ Σ do8 S ′ ← δ(S , a)9 if S ′ < Q then add S ′ to W

10 add (S , a, S ′) to ∆

Table 5.1: NFAtoDFA(A)

Proposition 5.4 Let p be a pattern of length m. For every k ≥ 0, let S k be the k-th set picked fromthe workset during the execution of NFAtoDFA(Ap). Then

(1) h(S k) = k (which implies k ≤ m), and

(2) either k = 0 and t(S k) = ∅, or k > 0 and t(S k) ∈ Q.

Proof: We first prove by induction on k that (1), (2), and the following fact (3) hold for every0 ≤ k ≤ m: before the k-th iteration of the while loop the workset only contains S k. Then we provethat S m is the last state added to the workset, and so that the m-th iteration is the last one.

For k = 0 we have S 0 = 0, which implies (1) and (2); further, (3) follows because of line2. Assume now k > 0. By induction hypothesis, we have h(S k) = k by (1) and t(S k) = S l forsome l < k by (2); further, by (3), at the start of the k-th iteration the workset only contains S k. Atthe start of the k-th iteration the algorithm picks S k from the workset, which becomes empty, andexamines the sets δ(S k, a) for every action a. We consider two cases:

• a is a miss for S k. Then by definition it is also a miss for its head h(S k) = k. So we haveδ(k, a) = ∅, and hence δ(S k, a) = δ(t(S k), a) = δ(S l, a). So δ(S k, a) was already explored bythe algorithm during the l-th iteration of the loop, and δ(S k, a) is not added to the workset atline 9.

• a is a hit for S k. Then δ(k, a) = k + 1. Since δ(S k, a) = δ(h(S k), a) ∪ δ(t(S k), a), weget δ(S k, a) = k + 1 ∪ δ(S l, a). Since state k + 1 has not been explored before, the setk+1∪δ(S l, a) becomes the (k+1)-th state added to the workset, i.e., S k+1 = k+1∪δ(S l, a).So h(S k+1) = k + 1, which gives (1). Further, t(S k+1) = t(S l), and so t(S k+1) ∈ Q, whichgives (2).


Let us now prove (3). For every 0 ≤ k ≤ m − 1, exactly one letter is a hit for S k. Therefore, atthe end of the k-th iteration S k+1 is the only state added to the workset, and so the workset onlycontains k + 1. So (3) follows from the fact that the end of the k-th iteration is also the beginningof the (k + 1)-th iteration.

It still remains to prove that S m is the last state added to the workset. For this, observe thatthere is no hit letter for S m. Therefore, during the m-th iteration no state is added to the workset.So at the end of the m-th iteration the workset is empty, and the algorithm terminates.

By Proposition 5.4, the DFA Bp has m + 1 states for a pattern of length m. So NFAtoDFAdoes not incur in any exponential blowup for word patterns. Even more: since for any two distinctprefixes p1, p2 of p the residuals (Σ∗p)p1 and (Σ∗p)p2 are also distinct, any DFA for Σ∗p has at leastm + 1 states. So we get:

Corollary 5.5 Bp is the minimal DFA recognizing Σ∗p.

Since Bp is a DFA with m + 1 states, it has (m + 1) · |Σ| transitions. Transitions of Bp labeled byletters that do not appear in p always lead to state 0, and so they do not need to be explicitly stored.The remaining O(m) transitions for each state can easily be constructed and stored using O(m2)space and time, leading to a O(n + m2) algorithm. To achieve a time of O(n + m), we introduce aneven more compact data structure: the lazy DFA for Σ∗p, that, as we shall see, can be constructedin space and time O(m).

5.2.1 Lazy DFAs

A DFA can be seen as the control unit of a machine that reads an input from a tape divided intocells by means of a reading head. At each step, the machine reads the contents of the cell occupiedby the reading head, updates the current state according to the transition function, and advances thehead one cell to the right. It accepts a word if the state reached after reading it completely is final.

...b a n a n a n o n a

q7

Figure 5.2: Tape with reading head.

In lazy DFAs the machine may advance the head one cell to the right or keep it on the same cell(see Figure 5.2). Which of the two takes place is a function of the current state and the current letterread by the head. Formally, a lazy DFA only differs from a DFA in the transition function, whichhas the form δ : Q × Σ → Q × R,N, where R stands for move Right and N stands for No move.


A transition of a lazy DFA is a fourtuple (q, a, q′, d), where d ∈ R,N is the move of the head.Intuitively, a transition (q, a, q′,N) means that state q delegates processing the letter a to state q′.

A lazy DFA Cp for Σ∗p. Recall that every state S k of Bp but the last one has a hit letter and allother letters are misses. In particular, if a is a miss, then δB(S k, a) = δ(t(S k), a), and so:

When Bp is in state S k and reads a miss, it moves to the same state it would move to ifit were in state t(S ).

Using this fact, we construct a lazy DFA Cp with the same states as Bp and transition functionδC(S k, a) given by:

• If a is a hit for S k, then Cp behaves as Bp, that is:

δC(S k, a) = (S k+1,R) .

• If a is a miss for S k and k > 0, then S k “delegates” to t(S k), that is:

δC(S k, a) = (t(S k),N) .

• If a is a miss for S k and k = 0 then t(S k) is not a state, and so S k cannot “delegate”; instead,Cp behaves as Bp:

δC(S 0, a) = (S 0,R) .

Notice that, in the case of a miss, Cp always delegates to the same state, independently of theletter being read. So we can “summarize” the transitions for all misses into a single transitionδC(S k,miss) = (t(S k),N). Figure 5.3 shows the DFA and the lazy DFA for p = nano. (We writejust k instead of S k in the states of the lazy DFA.) Consider the behaviours of Bp and Cp from stateS 3 if they read the letter n. While Bp moves to S 1 (what it would do if it were in state S 1), Cp

delegates to S 1, which delegates to S 0, which moves to S 1. That is, the move of Bp is simulatedin Cp by a chain of delegations, followed by a move of the head to the right (in the worst casethe chain of delegations reaches S 0, who cannot delegate to anybody). The final destination is thesame in both cases.

Notice that Cp may require more steps than Bp to read the text. However, we can easily showthat the number of steps is at most 2n. For every letter, the automaton Cp does a number of N-steps,followed by one R-step. Call this step sequence a macrostep, and let S ji be the state reached afterthe i-th macrostep, with j0 = 0. Since the i-th macrostep leads from S ji−1 to S ji , and N-steps nevermove forward along the spine, the number of steps of the i-th macrostep is bounded by ji−1− ji +2.So the total number of steps is bounded by

n∑i=1

( ji−1 − ji + 2) = j0 − jn + 2n ≤ 0 − m + 2n ≤ 2n .


0 2, 01, 0(b)

other n

n a

a

n

n

other

other3, 1, 0n o

otherother

4, 0

0 2

miss, N

miss, N3

miss, R

n, R a, R n, R o, R

miss, Nmiss, N

1 4

Figure 5.3: DFA and lazy DFA for p = nano.

Computing Cp in time O(m): The Knuth-Morris-Pratt string-searching algorithm. For every0 ≤ i ≤ m, let Miss(i) be the head of the state reached from S i by the miss transition of the lazyDFA. For instance, for p = nano we have Miss(3) = 1 and Miss(i) = 0 otherwise (see Figure 5.3).Clearly, if we can compute all of Miss(0), . . . ,Miss(m) together in time O(m), then we can constructCp in time O(m).

Consider the auxiliary function miss(S i) which returns the target state of the miss transition,instead of its head, i.e., Miss(i) := h(miss(S i)). We obtain some equations for miss, and thentransform them into equations for Miss. By definition, for every i > 0 in the case of a miss thestate S i delegates to t(S i), i.e., miss(S i) = t(S i). Since t(S 1) = 0 = S 0, this already givesmiss(S 1) = S 0. For i > 1, using S i−1 = i − 1 ∪ t(S i−1) we get

t(S i) = t(δB(S i−1, bi)) = t(δ(i − 1, bi) ∪ δ(t(S i−1, bi)) = t(i ∪ δ(t(S i−1), bi)) = δB(t(S i−1), bi) ,

yieldingmiss(S i) = δB(miss(S i−1), bi) . (5.1)

Moreover, we have

δB(S j, b) =

S j+1 if b = b j+1 (hit),S 0 if b , b j+1 (miss) and j = 0,δB(t(S j), b) if b , b j+1 (miss) and j , 0.

(5.2)


Combining 5.1 and 5.2, and recalling that miss(S 0) = S 0, we obtain

miss(S i) =

S 0 if i = 0 or i = 1,δB(miss(S i−1), bi) if i > 1,

(5.3)

δB(S j, b) =

S j+1 if b = b j+1 (hit),S 0 if b , b j+1 (miss) and j = 0,δB(miss(S j), b) if b , b j+1 (miss) and j , 0.

(5.4)

Using Miss(i) = h(miss(S i)), and defining ∆B(i, b) := t(δB(S i, b)), equations 5.3 and 5.4 on sets ofstates become equations on numbers:

Miss(i) =

0 if i = 0 or i = 1,∆B(Miss(i − 1), bi) if i > 1,

(5.5)

∆B( j, b) =

j + 1 if b = b j+1,

0 if b , b j+1 and j = 0,∆B(Miss( j), b) if b , b j+1 and j , 0.

(5.6)

Equations 5.5 and 5.6 lead to the algorithms shown below. Given a word p of length m, CompMiss(p)computes Miss(i) for every index i ∈ 0, . . . ,m. CompMiss(p) calls DeltaB( j, b), shown on theright, which in turn calls Miss( j).

CompMiss(p)Input: pattern p = b1 · · · bm.

1 Miss(0)← 0; Miss(1)← 02 for i← 2, . . . ,m do3 Miss(i)← DeltaB( Miss(i − 1) , bi )

DeltaB( j, b)Input: head j ∈ 0, . . . ,m, letter b.

1 while b , b j+1 and j , 0 do j← Miss( j)2 if b = b j+1 then return j + 13 else return 0

It remains to prove that CompMiss(p) runs in time O(m). This amounts to showing that all calls toDeltaB together take time O(m). During the execution of CompMiss(p), the function DeltaB( j, b)is called with j := Miss(1), b := b2; j := Miss(2), b := b3, . . . j := Miss(m − 1), b := bm. Letni be the number of iterations of the while loop at line 1 of DeltaB that are executed during thecall with j := Miss(i − 1) and b := bi. We prove

∑mi=2 ni ≤ m − 1. To this end, we claim that

ni ≤ Miss(i − 1) − (Miss(i) − 1) holds. Indeed, since each iteration of the loop decreases j by atleast 1 (line 1 of DeltaB), the number of iterations is at most equal to the value of j before the loopminus its value after the loop. The value of j before the loop is Miss(i − 1), and so it suffices toshow that the final value is at most Miss(i) − 1. This follows from the fact that the call to DeltaBreturns either j + 1 or 0 (lines 2 and 3 of DeltaB), and the returned value is assigned to Miss(i) (line3 of CompMiss). This concludes the proof of the claim, and we get

m∑i=2

ni ≤

m∑i=2

(Miss(i − 1) −Miss(i) + 1) = Miss(1) −Miss(m) + m − 1 ≤ m − 1 .


In the literature, CompMiss(p) is known as the Knuth-Morris-Pratt string-searching algorithm.Different variants of the algorithm were independenty discovered by James H. Morris, DonaldKnuth, Yuri Matijasevich, and Vaughan Pratt.

Exercises

Exercise 72 Use ideas from the main text to design an algorithm for the pattern maching problem `that identifies a matched [i, j]-factor of the text, where position j is minimal and where position iis as close to j as possible, i.e. maximal w.r.t. j. Run your algorithm on text t = caabac and patternp = a+(b + c)a+ + bac. What is the complexity of your algorithm?

Exercise 73 The pattern matching problem deals with finding the first [i, j]-factor of t that belongsto L (p). Show that the first such [i, j]-factor w.r.t. j is not necessarily the first one w.r.t. to i.

Exercise 74 Suppose we have an algorithm that solves the pattern matching problem, i.e. that `finds the first [i, j]-factor (w.r.t. j) of a text t that matches a pattern p. How can we use it as a blackbox to find the last [i, j]-factor w.r.t i?

Exercise 75 Use the ideas of Exercises 72 and 74 to obtain an algorithm that solves the pattern `matching problem, but this time by finding the first [i, j]-factor w.r.t. i (instead of j).

Exercise 76 3

(a) Build the automata Bp and Cp for the word pattern p = mammamia.

(b) How many transitions are taken when reading t = mami in Bp and Cp?

Exercise 77 We have shown that lazy DFAs for a word pattern may need more than n steps toread a text of length n, but not more than 2n + m, where m is the length of the pattern. Find a textt and a word pattern p such that the run of Bp on t takes at most n steps and the run of Cp takes atleast 2n − 1 steps. Hint: a simple pattern of the form ak is sufficient.

Exercise 78 Give an algorithm that, given a text t and a word pattern p, counts the number of òccurrences of p in t. Try to obtain a complexity of O(|t| + |p|).

Exercise 79 Two-way DFAs are an extension of lazy automata where the reading head is alsoallowed to move left. Formally, a two-way DFA (2DFA) is a tuple A = (Q,Σ, δ, q0, F) whereδ : Q × (Σ ∪ `, a) → Q × L,N,R. Given a word w ∈ Σ∗, A starts in q0 with its reading tapeinitialized with ` w a, and its reading head pointing on `. When reading a letter, A moves the headaccording to δ (Left, No move, Right). Moving left on ` or right on a does not move the readinghead. A accepts w if, and only if, it reaches a in a state of F.

(a) Let n ∈ N. Give a 2DFA that accepts (a + b)∗a(a + b)n.


(b) Give a 2DFA that does not terminate on any input.

(c) Describe an algorithm to test whether a given 2DFA A accepts a given word w.

(d) Let A1, A2, . . . , An be DFAs over a common alphabet. Give a 2DFA B such that

L(B) = L(A1) ∩ L(A2) ∩ · · · ∩ L(An) .

Exercise 80 In order to make pattern matching robust to typos, we further wish to include “similar words” in our results. For this, we consider as “similar” words with a small Levenshtein distance(also known as the edit distance). We may transform a word w into a new word w′ using thefollowing operations, where ai, b ∈ Σ:

(R) Replace: w = a1 · · · ai−1aiai+1 · · · al → w′ = a1 · · · ai−1 b ai+1 · · · al,

(D) Delete: w = a1 · · · ai−1aiai+1 · · · al → w′ = a1 · · · ai−1 ε ai+1 · · · al,

(I) Insert: w = a1 · · · ai−1aiai+1 · · · al → w′ = a1 · · · ai−1ai b ai+1 · · · al.

The Levenshtein distance of w and w′, denoted ∆(w,w′), is the minimal number of operations (R),(D) and (I) needed to transform w into w′. We write ∆L,i = w ∈ Σ∗ | ∃w′ ∈ L s.t. ∆(w,w′) ≤ i todenote the language of all words with Levenshtein distance at most i to some word of L.

(a) Compute ∆(abcde, accd).

(b) Prove the following statement: If L is a regular language, then ∆L,n is a regular language.

(c) Let p be the pattern abba. Construct an NFA-ε locating the pattern or variations of it withLevenshtein distance 1.


Chapter 6

Operations on Relations:Implementations

We show how to implement operations on relations over a (possibly infinite) universe U. Eventhough we will encode the elements of U as words, when implementing relations it is convenientto think of U as an abstract universe, and not as the set Σ∗ of words over some alphabet Σ. Thereason, as we shall see, is that for some operations we encode an element of X not by one word,but by many, actually by infinitely many. In the case of operations on sets this is not necessary, andone can safely identify the object and its encoding as word.

We are interested in a number of operations. A first group contains the operations we alreadystudied for sets, but lifted to relations. For instance,we consider the operation Membership((x, y),R)that returns true if (x, y) ∈ R, and false otherwise, or Complement(R), that returns R = (X×X)\R.Their implementations will be very similar to those of the language case. A second group containsthree fundamental operations proper to relations. Given R,R1,R2 ⊆ U × U:

Projection 1(R) : returns the set π1(R) = x | ∃y (x, y) ∈ R.Projection 2(R) : returns the set π2(R) = y | ∃x (x, y) ∈ R.Join(R1, R2) : returns R1 R2 = (x, z) | ∃y (x, y) ∈ R1 ∧ (y, z) ∈ R2

Finally, given X ⊆ U we are interested in two derived operations:

Post(X, R) : returns postR(X) = y ∈ U | ∃x ∈ X : (x, y) ∈ R.Pre(X, R) : returns preR(X) = y | ∃x ∈ X : (y, x) ∈ R.

Observe that Post(X, R) = Projection 2(Join(IdX , R)), and Pre(X, R) = Projection 1(Join(R,Idx)), where IdX = (x, x) | x ∈ X.

119

120 CHAPTER 6. OPERATIONS ON RELATIONS: IMPLEMENTATIONS

6.1 Encodings

We encode elements of U as words over an alphabet Σ. It is convenient to assume that Σ containsa padding letter #, and that an element x ∈ U is encoded not only by a word sx ∈ Σ∗ , but by all thewords sx#n with n ≥ 0. That is, an element x has a shortest encoding sx, and other encodings areobtained by appending to sx an arbitrary number of padding letters. We assume that the shortestencodings of two distinct elements are also distinct, and that for every x ∈ U the last letter of sx isdifferent from #. It follows that the sets of encodings of two distinct elements are disjoint.

The advantage is that for any two elements x, y there is a number n (in fact infinitely many)such that both x and y have encodings of length n. We say that (wx,wy) encodes the pair (x, y)if wx encodes x, wy encodes y, and wx,wy have the same length. Notice that if (wx,wy) encodes(x, y), then so does (wx#k,wy#k) for every k ≥ 0. If sx, sy are the shortest encodings of x and y, and|sx| ≤ |sy|, then the shortest encoding of (x, y) is (sx#|sy |−|sx |, sy).

Example 6.1 We encode the number 6 not only by its small end binary representation 011, but byany word of L (0110∗). In this case we have Σ = 0, 1 with 0 as padding letter. Notice, however,that taking 0 as padding letter requires to take the empty word as the shortest encoding of thenumber 0 (otherwise the last letter of the encoding of 0 is the padding letter).

In the rest of this chapter, we will use this particular encoding of natural numbers withoutfurther notice. We call it the least significant bit first encoding and write LSBF(6) to denote thelanguage L (0110∗)

If we encode an element of U by more than one word, then we have to define when is anelement accepted or rejected by an automaton. Does it suffice that the automaton accepts(rejects)some encoding, or does it have to accept (reject) all of them? Several definitions are possible,leading to different implementations of the operations. We choose the following option:

Definition 6.2 Assume an encoding of the universe U over Σ∗ has been fixed. Let A be an NFA.

• A accepts x ∈ U if it accepts all encodings of x.

• A rejects x ∈ U if it accepts no encoding of x.

• A recognizes a set X ⊆ U if

L (A) = w ∈ Σ∗ | w encodes some element of X .

A set is regular (with respect to the fixed encoding) if it is recognized by some NFA.

Notice that if A recognizes X ⊆ U then, as one would expect, A accepts every x ∈ X and rejectsevery x < X. Observe further that with this definition a NFA may neither accept nor reject a givenx. An NFA is well-formed if it recognizes some set of objects, and ill-formed otherwise.

6.2. TRANSDUCERS AND REGULAR RELATIONS 121

6.2 Transducers and Regular Relations

We assume that an encoding of the universe U over the alphabet Σ has been fixed.

Definition 6.3 A transducer over Σ is an NFA over the alphabet Σ × Σ.

Transducers are also called Mealy machines. According to this definition a transducer acceptssequences of pairs of letters, but it is convenient to look at it as a machine accepting pairs of words:

Definition 6.4 Let T be a transducer over Σ. Given words w1 = a1a2 . . . an and w2 = b1b2 . . . bn,we say that T accepts the pair (w1,w2) if it accepts the word (a1, b1)...(an, bn) ∈ (Σ × Σ)∗.

In other words, we identify the sets⋃i≥0

(Σi × Σi) and (Σ × Σ)∗ =⋃i≥0

(Σ × Σ)i .

We now define when a transducer accepts a pair (x, y) ∈ X × X, which allows us to define therelation recognized by a transducer. The definition is completely analogous to Definition 6.2

Definition 6.5 Let T be a transducer.

• T accepts a pair (x, y) ∈ U × U if it accepts all encodings of (x, y).

• T rejects a pair (x, y) ∈ U × U if it accepts no encoding of (x, y).

• T recognizes a relation R ⊆ U × U if

L (T ) = (wx,wy) ∈ (Σ × Σ)∗ | (wx,wy) encodes some pair of R .

A relation is regular if it is recognized by some transducer.

It is important to emphasize that not every transducer recognizes a relation, because it may rec-ognize only some, but not all, the encodings of a pair (x, y). As for NFAs, we say a transducer ifwell-formed if it recognizes some relation, and ill-formed otherwise.

Example 6.6 The Collatz function is the function f : N→ N defined as follows:

f (n) =

3n + 1 if n is oddn/2 if n is even

Figure 6.1 shows a transducer that recognizes the relation (n, f (n)) | n ∈ N with LSBF-encoding and with Σ = 0, 1. The elements of Σ × Σ are drawn as column vectors with twocomponents. The transducer accepts for instance the pair (7, 22) because it accepts the pairs(111000k, 011010k), that is, it accepts[

10

] [11

] [11

] [00

] [01

] ([00

])k

for every k ≥ 0, and we have LSBF(7) = L (1110∗) and LSBF(22) = L (011010∗).


1

2 3

4 5 6

[10

] [00

][00

] [01

]

[11

][10

][11

]

[00

]

[11

][00

]

[10

]

[01

]

[01

]

Figure 6.1: A transducer for Collatz’s function.

Why “transducer”? In Engineering, a transducer is a device that converts signals in one formof energy into signals in a different form. Two examples of transducers are microphones andloudspeakers. We can look at a transducer T over an alphabet Σ as a device that transforms aninput word into an output word. If we choose Σ as the union of an input and an output alphabet,

and ensure that in every transition q(a,b)−−−−→ q′ the letters a and b are an input and an output letter,

respectively, then the transducer transforms a word over the input alphabet into a word over theoutput alphabet. (Observe that the same word can be transformed into different ones.)

When looking at transducers from this point of view, it is customary to write a pair (a, b) ∈Σ × Σ as a/b, and read it as “the transducer reads an a and writes a b”. In some exercises weuse this notation. However, in section 6.4 we extend the definition of a transducer, and considertransducers that recognize relations of arbitrary arity. For such transducers, the metaphore of aconverter is less appealing: while in a binary relation it is natural and canonical to interpret the firstand second components of a pair as “input” and “output”, there is no such canonical interpretationfor a relation of arity 3 or higher. In particular, there is no canonical extension of the a/b notation.For this reason, while we keep the name “transducer” for historical reasons, we use the notation

q(a1,...,an)−−−−−−−−→ q′ for transitions, or the column notation, as in Example 6.6.

Determinism A transducer is deterministic if it is a DFA. In particular, a state of a deterministictransducer over the alphabet Σ×Σ has exactly |Σ|2 outgoing transitions. The transducer of Figure 6.1is deterministic in this sense, when an appropriate trap state is added.

There is another possibility to define determinism of transducers, which corresponds to theconverter interpretation (a, b) 7→ a/b described in the previous paragraph. If the letter a/b isinterpreted as “the transducer receives the input a and produces the output b”, then it is natural to

6.3. IMPLEMENTING OPERATIONS ON RELATIONS 123

call a transducer deterministic if for every state q and every letter a there is exactly one transitionof the form (q, a/b, q′). Observe that these two definitions of determinism are not equivalent.

We do not give separate implementations of the operations for deterministic and nondetermin-istic transducers. The new operations (projection and join) can only be reasonably implementedon nondeterministic transducers, and so the deterministic case does not add anything new to thediscussion of Chapter 4.

6.3 Implementing Operations on Relations

In Chapter 4 we made two assumptions on the encoding of objects from the universe U as words:

• every word is the encoding of some object, and

• every object is encoded by exactly one word.

We have relaxed the second assumption, and allowed for multiple encodings (in fact, infinitelymany), of an object. Fortunately, as long as the first assumption still holds, the implementationsof the boolean operations remain correct, in the following sense: If the input automata are wellformed then the output automaton is also well-formed. Consider for instance the complementationoperation on DFAs. Since every word encodes some object, the set of all words can be partitioned inequivalence classes, each of them containing all the encodings of an object. If the input automatonA is well-formed, then for every object x from the universe, A either accepts all the words in anequivalence class, or none of them. The complement automaton then satisfies the same property,but accepting a class iff the original automaton does not accept it.

Notice further that membership of an object x in a set represented by a well-formed automatoncan be checked by taking any encoding wx of x, and checking if the automaton accepts wx.

6.3.1 Projection

Given a transducer T recognizing a relation R ⊆ X × X, we construct an automaton over Σ recog-nizing the set π1(R). The initial idea is very simple: loosely speaking, we go through all transitions,and replace their labels (a, b) by a. This transformation yields a NFA, and this NFA has an accept-ing run on a word a1 . . . an iff the transducer has an accepting run on some pair (w,w′). Formally,this step is carried out in lines 1-4 of the following algorithm (line 5 is explained below):

Proj 1(T)Input: transducer T = (Q,Σ × Σ, δ,Q0, F)Output: NFA A = (Q′,Σ, δ′,Q′0, F

′) with L (A) = π1(L (T ))

1 Q′ ← Q; Q′0 ← Q0; F′′ ← F2 δ′ ← ∅;3 for all (q, (a, b), q′) ∈ δ do4 add (q, a, q′) to δ′

5 F′ ← PadClosure((Q′,Σ, δ′,Q′0, F′′), #)


However, this initial idea is not fully correct. Consider the relation R = (1, 4) over N. Atransducer T recognizing R recognizes the language

(10n+2, 0010n) | n ≥ 0

and so the NFA constructed after lines 1-4 recognizes 10n+2 | n ≥ 0. However, it does notrecognize the number 1, because it does not accept all its encodings: the encodings 1 and 10 arerejected.

This problem can be easily repaired. We introduce an auxiliary construction that “completes”a given NFA: the padding closure of an NFA is another NFA A′ that accepts a word w if and onlyif the first NFA accepts w#n for some n ≥ 0 and a padding symbol #. Formally, the padding closureaugments the set of final states and return a new such set. Here is the algorithm constructing thepadding closure:

PadClosure(A, #)Input: NFA A = (Σ × Σ,Q, δ, q0, F)Output: new set F′ of final states

1 W ← F; F′ ← ∅;2 while W , ∅ do3 pick q from W4 add q to F′

5 for all (q′, #, q) ∈ δ do6 if q′ < F′ then add q′ to W7 return F′

Projection onto the second component is implemented analogously. The complexity of Proj i()is clearly O(|δ| + |Q|), since every transition is examined at most twice, once in line 3, and possiblya second time at line 5 of PadClosure.

Observe that projection does not preserve determinism, because two transitions leaving a stateand labeled by two different (pairs of) letters (a, b) and (a, c), become after projection two tran-sitions labeled with the same letter a: In practice the projection of a transducer is hardly everdeterministic. Since, typically, a sequence of operations manipulating transitions contains at leastone projection, deterministic transducers are relatively uninteresting.

Example 6.7 Figure 6.2 shows the NFA obtained by projecting the transducer for the Collatz func-tion onto the first and second components. States 4 and 5 of the NFA at the top (first component)are made final by PadClosure, because they can both reach the final state 6 through a chain of 0s(recall that 0 is the padding symbol in this case). The same happens to state 3 for the NFA at thebottom (second component), which can reach the final state 2 with 0.Recall that the transducer recognizes the relation R = (n, f (n)) | n ∈ N, where f denotes theCollatz function. So we have π1(R) = n | n ∈ N = N and π2(R) = f (n) | n ∈ N, and a momentof thought shows that π2(R) = N as well. So both NFAs should be universal, and the reader


1

2 3

4 5 6

0 1

0

10

1 0 0

1

1

1

0

0

1

2 3

4 5 6

0 1

1

00

0 0 1

0

1

1

0

1

Figure 6.2: Projections of the transducer for the Collatz function onto the first and second compo-nents.

can easily check that this is indeed the case. Observe that both projections are nondeterministic,although the transducer is deterministic.

6.3.2 Join, Post, and Pre

We give an implementation of the Join operation, and then show how to modify it to obtain imple-mentations of Pre and Post.

Given transducers T1,T2 recognizing relations R1 and R2, we construct a transducer T1 T2recognizing R1R2. We first construct a transducer T with the following property: T accepts (w,w′)iff there is a word w′′ such that T1 accepts (w,w′′) and T2 accepts (w′′,w′). The intuitive idea is toslightly modify the product construction. Recall that the pairing [A1, A2] of two NFA A1, A2 has a


transition [q, r]a−−→[q′, r′] if and only if A1 has a transition q

a−−→ r and A2 has a transition q′

a−−→ r′.

Similarly, T1T2 has a transition [q, r](a,b)−−−−→[q′, r′] if there is a letter c such that T1 has a transition

q(a,c)−−−−→ r and A2 has a transition q′

(c,b)−−−−→ r′. Intuitively, T can output b on input a if there is a letter

c such that T1 can output c on input a, and T2 can output b on input c. The transducer T has a run

[q01q02

] a1b1

−−−−→

[q11q12

] a2b2

−−−−→

[q21q22

]. . .

[q(n−1)1q(n−1)2

] an

bn

−−−−→

[qn1qn2

]iff T1 and T2 have runs

q01

a1c1

−−−−→ q11

a2c2

−−−−→ q21 . . . q(n−1)1

an

cn

−−−−→ qn1

q02

c1b1

−−−−→ q12

c2b2

−−−−→ q22 . . . q(n−1)2

cn

bn

−−−−→ qn2

Formally, if T1 = (Q1,Σ × Σ, δ1,Q01, F1) and T2 = (Q2,Σ × Σ, δ2,Q02, F2), then T = (Q,Σ ×Σ, δ,Q0, F′) is the transducer generated by lines 1–9 of the algorithm below:

Join(T1,T2)Input: transducers T1 = (Q1,Σ × Σ, δ1,Q01, F1),

T2 = (Q2,Σ × Σ, δ2,Q02, F2)Output: transducer T1 T2 = (Q,Σ × Σ, δ,Q0, F)

1 Q, δ, F′ ← ∅; Q0 ← Q01 × Q02

2 W ← Q0

3 while W , ∅ do4 pick [q1, q2] from W5 add [q1, q2] to Q6 if q1 ∈ F1 and q2 ∈ F2 then add [q1, q2] to F′

7 for all (q1, (a, c), q′1) ∈ δ1, (q2, (c, b), q′2) ∈ δ2 do8 add ([q1, q2], (a, b), [q′1, q

′2]) to δ

9 if [q′1, q′2] < Q then add [q′1, q

′2] to W

10 F ← PadClosure((Q,Σ × Σ, δ,Q0, F′), (#, #))

However, T is not yet the transducer we are looking for. The problem is similar to the one ofthe projection operation. Consider the relations on numbers R1 = (2, 4) and R2 = (4, 2). ThenT1 and T2 recognize the languages (010n+1, 0010n) | n ≥ 0 and (0010n, 010n+1) | n ≥ 0 of wordpairs. So T recognizes (010n+1, 010n+1) | n ≥ 0. But then, according to our definition, T does not


accept the pair (2, 2) ∈ N ×N, because it does not accept all its encodings: the encoding (01, 01)is missing. So we add a padding closure again at line 10, this time using [#, #] as padding symbol.

The number of states of Join(T1,T2) is O(|Q1| · |Q2|), as for the standard product construction.

Example 6.8 Recall that the transducer of Figure 6.1, shown again at the top of Figure 6.3, rec-ognizes the relation (n, f (n)) | n ∈ N, where f is the Collatz function. Let T be this transducer.The bottom part of Figure 6.3 shows the transducer T T as computed by Join(T ,T ). For example,the transition leading from [2, 3] to [3, 2], labeled by (0, 0), is the result of “pairing” the transitionfrom 2 to 3 labeled by (0, 1), and the one from 3 to 2 labeled by (1, 0). Observe that T T isnot deterministic, because for instance [1, 1] is the source of two transitions labeled by (0, 0), eventhough T is deterministic. This transducer recognizes the relation (n, f ( f (n))) | n ∈ N. A littlecalculation gives

f ( f ((n)) =

n/4 if n ≡ 0 mod 43n/2 + 1 if n ≡ 2 mod 43n/2 + 1/2 if n ≡ 1 mod 4 or n ≡ 3 mod 4

The three components of the transducer reachable from the state [1, 1] correspond to these threecases.

Post(X,R) and Pre(X, R) Given an NFA A1 = (Q1,Σ, δ1,Q01, F1) recognizing a regular set X ⊆ Uand a transducer T2 = (Q2,Σ×Σ, δ2, q02, F2) recognizing a regular relation R ⊆ U×U, we constructan NFA B recognizing the set postR(U). It suffices to slightly modify the join operation. Thealgorithm Post(A1,T2) is the result of replacing lines 7-8 of Join() by

7 for all (q1, c, q′1) ∈ δ1, (q2, (c, b), q′2) ∈ δ2 do8 add ([q1, q2], b, [q′1, q

′2]) to δ

As for the join operation, the resulting NFA has to be postprocessed, closing it with respect to thepadding symbol.

In order to construct an NFA recognizing preR(X), we replace lines 7-8 by

7 for all (q1, (a, c), q′1) ∈ δ1, (q2, c, q′2) ∈ δ2 do8 add ([q1, q2], a, [q′1, q

′2]) to δ

Notice that both post and pre are computed with the same complexity as the pairing construction,namely, the product of the number of states of transducer and NFA.

Example 6.9 We construct an NFA recognizing the image under the Collatz function of all multi-ples of 3, i.e., the set f (3n) | n ∈ N. For this, we first need an automaton recognizing the set Y ofall lsbf encodings of the multiples of 3. The following DFA does the job:


1

2 3

4 5 6

[10

] [00

][00

] [01

]

[11

][10

][11

]

[00

]

[11

][00

]

[10

]

[01

]

[01

]

1, 1

2, 5 2, 6

[01

] [00

]

6, 2[00

][00

]

[10

]

[01

][11

] [01

]

6, 3

4, 2 5, 3

[01

]

[11

]

[10

]

4, 3 5, 2

[10

]3, 4 3, 5

[11

]

2, 3 3, 3[00

][01

]

[10

]

[01

] [11

]

2, 2 3, 2

[11

][10

][01

]

[11

][10

]

[00

] [00

]

[00

]

[00

]

[01

][11

][10

] [00

]

[10

]

[11

]Figure 6.3: A transducer for f ( f (n)).

6.4. RELATIONS OF HIGHER ARITY 129

0 1

1 0

1 0

1 2 3

For instance, this DFA recognizes 0011 (encoding of 12) and 01001 (encoding of 18), but not 0101(encoding of 10). We now compute postR(Y), where, as usual, R = (n, f (n)) | n ∈ N. The result

is the NFA shown in Figure 6.4. For instance, the transition [1, 1]1−−→[1, 3] is generated by the

transitions 10−−→ 1 of the DFA and 1

(0,1)−−−−→ 3 of the transducer for the Collatz function. State [2, 3]

becomes final due to the closure with respect to the padding symbol 0.The NFA of Figure 6.4 is not difficult to interpret. The multiples of 3 are the union of the sets

6k | k ≥ 0, all whose elements are even, and the set 6k + 3 | k ≥ 0, all whose elements are odd.Applying f to them yields the sets 3k | k ≥ 0 and 18k + 10 | k ≥ 0. The first of them is againthe set of all multiples of 3, and it is recognized by the upper part of the NFA. (In fact, this upperpart is a DFA, and if we minimize it we obtain exactly the DFA given above.) The lower part of theNFA recognizes the second set. The lower part is minimal; it is easy to find for each state a wordrecognized by it, but not by the others.

It is interesting to observe that an explicit computation of the set f (3k) | k ≥ 0) in which weapply f to each multiple of 3 does not terminate, because the set is infinite. In a sense, our solution“speeds up” the computation by an infinite factor!

6.4 Relations of Higher Arity

The implementations described in the previous sections can be easily extended to relations of higherarity over the universe U. We briefly describe the generalization.

Fix an encoding of the universe U over the alphabet Σ with padding symbol #. A tuple(w1, . . . ,wk) of words over Σ encodes the tuple (x1, . . . , xk) ∈ Uk if wi encodes xi for every1 ≤ i ≤ k, and w1, . . . ,wk have the same length. A k-transducer over Σ is an NFA over the al-phabet Σk. Acceptance of a k-transducer is defined as for normal transducers.

Boolean operations are defined as for NFAs. The projection operation can be generalized toprojection over an arbitrary subset of components. For this, given an index set I = i1, . . . , in ⊆1, . . . , k, let ~xI denote the projection of a tuple ~x = (x1, . . . , xk) ∈ Uk over I, defined as the tuple(xi1 , . . . , xin) ∈ Un. Given a relation R ⊆ U, we define

Projection I(R): returns the set πI(R) = ~xI | ~x ∈ R.

The operation is implemented analogously to the case of a binary relation. Given a k-transducer Trecognizing R, the n-transducer recognizing Projection P(R) is computed as follows:

• Replace every transition (q, (a1, . . . , ak), q′) of T by the transition (q, (ai1 , . . . , ain), q′).


0 1

1 0

1 0

1 2 31

2 3

4 5 6

[10

] [00

][00

] [01

]

[11

][10

][11

]

[00

]

[11

][00

]

[10

]

[01

]

[01

]

1, 1

1, 2

2, 2

0

0

0

1 13, 3

3, 2

1, 3

2, 3

0

1

1

0

0

0

1, 52, 4

1, 62, 5

2, 63, 63, 5

3, 4

1, 4

0

0

0

0

1

1

1 0

1

1

1

1

0

1

0

1

1

01

0

0

1

Figure 6.4: Computing f (n) for all multiples of 3.


• Compute the PAD-closure of the result: for every transition (q, (#, . . . , #), q′), if q′ is a finalstate, then add q to the set of final states.

The join operation can also be generalized. Given two tuples ~x = (x1, . . . , xn) and ~y =

(y1, . . . , ym) of arities n and m, respectively, we denote the tuple (x1, . . . , xn, y1, . . . , ym) of dimen-sion n + m by ~x · ~y. Given relations R1 ⊆ Uk1 and R2 ⊆ Uk2 of arities k1 and k2, respectively, andindex sets I1 ⊆ 1, . . . , k1, I2 ⊆ 1, . . . , k2 of the same cardinality, we define

Join I(R1, R2): returns R1 I1,I2 R2 = ~xK1\I1 ~xK2\I2 | ∃~x ∈ R1, ~y ∈ R2 : ~xI1 = ~yI2

The arity of Join I(R1, R2) is k1 + k2 − |I1|. The operation is implemented analogously to the caseof binary relations. We proceed in two steps. The first step constructs a transducer according to thefollowing rule:

If the transducer recognizing R1 has a transition (q, ~a, q′), the transducer recognizingR2 has a transition (r, ~b, r′), and ~aI1 = ~bI2, then add to the transducer for Join I(R1,R2) a transition ([q, r], ~aK1\I1 ·

~bK2\I2 , [q′, r′]).

In the second step, we compute the PAD-closure of the result. The generalization of the Pre andPost operations is analogous.

Exercises

Exercise 81 Let val : 0, 1∗ → N be such that val(w) is the number represented by w with the“least significant bit first” encoding.

(a) Give a transducer that doubles numbers, i.e. a transducer recognizing the language[x, y] ∈ (0, 1 × 0, 1)∗ | val(y) = 2 · val(x)

.

(b) Give an algorithm that takes k ∈ N as input and produces a transducer Ak recognizing thelanguage

Lk =[x, y] ∈ (0, 1 × 0, 1)∗ | val(y) = 2k · val(x)

.

(Hint: use (a) and joins.)

(c) Give a transducer for the addition of two numbers, i.e. a transducer recognizing the language[x, y, z] ∈ (0, 1 × 0, 1 × 0, 1)∗ | val(z) = val(x) + val(y)

.

(d) For every k ∈ N>0, let

Xk =[x, y] ∈ (0, 1 × 0, 1)∗ | val(y) = k · val(x)

.

Suppose you are given transducers A and B recognizing respectively Xa and Xb for somea, b ∈ N>0. Sketch an algorithm that builds a transducer C recognizing Xa+b. (Hint: use (c).)

Using (b) how can you build a transducer recognizing Xk?


(f) Show that the following language has infinitely many residuals, and hence that it is notregular:

[x, y] ∈ (0, 1 × 0, 1)∗ | val(y) = val(x)2.

Exercise 82 Let U = N be the universe of natural numbers, and consider the MSBF encoding.Give transducers for the sets of pairs (n,m) ∈ N2 such that (a) m = n + 1, (b) m = bn/2c, (c)n/4 ≤ m ≤ 4n. How do the constructions change for the LSBF encoding?

Exercise 83 Let U be some universe of objects, and fix an encoding of U over Σ∗. Prove ordisprove: if a relation R ⊆ U × U is regular, then the language

LR = wxwy | (wx,wy) encodes a pair (x, y) ∈ R

is regular.

Exercise 84 Let A be an NFA over the alphabet Σ.

(a) Show how to construct a transducer T over the alphabet Σ × Σ such that (w, v) ∈ L(T ) iffwv ∈ L(A) and |w| = |v|.

(b) Give an algorithm that accepts an NFA A as input and returns an NFA A/2 such that L (A/2) =

w ∈ Σ∗ | ∃v ∈ Σ∗ : wv ∈ L (A) ∧ |w| = |v|.

Exercise 85 In phone dials letters are mapped into digits as follows:

ABC 7→ 2 DEF 7→ 3 GHI 7→ 4 JKL 7→ 5MNO 7→ 6 PQRS 7→ 7 TUV 7→ 8 WXYZ 7→ 9

This map can be used to assign a telephone number to a given word. For instance, the number forAUTOMATON is 288662866.

Consider the problem of, given a telephone number (for simplicity, we assume that it containsneither 1 nor 0), finding the set of English words that are mapped into it. For instance, the set ofwords mapping to 233 contains at least ADD, BED, and BEE. Assume a DFA N over the alphabetA, . . . ,Z recognizing the set of all English words is given. Given a number n, show how toconstruct a NFA recognizing all the words that are mapped to n.

Exercise 86 As we have seen, the application of the Post, Pre operations to transducers requiresto compute the padding closure in order to guarantee that the resulting automaton accepts either allor none of the encodings of a object. The padding closure has been defined for encodings wherepadding occurs on the right, i.e., if w encodes an object, then so does w #k for every k ≥ 0. However,in some natural encodings, like the most-significant-bit-first encoding of natural numbers, paddingoccurs on the left. Give an algorithm for calculating the padding closure of a transducer whenpadding occurs on the left.


Exercise 87 We have defined transducers as NFAs whose transitions are labeled by pairs of sym-bols (a, b) ∈ Σ×Σ. With this definition transducers can only accept pairs of words (a1 . . . an, b1 . . . bn)of the same length. In many applications this is limiting.

An ε-transducer is a NFA whose transitions are labeled by elements of (Σ∪ ε)× (Σ∪ ε). Anε-transducer accepts a pair (w,w′) of words if it has a run

q0(a1,b1)−−−−−→ q1

(a2,b2)−−−−−→ · · ·

(an,bn)−−−−−→ qn with ai, bi ∈ Σ ∪ ε

such that w = a1 . . . an and w′ = b1 . . . bn. Note that |w| ≤ n and |w′| ≤ n. The relation acceptedby the ε-transducer T is denoted by L (T ). The figure below shows a transducer over the alphabeta, b that, intuitively, duplicates the letters of a word, e.g., on input aba it outputs aabbaa. In thefigure we use the notation a/b.

a/a

b/b

ε/a

ε/b

Give an algorithm Postε(A,T ) that, given a NFA A and an ε-transducer T , both over the samealphabet Σ, returns a NFA recognizing the language

postTε (A) = w | ∃w′ ∈ L(A) such that (w′,w) ∈ L(T )

Hint: View ε as an additional alphabet letter.

Exercise 88 Transducers can be used to capture the behaviour of simple programs. Figure 15.5shows a program P and its control-flow diagram. The instruction end finishes the execution of theprogram. P communicates with the environment through its two boolean variables, both with 0 asinitial value. The I/O-relation of P is the set of pairs (wI ,wO) ∈ 0, 1∗ × 0, 1∗ such that there isan execution of P during which P reads the sequence wI of values and writes the sequence wO.

Let [i, x, y] denote the configuration of P in which P is at node i of the control-flow diagram,and the values of its two boolean variables are x and y, respectively. The initial configuration of Pis [1, 0, 0]. By executing the first instruction P moves nondeterministically to one of the configu-rations [2, 0, 0] and [2, 1, 0]; no input symbol is read and no output symbol is written. Similarly,by executing its second instruction, the program P moves from [2, 1, 0] to [3, 1, 0] while readingnothing and writing 1.

(a) Give an ε-transducer recognizing the I/O-relation of P.


bool x, y init 0x←?write xwhile true do

read y until y = x ∧ yif x = y then write y endx← x − 1 or y← x + yif x , y then write x end

1

2

3

4

56

78

9 10

x←?

write x

read y

y = x ∧ y

y , x ∧ y

x , y

x = y

write y

y← x + yx← x − 1

x , y

write x

x = y

Figure 6.5: Programm used in Exercise 88.

(b) Can an overflow error occur? (That is, can a configuration be reached in which the value ofx or y is not 0 or 1?)

(c) Can node 10 of the control-flow graph be reached?

(d) What are the possible values of x upon termination, i.e. upon reaching end?

(e) Is there an execution during which P reads 101 and writes 01?

(f) Let I and O be regular sets of inputs and outputs, respectively. Think of O as a set ofdangerous outputs that we want to avoid. We wish to prove that the inputs from I are safe,i.e. that when P is fed inputs from I, none of the dangerous outputs can occur. Describe analgorithm that decides, given I and O, whether there are i ∈ I and o ∈ O such that (i, o)belongs to the I/O-relation of P.

Exercise 89 In Exercise 87 we have shown how to compute pre- and post-images of relationsdescribed by ε-transducers. In this exercise we show that, unfortunately, and unlike standard trans-ducers, ε-transducers are not closed under intersection.

(a) Construct ε-transducers T1,T2 recognizing the relations R1 = (anbm, c2n) | n,m ≥ 0, andR2 = (anbm, c2m) | n,m ≥ 0.

(b) Show that no ε-transducer recognizes R1 ∩ R2.


Exercise 90 (Inspired by a paper by Galwani al POPL’11.) Consider transducers whose transitionsare labeled by elements of (Σ∪ε)× (Σ∗∪ε). Intuitively, at each transition these transducers readone letter or no letter, an write a string of arbitrary length. These transducers can be used to performoperations on strings like, for instance, capitalizing all the words in the string: if the transducerreads, say, ”singing in the rain”, it writes ”Singing In The Rain”. Sketch ε-transducers for thefollowing operations, each of which is informally defined by means of two or three examples. Ineach example, when the transducer reads the string on the left it writes the string on the right.

Company\Code\index.html Company\Code

Company\Docs\Spec\specs.doc Company\Docs\Spec

International Business Machines IBM

Principles Of Programming Languages POPL

Oege De Moor Oege De Moor

Kathleen Fisher AT&T Labs Kathleen Fisher AT&T Labs

Eran Yahav Yahav, E.

Bill Gates Gates, B.

004989273452 +49 89 273452

(00)4989273452 +49 89 273452

273452 +49 89 273452


Chapter 7

Finite Universes

In Chapter 3 we proved that every regular language has a unique minimal DFA. A natural ques-tion is whether the operations on languages and relations described in Chapters 4 and 6 can beimplemented using minimal DFAs and minimal deterministic transducers as data structure.

The implementations of (the first part of) Chapter 4 accept and return DFAs, but do not pre-serve minimality: even if the arguments are minimal DFAs, the result may be non-minimal (theonly exception was complementation). So, in order to return the minimal DFA for the result anextra minimization operation must be applied. The situation is worse for the projection and joinoperations of Chapter 6, because they do not even preserve determinacy: the result of projectinga deterministic transducer or joining two of them may be nondeterministic. In order to return aminimal DFA it is necessary to first determinize, at exponential cost in the worst case, and thenminimize.

In this chapter we present implementations that directly yield the minimal DFA, with no needfor an extra minimization step, for the case in which the universe U of objects is finite.

When the universe is finite, all objects can be encoded by words of the same length, and thiscommon length is known a priori. For instance, if the universe consists of the numbers in the range[0..232 − 1], its objects can be encoded by words over 0, 1 of length 32. Since all encodings havethe same length, padding is not required to represent tuples of objects, and we can assume that eachobject is encoded by exactly one word. As in Chapter 4, we also assume that each word encodessome object. Operations on objects correspond to operations on languages, but complementationrequires some care. If X ⊂ U is encoded as a language L ⊆ Σk for some number k ≥ 0, then thecomplement set U \ X is not encoded by L (which contains words of any length) but by L ∩ Σk.

7.1 Fixed-length Languages and the Master Automaton

Definition 7.1 A language L ⊆ Σ∗ has length n ≥ 0 if every word of L has length n. If L has lengthn for some n ≥ 0, then we say that L is a fixed-length language, or that it has fixed-length.

Some remarks are in order:

137

138 CHAPTER 7. FINITE UNIVERSES

• According to this definition, the empty language has length n for every n ≥ 0 (the asser-tion “every word of L has length n” is vacuously true). This is useful, because then thecomplement of a language of length n has also length n.

• There are exactly two languages of length 0: the empty language ∅, and the language εcontaining only the empty word.

• Every fixed-length language contains only finitely many words, and so it is regular.

The master automaton over an alphabet Σ is a deterministic automaton with an infinite numberof states, but no initial state. As in the case of canonical DAs, the states are languages.

For the definition, recall the notion of residual with respect to a letter: given a language L ⊆ Σ∗

and a ∈ Σ, its residual with respect to a is the language La = w ∈ Σ∗ | aw ∈ L. Recall that, inparticular, we have ∅a = εa = ∅. A simple but important observation is that if L has fixed-length,then so does La.

Definition 7.2 The master automaton over the alphabet Σ is the tuple M = (QM,Σ, δM, FM), where

• QM is is the set of all fixed-length languages over Σ;

• δ : QM × Σ→ QM is given by δ(L, a) = La for every q ∈ QM and a ∈ Σ;

• FM is the singleton set containing the language ε as only element.

Example 7.3 Figure 7.1 shows a small fragment of the master automaton for the alphabet Σ =

a, b. Notice that M is almost acyclic. More precisely, the only cycles of M are the self-loopscorresponding to δM(∅, a) = ∅ for every a ∈ Σ.

The following proposition was already proved in Chapter 3, but with slightly different termi-nology.

Proposition 7.4 Let L be a fixed-length language. The language recognized from the state L of themaster automaton is L.

Proof: By induction on the length n of L. If n = 0, then L = ε or L = ∅, and the result isproved by direct inspection of the master automaton. For n > 0 we observe that the successors ofthe initial state L are the languages La for every a ∈ Σ. Since, by induction hypothesis, the state La

recognizes the language La, the state L recognizes the language L.

By this proposition, we can look at the master automaton as a structure containing DFAs rec-ognizing all the fixed-length languages. To make this precise, each fixed-length language L deter-mines a DFA AL = (QL,Σ, δL, q0L, FL) as follows: QL is the set of states of the master automatonreachable from the state L; q0L is the state L; δL is the projection of δM onto QL; and FL = FM. Itis easy to show that AL is the minimal DFAs recognizing L:

7.2. A DATA STRUCTURE FOR FIXED-LENGTH LANGUAGES 139

aa, ab, ba, bb

a a, b b

ε

aa, ab, ba ab, bb aa, ab, bb

a, b

∅

b

ab

a, b

a, ba

ba

ba a, b a, b

aab, abb, baa, bab, bbb

baa

aaa, aab, aba, baa, bab, bba, bbb

b

Figure 7.1: A fragment of the master automaton for the alphabet a, b

Proposition 7.5 For every fixed-language L, the automaton AL is the minimal DFA recognizing L.

Proof: By definition, distinct states of the master automaton are distint languages. By Proposition7.4, distinct states of AL recognize distinct languages. By Corollary 3.13 (a DFA is minimal if andonly if distinct states recognized different languages) AL is minimal.

7.2 A Data Structure for Fixed-length Languages

Proposition 7.5 allows us to define a data structure for representing finite sets of fixed-lengthlanguages, all of them of the same length. Loosely speaking, the structure representing the lan-guages L = L1, . . . , Lm is the fragment of the master automaton containing the states recognizingL1, . . . , Ln and their descendants. It is a DFA with multiple initial states, and for this reason we callit the multi-DFA for L. Formally:

Definition 7.6 Let L = L1, . . . , Ln be a set of languages of the same length over the same alpha-bet Σ. The multi-DFA AL is the tuple AL = (QL,Σ, δL,Q0L, FL), where QL is the set of states ofthe master automaton reachable from at least one of the states L1, . . . , Ln; Q0L = L1, . . . , Ln; δLis the projection of δM onto QL; and FL = FM.


4

7

1

3

6

2

5

L3L2L1

a, b a

a, ba b

a, bb

Figure 7.2: The multi-DFA for L1, L2, L3 with L1 = aa, ba, L2 = aa, ba, bb, and L3 = ab, bb.

Example 7.7 Figure 7.2 shows (a DFA isomorphic to) the multi-DFA for the set L1, L2, L3, whereL1 = aa, ba, L2 = aa, ba, bb, and L3 = ab, bb. For clarity the state for the empty language hasbeen omitted, as well as the transitions leading to it.

In order to manipulate multi-DFAs we represent them as a table of nodes. Assume Σ =

a1, . . . , am. A node is a pair 〈q, s〉, where q is a state identifier and s = (q1, . . . , qm) is the succes-sor tuple of the node. Along the chapter we denote the state identifiers of the state for the languages∅ and ε by q∅ and qε , respectively.

The multi-DFA is represented by a table containing a node for each state, with the exception ofthe nodes q∅ and qε . The table for the multi-DFA of Figure 7.2, where state identifiers are numbers,is

Ident. a-succ b-succ2 1 03 1 14 0 15 2 26 2 37 4 4

The procedure make(s). The algorithms on multi-DFAs use a procedure make(s) that returns thestate of T having s as successor tuple, if such a state exists; otherwise, it adds a new node 〈q, s〉 toT , where q is a fresh state identifier (different from all other state identifiers in T ) and returns q. Ifs is the tuple all whose components are q∅, then make(s) returns q∅. The procedure assumes thatall the states of the tuple s (with the exception of q∅ and qε) appear in T .1 For instance, if T is the

1Notice that the procedure makes use of the fact that no two states of the table have the same successor tuple.

7.3. OPERATIONS ON FIXED-LENGTH LANGUAGES 141

4

7

1

3

6

2

5 8

L3L1

a, b a

a, ba b

a, bb b

L2 ∩ L3L2L1 ∪ L2

Figure 7.3: The multi-DFA for L1, L2, L3, L1 ∪ L2, L2 ∩ L3

table above, then make(2, 2) returns 5, but make(3, 2) adds a new row, say 8, 3, 2, and returns 8.

7.3 Operations on fixed-length languages

All operations assume that the input fixed-length language(s) is (are) given as multi-DFAs repre-sented as a table of nodes. Nodes are pairs of state identifier and successor tuple.

The key to all implementations is the fact that if L is a language of length n ≥ 1, then La isa language of length n − 1. This allows to design recursive algorithms that directly compute theresult when the inputs are languages of length 0, and reduce the problem of computing the resultfor languages of length n ≥ 1 to the same problem for languages of smaller length.

Fixed-length membership. The operation is implemented as for DFAs. The complexity is linearin the size of the input.

Fixed-length union and intersection. Implementing a boolean operation on multi-DFAs corre-sponds to possibly extending the multi-DFA, and returning the state corresponding to the result ofthe operation. This is best explained by means of an example. Consider again the multi-DFA ofFigure 7.2. An operation like Union(L1, L2) gets the initial states 5 and 6 as input, and returns thestate recognizing L1 ∪ L2; since L1 ∪ L2 = L2, the operation returns state 6. However, if we takeIntersection(L2, L3), then the multi-DFA does not contain any state recognizing it. In this case theoperation extends the multi-DFA for L1, L2, L3 to the multi-DFA for L1, L2, L3, L2 ∪ L3, shownin Figure 7.3, and returns state 8. So Intersection(L2, L3) not only returns a state, but also has aside effect on the multi-DFA underlying the operations.


Given two fixed-length languages L1, L2 of the same length, we present an algorithm that re-turns the state of the master automaton recognizing L1∩L2 (the algorithm for L1∪L2 is analogous).The properties

• if L1 = ∅ or L2 = ∅, then L1 ∩ L2 = ∅;

• if L1 = ε and L2 = ε, then L1 ∩ L2 = ε;

• if L1, L2 < ∅, ε, then (L1 ∩ L2)a = La1 ∩ La

2 for every a ∈ Σ;

lead to the recursive algorithm inter(q1, q2) shown in Table 15.7. Assume the states q1, q2 recognizethe languages L1, L2 of the same length. We say that q1, q2 have the same length. The algorithmreturns the state identifier qL1∩L2 . If q1 = q∅, then L1 = ∅, which implies L1 ∩ L2 = ∅. So thealgorithm returns the state identifier q∅. If q2 = q∅, the algorithm also returns q∅. If q1 = qε = q2,the algorithm returns qε . This deals with all the cases in which q1, q2 ∈ q∅, qε (and some more,which does no harm). If q1, q2 < q∅, qε, then the algorithm computes the state identifiers r1, . . . , rm

recognizing the languages (L1∩L2)a1 , . . . , (L1∩L2)am , and returns make(r1, . . . , rn) (creating a newnode if no node of T has (r1, . . . , rn) as successor tuple). But how does the algorithm compute thestate identifier of (L1 ∩ L2)ai? By equation (3) above, we have (L1 ∩ L2)ai = Lai

1 ∩ Lai2 , and so the

algorithm computes the state identifier of Lai1 ∩ Lai

2 by a recursive call inter(qai1 , q

ai2 ).

The only remaining point is the role of the table G. The algorithm uses memoization to avoidrecomputing the same object. The table G is initially empty. When inter(q1, q2) is computed for thefirst time, the result is memoized in G(q1, q2). In any subsequent call the result is not recomputed,but just read from G. For the complexity, let n1, n2 be the number of states of T reachable from thestate q1, q2. It is easy to see that every call to inter receives as arguments states reachable from q1and q2, respectively. So inter is called with at most n1 · n2 possible arguments, and the complexityis O(n1 · n2).

inter(q1, q2)Input: states q1, q2 of the same lengthOutput: state recognizing L (q1) ∩ L (q2)

1 if G(q1, q2) is not empty then return G(q1, q2)2 if q1 = q∅ or q2 = q∅ then return q∅3 else if q1 = qε and q2 = qε then return qε4 else /* q1, q2 < q∅, qε */

5 for all i = 1, . . . ,m do ri ← inter(qai1 , q

ai2 )

6 G(q1, q2)← make(r1, . . . , rm)7 return G(q1, q2)

Table 7.1: Algorithm inter

Algorithm inter is generic: in order to obtain an algorithm for another binary operator it sufficesto change lines 2 and 3. If we are only interested in intersection, then we can easily gain a more


efficient version. For instance, we know that inter(q1, q2) and inter(q2, q1) return the same state,and so we can improve line 1 by checking not only if G(q1, q2) is nonempty, but also if G(q2, q1)is. Also, inter(q, q) always returns q, no need to compute anything either.

Example 7.8 Consider the multi-DFA at the top of Figure 7.4, but without the blue states. State 0,accepting the empty language, is again not shown. The tree at the bottom of the figure graphicallydescribes the run of inter(12, 13) (that is, we compute the node for the intersection of the languagesrecognized from states 12 and 13). A node q, q′ 7→ q′′ of the tree stands for a recursive call to interwith arguments q and q′ that returns q′′. For instance, the node 2,4 7→ 2 indicates that inter is calledwith arguments 2 and 4 and the call returns state 2. Let us see why is this so. The call inter(2, 4)produces two recursive calls, first inter(1, 1) (the a-successors of 2 and 4), and then inter(0, 1). Thefirst call returns 1, and the second 0. Therefore inter(2, 4) returns a state with 1 as a-successor and0 as b-successor. Since this state already exists (it is state 2), inter(2, 4) returns 2. On the otherhand, inter(9,10) creates and returns a new state: its two “children calls” return 5 and 6, and so anew state with state 5 and 6 as a- and b-successors must be created.

Pink nodes correspond to calls that have already been computed, and for which inter just looksup the result in G. Green nodes correspond to calls that are computed by inter, but not by themore efficient version. For instance, the result of inter(4,4) at the bottom right can be returnedimmediately.

Fixed-length complement. Recall that if a set X ⊆ U is encoded by a language L of length n,then the set U \X is encoded by the fixed-length complement Σn \ L, which we denote by L

n. Since

the empty language has all lengths, we have e.g. ∅2

= Σ2, but ∅3

= Σ3 and ∅0

= Σ0 = ε.Given the state of the master automaton recognizing L, we compute the state recognizing L

n

with the help of these properties:

• If L has length 0 and L = ∅ then L0

= ε.

• If L has length 0 and L = ε, then L0

= ∅.

• If L has length n ≥ 1, then(L

n)a= La (n−1)

.

(Observe that w ∈(L)a

iff aw < L iff w < La iff w ∈ La.)

We obtain the algorithm of Table 7.9. If the master automaton has n states reachable from q, thenthe operation has complexity O(n).

Example 7.9 Consider again the multi-DFA at the top of Figure 7.5 without the blue states. Thetree of recursive calls at the bottom of the figure graphically describes the run of comp(4, 12) (thatis, we compute the node for the complement of the language recognized from state 12, which haslength 4). For instance, comp(1,2) generates two recursive calls, first comp(0,1) (the a-successor of2), and then comp(0,0). The calls returs 0 and 1, respectively, and so comp(1,2) returns 3. Observe


1

4

765

98

15

32

1110

a b a, b

abba

a bb a, ba

ba, ba

1312

b a

8, 11 7→ 8 9, 10 7→ 14

7, 6 7→ 60, 7 7→ 05, 7 7→ 5

2, 4 7→ 2 3, 4 7→ 3 4, 2 7→ 2 4, 4 7→ 4

1, 1 7→ 11, 1 7→ 11, 0 7→ 01, 1 7→ 11, 1 7→ 10, 1 7→ 00, 1 7→ 0

5, 7 7→ 5

12, 13 7→ 15

aa

b14

ab

1, 1 7→ 1

Figure 7.4: An execution of inter.


comp(n, q)Input: length n, state q of length nOutput: state recognizing L (q)

n

1 if G(n, q) is not empty then return G(n, q)2 if n = 0 and q = q∅ then return qε3 else if n = 0 and q = qε then return q∅4 else / ∗ n ≥ 1 ∗ /5 for all i = 1, . . . ,m do ri ← comp(n − 1, qai)6 G(n, q)← make(r1, . . . , rm)7 return G(n, q)

Table 7.2: Algorithm comp

how the call comp(2,0) returns 7, the state accepting a, b2. Pink nodes correspond again to callsfor which comp just looks up the result in G. Green nodes correspond to calls whose result isdirectly computed by a more efficient version of comp that applies the following rule: if comp(i, j)returns k, then comp(i, k) returns j.

Fixed-length emptiness. A fixed-language language is empty if and only if the node representingit has q∅ as state identifier, and so emptiness can be checked in constant time..

Fixed-length universality. A language L of length n is fixed-length universal if L = Σn. Theuniversality of a language of length n recognized by a state q can be checked in time O(n). Itsuffices to check for all states reachable from q, with the exception of q∅, that no transition leavingthem leads to q∅. More systematically, we use the properties

• if L = ∅, then L is not universal;

• if L = ε, then L is universal;

• if ∅ , L , ε, then L is universal iff La is universal for every a ∈ Σ;

that lead to the algorithm of Table 7.3. For a better algorithm see Exercise 93.

Fixed-length inclusion. Given two languages L1, L2 ⊆ Σn, in order to check L1 ⊆ L2 we computeL1 ∩ L2 and check whether it is equal to L1 using the equality check shown next. The complexityis dominated by the complexity of computing the intersection.


1

4

765

98

14

15

32

1110

aa

bb a, b

ba, ba

12

3: 8 7→ 15

13

2: 5 7→ 14

1: 2 7→ 3 1: 3 7→ 2

0: 1 7→ 0 0; 0 7→ 1

2: 7 7→ 02: 5 7→ 14

3: 9 7→ 16

2: 0 7→ 7

1: 0 7→ 4

0; 0 7→ 1 0; 0 7→ 1

b a

a

a

a

aa bb a, ba

16

a

17

4: 12 7→ 17

1: 0 7→ 4

b a b

b

Figure 7.5: An execution of comp.

7.4. DETERMINIZATION AND MINIMIZATION 147

univ(q)Input: state qOutput: true if L (q) is fixed-length universal,

false otherwise1 if G(q) is not empty then return G(q)2 if q = q∅ then return false3 else if q = qε then return true4 else / ∗ q , q∅ and q , qε ∗ /5 G(q)← and(univ(qa1), . . . , univ(qam))6 return G(q)

Table 7.3: Algorithm univ

Fixed-length equality. Since the minimal DFA recognizing a language is unique, two languagesare equal if and only if the nodes representing them have the same state identifier, leading to aconstant time algorithm. This solution, however, assumes that the two input nodes come fromthe same table. If they come from two different tables T1,T2, then, since state identifiers can beassigned in both tables in different ways, it is necessary to check if the DFA rooted at the states q1and q2 are isomorphic. This is done by algorithm eq2 of Table 7.4, which assumes that qi belongsto a table Ti, and that both tables assign state identifiers q∅1 and q∅2 to the empty language.

eq2(q1, q2)Input: states q1, q2 of different tables, of the same lengthOutput: true if L (q1) = L (q2), false otherwise

1 if G(q1, q2) is not empty then return G(q1, q2)2 if q1 = q∅1 and q2 = q∅2 then G(q1, q2)← true3 else if q1 = q∅1 and q2 , q∅2 then G(q1, q2)← false4 else if q1 , q∅1 and q2 = q∅2 then G(q1, q2)← false5 else / ∗ q1 , q∅1 and q2 , q∅2 ∗ /6 G(q1, q2)← and(eq(qa1

1 , qa12 ), . . . , eq(qam

1 , qam2 ))

7 return G(q1, q2)

Table 7.4: Algorithm eq2

7.4 Determinization and Minimization

Let L be a fixed-length language, and let A = (Q,Σ, δ,Q0, F) be a NFA recognizing L. The algo-rithm det&min(A) shown in Table 7.5 returns the state of the master automaton recognizing L. In


other words, det&min(A) simultaneously determinizes and minimizes A.The algorithm actually solves a more general problem. Given a set S of states of A, all recog-

nizing languages of the same length, the language L (S ) =⋃

q∈S L (q) has also this common length.The heart of the algorithm is a procedure state(S ) that returns the state recognizing L (S ). SinceL = L (q0), det&Min(A) just calls state(q0).

We make the assumption that for every state q of A there is a path leading from q to some finalstate. This assumption can be enforced by suitable preprocessing, but usually it is not necessary;in applications, NFAs for fixed-length languages usually satisfy the property by construction. Withthis assumption, L (S ) satisfies:

• if S = ∅ then L (S ) = ∅;

• if S ∩ F , ∅ then L (S ) = ε

(since the states of S recognize fixed-length languages, the states of F necessarily recognizeε; since all the states of S recognize languages of the same length and S ∩ F , ∅, we haveL (S ) = ε);

• if S , ∅ and S ∩ F = ∅, then L (S ) =

n⋃i=1

ai · L (S i), where S i = δ(S , ai).

These properties lead to the recursive algorithm of Table 7.5. The procedure state(S ) uses a tableG of results, initially empty. When state(S ) is computed for the first time, the result is memoizedin G(S ), and any subsequent call directly reads the result from G. The algorithm has exponentialcomplexity, because, in the worst case, it may call state(S) for every set S ⊆ Q. To show that anexponential blowup is unavoidable, consider the family Lnn≥0 of languages, where Ln = ww′ |w,w′ ∈ 0, 1n and w , w′. While Ln can be recognized be an NFAs of size O(n2), its minimalDFA has O(2n) states: for every u, v ∈ Σn if u , v then Lu

n , Lv, because v ∈ Lun but v < Lv

n.

Example 7.10 Figure 7.6 shows a NFA (upper left) and the result of applying det&min to it. Therun of det&min is shown at the bottom of the figure, where, for the sake of readability, sets ofstates are written without the usual parenthesis (e.g. β, γ instead of β, γ. Observe, for instance,that the algorithm assigns to γ the same node as to β, γ, because both have the states 2 and 3 asa-successor and b-successor, respectively.

7.5 Operations on Fixed-length Relations

Fixed-length relations can be manipulated very similarly to fixed-length languages. Boolean op-erations are as for fixed-length languages. The projection, join, pre, and post operations can behowever implemented more efficiently as in Chapter 6.

We start with an observation on encodings. In Chapter 6 we assumed that if an element of Xis encoded by w ∈ Σ∗, then it is also encoded by w#, where # is the padding letter. This ensuresthat every pair (x, y) ∈ X × X has an encoding (wx,wy) such that wx and wy have the same length.

7.5. OPERATIONS ON FIXED-LENGTH RELATIONS 149

θη

α 7→ 5

β, γ 7→ 4

5

a, b

4

a b

2 3

b a, b

1

εδ ζ

b

bb

α

b

bb

β γ

a a, b

a a, b

a

ε 7→ 2 δ, ε, ζ 7→ 3

γ 7→ 4

ε, ζ 7→ 3

η, θ 7→ 1

ε 7→ 2

η, θ 7→ 1η 7→ 1 η 7→ 1 η 7→ 1∅ 7→ 0

Figure 7.6: Run of det&min on an NFA for a fixed-length language


det&min(A)Input: NFA A = (Q,Σ, δ,Q0, F)Output: master state recognizing L (A)

1 return state(Q0)

state(S )Input: set S ⊆ Q recognizing languages of the same lengthOutput: state recognizing L (S )

1 if G(S ) is not empty then return G(S )2 else if S = ∅ then return q∅3 else if S ∩ F , ∅ then return qε4 else / ∗ S , ∅ and S ∩ F = ∅ ∗ /

5 for all i = 1, . . . ,m do S i ← δ(S , ai)6 G(S )← make(state(S 1), . . . , state(S m));7 return G(S )

Table 7.5: Algorithm det&min.

Since in the fixed-length case all shortest encodings have the same length, the padding symbol isno longer necessary. So in this section we assume that each word or pair has exactly one encoding.

The basic definitions on fixed-length languages extend easily to fixed-length relations. A wordrelation R ⊆ Σ∗ × Σ∗ has length n ≥ 0 if for all pairs (w1,w2) ∈ R the words w1 and w2 have lengthn. If R has length n for some n ≥ 0, then we say that R has fixed-length

Recall that a transducer T accepts a pair (w1,w2) ∈ Σ∗ × Σ∗ if w1 = a1 . . . an, w2 = b1 . . . bn,and T accepts the word (a1, b1) . . . (an, bn) ∈ Σ∗ × Σ∗. A fixed-length transducer accepts a relationR ⊆ X × X if it recognizes the word relation (wx,wy) | (x, y) ∈ R.

Given a language R ⊆ Σ∗×Σ∗ and a, b ∈ Σ, we define R[a,b] = (w1,w2) ∈ Σ∗×Σ∗ | (aw1, bw2) ∈R. Notice that in particular, ∅[a,b] = ∅, and that if R has fixed-length, then so does R[a,b]. The mastertransducer over the alphabet Σ is the tuple MT = (QM,Σ×Σ, δM, FM), where QM is is the set of allfixed-length relations, FM = (ε, ε), and δM : QM × (Σ×Σ)→ QM is given by δM(R, [a, b]) = R[a,b]

for every q ∈ QM and a, b ∈ Σ. As in the language case, the minimal deterministic transducerrecognizing a fixed-length relation R is the fragment of the master transducer containing the statesreachable from R.

Like minimal DFA, minimal deterministic transducers are represented as tables of nodes. How-ever, a remark is in order: since a state of a deterministic transducer has |Σ|2 successors, one foreach letter of Σ×Σ, a row of the table has |Σ|2 entries, too large when the table is only sparsely filled.Sparse transducers over Σ × Σ are better encoded as NFAs over Σ by introducing auxiliary states: a

transition q[a,b]−−−−→ q′ of the transducer is “simulated” by two transitions q

a−−→ r

b−−→ q′, where r is an

auxiliary state with exactly one input and one output transition.

7.5. OPERATIONS ON FIXED-LENGTH RELATIONS 151

Fixed-length projection The implementation of the projection operation of Chapter 6 may yielda nondterministic transducer, even if the initial transducer is deterministic. So we need a differentimplementation. We observe that projection can be reduced to pre or post: the projection of abinary relation R onto its first component is equal to preR(Σ∗), and the projection onto the secondcomponent to postR(Σ∗). So we defer dealing with projection until the implementation of pre andpost have been discussed.

Fixed-length join. We give a recursive definition of R1 R2. Let [a, b] R = (aw1, bw2) |(w1,w2) ∈ R. We have the following properties:

• ∅ R = R ∅ = ∅;

• [ε, ε] R = [ε, ε] ;

• R1 R2 =⋃

a,b,c∈Σ

[a, b] ·(R[a,c]

1 R[c,b]2

);

which lead to the algorithm of Figure 7.7, where union is defined similarly to inter. The complexityis exponential in the worst case: if t(n) denotes the worst-case complexity for two states of lengthn, then we have t(n) = O(t(n − 1)2), because union has quadratic worst-case complexity. Thisexponential blowup is unavoidable. We prove it later for the projection operation (see Example7.11), which is a special case of pre and post, which in turn can be seen as variants of join.

join(r1, r2)Input: states r1, r2 of transducer table of the same lengthOutput: state recognizing L (r1) L (r2)

1 if G(r1, r2) is not empty then return G(r1, r2)2 if r1 = q∅ or r2 = q∅ then return q∅3 else if r1 = qε and r2 = qε then return qε4 else / ∗ q∅ , r1 , qε and q∅ , r2 , qε ∗ /5 for all (ai, a j) ∈ Σ × Σ do6 ri, j ← union

(join

(r[ai,a1]

1 , r[a1,a j]2

), . . . , join

(r[ai,am]

1 , r[am,a j]2

))7 G(r1, r2) = make(r1,1, . . . , . . . , rm,m)8 return G(r1, r2)

Figure 7.7: Algorithm join

Fixed-length pre and post. Recall that in the fixed-length case we do not need any paddingsymbol. Then, given a fixed-length language L and a relation R, preR(L) admits an inductivedefinition that we now derive. We have the following properties:


• if R = ∅ or L = ∅, then preR(L) = ∅;

• if R = [ε, ε] and L = ε, then preR(L) = ε;

• if ∅ , R , [ε, ε] and ∅ , L , ε, then preR(L) =⋃

a,b∈Σ

a · preR[a,b](Lb),

where R[a,b] = w ∈ (Σ × Σ)∗ | [a, b]w ∈ R.

The first two properties are obvious. For the last one, observe that all pairs of R have length atleast one, and so every word of preR(L) also has length at least one. Now, given an arbitrary wordaw1 ∈ ΣΣ∗, we have

aw1 ∈ preR(L)⇔ ∃bw2 ∈ L : [aw1, bw2] ∈ R⇔ ∃b ∈ Σ ∃w2 ∈ Lb : [w1,w2] ∈ R[a,b]

⇔ ∃b ∈ Σ : w1 ∈ preR[a,b](Lb)⇔ aw1 ∈

⋃b∈Σ

a · preR[a,b](Lb)

and so preR(L) =⋃

a,b∈Σ

a · preR[a,b](Lb) These properties lead to the recursive algorithm of Table 7.5,

which accepts as inputs a state of the transducer table for a relation R and a state of the automatontable for a language L, and returns the state of the automaton table recognizing preR(L). Thetransducer table is not changed by the algorithm.

pre(r, q)Input: state r of transducer table and state q of automaton table,of the same lengthOutput: state recognizing preL(r)(L (q))

1 if G(r, q) is not empty then return G(r, q)2 if r = r∅ or q = q∅ then return q∅3 else if r = rε and q = qε then return qε4 else5 for all ai ∈ Σ do6 q′i ← union

(pre

(r[ai,a1], qa1

), . . . , pre

(r[ai,am], qam

))7 G(q, r)← make(q′1, . . . , q

′m)

8 return G(q, r)

Table 7.6: Algorithm pre.

As promised, we can now give an implementation of the operation that projects a relation Ronto its first component. It suffices to give a dedicated algorithm for preR(Σ∗), shown in Table 7.5.

7.6. DECISION DIAGRAMS 153

pro1(r)Input: state r of transducer tableOutput: state recognizing proj1(L(r))

1 if G(r) is not empty then return G(r)2 if r = r∅ then return q∅3 else if r = rε then return qε4 else5 for all ai ∈ Σ do6 q′i ← union

(pro1

(r[ai,a1]

), . . . , pro1

(r[ai,am]

))7 G(r)← make(q′1, . . . , q

′m)

8 return G(r)

Table 7.7: Algorithm pro1.

Algorithm pro1 has exponential worst-case complexity. As in the case of join, the reason is thequadratic blowup introduced by union when the recursion depth increases by one. The next exam-ple shows that projection is inherently exponential.

Example 7.11 Consider the relation R ⊆ Σ2n × Σ2n given by

R =(

w1xw2yw3, 0|w1 |10|w2 |10|w3 |)| x , y, |w2| = n and |w1w3| = n − 2

.

That is, R contains all pairs of words of length 2n whose first word has a position i ≤ n such thatthe letters at positions i and i + n are distinct, and whose second word contains only 0’s but for two1’s at the same two positions. It is easy to see that the minimal deterministic transducer for R hasO(n2) states (intuitively, it memorizes the letter x above the first 1, reads n − 1 letters of the form(z, 0), and then reads (y, 1), where y , x). On the other hand, we have

proj1(R) = ww′ | w,w′ ∈ Σn and w , w′ ,

whose minimal DFA, as shown when discussing det&min, has O(2n) states. So any algorithm forprojection has Ω(2

√n) complexity.

Slight modifications of this example show that join, pre, and post are inherently exponential aswell.

7.6 Decision Diagrams

Binary Decision Diagrams, BDDs for short, are a very popular data structure for the representationand manipulation of boolean functions. In this section we show that they can be seen as minimalautomata of a certain kind.


Given a boolean function f (x1, . . . , xn) : 0, 1n → 0, 1, let L f denote the set of stringsb1b2 . . . bn ∈ 0, 1n such that f (b1, . . . bn) = 1. The minimal DFA recognizing L f is very similar tothe BDD representing f , but not completely equal. We modify the constructions of the last sectionto obtain an exact match.

Consider the following minimal DFA for a language of length four:

q0

q1

q2

q3

q4

q5

q6

q7

a

a

b

a

ba

b

b

a

b

a

b

b

Its language can be described as follows: after reading an a, accept any word of length three; afterreading ba, accept any word of length 2; after reading bb, accept any two-letter word whose lastletter is a b. Following this description, the language can also be more compactly described by anautomaton with regular expressions as transitions:

r0

r1 r2

r3

b

a · Σ3

a · Σ2

b · Σ

b

We call such an automaton a decision diagram (DD). The intuition behind this name is that, ifwe view states as points at which a decision is made, namely which should be the next state, thenstates q1, q3, q4, q6 do not correspond to any real decision; whatever the next letter, the next state isthe same. As we shall see, the states of minimal DD will always correspond to “real” decisions.

Section 7.6.1 shows that the minimal DD for a fixed-length language is unique, and can beobtained by repeatedly applying to the minimal DFA the following reduction rule:

q

q1

qn

r

l1

l2

a1

am

• • • • • •

q1

qn

r

l1 · Σ

l2 · Σ

• • •

The converse direction also works: the minimal DFA can be recovered from the minimal DDby “reversing” the rule. This already allows us to use DDs as a data structure for fixed-lengthlanguages, but only through conversion to minimal DFAs: to compute an operation using minimalDDs, expand them to minimal DFAs, conduct the operation, and convert the result back. Section


7.6.2 shows how to do better by directly defining the operations on minimal DDs, bypassing theminimal DFAs.

7.6.1 Decision Diagrams and Kernels

A decision diagram (DD) is an automaton A = (Q,Σ, δ,Q0, F) whose transitions are labelled byregular expressions of the form

aΣn = a ΣΣΣ . . .ΣΣ︸︷︷︸n

and satisfies the following determinacy condition: for every q ∈ Q and a ∈ Σ there is exactly onek ∈ N such that δ(q, aΣk) , ∅, and for this k there is a state q′ such that δ(q, aΣk) = q′. Observethat DFAs are special DDs in which k = 0 for every state and every letter.

We introduce the notion of kernel, and kernel of a fixed-length language.

Definition 7.12 A fixed-length language L over an alphabet Σ is a kernel if L = ∅, L = ε, or thereare a, b ∈ Σ such that La , Lb. The kernel of a fixed-length language L, denoted by 〈L〉, is theunique kernel satisfying L = Σk 〈L〉 for some k ≥ 0.

Observe that the number k is also unique for every language but ∅. Indeed, for the emptylanguage we have 〈∅〉 = ∅ and so ∅ = Σk 〈∅〉 for every k ≥ 0.

Example 7.13 Let Σ = a, b, c. L1 = aab, abb, bab, cab is a kernel because La1 = ab, bb ,

ab = Lb1, and 〈L1〉 = L1; the language L2 = aa, ba is also a kernel because La

2 = a , ∅ = Lc2.

However, if we change the alphabet to Σ′ = a, b then L2 is no longer a kernel, and we have〈L2〉 = a. For the language L3 = aa, ab, ba, bb over Σ′ we have L3 = (Σ′)2, and so k = 2 and〈L3〉 = ε.

The mapping that assigns to ever nonempty, fixed-length language L the pair (k, 〈L〉) is a bi-jection. In other words, L is completely determined by k and 〈L〉. So a representation of kernelscan be extended to a representation of all fixed-length languages. Let us now see how to representkernels.

The master decision diagram (we call it just “the master”) has the set of all kernels as states,the kernel ε as unique final state, and a transition (K, aΣk, 〈Ka〉) for every kernel K and a ∈ Σ,where k is equal to the length of Ka minus the length of 〈Ka〉. (For K = ∅, which has all lengths,we take k = 0.)

Example 7.14 Figure 7.8 shows a fragment of the master for the alphabet a, b (compare withFigure 7.1). The languages a, b, aa, ab, ba, bb, and ab, bb of Figure 7.1 are not kernels, and sothey are not states of the master either.


ε

ba

aa, ab, bbaa, ab, ba

aab, abb, baa, bab, bbb

a, b

∅a, b

a baΣbΣ2

b

a b a

b

baΣ aΣ

aaa, aab, aba, baa, bab, bba, bbb

Figure 7.8: A fragment of the master decision diagram

The DD AK for a kernel K is the fragment of the master containing the states reachable fromK. It is easy to see that AK recognizes K. A DD is minimal if no other DD for the same languagehas fewer states. Observe that, since every DFA is also a DD, the minimal DD for a language hasat most as many states as its minimal DD.

The following proposition shows that the minimal DD of a kernel has very similar propertiesto the minimal DFAs of a regular language. In particular, AK is always a minimal DD for thekernel K. However, because of a technical detail, it is not the unique minimal DD: The label of thetransitions of the master leading to ∅ can be changed from a to aΣk for any k ≥ 0, and from b tobΣk for any k ≥ 0, without changing the language. To recover unicity, we redefine minimality: ADD is minimal no other DD for the same language has fewer states, and every transition leading toa state from which no word is accepted is labeled by a or b.

Proposition 7.15 (1) Let A be a DD such that L(A) is a kernel. A is minimal if and only if (i)every state of A recognizes a kernel, and (ii) distinct states of A recognize distinct kernels.

(2) For every K , ∅, AK is the unique minimal DD recognizing K.

(3) The result of exhaustively applying the reduction rule to the minimal DFA recognizing afixed-length language L is the minimal DD recognizing 〈L〉.


Proof: (1 ⇒): For (i), assume A contains a state q such that L (q) is not a kernel. We provethat A is not minimal. Since L(A) is a kernel, q is neither initial nor final. Let k be the smallestnumber such that A contains a transition (q, aΣk, q′) for some letter a and some state q′. ThenL (q)a = ΣkL(q′), and, since L (q) is not a kernel, L (q)a = L (q)b for every b ∈ Σ. So we haveL (q) =

⋃a∈Σ a ΣkL(q′) = Σk+1 L (q′). Now we perform the following two operations: first, we

replace every transition (q′′, bΣl, q) of A by a transition (q′′, bΣl+k+1, q′); then, we remove q andany other state no longer reachable from the initial state (recall that q is neither initial nor final).The resulting DD recognizes the same language as A, and has at least one state less. So A is notminimal.

For (ii), observe that the quotienting operation can be defined for DDs as for DFAs, and sowe can merge states that recognize the same kernel without changing the language. If two distinctstates of A recognize the same kernel then the quotient has fewer states than A, and so A is notminimal.

(1⇐): We show that two DDs A and A′ that satisfy (i) and (ii) and recognize the same languageare isomorphic, which, together with (1⇒), proves that they are minimal. It suffices to prove thatif two states q, q′ of A and A′ satisfy L (q) = L (q′), then for every a ∈ Σ the (unique) transitions(q, aΣk, r) and (q′, aΣk′ , r′) satisfy k = k′ and L (r) = L (r′). Let L (q) = K = L (q′). By (1 ⇒),both L (r) and L (r′) are kernels. But then we necessarily have L (r) = 〈Ka〉 = L (q′), because theonly solution to the equation K = aΣlK′, where l and K′ are unknowns and K′ must be a kernel, isK′ = 〈Ka〉.

(2) AK recognizes K and it satisfies conditions (a) and (b) of part (1) by definition. So it is aminimal DD. Uniqueness follows from the proof of (1⇐).

(3) Let B be a DD obtained by exhaustively applying the reduction rule to A. By (1), it sufficesto prove that B satisfies (i) and (ii). For (ii) observe that, since every state of A recognizes a differentlanguage, so does every state of B (the reduction rule preserves the recognized languages). For (i),assume that some state q does not recognize a kernel. Without loss of generality, we can chooseL (q) of minimal length, and therefore the target states of all outgoing transitions of q recognizekernels. It follows that all of them necessarily recognize 〈L (q)〉. Since B contains at most one staterecognizing 〈L (q)〉, all outgoing transitions of q have the same target, and so the reduction rule canbe applied to q, contradicting the hypothesis that it has been applied exhaustively.

7.6.2 Operations on Kernels

We use multi-DDs to represent sets of fixed-length languages of the same length. A set L =

L1, . . . , Lm is represented by the states of the master recognizing 〈L1〉, . . . , 〈Lm〉 and by the com-mon length of L1, . . . , Lm. Observe that the states and the length completely determine L.

Example 7.16 Figure 7.9 shows the multi-DD for the set L1, L2, L3 of Example 7.7. Recall thatL1 = aa, ba, L2 = aa, ba, bb, and L3 = ab, bb. The multi-DD is the result of applying thereduction rule to the multi-automaton of Figure 7.2. We represent the set by the multi-DD and the


1

L3

6

2

L2

a b

L1

4bΣ

a

Figure 7.9: The multi-zDFA for L1, L2, L3withL1 = aa, ba, L2 = aa, ba, bb, and L3 = ab, bb.

number 2, the length of L1, L2, L3. Observe that, while L1, L2 and L3 have the same length, 〈L2〉

has a different length than 〈L1〉 and 〈L3〉.

Multi-DDs are represented as a table of kernodes. A kernode is a triple 〈q, l, s〉, where q is astate identifier, l is a length, and s = (q1, . . . , qm) is the successor tuple of the kernode. The tablefor the multi-DD of Figure 7.9 is:

Ident. Length a-succ b-succ2 1 1 04 1 0 16 2 2 1

This example explains the role of the new length field. If we only now that the a- and b-successorsof, say, state 6 are states 2 and 1, we cannot infer which expressions label the transitions from 6 to2 and from 6 to 1: they could be a and bΣ, or aΣ and bΣ2, or aΣn and bΣn+1 for any n ≥ 0. However,once we know that state 6 accepts a language of length 2, we can deduce the correct labels: sincestates 2 and 1 accept languages of length 1 and 0, respectively, the labels are a and bΣ.

The procedure kmake(l, s). All algorithms call a procedure kmake(l, s) with the followingspecification. Let Ki be the kernel recognized by the i-th component of s. Then kmake(l, s)returns the kernode for 〈L〉, where L is the unique language of length l such that 〈Lai〉 = Ki forevery ai ∈ Σ.

If Ki , K j for some i, j, then kmake(l, s) behaves like make(s): if the current table al-ready contains a kernode 〈q, l, s〉, then kmake(l, s) returns q; and, if no such kernode exists, thenkmake(l, s) creates a new kernode 〈q, l, s〉 with a fresh identifier q, and returns q.


If K1, . . . ,Km are all equal to some kernel K, then we have L =⋃m

i=1 ai Σk K for some k, andtherefore 〈L〉 = 〈Σl+1 K〉 = K. So kmake(l, t) returns the kernode for K. For instance, if T isthe table above, then kmake(3, (2, 2)) returns 3, while make(2, 2) creates a new node having 2 asa-successor and b-successor.

Algorithms. The algorithms for operations on kernels are modifications of the algorithms of theprevious section. We show how to modify the algorithms for intersection, complement, and forsimultaneous determinization and minimization. In the previous section, the state of the masterautomaton for a language L was the language L itself, and was obtained by recursively computingthe states for La1 , . . . , Lam and then applying make. Now, the state of the master DD for L is 〈L〉,and can be obtained by recursively computing states for 〈La1〉, . . . , 〈Lam〉 and applying kmake.

Fixed-length intersection. Given kernels K1,K2 of languages L1, L2, we compute the state rec-

ognizing K1 u K2def= 〈L1 ∩ L2〉. 2 We have the obvious property

• if K1 = ∅ or K2 = ∅, then K1 u K2 = ∅.

Assume now K1 , ∅ , K2. If the lengths of K1 and K2 are l1, l2, then since 〈ΣkL〉 = 〈L〉 holds forevery k, L we have

K1 u K2 =

〈Σl2−l1 K1 ∩ K2〉 if l1 < l2〈K1 ∩ Σl1−l2 K2〉 if l1 > l2〈K1 ∩ K2〉 if l1 = l2

which allows us to obtain the state for K1 u K2 by computing states for

〈 (Σl1−l2 K1 ∩ K2)a 〉 , 〈 (K1 ∩ Σl2−l1 K2)a 〉 or 〈 (K1 ∩ K2)a 〉

for every a ∈ Σ, and applying kmake. These states can be computed recursively by means of:

• if l1 < l2 then 〈 (Σl2−l1 K1 ∩ K2)a 〉 = 〈 Σl2−l1−1K1 ∩ Ka2 〉 = K1 u 〈Ka

2〉 ;

• if l1 > l2 then 〈 (K1 ∩ Σl1−l2 K2)a 〉 = 〈 Ka1 ∩ Σl1−l2−1K2 〉 = 〈Ka

1〉 u K2 ;

• if l1 = l2 then 〈 (K1 ∩ K2)a 〉 = 〈 Ka1 ∩ Ka

2 〉 = 〈Ka1〉 u 〈K

a2〉 ;

which leads to the algorithm of Table 7.8.

Example 7.17 Example 7.8 shows a run of inter on the two languages represented by the multi-DFA at the top of Figure 7.4. The multi-DD for the same languages is shown at the top of Fig-ure 7.10, and the rest of the figure describes the run of kinter on it. Recall that pink nodes corre-spond to calls whose result has already been memoized, and need not be executed. The meaningof the green nodes is explained below.

2u is well defined because 〈L1〉 = 〈L′1〉 and 〈L2〉 = 〈L′2〉 implies 〈L1 ∩ L2〉 = 〈L′1 ∩ L′2〉.


1

65

98

15

32

10

a b

a

ab

a

1312

8, 1 7→ 8 9, 10 7→ 14

1, 6 7→ 60, 1 7→ 05, 1 7→ 5

2, 1 7→ 2 3, 1 7→ 3 1, 2 7→ 2 1, 1 7→ 1

0, 1 7→ 01, 1 7→ 11, 1 7→ 10, 1 7→ 0

5, 1 7→ 5

12, 13 7→ 15

a

14

b

bΣ2

aΣ3

aΣ2

bΣ

0, 1 7→ 0

0, 0 7→ 0 0, 0 7→ 0

1, 1 7→ 1

a

a

b

b b

a

b

Figure 7.10: An execution of kinter.


kinter(q1, q2)Input: states q1, q2 recognizing 〈L1〉, 〈L2〉

Output: state recognizing 〈L1 ∩ L2〉

1 if G(q1, q2) is not empty then return G(q1, q2)2 if q1 = q∅ or q2 = q∅ then return q∅3 if q1 , q∅ and q2 , q∅ then4 if l1 < l2 /* lengths of the kernodes for q1, q2 */ then5 for all i = 1, . . . ,m do ri ← kinter(q1, q

ai2 )

6 G(q1, q2)← kmake(l2, r1, . . . , rm)7 else if l1 l2 then8 for all i = 1, . . . ,m do ri ← kinter(qai

1 , q2)9 G(q1, q2)← kmake(l1, r1, . . . , rm)

10 else /* l1 = l2 */

11 for all i = 1, . . . ,m do ri ← kinter(qai1 , q

ai2 )

12 G(q1, q2)← kmake(l1, r1, . . . , rm)13 return G(q1, q2)

Table 7.8: Algorithm kinter

The algorithm can be improved by observing that two further properties hold:

• if K1 = ε then L1 ∩ L2 = L1, and so K1 u K2 = K1, and if K2 = ε then L1 ∩ L2 = L2, andso K1 u K2 = K2.

These properties imply that kinter(qε , q) = q = kinter(q, qε) for every state q. So we can improvekinter by explicitly checking if one of the arguments is qε . The green nodes in Figure 7.10 corre-spond to calls whose result is immediately returned with the help of this check. Observe how thisimprovement has a substantial effect, reducing the number of calls from 19 to only 5.

Fixed-length complement. Given the kernel K of a fixed-language L of length n, we wish tocompute the master state recognizing 〈L

n〉, where n is the length of L. The subscript n is only

necessary because ∅ has all possible lengths, and so ∅n

= Σn , Σm = Lm

for n , m. Now we have〈∅

n〉 = ε for every n ≥ 0, and so the subscript is not needed anymore. We define the operator on kernels by K = 〈L〉.3 We obtain the state for K by recursively computing states for 〈Ka〉 by

means of the properties

• if K = ∅ then K = ε, and if K = ε, then K = ∅;

• if ∅ , K , ε then 〈Ka〉 = Ka;

which lead to the algorithm of Table 7.9.3The operator is well defined because 〈L〉 = 〈L′〉 implies 〈L〉 = 〈L′〉.


kcomp(q)Input: state q recognizing a kernel KOutput: state recognizing K

1 if G(q) is not empty then return G(q)2 if q = q∅ then return qε3 else if q = qε then return q∅4 else5 for all i = 1, . . . ,m do ri ← kcomp(qai)6 G(q)← kmake(r1, . . . , rm)7 return G(q)

Table 7.9: Algorithm kcomp

Determinization and Minimization.

