Add to collection(s) Add to saved
  1. Math
  2. Advanced Math
  3. Logic

Orna Kupferman and Moshe Y. Vardi

advertisement 
2 \ 2 AFMC
Orna Kupferman1? and Moshe Y. Vardi2 ??
1
Hebrew University, School of Engineering and Computer Science, Jerusalem 91904, Israel
Email: orna@cs.huji.ac.il, URL: http://www.cs.huji.ac.il/ orna
2 Rice University, Department of Computer Science, Houston, TX 77251-1892, U.S.A.
Email:vardi@cs.rice.edu, URL: http://www.cs.rice.edu/ vardi
Abstract. The -calculus is an expressive specification language in which modal logic is extended with
fixpoint operators, subsuming many dynamic, temporal, and description logics. Formulas of -calculus
are classified according to their alternation depth, which is the maximal length of a chain of nested
alternating least and greatest fixpoint operators. Alternation depth is the major factor in the complexity
of -calculus model-checking algorithms. A refined classification of -calculus formulas distinguishes
between formulas in which the outermost fixpoint operator in the nested chain is a least fixpoint operator
( i formulas, where is the alternation depth) and formulas where it is a greatest fixpoint operator ( i
formulas). The alternation-free -calculus (AFMC) consists of -calculus formulas with no alternation
between least and greatest fixpoint operators. Thus, AFMC is a natural closure of 1 [ 1 , which is
contained in both 2 and 2 . In this work we show that 2 \ 2 AFMC. In other words, if we can
express a property both as a least fixpoint nested inside a greatest fixpoint and as a greatest fixpoint
nested inside a least fixpoint, then we can express also with no alternation between greatest and least
fixpoints. Our result refers to -calculus over arbitrary Kripke structures. A similar result, for directed
-calculus formulas interpreted over trees with a fixed finite branching degree, follows from results
by Arnold and Niwinski. Their proofs there cannot be easily extended to Kripke structures, and our
extension involves symmetric nondeterministic Büchi tree automata, and new constructions for them.
i
1 Introduction
The -calculus is an expressive specification language in which formulas are built from Boolean operators,
existential (3) and universal (2) next-time modalities, and least ( ) and greatest ( ) fixpoint operators
[Koz83]. The discovery and use of symbolic model-checking methods [McM93] for verification of large
systems has made the -calculus important also from a practical point of view: symbolic model-checking
tools proceed by computing fixpoint expressions over the model’s set of states. For example, to find the set
of states from which a state satisfying some predicate is reachable, the model checker starts with the set
of states in which holds, and repeatedly add to the set 3 of states that have a successor in . Formally,
the model checker calculates the set of states that satisfy the -calculus formula
_3 .
Formulas of -calculus are classified according to their alternation depth, which is the maximal length
of a chain of nested alternating least and greatest fixpoint operators. From a practical point of view, the
classification is important, as the alternation depth is the major factor in the complexity of -calculus
model-checking algorithms: the original algorithm for model checking a structure of size
with respect
to a formula of length and alternation depth requires time ( )d [EL86], and more sophisticated
d
algorithms can do the job in time roughly ( )b 2 +1 [Jur00]. From a theoretical point of view, the classification naturally raises questions about the expressive power of the classes. In particular, the question
whether the expressiveness hierarchy for the -calculus collapses (i.e., whether there is some 1 such
p
S
n
d
O mn
p
S
y:p
O mn
S
S
y
m
d
? Supported in part by by NSF grant CCR-9988172 and by a research grant from the Center for Pure and Applied
??
Mathematics at the University of California, Berkeley
Supported in part by NSF grants CCR-9988322, CCR-0124077, IIS-9908435, IIS-9978135, and EIA-0086264, by
BSF grant 9800096, and by a grant from the Intel Corporation.
d
that all -calculus formulas can be translated to formulas of alternation depth ) has been answered to
the negative [Bra98]. The alternation-depth hierarchy of -calculus and the model-checking problem for
the various classes in the hierarchy are strongly related to the index hierarchy in parity games and to the
problem of deciding such games [Jur00].
A more refined classification of -calculus formulas distinguishes between formulas in which the outermost fixpoint operator in the nested chain is a least fixpoint operator ( i formulas, where is the alternation depth) and formulas where it is a greatest fixpoint operator ( i formulas). For example, the formula
_ 3 is a 1 formula, as it has alternating depth 1 and its outermost fixpoint operator is . Similarly,
the formula
2[( ^ ) _ ℄ is a 2 formula3. By duality of the least and greatest fixpoint operators,
the classes i and i are complementary, in the sense that a formula is in i iff the formula : (in
positive normal form, where negation is applied to atomic propositions only) is in i .
Some fragments of -calculus are of special interest in computer science: Modal Logic (ML) consists
of -calculus formulas with no fixpoint operators (that is, ML = 0 [ 0 ). It is actually more correct to say
that -calculus is the extension of ML with fixpoint operators. Extending ML with fixpoint operators still
retain some of its basic semantic properties, in particular the property of being invariant under bisimulation
[Ben91]. The alternation-free -calculus (AFMC) consists of -calculus formulas with no alternation between least and greatest fixpoint operators. Thus, AFMC is a natural closure of 1 [ 1 , which is contained
in both 2 and 2 . AFMC subsumes the branching temporal logic CTL and the dynamic logic PDL [FL79].
Formulas of AFMC can be symbolically evaluated in time linear in the structure [CS91,KVW00]. While
designers may prefer to use higher-level logics to specify properties, model-checking tools often proceed
by evaluating the corresponding AFMC formulas [BRS99]. Finally, it is hard to produce an understandable
formula with more than one alternation. Thus, 2 [ 2 subsumes almost all formulas one may wish to
specify in practice. Formally, 2 [ 2 subsumes the branching temporal logic CTL? , and in fact, until
[Bra98], the strictness of the expressiveness hierarchy of -calculus was known only for i and i with
2 [AN90]. Also, the symbolic evaluation of linear properties is reduced to calculating a 2 formula
[VW86,EL85].
For several hierarchies in computer science, even strict ones, it is possible to show local coalescence,
where membership in some class of the hierarchy and in its complementary class implies membership
in a lower class. For example, RE \ co-RE = Rec describes coalescence at the bottom of the arithmetical
hierarchy [Rog67]. On the other hand, the analogous coalescence for the polynomial hierarchy is not known;
it is a major open question whether NP \ co-NP = P [GJ79]. In [KV01], we showed that the bottom levels
of the -calculus expressiveness hierarchy coalesce: 1 \ 1 . In other words, if we can express a
property both as a least fixpoint and as a greatest fixpoint, then we can express without fixpoints. The
proof uses the fact that -calculus formulas in 1 \ 1 correspond to languages that are both safety and
co-safety. Consequently, for every property 2 1 \ 1 , we can construct two nondeterministic looping
tree automata U and U 0 such that U and U 0 accept exactly all the trees that satisfy and its complement,
respectively (the fact that U and U 0 are looping means that they have trivial acceptance conditions – every
infinite run is accepting). We showed in [KV01] how U and U 0 can be combined to a cycle-free automaton
and then translate to an ML formula expressing .
