Certifying Inexpressibility
CCertifying Inexpressibility (cid:63)
Orna Kupferman and Salomon Sickert , ( (cid:66) ) School of Computer Science and Engineering,The Hebrew University, Jerusalem, Israel. [email protected] , [email protected] Technische Universit¨at M¨unchen, Munich, Germany. [email protected]
Abstract
Different classes of automata on infinite words have different expres-sive power. Deciding whether a given language L ⊆ Σ ω can be expressed by anautomaton of a desired class can be reduced to deciding a game between Proverand Refuter: in each turn of the game, Refuter provides a letter in Σ , and Proverresponds with an annotation of the current state of the run (for example, in thecase of B¨uchi automata, whether the state is accepting or rejecting, and in thecase of parity automata, what the color of the state is). Prover wins if the se-quence of annotations she generates is correct: it is an accepting run iff the wordgenerated by Refuter is in L . We show how a winning strategy for Refuter canserve as a simple and easy-to-understand certificate to inexpressibility, and howit induces additional forms of certificates. Our framework handles all classes ofdeterministic automata, including ones with structural restrictions like weak au-tomata. In addition, it can be used for refuting separation of two languages byan automaton of the desired class, and for finding automata that approximate L and belong to the desired class. Keywords:
Automata on infinite words · Expressive power · Games.
Finite automata on infinite objects were first introduced in the 60’s, and were the key tothe solution of several fundamental decision problems in mathematics and logic [8,32,41].Today, automata on infinite objects are used for specification, verification, and synthesisof nonterminating systems. The automata-theoretic approach reduces questions aboutsystems and their specifications to questions about automata [27,49], and is at the heartof many algorithms and tools. Industrial-strength property-specification languages suchas the IEEE 1850 Standard for Property Specification Language (PSL) [14] includeregular expressions and/or automata, making specification and verification tools thatare based on automata even more essential and popular.A run r of an automaton on infinite words is an infinite sequence of states, andacceptance is determined with respect to the set of states that r visits infinitely often. (cid:63) This is the full version of an article with the same title that appears in the FoSSaCS 2021conference proceedings. Orna Kupferman is supported in part by the Israel Science Founda-tion, grant No. 2357/19. Salomon Sickert is supported in part by the Deutsche Forschungs-gemeinschaft (DFG) under project numbers 436811179 and 317422601 (“Verified ModelCheckers”), and in part funded by the European Research Council (ERC) under the Euro-pean Union’s Horizon 2020 research and innovation programme under grant agreement No.787367 (PaVeS). a r X i v : . [ c s . F L ] F e b Orna Kupferman and Salomon Sickert
For example, in
B¨uchi automata, some of the states are designated as accepting states,denoted by α , and a run is accepting iff it visits states from the accepting set α infinitelyoften [8]. Dually, in co-B¨uchi automata, a run is accepting if it visits the set α onlyfinitely often. Then, in parity automata, the acceptance condition maps each state toa color in some set C = { j, . . . , k } , for j ∈ { , } and some index k ≥
0, and a run isaccepting if the maximal color it visits infinitely often is odd.The different classes of automata have different expressive power . For example, whiledeterministic parity automata can recognize all ω -regular languages, deterministic B¨uchiautomata cannot [28]. We use DBW, DCW, and DPW to denote a deterministic B¨uchi,co-B¨uchi, and parity word automaton, respectively, or (this would be clear from the con-text) the set of languages recognizable by the automata in the corresponding class. Therehas been extensive research on expressiveness of automata on infinite words [48,20]. Inparticular, researchers have studied two natural expressiveness hierarchies induced bydifferent classes of deterministic automata. The first hierarchy is the Mostowski Hier-archy , induced by the index of parity automata [34,50]. Formally, let DPW[0 , k ] denotea DPW with C = { , . . . , k } , and similarly for DPW[1 , k ] and C = { , . . . , k } . Clearly,DPW[0 , k ] ⊆ DPW[0 , k + 1], and similarly DPW[1 , k ] ⊆ DPW[1 , k + 1]. The hierarchyis infinite and strict. Moreover, DPW[0 , k ] complements DPW[1 , k + 1], and for every k ≥
0, there are languages L k and L (cid:48) k such that L k ∈ DPW[0 , k ] \ DPW[1 , k + 1] and L (cid:48) k ∈ DPW[1 , k + 1] \ DPW[0 , k ]. At the bottom of this hierarchy, we have DBW andDCW. Indeed, DBW=DPW[0 ,
1] and DCW=DPW[1 , depth hierarchy , refines deterministic weak automata (DWWs). Weak automatacan be viewed as a special case of B¨uchi or co-B¨uchi automata in which every stronglyconnected component in the graph induced by the structure of the automaton is eithercontained in α or is disjoint from α , where α is depending on the acceptance conditionthe set of accepting or rejecting states. The structure of weak automata captures thealternation between greatest and least fixed points in many temporal logics, and theywere introduced in this context in [35]. DWWs have been used to represent vectors ofreal numbers [6], and they have many appealing theoretical and practical properties[31,21]. In terms of expressive power, DWW = DCW ∩ DBW.The depth hierarchy is induced by the depth of alternation between accepting andrejecting components in DWWs. For this, we view a DWW as a DPW in which the colorsvisited along a run can only increase. Accordingly, each run eventually gets trapped in asingle color, and is accepting iff this color is odd. We use DWW[0 , k ] and DWW[1 , k ] todenote weak-DPW[0 , k ] and weak-DPW[1 , k ], respectively. The picture obtained for thedepth hierarchy is identical to that of the Mostowski hierarchy, with DWW[ j, k ] replac-ing DPW[ j, k ] [50]. At the bottom of the depth hierarchy we have co-safety and safety languages [2]. Indeed, co-safety languages are DWW[0 ,
1] and safety are DWW[1 , linear temporal logic formula ψ , there is an alternation-free µ -calculus formula ertifying Inexpressibility 3 T : a b rejaccacc rej Figure 1.
A refuter for DBW-recognizability of “only finitely many a ’s”. equivalent to ∀ ψ iff ψ can be recognized by a DBW. Further research studies typeness fordeterministic automata, examining the ability to define a weaker acceptance conditionon top of a given automaton [19,21].Our goal in this paper is to provide a simple and easy-to-understand explanationto inexpressibility results. The need to accompany results of decision procedures byan explanation (often termed “certificate”) is not new, and includes certification of a“correct” decision of a model checker [24,44], reachability certificates in complex multi-agent systems [1], and explainable reactive synthesis [4]. To the best of our knowledge,our work is the first to provide certification to inexpressibility results.The underlying idea is simple: Consider a language L and a class γ of deterministicautomata. We consider a turn-based two-player game in which one player (Refuter)provides letters in Σ , and the second player (Prover) responds with letters from aset A of annotations that describe states in a deterministic automaton. For example,when we consider a DBW, then A = { acc , rej } , and when we consider a DPW[0 , k ],then A = { , . . . , k } . Thus, during the interaction, Refuter generates a word x ∈ Σ ω and Prover responds with a word y ∈ A ω . Prover wins if for all words x ∈ Σ ω , wehave that x ∈ L iff y is accepting according to γ . Clearly, if there is a deterministic γ automaton for L , then Prover can win by following its run on x . Dually, a finite-statewinning strategy for Prover induces a deterministic γ automaton for L . The game-basedapproach is not new, and has been used for deciding the membership of given ω -regularlanguages in different classes of deterministic automata [26]. Further, the game-basedformulation is used in descriptive set theory to classify sets into hierarchies, see forexample [39, Chapters 4 and 5] for an introduction that focuses on ω -regular languages.Our contribution is a study of strategies for Refuter. Indeed, since the above describedgame is determined [9] and the strategies are finite-state, Refuter has a winning strategyiff no deterministic γ automaton for L exists, and this winning strategy can serve as acertificate for inexpressibility. Example 1.
