Church Synthesis on Register Automata over Linearly Ordered Data Domains
aa r X i v : . [ c s . F L ] A p r Register Games on Infinite Ordered Data Domains
Léo Exibard
Aix Marseille Univ, Université de Toulon, CNRS, LIS, Marseille, France
Emmanuel Filiot
Université libre de Bruxelles, Belgium
Ayrat Khalimov
Université libre de Bruxelles, Belgium
Abstract
We introduce two-player turn-based zero-sum register games on an infinite linearly ordered datadomain. Register games have a finite set of registers intended to store data values. At each round,Adam picks some data in the domain, which is tested against the data contained in the registers,using the linear order. Depending on which test holds (exactly one is required), Eve decides to assign,or not, the data to some of her registers, and the game deterministically evolves to a successor vertexdepending on her assignment choice. Eve wins the game if she has a strategy which depends only onthe tests that hold (and not on the concrete data values of Adam), such that whichever values Adamprovides, the sequence of visited vertices of the game satisfies some parity condition. We show thedecidability of register games over data domains N and Q . For Q , they can be solved in ExpTime and finite-memory strategies always suffice to win. For N , we show that deciding the existence of afinite-memory strategy is also in ExpTime . We apply these results to solve the synthesis problemof strategies resolving non-determinism in (non-deterministic) register transducers on data words.
Theory of computation → Logic and verification; Theory ofcomputation → Automata over infinite objects; Theory of computation → Transducers
Keywords and phrases
Register Automata, Synthesis, Ordered Data words, Transducers
Digital Object Identifier
Introduction
Context.
Two-player games on finite graph arenas are a powerful mathematical frameworkwhose main application is the automatic synthesis of reactive systems [26, 7]. In the gamemetaphor to synthesis, the system to be synthesised is modelled as a player called Eve, theprotagonist, while the environment in which the system is executed is the opponent playercalled Adam. The goal is to decide whether there exists a strategy such that whatever actionsAdam takes, the protagonist can react by some actions which, in the long run, guaranteethat the sequence of visited vertices of the game arena satisfy some winning condition W . Afinite-memory strategy winning for Eve is then a system which is by construction correct withrespect to the condition W . Classically, the winning condition is assumed to be ω -regularand given by some ω -automaton (e.g. a deterministic parity automaton), and in this contextit is decidable to check whether Eve has a winning strategy [26]. The kind of systems that canbe synthesised by solving ω -regular games are limited to simple finite-state machines. Therehave been many extensions of this classical two-player zero-sum game setting to model morerealistic synthesis scenarios: quantitative games can model the synthesis of systems whichmeet some quantitative constraints [38, 17, 15, 21, 11, 4], games with imperfect informationcan model the synthesis of systems which have only a partial view of the environment’sactions [33, 21, 5, 14, 31], non zero-sum games can model the synthesis of multi-componentsystems executed in an environment and whose components have their own objectives notnecessarily antagonistic [36, 16, 6, 30, 20, 18, 2, 23]. See also [12] for a survey. Register games.
We pursue this line of research by introducing a certain kind of two-playerzero-sum games that are played on an infinite arena. Our games can model the synthesisof systems that manipulate data from an infinite linearly ordered domain D , such as N or Q , through the use of data registers and tests over those registers. Given a finite set ofregisters R , register games are played by Adam and Eve in the following way: initially, allregisters contain an initial value (0 for D ∈ { N , Q } ). Adam picks a data d ∈ D which istested against the registers content. Tests are maximally consistent conjunctions of atoms(also known as types in logics) of the form ∗ < r , r < ∗ , or r = ∗ , where ∗ is a placeholderfor the data chosen by Adam. In other words, a test must provide full information abouthow the data compares to the contents of all registers. Since tests are maximally consistent,only one test can be true for any given data and valuation of registers. Depending on whichtest holds (and not on the concrete data Adam chooses), Eve decides to store the data insome of her registers, or none. Moreover, game arenas have a finite number of vertices whosedynamics is deterministic with respect to the tests and assignments. A play is an infinitesequence of states resulting from Adam-Eve interaction; it is won by Eve if it satisfies someparity condition. Eve wins the game if she has a strategy which, with any sequence ofsuccessful tests, associates some assignment of her registers, such that all plays compatiblewith her strategy are winning. Since Eve’s strategies are test-based and do not depend onthe concrete data picked by Adam, we can finitely represent a register game by allowingAdam to directly choose a test rather than a concrete value, as illustrated in the followingexample. Example.