In this paper we show coalescence in higher classes of the hierarchy, namely 2 \ 2 AFMC.4 In
other words, if we can specify a property both as a least fixpoint nested inside a greatest fixpoint and as
a greatest fixpoint nested inside a least fixpoint, then we can express also with no alternation between
greatest and least fixpoints. Unfortunately, the technique of [KV01] is too weak to be helpful here. Indeed,
formulas in 2 cannot be expressed by looping automata. As we explain below, the known automatatheoretic characterizations of 2 and 2 , and their relation to AFMC, cannot help us either.
y:p
y
y:z: p y z
i
ML
3
4
i
An exact definition of the classes i and i refers to the scope of the fixpoint operators. As we discuss in Section 4,
several different definitions are studied in the literature, and we follow here the definition of [Niw86].
The analogous complexity-theoretic result would be 2p \ 2p = PNP , where 2p and 2p form the second level of
the polynomial hierarchy and PNP is the polynomial closure of NP [GJ79].
d
One such known characterization [Niw86,AN92] refers to the expressive power of the -calculus over
trees with fixed finite branching degrees. Over such trees, the existential next-time modality of the calculus can be parameterized with directions. A modality parameterized with direction means that the
corresponding existential requirement should be satisfied in the -th child of the current state. For example,
for a binary tree in which each node has a left child and a right child, the formula 3l means that the left
_ 3r means that some node in the rightmost path of
child of the root satisfies , and the formula
the tree satisfies . The ability of directed -calculus to distinguish between the various children of a node
makes it convenient to translate formulas to tree automata and vice versa. In particular, it is known that
directed- 2 is as expressive as nondeterministic Büchi tree automata [AN90,Kai95]. Our interest in this
paper is in the expressive power of the -calculus over arbitrary Kripke structures, possibly with an infinite
branching degree, which means that we cannot restrict attention to trees of fixed branching degrees.
An automata-theoretic framework for -calculus without directions is suggested in [JW95], by means of
-automata, which are essentially symmetric alternating tree automata in a certain normal form. A related
approach, in which alternation is more explicit, is presented in [Wil99]. Alternation allows the automaton
to send several requirements to the same child. Symmetry means that the automaton does not distinguish
between the different children of a node, and it sends copies to child nodes only in either a universal or
an existential manner. It also means that the automaton can handle trees with a variable and even infinite
branching degree. Formulas of -calculus in i and i can be linearly translated to symmetric alternating
parity/co-parity automata of index . While it is possible to translate -calculus formulas to symmetric
alternating automata, it is not immediately clear how such a translation can help in a translating of 2 \ 2
into the AFMC. By [AN92,KV99], formulas that are members of both directed- 2 and directed- 2 can
be translated to directed-AFMC. The proofs in [AN92,KV99] shows that given a formula 2 2 \ 2 ,
we can construct two nondeterministic Büchi tree automata U and U 0 , for and : , and then combine
the automata to a weak alternating automaton equivalent to . The combination of U and U 0 , however,
crucially depends on the fact that the automata are nondeterministic (rather than alternating) and the fact
that the automata can refer to particular directions in the tree.
The key to the results in [KV01] and here is a development of a theory of symmetric nondeterministic
tree automata. In [KV01], we defined symmetric nondeterministic looping automata, and showed how to
construct such automata for formulas in 1 . In order to handle 2 and 2 , we define here symmetric nondeterministic Büchi automata, and translate 2 formulas to such automata. From a technical point of view,
symmetric nondeterministic tree automata are essentially symmetric alternating automata with transitions in
disjunctive normal form. Our main contribution is the development of various constructions for symmetric
nondeterministic tree automata and their application to the study of the expressive power of the -calculus.
Since removal of alternation in Büchi automata should take into an account the acceptance condition of the
automaton and keep track of the states visited in each path of the run tree, the symmetry of the automaton
poses real technical challenges. We then extend the construction in [KV99] to symmetric automata and
combine the symmetric nondeterministic Büchi tree automata for and : to a symmetric weak alternating automaton for . Again, symmetry poses real technical challenges. (In fact, while the construction in
[KV99] for the directed case is quadratic, here we end up with quadratically many states but exponentially
many transitions.) Once we have a weak symmetric alternating automaton for , it is possible to generate
from it an equivalent AFMC formula [KV98].
d
p
p
y:p
p
y
i
2 Preliminaries
D
d D
x T
D
x T
x d
x
T D
xd T
"
x D
T
D
For a set IN of directions, a -tree is a nonempty set , where for every 2 with 2 and 2 , we have 2 . The elements of are called nodes, and the empty word is the root of .
For every 2 , the nodes , for 2 , are the children of . A node with no children is a leaf .
The degree of a node is the number of children has. Note that the degree of is bounded by j j. For
T
d D
x
x
x
D
T
x
x x
z D
x x
E T
E ; ; ;
E
E E
x E
E <E
x E
E <E
E E E E
D
T; V
T
V
A E A
E
D; D
D
D
D
technical convenience, we assume that the set is finite5 . A -tree is leafless if it has no leafs. Note that
a leafless tree is infinite. A path of a tree is a set such that 2 and for every 2 , either
is a leaf or exactly one child of is in . For two nodes 1 and 2 of , we say that 1 2 iff 1 is a
prefix of 2 ; i.e., there exists 2 such that 2 = 1 . We say that 1
2 iff 1 2 and 1 6= 2 .
A frontier of a leafless tree is a set of nodes such that for every path , we have j \ j = 1.
For example, the set = f0 100 101 11g is a frontier of the f0 1g-tree f0 1g. For two frontiers 1 and
2 , we say that
1 2 iff for every node 2 2
2 , there exists a node 1 2
1 such that 1 2 . We
say that 1
2 iff for every node 2 2
2 , there exists a node 1 2
1 such that 1
2 . Note that
while 1
2 implies that
1 2 and
1 6=
2 , the other direction does not necessarily hold. Given
an alphabet , a -labeled -tree is a pair h
i where is a -tree and : ! maps each node
of to a letter in . We extend to paths in a straightforward way. For a -labeled -tree h
i and a
set , we say that is an -frontier iff is a frontier and for every node 2 , we have ( ) 2 .
We denote by trees (
) the set of all -labeled -trees, and denote by trees ( ) the set of all -labeled
-trees, for some . For a set T trees ( ), we denote by omp (T ) the set of -labeled trees that are
not in T ; thus omp (T ) = trees ( ) n T .
z
T
x
T
" x T
x x x
x <x x x x x
T
E
;
;
E
x E
x x
x E
x <x
D
V T D
T; V
x E
Vx A
x
Automata on infinite trees (tree automata, for short) run on leafless -labeled trees. Alternating tree
automata generalize nondeterministic tree automata and were first introduced in [MS87]. Symmetric alternating tree automata [JW95,Wil99] are capable of reading trees with variable branching degrees. When
a symmetric automaton reads a node of the input tree it sends copies to all successors of that node or to
some successor. Formally, for a given set , let B + ( ) be the set of positive Boolean formulas over .