Consider the language L ¬∞ a ⊆ { a, b } ω of all words with only finitely many a ’s. It is well known that L cannot be recognized by a DBW [28]. In Figure 1 we describewhat we believe to be the neatest proof of this fact. The figure describes a transducer R with inputs in { acc,rej } and outputs in { a, b } – the winning strategy of Refuter inthe above described game. The way to interpret R is as follows. In each round of thegame, Prover tells Refuter whether the run of her DBW for L ¬∞ a is in an acceptingor a rejecting state, and Refuter uses R in order to respond with the next letter in theinput word. For example, if Prover starts with acc , namely declaring that the initialstate of her DBW is accepting, then Refuter responds with a , and if Prover continueswith rej , namely declaring that the state reachable with a is rejecting, then Refuterresponds with b . If Prover continues with rej forever, then Prover continues with b forever. Thus, together Prover and Refuter generate two words: y ∈ { acc,rej } ω and Orna Kupferman and Salomon Sickert x ∈ { a, b } ω . Prover wins whenever x ∈ L ¬∞ a iff y contains infinitely many acc ’s. IfProver indeed has a DBW for L ¬∞ a , then she can follow its transition function andwin the game. By following the refuter R , however, Refuter can always fool Prover andgenerate a word x such that x ∈ L ¬∞ a iff y contains only finitely many acc ’s. (cid:4) We first define refuters for DBW-recognizability, and study their construction andsize for languages given by deterministic or nondeterministic automata. Our refutersserve as a first inexpressibility certificate. We continue and argue that each DBW-refuter for a language L induces three words x ∈ Σ ∗ and x , x ∈ Σ ∗ , such that x · ( x + x ) ∗ · x ω ⊆ L and x · ( x ∗ · x ) ω ∩ L = ∅ . The triple (cid:104) x, x , x (cid:105) is an additionalcertificate for L not being in DBW. Indeed, we show that a language L is not in DBW iffit has a certificate as above. For example, the language L ¬∞ a has a certificate (cid:104) (cid:15), b, a (cid:105) .In fact, we show that Landweber’s proof for L ¬∞ a can be used as is for all languagesnot in DBW, with x replacing b , x replacing a , and adding x as a prefix.We then generalize our results on DBW-refutation and certification in two orthog-onal directions. The first is an extension to richer classes of deterministic automata, inparticular all classes in the two hierarchies discussed above, as well as all deterministicEmerson-Lei automata (DELWs) [17]. For the depth hierarchy, we add to the winningcondition of the game a structural restriction . For example, in a weak automaton, Proverloses if the sequence y ∈ A ω of annotations she generates includes infinitely many al-ternations between acc and rej . We show how structural restrictions can be easilyexpressed in our framework.The second direction is an extension of the recognizability question to the questionsof separation and approximation : We say that a language L ⊆ Σ ω is a separator fortwo languages L , L ⊆ Σ ω if L ⊆ L and L ∩ L = ∅ . Studies of separation include asearch for regular separators of general languages [11], as well as separation of regularlanguages by weaker classes of languages, e.g., FO-definable languages [40] or piecewisetestable languages [12]. In the context of ω -regular languages, [2] presents an algorithmcomputing the smallest safety language containing a given language L , thus finding asafety separator for L and L . As far as we know, besides this result there has beenno systematic study of separation of ω -regular languages by deterministic automata.In addition to the interest in separators, we use them in the context of recognizabilityin two ways. First, a third type of certificate that we suggest for DBW-refutation of alanguage L are “simple” languages L and L such that L ⊆ L , L ∩ L = ∅ , and (cid:104) L , L (cid:105) are not DBW-separable. Second, we use separability in order to approximate languagesthat are not in DBW. Consider such a language L ⊆ Σ ω . A user may be willing toapproximate L in order to obtain DBW-recognizability. Specifically, we assume thatthere are languages I ↓ ⊆ L and I ↑ ⊆ Σ ω \ L of words that the user is willing to under-and over-approximate L with. Thus, the user searches for a language that is a separatorfor L \ I ↓ and Σ ω \ ( L ∪ I ↑ ). We study DBW-separability and DBW-approximation,namely separability and approximation by languages in DBW. In particular, we areinterested in finding “small” approximating languages I ↓ and I ↑ with which L has aDBW-approximation, and we show how certificates that refute DBW-separation candirect the search to for successful I ↓ and I ↑ . Essentially, as in counterexample guidedabstraction-refinement (CEGAR) for model checking [10], we use certificates for non-DBW-separability in order to suggest interesting radius languages . While in CEGARthe refined system excludes the counterexample, in our setting the approximation of L excludes the certificate. As has been the case with recognizability, we extend our resultsto all classes of deterministic automata. ertifying Inexpressibility 5 Consider two finite alphabets Σ and A . It is convenient to think about Σ as the “main”alphabet, and about A as an alphabet of annotations. For two words x = x · x · x · · · ∈ Σ ω and y = y · y · y · · · ∈ A ω , we define x ⊕ y as the word in ( Σ × A ) ω obtained bymerging x and y . Thus, x ⊕ y = ( x , y ) · ( x , y ) · ( x , y ) · · · .A ( Σ/A ) -transducer models a finite-state system that responds with letters in A while interacting with an environment that generates letters in Σ . Formally, a ( Σ/A )-transducer is T = (cid:104) Σ, A, ι, S, s , ρ, τ (cid:105) , where ι ∈ { sys , env } indicates who initiates theinteraction – the system or the environment, S is a set of states, s ∈ S is an initialstate, ρ : S × Σ → S is a transition function, and τ : S → A is a labelling function on thestates. Consider an input word x = x · x · x · · · ∈ Σ ω . The run of T on x is the sequence s , s , s . . . such that for all j ≥
0, we have that s j +1 = ρ ( s j , x j ). The annotation of x by T , denoted T ( x ), depends on ι . If ι = sys , then T ( x ) = τ ( s ) · τ ( s ) · τ ( s ) · · · ∈ A ω .Note that the first letter in A is the output of T in s . This reflects the fact that thesystem initiates the interaction. If ι = env , then T ( x ) = τ ( s ) · τ ( s ) · τ ( s ) · · · ∈ A ω .Note that now, the output in s is ignored, reflecting the fact that the environmentinitiates the interaction.Consider a language L ⊆ ( Σ × A ) ω . Let comp ( L ) denote the complement of L . Thus, comp ( L ) = ( Σ × A ) ω \ L . We say that a language L ⊆ ( Σ × A ) ω is ( Σ/A ) -realizableby the system if there is a ( Σ/A )-transducer T with ι = sys such that for every word x ∈ Σ ω , we have that x ⊕ T ( x ) ∈ L . Then, L is ( A/Σ ) -realizable by the environment ifthere is an ( A/Σ )-transducer T with i = env such that for every word y ∈ A ω , we havethat T ( y ) ⊕ y ∈ L . When the language L is regular, realizability reduces to deciding agame with a regular winning condition. Then, by determinacy of games and due to theexistence of finite-memory winning strategies [9], we have the following. Proposition 1.
For every ω -regular language L ⊆ ( Σ × A ) ω , exactly one of the follow-ing holds.1. L is ( Σ/A ) -realizable by the system.2. comp ( L ) is ( A/Σ ) -realizable by the environment. A deterministic word automaton over a finite alphabet Σ is A = (cid:104) Σ, Q, q , δ, α (cid:105) , where Q is a set of states, q ∈ Q is an initial state, δ : Q × Σ → Q is a transition function, and α isan acceptance condition. We extend δ to words in Σ ∗ in the expected way, thus for q ∈ Q , w ∈ Σ ∗ , and letter σ ∈ Σ , we have that δ ( q, (cid:15) ) = q and δ ( q, wσ ) = δ ( δ ( q, w ) , σ ). A run of A on an infinite word σ , σ , · · · ∈ Σ ω is the sequence of states r = q , q , . . . , wherefor every position i ≥
0, we have that q i +1 = δ ( q i , σ i ). We use inf ( r ) to denote the setof states that r visits infinitely often. Thus, inf ( r ) = { q : q i = q for infinitely many i ≥ } . The acceptance condition α refers to inf ( r ) and determines whether the run r isaccepting. For example, in the B¨uchi , acceptance condition, we have that α ⊆ Q , anda run is accepting iff it visits states in α infinitely often; that is, α ∩ inf ( r ) (cid:54) = ∅ . Dually,in co-B¨uchi , α ⊆ Q , and a run is accepting iff it visits states in α only finitely often; Orna Kupferman and Salomon Sickert that is, α ∩ inf ( r ) = ∅ . The language of A , denoted L ( A ), is then the set of words w such that the run of A on w is accepting.A parity condition is α : Q → { , . . . , k } , for k ≥
0, termed the index of α . A run r satisfies α iff the maximal color i ∈ { , . . . , k } such that α − ( i ) ∩ inf ( r ) (cid:54) = ∅ is odd.That is, r is accepting iff the maximal color that r visits infinitely often is odd. Then,a Rabin condition is α = {(cid:104) G , B (cid:105) , . . . , (cid:104) G k , B k (cid:105)} , with G i , B i ⊆ Q , for all 0 ≤ i ≤ k .A run r satisfies α iff there is 1 ≤ i ≤ k such that inf ( r ) ∩ G i (cid:54) = ∅ and inf ( r ) ∩ B i = ∅ .Thus, there is a pair (cid:104) G i , B i (cid:105) such that r visits states in G i infinitely often and visitsstates in B i only finitely often.All the acceptance conditions above can be viewed as special cases of the Emerson-Lei acceptance condition (EL-condition, for short) [17], which we define below. Let M be a finite set of marks. Given an infinite sequence π = M · M · · · ∈ (2 M ) ω ofsubsets of marks, let inf ( π ) be the set of marks that appear infinitely often in sets in π . Thus, inf ( π ) = { m ∈ M : there exist infinitely many i ≥ m ∈ M i } .An EL-condition is a Boolean assertion over atoms in M . For simplicity, we considerassertions in positive normal form, where negation is applied only to atoms. Intuitively,marks that appear positively should repeat infinitely often and marks that appearnegatively should repeat only finitely often. Formally, a deterministic EL-automatonis A = (cid:104) Σ, Q, q , δ, M , τ, θ (cid:105) , where τ : Q → M maps each state to a set of marks, and θ is an EL-condition over M . A run r of a A is accepting if inf ( τ ( r )) satisfies θ .For example, a B¨uchi condition α ⊆ Q can be viewed as an EL-condition with M = { acc } and τ ( q ) = { acc } for q ∈ α and τ ( q ) = ∅ for q (cid:54)∈ α . Then, the assertion θ = acc is satisfied by sequences π induced by runs r with inf ( r ) ∩ α (cid:54) = ∅ . Dually,the assertion θ = ¬ rej with M = { rej } is satisfied by sequences π induced by runs r with inf ( r ) ∩ α = ∅ , and thus corresponds to a co-B¨uchi condition. In the case of aparity condition α : Q → { , . . . , k } , it is not hard to see that α is equivalent to an EL-condition in which M = { , , . . . , k } , for every state q ∈ Q , we have that τ ( q ) = { α ( q ) } ,and θ = θ k expresses the parity condition, where θ k is inductively defined as: θ k = ¬ k = 0 , ¬ k ∧ θ k − if k is even, k ∨ θ k − If k > k is odd.Lastly, a Rabin condition α = {(cid:104) G , B (cid:105) , . . . , (cid:104) G k , B k (cid:105)} is equivalent to an EL-conditionwith M = { G , B , . . . , G k , B k } and τ ( q ) = { m ∈ M : q ∈ m } . Note that now, themapping τ is not to singletons, and each state is marked by all sets in α in which it isa member. Then, θ = (cid:87) ≤ i ≤ k ( G i ∧ ¬ B i ).We use DBW, DCW, DPW, DRW, DELW to denote deterministic B¨uchi, co-B¨uchi,parity, Rabin, and EL word automata, respectively. For parity automata, we also useDPW[0 , k ] and DPW[1 , k ], for k ≥
0, to denote DPWs in which the colours are in { , . . . , k } and { , . . . , k } , respectively. For Rabin automata, we use DRW[ k ], for k ≥ k elements in α . Finally, we use DELW[ θ ], to denoteDELWs with EL-condition θ . We sometimes use the above acronyms in order to referto the set of languages that are recognizable by the corresponding class of automata.For example, we say that a language L is in DBW if L is DBW-recognizable , thus thereis a DBW A such that L = L ( A ). Note that DBW = DPW[0 , , , k ] = DPW[0 , k ][43,30]. ertifying Inexpressibility 7 Consider a directed graph G = (cid:104) V, E (cid:105) . A strongly connected set of G (SCS) is a set C ⊆ V of vertices such that for every two vertices v, v (cid:48) ∈ C , there is a path from v to v (cid:48) . An SCS C is maximal if it cannot be extended to a larger SCS. Formally, forevery nonempty C (cid:48) ⊆ V \ C , we have that C ∪ C (cid:48) is not an SCS. The maximal stronglyconnected sets are also termed strongly connected components (SCC). An automaton A = (cid:104) Σ, Q, Q , δ, α (cid:105) induces a directed graph G A = (cid:104) Q, E (cid:105) in which (cid:104) q, q (cid:48) (cid:105) ∈ E iff thereis a letter σ such that q (cid:48) ∈ δ ( q, σ ). When we talk about the SCSs and SCCs of A , werefer to those of G A . Consider a run r of an automaton A . It is not hard to see thatthe set inf ( r ) is an SCS. Indeed, since every two states q and q (cid:48) in inf ( r ) are visitedinfinitely often, the state q (cid:48) must be reachable from q .A DBW A = (cid:104) Σ, Q, q , δ, α (cid:105) is weak (DWW) if every SCC C of A is accepting,namely C ⊆ α , or rejecting, namely C ∩ α = ∅ . Thus, each run of A eventually visitseither states in α or only states not in α . It is easy to see that every DWW can beviewed as a DBW and as a DCW. In order to refer to the depth of the SCCs in A ,we also refer to A also as a DPW. Indeed, a DPW A = (cid:104) Σ, Q, q , δ, α (cid:105) is weak if forevery transition q (cid:48) = δ ( q, σ ) we have α ( q (cid:48) ) ≥ α ( q ), i.e., α is monotonically increasingalong a run. We use DWW[0 , k ] and DWW[1 , k ] to denote weak DPW[0 , k ] and weakDPW[1 , k ], respectively. Finally, note that for each safety ω -regular language L , thereexists a DWW[1 ,
2] that recognises L and all DWW[1 ,
2] recognise a safety language.Dually, co-safety languages correspond to DWW[0 , Let A = { acc , rej } . We use ∞ acc to denote the subset { a · a · a · · · ∈ A ω :there are infinitely many j ≥ a j = acc } and ¬∞ acc = comp ( ∞ acc ) = { a · a · a · · · ∈ A ω : there are only finitely many j ≥ a j = acc } .A DBW A = (cid:104) Σ, Q, q , δ, α (cid:105) can be viewed as a ( Σ/A )-transducer T A = (cid:104) Σ, A, sys , Q , q , δ, τ (cid:105) , where for every state q ∈ Q , we have that τ ( q ) = acc if q ∈ α , and τ ( q ) = rej otherwise. Then, for every word x ∈ Σ ω , we have that x ∈ L ( A ) iff T A ( x ) ∈ ∞ acc .For a language L ⊆ Σ ω , we define the language DBW( L ) ⊆ ( Σ × A ) ω of words withcorrect annotations. Thus,DBW( L ) = { x ⊕ y : x ∈ L iff y ∈ ∞ acc } . Note that comp (DBW( L )) is the languageNoDBW( L ) = { x ⊕ y : ( x ∈ L and y (cid:54)∈ ∞ acc ) or ( x (cid:54)∈ L and y ∈ ∞ acc ) } . A DBW-refuter for L is an ( A/Σ )-transducer with ι = env realizing NoDBW( L ). Example 2.