Figure 1 illustrates a register game arena where Adam states are squares andEve’s states are circles. Eve’s objective is to eventually reach state 7, while Adam triesto avoid it. There are three registers r M , r c , r n . Tests depicted on the arrows are notmaximally consistent: they are macros expressing all maximally consistent tests implied bythem. For example, the test ⊤ (true) stands for all maximally consistent tests, and thetest r c < ∗ < r M stands for all maximally consistent tests φ such that φ → r c < ∗ < r M ,such as φ = r c < ∗ < r M ∧ ∗ < r n . Initially, Adam provides some data d M , meant to be ⊤ store ( r M ) r c < ∗ < r M store ( r c ) store ( r n ) r c < ∗ < r n ∗ ≤ r c ∨ ∗ ≥ r n ∗ ≤ r c ∨ ∗ ≥ r M Figure 1
Register game in which Eve has a winning strategy in N but not in Q . an upper bound, and which is stored in r M by Eve. Register r c , initially at 0, is meant tocontain the last data d c played by Adam. From state 3, he can either provide some dataoutside of the interval ] d c ; d M [, losing immediately (transition to state 7), or provide somedata strictly between d c and d M . Then, Eve can either store the data in r n , and the gamedeterministically evolves to state 5, or update r c and move to state 3. She cannot do thelatter forever, because her goal is to visit 7. From state 5, if Adam can provide a datastrictly between the previous one (in r c ) and the current one (in r n ), he wins. Otherwise heprovides a data outside of ] d c ; d n [ and loses.Eve has a winning strategy in N , but not in Q : in N , her strategy is to always storethe current data into r c (transition from 4 to 3). Eventually, after a finite number of steps,Adam will provide a data that is above d M and the game will go to state 7, which is winningfor Eve. In Q , however, Adam can provide infinitely many data below the initial threshold,e.g. by setting d M = 1 and then giving the sequence of values (1 − n ) n ∈ N . If, at some point,Eve stores data in r n , Adam is able to provide a data between r c and r n , since Q is dense. Synthesis of register transducers.
A motivation behind this work is automatic synthesisof reactive systems from specifications. In the classical approach to synthesis, there are twofinite alphabets of input symbols Σ I and output symbols Σ O . A specification S is an ω -regular set of ω -words in (Σ I · Σ O ) ω , and the goal is to check the existence of a strategy λ : Σ ∗ I → Σ O which guarantees that the words w ∈ (Σ I · Σ O ) ω generated by this strategy,whatever symbols are input, all belong to S . When S is given as a formula in monadicsecond-order logic, this problem is decidable and finite-memory strategies, which can berepresented as deterministic finite transducers (i.e., Mealy machines) always suffice to realisethe specification [13]. Deterministic finite transducers extend deterministic finite automatawith outputs: they alternately read one input symbol and produce one output symbol. When S is given as a deterministic parity automaton A , solving the synthesis problem reduces tosolving a parity game played on A , seen as an arena. Solving this game amounts to finding astrategy which, given the current output state (a state reading symbols in Σ O ) plus possiblysome additional memory, selects the next output symbol (and therefore the next transitionas A is deterministic) so that in the long run, the parity condition is satisfied. In the specialcase of parity games, it is known that memoryless strategies suffice.Recently, this classical synthesis setting has been generalised to infinite data domains,e.g. N : inputs and outputs are taken in Σ I × N and Σ O × N respectively. In this context,specifications are given by universal register automata [29, 28, 22], which can test data forequality only. Strategies take the form of deterministic register transducers which are alsorestricted to testing data for equality. It was shown that given k ∈ N and a specification S given as a universal register automaton, it is decidable whether there exists a registertransducer with k registers that realises the specification [29, 22]. In this paper, we aremotivated by extending those results to specifications and strategies which can test theirdata with respect to a linear order. Register games are a powerful tool in this context. Contributions.