The algorithm kdet&min that converts a NFA recognizing a fixed-language L into the minimal DDrecognizing 〈L〉 differs from det&min essentially in one letter: it uses kmake instead of make. It isshown in Table 7.10.

kdet&min(A)Input: NFA A = (Q,Σ, δ,Q0, F)Output: state of a multi-DFA recognizing L (A)

1 return state[A](Q0)

kstate(S )Input: set S of states of length lOutput: state recognizing L (R)

1 if G(S ) is not empty then return G(S )2 else if S = ∅ then return q∅3 else if S ∩ F , ∅ then return qε4 else / ∗ S , ∅ and S ∩ F = ∅ ∗ /

5 for all i = 1, . . . ,m do S i ← δ(S , ai)6 G(S )← kmake(l, kstate(S 1), . . . , kstate(S m));7 return G(S )

Table 7.10: The algorithm kdet&min(A).

Example 7.18 Figure 7.11 shows again the NFA of Figure 7.6, and the minimal DD for the kernelof its language. The run of kdet&min(A) is shown at the bottom of the figure. For the difference


with det&min(A), consider the call kstate(δ, ε, ζ). Since the two recursive calls kstate(η) andkstate(η, θ) return both state 1 with length 1, kmake(1, 1) does not create a new state, as make(1, 1)would do it returns state 1. The same occurs at the top call kstate(α).

Exercises

Exercise 91 Prove that the minimal DFA for a language of length 4 over a two-letter alphabet hasat most 12 states, and give a language for which the minimal DFA has exactly 12 states.

Exercise 92 Give an efficient algorithm that receives as input the minimal DFA of a fixed-lengthlanguage and returns the number of words it contains.

Exercise 93 The algorithm for fixed-length universality in Table 7.3 has a best-case runtime equalto the length of the input state q. Give an improved algorithm that only needs O(|Σ|) time for inputsq such that L (q) is not fixed-size universal.

Exercise 94 Let Σ = 0, 1. Consider the boolean function f : Σ6 → Σ defined by

f (x1, x2, . . . , x6) = (x1 ∧ x2) ∨ (x3 ∧ x4) ∨ (x5 ∧ x6)

(a) Construct the minimal DFA recognizing x1 · · · x6 ∈ Σ6 | f (x1, . . . , x6) = 1.(For instance, the DFA accepts 111000 because f (1, 1, 1, 0, 0, 0) = 1, but not 101010, be-cause f (1, 0, 1, 0, 1, 0) = 0.)

(b) Show that the minimal DFA recognizing x1x3x5x2x4x6 | f (x1, . . . x6) = 1 has at least 15states.(Notice the different order! Now the DFA accepts neither 111000, because f (1, 0, 1, 0, 1, 0) =

0, nor 101010, because f (1, 0, 0, 1, 1, 0) = 0.)

(c) More generally, consider the function

f (x1, . . . , x2n) =∨

1≤k≤n

(x2k−1 ∧ x2k)

and the languages x1x2 . . . x2n−1x2n | f (x1, . . . , x2n) = 1 and x1x3 . . . x2n−1x2x4 . . . x2n |

f (x1, . . . , x2n) = 1.Show that the size of the minimal DFA grows linearly in n for the first language, and expo-nentially in n for the second language.


1. Give a transducer that doubles numbers, i.e. a transducer accepting

L1 =[x, y] ∈ (0, 1 × 0, 1)∗ : val(y) = 2 · val(x)

.


θη

3

a

2

b

1

εδ ζ

b

bb

α

b

bb

β γ

a a, b

a a, b

a

ε 7→ 2 δ, ε, ζ 7→ 1

γ 7→ 3

ε, ζ 7→ 1

η, θ 7→ 1

ε 7→ 2

η, θ 7→ 1η 7→ 1 η 7→ 1 η 7→ 1∅ 7→ 0

β, γ 7→ 3

α 7→ 3

bΣ

Figure 7.11:


2. Give an algorithm that takes k ∈ N as input, and that produces a transducer Ak accepting

Lk =[x, y] ∈ (0, 1 × 0, 1)∗ : val(y) = 2k · val(x)

.

(Hint: use (a) and consider operations seen in class.)

3. Give a transducer for the addition of two numbers, i.e. a transducer accepting[x, y, z] ∈ (0, 1 × 0, 1 × 0, 1)∗ : val(z) = val(x) + val(y)

.

4. For every k ∈ N>0, let

Xk =[x, y] ∈ (0, 1 × 0, 1)∗ : val(y) = k · val(x)

.

Suppose you are given transducers A and B accepting respectively Xa and Xb for some a, b ∈N>0. Sketch an algorithm that builds a transducer C accepting Xa+b. (Hint: use (b) and (c).)

5. Let k ∈ N>0. Using (b) and (d), how can you build a transducer accepting Xk?

6. Show that the following language has infinitely many residuals, and hence that it is notregular:

[x, y] ∈ (0, 1 × 0, 1)∗ : val(y) = val(x)2.

Exercise 96 Let L1 = abb, bba, bbb and L2 = aba, bbb.

1. Suppose you are given a fixed-length language L described explicitely by a set instead of anautomaton. Give an algorithm that ouputs the state q of the master automaton for L.

2. Use the previous algorithm to build the states of the master automaton for L1 and L2.

3. Compute the state of the master automaton representing L1 ∪ L2.

4. Identify the kernels 〈L1〉, 〈L2〉, and 〈L1 ∪ L2〉.

Exercise 97 1. Give an algorithm to compute L(p) · L(q) given states p and q of the masterautomaton.

2. Give an algorithm to compute both the length and size of L(q) given a state q of the masterautomaton.

3. The length and size of L(q) could be obtained in constant time if they were simply stored inthe master automaton table. Give a new implementation of make for this representation.

Exercise 98 Let k ∈ N>0. Let flip : 0, 1k → 0, 1k be the function that inverts the bits of itsinput, e.g. flip(010) = 101. Let val : 0, 1k → N be such that val(w) is the number represented byw with the “least significant bit first” encoding.


1. Describe the minimal transducer that accepts

Lk =[x, y] ∈ (0, 1 × 0, 1)k : val(y) = val(flip(x)) + 1 mod 2k

.

2. Build the state r of the master transducer for L3, and the state q of the master automaton for010, 110.

3. Adapt the algorithm pre seen in class to compute post(r, q).

Exercise 99 Given a boolean formula over variables x1, . . . , xn, we define the language of φ, de-noted by L(φ), as follows:

L(φ) = a1a2 · · · an | the assignment x1 7→ a1, . . . , xn 7→ an satisfies φ

(a) Give a polynomial algorithm that takes a DFA A recognizing a language of length n as input,and returns a boolean formula φ such that L(φ) = L(A).

(b) Give an exponential algorithm that takes a boolean formula φ as input, and returns a DFA Arecognizing L(φ).

Exercise 100 Recall the definition of language of a boolean formula over variables x1, . . . , xn givenin Exercise 99. Prove that the following problem is NP-hard:

Given: A boolean formula φ in conjunctive normal form, a number k ≥ 1.Decide: Does the minimal DFA for L(φ) have at most 1 state?

Exercise 101 Given X ⊂ 0, 1, . . . , 2k − 1, where k ≥ 1, let AX be the minimal DFA recognizingthe LSBF-encodings of length k of the elements of X.

(1) Define X +1 by X +1 = x+1 mod 2k | x ∈ X. Give an algorithm that on input AX producesAX+1 as output.

(2) Let AX = (Q, 0, 1, δ, q0, F). Which is the set of numbers recognized by the automatonA′ = (Q, 0, 1, δ′, q0, F), where δ′(q, b) = δ(q, 1 − b)?

Exercise 102 Recall the definition of DFAs with negative transitions (DFA-nt’s) introduced inExercise 43, and consider the alphabet 0, 1. Show that if only transitions labeled by 1 can benegative, then every regular language over 0, 1 has a unique minimal DFA-nt.

Chapter 8

Applications II: Verification

One of the main applications of automata theory is the automatic verification or falsification ofcorrectness properties of hardware and software systems. Given a system (like a digital circuit, aprogram, or a communication protocol), and a property (like “after termination the values of thevariables x and y are equal” or “every sent message is eventually received”), we wish to automati-cally determine whether the system satisfies the property or not.

8.1 The Automata-Theoretic Approach to Verification

We consider discrete systems for which a notion of configuration can be defined1. At every timemoment the system is at a configuration. Moves from one configuration to the next take placeinstantaneously, and are determined by the system dynamics. If the semantics allows a move froma configuration c to another one c′, then c′ is a legal successor of c. A configuration may haveseveral successors, in which case the system is said to be nondeterministic. There is a distinguishedset of initial configurations. An execution is a finite or infinite sequence of configurations startingat some initial configuration, and in which every other configuration is a legal successor of itspredecessor in the sequence. A full execution is either an infinite execution, or an execution whoselast configuration has no successors.

In this chapter we are only interested in finite executions (see Chapter 14 for an extension toinfinite executions). The set of executions can then be seen as a language E ⊆ C∗, where thealphabet C is the set of possible configurations of the system. We call C∗ the set of potentialexecutions of the system.

Example 8.1 Consider the following program with two boolean variables x, y:

1We speak of the configurations of a system, and not of its states, in order to avoid confusion with the states ofautomata.

167

168 CHAPTER 8. APPLICATIONS II: VERIFICATION


A configuration of the program is a triple [`, nx, ny], where ` ∈ 1, 2, 3, 4, 5 is the current valueof the program counter, and nx, ny ∈ 0, 1 are the current values of x and y. The set C ofall possible configurations contains 5 × 2 × 2 = 20 elements. The initial configurations are[1, 0, 0], [1, 0, 1], [1, 1, 0], [1, 1, 1], i.e., all configurations in which control is at line 1. The sequence

[1, 1, 1] [2, 1, 1] [3, 1, 1] [4, 0, 1] [1, 0, 1] [5, 0, 1]

is a full execution, while[1, 1, 0] [2, 1, 0] [4, 1, 0] [1, 1, 0]

is also an execution, but not a full one. All words of

( [1, 1, 0] [2, 1, 0] [4, 1, 0] )∗

are executions, and so the language E of all executions is infinite.

Assume we wish to determine whether the system has an execution satisfying some propertyof interest. If we can construct automata for the language E ⊆ C∗ of executions and the languageP ⊆ C∗ of potential executions satisfying the property, then we can solve the problem by checkingwhether the language E∩P is empty, which can be decided using the algorithms of Chapter 4. Thisis the main insight behind the automata-theoretic approach to verification.

The requirement that the language E of executions is regular is satisfied by all systems withfinitely many reachable configurations (i.e., finitely many configurations c such that some executionleads from some initial configuration to c). A system automaton recognizing the executions ofthe system can be easily obtained from the configuration graph: the graph having the reachableconfigurations as nodes, and arcs from each configuration to its successors. There are two possibleconstructions, both very simple.

• In the first construction, the states are the reachable configurations of the program plus a newstate i, which is also the initial state. All states are final. For every transition c → c′ of the

graph there is a transition cc′−−→ c′ in the system automaton. Moreover, there is a transition

ic−−→ c for every initial configuration.

It is easy to see that this construction produces a minimal deterministic automaton. Since

the label of a transition is also its target state, for any two transitions cc′−−→ c1 and c

c′−−→ c2

we necessarily have c1 = c′ = c2, and so the automaton is deterministic. To show that itis minimal, observe that all words accepted from state c start with c, and so the languagesaccepted by different states are also different (in fact, they are even disjoint).

8.2. PROGRAMS AS NETWORKS OF AUTOMATA 169

• In the second construction, the states are the reachable configurations of the program plus anew state f . The initial states are all the initial configurations, and all states are final. Forevery transition c → c′ of the graph there is a transition c

c−−→ c′ in the system automaton.

Moreover, there is a transition cc−−→ f for every configuration c having no successor.

Example 8.2 Figure 8.1 shows the configuration graph of the program of Example 8.1, and thesystem automata produced by the two constructions above. Let us algorithmically decide if thesystem has a full execution such that initially y = 1, finally y = 0, and y never increases. Let[`, x, 0], [`, x, 1] stand for the sets of configurations such that y = 0 and y = 1, respectively, but thevalues of ` and x are arbitrary. Similarly, let [5, x, 0] stand for the set of configurations with ` = 5and y = 0, but x arbitrary. The set of potential executions satisfying the property is given by theregular expression

[`, x, 1] [`, x, 1]∗ [`, x, 0]∗ [5, x, 0]

which is recognized by the property automaton at the top of Figure 8.2. Its intersection with thesystem automaton in the middle of Figure 8.1 (we could also use the one at the bottom) is shown atthe bottom of Figure 8.2. A light pink state of the pairing labeled by [`, x, y] is the result of pairingthe light pink state of the property NFA and the state [`, x, y] of the system DFA. Since labels ofthe transitions of the pairing are always equal to the target state, they are omitted for the sake ofreadability.

Since no state of the intersection has a dark pink color, the intersection is empty, and so theprogram has no execution satisfying the property.

Example 8.3 Let us now automatically determine whether the assignment y ← 1 − x in line 4of the program of Example 8.1 is redundant and can be safely removed. This is the case if theassignment never changes the value of y. The potential executions of the program in which theassignment changes the value of y at some point correspond to the regular expression

[`, x, y]∗ ( [4, x, 0] [1, x, 1] + [4, x, 1] [1, x, 0] ) [`, x, y]∗ .

A property automaton for this expression can be easily constructed, and its intersection with thesystem automaton is again empty. So the property holds, and the assignment is indeed redundant.

8.2 Programs as Networks of Automata

We can also model the program of Example 8.1 as a network of communicating automata. The keyidea is to model the two variables x and y and the control flow of the program as three independentprocesses. The processes for x and y maintain their current values, and the control flow processmaintains the current value of the program counter. The execution of, say, the assignment x← 0 inline 3 of the program is modeled as the execution of a joint action between the control flow process


1, 0, 1 5, 0, 1

4, 1, 0

3, 1, 1

i

1, 0, 0 5, 0, 0

1, 1, 1 2, 1, 1

1, 1, 0 2, 1, 0

4, 0, 1

1, 0, 0 5, 0, 0

1, 1, 1 2, 1, 1

1, 1, 0 2, 1, 0

1, 0, 1 5, 0, 1

4, 1, 0

3, 1, 1 4, 0, 1

[5, 0, 0]

[1, 0, 0]

[4, 1, 0]

[2, 1, 0][1, 1, 0]

[5, 0, 1][1, 0, 1]

[4, 0, 1]

[3, 1, 1][2, 1, 1][1, 1, 1]

1, 0, 0 5, 0, 0

1, 1, 1 2, 1, 1

1, 1, 0 2, 1, 0

1, 0, 1 5, 0, 1

4, 1, 0

3, 1, 1

[5, 0, 0]

[2, 1, 0] [4, 1, 0]

[1, 1, 0]

[5, 0, 1]

[3, 1, 1][2, 1, 1]

[1, 1, 0][1, 0, 1]

[1, 1, 1]

[1, 0, 0]

i

4, 0, 1

[1, 0, 1]

[4, 0, 1]

Figure 8.1: Configuration graph and system automata of the program of Example 8.1


2, 1, 1 4, 0, 13, 1, 11, 1, 1

i

[`, x, 1]

[`, x, 1] [`, x, 0]

[5, x, 0]

1, 0, 1 5, 0, 1

1, 0, 1 5, 0, 1

1, 1, 1 2, 1, 1 3, 1, 1 4, 0, 1

Figure 8.2: Property automaton and product automaton

and the process for variable x: the control flow process updates the current control position to 4,and simultaneously the process for x updates the current value of x to 0.

The processes for the variables and the control-flow are represented by finite automata whosestates are all final. The three automata for the program of Example 8.1 are shown in Figure 8.3.Since all states are final, we do not use the graphical representation with a double circle. Theautomata for x and y have two states, one for each for possible value of the variables. The control-flow automaton has 5 states, one for each control location. The alphabet of the automaton for xcontains the assignments and the boolean conditions of the program involving x, and similarly for y.So, for example, the alphabet for x contains x← 0, but not y = 1. However, one single assignmentmay produce several alphabet letters. For instance, the assignment y←1− x at line 4 produces twoalphabet letters, corresponding to two possible actions: if the automaton for x is currently at state 0(that is, if x currently has value 0), then the automaton for y must move to state 1, otherwise to state0. (The same occurs with the assignment x←1− x.) We let (x = 0⇒ y← 1) and (x = 1⇒ y← 0)denote these two alphabet letters. Observe also that the execution of y←1− x is modeled as a jointaction of all three automata: intuitively, the action (x = 0 ⇒ y ← 1) can be executed only if theautomaton for x is currently at state 0 and the control-flow automaton is currently at state 4.

Let us give a formal definition of networks of automata. In the definition we do not require allstates to be final, because, as we shall see later, a more general definition proves to be useful.

Definition 8.4 A network of automata is a tuple A = 〈A1, . . . , An〉 of NFAs, not necessarily overthe same alphabet. Let Ai = (Qi,Σi, δi,Q0i, Fi) for every i = 1, . . . , n, and let Σ = Σ1 ∪ · · · ∪ Σn. Aletter of Σ is called an action. A configuration of A is a tuple [q1, . . . , qn] of states such that qi ∈ Qi

for every i ∈ 1, . . . , n. A configuration is initial if qi ∈ Q0i for every i ∈ 1, . . . , n, and final ifqi ∈ Fi for every i ∈ 1, . . . , n.


1 4

5

2

3

x , 1

x← 0y , 1

x = 1⇒ y← 0 ,x = 0⇒ y← 1

x = 1

y = 1

0 1x← 0

x = 1x← 0 ,x , 1

x = 0⇒ y← 1 ,x = 1⇒ y← 0 ,

10

x = 1⇒ y← 0

x = 0⇒ y← 1

x = 0⇒ y← 1 ,y = 1

x = 1⇒ y← 0 ,y , 1

Figure 8.3: A network of three automata modeling the program of Example 8.1. All states are final,and so the double circles are drawn as simple circles for clarity.

Observe that each NFA of a network has its own alphabet Σi. The alphabets Σ1, . . . ,Σn arenot necessarily disjoint, in fact usually they are not. We define when is an action enabled at aconfiguration, and what happens when it occurs.

Definition 8.5 Let A = 〈A1, . . . , An〉 be a network of automata, where Ai = (Qi,Σi, δi,Q0i, Fi).Given an action a ∈ Σ, we say that Ai participates in a if a ∈ Σi. An action a is enabled at aconfiguration [q1, . . . , qn] if δi(qi, a) , ∅ for every i ∈ 1, . . . , n such that Ai participates in a. If ais enabled, then it can occur, and its occurrence can lead to any element of the Cartesian productQ′1 × · · · × Q′n, where

Q′i =

δ(qi, a) if Ai participates in aqi otherwise

We call Q′1 × · · · × Q′n the set of successor configurations of [q1, . . . , qn] with respect to action

a. We write [q1, . . . , qn]a−−→[q′′1 , . . . , q

′′n ] to denote that [q1, . . . , qn] enables a and [q′′1 , . . . , q

′′n ] ∈

Q′1 × · · · × Q′n.

The language accepted by a network of automata is defined in the standard way:

Definition 8.6 A run of A on input a0 a1 . . . an−1 ∈ Σ∗ is a sequence c0a0−−−→ c1

a1−−−→ c2 · · ·

an−1−−−−→ cn

where c0, . . . , cn are configurations of A, the configuration c0 is initial, and ci+1 is a successor of


Ci with respect to ai for every 0 ≤ i ≤ n − 1. A run is accepting if cn is a final configuration. A

accepts w ∈ Σ∗ if it has an accepting run on input w. The language recognized by A, denoted byL(A), is the set of words accepted by A.

Example 8.7 Let Ax, Ay, and AP be the three automata of Example 8.1 for the variables x and yand the control-flow, respectively. We have

Σx = x = 1 , x , 1 , x← 0 , (x = 0⇒ y← 1) , (x = 1⇒ y← 0)

Σy = y = 1 , y , 1 , (x = 0⇒ y← 1) , (x = 1⇒ y← 0)

ΣP = Σx ∪ Σy

The automata participating in the action x = 0 are AP and Ax, and all three automata participate in(x = 1 ⇒ y ← 0). Observe that AP participates in all actions. If we define A = 〈AP, Ax, Ay〉, thenthe configurations of A are the configurations of the program of Example 8.1. The configuration

[3, 1, 0] enables the action x← 0, and we have [3, 1, 0]x←0−−−−→[4, 0, 0]. One of the runs of A is

[1, 1, 1]x=1−−−−→[2, 1, 1]

y=1−−−−→[3, 1, 1]

x←0−−−−→[1, 0, 1]

x,1−−−−→[5, 0, 1]

and so the word (x = 1) (y = 1) (x← 0) (x , 1) belongs to L(A).

8.2.1 Parallel Composition of Languages

We introduce a useful characterization of the language of a network of automata. Given languagesL1 ⊆ Σ∗1, . . . , Ln ⊆ Σ∗n, the parallel composition of L1, . . . , Ln is the language L1 ‖ L2 ‖ · · · ‖ Ln ⊆

(Σ1 ∪ · · · ∪ Σn)∗ defined as follows: w ∈ L1 ‖ · · · ‖ Ln iff projΣi(w) ∈ Li for every 1 ≤ i ≤ n.

Notice that, strictly speaking, parallel composition is an operation that depends not only onthe languages L1, . . . , Ln, but also on their alphabets. Take for example L1 = a and L2 = ab.If we look at them as languages over the alphabet a, b, then L1 ‖ L2 = ∅, but if we look at L1as a language over a, and at L2 as a languge over a, b, then L1 ‖ L2 = ab. So the correctnotation would be L1 ‖Σ1,Σ2 L2, but we abuse language and assume that when a language is definedits alphabet is clear from the context.

Proposition 8.8 The parallel composition of languages has the following properties:

(1) Parallel composition is associative, commutative, and idempotent, that is: (L1 ‖ L2) ‖ L3 =

L1 ‖ (L2 ‖ L3) (associativity); L1 ‖ L2 = L2 ‖ L1 (commutativity), and L ‖ L = L (idempo-tence).

(2) If L1, L2 ⊆ Σ∗, then L1 ‖ L2 = L1 ∩ L2.

(3) Let A = 〈A1, . . . ,An〉 be a network of automata. Then L(A) = L(A1) ‖ · · · ‖ L(An).

Proof: See Exercise 105.


By properties (2) and (3), two automata A1, A2 over the same alphabet satisfy L(A1 ⊗ A2) =

L(A1) ∩ L(A2). Intuitively, in this case every action must be jointly executed by A1 and A2, or,in other words, the automata move in lockstep. At the other extreme, if the input alphabets of A1and A2 are pairwise disjoint, then, intuitively, the automata do not communicate at all, and moveindependently of each other.

8.2.2 Asynchronous Product

Given a network of automata A = 〈A1, . . . An〉, we can compute a NFA recognizing the samelanguage. This NFA, called the asynchronous product of A and denoted by A1 ⊗ · · · ⊗ An, is theoutput of the following algorithm:

AsyncProduct(A1, . . . , An)Input: a network of automata A = 〈A1, . . . , An〉, where

Ai = (Qi,Σi, δi,Q0i, Fi) for every i = 1, . . . n.Output: NFA A1 ⊗ · · · ⊗ An = (Q,Σ, δ,Q0, F) recognizing L(A).

1 Q, δ, F ← ∅2 Q0 ← Q01 × · · · × Q0n

3 W ← Q0

4 while W , ∅ do5 pick [q1, . . . , qn] from W6 add [q1, . . . , qn] to Q7 if

∧ni=1 qi ∈ Fi then add [q1, . . . , qn] to F

8 for all a ∈ Σ1 ∪ . . . ∪ Σn do9 for all i ∈ [1..n] do

10 if a ∈ Σi then Q′i ← δi(qi, a) else Q′i = qi

11 for all [q′1, . . . , q′n] ∈ Q′1 × . . . × Q′n do

12 if [q′1, . . . , q′n] < Q then add [q′1, . . . , q

′n] to W

13 add ([q1, . . . , qn], a, [q′1, . . . , q′n]) to δ

14 return (Q,Σ, δ,Q0, F)

The algorithm follows closely Definitions 8.5 and 8.6. Starting at the initial configurations, AsyncProd-uct repeatedly picks a configuration from the workset, stores it, constructs its successors, and addsthem (if not yet stored) to the workset. Line 10 is the most important one. Assume we are in themiddle of the execution of AsyncProduct(A1, A2), currently processing a configuration [q1, q2] andan action a at line 8.

• Assume that a belongs to Σ1∩Σ2, and the a-transitions leaving q1 and q2 are q1a−−→ q′1, q1

a−−→ q′′1

and q2a−−→ q′2, q1

a−−→ q′′2 . Then we obtain Q′1 = q′1, q

′′1 and Q′2 = q′2, q

′′2 , and the loop at

lines 11-13 adds the transitions

[q1, q2]a−−→[q′1, q

′2] [q1, q2]

a−−→[q′′1 , q

′2] [q1, q2]

a−−→[q′1, q

′′2 ] [q1, q2]

a−−→[q′′1 , q

′′2 ]


corresponding to the four possible “joint a-moves” that A1 and A2 can execute from [q1, q2].

• Assume now that a only belongs to Σ1, the a-transitions leaving q1 are as before, and, sincea < Σ2, there are no a-transitions leaving q2. Then Q′1 = q′1, q

′′1 , Q′2 = q2, and the loop

adds transitions [q1, q2]a−−→[q′1, q2] and [q1, q2]

a−−→[q′′1 , q2], which correspond to A1 making

a move while A2 stays put.

• Assume finally that a belongs to Σ1 ∩Σ2, the a-transitions leaving q1 are as before, and thereare no a-transitions leaving q2 (which is possible even if a ∈ Σ2, because A2 is a NFA). ThenQ′1 = q′1, q

′′1 , Q′2 = ∅, and the loop adds no transitions. This corresponds to the fact that,

since a-moves must be jointly executed by A1 and A2, and A2 is not currently able to do anya-move, no joint a-move can happen.

Example 8.9 The asynchronous product AP ⊗ Ax ⊗ Ay, where AP, Ax, Ay are the three automataof Example 8.1, is shown in Figure 8.4. Its states are the reachable configurations of the program.Since all states are final, we draw all states as simple instead of double circles.

1, 0, 0 5, 0, 0

1, 1, 1 2, 1, 1

1, 0, 1 5, 0, 1

4, 0, 1

x , 1

x , 1

x = 0⇒ y← 1

3, 1, 1

1, 1, 0 2, 1, 0 4, 1, 0y , 1x = 1

x = 1⇒ y← 0

x← 0y = 1x = 1

Figure 8.4: Asynchronous product of the automata of Figure 8.3.

Finally, while we have defined the asynchronous product of A1 ⊗ · · · ⊗ An as an automaton overthe alphabet Σ = Σ1 ∪ · · · ∪ Σn, the algorithm can be easily modified to return a system automatonrecognizing the set of executions of the program. We give an algorithm SysAut(A1, . . . , An) for thefirst of the two constructions in page 8.1 (the one in which the automaton has an extra initial statei), and leave giving an algorithm for the second construction as an exercise (see Exercise 104).To obtain SysAut, shown in page 176, we first modify line 13 of AsyncProduct so that, instead of

transition [q1, . . . , qn]a−−→[q′1, . . . , q

′n], it adds transition [q1, . . . , qn]

[q1,...,qn]−−−−−−−−→[q′1, . . . , q

′n] (see line

14 of SysAut). It only remains to add the initial state and its output transitions, which happens inlines 1-4.


SysAut(A1, . . . , An)Input: a network of automata 〈A1, . . . An〉, where

A1 = (Q1,Σ1, δ1,Q01,Q1), . . . , An = (Qn,Σn, δn,Q0n,Qn).Output: a system automaton S = (Q,Σ, δ,Q0, F).

1 Q, δ,Q0, F ← ∅2 add i to Q; add i to Q0; add i to F3 for all [q1, . . . , qn] ∈ Q01 × · · · × Q0n do4 add (i, [q1, . . . , qn], [q1, . . . , qn]) to δ5 W ← Q01 × · · · × Q0n

6 while W , ∅ do7 pick [q1, . . . , qn] from W8 add [q1, . . . , qn] to Q; add [q1, . . . , qn] to F9 for all a ∈ Σ1 ∪ . . . ∪ Σn do

10 for all i ∈ [1..n] do11 if a ∈ Σi then Q′i ← δi(qi, a) else Q′i = qi

12 for all [q′1, . . . , q′n] ∈ Q′1 × . . . × Q′n do


′n] to W

14 add ([q1, . . . , qn], [q′1, . . . , q′n], [q′1, . . . , q

′n]) to δ


8.2.3 State- and action-based properties.

We have defined executions as sequences of configurations of the program, and modeled propertiesas sets of potential executions. This is called the state-based approach. One can also define execu-tions as sequences of instructions. The set of executions of a network 〈A1, . . . , An〉 is then defineddirectly as the language of AsyncProduct(A1, . . . , An). For example, the executions of our runningexample is the language of the NFA shown in Figure 8.4. The property “no terminating executionof the program contains an occurrence of the action (x = 0 ⇒ y ← 1)” holds iff this language andthe regular language

Σ∗P (x = 0⇒ y← 1) Σ∗P (x , 1)

have an empty intersection, which is not the case. In this context program instructions are calledactions, and we speak of action-based verification.

8.3 Concurrent Programs

Networks of automata can also elegantly model concurrent programs, that is, programs consistingof several sequential programs, usually called processes, communicating in some way. A popularcommunication mechanism are shared variables, where processes communicate by writing a valueto a variable, which can then be read by the other processes. As an example, we consider the

8.3. CONCURRENT PROGRAMS 177

Lamport-Burns mutual exclusion algorithm for two processes2, called process 0 and process 1,with the following code:

Process 0

repeatnc0 : b0 ← 1t0 : while b1 = 1 do skipc0 : b0 ← 0

forever

Process 1

repeatnc1 : b1 ← 1t1 : if b0 = 1 thenq1 : b1 ← 0q′1 : while b0 = 1 do skip

goto nc1c1 : b1 ← 0

forever

The processes communicate through the shared boolean variables b0 and b1, which initially havethe value 0. Process i reads and writes variable bi and reads variable b(1−i). The algorithm shouldguarantee that the processes never are simultaneously at control points c0 and c1 (their criticalsections), and that they will not reach a deadlock. Other properties the algorithm should satisfy arediscussed later. Initially, process 0 is in its non-critical section (local state nc0); it can also be tryingto enter its critical section (t0), or be already in its critical section (c0). The process can move fromnc0 to t0 at any time by setting b0 to 1; it can move from t0 to c0 only if the current value of b1 is 0;and it can move from c0 to nc0 at any time by setting b0 to 0.

Process 1 is a bit more complicated. The local states nc1, t1, and c1 play the same role as inprocess 0. The local states q1 and q′1 model a “polite” behavior: Intuitively, if process 1 sees thatprocess 0 is either trying to enter or in the critical section, it moves to an “after you” local state q1,and sets b1 to 0 to signal that it is no longer trying to enter its critical section (local state q′1). It canthen return to its non-critical section if the value of b0 is 0.

A configuration of this program is a tuple [nb0 , nb1 , `0, `1], where nb0 , nb1 ∈ 0, 1, `0 ∈ nc0, t0, c0,and `1 ∈ nc1, t1, q1, q′1, c1. We define executions of the program by interleaving. We assume that,if at the current configuration both processes can do an action, then one of the two will occur beforethe other, but which one occurs before is decided nondeterministically. So, loosely speaking, if twoprocesses can execute two sequences of actions independently of each other (because, say, theyinvolve disjoint sets of variables), then the sequences of actions of the two processes running inparallel are the interleaving of the sequences of the processes.

For example, at the initial configuration [0, 0, nc0, nc1] both processes can set their variables to1. So there are two possible transitions

[0, 0, nc0, nc1]→ [1, 0, t0, nc1] and [0, 0, nc0, nc1]→ [0, 1, nc0, t1] .

Since the other process can still set its variable, we also have transitions

[1, 0, t0, nc1]→ [1, 1, t0, t1] and [1, 0, t0, nc1]→ [1, 1, t0, t1] .2L. Lamport: The mutual exclusion problem: part II-statements and solutions. JACM 1986.


In order to model a shared-variable program as a network of automata we just model eachprocess and each variable by an automaton. The network of automata modelling the Lamport-Burns algorithm is shown in Figure 8.5, and its asynchronous product in Figure 8.6.

nc0 t0 c0

b1 = 1

b0 ← 0

b0 ← 1 b1 = 0

nc1 t1 c1

q′1 q1

b0 = 0 b0 = 1

b1 ← 0

b1 ← 1 b0 = 0

b0 = 1

b1 ← 0

b0 := 1

b0 := 0

0 1

b0 := 0b0 = 0

b0 := 1b0 = 1

b1 := 1

b1 := 0

0 1

b1 := 0b1 = 0

b1 := 1b1 = 1

Figure 8.5: A network of four automata modeling the Lamport-Bruns mutex algorithm for twoprocesses. The automata on the left model the control flow of the processes, and the automata onthe right the two shared variables. All states are final.

8.3.1 Expressing and Checking Properties

We use the Lamport-Burns algorithm to present some more examples of properties and how tocheck them automatically.

The mutual exclusion property can be easily formalized: it holds if the asynchronous productdoes not contain any configuration of the form [v0, v1, c0, c1], where v0, v1 ∈ 0, 1. The propertycan be easily checked on-the-fly while constructing the asynchronous product, and an inspectionof Figure 8.6 shows that it holds. Notice that in order to check mutual exclusion we do not needto construct the NFA for the executions of the program. This is always the case if we only wish tocheck the reachability of a configuration or set of configurations.

Other properties of interest for the algorithm are:

• Deadlock freedom. The algorithm is deadlock-free if every configuration of the asyn-chronous product has at least one successor. Again, the property can be checked on thefly, and it holds.

8.3. CONCURRENT PROGRAMS 179

0, 0, nc0, nc1

1, 0, t0, nc1

0, 1, nc0, t1

1, 1, t0, t1

1, 1, c0, q1

0, 0, nc0, q′1

1, 0, c0, q′1

0, 1, nc0, q1

1, 1, t0, q1 1, 0, t0, q′1

b0 ← 1

b1 ← 1

b0 = 1b1 = 1

1, 1, c0, t1

b0 ← 0

b1 ← 1 b0 ← 0

b1 ← 1

b1 ← 0

b1 = 1

b1 ← 0

b0 ← 0b1 ← 0

b1 = 1

b1 = 1

b1 = 0

b0 ← 1

b0 ← 0

b1 = 0

b0 = 0

b0 = 1b1 = 1

b1 = 1

b1 ← 0

b1 = 0b1 ← 0

b1 = 0

b0 ← 1

b0 ← 0

b0 = 1

1, 0, c0, nc1

1, 1, t0, c1

0, 1, nc0, c1

Figure 8.6: Asynchronous product of the network of Figure 8.5.

• Bounded overtaking. The property states that after process 0 signals its interest in accessingthe critical section by moving to t0, process 1 can enter the critical section at most oncebefore process 0 enters the critical section3 Bounded overtaking can be checked using theNFA recognizing the executions of the network. The NFA can be easily obtained from theasynchronous product by renaming the transitions as shown in Example 8.2. Let NCi,Ti,Ci

be the sets of configurations in which process i is in its non-critical section, is trying toaccess its critical section, or is in its critical section, respectively. Let Σ stand for the set ofall configurations. The regular expression

r = Σ∗ T0 (Σ \C0)∗ C1 (Σ \C0)∗ NC1 (Σ \C0)∗ C1 Σ∗

represents all potential executions of the algorithm that violate the property.

3More precisely, this is the bounded overtaking property for process 0. We would like it to hold for both process 0and process 1.


8.4 Coping with the State-Explosion Problem

Recall that the automata-theoretic approach to the verification of network of automata reduces theverification problem to the question of deciding whether given an automaton AE and a regularexpression rV , the language L(AE) ∩ L(rV ) is empty or not. AE is an automaton recognizing thelanguage E of executions of the system, and rV is a regular expression for the set V of potentialexecutions that violate the property.

When the system is modeled as a network of automata, AE is essentially the asynchronousproduct of the network (after the minor modifications mentioned at the end of Section 8.2.2, seealso Exercise. 104). The main problem of the approach is the number of states of AE . If thenetwork has n components, each of them with at most k states, AE can have as many as kn states.So in the worst case the number of states of AE grows exponentially in the size of the network.This is called the state-explosion problem.

The following result shows that the existence of a polynomial algorithm for the verificationproblem implies P=PSPACE, and is therefore very unlikely.

Theorem 8.10 The following problem is PSPACE-complete.Given: A network of automata A = 〈A1, . . . , An〉 over alphabets Σ1, . . . ,Σn, a regular expressionrV over the set of configurations of A.Decide: if L (A1 ⊗ · · · ⊗ An) ∩ L(rV ) , ∅.

Proof: To prove that the problem is in PSPACE, we show that it lies in NPSPACE and applySavitch’s theorem. Let B = IntersNFA(A1 ⊗ · · · ⊗ An, AV ). The states of B are tuples [q1, . . . , qn, q],where qi is a state of Ai for every 1 ≤ i ≤ n, and q is a state of V . The polynomial-space nonde-terministic algorithm guesses a run of B, one state at a time, leading to a final state. Notice thatstoring a state of B only requires linear space.

To prove PSPACE-hardness, consider the special case of the problem in which all the alphabetsΣ1, . . . ,Σn are equal. By Proposition 8.8 (2) and (3), in this case we have L (A1 ⊗ · · · ⊗ An) =⋂n

i=1 L (Ai), and the problem reduces to checking whether the intersection⋂n

i=1 L (Ai) is empty.But this problem is shown to be PSPACE-hard in Exercise 69 by reduction from the acceptanceproblem for deterministic linearly bounded automata.

Despite this result, the automata-theoretic approach is successfully applied to many hardwareand software systems. This is possible thanks to numerous clever ideas that improve its perfor-mance in practice. In the rest of the section we introduce three of them.

8.4.1 On-the-fly verification.

Given a program with a set E of executions and a regular expression describing the set V of po-tential executions violating a property, we can check if E ∩ V = ∅ holds in four steps: (1) modelthe program as a network of automata 〈A1, . . . , An〉, and construct AE = SysAut(A1, . . . , An) with

8.4. COPING WITH THE STATE-EXPLOSION PROBLEM 181

L (AE) = E; (2) transform the regular expression into an NFA AV using the algorithm of Section2.4.1; (3) construct an NFA AE∩V recognizing E ∩ V; (4) check emptiness of AE∩V .

Observe that AE may have more states than AE∩V . Indeed, if a state of AE is not reachable byany word of V , then the state does not appear in AE∩V . The difference in size between AE andAE∩V can be large, and so it is better to directly construct AE∩V , bypassing the construction of AE .Further, it is inefficient to first construct AE∩V and then check if its language is empty. It is betterto check for emptiness on the fly, while constructing AE∩V . This is what CheckViol does:

CheckViol(A1, . . . , An, rV )Input: a network A = 〈A1, . . . An〉, where Ai = (Qi,Σi, δi,Q0i, Fi) for 1 ≤ i ≤ n;

a regular expression rV over the configurations of A.Output: true if L(A1 ⊗ · · · ⊗ An) ∩ L(rV ) is nonempty, false otherwise.

1 (QV ,ΣV , δV ,Q0V , FV ) := REtoNFA(rV )2 Q← ∅; Q0 ← Q01 × · · · × Q0n × Q0V

3 W ← Q0

4 while W , ∅ do5 pick [q1, . . . , qn, q] from W6 add [q1, . . . , qn, q] to Q7 for all a ∈ Σ1 ∪ . . . ∪ Σn do8 for all i ∈ [1..n] do9 if a ∈ Σi then Q′i ← δi(qi, a) else Q′i = qi

10 for all [q′1, . . . , q′n] ∈ Q′1 × . . . × Q′n do

11 Q′ ← δV (q, [q′1, . . . , q′n])

12 for all q′ ∈ Q′ do13 if

∧ni=1 q′i ∈ Fi and q′ ∈ FV then return true

14 if [q′1, . . . , q′n, q′] < Q then add [q′1, . . . , q

′n, q′] to W

15 return false

CheckViol is designed for state-based properties. For action-based properties the algorithmis even simpler. Recall that in the action-based approach, the potential executions of a network〈A1, . . . , An〉 violating the property are specified by a regular expression rV over the alphabet Σ =

Σ1 ∪ · · · ∪ Σn of actions. Therefore, both the asynchronous product A1 ⊗ · · · ⊗ An and the NFAAV computed from rV have Σ as alphabet. Recall now that if two NFAs A1 and A2 have the samealphabet, then L(A1⊗A2) = L(A1)∩L(A2) (Proposition 8.8 (2) and (3)). So we have L(A)∩L(AV ) =

L(A1⊗· · ·⊗An⊗AV ). So we can check emptiness of L(A)∩L(V) by constructing the asynchronousproduct A1 ⊗ · · · ⊗ An ⊗ AV , checking on the fly if its language is empty. If we rename AV as An+1,then it suffices to change line 7 of AsyncProduct to: if

∧n+1i=1 qi ∈ Fi then return true.

Intuitively, in the construction above we consider AV as another component of the asynchronousproduct. This has another small advantage. Consider again the language

Σ∗P (x = 0⇒ y← 1) Σ∗P (x , 1)


In order to check if some execution of the program belongs to it we are only interested in the actions(x = 0 ⇒ y ← 1) and (x , 1). So we can replace AV by an automaton A′V with only these twoactions as alphabet, and recognizing only the word (x = 0 ⇒ y ← 1) (x , 1). Notice that A′V onlyparticipates in these two actions. Intuitively, A′V is an observer of the network 〈A1, · · · , An〉 thatonly monitors occurrences of (x = 0⇒ y← 1) and (x , 1).

8.4.2 Compositional Verification

Consider the asynchronous product A1⊗A2 of two NFAs over alphabets Σ1,Σ2. Intuitively, A2 doesnot see the actions of Σ1 \ Σ2, they are “internal” actions of A1. Therefore, A1 can be replaced byany other automaton A′1 satisfying L(A′1) = projΣ2

(L(A1)) without Σ2 “noticing”, meaning that thesequences of actions that A2 can execute with A1 and A′1 as partners are the same. Formally,

projΣ2(A1 ⊗ A2) = projΣ2

(A′1 ⊗ A2) .

In particular, we have L(A1 ⊗ A2) , ∅ if and only if L(A′1 ⊗ A2) , ∅, and so instead of checkingemptiness of A1 ⊗ A2 one can also check emptiness of A′1 ⊗ A2.

It is easy to construct an automaton recognizing projΣ2(L(A1)): it suffices to replace all transi-

tions of A1 labeled with letters of Σ1 \ Σ2 by ε-transitions. This automaton has the same size as A1,and so substituting it for A1 has no immediate advantage. However, after removing the ε-transitionsand reducing the resulting NFA we may obtain an automaton A′1 smaller than A1.

This idea can be extended to the problem of checking emptiness of a product A1 ⊗ · · · ⊗ An

with an arbitrary number of components. Exploiting the associativity of ⊗, we rewrite the productas A1 ⊗ (A2 ⊗ · · · ⊗ An), and replace A1 by a hopefully smaller automaton A′1 over the alphabetΣ2 ∪ · · · ∪ Σn. In a second step we rewrite A′1 ⊗ A2 ⊗ A3 ⊗ · · · ⊗ An as (A′1 ⊗ A2) ⊗ (A3 ⊗ · · · ⊗ An),and, applying again the same procedure, replace A′1 ⊗ A2 by a new automaton A′2 over the alphabetΣ3∪· · ·∪Σn. The procedure continues until we are left with one single automaton A′n over Σn, whoseemptiness can be checked directly on-the-fly. We call this approach compositional verificationbecause it exploits the structure of the system as a network of components.

To see this idea in action, consider the network of automata in the upper part of Figure 8.8. Itmodels a 3-bit counter consisting of an array of three 1-bit counters, where each counter commu-nicates with its neighbors. We call the components of the network A0, A1, A2 instead of A1, A2, A3to better reflect that Ai stands for the i-th bit. Each NFA but the last one has three states, two ofwhich are marked with 0 and 1. The alphabets are

Σ0 = inc, inc1, 0, . . . , 7 Σ1 = inc1, inc2, 0, . . . , 7 Σ2 = inc2, 0, . . . , 7

Intuitively, the system interacts with its environment by means of the “visible” actions Vis =

inc, 0, 1, . . . , 7. More precisely, inc models a request of the environment to increase the counterby 1, and i ∈ 0, 1, . . . , 7 models a query of the environment asking whether i is the current valueof the counter. A configuration of the form [b2, b1, b0] ∈ 0, 13 indicates that the current value of


00

1 1 1

0

inc2 inc2

4, 5, 6, 7 2, 3, 6, 7 1, 3, 5, 7

0, 2, 4, 60, 1, 4, 50, 1, 2, 3

inc1

inc2

inc

inc1

incinc1

A2 A1 A0

1, 0, 1

0, 1, 0

0, 1, 1

1, 0, 0

1, 1, 0

1, 1, 1

3

4

5

2

inc

inc1

0, 0, aux

0, 1, aux

0, aux, 0

0, aux, 1

inc1

inc

inc2

inc2

0, aux, aux

6

7

inc

1, 0, aux

1, 1, aux

inc1

inc

0, 0, 0

1

1, aux, 0

1, aux, 1inc2

inc2

0, 0, 1

0

1, aux, aux

inc2

inc1

inc

inc

inc inc

inc

incinc

inc

inc2

Figure 8.7: A network modeling a 3-bit counter and its asynchronous product.


the counter is 4b2 + 2b1 + b0 (configurations are represented as triples of states of A2, A1, A0, in thatorder). Here is a run of the network starting an ending at configuration [0, 0, 0]:

[0, 0, 0]inc−−−→ [0, 0, 1]

inc−−−→ [0, 0, aux0]

inc1−−−−→ [0, 1, 0]

inc−−−→ [0, 1, 1]

inc−−−→ [0, 1, aux0]

inc1−−−−→ [0, aux1, 0]

inc2−−−−→ [1, 0, 0]

inc−−−→ [1, 0, 1]

inc−−−→ [1, 0, aux0]

inc1−−−−→ [1, 1, 0]

inc−−−→ [1, 1, 1]

inc−−−→ [1, 1, aux0]

inc1−−−−→ [1, aux1, 0]

inc2−−−−→ [0, 0, 0] . . .

The bottom part of Figure 8.8 shows the asynchronous product of the network. (All states are final,but we have drawn them as simple instead of double ellipses for simplicity. The asynchronousproduct has 18 states.

Assume we wish to check some property whose violations are given by the language of anautomaton AV over the alphabet Vis of visible actions. For this we construct an automaton A′0 suchthat L(A′0) = projVis(L(A2 ⊗ A1 ⊗ A0)), and check emptiness of A′0 ⊗ AV . If we compute A′0 byfirst constructing the asynchronous product A2 ⊗ A1 ⊗ A0, replacing invisible actions by ε, andremoving ε-transitions, then the maximum size of all intermediate automata involved is at least18, because that is the number of states of A2 ⊗ A1 ⊗ A0. Let us instead apply the procedureabove, starting with A2. We first construct an automaton A′2 over the alphabet Σ1 ∪ Σ0 ∪ Vis suchthat L(A′2) = projΣ1∪Σ0∪Vis(L(A2)). Since Σ2 ⊆ (Σ1 ∩ Σ0), we takeA′2 = A2. In the next step wecompute the product A′2 ⊗ A1, shown on the left of Figure 8.8, and replace it by an automaton A′1such that L(A′1) = projΣ0∪Vis(L(A1)). Since inc2 < Σ0 ∪ Vis, we can replace inc2 by ε and removeε-transitions, leading to the automaton A′1 is shown on the right of of Figure 8.8. In the next stepwe construct A′1 ⊗ A0, shown on the left of Figure 8.9, and replace it by an automaton A′0 suchthat L(A′0) = projVis(L(A0)). Since inc1 < Vis, we replace inc1 by ε and eliminate ε-transitions.The result is shown on the left of the figure. The important fact is that we have never had toconstruct an automaton with more than 12 states, saving of six states with respect to the methodthat directly computes A2 ⊗ A1 ⊗ A0. While saving six states is of course irrelevant in practice, inlarger examples the savings can be significant. In particular, it can be the case that an asynchronousproduct A0 ⊗ · · · ⊗ An is too large to be stored in memory, but each of the intermediate automataconstructed by the compositional approach fits in it.

8.4.3 Symbolic State-space Exploration

Recall that many program properties, like deadlock-freedom or mutual exclusion, can be checkedby computing the set of reachable configurations of the program. In breadth-first search this is


2, 3

4, 5

6, 7

0.1

inc1

inc1

0, 0

0, 1

1, 0

1, 1

0, 0

2, 3 0, 1

0, 1

inc1

6, 7

4, 5

inc1

0, aux

0, 1, aux

inc2

inc1

1, 0

1, 1

inc1 inc2 inc1inc1

Figure 8.8: The asynchronous product A2 ⊗ A1, and the reduced automaton A′1.

done by iteratively computing the set of configurations reachable in at most 0,1,2, . . . steps fromthe set I of initial configurations until a fixed-point is reached. Let C denote the set of all possibleconfigurations of the program, and let S ⊆ C ×C be the step relation, defined by (c, c′) ∈ S iff theprogram can reach c′ from c in one step. Notice that c may or may not be a reachable configuration.For example, [4, 0, 0] → [1, 0, 1] is a step of the program of Example 8.1, even though [4, 0, 0] isnot reachable. The following algorithm computes the configurations reachable from I:

Reach(I,R)Input: set I of initial configurations; step relation SOutput: set of configurations reachable form I

1 OldP← ∅; P← I2 while P , OldP do3 OldP← P4 P← Union(P,Post(P, S ))5 return P

The algorithm can be implemented using different data structures, which can be explicit orsymbolic. Explicit data structures store separately each configuration of P and each pair of config-urations of S ; typical examples are lists and hash tables. Their distinctive feature is that the memoryneeded to store a set is proportional to the number of its elements. Symbolic data structures, onthe contrary, do not store a set by storing each of its elements; they store a representation of theset itself. A prominent example of a symbolic data structure are finite automata and transducers:Given an encoding of configurations as words over some alphabet Σ, the set P and the step relationS are represented by an automaton and a transducer, respectively, recognizing the encodings of itselements. Their sizes can be much smaller than the sizes of P or S . For instance, if P is the set


1, 0, 1

0, 1, 0

1, 1, 0

1, 1, 1

inc

inc

1, 0, 0

0, 1, 1

inc

1, 0, 1

0, 1, 0

0, 1, 1

1, 0, 0

1, 1, 0

1, 1, 1

0, 0, 0

1 0, 0, 1

0

inc

3

4

5

2

inc

6

7

inc

inc

inc

0, 0, 0

1 0, 0, 1

0

inc

3

4

5

2

inc

0, 0, aux

0, 1, aux

inc1

inc

inc

6

7

inc

1, 0, aux

1, 1, aux

inc1

inc

inc

inc1

inc

inc1

Figure 8.9: The asynchronous product A′1 ⊗ A0, and the reduced automaton A′0.


of all possible configurations then its encoding is often Σ∗, which is represented by a very smallautomaton. Symbolic data structures are only useful if all the operations required by the algorithmcan be implemented without having to switch to an explicit data structure. This is the case of au-tomata and transducers: Union, Post, and the equality check in the condition of the while loopoperation are implemented by the algorithms of Chapters 4 and 6, or, if they are fixed-length, bythe algorithms of Chapter 7.

Symbolic data structures are interesting when the set of reachable configurations can be verylarge, or even infinite. When the set is small, the overhead of symbolic data structures usuallyoffsets the advantage of a compact representation. Despite this, and in order to illustrate the method,we apply it to the five-line program of Example 8.1, shown again together with its flowgraph inFigure 8.10. An edge of the flowgraph leading from node ` to node `′ can be associated a step


1

2

3 4

5

x , 1x = 1

y = 1

x← 0

y , 1 y← 1 − x

Figure 8.10: Flowgraph of the program of Example 8.1

relation S `,`′ containing all pairs of configurations([`, x0, y0], [`′, x′0, y

′0])

such that if at controlpoint ` the current values of the variables are x0, y0, then the program can take a step after whichthe new control point is `′, and the new values are x′0, y

′0. For instance, for the edge leading from

node 4 to node 1 we have

S 4,1 = (

[4, x0, y0], [1, x′0, y′0]

)| x′0 = x0, y′0 = 1 − x0

and for the edge leading from 1 to 2

S 1,2 = (

[1, x0, y0], [2, x′0, y′0]

)| x0 = 1 = x′0, y

′0 = y0

It is convenient to assign a relation to every pair of nodes of the control graph, even to those notconnected by any edge. If no edge leads from a to b, then we define S a,b = ∅. The complete steprelation of the program is then described by

S =⋃`,`′∈L

S `,`′

where L is the set of control points.


The fixed-length transducer for the step relation S is shown in Figure 8.11; a configuration[`, x0, y0] is encoded by the word `x0y0 of length 3. Consider for instance the transition labeled by

[15

][12

]

[24

]

[34

]

[11

][00

][00

],

[11

]

[00

],

[10

][23

][41

]

[11

][00

][00

],

[10

] [00

],

[11

][01

],

[11

][00

]

[11

]

[00

],

[11

]

Figure 8.11: Transducer for the program of Figure 8.10[41

]. Using it the transducer can recognize four pairs of configurations describing the action of the

instruction y← 1 − x , namely[400101

] [401101

] [410110

] [411110

].

Figure 8.12 shows minimal DFAs for the set I and for the sets obtained after each iteration of thewhile loop.

Variable orders.

We have defined a configuration of the program of Example 8.1 as a triple [`, nx, ny], and we haveencoded it as the word ` nx ny. We could have also encoded it as the word nx ` ny, as ny ` nx, oras any other permutation, since in all cases the information content is the same. Of course, whenencoding a set of configurations all elements of the set must be encoded using the same variableorder.

While the information content is independent of the variable order, the size of the automatonencoding a set is not. An extreme case is given by the following example.


1 0, 1 0, 1

0

12

5

1 0, 1 0, 1

1 0, 1

0

12

5

4

3

1

1

0

0, 1

1

1

0

2

5

4

3

1

1

0

0, 1

1

0, 11

0

Figure 8.12: Minimal DFAs for the reachable configurations of the program of Figure 8.10


Example 8.11 Consider the set of tuples X = [x1, x2, . . . , x2k] | x1, . . . , x2k ∈ 0, 1, and thesubset Y ⊆ X of tuples satisfying x1 = xk, x2 = xk+1, . . . , xk = x2k. Consider two possible encodingsof a tuple [x1, x2, . . . , x2k]: by the word x1x2 . . . x2k, and by the word x1xk+1x2xk+2 . . . xkx2k. In thefirst case, the encoding of Y for k = 3 is the language

L1 = 000000, 001001, 010010, 011011, 100100, 101101, 110110, 111111

and in the second the language

L2 = 000000, 000011, 001100, 001111, 110000, 110011, 111100, 111111

Figure 8.13 shows the minimal DFAs for the languages L1 and L2. It is easy to see that the minimal

0 1

0

0 1

1

0 1 0 1

0 1

0 1

0

0

0

1

1

1

1

1

1

0

0

0

0 10

0 1

0 1 0 1

0 11 0 1

Figure 8.13: Minimal DFAs for the languages L1 and L2

DFA for L1 has at least 2k states: since for every word w ∈ 0, 1k the residual Lw1 is equal to w,

the language L1 has a different residual for each word of length k, and so the minimal DFA hasat least 2k states (the exact number is 2k+1 + 2k − 2). On the other hand, it is easy to see that theminimal DFA for L2 has only 3k + 1 states. So a good variable order can lead to a exponentiallymore compact representation.

We can also appreciate the effect of the variable order in Lamport’s algorithm. The set ofreachable configurations, where a configuration is described by the control point of the first process,

8.5. SAFETY AND LIVENESS PROPERTIES 191

the control point of the second process, the variable of first process, and finally the variable of thesecond process, is

〈nc0, nc1, 0, 0〉〈t0, nc1, 1, 0〉〈c0, nc1, 1, 0〉〈nc0, t1, 0, 1〉〈t0, t1, 1, 1〉〈c0, t1, 1, 1〉〈nc0, c1, 0, 1〉〈t0, c1, 1, 1〉〈nc0, q1, 0, 1〉〈t0, q1, 1, 1〉〈c0, q1, 1, 1〉〈nc0, q′1, 0, 0〉〈t0, q′1, 1, 0〉〈c0, q′1, 1, 0〉

If we encode a tuple 〈s0, s1, v0, v1〉 as the word v0s0s1v1, the set of reachable configurationsis recognized by the minimal DFA on the left of Figure 8.14. However, if we encode it as theword v1s1s0v0 we get the minimal DFA on the right. The same example can be used to visualizehow by adding configurations to a set the size of its minimal DFA can decrease. If we add the“missing” configuration 〈c0, c1, 1, 1〉 to the set of reachable configurations (filling the “hole” in thelist above), two states of the DFAs of Figure 8.14 can be merged, yielding the minimal DFAs ofFigure 8.15. Observe also that the set of all configurations, reachable or not, contains 120 elements,but is recognized by a five-state DFA.

8.5 Safety and Liveness Properties

Apart from the state-explosion problem, the automata-theoretic approach to automatic verificationas described in this chapter has a second limitation: it assumes that the violations of the propertycan be witnessed by finite executions. In other words, if an execution violates the property, thenwe can detect the violation after finite time. Not all properties satisfy this assumption. A typicalexample is the property “if a process requests access to the critical section, it eventually enters thecritical section” (without specifying how long it may take). After finite time we can only tell thatthe process has not entered the critical section yet, but we cannot say that the property has beenviolated: the process might still enter the critical section in the future. A violation of the propertycan only be witnessed by an infinite execution, in which we observe that the process requestsaccess, but the access is never granted.

Properties which are violated by finite executions are called safety properties. Intuitively, theycorrespond to properties of the form “nothing bad ever happens”. Typical examples are “the systemnever deadlocks”, or, more generally, “the system never enters a set of bad states”. Clearly, everyinteresting system must also satisfy properties of the form “something good eventually happens”,because otherwise the system that does nothing would already satisfy all properties. Properties ofthis kind are called liveness properties, and can only be witnessed by infinite executions. Fortu-nately, the automata-theoretic approach can be extended to liveness properties. This requires todevelop a theory of automata on infinite words, which is the subject of the second part of this book.The application of this theory to the verification of liveness properties is presented in Chapter 14.As an appetizer, the exercises of this chapter already start to discuss them.


0

0

nc1, q′1

nc1, q′1t1, q1

t1, c1, q1

1 0

t1, c1, q1

nc1, q′1

t0

nc0 c0

1

1

0

nc1, q′1 c1

t1, q1

nc0 nc0

t0, c0

0 1

1

t0

Figure 8.14: Minimal DFAs for the reachable configurations of Lamport’s algorithm. On the left aconfiguration 〈s0, s1, v0, v1, q〉 is encoded by the word s0s1v0v1q, on the right by v1s1s0v0.

0

0

nc1, q′1 t1, c1, q1

1 0

nc0 t0, c0

1

1

0

0 1

1

t1, c1, q1 nc1, q′1

t0, c0nc0

nc1, q′1 t1, c1, q1

Figure 8.15: Minimal DFAs for the reachable configurations of Lamport’s algorithm plus〈c0, c1, 1, 1〉.


ExercisesMB: Complexity of asyn-

chronous product emptiness

when |Σi ∩Σ j | = 1 for all i , j?Exercise 103 Exhibit a family Pnn≥1 of sequential programs (like the one of Example 8.1) satis-fying the following conditions:

• Pn has O(n) variables, all of them boolean, O(n) lines, and exactly one initial configuration.

• Pi has at least 2i reachable configurations.

Exercise 104 When applied to the program of Example 8.1, algorithm SysAut outputs the systemautomaton shown at the top of Figure 8.1. Give an algorithm SysAut′ that outputs the automaton atthe bottom.

Exercise 105 Prove:

(1) Parallel composition is associative, commutative, and idempotent. That is: (L1 ‖ L2) ‖ L3 =


(2) If L1, L2 ⊆ Σ∗, then L1 ‖ L2 = L1 ∩ L2.

(3) Let A = 〈A1, . . . ,An〉 be a network of automata. Then L(A)) = L(A1) ‖ L(A2).

Exercise 106 Let Σ = request, answer,working, idle.

(1) Build a regular expression and an automaton recognizing all words with the property P1: forevery occurrence of request there is a later occurrence of answer.

(2) P1 does not imply that every occurrence of request has “its own” answer: for instance,the sequence request request answer satisfies P1, but both requests must necessarily bemapped to the same answer. But, if words were infinite and there were infinitely manyrequests, would P1 guarantee that every request has its own answer?More precisely, let w = w1w2 · · · satisfying P1 and containing infinitely many occurrencesof request, and define f : N → N such that w f (i) is the ith request in w. Is there always aninjective function g : N→ N satisfying wg(i) = answer and f (i) < g(i) for all i ∈ 1, . . . , k?

(3) Build an automaton recognizing all words with the property P2: there is an occurrence ofanswer before which only working and request occur.

(4) Using automata theoretic constructions, prove that all words accepted by the automaton Abelow satisfy P1, and give a regular expression for all words accepted by the automaton thatviolate P2.


q0 q1

Σ

answer

Exercise 107 Consider two processes (process 0 and process 1) being executed through the fol-lowing generic mutual exclusion algorithm:

1 while true do2 enter(process id)

/* critical section */

3 leave(process id)4 for arbitrarily many times do

/* non critical section */


1. Consider the following implementations of enter and leave:

1 x0 ← 02 enter(i):3 while x = 1 − i do4 pass5 leave(i):6 x← 1 − i

(a) Design a network of automata capturing the executions of the two processes.

(b) Build the asynchronous product of the network.

(c) Show that both processes cannot reach their critical sections at the same time.

(d) If a process wants to enter its critical section, is it always the case that it can eventuallyenter it? (Hint: reason in terms of infinite executions.)

2. Consider the following alternative implementations of enter and leave:

1 x0 ← false2 x1 ← false3 enter(i):4 xi ← true5 while x1−i do6 pass7 leave(i):8 xi ← false


(b) Can a deadlock occur, i.e. can both processes get stuck trying to enter their criticalsections?

Exercise 108 Consider a circular railway divided into 8 tracks: 0 → 1 → . . . → 7 → 0. In therailway circulate three trains, modeled by three automata T1, T2, and T3. Each automaton Ti hasstates qi,0, . . . , qi,7, alphabet enter[i, j] | 0 ≤ j ≤ 7 (where enter[i, j] models that train i enterstrack j), transition relation (qi, j, enter[i, j ⊕ 1], qi, j⊕1) | 0 ≤ j ≤ 7, and initial state qi,2i, where ⊕denotes addition modulo 8. In other words, initially the trains occupy the tracks 2, 4, and 6.

Define automata C0, . . . ,C7 (the local controllers) to make sure that two trains can never be onthe same or adjacent tracks (i.e., there must always be at least one empty track between two trains).


Each controler C j can only have knowledge of the state of the tracks j 1, j, and j ⊕ 1, there mustbe no deadlocks, and every train must eventually visit every track. More formally, the network ofautomata A =〉C0, . . . ,C7,T1,T2,T3〉 must satisfy the following specification:

• For j = 0, . . . , 7: C j has alphabet enter[i, j 1], enter[i, j], enter[i, j ⊕ 1], | 1 ≤ i ≤ 3.(C j only knows the state of tracks j 1, j, and j ⊕ 1.)

• For i = 1, 2, 3: L (A) |Σi= ( enter[i, 2i] enter[i, 2i ⊕ 1] . . . enter[i, 2i ⊕ 7] )∗.(No deadlocks, and every train eventually visits every segment.)

• For every word w ∈ L (A): if w = w1 enter[i, j] enter[i′, j′] w2 and i′ , i, then | j − j′| <0, 1, 7.(No two trains on the same or adjacent tracks.)

Chapter 9

Automata and Logic

A regular expression can be seen as a set of instructions ( a ‘recipe’) for generating the words of alanguage. For instance, the expression aa(a + b)∗b can be interpreted as “write two a’s, repeatedlywrite a or b an arbitrary number of times, and then write a b”. We say that regular expressions arean operational description language.

Languages can also be described in declarative style, as the set of words that satisfy a property.For instance, “the words over a, b containing an even number of a’s and an even number of b’s” isa declarative description. A language may have a simple declarative description and a complicatedoperational description as a regular expression. For instance, the regular expression

(aa + bb + (ab + ba)(aa + bb)∗(ba + ab))∗

is a natural operational description of the language above, and it is arguably less intuitive thanthe declarative one. This becomes even more clear if we consider the language of the words overa, b, c containing an even number of a’s, of b’s, and of c’s.

In this chapter we present a logical formalism for the declarative description of regular lan-guages. We use logical formulas to describe properties of words, and logical operators to constructcomplex properties out of simpler ones. We then show how to automatically translate a formuladescribing a property of words into an automaton recognizing the words satisfying the property.As a consequence, we obtain an algorithm to convert declarative into operational descriptions, andvice versa.

9.1 First-Order Logic on Words

In declarative style, a language is defined by its membership predicate, i.e., the property that wordsmust satisfy in order to belong to it. Predicate logic is the standard language to express membershippredicates. Starting from some natural, “atomic” predicates, more complex ones can be constructedthrough boolean combinations and quantification. We introduce atomic predicates Qa(x), where ais a letter, and x ranges over the positions of the word. The intended meaning is “the letter at

197

198 CHAPTER 9. AUTOMATA AND LOGIC

position x is an a.” For instance, the property “all letters are as” is formalized by the formula∀x Qa(x).

In order to express relations between positions we add to the syntax the predicate x < y, withintended meaning “position x is smaller than (i.e., lies to the left of) position y”. For example, theproperty “if the letter at a position is an a, then all letters to the right of this position are also as” isformalized by the formula

∀x∀y ((Qa(x) ∧ x < y)→ Qa(y)) .

Definition 9.1 Let V = x, y, z, . . . be an infinite set of variables, and let Σ = a, b, c, . . . be a finitealphabet. The set FO(Σ) of first-order formulas over Σ is the set of expressions generated by thegrammar:

ϕ := Qa(x) | x < y | ¬ϕ | (ϕ ∨ ϕ) | ∃x ϕ .

As usual, variables within the scope of an existential quantifier are bound, and otherwise free. Aformula without free variables is a sentence. Sentences of FO(Σ) are interpreted on words over Σ.For instance, ∀x Qa(x) is true for the word aa, but false for word ab. Formulas with free variablescannot be interpreted on words alone: it does not make sense to ask whether Qa(x) holds for theword ab or not. A formula with free variables is interpreted over a pair (w, I), where I assigns toeach free variable (and perhaps to others) a position in the word. For instance, Qa(x) is true for thepair (ab, x 7→ 1), because the letter at position 1 of ab is a, but false for (ab, x 7→ 2). The emptyword is an special case, because it does not have any positions.

Definition 9.2 An interpretation of a formula ϕ of FO(Σ) is a pair (w, I) where w ∈ Σ∗ and I : V →IN \ 0 is a partial mapping satisfying the following properties:

• if w = ε, then I(x) is undefined for every x ∈ V; and

• if w , ε, then I(x) ∈ 1, . . . , |w| for every free variable x of ϕ.(That is, I assigns to every free variable of ϕ a position of w, and so, in particular, I is definedfor every free variable. It may be defined for other variables too.)

Notice that if ϕ is a sentence then a pair (w,E), where E is the mapping undefined for every variable,is an interpretation of ϕ. Instead of (w,E) we write simply w.

We now formally define when an interpretation satisfies a formula. Given a word w and anumber k, let w[k] denote the letter of w at position k.

Definition 9.3 The satisfaction relation (w, I) |= ϕ between a formula ϕ of FO(Σ) and an interpre-tation (w, I) of ϕ is defined by:

(w, I) |= Qa(x) iff I(x) is defined and w[I(x)] = a(w, I) |= x < y iff I(x) and I(y) are defined and I(x) < I(y)(w, I) |= ¬ϕ iff (w, I) 6|= ϕ

(w, I) |= ϕ1 ∨ ϕ2 iff (w, I) |= ϕ1 or (w, I) |= ϕ2(w, I) |= ∃x ϕ iff |w| ≥ 1 and some i ∈ 1, . . . , |w| satisfies (w, I[i/x]) |= ϕ

9.1. FIRST-ORDER LOGIC ON WORDS 199

where w[i] is the letter of w at position i, and I[i/x] is the mapping that assigns i to x and otherwisecoincides with I (notice that I may not assign any value to x.) If (w, I) |= ϕ we say that (w, I) is amodel of ϕ. Two formulas are equivalent if they have the same models.

It follows easily from this definition that if two interpretations (w, I1) and (w, I2) of ϕ differonly in the positions assigned by I1 and I2 to bound variables, then either both interpretations aremodels of ϕ, or none of them is. In particular, whether an interpretation (w, I) of a sentence is amodel or not depends only on w, not on I.

We use some standard abbreviations:

∀x ϕ := ¬∃ x¬ϕ ϕ1 ∧ ϕ2 := ¬ (¬ϕ1 ∨ ¬ϕ2) ϕ1 → ϕ2 := ¬ϕ1 ∨ ϕ2

Notice that according to the definition of the satisfaction relation the empty word ε satisfies noformulas of the form ∃x ϕ, and all formulas of the form ∀x ϕ. While this causes no problems forour purposes, it is worth noticing that in other contexts it may lead to complications. For instance,the formulas ∃x Qa(x) and ∀y∃x Qa(x) do not hold for exactly the same words, because the emptyword satisfies the second, but not the first. Further useful abbreviations are:

x = y := ¬(x < y ∨ y < x)first(x) := ¬∃y y < x “x is the first position”last(x) := ¬∃y x < y “x is the last position”

y = x + 1 := x < y ∧ ¬∃ z(x < z ∧ z < y) “y is the successor position of x”y = x + 2 := ∃ z(z = x + 1 ∧ y = z + 1)

y = x + (k + 1) := ∃ z(z = x + k ∧ y = z + 1)

Example 9.4 Some examples of properties expressible in the logic:

• “The last letter is a b and before it there are only a’s.”

∃x Qb(x) ∧ ∀x (last(x)→ Qb(x) ∧ ¬last(x)→ Qa(x))

• “Every a is immediately followed by a b.”

∀x (Qa(x)→ ∃y (y = x + 1 ∧ Qb(y)))

• “Every a is immediately followed by a b, unless it is the last letter.”

∀x (Qa(x)→ ∀y (y = x + 1→ Qb(y)))

• “Between every a and every later b there is a c.”

∀x∀y (Qa(x) ∧ Qb(y) ∧ x < y→ ∃z (x < z ∧ z < y ∧ Qc(z)))


9.1.1 Expressive power of FO(Σ)

Once we have defined which words satisfy a sentence, we can associate to a sentence the set ofwords satisfying it.

Definition 9.5 The language L (ϕ) of a sentence ϕ ∈ FO(Σ) is the set L (ϕ) = w ∈ Σ∗ | w |= φ. Wealso say that ϕ expresses L (ϕ). A language L ⊆ Σ∗ is FO-definable if L = L (ϕ) for some formulaϕ of FO(Σ).

The languages of the properties in the example are FO-definable by definition. To get an ideaof the expressive power of FO(Σ), we prove a theorem characterizing the FO-definable languagesin the case of a 1-letter alphabet Σ = a. In this simple case we only have one predicate Qa(x),which is always true in every interpretation. So every formula is equivalent to a formula withoutany occurrence of Qa(x). For example, the formula ∃y (Qa(y) ∧ y < x) is equivalent to ∃y y < x.

We prove that a language over a one-letter alphabet is FO-definable if and only if it is finiteor co-finite, where a language is co-finite if its complement is finite. So, for instance, even asimple language like an | n is even is not FO-definable. The plan of the proof is as follows.First, we define the quantifier-free fragment of FO(a), denoted by QF; then we show that 1-letterlanguages are QF-definable iff they are finite or co-finite; finally, we prove that 1-letter languagesare FO-definable iff they are QF-definable.

For the definition of QF we need some more macros whose intended meaning should be easyto guess:

x + k < y := ∃z (z = x + k ∧ z < y)x < y + k := ∃z (z = y + k ∧ x < z)

k < last := ∀x (last(x)→ x > k)

In these macros k is a constant, that is, k < last standa for the infinite family of macros 1 < last, 2 <last, 3 < last . . .. Macros like k > x or x + k > y are defined similarly.

Definition 9.6 The logic QF (for quantifier-free) is the fragment of FO(a) with syntax

f := x ≈ k | x ≈ y + k | k ≈ last | f1 ∨ f2 | f1 ∧ f2

where ≈ ∈ <, > and k ∈ N.

Proposition 9.7 A language over a 1-letter alphabet is QF-definable iff it is finite or co-finite.

Proof: (⇒): Let f be a sentence of QF. Since QF does not have quantifiers, f does not containany occurrence of a variable, and so it is a positive (i.e., negation-free) boolean combination offormulas of the form k < last or k > last. We proceed by induction on the structure of f . Iff = k < last, then L (ϕ) is co-finite, and if f = k > last, then L (ϕ) is finite. If f = f1 ∨ f2, then byinduction hypothesis L ( f1) and L ( f2) are finite or co-finite; if L ( f1) and L ( f2) are finite, then so isL ( f ), and otherwise L ( f ) is co-finite. The case f = f1 ∧ f2 is similar.

9.2. MONADIC SECOND-ORDER LOGIC ON WORDS 201

(⇐): A finite language ak1 , . . . , akn is expressed by the formula (last > k1 − 1 ∧ last <

k1 + 1) ∨ . . . ∨ (last > k1 − 1 ∧ last < k1 + 1). To express a co-finite language, it suffices to showthat for every formula f of QF expressing a language L, there is another formula f expressing thelanguage L. This is easily proved by induction on the structure of the formula.

Theorem 9.8 Every formula ϕ of FO(a) is equivalent to a formula f of QF.

Proof: Sketch. By induction on the structure of ϕ. If ϕ(x, y) = x < y, then ϕ ≡ y < x + 0. Ifϕ = ¬ψ, the result follows from the induction hypothesis and the fact that negations can be removedusing De Morgan’s rules and equivalences like ¬(x < y + k) ≡ x ≥ y + k. If ϕ = ϕ1 ∨ ϕ2, the resultfollows directly from the induction hypothesis. Consider now the case ϕ = ∃x ψ. By inductionhypothesis, ψ is equivalent to a formula f of QF, and we can assume that f is in disjunctive normalform, say f = D1 ∨ . . . ∨ Dn. Then ϕ ≡ ∃x D1 ∨ ∃x D2 ∨ . . . ∨ ∃x Dn, and so it suffices to find aformula fi of QF equivalent to ∃x Di.

The formula fi is a conjunction of formulas containing all conjuncts of Di with no occurrenceof x, plus other conjuncts obtained as follows. For every lower bound x < t1 of Di, where t1 = k1or t1 = x1 + k1, and every upper bound of the form x > t2, where t2 = k1 or t2 = x1 + k1 we add tofi a conjunct equivalent to t2 + 1 < t1. For instance, y + 7 < x and x < z + 3 we add y + 5 < z. It iseasy to see that fi ≡ ∃x Di.

Corollary 9.9 The language Even = a2n | n ≥ 0 is not first-order expressible.

These results show that first-order logic cannot express all regular languages, not even over a1-letter alphabet. For this reason we now introduce monadic second-order logic.

9.2 Monadic Second-Order Logic on Words

Monadic second-order logic extends first-order logic with variables X,Y,Z, . . . ranging over sets ofpositions, and with predicates x ∈ X, meaning “position x belongs to the set X. 1 It is allowedto quantify over both kinds of variables. Before giving a formal definition, let us informally seehow this extension allows to describe the language Even. The formula states that the last positionbelongs to the set of even positions. A position belongs to this set iff it is the second position, orthe second successor of another position in the set.

The following formula states that X is the set of even positions:

second(x) := ∃y (first(y) ∧ x = y + 1)Even(X) := ∀x (x ∈ X ↔ (second(x) ∨ ∃y (x = y + 2 ∧ y ∈ X)))

For the complete formula, we observe that the word has even length if its last position is even:

EvenLength := ∃X(Even(X) ∧ ∀x (last(x)→ x ∈ X)

)1More generally, second-order logic allows for variables ranging over relations of arbitrary arity. The monadic

fragment only allows arity 1, which corresponds to sets.


We now define the formal syntax and semantics of the logic.

Definition 9.10 Let X1 = x, y, z, . . . and X2 = X,Y,Z, . . . be two infinite sets of first-order andsecond-order variables. Let Σ = a, b, c, . . . be a finite alphabet. The set MSO(Σ) of monadicsecond-order formulas over Σ is the set of expressions generated by the grammar:

ϕ := Qa(x) | x < y | x ∈ X | ¬ϕ | ϕ ∨ ϕ | ∃x ϕ | ∃X ϕ

An interpretation of a formula ϕ is a pair (w, I) where w ∈ Σ∗, and I : X1 ∪ X2 → (IN \ 0)∪ 2IN\0

is a partial mapping satisfying the following properties:

• if w = ε, then I(x) is undefined for every x ∈ X1 and I(X) = ∅ for every X ∈ X2; and

• if w , ε, then I(x) ∈ 1, . . . , |w| for every free variable x ∈ X1 of ϕ and I(X) ⊆ 1, . . . , |w|for every free variable x ∈ X2 of ϕ.

The satisfaction relation (w, I) |= ϕ between a formula ϕ of MSO(Σ) and an interpretation (w, I)of ϕ is defined as for FO(Σ), with the following additions:

(w, I) |= x ∈ X iff I(x) is defined and I(x) ∈ I(X)(w, I) |= ∃X ϕ iff |w| > 0 and some S ⊆ 1, . . . , |w|

satisfies (w, I[S/X]) |= ϕ

where I[S/X] is the interpretation that assigns S to X and otherwise coincides with I — whetherI is defined for X or not. If (w, I) |= ϕ we say that (w, I) is a model of ϕ. Two formulas areequivalent if they have the same models. The language L (ϕ) of a sentence ϕ ∈ MSO(Σ) is the setL (ϕ) = w ∈ Σ∗ | w |= φ. A language L ⊆ Σ∗ is MSO-definable if L = L (ϕ) for some formulaϕ ∈ MSO(Σ).

Notice that in this definition the set S may be empty. So, for instance, any interpretation thatassigns the empty set to X is a model of the formula ∃X ∀x ¬(x ∈ X).

We use the standard abbreviations

∀x ∈ X ϕ := ∀x (x ∈ X → ϕ) ∃x ∈ X ϕ := ∃x (x ∈ X ∧ ϕ)

9.2.1 Expressive power of MSO(Σ)

We show that the languages expressible in monadic second-order logic are exactly the regularlanguages. We start with an example.

Example 9.11 Let Σ = a, b, c, d. We construct a formula of MSO(Σ) expressing the regularlanguage c∗(ab)∗d∗. The membership predicate of the language can be informally formulated asfollows:


There is a block of consecutive positions X such that: before X there are only c’s; afterX there are only d’s; in X b’s and a’s alternate; the first letter in X is an a and the lastletter is a b.

The predicate is a conjunction of predicates. We give formulas for each of them.

• “X is a block of consecutive positions.”

Block(X) := ∀x ∈ X ∀y ∈ X (x < y→ (∀z (x < z ∧ z < y)→ z ∈ X))

• “x lies before/after X.”

Before(x, X) := ∀y ∈ X x < y After(x, X) := ∀y ∈ X y < x

• “Before X there are only c’s.”

Before only c(X) := ∀x Before(x, X)→ Qc(x)

• “After X there are only d’s.”

After only d(X) := ∀x After(x, X)→ Qd(x)

• “a’s and b’s alternate in X.”

Alternate(X) := ∀x ∈ X ( Qa(x)→ ∀y ∈ X (y = x + 1→ Qb(y) )∧

Qb(x)→ ∀y ∈ X (y = x + 1→ Qa(y) ) )

• ”The first letter in X is an a and the last is a b.”

First a(X) := ∀x ∈ X ∀y (y < x→ ¬y ∈ X)→ Qa(x)

Last b(X) := ∀x ∈ X ∀y (y > x→ ¬y ∈ X)→ Qa(x)

Putting everything together, we get the formula

∃X( Block(X) ∧ Before only c(X) ∧ After only d(X) ∧Alternate(X) ∧ First a(X) ∧ Last b(X) )

Notice that the empty word is a model of the formula. because the empty set of positions satisfiesall the conjuncts.

Let us now directly prove one direction of the result.


Proposition 9.12 If L ⊆ Σ∗ is regular, then L is expressible in MSO(Σ).

Proof: Let A = (Q,Σ, δ, q0, F) be a DFA with Q = q0, . . . , qn and L (A) = L. We construct aformula ϕA such that for every w , ε, w |= ϕA iff w ∈ L (A). If ε ∈ L (A), then we can extend theformula to ϕA ∨ ϕ

′A, where ϕ′A is only satisfied by the empty word (e.g. ϕ′A = ∀x x < x).

We start with some notations. Let w = a1 . . . am be a nonempty word over Σ, and let

Pq =i ∈ 1, . . . ,m | δ(q0, a1 . . . ai) = q

.

In words, i ∈ Pq iff A is in state q immediately after reading the letter ai. Then A accepts w iffm ∈

⋃q∈F Pq.

Assume we were able to construct a formula Visits(X0, . . . Xn) with free variables X0, . . . Xn

such that I(Xi) = Pqi holds for every model (w, I) and for every 0 ≤ i ≤ n. In words, Visits(X0, . . . Xn)is only true when Xi takes the value Pqi for every 0 ≤ i ≤ n. Then (w, I) would be a model of

ψA := ∃X0 . . .∃Xn Visits(X0, . . . Xn) ∧ ∃x

last(x) ∧∨qi∈F

x ∈ Xi

iff w has a last letter, and w ∈ L. So we could take

ϕA :=ψA if q0 < FψA ∨ ∀x x < x if q0 ∈ F

Let us now construct the formula Visits(X0, . . . Xn). The sets Pq are the unique sets satisfyingthe following properties:

(a) 1 ∈ Pδ(q0,a1), i.e., after reading the letter at position 1 the DFA is in state δ(q0, a1);

(b) every position i belongs to exactly one Pq, i.e., the Pq’s build a partition of the set positions;and

(c) if i ∈ Pq and δ(q, ai+1) = q′ then i + 1 ∈ Pq′ , i.e., the Pq’s “respect” the transition function δ.

We express these properties through formulas. For every a ∈ Σ, let qia = δ(q0, a). The formula for(a) is:

Init(X0, . . . , Xn) = ∃x

first(x) ∧

∨a∈Σ

(Qa(x) ∧ x ∈ Xia)

(in words: if the letter at position 1 is a, then the position belongs to Xia).Formula for (b):

Partition(X0, . . . , Xn) = ∀x

n∨

i=0

x ∈ Xi ∧

n∧i, j = 0i , j

(x ∈ Xi → x < X j)


Formula for (c):

Respect(X0, . . . , Xn) = ∀x∀y

y = x + 1→

∨a ∈ Σ

i, j ∈ 0, . . . , nδ(qi, a) = q j

(x ∈ Xi ∧ Qa(x) ∧ y ∈ X j)

Altogether we get

Visits(X0, . . . Xn) := Init(X0, . . . , Xn) ∧ Partition(X0, . . . , Xn) ∧ Respect(X0, . . . , Xn)

It remains to prove that MSO-definable languages are regular. Given a sentence ϕ ∈ MSO(Σ)show that L (ϕ) is regular by induction on the structure of ϕ. However, since the subformulasof a sentence are not necessarily sentences, the language defined by the subformulas of ϕ is notdefined. We correct this. Recall that the interpretations of a formula are pairs (w, I) where I assignspositions to the free first-order variables and sets of positions to the free second-order variables.For example, if Σ = a, b and if the free first-order and second-order variables of the formula arex, y and X,Y , respectively, then two possible interpretations areaab ,

x 7→ 1y 7→ 3X 7→ 2, 3Y 7→ 1, 2

ba ,

x 7→ 2y 7→ 1X 7→ ∅Y 7→ 1

Given an interpretation (w, I), we can encode each assignment x 7→ k or X 7→ k1, . . . , kl as abitstring of the same length as w: the string for x 7→ k contains exactly a 1 at position k, and 0’severywhere else; the string for X 7→ k1, . . . , kl contains 1’s at positions k1, . . . , kl, and 0’s every-where else. After fixing an order on the variables, an interpretation (w, I) can then be encoded as atuple (w,w1, . . . ,wn), where n is the number of variables, w ∈ Σ∗, and w1, . . . ,wn ∈ 0, 1∗. Since allof w,w1, . . . ,wn have the same length, we can as in the case of transducers look at (w,w1, . . . ,wn)as a word over the alphabet Σ × 0, 1n. For the two interpretations above we get the encodings

xyXY

a1001

a0011

b0110

andxyXY

b0101

a1000

corresponding to the words


a1001

a0011

b0110

and

b0101

a1000

over Σ × 0, 14

Definition 9.13 Let ϕ be a formula with n free variables, and let (w, I) be an interpretation of ϕ.We denote by enc(w, I) the word over the alphabet Σ × 0, 1n described above. The language of ϕis L (ϕ) = enc(w, I) | (w, I) |= ϕ.

Now that we have associated to every formula ϕ a language (whose alphabet depends on thefree variables), we prove by induction on the structure of ϕ that L (ϕ) is regular. We do so byexhibiting automata (actually, transducers) accepting L (ϕ). For simplicity we assume Σ = a, b,and denote by free(ϕ) the set of free variables of ϕ.

• ϕ = Qa(x). Then free(ϕ) = x, and the interpretations of ϕ are encoded as words over Σ×0, 1.The language L (ϕ) is given by

L (ϕ) =

[a1b1

]. . .

. . .

[ak

bk

] ∣∣∣∣∣∣∣∣∣k ≥ 0,ai ∈ Σ and bi ∈ 0, 1 for every i ∈ 1, . . . , k, andbi = 1 for exactly one index i ∈ 1, . . . , k such that ai = a

and is recognized by

[a0

],

[b0

][a0

],

[b0

][a1

]

• ϕ = x < y. Then free(ϕ) = x, y, and the interpretations of φ are encoded as words overΣ × 0, 12. The language L (ϕ) is given by

L (ϕ) =

a1b1c1

. . .

. . .

ak

bk

ck

∣∣∣∣∣∣∣∣∣∣∣∣∣∣

k ≥ 0,ai ∈ Σ and bi, ci ∈ 0, 1 for every i ∈ 1, . . . , k,bi = 1 for exactly one index i ∈ 1, . . . , k,c j = 1 for exactly one index j ∈ 1, . . . , k, andi < j



a01b01

a00b00

a00

,b00

a00

b00

a10b10

• ϕ = x ∈ X. Then free(ϕ) = x, X, and interpretations are encoded as words over Σ × 0, 12.The language L (ϕ) is given by

L (ϕ) =

a1b1c1

. . .

. . .

ak

bk

ck

∣∣∣∣∣∣∣∣∣∣∣

k ≥ 0,ai ∈ Σ and bi, ci ∈ 0, 1 for every i ∈ 1, . . . , k,bi = 1 for exactly one index i ∈ 1, . . . , k, andfor every i ∈ 1, . . . , k, if bi = 1 then ci = 1


a00 ,

b00 ,

a01 ,

b01

a00 ,

b00 ,

a01 ,

b01 a11

,b11

• ϕ = ¬ψ. Then free(ϕ) = free(ψ), and by induction hypothesis there exists an automaton Aψs.t. L

(Aψ

)= L (ψ).

Observe that L (ϕ) is not in general equal to L (ψ). To see why, consider for example the caseψ = Qa(x) and ϕ = ¬Qa(x). The word [

a1

] [a1

] [a1

]belongs neither to L (ψ) nor L (ϕ), because it is not the encoding of any interpretation: thebitstring for x contains more than one 1. What holds is L (ϕ) = L (ψ) ∩ Enc(ψ), whereEnc(ψ) is the language of the encodings of all the interpretations of ψ (whether they aremodels of ψ or not). We construct an automaton Aenc

ψ recognizing Enc(ψ), and so we cantake Aϕ = Aψ ∩ Aenc

ψ .

Assume ψ has k first-order variables. Then a word belongs to Enc(ψ) iff each of its projec-tions onto the 2nd, 3rd, . . . , (k + 1)-th component is a bitstring containing exactly one 1. Asstates of Aenc

ψ we take all the strings 0, 1k. The intended meaning of a state, say state 101for the case k = 3, is “the automaton has already read the 1’s in the bitstrings of the first andthird variables, but not yet read the 1 in the second.” The initial and final states are 0k and1k, respectively. The transitions are defined according to the intended meaning of the states.


For instance, the automaton Aencx<y is

a10 ,

b10

a01 ,

b01

a01 ,

b01

a11 ,

b11

a00 ,

b00

a00 ,

b00

a10 ,

b10

a00 ,

b00

a00 ,

b00

Observe that the number of states of Aencψ grows exponentially in the number of free variables.

This makes the negation operation expensive, even when the automaton Aφ is deterministic.

• ϕ = ϕ1 ∨ ϕ2. Then free(ϕ) = f ree(ϕ1) ∪ free(ϕ2), and by induction hypothesis there areautomata Aϕi , Aϕ2 such that L(Aϕ1) = L(ϕ1) and L(Aϕ2) = L(ϕ2).

If free(ϕ1) = free(ϕ2), then we can take Aϕ = Aϕ1 ∪ Aϕ2 . But this need not be the case. Iffree(ϕ1) , free(ϕ2), then L(ϕ1) and L(ϕ2) are languages over different alphabets Σ1,Σ2, orover the same alphabet, but with different intended meaning, and we cannot just computetheir intersection. For example, if ϕ1 = Qa(x) and ϕ2 = Qb(y), then both L(ϕ1) and L(ϕ2)are languages over Σ × 0, 1, but the second component indicates in the first case the valueof x, in the second the value of y.

This problem is solved by extending L(ϕ1) and L(Aϕ2) to languages L1 and L2 over Σ×0, 12.In our example, the language L1 contains the encodings of all interpretations (w, x 7→n1, y 7→ n2) such that the projection (w, x 7→ n1) belongs to L(Qa(x)), while L2 containsthe interpretations such that (w, y 7→ n2) belongs to L(Qb(y)). Now, given the automatonAQa(x) recognizing L(Qa(x))

[a0

],

[b0

][a1

][a0

],

[b0

]

we transform it into an automaton A1 recognizing L1

9.2. MONADIC SECOND-ORDER LOGIC ON WORDS 209a00 ,

a01 ,

b00 ,

b01

a00 ,

a01 ,

b00 ,

b01a10

,a11

After constructing A2 similarly, take Aϕ = A1 ∪ A2.

• ϕ = ∃x ψ. Then free(ϕ) = f ree(ψ) \ x, and by induction hypothesis there is an automatonAψ s.t. L

(Aψ

)= L (ψ). Define A∃ xψ as the result of the projection operation, where we

project onto all variables but x. The operation simply corresponds to removing in each letterof each transition of Aσ the component for variable x. For example, the automaton A∃x Qa(x)is obtained by removing the second components in the automaton for AQa(x) shown above,yielding

a, b a, b

a

Observe that the automaton for ∃x ψ can be nondeterministic even if the one for ψ is deter-ministic, since the projection operation may map different letters into the same one.

• ϕ = ∃X ϕ. We proceed as in the previous case.

Size of Aϕ. The procedure for constructing Aϕ proceeds bottom-up on the syntax tree of ϕ. Wefirst construct automata for the atomic formulas in the leaves of the tree, and then proceed upwards:given automata for the children of a node in the tree, we construct an automaton for the node itself.

Whenever a node is labeled by a negation, the automaton for it can be exponentially biggerthan the automaton for its only child. This yields an upper bound for the size of Aϕ equal to a towerof exponentials, where the height of the tower is equal to the largest number of negations in anypath from the root of the tree to one of its leaves.

It can be shown that this very large upper bound is essentially tight: there are formulas forwhich the smallest automaton recognizing the same language as the formula reaches the upperbound. This means that MSO-logic allows to describe some regular languages in an extremelysuccinct form.

Example 9.14 Consider the alphabet Σ = a, b and the language a∗b ⊆ Σ∗, recognized by theNFA

a

b


We derive this NFA by giving a formula ϕ such that L (ϕ) = a∗b, and then using the proceduredescribed above. We shall see that the procedure is quite laborious. The formula states that the lastletter is b, and all other letters are a’s.

ϕ = ∃x (last(x) ∧ Qb(x)) ∧ ∀x (¬last(x)→ Qa(x))

We first bring ϕ into the equivalent form

ψ = ∃x (last(x) ∧ Qb(x)) ∧ ¬∃x (¬last(x) ∧ ¬Qa(x))

We transform ψ into an NFA. First, we compute an automaton for last(x) = ¬∃y x < y. Recallthat the automaton for x < y is

a01b01

a00b00

a00

,b00

a00

b00

a10b10

[x < y]

Applying the projection operation, we get following automaton for ∃y x < y

[a0

],

[b0

] [a0

],

[b0

][a0

],

[b0

][a1

],

[b1

] [a0

],

[b0

][∃y x < y]

Recall that computing the automaton for the negation of a formula requires more than complement-ing the automaton. First,we need an automaton recognizing Enc(∃y x < y).

[a1

],

[b1

][a0

],

[b0

][a0

],

[b0

]

Second, we determinize and complement the automaton for ∃y x < y:

[a0

],

[b0

]

Σ × 0, 1

[a1

],

[b1

] Σ × 0, 1


And finally, we compute the intersection of the last two automata, getting

[a0

],

[b0

][a1

],

[b1

][a0

],

[b0

][a0

],

[b0

]

whose last state is useless and can be removed, yielding the following NFA for last(x):

[a0

],

[b0

][a1

],

[b1

][last(x)]

Next we compute an automaton for ∃x (last(x) ∧ Qb(x)) , the first conjunct of ψ. We start with anNFA for Qb(x)

[b1

][a0

],

[b0

] [a0

],

[b0

][Qb(x)]

The automaton for ∃x (last(x) ∧ Qb(x)) is the result of intersecting this automaton with the NFAfor last(x) and projecting onto the first component. We get

a, b

b[∃x (last(x) ∧ Qb(x))]

Now we compute an automaton for ¬∃x (¬last(x) ∧ ¬Qa(x)), the second conjunct of ψ. We firstobtain an automaton for ¬Qa(x) by intersecting the complement of the automaton for Qa(x) andthe automaton for Enc(Qa(x). The automaton for Qa(x) is

[a1

][a0

],

[b0

] [a0

],

[b0

][Qa(x)]


and after determinization and complementation we get

[a1

]

[b1

] [a1

] [b1

]

Σ × 0, 1

[a0

] [b0

][a0

] [b0

]

For the automaton recognizing Enc(Qa(x)), notice that Enc(Qa(x)) = Enc(∃y x < y), because bothformulas have the same free variables, and so the same interpretations. But we have already com-puted an automaton for Enc(∃y x < y), namely

[a1

],

[b1

][a0

],

[b0

][a0

],

[b0

]

The intersection of the last two automata yields a three-state automaton for ¬Qa(x), but after elim-inating a useless state we get

[b1

][a0

],

[b0

] [a0

],

[b0

][¬Qa(x)]

Notice that this is the same automaton we obtained for Qb(x), which is fine, because over thealphabet a, b the formulas Qb(x) and ¬Qa(x) are equivalent.