For every language R ⊆ Σ ∗ of finite words, the language R ω ⊆ Σ ω consistsof infinite concatenations of words in R . It was recently shown that R ω may not be inDBW [29]. The language used in [29] is R = $ + (0 · { , , $ } ∗ · R ω .Following R , Refuter starts by generating a prefix 0 · acc with 1 and responds with $ to rej . Accordingly, if Prover generates a rejecting run,Prover generates a word in 0 · · (1 + $) ∗ · $ ω , which is in R ω . Also, if Prover generatesan accepting run, Prover generates a word in 0 · · (1 + · $ ∗ ) ω , which has a single 0 andinfinitely many 1’s, and is therefore not in R ω . (cid:4) Orna Kupferman and Salomon Sickert R : 1 $$ 0 acc,rej acc,rej rejaccacc rej Figure 2.
A DBW-refuter for ($ + (0 · { , , $ } ∗ · ω . By Proposition 1, we have the following.
Proposition 2.
Consider a language L ⊆ Σ ω . Let A = { acc , rej } . Exactly one of thefollowing holds: – L is in DBW, in which case the language DBW( L ) is ( Σ/A ) -realizable by the system,and a finite-memory winning strategy for the system induces a DBW for L . – L is not in DBW, in which case the language NoDBW( L ) is ( A/Σ ) -realizable bythe environment, and a finite-memory winning strategy for the environment inducesa DBW-refuter for L . In this section we analyze the size of refuters. We start with the case where the language L is given by a DPW. Theorem 1.
Consider a DPW A with n states. Let L = L ( A ) . One of the followingholds.1. There is a DBW for L with n states.2. There is a DBW-refuter for L with n states.Proof. If L is in DBW, then, as DPWs are B¨uchi type [19], a DBW for L can bedefined on top of the structure of A , and so it has n states. If L is not in DBW, then byProposition 2, there is a DBW-refuter for L , namely a ( { acc , rej } /Σ )-transducer thatrealizes NoDBW( L ). We show we can define a DRW U with 2 n states for NoDBW( L ).The result then follows from the fact a realizable DRW is realized by a transducer ofthe same size as the DRW [15].We construct U by taking the union of the acceptance conditions of a DRW U for { x ⊕ y : x ∈ L and y (cid:54)∈ ∞ acc } and a DRW U for { x ⊕ y : x (cid:54)∈ L and y ∈ ∞ acc } . Weobtain both DRWs by taking the product of A , extended to the alphabet Σ ×{ acc , rej } ,with a 2-state automaton for ∞ acc , again extended to the alphabet Σ × { acc , rej } .We describe the construction in detail. Let A = (cid:104) Σ, Q, q , δ, α (cid:105) . Then, the statespace of U is Q × { acc , rej } and its transition on a letter (cid:104) σ, a (cid:105) follows δ when it reads σ , with a determining whether U moves to the acc or rej copy. Let α be the Rabincondition equivalent to α . We obtain the acceptance condition of U by replacing eachpair (cid:104) G, B (cid:105) in α by (cid:104) G × { rej } , B × { rej } ∪ Q × { acc }(cid:105) . It is not hard to see that arun of U satisfies the latter pair iff its projection on Q satisfies the pair (cid:104) G, B (cid:105) and itsprojection on { acc , rej } has only finitely many acc . The construction of U is similar,with α being a Rabin condition that complements α , and then replacing each pair (cid:104) G, B (cid:105) in α by (cid:104) G × { acc } , B × { acc , rej } ) (cid:105) . Since U and U have the same statespace, and we only have to take the union of the pairs in their acceptance conditions,the 2 n bound follows. (cid:117)(cid:116) ertifying Inexpressibility 9 Now, when L is given by an NBW, an exponential bound follows from the expo-nential blow up in determinization [42]. If we are also given an NBW for comp ( L ), thecomplexity can be tightened. Formally, we have the following. Theorem 2.
Given NBWs with n and m states, for L and comp ( L ) , respectively, oneof the following holds.1. There is a DBW for L with min { (1 . n ) n , m } states.2. There is a DBW-refuter for L with min { · (1 . n ) n , · (1 . m ) m } states.Proof. If L is in DBW, then a DBW for L can be defined on top of a DPW for L ,which has at most (1 . n ) n states [45], or by dualizing a DCW for comp ( L ). Since thetranslation of an NBW with m states to a DCW, when it exists, results in a DCWwith 3 m states [7], we are done. If L is not in DBW, then we proceed as in the proof ofTheorem 1, defining U on the top of a DPW for either L or comp ( L ). (cid:117)(cid:116) Consider a DBW-refuter R = (cid:104){ acc , rej } , Σ, env , S, s , ρ, τ (cid:105) . We say that a path s , . . . , s m in R is an rej + -path if it contains at least one transition and all the transi-tions along it are labeled by rej ; thus, for all 0 ≤ j < m , we have that s j +1 = ρ ( s j , rej ).Then, a path s , . . . , s m in R is an acc -path if it contains at least one transition andits first transition is labeled by acc . Thus, s = ρ ( s , acc ). Lemma 1.
Consider a DBW-refuter R = (cid:104){ acc , rej } , Σ, env , S, s , ρ, τ (cid:105) . Then thereexists a state s ∈ S , a (possibly empty) path p = s , s , . . . s m , a rej + -cycle p = s , s . . . s m , and an acc -cycle p = s , s . . . s m , such that s m = s = s m = s = s m = s .Proof. Let s i ∈ S be a reachable state that belongs to an ergodic component in thegraph of R (that is, s i ∈ C , for a set C of strongly connected states that can reachonly states in C ). Since R is responsive, in the sense it can read in each round both acc and rej , we can read from s i the input sequence rej ω . Hence, R has a rej + -path s i , . . . , s l , . . . , s k with s l = s k , for l < k . It is easy to see that the claim holds with s = s l . In particular, since R is responsive and C is strongly connected, there exists an acc -cycle from s l to itself. (cid:117)(cid:116) ps s p p Figure 3.
The structure from Lemma 1 that exists in every DBW-refuter.0 Orna Kupferman and Salomon Sickert
Theorem 3. An ω -regular language L is not in DBW iff there exist three finite words x ∈ Σ ∗ and x , x ∈ Σ + , such that x · ( x + x ) ∗ · x ω ⊆ L and x · ( x ∗ · x ) ω ∩ L = ∅ . Proof.