Our main contribution is to show that register games are decidable for N and Q (Theorem 1). For Q , it is decidable in ExpTime and finite-memory strategies alwayssuffice to for Eve to win. For N , we leave open the complexity in the general case but we rove that deciding whether Eve has a finite-memory winning strategy is in ExpTime . Asan application, we prove the decidability of a synthesis problem of deterministic registertransducers over linearly ordered data domains. More precisely, specifications are given as(non-deterministic) register transducers of the following form: whenever they read an inputdata, they can test it against the register contents (using possibly the linear-order), andcan then assign the data and output the content of some of their registers, called an outputregister. Multiple output registers and assignments are possible and the goal is to test theexistence of a finite-memory strategy which resolves this non-determinism, i.e. selects asingle output register and a single assignment depending on the input data that has beenprovided. We show that this problem is decidable in
ExpTime for N and Q (Theorem 16),as a consequence of the ExpTime solvability of register games with finite-memory. Bytaking the product of such a finite-memory strategy with the register transducer definingthe specification, we obtain a deterministic register transducer realising the specification.To prove the decidability of register games, we rely on a thorough study of what we call(infinite) constraint sequences, which is interesting in its own and has a dedicated section(Section 3). Infinite constraint sequences talk about the evolution over time of a finite set ofvariables (which correspond to the registers of the register game). Coming back to Example 1,looping in states 3/4 induces the infinite constraint sequence ( r ( i ) c < r ( i +1) c ∧ r ( i ) c < r ( i ) M ) i ≥ ,where r ( i ) c , resp. r ( i ) M , denotes the value of r c , resp. r M , at step i . Clearly, it is not satisfiablein N and therefore in playing the game, Eve can use this information to win. We provethat constraint sequences satisfiable in Q are ω -regular, while in N they are definable bydeterministic max-automata [8]. Using this characterisation, we show that register gamesover Q (resp. over N ) reduce to two-player zero-sum games with an ω -regular objective(resp. with a winning objective given as a deterministic max-automaton). The latter gamesare decidable as a consequence of a result of [9]. We further push our study of constraintsequences and prove that, even though satisfiable constraint sequences in N are not ω -regular,with respect to winning register games with finite-memory strategies, we can always consideran ω -regular subset of them which preserves the fact that Eve wins the game with a finite-memory strategy. Related works.
Games on infinite arenas induced by pushdown automata [32, 37, 10, 1]or one-counter systems [35, 25] are orthogonal to register games. The synthesis of strategiesresolving non-determinism is a standard problem in automata theory, which has been con-sidered for ω -regular automata [27], weighted automata [3, 24] and counter-automata [19].A characterisation of satisfiable constraint sequences in N similar to ours was givenin [34], which greatly inspired our work. In [34], the authors prove that constraint sequencessatisfiable in N are recognisable by non-deterministic ω B-automata, while we prove theyare recognisable by deterministic max-automata. First, non-deterministic ω B-automata arestrictly more expressive than deterministic max-automata. Second, two-player games withan objective given as a non-deterministic ω B-automaton are not known to be decidable. Itis not clear how to get our characterisation by deterministic max-automata from the proofof [34]. We use slightly different notions which simplify the proof of our characterisation:while the authors of [34] express properties of sets of chains (chains are monotonic sub-sequence of constraints of a constraint sequence), we express properties of single chains.Finally, we show that with respect to solving register games with finite-memory strategies,it is not necessary to consider all satisfiable constraint sequences in N but only an ω -regularsubset of them. It is not clear how to infer such a result from [34]. Register Games
In this paper, N = { , , . . . } . A data domain D is an infinite countable set of elementscalled data , linearly ordered by some order denoted ≤ . We also distinguish a special elementof D denoted 0 (its choice is not important). In this paper, we consider two data domains: N or Q ordered with the natural order ≤ . Let D be some data domain. Register games are two-player zero sum games played on a finitely presented infinite-state game arena. Theopponent, Adam, provides a data in D by the form of tests over a finite set of registers R = { r , . . . , r k } intended to store data in D . So, instead of giving a concrete data, Adamindicates its position in the linear order w.r.t the registers, e.g. the test r < ∗ < r indicatesthat the data is between r and r ( ∗ is a placeholder for the concrete data). The protagonist,Eve, can store this data into some registers, and hence her actions are modelled as a subsetof registers in which to put the data. Depending on these actions, the game evolves indifferent vertices, equipped with a parity condition to define the winning plays. Registers, assignments and tests.