To compute an automaton for ¬last(x) we just observe that ¬last(x) is equivalent to ∃y x < y,for which we have already compute an NFA, namely

[a0

],

[b0

] [a0

],

[b0

][a0

],

[b0

][a1

],

[b1

] [a0

],

[b0

][¬last(x)]


Intersecting the automata for ¬last(x) and ¬Qa(x), and subsequently projecting onto the first com-ponent, we get an automaton for ∃x (¬last(x) ∧ ¬Qa(x))

a, b

b

a, b a, b

a, b[∃x (¬last(x) ∧ ¬Qa(x))]

Determinizing, complementing, and removing a useless state yields the following NFA for¬∃x (¬last(x)∧¬Qa(x)):

a

b[¬∃x (¬last(x) ∧ ¬Qa(x))]

Summarizing, the automata for the two conjuncts of ψ are

a, b

band

a

b

whose intersection yields a 3-state automaton, which after removal of a useless state becomes

a

b[∃x (last(x) ∧ Qb(x)) ∧ ¬∃x (¬last(x) ∧ ¬Qa(x))]

ending the derivation.

Exercises

Exercise 109 Give formulations in plain English of the languages described by the following for-mulas of FO(a, b), and give a corresponding regular expression:

(a) ∃x first(x)

(b) ∀x false


(c) ¬∃x∃y(x < y ∧ Qa(x) ∧ Qb(y)

)∧ ∀x

(Qb(x)→ ∃y x < y ∧ Qa(y)

)∧ ∃x¬∃y x < y

Exercise 110 Let Σ = a, b.

(a) Give a formula ϕn(x, y) of FO(Σ), of size O(n), that holds iff y = x + 2n. (Notice that theabbreviation y = x + k of page 9.1 has length O(k), and so it cannot be directly used.)

(b) Give a sentence of FO(Σ), of size O(n), for the language Ln = ww | w ∈ Σ∗ and |w| = 2n.

(c) Show that the minimal DFA accepting Ln has at least 22nstates.

(Hint: consider the residuals of Ln.)

Exercise 111 The nesting depth d(ϕ) of a formula ϕ of FO(a) is defined inductively as follows:

• d(Qa(x)) = d(x < y) = 0;

• d(¬ϕ) = d(ϕ), d(ϕ1 ∨ ϕ2) = maxd(ϕ1), d(ϕ2); and

• d(∃x ϕ) = 1 + d(ϕ).

Prove that every formula ϕ of FO(a) of nesting depth n is equivalent to a formula f of QF havingthe same free variables as ϕ, and such that every constant k appearing in f satisfies k ≤ 2n.

Hint: Modify suitably the proof of Theorem 9.8.

Exercise 112 Let Σ be a finite alphabet. A language L ⊆ Σ∗ is star-free if it can be expressed by astar-free regular expression, i.e. a regular expression where the Kleene star operation is forbidden,but complementation is allowed. For example, Σ∗ is star-free since Σ∗ = ∅, but (aa)∗ is not.

(a) Give star-free regular expressions and FO(Σ) sentences for the following star-free languages:

(i) Σ+.

(ii) Σ∗AΣ∗ for some A ⊆ Σ.

(iii) A∗ for some A ⊆ Σ.

(iv) (ab)∗.

(v) w ∈ Σ∗ | w does not contain aa .

(b) Show that finite and cofinite languages are star-free.

(c) Show that for every sentence ϕ ∈ FO(Σ), there exists a formula ϕ+(x, y), with two freevariables x and y, such that for every w ∈ Σ+ and for every 1 ≤ i ≤ j ≤ w,

w |= ϕ+(i, j) iff wiwi+1 · · ·w j |= ϕ .


(d) Give a polynomial time algorithm that decides whether the empty word satisfies a givensentence of FO(Σ).

(e) Show that every star-free language can be expressed by an FO(Σ) sentence. (Hint: use (c).)

Exercise 113 Give a MSO-formula Odd card(X) expressing that the cardinality of the set of posi-tions X is odd. Hint: Follow the pattern of the formula Even(X).

Exercise 114 Given a formula ϕ of MSO(Σ) and a second order variable X not occurring in ϕ,show how to construct a formula ϕX with X as free variable expressing “the projection of the wordonto the positions of X satisfies ϕ”. Formally, ϕX must satisfy the following property: for everyinterpretation I of ϕX , we have (w, I) |= ϕX iff (w|I(X), I) |= ϕ, where w|I(X) denotes the result ofdeleting from w the letters at all positions that do not belong to I(X).

Exercise 115 (1) Given two sentences ϕ1 and ϕ2 of MSO(Σ), construct a sentence Conc(ϕ1, ϕ2)satisfying L(Conc(ϕ1, ϕ2)) = L(ϕ1) · L(ϕ2).

(2) Given a sentence ϕ of MSO(Σ), construct a sentence Star(ϕ) satisfying L(Star(ϕ)) = L(ϕ)∗.

(3) Give an algorithm RegtoMSO that accepts a regular expression r as input and directly con-structs a sentence ϕ of MSO(Σ) such that L(ϕ) = L(r), without first constructing an automa-ton for the formula.

Hint: Use the solution to Exercise 114.

Exercise 116 Consider the logic PureMSO(Σ) with syntax

ϕ := X ⊆ Qa | X < Y | X ⊆ Y | ¬ϕ | ϕ ∨ ϕ | ∃X ϕ

Notice that formulas of PureMSO(Σ) do not contain first-order variables. The satisfaction relationof PureMSO(Σ) is given by:

(w, I) |= X ⊆ Qa iff w[p] = a for every p ∈ I(X)(w, I) |= X < Y iff p < p′ for every p ∈ I(X), p′ ∈ I(Y)(w, I) |= X ⊆ Y iff p < p′ for every p ∈ I(X), p′ ∈ I(Y)

with the rest as for MSO(Σ).Prove that MSO(Σ) and PureMSO(Σ) have the same expressive power for sentences. That is,

show that for every sentence φ of MSO(Σ) there is an equivalent sentence ψ of PureMSO(Σ), andvice versa.

Exercise 117 Recall the syntax of MSO(Σ):



We have introduced y = x + 1 (“y is the successor position of x”) as an abbreviation

y = x + 1 := x < y ∧ ¬∃z (x < z ∧ z < y)

Consider now the variant MSO′(Σ) in which, instead of an abbreviation, y = x + 1 is part of thesyntax and replaces x < y. In other words, the syntax of MSO′(Σ) is

ϕ := Qa(x) | y = x + 1 | x ∈ X | ¬ϕ | ϕ ∨ ϕ | ∃x ϕ | ∃X ϕ

Prove that MSO′(Σ) has the same expressive power as MSO(Σ) by finding a formula of MSO′(Σ)with the same meaning as x < y.

Exercise 118 Give a defining formula of MSO(a, b) for the following languages:

(a) aa∗b∗.

(b) The set of words with an odd number of occurrences of a.

(c) The set of words such that every two b with no other b in between are separated by a blockof a of odd length.

Exercise 119 1. Give a formula Block between of MSO(Σ) such that Block between(X, i, j)holds whenever X = i, i + 1, . . . , j.

2. Let 0 ≤ m < n. Give a formula Modm,n of MSO(Σ) such that Modm,n(i, j) holds whenever|wiwi+1 · · ·w j| ≡ m (mod n), i.e. whenever j − i + 1 ≡ m (mod n).

3. Let 0 ≤ m < n. Give a sentence of MSO(Σ) for am(an)∗.

4. Give a sentence of MSO(a, b) for the language of words such that every two b’s with noother b in between are separated by a block of a’s of odd length.

Exercise 120 Consider a formula φ(X) of MSO(Σ) that does not contain any occurrence of theQa(x). Given any two interpretations that assign to X the same set of positions, we have that eitherboth interpretations satisfy φ(X), or none of them does. So we can speak of the sets of naturalnumbers (positions) satisfying φ(X). In this sense, φ(X) expresses a property of the finite sets ofnatural numbers, which a particular set may satisfy or not.

This observation can be used to automatically prove some (very) simple properties of the natu-ral numbers. Consider for instance the following “conjecture”: every finite set of natural numbershas a minimal element2. The conjecture holds iff the formula

Has min(X) := ∃x ∈ X ∀y ∈ X x ≤ y

is satisfied by every interpretation in which X is nonempty. Construct an automaton for Has min(X),and check that it recognizes all nonempty sets.

2Of course, this also holds for every infinite set, but we cannot prove it using MSO over finite words.


Exercise 121 The encoding of a set is a string, that can be seen as the encoding of a number. Wecan use this observation to express addition in monadic second-order logic. More precisely, find aformula Sum(X,Y,Z) that is true iff nX + nY = nZ , where x, y, z are the numbers encoded by the setsX,Y,Z, respectively, using the LSBF-encoding. For instance, the words

XYZ

011

110

001

andXYZ

110

111

111

111

100

001

000

000

should satisfy the formula: the first encodes 2 + 3 = 5, and the second encodes 31 + 15 = 46.


Chapter 10

Applications III: Presburger Arithmetic

Presburger arithmetic is a logical language for expressing properties of numbers by means of ad-dition and comparison. A typical example of such a property is “x + 2y > 2z and 2x − 3z = 4y”.The property is satisfied by some triples (nx, ny, nz) of natural numbers, like (4, 2, 0) and (8, 1, 4),but not by others, like (6, 0, 4) or (2, 2, 4). Valuations satisfying the property are called solutionsor models. We show how to construct for a given formula ϕ of Presburger arithmetic an NFA Aϕrecognizing the solutions of ϕ. In Section 10.1 we introduce the syntax and semantics of Presburgerarithemetic. Section 10.2 constructs a NFA recognizing all solutions over the natural numbers, andSection 10.3 a NFA recognizing all solutions over the integers.

10.1 Syntax and Semantics

Formulas of Presburger arithmetic are constructed out of an infinite set of variables V = x, y, z, . . .and the constants 0 and 1. The syntax of formulas is defined in three steps. First, the set of terms isinductively defined as follows:

• the symbols 0 and 1 are terms;

• every variable is a term;

• if t and u are terms, then t + u is a term.

An atomic formula is an expression t ≤ u, where t and u are terms. The set of Presburger formulasis inductively defined as follows:

• every atomic formula is a formula;

• if ϕ1, ϕ2 are formulas, then so are ¬ϕ1, ϕ1 ∨ ϕ2, and ∃x ϕ1.

219

220 CHAPTER 10. APPLICATIONS III: PRESBURGER ARITHMETIC

As usual, variables within the scope of an existential quantifier are bounded, and otherwise free.Besides standard abbreviations like ∀, ∧,→, we also introduce:

n := 1 + 1 + . . . + 1︸︷︷︸n times

nx := x + x + . . . + x︸︷︷︸n times

t ≥ t′ := t′ ≤ tt = t′ := t ≤ t′ ∧ t ≥ t′

t < t′ := t ≤ t′ ∧ ¬(t = t′)t > t′ := t′ < t

An interpretation is a function I : V → IN . An interpretation I is extended to terms in thenatural way: I(0) = 0, I(1) = 1, and I(t + u) = I(t) + I(u). The satisfaction relation I |= ϕ foran interpretation I and a formula ϕ is inductively defined as follows, where I[n/x] denotes theinterpretation that assigns the number n to the variable x, and the same numbers as I to all othervariables:

I |= t ≤ u iff I(t) ≤ I(u)I |= ¬ϕ1 iff I 6|= ϕ1I |= ϕ1 ∨ ϕ2 iff I |= ϕ1 or I |= ϕ2I |= ∃xϕ iff there exists n ≥ 0 such that I[n/x] |= ϕ

It is easy to see that whether I satisfies ϕ or not depends only on the values I assigns to the freevariables of ϕ (i.e., if two interpretations assign the the same values to the free variables , theneither both satisfy the formula, or none does). The solutions of ϕ are the projection onto the freevariables of ϕ of the interpretations that satisfy ϕ. if we fix a total order on the set V of variablesand a formula ϕ has k free variables, then its set of solutions can be represented as a subset of INk,or as relation of arity k over the universe IN. We call this subset the solution space of ϕ, and denoteit by Sol(ϕ).

Example 10.1 The solution space of the formula x−2 ≥ 0 is the set 2, 3, 4, . . .. The free variablesof the formula ∃x (2x = y ∧ 2y = z) are y and z. The solutions of the formula are the pairs(2n, 4n) | n ≥ 0, where we assume that the first and second components correspond to the valuesof y and z, respectively.

Automata encoding natural numbers. We use transducers to represent, compute and manipu-late solution spaces of formulas. As in Section 6.1 of Chapter 6, we encode natural numbers asstrings over 0, 1 using the least-significant-bit-first encoding LSBF. If a formula has free variablesx1, . . . , xk, then its solutions are encoded as words over 0, 1k. For instance, the word

x1x2x3

100

010

100

010

encodes the solution (3, 10, 0). The language of a formula φ is defined as

L (ϕ) =⋃

s∈Sol(ϕ)

LSBF(s)

10.2. AN NFA FOR THE SOLUTIONS OVER THE NATURALS 221

where LSBF(s) denotes the set of all encodings of the tuple s of natural numbers. In other words,L (ϕ) is the encoding of the relation Sol(ϕ).

10.2 An NFA for the Solutions over the Naturals

Given a Presburger formula ϕ, we construct a transducer Aϕ such that L(Aϕ

)= L (ϕ). Recall that

Sol(ϕ) is a relation over IN whose arity is given by the number of free variables of φ. The lastsection of Chapter 6 implements operations relations of arbitrary arity. These operations can beused to compute the solution space of the negation of a formula, the disjunction of two formulas,and the existential quantification of two formulas:

• The solution space of the negation of a formula with k free variables is the complement of itssolution space with respect to the universe Uk. In general, when computing the complementof a relation we have to worry about ensuring that the NFAs we obtain only accept words thatencode some tuple of elements (i.e., some clean-up maybe necessary to ensure that automatado not accept words encoding nothing). For Presburger arithmetic this is not necessary,because in the LSBF encoding every word encodes some tuple of numbers.

• The solution space of a disjunction ϕ1 ∨ ϕ2 where ϕ1 and ϕ2 have the same free variables isclearly the union of their solution spaces, and can be computed as Union(Sol(ϕ1), Sol(ϕ2)).If ϕ1 and ϕ2 have different sets V1 and V2 of free variables, then some preprocessing is neces-sary. Define SolV1∪V2(ϕi) as the set of valuations of V1∪V2 whose projection onto V1 belongsto Sol(ϕi). Transducers recognizing SolV1∪V2(ϕi) for i = 1, 2 are easy to compute from trans-ducers recognizing Sol(ϕi), and the solution space is Union(SolV1∪V2(ϕ1), SolV1∪V2(ϕ2)).

• The solution space of a formula ∃x ϕ, where x is a free variable of ϕ, is Projection I(Sol(ϕ)),where I contains the indices of all variables with the exception of the index of x.

It only remains to construct automata recognizing the solution space of atomic formulas. Consideran expression of the form

ϕ = a1x1 + . . . + anxn ≤ b

where a1, . . . , an, b ∈ Z (not N!). Since we allow negative integers as coefficients, for everyatomic formula there is an equivalent expression in this form (i.e., an expression with the samesolution space). For example, x ≥ y + 4 is equivalent to −x + y ≤ −4. Letting a = (a1, . . . , an),x = (x1, . . . , xn), and denoting the scalar product of a and x by a · x we write ϕ = a · x ≤ b.

We construct a DFA for Sol(ϕ). The states of the DFA are integers. We choose transitions andfinal states of the DFA so that the following property holds:

State q ∈ Z recognizes the encodings of the tuples c ∈ INn such that a · c ≤ q. (10.1)

Given a state q ∈ Z and a letter ζ ∈ 0, 1n, let us determine the target state q′ of the transition

qζ−−→ q′ of the DFA. A word w ∈ (0, 1n)∗ is accepted from q′ iff the word ζw is accepted from


q. Since we use the lsbf encoding, if c ∈ INn is the tuple of natural numbers encoded by w, thenthe tuple encoded by ζw is 2c + ζ. So c ∈ INn is accepted from q′ iff 2c + ζ is accepted from q.Therefore, in order to satisfy property 10.1 we must choose q′ so that a · c ≤ q′ iff a · (2c + ζ) ≤ q.A little arithmetic yields

q′ =

⌊q − a · ζ2

⌋and so we define the transition function of the DFA by

δ(q, ζ) =

⌊q − a · ζ2

⌋.

For the final states we observe that a state is final iff it accepts the empty word iff it accepts thetuple (0, . . . , 0) ∈ INn. So in order to satisfy property 10.1 we must make state q final iff q ≥ 0. Asinitial state we choose b. This leads to the algorithm AFtoDFA(ϕ) of Table 10.1, where for claritythe state corresponding to an integer k ∈ Z is denoted by sk.

AFtoDFA(ϕ)Input: Atomic formula ϕ = a · x ≤ bOutput: DFA Aϕ = (Q,Σ, δ, q0, F) such that L

(Aϕ

)= L (ϕ)

1 Q, δ, F ← ∅; q0 ← sb

2 W ← sb

3 while W , ∅ do4 pick sk from W5 add sk to Q6 if k ≥ 0 then add sk to F7 for all ζ ∈ 0, 1n do

8 j←⌊k − a · ζ

2

⌋9 if s j < Q then add s j to W

10 add (sk, ζ, s j) to δ

Table 10.1: Converting an atomic formula into a DFA recognizing the lsbf encoding of its solutions.

Example 10.2 Consider the atomic formula 2x − y ≤ 2. The DFA obtained by applying AFtoDFAto it is shown in Figure 10.1. The initial state is 2. Transitions leaving state 2 are given by

δ(2, ζ) =

⌊2 − (2,−1) · (ζx, ζy)

2

⌋=

⌊2 − 2ζx + ζy

2

⌋

and so we have 2[0,0]−−−−→ 1, 2

[0,1]−−−−→ 1, 2

[1,0]−−−−→ 0 and 2

[1,1]−−−−→ 0. States 2, 1 , and 0 are final. The DFA


[10

],

[11

]

[10

] [11

]

[01

][00

],

[01

]

[10

],

[11

]

[10

]

[00

] [01

]

[00

],

[01

]

[10

]

−2

0

−1[00

],

[11

]

[00

],

[11

]1

[01

]2

Figure 10.1: DFA for the formula 2x − y ≤ 2.

accepts, for example, the word [00

] [01

] [10

] [10

] [01

] [01

]which encodes x = 12 and y = 50 and, indeed 24 − 50 ≤ 2. If we remove the last letter then theword encodes x = 12 and y = 18, and is not accepted, which indeed corresponds to 24 − 18 2.

Consider now the formula x + y ≥ 4. We rewrite it as −x − y ≤ −4, and apply the algorithm.The resulting DFA is shown in Figure 10.2. The initial state is −4. Transitions leaving −4 are givenby

δ(−4, ζ) =

⌊−4 − (−1,−1) · (ζx, ζy)

2

⌋=

⌊−4 + ζx + ζy

2

⌋and so we have

−4[0,0]−−−−→−2 , −4

[0,1]−−−−→−2 , −4

[1,0]−−−−→−2 , −4

[1,1]−−−−→−1 .

Notice that the DFA is not minimal, since states 0 and 1 can be merged.

Partial correctness of AFtoDFA is easily proved by showing that for every q ∈ Z and every wordw ∈ (0, 1n)∗, the state q accepts w iff w encodes c ∈ INn satisfying a · c ≤ q. The proof proceedsby induction of |w|. For |w| = 0 the result follows immediately from the definition of the finalstates, and for |w| > 0 from the fact that δ satisfies property 10.1 and from the induction hypothesis.Details are left to the reader. Termination of AFtoDFA also requires a proof: in principle thealgorithm could keep generating new states forever. We show that this is not the case.

Lemma 10.3 Let ϕ = a · x ≤ b and let s =∑k

i=1 |ai|. All states s j added to the workset during theexecution of AFtoDFA(ϕ) satisfy

− |b| − s ≤ j ≤ |b| + s.


−4

−1

−2[00

],

[01

],

[10

]

1

[11

] [01

],

[10

],

[11

]

[00

],

[01

],

[10

][01

],

[10

],

[11

][11

]

[00

],

[01

],

[10

]

[00

]

[00

]0

[11

]

Figure 10.2: DFA for the formula x + y ≥ 4.

Proof: The property holds for sb, the first state added to the workset. We show that, at any pointin time, if all the states added to the workset so far satisfy the property, then so does the nextone. Let s j be this next state. Then there exists a state sk in the workset and ζ ∈ 0, 1n such thatj = b 1

2 (k − a · ζ)c. Since by assumption sk satisfies the property we have

− |b| − s ≤ k ≤ |b| + s

and so ⌊− |b| − s − a · ζ

2

⌋≤ j ≤

⌊|b| + s − a · ζ

2

⌋(10.2)

Now we manipulate the right and left ends of (10.2). A little arithmetic yields

− |b| − s ≤− |b| − 2s

2≤

⌊− |b| − s − a · ζ

2

⌋⌊|b| + s − a · ζ

2

⌋≤

|b| + 2s2

≤ |b| + s

which together with (10.2) leads to

− |b| − s ≤ j ≤ |b| + s

and we are done.

Example 10.4 We compute all natural solutions of the system of linear inequations

2x − y ≤ 2x + y ≥ 4


such that both x and y are multiples of 4. This corresponds to computing a DFA for the Presburgerformula

∃z x = 4z ∧ ∃w y = 4w ∧ 2x − y ≤ 2 ∧ x + y ≥ 4

The minimal DFA for the first two conjuncts can be computed using projections and intersections,but the result is also easy to guess: it is the DFA of Figure 10.3 (where a trap state has beenomitted).

q2q1q0

[00

] [00

] [00

] [01

] [10

] [11

]

Figure 10.3: DFA for the formula ∃z x = 4z ∧ ∃w y = 4w.

The solutions are then represented by the intersection of the DFAs shown in Figures 10.1, 10.2(after merging states 0 and 1), and 10.3. The result is shown in Figure 10.4. (Some states fromwhich no final state can be reached are omitted.)

2,−4, q0 1,−2, q1 0,−1, q2

0, 0, q2

−1, 0, q2 −2, 0, q2

[01

]

[10

],

[11

] [00

],

[01

][10

],

[11

][00

],

[11

]

[10

][01

]

[00

],

[01

]

[10

],

[11

]

[00

] [00

][00

]

Figure 10.4: Intersection of the DFAs of Figures 10.1, 10.2, and 10.3. States from which no finalstate is reachable have been omitted.

10.2.1 Equations

A slight modification of AFtoDFA directly constructs a DFA for the solutions of a · x = b, withouthaving to intersect DFAs for a · x ≤ b and −a · x ≤ −b. The states of the DFA are a trap state qt


accepting the empty language, plus integers satisfying:

State q ∈ Z recognizes the encodings of the tuples c ∈ INn such that a · c = q. (10.3)

For the trap state qt we take δ(qt, ζ) = qt for every ζ ∈ 0, 1n. For a state q ∈ Z and a letter

ζ ∈ 0, 1n we determine the target state q′ of transition qζ−−→ q′. Given a tuple c ∈ INn, property

10.3 requires c ∈ L (q′) iff a · c = q′. As in the case of inequations, we have

c ∈ L (q′)iff 2c + ζ ∈ L (q)iff a · (2c + ζ) = q (property 10.3 for q)

iff a · c =q − a · ζ

2

If q − a · ζ is odd, then, since a · c is an integer, the equation a · c =q−a·ζ

2 has no solution. So inorder to satisfy property 10.3 we must choose q′ satisfying L (q′) = ∅, and so we take q′ = qt. Ifq − a · ζ is even then we must choose q′ satisfying a · c = q′ , and so we take q′ =

q−a·ζ2 . Therefore,

the transition function of the DFA is given by:

δ(q, ζ) =

qt if q = qt or q − a · ζ is odd

q − a · ζ2

if q − a · ζ is even

For the final states, recall that a state is final iff it accepts the tuple (0, . . . , 0). So qt is nonfinal and,by property 10.3, q ∈ Z is final iff a · (0 . . . , 0) = q. So the only final state is q = 0. The resultingalgorithm is shown in Table 10.2. The algorithm does not construct the trap state.

Example 10.5 Consider the formulas x + y ≤ 4 and x + y = 4. The result of applying AFtoDFA tox + y ≤ 4 is shown at the top of Figure 10.5. Notice the similarities and differences with the DFAfor x + y ≥ 4 in Figure 10.2. The bottom part of the Figure shows the result of applying EqtoDFAto x + y = 4. Observe that the transitions are a subset of the transitions of the DFA for x + y ≤ 4.This example shows that the DFA is not necessarily minimal, since state −1 can be deleted.

Partial correctness and termination of EqtoDFA are easily proved following similar steps to thecase of inequations.

10.3 An NFA for the Solutions over the Integers

We construct an NFA recognizing the encodings of the integer solutions (positive or negative) of aformula. In order to deal with negative numbers we use 2-complements. A 2-complement encodingof an integer x ∈ Z is any word a0a1 . . . an, where n ≥ 1, satisfying

10.3. AN NFA FOR THE SOLUTIONS OVER THE INTEGERS 227

EqtoDFA(ϕ)Input: Equation ϕ = a · x = bOutput: DFA A = (Q,Σ, δ, q0, F) such that L (A) = L (ϕ)

(without trap state)

1 Q, δ, F ← ∅; q0 ← sb

2 W ← sb

3 while W , ∅ do4 pick sk from W5 add sk to Q6 if k = 0 then add sk to F7 for all ζ ∈ 0, 1n do8 if (k − a · ζ) is even then

9 j←k − a · ζ

210 if s j < Q then add s j to W11 add (sk, ζ, s j) to δ

Table 10.2: Converting an equation into a DFA recognizing the lsbf encodings of its solutions.

x =

n−1∑i=0

ai · 2i − an · 2n (10.4)

We call an the sign bit. For example, 110 encodes 1 + 2−0 = 3, and 111 encodes 1 + 2−4 = −1. Ifthe word has length 1 then its only bit is the sign bit; in particular, the word 0 encodes the number0, and the word 1 encodes the number −1. The empty word encodes no number. Observe that allof 110, 1100, 11000, . . . encode 3, and all of 1, 11, 111, . . . encode −1. In general, it is easy to seethat all words of the regular expression a0 . . . an−1ana∗n encode the same number: for an = 0 this isobvious, and for an = 1 both a0 . . . an−11 and a0 . . . an−111m encode the same number because

−2m+n + 2m−1+n + . . . + 2n+1 = 2n .

This property allows us to encode tuples of numbers using padding. Instead of padding with 0, wepad with the sign bit.

Example 10.6 The triple (12,−3,−14) is encoded by all the words of the regular expression010

001

110

110

011

011

∗

The words


4 0

1

2

−1

[01

],

[10

],

[11

]

[11

]

[00

][11

][00

],

[01

],

[10

]

−2

[00

],

[01

],

[10

],

[11

]

[01

],

[10

],

[11

] [00

],

[01

],

[10

]

[00

][01

],

[10

],

[11

][00

]

4 0

1

2

[01

],

[10

]

[11

][00

]

[11

][00

]−1

[11

][01

],

[10

][00

]

Figure 10.5: DFAs for the formulas x + y ≤ 4 and x + y = 4.

010

001

110

110

011

and

010

001

110

110

011

011

011

encode the triples (x, y, z) and (x′, y′z′) given by

x = 0 + 0 + 4 + 8 + 0 = 12 x′ = 0 + 0 + 4 + 8 + 0 + 0 + 0 + 0 = 12y = 1 + 0 + 4 + 8 − 16 = −3 y′ = 1 + 0 + 4 + 8 + 16 + 32 − 64 = −3z = 0 + 2 + 0 + 0 − 16 = −14 z′ = 0 + 2 + 0 + 0 + 16 + 32 − 64 = −14

We construct a NFA (no longer a DFA!) recognizing the integer solutions of an atomic formulaa · x ≤ b. As usual we take integers for the states, and the NFA should satisfy:

State q ∈ Z recognizes the encodings of the tuples c ∈ Zn such that a · c ≤ q. (10.5)

However, integer states are no longer enough, because no state q ∈ Z can be final: in the 2-complement encoding the empty word encodes no number, and so, since q cannot accept the empty


word by property 10.5, q must be nonfinal. But we need at least one final state, and so we add tothe NFA a unique final state q f without any outgoing transitions, accepting only the empty word.

Given a state q ∈ Z and a letter ζ ∈ 0, 1n, we determine the targets q′ of the transitions of

the NFA of the form qζ−−→ q′ , where ζ ∈ 0, 1n. (We will see that there either one or two such

transitions.) A word w ∈ (0, 1n)∗ is accepted from some target state q iff ζw is accepted from q.In the 2-complement encoding there are two cases:

(1) If w , ε, then ζw encodes the tuple 2c + ζ ∈ Zn, where c is the tuple encoded by w.(This follows easily from the definition of 2-complements.)

(2) If w = ε, then ζw encodes the tuple −ζ ∈ Zn, because in this case ζ is the sign bit.

In case (1), property 10.5 requires a target state q′ such that a · c ≤ q iff a · (2c + ζ) ≤ q′. So we take

q′ =

⌊q − a · ζ2

⌋In case (2), property 10.5 only requires a target state q′ if a · (−ζ) ≤ q, and if so then it requires

q′ to be a final state. So if q + a · ζ ≥ 0 then we add qζ−−→ q f to the set of transitions; in this case

the automaton has two transitions leaving state q and labeled by ζ. Summarizing, we define thetransition function of the NFA by

δ(q, ζ) =

⌊q − a · ζ

2

⌋, q f

if q + a · ζ ≥ 0 ⌊q − a · ζ

2

⌋ otherwise

Observe that the NFA contains all the states and transitions of the DFA for the natural solutions ofa · x ≤ b, plus possibly other transitions. All integer states are now nonfinal, the only final state isq f .

Example 10.7 Figure 10.6 shows at the top the NFA recognizing all integer solutions of 2x−y ≤ 2.It has all states and transitions of the DFA for the natural solutions, plus some more (compare withFigure 10.1). The final state q f and the transitions leading to it are drawn in red. Consider forinstance state −1. In order to determine the letters ζ ∈ 0, 12 for which q f ∈ δ(−1, ζ), we computeq + a · ζ = −1 + 2ζx − ζy for each (ζx, ζy) ∈ 0, 12, and compare the result to 0. We obtain that theletters leading to q f are (1, 0) and (1, 1).

10.3.1 Equations

If order to construct an NFA for the integer solutions of an equation a · x = b we can proceed asfor inequations. The result is again an NFA containing all states and transitions of the DFA forthe natural solutions computed in Section 10.2.1, plus possible some more. The automaton has an

additional final state q f , and a transition qζ−−→ q f iff q + a · ζ = 0. Graphically, we can also obtain


the NFA by starting with the NFA for a · x ≤ b, and then removing all transitions qζ−−→ q′ such that

q′ , 12 (q − a · ζ), and all transitions q

ζ−−→ q f such that q + a · ζ , 0.

Example 10.8 The NFA for the integer solutions of 2x − y = 2 is shown in the middle of Figure10.6. Its transitions are a subset of those of the NFA for 2x − y ≤ 2.

The NFA for the integer solutions of an equation has an interesting property. Since q + a · ζ = 0

holds iff q+a·ζ2 =

2q2 = q, the NFA has a transition q

ζ−−→ q f iff it also has a self-loop q

ζ−−→ q. (For

instance, state 1 of the DFA in the middle of Figure 10.6 has a red transition labeled by (0, 1) and aself-loop labeled by (0, 1).) Using this property it is easy to see that the powerset construction doesnot cause a blowup in the number of states: it only adds one extra state for each predecessor of thefinal state.

Example 10.9 The DFA obtained by applying the powerset construction to the NFA for 2x −y = 2 is shown at the bottom of Figure 10.6 (the trap state has been omitted). Each of the threepredecessors of q f gets “duplicated”.

Moreover, the DFA obtained by means of the powerset construction is minimal. This can beproved by showing that any two states recognize different languages. If exactly one of the statesis final, we are done. If both states are nonfinal, say, k and k′, then they recognize the solutionsof a · x = k and a · x = k′, and so their languages are not only distinct but even disjoint. If bothstates are final, then they are the “duplicates” of two nonfinal states k and k′, and their languagesare those of k and k′, plus the empty word. So, again, their languages are distinct.

10.3.2 Algorithms

The algorithms for the construction of the NFAs are shown in Table 10.3. Additions to the previousalgorithms are shown in blue.

Exercises

Exercise 122 Express the following expressions in Presburger arithmetic:

• x = 0 and y = 1 (if 0 and 1 were not part of the syntax),

• z = max(x, y) and z = min(x, y).

Exercise 123 It is possibly to algorithmically decide whether two formulas from Presburger arith-metic have the same solutions.


IneqZtoNFA(ϕ)Input: Inequation ϕ = a · x ≤ b over ZOutput: NFA A = (Q,Σ, δ,Q0, F) such that

L (A) = L (ϕ)

1 Q, δ, F ← ∅; Q0 ← sb

2 W ← sb

3 while W , ∅ do4 pick sk from W5 add sk to Q6 for all ζ ∈ 0, 1n do

7 j←⌊k − a · ζ

2

⌋8 if s j < Q then add s j to W9 add (sk, ζ, s j) to δ

10 if k + a · ζ ≥ 0 then11 add q f to Q and F12 add (sk, ζ, q f ) to δ

EqZtoNFA(ϕ)Input: Equation ϕ = a · x = b over ZOutput: NFA A = (Q,Σ, δ,Q0, F) such that

L (A) = L (ϕ)

1 Q, δ, F ← ∅; Q0 ← sb

2 W ← sb

3 while W , ∅ do4 pick sk from W5 add sk to Q6 for all ζ ∈ 0, 1n do7 if k − a · ζ is even then8 if k + a · ζ = 0 then add sk to F

9 j←k − a · ζ

210 if s j < Q then add s j to W11 add (sk, ζ, s j) to δ12 if k + a · ζ ≥ 0 then13 add q f to Q and F14 add (sk, ζ, q f ) to δ

Table 10.3: Converting an inequality into a NFA accepting the 2-complement encoding of thesolution space.

Exercise 124 Let r ≥ 0 and n ≥ 1. Give a Presburger formula ϕ such that J |= ϕ if, and only if,J(x) ≥ J(y) and J(x)− J(y) ≡ r (mod n). Give an automaton that accepts its solutions of ϕ for r = 0and n = 2.

Exercise 125 Construct a finite automaton for the Presburger formula ∃y (x = 3y) using the3algorithms of the chapter.

Exercise 126 AFtoDFA returns a DFA recognizing all solutions of a given linear inequation `

a1x1 + a2x2 + . . . + akxk ≤ b with a1, a2, . . . , ak, b ∈ Z (∗)

encoded using the lsbf encoding of INk. We may also use the most-significant-bit-first (msbf) en-coding, e.g.,

msbf([

23

])= L

([00

]∗ [ 11

] [01

])1. Construct a finite automaton for the inequation 2x − y ≤ 2 w.r.t. msbf encoding.


2. Adapt AFtoDFA to the msbf encoding. MB: Simply reverse the au-

tomaton?

Exercise 127 Consider the extension of FO(Σ) where addition of variables is allowed. Give asentence of this logic for palindromes over a, b, i.e. w ∈ a, b∗ : w = wR.

Exercise 128 It is late and you are craving for nuggets. Since you are stuck in the subway, you `have no idea how hungry you will be when reaching the restaurant. Since nuggets are only sold inboxes of 6, 9 and 20, you wonder if it will be possible to buy exactly the amount of nuggets youwill be craving for when arriving. You also wonder whether it is always possible to buy the exactamount of nuggets if one is hungry enough. Luckily, you can answer these questions since you arequite knowledgeable about Presburger arithmetic and automata theory.

For every finite set S ⊆ IN, let us say that n ∈ IN is an S -number if n can be obtained as alinear combination of elements of S . For example, if S = 6, 9, 20, then 67 is an S -number since67 = 3 ·6 + 1 ·9 + 2 ·20, but 25 is not. For some sets S , there are only finitely many numbers whichare not S -numbers. When this is the case, we say that the largest number which is not an S -numberis the Frobenius number of S . For example, 7 is the Frobenius number of 3, 5, and S = 2, 4 hasno Frobenius number.

To answer your questions, it suffices to come up with algorithms for Frobenius numbers and toinstantiate them with S = 6, 9, 20.

1. Give an algorithm that decides, on input n ∈ IN and a subset S ⊆finite IN, whether n is anS -number.

2. Give an algorithm that decides, on input S ⊆finite IN, whether S has a Frobenius number.

3. Give an algorithm that computes, on input S ⊆finite IN, the Frobenius number of S (assumingit exists).

4. Show that S = 6, 9, 20 has a Frobenius number, and identify this number.

Exercise 129 Automata are more expressive than Presburger arithmetic. They can represent:

ϕ(x, y) = “x is the largest power of 2 that divides x”, and

ψ(x, y) = “x is the largest power of 2 smaller or equal to x”,

while Presburger arithmetic can express neither ϕ, nor ψ. Give automata representing ϕ and ψ,where numbers are over IN and given with a lsbf encoding.


[00

],

[01

] [10

]

−2

0

−1

[00

],

[11

]1

2

[10

],

[11

]

[00

],

[01

]

[10

],

[11

] [00

],

[01

][10

] [10

],

[11

][10

],

[11

][00

],

[10

],

[01

],

[11

]

[10

]

[00

],

[10

],

[11

]

[00

],

[11

]

[01

]

[01

]

[00

],

[10

],

[01

],

[11

]

q f

[00

]

0

−1

1

2[11

]

[01

]

q f

[11

]

[10

][00

]

[01

]

[10

][01

]

[00

]

[11

]

[00

]

0

1

2[11

][10

]

[01

]

−1

[00

]

[01

]

[11

]

[11

][00

]

[10

][01

] [11

]

[10

] [01

]

Figure 10.6: NFAs for the solutions of 2x− y ≤ 2 and 2x− y = 2 over Z, and minimal DFA for thesolutions of 2x − y = 2.


Part II

Automata on Infinite Words

235

Chapter 11

Classes of ω-Automata and Conversions

Automata on infinite words, also called ω-automata in this book, were introduced in the 1960s asan auxiliary tool for proving the decidability of some problems in mathematical logic. As the nameindicates, they are automata whose input is a word of infinite length. The run of an automaton ona word typically is not expected to terminate.

Even a deterministic ω-automaton makes little sense as a language acceptor that decides if aword has a property or not: Not many people are willing to wait infinitely long to get an answerto a question! However, ω-automata still make perfect sense as a data structure, that is, as a finiterepresentation of a (possibly infinite) set of infinite words.

There are objects that can only be represented as infinite words. The example that first comesto mind are the real numbers. A second example, more relevant for applications, are programexecutions. Programs may have non-terminating executions, either because of programming errors,or because they are designed this way. Indeed, many programs whose purpose is to keep a systemrunning, like routines of an operating systems, network infrastructure, communication protocols,etc., are designed to be in constant operation. Automata on infinite words can be used to finitelyrepresent the set of executions of a program, or an abstraction of it. They are an important tool forthe theory and practice of program verification.

In the second part of this book we develop the theory of ω-automata as a data structure forlanguages of infinite words. This first chapter introduces ω-regular expressions, a textual notationfor defining languages of infinite words, and then proceeds to present different classes of automataon infinite words, most of them with the same expressive power as ω-regular expressions, andconversion algorithms between them.

11.1 ω-languages and ω-regular expressions

Let Σ be an alphabet. An infinite word, also called an ω-word, is an infinite sequence a0a1a2 . . . ofletters of Σ. The concatenation of a finite word w1 = a1 . . . an and an ω-word w2 = b1b2 . . . is theω-word w1w2 = a1 . . . anb1b2 . . ., sometimes also denoted by w1 · w2. We denote by Σω the set of

237

238 CHAPTER 11. CLASSES OF ω-AUTOMATA AND CONVERSIONS

all ω-words over Σ. A set L ⊆ Σω of ω-words is an infinitary language or ω-language over Σ.The concatenation of a language L1 and an ω-language L2 is the ω-language L1 · L2 = w1w2 ∈

Σω | w1 ∈ L1 and w2 ∈ L2. The ω-iteration of a language L ⊆ Σ∗ is the ω-language Lω =

w1w2w3 . . . | wi ∈ L \ ε. Observe that ∅ω = ∅, in contrast to the case of finite words, where∅∗ = ε.

We extend regular expressions to ω-regular expressions, a formalism to define ω-languages.

Definition 11.1 The ω-regular expressions over an alphabet Σ are defined by the following gram-mar, where r ∈ RE(Σ) is a regular expression

s ::= rω | rs1 | s1 + s2

Sometimes we write r · s1 instead of rs1. The set of all ω-regular expressions over Σ is denoted byREω(Σ). The language Lω(s) ⊆ Σ of an ω-regular expression s ∈ REω(Σ) is defined inductively as

• Lω(rω) = (L (r))ω;

• Lω(rs1) = L (r) · Lω(s1); and

• Lω(s1 + s2) = Lω(s1) ∪ Lω(s2).

A language L is ω-regular if there is an ω-regular expression s such that L = Lω(s).

Observe that the empty ω-language is ω-regular because Lω(∅ω) = ∅. As for regular expres-sions, we often identify an ω-regular expression s and its associated ω-language Lω(s).

Example 11.2 The ω-regular expression (a + b)ω denotes the language of all ω-words over a andb; (a + b)∗bω denotes the language of all ω-words over a, b containing only finitely many as, and(a∗ab + b∗ba)ω the language of all ω-words over a, b containing infinitely many as and infinitelymany bs; an even shorter expression for this latter language is ((a + b)∗ab)ω.

11.2 Buchi automata

Buchi automata have the same syntax as NFAs, but a different definition of acceptance. Supposethat an NFA A = (Q,Σ, δ,Q0, F) is given as input an infinite word w = a0a1a2 . . . over Σ. Intuitively,a run of A on w never terminates, and so we cannot define acceptance in terms of the state reached atthe end of the run. In fact, even the name “final state” is no longer appropriate for Buchi automata.So from now on we speak of “accepting states”, although we still denote the set of accepting statesby F. We say that a run of a Buchi automaton is accepting if some accepting state is visited alongthe run infinitely often. Since the set of accepting states is finite, “some accepting state is visitedinfinitely often” is equivalent to “the set of accepting states is infinitely often”.

11.2. BUCHI AUTOMATA 239

Definition 11.3 A nondeterministic Buchi automaton (NBA) is a tuple A = (Q,Σ, δ,Q0, F), whereQ, Σ, δ, Q0, and F are defined as for NFAs. A run of A on an ω-word a0a1a2 . . . ∈ Σω is an infinitesequence ρ = q0

a0−−−→ q1

a1−−−→ q2 . . ., such that qi ∈ Q for 0 ≤ i ≤ n, q0 ∈ Q0 and qi+1 ∈ δ(qi, ai) for

every 0 ≤ i.Let inf(ρ) be the set q ∈ Q | q = qi for infinitely many i’s, i.e., the set of states that occur in

ρ infinitely often. A run ρ is accepting if inf(ρ) ∩ F , ∅. A NBA accepts an ω-word w ∈ Σω if ithas an accepting run on w. The language recognized by a NBA A is the set Lω(A) = w ∈ Σω | w isaccepted by A.

The condition inf(ρ) ∩ F , ∅ on runs is called the Buchi condition F. In later sections weintroduce other kinds of accepting conditions.

A Buchi automaton is deterministic if it is deterministic when seen as an automaton on finitewords. NBAs with ε-transitions can also be defined, but we will not need them.1

Example 11.4 Figure 11.1 shows two Buchi automata. The automaton on the left is deterministic,and recognizes all ω-words over the alphabet a, b that contain infinitely many as. So, for instance,A accepts aω, baω, (ab)ω, or (ab100)ω, but not bω or a100bω. To prove that this is indeed the languagewe show that every ω-word containing infinitely many as is accepted by A, and that every wordaccepted by A contains infinitely many as. For the first part, observe that immediately after readingany a the automaton A always visits its (only) accepting state (because all transitions labeled by alead to it); therefore, when A reads an ω-word containing infinitely many as it visits its acceptingstate infinitely often, and so it accepts. For the second part, if w is accepted by A, then there isa run of A on w that visits the accepting state infinitely often. Since all transitions leading to theaccepting state are labeled by a, the automaton must read infinitely many as during the run, and sow contains infinitely many as.

b a

a

b

a, b b

b

Figure 11.1: Two Buchi automata

The automaton on the right of the figure is not deterministic, and recognizes all ω-words over thealphabet a, b that contain finitely many occurrences of a. The proof is similar.

Example 11.5 Figure 11.2 shows three further Buchi automata over the alphabet a, b, c. The top-left automaton recognizes theω-words in which for every occurrence of a there is a later occurrence

1Notice that the definition of NBA-ε requires some care, because infinite runs containing only finitely many non-εtransitions are never accepting, even if they visit some accepting state infinitely often.


of b. So, for instance, the automaton accepts (ab)ω, cω, or (bc)ω, but not acω or ab(ac)ω. The topright automaton recognizes the ω-words that contain finitely many occurrences of a, or infinitelymany occurrences of a and infinitely many occurrences of b. Finally, the automaton at the bottomrecognizes the ω-words in which between every occurrence of a and the next occurrence of c thereis at most one occurrence of b; more precisely, for every two numbers i < j, if the letter at position iis an a and the first occurrence of c after i is at position j, then there is at most one number i < k < jsuch that the letter at position k is a b.

c, a

a

b

b, c

b, c

b

b

a, c

a, b, c

b, c

a

a

b, c

b

a

c

c

Figure 11.2: Three further Buchi automata

11.2.1 From ω-regular expressions to NBAs and back

We present algorithms for converting an ω-regular expression into a NBA, and vice versa. Thisprovides a first “sanity check” for NBAs as data structure, by showing that NBAs can representexactly the ω-regular languages.

From ω-regular expressions to NBAs. We give a procedure that transforms an ω-regular ex-pression into an equivalent NBA with exactly one initial state, which moreover has no incomingtransitions.

11.2. BUCHI AUTOMATA 241

We proceed by induction on the structure of the ω-regular expression. Recall that for everyregular expression r we can construct an NFA Ar with a unique initial state, a unique final state,no transition leading to the initial state, and no transition leaving the final state. An NBA for rω isobtained by adding to Ar new transitions leading from the final state to the targets of the transitionsleaving the initial state, as shown at the top of Figure 11.3. An NBA for r · s is obtained by mergingstates as shown in the middle of the figure. Finally, an NBA for s1 + s2 is obtained by merging theinitial states of the NBAs for s1 and s2 as shown at the bottom.

From NBAs to ω-regular expressions. Let A = (Q,Σ, δ,Q0, F) be a NBA. For every two statesq, q′ ∈ Q, let Aq′

q be the NFA (not the NBA!) obtained from A by changing the set of initial statesto q and the set of final states to q′. Using algorithm NFAtoRE we can construct a regularexpression denoting L

(Aq′

q

). By slightly modifying Aq′

q we can also onstruct a regular expression

rq′q denoting the words accepted by L

(Aq′

q

)by means of runs that visit q′ exactly once (how to

do this is left as a little exercise). We use these expressions to compute an ω-regular expressiondenoting Lω(A).

For every accepting state q ∈ F, let Lq ⊆ Lω(A) be the set of ω-words w such that some runof A on w visits the state q infinitely often. We have Lω(A) =

⋃q∈F Lq. Every word w ∈ Lq can

be split into an infinite sequence w1w2w3 . . . of finite, nonempty words, where w1 is the word readby A until it visits q for the first time, and for every i > 1 wi is the word read by the automatonbetween the i-th and the (i+1)-th visits to q. It follows w1 ∈ L

(rq

q0

), and wi ∈ L

(rq

q

)for every i > 1.

So we have Lq = Lω(rq

q0

(rq

q

)ω), and therefore∑

q∈F

rqq0

(rq

q

)ωis the ω-regular expression we are looking for.

Example 11.6 Consider the top right NBA of Figure 11.2. We have to compute r10

(r1

1

)ω+ r2

0

(r2

2

)ω.

Using NFAtoRE and simplifying we get

r10 = (a + b + c)∗(b + c)

r20 = (a + b + c)∗b

r11 = (b + c)

r22 = b + (a + c)(a + b + c)∗b

and (after some further simplifications) we obtain the ω-regular expression

(a + b + c)∗(b + c)ω + (a + b + c)∗b(b + (a + c)(a + b + c)∗b

)ω.


. . .

an

a1

an

. . .

an

NBA for rω

a1 a1

NFA for r

NFA for r

NBA for s

· · · · · ·

· · · · · ·

NBA for r · s

· · · · · · · · · · · ·

· · ·

NBA for s1 + s2

· · ·· · ·

· · ·· · ·

NBA for s1

NBA for s2

· · ·

· · · · · ·

Figure 11.3: From ω-regular expressions to Buchi automata

11.3. GENERALIZED BUCHI AUTOMATA 243

11.2.2 Non-equivalence of NBAs and DBAs

Unfortunately, DBAs do not recognize all ω-regular languages, and so they do not have the sameexpressive power as NBAs. We show that the language of ω-words containing finitely many oc-currences of a is not recognized by any DBA. Intuitively, the NBA for this language “guesses” thelast occurrence of a, and this guess cannot be determinized using only a finite number of states.

Proposition 11.7 The language L = (a+b)∗bω (i.e., the language of all ω-words in which a occursonly finitely often) is not recognized by any DBA.

Proof: Assume that L = Lω(A) for a DBA A = (a, b,Q, q0, δ, F), and define δ : Q × a, b∗ → Qby δ(q, ε) = q and δ(q,wa) = δ(δ(q,w), a). That is, δ(q,w) denotes the unique state reached byreading w from state q. Consider the ω-word w0 = bω. Since w0 ∈ L, the run of A on w0 isaccepting, and so δ(q0, u0) ∈ F for some finite prefix u0 of w0. Consider now w1 = u0 a bω.We have w1 ∈ L, and so teh run of A on w1 is accepting, which implies δ(q0, u0 a u1) ∈ F forsome finite prefix u0 a u1 of w1. In a similar fashion we continue constructing finite words ui

such that δ(q0, u0 a u1 a . . . a ui) ∈ F. Since Q is finite, there are indices 0 ≤ i < j such thatδ(q0, u0 a . . . ui) = δ(q0, u0 a . . . ui a . . . a u j). It follows that A has an accepting run on

u0 a . . . ui (a ui+1 . . . a u j)ω .

But a occurs infinitely often in this word, and so the word does not belong to L.

Note that L =((a + b)∗a

)ω (the set of infinite words in which a occurs infinitely often) is acceptedby the DBA on the left of Figure 11.1.

11.3 Generalized Buchi automata

Generalized Buchi automata are an extension of Buchi automata convenient for implementing someoperations, like for instance intersection. A generalized Buchi automaton (NGA) differs from aBuchi automaton in its accepting condition. Instead of a set F of accepting states, a NGA has acollection of sets of accepting states F = F0, . . . , Fm−1. A run ρ is accepting if for every setFi ∈ F some state of Fi is visited by ρ infinitely often. Formally, ρ is accepting if inf(ρ) ∩ Fi , ∅

for every i ∈ 0, . . . ,m − 1. Abusing language, we speak of the generalized Buchi condition F.Ordinary Buchi automata correspond to the special case m = 1.

A NGA with n states and m sets of accepting states can be translated into an NBA with mnstates. The translation is based on the following observation: a run ρ visits each set of F infinitelyif and only if the following two conditions hold:

(1) ρ eventually visits F0; and

(2) for every i ∈ 0, . . . ,m − 1, every visit of ρ to Fi is eventually followed by a later visit toFi⊕1, where ⊕ denotes addition modulo m. (Between the visits to Fi and Fi⊕1 there can bearbitrarily many visits to other sets of F.)


This suggests to take for the NBA m “copies” of the NGA, but with a modification: the NBA“jumps” from the i-th to the i ⊕ 1-th copy whenever it visits a state of Fi. More precisely, thetransitions of the i-th copy that leave a state of Fi are redirected from the i-th copy to the (i ⊕ 1)-thcopy. This way, visiting the accepting states of the first copy infinitely often is equivalent to visitingthe accepting states of each copy infinitely often.

More formally, the states of the NBA are pairs [q, i], where q is a state of the NGA and i ∈0, . . . ,m− 1. Intuitively, [q, i] is the i-th copy of q. If q < Fi then the successors of [q, i] are statesof the i-th copy, and otherwise states of the (i ⊕ 1)-th copy.

The pseudocode for the conversion algorithm is as follows:

NGAtoNBA(A)Input: NGA A = (Q,Σ,Q0, δ,F), where F = F0, . . . , Fm−1

Output: NBA A′ = (Q′,Σ, δ′,Q′0, F′)

1 Q′, δ′, F′ ← ∅; Q′0 ← [q0, 0] | q0 ∈ Q0

2 W ← Q′03 while W , ∅ do4 pick [q, i] from W5 add [q, i] to Q′

6 if q ∈ F0 and i = 0 then add [q, i] to F′

7 for all a ∈ Σ, q′ ∈ δ(q, a) do8 if q < Fi then9 if [q′, i] < Q′ then add [q′, i] to W

10 add ([q, i], a, [q′, i]) to δ′

11 else /* q ∈ Fi */

12 if [q′, i ⊕ 1] < Q′ then add [q′, i ⊕ 1] to W13 add ([q, i], a, [q′, i ⊕ 1]) to δ′

14 return (Q′,Σ, δ′,Q′0, F′)

Example 11.8 Figure 11.4 shows a NGA over the alphabet a, b on the left, and the NBA obtainedby applying NGAtoNBA to it on the right. The NGA has two sets of accepting states, F0 = q andF1 = r, and so its accepting runs are those that visit both q and r infinitely often . It is easy tosee that the automaton recognizes the ω-words containing infinitely many occurrences of a andinfinitely many occurrences of b.

The NBA on the right consists of two copies of the NGA: the 0-th copy (pink) and the 1-st copy(blue). Transitions leaving [q, 0] are redirected to the blue copy, and transitions leaving [r, 1] areredirected to the pink copy. The only accepting state is [q, 0].

11.4. OTHER CLASSES OF ω-AUTOMATA 245

b a

a

b

b

a

b

b

a

a

b aq r

r, 0

r, 1q, 1

q, 0

F = q, r

Figure 11.4: A NGA and its corresponding NBA

11.4 Other classes of ω-automata

Since not every NBA is equivalent to a DBA, there is no determinization procedure for Buchiautomata. This raises the question whether such a procedure exists for other classes of automata.We shall see that the answer is yes, but the simplest determinizable classes have other problems,and so this section can be seen as a quest for automata classes satisfying more and more properties.

11.4.1 Co-Buchi Automata

Like a Buchi automaton, a (nondeterministic) co-Buchi automaton (NCA) has a set F of acceptingstates. However, a run ρ of a NCA is accepting if it only visits states of F finitely often. Formally,ρ is accepting if inf(ρ) ∩ F = ∅. So a run of a NCA is accepting iff it is not accepting as run of aNBA (this is the reason for the name “co-Buchi”). In particular, the language recognized by a DCAA is the complement of the language reconized by the DBA A, that is, by the same automaton, butwith a B’uchi instead of a co-B’uchi acceptance condition.

a

b

a

q r

Figure 11.5: Running example for the determinization procedure

We show that co-Buchi automata can be determinized. We fix an NCA A = (Q,Σ, δ,Q0, F)with n states, and, using Figure 11.5 as running example, construct an equivalent DCA B in threesteps:


1. We define a mapping dag that assigns to each w ∈ Σω a directed acyclic graph dag(w).

2. We prove that w is accepted by A iff dag(w) contains only finitely many breakpoints.

3. We construct a DCA B which accepts w if and only if dag(w) contains finitely many break-points.

Intuitively, dag(w) is the result of “bundling together” all the runs of A on the word w. Figure11.6 shows the initial parts of dag(abaω) and dag((ab)ω). Formally, for w = σ1σ2 . . . the directed

a aq, 0 q, 1 q, 2 q, 3 q, 4

r, 1 r, 3

· · ·ba a b

a a aq, 0 q, 1 q, 2 q, 3 q, 4

r, 1 r, 3 r, 4

· · ·ba a a

Figure 11.6: The (initial parts of) dag(abaω) and dag((ab)ω)

acyclic graph dag(w) has nodes in Q × IN and edges labelled by letters of Σ, and is inductivelydefined as follows:

• dag(w) contains a node 〈q, 0〉 for every initial state q ∈ Q0.

• If dag(w) contains a node 〈q, i〉 and q′ ∈ δ(q, σi+1), then dag(w) also contains a node〈q′, i + 1〉 and an edge 〈q, i〉

σi+1−−−−→〈q′, i + 1〉.

• dag(w) contains no other nodes or edges.

Clearly, q0σ1−−−→ q1

σ2−−−→ q2 · · · is a run of A if and only if 〈q0, 0〉

σ1−−−→〈q1, 1〉

σ2−−−→〈q2, 2〉 · · · is a path

of dag(w). Moreover, A accepts w if and only if no path of dag(w) visits accepting states infinitelyoften. We partition the nodes of dag(w) into levels, with the i-th level containing all nodes ofdag(w) of the form 〈q, i〉.

One could be tempted to think that the accepting condition “some path of dag(w) only visitsaccepting states finitely often” is equivalent to “only finitely many levels of dag(w) contain accept-ing states”, but dag(abaω) shows this is false: Even though all paths of dag(abaω) visit acceptingstates only finitely often, infinitely many levels (in fact, all levels i ≥ 3) contain accepting states.For this reason we introduce the set of breakpoint levels of the graph dag(w), inductively definedas follows:


• The 0-th level of dag(w) is a breakpoint.

• If level l is a breakpoint, then the next level l′ > l such that every path between nodes ofl and l′ (excluding nodes of l and including nodes of l′) visits an accepting state is also abreakpoint.

We claim that “some path of dag(w) only visits accepting states finitely often” is equivalent to “theset of breakpoint levels of dag(w) is finite”. The argument uses a simple version of Konig’s lemma:

Lemma 11.9 Let v0 be a node of a directed graph G, and let Reach(v0) be the set of nodes ofG reachable from v0. If Reach(v0) is infinite but every node of Reach(v0) has only finitely manysuccessors, then G has an infinite path starting at v0.

Proof: For every i ≥ 1, let vi be a sucessor of vi−1 such that Reach(vi) has infinitely many suc-cessors. The conditions of the lemma guarantee that vi exists, and v0 v1v2 . . . is an infinite path.

If the breakpoint set is infinite, then by Konig’s Lemma dag(w) contains at least an infinitepath, and moreover all infinite paths visit accepting states infinitely often. If the breakpoint set isfinite, let i be the largest breakpoint. If dag(w) is finite, we are done. If dag(w) is infinite, thenfor every j > i there is a path π j from level i to level j that does not visit any accepting state. Thepaths π j j>i build an acyclic graph of bounded degree. By Konig’s lemma, this graph contains aninfinite path π that never visits any accepting state, and we are done.

If we were able to tell that a level is a breakpoint by just examining it, we would be done:We would take the set of all possible levels as states of the DCA (i.e., the powerset of Q, as inthe powerset construction for determinization of NFAs), the possible transitions between levelsas transitions, and the breakpoints as accepting states. The run of this automaton on w wouldbe nothing but an encoding of dag(w), and it would be accepting iff it contains only finitely manybreakpoints, as required by the co-Buchi acceptance condition. However, the level does not containenough information for that. The solution is to add information to the states. We take for the statesof the DCA pairs [P,O], where O ⊆ P ⊆ Q, with the following intended meaning: P is the set ofstates of a level, and q ∈ O iff q is the endpoint of some path starting at the last breakpoint thathas not yet visited any accepting state (meaning that no edge of the path leads to a final state). Wecall O the set of owing states (states that “owe” a visit to the accepting states). To guarantee that Oindeed has this intended meaning, we define the DCA B = (Q,Σ, δ, q0, F) as follows:

• The initial state q0 is the pair [Q0, ∅]. (Intuitively, initially there is no last breakpoint, and sono initial state owes a visit to the accepting states.)

• The transition relation is given by δ([P,O], a) = [P′,O′], where P′ = δ(P, a), and

– if O , ∅, then O′ = δ(O, a) \ F;


– if O = ∅, (i.e., if the current level is a breakpoint, and the automaton must start searchingfor the next one) then O′ = δ(P, a) \ F; in other words, all non-final states of the nextlevel become owing.

• The accepting states are those at which a breakpoint is reached, i.e. [P,O] ∈ F is acceptingiff O = ∅.

With this definition, a run is accepting iff it contains infinitely many breakpoints. The algorithmfor the construction is

NCAtoDCA(A)Input: NCA A = (Q,Σ, δ,Q0, F)Output: DCA B = (Q,Σ, δ, q0, F) with Lω(A) = Lω(B)

1 Q, δ, F ← ∅; q0 ← [Q0, ∅]2 W ← q0

3 while W , ∅ do4 pick [P,O] from W; add [P,O] to Q5 if O = ∅ then add [P,O] to F6 for all a ∈ Σ do7 P′ = δ(P, a)8 if O , ∅ then O′ ← δ(O, a) \ F else O′ ← δ(P, a) \ F9 add ([P,O], a, [P′,O′]) to δ

10 if [P′,O′] < Q then add [P′,Q′] to W

Figure 11.7 shows the result of applying the algorithm to our running example. The NCA isat the top, and the DCA below it on the left. On the right we show the DCA obtained by applyingthe powerset construction to the NCA. It is almost the same automaton, but with the importantdifference that the state (∅, ∅) is now accepting, and so the powerset construction does not yielda correct result. For example, the DCA obtained by the powerset construction accepts the wordbω, which is not accepted by the original NCA, because it has no run on it. For the complexity,observe that the number of states of the DCA is bounded by the number of pairs [P,O] such thatO ⊆ P ⊆ Q. For every state q ∈ Q there are three mutually exclusive possibilities: q ∈ O, q ∈ P\O,and q ∈ Q \ P. So if A has n states then B has at most 3n states.

Unfortunately, co-Buchi automata are strictly less expressive than Buchi automata, and so theydo not recognize all ω-regular languages. Proving that co-Buchi automata ony recognize ω-regularlanguages is an easy exercise (Exercise 142).

In particular, we claim that no NCA recognizes the language L of ω-words over a, b contain-ing infinitely many as. To see why, assume some NCA recognizes L. Then, since every NCA canbe determinized, some DCA A recognizes L. This automaton A, interpreted as a DBA instead ofa DCA, recognizes the complement of L: indeed, a word w is recognized by the DCA A iff therun of A on w visits accepting states only finitely often iff w is not recognized by the DBA A. Butthe complement of L is (a + b)∗bω, which by Proposition 11.7 is not accepted by any DBA. We


a

b

a

q r

q

∅

b

a

b

a, b

q, r

a

q, ∅ q, r, q

a

a

b

∅, ∅

a, b

b

Figure 11.7: NCA of Figure 12.5 (top), DCA (lower left), and DFA (lower right)

have reached a contradiction, which proves the claim. So we now ask whether there is a class ofω-automata that (1) recognizes all ω-regular languages and (2) has a determinization procedure.

11.4.2 Muller automata

A (nondeterministic) Muller automaton (NMA) has a collection F0, . . . , Fm−1 of sets of acceptingstates. A run ρ is accepting if the set of states ρ visits infinitely often is equal to one of the Fi’s.Formally, ρ is accepting if inf(ρ) = Fi for some i ∈ 0, . . . ,m−1. We speak of the Muller conditionF0, . . . , Fm−1.

NMAs have the nice feature that any boolean combination of predicates of the form “state q isvisited infinitely often” can be formulated as a Muller condition. It suffices to put in the collectionall sets of states for which the predicate holds. For instance, the condition

(q ∈ inf(ρ)) ∧ ¬(q′ ∈ inf(ρ))

corresponds to the Muller condition containing all sets of states F such that q ∈ F and q′ < F. Inparticular, the Buchi and generalized Buchi conditions are special cases of the Muller condition (aswell as the Rabin and Street conditions introduced in the next sections). The obvious disadvantageis that the translation of a Buchi condition into a Muller condition involves an exponential blow-up: a Buchi automaton with states Q = q0, . . . , qn and Buchi condition qn is transformed into


an NMA with the same states and transitions, but with a Muller condition F ⊆ Q | qn ∈ F, acollection containing 2n sets of states.

Deterministic Muller automata recognize all ω-regular languages. The proof of this result iscomplicated, and we omit it here.

Theorem 11.10 (Safra) A NBA with n states can be effectively transformed into a DMA with nO(n)

states.

q0 q1

b

a

a b

Figure 11.8: A Muller automaton for (a + b)∗bω.

In particular, the DMA of Figure 11.8 with Muller condition q1 recognizes the languageL = (a + b)∗bω, which, as shown in Proposition 11.7, is not recognized by any DBA. Indeed, a runρ is accepting if inf(ρ) = q1, that is, if it visits state 1 infinitely often and state q0 finitely often.So accepting runs initially move between states q0 and q1, but eventually jump to q1 and never visitq0 again. These runs accept exactly the words containing finitely many occurrences of a.

We finally show that an NMA can be translated into a NBA, and so that Muller and Buchi au-tomata have the same expressive power. Given a Muller automaton A = (Q,Σ,Q0, δ, F0, . . . , Fm−1),it is easy to see that Lω(A) =

⋃m−1i=0 Lω(Ai), where Ai = (Q,Σ,Q0, δ, Fi). So we proceed in three

steps: first, we convert the NMA Ai into a NGA A′i ; then we convert A′i into a NBA A′′i usingNGAtoNBA; finally, we put the NBAs A′′0 , . . . , A

′′m−1 “side by side” (i.e., take the disjoint union of

their sets of states, initial states, final states, and transitions).It remains to see how to conduct the first step. Observe that, since an accepting run ρ of Ai

satisfies inf(ρ) = Fi, from some point on ρ only visits states of Fi. In other words, ρ = ρ0 ρ1, whereρ0 is a finite prefix of ρ, and ρ1 is an infinite suffix that only contains states of Fi. We constructA′i in two stages. In the first stage we take two copies of Ai, that we call Ai0 and Ai1, and putthem side by side; Ai0 is a full copy, containing all states and transitions of A, and Ai1 is a partialcopy, containing only the states of Fi and the transitions between them. We let [q, 0] denote thecopy of state q ∈ Q in Ai0, and [q, 1] the copy of a state q ∈ Fi in Ai1. In the second stage weadd some transitions that “jump” from A0 to A1: for every transition [q, 0]

a−−→[q′, 0] of A0 such

that q′ ∈ Fi, we add a transition [q, 0]a−−→[q′, 1] that “jumps” to [q′, 1], the “twin state” of [q′, 0]

in A1 (notice that [q, 0]a−−→[q′, 1] does not replace [q, 0]

a−−→[q′, 0], it is an additional transition).

Intuitively, A′i simulates ρ by executing the finite prefix ρ0 in Ai0, then jumping to Ai1, and executingρ1 there. The condition that ρ1 must visit each state of Fi infinitely often is enforced as follows: ifFi = q1, . . . , qk, then we choose for A′i the generalized Buchi condition [q1, 1], . . . , [qk, 1] .


F = F0, F1

F0 = q

F1 = r

b a

b

q r

a

a

r, 0

q, 1

q, 0

b

b

a

a

r, 0

r, 1

q, 0

b

b

a

F′1 = [r, 1] F′0 = [q, 1]

A′0 A′1

b a

b a

A

Figure 11.9: A Muller automaton and its conversion into a NBA

Example 11.11 Figure 11.9 shows on the left a NMA A = (Q,Σ, δ,Q0,F) where F = q, r .While A is syntactically identical to the NGA of Figure 11.4, we now interpret F as a Mullercondition: a run ρ is accepting if inf(ρ) = q or inf(ρ) = r. In other words, an accepting run ρeventually moves to q and stays there forever, or eventually moves to r and stays there forever. Itfollows that A accepts the ω-words that contain finitely many as or finitely many bs. On the rightpart the figure shows the two NGAs A′0, A

′1 defined above. Since in this particular case F′0 and F′1

only contain singleton sets, A′0 and A′1 are in fact NBAs, i.e., we have A′′0 = A′0 and A′′1 = A′1. Thefinal NBA is the result of putting A′0 and A′1 side by side.

Formally, the algorithm to convert a Muller automaton with only one accepting set into a NBAlooks as follows:


NMA1toNGA(A)Input: NMA A = (Q,Σ,Q0, δ, F)Output: NGA A = (Q′,Σ,Q′0, δ

′,F′)

1 Q′, δ′,F′ ← ∅2 Q′0 ← [q0, 0] | q0 ∈ Q0

3 W ← Q′04 while W , ∅ do5 pick [q, i] from W; add [q, i] to Q′

6 if q ∈ F and i = 1 then add [q, 1] to F′

7 for all a ∈ Σ, q′ ∈ δ(q, a) do8 if i = 0 then9 add ([q, 0], a, [q′, 0]) to δ′

10 if [q′, 0] < Q′ then add [q′, 0] to W11 if q ∈ F and q′ ∈ F then12 add ([q, 0], a, [q′, 1]) to δ′

13 if [q′, 1] < Q′ then add [q′, 1] to W14 else /* i = 1 */

15 if q′ ∈ F then16 add ([q, 1], a, [q′, 1]) to δ′

17 if [q′, 1] < Q′ then add [q′, 1] to W18 return (Q′,Σ, q′0, δ

′,F′)

Complexity. Assume Q contains n states and F contains m accepting sets. Each of the NGAsA′0, . . . , A

′m−1 has at most 2n states, and an acceptance condition containing at most m acceptance

sets. So each of the NBAs A′0, . . . , A′m−1 has at most 2n2 states, and the final NBA has at most

2n2m + 1 states. Observe in particular that while the conversion from NBA to NMA involves apossibly exponential blow-up, the conversion NMA to NBA does not.

It can be shown that the exponential blow-up in the conversion from NBA to NMA cannot beavoided, which leads to the next step in our quest: is there a class of ω-automata that (1) recognizesall ω-regular languages, (2) has a determinization procedure, and (3) has polynomial conversionalgorithms to and from NBA?

11.4.3 Rabin automata

The acceptance condition of a Rabin automaton is a set of pairs 〈F0,G0〉, . . . , 〈Fm−1,Gm−1〉, wherethe Fi and Gi are sets of states. A run ρ is accepting if there is i ∈ 0, . . . ,m − 1 such thatinf(ρ) ∩ Fi , ∅ and inf(ρ) ∩ Gi = ∅. If we say that a run visits a set whenever it visits one of itsstates, then we can concisely express this condition in words: a run is accepting if, for some pair〈Fi,Gi〉, it visits Fi infinitely often and Gi finitely often.


NBA can be easily transformed into nondeterministic Rabin automata (NRA) and vice versa,without any exponential blow-up.

NBA→ NRA. Just observe that a Buchi condition q1, . . . , qk is equivalent to the Rabin condi-tion

(q1, . . . , qk, ∅

) .

NRA→ NBA. Given a Rabin automaton A =(Q,Σ,Q0, δ,

〈F0,G0〉, . . . , 〈Fm−1,Gm−1〉

), it fol-

lows easily that, as in the case of Muller automata, Lω(A) =⋃m−1

i=0 Lω(Ai) holds for the NRAsAi = (Q,Σ,Q0, δ, 〈Fi,Gi〉). So it suffices to translate each Ai into an NBA. Since an accepting runρ of Ai satisfies inf(ρ) ∩ Gi = ∅, from some point on ρ only visits states of Q \ Gi. So ρ consistsof an initial finite part, say ρ0, that may visit all states, and an infinite part, say ρ1, that only visitsstates of Q \ Gi. So we take two copies of Ai. Intuitively, A′i simulates ρ by executing ρ0 in thefirst copy, and ρ1 in the second. The condition that ρ1 must visit some state of Fi infinitely often isenforced by taking Fi as Buchi condition.

Example 11.12 Figure 11.9 can be reused to illustrate the conversion of a Rabin into a Buchiautomaton. Consider the automaton on the left, but this time with Rabin accepting condition〈F0,G0〉, 〈F1,G1〉, where F0 = q = G1, and G0 = r = F1. Then the automaton acceptsthe ω-words that contain finitely many as or finitely many bs. The Buchi automata A′0, A

′1 are as

shown on the right, but now instead of NGAs they are NBAs with accepting states [q, 1] and [r, 1],respectively. The final NBA is exactly the same one.

For the complexity, observe that each of the A′i has at most 2n states, and so the final Buchiautomaton has at most 2nm + 1 states.

To prove that DRAs are as expressive as NRAs it suffices to show that they are as expressiveas DMAs. Indeed, since NRAs are as expressive as NBAs, both classes recognize the ω-regularlanguages, and, by Theorem 11.10, so do DMAs.

DMA→ DRA. We sketch an algorithm that converts a Muller condition into a Rabin condition,while preserving determinism.

Let A be a DMA. Consider first the special case in which the Muller condition of A containsone single set F = q1, . . . , qn. We use the same construction as in the conversion NBA→ NGA:we take n copies of the DMA, and “jump” from the i-th copy to the next one whenever we visitstate qi. The result is a deterministic automaton A′. Given a run ρ of A on a word w, we haveinf(ρ) ⊆ F if and only if (q1, 1), ∈ inf(ρ′), where ρ′ is the run of A′ on w Now we give A′ the Rabinaccepting condition consisting of the single Rabin pair 〈(q1, 1), (Q \ F) × 1, . . . , n〉. We have:

ρ is an accepting run of Aiff inf(ρ) = Fiff inf(ρ) ⊆ F and inf(ρ) ∩ (Q \ F) = ∅

iff (q1, 1) ∈ inf(ρ′) and inf(ρ′) ∩ (Q \ F × 1, . . . , n) = ∅

iff ρ′ is an accepting run of A′


and so LωA = LωA′.If the Muller condition of A contains multiple sets F0, . . . , Fm−1, then we have L (() A) =⋃m−1

i=0 L (() A′i), where Ai is the DRA for the set Fi defined above Let Ai = (Qi,Σ, q0i, δi, 〈q f i,Gi〉).We construct a DRA A′ by pairing the Ai (that is, a state of A′ is a tuple of states of the Ai). Further,we give A′ the Rabin condition with pairs 〈F′0,G

′0〉 . . . 〈F

′m−1,G

′m−1〉 defined as follows: F′i contains

a tuple (q0, . . . , qm−1) of states iff qi = q f i, and G′i contains a tuple (q0, . . . , qm−1) iff qi ∈ Gi.

11.4.4 Streett automata

The accepting condition of Rabin automata is not “closed under negation”. Indeed, the negation of

there is i ∈ 1, . . . ,m such that inf(ρ) ∩ Fi , ∅ and inf(ρ) ∩Gi = ∅

has the form

for every i ∈ 1, . . . ,m: inf(ρ) ∩ Fi = ∅ or inf(ρ) ∩Gi , ∅

This is called the Streett condition. More precisely, the acceptance condition of a Streett automatonis again a set of pairs 〈F1,G1〉, . . . , 〈Fm,Gm〉, where Fi,Gi are sets of states. A run ρ is acceptingif inf(ρ) ∩ Fi = ∅ or inf(ρ) ∩ Gi , ∅ holds for every pair 〈Fi,Gi〉. Observe that the condition isequivalent to: if inf(ρ) ∩Gi = ∅, then inf(ρ) ∩ Fi = ∅.

A Buchi automaton can be easily transformed into a Streett automaton and vice versa. However,the conversion from Streett to Buchi is exponential.

NBA→NSA. A Buchi condition q1, . . . , qk corresponds to the Streett condition 〈Q, q1, . . . , qk〉.

NSA → NBA. We can transform an NSA into an NBA by following the path NSA → NMA→ NBA. If the NSA has n states, the resulting NBA has 2n22n states. It can be shown that theexponential blow-up is unavoidable; in other words, Streett automata can be exponentially moresuccinct than Buchi automata.

Example 11.13 Let Σ = 0, 1, 2. For n ≥ 1, we represent an infinite sequence x1, x2, . . . of vectorsof dimension n with components in Σ by the ω-word x1x2 . . . over Σn. Let Ln be the language inwhich, for each component i ∈ 1, . . . , n, x j(i) = 1 for infinitely many j’s if and only if xk(i) = 2for infinitely many k’s. It is easy to see that Ln can be accepted by a NSA with 3n states and 2naccepting pairs, but cannot be accepted by any NBA with less than 2n states.

Deterministic automata are useful for the design of complementation algorithms. However,neither DMAs, DRAs, nor DSAs yield a polynomial complementation procedure. Indeed, while wecan complement a DMA with set of states Q and accepting condition F by changing the conditionto 2Q \ F, the number of accepting sets of 2Q \ F can be exponentially larger. In the case of Rabinand Street automata, we can complement in linear time by negating the accepting condition, but the


result is an automaton that belongs to the other class, and, again, if we wish to obtain an automatonof the same class, then the accepting condition becomes exponentially larger in the worst case.

These considerations lead us to out final question: is there a class of ω-automata that (1) recog-nizes all ω-regular languages, (2) has a determinization procedure, (3) has polynomial conversionalgorithms to and from NBA, and (4) has a polynomial complementation procedure ?

11.4.5 Parity automata

The acceptance condition of a nondeterministic parity automaton (NPA) with set of states Q is asequence (F1, F2, . . . , F2n) of sets of states, where F1 ⊆ F2 ⊆ · · · ⊆ F2n = Q. A run ρ of a parityautomaton is accepting if the minimal index i such that inf(ρ) ∩ Fi , ∅ is even.

The following conversions show that NPAs recognize the ω-regular languages, can be con-verted to and from NBAs without exponential blowup, and have a determinization procedure.

NBA→ NPA. A NBA with a set F of accepting states recognizes the same language as the sameautomaton with parity condition (∅, F,Q,Q).

NPA→ NBA. Use the construction NPA→ NRA shown below, followed by NRA→ NBA.

NPA→ NRA. A NPA with accepting condition (F1, F2, . . . , F2n) recognizes the same languageas the same automaton with Rabin condition 〈F2n, F2n−1〉, . . . , 〈F3, F2〉, 〈Fn, F1〉. Incidentally,this shows that the parity condition is a special case of the Rabin condition in which the setsappearing in the pairs form a chain with respect to set inclusion.

DMA→ DPA. In order to construct a DPA equivalent to a given NPA we can proceed as follows.First we transform the NPA into a DMA, for example following the path NPA→ NRA→ NBA→DMA, and then transform the DMA into an equivalent DPA. This construction can be achieved bymeans of so-called latest appearance records. Alternatively, it is also possible to modify Safra’sdeterminization procedure so that it yields a DPA instead of a DMA.

Theorem 11.14 (Safra, Piterman) A NBA with n states can be effectively transformed into a DPAwith nO(n) states and an accepting condition with O(n) sets.

Finally, DPAS have a very simple complementation procedure:

Complementation of DPAs. In order to complement a parity automaton with accepting condition(F1, F2, . . . , F2n), replace the condition by (∅, F1, F2, . . . , F2n, F2n).


11.4.6 Conclusion

We have presented a short overview of the “zoo” of classes of ω-automata. If we are interested in adeterminizable class with a simple complementation procedure, then parity automata are the rightchoice. However, the determinization procedures for ω-automata not only have large complexity,but are also difficult to implement efficiently. For this reason in the next chapter we present imple-mentations of our operations using NBA. Since not all NBAs can be determinized, we have to finda complementation operation that does not require to previously determinize the automaton.

Exercises

Exercise 130 Construct Buchi automata and ω-regular expressions, as small as possible, recogniz-ing the following languages over the alphabet a, b, c. Recall that inf (w) denotes the set of lettersof a, b, c that occur infinitely often in w.

(1) w ∈ a, b, cω | a, b ⊇ inf (w)

(2) w ∈ a, b, cω | a, b = inf (w)

(3) w ∈ a, b, cω | a, b ⊆ inf (w)

(4) w ∈ a, b, cω | a, b, c = inf (w)

(5) w ∈ a, b, cω | if a ∈ inf (w) then b, c ⊆ in f (w)

Exercise 131 Give deterministic Buchi automata accepting the following ω-languages over Σ =

a, b, c:

(1) L1 = w ∈ Σω : w contains at least one c,

(2) L2 = w ∈ Σω : in w, every a is immediately followed by a b,

(3) L3 = w ∈ Σω : in w, between two successive a’s there are at least two b’s.

Exercise 132 Prove or disprove:

1. For every Buchi automaton A, there exists a NBA B with a single initial state and such thatLω(A) = Lω(B).

2. For every Buchi automaton A, there exists a NBA B with a single accepting state and suchthat Lω(A) = Lω(B).

Exercise 133 Recall that every finite set of finite words is a regular language. We prove that notevery finite set of ω-words is an ω-regular language.


(1) Prove that every ω-regular language contains an ultimately periodic ω-word, i.e., an ω-wordof the form u vω for some finite words w, v.

(2) Give an ω-word w such that w is not an ω-regular language.

Exercise 134 (Duret-Lutz) An ω-automaton has acceptance on transitions if the acceptance con-dition specifies which transitions must appear finitely or infinitely often in a run, instead of whichstates. All classes of ω-automata (Buchi, Rabin, etc.) can be defined with acceptance on states, oracceptance on transitions.

Give minimal deterministic automata for the language of words over a, b containing infinitelymany a and infinitely many b. of the following kinds (1) Buchi, (2) generalized Buchi, (3) Buchiwith acceptance on transitions, and (4) generalized Buchi with acceptance on transitions.

Exercise 135 Consider the class of non deterministic automata over infinite words with the fol-lowing acceptance condition: an infinite run is accepting if it visits a final state at least once. Showthat no such automaton accepts the language of all words over a, b containing infinitely many aand infinitely many b.

Exercise 136 The limit of a language L ⊆ Σ∗, denoted by lim(L), is the ω-language defined asfollows: w ∈ lim(L) iff infinitely many prefixes of w are words of L. For example, the limit of (ab)∗

is (ab)ω.

(1) Determine the limit of the following regular languages over a, b: (i) (a+b)∗a; (ii) (a+b)∗a∗;(iii) the set of words containing an even number of as; (iv) a∗b.

(2) Prove: An ω-language is recognizable by a deterministic Buchi automaton iff it is the limitof a regular language.

(3) Exhibit a non-regular language whose limit is ω-regular.

(4) Exhibit a non-regular language whose limit is not ω-regular.

Exercise 137 Let L1 = (ab)ω, and let L2 be the language of all words containing infinitely many aand infinitely many b (both languages over the alphabet a, b).

(1) Show that no DBA with at most two states recognizes L1 or L2.

(2) Exhibit two different DBAs with three states recognizing L1.

(3) Exhibit six different DBAs with three states recognizing L2.

Exercise 138 Find ω-regular expressions (the shorter the better) for the following languages:

(1) w ∈ a, bω | k is even for each subword bakb of w


(2) w ∈ a, bω | w has no occurrence of bab

Exercise 139 In Definition 3.19 we have introduced the quotient A/P of a NFA A with respect to apartition P of its states. In Lemma 3.21 we have proved L (A) = L (A/P`) for the language partitionP` that puts two states q1, q2 in same block iff LA(q1) = LA(q2).

Let B = (Q,Σ, δ,Q0, F) be a NBA. Given a partition P of Q, define the quotient B/P of B withrespect to P exactly as for NFA.

(1) Let P` be the partition of Q that puts two states q1, q2 of B in same block iff Lω,B(q1) =

Lω,B(q2), where Lω,B(q) denotes the ω-language containing the words accepted by B with qhas initial state. Does Lω(B) = Lω(B/P`) always hold ?

(2) Let CSR be the coarsest stable refinement of the equivalence relation with equivalence classesF,Q \ F. Does Lω(A) = Lω(A/CSR) always hold ?

Exercise 140 Let L be anω-language over Σ, and let w ∈ Σ∗. The w-residual of L is theω-languageLw = w′ ∈ Σω | w w′ ∈ L. An ω-language L′ is a residual of L if L′ = Lw for some word w ∈ Σ∗.

We show that the theorem stating that a language of finite words is regular iff it has finitelymany residuals does not extend to ω-regular languages.

(1) Prove: If L is an ω-regular language, then it has finitely many residuals.

(2) Disprove: Every ω-language with finitely many residuals is ω-regular.Hint: Let w be a non-ultimately-periodic ω-word and consider the language Tailw of infinitetails of w.

Exercise 141 The solution to Exercise 139(2) shows that the reduction algorithm for NFAs thatcomputes the partition CSR of a given NFA A and constructs the quotient A/CSR can also beapplied to NBAs. Generalize the algorithm so that it works for NGAs.

Exercise 142 Show that for every NCA there is an equivalent NBA.

Exercise 143 Let L = w ∈ a, bω | w contains finitely many a

(1) Give a deterministic Rabin automaton for L.

(2) Give a NBA for L and try to “determinize” it by using the NFA to DFA powerset construction.Which is the language accepted by the deterministic automaton?

(3) What ω-language is accepted by the following Muller automaton with acceptance condition q0, q1, q2 ? And with acceptance condition q0, q1, q1, q2, q2, q0 ?


q2

q0 q1

a b

c

a, b, c

a, b, ca, b, c

(4) Show that any Buchi automaton that accepts the ω-language of (c) (with the first acceptancecondition) has more than 3 states.

(5) For every m, n ∈ N>0, let Lm,n be the ω-language over a, b described by the ω-regularexpression (a + b)∗((ambb)ω + (anbb)ω).

(i) Describe a family of Buchi automata accepting the family ofω-languages Lm,nm,n∈N>0 .

(ii) Show that there exists c ∈ N such that for every m, n ∈ N>0 the language Lm,n isaccepted by a Rabin automaton with at most max(m, n) + c states.

(iii) Modify your construction in (ii) to obtain Muller automata instead of Rabin automata.

(iv) Convert the Rabin automaton for Lm,n obtained in (ii) into a Buchi automaton.


Chapter 12

Boolean operations: Implementations

The list of operations of Chapter 4 can be split into two parts: operations that return a set (union,intersection, and complement), and tests that return a boolean (emptiness, inclusion, and equalitytests). This chapter deals with the operations, and the next one with the tests. Observe that weleave the membership test out. The reason is that a membership test for arbitrary ω-words does notmake sense, because no description formalism can represent arbitrary ω-words. For ω-words ofthe form w1(w2)ω, where w1,w2 are finite words, membership in a given ω-regular language L canbe implemented using the operations and tests; just check if the intersection of L and w1(w2)ω isempty.

We implement union, intersection and complement for ω-languages represented by NBAs andNGAs. We do not discuss implementations on DBAs, because, as we saw in the previous chapter,they do not represent all ω-regular languages.

In Section 12.1 we show that union and intersection can be easily implemented using construc-tions already presented in Chapter 2. The rest of the chapter is devoted to complement, which ismore involved.

12.1 Union and intersection

As already observed in Chapter 2, the algorithm for union of regular languages represented asNFAs also works for NBAs and for NGAs.

One might be tempted to think that, similarly, the intersection algorithm for NFAs also worksfor NBAs. However, this is not the case. Consider the two Buchi automata A1 and A2 of Figure12.1. The Buchi automaton A1 ∩ A2 obtained by applying algorithm IntersNFA(A1, A2) in page93 (more precisely, by interpreting the output of the algorithm as a Buchi automaton) is shown inFigure 12.2. It has no accepting states, and so Lω(A1) = Lω(A2) = aω, but Lω(A1 ∩ A2) = ∅.

What happened? A run ρ of A1 ∩ A2 on an ω-word w is the result of pairing runs ρ1 and ρ2 ofA1 and A2 on w. Since the accepting set of A1 ∩ A2 is the cartesian product of the accepting sets ofA1 and A2, the run ρ is accepting if ρ1 and ρ2 simultaneously visit accepting states infinitely often.

261

262 CHAPTER 12. BOOLEAN OPERATIONS: IMPLEMENTATIONS

a

a

q0 q1

a

a

r0 r1

Figure 12.1: Two Buchi automata accepting the language aω

q1, r1q0, r0

a

a

Figure 12.2: The automaton A1 ∩ A2

This condition is too strong, and as a result Lω(A1 ∩ A2) can be a strict subset of Lω(A1) ∩ Lω(A2).This problem is solved by means of the observation we already made when dealing with NGAs:

a run ρ visits states of F1 and F2 infinitely often if and only if the following two conditions hold:

(1) ρ eventually visits F1; and

(2) every visit of ρ to F1 is eventually followed by a visit to F2 (with possibly further visits toF1 in-between), and every visit to F2 is eventually followed by a visit to F1 (with possiblyfurther visits to F1 in-between).

We proceed as in the translation NGA → NBA. Intuitively, we take two “copies” of the pairing[A1, A2], and place them one of top of the other. The first and second copies of a state [q1, q2] arecalled [q1, q2, 1] and [q1, q2, 2], respectively. Transitions leaving states [q1, q2, 1] such that q1 ∈ F1are redirected to the corresponding states of the second copy, i.e., every transition of the form[q1, q2, 1]

a−−→[q′1, q

′2, 1] is replaced by [q1, q2, 1]

a−−→[q′1, q

′2, 2]. Similarly, transitions leaving states

[q1, q2, 2] such that q2 ∈ F2 are redirected to the first copy. We choose [q01, q02, 1], as initial state,and choose as accepting set the set of all states [q1, q2, 1] such that q1 ∈ F1 as accepting.

Example 12.1 Figure 12.3 shows the result of the construction for the NBAs A1 and A2 of Fig-ure 12.1, after removing the states that are not reachable form the initial state. Since q0 is not an

q1, r1, 2

a

aa

q1, r1, 1q0, r0, 1

Figure 12.3: The NBA A1 ∩ω A2 for the automata A1 and A2 of Figure 12.1

accepting state of A1, the transition [q0, r0, 1]a−−→[q1, r1, 1] is not redirected. However, since q1 is

12.1. UNION AND INTERSECTION 263

an accepting state, transitions leaving [q1, r1, 1] must jump to the second copy, and so we replace[q1, r1, 1]

a−−→[q0, r0, 1] by [q1, r1, 1]

a−−→[q0, r0, 2]. Finally, since r0 is an accepting state of A2, tran-

sitions leaving [q0, r0, 2] must return to the first copy, and so we replace [q0, r0, 2]a−−→[q1, r1, 2] by

[q0, r0, 2]a−−→[q1, r1, 1]. The only accepting state is [q1, r1, 1], and the language accepted by the

NBA is aω.

To see that the construction works, observe first that a run ρ of this new NBA still correspondsto the pairing of two runs ρ1 and ρ2 of A1 and A2, respectively. Since all transitions leaving theaccepting states jump to the second copy, ρ is accepting iff it visits both copies infinitely often,which is the case iff ρ1 and ρ2 visit states of F1 and F2, infinitely often, respectively.

Algorithm IntersNBA(), shown below, returns an NBA A1 ∩ω A2. As usual, the algorithm onlyconstructs states reachable from the initial state.

IntersNBA(A1, A2)Input: NBAs A1 = (Q1,Σ, δ1,Q01, F1), A2 = (Q2,Σ, δ2,Q02, F2)Output: NBA A1 ∩ω A2 = (Q,Σ, δ,Q0, F) with Lω(A1 ∩ω A2) = Lω(A1) ∩ Lω(A2)

1 Q, δ, F ← ∅2 q0 ← [q01, q02, 1]3 W ← [q01, q02, 1] 4 while W , ∅ do5 pick [q1, q2, i] from W6 add [q1, q2, i] to Q′

7 if q1 ∈ F1 and i = 1 then add [q1, q2, 1] to F′

8 for all a ∈ Σ do9 for all q′1 ∈ δ1(q1, a), q′2 ∈ δ(q2, a) do

10 if i = 1 and q1 < F1 then11 add ([q1, q2, 1], a, [q′1, q

′2, 1]) to δ

12 if [q′1, q′2, 1] < Q′ then add [q′1, q

′2, 1] to W

13 if i = 1 and q1 ∈ F1 then14 add ([q1, q2, 1], a, [q′1, q

′2, 2]) to δ

15 if [q′1, q′2, 2] < Q′ then add [q′1, q

′2, 2] to W

16 if i = 2 and q2 < F2 then17 add ([q1, q2, 2], a, [q′1, q

′2, 2]) to δ

18 if [q′1, q′2, 2] < Q′ then add [q′1, q

′2, 2] to W

19 if i = 2 and q2 ∈ F2 then20 add ([q1, q2, 2], a, [q′1, q

′2, 1]) to δ

21 if [q′1, q′2, 1] < Q′ then add [q′1, q

′2, 1] to W


There is an important case in which the construction for NFAs can also be applied to NBAs,namely when all the states of at least one of the two NBAs, say A1 are accepting. In this case, the


condition that two runs ρ1 and ρ2 on an ω-word w simultaneously visit accepting states infinitelyoften is equivalent to the weaker condition that does not require simultaneity. Indeed, any visit ofρ2 to an accepting state is a simultaneous visit of ρ1 and ρ2 to accepting states.

It is also important to observe a difference with the intersection for NFAs. In the finite wordcase, given NFAs A1, . . . , Ak with n1, . . . , nk states, we can compute an NFA for L (A1)∩ . . .∩L (An)with at most

∏ki=1 ni states by repeatedly applying the intersection operation, and this construction

is optimal (i.e., there is a family of instances of arbitrary size such that the smallest NFA for theintersection of the languages has the same size). In the NBA case, however, the repeated applicationof IntersNBA is not optimal. Since IntersNBA introduces an additional factor of 2 in the number ofstates, for Lω(A1) ∩ . . . ∩ Lω(Ak) it can yield an NBA with 2k−1 · n1 · . . . · nk states. A better boundcan be achieved by means of a modification of the translation NGA→ NBA: we produce k copiesof A1 × . . . × Ak, and move from the i-th copy to the (i + 1)-th copy when we hit an accepting stateof Ai. This construction yields an NBA with at most k · n1 · . . . · nk states.

12.2 Complement

So far we have been able to adapt the constructions for NFAs to NBAs. The situation is consider-ably more involved for complement.

12.2.1 The problems of complement

Recall that for NFAs a complement automaton is constructed by first converting the NFA intoa DFA, and then exchanging the final and non-final states of the DFA. For NBAs this approachbreaks down completely:

(a) The subset construction does not preserve ω-languages. In other words, a NBA and the resultof applying the subset construction to it do not necessarily accept the same ω-language.