Assume first that L is not in DBW. Then, by Theorem 2, there exists a DBW-refuter R for it. Let p = s , s , . . . s m , p = s , s , . . . , s m , and p = s , s , . . . , s m ,be the path, rej + -cycle, and acc -cycle that are guaranteed to exist by Lemma 1.Let x, x , and x be the outputs that R generates along them. Formally, x = τ ( s ) · τ ( s ) · · · τ ( s m ), x = τ ( s ) · τ ( s ) · · · τ ( s m ), and x = τ ( s ) · τ ( s ) · · · τ ( s m ). Note thatas the environment initiates the interaction, the first letter in the words x , x , and x ,are the outputs in the second states in p , p , and p . We prove that x, x , and x satisfythe two conditions in the theorem.Let y ∈ { acc , rej } ∗ , and y , y ∈ { acc , rej } + be the input sequences read along p, p , and p , respectively. Thus, y = a , a , . . . , a m − is such that for all 0 ≤ j < m , wehave that s j +1 = ρ ( s j , a j ), and similarly for y and y with p and p .Consider a word w ∈ x · ( x + x ) ∗ · x ω . Let a ∈ y · ( y + y ) ∗ · y ω be such that R ( a ) = w .Note we can obtain a from w by replacing each subword x by y , x by y , and x by y . Since p is a rej + -cycle, we have that a ∈ ( acc + rej ) ∗ · rej ω , and so a ∈ ¬∞ acc .Since R is a refuter for L , it follows that R ( a ) ∈ L . Hence, x · ( x + x ) ∗ · x ω ⊆ L .For this direction it remains to show that x · ( x ∗ · x ) ω ∩ L = ∅ . Consider a word w ∈ x · ( x ∗ · x ) ω , and let a ∈ y · ( y ∗ · y ) ω be such that R ( a ) = w . Since p is an acc -cycle, we have that a ∈ ( rej ∗ acc ) ω , and so a ∈ ∞ acc . Since R is a refuter for L ,it follows that R ( a ) / ∈ L . Hence, x · ( x ∗ · x ) ω ∩ L = ∅ , and we are done.For the other direction, we adjust Landweber’s proof [28] for the non-DBW-recogniz-ability of ¬∞ a to L . Essentially, ¬∞ a can be viewed as a special case of x · ( x + x ) ∗ · x ω ,with x = (cid:15) , x = b , and x = a . Assume by way of contradiction that there is a DBW A with L ( A ) = L . Let A = (cid:104) Σ, Q, q , δ, α (cid:105) . Consider the infinite word w = x · x ω . Since w ∈ x · ( x + x ) ∗ · x ω , and so w ∈ L , the run of A on w is accepting. Thus, thereis i ≥ A visits α when it reads the x suffix of x · x i . Consider now theinfinite word w = x · x i · x · x ω . Since w is also in L , the run of A on w is accepting.Thus, there is i ≥ A visits α when it reads the x suffix of x · x i · x · x i .In a similar fashion we can continue to find indices i , i , . . . such for all j ≥
1, we havethat A visits α when it reads the x suffix of x · x i · x · x i · x · · · x · x i j . Since Q isfinite, there are iterations j and k , such that 1 ≤ j < k ≤ | Q | + 1 and there is a state q such that q = δ ( q , x · x i · x · x i · x · · · x · x i j ) = δ ( q , x · x i · x · x i · x · · · x · x i k ).Since j < k , the extension x · x i j +1 · · · x i k − · x · x i k is not empty and at least one statein α is visited when A loops in q while reading it. It follows that the run of A on theword w = x · x i · x · x i · x · · · x · x i j · ( x · x i j +1 · · · x i k − · x · x i k ) ω is accepting. But w ∈ x · ( x ∗ · x ) ω , so it is not in L , and we have reached a contradiction. (cid:117)(cid:116) Remark 1.
Theorem 3, as well as the yet to be presented Theorems 10 and 11 are specialcases of [50, Lemma 14]. However, our alternative proof relies on Proposition 1 and theanalysis of the resulting refuter, while the proof of [50] examines the structure of adeterministic Muller automaton. Due to the game-based setting we can easily extendour approach to refuting separability of languages (Section 4), which requires substantialmodifications of the approach from [50]. ertifying Inexpressibility 11
We refer to a triple (cid:104) x, x , x (cid:105) of words that satisfy the conditions in Theorem 3 as a certificate to the non-DBW-recognizability of L . Example 3.
In Example 2, we described a DBW-refuter for L = ($ + (0 · { , , $ } ∗ · ω .A certificate to its non-DBW-recognizability is (cid:104) x, x , x (cid:105) , with x = 01, x = $, and x = 1. Indeed, 01 · ($ + 1) ∗ · $ ω ⊆ L and 01 · ($ ∗ · ω ∩ L = ∅ . (cid:4) Note that obtaining certificates according to the proof of Theorem 3 may not giveus the shortest certificate. For example, for L in Example 3, the proof would give us x = 01$, x = $, and x = 1$ , with 01$ · ($+1$) ∗ · $ ω ⊆ L and 01$ · ($ ∗ · ω ∩ L = ∅ . Theproblem of generating smallest certificates is related to the problem of finding smallestwitnesses to DBW non-emptiness [22] and is harder. Formally, defining the length of acertificate (cid:104) x, x , x (cid:105) as | x | + | x | + | x | , we have the following: Theorem 4.
Consider a DPW A and a threshold l ≥ . The problem of decidingwhether there is a certificate of length at most l for non-DBW-recognizability of L ( A ) is NP-complete, for l given in unary or binary.Proof. We start with membership in NP. Let n be the number of states in A . ByTheorem 1 and the construction in Theorem 3 we can bound the length of a certificate tobe at most 6 n , since these are constructed from simple paths. Given a witness certificate (cid:104) x, x , x (cid:105) of length at most l (the latter can be checked in polynomial time, regardless ofhow l is given), checking the conditions in Theorem 3 involves checking x · ( x + x ) ∗ · x ω ⊆ L ( A ), namely containment of a DCW of size linear in the certificate in the language ofa DPW, which can be done in polynomial time, and checking x · ( x ∗ · x ) ω ∩ L ( A ) = ∅ , namely emptiness of the intersection with a DBW, which again can be done inpolynomial time.For the NP-hardness, we describe a reduction from the Hamiltonian-cycle problemon directed graphs. Formally, given a directed graph G = (cid:104) V, E (cid:105) , we describe a DPWthat is not in DBW and which has a certificate of length | V | + 1 iff G has a Hamiltoniancycle, namely a cycle that visits each vertex in V exactly once. The proof elaborateson the NP-hardness proof of the problem of finding a shortest witness to DBW non-emptiness [22].Let V = { , . . . , n } , and assume that n ≥ E is not empty. We define aDPW A = (cid:104) E, ( V × V ) ∪ {(cid:104) , (cid:105) err } , {(cid:104) , (cid:105)} , δ, α (cid:105) , where α ( (cid:104) n, n (cid:105) ) = 1, α ( (cid:104) , (cid:105) err ) = 2, α ( q ) = 0 for all other states q , and δ ( (cid:104) i, j (cid:105) , ( k, h )) = (cid:104) h, ( j mod n ) + 1 (cid:105) if i = k = j, (cid:104) h, j (cid:105) if i = k (cid:54) = j, (cid:104) , (cid:105) err otherwise. δ ( (cid:104) , (cid:105) err , ( k, h )) = (cid:40) (cid:104) h, (cid:105) if k = 1 , (cid:104) , (cid:105) err otherwise.Intuitively, A interprets a word w ∈ E ω , as an infinite path starting in vertex 1,and it verifies that the path is valid on G . Whenever A encounters an edge that doesnot match the current state, which is tracked in the first component of the state space,it resets and moves to (cid:104) , (cid:105) err . The second component of a state (cid:104) i, j (cid:105) is the vertexthe path owes a visit in order to visit all vertices infinitely often. It is easy to see that w ∈ L ( A ) iff there is a suffix w (cid:48) of w that describes a valid path in G that visits every vertex infinitely often. Notice that L ( A ) is not DBW-recognizable and that A ispolynomial in the size of G .Clearly, the reduction is polynomial, we now prove its correctness. Assume firstthat G has a Hamiltonian cycle c . Then, from the word w read along c from vertex 1,we construct the certificate (cid:104) (cid:15), w, (2 , (cid:105) showing non-DBW-recognizabilty. Indeed, thecertificate is correct, since ( w + (2 , ∗ · w ω ⊆ L ( A ) and ( w ∗ · (2 , ω ∩ L ( A ) = ∅ . Thiscertificate has size n + 1.For the other direction, assume that (cid:104) x, x , x (cid:105) is a certificate of size (at most) n + 1.Then, x · x ω ∈ L ( A ) and as x is not empty, it must be that | x | + | x | ≤ n . Let r be thecorresponding accepting run and thus r visits (cid:104) n, n (cid:105) infinitely often. By the definitionof δ , the run r also visits the states (cid:104) i, i (cid:105) , for all 1 ≤ i ≤ n . Since the transitions toeach of these states are labelled differently, x must contain at least n different letters.Hence, | x | must be n and thus G has a Hamiltonian cycle. Remark 2. [Relation with existing characterizations]
By [28], the language of aDPW A = (cid:104) Σ, Q, q , δ, α (cid:105) is in DBW iff for every accepting SCS C ⊆ Q and SCS C (cid:48) ⊇ C , we have that C (cid:48) is accepting. The proof of Landweber relies on a complicatedanalysis of the structural properties of A . As we elaborate below, Theorem 3, whichrelies instead on determinacy of games, suggests an alternative proof. Similarly, [50]examines the structure of a deterministic Muller automaton, and Theorem 3 can beviewed as a special case of Lemma 14 there, with a proof based on the game setting.We use certificates in order to prove that a DPW A = (cid:104) Σ, Q, q , δ, α (cid:105) is in DBW ifffor every accepting SCS C ⊆ Q and SCS C (cid:48) ⊇ C , we have that C (cid:48) is accepting. First,an accepting SCS C ⊆ Q and a rejecting SCS C (cid:48) ⊇ C induce a certificate (cid:104) x, x , x (cid:105) .Indeed, taking a state s ∈ C , we can define x to be a word that leads from q to s , x to be a word that traverses C , and x a word that traverses C (cid:48) . Then, the set of statestraversed infinitely often in a run on a word in x · ( x + x ) ∗ · x ω is C , and the set ofstates traversed infinitely often in a run on a word in x · ( x ∗ · x ) ω is C (cid:48) . For the otherdirection, a certificate (cid:104) x, x , x (cid:105) induces an accepting SCS C ⊆ Q and a rejecting SCS C (cid:48) ⊇ C as follows. Consider a graph G = (cid:104) Q, E (cid:105) , where E ( s, s (cid:48) ) iff δ ( s, x ) = s (cid:48) or δ ( s, x ) = s (cid:48) . We consider an ergodic SCC that is reachable from δ ( q , x ) in G . In thisergodic SCC, we can traverse both words in x · ( x + x ) ∗ · x ω along an accepting cycle C , and words in x · ( x ∗ · x ) ω along a rejecting cycle, whose union with C can serve as C (cid:48) . (cid:4) Being an (
A/Σ )-transducer, every DBW-refuter R is responsive and may generatemany different words in Σ ω . Below we show that we can leave R responsive and yet letit generate only words induced by a certificate. Formally, we have the following. Lemma 2.