Let D be some data domain. We let R = { r , . . . , r k } be a set of elements called registers , intended to contain data values, i.e. values in D . Givena set of registers R , a register valuation is a mapping ν : R → D . We denote by V al R theset of register valuations and ν R (or just ν ) the constant valuation defined by ν ( r ) = 0 forall r ∈ R . An assignment is a subset asgn ⊆ R . Given an assignment asgn , a data d ∈ D andsome valuation ν , we define update ( v , d , asgn ) to be the valuation v ′ s.t. ∀ r ∈ asgn : v ′ ( r ) = d and ∀ r asgn : v ′ ( r ) = v ( r ).A test is a maximally consistent set of atoms of the form ∗ ⊲⊳ r for r ∈ R and ⊲⊳ ∈ { = , <, > } . We may represent tests as conjunctions of atoms instead of sets. The symbol ‘ ∗ ’is used as a placeholder for incoming data. For example, for R = { r , r } , r < ∗ is not atest because it is not maximal, but ( r < ∗ ) ∧ ( ∗ < r ) is a test. We denote Tst R the set ofall tests and just Tst if R is clear from the context. A register valuation v ∈ D R and data d ∈ D satisfy a test tst ∈ Tst , written ( v , d ) | = tst , if all atoms of tst get satisfied when wereplace in them the placeholder ∗ by d and every register r ∈ R by v ( r ). Register games.
A register game is a tuple G = ( R, V, V ∀ , V ∃ , v , ∆ , α ) where R is afinite set of registers, V = V ∀ ⊎ V ∃ is a finite set of vertices, ∆ is a transition functiondefined as ∆ = ∆ ∀ ∪ ∆ ∃ where ∆ ∀ : V ∀ × Tst R → V ∃ and ∆ ∃ : V ∃ × Asgn R → V ∀ . Finally, α : V → { , . . . , n } is a priority function, where n is called the index.A finite play in G is defined as a finite path of G starting in v . The set of finiteplays is denoted by P lays G . A play π is an infinite path in G starting in v . We saythat π satisfies the parity condition α if the maximal priority visited infinitely often is even,i.e. max { α ( v i ) | v j = v i for infinitely many i } is even. A strategy for Eve is a mapping λ : Tst + R → Asgn R . A finite memory strategy for Eve is a strategy which can be representedby a finite-state machine M = ( Q, q , T ) such that Q is a finite set of states with initialstate q , and T : Q × Tst R → Asgn R × Q is a (total) transition function. The machine M defines the strategy λ M by λ M ( tst . . . tst n ) = T ( q, tst n ) where q is the state reached by M after reading tst . . . tst n − from state q .We now define the notion of winning strategy in G , which reflects the infinite-state natureof register games and is parameterised by a data domain D . An action word a = tst asgn . . . is a finite or infinite sequence in ( Tst R · Asgn R ) ω ∪ ( Tst R · Asgn R ) ∗ . We say that a is a labelling of a play (finite or infinite) π = v u v u . . . if for all i ≥ u i = ∆( v i , tst i )and v i +1 = ∆( u i , asgn i ). Note that for all action words a , there is a unique play denoted π a such that a is a labelling of π a . The action word a is said to be D -feasible (or justfeasible) if there exists an infinite sequence v d v d . . . of register valuations v i and data d i over D such that v = v R (the constant valuation of any r ∈ R to 0) and for all i ≥ i +1 = update ( v i , d i , asgn i ) and v i , d i | = tst i . An action word tst asgn . . . is compatible witha strategy λ if for all i ≥ asgn i = λ ( tst . . . tst i ). The set of action words compatible with λ is denoted by Outcome G ( λ ). Finally, we define a strategy λ for Eve to be D -winning iffor any D -feasible a ∈ Outcome G ( λ ), π a satisfies the parity condition. Note that we do notrequire that all outcomes of λ are feasible. It is because Adam can input tests which are notsatisfiable by any concrete data, and these actions should always be winning for Eve. Forexample, in a register valuation where v ( r ) = v ( r ), Adam could input the test r < ∗ < r which is not satisfiable in the context of ν , as it does not correspond to any concrete datavalue that Adam could give.Though not necessary in the paper, the interested reader can find in Appendix a seman-tics of register games as infinite-state parity games. Here is our main result: ◮ Theorem 1.