The NBA on the left of Figure 12.4 accepts the empty language. However, the result ofapplying the subset construction, shown on the right, accepts aω. Notice that both automataaccept the same finite words.

q0 q1

a

a q0 q0, q1a

a

Figure 12.4: The subset construction does not preserve ω-languages

(b) The subset construction cannot be replaced by another determinization procedure, becauseno such procedure exists: As we have seen in Proposition 11.7, some languages are acceptedby NBAs, but not by DBAs.

12.2. COMPLEMENT 265

(c) The automaton obtained by exchanging accepting and non-accepting states in a given DBAdoes not necessarily recognize the complement of the language.

In Figure 12.1, A2 is obtained by exchanging final and non-final states in A1. However, bothA1 and A2 accept the language aω. Observe that as automata for finite words they accept thewords over the letter a of even and odd length, respectively.

Despite these discouraging observations, in the rest of the chapter we show that NBAs areclosed under complement, and that for every NBA with n states there is an NBA for the complementwith 2O(n log n) states. Further, the bound in the exponent is asymptotically optimal. For the rest of

a

b

a

q r

Figure 12.5: Running example for the complementation procedure

the chapter we fix an NBA A = (Q,Σ, δ,Q0, F) with n states, and use Figure 12.5 as runningexample. Further, we abbreviate “infinitely often” to “i.o.”. Our goal is to build an automaton Asatisfying:

no path of dag(w) visits accepting states of A i.o.if and only if

some run of w in A visits accepting states of A i.o.

We give a summary of the procedure. First, we introduce the notion of ranking of an ω-word w. Forthe moment it suffices to say that a ranking of w is the result of decorating the nodes of dag(w) withnumbers. This can be done in different ways, and so, while a word w has one single dag dag(w), itmay have many rankings. The essential property of rankings will be:

no path of dag(w) visits accepting states of A i.o.if and only if

there is a ranking of dag(w) such that every path of dag(w) visits nodes of odd rank i.o.

In the second step we profit from the determinization construction for co-Buchi automata. Recallthat the construction maps dag(w) to a run ρ (of a new automaton) such that: every path of dag(w)visits accepting states of A i.o. if and only if ρ visits accepting states i.o. We apply the sameconstruction to map every ranking of dag(w) to a run ρ of a new automaton A such that

there is a ranking of dag(w) such that every path of dag(w) visits nodes of odd rank i.o.if and only if

the run ρ for this ranking visits accepting states of A i.o.


This immediately implies that ρ is an accepting run of A, and so that A accepts w, which, since wis an arbitrary word, implies Lω(A) = Lω(A).

12.2.2 Rankings and level rankings

Recall that, given w ∈ Σω, the directly acyclic graph dag(w) is the result of bundling together theruns of A on w. A ranking of dag(w) is a mapping Rw that associates to each node of dag(w) anatural number in the range [0 . . . 2n], called a rank, satisfying two properties:

(a) the rank of a node is greater than or equal to the rank of its children, and

(b) the ranks of accepting nodes are even.

a a aq0, 0 q0, 1 q0, 2 q0, 3 q0, 4

q1, 1 q1, 3 q1, 4

· · ·ba a a

a aq0, 0 q0, 1 q0, 2 q0, 3 q0, 4

q1, 1 q1, 3

· · ·ba a b

2 1 1 1 1

1 1 0 0 0

0 0

2 0 0

Figure 12.6: Rankings for dag(abaω) and dag((ab)ω)

By (a), the ranks of the nodes in an infinite path form a non-increasing sequence, and so there is anode such that all its infinitely many successors have the same rank; we call this number the stablerank of the path. Figure 12.6 shows rankings for dag(abaω) and dag((ab)ω). Both have one singleinfinite path with stable rank 1 and 0, respectively.

Recall that the i-th level of dag(w) is defined as the set of nodes of dag(w) of the form 〈q, i〉.A ranking Rw of dag(w) can be decomposed into an infinite sequence lr1, lr2, . . . of level rankings,where the level ranking lri is defined as follows: lri(q) = Rw(〈q, i〉) if 〈q, i〉 is a node of dag(w), andlri(q) = ⊥ otherwise. For example, if we represent a level ranking lr of our running example by thecolumn vector [

lr(q0)lr(q1)

],


then the rankings of Figure 12.6 correspond to the sequences[2⊥

] [⊥

2

] [1⊥

] [10

]ω[

1⊥

] [10

] ([0⊥

] [00

])ω

For two level rankings lr and lr′ and a letter a ∈ Σ, we write lra7→ lr′ if for every q′ ∈ Q:

• lr′(q′) = ⊥ iff there is no q such that lr(q) , ⊥ and qa−−→ q′, and

• lr(q) ≥ lr′(q′) for every q such that lr(q) , ⊥ and qa−−→ q′.

For example, we have: [2⊥

]a7→

[⊥

2

]b7→

[1⊥

] (a7→

[10

] )ω[

1⊥

]a7→

[10

] (b7→

[0⊥

]a7→

[00

] )ωWe prove the following fundamental property of rankings.

Proposition 12.2 Let n be the number of states of A. For every word w ∈ Σω, w is rejected by A iffdag(w) has a ranking such that

(a) every infinite path of dag(w) visits nodes of odd rank i.o., and

(b) the initial nodes 〈q0, 0〉 for q0 ∈ Q0 have rank 2n.

In the rest of the section we call a ranking satisfying (a) an odd ranking.

Proof: (⇐) Assume that dag(w) has an odd ranking. Then every infinite path of dag(w) has oddstable rank, and so it only contains finitely many nodes with even rank. Since all accepting nodeshave even ranks, no path of dag(w) visits accepting nodes i.o. So w is rejected by A.

(⇒) Assume that w is rejected by A. We construct an odd ranking in which every initial node 〈q0, 0〉has rank at most 2n. Then we can just change the ranks of the initial nodes to 2n, since the changepreserves the properties of a ranking.


Assigning ranks to nodes. We define a function f that assigns to each node of dag(w) a naturalnumber.

In the following, given two directed acyclic graphs (dags) D,D′, we denote by D′ ⊆ D the factthat D′ can be obtained from D through deletion of some nodes and all their adjacent edges. Wesay that a node 〈q, l〉 is red in a (possibly finite) dag D ⊆ dag(w) iff 〈q, l〉 has only finitely manydescendants. The node 〈q, l〉 is yellow in D iff no descendant of 〈q, l〉 (including itself) is accepting.In particular, yellow nodes are not accepting. Observe also that the children of a red node are red,and the children of a yellow node are red or yellow. We inductively define an infinite sequenceD0 ⊇ D1 ⊇ D2 ⊇ . . . of dags as follows:

• D0 = dag(w);

• D2i+1 is the result of deleting all the red nodes of D2i;

• D2i+2 is the result of deleting all the yellow nodes of D2i+1.

Figure 12.7 shows D0, D1, and D2 for dag(abaω). The red nodes of D0 are 〈q1, 3〉, 〈q1, 4〉, . . .,which have 0 descendants. The yellow nodes of D1 are 〈q0, 2〉, 〈q1, 2〉, . . .. All nodes of D2 are red.The dag D3 is the empty dag.

a a aq0, 0 q0, 1 q0, 2 q0, 3 q0, 4

q1, 1 q1, 3 q1, 4

· · ·ba a a

a aq0, 0 q0, 2 q0, 3 q0, 4

q1, 1

· · ·ba

q0, 0

q1, 1

a

D0

D1

D2

Figure 12.7: The dags D0, D1, D2 for dag(abaω). The dag D3 is empty.

Consider the function f that assigns to each node 〈q, l〉 of dag(w) a natural number f (q, l) as


follows:

f (q, l) =

2i if 〈q, l〉 is red in D2i

2i + 1 if 〈q, l〉 is yellow in D2i+1

Proving that f is an odd ranking. We prove that f is an odd ranking in which all nodes haverank at most 2n. The proof is divided into four parts:

(1) f assigns all nodes a number in the range [0 . . . 2n].

(2) If 〈q′, l′〉 is a child of 〈q, l〉, then f (q′, l′) ≤ f (q, l).

(3) If 〈q, l〉 is an accepting node, then f (q, l) is even.

(4) Every infinite path of dag(w) visits nodes of odd rank i.o.

Part (1). f assigns all nodes a number in the range [0 . . . 2n].

We prove that the dag D2n+1 is empty, which implies that f assigns all nodes of dag(w) a numberin the range [0 . . . 2n]. By the definition of D2n+1, it suffices to show that D2n is finite. For this weproceed as follows: we prove by induction on i that for every i ≥ 0 there exists li ≥ 0 such that forevery l ≥ li the l-th level of D2i contains at most (n − i) nodes. Taking i = n we obtain that everylevel l ≥ ln of D2n contains 0 nodes, and so D2n is finite.

Base: i = 0. The proof follows immediately from the definition of D0: indeed, since for everystate q a level contains at most one node of the form 〈q, l〉, in dag(w) every level contains at most nnodes.

Step: i > 0. Assume now that the hypothesis holds for i; we prove it for i + 1. Consider the dagD2i. If D2i is finite, then D2i+1 is empty. So D2i+2 is empty as well, and we are done. So assumethat D2i is infinite. We make the following claim:

Claim: D2i+1 contains some yellow node.Assume that no node in D2i+1 is yellow. Then, since D2i is infinite, D2i+1 is also infinite. Moreover,since D2i+1 is obtained by removing all red nodes from D2i, every node of D2i+1 has at least onechild. Let 〈q0, l0〉 be an arbitrary node of D2i+1. Since, by the assumption, 〈q0, l0〉 is not yellow,there exists an accepting node 〈q′0, l

′0〉 reachable from 〈q0, l0〉. Let 〈q1, l1〉 be a child of 〈q′0, l

′0〉. By

the assumption, 〈q1, l1〉 is also not yellow, and so there exists an accepting node 〈q′1, l′1〉 reachable

from 〈q1, l1〉. We can thus construct for every j ≥ 0 nodes 〈q j, l j〉, 〈q′j, l′j〉 such that 〈q′j, l

′j〉 is

accepting and reachable from 〈q j, l j〉, and 〈q j+1, l j+1〉 is a child of 〈q′j, l′j〉. This yields a path of

dag(w) that visits accepting nodes infinitely often, contradicting the assumption that A rejects w,and proving the claim.

So, let 〈q, l〉 be a yellow node in D2i+1, which exists by the claim. We prove that we can takeli+1 = l, that is, we show that for every j ≥ l the dag D2i+2 contains at most n − (i + 1) nodes ofthe form 〈q, j〉. Since 〈q, l〉 is a node of D2i+1, it is not red in D2i. Thus, infinitely many nodesof D2i are reachable from 〈q, l〉. By Konig’s Lemma (Lemma 11.9), D2i contains an infinite path


〈q, l〉, 〈q1, l + 1〉, 〈q2, l + 2〉, . . .. So for every k ≥ 1 infinitely many nodes of D2i are reachable from〈qk, l + k〉, and so 〈qk, l + k〉 is not red in D2i. Therefore, the path 〈q, l〉, 〈q1, l + 1〉, 〈q2, l + 2〉, . . .exists also in D2i+1.

Recall that the children of a yellow node are red or yellow. Since 〈q, l〉 is yellow and the nodes〈qk, l + k〉 are not red, all nodes of the path are yellow. Therefore, they are not in D2i+2. It followsthat for all j ≥ l the number of nodes of the form 〈q, j〉 in D2i+2 is strictly smaller than their numberin D2i, which, by the induction hypothesis, is n − i. So there are at most n − (i + 1) nodes of theform 〈q, j〉 in D2i+2, and we are done.

Part(2). If 〈q′, l′〉 is a child of 〈q, l〉, then f (q′, l′) ≤ f (q, l).

Follows from the fact that the children of a red node in D2i are red, and the children of a yellownode in D2i+1 are yellow. Therefore, if a node has rank i, all its successors have rank at most i.

Part(3). If 〈q, l〉 is an accepting node, then f (q, l) is even.

Nodes that get an odd rank are yellow at D2i+1 for some i, and so not accepting.

Part (4). Every infinite path of dag(w) visits nodes of odd rank i.o.

It suffices to prove that every infinite path of dag(w) has odd stable rank. Since w is rejected byA, every infinite path of A visits the accepting states of A finitely often. Take an arbitrary infinitepath of dag(w), and let 〈q, l〉 be the first node of the path that is assigned a rank. Since 〈q, l〉 hasinfinitely many descendants (it belongs to an infinite path), it cannot be a red node of a dag D2i.So it has to be a yellow node of a dag D2i+1, and so 〈q, l〉 and all its descendants are assigned rank2i + 1, which is odd.

12.2.3 A complement automaton

We construct an NBA whose runs on an ω-word w are encodings of the rankings of dag(w) wherethe nodes of the initial level have rank 2n. The NBA, called A, satisfies that for every run ρ on w:

the ranking of dag(w) encoded by ρ is an odd rankingif and only if

ρ visits accepting states of A i.o.

A is constructed in two stages. In the first stage we construct the following auxiliary automaton,which does not yet have an accepting condition:

• The states are all level rankings with ranks in the range [0, 2n], i.e., all mappings lr : Q →[0, 2n] ∪ ⊥ such that lr(q) is even for every accepting state q.

• The (unique) initial state is the level ranking lr0 given by lr0(q) = 2n if q ∈ Q0 and lr(q) = ⊥

otherwise.


• The transitions are the triples (lr, a, lr′), where lr and lr′ are level rankings, a ∈ Σ, andlr

a7→ lr′ holds.

Observe that the runs of this automaton on a word w indeed encode the rankings of dag(w).In the second stage we apply to this automaton the same construction used for determinizing

co-Buchi automata in Section 11.4.1. Recall that the states of the DCA are pairs [P,O], where Pis a set of states of the NCA and O contains the states of P that owe a visit to the accepting states;further, the accepting states are the breakpoints, defined as the pairs where O = ∅. Now we use avery similar same idea. The states of B are pairs [lr,O], where lr is a level ranking, and O is theset of nodes of the ranking that owe a visit to a node of odd rank, and the accepting states are thebreakpoints, i.e., the pairs [lr,O] with O = ∅. Formally, the NBA A is defined as follows:

• The states are pairs [lr,O], where lr is a level ranking and lr(q) ∈ [0, 2n] for every q ∈ O.

• The initial state is the pair [lr0, ∅].

• The transitions are the triples [lr,O]a−−→[lr′,O′] such that lr

a7→ lr′ and

– O , ∅ and O′ = q ∈ δ(O, a) | lr′(q) is even , or

– O = ∅ and O′ = q ∈ Q | lr′(q) is even .

• The accepting states (breakpoints) are the pairs [lr, ∅].

We claim that the accepting runs of A on w correspond to the odd rankings of dag(w). Thisfollows from the following two observations:

• A run of A on w is accepting iff the ranking of dag(w) encoded by it contains infinitely manybreakpoints.This follows immediately from the fact that A is a Buchi automaton and its accepting statesare the breakpoints.

• A ranking of dag(w) contains infinitely many breakpoints iff it is odd.Recall that in Section 11.4.1 we proved that the set of breakpoints of dag(w) is finite iff somepath of dag(w) only visits accepting states finitely often. Exactly the same proof yields now:the set of breakpoints of a ranking of dag(w) is finite iff some path of the ranking only visitsaccepting states of A finitely often. Equivalently, we have: the set of breakpoints of a rankingof dag(w) is infinite iff every path of the ranking visits accepting nodes i.o., that is, iff theranking is odd. Since a breakpoint marks that every path has paid a new visit to a node ofodd rank, the claim follows.

Example 12.3 We construct the complements A1 and A2 of the only two NBAs over the alphabeta having one state and one transition: A1 = (q, a, δ, q, q) and A2 = (q, a, δ, q, ∅), whereδ(q, a) = q. The only difference between A1 and A2 is that the state q is accepting in A1, but notin A2. Observe that Lω(A1) = aω and Lω(A2) = ∅.


We begin with A1. A state of A1 is a pair 〈lr,O〉, where lr is the rank of the state q (sincethere is only one state, we can identify lr and lr(q)). The initial state is 〈2, ∅〉. Let us compute thesuccessors of 〈2, ∅〉 under the letter a. Let 〈lr′,O′〉 be a successor. Since δ(q, a) = q, we havelr′ , ⊥, and since q is accepting, we have lr′ , 1. So either lr′ = 0 or lr′ = 2. In both cases thevisit to a node of odd rank is still “owed’, which implies O′ = q. So the successors of 〈2, ∅〉 are〈2, q〉 and 〈0, q〉. Let us now compute the successors of 〈0, q〉. Let 〈lr′,O′〉 be a successor. Wehave lr′ , ⊥ and lr′ , 1 as before, but now, since ranks cannot increase a long a path, we also havelr′ , 2. So lr′ = 0, and, since the visit to the node of odd rank is still “owed”, the only successor of〈0, q〉 is 〈0, q〉. Similarly, the successors of 〈2, q〉 are 〈2, q〉 and 〈0, q〉. A1 is shown on theleft of Figure 12.8. Since 〈2, ∅〉 is its only accepting state, it recognizes the empty ω-language.

2∅

0q

2q

a

a

a

a

a

2∅

0q

2q

1∅

a

a

a

a

a

a

a

a

Figure 12.8: The NBAs A1 and A2

Let us now construct A2. The difference with A1 is that, since q is no longer accepting, it canalso have odd rank 1. So 〈2, ∅〉 has three successors: 〈2, q〉, 〈1, ∅〉, and 〈0, q〉. The successors of〈1, ∅〉 are 〈1, ∅〉 and 〈0, q〉. The successors of 〈2, q〉 are 〈2, q〉, 〈1, ∅〉, and 〈0, q〉, and the onlysuccessor of 〈0, q〉 is 〈0, q〉. The accepting states are 〈2, ∅〉 and 〈1, ∅〉, and A2 recognizes aω. A2is shown on the right of Figure 12.8.

The pseudocode for the complementation algorithm is shown below. In the code, lr0 denotesthe level ranking given by lr(q0) = 2|Q| and lr(q) = ⊥ for every q , q0. Recall also that lr

a7→ lr′

holds if for every q′ ∈ Q the following conditions hold:

• lr′(q′) = ⊥ iff no q ∈ Q satisfies lr(q) , ⊥ and qa−−→ q′; and

• if lr′(q′) , ⊥, then lr(q) ≥ lr′(q′) for every q such that lr(q) , ⊥ and qa−−→ q′.


CompNBA(A)Input: NBA A = (Q,Σ, δ,Q0, F)Output: NBA A = (Q,Σ, δ, q0, F) with Lω(A) = Lω(A)

1 Q, δ, F ← ∅2 q0 ← [lr0, ∅]3 W ← [lr0, ∅] 4 while W , ∅ do5 pick [lr,O] from W; add [lr,O] to Q6 if O = ∅ then add [lr,O] to F7 for all a ∈ Σ, lr′ such that lr

a7→ lr′ do

8 if O , ∅ then O′ ← q ∈ δ(O, a) | lr′(q) is even 9 else O′ ← q ∈ Q | lr′(q) is even

10 add ([lr,O], a, [lr′,O′]) to δ11 if [lr′,O′] < Q then add [lr′,O′] to W12 return (Q,Σ, δ, q0, F)

Complexity. Let n = |Q|. Since a level ranking is a mapping lr : Q → ⊥ ∪ [0, 2n], there are atmost (2n + 2)n level rankings. So A has at most (2n + 2)n · 2n ∈ nO(n) states. Since nO(n) = 2O(n log n),we have an extra log n factor in the exponent with respect to the complementation construction forNFA. The next section shows that this factor is unavoidable.

12.2.4 The size of A

We exhibit a family Lnn≥1 of ω-languages such that Ln is accepted by a Buchi automaton An withn + 1 states and any Buchi automaton accepting the complement of Ln has at least n! ∈ 2Θ(n log n)

states.Let Σn = 1, . . . , n, #. We associate to a word w ∈ Σωn a directed graph G(w) as follows. The

nodes of G(w) are the numbers 1, . . . , n, and there is an edge from i to j iff the finite word i j occursinfinitely often in w. Define Ln as the language of words w ∈ Σωn such that G(w) has at least onecycle, and let Ln denote the complement of Ln, i.e., the words w such that G(w) is acyclic.

Let An be the Buchi automaton with states 1, 2, . . . ,n plus a distinguished state ch, and thefollowing transitions:

• iσ−−→ i for every 1 ≤ i ≤ n and every σ ∈ Σn; and

• ii−→ ch and ch

j−−→ j for every 1 ≤ i, j ≤ n. (Intuitively, ch is an “interchange station” that

allows one to move from i to j by reading the word i j.)

Further, the initial states of An are 1, . . . ,n, and the unique accepting state is ch. Figure 12.9shows A5. We prove that Ln is recognized by An.


ch

1

25

4 3

1 12

2

3

34

4

5

5

1, . . . , 5, #

1, . . . , 5, #

1, . . . , 5, #1, . . . , 5, #

1, . . . , 5, #

Figure 12.9: The Buchi automaton A5

• If w ∈ Ln, then An accepts w.Choose a cycle i0 i2 . . . ik−1 i0 of G(w). We construct an accepting run of An by picking i0as initial state and iteratively applying the following rule, where j ⊕ 1 is an abbreviation for( j + 1) mod k:

If the current state is ij, stay in ij until the next occurrence of i j i j⊕1 in the word w,

and then take the transitions iji j−−→ ch

i j⊕1−−−−→ ij⊕1 to move from ij to ij⊕1.

By the definition of G(w), ch is visited infinitely often, and so w is accepted.

• If An accepts w, then w ∈ Ln.Let ρ be a run of An accepting w. Since ρ is accepting, it cannot stay in any of the states1, . . . ,n forever, and so for each i ∈ inf(ρ) there is j ∈ inf(ρ) such that the sequence i ch jappears infinitely often in ρ. Since i

i−→ ch

j−−→ j is the only path from i to j, the finite word

i j appears infinitely often in w, and so (i, j) is an edge of G(w). Since inf(ρ) is finite, G(w)contains a cycle, and so w ∈ Ln.

Proposition 12.4 For all n ≥ 1, every NBA recognizing Ln, has at least n! states.

Proof: We need some preliminaries. Let τ = 〈τ1, . . . , τn〉 denote a permutation of 〈1, . . . , n〉. Wemake two observations:

(a) (τ #)ω ∈ Ln for every permutation τ.The edges of G((τ #)ω) are 〈τ1, τ2〉, 〈τ2, τ3〉, . . . , 〈τn−1, τn〉, and so G((τ #)ω) is acyclic.

(b) If a word w contains infinitely many occurrences of two different permutations τ and τ′ of〈1, . . . , n〉, then w ∈ Ln.Since τ and τ′ are different, there are i, j ∈ 1, . . . , n such that i precedes j in τ and j precedes


i in τ′. Since w contains infinitely many occurrences of τ, the graph G(w) has a path from ito j. Since it also contains infinitely many occurrences of τ′, the graph also has a path fromj to i. So G(w) contains a cycle, which implies w ∈ Ln.

Now, let A be any Buchi automaton recognizing Ln, and let τ, τ′ be two arbitrary permutationsof (1, . . . , n). By (a), there exist runs ρ and ρ′ of A accepting (τ #)ω and (τ′ #)ω, respectively. Weprove that the intersection of inf(ρ) and inf(ρ′) is empty. This implies that A has at least as manyaccepting states as there are permutations of 〈1, . . . , n〉, which proves the proposition. We proceedby contradiction. Assume q ∈ inf(ρ)∩ inf(ρ′). We build an accepting run ρ′′ by “combining” ρ andρ′ as follows:

(0) Starting from the initial state of ρ, go to q following the run ρ.

(1) Starting from q, follow ρ′ until having gone through an accepting state, and having read atleast once the word τ′; then go back to q (always following ρ′).

(2) Starting from q, follow ρ until having gone through an accepting state, and having read atleast once the word τ; then go back to q (always following ρ).

(3) Go to (1).

The word accepted by ρ′′ contains infinitely many occurrences of both τ and τ′. By (b), this wordbelongs to Ln, contradicting the assumption that A recognizes Ln.

Exercises

Exercise 144 Construct the intersection of the two following Buchi automata: 3

p q r

A: b

a

c

a

b

s t

B: a

a, c

b

Exercise 145

1. Give deterministic Buchi automata for languages La, Lb, and Lc where Lσ = w ∈ a, b, cω :w contains infinitely many σ’s, and build the intersection of these automata.

2. Give Buchi automata for the following ω-languages:

• L1 = w ∈ a, bω : w contains infinitely many a’s,

• L2 = w ∈ a, bω : w contains finitely many b’s,


• L3 = w ∈ a, bω : each occurrence of a in w is followed by a b,

and build the intersection of these automata.

Exercise 146 Consider the following Buchi automaton over Σ = a, b:

q0 q1

a, b b

b

1. Sketch dag(ababω) and dag((ab)ω).

2. Let rw be the ranking of dag(w) defined by

rw(q, i) =

1 if q = q0 and 〈q0, i〉 appears in dag(w),0 if q = q1 and 〈q1, i〉 appears in dag(w),⊥ otherwise.

Are rababω and r(ab)ω odd rankings?

3. Show that rw is an odd ranking if and only if w < Lω(B).

4. Build a Buchi automaton accepting Lω(B)) using the construction seen in class. (Hint: by (c),it is sufficient to use 0, 1 as ranks.)

Exercise 147 Design (not necessarily efficient) algorithms for the following decision problems: `

1. Given finite words u, v, x, y ∈ Σ∗, decide whether the ω-words u vω and x yω are equal.

2. Given a Buchi automaton A and finite words u, v, decide whether A accepts the ω-word u vω.

Exercise 148 Show that for every DBA A with n states there is an NBA B with 2n states such thatLω(B) = Lω(A). Explain why your construction does not work for NBAs.

Exercise 149 A Buchi automaton A = (Q,Σ, δ,Q0, F) is weak if no strongly connected component(SCC) of A contains both accepting and non-accepting states, that is, every SCC C ⊆ Q satisfieseither C ⊆ F or C ⊆ Q \ F.

1. Prove that a Buchi automaton A is weak iff for every run ρ either inf (ρ) ⊆ F or inf (ρ) ⊆ Q\F.

2. Prove that the algorithms for union, intersection, and complementation of DFAs are alsocorrect for weak DBAs. More precisely, show that the algorithms return weak DBAs recog-nizing the union, intersection, and complement, respectively, of the languages of the inputautomata.


Exercise 150 Give algorithms that directly complement deterministic Muller and parity automata, `without going through Buchi automata.

Exercise 151 Let A = (Q,Σ, q0, δ, 〈F0,G0〉, . . . , 〈Fm−1,Gm−1〉) be a deterministic automaton.What is the relation between the languages recognized by A seen as a deterministic Rabin automa-ton and seen as a deterministic Streett automaton?

Exercise 152 Consider Buchi automata with universal accepting condition (UBA): an ω-word w is accepted if every run of the automaton on w is accepting, i.e., if every run of the automaton on wvisits accepting states infinitely often.

Recall that automata on finite words with existential and universal accepting conditions recog-nize the same languages. Prove that is no longer the case for automata on ω-words by showingthat for every UBA there is a DBA that recognizes the same language. (This implies that theω-languages recognized by UBAs are a proper subset of ω-regular languages.)

Hint: On input w, the DBA checks that every path of dag(w) visits some final state infinitelyoften. The states of the DBA are pairs (Q′,O) of sets of the UBA where O ⊆ Q′ is a set of “owing”states. Loosely speaking, the transition relation is defined to satisfy the following property: afterreading a prefix w′ of w, the DBA is at the state (Q′,O) given by:

• Q′ is the set of states reached by the runs of the UBA on w′.

• O is the subset of states of Q′ that “owe” a visit to a final state of the UBA (See the construc-tion for the complement of a Buchi automaton.)

Exercise 153 Describe an algorithm that decides whether a given Buchi automaton accepts a finite `language.


Chapter 13

Emptiness check: Implementations

We present efficient algorithms for checking if a given Buchi automaton recognizes the emptylanguage. We fix an NBA A = (Q,Σ, δ,Q0, F). Since transition labels are irrelevant for checkingemptiness, in this chapter we redefine δ as a set of pairs of states:

δ := (q, q′) ∈ Q × Q | (q, a, q′) ∈ δ for some a ∈ Σ

Many applications require to check emptiness of very large Buchi automata, and so we areinterested in on-the-fly algorithms, that is, algorithms that do not know the automaton in advance,but check for emptiness while constructing it. More precisely, we assume the existence of an oraclethat, provided with a state q returns the set δ(q) = r | (q, r) ∈ δ.

We need a few graph-theoretical notions. If (q, r) ∈ δ, then r is a successor of q and q is apredecessor of r. A path is a sequence q0, q1, . . . , qn of states such that qi+1 is a successor of qi forevery i ∈ 0, . . . , n − 1; we say that the path leads from q0 to qn. Notice that a path may consist ofonly one state; in this case, the path is empty, and leads from a state to itself. A cycle is a path thatleads from a state to itself. We write q r to denote that there is a path from q to r.

Clearly, A is nonempty if it has an accepting lasso, i.e., a path q0q1 . . . qn−1qn such that qn = qi

for some i ∈ 0, . . . , n − 1, and at least one of qi, qi+1, . . . , qn−1 is accepting. The lasso consistsof a path q0 . . . qi, followed by a nonempty cycle qiqi+1 . . . qn−1qi. We are interested in emptinesschecks that on input A report EMPTY or NONEMPTY, and in the latter case return an acceptinglasso as a witness of nonemptiness.

13.1 Algorithms based on depth-first search

We present two emptiness algorithms that explore A using depth-first search (DFS). We start witha brief description of depth-first search and some of its properties.

A depth-first search (DFS) of A starts at the initial state q0. If the current state q still hasunexplored outgoing transitions, then one of them is selected. If the transition leads to a not yetdiscovered state r, then r becomes the current state. If all of q’s outgoing transitions have been

279

280 CHAPTER 13. EMPTINESS CHECK: IMPLEMENTATIONS

explored, then the search “backtracks” to the state from which q was discovered, i.e., this statebecomes the current state. The process continues until q0 becomes the current state again andall its outgoing transitions have been explored. Here is a pseudocode implementation (ignore thealgorithm DFS Tree for the moment).

DFS(A)Input: NBA A = (Q,Σ, δ,Q0, F)

1 S ← ∅2 for all q0 ∈ Q0 do dfs(q0)

3 proc dfs(q)4 add q to S5 for all r ∈ δ(q) do6 if r < S then dfs(r)7 return

DFS Tree(A)Input: NBA A = (Q,Σ, δ,Q0, F)Output: Time-stamped tree (S ,T, d, f )

1 S ← ∅2 T ← ∅; t ← 03 dfs(q0)

4 proc dfs(q)5 t ← t + 1; d[q]← t6 add q to S7 for all r ∈ δ(q) do8 if r < S then9 add (q, r) to T ; dfs(r)

10 t ← t + 1; f [q]← t11 return

Observe that DFS is nondeterministic, because we do not fix the order in which the states of δ(q)are examined by the for-loop. Since, by hypothesis, every state of an automaton is reachable fromthe initial state, we always have S = Q after termination. Moreover, after termination every stateq , q0 has a distinguished input transition, namely the one that led to the discovery of q during thesearch. It is well-known that the graph with states as nodes and these transitions as edges is a treewith root q0, called a DFS-tree. If some path of the DFS-tree leads from q to r, then we say that qis an ascendant of r, and r is a descendant of q (in the tree).

It is easy to modify DFS so that it returns a DFS-tree, together with timestamps for the states.The algorithm, which we call DFS Tree is shown above. While timestamps are not necessaryfor conducting a search itself, many algorithms based on depth-first search use them for otherpurposes1. Each state q is assigned two timestamps. The first one, d[q], records when q is first dis-covered, and the second, f [q], records when the search finishes examining the outgoing transitionsof q. Since we are only interested in the relative order in which states are discovered and finished,we can assume that the timestamps are integers ranging between 1 and 2|Q|. Figure 13.1 shows anexample.

1In the rest of the chapter, and in order to present the algorithms is more compact form, we omit the instructions forcomputing the timestamps, and just assume they are there.

13.1. ALGORITHMS BASED ON DEPTH-FIRST SEARCH 281

In our analyses we also assume that at every time point a state is white, grey, or black. A stateq is white during the interval [ 0, d[q] ], grey during the interval ( d[q], f [q] ], and black during theinterval ( f [q], 2|Q| ]. So, loosely speaking, q is white, if it has not been yet discovered, grey if ithas already been discovered but still has unexplored outgoing edges, or black if all its outgoingedges have been explored. It is easy to see that at all times the grey states form a path (the greypath) starting at q0 and ending at the state being currently explored, i.e., at the state q such thatdfs(q) is being currently executed; moreover, this path is always part of the DFS-tree.

q0 q1 q2 q3 q4

q5

q0 q1 q2 q3 q4

q5

[1,12] [2,11] [4,9] [5,8] [6,7]

[3,10]

Figure 13.1: An NBA (the labels of the transitions have been omitted), and a possible run ofDFS Tree on it. The numeric intervals are the discovery and finishing times of the states, shown inthe format [d[q], f [q]].

We recall two important properties of depth-first search. Both follow easily from the fact thata procedure call suspends the execution of the caller, which is only resumed after the execution ofthe callee terminates.

Theorem 13.1 (Parenthesis Theorem) In a DFS-tree, for any two states q and r, exactly one ofthe following four conditions holds, where I(q) denotes the interval ( d[q], f [q] ], and I(q) ≺ I(r)denotes that f [q] < d[r] holds.

• I(q) ⊆ I(r) and q is a descendant of r, or

• I(r) ⊆ I(q) and r is a descendant of q, or

• I(q) ≺ I(r), and neither q is a descendant of r, nor r is a descendant of q, or

• I(r) ≺ I(q), and neither q is a descendant of r, nor r is a descendant of q.


Theorem 13.2 (White-path Theorem) In a DFS-tree, r is a descendant of q (and so I(r) ⊆ I(q))if and only if at time d[q] state r can be reached from q in A along a path of white states.

13.1.1 The nested-DFS algorithm

To determine if A is empty we can search for the accepting states of A, and check if at least one ofthem belongs to a cycle. A naıve implementation proceeds in two phases, searching for acceptingstates in the first, and for cycles in the second. The runtime is quadratic: since an automaton withn states and m transitions has O(n) accepting states, and since searching for a cycle containing agiven state takes O(n + m) time, we obtain a O(n2 + nm) bound.

The nested-DFS algorithm runs in time O(n+m) by using the first phase not only to discover thereachable accepting states, but also to sort them. The searches of the second phase are conductedaccording to the order determined by the sorting. As we shall see, conducting the search in thisorder avoids repeated visits to the same state.

The first phase is carried out by a DFS, and the accepting states are sorted by increasing fin-ishing (not discovery!) time. This is known as the postorder induced by the DFS. Assume that inthe second phase we have already performed a search starting from the state q that has failed, i.e.,no cycle of A contains q. Suppose we proceed with a search from another state r (which impliesf [q] < f [r]), and this search discovers some state s that had already been discovered by the searchstarting at q. We claim that it is not necessary to explore the successors of s again. More precisely,we claim that s 6 r, and so it is useless to explore the successors of s, because the explorationcannot return any cycle containing r. The proof of the claim is based on the following lemma:

Lemma 13.3 If q r and f [q] < f [r] in some DFS-tree, then some cycle of A contains q.

Proof: Let π be a path leading from q to r, and let s be the first node of π that is discovered bythe DFS. By definition we have d[s] ≤ d[q]. We prove that s , q, q s and s q hold, whichimplies that some cycle of A contains q.

• q , s. If s = q, then at time d[q] the path π is white, and so I(r) ⊆ I(q), contradictingf [q] < f [r].

• q s. Obvious, because s belongs to π.

• s q. By the definition of s, and since s , q, we have d[s] ≤ d[q]. So either I(q) ⊆ I(s)or I(s) ≺ I(q). We claim that I(s) ≺ I(q) is not possible. Since at time d[s] the subpath of πleading from s to r is white, we have I(r) ⊆ I(s). But I(r) ⊆ I(s) and I(s) ≺ I(q) contradictf [q] < f [r], which proves the claim. Since I(s) ≺ I(q) is not possible, we have I(q) ⊆ I(s),and hence q is a descendant of s, which implies s q.


Example 13.4 The NBA of Figure 13.1 contains a path from q1 to q0, and the DFS-tree displayedsatisfied f [q1] = 11 < 12 = f [q0]. As guaranteed by lemma 13.3, some cycle contains q1, namelythe cycle q1q6q0.

To prove the claim, we assume that s r holds and derive a contradiction. Since s was alreadydiscovered by the search starting at q, we have q s, and so q r. Since f [q] < f [r], by Lemma13.3 some cycle of A contains q, contradicting the assumption that the search from q failed.

Hence, during the second phase we only need to explore a transition at most once, namely whenits source state is discovered for the first time. This guarantees the correctness of the followingalgorithm:

• Perform a DFS on A from q0, and output the accepting states of A in postorder2. Letq1, . . . , qk be the output of the search, i.e., f [q1] < . . . < f [qk].

• For i = 1 to k, perform a DFS from the state qi, with the following changes:

– If the search visits a state q that was already discovered by any of the searches startingat q1, . . . , qi−1, then the search backtracks.

– If the search visits qi, it stops and returns NONEMPTY.

• If none of the searches from q1, . . . , qk returns NONEMPTY, return EMPTY.

Example 13.5 We apply the algorithm to the example of Figure 13.1. Assume that the first DFSruns as in Figure 13.1. The search outputs the accepting states in postorder, i.e., in the orderq2, q1, q0. Figure 13.2 shows the transitions explored during the searches of the second phase. Thesearch from q2 explores the transitions labelled by 2.1, 2.2, 2.3. The search from q1 explores thetransitions 1.1, . . . , 1.5. Notice that the search backtracks after exploring 1.1, because the state q2was already visited by the previous search. This search is successful, because transition 1.5 reachesstate q1, and so a cycle containing q1 has been found.

The running time of the algorithm can be easily determined. The first DFS requires O(|Q|+ |δ|)time. During the searches of the second phase each transition is explored at most once, and so theycan be executed together in O(|Q| + |δ|) time.

Nesting the two searches

Recall that we are looking for algorithms that return an accepting lasso when A is nonempty. Thealgorithm we have described is not good for this purpose. Define the DFS-path of a state as theunique path of the DFS-tree leading from the initial state to it. When the second phase answersNONEMPTY, the DFS-path of the state being currently explored, say q, is an accepting cycle, but

2Notice that this does not require to apply any sorting algorithm, it suffices to output an accepting state immediatelyafter blackening it.


q0 q1 q2 q3 q4

q6

1.5 1.1 2.12.2

2.3

1.41.2

1.3

Figure 13.2: The transitions explored during the search starting at qi are labelled by the index i.The search starting at q1 stops with NONEMPTY.

usually not an accepting lasso. For an accepting lasso we can prefix this path with the DFS-path ofq obtained during the first phase. However, since the first phase cannot foresee the future, it doesnot know which accepting state, if any, will be identified by the second phase as belonging to anaccepting lasso. So either the first search must store the DFS-paths of all the accepting states itdiscovers, or a third phase is necessary, in which a new DFS-path is recomputed.

This problem can be solved by nesting the first and the second phases: Whenever the first DFSblackens an accepting state q, we immediately launch a second DFS to check if q is reachable fromitself. We obtain the nested-DFS algorithm, due to Courcoubetis, Vardi, Wolper, and Yannakakis:

• Perform a DFS from q0.

• Whenever the search blackens an accepting state q, launch a new DFS from q. If this secondDFS visits q again (i.e., if it explores some transition leading to q), stop with NONEMPTY.Otherwise, when the second DFS terminates, continue with the first DFS.

• If the first DFS terminates, output EMPTY.

A pseudocode implementation is shown below; for clarity, the program on the left does not includethe instructions for returning an accepting lasso. A variable seed is used to store the state fromwhich the second DFS is launched. The instruction report X produces the output X and stopsthe execution. The set S is usually implemented by means of a hash-table. Notice that it is notnecessary to store states [q, 1] and [q, 2] separately. Instead, when a state q is discovered, eitherduring the first or the second searches, then it is stored at the hash address, and two extra bits areused to store which of the following three possibilities hold: only [q, 1] has ben discovered so far,only [q, 2], or both. So, if a state is encoded by a bitstring of length c, then the algorithm needsc + 2 bits of memory per state.


NestedDFS(A)Input: NBA A = (Q,Σ, δ,Q0, F)Output: EMP if Lω(A) = ∅

NEMP otherwise1 S ← ∅2 dfs1(q0)3 report EMP

4 proc dfs1(q)5 add [q, 1] to S6 for all r ∈ δ(q) do7 if [r, 1] < S then dfs1(r)8 if q ∈ F then seed ← q; dfs2(q) 9 return

10 proc dfs2(q)11 add [q, 2] to S12 for all r ∈ δ(q) do13 if r = seed then report NEMP14 if [r, 2] < S then dfs2(r)15 return

NestedDFSwithWitness(A)Input: NBA A = (Q,Σ, δ,Q0, F)Output: EMP if Lω(A) = ∅

NEMP otherwise1 S ← ∅; succ← false2 dfs1(q0)3 report EMP

4 proc dfs1(q)5 add [q, 1] to S6 for all r ∈ δ(q) do7 if [r, 1] < S then dfs1(r)8 if succ = true then return [q, 1]9 if q ∈ F then

10 seed ← q; dfs2(q)11 if succ = true then return [q, 1]12 return

13 proc dfs2(q)14 add [q, 2] to S15 for all r ∈ δ(q) do16 if [r, 2] < S then dfs2(r)17 if r = seed then18 report NEMP; succ← true19 if succ = true then return [q, 2]20 return

The algorithm on the right shows how to modify NestedDFS so that it returns an accepting lasso.It uses a global boolean variable succ (for success), initially set to false. If at line 11 the algorithmfinds that r = seed holds, it sets success to true. This causes procedure calls in dfs1(q) and dfs2(q)to be replaced by return[q, 1] and return[q, 2], respectively. The lasso is produced in reverse order,i.e., with the initial state at the end.

A small improvement

We show that dfs2(q) can already return NONEMPTY if it discovers a state that belongs to the DFS-path of q in dfs1. Let qk be an accepting state. Asssume that dfs1(q0) discovers qk, and that the DFS-path of qk in dfs1 is q0q1 . . . qk−1qk. Assume further that dfs2(qk) discovers qi for some 0 ≤ i ≤ k−1,and that the DFS-path of qi in dfs2 is qkqk+1 . . . qk+lqi. Then the path q0q1 . . . qk−1qk . . . qk+lqi is alasso, and, since qk is accepting, it is an accepting lasso. So stopping with NONEMPTY is correct.Implementing this modification requires to keep track during dfs1 of the states that belong to the


DFS-path of the state being currently explored. Notice, however, that we do not need informationabout their order. So we can use a set P to store the states of the path, and implement P as e.g. ahash table. We do not need the variable seed anymore, because the case r = seed is subsumed bythe more general r ∈ P.

ImprovedNestedDFS(A)Input: NBA A = (Q,Σ, δ,Q0, F)Output: EMP if Lω(A) = ∅, NEMP otherwise

1 S ← ∅; P← ∅2 dfs1(q0)3 report EMP

4 proc dfs1(q)5 add [q, 1] to S ; add q to P6 for all r ∈ δ(q) do7 if [r, 1] < S then dfs1(r)8 if q ∈ F then dfs2(q)9 remove q from P

10 return

11 proc dfs2(q)12 add [q, 2] to S13 for all r ∈ δ(q) do14 if r ∈ P then report NEMP15 if [r, 2] < S then dfs2(r)16 return

Evaluation

The strong point of the the nested-DFS algorithm are its very modest space requirements. Apartfrom the space needed to store the stack of calls to the recursive procedures, the algorithm justneeds two extra bits for each state of A. In many practical applications, A can easily have millionsor tens of millions of states, and each state may require many bytes of storage. In these cases, thetwo extra bits per state are negligible.

The algorithm, however, also has two important weak points: It cannot be extended to NGAs,and it is not optimal, in a formal sense defined below. We discuss these two points separately.

The nested-DFS algorithm works by identifying the accepting states first, and then checkingif they belong to some cycle. This principle no longer works for the acceptance condition ofNGAs, where we look for cycles containing at least one state of each family of accepting states.No better procedure than translating the NGA into an NBA has been described so far. For NGAshaving a large number of accepting families, the translation may involve a substantial penalty inperformance.

Let us now discuss optimality. A search-based algorithm explores an automaton A startingfrom the initial state. At each point t in time, the algorithm has explored a subset of the states andthe transitions of the algorithm, which form a sub-NBA At = (Qt,Σ, δt, q0, Ft) of A (i.e., Qt ⊆ Q,δt ⊆ δ, and Ft ⊆ F)). Clearly, a search-based algorithm can have only reported NONEMPTY at atime t if At contains an accepting lasso. A search-based algorithm is optimal if the converse holds,i.e., if it reports NONEMPTY at the earliest time t such that At contains an accepting lasso. It is


q0

q1

q2 qn−1 qn• • •

q0

q1

q2 qn−1 qn

qn+1

• • •

Figure 13.3: Two bad examples for NestedDFS

easy to see that NestedDFS is not optimal. Consider the automaton on top of Figure 13.3. Initially,the algorithm chooses between the transitions (q0, q1) and (q0, q2). Assume it chooses (q0, q1) (thealgorithm does not know that there is a long tail behind q2). The algorithm explores (q0, q1) andthen (q1, q0) at some time t. The automaton At already contains an accepting lasso, but, since q0has not been blackened yet, dfs1 continues its execution with (q0, q2), and explores all transitionsbefore dfs2 is called for the first time, and reports NONEMPTY. So the time elapsed between thefirst moment at which the algoritm has enough information to report NONEMPTY, and the momentat which the report occurs, can be arbitrarily large.

The automaton at the bottom of Figure 13.3 shows another problem of NestedDFS related tonon-optimality. If it selects (q0, q1) as first transition, then, since qn precedes q0 in postorder,dfs2(qn) is executed before dfs2(q0), and it succeeds, reporting the lasso q0q2 . . . qnqn+1qn, insteadof the much shorter lasso q0q1q0.

In the next section we describe an optimal algorithm that can be easily extended to NGAs. Theprice to pay is a higher memory consumption.

13.1.2 An algorithm based on strongly connected components

Recall that the nested-DFS algorithm searches for accepting states of A, and then checks if theybelong to some cycle. We design another algorithm that, loosely speaking, proceeds the other wayround: It searches for states that belong to some cycle of A, and checks if they are accepting.

Strongly connected components, roots, and the active graph

A strongly connected component (scc) of A is a maximal set of states S ⊆ Q such that q r for MB: scc or SCC?


every q, r ∈ S .3 Observe that every state belongs to exactly one scc. The first state of a reachablescc that is discovered by a DFS is called the root of the scc (with respect to this DFS).MB: Always reachable by as-

sumption, right? Fix a time t, and let At be the subgraph of A containing the states and transitions of A exploredby the DFS up to time t. We call At the explored graph. An scc of At (not of A!!) is active if itis visited by the grey path, i.e., if at least one of its states appears in the grey path, and inactiveotherwise. A state is active if its scc in At is active. (Observe that an active state may not belong tothe grey path as long as some other state of the scc does.) The active graph at time t is the subgraphof At containing the active states and the transitions between them.

Example 13.6 Figure 13.4 shows a DFS on a graph with six states A,B, . . . ,F. Each state islabeled with the interval given by its discovery and finishing times. At state D the search exploresthe curved edge first, and at states E and F the straight edge first. The right part of the picture showsthe explored and active graphs at three different times. Unexplored states and edges are dotted. Theexplored graph contains all solid states and edges. The active graph contains the pink states andedges.

• Before backtracking from B. The grey path contains the states A and B. The active sccs,shown in pink, are A and B, C, with roots A and B, respectively. The explored graph andthe active graph coincide.

• After exploring the edge E → F. The DFS has just discovered F. The grey path contains A,D, E, and F. The active sccs are A, D and E,F. States B and C are now explored butinactive.

• Before backtracking from D. The grey path contains A and D. The active sccs are A andD, E, F.

We analyze the structure of the active graph with the help of several observations:

(1) If r is the root of an scc, then d[r] ≤ d[q] for every state q of the scc; in other words, the rootis the first state of a scc visited by the DFS.This is the definition of a root.

(2) If r is the root of an scc, then f [r] ≥ f [q] for every state q of the scc; in other words, the rootis the last state of the scc from which the DFS backtracks.At time d[r] there are white paths from r to all states of the scc. By the White-path Theorem,all states of the scc are discovered before the DFS backtracks from r. By the ParenthesisTheorem, the DFS backtracks from all states of the scc before it backtracks from r.

3Notice that a path consisting of just a state q and no transitions is a path leading from q to q.


A B C

D E F

[1,12] [2,5] [3,4]

[6,11] [8,9] [7,10]

A B C

D E F

A B C

D E F

A B C

D E F

Figure 13.4: A DFS (left) and the explored and active graphs at three different snapshots during thesearch (right).

(3) An scc becomes inactive when the DFS backtracks from its root, i.e., when its root is black-ened.Follows immediately from (2).

(4) An inactive scc of At is also a scc of A.Follows easily from (2) and (3).

(5) Roots of active sccs occur in the grey path.Follows from (3), because the root of an active scc must be in the grey path.

(6) Let q be an active state, and let r be the root of its scc. No state s such that d[r] < d[s] < d[q]is an active root.Assume s is an active root such that d[r] < d[s] < d[q]. We show that r and s are in thesame scc, contradicting that s is a root. It suffices to show that both r s and s r hold.For r s, observe that, by (5), both r and s are in the grey path. Further, r precedes s in thepath because d[r] < d[s]. For s r, observe that, since s is active and d[s] < d[q], state q


is discovered during the execution of dfs(s), and so s q. Further, since r is the root of thescc of q, we have q r, and so s r.

(7) If q and r are active states and d[q] ≤ d[r], then q r.Let q′ and r′ be the roots of the sccs of q and r. Since q q′ and r′ r, it suffices to proveq′ r′. Since q′ and r′ are roots, they belong to the grey path by (5), and so at least one ofq′ r′ and r′ q′ holds. By (6) we have d[q′] ≤ d[r′], and so q′ r′ holds.

From (1)-(7) we get that the active graph has a necklace structure illustrated in Figure 13.5. Thechain of the necklace is the grey path, and the beads of the necklace are the active sccs. All rootsof the active sccs belong to the grey path, but the grey path may also contain other nodes. Giventwo consecutive roots q and r in the grey path s.t. d[q] < d[r], the scc of q contains exactly theactive nodes s discovered between q (inclusive) and r (exclusive). Formally, the scc of q containsall nodes s such that d[q] ≤ d[s] < d[r].

s0

SCC of s0

with additional states

root labelled withsomer number i

labelled with numbersbetween i and j

root labelled withsome number j

trivial SCC withaccepting state

search path

Figure 13.5: Structure of the active graph.

The algorithm

The algorithm maintains the explored graph and the necklace structure of the active graph whilethe DFS is conducted. More precisely, the algorithm maintains the following data:

• The set S of states visited by the DFS so far.

• the mapping rank : S → IN that assigns to each state a number in the order they are discov-ered, called the discovery rank of the state. Formally, the discovery rank of q is the numberof states of S immediately after q is visited.

• The mapping act : S → true, false that assigns true to a state iff it is currently active.


• The necklace stack N. The elements of N are of the form (r,C), where C is the set of statesof an active scc, and r is its root. We call the pair (r,C) a bead. The oldest bead (i.e., the onewith the oldest root) is at the bottom of the stack, and the newest at the top.

After the initialization step, the DFS is always either exploring a new edge (which may lead to anew state or to a state already visited), or backtracking along an edge explored earlier. We showhow to update S , rank, act, and N after an initialization, exploration, or backtracking step, so that,assuming they satisfy their definitions before the step, they continue to satisfy them after it. Further,we show how to check after each step whether the explored graph contains an accepting lasso.

Initialization. Initially both the explored and active graphs consist ony of the initial state q0 andno edges. The necklace has only one bead, namely (q0, q0). So we initialize S to q0, set rank(q0)and act(q0) to 1 and true, respectively, and push (q0, q0) onto N.

Exploration of new edges. Assume the algorithm explores a new edge from state q to state r.Assume further that S , rank, act, and N match the current explored and active graphs, and that theexplored graph does not contain an accepting lasso. We distinguish five cases.

(i) r is a new state, i.e., r < S .Then the explored graph is extended by the state r, which is active. So we add r to S , and setrank(r) and act(q0) to |S | and true, respectively. Since r forms a trivial scc, we push a newbead (r, r) to N. Finally, we recursively call dfs(r).

The figure below shows the explored and active graphs before and after the DFS exploresthe edge B → C, discovering C. The value of N is updated from (A, A)(B, B) (with thebottom of the stack on the left), to (A, A)(B, B)(C, C).

A B C

D E F

A B C

D E F

(ii) r has been visited by the DFS before, and is inactive. Formally, r ∈ S and act(r) = false.Since r is inactive, its scc has already been completely explored by the DFS (see (2) and (3)).So q and r belong to different sccs, and in particular r 6 q. It follows that the new edgefrom q to r cannot create an accepting lasso, if there was none before. So in this case no datastructure needs to be updated, and no recursive DFS call is started.

The figure below shows the explored and active graphs before and after the DFS explores theedge F→ C, which is currently inactive.


A B C

D E F

A B C

D E F

(iii) r has been visited by the DFS before, is active, and was discovered strictly after q. Formally,r ∈ S , act(r) = true, and rank(r) > rank(q).In this case both q and r are active, and already belong to the necklace. Since rank(r) >rank(q), either q and r belong to the same scc, or the scc of q is before the scc of r inthe necklace. In both cases, the new edge does not change the structure of the necklace.It cannot create an accepting lasso either, if no accepting lasso existed before. No statechanges its active/nonactive status. So, again, there is nothing to do, and no recursive DFScall is started.

The figure below shows the explored and active graphs before and after the DFS explores theedge D→ E. Observe that E was discovered after D.

A B C

D E F

A B C

D E F

(iv) r has been visited by the DFS before, is active, and r = q. Formally, r ∈ S , act(r) = true,and rank(r) = rank(q).In this case the edge from q to r is actually a self-loop. If q is an accepting state, then anaccepting lasso has been discovered, and the algorithm reports it. Otherwise, there is againnothing to do.

The figure below shows the explored and active graphs before and after the DFS explores theedge C→ C. If C is a final state, then the algorithm reports NEMP.

A B C

D E F

A B C

D E F


(v) r has been visited by the DFS before, is active, and was discovered strictly before q. For-mally, r ∈ S , act(r) = true, and rank(r) < rank(q).Observe that rank(r) < rank(q) implies d[r] < d[q] and so, because of (7), we have r q.So q and r belong to the same scc of the automaton . Let r′ be the root of the scc of r in thenecklace. Since the DFS explores an edge from q to r, state q is the last state of the grey path,that is, the end of the nacklace. So all sccs of the necklace from r′ upwards must be mergedinto one scc. For example, if in Figure 13.5 the search would now discover an edge leadingfrom the last pink state to the state labeled by i, then the last four sccs must be merged. Themerge is achieved as follows. We pop beads (s,C) from N, and keep merging the sets C,stopping when the bead satisfies rank(s) ≤ rank(r), which implies r′ = s. Then we push anew bead (s,D), where D is the result of the merge.

The edge from q to r can create a first accepting lasso only if one of the merged sccs washitherto consisting of just an accepting state and no edges. Therefore, while popping beadsfrom N we simply check whether any of the roots is an accepting state.

The figure below shows the explored and active graphs before and after the DFS exploresthe edge E→ D. Before the value of N is (A, A) (D, D)ß, (F, E,F). We pop the last twobeads, merging the sccs D and E,F, and push the new bead (D, D,E,F). If D is a finalstate, the algorithm returns NEMP.

A B C

D E F

A B C

D E F

Backtracking. Assume that the algorithm has already explored all the edges leaving a state q,and now proceeds to backtrack from q. Notice that q is active. Consider two cases:

(vi) q is a root of the active graph.Then, before backtracking from q, the top element of N is of the form (q,C),. After back-tracking, q and its entire scc become inactive by (3), and they do not belong to the activegraph anymore. So we pop (q,C) from N, and set act(r) to false for every r ∈ C.

The figure below shows the explored and active graphs before and after the DFS backtracksfrom D. The scc D,E,F become inactive, the bead (D, D,E,F) is popped from N.

A B C

D E F

A B C

D E F


(vii) q is not a root of the active graph.Then, by (2) and (3), the root of the scc of q is active and remains active after backtracking.The active graph does not change, and there is nothing to do.

The figure below shows the explored and active graphs before and after the DFS backtracksfrom E. At that moment the scc of E is D,E,F, with root D. Indeed, before and after thestep the explored and active graphs are identical.

A B C

D E F

A B C

D E F

The pseudocode for the algorithm, which we call SCCsearch, is shown below. The initializationis carried out in lines 1-2. Case (i) corresponds to r < S in line 8. Case (ii) does not require to doanything, which is indeed what happens when the conditions at lines 8 and 9 do not hold. Cases(iii)-(v) are dealt with uniformly in the repeat-until loop. Indeed, if d[r] > d[q] (case (iii)) then theloop is executed exactly once, with the result that the top stack element is popped from the stackin line 12, and pushed again in line 15. If r = q (case (iv)), then the same happens; in this case(s,C) = (r, r), and so if r ∈ F the algorithm reports an accepting lasso. If d[r] > d[q] (case (v)),the loop performs the necessary merge of sccs. Finally, the two backtracking cases correspond tolines 16-18.


SCCsearch(A)Input: NBA A = (Q,Σ, δ,Q0, F)Output: EMP if Lω(A) = ∅, NEMP otherwise

1 S ,N ← ∅; t ← 02 dfs(q0)3 report EMP

4 proc dfs(q)5 n← n + 1; rank(q)← n6 add q to S ; act(q)← 1; push(q, q) onto N7 for all r ∈ δ(q) do8 if r < S then dfs(r)9 else if act(r) then

10 D← ∅11 repeat12 pop (s,C) from N; if s ∈ F then report NEMP13 D← D ∪C14 until rank(s) ≤ rank(r)15 push(s,D) onto N16 if q is the top root in N then17 pop (q,C) from N18 for all r ∈ C do act(r)← false

Runtime

We show that SCCsearch(A) the algorithm runs in O(n+m) time, where n and m are the numbers ofstates and transitions of A, respectively. The total number of steps of type (i)-(vii) is 2m, becausethe DFS traverses each transition twice, once in the direction of the transition, and once in theoppposite direction, when it backtracks from the destination state. Steps of types (i)-(iv) and (vii)only require to perform a constant number of operations on the data structures, and take O(m) timetogether. Consider now the steps of type (v) and (vi).

• Type (v). The beads that enter the necklace N during a run of SCCsearch(A) are either beadsof the form (q, q) pushed into N at line 6, or beads obtained by removing two or more beadsfrom N, merging them, and adding the result back to N in line 15. Since there are n of theformer, and each merge decreases the number of beads by one or more, at most n of the latterare pushed onto N. So line 13 is executed O(n) times. If we implement sets of states aslinked lists with two pointers to the first and last elements., the merges take constant time.So all steps of type (v) together take O(n) time.

• Type (vi). Steps of type (vi) pop a bead (q,C) from N at line 17, and then set the activebits of all states of C to false in line 18; for this they traverse the list representing C. Since


all transitions from q have already been explored, q is black. By (2) all states of C are alsoblack, and so none of them is ever active again. So every state is deactivated exactly one atline 18, and the algorithm spends O(n) time executing it.

Extension to NGAs

We show that SccSearch can be easily transformed into an emptiness check for generalized Buchiautomata that does not require to construct an equivalent NBA. Recall that a NGA has in generalseveral sets F0, . . . , Fk−1 of accepting states, and that a run ρ is accepting if inf ρ ∩ Fi , ∅

for every i ∈ 0, . . . , k − 1. So we have the following characterization of nonemptiness, whereK = 0, . . . , k − 1:

Fact 13.7 Let A be a NGA with accepting condition F0, . . . , Fk−1. A is nonempty iff some scc Sof A satisfies S ∩ Fi , ∅ for every i ∈ K.

Let us label each state q with the index set Iq of the acceptance sets it belongs to. (E.g., ifq belongs to F1 and F3, then Iq = 1, 3. We extend beads with a third component; a bead isnow a triple (q,C, I), where q is a state, C is a set of states, and I is an index set. We modifySCCsearch so that I =

⋃q∈C Iq holds for every bead (q,C, I) that enters the necklace, and let it

report nonemptiness if I = K. It suffices to adjust the pseudocode as follows:

line SCCsearch for NBA SCCsearch for NGA

6 push(q, q) push(q, q, Iq)10 D← ∅ D← ∅; J ← ∅12 pop(s,C); if s ∈ F then report NEMP pop(s,C, I)13 D← D ∪C D← D ∪C; J ← J ∪ I;15 push(s,D) push(s,D, J); if J = K then report NEMP17 pop(q,C) pop(q,C, I)

Evaluation

Recall that the two weak points of the nested-DFS algorithm were that it cannot be directly ex-tended to NGAs, and it is not optimal. Both are strong points of the two-stack algorithm.

The strong point of the the nested-DFS algorithm were its very modest space requirements: justtwo extra bits for each state of A. Let us examine the space needed by the two-stack algorithm. Itis convenient to compute it for automata recognizingthe empty language, because in this case boththe nested-DFS and the two-stack algorithms must visit all states.

Because of the check rank[s] ≤ rank[r], the algorithm needs to store the rank of each state.This is done by extending the hash table S . In principle we need log n bits to store a rank; however,in practice a rank is stored using a word of memory, because if the number of states of A exceeds2w, where w is the number of bits of a word, then A cannot be stored in main memory anyway. So

13.2. ALGORITHMS BASED ON BREADTH-FIRST SEARCH 297

the hash table S requires c + w + 1 bits per state, where c is the number of bits required to store astate (the extra bit is is the active bit).

The stack N does not need to store the states themselves, but the memory addresses at whichthey are stored. Ignoring hashing collisions, this requires w additional bits per state. For generalizedBuchi automata, we must also add the k bits needed to store the set of indices. So the algorithmuses a total of c + 3w + 1 bits per state (c + 3w + k + 1 in the version for NGA), compared to thec + 2 bits required by the nested-DFS algorithm. In most cases w << c, and so the influence of theadditional memory requirements on the performance is small.

13.2 Algorithms based on breadth-first search

In this section we describe algorithms based on breadth-first search (BFS). No linear BFS-basedemptiness check is known, and so this section may look at first sight superfluous. However, BFS-based algorithms can be suitably described using operations and checks on sets, which allows usto implement them using automata as data structures. In many cases, the gain obtained by the useof the data structure more than compensates for the quadratic worse-case behaviour, making thealgorithms competitive.

Breadth-first search (BFS) maintains the set of states that have been discovered but not yetexplored, often called the frontier or boundary. A BFS from a set Q0 of states (in this section weconsider searches from an arbitrary set of states of A) initializes both the set of discovered states andits frontier to Q0, and then proceeds in rounds. In a forward search, a round explores the outgoingtransitions of the states in the current frontier; the new states found during the round are added tothe set of discovered states, and they become the next frontier. A backward BFS proceeds similarly,but explores the incoming instead of the outgoing transitions. The pseudocode implementations ofboth BFS variants shown below use two variables S and B to store the set of discovered states andthe boundary, respectively. We assume the existence of oracles that, given the current boundary B,return either δ(B) =

⋃q∈B δ(q) or δ−1(B) =

⋃q∈B δ

−1(q).

ForwardBFS[A](Q0)Input:

NBA A = (Q,Σ, δ,Q0, F),Q0 ⊆ Q

1 S , B← Q0;2 repeat3 B← δ(B) \ S4 S ← S ∪ B5 until B = ∅

BackwardBFS[A](Q0)Input:

NBA A = (Q,Σ, δ,Q0, F),Q0 ⊆ Q

1 S , B← Q0;2 repeat3 B← δ−1(B) \ S4 S ← S ∪ B5 until B = ∅

Both BFS variants compute the successors or predecessors of a state exactly once, i.e., if inthe course of the algorithm the oracle is called twice with arguments Bi and B j, respectively, then


Bi∩B j = ∅. To prove this in the forward case (the backward case is analogous), observe that B ⊆ Sis an invariant of the repeat loop, and that the value of S never decreases. Now, let B1, S 1, B2, S 2, . . .

be the sequence of values of the variables B and S right before the i-th execution of line 3. We haveBi ⊆ S i by the invariant, S i ⊆ S j for every j ≥ i, and and B j+1 ∩ S j = ∅ by line 3. So B j ∩ Bi = ∅

for every j > i.As data structures for the sets S and B we can use a hash table and a queue, respectively.

But we can also take the set Q of states of A as finite universe, and use automata for fixed-lengthlanguages to represent both S and B. Moreover, we can represent δ ⊆ Q × Q by a finite transducerTδ, and reduce the computation of δ(B) and δ−1(B) in line 3 to computing Post(B, δ) and Pre(B, δ),respectively.

13.2.1 Emerson-Lei’s algorithm

A state q of A is live if some infinite path starting at q visits accepting states infinitely often. Clearly,A is nonempty if and only if its initial state is live. We describe an algorithm due to Emerson andLei for computing the set of live states. For every n ≥ 0, the n-live states of A are inductivelydefined as follows:

• every state is 0-live;

• a state q is (n + 1)-live if some path containing at least one transition leads from q to anaccepting n-live state.

Loosely speaking, a state is n-live if starting at it it is possible to visit accepting states n-times. LetL[n] denote the set of n-live states of A. We have:

Lemma 13.8 (a) L[n] ⊇ L[n + 1] for every n ≥ 0.

(b) The sequence L[0] ⊇ L[1] ⊇ L[2] . . . reaches a fixpoint L[i] (i.e., there is a least index i ≥ 0such that L[i + 1] = L[i]), and L[i] is the set of live states.

Proof: We prove (a) by induction on n. The case n = 0 is trivial. Assume n > 0, and letq ∈ L[n + 1]. There is a path containing at least one transition that leads from q to an acceptingstate r ∈ L[n]. By induction hypothesis, r ∈ L[n − 1], and so q ∈ L[n].

To prove (b), first notice that, since Q is finite, the fixpoint L[i] exists. Let L be the set of livestates. Clearly, L ⊆ L[i] for every i ≥ 0. Moreover, since L[i] = L[i + 1], every state of L[i] has aproper descendant that is accepting and belongs to L[i]. So L[i] ⊆ L.

Emerson-Lei’s algorithm computes the fixpoint L[i] of the sequence L[0] ⊇ L[1] ⊇ L[2] . . .. Tocompute L[n + 1] given L[n] we observe that a state is n + 1-live if some nonempty path leads fromit to an n-live accepting state, and so

L[n + 1] = BackwardBFS( Pre(L[n] ∩ F) )

The pseudocode for the algorithm is shown below on the left-hand-side; the variable L is used tostore the elements of the sequence L[0], L[1], L[2], . . ..


EmersonLei(A)Input: NBA A = (Q,Σ, δ,Q0, F)Output: EMP if Lω(A) = ∅,

NEMP otherwise

1 L← Q2 repeat3 OldL← L4 L← Pre(OldL ∩ F)5 L← BackwardBFS(L)6 until L = OldL7 if q0 ∈ L then report NEMP8 else report NEMP

EmersonLei2(A)Input: NBA A = (Q,Σ, δ,Q0, F)Output: EMP if Lω(A) = ∅,

NEMP otherwise

1 L← Q2 repeat3 OldL← L4 L← Pre(OldL ∩ F) \ OldL5 L← BackwardBFS(L) ∪ OldL6 until L = OldL7 if q0 ∈ L then report NEMP8 else report NEMP

The repeat loop is executed at most |Q| + 1-times, because each iteration but the last one removesat least one state from L. Since each iteration takes O(|Q| + |δ|) time, the algorithm runs in O(|Q| ·(|Q| + |δ|)) time.

The algorithm may compute the predecessors of a state twice. For instance, if q ∈ F and thereis a transition (q, q), then after line 4 is executed the state still belongs to L. The version on theright avoids this problem.

Emerson-Lei’s algorithm can be easily generalized to NGAs (we give only the generalizationof the first version):

GenEmersonLei(A)Input: NGA A = (Q,Σ, δ, q0, F0, . . . , Fm−1)Output: EMP if Lω(A) = ∅,

NEMP otherwise

1 L← Q2 repeat3 OldL← L4 for i=0 to m − 15 L← Pre(OldL ∩ Fi)6 L← BackwardBFS(L)7 until L = OldL8 if q0 ∈ L then report NEMP9 else report NEMP

Proposition 13.9 GenEmersonLei(A) reports NEMP iff A is nonempty.

Proof: For every k ≥ 0, redefine the n-live states of A as follows: every state is 0-live, and q is(n + 1)-live if some path having at least one transition leads from q to a n-live state of F(n mod m).


Let L[n] denote the set of n-live states. Proceeding as in Lemma 13.8, we can easily show thatL[(n + 1) · m] ⊇ L[n · m] holds for every n ≥ 0.

We claim that the sequence L[0] ⊇ L[m] ⊇ L[2 · m] . . . reaches a fixpoint L[i · m] (i.e., there isa least index i ≥ 0 such that L[(i + 1) · m] = L[i · m]), and L[i · m] is the set of live states. SinceQ is finite, the fixpoint L[i · m] exists. Let q be a live state. There is a path starting at q that visitsF j infinitely often for every j ∈ 0, . . . ,m − 1. In this path, every occurrence of a state of F j isalways followed by some later occurrence of a state of F( j+1) mod m, for every i ∈ 0, . . . ,m− 1. Soq ∈ L[i ·m]. We now show that every state of L[i ·m] is live. For every state q ∈ L[(i + 1) ·m] thereis a path π = πm−1πm−2π0 such that for every j ∈ 0, . . . ,m− 1 the segment π j contains at least onetransition and leads to a state of L[i ·m + j]∩ F j. In particular, π visits states of F0, . . . , Fm−1, and,since L[(i + 1) ·m] = L[i ·m], it leads from a state of L[(i + 1) ·m] to another state of L[(i + 1) ·m].So every state of L[(i + 1) · m] = L[i · m] is live, which proves the claim.

Since GenEmersonLei(A) computes the sequence L[0] ⊇ L[m] ⊇ L[2 · m] . . ., after terminationL contains the set of live states.

13.2.2 A Modified Emerson-Lei’s algorithm

There exist many variants of Emerson-Lei’s algorithm that have the same worst-case complexity,but try to improve the efficiency, at least in some cases, by means of heuristics. We present hereone of these variants, which we call the Modified Emerson-Lei’s algorithm (MEL).

Given a set S ⊆ Q of states, let inf (S ) denote the states q ∈ S such that some infinite pathstarting at q contains only states of S . Instead of computing Pre(OldL ∩ F) at each iteration step,MEL computes Pre(inf (OldL) ∩ Fi).


MEL(A)Input: NGA A = (Q,Σ, δ, q0, F0, . . . , Fk−1)Output: EMP if Lω(A) = ∅, NEMP otherwise

1 L← Q;2 repeat3 OldL← L4 L← inf (OldL)5 L← Pre(L ∩ F)6 L← BackwardBFS(L)7 until L = OldL8 if q0 ∈ L then report NEMP9 else report NEMP

10 function inf(S )11 repeat12 OldS← S13 S ← S ∩ Pre(S )14 until S = OldS15 return S

In the following we show that MEL is correct, and then compare it with Emerson-Lei’s al-gorithm. As we shall see, while MEL introduces the overhead of repeatedly computing inf -operations, it still makes sense in many cases because it reduces the number of executions of therepeat loop.

To prove correctness we claim that after termination L contains the set of live states. Recall thatthe set of live states is the fixpoint L[i] of the sequence L[0] ⊇ L[1] ⊇ L[2] . . .. By the definitionof liveness we have inf (L[i]) = L[i]. Define now L′[0] = Q, and L′[n + 1] = inf (pre+(L′[i] ∩ α)).Clearly, MEL computes the sequence L′[0] ⊇ L′[1] ⊇ L′[2] . . .. Since L[n] ⊇ L′[n] ⊇ L[i] forevery n > 0, we have that L[i] is also the fixpoint of the sequence L′[0] ⊇ L′[1] ⊇ L′[2] . . ., and soMEL computes L[i]. Since inf (S ) can be computed in time O(|Q| + |δ|) for any set S , MEL runs inO(|Q| · (|Q| + |δ|)) time.

Interestingly, we have already met Emerson-Lei’s algorithm in Chapter ??. In the proof ofProposition 12.2 we defined a sequence D0 ⊇ D1 ⊇ D2 ⊇ . . . of infinite acyclic graphs. Inthe terminology of this chapter, D2i+1 was obtained from D2i by removing all nodes having onlyfinitely many descendants, and D2i+2 was obtained from D2i+1 by removing all nodes having onlynon-accepting descendants. This corresponds to D2i+1 := inf(D2i) and D2i+2 := pre+(D2i+1 ∩ α).So, in fact, we can look at this procedure as the computation of the live states of D0 using MEL.


13.2.3 Comparing the algorithms

We give two families of examples showing that MEL may outperform Emerson-lei’s algorithm, butnot always.

A good case for MEL. Consider the automaton of Figure 13.6. The i-th iteration of Emnerson-Lei’s algorithm removes qn−i+1 The number of calls to BackwardBFS is (n + 1), although a simplemodification allowing the algorithm to stop if L = ∅ spares the (n + 1)-th operation. On the otherhand, the first inf-operation of MEL already sets the variable L to the empty set of states, and so,with the same simple modification, the algorithm stops after on iteration.

q0 q1 qn−1 qn• • •

Figure 13.6: An example in which the MEL-algorithm outperforms the Emerson-Lei algorithm

A good case for Emerson-Lei’s algorithm. Consider the automaton of Figure 13.7. The i-thiteration, of Emerson-Lei’s algorithm removes q(n−i+1),1 and q(n−i+1),2, and so the algorithm callsBackwardBFS (n + 1) times The i-th iteration of MEL-algorithm removes no state as result of theinf -operation, and states q(n−i+1),1 and q(n−i+1),2 as result of the call to BackwardBFS. So in thiscase the inf -operations are all redundant.

q0,1 q0,2 q1,1 q1,2 qn,1 qn,2• • •

Figure 13.7: An example in which the EL-algorithm outperforms the MEL-algorithm

Exercises

Exercise 154 Let B be the following Buchi automaton:


q0 q1

q2

q6

q3

q5 q4 q7 q8

a

b a

b

b

a

ab

a

a ba

1. Execute the emptiness algorithm NestedDFS on B.

2. Recall that NestedDFS is a non deterministic algorithm and different choices of runs mayreturn different lassos. Which lassos of B can be found by NestedDFS?

3. Show that NestedDFS is non optimal by exhibiting some search sequence on B.

4. Execute the emptiness algorithm TwoStack on B.

5. Which lassos of B can be found by TwoStack?

Exercise 155 Let A be a NBA, and let At be the sub-NBA of A containing the states and transitionsexplored by a DFS up to (and including) time t. Prove: If a state q belongs to some cycle of A, thenit already belongs to some cycle of A f [q].

Exercise 156 A Buchi automaton is weak if none of its strongly connected components containsboth accepting and non-accepting states. Give an emptiness algorithm for weak Buchi automata.What is the complexity of the algorithm?

Exercise 157 Consider Muller automata whose accepting condition contains one single set ofstates F, i.e., a run ρ is accepting if inf (ρ) = F. Transform TwoStack into a linear algorithmfor checking emptiness of these automata.Hint: Consider the version of TwoStack for NGAs.

Exercise 158 (1) Given R, S ⊆ Q, define pre+(R, S ) as the set of ascendants q of R such thatthere is a path from q to R that contains only states of S . Give an algorithm to computepre+(R, S ).

(2) Consider the following modification of Emerson-Lei’s algorithm:


MEL2(A)Input: NBA A = (Q,Σ, δ,Q0, F)Output: EMP if Lω(A) = ∅, NEMP other-wise

1 L← Q2 repeat3 OldL← L4 L← pre+(L ∩ F, L)5 until L = OldL6 if q0 ∈ L then report NEMP7 else report NEMP

Is MEL2 correct? What is the difference between the sequences of sets computed by MELand MEL2?

Chapter 14

Applications I: Verification andTemporal Logic

Recall that, intuitively, liveness properties are those stating that the system will eventually do some-thing good. More formally, they are properties that are only violated by infinite executions of thesystems, i.e., by examining only a finite prefix of an infinite execution it is not possible to determinewhether the infinite execution violates the property or not. In this chapter we apply the theory ofBuchi automata to the problem of automatically verifying liveness properties.

14.1 Automata-Based Verification of Liveness Properties

In Chapter 8 we introduced some basic concepts about systems: configuration, possible execution,and execution. We extend these notions to the infinite case. An ω-execution of a system is aninfinite sequence c0c1c2 . . . of configurations where c0 is some initial configuration, and for everyi ≥ 1 the configuration ci is a legal successor according to the semantics of the system of theconfiguration ci−1. Notice that according to this definition, if a configuration has no legal successorsthen it does not belong to any ω-execution. Usually this is undesirable, and it is more convenientto assume that such a configuration c has exactly one legal successor, namely c itself. In thisway, every reachable configuration of the system belongs to some ω-execution. The terminatingexecutions are then the ω-executions of the form c0 . . . cn−1cωn for some terminating configurationcn. The set of terminating configurations can usually be identified syntactically. For instance, ina program the terminating configurations are usually those in which control is at some particularprogram line.

In Chapter 8 we showed how to construct a system NFA recognizing all the executions ofa given system. The same construction can be used to define a system NBA recognizing all theω-executions.

Example 14.1 Consider the little program of Chapter 8.

305

306 CHAPTER 14. APPLICATIONS I: VERIFICATION AND TEMPORAL LOGIC

1, 0, 0 5, 0, 0

1, 1, 1 2, 1, 1

1, 1, 0 2, 1, 0

1, 0, 1 5, 0, 1

4, 1, 0

3, 1, 1

[5, 0, 0]

[2, 1, 0] [4, 1, 0]

[1, 1, 0]

[5, 0, 1]

[3, 1, 1][2, 1, 1]

[1, 1, 0][1, 0, 1]

[1, 1, 1]

[1, 0, 0]

i

4, 0, 1

[1, 0, 1]

[4, 0, 1]

[5, 0, 0]

[5, 0, 1]

Figure 14.1: System NBA for the program


Its system NFA is the automaton of 14.1, but without the red self-loops at states [5, 0, 0] and[5, 0, 1]. The system NBA is the result of adding the self-loops

14.1.1 Checking Liveness Properties

In Chapter 8 we used Lamport’s algorithm to present examples of safety properties, and how theycan be automatically checked. We do the same now for liveness properties. Figure 14.2 showsagain the network of automata modelling the algorithm and its asynchronous product, from whichwe can easily gain its system NBA. Observe that in this case every configuration has at least asuccessor, and so no self-loops need to be added.

For i ∈ 0, 1, let NCi,Ti,Ci be the sets of configurations in which process i is in the non-criticalsection, is trying to access the critical section, and is in the critical section, respectively, and let Σ

stand for the set of all configurations. The finite waiting property for process i states that if processi tries to access its critical section, it eventually will. The possible ω-executions that violate theproperty for process i are represented by the ω-regular expression

vi = Σ∗ Ti (Σ \Ci)ω .

We can check this property using the same technique as in Chapter 8. We construct the sys-tem NBA ωE recognizing the ω-executions of the algorithm (the NBA has just two states), andtransform the regular expression vi into an NBA Vi using the algorithm of Chapter 11. We then

14.1. AUTOMATA-BASED VERIFICATION OF LIVENESS PROPERTIES 307

b1 := 1

b1 := 0

0 1

b1 := 0b1 = 0

b1 := 1b1 = 1

nc0 t0 c0

b1 = 1

b0 ← 0

b0 ← 1 b1 = 0

nc1 t1 c1

q′1 q1

b0 = 0 b0 = 1

b1 ← 0

b1 ← 1 b0 = 0

b0 = 1

b1 ← 0

0, 0, nc0, nc1

1, 0, t0, nc1

0, 1, nc0, t1

1, 1, t0, t1

1, 1, c0, q1

0, 0, nc0, q′1

1, 0, c0, q′1

0, 1, nc0, q1

1, 1, t0, q1 1, 0, t0, q′1

b0 ← 1

b1 ← 1

b0 = 1b1 = 1

1, 1, c0, t1

b0 ← 0

b1 ← 1 b0 ← 0

b1 ← 1

b1 ← 0

b1 = 1

b1 ← 0

b0 ← 0b1 ← 0

b1 = 1

b1 = 1

b1 = 0

b0 ← 1

b0 ← 0

b1 = 0

b0 = 0

b0 = 1b1 = 1

b1 = 1

b1 ← 0

b1 = 0b1 ← 0

b1 = 0

b0 ← 1

b0 ← 0

b0 = 1

1, 0, c0, nc1

1, 1, t0, c1

0, 1, nc0, c1

Figure 14.2: Lamport’s algorithm and its asynchronous product.


construct an NBA for ωE ∩ Vi using intersNBA(), and check its emptiness using one of the algo-rithms of Chapter 13.

Observe that, since all states of ωE are accepting, we do not need to use the special algorithmfor intersection of NBAs, and so we can apply the construction for NFAs.

The result of the check for process 0 yields that the property fails because for instance of theω-execution

[0, 0, nc0, nc1] [1, 0, t0, nc1] [1, 1, t0, t1]ω

In this execution both processes request access to the critical section, but from then on process1 never makes any further step. Only process 0 continues, but all it does is continuously checkthat the current value of b1 is 1. Intuitively, this corresponds to process 1 breaking down afterrequesting access. But we do not expect the finite waiting property to hold if processes may breakdown while waiting. So, in fact, our definition of the finite waiting property is wrong. We can repairthe definition by reformulating the property as follows: in any ω-execution in which both processesexecute infinitely many steps, if process 0 tries to access its critical section, then it eventually will.The condition that both processes must move infinitely often is called a fairness assumption.

The simplest way to solve this problem is to enrich the alphabet of the system NBA. Instead oflabeling a transition only with the name of the target configuration, we also label it with the numberof the process responsible for the move leading to that configuration. For instance, the transition

[0, 0, nc0, nc1][1,0,t0,nc1]−−−−−−−−−→[1, 0, t0, nc1] becomes

[0, 0, nc0, nc1]([1,0,t0,nc1],0)−−−−−−−−−−−→[1, 0, t0, nc1]

to reflect the fact that [1, 0, t0, nc1] is reached by a move of process 0. So the new alphabet of theNBA is Σ × 0, 1. If we denote M0 = Σ × 0 and M1 = Σ × 1 for the ‘moves” of process 0 andprocess 1, respectively, then the regular expression

inf =(

(M0 + M1)∗M0M1)ω

represents all ω-executions in which both processes move infinitely often, and L (vi) ∩ L (inf )(where vi is suitably rewritten to account for the larger alphabet) is the set of violations of thereformulated finite waiting property. To check if some ω-execution is a violation, we can constructNBAs for vi and inf, and compute their intersection. For process 0 the check yields that the properlyindeed holds. For process 1 the property still fails because of, for instance, the sequence

( [0, 0, nc0, nc1] [0, 1, nc0, t1] [1, 1, t0, t1] [1, 1, t0, q1][1, 0, t0, q′1] [1, 0, c0, q′1] [0, 0, nc0, q′1] )ω

in which process 1 repeatedly tries to access its critical section, but always lets process 0 accessfirst.

14.2. LINEAR TEMPORAL LOGIC 309

14.2 Linear Temporal Logic

In Chapter 8 and in the previous section we have formalized properties of systems using regular, orω-regular expressions, NFAs, or NBAs. This becomes rather difficult for all but the easiest prop-erties. For instance, the NBA or the ω-regular expression for the modified finite waiting propertyare already quite involved, and it is difficult to be convinced that they correspond to the intendedproperty. In this section we introduce a new language for specifying safety and liveness proper-ties, called Linear Temporal Logic (LTL). LTL is close to natural language, but still has a formalsemantics.

Formulas of LTL are constructed from a set AP of atomic propositions. Intuitively, atomicpropositions are abstract names for basic properties of configurations, whose meaning is fixed onlyafter a concrete system is considered. Formally, given a system with a set C of configurations, themeaning of the atomic propositions is fixed by a valuation function V : AP → 2C that assigns toeach abstract name the set of configurations at which it holds. We denote LTL(AP) the set of LTLformulas over AP.

Atomic propositions are combined by means of the usual Boolean operators and the temporaloperators X (“next”) and U (“until”). Intuitively, as a first approximation Xϕ means “ϕ holds atthe next configuration” (the configuration reached after one step of the program), and ϕ U ψ means“ϕ holds until a configuration is reached satisfying ψ”. Formally, the syntax of LTL(AP) is definedas follows:

Definition 14.2 Let AP be a finite set of atomic propositions. LTL(AP), is the set of expressionsgenerated by the grammar

ϕ := true | p | ¬ϕ1 | ϕ1 ∧ ϕ2 | Xϕ1 | ϕ1 U ϕ2 .

Formulas are interpreted on sequences σ = σ0σ1σ2 . . ., where σi ⊆ AP for every i ≥ 0. We callthese sequences computations. The set of all computations over AP is denoted by C(AP). Theexecutable computations of a system are the computations σ for which there exists an ω-executionc0c1c2 . . . such that for every i ≥ 0 the set of atomic propositions satisfied by ci is exactly σi. Wenow formally define when a computationm satisfies a formula.

Definition 14.3 Given a computation σ ∈ C(AP), let σ j denote the suffix σ jσ j+1 σ j+2 . . . of σ.The satisfaction relation σ |= ϕ (read “σ satisfies ϕ”) is inductively defined as follows:

• σ |= true.

• σ |= p iff p ∈ σ(0).

• σ |= ¬ϕ iff σ 6|= ϕ.

• σ |= ϕ1 ∧ ϕ2 iff σ |= ϕ1 and σ |= ϕ2.

• σ |= Xϕ iff σ1 |= ϕ.


• σ |= ϕ1 U ϕ2 iff there exists k ≥ 0 such that σk |= ϕ2 and σi |= ϕ1 for every 0 ≤ i < k.

We use the following abbreviations:

• false,∨,→ and↔, interpreted in the usual way.

• Fϕ = true U ϕ (“eventually ϕ”). According to the semantics above, σ |= Fϕ iff there existsk ≥ 0 such that σk |= ϕ,.

• Gϕ = ¬F¬ϕ (“always ϕ” or “globally ϕ”). According to the semantics above, σ |= Gϕ iffσk |= ϕ for every k ≥ 0.

The set of computations that satisfy a formula ϕ is denoted by L (ϕ). A system satisfies ϕ if allits executable computations satisfy ϕ.

Example 14.4 Consider the little program at the beginning of the chapter. We write some formulasexpressing properties of the possible ω-executions of the program. Observe that the system NBAof Figure 14.1has exactly four ω-executions:

e1 = [1, 0, 0] [5, 0, 0]ω

e2 = ( [1, 1, 0] [2, 1, 0] [4, 1, 0] )ω

e3 = [1, 0, 1] [5, 0, 1]ω

e4 = [1, 1, 1] [2, 1, 1] [3, 1, 1] [4, 0, 1] [1, 0, 1] [5, 0, 1]ω

Let C be the set of configurations of the program. We choose

AP = at 1, at 2, . . . , at 5, x=0, x=1, y=0, y=1

and define the valuation function V : AP→ 2C as follows:

• V(at i) = [`, x, y] ∈ C | ` = i for every i ∈ 1, . . . , 5.

• V(x=0) = [`, x, y] ∈ C | x = 0, and similarly for x = 1, y = 0, y = 1.

Under this valuation, at i expresses that the program is at line i, and x=j expresses that the currentvalue of x is j. The executable computations corresponding to the four ω-executions above are

σ1 = at 1, x=0, y=0 at 5, x=0, y=0ω

σ2 = ( at 1, x=1, y=0 at 2, x=1, y=0 at 4, x=1, y=0 )ω

σ3 = at 1, x=0, y=1 at 5, x=0, y=1ω

σ4 = at 1, x=1, y=1 at 2, x=1, y=1 at 3, x=1, y=1 at 4, x=0, y=1

at 1, x=0, y=1 at 5, x=0, y=1ω

We give some examples of properties:

14.2. LINEAR TEMPORAL LOGIC 311

• ϕ0 = x=1 ∧ Xy=0 ∧ XXat 4. In natural language: the value of x in the first configura-tion of the execution is 1, the value of y in the second configuration is 0, and in the thirdconfiguration the program is at location 4. We have σ2 |= ϕ0, and σ1, σ3, σ4 6|= ϕ0.

• ϕ1 = Fx=0. In natural language: x eventually gets the value 0. We have σ1, σ2, σ4 |= ϕ1, butσ3 6|= ϕ1.

• ϕ2 = x=0 U at 5. In natural language: x stays equal to 0 until the execution reaches location5. Notice however that the natural language description is ambiguous: Do executions thatnever reach location 5 satisfy the property? Do executions that set x to 1 immediately beforereaching location 5 satisfy the property? The formal definition removes the ambiguities:the answer to the first question is ‘no’, to the second ‘yes’. We have σ1, σ3 |= ϕ2 andσ2, σ4 6|= ϕ2.

• ϕ3 = y=1∧F(y=0 ∧ at 5) ∧ ¬(F(y=0 ∧ Xy=1)). In natural language: the first configurationsatisfies y = 1, the execution terminates in a configuration with y = 0, and y never decreasesduring the execution. This is one of the properties we analyzed in Chapter 8, and it is notsatisfied by any ω-execution.

Example 14.5 We express several properties of the Lamport-Bruns algorithm (see Chapter 8) us-ing LTL formulas. As system NBA we use the one in which transitions are labeled with the nameof the target configuration, and with the number of the process responsible for the move leading tothat configuration. We take AP = NC0,T0,C0,NC1,T1,C1,M0,M1, with the obvious valuation.

• The mutual exclusion property is expressed by the formula

G(¬C0 ∨ ¬C1)

The algorithm satisfies the formula.

• The property that process i cannot access the critical section without having requested it firstis expressed by

¬(¬Ti U Ci)

Both processes satisfy this property.

• The naıve finite waiting property for process i is expressed by

G(Ti → FCi)

The modified version in which both processes must execute infinitely many moves is ex-pressed

(GFM0 ∧GFM1)→ G(Ti → FCi)


Observe how fairness assumptions can be very elegantly expressed in LTL. The assumptionitself is expressed as a formula ψ, and the property that ω-executions satisfying the fairnessassumption also satisfy ϕ is expressed by ψ → ϕ.

None of the processes satisfies the naıve version of the finite waiting property. Process 0satisfies the modified version, but process 1 does not.

• The bounded overtaking property for process 0 is expressed by

G( T0 → (¬C1 U (C1 U (¬C1 U C0))))

The formula states that whenever T0 holds, the computation continues with a (possiblyempty!) interval at which we see ¬C1 holds, followed by a (possibly empty!) interval atwhich C1 holds, followed by a point at which C0 holds. The property holds.

Example 14.6 Formally speaking, it is not correct to say “Xϕ means that the next configurationsatisfies ϕ” or “ϕ U ψ means that some future configuration satisfies ψ, and until then all configu-rations satisfy ϕ”. The reason is that formulas do not hold at configurations, but at computations.Correct is: “the suffix of the computation starting at the next configuration (which is also a com-putation) satisfies ϕ”, and “some suffix of the computation satisfies ψ, and until then all suffixessatisfy ϕ.

To illustrate this point, let AP = p, q, and consider the formula ϕ = GFp U q. Then thecomputation

τ = ∅ ∅ q ∅ p ∅ω

satisfies ϕ. Indeed, the suffix q ∅ p ∅ω satisfies q, and all “larger” suffixes, that is, ∅ q ∅ p ∅ω

and τ itself, satisfy Fp.

14.3 From LTL formulas to generalized Buchi automata

We present an algorithm that, given a formula ϕ ∈ LTL(AP) returns a NGA Aϕ over the alphabet2AP recognizing L (ϕ), and then derive a fully automatic procedure that, given a system and an LTLformula, decides whether the executable computations of the system satisfy the formula.

14.3.1 Satisfaction sequences and Hintikka sequences

We define the satisfaction sequence and the Hintikka sequence of a computation σ and a formulaϕ. We first need to introduce the notions of closure of a formula, and atom of the closure.

Definition 14.7 Given a formula ϕ, the negation of ϕ is the formula ψ if ϕ = ¬ψ, and the formula¬ϕ otherwise. The closure cl(ϕ) of a formula ϕ is the set containing all subformulas of ϕ and theirnegations. A nonempty set α ⊆ cl(ϕ) is an atom of cl(ϕ) if it satisfies the following properties:

14.3. FROM LTL FORMULAS TO GENERALIZED BUCHI AUTOMATA 313

(a0) If true ∈ cl(ϕ), then true ∈ α.

(a1) For every ϕ1 ∧ ϕ2 ∈ cl(ϕ): ϕ1 ∧ ϕ2 ∈ α if and only if ϕ1 ∈ α and ϕ2 ∈ α.

(a2) For every ¬ϕ1 ∈ cl(ϕ): ¬ϕ1 ∈ α if and only if ϕ1 < α.

The set of all atoms of cl(ϕ) is denoted by at(φ).

Observe that if α is the set of all formulas of cl(ϕ) satisfied by a computationσ, then α is necessarilyan atom. Indeed, every computation satisfies true; if a computation satisfies the conjunction of twoformulas, then it satisfies each of the conjuncts; finally, if a computation satisfies a formula, then itdoes not satisfy its negation, and vice versa. Notice as well that, because of (a2), if cl(ϕ) containsk formulas, then every atom of cl(ϕ) contains exactly k/2 formulas.

Example 14.8 The closure of the formula p ∧ (p U q) is

p, ¬p, q,¬q, p U q ,¬(p U q), p ∧ (p U q),¬(p ∧ (p U q)

) .

We claim that the only two atoms containing p ∧ (p U q) are

p, q, p U q, p ∧ (p U q) and p, ¬q, p U q, p ∧ (p U q) .

Let us see why. By (a2), an atom always contains either a subformula or its negation, but not both.So in principle there are 16 possibilities for atoms, since we have to choose exactly one of p and¬p, q and ¬q, p U q and ¬(p U q), and p ∧ (p U q) and ¬

(p ∧ (p U q)

). Since we look for atoms

containing p ∧ (p U q), we are left with 8 possibilities. But, by (a1), every atom α containingp ∧ (p U q) must contain both p and p U q. So the only freedom left is the possibility to chooseq or ¬q. None of these choices violates any of the conditions, and so exactly two atoms containp ∧ (p U q).

Definition 14.9 The satisfaction sequence for a computation σ and a formula ϕ is the infinitesequence of atoms

sats(σ, ϕ) = sats(σ, ϕ, 0) sats(σ, ϕ, 1) sats(σ, ϕ, 2) . . .

where sats(σ, ϕ, i) is the atom containing the formulas of cl(ϕ) satisfied by σi.