Given a certificate (cid:104) x, x , x (cid:105) to non-DBW-recognizability of a language L ⊆ Σ ω , we can define a refuter R for L such that for every y ∈ A ω , if y | = ∞ acc ,then R ( y ) ∈ x · ( x ∗ · x ) ω , and if y | = ¬∞ acc , then R ( y ) ∈ x · ( x + x ) ∗ · x ω .Proof. Intuitively, R first ignores the inputs and outputs x . It then repeatedly outputseither x or x , according to the following policy: in the first iteration, R outputs x . Ifduring the output of x all inputs are rej , then R outputs x also in the next iteration.If an input acc has been detected, thus the prover tries to accept the constructed word,the refuter outputs x in the next iteration, again keeping track of an acc input. If no acc has been input, R switches back to outputting x . ertifying Inexpressibility 13 Formally, let (cid:104) x, x , x (cid:105) be a certificate with x = x · · · x n , x = x · · · x n , and x = x · · · x n . We define R = (cid:104){ acc , rej } , Σ, env , S, s , ρ, τ (cid:105) with the components S , ρ , and τ defined as follows: – S = { s , s , . . . , s n , ( s , a ) , . . . , ( s n , a ) , ( s , a ) , . . . , ( s n , a ) : a ∈ { acc , rej }} – ρ ( s, a ) = s if s = s and n > ,s i +1 if s = s i and n > i > , ( s , rej ) if s = s n , ( s , rej ) if s ∈ { ( s n , rej ) , ( s n , rej ) } and a = rej , ( s , rej ) if s ∈ { ( s n , rej ) , ( s n , rej ) } and a = acc , ( s , rej ) if s ∈ { ( s n , acc ) , ( s n , acc ) } ( s i +11 , rej ) if s = ( s i , rej ) and n > i > a = rej , ( s i +11 , acc ) if s = ( s i , rej ) and n > i > a = acc , ( s i +11 , acc ) if s = ( s i , acc ) and n > i > , ( s i +12 , rej ) if s = ( s i , rej ) and n > i > a = rej , ( s i +12 , acc ) if s = ( s i , rej ) and n > i > a = acc , ( s i +12 , acc ) if s = ( s i , acc ) and n > i > . – τ ( s i ) = x i and τ (( s ij , a )) = x ij . (cid:117)(cid:116) By Theorem 3, every language not in DBW has a certificate (cid:104) x, x , x (cid:105) . As we arguebelow, these certificates are linear in the number of states of the refuters. Lemma 3.
Let R be a DBW-refuter for L ⊆ Σ ω with n states. Then, L has a certificateof the form (cid:104) x, x , x (cid:105) such that | x | + | x | + | x | ≤ · n .Proof. The paths p , p , and p that induce x , x and x in the proof of Theorem 3 aresimple, and so they are all of length at most n . Also, while these paths may share edges,we can define them so that each edge appears in at most two paths. Indeed, if an edgeappears in all three path, we can shorten p . Hence, | x | + | x | + | x | ≤ · n , and we aredone. (cid:117)(cid:116) Theorem 5.
Consider a language L ⊆ Σ ω not in DBW. The length of a certificate forthe non-DBW-recognizability of L is linear in a DPW for L and is exponential in anNBW for L . These bounds are tight.Proof. The upper bounds follow from Theorem 1 and Lemma 3, and the exponential de-terminization of NBWs. The lower bound in the NBW case follows from the exponentiallower bound on the size of shortest non-universality witnesses for non-deterministic finiteword automata (NFW) [33]. We sketch the reduction: Let L n ⊆ { , } ∗ be a languagesuch that the shortest witness for non-universality of L n is exponential in n , but L n hasa polynomial sized NFW. We then define L (cid:48) n = ( L n · $ · (0 ∗ · ω )+((0+1) ∗ · $ · (0+1) ∗ · ω ).It is clear that L (cid:48) n has a NBW polynomial in n and is not DBW-recognizable. Note thatfor every word w ∈ L n , we have w · $ · (0+1) ω ⊆ L (cid:48) n . Thus, in order to satisfy Theorem 3,every certificate (cid:104) x, x , x (cid:105) needs to have w · $ as prefix of x , for some w / ∈ L n . Hence,it is exponential in the size of the NBW. (cid:117)(cid:116) Remark 3. [LTL]
When the language L is given by an LTL formula ϕ , then DBW( ϕ ) = ϕ ↔ GF acc and thus an off-the-shelf LTL synthesis tool can be used to extract a DBW-refuter, if one exists. As for complexity, a doubly-exponential upper bound on the size L I L \ I L ∪ I Figure 4.
Reduction of approximation to separability. of a DPW for NoDBW( L ), and then also on the size of DBW-refuters and certificates,follows from the double-exponential translation of LTL formulas to DPWs [49,42]. Thelength of certificates, however, and then, by Lemma 2, also the size of a minimal refuter,is related to the diameter of the DPW for NoDBW( L ), and we leave its tight boundopen. (cid:4) Consider three languages L , L , L ⊆ Σ ω . We say that L is a separator for (cid:104) L , L (cid:105) if L ⊆ L and L ∩ L = ∅ . We say that a pair of languages (cid:104) L , L (cid:105) is DBW-separable iffthere exists a language L in DBW such that L is a separator for (cid:104) L , L (cid:105) . Example 4.
Let Σ = { a, b } , L = ( a + b ) ∗ · b ω , and L = ( a + b ) ∗ · a ω . By [28], L and L are not in DBW. They are, however, DBW-separable. A witness for this is L = ( a ∗ · b ) ω .Indeed, L ⊆ L , L ∩ L = ∅ , and L is DBW-recognizable. (cid:4) Consider a language L ⊆ Σ ω , and suppose we know that L is not in DBW. A usermay be willing to approximate L in order to obtain DBW-recognizability. Specifically,we assume that there is a language I ⊆ Σ ω of words that the user is indifferent about.Formally, the user is satisfied with a language in DBW that agrees with L on all wordsthat are not in I . Formally, we say that a language L (cid:48) approximates L with radius I if L \ I ⊆ L (cid:48) ⊆ L ∪ I . It is easy to see that, equivalently, L (cid:48) is a separator for (cid:104) L \ I, comp ( L ∪ I ) (cid:105) . Note that the above formulation embodies the case where the user has in minddifferent over- and under-approximation radiuses, thus separating (cid:104) L \ I ↓ , comp ( L ∪ I ↑ ) (cid:105) for possibly different I ↓ and I ↑ . Indeed, by defining I = ( I ↓ ∩ L ) ∪ ( I ↑ \ L ), we get (cid:104) L \ I, comp ( L ∪ I ) (cid:105) = (cid:104) L \ I ↓ , comp ( L ) \ I ↑ ) (cid:105) .It follows that by studying DBW-separability, we also study DBW-approximation,namely approximation by a language that is in DBW, possibly with different over- andunder-approximation radiuses. Remark 4. [From recognizability to separation]
It is easy to see that DBW-sep-arability generalizes DBW-recognizability, as L is in DBW iff (cid:104) L, comp ( L ) (cid:105) is DBW-separable. Given L ⊆ Σ ω , we say that a pair of languages (cid:104) L , L (cid:105) is a no-DBW-witness for L if L is a separator for (cid:104) L , L (cid:105) and (cid:104) L , L (cid:105) is not DBW-separable. Note that thelatter indeed implies that L is not in DBW.A simple no-DBW witness for L can be obtained as follows. Let R be a DBW refuterfor L . Then, we define L = {R ( y ) : y ∈ ¬∞ acc } and L = {R ( y ) : y ∈ ∞ acc } . By ertifying Inexpressibility 15 T : a a b a b accrej accrej accrej rejaccacc rej Figure 5.
A DBW-sep refuter for (cid:104) L ¬∞ a \ I, comp ( L ¬∞ a ∪ I ) (cid:105) . the definition of DBW-refuters, we have L ⊆ L and L ∩ L = ∅ , and so (cid:104) L , L (cid:105) is ano-DBW witness for L . It is simple, in the sense that when we describe L and L by atree obtained by pruning the Σ ∗ -tree, then each node has at most two children – thesethat correspond to the responses of R to acc and rej . (cid:4) For a pair of languages (cid:104) L , L (cid:105) , we define the language SepDBW( L ) ⊆ ( Σ × A ) ω ofwords with correct annotations for separation. Thus,SepDBW( L , L ) = { x ⊕ y : ( x ∈ L → y ∈ ∞ acc ) ∧ ( x ∈ L → y (cid:54)∈ ∞ acc ) } . Note that comp (SepDBW( L , L )) is then the languageNoSepDBW( L , L ) = { x ⊕ y : ( x ∈ L ∧ y (cid:54)∈ ∞ acc ) ∨ ( x ∈ L ∧ y ∈ ∞ acc ) } . A DBW-sep-refuter for (cid:104) L , L (cid:105) is an ( A/Σ )-transducer with ι = env that realizesNoSepDBW( L , L ). Example 5.
Consider the language L ¬∞ a = ( a + b ) ∗ · b ω , which is not DBW. Let I = a ∗ · b ω + b ∗ · a ω , thus we are indifferent about words with only one alternation between a and b . In Figure 5 we describe a DBW-sep refuter for (cid:104) L ¬∞ a \ I, comp ( L ¬∞ a ∪ I ) (cid:105) .Note that the refuter generates only words in a · b · a · ( a + b ) ω , whose intersection with I is empty. Consequently, the refutation is similar to the DBW-refutation of L ¬∞ a . (cid:4) By Proposition 1, we have the following extension of Proposition 2.
Proposition 3.
Consider two languages L , L ⊆ Σ ω . Let A = { acc , rej } . Exactlyone of the following holds: – (cid:104) L , L (cid:105) is DBW-separable, in which case the language SepDBW( L , L ) is ( Σ/A ) -realizable by the system, and a finite-memory winning strategy for the system inducesa DBW for a language L that separates L and L . – (cid:104) L , L (cid:105) is not DBW-separable, in which case the language NoSepDBW( L ) is ( A/Σ ) -realizable by the environment, and a finite-memory winning strategy for the envi-ronment induces a DBW-sep-refuter for (cid:104) L , L (cid:105) . As for complexity, the construction of the game for SepDBW( L , L ) is similar tothe one described in Theorem 1. Here, however, the input to the problem includes twoDPWs. Also, the positive case, namely the construction of the separator does not followfrom known results. Theorem 6.
Consider DPWs A and A with n and n states, respectively. Let L = L ( A ) and L = L ( A ) . One of the following holds.
1. There is a DBW A with · n · n states such that L ( A ) DBW-separates (cid:104) L , L (cid:105) .2. There is a DBW-sep-refuter for (cid:104) L , L (cid:105) with · n · n states.Proof. We show that SepDBW( L , L ) and NoSepDBW( L , L ) can be recognised byDRWs with at most 2 · n · n states. Then, by [15], we can construct a DBW or a DBW-sep-refuter with at most 2 · n · n states. The construction is similar to the one describedin the proof of Theorem 1. The only technical challenge is the fact SepDBW( L , L ) isdefined as the intersection, rather than union, of two languages. For this, we observethat we can define SepDBW( L , L ) also as { x ⊕ y : ( y ∈ ∞ acc and x / ∈ L ) or ( y / ∈∞ acc and x / ∈ L ) } . With this formulation we then can reuse the union constructionas seen in Theorem 1 to obtain DRWs with at most 2 · n · n states. (cid:117)(cid:116) As has been the case with DBW-recognizability, one can generate certificates froma DBW-sep-refuter. The proof is similar to that of Theorem 3, with membership in L replacing membership in L and membership in L replacing being disjoint from L .Formally, we have the following. Theorem 7.