Given a register game G , it is decidable in ExpTime whether Eve has a Q -winning strategy in G . Moreover, ifshe has a Q -winning strategy, then she has Q -winning finite-memory strategy, it is decidable whether Eve has an N -winning strategy in G , it is decidable in ExpTime whether Eve has an N -winning finite-memory strategy in G . Sketch of proof – full proof in Section 4.
We discuss the case of N , the case of Q is mucheasier and left out here. The winning condition of register games asks that any N -feasibleaction word compatible with the strategy induces a sequence of vertices satisfying the paritycondition. The main idea is then to reduce register games G to (classical) two-player zero-sum games G f , with a winning condition which expresses that either the action word is not N -feasible, or the parity condition is satisfied. More precisely, we reduce register games togames over a finite graph arena (whose transitions are not labelled). Actions taken by Adamand Eve are stored in the vertices of the game. Therefore, if V = V ∀ ⊎ V ∃ is the set of verticesof G , the set of Adam’s vertices in G f is v ∪ ( V ∀ × Asgn R ) (the last action taken by Eve isstored but since Adam starts, initially the game is in v the initial vertex of G ). Likewise,Eve’s vertices in G f is the set V ∃ × Tst R . A play π = v ( v , tst )( v , asgn ) . . . is winning in G f if either a = tst asgn . . . is not N -feasible, or v v . . . satisfies the parity condition of G . We show that the set of N -feasible actions words is recognisable by a deterministic max-automaton (Lemma 12 in Section 3), and since they are closed under complement and unionwith an ω -regular language, we can conclude for decidability, since games with a winningcondition defined by a deterministic max-automaton are decidable (Theorem 9), based ona result of [9]. To obtain ExpTime for checking the existence of N -winning finite-memorystrategies for Eve, we show that it is sufficient to consider an ω -regular winning conditioninstead of a deterministic max-automata condition (Section 4). Those results are based ona study of satisfiable constraint sequences (Section 3). ◭ The section does not depend on the preceding definitions and can be read independently.
Constraint sequences, consistency and satisfiability.
Fix a set of registers R (whichcan also be thought of as variables), and let R ′ = { r ′ | r ∈ R } be the set of their primedversions. We also fix a data domain D . In what follows, the symbol ⊲⊳ denotes one of > , < , or=. A constraint is a maximal consistent set of atoms of the form t ⊲⊳ t where t , t ∈ R ∪ R ′ .It describes how register values change in one step: their relative order at the beginning,at the end, and between each other. E.g., C = { r < r , r < r ′ , r > r ′ , r ′ < r ′ } is aconstraint over R = { r , r } , which is for instance satisfied by the two successive valuations v a : { r , r } and v b : { r , r } . However, the constraint { r < r , r >r ′ , r < r ′ , r ′ > r ′ } is not satisfiable. igure 2 Visualisation of a constraint sequence.After time 6, the values stay the same. Indi-vidual register values are depicted by black dots,and dots are connected by black lines when theytalk about the same register. Black paths depictthreads, and blue/red/green paths depict chains. order time0 1 2 3 4 5 6 r r r Given a constraint C , let C | R denote the subset of its atoms r ⊲⊳ s for r, s ∈ R , and C | R ′ — the subset of its atoms r ′ ⊲⊳ s ′ for r ′ , s ′ ∈ R ′ . Given a set S of atoms r ′ ⊲⊳ s ′ over r ′ , s ′ ∈ R ′ , let unprime ( S ) be the set of atoms derived by replacing every r ′ ∈ R ′ by r . A constraint sequence is an infinite sequence of constraints C C . . . . It is consistent if, forevery i , unprime ( C i | R ′ ) = C i +1 | R (the register order at the end of step i is equal to theregister order at the beginning of step i + 1). Given a valuation v ∈ D R , define v ′ ∈ D R ′ to be the valuation that maps v ′ ( r ′ ) = v ( r ) for every r ∈ R . A valuation w ∈ D R ∪ R ′ satisfies a constraint C , written w | = C , if every atom is true in D when every r ∈ R ∪ R ′ isreplaced by w ( r ). A constraint sequence is satisfiable if there exists a sequence of valuations v v · · · ∈ ( D R ) ω such that v i ∪ v ′ i +1 | = C i for all i ≥
0. If, additionally, v = 0 R for someelement 0 ∈ D , then it is called 0 -satisfiable . Notice that satisfiability implies consistency. Examples.