For a set
and a formula 2 B+( ), we say that satisfies iff assigning true to elements
in and assigning false to elements in n satisfies . A symmetric alterating Büchi tree automaton
i where is the input alphabet, is a finite
(symmetric ABT, for short) is a tuple A = h
0
set of states, :
! B+(f2 3g ) is a transition function, 0 2 is an initial state, and
is a Büchi acceptance condition. Intuitively, an atom h2 i in ( ) denotes a universal requirement to send a copy of the automaton in state to all the children of the current node. An atom h3 i
denotes an existential requirement to send a copy of the automaton in state to some child of the current
node. When, for instance, the automaton is in state , reads a node with children 1
, and
(
( )) = (2 1 ) ^ (3 2 ) _ (3 3 ) ^ (3 4 ), it can either send
copies in state 1 to the nodes
1
and send a copy in state 2 to some node in 1
or send one copy in state 3 to
and send one copy in state 4 to some node in 1
. So, while nonsome node in 1
deterministic tree automata send exactly one copy to each child, symmetric alternating automata can send
several copies to the same child. On the other hand, symmetric alternating automata cannot distinguish between the different successors and can send copies to child nodes only in either a universal or an existential
i, for some set of directions, is an
manner. Formally, a run of A on an input -labeled -tree h
( )-labeled IN-tree h r i such that 2 r and ( ) = (
2 r with ( ) = ( )
0 ), and for all
and (
( )) = , there is a (possibly empty) set
f2 3g , such that satisfies , and for all
(
) 2 , the following hold: (1) If
= 2, then for each
2 , there is 2 IN such that 2 r
and ( ) = ( ). (2) If
= 3, then for some
2 , there is 2 IN such that 2 r and
( ) = ( ). Note that if = true, then need not have children. This is the reason why r may
have leaves. Also, since there exists no set as required for = false, we cannot have a run that takes a
( ) to be the set of
transition with = false. For a run h r i and an infinite path r , we define
states that are visited infinitely often in , thus 2
( ) if and only if there are infinitely many
2
for which ( ) 2 f g. A run h r i is accepting if all its infinite paths satisfy the Büchi acceptance
condition; thus
( )\
6= ;. A tree h i is accepted by A iff there exists an accepting run of A on
Y
F Q
Y
X
Æ Q Æ q; V x
;q
;q
x ; : : :; x k
x ; : : :; x k
X
X
X
X
Y
X Y
; Q; Æ; q ; F
Q
;
Q
q Q
; q Æ q; q
;q
q
q
x k
x ; : : :; x k
;q
;q
k
q
q
x ; : : :; x k
q
q
x ; : : :; x k
D
T; V
D
D Q
T ;r
" T r " "; q
y T
r y x; q
Æ q; V x S
;
Q
S
; s S
d D
j
y j T
r y j x d; s
d D
j
y j T
r y j x d; s
y
T
S
T ;r
T
inf q inf y ry T q
T ;r
inf F
T; V
5
As we detail in the proof of Theorem 6, due to the bounded-tree-model property for -calculus, this technical assumption does not prevent us from proving our main result also for general structures with an infinite branching
degree.
hT; V i, in which case hT; V i belongs to L(A). A tree hT; V i is accepted by U iff there exists an accepting
run of A on hT; V i, in which case hT; V i belongs to the language, L(A), of A.
The transition function of an ABT A induces a graph GA = hQ; E i where E (q; q 0 ) if there is 2 such that (2; q 0 ) or (3; q 0 ) appears in Æ (q; ). An ABT is a weak alternating tree automaton (AWT, for
short) if for each strongly connected component C Q of GA , either C F or C \ F = ; [MSS86].
Note that every infinite path of a run of an AWT ultimately gets “trapped” within some strongly connected
component of A . The path then satisfies the acceptance condition if and only if .
The symmetry condition can also be applied to nondeterministic tree automata. In a symmetric noni, the state space is
deterministic Büchi tree automaton (symmetric NBT, for short) U = h
0
= 2S for some set of micro-states, and the transition function :
! 22S 2S maps a state and a
letter to sets of pairs h
i of subsets of . The set is the universal set and it describes the microstates that should be members in all the child states. The set is the existential set and it describes
micro-states each of which has to be a member in at least one child state. Formally, given 1, a -tuple
h1
) if there is h
i in ( ) such that for all 1 we have i ,
k i is induced by (
and for all 2
there is 1 such that 2 i . Intuitively, when the automaton reads a node
labeled that has children, and it proceeds from the state , it has to take two choices. First, the automaton
i 2 ( ). Then, it chooses a way to deliver among the children. Thus, we can
chooses a pair h
).
describe the two choices of the automaton by a pair h h 1
zi 2 (
k ii, where h
1ik
Note that z may be empty. We denote by k (
) the set of such pairs. A run of U on an input tree
h i is a -labeled tree h i, such that ( ) = 0 , and for every 2 with ( ) = , there exists
h1
( )) such that for all 1 , we have ( ) = i . Note that each node of the
ki 2 k(
i is accepting if all its paths satisfy
input tree corresponds to exactly one node in the run tree. A run h
the Büchi acceptance condition. Thus, for all paths , we have
( )\
= ;, where
2 ( ) if
and only if there are infinitely many 2 for which ( ) = . Equivalently, h
i is accepting iff h i
contains infinitely many -frontiers 0
. For a state 2 , let U q be U with initial state .
1
We say that a symmetric NBT is monotonic if for every two states and such that , we have that
L( U p ) L( U q ), and 2 implies 2 . In other words, the smaller the state is, the easier it is to accept
from it. Note that symmetric nondeterministic tree automata are essentially symmetric alternating automata
with transitions in disjunctive normal form (DNF); if we write the transition functions in DNF, then each
i.
disjunct is a conjunction of universal and existential requirements, corresponding to a pair h
C G
Q
S
U; E
S ;:::;S
Æ q; s E
i k
k
U; E Æ q; E
T; V
Q
T; r
q ; : : :; q Æ q; V x
x
G
q
F
p F
C F
; Q; Æ; q ; F
Æ Q S
U S
E S
k
k
U; E Æ q; i k
U S
s S
x
q
E
k
E Æ q; U; E ; : : : ; E
U; S
Æ q; r" q
x T
rx q
i k
rx i q
T; r
inf F
q inf rx q
T; r
T; r
< G < :::
q Q
q
q p
q p
F
U; E
3 From symmetric NBT and co-NBT to symmetric AWT
; ; Q; q ; M; F
; ; Q ; q ; M ; F
F
G < G < :::
G < G < :::
T; r
T; r
T; V
E T
E <E
T; r
E E
Q Q
T; V
T; r
F
m
E
T; V
m
i and U 0 = h D 0 00 0 0 i be two NBT, and let j j j 0 j = . In
Let U = h D
0
[Rab70], Rabin studies the joint behavior of a run of U with a run of U 0 . Recall that an accepting run of U
contains infinitely many -frontiers 0
, and an accepting run of U 0 contains infinitely many
1
0 -frontiers 00
01
. It follows that for every labeled tree h
i 2 L( U ) \ L( U 0 ) and accepting
0
0
runs h
i and h i of U and U on h i, the joint behavior of h i and h 0 i contains infinitely
i reaches an -frontier and h 0 i reaches an
many frontiers i , with i
i+1 , such that h
0 -frontier between i and i+1 . Rabin shows that the existence of such frontiers, in the joint behavior
of some runs of U and U 0 , is sufficient to imply that the intersection L( U ) \ L( U 0 ) is not empty. We now
extend Rabin’s result to symmetric automata.