Two ω -regular languages L , L ⊆ Σ ω are not DBW-separable iff thereexist three finite words x ∈ Σ ∗ and x , x ∈ Σ + , such that x · ( x + x ) ∗ · x ω ⊆ L and x · ( x ∗ · x ) ω ⊆ L . We refer to a triple (cid:104) x, x , x (cid:105) of words that satisfy the conditions in Theorem 7 asa certificate to the non-DBW-separability of (cid:104) L , L (cid:105) . Observe that the same way wegenerated a no-DBW witness in Remark 4, we can extract, given a DBW-sep-refuter R for (cid:104) L , L (cid:105) , languages L (cid:48) ⊆ L and L (cid:48) ⊆ L that tighten (cid:104) L , L (cid:105) and are still notDBW-separable. In this section we describe a method for finding small approximating languages I ↓ and I ↑ such that (cid:104) L \ I ↓ , comp ( L ) \ I ↑ (cid:105) is DBW-separable. If this method terminates weobtain an approximation for L that is DBW-recognizable. As in counterexample guidedabstraction-refinement (CEGAR) for model checking [10], we use certificates for non-DBW-separability in order to suggest interesting approximating languages. Intuitively,while in CEGAR the refined system excludes the counterexample, here the approxima-tion of L excludes the certificate.Consider a certificate (cid:104) x, x , x (cid:105) for the non-DBW-separability of (cid:104) L , L (cid:105) . We sug-gest the following five approximations: C = x · ( x + x ) ω (cid:32) (cid:104) L \ C , L \ C (cid:105) C = x · ( x + x ) ∗ · x ω = L ∩ C (cid:32) (cid:104) L \ C , L (cid:105) C = x · ( x ∗ · x ) ω ⊃ C (cid:32) (cid:104) L , L \ C (cid:105) C = x · ( x ∗ · x ) ω = L ∩ C (cid:32) (cid:104) L , L \ C (cid:105) C = x · ( x + x ) ∗ · x ω ⊂ C (cid:32) (cid:104) L , L \ C (cid:105) First, it is easy to verify that (cid:104) x, x , x (cid:105) is indeed not a certificate for the non-DBW-separability of the obtained candidate pairs (cid:104) L (cid:48) , L (cid:48) (cid:105) . If (cid:104) L (cid:48) , L (cid:48) (cid:105) is DBW-separable,we are done (yet may try to tighten the approximation). Otherwise, we can repeat theprocess with a certificate for the non-DBW-separability of (cid:104) L (cid:48) , L (cid:48) (cid:105) . As in CEGAR, somesuggestions may be more interesting than others, in some cases the process terminates,in some it does not, and the user takes part directing the search. ertifying Inexpressibility 17 Example 6.
Consider again the language L = ( a + b ) ∗ · b ω and the certificate (cid:104) x, x , x (cid:105) = (cid:104) (cid:15), b, a (cid:105) . Trying to approximate L by a language in DBW, we start with the pair (cid:104) L, comp ( L ) (cid:105) . Our five suggestions are then as follows. C = Σ ω (cid:32) (cid:104) L \ C , comp ( L ) \ C (cid:105) = (cid:104)∅ , ∅(cid:105) C = ( b + a ) ∗ · b ω (cid:32) (cid:104) L \ C , comp ( L ) (cid:105) = (cid:104)∅ , comp ( L ) (cid:105) C = ( a ∗ · b ) ω (cid:32) (cid:104) L, comp ( L ) \ C (cid:105) = (cid:104) L, ( a + b ) ∗ · a ω (cid:105) C = ( b ∗ · a ) ω (cid:32) (cid:104) L, comp ( L ) \ C (cid:105) = (cid:104) L, ∅(cid:105) C = ( b + a ) ∗ · a ω (cid:32) (cid:104) L, comp ( L ) \ C (cid:105) = (cid:104) L, ( a + b ) ∗ · ( a · a ∗ · b · b ∗ ) ω (cid:105) Candidates C , C , and C induce trivial approximations. Then, C suggests toover-approximate L by setting I ↑ to ( a ∗ · b ) ω , which we view as a nice solution, ap-proximating “eventually always b ” by “infinitely often b ”. Then, the pair derived from C is not DBW-separable. We can try to approximate it. Note, however, that repeatedapproximations in the spirit of C are going to only extend the prefix of x in the cer-tificates, and the process does not terminate.Let us now consider the slightly different certificate (cid:104) x, x , x (cid:105) = (cid:104) a, b, a (cid:105) and thederived candidates: C = a · Σ ω (cid:32) (cid:104) L \ C , comp ( L ) \ C (cid:105) = (cid:104) b · L, b · comp ( L ) (cid:105) C = a · ( b + a ) ∗ · b ω (cid:32) (cid:104) L \ C , comp ( L ) (cid:105) = (cid:104) b · L, comp ( L ) (cid:105) C = a · ( a ∗ · b ) ω (cid:32) (cid:104) L, comp ( L ) \ C (cid:105) = (cid:104) L, b · comp ( L ) + a · ( a + b ) ∗ · a ω (cid:105) C = a · ( b ∗ · a ) ω (cid:32) (cid:104) L, comp ( L ) \ C (cid:105) = (cid:104) L, b · comp ( L ) (cid:105) C = a · ( b + a ) ∗ · a ω (cid:32) (cid:104) L, comp ( L ) \ C (cid:105) = (cid:104) L, b · comp ( L ) + a · ( a + b ) ∗ · ( a · a ∗ · b · b ∗ ) ω (cid:105) One can easily verify that (cid:104) x, x , x (cid:105) = (cid:104) b · a, b, a (cid:105) is a certificate showing thatnone of the suggested pairs are DBW-separable. In fact (cid:104) x, x , x (cid:105) = (cid:104) b i · a, b, a (cid:105) , for i = 0 , , , . . . , describes an infinite sequence such that no refinement obtained after afinite number of steps is DBW-separable. (cid:4) In this section we generalise the idea of DBW-refuters to other classes of deterministicautomata. For this we take again the view that a deterministic automaton is a (cid:104)
Σ, A (cid:105) -transducer over a suitable annotation alphabet A . We then characterize each class ofdeterministic automata by two languages over A : – The language L acc ⊆ A ω , describing when a run is accepting. For example, forDBWs, we have A = { acc , rej } and L acc = ∞ acc . – The language L struct ⊆ A ω , describing structural conditions on the run. For ex-ample, recall that a DWW is a DBW in which the states of each SCS are eitherall accepting or all rejecting, and so each run eventually get trapped in an accept-ing or rejecting SCS. Accordingly, the language of runs that satisfy the structuralcondition is L struct = A ∗ · ( acc ω + rej ω ).We now formalize this intuition. Let A be a finite set of annotations and let γ = (cid:104) L acc , L struct (cid:105) , for L acc , L struct ⊆ A ω . A deterministic automaton A = (cid:104) Σ, Q, q , δ, α (cid:105) isa deterministic γ automaton (D γ W, for short) if there is a function τ : Q → A that maps each state to an annotation such that a run r of A satisfies α iff τ ( r ) ∈ L acc ,and all runs r satisfy the structural condition, thus τ ( r ) ∈ L struct . We then say that alanguage L is γ -recognizable if there a D γ W A such that L = L ( A ).Before we continue to study γ -recognizability, let us demonstrate the γ -characterizationof common deterministic automata. We first start with classes γ for which L struct is triv-ial; i.e., L struct = A ω . – DBW: A = { acc , rej } and L acc = ∞ acc . – DCW: A = { acc , rej } and L acc = ¬∞ acc . – DPW[ i, k ]: A = { i, . . . , k } and L acc = { y ∈ A ω : max( inf ( y )) is odd } . – DELW[ θ ]: A = 2 M and L acc = { y ∈ A ω : y | = θ } .Note that the characterizations for B¨uchi, co-B¨uchi, and parity are special cases ofthe characterization for DELW. In a similar way, we could define a language L acc forDRW[ k ] and other common special cases of DELWs. We continue to classes in the depthhierarchy, where γ includes also a structural restriction: – DWW: The set A and the language L acc are as for DBW or DCW. In addition, L struct = A ∗ · ( acc ω + rej ω ). – DWW[ j, k ], for j ∈ { , } : The set A and the language L acc are as for DPW[ j, k ].In addition, L struct = { y · y · · · ∈ A ω : for all i ≥
0, we have that y i ≤ y i +1 } . – Bounded Languages : A language L is bounded if it is both safety and co-safety.Thus, every word w ∈ Σ ω has a prefix v ∈ Σ ∗ such that either for all u ∈ Σ ω wehave v · u ∈ L , or for all u ∈ Σ ω we have v · u (cid:54)∈ L [23]. To capture this, we use A = { acc , rej , ? } , where “?” is used for annotating states with both accepting andrejecting continuations. Then, L acc = A ∗ · acc ω , and L struct =? ∗ · ( acc ω + rej ω ). – Deterministic ( m, n ) -Superparity Automata [39]: A = { ( i, j ) : 0 ≤ i ≤ m, ≤ j ≤ n } , L acc = { y m ⊕ y n ∈ A ω : max( inf ( y m )) + max( y n ) is odd } , and L struct = { y m ⊕ ( y · y · · · ) ∈ A ω : y i ≤ y i +1 , for all i ≥ } .Let Σ be an alphabet, let A be an annotation alphabet, and let γ = (cid:104) L acc , L struct (cid:105) ,for L acc , L struct ⊆ A ω . We define the language Real( L, γ ) ⊆ ( Σ × A ) ω of words withcorrect annotations.Real( L, γ ) = { x ⊕ y : y ∈ L struct and ( x ∈ L iff y ∈ L acc ) } . Note that the language DBW( L ) can be viewed as a special case of our general frame-work. In particular, in cases L struct = A ω , we can remove the y ∈ L struct conjunct fromReal( L, γ ). Note that comp (Real(
L, γ )) is the languageNoReal(
L, γ ) = { x ⊕ y : y (cid:54)∈ L struct or ( x ∈ L iff y (cid:54)∈ L acc ) } . A γ -refuter for L is then an ( A/Σ )-transducer with ι = env that realizes NoReal( L, γ ).We can now state the “D γ W-generalization” of Proposition 2.
Proposition 4.