Let R = { r , r , r } . Let a consistent constraint sequence C C . . . start with (cid:8) r < r < r , r = r ′ , r = r ′ , r > r ′ (cid:9)(cid:8) r < r < r , r = r ′ , r = r ′ , r > r ′ (cid:9) Note that we omit some atoms in C and C for readability: although they are not maximal(e.g. C does not contain r ′ < r ′ < r ′ ), they can be uniquely completed to maximal sets.Figure 2 (ignore the colored paths for now) visualises C C plus a bit more constraints. Theblack lines represent the evolution of the same register (e.g. r does not change over time).The constraint C describes the transition from moment 0 to 1, and C , from 1 to 2.The sequence of Figure 2, where after step 6 the registers do not change, is satisfiable in Q and in N . For example, the valuations can start with v = { r , r , r } . Butno valuations with v ( r ) < N . Also, the constraint C requires allregisters in R to differ, hence the sequence is not 0-satisfiable in Q nor in N .Another example is given by the sequence ( { r > r ′ } ) ω with R = { r } . It is satisfiable in Q but not in N , because any natural number can only be decreased finitely many times. Satisfiability of constraint sequences in Q . We show that a constraint sequence issatisfiable in Q iff it is consistent. It is a consequence of the following property (true because Q is dense):for every constraint C and v ∈ Q R such that v | = C | R , there exists v ′ ∈ Q R ′ suchthat v ∪ v ′ | = C . Being consistent is a local property to be tested on any two consecutiveconstraints of the sequence, it is not difficult to show that consistent constraint sequences(and hence constraint sequences satisfiable in Q ) are recognizable by deterministic parityautomata (shown in Appendix): ◮ Theorem 2.
There is a deterministic parity automaton of size exponential in R thataccepts exactly all constraint sequences satisfiable in Q . The same holds for -satisfiability. Satisfiability of constraint sequences in N . Fix R and a constraint sequence C C . . . over R . For r ∈ R , an r -thread is a projection of C C . . . into the atoms r ⊲⊳ r ′ where ⊲⊳ ∈ { >, <, = } ; thus it is a sequence of atoms ( r ⊲⊳ r ′ )( r ⊲⊳ r ′ ) . . . . An r -thread stabilises if it is of the form u · ( r = r ′ ) ω . Among stabilised threads with registers R s ⊆ R , there isa maximal r m -thread: it satisfies ∃ i. ∀ j > i. ∀ r ∈ R s : ( r m > r ) ∈ C j ∨ ( r m = r ) ∈ C j . Inthe constraint sequence in Figure 2, r gets stabilised; it is maximal when r and r do notstabilise or stabilise below r . thread describes a history of changes of some fixed register. In contrast, a chain(defined below) relates values of possibly different registers at consecutive moments.A (decreasing) two-sided chain is a finite or infinite sequence ( r , m ) ⊲ ( r , m ) ⊲ ... ∈ (cid:0) ( R × N ) · { = , > } (cid:1) ∗ ,ω (where m does not have to be 0) satisfying the following. m i +1 = m i (time freezes) or m i +1 = m i + 1 (time flows forward) or m i +1 = m i − m i +1 = m i then ( r i ⊲ i r i +1 ) ∈ C m i .If m i +1 = m i + 1 then ( r i ⊲ i r ′ i +1 ) ∈ C m i .If m i +1 = m i − r i +1 ⊲ i r ′ i ) ∈ C m i − .The depth of a chain is the number of > ; when it is infinity, the chain is infinitely decreasing.Figure 2 shows three two-sided chains. In blue color, we have a chain (0 , r ) > (0 , r ) > (0 , r ) > (1 , r ) > (2 , r ) > (3 , r ) of depth 5. Similarly, we define one-sided chains to beeither increasing or decreasing, with forwards-flowing time (thus, m i +1 equals m i or m i + 1).In Figure 2, the blue chain is one-sided decreasing, the red chain is one-sided increasing.Given a stabilising r -thread, a (two-sided) chain ( m , r ) ⊲ ( m , r ) ⊲ . . . is lower thanthe r -thread if for every ( m i , r i ), either ( r > r i ) ∈ C m i or ( r = r i ) ∈ C m i . Given the set of allstabilising threads, trespassing chains are all the chains lower than the maximal stabilising r m -thread. The number of trespassing chains in a constraint sequence can be infinite; it canalso be zero, e.g. when there are no stabilising threads. ◮ Lemma 3.