Assume that U and U 0 above are symmetric NBT. We say that a sequence 0
m of frontiers
of is a trap for U and U 0 iff 0 = f g and there exists a tree h
i and (not necessarily accepting)
i and h 0 i of U and U 0 on h i, such that for every 0 1, we have that h
i
runs h
0 i contains an 0 -frontier 0i such that
contains an -frontier i such that i i
i+1 , and h
0
i and h 0 i witness the trap for U and U 0 .
i i
i+1 . We say that h
F
F
T
E
T; r
T; r
F
G
G <E
"
T; V
E G <E
T; r
T; r
T; r
T; r
T; r
E ;:::;E
i m
Theorem 1. Consider two symmetric nondeterministic Büchi tree automata
for U and U 0 , then L( U ) \ L( U 0 ) is not empty.
F
G
T; r
U and U 0 . If there exists a trap
q Q
Proof. The proof follows the same line of reasoning as in [Rab70]. For a state 2 , let U q be U with
q0
initial state , and similarly for 0 2 0 and U 0 . We define a sequence of relations over 0 . Let
0 . Then, h 0 i 2 i+1 iff h 0 i 2 i and there
is a nonempty -labeled -tree h
i,
0 =
q0
0
q
0
i and h i of U and U on h i, such that there is an -frontier
a frontier , and runs h
and an 0 -frontier 0
, such that for all 2 , we have h ( ) 0 ( )i 2 i . It is easy to
see that 0 1 2 . Also, if i = i+1 , then i = i+k for all 0. In particular, since
j j j 0 j = , it must be that m = m+k for all 0. As in [Rab70], it can now be shown that
L( U ) \ L( U 0 ) 6= ; iff m ( 0 00 ), and the result follows.
q
q Q
H Q Q
q; q H
q; q H
E T
T; r
T; r
G<E
F
G <E
x E
H H H :::
H H
H
Q Q m
H H
k
H q ;q
T; V
r x ;r x
H
k
Q Q
D
T; V
F
H
Theorem 1 is the key to the construction described in Theorem 2 below.
Theorem 2. Let U and U 0 be two symmetric monotonic NBT with L( U 0 )
symmetric AWT A such that L(A) = L( U ).
omp (L( U )). There exists a
; Q; q ; M; F
; Q ; q0 ; M 0; F 0i, and let jQj jQ0j = m. Also, let S and S 0
Q = 2S and Q0 = 2S . We define the symmetric AWT
; P; p ; Æ; P = Q Q0 f0; : : :; 2m 1g and p = hq ; q0 ; 0i. Intuitively, a copy of A that visits the state
hq; q0 ; ii as it reads the node x of the input tree corresponds to runs r and r0 of U and U 0 that visit
the states q and q 0 , respectively, as they read the node x of the input tree. Let = y ; y ; : : :; yjxj be
the path from " to x. Consider the joint behavior of r and r0 on . We can represent this behavior by a
sequence = ht ; t0 i; ht ; t0 i; : : : ; htjxj ; t0jxj i of pairs in Q Q0 where tj = r(yj ) and t0j = r0 (yj ).
We say that a pair ht; t0 i 2 Q Q0 is an F -pair iff t 2 F and is an F 0 -pair iff t0 2 F 0 . We can partition
the sequence to blocks ; ; : : :; i such that we close block b and open block b whenever we
reach the first F 0 -pair that is preceded by an F -pair in b . In other words, whenever we open a block,
we first look for an F -pair, ignoring F 0 -pairness. Once an F -pair is detected, we look for an F 0 -pair,
ignoring F -pairness. Once an F 0 -pair is detected, we close the current block and we open a new block.
Note that a block may contain a single pair that is both an F -pair and an F 0 -pair. The third element of a
state keeps track of the visits to blocks. When we visit hq; q 0 ; ii, the index of the last block in is b i ,
and this block already contains an F -pair iff i is odd. We refer to i as the status of the state hq; q; ii. For
a status i 2 f0; : : :; 2m 1g, let Pi = Q Q fig be the set of states with status i.
In order to define the transition function Æ , we first define a function next : P ! f0; : : :; 2m 1g that
updates the status of states. For that, we first define the function next 0 : P ! f0; : : :; 2mg as follows.
2 i If (i is even and q 62 F ) or (i is odd and q0 62 F 0)
next 0 (hq; q 0 ; ii) = 4 i + 1 If (i is even and q 2 F and q 0 62 F 0 ) or (i is odd and q 0 2 F 0 )
i + 2 If i is even and q 2 F and q0 2 F 0.
Now, next (hq; q 0 ; ii) = minfnext 0 (hq; q 0 ; ii); 2m 1g.
Intuitively, next updates the status of states by recording and tracking of blocks. Recall that the status i
indicates in which block we are and whether an F -pair in the current block has already been detected.
The conditions for not changing i or for increasing it to i +1 and i +2 follow directly from the definition
of the status. For example, the new status stays i if the current i is even and hq; q 0 i is not an F -block,
or if i is odd and hq; q 0 i is not an F 0 -block. When i reaches or exceeds 2m 1, we no longer increase
it, even if q 0 2 F 0 .
The automaton A proceeds as follows. Essentially, for every run hT; r0 i of U 0 , the automaton A guesses
a run hT; ri of U such that for every path of T , the run hT; ri visits F along at least as many times
as hT; r0 i visits F 0 along . Thus, when we record blocks along , we do not want to get stuck in an
even status. Since L( U ) \L( U 0 ) = ;, then, by Theorem 1, no run hT; ri can witness with hT; r0 i a trap
for U and U 0 . Consequently, recording of visits to F and F 0 along can be completed once A detects
that contains m blocks as above.
i and U 0 = h 0
Proof. Let U = h
0
0
be the micro-states of U and U , respectively, thus
A=h
i as follows.
0
–
=
0
0
0
0
0
0
0
0
1
1
1
0
1
+1
2
–
Q
Q
E S
E
E S E
i j n
E
E
E S
E E
s s E
E; E s
E s ;s
s ;s
s ; s
E; s ; s ;s
E; s ; s ; s
p q; q ; i
P
M q; U ;E
U ;E ;:::; U ;E
i< m
q F
E ; : : :; E
E E
E
E S
s s
E E
E
s ;s ;s
s ;s ; s
s ;s ; s
;:::; U ;E
M q ;
Recall that = 2S and 0 = 2S . For a set , a partition of is a set f 1
l g with i such that = 1il i , and for all 1 6= , we have i \ j = ;. Let par ( ) be the set
of partitions of . Consider a set 0 0 and a partition 0 2 par ( 0 ). For a set
, we say
that a partition of [ 0 agrees with 0 if for all 01 and 02 in 0 , we have that 01 and 02 are in the
0 ) be the set of partitions of [ 0 that
same set in iff they are in the same set in 0 . Let agree (
0
0
= f 2 3 g, then the two possible partitions of 0 are
agree with . For example, if = f 1 g and
01 = ff 2 3 gg and 20 = ff 2g f 3gg. Then, agree ( 10 ) contains the two partitions ff 1 2 3 gg
0
and ff 1 g f 2 3 gg, and agree (
2 g f 3 gg, ff 1
3 g f 2 gg,
2 ) contains the three partitions ff 1
and ff 1 g f 2 g f 3 gg.