Consider an ω -regular language L ⊆ Σ ω , and a pair γ = (cid:104) L acc , L struct (cid:105) ,for ω -regular languages L acc , L struct ⊆ A ω . Exactly one of the following holds:1. L is in D γ W , in which case the language Real(
L, γ ) is ( Σ/A ) -realizable by thesystem, and a finite-memory winning strategy for the system induces a D γ W for L . ertifying Inexpressibility 19 L is not in D γ W , in which case the language NoReal(
L, γ ) is ( A/Σ ) -realizable bythe environment, and a finite-memory winning strategy for the environment inducesa γ -refuter for L . Note that every DELW can be complemented by dualization, thus by changingits acceptance condition from θ to ¬ θ . In particular, DBW and DCW dualize eachother. As we argue below, dualization is carried over to refutation. For example, the( { acc , rej } /Σ )-transducer R from Figure 1 is both a DBW-refuter for ¬∞ a and aDCW-refuter for ∞ a . Formally, we have the following. Theorem 8.
Consider an EL-condition θ over M . Let A = 2 M . For every ( A/Σ ) -transducer R and language L , we have that R is a DELW[ θ ] -refuter for L iff R is a DELW[ ¬ θ ] -refuter for comp ( L ) . In particular, for every language L and ( { acc , rej } /Σ ) -transducer R , we have that R is a DBW-refuter for L iff R is a DCW-refuter forcomp ( L ) .Proof. For DELW[ θ ]-recognizability of L , the language of correct annotations is { x ⊕ y :( x ∈ L iff y | = θ ) } , which is equal to { x ⊕ y : ( x ∈ comp ( L ) iff y | = ¬ θ ) } , which is thelanguage of correct annotations for DELW[ ¬ θ ]-recognizability of comp ( L ). (cid:117)(cid:116) While dualization is nicely carried over to refutation, this is not the case for allexpressiveness results. For example, while DWW=DBW ∩ DCW, and in fact DBW andDCW are weak type (that is, when the language of a DBW is in DWW, an equivalentDWW can be defined on top of its structure, and similarly for DCW [21]), we describebelow a DWW-refuter that is neither a DBW- nor a DCW-refuter. Intuitively, this ispossible as in DWW refutation, Prover loses when the input is not in A ∗ · ( acc ω + rej ω ),whereas in DBW and DCW refutation, Refuter has to respond correctly also for theseinputs. Example 7.
Let Σ = { a, b, c, d } , and A = { acc , rej } . Consider the language L =( a + · b · c ∗ · d ) ∗ · a ω + ( a · b · d ) ω . Note that L is in DCW, but not in DBW, and hencealso not in DWW. The ( A/Σ )-transducer R in Figure 6 is a DWW-refuter for L . To seethis, recall that for DWWs, we have that L struct = A ∗ · ( acc ω + rej ω ), and so all inputsequences y ∈ A ω that satisfy L struct eventually gets trapped in the a ω loop, generatinga rejecting run on a word in the language, or gets trapped in the c ω loop, generatingan accepting run on a word not in the language.On the other hand, while L is not in DBW, the transducer R is not a DBW-refuter for L . To see this, observe that the DBW A in the figure suggests a winningstrategy for Prover in the game corresponding to DBW. Indeed, when Prover generates( rej · acc · rej ) ω , which is accepting, then by following R , Refuter responds with( a · b · d ) ω , which is in L , and so Prover wins. Note that, unsurprisingly, the inputgenerated by Prover does not satisfy L struct . (cid:4) On the other hand, as every DWW is also a DBW and a DCW, every DBW-refuteror DCW-refuter is also a DWW-refuter.
Separability and Approximation.
Consider a characterization γ = (cid:104) L acc , L struct (cid:105) . Twolanguages L , L ⊆ Σ ω are γ -separable if there exists a D γ W A such that L ⊆ L ( A )and L ∩ L ( A ) = ∅ . We define the corresponding languages of correct and incorrectannotations as follows. R : a bd ca accrej acc accrej rejrejacc accrej A : da b Figure 6.
The DWW-refuter R looses as a DBW-refuter when it plays against A . – Sep( L , L , L acc , L struct ) = { x ⊕ y : y ∈ L struct and (( x ∈ L and y ∈ L acc ) or ( x ∈ L and y / ∈ L acc )) } . – NoSep( L , L , L acc , L struct ) = comp (Sep( L , L , L acc , L struct )) = { x ⊕ y : y / ∈ L struct or (( x ∈ L and y / ∈ L acc ) or ( x ∈ L and y ∈ L acc )) } .Note that the language SepDBW( L , L ) can be viewed as a special case of ourgeneral framework and as before in cases L struct = A ω , we can remove the y ∈ L struct conjunct from Sep. A γ -sep-refuter for L is an ( A/Σ )-transducer with ι = env thatrealizes NoSep( L , L , L acc , L struct ). By Proposition 1, exactly one of the following holds: Proposition 5.
Consider ω -regular languages L , L ⊆ Σ ω , and a characterization γ = (cid:104) L acc , L struct (cid:105) , for ω -regular languages L acc , L struct ⊆ A ω . Exactly one of the fol-lowing holds:1. (cid:104) L , L (cid:105) are γ -separable, in which case the language Sep( L , L , γ ) is ( Σ/A ) -realizableby the system, and a finite-memory winning strategy for the system induces a D γ W for some L such that L ⊆ L and L ∩ L = ∅ .2. (cid:104) L , L (cid:105) are not γ -separable, in which case the language NoSep( L , L , γ ) is ( A/Σ ) -realizable by the environment, and a finite-memory winning strategy for the envi-ronment induces a γ -sep-refuter for (cid:104) L , L (cid:105) . γ W-Refutation
In this section we extend the three-word certificates for non-DBW-recognizability toricher classes of deterministic automata. The idea is similar (and in fact a little tedious):each D γ W-refuter embodies a structure (analogous to the one in Lemma 1) from whichwe can extract finite words that constitute the corresponding certificate (analogousto the one in Theorem 3). We describe here the details for classes in the Mostowskihierarchy and well as for classes of the depth-hierarchy. We also restrict ourselves toword-certificates for non-recognizability and do not show the word-certificates for non-separability which have an identical structure.
First, by Theorem 8, certificates for a class and its dual class are related. For example,dualizing Theorem 3, we obtain certificates for non-DCW-recognizability as follows.
Theorem 9. An ω -regular language L is not in DCW iff there exist three finite words x ∈ Σ ∗ and x , x ∈ Σ + , such that x · ( x + x ) ∗ · x ω ∩ L = ∅ and x · ( x ∗ · x ) ω ⊆ L. ertifying Inexpressibility 21 Handling DPWs, we first define the analogue of a rej + -path, and then point tothe desired structure and the certificate it induces. Consider a DPW[ i, k ]-refuter R = (cid:104){ i, . . . , k } , Σ, env , S, s , ρ, τ (cid:105) with i ∈ { , } and i ≤ k . Let (cid:96) ∈ { i, . . . , k } . We say thata path s , . . . , s m in R is an (cid:96) + ≤ -path if its first transition is labelled (cid:96) and all its othertransitions are labeled by colors in { i, . . . (cid:96) } . Thus, s = ρ ( s , (cid:96) ) and, for all 1 ≤ j < m ,we have that s j +1 = ρ ( s j , (cid:96) (cid:48) ), for some (cid:96) (cid:48) ≤ (cid:96) . Lemma 4.
Consider a
DPW[ i, k ] -refuter R = (cid:104){ i, . . . , k } , Σ, env , S, s , ρ, τ (cid:105) with i ∈{ , } and i ≤ k . There exists a state s ∈ S , a (possibly empty) path p = s , s , . . . s m ,and for each (cid:96) ∈ { i, . . . , k } , a (cid:96) + ≤ -cycle p (cid:96) = s (cid:96) . . . s (cid:96)m (cid:96) , such that s m = s (cid:96) = s (cid:96)m (cid:96) = s .Proof. Let R ≤ j denote the transducer that we obtain from R when we restrict δ totransitions labelled by at most j . Note that R is R ≤ k . We proceed by induction on j with i ≤ j ≤ k and show that in the transducer R ≤ j for every state s ∈ S there existsa state s (cid:48) ∈ S , a (possibly empty) path p = s , . . . s m with s = s , and that for each (cid:96) ∈ { i, . . . , j } there exists a (cid:96) + ≤ -cycle p (cid:96) = s (cid:96) , s (cid:96) . . . s (cid:96)m (cid:96) , such that s m = s (cid:96) = s (cid:96)m (cid:96) = s (cid:48) .The base case for j = i follows immediately from the fact that R ≤ i is responsive on { i } and by reading i ω we obtain a lasso with the required properties.Let j > i and let s ∈ S be an arbitrary state. Further, let s j ∈ S be a reachablestate from s that belongs to an ergodic component in the graph of R ≤ j (that is, s j ∈ C ,for a set C of strongly connected states that can reach only states in C ). By inductionhypothesis there exists s (cid:48) ∈ S , a (possibly empty) path p = s j , s j +1 , . . . s m , and for each (cid:96) ∈ { i, . . . , j − } there exists a (cid:96) + ≤ -cycle p (cid:96) = s (cid:96) , s (cid:96) . . . s (cid:96)m (cid:96) , such that s m = s (cid:96) = s (cid:96)m (cid:96) = s (cid:48) for every (cid:96) ∈ { i, . . . , j − } . Since R ≤ j is responsive on { i, . . . , j } we can take from s (cid:48) a transition labelled (cid:96) and since C is ergodic we can find a path back to s (cid:48) . Thus weobtain the missing j + ≤ -cycle and by concatenating the path from s to s j and the path p , we show that s (cid:48) can be reached from s . (cid:117)(cid:116) Theorem 10.
Let i ∈ { , } and i ≤ k . An ω -regular language L is not in DPW[ i, k ] iffthere exist finite words x ∈ Σ ∗ and x i , . . . , x k ∈ Σ + , such that for every even i ≤ (cid:96) ≤ k ,we have x · ( x i + · · · + x k ) ∗ · (( x i + x i +1 + · · · + x (cid:96) − ) ∗ · x (cid:96) ) ω ⊆ L, and for every odd i ≤ (cid:96) ≤ k , we have x · ( x i + · · · + x k ) ∗ · (( x i + x i +1 + · · · + x (cid:96) − ) ∗ · x (cid:96) ) ω ∩ L = ∅ . Proof.