Intuitively, the satisfaction sequence of a computation σ is obtained by “completing” σ: while σonly indicates which atomic propositions hold at each point in time, the satisfaction sequence alsoindicates which atom holds at each moment.

Example 14.10 Let ϕ = p U q, and consider the computations σ1 = pω, and σ2 = (p q)ω.We have

sats(σ1, ϕ) = p, ¬q, ¬(p U q) ω

sats(σ2, ϕ) =(p, ¬q, p U q ¬p, q, p U q

)ω


Observe that σ satisfies ϕ if and only if and only if ϕ ∈ sats(σ, ϕ, 0), i.e., if and only if ϕ belongs tothe first atom of σ.

Satisfaction sequences have a semantic definition: in order to know which atom holds at a pointone must know the semantics of LTL. Hintikka sequences provide a syntactic characterization ofsatisfaction sequences. The definition of a Hintikka sequence does not involve the semantics ofLTL, i.e., someone who ignores the semantics can still determine whether a given sequence is aHintikka sequence or not. We prove that a sequence is a satisfaction sequence if and only if it is aHintikka sequence.

Definition 14.11 A pre-Hintikka sequence for ϕ is an infinite sequence α0α1α2 . . . of atoms satis-fying the following conditions for every i ≥ 0:

(l1) For every Xϕ ∈ cl(ϕ): Xϕ ∈ αi if and only if ϕ ∈ αi+1.

(l2) For every ϕ1 U ϕ2 ∈ cl(ϕ): ϕ1 U ϕ2 ∈ αi if and only if ϕ2 ∈ αi or ϕ1 ∈ αi and ϕ1 U ϕ2 ∈ αi+1.

A pre-Hintikka sequence is a Hintikka sequence if it also satisfies

(g) For every ϕ1 U ϕ2 ∈ αi, there exists j ≥ i such that ϕ2 ∈ α j.

A pre-Hintikka or Hintikka sequence α matches a computation σ if σi ⊆ αi for every i ≥ 0.

Observe that conditions (l1) and (l2) are local: in order to determine if α satisfies them we onlyneed to inspect every pair αi, αi+1 of consecutive atoms. On the contrary, condition (g) is global,since the distance between the indices i and j can be arbitrarily large.

Example 14.12 Let ϕ = ¬(p ∧ q) U (r ∧ s).

• Let α1 = p, ¬q, r, s, ϕ . The sequence αω1 is not a Hintikka sequence for ϕ, because α1is not an atom; indeed, by (a1) every atom containing r and s must contain r ∧ s.

• Let α2 = ¬p, r, ¬ϕ ω. The sequence αω2 is not a Hintikka sequence for ϕ, because α2 isnot an atom; indeed, by (a2) every atom mut contains either q or ¬q, and either s or ¬s.

• Let α3 = ¬p, q, ¬r, s, r ∧ s, ϕω. The sequence αω3 is not a Hintikka sequence for ϕ,because α3 is not an atom; indeed, by (a2) every atom must contian either (p∧q) or ¬(p∧q).

• Let α4 = p, q, (p∧ q) r, s, r ∧ s, ¬ϕ. The set α4 is an atom, but the sequence αω4 is not aHintikka sequence for ϕ, because it violates condition (l2): since α4 contains (r ∧ s), it mustalso contain ϕ.

• Let α5 = p, ¬q, ¬(p ∧ q), ¬r, s, ¬(r ∧ s), ϕ ω. The set α5 is an atom, and the sequenceαω5 is a pre-Hintikka sequence. However, it is not a Hintikka sequence because it violatescondition (g): since α5 contains ϕ, some atom in the sequence must contain (r ∧ s), which isnot the case.


• Let α6 = p, q, (p∧ q), r, s, (r ∧ s), ϕ . The sequence(α5 α6 )ω is a Hinktikka sequence

for ϕ.

It follows immediately from the definition of a Hintikka sequence that if α = α0α1α2 . . . isa satisfaction sequence, then every pair αi, αi+1 satisfies (l1) and (l2), and the sequence α itselfsatisfies (g). So every satisfaction sequence is a Hintikka sequence. The following theorem showsthat the converse also holds: every Hintikka sequence is a satisfaction sequence.

Theorem 14.13 Let σ be a computation and let ϕ be a formula. The unique Hintikka sequence forϕ matching σ is the satisfaction sequence sats(σ, ϕ).

Proof: As observed above, it follows immediately from the definitions that sats(σ, ϕ) is a Hintikkasequence for ϕ matching σ. To show that no other Hintikka sequence matches sats(σ, ϕ), let α =

α0α1α2 . . . be a Hintikka sequence for ϕ matching σ, and let ψ be an arbitrary formula of cl(ϕ). Weprove that for every i ≥ 0: ψ ∈ αi if and only if ψ ∈ sats(σ, ϕ, i).

The proof is by induction on the structure of ψ.

• ψ = true. Then true ∈ sats(σ, ϕ, i) and, since αi is an atom, true ∈ αi.

• ψ = p for an atomic proposition p. Since α matches σ, we have p ∈ αi if and only if p ∈ σi.By the definition of satisfaction sequence, p ∈ σi if and only if p ∈ sats(σ, ϕ, i). So p ∈ αi ifand only if p ∈ sats(σ, ϕ, i).

• ψ = ϕ1 ∧ ϕ2. We have

ϕ1 ∧ ϕ2 ∈ αi

⇔ ϕ1 ∈ αi and ϕ2 ∈ αi (condition (a1))⇔ ϕ1 ∈ sats(σ, ϕ, i) and ϕ2 ∈ sats(σ, ϕ, i) (induction hypothesis)⇔ ϕ1 ∧ ϕ2 ∈ sats(σ, ϕ, i) (definition of sats(σ, ϕ))

• ψ = ¬ϕ1 or ψ = Xϕ1. The proofs are very similar to the last one.

• ψ = ϕ1 U ϕ2. We prove:

(a) If ϕ1 U ϕ2 ∈ αi, then ϕ1 U ϕ2 ∈ sats(σ, ϕ, i).By condition (l2) of the definition of a Hintikka sequence, we have to consider two cases:

– ϕ2 ∈ αi. By induction hypothesis, ϕ2 ∈ sats(σ, ϕ), and so ϕ1 U ϕ2 ∈ sats(σ, ϕ, i).

– ϕ1 ∈ αi and ϕ1 U ϕ2 ∈ αi+1. By condition (g), there is at least one index j ≥ i suchthat ϕ2 ∈ α j. Let jm be the smallest of these indices. We prove the result by inductionon jm − i. If i = jm, then ϕ2 ∈ α j, and we proceed as in the case ϕ2 ∈ αi. If i < jm,then since ϕ1 ∈ αi, we have ϕ1 ∈ sats(σ, ϕ, i) (induction on ψ). Since ϕ1 U ϕ2 ∈ αi+1,


we have either ϕ2 ∈ αi+1 or ϕ1 ∈ αi+1. In the first case we have ϕ2 ∈ sats(σ, ϕ, i + 1),and so ϕ1 U ϕ2 ∈ sats(σ, ϕ, i). In the second case, by induction hypothesis (inductionon jm − i), we have ϕ1 U ϕ2 ∈ sats(σ, ϕ, i + 1), and so ϕ1 U ϕ2 ∈ sats(σ, ϕ, i).

(b) If ϕ1 U ϕ2 ∈ sats(σ, ϕ, i), then ϕ1 U ϕ2 ∈ αi.We consider again two cases.

– ϕ2 ∈ sats(σ, ϕ, i). By induction hypothesis, ϕ2 ∈ αi, and so ϕ1 U ϕ2 ∈ αi.

– ϕ1 ∈ sats(σ, ϕ, i) and ϕ1 U ϕ2 ∈ sats(σ, ϕ, i + 1). By the definition of a satisfactionsequence, there is at least one index j ≥ i such that ϕ2 ∈ sats(σ, ϕ, j). Proceed now asin case (a).

14.3.2 Constructing the NGA for an LTL formula

Given a formula ϕ, we construct a generalized Buchi automaton Aϕ recognizing L (ϕ). By thedefinition of a satisfaction sequence, a computation σ satisfies ϕ if and only if ϕ ∈ sats(σ, ϕ, 0).Moreover, by Theorem 14.13 sats(σ, ϕ) is the (unique) Hintikka sequence for ϕ matching σ. So Aϕmust recognize the computations σ satisfying: the first atom of the unique Hintikka sequence forϕ matching σ contains ϕ.

To achieve this, we apply the following strategy:

(a) Define the states and transitions of the automaton so that the runs of Aϕ are all the sequences

α0σ0−−−→α1

σ1−−−→α2

σ2−−−→ . . .

such that σ = σ0σ1 . . . is a computation, and α = α0α1 . . . is a pre-Hintikka sequence of ϕmatching σ.

(b) Define the sets of accepting states of the automaton (recall that Aϕ is a NGA) so that a run isaccepting if and only its corresponding pre-Hintikka sequence is also a Hintikka sequence.

Condition (a) determines the alphabet, states, transitions, and initial state of Aϕ:

- The alphabet of Aϕ is 2AP.

- The states of Aϕ are atoms of ϕ.

- The initial states are the atoms α such that ϕ ∈ α.

- The output transitions of a state α (where α is an atom) are the triples ασ−−→ β such that σ

matches α, and the pair α, β satisfies conditions (l1) and (l2) (where α and β play the roles ofαi resp. αi+1).


The sets of accepting states of Aϕ are determined by condition (b). By the definition of a Hin-

tikka sequence, we must guarantee that in every run α0σ0−−−→α1

σ1−−−→α2

σ2−−−→ . . . , if any αi contains

a subformula ϕ1 U ϕ2, then there is j ≥ i such that ϕ2 ∈ α j. By condition (l2), this amounts toguaranteeing that every run contains infinitely many indices i such that ϕ2 ∈ αi, or infinitely manyindices j such that ¬(ϕ1 U ϕ2) ∈ α j. So we choose the sets of accepting states as follows:

- The accepting condition contains a set Fϕ1 U ϕ2 of accepting states for each subformulaϕ1 U ϕ2 of ϕ. An atom belongs to Fϕ1 U ϕ2 if it does not contain ϕ1 U ϕ2 or if it contains ϕ2.

The pseudocode for the translation algorithm is shown below.

LTLtoNGA(ϕ)Input: formula ϕ of APOutput: NGA Aϕ = (Q, 2AP,Q0, δ,F) with L

(Aϕ

)= L (ϕ)

1 Q0 ← α ∈ at(φ) | ϕ ∈ α; Q← ∅;δ← ∅2 W ← Q0

3 while W , ∅ do4 pick α from W5 add α to Q6 for all ϕ1 U ϕ2 ∈ cl(ϕ) do7 if ϕ1 U ϕ2 < α or ϕ2 ∈ α then add α to Fϕ1 U ϕ2

8 for all β ∈ at(φ) do9 if α, β satisfies (l1) and (l2) then

10 add (α, α ∩ AP, β) to δ11 if β < Q then add β to W12 F ← ∅

13 for all ϕ1 U ϕ2 ∈ cl(ϕ) do F ← F ∪ Fϕ1 U ϕ2

14 return (Q, 2AP,Q0, δ,F)

Example 14.14 We construct the automaton Aϕ for the formula ϕ = p U q. The closure cl(ϕ) haseight atoms, corresponding to all the possible ways of choosing between p and ¬p, q and ¬q, andp U q and ¬(p U q). However, we can easily see that the atoms p, q,¬(p U q), ¬p, q,¬(p U q),and ¬p,¬q, p U q have no output transitions, because those transitions would violate condition(l2). So these states can be removed, and we are left with the five atoms shown in Figure 14.3. Thethree atoms on the left contain p U q, and so they become the initial states. Figure 14.3 uses someconventions to simplify the graphical representation. Observe that every transition of Aϕ leavingan atom α is labeled by α ∩ AP. For instance, all transitions leaving the state ¬p, q, p U q arelabeled with q, and all transitions leaving ¬p, ¬q, ¬(p U q) are labeled with ∅. Therefore, sincethe label of a transition can be deduced from its source state, we omit them in the figure. Moreover,since ϕ only has one subformula of the form ϕ1 U ϕ2, the NGA is in fact a NBA, and we canrepresent the accepting states as for NBAs. The accepting states of Fp U q are the atoms that do not


p, q, p U q

p,¬q,¬(p U q)

¬p,¬q,¬(p U q)

p,¬q, p U q

¬p, q, p U q

Figure 14.3: NGA (NBA) for the formula p U q.

contain p U q—the two atoms on the right—and the atoms containing q—the leftmost atom andthe atom at the top.

Consider for example the atoms α = ¬p,¬q,¬(p U q) and β = p,¬q, p U q. Aϕ contains a

transition αp−−−→ β because p matches β, and α, β satisfy conditions (l1) and (l2). Condition (l1)

holds vacuously, because ϕ contains no subformulas of the form X ψ, while condition (l2) holdsbecause p U q < α and q < β and p < α. On the other hand, there is no transition from β to αbecause it would violate condition (l2): p U q ∈ β, but neither q ∈ β nor p U q ∈ α.

NGAs obtained from LTL formulas by means of LTLtoNGA have a very particular structure:

• As observed above, all transitions leaving a state carry the same label.

• Every computation accepted by the NGA has one single accepting run.

By the definiiton of the NGA, if α0σ0−−−→α1

sigma1−−−−−−→ · · · is an accepting run, then α0 α1 α2 . . .

is the satisfaction sequence of σ0 σ1 σ2 . . .. Since the satisfaction sequence of a given com-putation is by definition unique, there can be only an accepting run.

• The sets of computations recognized by any two distinct states of the NGA are disjoint.Let σ be a computation, and let sats(σ, ϕ) = sats(σ, ϕ, 0) sats(σ, ϕ, 1) . . . be its satisfactionsequence. Then σ is only accepted from the state sats(σ, ϕ, 0).

14.3.3 Size of the NGA

Let n be the length of the formula ϕ. It is easy to see that the set cl(ϕ) has size O(n). Therefore, theNGA Aϕ has at most O(2n) states. Since ϕ contains at most n subformulas of the form ϕ1 U ϕ2, theautomaton Aϕ has at most n sets of final states.

14.4. AUTOMATIC VERIFICATION OF LTL FORMULAS 319

We now prove a matching lower bound on the number of states. We exhibit a family of formulasϕnn≥1 such that ϕn has length O(n), and every NGA recognizing Lω(ϕn) has at least 2n states. Forthis, we exhibit a family Dnn≥1 of ω-languages over an alphabet Σ such that for every n ≥ 0:

(1) every NGA recognizing Dn has at least 2n states; and

(2) there is a formula ϕn ∈ LTL(Σ) of length O(n) such that Lω(ϕn) = Dn.

Notice that in (2) we are abusing language, because if ϕn ∈ LTL(Σ), then Lω(ϕn) contains wordsover the alphabet 2Σ, and so Lω(ϕn) and Dn are languages over different alphabets. With Lω(ϕn) =

Dn we mean that for every computation σ ∈ (2Σ)ω we have σ ∈ Lω(ϕn) iff σ = a1 a2 a3 · · ·

for some ω-word a1 a2 a3 . . . ∈ Dn.We let Σ = 0, 1, # and choose the language Dn as follows:

Dn = w w #ω | w ∈ 0, 1n

(1) Every NGA recognizing Dn has at least 2n states.Assume that a generalized Buchi automaton A = (Q, 0, 1, #, δ, q0, F1, . . . , Fk) with |Q| <2n recognizes Dn. Then for every word w ∈ 0, 1n there is a state qw such that A ac-cepts w #ω from qw. By the pigeonhole principle we have qw1 = qw2 for two distinct wordsw1,w2 ∈ 0, 1n. But then A accepts w1 w2 #ω, which does not belong to Dn, contradictingthe hypothesis.

(2) There is a formula ϕn ∈ LTL(Σ) of length O(n) such that Lω(ϕn) = Dn.We first construct the following auxiliary formulas:

– ϕn1 = G(

(0 ∨ 1 ∨ #) ∧ ¬(0 ∧ 1) ∧ ¬(0 ∧ #) ∧ ¬(1 ∧ #)).

This formula expresses that at every position exactly one atomic proposition holds.

– ϕn2 = ¬ # ∧

2n−1∧i=1

Xi¬ #

∧ X2nG #.

This formula expresses that # does not hold at any of the first 2n positions, and it holdsat all later positions.

– ϕn3 = G( (

0→ Xn(0 ∨ #))∧ (1→ Xn(1 ∨ #)

) ).

This formula expresses that if the atomic proposition holding at a position is 0 or 1,then n positions later the atomic proposition holding is the same one, or #.

Clearly, ϕn = ϕn1 ∧ ϕn2 ∧ ϕn3 is the formula we are looking for. Observe that ϕn containsO(n) characters.

14.4 Automatic Verification of LTL Formulas

We can now sketch the procedure for the automatic verification of properties expressed by LTLformulas. The input to the procedure is


• a system NBA As obtained either directly from the system, or by computing the asyn-chronous product of a network of automata;

• a formula ϕ of LTL over a set of atomic propositions AP; and

• a valuation ν : AP → 2C , where C is the set of configurations of As, describing for eachatomic proposition the set of configurations at which the proposition holds.

The procedure follows these steps:

(1) Compute a NGA Av for the negation of the formula ϕ. Av recognizes all the computationsthat violate ϕ.

(2) Compute a NGA Av ∩ As recognizing the executable computations of the system that violatethe formula.

(3) Check emptiness of Av ∩ As.

Step (1) can be carried out by applying LTLtoNGA, and Step (3) by, say, the two-stack algorithm.For Step (2), observe first that the alphabets of Av and As are different: the alphabet of Av is 2AP,while the alphabet of As is the set C of configurations. By applying the valuation ν we transformAv into an automaton with C as alphabet. Since all the states of system NBAs are accepting, theautomaton Av ∩ As can be computed by interNFA.

It is important to observe that the three steps can be carried out simultaneously. The states ofAv ∩ As are pairs [α, c], where α is an atom of ϕ, and c is a configuration. The following algorithmtakes a pair [α, c] as input and returns its successors in the NGA Av ∩ As. The algorithm firstcomputes the successors of c in As. Then, for each successor c′ it computes first the set P of atomicpropositions satisfying c′ according to the valuation, and then the set of atoms β such that (a) βmatches P and (b) the pair α, β satisfies conditions (l1) and (l2). The successors of [α, c] are thepairs [β, c′].

Succ([α, c])

1 S ← ∅2 for all c′ ∈ δs(c) do3 P← ∅4 for all p ∈ AP do5 if c′ ∈ ν(p) then add p to P6 for all β ∈ at(φ) matching P do7 if α, β satisfies (l1) and (l2) then add c′ to S8 return S

This algorithm can be inserted in the algorithm for the emptiness check. For instance, if we useTwoStack, then we just replace line 6


6 for all r ∈ δ(q) do

by a call to Succ:

6 for all [β, c′] ∈ Succ([α, c]) do

Exercises

Exercise 159 Prove formally the following equivalences:

1. ¬Xϕ ≡ X¬ϕ

2. ¬Fϕ ≡ G¬ϕ

3. ¬Gϕ ≡ F¬ϕ

4. XFϕ ≡ FXϕ

5. XGϕ ≡ GXϕ

Exercise 160 (Santos Laboratory). The weak until operator W has the following semantics:

• σ |= φ1 W φ2 iff there exists k ≥ 0 such that σk |= φ2 and σi |= φ1 for all 0 ≤ i < k, orσk |= φ1 for every k ≥ 0.

Prove: p W q ≡ Gp ∨ (p U q) ≡ F¬p→ (p U q) ≡ p U (q ∨Gp).

Exercise 161 Let AP = p, q and let Σ = 2AP. Give LTL formulas defining the following lan-guages:

1. p, q ∅ Σω

2. Σ∗ (p + p, q) Σ∗ q Σω

3. Σ∗ qω

4. p∗ q∗ ∅ω

Exercise 162 (Santos Laboratory with additions from Salomon Sickert). Let AP = p, q, r. Giveformulas that hold for the computations satisfying the following properties. If in doubt about whatthe property really means, choose an interpretation, and explicitly indicate your choice. Here aretwo solved examples:

• p is false before q: Fq→ (¬p U q).

• p becomes true before q: ¬q W (p ∧ ¬q).

Now it is your turn:

• p is true between q and r.

• p precedes q before r.


• p precedes q after r.

• after p and q eventually r.

• p alternates between true and false.

• p, and only p, holds at even positions and q, and only q, holds at odd positions.

Exercise 163 Let AP = p, q and let Σ = 2AP. Give Buchi automata for the ω-languages over Σ

defined by the following LTL formulas:

1. XG¬p

2. (GFp)→ (Fq)

3. p ∧ ¬(XFp)

4. G(p U (p→ q))

5. Fq→ (¬q U (¬q ∧ p))

Exercise 164 ich of the following equivalences hold?

1. X(ϕ ∨ ψ) ≡ Xϕ ∨ Xψ

2. X(ϕ ∧ ψ) ≡ Xϕ ∧ Xψ

3. X(ϕ U ψ) ≡ (Xϕ U Xψ)

4. F(ϕ ∨ ψ) ≡ Fϕ ∨ Fψ

5. F(ϕ ∧ ψ) ≡ Fϕ ∧ Fψ

6. G(ϕ ∨ ψ) ≡ Gϕ ∨Gψ

7. G(ϕ ∧ ψ) ≡ Gϕ ∧Gψ

8. GF(ϕ ∨ ψ) ≡ GFϕ ∨GFψ

9. GF(ϕ ∧ ψ) ≡ GFϕ ∧GFψ

10. ρ U (ϕ ∨ ψ) ≡ (ρ U ϕ) ∨ (ρ U ψ)

11. (ϕ ∨ ψ) U ρ ≡ (ϕ U ρ) ∨ (ψ U ρ)

12. ρ U (ϕ ∧ ψ) ≡ (ϕ U ρ) ∧ (ψ U ρ)

13. (ϕ ∧ ψ) U ρ ≡ (ϕ U ρ) ∧ (ψ U ρ)

Exercise 165 Prove FGp ≡ VFGp and GFp ≡ VGFp for every sequence V ∈ F,G∗ of thetemporal operators F and G .

Exercise 166 (Schwoon). Which of the following formulas of LTL are tautologies? (A formula isa tautology if all computations satisfy it.) If the formula is not a tautology, give a computation thatdoes not satisfy it.

• Gp→ Fp

• G(p→ q)→ (Gp→ Gq)

• F(p ∧ q)↔ (Fp ∧ Fq)


• ¬Fp→ F¬Fp

• (Gp→ Fq)↔ (p U (¬p ∨ q))

• (FGp→ GFq)↔ G(p U (¬p ∨ q))

• G(p→ Xp)→ (p→ Gp).

Exercise 167 In this exercise we show how to construct a deterministic Buchi automaton fornegation-free LTL formulas. Let ϕ be a formula of LTLAP of atomic propositions, and let ν ∈ 2AP.We inductively define the formula af (ϕ, ν) as follows:

af (true, ν) = trueaf (false, ν) = false

af (a, ν) =

true if a ∈ ν

false if a < ν

af (¬a, ν) =

false if a ∈ ν

true if a < ν

af (ϕ ∧ ψ, ν) = af (ϕ, ν) ∧ af (ψ, ν)af (ϕ ∨ ψ, ν) = af (ϕ, ν) ∨ af (ψ, ν)

af (Xϕ, ν) = ϕ

af (ϕ U ψ, ν) = af (ψ, ν) ∨ (af (ϕ, ν) ∧ ϕ U ψ)

We extend the definition to finite words: af (ϕ, ε) = ϕ; and af (ϕ, νw) = af (af (ϕ, ν),w) for everyν ∈ 2AP and every finite word w. Prove:

(a) For every formula ϕ, finite word w ∈(2AP

)∗and ω-word w′ ∈

(2AP

)ω:

w w′ |= ϕ iff w′ |= af (ϕ,w) .

So, intuitively, af (ϕ,w) is the formula that must hold “after reading w” so that ϕ holds “atthe beginning” of the ω-word w w′.

(b) For every negation-free formula ϕ: w |= ϕ iff af (ϕ,w′) ≡ true for some finite prefix w′ of w.

(c) For every formula ϕ and ω-word w ∈(2AP

)ω: af (ϕ,w) is a boolean combination of proper

subformulas of ϕ.

(d) For every formula ϕ of length n: the set of formulas af (ϕ,w) | w ∈(2AP

)∗ has at most 22n

equivalence classes up to LTL-equivalence.

(e) Use (b)-(d) to construct a deterministic Buchi automaton recognizing Lω(ϕ) with at most 22n

states.

Exercise 168 In this exercise we show that the reduction algorithm of Exercise ?? does not reducethe Buchi automata generated from LTL formulas, and show that a little modification to LTLtoNGAcan alleviate this problem.

Let ϕ be a formula of LTL(AP), and let Aϕ = LTLtoNGA(ϕ).


(1) Prove that the reduction algorithm of Exercise ?? does not reduce A, that is, show that A =

A/CSR.

(2) Let Bϕ be the result of modifying Aϕ as follows:

– Add a new state q0 and make it the unique initial state.

– For every initial state q of Aϕ, add a transition q0q∩AP−−−−−→ q to Bϕ (recall that q is an atom

of cl(ϕ), and so q ∩ AP is well defined).

– Replace every transition q1q1∩AP−−−−−−→ q2 of Aϕ by q1

q2∩AP−−−−−−→ q2.

Prove that Lω(Bϕ) = Lω(Aϕ).

(3) Construct the automaton Bϕ for the automaton of Figure 14.3.

(4) Apply the reduction algorithm of Exercise ?? to Bϕ.

Exercise 169 (Kupferman and Vardi) We prove that, in the worst case, the number of states of thesmallest deterministic Rabin automaton for an LTL formula may be double exponential in the sizeof the formula. Let Σ0 = a, b, Σ1 = a, b, #, and Σ = a, b, #, $. For every n ≥ 0 define theω-language Ln ⊆ Σω as follows (we identify an ω-regular expression with its language):

Ln =∑w∈Σn

0

Σ∗1 # w # Σ∗1 $ w #ω

Informally, an ω-word belongs to Ln iff

• it contains one single occurrence of $;

• the word to the left of $ is of the form w0 # w1 # · · · # wk for some k ≥ 1 and (possibly empty)words w0, . . . ,wk ∈ Σ∗0;

• the ω-word to the right of $ consists of a word w ∈ Σn0 followed by an infinite tail #ω, and

• w is equal to at least one of w0, . . . ,wn.

The exercise has two parts:

(1) Exhibit an infinite family ϕnn≥0 of formulas of LTL(Σ) such that ϕn has size O(n2) andLω(ϕn) = Ln (abusing language, we write Lω(ϕn) = Ln for: σ ∈ Lω(ϕn) iffσ = a1 a2 a3 · · ·

for some ω-word a1 a2 a3 . . . ∈ Ln).

(2) Show that the smallest DRA recognizing Ln has at least 22nstates.

The solution to the following two problems can be found in “The Blow-Up in Translating LTL toDeterministic Automata”, by Orna Kupferman and Adin Rosenberg:


• Consider a variant L′n of Ln in which each block of length n before the occurrence of $ isprefixed by a binary encoding of its position in the block. Show that L′n can be recognizedby a formula of length O(n log n) over a fixed-size alphabet, and that the smallest DRArecognizing it has at least 22n

states.

• Consider a variant L′′n of Ln in which each block of length n before the occurrence of $ isprefixed by a different letter. (So every language Ln has a different alphabet.) Show thatL′′n can be recognized by a formula of length O(n) over a linear size alphabet, and that thesmallest DRA recognizing it has at least 22n

states.

Exercise 170 Let A = (Q,Σ, δ, q0, F) be an automaton such that Q = P × [n] for some finite set Pand n ≥ 1. Automaton A models a system made of n processes. A state (p, i) ∈ Q represents thecurrent global state p of the system, and the last process i that was executed.

We define two predicates exec j and enab j over Q indicating whether process j is respectivelyexecuted and enabled. More formally, for every q = (p, i) ∈ Q and j ∈ [n], let

exec j(q) ⇐⇒ i = j,

enab j(q) ⇐⇒ (p, i) −→ (p′, j) for some p′ ∈ P.

1. Give LTL formulas over Qω for the following statements:

(a) All processes are executed infinitely often.

(b) If a process is enabled infinitely often, then it is executed infinitely often.

(c) If a process is eventually permanently enabled, then it is executed infinitely often.

2. The three above properties are known respectively as unconditional, strong and weak fair-ness. Show the following implications, and show that the reverse implications do not hold:

unconditional fairness =⇒ strong fairness =⇒ weak fairness.


Chapter 15

Applications II: Monadic Second-OrderLogic and Linear Arithmetic

In Chapter 9 we showed that the languages expressible in monadic second-order logic on finitewords were exactly the regular languages, and derived an algorithm that, given a formula, con-structs an NFA accepting exactly the set of interpretations of the formula. We show that this resultcan be easily extended to the case of infinite words: in Section 15.1 we show that the languagesexpressible in monadic second-order logic on ω-words are exactly the ω-regular languages.

In Chapter 10 we introduced Presburger Arithmetic, a logical language for expressing proper-ties of the integers, and showed how to construct for a given formula ϕ of Presburger Arithmetic anNFA Aϕ recognizing the solutions of ϕ. In Section 15.2 we extend this result to Linear Arithmetic,a language for describing properties of real numbers with the same syntax as Presburger arithmetic.

15.1 Monadic Second-Order Logic on ω-Words

Monadic second-oder logic on ω-words has the same syntax as its counterpart on finite words anda very similar semantics as well.

Definition 15.1 Let X1 = x, y, z, . . . and X2 = X,Y,Z, . . . be two infinite sets of first-order andsecond-order variables. Let Σ = a, b, c, . . . be a finite alphabet. The set MSO(Σ) of monadicsecond-order formulas over Σ is the set of expressions generated by the grammar:


An interpretation of a formula ϕ is a pair (w, I) where w ∈ Σω, and I is a mapping that assignsevery free first-order variable x a position I(x) ∈ N and every free second-order variable X a setof positions I(X) ⊆ N. (The mapping may also assign positions to other variables.)

The satisfaction relation (w, I) |= ϕ between a formula ϕ of MSO(Σ) and an interpretation (w, I)of ϕ is defined as follows:

327

328CHAPTER 15. APPLICATIONS II: MONADIC SECOND-ORDER LOGIC AND LINEAR ARITHMETIC

(w, I) |= Qa(x) iff w[I(x)] = a(w, I) |= x < y iff I(x) < I(y)(w, I) |= ¬ϕ iff (w, I) 6|= ϕ

(w, I) |= ϕ1 ∨ ϕ2 iff (w, I) |= ϕ1 or (w, I) |= ϕ2(w, I) |= ∃x ϕ iff |w| ≥ 1 and some i ∈ N satisfies (w, I[i/x]) |= ϕ

(w, I) |= x ∈ X iff I(x) ∈ I(X)(w, I) |= ∃X ϕ iff some S ⊆ N satisfies (w, I[S/X]) |= ϕ

where w[i] is the letter of w at position i, I[i/x] is the interpretation that assigns i to x and otherwisecoincides with I, and I[S/X] is the interpretation that assigns S to X and otherwise coincides with I

— whether I is defined for x, X or not. If (w, I) |= ϕ we say that (w, I) is a model of ϕ. Two formulasare equivalent if they have the same models. The language L (ϕ) of a sentence ϕ ∈ MSO(Σ) is theset L (ϕ) = w ∈ Σω | w |= φ, where w |= φ iff w is a model φ w.r.t. the empty mapping. Anω-language L ⊆ Σω is MSO-definable if L = L (ϕ) for some formula ϕ ∈ MSO(Σ).

15.1.1 Expressive power of MSO(Σ) on ω-words

We show that the ω-languages expressible in monadic second-order logic are exactly the ω-regularlanguages. The proof is very similar to its counterpart for languages of finite words (Proposition9.12), even a bit simpler.

Proposition 15.2 If L ⊆ Σω is ω-regular, then L is definable in MSO(Σ).

Proof: Let A = (Q,Σ, δ,Q0, F) be an NBA with Q = q0, . . . , qn and L (A) = L. We construct aformula ϕA such that for every w ∈ Σω, w |= ϕA iff w ∈ L (A).

We start with some notations. Let w = a0 a1 a2 . . . be an ω-word over Σ, and let

Pq =i ∈ N | q ∈ δ(q0, a0 . . . ai)

.

In words, i ∈ Pq iff A can be in state q immediately after reading letter ai.We can construct a formula Visits(X0, . . . , Xn) with free variables X0, . . . , Xn exactly as in

Proposition 9.12. Thisformula has the property that I(Xi) = Pqi holds for every model (w, I) andfor every 0 ≤ i ≤ n. In words, Visits(X0, . . . Xn) is only true when Xi takes the value Pqi for every0 ≤ i ≤ n. So we can take

ϕA := ∃X0 . . .∃Xn Visits(X0, . . . Xn) ∧ ∀x ∃y

x < y ∧∨qi∈F

y ∈ Xi

.It remains to prove that MSO-definable ω-languages are ω-regular. Given a sentence ϕ ∈

MSO(Σ), we encode an interpretation (w, I) as anω-word. We proceed as for finite words. Considerfor instance a formula with first-order variables x, y and second-order variables X,Y . Consider theinterpretation

15.2. LINEAR ARITHMETIC 329

a(ab)ω ,

x 7→ 2y 7→ 6X 7→ set of prime numbersY 7→ set of even numbers

We encode it as

xyXY

a0001

a0000

b1011

a0010

b0001

a0010

b0101

a0010

b0001

· · ·

· · ·

· · ·

· · ·

· · ·

corresponding to the ω-worda0001

a0000

b1011

a0010

b0001

a0010

b0101

a0010

b0001

· · ·

· · ·

· · ·

over Σ × 0, 14.

Definition 15.3 Let ϕ be a formula with n free variables, and let (w, I) be an interpretation of ϕ.We denote by enc(w, I) the word over the alphabet Σ × 0, 1ω described above. The ω-language ofϕ is Lω(ϕ) = enc(w, I) | (w, I) |= ϕ.

It follows by a proof by induction on the structure of ϕ that Lω(ϕ) is ω-regular. The proof is astraightforward modification of the proof for the case of finite words. The case of negation requiresto replace the complementation operation for NFAs by the complementation operation for NBAs.

15.2 Linear Arithmetic

Linear arithmetic is a language for describing properties of real numbers. It has the same syntaxas Presburger arithmetic (see Chapter 10), but formulas are interpreted over the reals, instead ofthe naturals or the integers. Given a formula ϕ of linear arithmetic, we show how to construct anNBA Aϕ recognizing the solutions of ϕ. Section 15.2.1 discusses how to encode real numbers asω-words, and Section 15.2.2 constructs the NBA.

15.2.1 Encoding Real Numbers

We encode real numbers as infinite words in two steps. First, we encode reals as pairs of numbers,and then these pairs as words.


We encode each real number x ∈ R as a pair (xI , xF), where xI ∈ Z, xF ∈ [0, 1] and x = xI + xF .We call xI and xF the integer and fractional parts of x. So, for instance, (1, 1/3) encodes 4/3, and(−1, 2/3) encodes −1/3 (not −5/3). Every integer is encoded by two different pairs, e.g., 2 isencoded by (1, 1) and (2, 0). We are not bothered by this. (In the standard decimal representationof real numbers, integers also have two representations, for example 2 is represented by both 2.0and 1.9.)OK, but any reason not

to take [0, 1)? We encode each pair (xI , xF) as an infinite word wI ? wF . The word wI is a two’s complementencoding of xI (see Chapter 10). However, unlike Chapter 10, we use the msbf encoding instead ofthe lsbf encoding (this is not essential, it leads to a more elegant construction.) So wI is any wordwI = anan−1 · · · a0 ∈ 0, 1+ satisfying

xI = −an · 2n +

n−1∑i=0

ai · 2i (15.1)

The ω-word wF is any sequence b1b2b3 · · · ∈ 0, 1ω satisfying

xF =

∞∑i=1

bi · 2−i (15.2)

The only ω-word b1b2b3 . . . for which we have xF = 1 is 1ω. So, in particular, the encodings ofthe integer 1 are 0∗01 ? 0ω and 0∗0 ? 1ω. Equation 15.2 also has two solutions for fractions of theform 2−k. For instance, the encodings of 1/2 are 0∗0 ? 10ω and 0∗0 ? 01ω. Other fractions have aunique encoding, e.g. 0∗0 ? (01)ω is the unique encoding of 1/3.

Example 15.4 Numbers 3.3, 3 and −3.75 are encoded by:

3.3 7→ 0∗011 ? (01)ω,

3 7→ 0∗011 ? 0ω and 0∗010 ? 1ω,

−3.75 7→ 1∗100 ? 010ω and 1∗100 ? 001ω.

Tuples of reals are encoded using padding to make the ?-symbols fall on the same column. Forinstance, the encodings of the triple (−6.75, 12.3, 3) are

100

∗ 10

0

110

010

001

101

???

000

110

000

010

ω


15.2.2 Constructing an NBA for the Real Solutions

Given a linear arithmetic formula ϕ, we construct an NBA Aϕ accepting the encodings of the solu-tions of ϕ. If ϕ is a negation, disjunction, or existential quantification, we proceed as in Chapter 10,replacing the operations on NFAs and transducers by operations on NBAs.

Consider now an atomic formula ϕ = a · x ≤ b. The NBA Aϕ must accept the encodings ofall the tuples c ∈ Rn satisfying a · c ≤ b. We decompose the problem into two subproblems forinteger and fractional parts. Given c ∈ Rn, let cI and cF be the integer and fractional part of cfor some encoding of c. For instance, if c = (2.3,−2.75, 1), then we can have cI = (2,−3, 1) andcF = (0.3, 0.25, 0), corresponding to, say, the encoding

[010 ? (01)ω, 101 ? 010ω, 01 ? 0ω],

or cI = (2,−3, 0) and cF = (0.3, 0.25, 1), corresponding to, say,

[010 ? (01)ω, 11101 ? 001ω, 0 ? 1ω].

Let α+ and α− be respectively the sum of the positive and negative components of a; for instance,if a = (1,−2, 0, 3,−1) then α+ = 4 and α− = −3. Since cF ∈ [0, 1]n, we have

α− ≤ a · cF ≤ α+ (15.3)

and therefore, if c is a solution of ϕ, then

a · cI + a · cF ≤ b (15.4)

a · cI ≤ b − α− (15.5)

Putting together 15.3-15.5, we get that cI + cF is a solution of ϕ iff: OK, verified. Maybe abit direct.

• a · cI ≤ b − α+ ; or

• a · cI = β for some integer β ∈ [b − α+ + 1, b − α−] and a · cF ≤ b − β.

If we denote β+ = b − α+ + 1 and β− = b − α−, then we can decompose the solution space of ϕ asfollows:

Sol(ϕ) = cI + cF | a · cI < β+

∪⋃

β+≤β≤β−

cI + cF | a · cI = β and a · cF ≤ b − β .

Example 15.5 We use ϕ = 2x − y ≤ 0 as running example. We have

α+ = 2, α− = −1,

β+ = −1, β− = 1.

So x, y ∈ R is a solution of ϕ iff:


• 2xI − yI ≤ −2; or

• 2xI − yI = −1 and 2xF − yF ≤ 1; or

• 2xI − yI = 0 and 2xF − yF ≤ 0; or

• 2xI − yI = 1 and 2xF − yF ≤ −1.

The solutions of a ·cI < β+ and a ·cI = β can be computed using algorithms IneqZNFA and EqZNFA

of Section 10.3. Recall that both algorithms use the lsbf encoding, but it is easy to transform theiroutput into NFAs for the msbf encoding: since the algorithms deliver NFAs with exactly one finalstate, it suffices to reverse the transitions of the NFA, and exchange the initial and final states: thenew automaton recognizes a word w iff the old one recognizes its reverse w−1, and so it recognizesexactly the msbf encodings.

Example 15.6 Figure 15.1 shows NFAs for the solutions of 2xI − yI ≤ −2 in lsbf (left) and msbfencoding (right). The NFA on the right is obtained by reversing the transitions, and exchanging theinitial and final states. Figure 15.2 shows NFAs for the solutions of 2xI − yI = −1, also in lsbf andmsbf encodings.

q f

−2

0

−1

[00

],

[10

],

[11

]

[00

],

[11

] [10

],

[11

][00

],

[01

][10

]

[01

][10

],

[11

]

[10

]

[01

]

[00

],

[01

]

−1[00

],

[11

]

[01

]

[00

],

[01

]

−2

0

[00

],

[10

],

[11

]

[10

] [00

],

[01

]

[01

][10

],

[11

]

[10

][10

],

[11

]q f

Figure 15.1: NFAs for the solutions of 2x−y ≤ −2 overZwith lbsf (left) and msbf (right) encodings.


0

[01

]

[11

][11

]

q f

−1

[10

][00

]0

−1

[00

]

[11

][11

]q f

[10

][01

]

Figure 15.2: NFAs for the solutions of 2x−y = −1 overZwith lbsf (left) and msbf (right) encodings.

15.2.3 An NBA for the Solutions of a · xF ≤ β

We construct a DBA recognizing the solutions of a · xF ≤ β. The algorithm is similar to AFtoNFA DBA or NBA?from Section 10.2. The states of the DBA are integers. We choose transitions and final states sothat the following property holds:

State q ∈ Z recognizes the encodings of the tuples cF ∈ [0, 1]n such that a · cF ≤ q. (15.6)

However, recall that α− ≤ a · cF ≤ α+ for every cF ∈ [0, 1]n, and therefore:

• all states q ≥ α+ accept all tuples of reals in [0, 1]n, and can be merged with the state α+;

• all states q < α− accept no tuples in [0, 1]n, and can be merged with the state α− − 1.

Calling these two merged states all and none respectively, the possible states of the DBA (not allof them may be reachable from the initial state) are

all , none , and q ∈ Z | α− ≤ q < α+.

All these states but none are final, and the initial state is β. Let us now define the set of transitions.Given a state q and a letter ζ ∈ 0, 1n, let us determine the target state q′ of the unique transition

qζ−−→ q′. Clearly, if q = all, then q′ = all, and if q = none, then q′ = none. If q ∈ Z, we compute

the value v that q′ must have in order to satisfy property 15.6, and then we set: TODO: revise the mathmore closely.

q′ =

q if v ∈ [α−, α+),none if v < α−,all if v ≥ α+.

To compute v, recall that a word w ∈ (0, 1n)∗ is accepted from q′ iff the word ζw is accepted fromq. So the tuple c′ ∈ Rn encoded by w and the tuple c ∈ Rn of real numbers encoded by ζw arerelated by the equation

c =12ζ +

12

c′. (15.7)


Since c′ is accepted from q′ iff c is accepted by q, to fulfil property 15.6 we must choose v so thata · ( 1

2ζ + 12 c′) ≤ q holds iff a · c′ ≤ v holds. We get v = q − a · ζ, and so we define the transition

function of the DBA as follows:

δ(q, ζ) =

none if q = none or q − a · ζ < α−,

q − a · ζ if α− ≤ q − a · ζ ≤ α+ − 1,all if q = all or α+ − 1 < q − a · ζ.

Example 15.7 Figure 15.3 shows the DBA for the solutions of 2xF − yF ≤ 1 (the state none hasbeen omitted). Since α+ = 2 and α− = −1, the possible states of the DBA are all, none,−1, 0, 1.The initial state is 1. Let us determine the target state of the transitions leaving state 1. We instan-tiate the definition of δ(q, ζ) with q = 1, α+ = 2 and α− = −1, and get

δ(1, ζ) =

none if 2ζx + ζy < −2

1 − 2ζx + ζy if −2 ≤ −2ζx + ζy ≤ 0all if 0 < −2ζx + ζy

which leads to

δ(1, ζ) =

1 if ζx = 0 and ζy = 0,

all if ζx = 0 and ζy = 1,−1 if ζx = 1 and ζy = 0,

0 if ζx = 1 and ζy = 1.

Recall that, by property 15.6, a state q ∈ Z accepts the encodings of the pairs (xF , yF) ∈ [0, 1]n

such that 2xF − yF ≤ q. This allows us to immediately derive the DBAs for 2xF − yF ≤ 0 or2xF − yF ≤ −1: it is the DBA of Figure 15.3, with 0 or −1 as initial state, respectively.OK, but one inequality

missing for ≤ 1?

0

1 [10

][01

] [11

]all

−1[00

] [01

][11

]

[00

]

[01

][00

] [00

], . . . ,

[11

]

Figure 15.3: DBA for the solutions of 2x − y ≤ 1 over 0, 1 × 0, 1.


Example 15.8 Consider again ϕ = 2x − y ≤ 0. Recall that (x, y) ∈ R2 is a solution of ϕ iff:Inequality missing.

(i) 2xI − yI ≤ −2; or

(ii) 2xI − yI = −1 and 2xF − yF ≤ 1; or

(iii) 2xI − yI = 0 and 2xF − yF ≤ 0.

Figure 15.4 shows at the top a DBA for the x, y satisfying (i). It is easily obtained from the NFAfor the solutions of 2xI − yI ≤ −2 shown on the right of Figure 15.1.

The DBA at the bottom of Figure 15.4 recognizes the x, y ∈ R satisfying (ii) or (iii). To constructit, we “concatenate” the DFA on the right of Figure 15.2, and the DBA of Figure 15.3. The DFArecognizes the integer solutions of 2xI − yI = −1, which is adequate for (ii), but changing the finalstate to 0 we get a DFA for the integer solutions of 2xI − yI = 0, adequate for (iii). Simarly with theDBA, and so it suffices to link state −1 of the DFA to state 1 of the DBA, and state 0 of the DFA tostate 0 of the DBA.

Exercises

Exercise 171 Give an MSO(a, b) sentence for each the following ω-regular languages:

1. finitely many a’s: (a + b)∗bω

2. infinitely many b’s: ((a + b)∗b)ω

3. a’s at each even position: (a(a + b))ω

What regular languages would you obtain if your sentences were interpreted over finite words?

Exercise 172 Let ϕ be a formula from Linear Arithmetic such that I |= ϕ iff I(x) ≥ I(y) ≥ 0. Give an NBA that accepts the solutions of ϕ (over R), without necessarily following the construction.

Exercise 173 Reconsider the previous exercise, but now with a strict inequality, i.e. I(x) > I(y) ≥ 0.

Exercise 174 Linear Arithmetic cannot express the operations y = dxe (ceiling) and y = bxc (floor). Explain how they can be implemented with Buchi automata.

Exercise 175 Let c be an irrational number such as π, e or√

2. Show that no formula from Linear Arithmetic is such that I |= ϕ iff I(x) = c.

Exercise 176 Explain how to determine, algorithmically, whether a given formula from Linear Àrithmetic has finitely many solutions.


−1[00

],

[11

]

[00

],

[01

]

−2

0

[10

] [00

],

[01

]

[01

][10

],

[11

]

[10

],

[11

][10

]

[00

],

[10

],

[11

]

?

[01

] [00

],

[11

]

0

−1

[00

]

[11

]

[01

][11

][10

]

[00

]

[00

], . . . ,

[11

]

0

1 [10

][01

] [11

]

−1[01

][11

]

[00

]

[01

][00

]?

?

Figure 15.4: DBA for the real solutions of 2x − y ≤ 0 satisfying (i) (top) and (ii) or (iii) (bottom).

Part III

Solutions to exercises

337

Solutions for Chapter 2

339

340

Exercise 1 Give a regular expression for the language of all words over Σ = a, b . . .

(a) . . . beginning and ending with the same letter.

(b) . . . having two occurrences of a at distance 3.

(c) . . . with no occurrence of the subword aa.

(d) . . . containing exactly two occurrences of aa.

(e) . . . that can be obtained from abaab by deleting letters.

Solution: Let us write Σ∗ for (a + b)∗. The expressions are as follows:

(a) a + b + aΣ∗a + bΣ∗b

(b) Σ∗aΣΣaΣ∗

(c) (a + ε)(b∗ + ba)∗ or equivalently (b + ab)∗(ε + a)

(d) (b + ab)∗(aaa + aab(b + ab)∗aa

)(b + ba)∗

(e) (a + ε)(b + ε)(a + ε)(a + ε)(b + ε)

Exercise 2 Prove that the language of the regular expression r = (a + ε)(b∗ + ba)∗ is the languageA of all words over a, b that do not contain any occurrence of aa.

Solution:

L (r) ⊆ A. Let w ∈ L (r). By definition of r, we have w = u1u2 · · · un for some n ≥ 1 andsome words u1 ∈ ε, a and u2, . . . , un ∈ b∗, ba. For the sake of contradiction, assume thatw contains an occurrence of aa. Since none of the ui contains aa, there must exist somei ∈ 1, . . . , i − 1 such that ui ends with a and ui+1 starts with a. The only possible case forui+1 is ui+1 = u1 = a, which means that i = 0. This is a contradiction.

A ⊆ L (r). Let w ∈ A. There exist n ≥ 0 and i, j1, j2, . . . jn, k ≥ 0 such that

– w = biab j1ab j2 · · · ab jnabk, and– j1, j2, . . . , jn > 0.

If i = 0, then w ∈ L (r) since

w = a b j1−1 ba · · · b jn−1 ba bk ∈ L(a b∗ ba · · · b∗ ba b∗

)⊆ L (r) .

If i > 0, then w ∈ L (r) since

w = bi−1 ba b j1−1 ba · · · b jn−1 ba bk ∈ L(ε b∗ ba b∗ ba · · · b∗ ba b∗

)⊆ L (r) .

Exercise 3 Prove or disprove the following claim: the regular expressions (1 + 10)∗ and 1∗(101∗)∗represent the same language.

341

Solution: They represent the same language. Formally, we must show that L (r) = L (s), wherer = (1 + 10)∗ and s = 1∗(101∗)∗. We proceed by establishing L (s) ⊆ L (r) and L (r) ⊆ L (s).

L (s) ⊆ L (r). Let w ∈ L (s). We have w = 1x(101y1)(101y2) · · · (101ym) for some numbersx,m, y1, y2, . . . , ym ≥ 0. Thus, we have w ∈ 1x(10)1y1(10)1y2 · · · (10)1ym . Let z = x + 1 + y1 +

1 + · · · + 1 + ym. We have w ∈ (1 + 10)z, and hence w ∈ (1 + 10)∗ = L (r).

L (r) ⊆ L (s). Let w ∈ L (r). We have w ∈ (1 + 10)n for some number n > 0. We showthat w ∈ L (s) by induction on n. If n = 0, then w = ε, which belongs to L (s). If n > 0,then w can be written as either w = w′1 or w = w′10 for some word w′ ∈ (1 + 10)n−1. Byinduction hypothesis, there exist x,m, y1, . . . , ym ≥ 0 such that w′ ∈ 1x(101y1) · · · (101ym). Ifw = w′1, then w ∈ 1x(101y1) · · · (101ym+1), and so w ∈ 1x(101∗)m. If w = w′10, then w′ ∈1x(101y1) · · · (101ym)(1010), and so w ∈ 1x(101∗)m+1. In both cases, we have w ∈ L (s).

Exercise 4 (Lazic)

(a) Prove that for every languages A and B the following holds: A ⊆ B =⇒ A∗ ⊆ B∗.

(b) Prove that the regular expressions ((a+ab)∗+b∗)∗ and Σ∗ represent the same language, whereΣ = a, b and where Σ∗ stands for (a + b)∗.

Solution:

(a) Let us assume that A ⊆ B. Let w ∈ A∗. We must show that w ∈ B∗. If w = ε, then w istrivially in B∗. Otherwise, there exist n > 0 and words v1, . . . , vn ∈ A such that w = v1 · · · vn.Since A ⊆ B, we know that vi ∈ B for every i ∈ 1, . . . , n, and so w = v1 . . . vn ∈ B∗.

(b) The language Σ∗ contains all words over alphabet Σ, so in particular it contains all wordsfrom L (((a + ab)∗ + b∗)∗). For the other direction, let A = Σ and B = L ((a + ab)∗ + b∗). Wehave A ⊆ B. Thus, by (a) we have A∗ ⊆ B∗, which means that Σ∗ ⊆ L (((a + ab)∗ + b∗)∗).

Exercise 5 (Inspired by P. Rossmanith) Give syntactic characterizations of the regular expressions r satisfying each of the following properties:

(a) L (r) = ∅,

(b) L (r) = ε,

(c) ε ∈ L (r),

(d) (L (r) = L (rr)) =⇒ (L (r) = L (r∗)).

342

Solution:

(a) They are the regular expressions generated by the “two-level” syntax

r ::= ∅ | rs | sr | r + r

where s denotes an arbitrary regular expression. A simple proof by induction shows that ifr is generated by this syntax, then L (r) = ∅. For the converse, let t be an arbitrary regularexpression such that L (t) = ∅. If t = ∅, then we are done because t is generated by the syntax.The cases t = ε and t = a are impossible. If t = t1t2, then we have L (t1) = ∅ or L (t2) = ∅; byinduction hypothesis either t1 or t2 is generated by the syntax, and thus so is t. If t = t1 + t2,then we have L (t1) = ∅ and L (t2) = ∅; by induction hypothesis both t1 and t2 are generatedby the syntax, and thus so is t.

(b) They are the regular expressions generated by the syntax

r ::= ε | ∅∗ | rr | ∅ + r | r + ∅ | r + r | r∗

(c) They are the regular expressions generated by the syntax

r ::= ε | rr | r + s | s + r | s∗

where s denotes an arbitrary regular expression.

(d) Suppose that L (r) = L (rr). We have L (rrr) = L (rr) L (r) = L (r) L (r) = L (rr) = L (r).Hence, by repeated application of this argument, we obtain L

(ri)

= L (r) for every i ≥ 1. Inparticular, this means that L (r) = L (rr) implies L (r∗) = ε ∪ L (r). We use this observationto prove that the implication holds iff L (r) , ∅.

(⇒): Assume L (r) = ∅. We have L (rr) = ∅ = L (r), but L (r) = ∅ , ε = L (r∗), and so theimplication does not hold.

(⇐): Assume L (r) , ∅. We consider two cases.

• Case ε ∈ L (r). If L (r) = L (rr) then L (r∗) = ε ∪ L (r) by the above observation.Since ε ∈ L (r), we get L (r∗) = ε ∪ L (r) = L (r), and so the implication holds.

• Case ε < L (r). Let k be the length of a shortest word in L (r). The shortest word inL (rr) has length 2k. Since ε < L (r), we have k > 0 and so 2k , k. Thus, L (rr) , L (r),and the implication holds vacuously.

Consequently, the regular expressions satisfying the implication are exactly those whoselanguage is nonempty. These are the regular expressions generated by the syntax

r ::= ε | a | rr | s + r | r + s | s∗

where s denotes an arbitrary regular expression.

343

Exercise 6 Use the solution to Exercise 5 to define inductively the boolean predicates IsEmpty(r),IsEpsilon(r) and HasEpsilon(r) defined over regular expressions as follows:

• IsEmpty(r)⇔ (L (r) = ∅);

• IsEpsilon(r)⇔ (L (r) = ε);

• HasEpsilon(r)⇔ (ε ∈ L (r)).

Solution:

• IsEmpty(r) is defined by:

IsEmpty(∅) = true,IsEmpty(ε) = IsEmpty(a) = IsEmpty(r∗) = false,

IsEmpty(r1 + r2) = IsEmpty(r1) ∧ IsEmpty(r2),

IsEmpty(r1r2) = IsEmpty(r1) ∨ IsEmpty(r2).

• IsEpsilon(r) is defined by:

IsEpsilon(ε) = true,IsEpsilon(∅) = IsEmpty(a) = false,

IsEpsilon(r1 + r2) = (IsEpsilon(r1) ∧ IsEmpty(r2)) ∨

(IsEmpty(r1) ∧ IsEpsilon(r2)) ∨

(IsEpsilon(r1) ∧ IsEpsilon(r2)),

IsEpsilon(r1r2) = IsEpsilon(r1) ∧ IsEpsilon(r2),

IsEpsilon(r∗) = IsEpsilon(r).

• HasEpsilon(r) is defined by:

HasEpsilon(ε) = HasEpsilon(r∗) = true,HasEpsilon(∅) = HasEpsilon(a) = false,

HasEpsilon(r1 + r2) = HasEpsilon(r1) ∨ HasEpsilon(r2),

HasEpsilon(r1r2) = HasEpsilon(r1) ∧ HasEpsilon(r2).

Exercise 7 Let us extend the syntax and semantics of regular expressions as follows. If r and s are regular expressions over Σ, then r and r ∩ s are also valid expressions, where L (r) = L (r)and L (r ∩ s) = L (r) ∩ L (s). We say that an extended regular expression is star-free if it does notcontain any occurrence of the Kleene star operation, e.g. expressions ab and (∅ab∅) ∩ (∅ba∅) arestar-free, but expression ab∗ is not.

A language L ⊆ Σ∗ is called star-free if there exists a star-free extended regular expression rsuch that L = L (r), e.g. Σ∗ is star-free, because Σ∗ = L

(∅). Show that the languages of the regular

expressions (a) (01)∗ and (b) (01 + 10)∗ are star-free.

344

Solution:

(a) The words of (01)∗ are those that start with 0, end with a 1, do not contain two consecutive0’s, and do not contain two consecutive 1’s. Thus, (01)∗ generates the same language as

0∅ ∩ ∅1 ∩ ∅00∅ ∩ ∅11∅.

(b) Let Σ = 0, 1 and L = L ((01 + 10)∗). We first claim that L is the language generated by thisregular expression:

r = (01)∗0 + (01)∗00Σ∗ + Σ∗10(01)∗0 + Σ∗10(01)∗00Σ∗ +

(10)∗1 + (10)∗11Σ∗ + Σ∗01(10)∗1 + Σ∗01(10)∗11Σ∗.

It is readily seen that L (r) ⊆ L holds. To show L ⊆ L (r), let w ∈ L and let w′ be the largestprefix of w such that w′ ∈ L. Either w = w′0, w = w′1, w = w′00w′′ or w = w′11w′′ forsome words w′,w′′. By symmetry it suffices to consider the cases w = w′0 and w = w′00w′′.

• Case w = w′0. If w′ ∈ (01)∗ — an abbreviation for w′ ∈ L ((01)∗)) — then w ∈(01)∗0 ⊆ L (r). Otherwise, we have w′ ∈ Σ∗10(01)∗, and then w′ ∈ Σ∗10(01)∗0 ⊆ L (r).

• Case w = w′00w′′. If w′ ∈ (01)∗, then w ∈ (01)∗00Σ∗ ⊆ L (r). Otherwise, w′ ∈Σ∗10(01)∗, and then w′ ∈ Σ∗10(01)∗00Σ∗ ⊆ L (r).

Since Σ∗, (01)∗, and (10)∗ are star-free, L (r) is star-free as well. Since L = L (r) and L (r) isstar-free, so is L.

Exercise 8 Let L ⊆ a, b∗ be the language described by the regular expression a∗b∗a∗a.

(a) Give an NFA-ε that accepts L.

(b) Give an NFA that accepts L.

(c) Give a DFA that accepts L.

Solution:

(a)

a

ε

b

a

a

(b)

345

a

b

b

a

a

a

(c)

b

a

a

b

b

a

a

b

a, b

Exercise 9 Let |w|σ denote the number of occurrences of letter σ in word w. For every k ≥ 2, let Lk,σ = w ∈ a, b∗ | |w|σ mod k = 0.

(a) Give a DFA with k states that accepts Lk,σ.

(b) Show that any NFA accepting Lm,a ∩ Ln,b has at least m · n states.

(Hint: consider using the pigeonhole principle.)

Solution:

(a) Graphically, the automaton A is as follows:

q0

q1

q2

qk−1

σ σ

σ

, σ

, σ

, σ

, σ

σ

More formally, we define A = (q0, q1, . . . , qk−1, a, b, δ, q0, q0) where

δ(qi, x) =

q(i+1 mod k) if x = σ,

qi if x , σ.

346

(b) Let A = (Q, a, b, δ,Q0, F) be a minimal NFA that accepts Lm,a ∩ Ln,b. For the sake ofcontradiction, suppose that |Q| < m · n. Let wi, j = aib j. Since wi, ja(m−1)ib(n−1) j ∈ L (A), theword wi, j can be read in A, i.e. there exist pi, j ∈ Q0 and qi, j ∈ Q such that

pi, jwi, j−−→ qi, j.

By the pigeonhole principle, there exist 0 ≤ i, i′ < m and 0 ≤ j, j′ < n such that (i, j) , (i, j′)and qi, j = qi′, j′ . Moreover, since A is minimal, qi, j can reach some final state q f ∈ F throughsome v ∈ Σ∗, as otherwise qi, j could be removed. Therefore, we have:

pi, jwi, jv−−−→ q f and pi′, j′

wi′ , j′v−−−−→ q f .

This means that wi, jv ∈ L (A) and wi′, j′v ∈ L (A). Thus, we have:

(i + |v|a) mod m = 0 = (i′ + |v|a) mod m,

( j + |v|b) mod n = 0 = ( j′ + |v|b) mod n.

This implies i = i′ and j = j′, which is a contradiction. Hence, |Q| ≥ m · n as claimed.

Exercise 10 For every language L, let Lpref and Lsuff be respectively the languages of all prefixes ànd suffixes of words in L. For example, if L = abc, d then Lpref = abc, ab, a, ε, d and Lsuff =

abc, bc, c, ε, d.

(a) Given an NFA A, construct NFAs Apref and Asuff that recognize L (A)pref and L (A)suff .

(b) Let r = (ab + b)∗cd. Give a regular expression rpref such that that L(rpref

)= L (r)pref .

(c) More generally, give an algorithm that takes an arbitrary regular expression r as input, andreturns a regular expression rpref such that L

(rpref

)= L (r)pref .

Solution:

(a) For Apref , make final all states of A lying on a path from some initial to some final state. ForAsuff , make all of those states initial.

(b) (ab + b)∗(ε + a + b + ab) + (ab + b)∗(c + cd).

(c) We design an algorithm pref that recursively returns the following expressions:

pref (∅) = ∅,

pref (ε) = ε,

pref (a) = (a + ε),

pref (r1 + r2) = pref (r1) + pref (r2),

pref (r1r2) = pref (r1) + r1 pref (r2),

pref (r∗) = r∗ pref (r).

The correctness of the algorithm follows from the definition of a prefix.

347

Exercise 11 Consider the regular expression r = (a + ab)∗. 3

(a) Convert r into an equivalent NFA-ε A.

(b) Convert A into an equivalent NFA B.

(c) Convert B into an equivalent DFA C.

(d) By inspection of C, give an equivalent minimal DFA D.

(e) Convert D into an equivalent regular expression r′.

(f) Prove formally that L (r) = L (r′).

Solution:

(a) We apply the conversion algorithm:

Iter. Automaton obtained Rule applied

1p q

(a + ab)∗

Initial automaton from r

2p q r

ε

a + ab

ε

p q

p q

r∗

ε ε

r

3 p q rε

a

ab

ε

p q

p q

r1 + r2

r1

r2

348

4

p q r

s

ε

a

a b

εp q

p q

r1r2

r1 r2

(b) We apply the conversion algorithm:


1p q r

s

a, ε

a

a b

a, ε

a b

a, ε

p q r

p q r

a ε

a ε

a

p q r

p q r

ε a

ε a

a

p q r

p q r

ε ε

ε ε

ε

349

2p q r

s

a, ε

a

a b

a, ε

a b

a, ε

Initial states that can reach a final statethrough ε-transitions are made final.

3p q r

s

a

a

a b

a

a b

a

Remove ε-transitions. Remove stateswhich are non reachable from the ini-tial state.

(c) By using the determinization algorithm, we obtain:

p q, r, s q, ra

a

b

a

(d) States p and q, r have the exact same behaviours, so we can merge them. Indeed, bothstates are final and δ(p, σ) = δ(q, r), σ) for both σ ∈ a, b. We obtain:

a

b

a

350

(e) We applying the conversion algorithm:


1i p q f

a

b

aε ε

ε

Add single initial and final states.

2i q f

a

ba

a ε

b

ε

p

i q

q f

i q

q f

ε

b

a

ε

a

ε

ba

b

3 i q f

a + ba

a ε + b

ε

p q

p q

r1

r2

r1 + r2

4i f

a(a + ba)∗(ε + b)

ε

qi f

i f

a

a + ba

ε + b

a(a + ba)∗(ε + b)

5 i fε + a(a + ba)∗(ε + b)

p q

p q

r1

r2

r1 + r2

351

6 ε + a(a + ba)∗(ε + b)Extract the regular expressionfrom unique transition.

(f) Let us first show that a(a + ba)i = (a + ab)ia for every i ≥ 0. We proceed by induction on i.If i = 0, then the claim trivially holds. Let i > 0. Assume the claim holds at i − 1. We have

a(a + ba)i = a(a + ba)i−1(a + ba)

= (a + ab)i−1a(a + ba) (by induction hypothesis)

= (a + ab)i−1(a + ab)a (by distributivity)

= (a + ab)ia.

This implies that a(a + ba)∗ = (a + ab)∗a. Now, we prove the equivalence:

ε + a(a + ba)∗(ε + b) = ε + (a + ab)∗a(ε + b) (by a(a + ba)∗ = (a + ab)∗a)

= ε + (a + ab)∗(a + ab) (by distributivity)

= (a + ab)∗.

Exercise 12 The reverse of a word w, denoted by wR, is defined as follows: εR = ε and (a1a2 · · · an)R = àn · · · a2a1. The reverse of a language L is the language LR = wR | w ∈ L.

(a) Give a regular expression for the reverse of ((a + ba)∗ba(a + b))∗ba.

(b) Give an algorithm that takes as input a regular expression r and returns a regular expressionrR such that L

(rR

)= L (r)R.

(c) Give an algorithm that takes an NFA A and returns an NFA AR such that L(AR

)= L (A)R.

(d) Does your construction in (c) work for DFAs? More precisely, does it preserve determinism?

Solution:

(a) ab((a + b)ab(a + ab)∗)∗

(b) We give an algorithm Reverse that recursively applies these rules:

Reverse(∅) = ∅,

Reverse(ε) = ε,

Reverse(a) = a,

Reverse(r1 + r2) = rR1 + rR

2 ,

Reverse(r1 r2) = rR2 rR

1 ,

Reverse(r∗) = (rR)∗.

352

(c) Let A = (Q,Σ, δ,Q0, F). The first idea is to exchange the initial and final states and re-verse the direction of the transitions, i.e. AR = (Q,Σ, δ−1, F,Q0), where (q, a, q′) ∈ δ−1 iff(q′, a, q) ∈ δ. However, if A has a state q such that no final state is reachable from q, then AR

is not in normal form. So, in order to keep the convention, we first trim A, i.e. we remove allstates from which no final state can be reached, together with their output transitions. Thiscan be done, for instance, by means of a backward search from the final states.

(d) No, if A is deterministic, then AR is not necessarily deterministic. For example, if A has morethan one final state, then the resulting AR has more than one initial state.

Exercise 13 Prove or disprove: Every regular language is recognized by an NFA . . .

(a) . . . having one single initial state,

(b) . . . having one single final state,

(c) . . . whose initial states have no incoming transitions,

(d) . . . whose final states have no outgoing transitions,

(e) . . . all of the above,

(f) . . . whose states are all initial,

(g) . . . whose states are all final.

Which of the above hold for DFAs? Which ones for NFA-ε?

Solution: For NFAs:

(a) Yes. We can add a single initial state q0, make all former initial state q ∈ Q0 non initial andadd transitions δ(q0, a) = δ(q, a). Moreover, we make q0 final iff some q ∈ Q0 was final.

(b) Yes. The argument is symmetric to (a).

(c) Yes. This follows from (a).

(d) Yes. This follows from (b).

(e) No. There is no such NFA accepting a∗.

(f) No. There is no such NFA accepting a, as it would otherwise also accept ε.

(g) No. There is no such NFA accepting a, as it would otherwise also accept ε.

For NFA-ε, the same holds except for (e) which is true. Indeed, we can add a single initial andfinal state respectively connected to the former initial and final states with ε-transitions. For DFAs:

353

(a) Yes. We do the same as for NFAs.

(b) No. There is no such DFA accepting ε, a.

(c) Yes. This follows from (a).

(d) No. There is no such DFA accepting ε, a.

(e) No. It is already false for NFAs.

(f) No. It is already false for NFAs.

(g) No. It is already false for NFAs.

Exercise 14 Given a regular expression r, construct an NFA A that satisfies L (A) = L (r) and the following properties:

• initial states have no incoming transitions,

• accepting states have no outgoing transitions,

• all input transitions of a state (if any) carry the same label,

• all output transitions of a state (if any) carry the same label.

Apply your construction on r = (a(b + c))∗.

Solution: We proceed by structural induction on r. If r is ∅, ε or a, then we can take A as one ofthese automata:

a

If r = r1 + r2 or r = r1r2, then by induction hypothesis, there exist NFAs A1 = (Q1,Σ, δ1,Q01, F1)and A2 = (Q2,Σ, δ2,Q02, F2) that satisfy the above properties for r1 and r2. In the former case, itsuffices to put A1 and A2 side by side. In the latter case, we would like to “glue A2 to the end ofA1”. However, since transitions with different letters cannot enter a common state, we make |Σ|copies of A1. More formally, we construct A = (Q,Σ, δ,Q0, F) where:

Q = qa : q ∈ Q1, a ∈ Σ ∪ Q2,

δ = (pa, b, qa) : q ∈ δ1(p, b), a ∈ Σ ∪ (pa, a, q) : p ∈ F1, a ∈ Σ, q ∈ δ2(Q02, a) ∪ δ2,

Q0 = qa : q ∈ Q01,

F = F2.

It remains to handle the case of r = s∗. By induction hypothesis, there exists an NFA A =

(Q,Σ, δ,Q0, F) that satisfies the above properties for s. Let us construct an NFA A′ = (Q′,Σ, δ′,Q′0, F′)

354

that satisfies the claim. Note that s∗ is equivalent to ε + s+. So it suffices to deal with s+, and add adisjoint singleton NFA for ε. Informally, we wish to connect F′ to Q′0 with ε-transitions. However,we cannot use ε-transitions. Moreover, we must respect the constraints. Hence, we make 1 + |Σ|

copies of each accepting state of A. The purpose of the first copy is to satisfy the fact that acceptingstates cannot have outgoing transitions. Each other copy is associated to the letter that may leavean accepting state. Formally, we define:

Q′ = Q ∪ qa : q ∈ F, a ∈ Σ,

δ′ = δ ∪ (p, b, qa) : q ∈ F ∩ δ2(p, b), a ∈ Σ ∪ (pa, a, q) : p ∈ F, a ∈ Σ, q ∈ δ(Q0, a),

Q′0 = Q0,

F′ = F.

Let us apply the constructing on r = (a(b + c))∗. We obtain the following NFAs for a and b + c:

a b

c

By applying the construction for concatenation, we obtain:

a

a

a

b

c

b

c

By cleaning the NFA, we obtain:

a

a

b

c

By applying the construction for the Kleene star, we obtain:

355

a

a

b

b

b

b

c

c

c

c

a

aa

a

By cleaning the NFA, we obtain an NFA for (a(b + c))∗ that satisfies all constraints:

a

a

b

b

c

c

a

aa

a

Exercise 15 Convert the following NFA-ε to an NFA using the algorithm NFAεtoNFA: 3

p

q

r

s

ε

ε

b

a

ε

356

Solution: We execute the algorithm and obtain the resulting NFA B in seven steps:

Iter. B = (Q′,Σ, δ′,Q′0, F′) δ′′ (ε-transitions) Workset W and next (q1, α, q2)

0 p (p, ε, q), (p, ε, r)

1p p

qε

(p, ε, r), (p, a, q), (p, b, s)

2p

p

q

r

ε

ε

(p, a, q), (p, b, s), (p, ε, s)

3 p

qa

p

q

r

ε

ε

(p, b, s), (p, ε, s),(q, a, q), (q, b, s)

4p

q

s

a

b

p

q

r

ε

ε

(p, ε, s), (q, a, q), (q, b, s)

5p

q

s

a

b

p

q

r

s

ε

εε (q, a, q), (q, b, s)

6p

q

s

a

b

ap

q

r

s

ε

εε (q, b, s)

7p

q

s

a

b

a

b p

q

r

s

ε

εε ∅

357

Exercise 16 Prove that every finite language L, i.e. every language containing a finite number of words, is regular. Do so by defining a DFA that recognizes L.

Solution: We construct a DFA that recognizes L. Its states are the prefixes of all the words in L,plus a trap state qt. The initial state is the empty word. The final states are the words of L. Given astate w, the transition function is defined by δ(qt, a) = qt and

δ(w, a) =

wa if wa is a prefix of some word of L,qt otherwise.

For example, we obtain the following DFA for L = a, ba:

ε

a

b

qt

ba

a

b

a, b

a

ba, b

a, b

Exercise 17 Let Σn = 1, 2, . . . , n, and let Ln be the set of all words w ∈ Σn such that at least one letter of Σn does not appear in w. So, for instance, 1221, 32, 1111 ∈ L3 and 123, 2231 < L3.

(a) Give a NFA for Ln with O(n) states and transitions.

(b) Give a DFA for Ln with 2n states.

(c) Show that any DFA for Ln has at least 2n states.

(d) Which of (a), (b) and (c) still hold for Ln?

Solution:

(a)

...

Σn \ 1

Σn \ n

Σn \ 1

Σn \ n

358

(b) We construct a DFA A = (Q,Σnδ, q0, F) whose states are subsets of the alphabet:

Q = P(Σn),

δ(S , a) = S ∪ a for every S ∈ Q, a ∈ Σn,

q0 = ∅,

F = Q \ Σn.

(c) For every word w ∈ Σ∗n, let α(w) denote the subset of letters of Σn that appear in w. Let An =

(Q,Σn, δ, q0, F) be a DFA recognizing Ln. Let w1,w2 be two words such that α(w1) , α(w2),and let q1, q2 ∈ Q be the states such that

q0w1−−−→ q1 and q0

w2−−−→ q2.

We claim that q1 , q2. Since α(w1) , α(w2), we may assume w.l.o.g. that α(w1) * α(w2).Thus, there is a word v such that w1v contains all letters of Σn, but w2v does not. By definitionof Ln, we have w1v < Ln and w2v ∈ Ln, which implies q1 , q2, and we are done.

By the claim, the number of states of An is larger or equal to the number of subsets of Σn,and hence An has at least 2n states.

(d) Clearly, (b) holds as we can simply complement the DFA for Ln. Moreover, (c) holds becausethe minimal DFAs for a language and for its complement have the same number of states.We prove that (a) does not hold, i.e. that every NFA for Ln has 2n states.

Let Σ1,Σ2 be two different subsets of Σn, and let w1 ∈ Σ∗1 and w2 ∈ Σ∗2. Let A be an NFA thatrecognizes Ln. We show that A has runs ρ1 on w1 and ρ2 on w2 leading to different statesq1 and q2. Since Σ1 , Σ2, w.l.o.g. there are words v1 and v2 such that w1v1,w2v2 ∈ Ln, butw2v1 < Ln. Let ρ1, ρ2 be accepting runs for w1v1 and w2v2. Let q1 and q2 be the states reachedby the runs after reading w1 and w2. If q1 = q2, then w2v1 ∈ Ln, which is a contradiction.Thus, q1 , q2.

Exercise 18 Let Mn be the language of the regular expression (0+1)∗0(0+1)n−10(0+1)∗. These arethe words containing at least one pair of 0s at distance n. For example, 101101, 001001, 000000 ∈M3 and 101010, 000111, 011110 < M3.

(a) Give a NFA for Mn with O(n) states and transitions.

(b) Give a DFA for Mn with Ω(2n) states.

(c) Show that any DFA for Mn has at least 2n states.

359

Solution:

(a) We give a NFA for M3; the generalization to Mn is straightforward:

0 0, 1 0, 1 0

0, 1 0, 1

(b) The DFA has 2n + 1 states: one for each word from 0, 1n, and one final state q f . Intuitively,the DFA is at state b1 · · · bn ∈ 0, 1n if these are the last n letters that were read. Accordingly,for every b2 · · · bn ∈ 0, 1n−1, the DFA has four transitions of the form

0b2 · · · bn0−−→ q f ,

0b2 · · · bn1−−→ b2 · · · bn1,

1b2 · · · bn0−−→ b2 · · · bn0,

1b2 · · · bn1−−→ b2 · · · bn1.

Initially the DFA has not yet read anything, but this is equivalent to having read only 1s sofar: in both cases, there can be no pair of 0s at distance n before n steps. Thus, we take 1n asthe initial state.

(c) The proof is very similar to the one of Exercise 17(c): one may show that the states reachedby the DFA after reading any two distinct words w1,w2 ∈ 0, 1n must be different.

Exercise 19 Recall that a nondeterministic automaton A accepts a word w if at least one of the runs of A on w is accepting. This is sometimes called the existential accepting condition. Considerthe variant in which A accepts w if all runs of A on w are accepting (in particular, if A has no run onw, then it trivially accepts w). This is called the universal accepting condition. Notice that a DFAaccepts the same language with both the existential and the universal accepting conditions.

Intuitively, we can imagine an automaton with universal accepting condition as executing allruns in parallel. After reading a word w, the automaton is simultaneously in all states reached byall runs labelled by w, and accepts if all those states are accepting.

Consider the language by Ln = ww : w ∈ 0, 1n.

(a) Give an automaton of size O(n) with universal accepting condition that recognizes Ln.

(b) Prove that every NFA (and so in particular every DFA) recognizing Ln has at least 2n states.

(c) Give an algorithm that transforms an automaton with universal accepting condition into aDFA recognizing the same language. This shows that automata with universal acceptingcondition recognize the regular languages.

360

Solution:

(a) Note that v ∈ Ln iff for every 1 ≤ i ≤ n the i-th and i + n-th letters of v coincide. This is aconjunction of conditions. We construct a universal automaton that has a run on v for eachof these conditions, and the run accepts iff the condition holds.

The automaton has a spine of states q0, q1, . . . , qn, with transitions qi0,1−−−→ qi+1 for every

0 ≤ i ≤ n− 1. At every state qi, the automaton can leave the spine remembering the (i + 1)-thletter by means of transitions

qi0−−→ r1 and qi

1−−→ r′1.

The automaton then reads the next n − 1 letters by transitions ri0,1−−−→ ri+1 and r′i

0,1−−−→ r′i+1 for

every 1 ≤ i ≤ n − 1, and checks whether the (i + n)-th letter matches the (i + 1)-th letter bytransitions

rn0−−→ q f and r′n

1−−→ q f ,

where q f is the unique final state.

(b) We use the same technique as in Exercise 17. Let A be an NFA recognizing Ln. For everyword ww ∈ 0, 12n, the automaton A has at least one accepting run on ww. Let qw be thestate reached by one such run after reading the first w. We claim that for any two differentwords w,w′ ∈ 0, 1n the states qw, qw′ are different. For the sake of contradiction, supposethat qw = qw′ . Automaton A has an accepting run on ww′, obtained by concatenating thefirst half of the accepting run on ww and the second half of the accepting run on ww′. Sinceww′ < Ln, this is a contradiction. Consequently, A has a different state qw for each wordww ∈ 0, 12n, and hence it has at least 2n states.

(c) It suffices to replace line 6 of NFAtoDFA by: if Q′ ⊆ F then add Q′ to F. In other words, allstates of Q′ must be accepting rather than at least one.

Exercise 20 The existential and universal accepting conditions can be combined, yielding alter-nating automata. The states of an alternating automaton are partitioned into existential and univer-sal states. An existential state q accepts a word w, denoted w ∈ L (q), if either w = ε and q ∈ F,or w = aw′ and there exists a transition (q, a, q′) such that w′ ∈ L (q′). A universal state q acceptsa word w if either w = ε and q ∈ F, or w = aw′ and w′ ∈ L (q′) for every transition (q, a, q′). Thelanguage recognized by an alternating automaton is the set of words accepted by its initial state.

Give an algorithm that transforms an alternating automaton into a DFA recognizing the samelanguage.

Solution: As an example, let us consider the following alternating automaton A:

361

q0

q1

q4

q2

q3

∃

∃ ∀

∃∀

a

a

b

b

b

After reading the letter a, the automaton is in either state q1 or q4, which we can write as q1∨q4.If the automaton reads b from q1, then it is in q1. If it reads b from q4, then it is “in both” q2 andq3, which we write as q2 ∧ q3. Altogether, reading the word ab in A leads to q1 ∨ (q2 ∧ q3). Ifwe substitute each state qi by true iff qi is accepting, then the resulting boolean value indicateswhether the word is accepted. In our example, ab is accepted since false ∨ (true ∧ true) = true.

Let us now consider an arbitrary alternating automaton A. Let Q = q1, . . . , qn be its set ofstates. The above example suggests to define the states of the DFA as the set of all positive booleanformulas over variables Q. However, since there are infinitely many such formulas, we define thestates as the equivalence classes of formulas (where, as usual, two formulas are equivalent if theyare true for the same valuations of the variables).

The initial state is the (equivalence class of) the formula q0. The final states are the formulasthat are true when all accepting states are set to true, and all non accepting states to false. Given aformula f , the unique formula f ′ such that ( f , a, f ′) belongs to the transition relation is defined asfollows. For each state q:

• If q is existential and (q, a, q1), . . . , (q, a, qn) are the output transitions of q, then replace everyoccurrence of q in f by (q1 ∨ · · · ∨ qn). If n = 0, then replace it by false.

• If q is universal and (q, a, q1), . . . , (q, a, qn) are the output transitions of q, then replace everyoccurrence of q in f by (q1 ∧ · · · ∧ qn). If n = 0, then replace it by true.

For example, the resulting DFA for the alternating automaton above is:

q0 q1 ∨ q4 q1 ∨ (q2 ∧ q3)a b

Exercise 21 In algorithm NFAεtoNFA, no transition that has been added to the workset, processed and removed from the workset is ever added to the workset again. However, transitions may beadded to the workset more than once. Give a NFA-ε and a run of NFAεtoNFA where this happens.

Solution: Let us consider the following NFA-ε A:

362

p qrε

εa

The algorithm starts with W = (p, ε, q), (p, a, q). If we pick transition (p, ε, q), then we discovertransition (q, ε, q) and obtain W = (p, a, q), (q, ε, q). If we pick transition (q, ε, p), then we addtransition (p, a, q) which is already in the workset W.

Exercise 22 Execute algorithm NFAεtoNFA on the following NFA-ε over Σ = a1, . . . , an to show 3that the algorithm may increase the number of transitions quadratically:

q0 q1 q2 qn−1 qn

a1

ε

a2

ε

an

ε

Solution: Let us execute the algorithm by prioritizing ε-transitions. The contents of the worksetW evolves as follows during the first few iterations:

Iter. W0 (q0, a1, q1), (q0, ε, q1)1 (q0, a1, q1), (q0, a2, q2), (q0, ε, q2)2 (q0, a1, q1), (q0, a2, q2), (q0, a3, q3), (q0, ε, q3)...

...

n − 1 (q0, a1, q1), (q0, a2, q2), (q0, a3, q3), . . . , (q0, an, qn), (q0, ε, qn)n (q0, a1, q1), (q0, a2, q2), (q0, a3, q3), . . . , (q0, an, qn)

n + 1 (q0, a2, q2), (q0, a3, q3), . . . , (q0, an, qn), (q1, a2, q2), (q1, ε, q2)n + 2 (q0, a2, q2), (q0, a3, q3), . . . , (q0, an, qn), (q1, a2, q2), (q1, a3, q3), (q1, ε, q3)...

...

2n − 1 (q0, a2, q2), (q0, a3, q3), . . . , (q0, an, qn), (q1, a2, q2), (q1, a3, q3), . . . , (q1, an, qn), (q1, ε, qn)2n (q0, a2, q2), (q0, a3, q3), . . . , (q0, an, qn), (q1, a2, q2), (q1, a3, q3), . . . , (q1, an, qn)

Thus, after these iterations, we have discovered transitions

(q0, a j, q j) | 0 < j ≤ n ∪ (q1, a j, q j) | 1 < j ≤ n

which will all be part of the resulting NFA. By continuing the execution, we will discover the setof transitions (qi, a j, q j) | 0 ≤ i < j < n which has size (n − 1) + . . . + 1 = n(n − 1)/2. Thus, theresulting NFA has a quadratic number of transitions:

363

q0 q1 q2 qn−1 qn

a1 a2 an

a2

an−1

an

an−1

an

an−1

an

Exercise 23 We say that u = a1 · · · an is a scattered subword of w ∈ Σ∗, denoted by u w, if there àre words w0, . . . ,wn ∈ Σ∗ such that w = w0a1w1a2 · · · anwn. The upward closure and downwardclosure of a language L are the following languages:

↑L = u ∈ Σ∗ : w u for some w ∈ L,

↑L = u ∈ Σ∗ : u w for some w ∈ L.

Give algorithms that take a NFA A as input and return NFAs for ↑L (A) and ↓L (A).

Solution: Let A = (Q,Σ, δ, q0, F) be a DFA. Let B be the NFA obtained by adding a transition(q, a, q) to A for every q ∈ Q and a ∈ Σ. We have L (B) =↑ L (A). Let C be the NFA-ε obtained byadding, for every transition (p, a, q) of A, a new transition (p, ε, q). Intuitively, the new transitionsof C allow to insert letters at every position, and the new transitions of C allow to “guess” the lettersthat must be removed from w in order to obtain u. Thus, we have L (C) =↓ L (A). We can removethe ε-transitions of C by using NFAεtoNFA.

Exercise 24 Let L be a regular language over Σ. Show that the following languages are also regular by constructing NFAs:

(a)√

L = w ∈ Σ∗ : ww ∈ L,

(b) Cyc(L) = vu ∈ Σ∗ : uv ∈ L.

Solution: Let A = (Q,Σ, δ,Q0, F) be an NFA that accepts L.

(a) Intuitively, we construct an automaton B that guesses an intermediate state p and then readsw simultaneously from an initial state q0 and from p. The automaton accepts if it simultane-ously reaches p and some qF ∈ F. Formally, let B = (Q′,Σ, δ′,Q′0, F

′) be such that

Q′ = Q × Q × Q,

Q′0 = (p, q, p) : p ∈ Q, q ∈ Q0,

F′ = (p, p, q) : p ∈ Q, q ∈ F,

364

and, for every p, q, r ∈ Q and a ∈ Σ,

δ′((p, q, r), a) = (p, q′, r′) : q′ ∈ δ(q, a), r′ ∈ δ(r, a).

(b) Intuitively, we construct an automaton B that guesses a state p and reads a prefix v of theinput word until it reaches a final state. Then, automaton B moves non deterministically toan initial state from which it reads the remainder u of the input word, and it accepts if itreaches p. More formally, let B = (Q′,Σ, δ′,Q′0, F

′) be such that

Q′ = Q × 0, 1 × Q,

Q′0 = (p, 0, p) : p ∈ Q,

F′ = (p, 1, p) : p ∈ Q,

and, for every p, q ∈ Q and a ∈ Σ ∪ ε,

δ′((p, b, q), a) =

(p, b, q′) : q′ ∈ δ(q, a) if a ∈ Σ,

(p, 1, q′) : q′ ∈ Q0 if a = ε, b = 0 and q ∈ F,∅ otherwise.

Exercise 25 For every n ∈ IN, let msbf(n) be the set of most-significant-bit-first encodings of n,i.e., the words that start with an arbitrary number of leading zeros, followed by n written in binary.For example, msbf(3) = L (0∗11), msbf(9) = L (0∗1001) and msbf(0) = L (0∗). Similarly, letlsbf(n) denote the set of least-significant-bit-first encodings of n, i.e., the set containing for eachword w ∈ msbf(n) its reverse. For example, lsbf(6) = L (0110∗) and lsbf(0) = L (0∗).

(a) Construct and compare DFAs recognizing the set of even numbers w.r.t. the unary encoding(where n is encoded by the word 1n), the msbf-encoding, and the lsbf-encoding.

(b) Do the same for the set of numbers divisible by 3.

(c) Give regular expressions corresponding to the languages of (b).

Solution:

(a) Here are the three DFAs:

• Unary encoding:

1

1

• MSBF encoding:

365

0 11

0

• LSBF encoding:

0

0, 1

(b) The DFA for the unary encoding is, loosely speaking, a cycle of length three. We nowgive a DFA for the MSBF encoding. The idea is that the state reached after reading a wordw corresponds to the remainder of the number represented by w when dividing by 3. Wetherefore take as states Q = 0, 1, 2 with 0 as both initial and final state. If a word w encodesa number k, then wa encodes the number 2k +a. Thus, for every state q ∈ 0, 1, 2, we define:

δ(q, a) = (2q + a) mod 3.

This yields the automaton:

0 1 2

0 11 0

1 0

In order to obtain a DFA for the LSBF encoding, we “reverse” the DFA as follows: exchangeinitial and final states, and reverse the transitions. In general, this yields an NFA, but in thiscase the result of this operation is the same automaton! Thus, we have shown that a binarynumber b1b2 . . . bn is divisible by 3 iff the number bnbn−1 . . . b1 is also divisible by 3.

(c) For the unary encoding, we can take (111)∗. For the two other encodings, we can take theregular expression (0 + 1(01∗0)∗1)∗.

Exercise 26 Consider the following DFA over the alphabet with letters[00

],[01

],[10

], and

[11

]:

0 1 2

[00

] [11

][10

] [00

]

[01

][11

]

366

A word w encodes a pair of natural numbers (X(w),Y(w)), where X(w) and Y(w) are obtained byreading the top and bottom rows in MSBF encoding. For instance, the following word encodes(44, 19):

w =

[10

] [01

] [10

] [10

] [01

] [01

]Show that the above DFA recognizes the set of words w such that X(w) = 3 ·Y(w), i.e., the solutionsof the equation x − 3y = 0.

Solution: We prove that (a) every word w ∈ Σ∗ accepted by the DFA satisfies X(w) = 3 · Y(w);and that (b) every word w satisfying X(w) = 3 · Y(w) is accepted by the DFA.

(a) We prove, by induction on |w|, that δ(0,w) ∈ 0, 1, 2 implies X(w) − 3Y(w) = δ(0,w). Sincethe only accepting state is 0, this implies that X(w) − 3Y(w) = 0 for all w ∈ L (A).

If |w| = 0, then w = ε and both δ(0, ε) = 0 and X(w) = 0 = Y(w). Assume |w| > 0. We writew as u[a, b], where [a, b] stands for the letter with a at the top and b at the bottom. We have:

X(w) = 2X(u) + a and Y(w) = 2Y(u) + b.

Assume that δ(0,w) = q ∈ 0, 1, 2, as there is otherwise nothing to show. In particular, thisimplies that δ(0, u) = q′ ∈ 0, 1, 2. By induction hypothesis, we have X(u)− 3Y(u) = q′. Wemake a case distinction of q and q′:

• q = q′ = 0. It must be the case that a = b = 0, i.e., X(w) = 2X(u) and Y(w) = 2Y(u).Hence,

X(w) − 3Y(w) = 2X(u) − 3 · 2Y(u)

= 2(X(u) − 3Y(u))

= 2 · q′

= 0

= q.

• q = 0 and q′ = 1. It must be the case that a = b = 1. It follows that X(w) = 2X(u) + 1and Y(w) = 2Y(u) + 1, and hence:

X(w) − 3Y(w) = (2X(u) + 1) − 3 · (2Y(u) + 1)

= 2(X(u) − 3Y(u)) − 2

= 2 · q′ − 2

= 2 · 1 − 2

= 0

= q.

367

• The remaining cases are analogous.

(b) Now we prove that every word w that satisfies X(w) − 3Y(w) = 0 is accepted by the DFA.Recall that, in (a), we have shown that δ(0,w) ∈ 0, 1, 2 implies X(w) − 3Y(w) = δ(0,w).Thus, it suffices to show that δ(0,w) ∈ 0, 1, 2, i.e., that δ(0,w) is not the (implicit) trap state.

We prove that if δ(0,w) is the trap state, then X(w)− 3Y(w) < 0. Let w′ be the shortest prefixof w such that δ(0,w′) is the trap state, and let w = w′w′′. We proceed by induction on |w′′|.

If |w′′| = 0, then we have w′ = u[a, b] where δ(0, u) ∈ 0, 1, 2. Consider the case δ(0, u) = 0and [a, b] = [0, 1]; the other cases are similar. Since δ(0, u) = 0, we have X(u) − 3Y(u) = 0.We are done since:

X(w) − 3Y(w) = X(w′) − 3Y(w′) = 2X(u) − 3(2Y(u) + 1) = 2(X(u) − 3Y(u)) − 3 = −3.

Now, let us assume |w′′| > 0. Let w′′ = v[x, y]. By induction hypothesis, we have X(w′v) −3Y(w′v) < 0. By the definition of MSBF encodings, we are done since:

X(w) − 3Y(w) = (2X(w′v) + y) − 3(2Y(w′v) + x)

= 2(X(w′v) − 3Y(w′v)) + (y − 3x)

≤ 2 · (−1) + (y − 3x) (by induction hypothesis)

≤ 2 · (−1) + 1 (by y − 3x ∈ −3,−2, 0, 1)

< 0.

Exercise 27 Algorithm NFAtoRE transforms a finite automaton into a regular expression representing the same language by iteratively eliminating states of the automaton. In this exercise wepresent an algebraic reformulation of the algorithm. We represent a NFA as a system of languageequations with as many variables as states, and solve the system by eliminating variables. A lan-guage equation over an alphabet Σ and a set V of variables is an equation of the form r1 = r2, wherer1 and r2 are regular expressions over Σ ∪ V . For instance, X = aX + b is a language equation. Asolution of a system of equations is a mapping that assigns to each variable X a regular expressionover Σ, such that the languages of the left and right-hand sides of each equation are equal. Forinstance, a∗b is a solution of X = aX + b because L (a∗b) = L (aa∗b + b).

(a) Arden’s Lemma states that given two languages A, B ⊆ Σ∗ with ε < A, the smallest languageX ⊆ Σ∗ satisfying X = AX + B is the language A∗B. Prove Arden’s Lemma.

(b) Consider the following system of equations, where the variables X,Y represent languages(regular expressions) over the alphabet Σ = a, b, c, d, e, f :

X = aX + bY + c

Y = dX + eY + f .

368

This system has many solutions, but there is again a unique minimal solution, i.e., a solutioncontained in every other solution. Find the smallest solution with the help of Arden’s Lemma.

Hint: As a first step, consider X not as a variable, but as a constant language, and solve theequation for Y using Arden’s Lemma.

(c) We can associate to any NFA A = (Q,Σ, δ, q0, F) a system of linear equations as follows.We take Q as variables, which we call here X,Y,Z, . . ., with X as initial state. The system hasthe following equation for each state Y:

Y =

∑(Y,a,Z)∈δ

aZ if Y < F,

∑(Y,a,Z)∈δ

aZ

+ ε if Y ∈ F.

Consider the DFA of Figure 2.16(a). Let X,Y,Z,W be the states of the automaton, read fromtop to bottom and from left to right. The associated system of linear equations is

X = aY + bZ + ε Y = aX + bW

Z = bX + aW W = bY + aZ.