) = fh 1
h n n ig and 0( 0 ) =
Now, let = h 0 i be a state in such that (
1i
0
0
0
0
fh 1 1 i h n0 n0 ig. We distinguish between two cases.
If 2 1 or 62 , then
0
^
Æ(p; ) =
1
j n 2par (E
0
0
_
^
0
0
0
j0
)
1
jn 2agree(E ; )
j; j 0 ; ; l) = 2hUj ; Uj0 ; li ^
go (
_
0
^
X 2
j
j
E
E
1
go (j; j 0 ; ; next (p))A ; where
0
3hUj [ (X \ Ej ); Uj0 [ (X \ Ej0 ); li:
0
n
0
That is, for every choice of U 0 for a 1 0 0 and for the way the existential requirements
in j0 0 are partitioned, there is a choice of U for a 1 and for the way the existential
requirements in j are partitioned and combined with these in j0 0 to a partition of j [ j0 0 , such
that the universal requirements in j and j00 are sent to all directions, and existential requirements
that are in the same set in the joint partition of j [ j0 0 are sent to the same direction. Note that
the sets j and j00 are sent along with the existential requirements. This guarantees that the states
that are sent in the existential mode correspond to the states that U and U 0 visit, and not to subsets
of such states.
If = 2 01 and 2 , then ( 0 ) = true.
0 ) is exponential
Note that par ( ) is exponential in j j, and the number of possible 2 agree (
0
0
and
.
in [ . Thus, the size of is exponential in the sizes of
=
0 f : is oddg. Thus, makes sure that infinite paths of the run visits infinitely many
–
states in which the status is odd, thus states in which we are in the second phase of blocks. moshe2:
E
E
U
U
U
U
i m
q F
E
E E
Æ
Q Q i i
j
n
E
E E
E E
Æ p; E
M
i
M
m
E; The automaton A is indeed an AWT. Each status 1 2
1 induces a strongly connected
component in the partition of the state space into sets. Clearly, each set i is either contained in or is
disjoint from . Note that, by the definition of , a run is accepting iff no path of it gets trapped in a set of
the form i , for an even , namely a set in which A is waiting for a visit of U in a state in . The number
of states of A is ( 2 ). We prove that L( U ) = L(A). We first prove that L( U ) L(A). Consider a
-tree h
i. With every run h i of U on h i we can associate a run h R i of A on h i.
Intuitively, the run h
i directs h R i in the nondeterminism in (that is, the choices of 1 and
2 agree ( j 0 )). Formally, recall that a run of A on a -tree h i is a ( )-labeled tree h R i,
where a node 2 R with ( ) = h
i corresponds to a copy of A that reads the node 2 and visits
the state . We define h R i as follows.
P
P
i
F
Om
D
T; V
T; r
T; V
T ;R
T; V
T; r
T ;R
Æ
j n
E ;
D T; V
T P
T ;R
y T
R y x; p
x T
p
T ;R
– " 2 TR and R(") = ("; hq ; q 0 ; 0i).
– Consider a node y 2 TR with R(y ) = (x; hq; q 0 ; ii). By the definition of hTR ; Ri so far, we have
r(x) = t for q t. Consider first the case that t = q. Let fx 1; : : :; x kg be the children of x in T , and
let hU; hE ; : : :; Ek ii 2 Mk (q; V (x)) describe the choice U makes when it proceeds from the node x.
Thus, for each 1 z k , we have r(x z ) = U [ Ez . Let j = next (hq; q 0 ; ii). Consider the set
[
Y=
f(1; hU; U 0; j i); (1; hU [E ; U 0 [E 0 ; j i); : : : (k; hU; U 0 ; j i); (k; hU [Ek ; U 0 [Ek0 ; j i)g:
0
0
1
1
hU 0 ;hE 0 ;:::;E 0 ii2
1
k
Mk0 (q0 ;V (x))
1
Æ
Y
Æ q; q0 ; ii; V (x)) 6. Let l = jMk0 (q0 ; V (x))j, and let hU 0w ; E 0w ; : : : E 0wk i,
w l
w
M q0; V (x)). For all 1 w l and 1 z k, we0whave
fy (2k(w 1)+ z 1); y (2k(w 1)+ z )g TRw, withwR(y (2k(w 1)+ z 1)) = (x z; hU; U ; j i)
and R(y (2k (w 1) + z )) = (x z; hU [ Ez ; U 0 [ E 0 z ; j i). Note that the invariant that for all y 2 TR
with R(y ) = (x; hq; q 0 ; ii), we have r(x) = t for q t, is maintained. If fact, we know that all the
nodes y 2 TR that correspond to copies of A that satisfy an existential requirement have q = t, and
node y 2 TR that correspond to copies of A that satisfy a universal requirement have q = t iff the run
r sends no existential requirement to the corresponding direction.
Consider now the case where q t. Since U is monotonic, there is an accepting run hT x ; rqx i of U q on the
subtree of T with root x. We can proceed exactly as above, with hT x ; rqx i instead of hT; ri.
Consider a tree hT; V i 2 L( U ). Let hT; ri be an accepting run of U on hT; V i, and let hTR ; Ri be
the run of A on hT; V i induced by hT; ri (and the “subtree runs”, like hT x ; rqx i above). It can be shown
that hTR ; Ri is a legal accepting run. Indeed, since hT; ri and the subtree runs contains infinitely many F frontiers, and since (by the definition of monotonic automaton) we do not lose visits to F when we switch
to subset runs), no infinite paths of hTR ; Ri can get trapped in a set Pi for an even i.
By the definition of , the set satisfies (h
for 1 , be the -th pair in k0 (
1
It is left to prove that L(A) L( U ). For that, we prove that L(A) \ L( U 0 ) = ;. Since L( U ) =
omp (L( U 0 )), it follows that every tree that is accepted by A is also accepted by U . Consider a tree
h i. With each run h R i of A on h i and run h 0 i of U 0 on h i, we associate a run h i
of U on h
i. Intuitively, h i makes the choices that h R i has made in its copies that correspond to
0 i. Formally, we define h i as follows.
the run h
T; V
–
–
T ;R
T; V
T; r
T; V
T; r
T; V
T; r
T ;R
T; r
T; r
r(") = q .
Consider a node x 2 T with r(x) = q . Let fx 1; : : : ; x k g be the children of x in T , and let r0 (x) = q 0 .