Assume first that L is not in DPW[ i, k ]. Then, by Proposition 4, there exists aDPW[ i, k ]-refuter R for it. From this refuter we can extract via Lemma 4 a path p and (cid:96) + ≤ -cycles. We then construct the postulated finite words in the exact same way as inthe proof of Theorem 3.For the other direction, we first simplify the presentation by assuming i = 0. Theproof for i = 1 is analogous. Assume by way of contradiction that there is a DPW[0 , k ] A with L ( A ) = L . Let A = (cid:104) Σ, Q, q , δ, α (cid:105) . Let n = | Q | and consider the followingsequence of words w = x n , w = ( w · x ) n , . . . , w k = ( w k − · x k ) n . Let q = δ ( q , w ) bea state that is reached after reading w ∈ x · ( x i + x i +1 + . . . x k ) ∗ . Since w · w ω ∈ L , theremust be a state p that is visited infinitely often and α ( p ) is odd. Since | w | ≥ | Q | ,this state must have been visited while reading w . Now, consider w · w ω . This word isrejected and by the same reasoning as before there must be some p such that α ( p ) iseven, it is visited while reading w , and for every p that belongs to a w subsequences we have α ( p ) > α ( p ). We continue and obtain a sequence α ( p k ) > · · · > α ( p ) with k strict inequalities. Since α ( p ) is odd, we have α ( p ) > α ( p k ) > k , whichcontradicts the fact that A is a DPW[0 , k ]. (cid:117)(cid:116) Note that, by [38], the “flower”-structure that induces the certificate exists also inDPWs for L . Specifically, while Lemma 4 shows that every DPW[ i, k ]-refuter containsa “flower” with k − i + 1 petals, it is shown in [38] that for every ω -language L not inDPW[1 , k + 1], there exists a DPW for L that contains a flower with k + 1 petals andthis flower occurs in some accepting run. Rabin and Streett acceptance.
Recall that for all k ≥
0, we have that DRW[ k ] =DPW[0 , k ] . Hence, the certificates obtained through Theorem 10 carry over to theRabin case. Further, in a deterministic generalized Rabin automaton (DGRW), theacceptance condition is of the form α = {(cid:104) B , G , , . . . , G ,n (cid:105) , . . . (cid:104) B k , G k, , . . . , G n,k n (cid:105)} , and a run r is accepting if there is j ∈ { , . . . , k } , such that inf ( r ) ∩ B j = ∅ and inf ( r ) ∩ G j,(cid:96) (cid:54) = ∅ for every 1 ≤ (cid:96) ≤ n j . Since degeneralization does not increase thenumber of Rabin pairs, we have that DGRW[ k ] = DRW[ k ] = DPW[0 , k ], and so againthe certificates obtained through Theorem 10 are applicable. Nevertheless, a refuter forthe DRW[ k ] may be more succinct than a DPW[0 , k ]-refuter.Finally, the Streett and generalized acceptance conditions are dual to Rabin andgeneralized Rabin, and certificates for them can be obtained dually. We continue to certificates for non-DWW[ i, k ]-recognizability. Consider a DWW[ i, k ]-refuter R = (cid:104){ i, . . . , k } , Σ, env , S, s , ρ, τ (cid:105) , with i ∈ { , } and i ≤ k . Let (cid:96) ∈ { i, . . . , k } .We say that a path s , . . . , s m in R is an (cid:96) + -path if all transitions are labelled by (cid:96) .Thus, for all 1 ≤ j < m , we have that s j +1 = ρ ( s j , (cid:96) ). Lemma 5.
Consider a
DWW[ i, k ] -refuter R = (cid:104){ i, . . . , k } , Σ, env , S, s , ρ, τ (cid:105) with i ∈{ , } and i ≤ k . Let s i − be an alias for s . Then there exists a sequence of states s i , s i +1 , . . . s k ∈ S , such that for every j ∈ { i, . . . , k } there exists a (possibly empty) j + -path p j = s j , s j , . . . s jm j , and a j + -cycle c j = s jm j +1 , s jm j +2 . . . s jm j + m (cid:48) j such that s jm j = s jm j +1 = s jm j + m (cid:48) j = s j and s j = s j − .Proof. Such a structure can be found by constructing a sequence of lassos. Start byreading i ω from s to construct an i + -path p i and an i + -cycle c i . s i is then the laststate of c i , respectively. Then, continue by reading ( i + 1) ω from s i to find the nextlasso and continue until all lassos are found. (cid:117)(cid:116) Theorem 11.
Let i ∈ { , } and i ≤ k . An ω -regular language L is not in DWW[ i, k ] iff there exist finite words ˆ x i , ˆ x i +1 , . . . , ˆ x k ∈ Σ ∗ and x i , x i +1 , . . . , x k ∈ Σ + , such thatfor every even i ≤ (cid:96) ≤ k , we have ˆ x i · x ∗ i · ˆ x i +1 · x ∗ i +1 · · · ˆ x (cid:96) · x ω(cid:96) ⊆ L, and for every odd i ≤ (cid:96) ≤ k , we have ˆ x i · x ∗ i · ˆ x i +1 · x ∗ i +1 · · · ˆ x (cid:96) · x ω(cid:96) ∩ L = ∅ . ertifying Inexpressibility 23 Proof.
Assume first that L is not in DWW[ i, k ]. Then, by Proposition 4, there exists aDWW[ i, k ]-refuter R for it. From this refuter we can extract via Lemma 5 a sequenceof states with the corresponding paths and cycles. We then obtain words in the samemanner as in the proof of Theorem 3.For the remaining direction assume by way of contradiction that there is a DWW[ i, k ] A = (cid:104) Σ, Q, q , δ, α (cid:105) with L ( A ) = L . We simplify the presentation by assuming i = 0.The proof for i = 1 is analogous. Let n = | Q | and consider the following sequence ofwords w = ˆ x · x n , w = w · ˆ x · x n , . . . , w k = w k − · ˆ x k · x nk . Since w · x ω ∈ L and w has more letters than A has states, we have α ( δ ( q , w )) is odd. By the same argumentwe have due to w · x ω / ∈ L that α ( δ ( q , w )) is even and since w is a prefix of w we also have α ( δ ( q , w )) > α ( δ ( q , w )). Continuing in this manner we obtain a chainof length α ( δ ( q , w k )) > α ( δ ( q , w k − )) > · · · > α ( δ ( q , w )) with k strict inequalities.Since the smallest element is odd, we have α ( δ ( q , w )) > α ( δ ( q , w k )) > k which contradicts A being a DWW[0 , k ]. (cid:117)(cid:116) We continue with general DWWs.
Lemma 6.
Consider a
DWW -refuter R = (cid:104){ acc , rej } , Σ, env , S, s , ρ, τ (cid:105) . There existtwo states s , s ∈ S , (possibly empty) paths p = s , s , . . . s m , p = s m +1 , . . . , s m + m ,and p = s m + m +1 , . . . , s m + m + m , a rej + -cycle c = s , s . . . s l , and a acc + -cycle c = s , s . . . s l , such that s m = s m +1 = s m + m + m = s = s l and s m + m = s m + m +1 = s = s l .Proof. Let s ∈ S be state in an ergodic SCC of the graph of R . Then the acc + - and rej + -cycle are obtained from the lassos formed by reading from s the words acc ω and rej ω , respectively. Since s belongs to an ergodic SCC, there exist paths connecting thefirst states of these cycles. (cid:117)(cid:116) We now obtain in the same way as before from Proposition 4 and Lemma 6, thedesired certificate:
Theorem 12. An ω -regular language L is not in DWW iff there exist five finite words x, x , x ∈ Σ ∗ and x , x ∈ Σ + , such that x · ( x + x · x ∗ · x ) ∗ · x ω ⊆ L and x · ( x + x · x ∗ · x ) ∗ · x · x ω ∩ L = ∅ . Recall that DWW=DBW ∩ DCW, so one would define a DWW certificate by dis-juncting the certificates for DBW and DCW in Theorems 3 and 9. Theorem 12, however,suggests a different certificate, and it is interesting to relate it to the ones for DBW andDCW. Also note that while the DBW, DCW, and DPW certificates are covered by [50,Lemma 14], this is not the case for the DWW certificate in Theorem 12.Recall that at the bottom of the depth hierarchy we have safety and co-safety lan-guages, whose intersection is the set of bounded languages.
Theorem 13. An ω -regular language L is not a bounded language iff there exist sixfinite words ˆ x , ˆ x , ˆ x ∈ Σ ∗ and x , x , x ∈ Σ + , such that ˆ x · x ∗ · ˆ x · x ω ⊆ L and ˆ x · x ∗ · ˆ x · x ω ∩ L = ∅ . Proof.
Assume first that L is not bounded. Then, by Proposition 4, there exists a (cid:104) L boundedacc , L boundedstruct (cid:105) -refuter R for it. From this refuter we can extract three lassos: a ?-labeled lasso from which we obtain ˆ x and x ; a rej -labeled lasso starting at theentry-point of the first lasso from which we obtain ˆ x and x ; and a acc -labeled lassostarting at the entry-point of the first lasso from which we obtain ˆ x and x .For the other direction assume by way of contradiction that there is a deterministic (cid:104) L boundedacc , L boundedstruct (cid:105) -automaton A = (cid:104) Σ, Q, q , δ, τ, γ (cid:105) with L ( A ) = L . Assume thatˆ x · x ω ∈ L . Thus after reading | Q | letters one state has been repeated and by theconstraint it must be accepting. Thus ˆ x · x | Q | · ˆ x · x ω ∈ L which is a contradiction.The other case is analogous. (cid:117)(cid:116) The automation of decision procedures makes certification essential. We suggest to usethe winning strategy of the refuter in expressiveness games as a certificate to inex-pressibility. We show that beyond this state-based certificate , the strategy induces a word-based certificate , generated from words traversed along a “flower structure” thestrategy contains, as well as a language-based certificate , consisting of languages thatunder- and over-approximate the language in question and that are not separable byautomata in the desired class.While our work considers expressive power , one can use similar ideas in order toquestion the size of automata needed to recognize a given language. For example, inthe case of a regular language L of finite words, the Myhill-Nerode characterization[36,37] suggests to refute the existence of deterministic finite word automata (DFW)with n states for L by providing n + 1 prefixes that are not right-congruent. Using ourapproach, one can alternatively consider the winning strategy of Refuter in a game inwhich the set of annotations includes also the state space, and L struct ensures consistencyof the transition relation. Even more interesting is refutation of size in the setting ofautomata on infinite words. Indeed, there, minimization is NP-complete [46], and thereare interesting connections between polynomial certificates and possible membershipin co-NP, as well as connections between size of certificates and succinctness of thedifferent classes of automata.Finally, while the approximation scheme we studied is based on suggested over- andunder-approximating languages, it is interesting to study approximations that are basedon more flexible distance measures [13,18]. References