Compute the solution of this system by iteratively eliminating variables. Start with Y , theneliminate Z, and finally W. Compare with the elimination procedure depicted in Figure 2.16.

Solution:

(a) We first show that A∗B is a solution of X = AX + B:

A∗B =

∑k≥0

Ak

B =∑k≥0

AkB = B +∑k≥1

AkB = B + A

∑k≥0

Ak

B = A(A∗B) + B.

Now, let L be an arbitrary solution of X = AX + B. We must show that A∗B ⊆ L. SinceL = AL + B, we have:

L = AL + B

L = A(AL + B) + B = B + AB + A2L

L = A(A(AL + B) + B) + B = B + AB + A2B + A3L...

369

and so, by induction, we get for all k ≥ 0:

L = Ak+1L ∪k⋃`=0

A`B.

In particular, this implies A`B ⊆ L for every ` ≥ 0, and hence A∗B ⊆ L.

(b) By Arden’s Lemma, the smallest solution of the equation

Y = dX + eY + f = eY + (dX + f )

is the language e∗(dX + f ) independently of the value of X. Substituting into the equationfor X, we obtain

X = aX + be∗(dX + f ) + c

= (a + be∗d)X + be∗ f + c,

which by Arden’s Lemma yields:

X = (a + be∗d)∗(be∗ f + c)

Y = e∗(d(a + be∗d)∗(be∗ f + c) + f ).

(c) In order to eliminate Y , we simply substitute the equation Y = aX + bW into the remainingequations, yielding:

X = aaX + abW + bZ + ε

Z = bX + aW

W = aZ + baX + bbW

Similarly, we may eliminate Z:

X = aaX + abW + bbX + baW + ε = (aa + bb)X + (ab + ba)W + ε

W = abX + aaW + baX + bbW = (aa + bb)W + (ab + ba)X.

By Arden’s Lemma, the parametrized minimal solution for W is (aa + bb)∗(ab + ba)X. So,we obtain the single equation

X = (aa + bb)X + (ab + ba)(aa + bb)∗(ab + ba)X + ε

=((aa + bb) + (ab + ba)(aa + bb)∗(ab + ba)

).

whose least solution is

X =((aa + bb) + (ab + ba)(aa + bb)∗(ab + ba)

)∗This is the same regular expression as obtained in the chapter. In fact, the elimination ofstates corresponds to the elimination of the corresponding variables in the underlying systemof linear equations.

370

Exercise 28 (Inspired by R. Majumdar) Consider a deck of cards (with arbitrary many cards) in which black and red cards alternate, the top card is black, and the bottom card is red. The set ofpossible decks is given by the regular expression (BR)∗. Cut the deck at any point into two piles,and then perform a riffle (also called a dovetail shuffle) to yield a new deck. For example, we cancut a deck with six cards 123456 (with 1 as the top card) into two piles 12 and 3456, and the riffleyields 345162 (we start the riffle with the first pile). Give a regular expression over the alphabetB,R describing the possible configurations of the decks after the riffle.

Hint: After the cut, the last card of the first pile can be black or red. In the first case the two pilesbelong to (BR)∗B and R(BR)∗, and in the second case to (BR)∗ and (BR)∗. Let Rif (r1, r2) be thelanguage of all decks obtained by performing a riffle on decks taken from L (r1) and L (r2). We arelooking for a regular expression for


)+ Rif

((BR)∗, (BR)∗

).

Use Exercise 27 to set up a system of equations over the variables X = Rif ((BR)∗B,R(BR)∗) andY = Rif ((BR)∗, (BR)∗), and solve it.

Solution: By definition of a riffle, for every regular expressions r, r1, r2 and letters a, b ∈ Σ:

Rif (r, ε) = r,

Rif (ε, r) = r,

Rif (r1 + r2, r) = Rif (r1, r) + Rif (r2, r),

Rif (r, r1 + r2) = Rif (r, r1) + Rif (r, r2),

Rif (r1a, r2b) = Rif (r1, r2)ba.

Applying these identities we get:


)= Rif

((BR)∗B, (RB)∗R

)= Rif

((BR)∗, (RB)∗

)RB,

Rif((BR)∗, (RB)∗

)= Rif

(ε + (BR)∗BR, ε + (RB)∗RB

)= (BR)∗ + (RB)∗ + Rif

((BR)∗B, (RB)∗R

)BR.

By introducing variables X and Y for Rif ((BR)∗B,R(BR)∗) and Rif ((BR)∗, (RB)∗), we obtain thefollowing system of equations:

X = YRB

Y = (BR)∗ + (RB)∗ + XBR.

Substituting Y in the equation for X yields

X =((BR)∗ + (RB)∗ + XBR

)RB =

(BR)∗ + (RB)∗

)RB + XBR

371

whose least solution isX =

((BR)∗ + (RB)∗

)RB(BR)∗.

Substituting in the equation for Y yields

y =((BR)∗ + (RB)∗

) (ε + RB(BR)∗BR

).

Exercise 29 Let L be an arbitrary language over a 1-letter alphabet. Prove that L∗ is regular.

Solution: We assume that L , ∅ and L , ε, as the claim is otherwise trivial. Let w ∈ L be theshortest nonempty word of L. Note that w∗ ⊆ L∗. If L∗ = w∗, then we are done. Otherwise, let v1 ∈

L∗ be the shortest word such that v1 ∈ L∗ \w∗. We have v1w∗ ⊆ L∗. If L∗ = v1w∗, then we are done.Otherwise, we can continue this process by picking the shortest word vi ∈ L∗ \ (v1 + . . . + vi−1)w∗

and checking whether L∗ = (v1 + . . . + vi)w∗. Let p = |w|. This process is guaranteed to terminatein n < p steps, which means that L = (v1 + . . . + vn)w∗, which is regular. Indeed, for the sake ofcontradiction, suppose it does not terminate in less than p steps. Let v0 = ε. By the pigeonholeprinciple, there exists 0 ≤ i < p such that |vp| ≡ |vi| (mod p). Since |vi| < |vp|, we have vp ∈ viw∗,which contradicts the way vp was picked.

Exercise 30 In contrast to Exercise 29, show that there exists a language L over a two-letter alphabet such that L∗ is not necessarily regular.

Solution: Let L′ ⊆ 0∗ be an undecidable language and let L = 1w : w ∈ L′. For the sake ofcontradiction, suppose that L∗ is regular, and consequently decidable. Note that w ∈ L′ iff 1w ∈ Liff 1w ∈ L∗. Hence, one can decide L′, which is a contradiction.

Exercise 31 Let Kn be the complete directed graph over nodes 1, . . . , n and edges (i, j) | 1 ≤ i, j ≤ n. A path of Kn is a sequence of nodes, and a circuit of Kn is a path that begins and ends atthe same node. MB: Revise statement and

solution.Consider the family of DFAs An = (Qn,Σn, δn, q0n, Fn) given by

• Qn = 1, . . . , n,⊥ and Σn = ai j | 1 ≤ i, j ≤ n;

• δn(⊥, ai j) = ⊥ for every 1 ≤ i, j ≤ n (that is, ⊥ is a trap state), and

δn(i, a jk) =

⊥ if i , jk if i = j

• q0n = 1 and Fn = 1.

For example, here are K3 and A3:

372

1 2

3

1 2

3

a12

a13a23

a21

a31

a32

Every word accepted by An encodes a circuit of Kn. For example, the words a12 a21 and a13 a32 a21,which are accepted by A3, encode the circuits 121 and 1321 of K3. Clearly, An recognizes theencodings of all circuits of Kn starting at node 1.

A path expression r over Σn is a regular expression such that every word of L(r) models a pathof Kn. The purpose of this exercise is to show that every path expression for L(An)—and so everyregular expression, because any regular expression for L(An) is a path expression by definition—must have length Ω(2n).

• Let π be a circuit of Kn. A path expression r covers π if L(r) contains a word uwv such that wencodes π. Further, r covers π∗ if L(r) covers πk for every k ≥ 0. Let r be a path expression oflength m starting at a node i. Prove:

(a) Either r covers π∗, or it does not cover π2m.

(b) If r covers π∗ and no proper subexpression of r does, then r = s∗ for some expression s, andevery word of L(s) encodes a circuit starting at a node of π.

• For every 1 ≤ k ≤ n + 1, let [k] denote the permutation of 1, 2, · · · , n + 1 that cyclically shiftsevery index k positions to the right. Formally, node i is renamed to i + k if i + k ≤ n + 1, and toi + k − (n + 1) otherwise. Let π[k] be the result of applying the permutation to π. So, for instance,if n = 4 and π = 24142, we get

π[1] = 35253 π[2] = 41314 π[3] = 52425 π[4] = 13531 π[5] = 24142 = π

(c) Prove that π[k] is a circuit of Kn+1 that does not pass through node k.

• Define inductively the circuit gn of Kn for every n ≥ 1 as follows:

- g1 = 11

- gn+1 = 1 gn[1]2ngn[2]2n

· · · gn[n + 1]2nfor every n ≥ 1

In particular, we have

g1 = 11

g2 = 1 (22)2 (11)2

g3 = 1(2 (33)2 (22)2)4 (

3 (11)2 (33)2 3)4 (

1 (22)2 (11)2)4

(d) Prove using parts (a)-(c) that every path expression covering gn has length at least 2n−1.

373

Solution: (a) If r = ε, r = ∅, or r = ai j, then L(a) does not cover π2, and we are done.If r = s∗ and si covers π for some i ≥ 0, then r covers π∗; if no si covers π, then r does not

cover π, and so it does not cover π2m either.If r = r1 + r2, then m = maxm1,m2, where m1 and m2 are the lengths of r1 and r2. If any of

r1 or r2 cover π∗, then so does r. Otherwise, by induction hypothesis, r1 does not cover π2m1 and r2does not cover π2m2 , and so r does not cover π2m.

If r = r1r2, then m ≤ m1 + m2 + 1 (because at most one copy of π can be covered “between” r1and r2). If any of r1 or r2 cover π∗, then so does r. Otherwise, by induction hypothesis, r1 does notcover π2m1 and r2 does not cover π2m2 . So r does not cover π2m1+2m2+1, and therefore it does notcover πm either.

(b) Assume r is not a starred expression. If r = r1 + r2, then, since r covers π∗, it covers π2m, andso r1 or r2 cover π2m. By (a) either r1 or r2 cover π∗, contradicting the minimality of r. The sameargument holds for r = r1r2: since r covers π∗, it covers π4m+1, and so r1 or r2 cover π2m. So r = s∗

for some s.For the second part let w1 = ai1i2ai2i3 · · · aik−1ik and w2 = a j1 j2a j2 j3 · · · a j`−1 j` be two arbitrary

words of L(s). Since r = s∗ is a path expression, all of w1w1, w1w2, w2w1 and w2w2 encode paths,and therefore i1 = ik = j1 = ik = j`. So all words of L(s) encode circuits starting and ending at thesame node, say i. It remans to prove that i is a node of π. Assume this is not the case. Then, forevery k ≥ 1 any shortest word of L(s∗) that covers πk must also be a word of s (because the first andlast letters of a word of L(s) cannot be used to encode π). It follows that s covers π∗, contradictingthe assumption that no proper subexpression of r covers π∗.

(c) Since π is a path of Kn, it does not pass through node n + 1. Since the node permuted to node kby the permutation [k] is n + 1, the circuit π[k] does not pass through node k.

(d) For g1 the result is obvious. Now, let r be any minimal path expression covering gn+1 (that is, noproper subexpression of r covers gn+1). By definition, r covers gn[i]2n

for every 1 ≤ i ≤ n + 1. So,by (a) either r has length at least 2n−1, and we are done, or r covers gn[i]∗ for every 1 ≤ i ≤ n + 1.Assume the latter. Then r contains for every 1 ≤ i ≤ n + 1 a minimal subexpression ri coveringgn[i]∗. By (b), ri = s∗i for some expression si. Let s be a shortest expression among s1, . . . , sn+1.By (b), there is a node j such that every word of L(s) models a circuit starting at j. Consider s∗ ands∗j . By induction hypothesis, each of them has length at least 2n−2. By minimality of s∗ we havethat s∗j cannot be a proper subexpression of s∗. So there are two possible cases:

(1) Neither s∗ is a subexpression of s∗j , nor s∗j is a subexpression of s∗.Then the length of r is at least equal to the sum of the lengths of s∗ and s∗j , has length at least2n−1, and we are done.

(2) s∗ is a subexpression of s∗j .Recall that s j covers gn[ j], which by (c) does not pass through node j.Moreover, by (b), noword of L(s j) can encode a circuit starting at j. On the other hand, every word of L(s) encodesa circuit starting at j. So s , s j, and so s∗ is a proper subexpression of s j. It follows that

374

s j[s∗/ε] (the result of substituting s∗ by ε in s j) still covers gn[ j]∗, because the substitutiononly loses circuits containing j, which gn[ j]∗ does not visit anyway. By induction hypothesis,s j[s∗/ε] has length at least 2n−2. Since s∗ also has length at least 2n−2, we obtain that s j haslength at least 2n−1. Since s∗j is a subexpression of r, we finally conclude that r has length atleast 2n−1.


375

376

Exercise 32 Determine the residuals of the following languages over alphabet Σ = a, b:

(a) (ab + ba)∗,

(b) (aa)∗,

(c) anbncn : n ≥ 0.

Solution:

(a) We have Lε = L ((ab + ba)∗), La = L (b(ab + ba)∗), Lb = L (a(ab + ba)∗) and Laa = ∅. Allother residuals are equal to one of these four.

(b) We have Lε = L ((aa)∗), La = L (a(aa)∗) and Lb = ∅. All other residuals are equal to one ofthese three.

(c) Every prefix of a word of the form anbncn has a different residual. For all other words theresidual is the empty set. Thus, there are infinitely many residuals.

Exercise 33 Consider the most-significant-bit-first (MSBF) encoding of natural numbers overalphabet Σ = 0, 1. Recall that every number has infinitely many encodings, because all thewords of 0∗w encode the same number as w. Construct the minimal DFAs accepting the followinglanguages, where Σ4 denotes all words of length 4:

(a) w : MSBF−1(w) mod 3 = 0 ∩ Σ4.

(b) w : MSBF−1(w) is a prime ∩ Σ4.

Solution:

(a) The DFA must recognize the encodings of 0, 3, 6, 9, 12, 15, i.e. the language

0000, 0011, 0110, 1001, 1100, 1111.

Thus, we obtain:

0

1

1

0

1

00

11

0 0

1

377

(b) The DFA must recognize the encodings of 2, 3, 5, 7, 11, 13, that is, the language

0010, 0011, 0101, 0111, 1011, 1101.

Thus, we obtain:

0

1

0

1

1

0, 1

0, 1

0

1 0

11

Exercise 34 Let A and B be respectively the following DFAs: 3

q0

q1

q2

q3

q4

q5

q6

a

b

a

b

a

b

b

a

a

b

a

b

a

b

q0 q1

q2 q3

q4

b

a a b b

a

b

a

a, b

378

(a) Compute the language partitions of A and B.

(b) Construct the quotients of A and B with respect to their language partitions.

(c) Give regular expressions for L(A) and L(B).

Solution: Let us first deal with A.

(a)

Iter. Block to split Splitter New partition

0 — — q0, q1, q2, q3, q5, q6, q4

1 q0, q1, q2, q3, q5, q6 (b, q4) q0, q2, q6, q1, q3, q5, q4

2 none, partition is stable — —

The language partition is P` = q0, q2, q6, q1, q3, q5, q4.

(b)

[q0]P` [q1]P` [q4]Pà

b a

b

a

b

(c) (a + b)∗ab.

Let us now deal with B.

(a)


0 — — q0, q3, q1, q2, q4

1 q1, q2, q4 (b, q1, q2, q4) q0, q3, q1, q2, q4

2 q2, q4 (a, q0, q3) q0, q3, q1, q2, q4


379

The language partition is P` = q0, q3, q1, q2, q4.

(b)

[q0]P` [q1]P`

[q2]P` [q4]P`

b

b

aa a

ba, b

(c) ((aa)∗(bb)∗)∗ or (aa + bb)∗.

Exercise 35 Consider the language partition algorithm LanPar. Since every execution of its while loop increases the number of blocks by one, the loop can be executed at most |Q| − 1 times. Showthat this bound is tight, i.e. give a family of DFAs for which the loop is executed |Q| − 1 times.

Hint: There exists a family with a one-letter alphabet.

Solution: Let An be the DFA over alphabet Σ = a consisting of a line of n states q0, q1, . . . , qn−1,where q0 is initial and qn−1 is the unique final state, with an additional a-loop on qn−1:

q0 q1 qn−2 qn−1a a a

The DFA An is minimal, but the sequence of partitions computed by the algorithm isq0, . . . , qn−2, qn−1

−→

q0, . . . , qn−3, qn−2, qn−1

−→ · · · −→

q0, . . . , qn−2, qn−1

.

Exercise 36 For each of the two NFAs below: 3

(a) Compute the coarsest stable refinements (CSR),

(b) Construct the quotients with respect to their CSRs,

(c) Say whether the obtained automata minimal.

380

q0

q1 q2

q3 q4

q5

a

a

b

a

a

a

a

b

a, b

a, b

a

a

q1 q2 q3

q4

a a

a

a ba b

a

Solution: Let A and B be respectively the left and right NFA. For A we obtain:

(a) The CSR is P = q0, q1, q2, q3, q4, q5:


0 — — q0, q1, q2, q3, q4, q5

1 q0, q1, q2, q3, q4 (a, q5) q0, q1, q2, q3, q4, q5


(b)

[q0]P [q1]P [q5]Pa a

a, b

(c) Yes. The language accepted by the NFA is L = a(a+b)∗a. An NFA with one state can only ac-cept ∅, ε, a∗, b∗ or a, b∗. Suppose there exists a two-state NFA A = (q0, q1, a, b, δ,Q0, F)accepting L. Without loss of generality, we may assume that q0 is initial. Automaton A mustrespect the following properties:

381

• q0 < F, since ε < L,• q1 ∈ F, since L , ∅,• q1 ∈ δ(q0, a), as otherwise it is impossible to accept aa, which is in L.

This implies that A accepts a, yet a < L. Therefore, no two-state NFA accepts L.

For B we obtain:

(a) The CSR is P = q1, q2, q3, q4:


— — q1, q3, q2, q4

1 q1, q3 (a, q2, q4) q1, q2, q4, q3

2 q2, q4 (a, q3) q1, q2, q3, q4


(b) The automaton remains unchanged.

(c) No. We have seen in Exercise 11 that this NFA recognizes the language (a + ab)∗, and wehave constructed an equivalent two-state DFA.

Exercise 37 Let A1 and A2 be DFAs with n1 and n2 states such that L (A1) , L (A2). Show that there exists a word w of length at most n1 + n2−2 such that w ∈ (L (A1) \ L (A2))∪ (L (A2) \ L (A1)).

Hint: Consider the NFA obtained by putting A1 and A2 “side by side”, and compute CSR(A).

Solution: Let A be the NFA obtained by taking the disjoint union of A1 and A2. Since L (A1) ,L (A2), automaton A has at least one final and one nonfinal state. Thus, the procedure that computesCSR(A) initially has a partition of two blocks. Since every split increases the number of blocks byone, and the maximal possible number of blocks is n1+n2, the algorithm performs at most n1+n2−2splits. Hence, it suffices to show that if two states q1 and q2 are put in different blocks at the k-thsplit, then the language (L (q1) \ L (q2)) ∪ (L (q2) \ L (q1)) contains a word w of length at most k.We prove this by induction on k. If k = 0, then exactly one of q1 or q2 is a final state, and we cantake w = ε. If k > 0, then right before q1 and q2 are put in different blocks, there is a letter a andtransitions

q1a−−→ q′1 and q2

a−−→ q′2,

such that q′1 and q′2 already belong to different blocks. By induction hypothesis, the language(L(q′1

)\ L

(q′2

))∪

(L(q′2

)\ L

(q′1

))contains a word w′ of length k − 1. Thus, we can take w = aw′.

382

Exercise 38 Let Σ = a, b. Let Ak be the minimal DFA such that L (Ak) = ww : w ∈ Σk.

(a) Construct A2.

(b) Construct a DFA that accepts L (Ak).

(c) How many states does Ak contain for k > 2?

Solution:

(a) The trap state is omitted for the sake of readability:

qε

qa

qb

qaa

qab

qba

qbb

ra

rb

rε

a

b

a

b

a

b

a

a

b

b

a

b

(b) We generalize the construction given in (a) for k = 2: state qw indicates that word w has beenread so far, and state rw indicates that w must be read in order to accept. More formally, letAk = (Q,Σ, δ, q0, F) be the following automaton which we complete with a trap state:

Q = qw : w ∈ Σk ∪ rw : w ∈ Σk−1,

δ = (qu, a, qua) : |u| < k ∪

(qav, a, rv) : a ∈ Σ, |v| = k − 1 ∪

(rav, a, rv) : a ∈ Σ, |v| < k − 1

q0 = qεF = rε.

(c) Note that Ak defined in (b) has f (k) = (2k+1 − 1) + (2k − 1) + 1 = 3 · 2k − 1 states. We claimthat Ak is a minimal DFA. To prove it, we show that L (Ak) has f (k) residuals. To simplifythe notation, let L = L (Ak).

383

• We have Lv = ∅ for every v ∈ Σ∗ such that |v| > 2k. Hence, ∅ is our first residual.

• For every word v of length at most k−1, we have Lv = uvu : u ∈ Σ∗, |vu| = k. Note thatall of these sets contain at least two words, and they are all distinct. There are so manyof them as words of length at most k, and so we get

∑k−1i=0 2i = 2k − 1 new residuals.

• For every word v such that k ≤ |v| ≤ 2k, we have v = v1v2v3, where |v1v2| = k and|v1| = |v3|. If v1 , v3, then Lv = ∅, which is not a new residual. If v1 = v3, thenLv = v2 is a new residual as all other residuals we have seen so far had either zero orat least two words. Thus, we get a new residual for every word v2 of length 0 ≤ |v2| ≤ k,and hence

∑ki=0 2i = 2k+1 − 1 residuals.

In total, we have at least 1 + (2k − 1) + (2k+1 − 1) = 3 · 2k − 1 residuals, which matches theupper bound given by the number of states of Ak.

Exercise 39 For every language L ⊆ Σ∗ and word w ∈ Σ∗, let wL = u ∈ Σ∗ | uw ∈ L. A language L′ ⊆ Σ∗ is an inverse residual of L if L′ = wL for some w ∈ Σ∗.

(a) Determine the inverse residuals of the first two languages of Exercise 32: (ab+ba)∗ and (aa)∗.

(b) Show that a language is regular iff it has finitely many inverse residuals.

(c) Does a language always have as many residuals as inverse residuals?

Solution:

(a) • We give the inverse residuals of L = L ((ab + ba)∗) as regular expressions:

εL = (ab + ba)∗, aL = (ab + ba)∗b,bL = (ab + ba)∗a, aaL = ∅.

All other inverse residuals are equal to one of these four. The language has the samenumber of residuals and inverse residuals, but they are not same languages.

• We give the inverse residuals of (aa)∗ as regular expressions:

εL = (aa)∗, aL = (aa)∗a, bL = ∅.

All other inverse residuals are equal to one of these three. In this case, the residuals andthe inverse residuals of the language coincide.

(b) Let L be a language and let LR be the reverse of L (see Exercise 12). We have u ∈ wL iffuw ∈ L iff wRuR ∈ LR iff uR ∈ (LR)wR

. Thus, K is an inverse residual of L iff KR is a residualof LR. In particular, the number of inverse residuals of L is equal to the number of residualsof LR. Consequently:

384

L is regulariff LR is regular (by Exercise 12)iff LR has finitely many residualsiff L has finitely many residuals.

(c) No. Consider the language L over a, b containing all words ending with a, i.e. (a + b)∗a.The language has two residuals:

Lw =

(a + b)∗a + ε if w ends with a,(a + b)∗a if w ends with b or w = ε.

but three inverse residuals:

wL =

(a + b)∗a if w = ε,

(a + b)∗ if w ends with a,∅ if w ends with b.

Exercise 40 Design an efficient algorithm Res(r, a), where r is a regular expression over an alpha- `bet Σ and a ∈ Σ, that returns a regular expression satisfying L (Res(r, a)) = L (r)a.

Solution: Recall that the solution of Exercise 6 yields a linear-time algorithm to check if thelanguage of a regular expression contains the empty word. We can easily transform it into analgorithm computing the function E(r) defined by E(r) = ε if ε ∈ L (r), and E(r) = ∅ otherwise.We can use it to design an algorithm that computes Res(r, a) recursively as follows:

Res(∅, a) = Res(ε, a) = ∅,

Res(r1 + r2, a) = Res(r1, a) + Res(r2, a),

Res(r1r2, a) = Res(r1, a) r2 + E(r1) Res(r2, a),

Res(r∗, a) = Res(r, a) r∗.

Exercise 41 A DFA A = (Q,Σ, δ, q0, F) is reversible if no letter can enter a state from two distinctstates, i.e. for every p, q ∈ Q and σ ∈ Σ, if δ(p, σ) = δ(q, σ), then p = q.

(a) Give a reversible DFA that accepts L = ab, ba, bb.

(b) Show that the minimal DFA that accepts L is not reversible.

(c) Is there a unique minimal reversible DFA that accepts L (up to isomorphism)? Justify.

385

Solution:

(a)

a

b

b a, b

(b) By minimizing this reversible DFA, we obtain the following DFA which is not reversiblesince b enters the final state twice:

a b

b a, b

(c) No. These two non isomorphic automata are both minimal reversible DFAs accepting L:

a

b

b

a, b

a

b

b

a

b

Exercise 42 Prove or disprove the following statements:

(a) A subset of a regular language is regular.

(b) A superset of a regular language is regular.

(c) If L1 and L1L2 are regular languages, then L2 is regular.

(d) If L2 and L1L2 are regular languages, then L1 is regular.

386

Solution: All statements are false. Since ∅ and Σ∗ are both regular, any of (a) or (b) would implythat every language is regular, which is certainly not the case, e.g. A = an2

: n ≥ 0 is not regular.For (c), let L1 = L (a∗) and let L2 = A. We have L1L2 = L (a∗), which is regular, but L2 is not.Similarly, (d) is disproved with L1 = A and L2 = L (a∗).

Exercise 43 A DFA with negative transitions (DFA-n) is a DFA whose transitions are partitionedTBDinto positive and negative transitions. A run of a DFA-n is accepting if:

• it ends in a final state and the number of occurrences of negative transitions is even, or

• it ends in a non-final state and the number of occurrences of negative transitions is odd.

The intuition is that taking a negative transition “inverts the polarity” of the acceptance condition:after taking the transition we accept iff we would not accept were the transition positive.

• Prove that the languages recognized by DFAs with negative transitions are regular.

• Give a DFA-n for a regular language having fewer states than the minimal DFA for thelanguage.

• Show that the minimal DFA-n for a language is not unique (even for languages whose mini-mal DFA-n’s have fewer states than their minimal DFAs).

Solution:MB: No solution.

Exercise 44 We say that a residual of a regular language L is composite if it is the union of otherTBD

residuals of L, and that it is prime otherwise. Show that every regular language L is recognized byan NFA whose number of states is equal to the number of prime residuals of L.

Solution: We define an NFA AL = (QL ∪ q0,Σ, δL,Q0, FL) where:

• QL is the set of prime residuals of L;

• For every K ∈ QL and every a ∈ Σ, we define δ(K, a) as the set K of prime residuals of Lsuch that

⋃K′∈K K′ = Ka;

• Q0 is the set of prime residuals of L such that⋃

K∈Q0 K = L

• FL is the set of prime residuals of L that contain the empty word.

We claim that a word w ∈ Σ∗ is accepted from state K iff w ∈ K. This implies L (AL) = L. Theinteresting part is to show that if w ∈ K then w is accepted from state K. We sketch the inductionstep. Assume w = aw′. Then w′ ∈ Ka, and Ka is a residula of L. So w′ belongs to one of theprime residuals, say K′, whose union yields Ka. By definition, there is a transition (K, a,K′). Byinduction hypothesis, w′ is accepted from state K′. So w is accepted from state K.MB: Too brief.

AL is a canonically defined NFA for a given language, but not necessarily minimal.

387

Exercise 45 (T. Henzinger) Which of these languages over the alphabet 0, 1 are regular?

1. The set of words containing the same number of 0’s and 1’s.

2. The set of words containing the same number of occurrences of the strings 01 and 10.(E.g., 01010001 contains three occurrences of 01 and two occurrences of 10.)

3. Same for the pair of strings 00 and 11, the pair 001 and 110, and the pair 001 and 100.

Solution: 1. For any two distinct numbers n,m ≥ 0 the residuals of 0n and 0m are different unlessn = m: indeed, if n , m then the residual of 0n contains 1n, but the residual of 0m does not. So thelanguage has infinitely many residuals, and so it is not regular.

2. This is the language of the words over 0, 1 that begin and end with same letter, plus theempty word. Indeed, every word over 0, 1 can be obtained by concatenating blocks of 0s and1s. The occurrences of ab and ba necessarily alternate: ab occurs when moving from an a-blockto a b-block, and vice versa. We have as many abs as bas when the first and last block are ofthe same type. The language is regular: for instance, it is the language of the regular expressionε + a + b + a(a + b)∗a + b(a + b)∗b.

3. For the pair 00 and 11: As in (1), for any two distinct numbers n,m ≥ 0 the residuals of 0n and0m are different unless n = m. If n , m, then the residual of 0n contains 1n, but the residual of 0m

does not. So the language is not regular.For the pair 001 and 110: For any two distinct numbers n,m ≥ 0 the residuals of (001)n and

(001)m are different unless n = m. If n , m, then the residual of (001)n contains (110)n, but theresidual of (001)m does not. So the language is not regular.

For the pair 001 and 100: This is the set of all words that start with 00 iff they end with 00. Asabove, let a word be balanced if it contains the same number of occurrences of 001 and 100, andunbalanced otherwise. Again, we can represent a word as a (possibly empty) alternating sequenceof blocks of 0s and 1s. Removing an inner block of 0s preserves the balanced/unbalanced characterof the word: if the block contains just one 0, then the number of occurrences of 001 and 100 doesnot change; if the block contains two or more 0s, then both numbers of occurrences decrease byone. The same happens if we replace a block of 1s by a single 1. So a word is balanced iff applyingthese operations it can be reduced to a word of the forms 0n10m with n,m ≥ 2 or 10n1 with n ≥ 1.These are the words that start with 00 iff they end with 00. This language is regular: for instance,it is the language of the regular expression

(0 + 1 + ε)(0 + 1 + ε) (words of length at most 2)+ 000 + 010 + 011 + 101 + 110 + 111 (balanced words of length 3)+ 00(0 + 1)∗00 (other words beginning and ending with 00)+ (01 + 10 + 11)(0 + 1)∗(01 + 10 + 11) (other words neither beginning nor ending with 00)

388

Exercise 46 A word w = a1 . . . an is a subword of v = b1 . . . bm, denoted by w v, if there areindices 1 ≤ i1 < i2 . . . < in ≤ m such that ai j = b j for every j ∈ 1, . . . n. Higman’s lemma statesthat every infinite set of words over a finite alphabet contains two words w1, w2 such that w1 w2.

A language L ⊆ Σ∗ is upward-closed, resp. downward-closed), if for every two words w, v ∈ Σ∗,if w ∈ L and w v, then v ∈ L, resp. if w ∈ L and w v, then v ∈ L. The upward-closure of alanguage L is the upward-closed language obtained by adding to L all words v such that w v forsome v ∈ L.

1. Prove using Higman’s lemma that every upward-closed language is regular.Hint: Consider the minimal words of L, i.e., the words w ∈ L such that no proper subwordof w belongs to L.

2. Prove that every downward-closed language is regular.

3. Give regular expressions for the upward and downward closures of anbn min n ≥ 0.

4. Give algorithms that transform a regular expression r for a language into regular expressionsr⇑ and r⇓ for its upward-closure and its downward-closure.

5. Give algorithms that transform an NFA A recognizing a language into NFAs A ⇑ and A ⇓recognizing its upward-closure and its downward-closure.

Solution: 1. Let L be an upward-closed language over a finite alphabet Σ. A word of L is minimalif it is not a proper subword of another word of L. Let min(L) be the set of minimal words of L.By Higman’s lemma min(L) is finite. For every word w = a1a2 . . . an of L, the language of wordsw′ w is the language of the regular expression rw = Σ∗a1Σ∗a2Σ∗ . . .Σ∗anΣ∗. So L is the languageof the regular expresion

∑w∈min L rw, and therefore L is regular.

2. Let L be a downward-closed language. Then L is upward-closed, and so, by (1), regular. Sinceregular languages are closed under complement, L is regular.

3. For the upward closure: (a + b)∗. For the downward-closure: a∗b∗.

4. For the upward-closure it suffices to insert S igma∗ at the right places. More precisely, givena regular expression r, define r ⇑ as the result of replacing every occurrence of a letter a in r byΣ∗aΣ∗ (and then, for the sake of economy, replacing every occurrence of Σ∗Σ∗ by Σ∗). For thedownward-closure, it suffices to insert ε at the right places. More precisely, define r⇓ as the resultof replacing every occurrence of a letter a in r by (a + ε).

5. For the upward-closure, add a loop to every state labeled by Σ. For the downward-closure, addfor each transition (q, a, q′) another transition (q, ε, q′), and then apply NFA-εtoNFA.

Exercise 47 (Abdulla, Bouajjani, and Jonsson) An atomic expression over an alphabet Σ∗ is anexpression of the form ∅, ε, (a + ε) or (a1 + . . . + an)∗, where a, a1, . . . , an ∈ Σ. A product is aconcatenation e1 e2 . . . en of atomic expressions. A simple regular expression is a sum p1 + . . .+ pn

of products.

389

1. Prove that the language of a simple regular expression is downward-closed (see Exercise 46).

2. Prove that every downward-closed language can be represented by a simple regular expres-sion.Hint: since every downward-closed language is regular, it is represented by a regular expres-sion. Prove that this expression is equivalent to a simple regular expression.

Solution: 1. Easy structural induction. The languages of ∅, ε, (a + ε), and (a1 + . . . + an)∗

are obviously downward closed. If L(r1) and L(r2) are downward closed, then so are L(r1r2) andL(r1 + r2).

2. We prove by structural induction that for every regular expression r there is a simple regularexpression s such that L(s) is the downward-closure of L(r).

• If r = ∅ or r = ε, then s = r.

• If r = a, then s = (a + ε).

• If r = r1 + r2, then by induction hypothesis there are simple regular expressions for thedownward-closures of L(r1) and L(r2), and we can take s = s1 + s2.

• If r = r1r2, then by induction hypothesis there are simple regular expressions s1 and s2 forthe downward-closures of L(r1) and L(r2). Let s1 = p11 + · · ·+ p1n and s2 = p21 + · · ·+ p2m.Then we can take s =

∑ni=1

∑mj=1 = p1i p2 j.

• If r = r∗1, then by induction hypothesis there is a simple regular expression s1 for thedownward-closure of L(r1). So, as can be easily seen, L(s∗1) is the downward-closure of L(r).However, s∗1 may not be a simple regular expression. To solve this problem, we prove bystructural induction on s1 that there is a simple regular expression s′1 such that L(s′1) = L(s∗1).

– If s1 = ∅ or s1 = ε, then s′1 = ε.

– If s1 = (a + ε), then s′1 = a∗.

– If s1 = (a1 + . . . + an)∗, then s′1 = s1.

– If s1 = e1 e2 . . . en, then let a1, . . . , am be the letters occurring in at least one ofe1, . . . , en. We can take s′i = (a1 + · · · + am)∗.

– If s1 = p1 + . . . + pn, then let Σi be the set of letters occurring in pi. We have just seenthat L(Σ∗i ) is the downward-closure of pi. So we can take s′1 = (Σ1 + · · · + Σn)∗.

Exercise 48 Consider the alphabet Σ = up, down, left, right. A word over Σ corresponds to a linein a grid consisting of concatenated segments drawn in the direction specified by the letters. In thesame way, a language corresponds to a set of lines. For example, the set of all staircases can bespecified as the set of lines given by the regular language (up right)∗. It is a regular language.

390

1. Specify the set of all skylines as a regular language (i.e., formalize the intuitive notion ofskyline). From the lines below, the one on the left is a skyline, while the other two are not.

2. Show that the set of all rectangles is not regular.

Solution: 1. Here is a possible candidate for a definition: a word over Σ is a skyline if it does notcontain left, up down, or down up as subwords (perhaps you wish to add that it starts and ends withright). The set of skylines is clearly regular (it is the complement of Σ∗(left+up down+down up)Σ∗).

2. The set of rectangles is the set of words of the form upn rightm downn leftm, where n,m > 1.The homomorphism h(up) = up, h(down) = down, h(right) = h(left) = ε transforms them into thelanguage upn downn | n ≥ 1, which is non-regular, and so the language of rectangles is itselfnonregular.

Exercise 49 A NFA A = (Q,Σ, δ,Q0, F) is reverse-deterministic if (q1, a, q) ∈ δ and (q2, a, q) ∈trans implies q1 = q2, i.e., no state has two input transitions labelled by the same letter. Further, Ais trimmed if every state accepts at least one word, i.e., if LA(q) , ∅ for every q ∈ Q.

Let A be a reverse-deterministic, trimmed NFA with one single final state q f . Prove thatNFAtoDFA(A) is a minimal DFA.

Hint: Show that any two distinct states of NFAtoDFA(A) recognize different languages, andapply Corollary 3.13.

Solution: Let B = NFAtoDFA(A) and let Q1,Q2 be two distinct states of B. Then Q1 and Q2 aresets of states of A, and we have LB(Qi) =

⋃q∈Qi LA(q) for i = 1, 2. We prove LB(Q1) , LB(Q2).

Assume the contrary. Then, since Q1 , Q2 , there is q1 ∈ Q1 \ q2. Since A is trimmed, the LA(q)contains at least one word w. Since LB(Q1) = LB(Q2), we have w ∈ L(q2) for some q2 ∈ Q2,and further q1 , q2. Since q f is the unique final state of A, the NFA has two paths q1δwq f andq2δwq f . Since these paths start at different states and end at the same state, there is a prefix w′aof w, two different states q′1, q

′2, and a state q such that q1δw′q′1δaq and q2δw′q′2δaq. So A is not

reverse-deterministic, contradicting the assumption.

Exercise 50 Let Rev(A) be the algorithm of Exercise 12 that, given a NFA A as input, returns atrimmed NFA AR such that L(AR) =

(L(A))R, where LR denotes the reverse of L (see Exercise 12).

Recall that a NFA is trimmed if every state accepts at least one word (see Exercise 49). Prove thatfor every NFA A the DFA

NFAtoDFA(

Rev(

NFAtoDFA( Rev(A) )) )

is the unique minimal DFA recognizing L(A).

391

Solution: Let B = NFAtoDFA(Rev(A)). Then B is a DFA such that L(B) = L(A)R. Let C =

Rev(B). We have L(C) = L(B)R =(L(A)R)R

= L(A). Since B is deterministic, C is reverse-deterministic. Moreover, since B has one single initial state, C has one single final state. Finally,by the definition of Rev, C is trimmed. So D = NFAtoDFA(C) is a minimal DFA recognizing thesame language as C, which is L(A).

Exercise 51 (Sickert)

1. Let Σ = 0, 1 be an alphabet.

Find a language L ⊆ Σ∗ that has infinitely many residuals and |Lw| > 0 for all w ∈ Σ∗.

2. Let Σ = a be an alphabet.

Find a language L ⊆ Σ∗, such that Lw = Lw′ =⇒ w = w′ for all words w,w′ ∈ Σ∗.

What can you say about the residuals for such a language L? Is such a language regular?

Solution:

1. L = ww | w ∈ Σ∗. First we prove that L has infinitely many residuals by showing that foreach pair of words of the infinite set 0i1 | i ≥ 0 the corresponding residuals are not equal.Let u = 0i1, v = 0 j1 ∈ Σ∗ two words with i < j. Then Lu , Lv since u ∈ Lu, but u 6 Lv. Forthe second half consider some arbitrary word w. Then w ∈ Lw, which shows the statement.

2. We observe that for all languages satisfying that property Lw has to be non-empty for allw and thus also infinite. Furthermore all these languages are not regular, since there areinfinitely many residuals.

L = a2n| n ≥ 0. Let ai and a j two distinct words. W.l.o.g. we assume i < j. Let now di and

d j denote the distance from i and j to resp. closest larger square number. If di < d j holds,we are immediately done since adi ∈ Lai

and adi < La j. di > d j is analogous. Thus assume

di = d j. Let us then define d′i and d′j denote the distance from i and j to resp. second closestlarger square number. These have to be unequal, since the gaps between the square numbersare strictly increasing and we can repeat the argument from before.

392


393

394

Exercise 52 Consider the following languages over alphabet Σ = a, b: 3

• L1 is the set of all words where between any two occurrences of b’s there is at least one a;

• L2 is the set of all words where every maximal sequence of consecutive a’s has odd length;

• L3 is the set of all words where a occurs only at even positions;

• L4 is the set of all words where a occurs only at odd positions;

• L5 is the set of all words of odd length;

• L6 is the set of all words with an even number of a’s.

Construct an NFA for the language

(L1 \ L2) ∪ (L3 4 L4) ∩ L5 ∩ L6,

where L4 L′ denotes the symmetric difference of L and L′, while sticking to the following rules:

• Start from NFAs for L1, . . . , L6;

• Any further automaton must be constructed from already existing automata via an algorithmintroduced in the chapter, e.g. Comp, BinOp, UnionNFA, NFAtoDFA, etc.

Solution: We start from the following automata:

L1:

a

b

a

L2:

b

a

b

a

a

L3: b

a, b

a

a, b

L4: a, b

b

a

a, b

L5: a, b

a, b

L6: a

a

b b

By applying BinOp and pruning sink states, we obtain:

395

L1 \ L2: a

b

a

a

ba

L3 4 L4:

a a

b

b

ba, b b a, b

L5 ∩ L6:

aa aa

b

b

b

b

By applying BinOp on the two rightmost automata, we obtain:

L1 \ L2: a

b

a

a

ba

(L3 4 L4) ∩ (L5 ∩ L6): b

a

a

a

bbbb

ba

a

a

bb bb

By adding a sink state and applying Comp on the rightmost automaton, we obtain:

L1 \ L2: a

b

a

a

ba

(L3 4 L4) ∩ (L5 ∩ L6): b

a

a

a

bbbb

b a

a

a

bb bb

a, b

a

a

a

a

By considering the two above automata as a single one, we obtain an NFA for (L1\L2)∪(L3 4 L4) ∩ L5 ∩ L6.

Exercise 53 Prove or disprove: the minimal DFAs recognizing a language L and its complement L have the same number of states.

396

Solution: This is true. Let n and n be the size of minimal automata A and A recognizing L and Lrespectively. Note that CompDFA(A) has the same number of states as A, hence n ≤ n. Similarly,CompDFA(A) has the same number of states as A, hence n ≤ n. We obtain n = n as desired.

Exercise 54 Give a regular expression for the words over 0, 1 that do not contain 010 as subword.

Solution: Different solutions are possible, e.g. (1 + 00∗11)∗(0∗ + 00∗1) which we can obtain asfollows. First, we construct an NFA for the words containing 010 as subword:

q0 q1 q2 q3

0, 1 0, 1

0 1 0

Determinization and complementation yield:

q0 q0, q1 q0, q2 q0, q1, q3 q0, q2, q3 q0, q3

1 0 0 1

0 1 0 11

0

1 0

We safely remove the three rightmost states as they cannot reach final states:

1 0

0 1

1

We further turn the automaton into an NFA-ε which can be converted into a regular expression:

397

1 0

ε 0 1

1

εε

ε

We may now convert the automaton into a regular expression. After removing one state, we obtain:

1

ε

ε + 00∗ ε

00∗1

1

After removing a second state, we obtain:

ε

1 + 00∗11

ε + 00∗ + 00∗1

After removing the last state, we obtain the final expression (1 + 00∗11)∗(ε + 00∗ + 00∗1) which canbe simplified to (1 + 00∗11)∗(0∗ + 00∗1):

(1 + 00∗11)∗(ε + 00∗ + 00∗1)

Exercise 55 Find a family of NFAs Ann≥1 with O(n) states such that every NFA recognizing the complement of L (An) has at least 2n states. Hint: See Exercise 19.

398

Solution: Let Ln = ww | w ∈ 0, 1n. The language Ln is made of the set Xn of all words oflength different from 2n, plus the set Yn of all words w such that the i-th and (i + n)-th letter ofw differ for some 1 ≤ i ≤ n. Note that Xn and Yn are not disjoint. We give NFAs for these twolanguages for the case n = 3, from which the general construction can be easily deduced. Here is aNFA recognizing X3:

0, 1 0, 1 0, 1 0, 1 0, 1 0, 1 0, 1

0, 1

Let us construct an NFA for Y3. The NFA nondeterministically chooses a position 1 ≤ i ≤ 3,and the letter at that position: if the letter is 0, it moves up, otherwise down. The NFA then readstwo more letters, and checks that the next letter is the opposite of the one it chose:

0

0, 1

1

0, 1

0

1

0, 1

0, 1

0

1

0, 1

0, 1

1

0

0, 1

Exercise 56 Consider again the regular expressions (1 + 10)∗ and 1∗(101∗)∗ of Exercise 3. 3

• Construct NFAs for these expressions and use InclNFA to check if their languages are equal.

• Construct DFAs for the expressions and use InclDFA to check if their languages are equal.

• Construct minimal DFAs for the expressions and check whether they are isomorphic.

Solution:

• We respectively construct the two following NFAs:

p0 p1 q0 q1 q2

1

1

0

1

10

1

1

399

Language inclusion holds as InclNFA terminates without ever returning false within its loop:

Iter. Q W0 ∅ [p0, q0]1 [p0, q0] [p1, q0, q1]2 [p0, q0], [p1, q0, q1] [p0, q2]3 [p0, q0], [p1, q0, q1], [p0, q2] [p1, q1, q2]4 [p0, q0], [p1, q0, q1, [p0, q2], [p1, q1, q2]] ∅

• We respectively construct the two following DFAs:

p0 p1 q0 q1 q2

1

1

0

1

10

1

Language inclusion holds as InclDFA terminates without ever returning false within its loop:

Iter. Q W0 ∅ [p0, q0]1 [p0, q0] [p1, q1]2 [p0, q0], [p1, q1] [p0, q2]2 [p0, q0], [p1, q1], [p0, q2] ∅

• We obtain the two minimal DFAs below. They are clearly isomorphic, and hence they acceptthe same language.

p0 p1 q0, q2 q1

1

1

0

1

1

0

Exercise 57 Consider the variant of IntersNFA in which line 7

if (q1 ∈ F1) and (q2 ∈ F2) then add [q1, q2] to F

is replaced by

if (q1 ∈ F1) or (q2 ∈ F2) then add [q1, q2] to F

Let A1⊗A2 be the result of applying this variant to two NFAs A1 and A2. An NFA A = (Q,Σ, δ,Q0, F)is complete if δ(q, a) , ∅ for every q ∈ Q and every a ∈ Σ.

• Prove the following: If A1 and A2 are complete NFAs, then L (A1 ⊗ A2) = L (A1) ∪ L (L2).

• Give NFAs A1 and A2 which are not complete and such that L (A1 ⊗ A2) = L (A1) ∪ L (L2).

400

Solution:

• Let A1 = (Q1,Σ, δ1,Q01, F1) and A2 = (Q2,Σ, δ2,Q02, F2) be complete NFAs. Note that anyword can be read in both automata by completeness. Hence, if A1 accepts a word w, then A2can read it (regardless of whether it is accepted or not), and vice versa. Thus, we have:

w ∈ L (A1) ∪ L (A2)

⇐⇒ ∃q01w−→ q1, q02

w−→ q2, q01 ∈ Q01, q02 ∈ Q02, (q1 ∈ F1 ∨ q2 ∈ F2) (by completeness)

⇐⇒ ∃[q01, q02]w−→ [q1, q2] and [q1, q2] ∈ F (by def. of ⊗).

• The two first NFAs below accept (a + b)∗a and (a + b)∗b respectively, and the resulting thirdNFA correctly accepts (a + b)∗(a + b):

p0 p1

A1:

a, b

a q0 q1

A2:

a, b

b p0, q0

p1, q0

p0, q1

A1 ⊗ A2:

a, b

a

b

Exercise 58 The even part of a word w = a1a2 . . . an over alphabet Σ is the word a2a4 . . . abn/2c.Given an NFA A, construct an NFA A′ such that L (A′) is the even parts of the words of L (A).

Solution: Let A = (Q,Σ, δ,Q0, F). We define the NFA A′ = (Q,Σ, δ′,Q0, F′) as follows. Forevery, q ∈ Q and a, b ∈ Σ, we let δ′(q, b) = δ(q, ab). By taking F′ = F, we would obtain anautomaton A′ that accepts the even parts of the even-length words of L (A). To deal with odd-length words, we instead set F′ = F ∪ q ∈ Q : δ(q, a) ∩ F , ∅ for some a ∈ Σ. For example:

A:a, b a a

b

A′:a

b

b

Exercise 59 Let Li = w ∈ a∗ | the length of w is divisible by i.

(a) Construct an NFA for L := L4 ∪ L6 with a single initial state and at most 11 states.

(b) Construct the minimal DFA for L.

401

Solution: The NFA is as follows:

aa

a a

aaa

a

a

a

a

a

We construct DFAs for L4 (four states) and L6 (six states), construct the union by taking the pairing(24 states), and minimize. The resulting minimal DFA has states Q = 0, 1, . . . , 11 organized in acircle, i.e. where δ(i, a) = (i + 1) mod 12. Its final states are F = 0, 4, 6, 8.

Exercise 60 Modify algorithm Empty so it returns a witness that when the automatin is nonempty, ì.e., a word accepted by the automaton. Explain how could you further return a shortest witness.What is the complexity of your procedure?

Solution: We can perform a breadth-first search of the automaton from the set of initial states. Ifthe search terminates without finding any final state, then we return “empty”. Otherwise, we haltthe search as soon as some final state q f is found.

During the search, each time a state q is discovered via a transition pa−→ q, we store pred[q] =

(p, a). This allows to reconstruct a shortest path (labeled by some word) backwards from q f tosome initial state q0. The procedure runs in linear time w.r.t. the number of states and transitions.Note that if there is a total order on the letters, e.g. a < b < c < · · · < z, then prioritizing them inthat order will further yield a shortest certificate with respect to the lexicographical order.

Exercise 61 Use the algorithm UnivNFA to test whether the following NFA is universal. 3

q0

q1 q2

q3 q4

b

b

a, b

a

a, ba

a

a, b

Solution:

402

Iter. Q W0 ∅ q0

1 q0 q2, q1, q3

2 q0, q2 q1, q3

3 q0, q2, q1, q3 ∅

The algorithm returns true, hence the NFA accepts a, b∗.

Exercise 62 Let Σ be an alphabet. We define the shuffle operator ||| : Σ∗ ×Σ∗ → P(Σ∗) inductivelyas follows, where a, b ∈ Σ and w, v ∈ Σ∗:

w ||| ε = w,

ε ||| w = w,

aw ||| bv = au : u ∈ w ||| bv ∪ bu : u ∈ aw ||| v.

For example we have:

b ||| d = bd, db, ab ||| d = abd, adb, dab, ab ||| cd = cabd, acbd, abcd, cadb, acdb, cdab.

Given DFAs recognizing languages L1, L2 ⊆ Σ∗ construct an NFA recognizing their shuffle

L1 ||| L2 =⋃

u∈L1,v∈L2

u ||| v.

Solution: Let A1 and A2 be two DFAs where Ai = (Qi,Σ, δi, q0i, Fi). We use a variation of thepairing construction, i.e., we construct an automaton with states Q1 × Q2. While in the standardpairing construction both automata move when a letter is read, we now choose nondeterministicallyone of the two automata, which is to move accordingly to the letter read, while the other one doesnot change its state. More precisely, we let

δ([q, q′], a) = [δ1(q, a), q′], [q, δ2(q′, a)].

This automaton is constructed algorithmically as follows:

403

Shuffle(A1, A2)Input: DFAs A1 = (Q1,Σ, δ1, q01, F1) and A2 = (Q2,Σ, δ2, q02, F2)Output: DFA A = (Q,Σ, δ,Q0, F) with L (A) = L (A1) ||| L (A2)

1 Q, δ, F ← ∅2 q0 ← [q01, q02]3 W ← q0

4 while W , ∅ do5 pick [q1, q2] from W6 add [q1, q2] to Q7 if (q1 ∈ F1) and (q2 ∈ F2) then add [q1, q2] to F8 for all a ∈ Σ do9 q′1 ← δ1(q1, a); q′2 ← δ2(q2, a)

10 if [q′1, q2] < Q then add [q′1, q2] to W11 if [q1, q′2] < Q then add [q1, q′2] to W12 add ([q1, q2], a, [q′1, q2]) to δ13 add ([q1, q2], a, [q1, q′2]) to δ

Exercise 63 The perfect shuffle of two languages L, L′ ∈ Σ∗ is a variant of the shuffle introduced in Exercise 62 defined as:

L ||| L′ = w ∈ Σ∗ : ∃a1, . . . , an, b1, . . . , bn ∈ Σ s.t. a1 · · · an ∈ L and

b1 · · · bn ∈ L′ and

w = a1b1 · · · anbn.

Give an algorithm that returns a DFA accepting L(A) ||| L(B) from two given DFAs A and B.

Solution: Let A1 and A2 be two DFAs where Ai = (Qi,Σ, δi, q0i, Fi). We build a DFA A thatalternates between reading a letter in A1 and reading a letter in A2. To do so, we build two copiesof the pairing of A1 and A2. Reading a letter a in the first copy simulates reading a in A1 and thengoes to the second copy, and vice versa. A word is accepted if it ends up in a state [q1, q2] of thefirst copy such that q1 ∈ F1 and q2 ∈ F2. More formally, A = (Q,Σ, δ, q0, F) where

• Q = Q × Q′ × 1, 2, where [q1, q2]c denotes (q1, q2, c),

• δ([q1, q2]c, a) =

[δ1(q1, a), q2]2 if c = 1,[q1, δ2(q2, a)]1 if c = 2,

• q0 = [q01, q02]1,

• F = [q1, q2]1 : q1 ∈ F1 and q2 ∈ F2.

404

As for most constructions, some states of A may be non reachable from the initial state. We givean algorithm that avoids this:

PerfectShuffle(A1, A2)Input: DFAs A1 = (Q1,Σ, δ1, q01, F1) and A2 = (Q2,Σ, δ2, q02, F2)Output: DFA A = (Q,Σ, δ,Q0, F) with L (A) = L (A1) |||L (A2)

1 Q, δ, F ← ∅2 q0 ← [q01, q02]1

3 W ← q0

4 while W , ∅ do5 pick [q1, q2]c from W6 add [q1, q2]c to Q7 if (q1 ∈ F1) and (q2 ∈ F2) and c = 1 then add [q1, q2]c to F8 for all a ∈ Σ do9 q′1 ← δ1(q1, a); q′2 ← δ2(q2, a); c′ ← 3 − c

10 if [q′1, q′2]c′ < Q then add [q′1, q

′2]c′ to W

11 add ([q1, q2]c, a, [q′1, q′2]c′) to δ

Exercise 64 Let Σ1,Σ2 be two alphabets. A homomorphism is a map h : Σ∗1 → Σ∗2 such thath(ε) = ε and h(uv) = h(u)h(v) for every u, v ∈ Σ∗1. Observe that if Σ1 = a1, . . . , an, then h iscompletely determined by the values h(a1), . . . , h(an). Let h : Σ∗1 → Σ∗2 be a homomorphism.

(a) Construct an NFA for the language h(L (A)) = h(w) | w ∈ L (A) where A is an NFA over Σ1.

(b) Construct an NFA for h−1(L (A)) = w ∈ Σ∗1 | h(w) ∈ L (A) where A is an NFA over Σ2.

(c) Recall that the language 0n1n | n ∈ IN is not regular. Use the preceding results to show that(01k2)n3n | k, n ∈ IN is also not regular.

Solution:

(a) We consider A = (Q,Σ1, δ, q0, F) to be a DFA as we could otherwise determinize it. Weconstruct a finite automaton A′ = (Q,Σ2, δ

′, q0, F) whose transitions are labeled by wordsover Σ2, more precisely by the words h(Σ1) = h(a) | a ∈ Σ1. Note that this set is finite asΣ1 is finite. We set δ′(q, h(a)) = δ(q, a) for all a ∈ Σ1. In other words, we apply h to the edge

labels of the graph underlying A, i.e., if qa−→ q′ in A, then q

h(a)−−−→ q′ in A′.

Let us show that L (A′) = h(L (A)).

⊇) Consider some word w = a1a2 · · · an ∈ L (A). There is an accepting run of A on w, i.e.,

q0a1−−→ q1

a2−−→ · · ·

an−−→ qn with qn ∈ F.

By definition of δ′, we have qih(ai)−−−→ qi+1 in A′ for all transitions along this run. So

w′ = h(w) is accepted by A′, and so h(L (A)) ⊆ L (A′).

405

⊆) Let w′ ∈ L (A′). There is some accepting run of A′

q0u1−−→ q1

u2−−→ · · ·

un−−→ qn with qn ∈ F and ui ∈ h(Σ1).

By definition of δ′, for every transition qiui−→ qi+1 of A′, there is some letter ai ∈ Σ1

with h(ai) = ui such that qiai−→ qi+1 in A. By construction, the following is an accepting

run of A:q0

a1−−→ q1

a2−−→ · · ·

al−→ qn with qn ∈ F.

Thus, a1a2 · · · an ∈ L(A) and h(a1a2 . . . an) = w′. Therefore, L (A′) ⊆ h(L (A)).

(b) We consider A′ = (Q,Σ2, δ, q0, F) to be a DFA as we could otherwise determinize it. Weconstruct a finite automaton A accepting h−1(L (A′)). Intuitively, a transition of A labeled bya ∈ Σ1 summarizes the behavior of A′ when reading the word h(a). Let

δ(q, a) = δ′(q, h(a)) for all a ∈ Σ1.

Let A = (Q,Σ1, δ, q0, F). We claim that δ(q0,w) = δ′(q0, h(w)) for every w ∈ Σ1. Its validityshows that L (A) = h−1(L (A′)) as desired. Let us prove the claim by induction on |w|. If|w| = 0, then w = ε and the claim is obvious. If |w| > 0, then w = ua for some u ∈ Σ∗1 anda ∈ Σ1. We have:

δ(q0,w) = δ(δ(q0, u), a)

= δ(δ′(q0, h(u)), a) (by induction hypothesis)

= δ′(δ′(q0, h(u)), h(a)) (by def. of δ)

= δ′(q0, h(u)h(a))

= δ′(q0, h(ua)) (since h is a homomorphism)

= δ′(q0, h(w)).

(c) Let L = (01k2)n3n | k, n ≥ 0. For the sake of contradiction, suppose that L is regular, i.e.,that there exists some finite automaton A with L = L (A). Let h : 0, 1, 2, 3∗ → 0, 1∗ be thehomomorphism uniquely determined by

h(0) = 0, h(1) = ε, h(2) = ε and h(3) = 1.

We have h(L) = 0n1n | n ≥ 0. By the preceding results, there is a finite automaton A′ withL (A′) = 0n1n | n ≥ 0, which is a contradiction.

Exercise 65 Let L1 and L2 be regular languages over alphabet Σ. The left quotient of L1 by L2 is the language

L2L1 = v ∈ Σ∗ | ∃u ∈ L2 s.t. uv ∈ L1.

Note that L2L1 is different from the set difference L2 \ L1.

406

(a) Given NFAs A1 and A2, construct an NFA A such that L (A) = L (A1)L (A2).

(b) Do the same for the right quotient, defined as L1L2 = u ∈ Σ∗ | ∃v ∈ L2 s.t. uv ∈ L1.

(c) Determine the inclusion relations between these languages: L1, (L1L2)L2, and (L1L2)L2.

Solution:

(a) We provide two solutions.

• In order to accept a word v ∈ L (A2)L (A1), we can nondeterministically guess aword u ∈ L (A2) and check whether uv ∈ L (A1). Thus, we: pair A1 and A2; replaceall transitions of the pairing by ε-transitions (to guess the prefix u that is not part ofthe word); and add ε-transitions from states corresponding to final states of A2 to therespective state of A1. More formally, let Ai = (Qi,Σ, δi, qi, Fi). We construct:

A = ((Q1 × Q2) ∪ Q1,Σ, δ, [q1, q2], F1),

where δ contains the following transitions:

[q1, q2]ε−−→[δ1(q1, a), δ2(q2, a)] for every a ∈ Σ (guessing prefix u),

[q1, q2]ε−−→ q1 for every q2 ∈ F2 (prefix u belongs to L (A2)),

q1a−−→ δ(q1, a) for every a ∈ Σ (checking whether v ∈ L (A1)).

• By Exercise 64, regular language are closed under homomorphisms and their inverses.Hence, we express the left quotient in terms of homomorphisms. Let us introduce adisjoint copy of “barred letters” of Σ, i.e. let Σ = a | a ∈ Σ. We introduce homomor-phisms h : (Σ ∪ Σ)∗ → Σ∗ and h : (Σ ∪ Σ)∗ → Σ∗ defined for a ∈ Σ by:

h(a) = a h(a) = a

h(a) = ε h(a) = a.

In words, h “unbars” letters and h goes one step further by deleting unbarred letters. Inparticular, h−1(w) consists of words with all possible combinations of (un)barred lettersfrom w, e.g. h−1(ab) = ab, ab, ab, ab. We intersect h−1(L (A1)) with L (L2) Σ

∗In order

to get all words from L (A1) with prefix from L (A2) but with the remaining suffix beingbarred. On order to obtain the unbarred suffixes only, we further apply h:

L (A2)L (A1) = h(h−1(L (A1)) ∩ L (A2) Σ∗).

(b) Similarly as in the second solution of (a), we have

L (A1)L (A2) = h(h−1(L (A1)) ∩ Σ∗L (A2)).

407

Alternatively, we can use the automaton from the first solution of (a) together with the rever-sal construction since:

L (A1)L (A2) = (L (A2)R L (A1)R)R.

(c) None of the inclusions holds in general. Let L1 = a, b and L2 = b, bb. We have:

L1L2 = ε,

(L1L2)L2 = b, bb,

L1L2 = ab, abb, bb, bbb,

(L1L2)L2 = ε, a, ab, b, bb.

This disproves all inclusions except for (L1L2)L2 ⊆ (L1L2)L2 and L1 ⊆ (L1L2)L2. Todisprove the former, let L1 = a, b and L2 = b, ab. We have

(L1L2)L2 = b, ab * ε, a, b, aa, ba = (L1L2)L2.

To disprove the latter, let L1 = a and L2 = ∅. We have:

(L1L2)L2 = ∅∅ = ∅ + a.

Note that, in general, it is the case that L1 ⊆ (L1L2)L2 if L1 = ∅ or L2 , ∅. The former caseis trivial. For the latter, let v ∈ L2. If u ∈ L1, then uv ∈ L1L2 and thus u ∈ (L1L2)L2.

Exercise 66 Given alphabets Σ and ∆, a substitution is a map f : Σ→ 2∆∗ assigning to each letter à ∈ Σ a language La ⊆ ∆∗. A subsitution f can be canonically extended to a map 2Σ∗ → 2∆∗ bydefining f (ε) = ε, f (wa) = f (w) f (a), and f (L) =

⋃w∈L f (w). Note that a homomorphism can be

seen as the special case of a substitution in which all La’s are singletons.Let Σ = Name, Tel, :, #, let ∆ = A, . . . ,Z, 0, 1, . . . , 9, :, #, and let f be the substitution:

f (Name) = (A + · · · + Z)∗

f (:) = :

f (Tel) = 0049(1 + . . . + 9)(0 + 1 + . . . + 9)10 + 00420(1 + . . . + 9)(0 + 1 + . . . + 9)8

f (#) = #

(a) Draw a DFA recognizing L = Name:Tel(#Tel)∗.

(b) Sketch an NFA recognizing f (L).

(c) Give an algorithm that takes as input an NFA A, a substitution f , and for every a ∈ Σ an NFArecognizing f (a), and returns an NFA recognizing f (L (A)).

408

Solution:

(a)

Name : Tel

#

(b)

ε

A, . . . ,Z

ε : 0 0 4 2 0

9

0, . . . , 9 0, . . . , 9

0, . . . , 9

0, . . . , 9

#

0, . . . , 9

(c) As suggested by the above example, for replace each transition pa−→ q we: remove the

transition, make a copy of the NFA for f (a), add ε-transitions from p to its initial states, andadd ε-transitions from its final states to q. Once this is done, we can remove the ε-transitions.

Exercise 67 Let A1 and A2 be two NFAs with respectively n1 and n2 states. Let

B = NFAtoDFA(IntersNFA(A1, A2)) and C = IntersDFA(NFAtoDFA(A1),NFAtoDFA(A2)).

A superficial analysis shows that B and C have O(2n1·n2) and O(2n1+n2) states, respectively, wronglysuggesting that C might be more compact than B. Show that, in fact, B and C are isomorphic, andso in particular have the same number of states.

Solution: The following two claims follow easily from the definitions of NFAtoDFA and IntersNFA:

• Let A = (Q,Σ, δ,Q0, F) ba an NFA. A set Q′ ⊆ Q is a state of NFAtoDFA(A) iff there is aword w ∈ Σ∗ such that Q′ = δ(Q0,w).

• Let A1 = (Q1,Σ, δ1,Q01, F1) and A2 = (Q2,Σ, δ2,Q02, F2) be two NFAs. A pair [q1, q2] ∈Q1 × Q2 is a state of IntersNFA(A1, A2) iff there is a word w ∈ Σ∗ such that q1 ∈ δ1(Q01,w)and q2 ∈ δ2(Q02,w).

409

Combining the claims we obtain:

(a) A pair [Q′1,Q′2] ∈ P(Q1) × P(Q2) is a state of C iff there is w ∈ Σ∗ such that

[Q′1,Q′2] = [δ1(Q01,w), δ2(Q02,w)] .

(b) A set Q′ ∈ P(Q1 × Q2) is a state of B iff there is w ∈ Σ∗ such that

Q′ = δ1(Q01,w) × δ2(Q02,w).

By (a) and (b), the map P(Q1)×P(Q2)→ P(Q1×Q2) defined by [Q′1,Q′2] 7→ Q′1×Q′2 is a bijection

between the states of B and C. Moreover, the map preserves transitions; indeed, by the definitionof NFAtoDFA and IntersNFA, we have:

• [Q′1,Q′2]

a−−→(Q′′1 ,Q

′′2 ) in C iff there is w ∈ Σ∗ such that

[Q′1,Q′2] = [δ1(Q01,w), δ2(Q02,w)] and [Q′′1 ,Q

′′2 ] = [δ1(Q01,wa), δ2(Q02,wa)] .

• Q′a−−→Q′′ in B iff there is w ∈ Σ∗ such that

Q′ = δ1(Q01,w) × δ2(Q02,w) and Q′′ = δ1(Q01,wa) × δ2(Q02,wa).

The mapping also preserves initial and final states, and so it is an isomorphism between B and C.

Exercise 68 Let A = (Q,Σ, δ, q0, F) be a DFA. A word w ∈ Σ∗ is a synchronizing word of A if reading w from any state of A leads to a common state, i.e. if there exists q ∈ Q such that for everyp ∈ Q, p

w−→ q. A DFA is synchronizing if it has a synchronizing word.

(a) Show that the following DFA is synchronizing:

p q

r s

a

b

a

ba

b

a

b

(b) Give a DFA that is not synchronizing.

410

(c) Give an exponential time algorithm to decide whether a DFA is synchronizing.

Hint: use the powerset construction.

(d) Show that a DFA A = (Q,Σ, δ, q0, F) is synchronizing iff for every p, q ∈ Q, there existw ∈ Σ∗ and r ∈ Q such that p

w−−→ r and q

w−−→ r.

(e) Give a polynomial time algorithm to test whether a DFA is synchronizing. Hint: use (d).

(f) Show that (d) implies that every synchronizing DFA with n states has a synchronizing wordof length at most (n2 − 1)(n − 1). Hint: you might need to reason in terms of pairing.

(g) Show that the upper bound obtained in (f) is not tight by finding a synchronizing word oflength (4 − 1)2 for the following DFA:

q0 q1

q3 q2

a

b

a

b

a, b

a

b

Solution:

(a) ba is a synchronizing word:

pb−−→ p

a−−→ r ,

qb−−→ s

a−−→ r ,

rb−−→ s

a−−→ r ,

sb−−→ s

a−−→ r .

(b) The following DFA is not synchronizing:

q0 q1

a

a

411

(c) Let A = (Q,Σ, δ, q0, F) be a DFA, and let Aq = (Q,Σ, δ, q, F) for every q ∈ Q. A wordw is synchronizing for A iff reading w from each automaton Aq leads to the same state.Therefore, we build a DFA B that simulates every automaton Aq simultaneously and testswhether a common state can be reached. More formally, let B = (P(Q),Σ, δ′, Q, F′) where

• δ′(Q′, a) = δ(q, a) : q ∈ Q′, and• F′ = q : q ∈ Q.

Automaton A is synchronizing iff L(B) , ∅. It is possible to construct B and test L(B) , ∅simultaneously by adapting NFAtoDFA:

IsSynchronizing(A)Input: DFA A = (Q,Σ, δ, q0, F)Output: A is synchronizing?

1 if |Q| = 1 then return true2 Q,← ∅; W← Q3 while W , ∅ do4 pick Q′ from W

5 add Q′ to Q

6 for all a ∈ Σ do7 Q′′ ← δ(q, a) | q ∈ Q′8 if |Q′′| = 1 then return true9 if Q′′ < Q then add Q′′ to W

10 return false(d) ⇒) Immediate.

⇐) Let Q = q0, q1, . . . , qn. For every 1 ≤ i, j ≤ n, let w(i, j) ∈ Σ∗ be such that δ(qi,w(i, j)) =

δ(q j,w(i, j)). Let us define the following sequence of words:

u1 = w(q0, q1)

u` = w(δ(q`, u1u2 · · · u`−1), δ(q`−1, u1u2 · · · u`−1)) for every 2 ≤ ` ≤ n.

We claim that u1u2 · · · un is a synchronizing word. To see that, let us prove by induction on `that for every 1 ≤ i, j ≤ `,

δ(qi, u1u2 · · · u`) = δ(q j, u1u2 · · · u`).

For ` = 1, the claims holds by definition of u1. Let 2 ≤ ` ≤ n. Assume that the claim holdsfor ` − 1. Let 1 ≤ i, j ≤ `. If i, j < `, then

δ(qi, u1u2 · · · u`) = δ(δ(qi, u1u2 · · · u`−1), u`)

= δ(δ(q j, u1u2 · · · u`−1), u`) (by induction hypothesis)

= δ(q j, u1u2 · · · u`).

412

If i = ` and j < `, then

δ(qi, u1u2 · · · u`) = δ(δ(qi, u1u2 · · · u`−1), u`)

= δ(δ(qi−1, u1u2 · · · u`−1), u`) (by definition of u`)

= δ(δ(q j, u1u2 · · · u`−1), u`) (by induction hypothesis)

= δ(q j, u1u2 · · · u`).

The case were i < ` and i = ` is symmetric, and the case where i = j = ` is trivial.

(e) We use the approach used in (c), but instead of simulating every automaton Aq at once, wesimulate all pairs Ap and Aq. From (d), this is sufficient. The adapted algorithm is as follows:

IsSynchronizing(A)Input: DFA A = (Q,Σ, δ, q0, F)Output: A is synchronizing?

1 for all p, q ∈ Q s.t. p , q do2 if ¬PairSynchronizable(p, q) then return false3 return true

4 PairSynchronizable(p, q)

5 Q,← ∅; W← p, q6 while W , ∅ do7 pick Q′ from W

8 add Q′ to Q

9 for all a ∈ Σ do10 Q′′ ← δ(q, a) | q ∈ Q′11 if |Q′′| = 1 then return true12 if Q′′ < Q then add Q′′ to W

13 return false

The for loop at line 1 is iterated at most |Q|2 times. The while loop of the subprocedure isiterated at most |Q|2, and the for loop within it is iterated at most |Σ| times. Hence, the totalrunning time of the algorithm is in O(|Q|4 · |Σ|).

Note that our algorithm runs in time O(|Q|4 · |Σ|) and computes a sychronizing word of lengthO(|Q|3), if there exists one. It is possible to do better. An algorithm presented in [?] computesa synchronizing word of length O(|Q|3), if there existe one, in time O(|Q|3 + |Q|2 · |Σ|).

(f) We say that a word w is (p, q)-synchronizing if δ(p,w) = δ(q,w). In the proof of (d), we havebuilt a synchronizing word w = u1u2 · · · u|Q|−1 where each ui is a (p, q)-synchronizing wordfor some p, q ∈ Q. We claim that if there exists a (p, q)-synchronizing word, then there exists

413

one of length at most |Q|2 − 1. This leads to the overall (|Q| − 1)(|Q|2 − 1) upper bound. Tosee that the claim holds, assume for the sake of contradiction that every (p, q)-synchronizingword has length at least |Q|2. Let w be such a minimal word. Let r = δ(p,w). We have

pw−−→ r,

qw−−→ r.

This yields the following run in the pairing of A and itself:

[pq

]w−−→

[rr

].

Since |w(p, q)| ≥ |Q|2, by the pigeonhole principle, there exist s, t ∈ Q, x, z ∈ Σ∗ and y ∈ Σ+

such that w = xyz and [pq

]x−−→

[st

]y−−→

[st

]z−−→

[rr

].

Hence, xz is a smaller (p, q)-synchronizing word, which is a contradiction.

Note that is possible to get a slightly better upper bound. If there exist s, t ∈ Q, x, z ∈ Σ∗ andy ∈ Σ+ such that w = xyz and

[pq

]x−−→

[st

]y−−→

[ts

]z−−→

[rr

],

then xz is a also a shorter (p, q)-synchronizing word. Moreover, if there exist s ∈ Q, x ∈ Σ∗

and y ∈ Σ+ such that w = xy and

[pq

]x−−→

[ss

]z−−→

[rr

],

then x is a shorter (p, q)-synchronizing word. Thus, at most(n2

)states of the form [s t] appear

along the path of a minimal (p, q)-synchronizing word, followed by a state of the form [r r].Therefore, a minimal (p, q)-synchronizing word is of size at most

(n2

)= (n2 − n)/2. Overall,

this yields a synchronizing word of length at most (n − 1)((n2 − n)/2) = n3/2 − n2 + n/2.

(g) ba3ba3b is such a word. It can be obtained, e.g., from the algorithm designed in (c):

414

q0, q1,

q2, q3

q0, q1,

q2

q1,

q2, q3

q0,

q2, q3

q0, q1,

q3

q0, q1q1,

q2q2, q3

q0,

q3

q0

b

a a a

b

aaa

b

a

b

b

a

bb

b

bb

a

For the interested reader, note that the Cerny conjecture states that every synchronizing DFAhas a synchronizing word of length at most (|Q| − 1)2. Since 1964, no one has been able toprove or disprove this conjecture. To this day, the best upper bound on the length of minimalsynchronizing words is ((|Q|3 − |Q|)/6) − 1 (see [?]).

Exercise 69

(a) Prove that the following problem is PSPACE-complete:

Given: DFAs A1, . . . , An over the same alphabet Σ;Decide: whether

⋂ni=1 L (Ai) = ∅.

Hint: Reduce from the acceptance problem for deterministic linearly bounded automata.

(b) Prove that if the DFAs are acyclic, but the alphabet is arbitrary, then the problem is coNP-complete. Here, acyclic means that the graph induced by transitions has no cycle, apart froma self-loop on a trap state. Hint: Reduce from 3-SAT.

(c) Prove that if Σ is a one-letter alphabet, then the problem is coNP-complete.

415

Solution: (a) Recall that a linearly bounded automaton is a deterministic Turing machine whosehead never leaves the part of the tape containing the input (plus possibly two cells to the left andto the right of the input, so that the machine can recognize when it has reached the “border”). Theautomaton accepts an input w if its run on w visits some final state.

Given a linearly bounded automaton M and an input w = a1 · · · an, we construct DFAs A1, . . . , An

such that M accepts w iff⋂n

i=1 L (Ai) = ∅. Let Q be the set of states of M, and let ΣM be its alphabet.The transition function of M is of the form δ : Q×ΣM → Q×ΣM × L,R, where L and R stand for“move left” and “move right”. The common alphabet Σ of the DFAs A1, . . . , An contains all tuples(x, q, a, q′, a′, L) such that 0 < x ≤ n and δ(q, a) = (q′, a′, L), and all tuples (x, q, a, q′, a′,R) suchthat 0 ≤ x < n and δ(q, a) = (q′, a′,R). Intuitively, a letter of Σ contains all the information abouta “move” of M: x, q, and a are respectively the current position of the head, the current state, andthe letter being currently read; q′ and a′ are the new state and the new letter, and R or L give thedirection of the move.

The states of the DFA Ai are the tuples (x, q, a) where 0 ≤ x ≤ n + 1, q ∈ Q and a ∈ ΣM, plusa trap state t. Intuitively, Ai is in state (x, q, a) if the head currently reads the x-th cell, the currentstate of M is q, and the current letter on the i-th cell is a. The initial state of Ai is (1, q0, ai), whereq0 is the initial state of M, and ai is the i-th letter of the input word w. The final states of Ai are thetuples (x, q, a) such that q is a final state of M.

The transition function δi of Ai is defined as follows. First, we define δi(t, α) = t for every letterα ∈ Σ (trap state). Let σ = (x, q, a) be a state of Ai, and let α = (y, q1, a1, q2, a2,D) be a letter of Σ.We only consider the case where D = R; the case D = L is analogous. We say that σ and α matchif x = y, q = q1 and either x , i, or x = i and a = a1. We define δi(σ, α) as follows:

• If σ and α match and x , i, then δi(σ, α) = (x + 1, q2, a).Intuitively, as the head is not on the i-the cell, after the move the i-th cell still contains an a.

• If σ and α match and x = i, a = a1, then δi(σ, α) = (i + 1, q2, a2).Intuitively, since the head writes on the i-th cell, we update its contents to a2.

• If σ and α do not match, then δi(σ, α) = t (the trap state).Intuitively, this corresponds to a “malfunction”: M executes a “wrong” letter.

By construction, M can execute a sequence of moves leading to a configuration with the headon cell x, state q, and tape contents b1 . . . bn iff the run of each Ai on the word corresponding to thissequence of moves leads to the state (x, q, bi). If M accepts x, then, after the accepting sequence ofmoves, each Ai has reached a final state, and so

⋂ni=1 L (Ai) , ∅. If M does not accept x, then for

every word of Σ∗ one of two cases holds: either the word does not correspond to a legal sequenceof moves, in which case after reading it at least one Ai is in its trap state, or it corresponds to alegal sequence of moves, in which case after reading it none of the Ai is in a final state. So we have⋂n

i=1 L (Ai) = ∅.

(b) For the membership in coNP, observe that an acyclic DFA with m states can only accept wordsof length at most m−1. Therefore, the set

⋂ni=1 L (Ai) is nonempty iff it contains a word of length at

416

most m− 1, where m is the maximal number of states of A1, . . . , An. Consider the nondeterministicalgorithm that guesses a word of length at most m − 1 and checks whether it is accepted by all ofA1, . . . , An. Since the algorithm runs in polynomial time, the emptiness problem is in coNP.

To prove coNP-hardness, we reduce 3-SAT to the nonemptiness problem. Let ϕ = C1∧· · ·∧Cm

be a Boolean formula in CNF over the variables X = x1, . . . , xn, where each clause Ci containsexactly three literals. For every clause Ci, let Li ⊆ 0, 1n be the language of truth assignments tothe variables of X that satisfy Ci. For example, if n = 5 and Ci = (x1 ∨ x3 ∨ ¬x4), then Li is thelanguage of the following regular expression:

1(0 + 1)4 + (0 + 1)21(0 + 1)2 + (0 + 1)30(0 + 1).

It is easy to construct a DFA Ai with O(n) states recognizing Li. Therefore, the words of⋂n

i=1 L (Ai)are the truth assignments that satisfy all clauses of ϕ, and so

⋂ni=1 L (Ai) , ∅ iff ϕ is satisfiable.

(c) Let ϕ be a formula as in (b), and let p1, . . . , pn be the first n prime numbers. We encode a truthassignment B = b1 . . . bn ∈ 0, 1n as the number B =

∑ni=1 pbi

i . Observe that different assignmentsare encoded as different numbers because each number has a unique prime decomposition.

For every clause Ci, let Ni be the numbers that are divisible by the prime number correspondingto some positive literal of Ci, or non divisible by the prime number of some negative literal of Ci.For example, let us reconsider n = 5 and Ci = (x1 ∨ x3 ∨ ¬x4). Since the first, third, and fourthprime numbers are 2, 5, and 7, the set Ni contains the numbers that are divisible by 2, or divisibleby 5, or not divisible by 7. It follows that a number belongs to Ni iff it is a multiple of the encodingof some assignment satisfying Ci.

Let Li = ak | k ∈ Ni. We sketch how to construct a DFA Ai recognizing Li by means of theabove example. First, we construct three DFAs with 2, 5, and 7 states, recognizing the languagesof words whose length is divisible by 2 and 5, and not divisible by 7. Then, we construct a DFAwith 2 · 5 · 7 = 70 states recognizing the union of these languages. In general, if the literals of Ci

are pi1 , pi2 , pi3 then the resulting DFA has pi1 · pi2 · pi3 states.It follows from this construction that

⋂ni=1 L (Ai) , ∅ iff ϕ is satisfiable. Indeed, we have ak ∈⋂n

i=1 L (Ai), iff the truth assignment that sets xi to true iff pi divides k is a satisfying assignmentof ϕ. It remains to show that the DFAs have polynomially mny states. For this, we use a well-known bound on the size of the n-th prime number (see the prime number theorem): pn < n(log n+

log log n) ≤ 2n log n. Consequently, Ai has at most O(n3 log n3) states, and we are done.

Exercise 70 Let A = (Q,Σ, δ,Q0, F) be an NFA. Show that with the universal accepting conditionof Exercise 19 the automaton A′ = (Q,Σ, δ, q0,Q \ F) recognizes the complement of L (A).

Solution: Observe that A and A′ have exactly the same runs on a given word w. Thus:

A accepts wiff some run of A on w leads to a state of Fiff it is not the case that all runs of A′ lead to a state of Q \ Fiff A′ does not accept w.

417

Exercise 71 Recall the model of alternating automata introduced in Exercise 20.

(a) Show that alternating automata can be complemented by exchanging existential and univer-sal states, and final and nonfinal states. More precisely, let A = (Q1,Q2,Σ, δ, q0, F) be analternating automaton, where Q1 and Q2 are respectively the sets of existential and universalstates, and where δ : (Q1 ∪ Q2) × Σ → P(Q1 ∪ Q2). Show that the alternating automatonA = (Q2,Q1,Σ, δ, q0,Q \ F) recognizes the complement of the language recognized by A.

(b) Give linear time algorithms that take two alternating automata recognizing languages L1 andL2, and that deliver a third alternating automaton recognizing L1 ∪ L2 and L1 ∩ L2.

Hint: The algorithms are very similar to UnionNFA.

(c) Show that the emptiness problem for alternating automata is PSPACE-complete.

Hint: Use Exercise 69.

Solution:(a) For every state q and each automaton B, let LB(q) be the set of words accepted by the automatonwith the same structure as B, but having q as initial state. We prove that for every state q and wordw, the following holds: w ∈ LA(q) iff w < LA(q). We proceed by induction on |w|.

If |w| = 0, then w = ε. We have ε ∈ LA(q) iff q is a final state of A iff q is not a final stateof A iff ε < LA(q). If |w| > 0, then w = aw′ for some letter a and word w′. Assume that q is anexistential state of A, and so a universal state of A (the other case is analogous). We have:

aw′ ∈ LA(q) ⇐⇒∨

q′∈δ(q,a)

w′ ∈ LA(q′) (since q is an existential state of A)

⇐⇒∨

q′∈δ(q,a)

w′ < LA(q′) (by induction hypothesis)

⇐⇒ ¬∧

q′∈δ(q,a)

w′ ∈ LA(q′) (by De Morgan’s law)

⇐⇒ aw′ < LA(q) (since q is a universal state of A).

(b) Let q01 and q02 be the initial states of the two alternating automata, and let δ1, δ2 be theirtransition functions. For union, we put the two automata side by side; add a fresh initial existentialstate q0, and add transitions from q0 to all states in δ1(q01, a) ∪ δ2(q02, a) for every letter a. Forintersection, we proceed in the same way, but making q0 universal instead of existential.

(c) We reduce from the following problem, which is proved to be PSPACE-complete in Exercise 69:

Given: DFAs A1, . . . , An over the same alphabet Σ,Decide: whether

⋂ni=1 L (Ai) = ∅.

More precisely, given DFAs A1, . . . , An, we consider them as alternating automata made solely ofexistential states. We then construct an alternating automaton for their intersection using repeatedlythe construction of (b). The resuling automaton has an empty language iff

⋂ni=1 L (Ai) = ∅.

418


419

420

Exercise 72 Use ideas from the main text to design an algorithm for the pattern maching problem `that identifies a matched [i, j]-factor of the text, where position j is minimal and where position iis as close to j as possible, i.e. maximal w.r.t. j. Run your algorithm on text t = caabac and patternp = a+(b + c)a+ + bac. What is the complexity of your algorithm?

Solution: Let A = (Q,Σ, δ,Q0, F) be an NFA for p. Let us assume that ε < L (A) and L (A) , ∅as we can otherwise simply report (0, 0) or ⊥. Let A′ be the NFA obtained by adding a fresh initialstate qwait to A; by making Q0 non initial; and by allowing qwait to either self-loop on a letter ormove to where this letter would lead from Q0. More formally, let A′ = (Q∪ qwait,Σ, δ

′, qwait, F)where δ′ extends δ with δ′(qwait, a) = qwait ∪ δ(Q0, a) for each a ∈ Σ. Note that L (A′) = L (Σ∗p).

We give an algorithm that constructs A′ from p and reads the text until a final state q is reached.The moment at which q is reached determines the minimal position j. In order to find the positioni, we could store the predecessor of each discovered state, and go back from q to an ancestor p ∈ Qwhose predecessor is qwait. This corresponds to the moment where we moved to NFA A and startedmatching the pattern. There may exist many such moments due to nondeterminism. Since we wantthe maximal i w.r.t. j, we more carefully store the maximal moments we moved from qwait to A:

FindFactorNFA(t, p)Input: text t = a1 . . . an ∈ Σ+, pattern pOutput: indices (i, j) s.t. the [i, j]-factor of t matches p, j is minimal and i ismaximal w.r.t. j; or ⊥ if no such factor exists.

1 A← RegtoNFA(p)2 construct A′ from A3 initialize start[q]← −∞ for each state q of A′

45 S ← qwait

6 for all k = 0 to n − 1 do7 S ′ ← ∅8 for all p ∈ S do9 for all q ∈ δ′(p, ak+1) do

10 add q to S ′

11 if p = qwait and q , qwait then start[q]← k12 else if p , qwait then start[q]← max(start[q], start[p])1314 for all q ∈ S ′ do15 if q ∈ F then return (start[q], k + 1)16 S ← S ′

17 return ⊥

The algorithm takes the same time as solution 1 from the main text, i.e. O(k(k+m)2 +nm2). Indeed,

421

the construction of A′ from A and the initialization of “start” can be done in linear time. The rest isas in solution 1, but with the extra constant time checks and bookkeeping operations.

Let us illustrate the algorithm on text t = caabac and pattern p = a+(b + c)a+ + bac. Theautomaton A′ is as follows, where the original NFA A is depicted in a darker shade (with states q0and q4 formerly initial):

qwait q0 q1 q2 q3

q4 q5 q6 q7

a, b, c

a

a

b

a

a b, c a

a

b a c

Schematically, reading the five first letters of t = caabac in A′ yields this trace:

qwait qwait qwait

q0

q1

qwait

q0

q1

qwait

q5

q2

qwait

q6

q3

q0

q1

c a

a

a

a

a

a

a

a

b

b

b

a

a

a

a

a

In other words, we can see column k of the above graph as the contents of S at iteration k, andeach arc (p, σ, q) indicates the discovery of state q from state p via letter σ. We stop as soon aswe discover a final state, here q3. Paths from qwait to q3, with no intermediate occurrence of qwait,correspond to factors that match the pattern. In our case, they are: aaba (factor [1, 5]) and aba(factor [2, 5]). We would like to return the latter as 2 > 1. Hence, the algorithm memorizes thelatest “start moment” of each state. Schematically, these numbers would evolve as follows:

422

qwait qwait qwait

q0

q1

qwait

q0

q1

qwait

q5

q2

qwait

q6

q3

q0

q1

−∞ −∞ −∞ −∞ −∞ −∞

1 2

1 2

3

2 2

3

4

4

c a

a

a

a

a

a

a

a

b

b

b

a

a

a

a

a

Observe that suffix bac of the text (factor [3, 6]) is also a match. It is not detected as we stop assoon as possible. It would be discovered if we were to read the last letter c and discover state q7.

Exercise 73 The pattern matching problem deals with finding the first [i, j]-factor of t that belongsto L (p). Show that the first such [i, j]-factor w.r.t. j is not necessarily the first one w.r.t. to i.

Solution: Let t = cabba and p = ab∗a + ba∗b. The first [i, j]-factor w.r.t. j is bb ([2, 4]) while thefirst one w.r.t to i is abba ([1, 5]).

Exercise 74 Suppose we have an algorithm that solves the pattern matching problem, i.e. that `finds the first [i, j]-factor (w.r.t. j) of a text t that matches a pattern p. How can we use it as a blackbox to find the last [i, j]-factor w.r.t i?

Solution: We first construct the reverse of p inductively using the following rules:

∅R = ∅ (r1r2)R = r2r1

εR = ε (r1 + r2)R = r1 + r2

aR = a (r∗)R = r∗.

We then solve the pattern matching problem for text tR and pattern pR. If the procedure (as a blackbox) reports [i, j], then we report [|t| − j, |t| − i].

Exercise 75 Use the ideas of Exercises 72 and 74 to obtain an algorithm that solves the pattern`matching problem, but this time by finding the first [i, j]-factor w.r.t. i (instead of j).

423

Solution: The algorithm of Exercise 72 stops as soon as it finds a final state. We can easily adaptit to stop at the last encountered final state. This would yield a factor [i, j] that matches the patternand where j is maximal and i is as close to i as possible. Using the idea of Exercise 74, we can runour new procedure on tR and pR. This will yield a factor [i, j] that matches the pattern and where iis minimal and j is as close to i as possible.

Exercise 76 3

(a) Build the automata Bp and Cp for the word pattern p = mammamia.

(b) How many transitions are taken when reading t = mami in Bp and Cp?

Solution:

(a) Ap :

0 1 2 3 4 5 6 7 8

a, i,m

m a m m a m i a

Bp :

0 0, 1 0, 2 0, 1, 3 0, 1, 4 0, 2, 5 0, 1, 3, 6 0, 7 0, 8

a, i

m a

m

i

m

a, i

m

a

i

a

m

i

m

a, i

i

a

m

a

i

m

a, i

m

424

Cp :

0 1 2 3 4 5 6 7 8

a, i; R

m; R a; R

i,m; N

m; R

a, i; N

m; R

a, i; N

a; R

i,m; N

m; R

a, i; N

i; R

a,m; N

a; R

i,m; N

a, i,m; N

(b) Four transitions taken in Bp: 0m−→ 0, 1

a−→ 0, 2

m−→ 0, 1, 3

i−→ 0.

Six transitions taken in Cp: 0m−→ 1

a−→ 2

m−→ 3

i−→ 1

i−→ 0

i−→ 0.

Exercise 77 We have shown that lazy DFAs for a word pattern may need more than n steps toread a text of length n, but not more than 2n + m, where m is the length of the pattern. Find a textt and a word pattern p such that the run of Bp on t takes at most n steps and the run of Cp takes atleast 2n − 1 steps. Hint: a simple pattern of the form ak is sufficient.

Solution: Let t = an−1b and p = an. The automata Bp and Cp are as follows:

Bp:

0 0, 1 0, 1, 2 0, 1, . . . , na a a

bb

b

b

a

Cp:

0 1 2 n − 1 na; R a; R a; R

b; R

b; N b; N a, b; N

a; R

b; N

425

The runs over t on Bp and Cp are respectively:

0a−→ 0, 1

a−→ 0, 1, 2

a−→ · · ·

a−→ 0, 1, . . . , n − 1

b−→ 0,

and0

a−→ 1

a−→ 2

a−→ · · ·

a−→ (n − 1)

b−→ (n − 2)

b−→ (n − 3)

b−→ · · ·

b−→ 0.

Exercise 78 Give an algorithm that, given a text t and a word pattern p, counts the number of òccurrences of p in t. Try to obtain a complexity of O(|t| + |p|).

Solution: We could “slide a window” and count the number of occurrences of p. However, thiswould not run in linear time. Instead, we construct a lazy DFA Cp for p and read t in C. Weincrement a counter each time the final state is reached.

Note that we technically have to count the number of times the final state is reached with R(right move), not from N (no move). However, there is no transition to the final state with N.Indeed, “no moves” occur when a state delegates to its tail. Moreover, the final state contains n,while a tail cannot contain n since it is the largest number.

Exercise 79 Two-way DFAs are an extension of lazy automata where the reading head is also allowed to move left. Formally, a two-way DFA (2DFA) is a tuple A = (Q,Σ, δ, q0, F) whereδ : Q × (Σ ∪ `, a) → Q × L,N,R. Given a word w ∈ Σ∗, A starts in q0 with its reading tapeinitialized with ` w a, and its reading head pointing on `. When reading a letter, A moves the headaccording to δ (Left, No move, Right). Moving left on ` or right on a does not move the readinghead. A accepts w if, and only if, it reaches a in a state of F.

(a) Let n ∈ N. Give a 2DFA that accepts (a + b)∗a(a + b)n.

(b) Give a 2DFA that does not terminate on any input.

(c) Describe an algorithm to test whether a given 2DFA A accepts a given word w.

(d) Let A1, A2, . . . , An be DFAs over a common alphabet. Give a 2DFA B such that

L(B) = L(A1) ∩ L(A2) ∩ · · · ∩ L(An) .

Solution:

(a) The following 2DFA accepts (a + b)∗a(a + b)n. Transitions not drawn lead to a trap statewithout moving the head.

p q r1 r2 rn s

`; Ra; Rb; R

a; La; Lb; L

a; Lb; L a; R

a; Rb; Ra; N

a; Lb; L

426

(b)

`; Na; Na; N

(c) From (b), we know that simply reading an input word is not sufficient since the automatoncould loop forever. Instead, we keep track of all configurations that are encountered whenreading the input word w. A configuration is a pair (q, i) where q is a state and 0 ≤ i ≤ |w|+ 1is a position of the reading head. If (q f , |w| + 1) when q f ∈ F is encountered, then theautomaton accepts w. If a configuration is seen twice, then the automaton loops forever.