The run hT; r0 i selects a pair hU 0 ; hE 0 ; : : : ; Ek0 ii 2 Mk0 (q 0 ; V (x)) that U 0 proceeds with when it reads
the node x. Formally, for all 1 z k , we have r0 (xz ) = U 0 [Ez0 .7 By the definition of r(x) so far, the
run hTR ; Ri contains a node y 2 TR with R(y ) = hx; hq; q 0 ; iii for some status i. If Æ (hq; q 0 ; ii; V (x)) =
true, we define the reminder of hT; ri arbitrarily. Otherwise, let 1 j 0 n0 and 0 2 par (Ej0 ) be
such that hU 0 ; hE 0 ; : : : ; Ek0 ii corresponds to j 0 and 0 . By the definition of Æ , there are 1 j n
and 2 agree (Ej ; 0 ) such that go (j; j 0 ; ; next (hq; q 0 ; ii) is satisfied and R proceeds according to j
and . Thus, if fEj ; : : :; Ejk g is the partition of Ej that corresponds to , then TR contains at least k
nodes y z , for 1 z k , such that R(y z ) = hx z; hUj [ Ejz ; U 0 [ Ez0 ; next (hq; q 0 ; ii)ii. For all
1 z k , we define r (x z ) = Uj [ Ejz . Note that the invariant about the runs hT; r i and hTR ; Ri is
maintained. Note also that if Ejz [ Ez0 = ;, then the existence of a node y z as above is guaranteed
from universal part of Æ , and if Ejz [ Ez0 6= ;, its existence is guaranteed from the existential part (in
0
1
0
1
1
which case it is crucial that we sent the universal requirements along with the existential ones).
We can now prove that L(A) \ L( U 0 ) = ;. Assume, by way of contradiction, that there exists a tree
hT; V i such that hT; V i is accepted by both A and U 0 . Let hTR ; Ri and hT; r0 i be the accepting runs of A
and U 0 on hT; V i, respectively, and let hT; ri be the run of U on hT; V i induced by hTR ; Ri and hT; r0 i.
We claim that then, hT; ri and hT; r0 i witness a trap for U and U 0 . Since, however, L( U ) \ L(U 0 ) = ;,
it follows from Theorem 1, that no such trap exists, and we reach a contradiction. To see that hT; ri and
hT; r0 i indeed witness a trap, define E = f"g, and define, for 0 i m 1, the set Ei to contain
exactly all nodes x for which there exists y 2 TR such that either R(y ) = hx; h(r(x); r0 (x); 2i + 1ii and
r0 (x) 2 F 0 or R(y) = hx; h(r(x); r0 (x); 2iii and r(x) 2 F and r0 (x) 2 F 0. That is, for every path of
Note that Æ ( q; q 0 ; i ; V (x)) is a formula in + ( 2; 3
P ), whereas Y 1; : : : ; k P , but the extension of
the satisfaction relation to this setting is straightforward: an atom (3; p) is satisfied in Y if there is 1 z k with
(z; p)
Y , and an atom (2; p) is satisfied in Y if for all 1 z k, we have (z; p) Y .
For a monotonic NBT, we assume that runs satisfy the requirements in transition function in an optimal way; thus
Mk0 (q0 ; V (x)), it is indeed the case that r0 (x z) = U 0 Ez0 .
when chooses to proceed with U 0 ; E10 ; : : : ; Ek0
If r0 (x z ) U 0 Ez0 , we can replace r0 with a run for which the equation holds.
0
6
h
i
+1
B
f
g f
g 2
2
7
A
h
[
h
ii 2
[
T , the set Ei consists of the nodes in which the i’th block is closed in . By the definition of Æ, for all
0 i m
1, the run hT; r i contains an F -frontier Gi such that Ei Gi < Ei
and the run hT; r0 i
0
0
0
contains an F -frontier Gi such that Ei Gi < Ei . Hence, E ; : : : ; Em is a trap for U and U 0 .
+1
+1
+1
4 From
0
2 \ 2 to the alternation-free -calculus
The -calculus is a propositional modal logic augmented with least and greatest fixpoint operators [Koz83].
Specifically, we consider a -calculus where formulas are constructed from Boolean propositions with
Boolean connectives, the temporal operators 9 (“exists next”) and 2 (“for all next”), as well as least ( )
and greatest ( ) fixpoint operators. We assume that -calculus formulas are written in positive normal form
(negation only applied to atomic propositions constants and variables).
of atomic proposition constants and a set
of atomic proposition variFormally, given a set
ables, a -calculus formula is either:
AP
APV
p p
p AP .
y
y APV
' '
' '
' and are -calculus formulas;
y:' y y:' y
y APV and '(y) is a -calculus formula containing y as a free variable.
We classify formulas to classes i and i according to the nesting of fixpoint operators in them. Several
– true, false, or : for all 2
;
– for all 2
– ^ , _ , 3 , or 2 , where
–
( ) or
( ), where 2
versions to such a classification can be found in the literature [EL86,Niw86,Bra98]. We describe here the
version defined in [Niw86]:
– A formula is in 0 = 0 if it contains no fixpoint operators.
– A formula is in i+1 if it is one of the following i , i ^ i0 , i _ i0 , 3 i , 2 i ,
i+1 ( ), i+1 ( )[
0i+1 ℄, where i and i0 are i [ i formulas, i+1 and 0i+1 are i+1 formulas, , 2 ,
and no free variable of 0i+1 is in . In other words, to form i+1 , we take i [ i and close under
Boolean and modal operations,
( ) for
2 i+1 , and substitution of a free variable of 2 i+1
by a formula 0 2 i+1 provided that no free variable of 0 is captured by .
– A formula is in i+1 if it is one of the following i , i ^ i0 , i _ i0 , 3 i , 2 i ,
i+1 ( ), i+1 ( )[
0
0
0
, 2 ,
i+1 ℄, where i and i are i [ i formulas, i+1 and i+1 are i+1 formulas,
and no free variable of i0+1 is in .
'
' '
Y
y:' y
Y
y:' y ' Y y
'
'
Y APV y Y
' ' '
'
y: y
Y y
Y APV y Y
y: y z:p z
z:p z y: y x
Y APV y Y
Y
i
i
y
y y
y
x: p y: x EXy
x:y: p x EXy
Note that the “substitution step” suggests that the formula =
(3( ^ (
_ 3 )) is in both 2 and
.
To
see
that
is
in
(it
is
easy
to
see
that
2
),
note
that
_
3
is in 1 , and hence also
2
2
2
in 2 . In addition, the formula
3( ^ ), for 2
, is in 1 , and hence also in 2 . The formula
_ 3 has no free variables. Then, we can substitute by it, get , and stay in 2 . Note that for for
classifications that do not allow such a substitution, the formula is not in 2 . Note also that is neither
in 1 nor 1 .
Finally, we say that a formula is in i if it is one of the following i , i ^ i0 , i _ i0 , 3 i , 2 i ,
0
0
( )[
, 2 , and no variable of i0 is in .
i ℄, where i and i are i [ i formulas,
In other words, to form i , we take i [ i and close under Boolean and modal operations, and under
substitution that does not increase the alternation depth. Note that 0 is ML and 1 is AFMC.