We obtain the following algorithm:

Input: 2DFA A = (Q,Σ, δ, q0, F) and w ∈ Σ∗

Output: w ∈ L (A)?

1 W ← ∅; q← q0; i← 02 while (q, i) < W do3 if q ∈ F and i = |w| + 1 then return true45 if i = 0 then q, d ← δ(q, `)6 else if i = |w| + 1 then q, d ← δ(q, a)7 else q, d ← δ(q,wi)89 if d = L and i 0 then i← i − 1

10 else if d = R and i ≤ |w| then i← i + 111 return false

(d) We build a 2DFA B that first simulates A1 on w. If a final state of A1 is reached in a, then Brewinds the tape. Automaton B then repeat this process on A2, . . . , An. If every Ai accepts w,then B finally moves the reading head to a in a final state. The construction looks as follows:

427

q1,0

q1, f

q′1, f

A1

qn,0

qn, f

q′n, f

An

`; R

a; L

a; L

Σ; L a; L

a; L

Σ; L

`; R

Σ, a; Ra; R

b; R

c; R

d; R

`; R

Let Ai = (Qi,Σ, δi, qi,0, Fi). Formally, B is defined as B = (Q,Σ, δ, p, r) where

• Q = p, s ∪ Q1 ∪ Q2 ∪ · · · ∪ Qn ∪ ri : 1 ≤ i ≤ n,

• δ(q, a) =

(q1,0,R) if q = p and a = `,

(δi(q, a),R) if q ∈ Qi and a ∈ Σ,

(ri, L) if q ∈ Fi and a = a,

(ri, L) if q = ri and a ∈ Σ,

(qi+1,0,R) if q = ri, a = ` and 1 ≤ i < n,(s,R) if q = rn, a = `,

(s,R) if q = s, a ∈ Σ ∪ a.

It is known that the intersection problem, which is defined as follows, is PSPACE-complete [?]:

Given: DFAs A1, A2, . . . , An,Decide: whether L(A1) ∩ L(A2) ∩ · · · ∩ L(An).

We have seen how to build, in polynomial time, a 2DFA B such that L(B) = L(A1) ∩ L(A2) ∩ · · · ∩L(An). Thus, testing emptiness for 2DFAs is “at least as hard” as the intersection problem, i.e. it isPSPACE-hard. In fact, the emptiness problem for 2DFAs is PSPACE-complete [?, ?].

Exercise 80 In order to make pattern matching robust to typos, we further wish to include “similar words” in our results. For this, we consider as “similar” words with a small Levenshtein distance(also known as the edit distance). We may transform a word w into a new word w′ using thefollowing operations, where ai, b ∈ Σ:

(R) Replace: w = a1 · · · ai−1aiai+1 · · · al → w′ = a1 · · · ai−1 b ai+1 · · · al,

(D) Delete: w = a1 · · · ai−1aiai+1 · · · al → w′ = a1 · · · ai−1 ε ai+1 · · · al,

(I) Insert: w = a1 · · · ai−1aiai+1 · · · al → w′ = a1 · · · ai−1ai b ai+1 · · · al.

428

The Levenshtein distance of w and w′, denoted ∆(w,w′), is the minimal number of operations (R),(D) and (I) needed to transform w into w′. We write ∆L,i = w ∈ Σ∗ | ∃w′ ∈ L s.t. ∆(w,w′) ≤ i todenote the language of all words with Levenshtein distance at most i to some word of L.

(a) Compute ∆(abcde, accd).

(b) Prove the following statement: If L is a regular language, then ∆L,n is a regular language.

(c) Let p be the pattern abba. Construct an NFA-ε locating the pattern or variations of it withLevenshtein distance 1.

Solution:

(a) We have ∆(abcde, accd) = 2. Indeed, ∆(abcde, accd) ≤ 2 since we can replace the first bwith a c, and delete e. Moreover, ∆(abcde, accd) > 1 since at least one letter must be deletedand none of the possible deletions yield the correct word.

(b) Let M = (Q,Σ, δ, q0, F) be a DFA for L. We obtain an NFA-ε N for ∆L,n by adding n “errorlevels”. Formally, let:

N = (Q × 0, . . . , n,Σ, δ′, (q0, 0), F × 0, . . . , n)

where

δ′ = ((p, i), a, (q, i)) | p, p ∈ Q, i ≤ n, a ∈ Σ and δ(p, a) = q (no change)

∪ ((p, i), ε, (q, i + 1)) | p, q ∈ Q, i < n and ∃a ∈ Σ s.t. δ(p, a) = q) (delete)

∪ ((q, i), a, (q, i + 1)) | q ∈ Q, i < n and a ∈ Σ (insert)

∪ ((p, i), b, (q, i + 1)) | p, q ∈ Q, i < n, and ∃a ∈ Σ \ b s.t. δ(p, a) = q) (replace)

Let us prove that L (N) = ∆L,n.

∆L,n ⊆ L (N). If w ∈ ∆L,n, then there is w′ ∈ L such that ∆(w,w′) = k ≤ n. In other words,starting from the word w′, we can obtain w by applying k “mistakes” (delete, insert,replace). As w′ ∈ L = L (M) and as the 0-level of N is a copy of M, word w′ has arun in N that reaches a final state (q f , 0). By construction of the automaton N, thereis a run of the word w that follows the run of w′ where each ”mistake” can be seen asmoving to the next error-level, using the corresponding transition from δ′ depending onthe mistakes. It is easy to see that if the word w′ reaches a final state (q f , 0) in N, thenw can reach (q f , k), and thus w ∈ L(N).

L (N) ⊆ ∆L,n. If w ∈ L (N), then there is a run of w in N that reaches a final state (q f , k) ∈F × 0, . . . , n. Intuitively, for each transition of that run that changes the level, wemodify w so that it “stays in the same level”. Formally, we check the nature of thetransition that changes the level and modify w as follows:

429

• If (p, i)a−→ (p, i + 1) is an insert transition, then we remove this occurrence of the

letter a from w.

• If (p, i)a−→ (q, i+1) is a replace transition, and there exists a transition (p, i)

b−→ (q, i),

for some letter b, then we replace this occurrence of a in w with b.

• If (p, i)ε−→ (q, i+1) is a delete transition, and there exists a transition (p, i)

a−→ (q, i),

for some letter a, then we add the letter a at this place in w.

Let w′ be the resulting word. It is readily seen that w′ is obtained from w by introducingk mistakes (delete, insert, replace), as in the run of w there are exactly k transitions thatchange the level. Consequently, ∆(w′,w) ≤ k ≤ n. Moreover, if w reaches (q f , k), thenw′ reaches (q f , 0). As the 0-level is a copy of M, then w′ ∈ L (M) = L. In summary,there exists w′ ∈ L such that ∆(w′,w) ≤ n, that is, w ∈ ∆L,n.

(c) We use the same construction as in (b) with the automaton Ap for pattern p = abba.

q0 q1 q2 q3 q4

p0 p1 p2 p3 p4

a, b

a b b a

a b b a

a, b a, b a, b a, b a, bε, b ε, a ε, a ε, b

430


431

432


(a) Give a transducer that doubles numbers, i.e. a transducer recognizing the language[x, y] ∈ (0, 1 × 0, 1)∗ | val(y) = 2 · val(x)

.

(b) Give an algorithm that takes k ∈ N as input and produces a transducer Ak recognizing thelanguage

Lk =[x, y] ∈ (0, 1 × 0, 1)∗ | val(y) = 2k · val(x)

.

(Hint: use (a) and joins.)

(c) Give a transducer for the addition of two numbers, i.e. a transducer recognizing the language[x, y, z] ∈ (0, 1 × 0, 1 × 0, 1)∗ | val(z) = val(x) + val(y)

.

(d) For every k ∈ N>0, let

Xk =[x, y] ∈ (0, 1 × 0, 1)∗ | val(y) = k · val(x)

.

Suppose you are given transducers A and B recognizing respectively Xa and Xb for somea, b ∈ N>0. Sketch an algorithm that builds a transducer C recognizing Xa+b. (Hint: use (c).)

Using (b) how can you build a transducer recognizing Xk?

(f) Show that the following language has infinitely many residuals, and hence that it is notregular:

[x, y] ∈ (0, 1 × 0, 1)∗ | val(y) = val(x)2.

Solution:

(a) Let [x1x2 · · · xn, y1y2 · · · yn] ∈ (0, 1 × 0, 1)n where n > 1. Multiplying a binary number bytwo shifts its bits and adds a zero. For example, the word[

1011001011

]belongs to the language since it encodes [13, 26]. Thus, we have val(y) = 2 · val(x) if, andonly if y1 = 0, xn = 0, and yi = xi−1 for every 1 < i ≤ n. From this observation, we build atransducer that

– makes sure the first bit of y is 0,

– ensures that y is consistent with x by keeping the last bit of x in memory,

433

– accepts [x, y] if the last bit of x is 0.

Note that [ε, ε] and [0, 0] both encode [0, 0]. Therefore, they should also be accepted since2 · 0 = 0. We obtain the following transducer:

0

1

[00

]

[10

]

[00

]

[10

][01

]

[11

]

(b) Let A0 be the following transducer accepting [x, y] ∈ (0, 1 × 0, 1)∗ : y = x:

[00

],[11

]

Let A1 be the transducer obtained in (a). For every k ≥ 1, we define Ak+1 = Join(Ak, A1). Asimple induction shows that L(Ak) = Lk for every k ∈ N.

(c) We build a transducer that computes the addition by keeping the current carry bit. Considersome tuple [x, y, z] ∈ 0, 13 and a carry bit r. Adding x, y and r leads to the bit

z = x + y + r mod 2. (15.8)

Moreover, it gives a new carry bit r′ such that r′ = 1 if x + y + r > 1 and r′ = 0 otherwise.

434

The folllowing tables identifies the new carry bit r′ of the tuples that satisfy (15.9):000

001

010

011

100

101

110

111

r = 0 0 x x 0 x 0 1 xr = 1 x 0 1 x 1 x x 1

We deduce our transducer from the above table:

q0

q1

110

001

000

,011

,101

010

,100

,111

(d) We construct a transducer C that, intuitively, feeds its input to both A and B, and then feed therespective outputs of A and B to a transducer performing addition. More formally, let A =

(QA, 0, 1, δA, q0A, FA), B = (QB, 0, 1, δB, q0B, FB), and let D = (QD, 0, 1, δD, q0D, FD)be the transducer for addition obtained in (c). We define C as C = (QC , 0, 1, δC , q0C , FC)where

– QC = QA × QB × QD,

– q0C = (q0A, q0B, q0D),

– FC = FA × FB × FD,

and

δC((p, p′, p′′), [a, c]) = (q, q′, q′′) : ∃b, b′ ∈ 0, 1 s.t. p[a,b]−−−→A q, p′

[a,b′]−−−−→B q′ and p′′

[b,b′,c]−−−−−→D q′′.

435

• Let ` = dlog2(k)e. There exist c0, c1, . . . , c` ∈ 0, 1 such that k = c0 ·20 + c1 ·21 + · · ·+ c` ·2`.Let I = 0 ≤ i ≤ ` : ci = 1. Note that k =

∑i∈I 2i. Therefore, we may use transducer Ai

from (b) for each i ∈ I, and combine these transducers using (d).

(f) For every n ∈ N>0, let

un =

[0n10n0

]and vn =

[0n−100n−11

].

Let i, j ∈ N>0 be such that i , j. We claim that Lui , Lu j . We have

uivi =

[0i10i

02i1

]and u jvi =

[0 j10i

0i+ j1

].

Therefore, uivi encodes [2i, 22i], and uiv j encodes [2 j, 2i+ j]. We observe that uivi belongsto the language since 22i = (2i)2. However, u jvi does not belong to the language since2i+ j , 22 j = (2 j)2.

Exercise 82 Let U = N be the universe of natural numbers, and consider the MSBF encoding.Give transducers for the sets of pairs (n,m) ∈ N2 such that (a) m = n + 1, (b) m = bn/2c, (c)n/4 ≤ m ≤ 4n. How do the constructions change for the LSBF encoding?

Solution: (a) Two words wn and wn+1 are MSBF encodings of n and n + 1 of the same lengthiff there is a word w (possibly empty) and k ≥ 0 such that wn = w01k and wn+1 = w10k. So thetransducer is

[00

],

[11

][01

][10

]

(b) Let sn, sm ∈ 0, 1∗ be the shortest MSBF-encodings of n and m, respectively. We have m =

bn/2c iff either sn = ε = sm (this is the case n = 0), or if there is w ∈ 0, 1∗ such that such thatsn = 1w and sm = w (this is the case n > 0.) So the transducer has to recognize all pairs of wordsof the form (0k, 0k) and (0k1w, 0k+1w).

The trasducer is shown below. It reads [0, 0]s until it finds the first 1 of sn (if ever). From thismoment on, it moves between the two states labeled by 0 and 1. The intuitive meaning of state 0is “the last bit of sn I’ve read was a 0”, and similarly for state 1. The transitions are then given bythe requirement that the next bit of sm must be equal to the last bit of sn. So, for instance, we have

a transition 1[0,1]−−−−→ 0 because the next bit of sm must be a 1, and after reading a 0 the last bit of sn

read by the transducer is a 0.

436

1 0

[00

][10

] [01

][11

]

[10

]

[00

]

(c) Let sn, sm ∈ 0, 1∗ be the shortest MSBF-encodings of n and m, respectively. We have n/4 ≤m ≤ 4n iff −2 ≤ |sn| − |sm| ≤ 2. The transducer is:

[10

]

[01

]

[11

][00

]Σ × Σ

[00

],

[10

][01

],

[11

] [01

],

[11

]

[00

],

[01

][10

],

[11

] [10

],

[11

]

For the LSBF encoding, it suffices to construct transducers for the reverse of the languagesrecognized by the transducers for the MSBF encoding. So it suffices to exchange the initial andfinal states.

Exercise 83 Let U be some universe of objects, and fix an encoding of U over Σ∗. Prove ordisprove: if a relation R ⊆ U × U is regular, then the language

LR = wxwy | (wx,wy) encodes a pair (x, y) ∈ R

is regular.

437

Solution: This is false. Let U = (a, b)∗, and consider the identity encoding, i.e., a word w ∈a, b∗ is encoded by itself and its paddings, or, in other words, by the language w#∗.

The identity relation R = (w,w) | w ∈ a, b∗ × a, b∗ is regular: indeed, it is recognized bya transducer with one single state q, both initial and final, and transitions (q, [a, a], q), (q, [b, b], q).However, we have LR = ww | w ∈ a, b∗, which is not regular.

Exercise 84 Let A be an NFA over the alphabet Σ.

(a) Show how to construct a transducer T over the alphabet Σ × Σ such that (w, v) ∈ L(T ) iffwv ∈ L(A) and |w| = |v|.

(b) Give an algorithm that accepts an NFA A as input and returns an NFA A/2 such that L (A/2) =

w ∈ Σ∗ | ∃v ∈ Σ∗ : wv ∈ L (A) ∧ |w| = |v|.

Solution: (a) Let A = (Q,Σ, δ,Q0, F), and let q ∈ Q. We construct a transducer Tq such that(w, v) ∈ L(Tq) iff |w| = |v| and A has an accepting run of the form q0

w−−→ q

v−−→ q f (i.e., with state q

“in the middle”). The transducer T is then the union over all states q ∈ Q of the transducers Tq.We design Tq so that the following holds: Tq has a run

[q1q′1

] a1a′1

−−−−→

[q2q′2

]· · ·

[qn−1q′n−1

] an

a′n

−−−−→

[qn

q′n

]iff A has two runs

q1a1−−−→ q2 · · · qn−1

an−−−→ qn

q′1a′1−−−→ q′2 · · · q′n−1

a′n−−−→ q′n

The states of Tq are then pairs of states of Q, and Tq has a transition [q1, q′1][a1,a′1]−−−−−−→[q2, q′2] for

every pair of transitions q1a1−−−→ q′1 and q2

a2−−−→ q′2 of the NFA. Now we choose the initial and final

states. The initial states are all pairs [q0, q] such that q0 ∈ Q0. The final states are all pairs [q, q f ]such that q f ∈ F.(b) A possible algorithm is: construct the transducer T as shown in part (a) of the exercise, andthen obtain A/2 by relabeling the transitions of T : if a transition is labelled by [a, b], then changeits label to a.

Exercise 85 In phone dials letters are mapped into digits as follows:

ABC 7→ 2 DEF 7→ 3 GHI 7→ 4 JKL 7→ 5MNO 7→ 6 PQRS 7→ 7 TUV 7→ 8 WXYZ 7→ 9

438

This map can be used to assign a telephone number to a given word. For instance, the number forAUTOMATON is 288662866.

Consider the problem of, given a telephone number (for simplicity, we assume that it containsneither 1 nor 0), finding the set of English words that are mapped into it. For instance, the set ofwords mapping to 233 contains at least ADD, BED, and BEE. Assume a DFA N over the alphabetA, . . . ,Z recognizing the set of all English words is given. Given a number n, show how toconstruct a NFA recognizing all the words that are mapped to n.

Solution: Let R be the set of all pairs (n,w) where n is a number, and w is a word mapped to n,and let E be the set of English words. Let n0 be a telephone number. We are looking for a DFArecognizing Post(n0,R) ∩ E.

Let An0 be the obvious DFA over 2, . . . 9 recognizing the number n0 The relation R is recog-nized by the transducer TR with one state q0, both initial and final, and transitions

(q0, [2, A], q0), (q0, [2, B], q0), . . . , (q0, [9,Y], q0), (q0, [9,Z], q0) .

So the NFA we are looking for can be computed as InterNFA(

Post(An0 ,TR) , N).

Exercise 86 As we have seen, the application of the Post, Pre operations to transducers requiresto compute the padding closure in order to guarantee that the resulting automaton accepts either allor none of the encodings of a object. The padding closure has been defined for encodings wherepadding occurs on the right, i.e., if w encodes an object, then so does w #k for every k ≥ 0. However,in some natural encodings, like the most-significant-bit-first encoding of natural numbers, paddingoccurs on the left. Give an algorithm for calculating the padding closure of a transducer whenpadding occurs on the left.

Exercise 87 We have defined transducers as NFAs whose transitions are labeled by pairs of sym-bols (a, b) ∈ Σ×Σ. With this definition transducers can only accept pairs of words (a1 . . . an, b1 . . . bn)of the same length. In many applications this is limiting.

An ε-transducer is a NFA whose transitions are labeled by elements of (Σ∪ ε)× (Σ∪ ε). Anε-transducer accepts a pair (w,w′) of words if it has a run

q0(a1,b1)−−−−−→ q1

(a2,b2)−−−−−→ · · ·

(an,bn)−−−−−→ qn with ai, bi ∈ Σ ∪ ε

such that w = a1 . . . an and w′ = b1 . . . bn. Note that |w| ≤ n and |w′| ≤ n. The relation acceptedby the ε-transducer T is denoted by L (T ). The figure below shows a transducer over the alphabeta, b that, intuitively, duplicates the letters of a word, e.g., on input aba it outputs aabbaa. In thefigure we use the notation a/b.

439

a/a

b/b

ε/a

ε/b

Give an algorithm Postε(A,T ) that, given a NFA A and an ε-transducer T , both over the samealphabet Σ, returns a NFA recognizing the language

postTε (A) = w | ∃w′ ∈ L(A) such that (w′,w) ∈ L(T )

Hint: View ε as an additional alphabet letter.

Solution: Given an alphabet Σ, let Σε = Σ ∪ ε, where we consider ε as a symbol, not as therepresentation of the empty word. Let Tε be the standard transducer over Σε obtained from T bylooking at ε as another alphabet letter. So, for instance, if T is the ε-transducer above, then Tεaccepts, for instance, the pair (aεbε, aabb). Further, let Aε be be NFA over Σε obtained from A byadding to each state q of A a loop (q, ε, q). Clearly, we have

L(Aε) =⋃ε∗a1ε

∗ · · · ε∗anε∗ | a1 · · · an ∈ L(A)

and thereforepostTε (A) = projΣ

(postTε (Aε)

)This equation leads to the following algorithm: first we construct Aε ; then we construct the NFABε = Post(Aε ,Tε), where Post is the algorithm defined in the Chapter; finally, we construct a NFAB recognizing the projection of L(Bε) onto Σ. Since computing the projection is equivalent toconsidering ε as the empty word, we can take B = NFAεtoNFA(Bε), where we look at Bε as aNFA-ε. So, more compactly:

Postε(A,T ) = NFAεtoNFA(Post(Aε ,Tε)

).

Exercise 88 Transducers can be used to capture the behaviour of simple programs. Figure 15.5shows a program P and its control-flow diagram. The instruction end finishes the execution of theprogram. P communicates with the environment through its two boolean variables, both with 0 asinitial value. The I/O-relation of P is the set of pairs (wI ,wO) ∈ 0, 1∗ × 0, 1∗ such that there isan execution of P during which P reads the sequence wI of values and writes the sequence wO.

Let [i, x, y] denote the configuration of P in which P is at node i of the control-flow diagram,and the values of its two boolean variables are x and y, respectively. The initial configuration of P

440

bool x, y init 0x←?write xwhile true do

read y until y = x ∧ yif x = y then write y endx← x − 1 or y← x + yif x , y then write x end

1

2

3

4

56

78

9 10

x←?

write x

read y

y = x ∧ y

y , x ∧ y

x , y

x = y

write y

y← x + yx← x − 1

x , y

write x

x = y

Figure 15.5: Programm used in Exercise 88.

is [1, 0, 0]. By executing the first instruction P moves nondeterministically to one of the configu-rations [2, 0, 0] and [2, 1, 0]; no input symbol is read and no output symbol is written. Similarly,by executing its second instruction, the program P moves from [2, 1, 0] to [3, 1, 0] while readingnothing and writing 1.

(a) Give an ε-transducer recognizing the I/O-relation of P.

(b) Can an overflow error occur? (That is, can a configuration be reached in which the value ofx or y is not 0 or 1?)

(c) Can node 10 of the control-flow graph be reached?

(d) What are the possible values of x upon termination, i.e. upon reaching end?

(e) Is there an execution during which P reads 101 and writes 01?

(f) Let I and O be regular sets of inputs and outputs, respectively. Think of O as a set ofdangerous outputs that we want to avoid. We wish to prove that the inputs from I are safe,i.e. that when P is fed inputs from I, none of the dangerous outputs can occur. Describe analgorithm that decides, given I and O, whether there are i ∈ I and o ∈ O such that (i, o)belongs to the I/O-relation of P.

441

Solution: (a) The states of the transducer are the reachable configurations of P.

[1, 0, 0]

[2, 0, 0]

[3, 0, 0]

[4, 0, 0]

[4, 0, 1]

[5, 0, 0]

[3, 0, 1]

[6, 0, 0]

[7, 0, 0]

[2, 1, 0]

[3, 1, 0]

[4, 1, 0] [4, 1, 1]

[5, 1, 0] [5, 1, 1]

[8, 1, 0] [6, 1, 1]

[9, 0, 0] [7, 1, 1]

[3, 1, 1]

[9, 1, 1]

ε/ε ε/ε

ε/0

0/ε

1/ε

ε/ε

ε/ε

ε/0

ε/ε1/ε

0/ε

ε/1

0/ε 1/ε

ε/ε

ε/ε

ε/ε

ε/ε

ε/ε

ε/ε

ε/ε

ε/1

ε/ε

0/ε 1/ε

(b) No.(c) No. The node is redundant. In fact, the last line of P can be removed without changing thebehaviour.(d) 0 and 1, because the reachable final configurations are [7, 0, 0] and [7, 1, 1].(e) Let T be transducer for P, and let AI and AO be NFAs recognizing I and O, respectively. Apossible algorithm for the task is EmptyNFA

(IntersNFA( Postε(AI ,T ), A0 )

).

Exercise 89 In Exercise 87 we have shown how to compute pre- and post-images of relationsdescribed by ε-transducers. In this exercise we show that, unfortunately, and unlike standard trans-ducers, ε-transducers are not closed under intersection.

(a) Construct ε-transducers T1,T2 recognizing the relations R1 = (anbm, c2n) | n,m ≥ 0, andR2 = (anbm, c2m) | n,m ≥ 0.

(b) Show that no ε-transducer recognizes R1 ∩ R2.

442

Solution:

a/c

b/εε/c

ε/c

a/ε

b/cε/c

b/c

(b) We have R1 ∩ R2 = (anbn, c2n) | n ≥ 0. Assume some ε-transducer T recognizes R1 ∩ R2.

Replace each transition q(a,b)−−−−→ q′ of T by q

(a,b)−−−−→ q′ (where a, b ∈ Σ ∪ ε). The result is an NFA

recognizing the language anbn | n ≥ 0, contradiction. So no ε-transducer recognizes R1 ∪ R2.

Exercise 90 (Inspired by a paper by Galwani al POPL’11.) Consider transducers whose transitionsare labeled by elements of (Σ∪ε)× (Σ∗∪ε). Intuitively, at each transition these transducers readone letter or no letter, an write a string of arbitrary length. These transducers can be used to performoperations on strings like, for instance, capitalizing all the words in the string: if the transducerreads, say, ”singing in the rain”, it writes ”Singing In The Rain”. Sketch ε-transducers for thefollowing operations, each of which is informally defined by means of two or three examples. Ineach example, when the transducer reads the string on the left it writes the string on the right.

Company\Code\index.html Company\Code

Company\Docs\Spec\specs.doc Company\Docs\Spec

International Business Machines IBM

Principles Of Programming Languages POPL

Oege De Moor Oege De Moor

Kathleen Fisher AT&T Labs Kathleen Fisher AT&T Labs

Eran Yahav Yahav, E.

Bill Gates Gates, B.

004989273452 +49 89 273452

(00)4989273452 +49 89 273452

273452 +49 89 273452

Solution: We give informal descriptions of the behaviour of the ε-transducers.First transducer: x ranges over all symbols and y over all symbols but the backslash.

443

x/x

\ / \

y/ε

Second transducer: X ranges over uppercase letters, x over lowercase symbols.

X/X

x/ε

Third transducer: x ranges over all symbols but the space symbol. In order to prevent trailingspaces we remember seeing a space and output it before the next letter.

x/x/ε

/ε

x/ x

Fourth transducer. We assume that the string is always of the form Firstname Lastname; xranges over lowercase letters.

· · · · · · · · · · · ·

A / ε

Z / ε

x / x

/

x / x

/ , ε / ε / Aε / .

x / x

/

x / x

/ , ε / ε / Aε / .

Fifth transducer. Similar to the fourth transducer.

444


445

446

Exercise 91 Prove that the minimal DFA for a language of length 4 over a two-letter alphabet hasat most 12 states, and give a language for which the minimal DFA has exactly 12 states.

Solution: Let A be the minimal DFA for a language of length 4 over a two-letter alphabet, saya, b. A always has a trap state recognizing the empty language. The rest of the states can beclassified according to the length of the language they recognize into states of length 4, 3, 2, 1,and 0. (Recall that the empty language has all possible lengths, and so the trap state cannot becanonically assigned a length).

Since the successors of a state of length k have length k − 1, the DFA A has one state of length4 (the unique initial state), at most two states of length 3 (the successors of the initial state), andat most four states of length 2 (the successors of the successors). To bound the number of statesof length 1 and length 0, recall that all the states of a minimal DFA recognize distinct languages.Since there is one nonempty language of length zero, namely ε, A has at most one state of length0. Since there are three nonempty languages of length one, namely a, b, and a, b, A has atmost three states of length 1. In total we get at most 1 + 2 + 4 + 3 + 1 = 11 states recognizingnonempty languages, plus a trap state, for a total of at most 12 states.

The simplest way to produce a minimal DFA with 12 states is to use the reasoning aboveand start with the diagram shown below on the left (as usual, the trap state is omitted), and writetransitions between the states of length 2 and length 1 ensuring that each state of length 2 recognizesa different language. The DFA shown on the right is a possible choice, but there are many others.

a b

a b a b

aa, b

b

a b

a b a b

aa, b

b

a, b a, ba b a b

Exercise 92 Give an efficient algorithm that receives as input the minimal DFA of a fixed-lengthlanguage and returns the number of words it contains.

Solution: The algorithm recursively computes the number of words accepted by each state q ofthe DFA. If q = q∅ then the number is 0, and if q = qε then it is 1. Otherwise, let Σ = a1, . . . , an

447

be the alphabet of the DFA; the number of words accepted by q is the sum over the letters of Σ ofthe number of words accepted by the ai-successor of q.

number(q)Input: state q of tableOutput: number of words recognized from q

1 if G(q) is not empty then return G(q)2 if q1 = q∅ then return 03 else if q1 = qε then return 14 else5 G(q)← number(qa1) + · · · + number(qan)6 return G(q)

Exercise 93 The algorithm for fixed-length universality in Table 7.3 has a best-case runtime equalto the length of the input state q. Give an improved algorithm that only needs O(|Σ|) time for inputsq such that L (q) is not fixed-size universal.

Solution: Let q be the input to the algorithm, and consider the set of states qa | a ∈ Σ. If theset contains two distinct states qa, qb, then, since every state recognizes a different language, eitherqa or qb is not fixed-length universal, and we can conclude that q is not fixed-length universal. Sothe algorithm computes qa for every a ∈ Σ in time O(|Σ|). If at least two states are different, thealgorithm returns false. If all states are equal to the same state, say q′, then the algorithm call itselfrecursively with input q′.

Exercise 94 Let Σ = 0, 1. Consider the boolean function f : Σ6 → Σ defined by

f (x1, x2, . . . , x6) = (x1 ∧ x2) ∨ (x3 ∧ x4) ∨ (x5 ∧ x6)

(a) Construct the minimal DFA recognizing x1 · · · x6 ∈ Σ6 | f (x1, . . . , x6) = 1.(For instance, the DFA accepts 111000 because f (1, 1, 1, 0, 0, 0) = 1, but not 101010, be-cause f (1, 0, 1, 0, 1, 0) = 0.)

(b) Show that the minimal DFA recognizing x1x3x5x2x4x6 | f (x1, . . . x6) = 1 has at least 15states.(Notice the different order! Now the DFA accepts neither 111000, because f (1, 0, 1, 0, 1, 0) =

0, nor 101010, because f (1, 0, 0, 1, 1, 0) = 0.)

(c) More generally, consider the function

f (x1, . . . , x2n) =∨

1≤k≤n

(x2k−1 ∧ x2k)

and the languages x1x2 . . . x2n−1x2n | f (x1, . . . , x2n) = 1 and x1x3 . . . x2n−1x2x4 . . . x2n |

f (x1, . . . , x2n) = 1.Show that the size of the minimal DFA grows linearly in n for the first language, and expo-nentially in n for the second language.

448

Solution: (a) The minimal DFA is shown below. At each state one of the input variables of f isassigned a value, and the state is labeled with that variable. To understand why this is the minimalDFA, consider any two assignments to x1, x2 that make (x1 ∧ x2) false, say 01 and 10. Then wehave f (1, 0, x3, . . . , x6) = f (0, 1, x2, . . . , x6), and so the words 01 and 10 have the same residual.So after reading 01 and 10 the DFA must be in the same state. The same reasoning extends to theother pairs of variables.

x1

x2 x2

x3

x4 x4

x5

x6 x6

0 1

0, 1 01

0 1

0, 1 01

0 1

0, 1 1

(b) It is easy to see that if we take any two different assignments to x1, x3, x5, then the sets of assign-ments to x2, x4, x6 such that f returns 1 are also different. For instance, consider the assignments001 and 011 to x1, x3, x5. If we extend them both with the assignment 010 to x2, x4, x6, then freturns 0 in the first case, and 1 in the second. So after reading every word of length 3 the DFAmust be in a different state. So the DFA has at least one state of length 6, two of length 5, four oflength 4, and eight of length 5, giving a total of at least 15 states. (As in Exercise , the length of astate is the length of the language it recognizes.)(c) It is easy to see from (a) that minimal DFA for the first language has 3n + 1 states. For thesecond language we just observe that the argument of (b) generalizes to every n, and shows that theminimal DFA has one state for each word over Σ of length n, and so at least 2n states.

449


1. Give a transducer that doubles numbers, i.e. a transducer accepting

L1 =[x, y] ∈ (0, 1 × 0, 1)∗ : val(y) = 2 · val(x)

.

2. Give an algorithm that takes k ∈ N as input, and that produces a transducer Ak accepting

Lk =[x, y] ∈ (0, 1 × 0, 1)∗ : val(y) = 2k · val(x)

.

(Hint: use (a) and consider operations seen in class.)

3. Give a transducer for the addition of two numbers, i.e. a transducer accepting[x, y, z] ∈ (0, 1 × 0, 1 × 0, 1)∗ : val(z) = val(x) + val(y)

.

4. For every k ∈ N>0, let

Xk =[x, y] ∈ (0, 1 × 0, 1)∗ : val(y) = k · val(x)

.

Suppose you are given transducers A and B accepting respectively Xa and Xb for some a, b ∈N>0. Sketch an algorithm that builds a transducer C accepting Xa+b. (Hint: use (b) and (c).)

5. Let k ∈ N>0. Using (b) and (d), how can you build a transducer accepting Xk?

6. Show that the following language has infinitely many residuals, and hence that it is notregular:

[x, y] ∈ (0, 1 × 0, 1)∗ : val(y) = val(x)2.

Solution:

1. Let [x1x2 · · · xn, y1y2 · · · yn] ∈ (0, 1 × 0, 1)n where n > 1. Multiplying a binary number bytwo shifts its bits and adds a zero. For example, the word[

1011001011

]belongs to the language since it encodes [13, 26]. Thus, we have val(y) = 2 · val(x) if, andonly if y1 = 0, xn = 0, and yi = xi−1 for every 1 < i ≤ n. From this observation, we build atransducer that

• makes sure the first bit of y is 0,

• ensures that y is consistent with x by keeping the last bit of x in memory,

450

• accepts [x, y] if the last bit of x is 0.

Note that [ε, ε] and [0, 0] both encode [0, 0]. Therefore, they should also be accepted since2 · 0 = 0. We obtain the following transducer:

0

1

[00

]

[10

]

[00

]

[10

][01

]

[11

]

2. Let A0 be the following transducer accepting [x, y] ∈ (0, 1 × 0, 1)∗ : y = x:

[00

],[11

]

Let A1 be the transducer obtained in (a). For every k > 1, we define Ak = Join(Ak−1, Ak). Asimple inductions show that L(Ak) = Lk for every k ∈ N.

3. We build a transducer that computes the addition by keeping the current carry bit. Considersome tuple [x, y, z] ∈ 0, 13 and a carry bit r. Adding x, y and r leads to the bit

z = x + y + r mod 2. (15.9)

Moreover, it gives a new carry bit r′ such that r′ = 1 if x + y + r > 1 and r′ = 0 otherwise.

451

The folllowing tables identifies the new carry bit r′ of the tuples that satisfy (15.9):000

001

010

011

100

101

110

111

r = 0 0 x x 0 x 0 1 xr = 1 x 0 1 x 1 x x 1

We deduce our transducer from the above table:

q0

q1

110

001

000

,011

,101

010

,100

,111

4. Let A = (QA, 0, 1, δA, q0A, FA) and B = (QB, 0, 1, δB, q0B, FB). Let D = (QD, 0, 1, δD, q0D, FD)

be the transducer for addition obtained in (c). We define C as C = (QC , 0, 1, δC , q0C , FC)where

• QC = QA × QB × QD,

• q0C = (q0A, q0B, q0D),

• FC = FA × FB × FD,

and

(p, p′, p′′)[a,c]−−−→C (q, q′, q′′) ⇐⇒ ∃b, b′ ∈ 0, 1 s.t. p

[a,b]−−−→A q, p′

[a,b′]−−−−→B q′ and p′′

[b,b′,c]−−−−−→D q′′ .

5. Let ` = blog2(k)c. There exist c0, c1, . . . , c` ∈ 0, 1 such that k = c0 ·20 + c1 ·21 + · · ·+ c` ·2`.Let I = 0 ≤ i ≤ ` : ci = 1. Note that k =

∑i∈I 2i. Therefore, it suffices to obtain Ai from (b)

for each i ∈ I, and to combine them using (d).

452

6. For every n ∈ N>0, let

un =

[0n10n0

]and vn =

[0n−100n−11

].

Let i, j ∈ N>0 be such that i , j. We claim that Lui , Lu j . We have

uivi =

[0i10i

02i1

]and u jvi =

[0 j10i

0i+ j1

].

Therefore, uivi encodes [2i, 22i], and uiv j encodes [2 j, 2i+ j]. We observe that uivi belongsto the language since 22i = (2i)2. However, u jvi does not belong to the language since2i+ j , 22 j = (2 j)2.

Exercise 96 Let L1 = abb, bba, bbb and L2 = aba, bbb.

1. Suppose you are given a fixed-length language L described explicitely by a set instead of anautomaton. Give an algorithm that ouputs the state q of the master automaton for L.

2. Use the previous algorithm to build the states of the master automaton for L1 and L2.

3. Compute the state of the master automaton representing L1 ∪ L2.

4. Identify the kernels 〈L1〉, 〈L2〉, and 〈L1 ∪ L2〉.

Solution:

1.

Input: Set of words L of fixed-length.Output: state q of the master automaton such that L(q) = L.

1 make-lang(L):2 if L = ∅ then3 return q∅4 else if L = ε then5 return qε6 else7 for a ∈ Σ do8 La ← u : au ∈ L9 sa ← make-lang(La)

10 return make(s)

2. Executing make-lang(L1) yields the following computation tree:

453

make-lang(abb, bba, bbb)

make( make-lang(bb), make-lang(ba, bb) )

make( make-lang(∅), make-lang(b) ) make( make-lang(∅), make-lang(a, b) )

make( make-lang(∅), make-lang(ε) ) make( make-lang(ε), make-lang(ε) )q∅

q∅ qε

q∅

qε qε

2

3

4

5

6

The table obtained after the execution is as follows:

Ident. a-succ b-succ2 q∅ qε3 q∅ 24 qε qε5 q∅ 46 3 5

Calling make-lang(L2) adds the following rows to the table and returns 9:

Ident. a-succ b-succ7 qε q∅8 q∅ 79 8 3

454

The new master automaton fragment is:

qε q∅

7 24

35

86

9

L1

L2

a, b

a, b

a

b

a

b

a, b

b

a

b

a

ab

ab

a

b

3. We first adapt the algorithm for intersection to obtain an algorithm for union:

455

Input: states p, q of the master automaton with same length.Output: state r of the master automaton such that L(r) = L(p) ∪ L(q).

1 union(p, q):2 if G(p, q) is not empty then3 return G(p, q)4 else if p = q∅ and q = q∅ then5 return q∅6 else if p = qε or q = qε then7 return qε8 else9 for a ∈ Σ do

10 sa ← union(pa, qa)11 G(p, q)← make(s)12 return G(p, q)

Executing union(6, 9) yields the following computation tree:

union(6, 9)

make( union(3, 8), union(5, 3) )

make( union(q∅, q∅), union(2, 7) ) make( union(q∅, q∅), union(4, 2) )

make( union(q∅, qε), union(qε, q∅) ) make( union(qε, q∅), union(qε, qε) )q∅

qε qε

q∅

qε qε

4

5

4

5

10

Calling union(6, 9) adds the following row to the table and returns 10:

Ident. a-succ b-succ10 5 5

The new fragment of the master automaton is:

456

qε q∅

7 24

35

86

9

10

L1

L2

L1 ∪ L2

a, b

a, b

a

b

a

b

a, b

b

a

b

a

ab

ab

a

b

a, b

F Note that union could be slightly improved by returning q whenever p = q, and updatingG(q, p) at the same time as G(p, q).

4. The kernels are:

〈L1〉 = L1,

〈L2〉 = L2,

〈L1 ∪ L2〉 = ba, bb.

Exercise 97 1. Give an algorithm to compute L(p) · L(q) given states p and q of the masterautomaton.

457

2. Give an algorithm to compute both the length and size of L(q) given a state q of the masterautomaton.

3. The length and size of L(q) could be obtained in constant time if they were simply stored inthe master automaton table. Give a new implementation of make for this representation.

Solution:

1. Let L, L′ be fixed-length languages. We have

L · L′ =

∅ if L = ∅,

L′ if L = ε,⋃a∈Σ

a · La · L′ otherwise.

These identities give rise to the following algorithm:

Input: states p, q of the master automaton.Output: state r of the master automaton such that L(r) = L(p) · L(q).

1 concat(L):2 if G(p, q) is not empty then3 return G(p, q)4 else if p = q∅ then5 return q∅6 else if p = qε then7 return q8 else9 for a ∈ Σ do

10 sa ← concat(pa, q)11 G(p, q)← make(s)12 G(q, p)← G(p, q)13 return G(p, q)

2. Let L be a fixed-length language. We have

length(L) =

∞ if L = ∅,

0 if L = ε,

length(La) + 1 for any a ∈ Σ s.t. La , ∅ otherwise.

458

and

|L| =

0 if L = ∅,

1 if L = ε,∑a∈Σ |La| otherwise.

459

These identities give rise to the following algorithm:

Input: state p of the master automaton.Output: length and size of L(q).

1 len-size(q):2 if G(q) is not empty then3 return G(q)4 else if q = q∅ then5 return (∞, 0)6 else if q = qε then7 return (0, 1)8 else9 k ← ∞

10 n← 011 for a ∈ Σ do12 k′, n′ ← len-size(qa)13 if k′ , ∞ then k ← max(k, k′) + 114 n← n + n′

15 G(q)← (k, n)16 return G(q)

3. Let q be a state of the master automaton. We denote the length and the size of q respectivelyby len(q) and |q|. These values are encoded in two new columns of the master automatontable. We set

len(q∅) = ∞, |q∅| = 0.

len(qε) = 0, |qε| = 1.

From the observations made in the previous question, we obtain the following algorithm:

Exercise 98 Let k ∈ N>0. Let flip : 0, 1k → 0, 1k be the function that inverts the bits of itsinput, e.g. flip(010) = 101. Let val : 0, 1k → N be such that val(w) is the number represented byw with the “least significant bit first” encoding.

1. Describe the minimal transducer that accepts

Lk =[x, y] ∈ (0, 1 × 0, 1)k : val(y) = val(flip(x)) + 1 mod 2k

.

2. Build the state r of the master transducer for L3, and the state q of the master automaton for010, 110.

3. Adapt the algorithm pre seen in class to compute post(r, q).

460

Input: mapping s from Σ to the master automaton states.Output: state q such that L(q)a = sa for every a ∈ Σ.

1 make’(q):2 qmax ← 03 for row q, t ∈ Table do4 if s = t then5 return q6 else7 qmax ← max(qmax, q).8 r ← qmax + 1

9 k ← ∞ /* Compute length and size */

10 n← 011 for a ∈ Σ do12 if sa , q∅ then k ← |sa| + 113 n← n + len(sa)

14 Table(r)← (s, k, n)15 return r

Solution:

1. Let [x, y] ∈ Lk. We may flip the bits of x at the same time as adding 1. If x1 = 1, then¬x = 0, and hence adding 1 to val(flip(x)) results in y1 = 1. Thus, for every 1 < i ≤ k, wehave yi = ¬xi. If x1 = 0, then ¬x1 = 1. Adding 1 yields y1 = 0 with a carry. This carryis propagated as long as ¬xi = 1, and thus as long as xi = 0. When some position j withx j = 1 is encountered, the carry is “consumed”, and we flip the remaining bits of x. Theseobservations give rise to the following minimal transducer for Lk:

q0 q1 q2 qk−1

p1 p2 pk−1 pk

[00

] [00

][00

],

[11

]

[01

],

[10

] [01

],

[10

][11

] [11

]

[00

]

[01

],

[10

][11

]

2. The minimal transducer accepting L3 is

461

6 4 2

5 3 rε

r∅[00

] [00

][00

],

[11

]

[01

],

[10

] [01

],

[10

][11

] [11

]

State 4 of the following fragment of the master automaton accepts 010, 110:

qε q∅

2 3

4

0, 1

0, 1

01

0

1

0, 1

3. We can establish the following identities similar to those obtained for pre:

postR(L) =

∅ if R = ∅ or L = ∅,

ε if R = [ε, ε] and L = ε,⋃a,b∈Σ

b · postR[a,b](La) otherwise.

462

To see that these identities hold, let b ∈ Σ and v ∈ Σk for some k ∈ N. We have,

bv ∈ postR(L) ⇐⇒ ∃a ∈ Σ, u ∈ Σk s.t. au ∈ L and [au, bv] ∈ R

⇐⇒ ∃a ∈ Σ, u ∈ La s.t. [au, bv] ∈ R

⇐⇒ ∃a ∈ Σ, u ∈ La s.t. [u, v] ∈ R[a,b]

⇐⇒ ∃a ∈ Σ s.t. v ∈ PostR[a,b](La)

⇐⇒ v ∈⋃a∈Σ

PostR[a,b](La)

⇐⇒ bv ∈⋃a∈Σ

b · PostR[a,b](La).

We obtain the following algorithm:

Input: state r of the master transducer and state q of the master automaton.Output: PostR(L) where R = L(r) and L = L(q).

1 post(r, q):2 if G(r, q) is not empty then3 return G(r, q)4 else if r = r∅ or q = q∅ then5 return q∅6 else if r = rε and q = qε then7 return qε8 else9 for b ∈ Σ do

10 p← q∅11 for a ∈ Σ do12 p← union(p, post(r[a,b], qa))13 sb ← p14 G(q, r)← make(s)15 return G(q, r)

Note that the transducer for L3 has some “strong” deterministic property. Indeed, for everystate r and b ∈ 0, 1, if r[a,b] , r∅ then r[¬a,b] = r∅. Hence, for a fixed b ∈ 0, 1, at mostone post(r[a,b], qa) can differ from q∅ at line 12 of the algorithm. Thus, unions made bythe algorithm on this transducer are trivial, and executing post(6, 4) yields the followingcomputation tree:

463

post(6, 4)

make(post(4, 3), post(5, 3))

make(post(2, q∅), post(3, 2)) make(post(3, 2), post(3, q∅))

make(post(rε, q∅), post(rε, qε)) q∅q∅

q∅ qε

G(3, 2)5

6

5

7

8

Calling post(6, 4) adds the following rows to the master automaton table and returns 8:

Ident. 0-succ 1-succ5 q∅ qε6 q∅ 57 5 q∅8 6 7

The new master automaton fragment:

464

qε q∅

2 3

4

5

6

78Post(L3, 010, 110)

0, 1

0, 1

01

0

1

0, 1 0

10

1

1

0

0

1

Exercise 99 Given a boolean formula over variables x1, . . . , xn, we define the language of φ, de-noted by L(φ), as follows:

L(φ) = a1a2 · · · an | the assignment x1 7→ a1, . . . , xn 7→ an satisfies φ

(a) Give a polynomial algorithm that takes a DFA A recognizing a language of length n as input,and returns a boolean formula φ such that L(φ) = L(A).

(b) Give an exponential algorithm that takes a boolean formula φ as input, and returns a DFA Arecognizing L(φ).

Solution: (a) The algorithm takes as input a state of the master automaton and the length of thelanguage it recognizes, and returns a formula for it. As usual, it works recursively.

465

DFAtoFormula(q, k)Input: state q recognizing a language of length nOutput: formula φq such that L( fq) = L(q)

1 if G(q) is not empty then return G(q)2 if q = q∅ then return false3 else if q = qε then return true4 else5 φ0 ← DFAtoFormula(q0, n − 1)6 φ1 ← DFAtoFormula(q1, n − 1)7 φq ← (¬xn ∧ φ0) ∨ (xn ∧ φ1)8 G(q)← φ

9 return f

Observe that the parameter n is needed to identify the variable at line 7.

(b) Given a formula φ over variables x1, . . . , xn, define the formulas φ[x1/true] and φ[x1/false]obtained by replacing all occurrences of x1 in φ by true and false, respectively. It is easy to seethat L(φ[x1/true]) = L(φ)0 (the residual of L(φ) w.r.t. the word 0) and L(φ[x1/true]) = L(φ)1. Thisimmediately yields the following algorithm

FormulatoDFA(φ, k)Input: formula φ over variables x1, . . . , xn

Output: state q such that L(φ) = L(q)1 if G(φ) is not empty then return G(φ)2 if φ = true then return qε3 else if φ = false then return true4 else5 r0 ← FormulatoDFA(φ[xn−k/false])6 r1 ← FormulatoDFA(φ[xn−k/true])7 G(φ)← make(r0, r1)8 return G(φ)

Exercise 100 Recall the definition of language of a boolean formula over variables x1, . . . , xn givenin Exercise 99. Prove that the following problem is NP-hard:

Given: A boolean formula φ in conjunctive normal form, a number k ≥ 1.Decide: Does the minimal DFA for L(φ) have at most 1 state?

Solution: We show that, if there is a polynomial algorithm for this problem, then there is also apolynomial algorithm for CNF-SAT, the satisfiability problem for boolean formulas in conjunctivenormal form.

466

If the formula φ describing f is unsatisfiable, then f (a1, . . . , an) = 0 for every input a1, . . . , an;so L( f ) = ∅, and the minimal DFA for L( f ) has one state. If φ is valid, then, similarly, L( f ) =

0, 1n, and again the minimal DFA has one state. If φ is satisfiable but not valid, then φ has bothsatisfying and non-satisfying assignments; so ∅ , L( f ) , 0, 1n, and the minimal DFA for L( f , π)has at least two states. So, taking k = 1, we have: the minimal DFA for L( f ) has at most k statesiff φ is either valid or unsatisfiable.

Assume now there is polynomial algorithm for our problem. We decide if a given formula φ inCNF is satisfiable as follows. First, we decide in polynomial time whether φ is valid or not (for this,we check whether every clause of φ is valid, which amounts to checking whether it contains both avariable and its negation). If the formula is valid, then we answer “satisfiable”; if the formula is notvalid, then we call the polynomial algorithm for our problem with k = 1, and answer “satisfiable”iff the algorithm answers “no”.

Exercise 101 Given X ⊂ 0, 1, . . . , 2k − 1, where k ≥ 1, let AX be the minimal DFA recognizingthe LSBF-encodings of length k of the elements of X.

(1) Define X +1 by X +1 = x+1 mod 2k | x ∈ X. Give an algorithm that on input AX producesAX+1 as output.

(2) Let AX = (Q, 0, 1, δ, q0, F). Which is the set of numbers recognized by the automatonA′ = (Q, 0, 1, δ′, q0, F), where δ′(q, b) = δ(q, 1 − b)?

Solution: (1) The algorithm Add1, shown in Table 15.7 gets as input the initial state of AX , asstate of the master automaton, and returns the state for AX+1. The algorithm calls itself recursively.

Add1(q)Input: state q recognizing a set Y of numbersOutput: state of the same length as q recognizing Y + 1

1 if G(q) is not empty then return G(q)2 if q = q∅ or q = qε then return q3 else4 r0 ← Add1(q1)5 r1 ← q0

6 G(q)← make(r0, r1)7 return G(q)

Table 15.7: Algorithm Add1

(2) A′ recognizes a word b1 . . . bk iff AX recognizes (1 − b1) . . . (1 − bk). So the set of numbers Yrecognized by A′ is Y = (2k − 1) − x | xinX.

467

Exercise 102 Recall the definition of DFAs with negative transitions (DFA-nt’s) introduced inExercise 43, and consider the alphabet 0, 1. Show that if only transitions labeled by 1 can benegative, then every regular language over 0, 1 has a unique minimal DFA-nt.

468


469

470

MB: Complexity of asyn-

chronous product emptiness

when |Σi ∩Σ j | = 1 for all i , j? Exercise 103 Exhibit a family Pnn≥1 of sequential programs (like the one of Example 8.1) satis-fying the following conditions:

• Pn has O(n) variables, all of them boolean, O(n) lines, and exactly one initial configuration.

• Pi has at least 2i reachable configurations.

Solution: If we allow nondeterminism, then we can just define Pn as a program that nondeter-ministically sets variables x1, . . . , xn to 0 or 1, and terminates.

1 for all 1 ≤ i ≤ n do2 xi ← 0 or xi ← 13 end

If we require the program to be deterministic, then we can take Pn as a program that repeatedlyincreases an n-bit counter, where xi contains the value of the i-th least significant bit. For instance,if n = 3 then the program visits the sequence of variable valuations 000, 001, 010, . . . , 110, 111. Toincrease a valuation, the program goes over all bits with value 1, setting them to 0, and then setsthe first bit with value 0 (if any) to 1.

1 for all 0 ≤ i ≤ n − 1 do xi ← 02 while true do3 for all 0 ≤ i ≤ n − 1 do4 xi ← 1 − xi

5 if xi = 1 then break6 end

These two programs have a constant number of

lines, but the iterator of the loop is not a boolean variable. If we want to strictly adhere to thespecification of the exercise (only boolean variables), we can just replace the loop by a chain of

if-then-else instructions.

Exercise 104 When applied to the program of Example 8.1, algorithm SysAut outputs the systemautomaton shown at the top of Figure 8.1. Give an algorithm SysAut′ that outputs the automaton atthe bottom.

Solution: First we modify line 13 of AsyncProduct so that, instead of transition [q1, . . . , qn]a−−→[q′1, . . . , q

′n],

it adds transition [q1, . . . , qn][q1,...,qn]−−−−−−−−→[q′1, . . . , q

′n] (see line 14 of the algorithm below). In the case

of SysAut we modified the initialization to introduce the initial state i. Now that initial state is nolonger necessary, but every reachable configuration c without successors must now have an outgo-ing transition, labeled with c, leading to a state f . We introduce a flag no successor to determineif a configuration has some successor or not. The flag is set to false right after adding the firstsuccessor at line 15. If the configuration has no successors, then we carry out the additions at line17.

471

SysAut′(A1, . . . , An)Input: a network of automata 〈A1, . . . An〉, where

A1 = (Q1,Σ1, δ1,Q01,Q1), . . . , An = (Qn,Σn, δn,Q0n,Qn)Output: a system automaton S = (Q,Σ, δ,Q0, F)

1 Q, δ, F ← ∅2 Q0 ← Q01 × · · · × Q0n

3 W ← Q0

4 while W , ∅ do5 pick [q1, . . . , qn] from W6 add [q1, . . . , qn] to Q7 add [q1, . . . , qn] to F8 no successors← true9 for all a ∈ Σ1 ∪ . . . ∪ Σn do

10 for all i ∈ [1..n] do11 if a ∈ Σi then Q′i ← δi(qi, a) else Q′i = qi

12 for all [q′1, . . . , q′n] ∈ Q′1 × . . . × Q′n do


′n] to W

14 add ([q1, . . . , qn], [q1, . . . , qn], [q′1, . . . , q′n]) to δ

15 no successors← false16 if no successors = true then17 add f to Q; add f to F; add ([q1, . . . , qn], [q1, . . . , qn], f ) to δ18 return (Q,Σ, δ,Q0, F)

Figure 15.6: Algorithm generating the system automaton with an extra final state.

Exercise 105 Prove:

(1) Parallel composition is associative, commutative, and idempotent. That is: (L1 ‖ L2) ‖ L3 =


(2) If L1, L2 ⊆ Σ∗, then L1 ‖ L2 = L1 ∩ L2.

(3) Let A = 〈A1, . . . ,An〉 be a network of automata. Then L(A)) = L(A1) ‖ L(A2).

Solution: (1) Let us first prove associativity. First of all, both (L1 ‖ L2) ‖ L3 and L1 ‖ (L2 ‖ L3)are languages over Σ1∪Σ2∪Σ3. Now, using the fact that if Σ ⊆ Σ′ then projΣ(projΣ′(w)) = projΣ(w)we obtain:

472

w ∈ (L1 ‖ L2) ‖ L3⇐⇒ projΣ1∪Σ2

(w) ∈ L1 ‖ L2 andprojΣ3

(w) ∈ L3 (Def. of ‖)⇐⇒ projΣ1

(projΣ1∪Σ2(w)) ∈ L1 and

projΣ2(projΣ1∪Σ2

(w)) ∈ L2 andprojΣ3

(w) ∈ L3 (Def. of ‖)⇐⇒ projΣ1

(w) ∈ L1 andprojΣ2


(w) ∈ L3 (Property above)⇐⇒ projΣ1


(projΣ2∪Σ3(w)) ∈ L2 and

projΣ3(projΣ2∪Σ3

(w)) ∈ L3 (Def. of ‖)⇐⇒ projΣ1

(w) ∈ L1 andprojΣ2∪Σ3

(w)) ∈ L2 ‖ L3⇐⇒ w ∈ L1 ‖ (L2 ‖ L3) (Def. of ‖)

Commutativity and idempotence are trivial consequences from the definition.(2) Follows immediatly from the definition and the fact that if L ⊆ Σ∗ then projΣ(L) = L.(3) We only consider the case n = 2, the generalization to arbitrary n is straightforward. Let

A = 〈A1, A2〉, where A1 = (Q1,Σ, δ1,Q01, F1) and A1 = (Q2,Σ, δ2,Q02, F2).

L(A) ⊆ L(A1) ‖ L(A2). Let w ∈ L(A). We prove w ∈ L(A1) ‖ L(A2) by induction on |w|. Weactually prove a stronger result: for every two states q1 ∈ Q1 and q2 ∈ Q2, if w ∈ L([q1, q2]) thenw ∈ L(q1) ‖ L(q2), where L([q1, q2] is the language of A if we take [q1, q2] as the unique initialconfiguration.

If w = ε, then [q1, q2] is a final state. By definition of A1 ⊗ A2, q1 and q2 are final states of A1and A2. So ε ∈ L(q1) and ε ∈ L(q2). Therefore, projΣ1

(ε) = ε ∈ L(q1) and projΣ2(ε) = ε ∈ L(q2),

which implies ε ∈ L(q1) ‖ L(q2).Assume w = aw′. Then there is a transition [q1, q2]

a−−→[q′1, q

′2] such that w′ ∈ L([q′1, q

′2]). By

induction hypothesis, we have w′ ∈ L(q′1) ‖ L(q′2). By definition of ‖, and denoting w′1 = projΣ1(w′)

and w′2 = projΣ2(w′), we get w′1 ∈ L(q′1) and w′2 ∈ L(q′2). Consider three cases:

(i) a ∈ Σ1 ∩ Σ2. Then, by the definition of asynchronous product, we have q1a−−→ q′1 in A1 and

q2a−−→ q′2. So aw′1 ∈ L(q1) and aw′2 ∈ L(q2). Since a ∈ Σ1 ∩ Σ2, we have projΣ1

(aw′) = aw′1and projΣ2

(aw′) = aw′2, and so projΣ1(aw′) ∈ L(q1) and projΣ2

(aw′) ∈ L(q2), which impliesaw′ ∈ L(q1) ‖ L(q2).

(ii) a ∈ Σ1 \ Σ2. Then, by the definition of asynchronous product, we have q1a−−→ q′1 in A1 and

q2 = q′2. So aw′1 ∈ L(q1) and w′2 ∈ L(q2). Since a ∈ Σ1 \ Σ2, we have projΣ1(aw′) = aw′1

and projΣ2(aw′) = w′2, and so projΣ1

(aw′) ∈ L(q1) and projΣ2(aw′) ∈ L(q2), which implies

aw′ ∈ L(q1) ‖ L(q2).

473

(iii) a ∈ Σ2 \ Σ1. Similar to (ii).

L(A1) ‖ L(A2) ⊆ L(A). The proof is very similar to the previous one, and we only sketch it.We show by induction that for every two states q1 ∈ Q1 and q2 ∈ Q2, if w ∈ L(q1) ‖ L(q2) thenw ∈ L([q1, q2]).

If w = ε, then, since ε ∈ L(q1) ‖ L(q2) by the defnition of ‖ we get that both q1 and q2 are finalstates of A1 and A2. So [q1, q2] is a final state of A1 ⊗ A2, and ε ∈ L([q1, q2]).

If w = aw′, consider three cases:

(i) a ∈ Σ1 ∩ Σ2. Then, denoting w′i = projΣi(w′) for i = 1, 2 we get aw′i ∈ L(qi). So there

are transitions qia−−→ q′i such that w′i ∈ L(q′i), and therefore a transition [q1, q2]

a−−→[q′1, q

′2] in

A1 ⊗ A2. By induction hypothesis w′ ∈ L(q′1 ⊗ q′2), and so aw′ ∈ L(q1 ⊗ q2).

(ii) a ∈ Σ1 \ Σ2. Then we get aw′1 ∈ L(q1) and w′2 ∈ L(q2). So there is a transition q1a−−→ q′1

such that w′1 ∈ L(q′1), and therefore a transition [q1, q2]a−−→[q′1, q2] in A1 ⊗ A2. By induction

hypothesis w′ ∈ L(q′1 ⊗ q2), and so aw′ ∈ L(q1 ⊗ q2).

(iii) Analogous to (ii).

Exercise 106 Let Σ = request, answer,working, idle.

(1) Build a regular expression and an automaton recognizing all words with the property P1: forevery occurrence of request there is a later occurrence of answer.

(2) P1 does not imply that every occurrence of request has “its own” answer: for instance,the sequence request request answer satisfies P1, but both requests must necessarily bemapped to the same answer. But, if words were infinite and there were infinitely manyrequests, would P1 guarantee that every request has its own answer?More precisely, let w = w1w2 · · · satisfying P1 and containing infinitely many occurrencesof request, and define f : N → N such that w f (i) is the ith request in w. Is there always aninjective function g : N→ N satisfying wg(i) = answer and f (i) < g(i) for all i ∈ 1, . . . , k?

(3) Build an automaton recognizing all words with the property P2: there is an occurrence ofanswer before which only working and request occur.

(4) Using automata theoretic constructions, prove that all words accepted by the automaton Abelow satisfy P1, and give a regular expression for all words accepted by the automaton thatviolate P2.

q0 q1

Σ

answer

474

Solution: (1) A possible regular expression is (Σ∗answer)∗(Σ\request)∗. (Observe that we mustalso describe the sequences containing no occurrence of request.) A minimal NFA for the propertyis

q0 q1

Σ

answer

Σ \ request

(2) Yes. We define g inductively. Define g(1) as the smallest index such that wg(1) = answer andg(1) > f (1). For every i > 1, define g(i) as the smallest index such that wg(i) = answer, g(i) > f (i),and g(i) > g(i − 1).(3) A minimal NFA for P2 is

r0 r1

working, request

answer

Σ

(4) Determinizing and complementing the automaton for P1 we get

s0 s1

Σ \ requestrequest

Σ \ answer

Σ \ answer

The intersection of A and the automaton for P1 is empty: indeed, we can only reach a final state ofA by executing request, while we can only reach a final state of the automaton for P1 by executinganswer. So we cannot simultaneously reach final states in both.

For the second half, since the the automaton for P2 is deterministic, we can complement itby exchanging final and non-final states (and not forgetting that the trap state now becomes anaccepting state). We get:

r0 r1

r2

working, request

answer

idle

Σ

Σ

475

The intersection with A yields

working, request

idle answer

Σ

and the regular expression is (working + request)∗ idle Σ∗ answer.

Exercise 107 Consider two processes (process 0 and process 1) being executed through the fol-lowing generic mutual exclusion algorithm:

1 while true do2 enter(process id)

/* critical section */

3 leave(process id)4 for arbitrarily many times do

/* non critical section */

476

1. Consider the following implementations of enter and leave:

1 x0 ← 02 enter(i):3 while x = 1 − i do4 pass5 leave(i):6 x← 1 − i


(b) Build the asynchronous product of the network.

(c) Show that both processes cannot reach their critical sections at the same time.

(d) If a process wants to enter its critical section, is it always the case that it can eventuallyenter it? (Hint: reason in terms of infinite executions.)

2. Consider the following alternative implementations of enter and leave:

1 x0 ← false2 x1 ← false3 enter(i):4 xi ← true5 while x1−i do6 pass7 leave(i):8 xi ← false


(b) Can a deadlock occur, i.e. can both processes get stuck trying to enter their criticalsections?

Solution:

1. (a)

477

0 1

x = 0

x← 0

x = 1

x← 1

x← 1

x← 0

e0 c0 `0 nc0x = 0

x = 1

c0 x← 1

x← 1

nc0

nc0

e1 c1 `1 nc1x = 1

x = 0

c1 x← 0

x← 0

nc1

nc1

F As discussed in class, the previous network forces the two processes to read thecontent of x at the same time. If we want to avoid this, we can add new disjoint actionsx = 0′ and x = 1′ as follows:

478

0 1

x = 0, x = 0′

x← 0

x = 1, x = 1′

x← 1

x← 1

x← 0

e0 c0 `0 nc0x = 0

x = 1

c0 x← 1

x← 1

nc0

nc0

e1 c1 `1 nc1x = 1′

x = 0′

c1 x← 0

x← 0

nc1

nc1

(b)

479

0, e0, e1 0, c0, e1 0, `0, e1 1, nc0, e1

1, e0, e11, e0, c11, e0, `10, e0, nc1

x = 0 c0 x← 1

x← 1

nc0

nc0

x = 1c1x← 0

nc1

nc1

x← 0

F For the second solution where asynchronous reading is allowed, we obtain the fol-lowing automaton:

480

0, e0, e1 0, c0, e1 0, `0, e1 1, nc0, e1

1, e0, e11, e0, c11, e0, `10, e0, nc1

1, nc0, c11, nc0, `10, nc0, nc10, nc0, e1

0, c0, nc1 0, `0, nc1 1, nc0, nc1 1, e0, nc1

x = 0 c0 x← 1

x← 1

nc0

nc0

x = 1′c1x← 0

nc1

nc1

x← 0

x = 1′

c1

nc0

nc0

x← 0

x← 0

nc0

nc0nc0, nc1

nc0

nc1

nc0, x = 0′

nc0

x = 0

nc1

nc1

c0

nc1

nc1

x← 1

x← 1

nc0, nc1

nc0

nc1

nc1

nc1, x = 1

x = 0′ x = 0′ x = 0′

x = 1x = 1x = 1

(c) Both processes can reach their critical section at the same time if, and only if, theasynchronous product contains a state of the form (x, c0, c1). Since it contains none,this behaviour cannot occur.

481

F It also cannot occur in our second modeling.

(d) No. Consider the following infinite run:

(0, e0, e1)x=0−−−→ (0, c0, e1)

c0−→ (0, `0, e1)

x←1−−−→ (1, nc0, e1)

nc0−−→ (1, nc0, e1)

nc0−−→ · · ·

illustrated in red:

0, e0, e1 0, c0, e1 0, `0, e1 1, nc0, e1

1, e0, e11, e0, c11, e0, `10, e0, nc1

x = 0 c0 x← 1

x← 1

nc0

nc0

x = 1c1x← 0

nc1

nc1

x← 0

The second process remains in e1 throughout this infinite run, so it never enters itscritical section. Since we have restricted x to be read at the same time, a process canstay in its non critical section as long as it wants while the other one cannot do anything.

F In our second modeling, this infinite run still occurs as illustrated below.

However, here the second process is not stuck since it could take transition (1, nc0, e1)x=1′−−−→

(1, nc0, c1) to reach its critical section. Therefore, the red infinite run only occurs if theprocess scheduler can let a process i run forever even though process 1 − i could makeprogress.

482

0, e0, e1 0, c0, e1 0, `0, e1 1, nc0, e1

1, e0, e11, e0, c11, e0, `10, e0, nc1

1, nc0, c11, nc0, `10, nc0, nc10, nc0, e1

0, c0, nc1 0, `0, nc1 1, nc0, nc1 1, e0, nc1

x = 0 c0 x← 1

x← 1

nc0

nc0

x = 1′c1x← 0

nc1

nc1

x← 0

x = 1′

c1

nc0

nc0

x← 0

x← 0

nc0

nc0nc0, nc1

nc0

nc1

nc0, x = 0′

nc0

x = 0

nc1

nc1

c0

nc1

nc1

x← 1

x← 1

nc0, nc1

nc0

nc1

nc1

nc1, x = 1

x = 0′ x = 0′ x = 0′

x = 1x = 1x = 1

2. (a)

483

f t

x0 = 0

x0 ← 0

x0 = 1

x1 ← 1

x0 ← 1

x0 ← 0

f t

x1 = 0

x1 ← 0

x1 = 1

x1 ← 1

x1 ← 1

x1 ← 0

e0 e′0 c0 `0 nc0x0 ← t

x1 = t

x1 = f c0 x0 ← f

x0 ← f

nc0

nc0

e1 e′1 c1 `1 nc1x1 ← t

x0 = t

x0 = f c1 x1 ← f

x1 ← f

nc1

nc1

(b) Yes, consider this fragment of the asynchronous product of the network:

f , f , e0, e1 t, f , e′0, e1 t, t, e′0, e′1

x0 ← t x1 ← t

x0 = t

x1 = t

484

When (t, t, e′0, e′1) is reached, both processes are still trying to enter their critical section,

and it is impossible to move to a new state.

Exercise 108 Consider a circular railway divided into 8 tracks: 0 → 1 → . . . → 7 → 0. In therailway circulate three trains, modeled by three automata T1, T2, and T3. Each automaton Ti hasstates qi,0, . . . , qi,7, alphabet enter[i, j] | 0 ≤ j ≤ 7 (where enter[i, j] models that train i enterstrack j), transition relation (qi, j, enter[i, j ⊕ 1], qi, j⊕1) | 0 ≤ j ≤ 7, and initial state qi,2i, where ⊕denotes addition modulo 8. In other words, initially the trains occupy the tracks 2, 4, and 6.

Define automata C0, . . . ,C7 (the local controllers) to make sure that two trains can never be onthe same or adjacent tracks (i.e., there must always be at least one empty track between two trains).Each controler C j can only have knowledge of the state of the tracks j 1, j, and j ⊕ 1, there mustbe no deadlocks, and every train must eventually visit every track. More formally, the network ofautomata A =〉C0, . . . ,C7,T1,T2,T3〉 must satisfy the following specification:

• For j = 0, . . . , 7: C j has alphabet enter[i, j 1], enter[i, j], enter[i, j ⊕ 1], | 1 ≤ i ≤ 3.(C j only knows the state of tracks j 1, j, and j ⊕ 1.)

• For i = 1, 2, 3: L (A) |Σi= ( enter[i, 2i] enter[i, 2i ⊕ 1] . . . enter[i, 2i ⊕ 7] )∗.(No deadlocks, and every train eventually visits every segment.)

• For every word w ∈ L (A): if w = w1 enter[i, j] enter[i′, j′] w2 and i′ , i, then | j − j′| <0, 1, 7.(No two trains on the same or adjacent tracks.)


485

486

Exercise 109 Give formulations in plain English of the languages described by the following for-mulas of FO(a, b), and give a corresponding regular expression:

(a) ∃x first(x)

(b) ∀x false

(c) ¬∃x∃y(x < y ∧ Qa(x) ∧ Qb(y)

)∧ ∀x

(Qb(x)→ ∃y x < y ∧ Qa(y)

)∧ ∃x¬∃y x < y

Solution: (a) All nonempty words. The regular expression is (a + b)(a + b)∗

(b) The empty word. The regular expression is ε.(c) The first conjunct expresses that no a precedes a b. The corresponding regular expression isa∗b∗. The second conjunct states that every b is followed (not necessarily immediately) by an a;this excludes the words of b∗. Finally, the third conjunct expresses that the last letter exists (and,by the second conjunct, must be an a), which excludes the empty word. So the regular expressionis b∗aa∗

Exercise 110 Let Σ = a, b.

(a) Give a formula ϕn(x, y) of FO(Σ), of size O(n), that holds iff y = x + 2n. (Notice that theabbreviation y = x + k of page 9.1 has length O(k), and so it cannot be directly used.)

(b) Give a sentence of FO(Σ), of size O(n), for the language Ln = ww | w ∈ Σ∗ and |w| = 2n.

(c) Show that the minimal DFA accepting Ln has at least 22nstates.

(Hint: consider the residuals of Ln.)

Solution:(a) To simplify the notation, let us write “y = x + 2n” for “ϕn(x, y)”. We can define y = x + 2n

inductively as follows:

y = x + 2n := ∃t(t = x + 2n−1 ∧ y = t + 2n−1

).

However, since the formula for n is roughly twice as long as the formula for n − 1, thisyields a formula of exponential size. The formula can be made linear by rewriting it in thefollowing way:

y = x + 2n

:= ∃t ∀x′ ∀y′((x′ = x ∧ y′ = t)→ y′ = x′ + 2n−1

)∧

((x′ = t ∧ y′ = y)→ y′ = x′ + 2n−1

)= ∃t ∀x′ ∀y′

(¬(x′ = x ∧ y′ = t) ∨ y′ = x′ + 2n−1

)∧

(¬(x′ = t ∧ y′ = y) ∨ y′ = x′ + 2n−1

)= ∃t ∀x′ ∀y′ (¬(x′ = x ∧ y′ = t) ∧ ¬(x′ = t ∧ y′ = y)) ∨ y′ = x′ + 2n−1

= ∃t ∀x′ ∀y′ ((x′ = x ∧ y′ = t) ∨ (x′ = t ∧ y′ = y))→ y′ = x′ + 2n−1

487

(b)

ϕ =

word has length 2n + 2n︷︸︸︷(∃x ∃y ∃y′∃z first(x) ∧ y = x + 2n ∧ y = y′ + 1 ∧ z = y′ + 2n ∧ last(z)

)∧∀x ∀y

∧σ∈a,b

(Qσ(x) ∧ y = x + 2n)→ Qσ(y)

︸︷︷︸word is of the form ww

.

(c) Let u, v ∈ a, b∗ such that |u| = |v| = 2n and u , v. We have uu ∈ Ln and uv < Ln. Therefore,all words of length 2n belong to distinct residuals. There are 22n

such words, hence Ln has atleast 22n

residuals.

Exercise 111 The nesting depth d(ϕ) of a formula ϕ of FO(a) is defined inductively as follows:

• d(Qa(x)) = d(x < y) = 0;

• d(¬ϕ) = d(ϕ), d(ϕ1 ∨ ϕ2) = maxd(ϕ1), d(ϕ2); and

• d(∃x ϕ) = 1 + d(ϕ).

Prove that every formula ϕ of FO(a) of nesting depth n is equivalent to a formula f of QF havingthe same free variables as ϕ, and such that every constant k appearing in f satisfies k ≤ 2n.

Hint: Modify suitably the proof of Theorem 9.8.

Solution: We only give a sketch of a proof by induction on the structure of ϕ. If ϕ(x, y) = x < y,then d(ϕ) = 0 and ϕ ≡ y ≥ x+1. If ϕ = ¬ψ, the result follows from the induction hypothesis and thefact that negations can be removed using De Morgan’s rules and equivalences like ¬(x < k) ≡ x ≥ kor ¬(x < y + k) ≡ x ≥ y + k. If ϕ = ϕ1 ∨ ϕ2 then the result follows directly from the inductionhypothesis. Consider now the case ϕ = ∃x ψ, and assume that ψ and ϕ have nesting depths d andd + 1, respectively. By induction hypothesis, ψ is equivalent to a formula f of QF whose constantsare at most 2d, and we can further assume that f is in disjunctive normal form, say f = D1∨. . .∨Dn.Then ϕ ≡ ∃xD1 ∨ ∃xD2 ∨ . . . ∨ ∃xDn, and so it suffices to find a formula fi of QF equivalent to∃xDi, and whose constants are of size at most 2d+1. The formula fi is a conjunction defined asfollows. All conjuncts of Di not containing x are also conjuncts of fi; for every conjunct of Di ofthe form x ≥ k or x ≥ y + k, the formula fi contains a conjunct last ≥ k; for every two conjunctsof Di containing x, the formula fi contains a conjunct obtained by “quantifying x away” We onlyexplain this by means of an example: if the conjuncts are x ≥ k1 and y ≥ x + k2, then fi has theconjunct y ≥ k1 + k2. It is easy to see that fi ≡ ∃x Di. Moreover, since the constants in the newconjuncts are the sum of two old constants, the new constants are bounded by 2 · 2d = 2d+1.

488

Exercise 112 Let Σ be a finite alphabet. A language L ⊆ Σ∗ is star-free if it can be expressed by astar-free regular expression, i.e. a regular expression where the Kleene star operation is forbidden,but complementation is allowed. For example, Σ∗ is star-free since Σ∗ = ∅, but (aa)∗ is not.

(a) Give star-free regular expressions and FO(Σ) sentences for the following star-free languages:

(i) Σ+.

(ii) Σ∗AΣ∗ for some A ⊆ Σ.

(iii) A∗ for some A ⊆ Σ.

(iv) (ab)∗.

(v) w ∈ Σ∗ | w does not contain aa .

(b) Show that finite and cofinite languages are star-free.

(c) Show that for every sentence ϕ ∈ FO(Σ), there exists a formula ϕ+(x, y), with two freevariables x and y, such that for every w ∈ Σ+ and for every 1 ≤ i ≤ j ≤ w,

w |= ϕ+(i, j) iff wiwi+1 · · ·w j |= ϕ .

(d) Give a polynomial time algorithm that decides whether the empty word satisfies a givensentence of FO(Σ).

(e) Show that every star-free language can be expressed by an FO(Σ) sentence. (Hint: use (c).)

Solution:

(a) (i) ∅ · Σ and ∃x first(x).

(ii) ∅ · A · ∅ and ∃x∨

a∈A Qa(x).

(iii) Σ∗AΣ∗ and ∀x∧

a∈A Qa(x).

(iv) bΣ∗ + Σ∗a + Σ∗aaΣ∗ + Σ∗bbΣ∗ and

(¬∃x first(x)) ∨((∃x first(x) ∧ Qa(x)) ∧ (∃y last(y) ∧ Qb(y)) ∧

(∀x ∀y (Qa(x) ∧ y = x + 1)→ Qb(y)) ∧ (∀x ∀y (Qb(x) ∧ y = x + 1)→ Qa(y))).

(v) Σ∗aaΣ∗ and ∀x ∀y (Qa(x) ∧ y = x + 1)→ ¬Qa(y).

(b) Every finite language L = w1,w2, . . . ,wm can be expressed as w1 +w2 + · · ·+wm. For everycofinite language L, there exists a finite language A such that L = A. Since star-free regularexpressions allow for complementation, cofinite languages are also star-free.

489

(c) We build ϕ+ using the following inductive rules:

(x < y)+(i, j) = x < y

Qa(x)+(i, j) = Qa(x)

(¬ψ)+(i, j) = ¬ψ+(i, j)

(ψ1 ∨ ψ2)+(i, j) = ψ+1 (i, j) ∨ ψ+

2 (i, j)

(∃x ψ)+(i, j) = ∃x (i ≤ x ∧ x ≤ j) ∧ ψ+(i, j) .

(d)

Input: sentence ϕ ∈ FO(Σ).Output: ε ϕ?

1 has-empty(ϕ):

2 if ϕ = ¬ψ then3 return ¬has-empty(ψ)4 else if ϕ = ψ1 ∨ ψ2 then5 return has-empty(ψ1) ∨ has-empty(ψ2)

6 else if ϕ = ∃ ψ then7 return false

(e)

Exercise 113 Give a MSO-formula Odd card(X) expressing that the cardinality of the set of posi-tions X is odd. Hint: Follow the pattern of the formula Even(X).

Solution: We first give formulas First(x, X) and Last(x, X) expressing that x is the first/last posi-tion among those in X. We also give a formula Next(x, y, X) expressing that y is the successor of xin X. It is then easy to give a formula Odd(Y, X) expressing that Y is the set of odd positions of X(more precisely, Y contains the first position among those in X, the third, the fifth, etc. ). Finally,the formula Odd card(X) expresses that the last position of X belongs to the set of odd positions ofX.

First(x, X) := x ∈ X ∧ ∀y y < x→ y < X

Last(x, X) := x ∈ X ∧ ∀y y > x→ y < X

Next(x, y, X) := x ∈ X ∧ y ∈ X ∧ ¬∃z x < z ∧ z < x ∧ z ∈ X

Odd(Y, X) := ∀x(x ∈ Y ↔(First(x, X) ∨ ∃z∃u z ∈ Y ∧ Next(z, u, X) ∧ Next(u, x, X)

Odd card(X) = ∃Y(Odd(Y, X) ∧ ∀x Last(x, X)→ x ∈ Y

)

490

Input: star-free regular expression r.Output: sentence ϕ ∈ FO(Σ) s.t. L(ϕ) = L(r).

1 formula(r):2 if r = ε then3 return ∀x false4 else if r = a for some a ∈ Σ then5 return (∃x true) ∧ (∀x first(x) ∧ Qa(x))6 else if r = s then7 return ¬formula(s)8 else if r = s1 + s2 then9 return formula(s1) ∨ formula(s2)

10 else if r = s1 · s2 then11 return (¬∃x first(x) ∧ (ε ∈ L(s1)) ∧ (ε ∈ L(s2))) ∨12 (formula(s1) ∧ (ε ∈ L(s2))) ∨13 ((ε ∈ L(s1)) ∧ formula(s2)) ∨14

(∃x, y, y′, z first(x)∧y′ = y+1∧last(z)∧formula(s1)+(x, y)∧formula(s2)

+(y′, z))

Exercise 114 Given a formula ϕ of MSO(Σ) and a second order variable X not occurring in ϕ,show how to construct a formula ϕX with X as free variable expressing “the projection of the wordonto the positions of X satisfies ϕ”. Formally, ϕX must satisfy the following property: for everyinterpretation I of ϕX , we have (w, I) |= ϕX iff (w|I(X), I) |= ϕ, where w|I(X) denotes the result ofdeleting from w the letters at all positions that do not belong to I(X).

Solution: We first define two macros:

∃x ∈ X ψ := ∃x (x ∈ X ∧ ψ)

∃Y ⊆ X ψ := ∃Y(∀x x ∈ Y → (x ∈ X ∧ ψ)

)Now we define ϕX inductively as follows:

• If ϕ = Qa(x), x < y, x ∈ X,¬ϕ1, ϕ1 ∨ ϕ2, then ϕX = ϕ

• If ϕ = ∃x ψ, then ϕX = ∃x ∈ X ψX .

• If ϕ = ∃Y ψ, then ϕX = ∃Y ⊆ X ψX .

Exercise 115 (1) Given two sentences ϕ1 and ϕ2 of MSO(Σ), construct a sentence Conc(ϕ1, ϕ2)satisfying L(Conc(ϕ1, ϕ2)) = L(ϕ1) · L(ϕ2).

(2) Given a sentence ϕ of MSO(Σ), construct a sentence Star(ϕ) satisfying L(Star(ϕ)) = L(ϕ)∗.

491

(3) Give an algorithm RegtoMSO that accepts a regular expression r as input and directly con-structs a sentence ϕ of MSO(Σ) such that L(ϕ) = L(r), without first constructing an automa-ton for the formula.

Hint: Use the solution to Exercise 114.

Solution: (1) We take the formula

Conc(ϕ1, ϕ2) := ∃X ∃Y ∀x (x ∈ X ∨ y ∈ Y)∧ ∀x∀y

((x ∈ X ∧ y ∈ Y)→ x < y)

)∧ ϕX

1 ∧ ϕY2

where ϕX1 and ϕY

2 are as in the solution of Exercise 114.(2) We first express that Y is a set of consecutive positions between two positions of X.

Block(Y, X) := ∃x ∈ X ∃z ∈ X(Next(x, z, X) ∧ ∀y (y ∈ Y ↔ (x ≤ y ∧ y < z)

))∨ Last(x, X) ∧ ∀y (y ∈ Y ↔ x ≤ y)

where Next(x, y, X) is as described in Exercise 113. Now we express that there exists a set X ofpositions such that every subword between any two consecutive positions of X satisfies ϕ.

Star(ϕ) := ∃X ∀x((first(x) ∨ last(x))→ x ∈ X

)∧ ∀Y (Block(Y, X)→ ϕY )

(3)

REtoMSO(r)Input: Regular expression rOutput: Sentence ϕ such that L(ϕ) = L(r).

1 if r = ∅ then return ∃x x < x2 else if r = ε then return ∀x x < x3 else if r = a then return ∃x (first(x) ∧ last(x) ∧ Qa(x))4 else if r = r1 + r2 then return REtoMSO(r1) ∨ REtoMSO(r2)5 else if r = r1r2 then return Conc(REtoMSO(r1),REtoMSO(r2))6 else if r = r∗1 then return Start(REtoMSO(r1))

Exercise 116 Consider the logic PureMSO(Σ) with syntax

ϕ := X ⊆ Qa | X < Y | X ⊆ Y | ¬ϕ | ϕ ∨ ϕ | ∃X ϕ

Notice that formulas of PureMSO(Σ) do not contain first-order variables. The satisfaction relationof PureMSO(Σ) is given by:

(w, I) |= X ⊆ Qa iff w[p] = a for every p ∈ I(X)(w, I) |= X < Y iff p < p′ for every p ∈ I(X), p′ ∈ I(Y)(w, I) |= X ⊆ Y iff p < p′ for every p ∈ I(X), p′ ∈ I(Y)

492

with the rest as for MSO(Σ).Prove that MSO(Σ) and PureMSO(Σ) have the same expressive power for sentences. That is,

show that for every sentence φ of MSO(Σ) there is an equivalent sentence ψ of PureMSO(Σ), andvice versa.

Solution: Given a sentence ψ of PureMSO(Σ), let φ be the sentence of MSO(Σ) obtained byreplacing every subformula of ψ of the form

X ⊆ Y by ∀x (x ∈ X → x ∈ Y)

X ⊆ Qa by ∀x (x ∈ X → Qa(x))

X < Y by ∀x ∀y (x ∈ X ∧ y ∈ Y)→ x < y

Clearly, φ and ψ are equivalent. For the other direction, let

sing(X) := ∃x ∈ X ∀y ∈ X x = y

Let φ be a sentence of MSO(Σ). Assume without loss of generality that for every first-order variablex the second-order variable X does not appear in φ (if necessary, rename second-order variablesappropiately). Let ψ be the sentence of PureMSO(Σ) obtained by replacing every subformula of φof the form

∃x ψ′ by ∃X (sing(X) ∧ ψ′[x/X])where ψ′[x/X] is the result of substituting X for x in ψ′

Qa(x) by X ⊆ Qa

x < y by X < Yx ∈ Y by X ⊆ Y

Clearly, φ and ψ are equivalent.

Exercise 117 Recall the syntax of MSO(Σ):


We have introduced y = x + 1 (“y is the successor position of x”) as an abbreviation

y = x + 1 := x < y ∧ ¬∃z (x < z ∧ z < y)

Consider now the variant MSO′(Σ) in which, instead of an abbreviation, y = x + 1 is part of thesyntax and replaces x < y. In other words, the syntax of MSO′(Σ) is

ϕ := Qa(x) | y = x + 1 | x ∈ X | ¬ϕ | ϕ ∨ ϕ | ∃x ϕ | ∃X ϕ

Prove that MSO′(Σ) has the same expressive power as MSO(Σ) by finding a formula of MSO′(Σ)with the same meaning as x < y.

493

Solution: Observe that x < y holds iff there is a set Y of positions containing y and satisfying thefollowing property: every z ∈ Y is either the successor of x, or the successor of another element ofY . Formally:

x < y :=(∃Y y ∈ Y

)∧

(∀z ∈ Y

(z = x + 1 ∨ ∃u ∈ X z = u + 1

))Exercise 118 Give a defining formula of MSO(a, b) for the following languages:

(a) aa∗b∗.

(b) The set of words with an odd number of occurrences of a.

(c) The set of words such that every two b with no other b in between are separated by a blockof a of odd length.

Solution: We use the macros defined in the chapter and in the solution to Exercise 113.

(a) ∃x Qa(x) ∧(∀x∀y (Qa(x) ∧ Qb(y))→ x < y

)(b) ∀X

( (∀x ∈ X Qa(x)

)→ Odd card(X)

)(c) ∀X

(Block(X) ∧ ∀x Qb(x)↔ (first(x, X) ∨ last(x, X))

)→ Odd card(X)

Exercise 119 1. Give a formula Block between of MSO(Σ) such that Block between(X, i, j)holds whenever X = i, i + 1, . . . , j.

2. Let 0 ≤ m < n. Give a formula Modm,n of MSO(Σ) such that Modm,n(i, j) holds whenever|wiwi+1 · · ·w j| ≡ m (mod n), i.e. whenever j − i + 1 ≡ m (mod n).

3. Let 0 ≤ m < n. Give a sentence of MSO(Σ) for am(an)∗.

4. Give a sentence of MSO(a, b) for the language of words such that every two b’s with noother b in between are separated by a block of a’s of odd length.

Solution:

1. Block between(X, i, j) = ∀x x ∈ X ↔ (i ≤ x ∧ x ≤ j).

2. Modm,n(i, j) = ∃x(x = i + m ∧Multn(x, j)

)where

Multn(i, j) = ∃X(

j ∈ X ∧ ∀x ∈ X(x = i + n − 1 ∨ ∃y ∈ X y = x + n

))3. [(m = 0) ∧ (¬∃x first(x))] ∨ [∀x Qa(x) ∧ ∃x, y first(x) ∧ last(y) ∧Modm,n(x, y)].

494

4. ∀x ∀y(x < y ∧ Qb(x) ∧ Qb(y) ∧ ∀z x < z ∧ z < y ∧ ¬Qb(z)

)→

[(∀z (x < z < y) ∧ Qa(z)) ∧ (∃x′, y′ (x′ = x + 1) ∧ (y = y′ + 1) ∧Mod1,2(x′, y′))] .

Exercise 120 Consider a formula φ(X) of MSO(Σ) that does not contain any occurrence of theQa(x). Given any two interpretations that assign to X the same set of positions, we have that eitherboth interpretations satisfy φ(X), or none of them does. So we can speak of the sets of naturalnumbers (positions) satisfying φ(X). In this sense, φ(X) expresses a property of the finite sets ofnatural numbers, which a particular set may satisfy or not.

This observation can be used to automatically prove some (very) simple properties of the natu-ral numbers. Consider for instance the following “conjecture”: every finite set of natural numbershas a minimal element1. The conjecture holds iff the formula

Has min(X) := ∃x ∈ X ∀y ∈ X x ≤ y

is satisfied by every interpretation in which X is nonempty. Construct an automaton for Has min(X),and check that it recognizes all nonempty sets.

Solution: After replacing abbreviations we obtain the equivalent formula

∃x(x ∈ X ∧

(¬∃y (y ∈ X ∧ y < x)

))The DFA for ¬∃y (y ∈ X ∧ y < x) (where the encoding of x is at the top, and the encoding for

X at the bottom row) is: [00

][10

],

[11

] [00

], . . . ,

[11

]

(intuitively, the 1 marking the position x must come before or at the same time than the onesencoding the elements of X).Intersection with a DFA for x ∈ X yields

[00

][11

] [00

], . . . ,

[11

]1Of course, this also holds for every infinite set, but we cannot prove it using MSO over finite words.

495

and after projection onto X (second row) we get a DFA for Has min(X):

0

10, 1

This DFA recognizes all strings with at least one 1, which corresponds to the nonempty sets.

Exercise 121 The encoding of a set is a string, that can be seen as the encoding of a number. Wecan use this observation to express addition in monadic second-order logic. More precisely, find aformula Sum(X,Y,Z) that is true iff nX + nY = nZ , where x, y, z are the numbers encoded by the setsX,Y,Z, respectively, using the LSBF-encoding. For instance, the words

XYZ

011

110

001

andXYZ

110

111

111

111

100

001

000

000

should satisfy the formula: the first encodes 2 + 3 = 5, and the second encodes 31 + 15 = 46.

Solution: It is convenient to first add another row C corresponding to the carry bits of the sum,and give a formula for these extended words. For instance, the two words above become

CXYZ

0011

0110

1001

and

CXYZ

0110

1111

1111

1111

1100

1001

0000

0000

Now we observe that the extended words describing correct sums (let us call them sum words arethose satisfying the following three conditions:

(a) The fourth component of each letter is the first bit of the binary sum of the other three. So asum word can only contain the following eight letters:

0000

,0011

,0101

,1001

,0110

,1010

,1100

,1111

(b) The first four letters correspond to sums of three bits that generate no carry, and the last four

to those that generate a carry. Therefore, if the letter at position x of a sum word is any ofthese four, then the letter at position x + 1 must have a 0 at the top, (no carry). Similarly, ifthe letter at position x is any of the last four, then the letter at position x + 1 must have a 1 atthe top.

496

(c) The first letter of a sum word must have a 0 at the top (no initial carry), and the last lettermust generate no carry.

We produce formulas capturing conditions (a)-(c). We first need two auxiliary formulas:

Exactly one(x,C, X,Y) := (x ∈ C ∧ x < X ∧ x < Y) ∨ (x < C ∧ x ∈ X ∧ x ∈ Y) ∨

(x < C ∧ x < X ∧ x ∈ Y)

At least two(x,C, X,Y) := (x ∈ C ∨ x ∈ X ∨ x ∈ Y) ∧ ¬Exactly one(x,C,X,Y)

Now we have:

• Formula for condition (a) :

Sum Bits(C, X,Y,Z) := ∀x(x < Z ↔ Exactly one(x,C, X,Y)

)• Formula for condition (b):

Generates Carry(x) := At least two(x,C, X,Y)

Carry Bits(C, X,Y) := ∀x∀y((¬last(x) ∧ y = k + 1)→ (y ∈ C ↔ Generates Carry(x))

)• Formula for condition (c):

Bounds(C, X,Y) := ∀x((first(x)→ x < C) ∧ (last(x)→ ¬Generates Carry(x))

)• Final formula: the numbers encoded by the sets X and Y add up to the number encoded by Z

if there exists a set of carry bits C such that C, X,Y,Z satisfy conditions (a)-(c). So we get:

Sum(X,Y,Z) := ∃C Sum Bits(C, X,Y,Z) ∧ Carry Bits(C, X,Y) ∧ Bounds(C, X,Y)


497

498

Exercise 122 Express the following expressions in Presburger arithmetic:

• x = 0 and y = 1 (if 0 and 1 were not part of the syntax),

• z = max(x, y) and z = min(x, y).

Solution:

• x = x + x and (x ≤ y) ∧ ¬(∃z : ¬(z ≤ x) ∧ ¬(y ≤ z),

• ((y ≤ x)→ (z = x)) ∧ ((x ≤ y)→ (z = y)) and ((y ≤ x)→ (z = y)) ∧ ((x ≤ y)→ (z = x)).

Exercise 123 It is possibly to algorithmically decide whether two formulas from Presburger arith-metic have the same solutions.

Solution: Given two formulas ϕ1 and ϕ2 over the same free variables, we can construct automataA1 and A2 respectively for ϕ1 and ϕ2. It suffices to check whether L (A1) = L (A2).

Exercise 124 Let r ≥ 0 and n ≥ 1. Give a Presburger formula ϕ such that J |= ϕ if, and only if,J(x) ≥ J(y) and J(x)− J(y) ≡ r (mod n). Give an automaton that accepts its solutions of ϕ for r = 0and n = 2.