Essentially, i contains all Boolean and modal combinations of formulas in which there are at most 1
alternations of and , with the external fixpoint being a . Similarly, i contains all Boolean and modal
combinations of formulas in which there are at most alternations of and , with the external fixpoint
being a . A -calculus formula is alternation free if, for all atomic propositional variables , there are no
occurrences of ( ) on any syntactic path from an occurrence of
( , respectively) to an occurrence
of . For example, the formula
( _
( _
)) is alternation free (and is in 1 ) and the formula
(( ^ ) _
) is not alternation free (and is in 2 ). The alternation-free -calculus is a subset
of -calculus containing only alternation-free formulas. The alternation-free -calculus is a strict syntactic
z:p z
Y y x APV
x
fragment of 2 \ 2 . We now use Theorem 2 in order to show that 2 \ 2 is not more expressive than
the alternation free -calculus. Thus, every formula in 2 \ 2 has an equivalent formula in AFMC.
For the alternation-free -calculus, an automata-theoretic characterization in terms of symmetric alternating weak automata is well known (a similar result is proven in [AN92] for directed trees):
) can be expressed in AFMC iff T can be recognized by a symmet-
Theorem 3. [KV98] A set T trees (
ric weak alternating automaton.
In [Kai95], Kaivola considered -calculus formulas in which the 3 modality is parameterized with
directions and translates 2 formulas to NBT. In order to apply Theorem 2, we should translate 2 formulas
to symmetric monotonic NBT. For that, we first use a known translation of 2 formulas to symmetric ABT
(Theorem 4; a similar translation for the directed case is described in [Niw86,Tak86]), and then remove
alternation, with symmetry preserved (Theorem 5).
Theorem 4. [KVW00] Given a 2 formula , there is a symmetric alternating Büchi tree automaton A
that accepts exactly all trees that satisfy .
Miyano and Hayashi described a translation of alternating Büchi word automata to equivalent nondeterministic Büchi word automata [MH84]. Mostowski extended the translation to tree automata [Mos84], and
we extend it further to symmetric tree automata. Since the nondeterministic automaton needs to keep track
of the states visited in each path of the run tree of the alternating automaton, the symmetry of the automaton
poses real technical challenges.
Theorem 5. Let A be a symmetric alternating Büchi tree automaton. There is a symmetric monotonic
nondeterministic Büchi tree automaton A0 , with exponentially many states, such that L(A0 ) = L(A).
; S; sin; Æ; i. Then A0 = h; Q; fhsin; 2ig; Æ0; 0 i, where
Q = 2Sf ; g. For a state q 2 Q, let q[1℄ = fs : hs; 1i 2 qg and q[2℄ = fs : hs; 2i 2 qg. Intuitively,
the automaton A0 guesses a run of A. At a given node x of a run of A0 , it keeps in its memory the set of
all the states of A that visit x in the guessed run. As it reads the next input letter, it guesses the way in
which an accepting run of A proceeds from all of these states. This guess induces the states that the run
of A0 visit in the children of x. In order to make sure that every infinite path visits states in infinitely
often, the states are tagged by 1 or 2. States tagged by 1 correspond to copies that have already visit ,
and states tagged by 2 correspond to copies that owe a visit to . When all the copies visit (that is,
all the states are tagged by 1), we change the tag of all states to 2.
Given S 0 S , 2 , and a pair hU; EV
i of subsets of S , we say that hU; E i covers S 0 and if the set
f2s : s 2 U g [ f3s : s 2 E g satisfies s 2S Æ(s0 ; ).
Now, Æ 0 : Q ! 2QQ is defined, for all q 2 Q and 2 , as follows.
If q[2℄ 6= ;, then Æ0 (q; ) contains all pairs hU; E i such that there is hU ; E i that covers q[1℄ and
, and there is hU ; E i that covers q[2℄ and , and the following hold.
U = fhs; 1i : s 2 U [ (U \ )g [ fhs; 2i : s 2 U n g.
E = fhs; 1i : s 2 E [ (E \ )g [ fhs; 2i : s 2 E n g.
If q[2℄ = ;, then Æ0 (q; ) contains all pairs hU; E i such that there is hU ; E i that covers q[1℄ and and the following hold.
U = fhs; 1i : s 2 U \ g [ fhs; 2i : s 2 U n )g.
E = fhs; 1i : s 2 E \ g [ fhs; 2i : s 2 E n )g.
0 = fq : q[2℄ = ;g. Note that a sequence of states of A, which corresponds to the behavior of a
copy of A, changes the tag of its states from 2 to 1 when the copy visits a state in . Also, once all the
sequences change the tag of their states to 1, the attribution is changed back to 2. Thus, 0 guarantees
that all sequences visit infinitely often.
Proof. Let A = h
–
–
12
0
0
1
2
1
2
2
1
2
2
1
–
1
2
1
1
1
1
1
q q
q
q
q
q
q
q
q
A
"; q
q
q
Remark 1. A related approach for translating -calculus formulas into symmetric automata is taken in
[JW95] (see also [AN01]). First, -calculus formulas are transformed into a disjunctive form. The removal
It is easy to see that A is monotonic. Indeed, if 0 , then [1℄ 0 [1℄ and [2℄ 0 [2℄. Thus, if a pair
h i covers 0 [1℄ and 0 , then h i also covers [1℄ and , and similarly for 0 [2℄ and [2℄. Hence, given
an accepting run of q , we can make it an accepting run of Aq by changing the labels of the root from
0 ) to ( ). In addition, if 0 [2℄ is empty, so is [2℄.
(
U; E
"; q
q
U; E
of conjunctions described there is similar to the removal of universal branches in alternating tree automata
(and indeed it involves the same determinization construction that is present in the automata-theoretic approach [MS87]). It is then shown that disjunctive -calculus formulas correspond to -automata. Our focus
here is on the translation of 2 formulas to symmetric monotonic nondeterministic Büchi tree automata.
It is possible to recast our proof in an extension of the framework of -automata [Wal03], but we find our
notion of symmetric nondeterministic automata more transparent.
\ AFMC .
Theorem 6.
2
2
Proof. Since AFMC is a syntactic fragment of 2 \ 2 , one direction is trivial. Let be a property expressible in 2 \ 2 . Given 2 2 expressing , we can construct, by Theorems 4 and 5, a symmetric
monotonic NBT U that accepts exactly all trees that satisfy . Also, 2 2 implies that there is 2 2
that is equivalent to : , so we can also construct a symmetric monotonic NBT U that accepts exactly all
trees that do not satisfy . Clearly, L( U ) = omp (L( U )). Hence, by Theorem 2, there is a symmetric
alternating weak automaton A that is equivalent to U . By Theorem 3, the automaton A can be translated
to a formula in AFMC such that a tree satisfies iff it is accepted by U iff it is not accepted by U . We
claim that is logically equivalent to over arbitrary structures (in particular, structures with an infinite
branching degree). To see this, assume, by way of contradiction, that is not logically equivalent to .
Then, either ^ : or ^ is satisfiable in some general structure. But then, either ^ : or ^ is
satisfiable by a tree model [SE84] of a finite branching degree, contradicting the fact that a tree satisfies
iff it is accepted by U iff it is not accepted by U .
'
'
'
'
' '
' '
'
Remark 2. Since it is also known that the -calculus has the finite-model property [KP84], it follows that
Theorem 6 can also be relativized to finite Kripke structures.
5 Concluding Remarks
We showed that 2 \ 2 AFMC. In other words, if we can specify a property both as a least fixpoint nested inside a greatest fixpoint and as a greatest fixpoint nested inside a least fixpoint, we should
be able to specify also with no alternation between greatest and least fixpoints. This offers an elegant
characterization of alternation freedom. The key to our results is a development of a theory of symmetric
nondeterministic Büchi tree automata. A technical outcome of this theory is that the blow-up of our construction, i.e., going from formulas in 2 \ 2 to equivalent formulas in AFMC is doubly exponential. It
would be interesting to try to improve this complexity or to prove its optimality.
Combining our result here with the result in [KV01] ( 1 \ 1 ML) suggests the possibility of a
general coalescence result for the -calculus hierarchy. Recall the definition of i as the closure of i \ i
under Boolean and modal operations and under alternation-preserving substitutions. Then we have that
0, in analogy for such
i \ i i 1 for = 1 2. It is tempting to conjecture that this holds for all
coalescence for the quantifier alternation hierarchy of first-order logic (cf. [Add62]). As is shown, however,
3.
in [AS03], this is not the case for
Acknowledgements: We are grateful to J.W. Addison for valuable discussions regarding the first-order
quantifier-alternation hierarchy and to I. Walukiewicz for valuable discussions regarding -automata.
i
;
i>
i>
References
[Add62]
[AN90]
[AN92]
[AN01]
[AS03]
[Ben91]
[Bra98]
[BRS99]
[CS91]
[EL85]
[EL86]
[FL79]
[GJ79]
[Jur00]
[JW95]
[Kai95]
[Koz83]
[KP84]
[KV98]
[KV99]
[KV01]
[KVW00]
[McM93]
[MH84]
[Mos84]
[MS87]
[MSS86]
[Niw86]
[Rab70]
[Rog67]
[SE84]
J.W. Addision, The theory of hierarchies. Proc. Internat. Congr. Logic, Method. and Philos. Sci. 1960, pages
26–37, Stanford University Press, 1962.
A. Arnold and D. Niwiński. Fixed point characterization of Büchi automata on infinite trees. Information
Processing and Cybernetics, 8–9:451–459, 1990.
A. Arnold and D. Niwiński. Fixed point characterization of weak monadic logic definable sets of trees. In
Tree Automata and Languages, pages 159–188, Elsevier, 1992.
A. Arnold and D. Niwiński. Rediments of -calculus. Elsevier, 2001.
A. Arnold and L. Santocanale, On ambiguous classes in the -calculus hierarchy of tree languages, Proc.
Workshop on Fixed Points in Computer Science, Warsaw, Poland, 2003.
J. Benthem. Languages in actions: categories, lambdas and dynamic logic. Studies in Logic, 130, 1991.
J.C. Bradfield. The modal -calculus alternation hierarchy is strict. TCS, 195(2):133–153, March 1998.
R. Bloem, K. Ravi, and F. Somenzi. Efficient decision procedures for model checking of linear time logic
properties. In Proc. 11th CAV, LNCS 1633, pages 222–235. 1999.
R. Cleaveland and B. Steffen. A linear-time model-checking algorithm for the alternation-free modal calculus. In Proc. 3rd CAV, LNCS 575, pages 48–58, 1991.
E.A. Emerson and C.-L. Lei. Temporal model checking under generalized fairness constraints. In Proc. 18th
Hawaii International Conference on System Sciences, 1985.
E.A. Emerson and C.-L. Lei. Efficient model checking in fragments of the propositional -calculus. In Proc.
1st LICS, pages 267–278, 1986.
M.J. Fischer and R.E. Ladner. Propositional dynamic logic of regular programs. Journal of Computer and
Systems Sciences, 18:194–211, 1979.
M. Garey and D. S. Johnson. Computers and Intractability: A Guide to the Theory of NP-completeness. W.
Freeman and Co., San Francisco, 1979.
M. Jurdzinski. Small progress measures for solving parity games. In 17th STACS, LNCS 1770, pages
290–301. 2000.
D. Janin and I. Walukiewicz. Automata for the modal -calculus and related results. In Proc. 20th MFCS,
LNCS, pages 552–562. 1995.
R. Kaivola. On modal -calculus and Büchi tree automata. IPL, 54:17–22, 1995.
D. Kozen. Results on the propositional -calculus. TCS, 27:333–354, 1983.
D. Kozen and R. Parikh. A decision procedure for the propositional -calculus. In Logics of Programs,
LNCS 164, pages 313–325, 1984.
O. Kupferman and M.Y. Vardi. Freedom, weakness, and determinism: from linear-time to branching-time.
In Proc. 13th LICS, pages 81–92, June 1998.
O. Kupferman and M.Y. Vardi. The weakness of self-complementation. In Proc. 16th STACS, LNCS 1563,
pages 455–466. 1999.
O. Kupferman and M.Y. Vardi. On clopen specifications. In Proc. 8th LPAR, LNCS 2250, pages 24–38.
2001.
O. Kupferman, M.Y. Vardi, and P. Wolper. An automata-theoretic approach to branching-time model checking. Journal of the ACM, 47(2):312–360, March 2000.
K.L. McMillan. Symbolic Model Checking. Kluwer Academic Publishers, 1993.
S. Miyano and T. Hayashi. Alternating finite automata on -words. TCS, 32:321–330, 1984.
A.W. Mostowski. Regular expressions for infinite trees and a standard form of automata. In Computation
Theory, LNCS 208, pages 157–168. 1984.
D.E. Muller and P.E. Schupp. Alternating automata on infinite trees. TCS, 54:267–276, 1987.
D.E. Muller, A. Saoudi, and P.E. Schupp. Alternating automata, the weak monadic theory of the tree and its
complexity. In Proc. 13th ICALP, LNCS 226, 1986.
D. Niwiński. On fixed point clones. In Proc. 13th ICALP, LNCS 226, pages 464–473. 1986.
M.O. Rabin. Weakly definable relations and special automata. In Proc. Symp. Math. Logic and Foundations
of Set Theory, pages 1–23, 1970.
H. Rogers, Theory of recursive functions and effective computability. McGraw-Hill, 1967.
R.S. Street and E.A. Emerson. An elementary decision procedure for the -calculus. In Proc. 11th ICALP,
LNCS 172, pages 465–472, 1984.
!
[Tak86]
[VW86]
[Wal03]
[Wil99]
!
M. Takahashi. The greatest fixed-points and rational -tree languages. TCS 44, pp. 259–274, 1986.
M.Y. Vardi and P. Wolper. An automata-theoretic approach to automatic program verification. In Proc. 1st
LICS, pages 332–344, 1986.
I. Walukiewicz. Private communication, 2003.
T. Wilke. CTL+ is exponentially more succinct than CTL. In Proc. 19th FST& TCS, LNCS 1738, pages
110–121, 1999.
Related documents
Conference Torrents 28 janvier 2013 - 10h
Conference Torrents 28 janvier 2013 - 10h
Help Your Child with Math Study Skills (5th*12th)
Help Your Child with Math Study Skills (5th*12th)
This week: 14.3–4 webAssign: 14.3–4, due 4/11 11:55 p.m. Next week: 14.5–6
This week: 14.3–4 webAssign: 14.3–4, due 4/11 11:55 p.m. Next week: 14.5–6
Download
advertisement