Solution: Recall that since n is a constant, we can multiply a variable by n via iterated addition.The formulas is as follows:

ϕ(x, y) = (x ≥ y) ∧ (∃a, b∨

0≤r′<n

(x − y = n · a + r′) ∧ (r = n · b + r′))

Note that the right conjunct can be omitted if r ≥ n.Let k ∈ N and x, y ∈ Σk. First note that val(x) − val(y) ≡ 0 (mod 2) if, and only if, val(x) and

val(y) are either both odd or both even. Thus, the first bit of x and y should be the same. Moreover,val(x) ≥ val(y) if, and only if, x = y or if there exists ` ∈ [k] such that x` = 1, y` = 0, and xi ≥ yi

for every ` < i ≤ k. These observations yield the following automaton:

[00

],

[11

][00

],

[11

],

[10

] [01

]

[10

]

[00

],

[11

],

[01

]

Exercise 125 Construct a finite automaton for the Presburger formula ∃y (x = 3y) using the 3algorithms of the chapter.

499

Solution: We can rewrite the formula as ∃y (x − 3y = 0). We first use EqtoDFA to obtain anautomaton for the expression x − 3y = 0:

Iter. Current automaton W

0 0 0

1

0 1

[00

] [11

]1

2 0 1 2

[00

] [11

]

[10

]

[01

]2

3 0 1 2

[00

] [11

]

[10

]

[11

][01

]

[00

]∅

It remains to project the automaton on x, i.e. on the first component of the letters. We obtain:

500

0 1 2

01

1

10

0

Exercise 126 AFtoDFA returns a DFA recognizing all solutions of a given linear inequation `

a1x1 + a2x2 + . . . + akxk ≤ b with a1, a2, . . . , ak, b ∈ Z (∗)

encoded using the lsbf encoding of INk. We may also use the most-significant-bit-first (msbf) en-coding, e.g.,

msbf([

23

])= L

([00

]∗ [ 11

] [01

])1. Construct a finite automaton for the inequation 2x − y ≤ 2 w.r.t. msbf encoding.

2. Adapt AFtoDFA to the msbf encoding.MB: Simply reverse the au-

tomaton?Exercise 127 Consider the extension of FO(Σ) where addition of variables is allowed. Give asentence of this logic for palindromes over a, b, i.e. w ∈ a, b∗ : w = wR.

Solution:

(¬∃x first(x)) ∨ (∃x, y first(x) ∧ last(y) ∧∨a∈Σ

(Qa(x) ∧ Qa(y)) ∧

[∀x′, y′, ` (x′ = x + ` ∧ y = y′ + `)→∨a∈Σ

(Qa(x′) ∧ Qa(y′))]) .

Exercise 128 It is late and you are craving for nuggets. Since you are stuck in the subway, you `have no idea how hungry you will be when reaching the restaurant. Since nuggets are only sold inboxes of 6, 9 and 20, you wonder if it will be possible to buy exactly the amount of nuggets youwill be craving for when arriving. You also wonder whether it is always possible to buy the exactamount of nuggets if one is hungry enough. Luckily, you can answer these questions since you arequite knowledgeable about Presburger arithmetic and automata theory.

For every finite set S ⊆ IN, let us say that n ∈ IN is an S -number if n can be obtained as alinear combination of elements of S . For example, if S = 6, 9, 20, then 67 is an S -number since67 = 3 ·6 + 1 ·9 + 2 ·20, but 25 is not. For some sets S , there are only finitely many numbers whichare not S -numbers. When this is the case, we say that the largest number which is not an S -numberis the Frobenius number of S . For example, 7 is the Frobenius number of 3, 5, and S = 2, 4 hasno Frobenius number.

To answer your questions, it suffices to come up with algorithms for Frobenius numbers and toinstantiate them with S = 6, 9, 20.

501

1. Give an algorithm that decides, on input n ∈ IN and a subset S ⊆finite IN, whether n is anS -number.

2. Give an algorithm that decides, on input S ⊆finite IN, whether S has a Frobenius number.

3. Give an algorithm that computes, on input S ⊆finite IN, the Frobenius number of S (assumingit exists).

4. Show that S = 6, 9, 20 has a Frobenius number, and identify this number.

Solution:

1. Let S = a1, a2, . . . , ak. A number n ∈ IN is an S -number iff there exist x1, x2, . . . , xk ∈ INsuch that n = a1x1 + a2x2 + . . .+ akxk which is equivalent to n− a1x1 − a2x2 − . . .− akxk = 0.Therefore, given S , we do the following:

(a) Construct a transducer A that accepts the solutions of y − a1x1 − a2x2 − . . . − akxk = 0(using EqtoDFA);

(b) Construct an automaton B obtained by projecting A onto y;

(c) Test whether lsbf(n) is accepted by B;

(d) Return true iff lsbf(n) is accepted.

Note that A is a DFA, but B might be an NFA due to the projection.

2. Let B the automaton constructed in (a). Note that S has a Frobenius number iff n ∈ IN :lsbf(n) < L(B) is finite. This suggests to complement B. Since B is an NFA, we must firstconvert it to a DFA B′ and then complement B′. Let C be the resulting DFA.

To test whether S has a Frobenius number, it is now tempting to test whether L(C) is finite.This is however incorrect. Indeed, every natural number has infinitely many lsbf encod-ings, e.g. 2 is encoded by 010∗. Thus, L(C) will be infinite even if C accepts finitely manynumbers.

To address this issue, we prune L(C) by keeping only the minimal encoding of each numberaccepted by C. Note that an lsbf encoding is minimal iff it does not contain any trailing 0.Thus, we can construct a DFA M that accepts the set of minimal lsbf encodings:

0

1 2

0 1

0

1

0

1

502

To prune L(C) of the redundant lsbf encodings, we construct a new DFA D obtained byintersecting C with M.

It remains to test whether L(D) is finite. By construction, every state of D is reachable fromthe initial state. However, due to our transformations, it may be the case that some states ofD cannot reach a final state. We may remove these states in linear time. This can be done by(implicitly) reversing the arcs of D (seen as graph) and then performing a depth-first searchfrom the final states. The states which are not explored by the search are removed from D.

Let D′ be the resulting DFA. Testing whether L(D′) is finite amounts to testing whether D′

contains no cycle. This can be done in linear time using a depth-first search.

The overall algorithm is as follows:

(a) Convert B to a DFA B′,

(b) Obtain a new DFA C by complementing B′,

(c) Obtain a new DFA D by intersecting C with M,

(d) Obtain a new DFA D′ by removing every state of D that cannot reach some final state,

(e) Test whether D′ contains a cycle.

(f) Return true iff D′ contains no cycle.

Let us show that it is indeed the case that L(D′) is finite iff D′ has no cycle. Equivalently, wemay show that L(D′) is infinite iff D′ contains a cycle. Let D′ = (Q, 0, 1, δ, q0, F).

⇒) Assume L(D′) is infinite. By assumption, D′ accepts a word w such that |w| = m for somem > |Q|. Let q0, q1, . . . , qm ∈ Q be such that q0

w1−−→ q1

w2−−→ q2 · · ·

wm−−→ qm. By the pigeonhole

principle, there exist 0 ≤ i < j ≤ m such that qi = q j. Therefore, D′ contains the cycle

qiwi+1−−−→ qi+1

wi+2−−−→ · · ·

w j−−→ qi.

⇐) Assume D′ contains a cycle qv−→ q for some q ∈ Q and v ∈ 0, 1+. By construction of

D′, state q is reachable from q0, and q can reach some final state q f ∈ F. Therefore, thereexist u,w ∈ 0, 1∗ such that

q0u−→ q

v−→ q

w−→ q f .

Since qv−→ q can be iterated arbitrarily many times, every word of uv∗w is accepted by D′,

which implies that L(D′) is infinite.

3. Assume S has a Frobenius number. Let D′ be the DFA obtained in (b). The Frobenius num-ber of S is the largest natural number n accepted by D′. By assumption, L(D′) is finite. Thus,we could find n by using a brute force approach where we go through all words accepted byD′. It is however possible to find n much more efficiently with dynamic programming.

503

Observe that D′ is acyclic. Therefore, we may compute a topological ordering q0, q1, . . . , qm

of Q. For every 0 ≤ i ≤ m, let ì = argmaxw∈Livalue(w) where Li = w ∈ 0, 1∗ : q0

w−→ qi.

Due to the topological ordering, each ì can be computed as follows:

ì =

ε if i = 0,argmaxw∈Wvalue(w) where W = ` j · a : 0 ≤ j < i, a ∈ 0, 1, δ(q j, a) = qi if i > 0.

Once each ì is computed, we can easily derive n since n = maxvalue(ì) : qi ∈ F.

To test whether value(u) ≥ value(v), it is not necessary to convert u and v to their numericalvalues. Instead, the test can be carried by testing whether u is greater or equal to v under thecolexicographic ordering, i.e. uR lex vR.

4. By constructing automaton D′ for S = 6, 9, 20, we observe that D′ has no cycle. Therefore,S has a Frobenius number. By executing the procedure described in (c), we obtain 43 as theFrobenius number of S .

Exercise 129 Automata are more expressive than Presburger arithmetic. They can represent:

ϕ(x, y) = “x is the largest power of 2 that divides x”, and

ψ(x, y) = “x is the largest power of 2 smaller or equal to x”,

while Presburger arithmetic can express neither ϕ, nor ψ. Give automata representing ϕ and ψ,where numbers are over IN and given with a lsbf encoding.

Solution: The automata for ϕ and ψ are respectively as follows:[00

][11

][00

],

[10

] [00

],

[10

][11

][00

]

504


505

506

Exercise 130 Construct Buchi automata and ω-regular expressions, as small as possible, recogniz-ing the following languages over the alphabet a, b, c. Recall that inf (w) denotes the set of lettersof a, b, c that occur infinitely often in w.

(1) w ∈ a, b, cω | a, b ⊇ inf (w)

(2) w ∈ a, b, cω | a, b = inf (w)

(3) w ∈ a, b, cω | a, b ⊆ inf (w)

(4) w ∈ a, b, cω | a, b, c = inf (w)

(5) w ∈ a, b, cω | if a ∈ inf (w) then b, c ⊆ in f (w)

Solution: The automata are shown in Figure 15.7. We sketch the argument of why they recognizethe specified languages. (1) The automaton must recognize the set of words containing only finitely

q0 q1

a, b, c

a, b

a, b

q0 q1 q2

a, b, c

a, b

a, ba

b

q0

q1

q2

a, b, c a

bc

cb

q0

q1

q2

q3

a, b, c

b, c

a

a, c

b

a, b

c

q0

q1

q2

q3

a, b, c

b, c

a

a, c

b

a, b

c

Figure 15.7: Automata for (1)-(5).

many c. Every word with finitely many cs is acepted: the automaton just moves to q1 after the last

507

c. Conversely, every accepting run must eventually move to q1, and so the word accepted containsonly finitely many c.(2) The automaton must recognize the ω-words containing infinitely many a, infinitely many b, butonly finitely many c.

Every such ω-word is accepted by the automaton in the figure: the automaton moves to q1 afterthe last c. The rest of the word contains only a and b, both inifnitely many times. So the wordcontains infinitely many occurrences of ab. At each of them the automaton takes the loop throughq2. Conversely, every accepted word contains only finitely many c, because after moving to q1 nofurther c can be read, and both infinitely many as and bs, because every accepting run must visit q2infinitely often, and each visit contributes an a and a b.(3) The automaton recognizes all words containing infinitely many as and infinitely many bs, andeither finitely or infinitely many cs. To show that every such word is accepted by the automatonwe have to modify the argument of (2): now every word in the language contains infinitely manysubwords of ac∗b, and the automaton accepts the word by moving to q1 at each of these subwords.For the converse, it is clear that every visit to q1 requires to read an a and a b, and so every acceptedword contains both letters infinitely often. Notice that we cannot remove q2 and add a self-looplabeled by c to q1, because then the automaton would accept for instance acω.(4) The automaton recognizes all words containing infinitely many as, bs, and cs. The argument issimilar to that of (2), but now we ensure that between and two visits to the final state the automatonhas read at least one a, one b, and one c. Observe that the order doesn’t matter: if all three lettersoccur infinitely often, we know that after any letter we will eventually see again any of the others.(5) We add a new final state to the automaton for (4). Every word accepted by (4) is accepted now.The new accepting runs eventually stay on q1, and accept all the words containing finitely many as.

Here are ω-regular expressions for the five languages:

(1) (a + b + c)∗(a + b)ω

(2) (a + b + c)∗(aa∗bb∗)ω

(3)((b + c)∗a(a + c)∗b

)ω(4)

((b + c)∗a(a + c)∗b(a + b)∗c

)ω(5) (a + b + c)∗

(b + c + a(a + c)∗b(a + b)∗c

)ωExercise 131 Give deterministic Buchi automata accepting the following ω-languages over Σ =

a, b, c:

(1) L1 = w ∈ Σω : w contains at least one c,

(2) L2 = w ∈ Σω : in w, every a is immediately followed by a b,

(3) L3 = w ∈ Σω : in w, between two successive a’s there are at least two b’s.

508

Solution: Here are automata for (1) and (2):

a, b

c

a, b, c

b

b, ca

b

Here is a first automaton for (3):

b, c

a

c

b

c

b

b, c

a

We can even give an automaton with 3 states:

b, c

b

c

b

c

a

Exercise 132 Prove or disprove:

1. For every Buchi automaton A, there exists a NBA B with a single initial state and such thatLω(A) = Lω(B).

2. For every Buchi automaton A, there exists a NBA B with a single accepting state and suchthat Lω(A) = Lω(B).

Solution:

1. True. The construction for NFAs still work for Buchi automata.

Let B = (Q,Σ, δ,Q0, F) be a Buchi automaton. We add a state to Q which acts as the singleinitial state. More formally, we define B′ = (Q ∪ qinit,Σ, δ

′, qinit, F) where

δ′(q, a) =

⋃

q0∈Q0 δ(q0, a) if q = qinit,

δ(q, a) otherwise.

We have Lω(B) = Lω(B′), since there exists q0 ∈ Q0 such that

q0a1−−−→

Bq1

a2−−−→

Bq2

a3−−−→

B· · ·

509

if and only ifqinit

a1−−−→

B′q1

a2−−−→

B′q2

a3−−−→

B′· · ·

2. False. Let L = aω, bω. Suppose there exists a Buchi automaton B = (Q, a, b, δ,Q0, q)such that Lω(B) = L. Since aω ∈ L, there exist q0 ∈ Q0, m ≥ 0 and n > 0 such that

q0am

−−−→ qan

−−−→ q.

Similarly, since bω ∈ L, there exist q′0 ∈ Q0, m′ ≥ 0 and n′ > 0 such that

q′0bm′

−−−→ qbn′

−−−→ q.

This implies that

q0am

−−−→ qbn′

−−−→ qbn′

−−−→ · · ·

Therefore, am(bn′)ω ∈ L, which is a contradiction.

Exercise 133 Recall that every finite set of finite words is a regular language. We prove that notevery finite set of ω-words is an ω-regular language.

(1) Prove that every ω-regular language contains an ultimately periodic ω-word, i.e., an ω-wordof the form u vω for some finite words w, v.

(2) Give an ω-word w such that w is not an ω-regular language.

Solution:

(1) Let L be an ω-regular language. Then some NBA B = (Q, 0, 1, δ,Q0, F) recognizes L.Since Q is finite, there exist u ∈ Σ∗, v ∈ Σ+, q0 ∈ Q0 and q ∈ F such that q0

u−−→ q

v−−→ q, and

so u vω ∈ L.

(2) Let w ∈ 0, 1ω be the word given by

wi =

1 if i is a square,0 otherwise.

We prove that w is not ultimately periodic, which, by (1), implies that w is not ω-regular.Assume w = u vω for some u ∈ 0, 1∗, v ∈ 0, 1+. If v ∈ 0∗, then we obtain a contradiction.Thus, there exists 1 ≤ i ≤ |v| such that vi = 1. Let m = |u| + i and n = |v|. By definition of w,m + j · n is a square for every j ≥ 0. In particular, there exist 0 < a < b such that

m + n · n = a2 and m + n · n + n = b2 .

Note that a ≥ n. Moreover,

b2 = a2 + n ≤ a2 + a < a2 + 2a + 1 = (a + 1)2.

Therefore a2 < b2 < (a + 1)2 which is a contradiction.

510

Exercise 134 (Duret-Lutz) An ω-automaton has acceptance on transitions if the acceptance con-dition specifies which transitions must appear finitely or infinitely often in a run, instead of whichstates. All classes of ω-automata (Buchi, Rabin, etc.) can be defined with acceptance on states, oracceptance on transitions.

Give minimal deterministic automata for the language of words over a, b containing infinitelymany a and infinitely many b. of the following kinds (1) Buchi, (2) generalized Buchi, (3) Buchiwith acceptance on transitions, and (4) generalized Buchi with acceptance on transitions.

Solution: In the last three automata the colors indicate the sets of accepting states or transitions.

q0

q1

q2

a

b

a

b

ab

q0

q1

a

b

b

a

q0

q1

a

b

b

a q0

a

b

Exercise 135 Consider the class of non deterministic automata over infinite words with the fol-lowing acceptance condition: an infinite run is accepting if it visits a final state at least once. Showthat no such automaton accepts the language of all words over a, b containing infinitely many aand infinitely many b.

Solution: Suppose there exists such an automaton B = (Q, a, b, δ,Q0, F) recognizing L. Sincew = ab|Q|ab|Q| · · · belongs to L, there exist u, v ∈ a, b∗, q0 ∈ Q0, qacc ∈ F, nnd q0, q1, . . . q|Q| ∈ Qsuch that

q0u−−→ qacc

v−−→ q0

b−−→ q1

b−−→ · · ·

b−−→ q|Q|

By the pigeonhole principle, there exist 0 ≤ i < j ≤ |Q| such that qi = q j. Therefore,

q0u−−→ qacc

vbi

−−−→ qib j−i

−−−−→ q jb j−i

−−−−→ q jb j−i

−−−−→ · · ·

We conclude that uvbi(b j−i)ω is accepted by B, which is a contradiction.

Exercise 136 The limit of a language L ⊆ Σ∗, denoted by lim(L), is the ω-language defined asfollows: w ∈ lim(L) iff infinitely many prefixes of w are words of L. For example, the limit of (ab)∗

is (ab)ω.

(1) Determine the limit of the following regular languages over a, b: (i) (a+b)∗a; (ii) (a+b)∗a∗;(iii) the set of words containing an even number of as; (iv) a∗b.

511

(2) Prove: An ω-language is recognizable by a deterministic Buchi automaton iff it is the limitof a regular language.

(3) Exhibit a non-regular language whose limit is ω-regular.

(4) Exhibit a non-regular language whose limit is not ω-regular.

Solution: (1) (i) The set of ω-words containing infinitely many a. (ii) The set of ω-wordscontaining finitely many b. (iii) The set of all ω-words containing infinitely many as, plus the setof all ω-words containing a finite, even number of a. (iv) The empty ω-language.

(2) Let B be a deterministic Buchi automaton recognizing an ω-language L. Look at B as a DFA,and let L′ be the regular language recognized by B. We prove L = lim(L′). If w ∈ lim(L′), then B(as a DFA) accepts infinitely many prefixes of w. Since B is deterministic, the runs of B on theseprefixes are prefixes of the unique infinite run of B (as a DBA) on w. So the infinite run visitsaccepting states infinitely often, and so w ∈ L. If w ∈ L, then the unique run of B on w (as a DBA)visits accepting states infinitely often, and so infinitely many prefixes of w are accepted by B (as aDFA). So w ∈ lim(L′).

(3). Let L = an2| n ≥ 0. Then lim(L) = aω, which is ω-regular, although L is not regular.

Alternatively, if L = anbn | n ≥ 0, then lim(L) = ∅, which is also ω-regular.

(4) Let L = anbncm | n,m ≥ 0. Then lim(L) = anbncω | n ≥ 0. Assume this language isω-regular. Then it is recognized by a Buchi automaton B. By the pigeonhole principle, there aredistinct numbers n1, n2 and two accepting runs ρ1, ρ2 of B on an1bn1cω and an2bn2cω such that thestate reached in ρ1 after reading an1 and the state eached in ρ2 after reading an2 coincide. But thenB must also accept an1bn2cω, contradicting the assumption that B recognizes L.

Exercise 137 Let L1 = (ab)ω, and let L2 be the language of all words containing infinitely many aand infinitely many b (both languages over the alphabet a, b).

(1) Show that no DBA with at most two states recognizes L1 or L2.

(2) Exhibit two different DBAs with three states recognizing L1.

(3) Exhibit six different DBAs with three states recognizing L2.

Solution: (1) Assume there is a DBA B with at most two states recognizing L1. Since L1 isnonempty, B has at least one accepting state, say q. Consider the transitions leaving q labeledby a and b. If any of them leads to q again, then B accepts an ω-word of the form waω or wbω

for some finite word w and some letter x. Since no word of this shape belongs to L1, we reach

a contradiction. So B must have two states q, q′, and transitions ta = qa−−→ q′ and tb = q

b−−→ q′.

Consider any accepting run ρ of B. If the word accepted by the run does not belong to L1, we aredone. So assume it belongs to L1. Since ρ is accepting, it contains some occurrence of ta or tb.

512

Consider the run ρ′ obtained by exchanging the first occurrence of one of them by the other (thatis, if ta occurs first, then replace it by tb, and vice versa). Then ρ′ is an accepting run, and the wordit accepts is the result of turning an a into a b, or vice versa. In both cases, the resulting word doesnot belong to L1; so we each again a contradiction, and we are done.

The proof for L2 is identical, just replace L1 by L2 in the proof above.

(2) The two DBAs for L1 are the one below, and the one in which q1 is made the only final state,instead of q0.

q0

q1

q2

a

b

ba

a, b

(3) Here are two different DBAs for L2. We obtain two further DBAs from each of them by makingq1 or q2 the initial state.

q0 q1q2

a

b

a

b

b

aq0

q1

q2

a, b

b

a

a

b

Exercise 138 Find ω-regular expressions (the shorter the better) for the following languages:

(1) w ∈ a, bω | k is even for each subword bakb of w

(2) w ∈ a, bω | w has no occurrence of bab

513

Solution: (1) (b∗(aa)∗)ω. (2) (b∗(ε + aaa∗))ω or, one character shorter, (b∗(aaa∗)∗)ω.

Exercise 139 In Definition 3.19 we have introduced the quotient A/P of a NFA A with respect to apartition P of its states. In Lemma 3.21 we have proved L (A) = L (A/P`) for the language partitionP` that puts two states q1, q2 in same block iff LA(q1) = LA(q2).

Let B = (Q,Σ, δ,Q0, F) be a NBA. Given a partition P of Q, define the quotient B/P of B withrespect to P exactly as for NFA.

(1) Let P` be the partition of Q that puts two states q1, q2 of B in same block iff Lω,B(q1) =

Lω,B(q2), where Lω,B(q) denotes the ω-language containing the words accepted by B with qhas initial state. Does Lω(B) = Lω(B/P`) always hold ?

(2) Let CSR be the coarsest stable refinement of the equivalence relation with equivalence classesF,Q \ F. Does Lω(A) = Lω(A/CSR) always hold ?

Solution: (1) No. The first automaton of the solution of Exercise 134, which is even a deter-ministic Buchi automaton, is a counterexample. All states accept the same language: the wordscontaining infinitely many a and infinitely many b. The quotient is an automaton with one singlestate, both initial and accepting, and recognizes the set of all words.

(2) Yes. The relation CSR partitions the set of states into blocks such that the states of ablock are either all final or all nonfinal (because every equivalence class of CSR is included inF or Q \ F). Moreover, since CSR is stable, for every two states q, r of a block of CSR and forevery (q, a, q′) ∈ δ, there is a transition (r, a, r′) such that q′, r′ belong to the same block. Thisimplies L (q) = L (r), because every run q

a1−−−→ q1

a2−−−→ q2 · · · qn−1

an−−−→ qn can be “matched” by a

run ra1−−−→ r1

a2−−−→ r2 · · · rn−1

an−−−→ rn in such a way that for every i ≥ 1 the states qi, ri belong to the

same block, and so, in particular, qn is final if and only if rn is final, which implies a1 . . . an ∈ L (q)if and only if a1 . . . an ∈ L (r).

Observe that we not only have that qn and rn are both final or nonfinal: the same holds for everypair qi, ri. Moreover, the property also holds forω-words: every infinite run q

a1−−−→ q1

a2−−−→ q2

a3−−−→ q3 · · ·

is “matched” by an infinite run ra1−−−→ r1

a2−−−→ r2

a3−−−→ r3 · · · so that for every i ≥ 1 the states qi, ri are

both accepting or non-accepting. This immediately proves Lω(A) = Lω(A/CSR).

Exercise 140 Let L be anω-language over Σ, and let w ∈ Σ∗. The w-residual of L is theω-languageLw = w′ ∈ Σω | w w′ ∈ L. An ω-language L′ is a residual of L if L′ = Lw for some word w ∈ Σ∗.

We show that the theorem stating that a language of finite words is regular iff it has finitelymany residuals does not extend to ω-regular languages.

(1) Prove: If L is an ω-regular language, then it has finitely many residuals.

(2) Disprove: Every ω-language with finitely many residuals is ω-regular.Hint: Let w be a non-ultimately-periodic ω-word and consider the language Tailw of infinitetails of w.

514

Solution:

(1) Let B = (Q,Σ, δ,Q0, F) be a NBA recognizing L. For every Q′ ⊆ Q, let Lω(Q′) be thelanguage recognized by B with Q′ as set of initial states, instead of Q0. Fore every w ∈ Σ∗,let Qw be the set of states q ∈ Q such that q0

w−−→ q for some q0 ∈ Q0. Clearly, we have

Lw = Lω(Qw). Therefore, L has at most 2|Q| residuals.

(2) Let w be any non-ultimately periodic ω-word (for example, the word in the proof of Exercise??. Let Tailw be the set of all infinite suffixes of w, and define L = Σ∗ Tailw, where Σ is thealphabet of letters that appear in w. We claim:

– L has only one residual.Let w1,w2 ∈ Σ∗ be arbitrary words. We prove Lw1 = Lw2 . Let w′ ∈ Lw1 . By thedefinition of residual and of L, we have w1 w′ ∈ Σ∗ Tailw. Since Tailw is closed undersuffix (i.e., if an ω-word belongs to Tailw then so do all their suffixes), we have w′ = u vfor some v ∈ Tailw. So w2 u v ∈ Σ∗ Tailw, which implies w2 w′ ∈ L, and so w′ ∈ Lw2 .

– L is not ω-regular.Assume L is ω-regular. By Exercise 133, L contains an ultimately periodic word u vω.But then some tail of w is of the form u′ vω, and so w = u′′ vω for some word u′′,contradicting that w is not ultimately periodic.

Exercise 141 The solution to Exercise 139(2) shows that the reduction algorithm for NFAs thatcomputes the partition CSR of a given NFA A and constructs the quotient A/CSR can also beapplied to NBAs. Generalize the algorithm so that it works for NGAs.

Solution: Let B = (Q,Σ, δ, q0, F1, . . . , Fn) ba a NGA. Consider the partition of Q into blocksgiven by: two states q, r belong to the same block if for every i ∈ 1, . . . , n either q, r ⊆ Fi

or q, r ∩ Fi = ∅. Define CSR′ as the coarsest stable refinement of this new partition. Forevery two states q, r belonging to the same block of CSR′, we now have that every infinite runq

a1−−−→ q1

a2−−−→ q2

a3−−−→ q3 · · · is “matched” by a run r

a1−−−→ r1

a2−−−→ r2

a3−−−→ r3 · · · so that for every i ≥ 1

and for every j ∈ 1, . . . , n either qi, ri ⊆ F j or qi, ri ∩ F j = ∅. So we get Lω(B) = Lω(B/CSR′).

Exercise 142 Show that for every NCA there is an equivalent NBA.

Solution: We show that for every NCA A = (Q,Σ, δ,Q0, F) there is an equivalent NBA B. Ob-serve that the co-Buchi accepting condition inf(ρ) ∩ F = ∅ is equivalent to inf(ρ) ⊆ Q \ F. Thiscondition holds iff ρ has an infinite suffix that only visits states of Q \ F. We construct B in twostages. In the first stage we take two copies of A, that we call A0 and A1, and put them side by side;A0 is a full copy, containing all states and transitions of A, and A1 is a partial copy, containing onlythe states of Q \ F and the transitions between these states. We let [q, 0] denote the copy a stateq ∈ Q in A0, and [q, 1] the copy of state q ∈ Q \ F in A1. In the second stage we add some transi-tions that “jump” from A0 to A1: for every transition [q, 0]

a−−→[q′, 0] of A0 such that q′ ∈ Q \ F, we

515

add a transition [q, 0]a−−→[q′, 1] that “jumps” to [q′, 1], the “twin state” of [q′, 0] in A1 (notice that

[q, 0]a−−→[q′, 1] does not replace [q, 0]

a−−→[q′, 0], it is an additional transition). As initial states of B

we choose the copies of Q0 in A0, i.e., the set [q, 0] | q ∈ Q0, and as accepting states all the statesof A1. So a run of B is accepting iff it visits states of A1 infinitely often.

We claim that L (A) = L (B). Let w ∈ L (A). Then there is a run ρ of A on w such thatinf ρ ∩ F = ∅. It follows that ρ = ρ0 ρ1, where ρ0 is a finite prefix of ρ, and ρ1 is an infinite suffixthat only contains states of Q \ F. Let ρ′ be the run of B on w that simulates ρ0 on A0, and then“jumps” to A1 and simulates ρ1 in A1. Notice that ρ′ exists because ρ1 only visits states of Q \ F.Since all states of A1 are accepting, ρ′ is an accepting run of the NBA B, and so w ∈ L (B).

Conversely, let w ∈ L (B). Then there is an accepting run ρ of B on w. So ρ visits states of A1infinitely often. Since a run of B that enters A1 can never return to A0 (there are no “back-jumps”from A1 to A0,) ρ has an infinite suffix ρ1 that only visits states of A1, i.e., states [q, 1] such thatq ∈ Q \ F. Let ρ′ be the result of replacing [q, 0] and [q, 1] by q everywhere in ρ. Clearly, ρ′ is arun of A on w that only visits F finitely often. So ρ′ is an accepting run of A, and w ∈ L (A).

Exercise 143 Let L = w ∈ a, bω | w contains finitely many a

(1) Give a deterministic Rabin automaton for L.

(2) Give a NBA for L and try to “determinize” it by using the NFA to DFA powerset construction.Which is the language accepted by the deterministic automaton?

(3) What ω-language is accepted by the following Muller automaton with acceptance condition q0, q1, q2 ? And with acceptance condition q0, q1, q1, q2, q2, q0 ?

q2

q0 q1

a b

c

a, b, c

a, b, ca, b, c

(4) Show that any Buchi automaton that accepts the ω-language of (c) (with the first acceptancecondition) has more than 3 states.

(5) For every m, n ∈ N>0, let Lm,n be the ω-language over a, b described by the ω-regularexpression (a + b)∗((ambb)ω + (anbb)ω).

(i) Describe a family of Buchi automata accepting the family ofω-languages Lm,nm,n∈N>0 .

(ii) Show that there exists c ∈ N such that for every m, n ∈ N>0 the language Lm,n isaccepted by a Rabin automaton with at most max(m, n) + c states.

516

(iii) Modify your construction in (ii) to obtain Muller automata instead of Rabin automata.

(iv) Convert the Rabin automaton for Lm,n obtained in (ii) into a Buchi automaton.

Solution:

(1) The following DRA, with acceptance condition (q1, q0

) , i.e. a run is accepting iff it

visits q1 infinitely often and q0 finitely often, recognizes L:

q0 q1

a

b

b

a

(2) This NBA accepts L:

q0 q1

a, b

b

b

The powerset construction yields the DBA below. It recognizes the language a ∗ bω, whichis different from (a + b)∗bω:

q0 q0, q1

a

b

b

(3) With the first acceptance condition the language is Σ∗(aω + bω + cω). With the second theautomaton does not accept any word. Indeed, every run that visits both q0 and q1 infinitelyoften must also visit q2 infinitely often, and the same holds for q1 and q2, and for q2 and q0.

(4) Assume there exists a Buchi automaton B = (Q,Σ, δ,Q0, F) such that |Q| ≤ 3 and Lω(B) isthe ω-language of (c). For every ω-word σ ∈ Σω, let wσ = abcσω. Since wa,wb,wc ∈ Lω(B),a pigeonhole argument shows that there exist p1, p2, p3 ∈ Q0, q1, q2, q3 ∈ F, m1,m2,m3 ∈ N

and n1, n2, n3 ∈ N>0 such that

p1abcam1−−−−−−→ q1

an1−−−→ q1 p2

abcbm2−−−−−−→ q2

bn2−−−→ q2 p3

abccm3−−−−−−→ q3

cn3−−−→ q3 .

We must have qi , q j for every i , j, otherwise we would obtain a contradiction. Forexample, if q1 = q2, we have

p1abcam1−−−−−−→ q2

an1−−−→ q2

bn2−−−→ q2

an1−−−→ · · ·

517

which is a contradiction since abcam1(an1bn2)ω < Lω(B). Therefore, |Q| = 3 and Q =

q1, q2, q3.

We have pi , qi for every i ∈ [3], otherwise we would again obtain a contradiction. Forexample, if p1 = q1, we have

p1abcam1−−−−−−→ p1

abcam1−−−−−−→ · · ·

which is a contradiction since (abcam1)ω < Lω(B).

Suppose p1 = q2. If p2 = q1, then (abcam1abcbm2)ω ∈ Lω(B), which is a contradiction.Hence, p2 = q3. If p3 = q2, then (abcam2abcbm3)ω ∈ Lω(B), which is a contradiction.Hence, p3 = q1. This also yields a contradiction since it implies (abcan1abccn3abcbn2)ω. Weconclude that p1 , q2.

A similar argument shows that p1 , q3, which contradicts |Q| = 3.

(5) (i)

q0p0

p1

p2

pm+1

pm

r0

r1

rn

rn+1a, b

a aa

ab

b a

b

b

a

a

(ii) Let m, n ∈ N>0. Let x = min(m, n) and y = max(m, n). The following Rabin automatonBm,n with acceptance condition

( r, s ) , ( s, r )

(that is, a run is accepting iff it

visits exactly one of the two states r and s infinitely often) recognizes Lm,n:

p0

p1

px

s

py

rq0

a, b

a

a

b

b

b

b

a

a

Observe that Bm,n has max(m, n) + 3 states.

518

(iii) We keep the same automaton Bm,n, but we change the acceptance condition to:p0, p1, . . . , px, r , p0, p1, . . . , py, s

.

(iv) The conversion of Bm,n into a Buchi automaton yields:

a, b

a

a, b

a

a, ba, baa a

b

b

b

b

a

b

b

a

b

b

b

b

a

b

b

a

a

a

a

a

a

a

a

a

a

a

a

ab

b

b

ab

bb


519

520

Exercise 144 Construct the intersection of the two following Buchi automata: 3

p q r

A: b

a

c

a

b

s t

B: a

a, c

b

Solution:

p, s, A q, s, A

q, t, A r, t, A

q, s, B

q, t, B r, t, B

a

a

b ac

b

ac

a

Exercise 145

1. Give deterministic Buchi automata for languages La, Lb, and Lc where Lσ = w ∈ a, b, cω :w contains infinitely many σ’s, and build the intersection of these automata.

2. Give Buchi automata for the following ω-languages:

• L1 = w ∈ a, bω : w contains infinitely many a’s,

• L2 = w ∈ a, bω : w contains finitely many b’s,

• L3 = w ∈ a, bω : each occurrence of a in w is followed by a b,

and build the intersection of these automata.

Solution:

1. The following deterministic Buchi automata respectively accept La, Lb and Lc:

521

p0 p1 q0 q1 r0 r1

b, c

a

a

b, c

a, c

b

b

a, c

a, b

c

c

a, b

Taking their intersection leads to the following deterministic Buchi automaton:

p1, q0, r0

p0, q1, r0

p0, q0, r1

p0, q0, r0

p1, q0, r0

p0, q1, r0

p0, q0, r1

p1, q0, r0

p0, q1, r0

p0, q0, r1

a

b

c

a

b

c

a

b

c

a

b

c

a

b

c

a

b

c

a

b

c

a

b

c

a

b

c

a

b

c

As seen in a previous exercise, the language La∩Lb∩Lb is accepted by a smaller deterministicBuchi automaton:

b, cb, cb, c

a

b

c

a, ca, b

a

522

2. The following Buchi automata respectively accept L1, L2 and L3:

p0 p1 q0 q1 r0 r1

b

a

a

b

a, b

a

a b

a

b

Taking the intersection of these automata leads to the following Buchi automaton:

p0, q0, r0 p1, q0, r1

p1, q1, r1

p0, q0, r0 p1, q0, r1

p1, q1, r1

b

a

a b

b

a

a

b

Note that this automaton accepts ∅.

Exercise 146 Consider the following Buchi automaton over Σ = a, b:

q0 q1

a, b b

b

1. Sketch dag(ababω) and dag((ab)ω).

2. Let rw be the ranking of dag(w) defined by

rw(q, i) =

1 if q = q0 and 〈q0, i〉 appears in dag(w),0 if q = q1 and 〈q1, i〉 appears in dag(w),⊥ otherwise.

Are rababω and r(ab)ω odd rankings?

3. Show that rw is an odd ranking if and only if w < Lω(B).

4. Build a Buchi automaton accepting Lω(B)) using the construction seen in class. (Hint: by (c),it is sufficient to use 0, 1 as ranks.)

523

Solution:

1. dag(ababω):

q0, 0 q0, 1 q0, 2

q1, 2

q0, 3 q0, 4

q1, 4

a b

b

a b

b

b

b

b

dag((ab)ω):

q0, 0 q0, 1 q0, 2

q1, 2

q0, 3 q0, 4

q1, 4

a b

b

a b

b

a

2. • r is not an odd rank for dag(ababω) since

〈q0, 0〉a−→ 〈q0, 1〉

b−→ 〈q0, 2〉

a−→ 〈q0, 3〉

b−→ 〈q1, 4〉

b−→ 〈q1, 5〉

b−→ · · ·

is an infinite path of dag(ababω) not visiting odd nodes infinitely often.

• r is an odd rank for dag((ab)ω) since it has a single infinite path:

〈q0, 0〉a−→ 〈q0, 1〉

b−→ 〈q0, 2〉

a−→ 〈q0, 3〉

b−→ 〈q0, 4〉

a−→ 〈q0, 5〉

b−→ · · ·

which only visits odd nodes.

3. ⇒) Let w ∈ Lω(B). We have w = ubω for some u ∈ a, b∗. This implies that

〈q0, 0〉u−→ 〈q0, |u|〉

b−→ 〈q1, |u| + 1〉

b−→ 〈q1, |u| + 2〉

b−→ · · ·

is an infinite path of dag(w). Since this path does not visit odd nodes infinitely often, r is notodd for dag(w).

524

⇐) Let w < Lω(B). Suppose there exists an infinite path of dag(w) that does not visit oddnodes infinitely often. At some point, this path must only visit nodes of the form 〈q1, i〉.Therefore, there exists u ∈ a, b∗ such that

〈q0, 0〉u−→ 〈q1, |u|〉

b−→ 〈q1, |u| + 1〉

b−→ 〈q1, |u| + 2〉

b−→ · · · .

This implies that w = ubω ∈ Lω(B) which is contradiction.

4. By (c), for every w ∈ a, bω, if dag(w) has an odd ranking, then it has one ranging over 0and 1. Therefore, it suffices to execute CompNBA with rankings ranging over 0 and 1. Weobtain the following Buchi automaton:

1⊥

∅

0⊥

q0

00

q0, q1

10q1

a

b

a

ba

b

a

b

b

a b

Actually, by (c), it is sufficient to only explore the blue states as they correspond to the familyof rankings rw : w ∈ Σω.

Exercise 147 Design (not necessarily efficient) algorithms for the following decision problems: `

1. Given finite words u, v, x, y ∈ Σ∗, decide whether the ω-words u vω and x yω are equal.

2. Given a Buchi automaton A and finite words u, v, decide whether A accepts the ω-word u vω.

Solution:

1. We construct Buchi automata Buv and Bxy recognizing u vω and x yω; construct a Buchiautomaton B such that Lω(B) = Lω(Buv) ∩ Lω(Bxy); and check whether B accepts the emptylanguage.

2. We construct a Buchi automaton Buv recognizing u vω; construct a Buchi automaton B suchthat Lω(B) = Lω(Buv) ∩ Lω(A); and check whether B accepts the empty language.

Exercise 148 Show that for every DBA A with n states there is an NBA B with 2n states such thatLω(B) = Lω(A). Explain why your construction does not work for NBAs.

525

Solution: Observe that A rejects a word w iff its single run on w stops visiting accepting states atsome point. Hence, we construct an NBA B that reads a prefix as in A and non deterministicallydecides to stop visiting accepting states by moving to a copy of A without its accepting states.

More precisely, we assume that each letter can be read from each state of A, i.e. that A iscomplete. If this is not the case, it suffices to add a rejecting sink state to A. The NBA B consistsof two copies of A. The first copy is exactly as A. The second copy is as A but restricted to itsnon accepting states. We add transitions from the first copy to the second one as follows. For eachtransition (p, a, q) of A, we add a transition that reads letter a from state p of the first copy to stateq of the second copy. All states of the first copy are made non accepting and all states of the secondcopy are made accepting. Note that B contains at most 2n states as desired.

Here is an example of the construction:

p q r s

A: b

a

c

a

b

c

b

a, c

a, b, c

p q r s

B:

q s

b

a

c

a

b

a, b, c

c

b

a, c

a

cb

a, b, c

c

b

a, c

c

b

a, b, c

This construction does not work on NBAs. Indeed, we have Lω(A) = Lω(B) = aω below:

p q

A: a

a

a

p q

B:

p

a

a

aa

a

a

Exercise 149 A Buchi automaton A = (Q,Σ, δ,Q0, F) is weak if no strongly connected component (SCC) of A contains both accepting and non-accepting states, that is, every SCC C ⊆ Q satisfieseither C ⊆ F or C ⊆ Q \ F.

526

1. Prove that a Buchi automaton A is weak iff for every run ρ either inf (ρ) ⊆ F or inf (ρ) ⊆ Q\F.

2. Prove that the algorithms for union, intersection, and complementation of DFAs are alsocorrect for weak DBAs. More precisely, show that the algorithms return weak DBAs recog-nizing the union, intersection, and complement, respectively, of the languages of the inputautomata.

Solution:

1. For every run ρ, any two states of inf (ρ) are necessarily reachable from each other, and soinf (ρ) is contained in a SCC of A. Let Cρ be this SCC.

If A is weak, then either Cρ ⊆ F or Cρ ⊆ Q \ F, and so inf (ρ) ⊆ F or inf (ρ) ⊆ Q \ F.

Assume now that for every run ρ either inf (ρ) ⊆ F or inf (ρ) ⊆ Q \ F. Let C be an arbitrarySCC of A. Then there is a word w such that the run of A on w satisfies inf (ρ) = C. So C ⊆ For C ⊆ Q \ F.

2. We consider first the complementation algorithm CompDFA on page 4.1.2. Recall that thealgorithm simply exchanges accepting and non-accepting states. Let A = (Q,Σ, δ, q0, F) be aweak DBA, and let A = CompDFA(A). Since the SCCs of A and A coincide, A is also a weakDBA. Moreover, for every ω-word w, both A and A have the same run ρ on w. If A acceptsw, then by (1) we have inf (ρ) ⊆ F, and so A does not acept w. If A does not accepts w, thenby (1) we have inf (ρ) ⊆ Q \ F, and so A accepts w.

We consider now the algorithm for intersection. Let A1 = (Q1,Σ, δ1, q01, F1) and A2 =

(Q2,Σ, δ2, q02, F2) be weak DBAs. Recall that the algorithm for intersection (the result ofinstantiating algorithm BinOp on page 4.1.3 with the boolean operator “and”) constructs adeterministic automaton A with set of states Q1 × Q2, initial state [q01, q02] and set of finalstates F1 × F2. Given an ω-word w, we have:

ρ1 = q01a1−−−→ q11

a2−−−→ q21 . . . q(n−1)1

an−−−→ qn1 · · ·

ρ2 = q02a1−−−→ q12

a2−−−→ q22 . . . q(n−1)2

an−−−→ qn2 · · ·

are the runs of A1 and A2 on w if and only if

ρ =

[q01q02

]a1−−−→

[q11q12

]a2−−−→

[q21q22

]. . .

[q(n−1)1q(n−1)2

]an−−−→

[qn1qn2

]· · ·

is the run of A on w.

We first show that A is weak. By (1), it suffices to show that for every run ρ either inf (ρ) ⊆ For inf (ρ) ⊆ Q \ F. Consider two cases:

• ρ only visits states of F finitely often. Then inf (ρ) ⊆ Q \ F

527

• ρ visits states of F infinitely often. Then, since F = F1 × F2, both ρ1 and ρ2 visit statesof F1 and F2 infinitely often. Since A1 and A2 are weak, we have inf (ρ1) ⊆ F1 andinf (ρ2) ⊆ F2. So there are indices i1, i2 such that q j1 ∈ F1 for every j ≥ i1, and q j2 ∈ F2for every j ≥ i2. Taking i = maxi1, i2, we get [q j1, q j2] ∈ F for every j ≥ i, and soinf (ρ) ⊆ F.

Now we prove Lω(A) = Lω(A1) ∩ Lω(A2). Let ρ1, ρ2 and ρ be the runs of A1, A2 and A on aword w.

• If w ∈ Lω(A), then Lω(A1) ∩ Lω(A2) Assume ρ is accepting. Then it visits F1 × F2infinitely often, and so ρ1 and ρ2 visit F1 and F2 infinitely often.

• If w ∈ Lω(A1)∩Lω(A2), then w ∈ Lω(A). Assume ρ1 and ρ2 are accepting. Then, by (a),we have inf (ρ1) ⊆ F1 and inf (ρ2) ⊆ F2. So there are indices i1, i2 such that q1 j ∈ F1 forevery j ≥ i1, and q2 j ∈ F2 for every j ≥ i2. Taking i = maxi1, i2, we get [q1 j, q2 j] ∈ Ffor every j ≥ i, and so ρ is an accepting run of A. So w ∈ Lω(A)

Exercise 150 Give algorithms that directly complement deterministic Muller and parity automata, `without going through Buchi automata.

Solution: Let us consider the case of a deterministic Muller automaton A with acceptance condi-tion F = F0, . . . , Fm−1 ⊆ 2Q. Since every ω-word w has a single run ρw in A, we have w < Lω(A)iff inf(ρw) ∈ 2Q \ F. Thus, to complement A, we change its acceptance condition to F′ = 2Q \ F.

Let us consider the case of a deterministic parity automaton A with acceptance condition F1 ⊆

· · · ⊆ F2n. Since every ω-word w has a single run ρw in A, we have w ∈ Lω(A) iff mini :inf(ρw) ∩ Fi , ∅ is even. Therefore, to complement A, it suffices to “swap the parity” of states.This can be achieved by adding a new dummy state ⊥ to A and changing its acceptance conditionto ⊥ ⊆ (F1 ∪ ⊥) ⊆ · · · ⊆ (F2n ∪ ⊥), where the purpose of ⊥ is simply to keep the chain ofinclusion required by the definition. MB: Double check this solu-

tion.Exercise 151 Let A = (Q,Σ, q0, δ, 〈F0,G0〉, . . . , 〈Fm−1,Gm−1〉) be a deterministic automaton. What is the relation between the languages recognized by A seen as a deterministic Rabin automa-ton and seen as a deterministic Streett automaton?

Solution: They accept the complement of their respective languages. Indeed, their runs areunique, by determinism, and the acceptance condition of a Street automaton is the negation ofthe acceptance condition of a Rabin automaton.

Exercise 152 Consider Buchi automata with universal accepting condition (UBA): an ω-word w is accepted if every run of the automaton on w is accepting, i.e., if every run of the automaton on wvisits accepting states infinitely often.

Recall that automata on finite words with existential and universal accepting conditions recog-nize the same languages. Prove that is no longer the case for automata on ω-words by showing

528

that for every UBA there is a DBA that recognizes the same language. (This implies that theω-languages recognized by UBAs are a proper subset of ω-regular languages.)

Hint: On input w, the DBA checks that every path of dag(w) visits some final state infinitelyoften. The states of the DBA are pairs (Q′,O) of sets of the UBA where O ⊆ Q′ is a set of “owing”states. Loosely speaking, the transition relation is defined to satisfy the following property: afterreading a prefix w′ of w, the DBA is at the state (Q′,O) given by:

• Q′ is the set of states reached by the runs of the UBA on w′.

• O is the subset of states of Q′ that “owe” a visit to a final state of the UBA (See the construc-tion for the complement of a Buchi automaton.)

Solution:UBAtoDBA(A)Input: Buchi automaton A = (Q,Σ, δ,Q0, F) with universal accepting conditionOutput: DBA B = (Q,Σ,∆,Q0,F) with L (B) = L (A)

1 Q,∆,F ← ∅;2 if q0 ∈ F then Q0 ← (q0, ∅)3 else Q0 ← (q0, q0)4 W = Q0

5 while W , ∅ do6 pick (Q′,O) from W

7 add (Q′,O) to Q

8 if O = ∅ then add (Q′,O) to F

9 for all a ∈ Σ do10 Q′′ ← δ(Q′, a)11 if O = ∅ then12 if (Q′′,Q′′ F ) < Q then add (Q′′,Q′′ \ F) to W

13 else14 O′ ← δ(O, a)15 if (Q′′,O′) < Q then add (Q′′,O′) to W

Exercise 153 Describe an algorithm that decides whether a given Buchi automaton accepts a finite `language.

Solution: We claim that L (A) is infinite iff there exist x, y ∈ Σ∗, u, v ∈ Σ+, p0 ∈ Q0, q ∈ Q andr ∈ F s.t.

• p0x−→ q

u−→ q

y−→ r

v−→ r,

• |x|, |y|, |u|, |v| ≤ |Q|, and

529

• L (u∗y) * L(yv∗pref(v)

), where pref is the set of prefixes of v.

Note that these conditions can be tested exhaustively due to the bounds on the words.⇐) If the conditions hold, then xuiyvω : i ∈ IN ⊆ L (A) is infinite. Indeed, let i , j and

k = max(i, j) − min(i, j). Suppose xuiyvω = xu jyvω. In particular, ukyvω = yvω. Since k > 0, thismeans that u is a prefix of yvω and hence of yv∗pref(v), which is a contradiction.⇒) Since F is finite, there exists an infinite subset w0,w1, . . . ⊆ L (A) such that each ω-word

wi is read from a common initial state p0 ∈ Q and visits a common accepting state r ∈ F infinitelyoften. More precisely, for every i ∈ IN, we have:

p0w′i−−→ r

vi−→ r for some wi = w′iv

ωi with |vi| ≤ |Q|.

If there exist i , j such that vi is not a prefix of v∗jpref(v j), then we are done as we have

p0w′i−−→ r

vi−→ r

ε−→ r

v j−→ r.

Hence, assume it is not the case. Without loss of generality, we may assume that v0, v1, . . . areordered lexicographically (by length first). By assumption and by |vi| ≤ |vi+1|, each word vi is aprefix of vi+1. This implies that w′i , w′j for all i < j, as we would otherwise derive the contradictionwi = w′iv

ωi = w′jv

ωj = w j.

Let I = i ∈ IN : |w′i | > |Q|. For every i ∈ I, there exist xi, ui, yi ∈ Σ∗, qi ∈ Q and ni ∈ IN with

• ui, yi ≤ |Q|,

• w′i = xiunii yi,

• p0xi−→ qi

ui−→ qi

yi−→ r.

MB: I’m stuck! Am I over-

think this problem? It’s more

subtle than expected

530


531

532

Exercise 154 Let B be the following Buchi automaton:

q0 q1

q2

q6

q3

q5 q4 q7 q8

a

b a

b

b

a

ab

a

a ba

1. Execute the emptiness algorithm NestedDFS on B.

2. Recall that NestedDFS is a non deterministic algorithm and different choices of runs mayreturn different lassos. Which lassos of B can be found by NestedDFS?

3. Show that NestedDFS is non optimal by exhibiting some search sequence on B.

4. Execute the emptiness algorithm TwoStack on B.

5. Which lassos of B can be found by TwoStack?

Solution:

1. Let us assume that the algorithms always pick states in ascending order with respect to theirindices. dfs1 visits q0, q1, q2, q3, q4, q5, q6, then calls dfs2 which visits q6, q1, q2, q3, q4, q5, q6and reports “non empty”.

2. Since q7 does not belong to any lasso, only lassos containing q1 or q6 can be found. Inevery run of the algorithm, dfs1 blackens q6 before q1. The only lasso containing q6 is:q0, q1, q3, q4, q6, q1. Therefore, this is the only lasso that can be found by the algorithm.

3. The execution given in (a) shows that NestedDFS is non optimal since it returns the lassoq0, q1, q3, q4, q6, q1 even though the lasso q0, q1, q2, q1 was already appearing in the exploredsubgraph.

4. Let us assume that the algorithms always pick states in ascending order with respect to theirindices. The algorithm reports “non empty” after the following execution:

C.push(q0)V.push(q0)−−−−−−→

C V

q0 q0


C V

q1 q1q0 q0


C Vq2 q2q1 q1q0 q0

C.pop()−−−−−→

C Vq2

q1 q1q0 q0

C.pop()−−−−−→

C Vq2q1

q0 q0

533

5. All of them. The lasso q0, q1, q2, q1 is found by the above execution. The lasso q0, q1, q3, q4, q6, q1is found by the following execution:


C V

q0 q0


C V

q1 q1q0 q0


C V

q3 q3q1 q1q0 q0


C V

q4 q4q3 q3q1 q1q0 q0


C Vq6 q6q4 q4q3 q3q1 q1q0 q0

C.pop()−−−−−→

C Vq6


The lasso q0, q1, q3, q4, q5, q1 is found by the following execution:


C V

q0 q0


C V

q1 q1q0 q0


C V

q3 q3q1 q1q0 q0


C V



C Vq5 q5q4 q4q3 q3q1 q1q0 q0

C.pop()−−−−−→

C Vq5


C.pop()−−−−−→

C Vq5q4

q3 q3q1 q1q0 q0

C.pop()−−−−−→

C Vq5q4q3

q1 q1q0 q0

C.pop()−−−−−→

C Vq5q4q3q1

q0 q0

Exercise 155 Let A be a NBA, and let At be the sub-NBA of A containing the states and transitionsexplored by a DFS up to (and including) time t. Prove: If a state q belongs to some cycle of A, thenit already belongs to some cycle of A f [q].

Solution: Let π be a cycle containing q, and consider the snapshot of the DFS at time f [q]. Letr be the last state of π after q such that all states in the subpath from q to r are black. We havef [r] ≤ f [q]. If r = q, then π is a cycle of A f [q], and we are done. If r , q, let s be the successorof r in π (see Figure 15.8). We have f [r] < f [q] < f [s]. Moreover, since all successors of r havenecessarily been discovered at time f [r], we have d[s] < f [r] < f [q] < f [s]. By the Parenthesistheorem, s is a DFS-ascendant of q. Let π′ be the cycle obtained by concatenating the DFS-pathfrom s to q, the prefix of π from q to r, and the transition (r, s). By the Parenthesis Theorem, all thetransitions in this path have been explored at time f [q], and so the cycle belongs to A f [q]

534

π

π′

q

r

s

Figure 15.8: Illustration of the proof of Lemma ??

Exercise 156 A Buchi automaton is weak if none of its strongly connected components containsboth accepting and non-accepting states. Give an emptiness algorithm for weak Buchi automata.What is the complexity of the algorithm?

Solution: The idea is to maintain a set V of the gray vertices: when a d f s meets a gray state r,by the gray-path theorem this means that there is a cycle with r in it, and since we are consideringweak Buchi automata it suffices to check if r is gray.

The following algorithm works in linear time:

Input: Weak Buchi automaton B = (Q,Σ, δ, q0, F).Output: Lω(B) = ∅?

1 S ,V ← ∅2 dfs(q0)

3 report “empty”4

5 dfs(q):6 S.add(q)7 V.add(q)8 for r ∈ succ(q) do9 if r < S then

10 dfs(r)11 else if r ∈ V and r ∈ F then12 report “non empty”13 V.remove(q)

The space complexity is O(|V |), as we maintain two sets S ,V that can both contain at most allthe nodes of the graph. The time complexity is O(|V | + |E|), same as DFS.

535

Exercise 157 Consider Muller automata whose accepting condition contains one single set ofstates F, i.e., a run ρ is accepting if inf (ρ) = F. Transform TwoStack into a linear algorithmfor checking emptiness of these automata.Hint: Consider the version of TwoStack for NGAs.

Solution: I think this works: Conduct a DFS until a final state is found. From that moment onconsider only final states (the others become ”invisible”). Use the technique of TwoStack to storethe states visited.

Exercise 158 (1) Given R, S ⊆ Q, define pre+(R, S ) as the set of ascendants q of R such thatthere is a path from q to R that contains only states of S . Give an algorithm to computepre+(R, S ).

(2) Consider the following modification of Emerson-Lei’s algorithm:

MEL2(A)Input: NBA A = (Q,Σ, δ,Q0, F)Output: EMP if Lω(A) = ∅, NEMP other-wise

1 L← Q2 repeat3 OldL← L4 L← pre+(L ∩ F, L)5 until L = OldL6 if q0 ∈ L then report NEMP7 else report NEMP

Is MEL2 correct? What is the difference between the sequences of sets computed by MELand MEL2?

536


537

538

Exercise 159 Prove formally the following equivalences:

1. ¬Xϕ ≡ X¬ϕ

2. ¬Fϕ ≡ G¬ϕ

3. ¬Gϕ ≡ F¬ϕ

4. XFϕ ≡ FXϕ

5. XGϕ ≡ GXϕ

Solution:

1. σ |= ¬Xϕ ⇐⇒ σ 6|= Xϕ⇐⇒ σ1 6|= ϕ

⇐⇒ σ1 |= ¬ϕ

⇐⇒ σ |= X¬ϕ.

2. σ |= ¬Fϕ ⇐⇒ ¬(σ |= Fϕ)⇐⇒ ¬(∃k ≥ 0 σk |= ϕ)⇐⇒ ∀k ≥ 0 ¬(σk |= ϕ)⇐⇒ ∀k ≥ 0 σk |= ¬ϕ

⇐⇒ G¬ϕ.

3. σ |= ¬Gϕ ⇐⇒ ¬(σ |= Gϕ)⇐⇒ ¬(∀k ≥ 0 σk |= ϕ)⇐⇒ ∃k ≥ 0 ¬(σk |= ϕ)⇐⇒ ∃k ≥ 0 σk |= ¬ϕ

⇐⇒ F¬ϕ.

4. σ |= XFϕ ⇐⇒ σ1 |= Fϕ⇐⇒ ∃k ≥ 0 s.t. (σ1)k |= ϕ

⇐⇒ ∃k ≥ 0 s.t. (σk)1 |= ϕ

⇐⇒ ∃k ≥ 0 s.t. σk |= Xϕ⇐⇒ σ |= FXϕ.

5. σ |= XGϕ ⇐⇒ σ1 |= Gϕ⇐⇒ ∀k ≥ 0 (σ1)k |= ϕ

⇐⇒ ∀k ≥ 0 σk |= Xϕ⇐⇒ σ |= GXϕ

Exercise 160 (Santos Laboratory). The weak until operator W has the following semantics:

• σ |= φ1 W φ2 iff there exists k ≥ 0 such that σk |= φ2 and σi |= φ1 for all 0 ≤ i < k, orσk |= φ1 for every k ≥ 0.

Prove: p W q ≡ Gp ∨ (p U q) ≡ F¬p→ (p U q) ≡ p U (q ∨Gp).

539

Solution:

• p W q ≡ Gp ∨ (p U q).Follows immediately from the definitions.

• Gp ∨ (p U q) ≡ F¬p→ (p U q).We have: Gp ∨ (p U q) ≡ ¬(F¬p) ∨ (p U q) ≡ F¬p→ (p U q).

• Gp ∨ (p U q) ≡ p U (q ∨Gp).Assume σ |= Gp ∨ (p U q) holds. If σ |= Gp , then σ |= ϕ U (ψ ∨Gp) for every ϕ, ψ. Ifσ |= p U q, then σ |= p U (ψ ∨Gp) for every ψ.

Assume σ |= p U (q ∨Gp). Then there exists k ≥ 0 such that σk |= q ∨ Gp and σi |= p forall 0 ≤ i < k. If σk |= q, then σ |= p U q. If σk |= Gp, then σi |= p for all 0 ≤ i, and soσ |= Gp. So σ |= Gp ∨ (p U q).

Exercise 161 Let AP = p, q and let Σ = 2AP. Give LTL formulas defining the following lan-guages:

1. p, q ∅ Σω

2. Σ∗ (p + p, q) Σ∗ q Σω

3. Σ∗ qω

4. p∗ q∗ ∅ω

Solution:

1. (p ∧ q) ∧ X(¬p ∧ ¬q)

2. F(p ∧ XF(¬q ∧ q))

3. F(¬p ∧ q)

4. (p ∧ ¬q) U ((¬p ∧ q) U G(¬p ∧ ¬q))

Exercise 162 (Santos Laboratory with additions from Salomon Sickert). Let AP = p, q, r. Giveformulas that hold for the computations satisfying the following properties. If in doubt about whatthe property really means, choose an interpretation, and explicitly indicate your choice. Here aretwo solved examples:

• p is false before q: Fq→ (¬p U q).

• p becomes true before q: ¬q W (p ∧ ¬q).

Now it is your turn:

• p is true between q and r.

• p precedes q before r.

• p precedes q after r.

540

• after p and q eventually r.

• p alternates between true and false.

• p, and only p, holds at even positions and q, and only q, holds at odd positions.

Solution: Here are some possible solutions:

• p is true between q and r: G((q ∧ ¬r ∧ Fr)→ (p U r)

)We interpret it as “if q holds now and r holds at some point in the future, then p holds untilr holds.

• p precedes q before r: Fr → ¬q U (p ∨ r).We interpret it as “before r holds for the first time, then q remains false until either p or rhold”.

• p precedes q after r: ¬r W (r ∧ (¬q W (p ∧ XFq))).We interpret it as “either r never holds, or after its first occurrence q never holds, or after itsfirst occurrence p occurs before q”.

• after p and q eventually r: ¬p W (p ∧ (¬q W (q ∧ Fr))) ∧ ¬q W (q ∧ (¬p W (p ∧ Fr))).We interpret it as “if p and q occur, in any order, then r occurs at some point after they haveboth occurred for the first time”. To model “in any order” we explicitly consider the twopossible orders.

• p alternates between true and false: G(p↔ X¬p).

• p, and only p, holds at even positions and q, and only q, holds at odd positions: p ∧G(p↔ ¬q) ∧G¬r ∧G(p↔ Xq)

Exercise 163 Let AP = p, q and let Σ = 2AP. Give Buchi automata for the ω-languages over Σ

defined by the following LTL formulas:

1. XG¬p

2. (GFp)→ (Fq)

3. p ∧ ¬(XFp)

4. G(p U (p→ q))

5. Fq→ (¬q U (¬q ∧ p))

Solution:

1.Σ

∅, q

541

2. Note that GFp → Fq ≡ ¬(GFp) ∨ Fq ≡ FG¬p ∨ Fq. We build Buchi automata for FG¬pand Fq, and take their union:

Σ ∅, qq, ∅

q, p, qΣ

3. Note that p ∧ ¬(XFp) ≡ p ∧ XG¬p. We build a Buchi automaton for p ∧ XG¬p:

p, p, q

∅, q

4.

p

∅, q, p, q

∅, q, p, q

p

5.

∅

p

Σ

Exercise 164 ich of the following equivalences hold?

1. X(ϕ ∨ ψ) ≡ Xϕ ∨ Xψ

2. X(ϕ ∧ ψ) ≡ Xϕ ∧ Xψ

3. X(ϕ U ψ) ≡ (Xϕ U Xψ)

4. F(ϕ ∨ ψ) ≡ Fϕ ∨ Fψ

5. F(ϕ ∧ ψ) ≡ Fϕ ∧ Fψ

6. G(ϕ ∨ ψ) ≡ Gϕ ∨Gψ

7. G(ϕ ∧ ψ) ≡ Gϕ ∧Gψ

8. GF(ϕ ∨ ψ) ≡ GFϕ ∨GFψ

9. GF(ϕ ∧ ψ) ≡ GFϕ ∧GFψ

10. ρ U (ϕ ∨ ψ) ≡ (ρ U ϕ) ∨ (ρ U ψ)

11. (ϕ ∨ ψ) U ρ ≡ (ϕ U ρ) ∨ (ψ U ρ)

12. ρ U (ϕ ∧ ψ) ≡ (ϕ U ρ) ∧ (ψ U ρ)

13. (ϕ ∧ ψ) U ρ ≡ (ϕ U ρ) ∧ (ψ U ρ)

542

Solution:

(1-2) Both (1) and (2) hold. Let ∈ ∨,∧. We have

σ |= X(ϕ ψ) ⇐⇒ σ1 |= (ϕ ψ)

⇐⇒ (σ1 |= ϕ) (σ1 |= ψ)

⇐⇒ σ |= Xϕ σ |= Xψ.

3. True, since:

σ |= X(ϕ U ψ) ⇐⇒ σ1 |= (ϕ U ψ)

⇐⇒ ∃k ≥ 0 s.t. (σ1)k |= ϕ and ∀0 ≤ i < k (σ1)i |= ψ

⇐⇒ ∃k ≥ 0 s.t. (σk)1 |= ϕ and ∀0 ≤ i < k (σi)1 |= ψ

⇐⇒ ∃k ≥ 0 s.t. σk |= Xϕ and σi |= Xψ for every 0 ≤ i < k

⇐⇒ σ |= (Xϕ) U (Xψ).

4. True, since:

σ |= F(ϕ ∨ ψ) ⇐⇒ ∃k ≥ 0 s.t. σk |= (ϕ ∨ ψ)

⇐⇒ ∃k ≥ 0 s.t. (σk |= ϕ) ∨ (σk |= ψ)

⇐⇒ (∃k ≥ 0 s.t. σk |= ϕ) ∨ (∃k ≥ 0 s.t. σk |= ψ)

⇐⇒ σ |= Fϕ ∨ Fψ.

5. False. Let σ = pq∅ω. We have σ |= Fp ∧ Fq and σ 6|= F(ϕ ∧ ψ).

6. False. Let σ = (pq)ω. We have σ |= G(p ∨ q) and σ 6|= Gp ∨Gq.

7. True, since:

σ |= G(ϕ ∧ ψ) ⇐⇒ ∀k ≥ 0 σk |= (ϕ ∧ ψ)

⇐⇒ ∀k ≥ 0 (σk |= ϕ) ∧ (σk |= ψ)

⇐⇒ (∀k ≥ 0 σk |= ϕ) ∧ (∀k ≥ 0 σk |= ψ)

⇐⇒ σ |= Gϕ ∧Gψ.

8. True. If σ |= GFϕ ∨ GFψ, then σ |= GF(ϕ ∨ ψ). If σ |= GF(ϕ ∨ ψ), then there existi0 < i1 < · · · such that

σi j |= ϕ ∨ ψ for every j ∈ N. (15.10)

Let I = j ∈ N : σi j |= ϕ and J = j ∈ N : σi j |= ψ. If I and J are both finite, then (15.10)does not hold, which is a contradiction. Therefore, at least one of I and J is infinite. Thisimplies that σ |= GFϕ ∨GFψ.

543

9. False. Let σ = (pq)ω. We have σ 6|= GF(p ∧ q) and σ |= GFp ∧GFq.

10. True, since:

σ |= ρ U (ϕ ∨ ψ) ⇐⇒ ∃k ≥ 0 s.t. σk |= (ϕ ∨ ψ) and ∀0 ≤ i < k σi |= ρ

⇐⇒ ∃k ≥ 0 s.t. ((σk |= ϕ) ∨ (σk |= ψ)) and ∀0 ≤ i < k σi |= ρ

⇐⇒ ∃k ≥ 0 s.t. (σk |= ϕ and ∀0 ≤ i < k σi |= ρ) ∨ (σk |= ψ and ∀0 ≤ i < k σi |= ρ)

⇐⇒ (∃k ≥ 0 s.t. σk |= ϕ and ∀0 ≤ i < k σi |= ρ) ∨ (∃k ≥ 0 s.t. σk |= ψ and ∀0 ≤ i < k σi |= ρ)

⇐⇒ σ |= (ρ U ϕ) ∨ (ρ U ψ).

11. False. Let σ = pqr∅ω. We have σ |= (p ∨ q) U r and σ 6|= (p U r) ∨ (q U r).

12. False. Let σ = rp, rq∅ω. We have σ 6|= r U (p ∧ q) and σ |= (r U p) ∧ (r U q).

13. True, since:

σ |= (ϕ ∧ ψ) U ρ ⇐⇒ ∃k ≥ 0 s.t. σk |= ρ and ∀0 ≤ i < k σi |= (ϕ ∧ ψ)

⇐⇒ ∃k ≥ 0 s.t. σk |= ρ and ∀0 ≤ i < k (σi |= ϕ ∧ σi |= ψ)

⇐⇒ ∃k ≥ 0 s.t. (σk |= ρ and ∀0 ≤ i < k σi |= ϕ) ∧ (σk |= ρ and ∀0 ≤ i < k σi |= ψ)(1)⇐⇒ (∃m ≥ 0 s.t. σm |= ρ and ∀0 ≤ i < m σi |= ϕ) ∧ (∃n ≥ 0 s.t. σn |= ρ and ∀0 ≤ i < n σi |= ψ)

⇐⇒ σ |= (ϕ U ρ) ∧ (ψ U ρ).

where(1)⇐= follows by taking k = min(m, n).

Exercise 165 Prove FGp ≡ VFGp and GFp ≡ VGFp for every sequence V ∈ F,G∗ of thetemporal operators F and G .

Solution: Given two formulas φ, ψ of LTL, we denote by φ |= ψ that every computation satisfyingφ satisfies ψ. Clearly, we have φ ≡ σ iff φ |= ψ and ψ |= φ. We prove several little lemmas.

(1) For every formula φ: FFφ ≡ Fφ and GGφ ≡ Gφ.Follows immediately from the definitions.

(2) For every formula φ: Gφ |= φ and φ |= Fφ.Follows immediately from the definitions.

(3) For every formula φ: FGφ ≡ GFGφ.GFGφ |= FGφ by (2). FGφ |= GFGφ because if there is point at a computation suchthat from this point onwards φ always holds, then the same is true of every suffix of thecomputation.

544

(4) For every formula φ: GFφ ≡ FGFφ.GFφ |= FGFφ by (2). FGFφ |= GFφ because if p holds at infinitely many points of somesuffix of a computation, then it also holds at infinitely many points of the computation.

We prove FGp ≡ VFGp by induction on the length of V. If V = ε, we are done. If V = YF, thenwe have VFGp ≡ YFGp by (1), and if V = YG, then we have the same equivalence by (3). Byinduction hypothesis we get YFGp ≡ FGp. The other equivalence is proved similarly.

Exercise 166 (Schwoon). Which of the following formulas of LTL are tautologies? (A formula isa tautology if all computations satisfy it.) If the formula is not a tautology, give a computation thatdoes not satisfy it.

• Gp→ Fp

• G(p→ q)→ (Gp→ Gq)

• F(p ∧ q)↔ (Fp ∧ Fq)

• ¬Fp→ F¬Fp

• (Gp→ Fq)↔ (p U (¬p ∨ q))

• (FGp→ GFq)↔ G(p U (¬p ∨ q))

• G(p→ Xp)→ (p→ Gp).

Solution: The formulas in red are tautologies.

• Gp→ Fp.Follows immediately from the definitions of F and G.

• G(p→ q)→ (Gp→ Gq).The left-hand-side states that any point of the computation satisfying p also satisfies q.Therefore, if every point satisfies p, tehn every point satisfies q.

• F(p ∧ q)↔ (Fp ∧ Fq).The computation p q ∅ω satisfies Fp ∧ Fq but not F(p ∧ q).

• ¬Fp→ F¬Fp.The formula φ→ Fφ is clearly a tautology for every formula φ. Take φ = ¬Fp.

• (Gp→ Fq)↔ (p U (¬p ∨ q)).The left-hand-side is equivalent to F¬p ∨ Fq ≡ F(¬p ∨ q). If the right-hand-side holds,then some point of the computation satisfies ¬p ∨ q, and so the left-hand-side holds. If theleft-hand-side holds, then there exists a first point at which ¬p ∨ q holds, and. since it isthe first, all points before it satisfy p ∧ ¬q, and so in particular they all satisfy p. So theright-hand-side holds as well.

545

• (FGp→ GFq)↔ G(p U (¬p ∨ q)).The left-hand-side is equivalent to GF¬p ∨GFp, which is equivalent to GF(¬p ∨ q) (recallthat GF means “infinitely often”). If the right-hand-side holds, then every point satisfiesF¬p∨GFp, and so for every point some future point satisfies ¬p∨ q, which implies that theleft-hand-side holds. If the left-hand-side holds, then infinitely many points satisfy ¬p ∨ q,and all others satisfy p. Therefore, every point satisfies G(p U (¬p ∨ q)).

• G(p→ Xp)→ (p→ Gp).We have G(p→ Xp)→ (p→ Gp) ≡ F(p ∧ ¬Xp)∨¬p∨Gp ≡ F¬p∨Gp, which is clearlya tautology.

Exercise 167 In this exercise we show how to construct a deterministic Buchi automaton fornegation-free LTL formulas. Let ϕ be a formula of LTLAP of atomic propositions, and let ν ∈ 2AP.We inductively define the formula af (ϕ, ν) as follows:

af (true, ν) = trueaf (false, ν) = false

af (a, ν) =

true if a ∈ ν

false if a < ν

af (¬a, ν) =

false if a ∈ ν

true if a < ν

af (ϕ ∧ ψ, ν) = af (ϕ, ν) ∧ af (ψ, ν)af (ϕ ∨ ψ, ν) = af (ϕ, ν) ∨ af (ψ, ν)

af (Xϕ, ν) = ϕ

af (ϕ U ψ, ν) = af (ψ, ν) ∨ (af (ϕ, ν) ∧ ϕ U ψ)

We extend the definition to finite words: af (ϕ, ε) = ϕ; and af (ϕ, νw) = af (af (ϕ, ν),w) for everyν ∈ 2AP and every finite word w. Prove:

(a) For every formula ϕ, finite word w ∈(2AP

)∗and ω-word w′ ∈

(2AP

)ω:

w w′ |= ϕ iff w′ |= af (ϕ,w) .

So, intuitively, af (ϕ,w) is the formula that must hold “after reading w” so that ϕ holds “atthe beginning” of the ω-word w w′.

(b) For every negation-free formula ϕ: w |= ϕ iff af (ϕ,w′) ≡ true for some finite prefix w′ of w.

(c) For every formula ϕ and ω-word w ∈(2AP

)ω: af (ϕ,w) is a boolean combination of proper

subformulas of ϕ.

(d) For every formula ϕ of length n: the set of formulas af (ϕ,w) | w ∈(2AP

)∗ has at most 22n

equivalence classes up to LTL-equivalence.

(e) Use (b)-(d) to construct a deterministic Buchi automaton recognizing Lω(ϕ) with at most 22n

states.

546

Solution: (a) First we prove the property when w is a single letter ν ⊆ AP, i.e., we prove

νw′ |= ϕ iff w′ |= af (ϕ, ν) (15.11)

We prove (15.11) by structural induction on ϕ. We only consider two representative cases.

- ϕ = a. Then:

νw′ |= a

implies a ∈ ν

implies af (a, ν) = trueimplies w′ |= af (a, ν)

νw′ 6|= a

implies a < ν (semantics of LTL)implies af (a, ν) = false (def. of af )implies w′ 6|= af (a, ν)

- ϕ = ϕ′ U ϕ′′. Then:

νw′ |= ϕ′ U ϕ′′

iff νw′ |= ϕ′′ ∨ (ϕ′ ∧ X(ϕ′ U ϕ′′)

iff(νw′ |= ϕ′′) ∨

((νw′ |= ϕ′) ∧

(w′ |= ϕ′ U ϕ′′

))(semantics of LTL)

iff(w′ |= af (ϕ′′, ν)

)∨

((w′ |= af (ϕ′, ν)

)∧

(w′ |= ϕ′ U ϕ′′

))(ind. hyp.)

iff w′ |=(af (ϕ′′, ν) ∨

(af (ϕ′, ν) ∧ ϕ′ U ϕ′′

))(semantics of LTL)

iff w′ |= af (ϕ′ U ϕ′′, ν) (def. of af )

Now we prove the property for every word w by induction on the length of w. If w = ε thenaf (ϕ,w) = ϕ, and so ww′ |= ϕ iff w′ |= ϕ iff w′ |= af (ϕ,w). If w = νw′′ for some ν ∈ 2Ap, then wehave

w′ |= af (ϕ,w)iff w′ |= af (ϕ, νw′′)iff w′ |= af (af (ϕ, ν),w′′) (def. of af )iff w′′w′ |= af (ϕ, ν) (ind. hyp.)iff νw′′w′ |= ϕ (15.11)iff ww′ |= ϕ

(b) If af (ϕ,w′) ≡ true then by (a) w′w′′ |= ϕ for every w′′, and so in particular w |= ϕ.For the other direction, assume w |= ϕ. The proof is by structural induction on ϕ. We only

consider two representative cases.

• ϕ = a. Since w |= ϕ we have w = νw′ for some word w′ and for some ν ∈ AP such that a ∈ ν.By the definition of af we have af (a, ν) ≡ true, and, since ν = w01, we get af (ϕ,w01) ≡ true.

547

• ϕ = ϕ1 U ϕ2. By the semantics of LTL there is k ∈ N such that wk |= ϕ2 and w` |= ϕ1 forevery 0 ≤ ` < k. By induction hypothesis there exists for every 0 ≤ ` < k an i ≥ ` suchthat af (ϕ1,wì) ≡P true and there exists an i ≥ k such that af (ϕ2,wki) ≡P true. Let j be themaximum of all those i. We prove af (ϕ1 U ϕ2,w0 j) ≡ true via induction on k.

– k = 0.

af (ϕ1 U ϕ2,w0 j)= af (ϕ2,w0 j) ∨ (af (ϕ1,w0 j) ∧ af (ϕ1 U ϕ2,w1 j)) (def. of af )≡P true ∨ (af (ϕ1,w0 j) ∧ af (ϕ1 U ϕ2,w1 j)) (af (ϕ2,wk j) ≡ true)≡ true

– k > 0.

af (ϕ1 U ϕ2,w0 j)= af (ϕ2,w0 j) ∨ (af (ϕ1,w0 j) ∧ af (ϕ1 U ϕ2,w1 j)) (def. of af )≡ af (ϕ2,w0 j) ∨ (true ∧ af (ϕ1 U ϕ2,w1 j)) (af (ϕ1,w0 j) ≡ true)≡ af (ϕ2,w0 j) ∨ (true ∧ true) (ind. hyp.)≡ true

(c) Straightforward structural induction on ϕ.

(d) Assign to each subformula ψ of ϕ a boolean variable bψ. Let Bϕ = bψ | ψ is a subformula of ϕ.Since ψ has length n, the set Bϕ contains at most n variables. By (c), we can assign to each formulaaf (ϕ,w) a boolean function fw over Bϕ. Clearly, if fw and fw′ are equal, then af (ϕ,w) ≡ af (ϕ,w′).The result now follows because there are 22n

boolean functions over n variables.

(e) The set of states are the equivalence classes of the formulasaf (ϕ,w) | w ∈

(2AP

)∗. By (d)

there are at most 22nstates. The only initial and final states are the equivalence class of ϕ and true,

respectively. The transition relation is given by [ψ1]ν−−→[ψ2] iff af (ψ1, ν) ≡ af (ψ2, ν).

Exercise 168 In this exercise we show that the reduction algorithm of Exercise ?? does not reducethe Buchi automata generated from LTL formulas, and show that a little modification to LTLtoNGAcan alleviate this problem.

Let ϕ be a formula of LTL(AP), and let Aϕ = LTLtoNGA(ϕ).

(1) Prove that the reduction algorithm of Exercise ?? does not reduce A, that is, show that A =

A/CSR.

(2) Let Bϕ be the result of modifying Aϕ as follows:

– Add a new state q0 and make it the unique initial state.

– For every initial state q of Aϕ, add a transition q0q∩AP−−−−−→ q to Bϕ (recall that q is an atom

of cl(ϕ), and so q ∩ AP is well defined).

548

– Replace every transition q1q1∩AP−−−−−−→ q2 of Aϕ by q1

q2∩AP−−−−−−→ q2.

Prove that Lω(Bϕ) = Lω(Aϕ).

(3) Construct the automaton Bϕ for the automaton of Figure 14.3.

(4) Apply the reduction algorithm of Exercise ?? to Bϕ.

Solution: (1) If the reduction algorithm merges two states q1 and q2, then Lω(q1) = Lω(q2). Sincethe automata for LTL formulas satisfy Lω(q1) ∩ Lω(q2) for every two distinct states, no mere takesplace.(2) Recall that for every computation σ = σ0σ1σ2 . . . the unique run of Aϕ on σ is

α0σ0−−−→α1

σ1−−−→α2

σ2−−−→ . . .

where α = α0α1α2 . . . is the unique satisfaction sequence for ϕ matching σ. By the definition ofBϕ, the unique run of Bϕ on σ is

q0σ0−−−→α0

σ1−−−→α1

σ2−−−→α2

σ3−−−→ . . .

(3) The automata Aϕ and Bϕ are:

p, q, p U q

p,¬q,¬(p U q)

¬p,¬q,¬(p U q)

p,¬q, p U q

¬p, q, p U q

q0 p, q, p U q

p,¬q,¬(p U q)

¬p,¬q,¬(p U q)

p,¬q, p U q

¬p, q, p U q

Notice, however, that the labels of Aϕ and Bϕ do not coincide. For instance, the transition fromp, q, p U q to ¬p, q, p U q is alabeled by p, q in Aϕ, but by q in Bϕ.(4) The relation CSR′ has three equivalence classes:

Q0 = q0, p,¬q, p U q Q1 = p, q, p U q, ¬p, q, p U q, ¬p,¬q,¬(p U q) Q2 = p,¬q,¬(p U q)

which leads to the following reduced NBA:

p

p

∅, q, p, q

∅

p, q, p, q

pq, p, q

549

Exercise 169 (Kupferman and Vardi) We prove that, in the worst case, the number of states of thesmallest deterministic Rabin automaton for an LTL formula may be double exponential in the sizeof the formula. Let Σ0 = a, b, Σ1 = a, b, #, and Σ = a, b, #, $. For every n ≥ 0 define theω-language Ln ⊆ Σω as follows (we identify an ω-regular expression with its language):

Ln =∑w∈Σn

0

Σ∗1 # w # Σ∗1 $ w #ω

Informally, an ω-word belongs to Ln iff

• it contains one single occurrence of $;

• the word to the left of $ is of the form w0 # w1 # · · · # wk for some k ≥ 1 and (possibly empty)words w0, . . . ,wk ∈ Σ∗0;

• the ω-word to the right of $ consists of a word w ∈ Σn0 followed by an infinite tail #ω, and

• w is equal to at least one of w0, . . . ,wn.

The exercise has two parts:

(1) Exhibit an infinite family ϕnn≥0 of formulas of LTL(Σ) such that ϕn has size O(n2) andLω(ϕn) = Ln (abusing language, we write Lω(ϕn) = Ln for: σ ∈ Lω(ϕn) iffσ = a1 a2 a3 · · ·

for some ω-word a1 a2 a3 . . . ∈ Ln).

(2) Show that the smallest DRA recognizing Ln has at least 22nstates.

The solution to the following two problems can be found in “The Blow-Up in Translating LTL toDeterministic Automata”, by Orna Kupferman and Adin Rosenberg:

• Consider a variant L′n of Ln in which each block of length n before the occurrence of $ isprefixed by a binary encoding of its position in the block. Show that L′n can be recognizedby a formula of length O(n log n) over a fixed-size alphabet, and that the smallest DRArecognizing it has at least 22n

states.

• Consider a variant L′′n of Ln in which each block of length n before the occurrence of $ isprefixed by a different letter. (So every language Ln has a different alphabet.) Show thatL′′n can be recognized by a formula of length O(n) over a linear size alphabet, and that thesmallest DRA recognizing it has at least 22n

states.

Solution: (1) We first define some auxiliary formulas.

(a) Sing := G(∨α∈Σ

α ∧∧α,β∈Σ

(¬α ∨ ¬β)).

This formula expresses that at every position exactly one proposition of Σ holds, i.e., theset of atomic propositions that hold is a singleton set. Therefore, for every computationsatisfying Sing and for every position n, we can speak of “the” letter of Σ at position n.

550

(b) One$ := ¬$ U ($ ∧G¬$).Together with (a), this formula expresses that $ occurs exactly once.

(c) Match(i) := # ∧i∧

j=1

((X ja ∧G($→ X ja)

)∨

((X ja ∧G($→ X ja)

))∧ X j+1#.

Together with (a) and (b), this formula expresses that the current letter and the next n + 1letters form a block # w # for some word w ∈ Σ∗0, and the word w also occurs immediatelyafter the only occurrence of $.

(d) For every i ≥ 0 we define the formula After$(i) inductively as follows:

– After$(0) := XG#

– After$(i + 1) := X((a ∨ b) ∧ After$(i)

)Together with (a), After$(n) expresses that the next n letters are a or b, and they are followedby an infinite tail of #.

We chooseϕn := Sing ∧ One$ ∧ Match(n) ∧ G

($→ After$(n)

).

Since the lengths of After $n and Matchn are O(n) and O(n2), respectively, the length of ϕn is O(n2).Clearly, we have Lω(ϕn) = Ln.

(2) Take an ω-word of the form # w1 # · · · # wk # $ w #ω, where all of w1, . . . ,wk are of length n. Theintuition is that, after reading the only occurrence of $, the DRA must have stored in its state the setw1, . . . ,wn, since otherwise after reading w it cannot decide whether it belongs to the set. Sincethere are 22n

sets of words over a, b of length n, the automaton also needs at least this number ofstates.

Formally, for every set S = w1, . . . ,wk of words of Σn0, where wi is lexicographically smaller

than w j for every i < j, let wS = # w1 # · · · # wk # $. Let A be a DRA recognizing Ln. Assume thereexist two different sets S ,T such that the state reached by A after reading wS and wT is the same,and assume w.l.o.g. that there is a word w ∈ S \ T . Then A accepts wT w #ω < Ln, and we havereached a contradiction. So for every set S the state reached after reading wS is different, and so Ahas at least 22n

states.

Exercise 170 Let A = (Q,Σ, δ, q0, F) be an automaton such that Q = P × [n] for some finite set Pand n ≥ 1. Automaton A models a system made of n processes. A state (p, i) ∈ Q represents thecurrent global state p of the system, and the last process i that was executed.

We define two predicates exec j and enab j over Q indicating whether process j is respectivelyexecuted and enabled. More formally, for every q = (p, i) ∈ Q and j ∈ [n], let

exec j(q) ⇐⇒ i = j,

enab j(q) ⇐⇒ (p, i) −→ (p′, j) for some p′ ∈ P.

551

1. Give LTL formulas over Qω for the following statements:

(a) All processes are executed infinitely often.

(b) If a process is enabled infinitely often, then it is executed infinitely often.

(c) If a process is eventually permanently enabled, then it is executed infinitely often.

2. The three above properties are known respectively as unconditional, strong and weak fair-ness. Show the following implications, and show that the reverse implications do not hold:

unconditional fairness =⇒ strong fairness =⇒ weak fairness.

Solution:

1. (a)∧

j∈[n] G F exec j

(b)∧

j∈[n]( G F enab j → G F exec j)

(c)∧

j∈[n]( F G enab j → G F exec j)

2. • Unconditional fairness implies strong fairness. For the sake of contradiction, supposeunconditional fairness holds for some execution σ, but not strong fairness. By assump-tion, there exists j ∈ [n] such that σ 6|= ( G F enab j → G F exec j). Thus,

σ 6|= ( G F enab j → G F exec j) ⇐⇒

σ |= ¬( G F enab j → G F exec j) ⇐⇒

σ |= ¬(¬G F enab j ∨ G F exec j) ⇐⇒

σ |= G F enab j ∧ ¬G F exec j =⇒

σ |= ¬G F exec j

which contradicts unconditional fairness.

• Strong fairness implies weak fairness. For the sake of contradiction, suppose strongfairness holds for some execution σ, but not weak fairness. By assumption, there existsj ∈ [n] such that σ 6|= ( F G enab j → G F exec j). Thus,

σ 6|= ( F G enab j → G F exec j) ⇐⇒

σ |= ¬( F G enab j → G F exec j) ⇐⇒

σ |= ¬(¬ F G enab j ∨ G F exec j) ⇐⇒

σ |= F G enab j ∧ ¬G F exec j =⇒

σ |= G F enab j ∧ ¬G F exec j ⇐⇒

σ |= ¬( G F enab j → G F exec j) ⇐⇒

σ 6|= G F enab j → G F exec j

which contradicts strong fairness.

552

• Strong fairness does not imply unconditional fairness. Execution (p, 1)(q, 2)ω of theautomaton below satisfies strong fairness, but not unconditional fairness.

p, 1 q, 2

p, 1

q, 2

q, 2

• Weak fairness does not imply strong fairness. Execution ((p, 1)(q, 1))ω of the automa-ton below satisfies weak fairness, but not strong fairness.

p, 1 q, 1

r, 2

p, 1

q, 1

r, 2


553

554

Exercise 171 Give an MSO(a, b) sentence for each the following ω-regular languages:

1. finitely many a’s: (a + b)∗bω

2. infinitely many b’s: ((a + b)∗b)ω

3. a’s at each even position: (a(a + b))ω

What regular languages would you obtain if your sentences were interpreted over finite words?

Solution:

1. ∃x ∀y ((x < y)→ Qb(y))

2. ∀x ∃y ((x < y) ∧ Qb(y))

3. ∃X : [∀x (x ∈ X ↔ (x = 0 ∨ ∃y (x = y + 2 ∧ y ∈ X)))] ∧ [∀x ((x ∈ X)→ Qa(x))] where

(x = 0) := ∀y ¬(y < x),

(x = y + 2) := ∃z [(y < z ∧ z < x) ∧ (∀z′ ((y < z′ ∧ z′ < x)→ (z′ = z)))],

(z′ = z) := ¬((z′ < z) ∨ (z < z′)).

Over finite words, we obtain:

1. (a + b)+

2. (a + b)∗b

3. (a(a + b))∗

Exercise 172 Let ϕ be a formula from Linear Arithmetic such that I |= ϕ iff I(x) ≥ I(y) ≥ 0. Givean NBA that accepts the solutions of ϕ (over R), without necessarily following the construction.

Solution:

555

= <

=

=

≤

[00

][00

],

[11

][01

]

[?

?

][00

],

[01

],

[10

],

[11

][?

?

][00

],

[11

][10

]

[01

]

[01

]

[00

],

[01

],

[10

],

[11

]

Exercise 173 Reconsider the previous exercise, but now with a strict inequality, i.e. I(x) > I(y) ≥ 0.

Solution:

556

x = y x = y − 1 x < y − 1

x = y x = y? x < y

[00

][00

],

[11

] [01

]

[?

?

]

[10

]

[00

],

[01

],

[11

]

[?

?

]

[00

],

[01

],

[10

],

[11

]

[?

?

][00

],

[11

] [01

]

[10

]

[01

],

[00

],

[11

]

[00

],

[01

],

[10

],

[11

]

Exercise 174 Linear Arithmetic cannot express the operations y = dxe (ceiling) and y = bxc(floor). Explain how they can be implemented with Buchi automata.

Solution: Let us consider the case of y = bxc. If the fractional part is not 1ω, then we can copythe integer part and set the fractional part to 0ω. However, theres exists a second representation ofthe resulting integer. For example 0110?010ω (6.25) becomes either 0110?0ω (6.0) or 0101?1ω

(5.9). If the fractional part is 1ω, then the number is already an integer. We produce its two versions,i.e. from msbf(x)?1ω, we produce msbf(x)?1ω itself or msbf(x + 1)?0ω. For example 0011?1ω

(3.9) becomes either 0011 ? 1ω (3.9) or 0100 ? 0ω (4.0). The resulting automaton is as follows:

557

[00

][00

],

[11

][?

?

]

[10

]

[01

]

[10

][00

][00

],

[10

]

[01

][?

?

][11

]

[10

][?

?

][10

][?

?

]

The reasoning is symmetric for negative numbers. For example, 101 ? 110ω represents −2.25and its floor can be represented by 101?000ω (−3.0) or 100?111ω (−4 + 0.9). Similarly, 110?1ω

represents −1 and its floor can be represented either by itself (−2 + 0.9) or by 111 ? 0ω (−1.0).

Exercise 175 Let c be an irrational number such as π, e or√

2. Show that no formula from Linear Arithmetic is such that I |= ϕ iff I(x) = c.

Solution: For the sake of contradiction, suppose that there exists some formula from LinearArithmetic such that I |= ϕ iff I(x) = c. There exists a Buchi automata A = (Q,Σ, δ,Q0, F) forϕ. Recall that a Buchi automaton always accept at least one periodic word. Since A only acceptsencodings of c, which is irrational, this is a contradiction.

More precisely, A accepts some word of the form wk−1 · · ·w0 ? x1 · · · xm(y1 · · · yn)ω for some

558

m ≥ 0 and k, n ≥ 1. Thus, c is rational as it can be expressed as a finite sum of rational numbers:

c =

k−1∑`=0

x` · 2` +

m∑j=1

x j

2 j +

∞∑i=0

12m+i·n ·

n∑j=1

y j

2 j

=

k−1∑`=0

x` · 2` +

m∑j=1

x j

2 j +

∞∑i=0

12m+i·n ·

y1 · 2n−1 + . . . + ym · 20

2m

=

k−1∑`=0

x` · 2` +

m∑j=1

x j

2 j +y1 · 2n−1 + . . . + ym · 20

22m ·

∞∑i=0

(12n

)i

=

k−1∑`=0

x` · 2` +

m∑j=1

x j

2 j +y1 · 2n−1 + . . . + ym · 20

22m ·1

1 − (1/2n)(geometric sum with r = 1/2n)

=

k−1∑`=0

x` · 2` +

m∑j=1

x j

2 j +y1 · 2n−1 + . . . + ym · 20

22m · (1 − (1/2n))︸︷︷︸,0 since n≥1

.

Exercise 176 Explain how to determine, algorithmically, whether a given formula from Linear Àrithmetic has finitely many solutions.

Solution: We first construct a Buchi automaton for the formula and intersect it with another Buchiautomaton that prunes solutions with trailing non significant bits. It remains to check whether theresulting automaton A = (Q,Σ, δ,Q0, F) accepts a finite language, which can be done by ?? 153.MB: Double check that it has

been solved.

Documents

Automata theory - TUM