A consistent constraint sequence is satisfiable in N iff(A’) it has no infinitely decreasing two-sided chains; and(B’) ∃ B ∈ N : all trespassing two-sided chains have depth at most B (we say they have bounded depth). Sketch of proof – full proof in Appendix.
The left to right direction is trivial: if A ′ is notsatisfied, then one needs infinitely many values below the maximal initial value of a registerto satisfy the sequence, which is impossible in N . Likewise, if B ′ is not satisfied, then onealso needs infinitely many values below the value of the maximal stabilising chain, which isimpossible. For the other direction, we show that if A and B hold, then one can constructa sequence of valuations v v . . . satisfying the constraint sequence, such that for all r ∈ R , v i ( r ) is the largest depth of a (decreasing) two-sided chain starting in r at moment i . ◭ We can strengthen the previous lemma to talk only about one-sided chains. ◮ Lemma 4.
A consistent constraint sequence is satisfiable in N iff(A) it has no infinitely decreasing one-sided chains and(B) the trespassing (increasing or decreasing) one-sided chains have a bounded depth. Sketch of proof – full proof in Appendix.
Thanks to Lemma 3, we show that A ∧ B implies A ′ ∧ B ′ (the other direction is trivial). Let us prove ¬ A ′ ⇒ ¬ A . From an infinite (decreasing)two-sided chain, we can always extract an infinite decreasing one-sided chain, since two-sidedchains are infinite to the right and not to the left. Hence, for all moment i , there alwaysexists a moment j > i such that one register of the chain is smaller at step j than aregister of the chain at step i . We also prove that ¬ B ′ = ⇒ ¬ B . Given a sequence oftrespassing two-sided chains of unbounded depth, we are able to construct a sequence ofone-sided chains of unbounded depth. This construction is more difficult than for showing ¬ A ′ = ⇒ ¬ A . Indeed, even though there are by hypothesis deeper and deeper trespassingtwo-sided chains, they may start at later and later moments in the constraint sequence andgo to the left, and so one cannot just take an arbitrarily deep two-sided chain and extractfrom it an arbitrarily deep one-sided chain. However, we show, using a Ramsey argument, hat it is still possible to extract arbitrarily deep one-sided chains as the two-sided chainsare not completely independent. ◭ The next lemma shown in Appendix refines the previous characterisation to 0-satisfiability. ◮ Lemma 5.
A consistent constraint sequence is -satisfiable in N iff itsatisfies conditions A ∧ B from Lemma 4,starts in C s.t. C | R = { r = s | r, s ∈ R } , andhas no decreasing one-sided chains of depth ≥ from ( r, for any r . We are now able to provide the main result about recognisability of satisfiable con-straint sequences by automata. To state the following theorem, we need the notion of max-automata [8]. These automata are standard automata (over a finite alphabet) extendedwith a finite set of counters c , . . . , c n which can be incremented only, reset to 0, or updatedby taking the maximal value of two counters, but they cannot be tested. The acceptancecondition is given as a Boolean combination of bounded conditions of the form “counter c i isbounded along the run”. Such a condition is satisfied by a run if there exists a bound B ∈ N such that counter x i has value at most B along the run. By using negation, conditionssuch as “ x i is unbounded along the run” can also be expressed. We refer the reader to [8]for a more detailed definition. For instance, the set of words of the form w = a n ba n b . . . such that n i ≤ B for all i ≥
0, for some B ∈ N that depends on w only, is definable by adeterministic max-automaton but is not ω -regular. ◮ Theorem 6.
For every R , there is a deterministic max-automaton accepting exactly allconstraint sequences satisfiable in N . The number of states is exponential in | R | , and thenumber of counters is | R | . The same holds for -satisfiability in N . Sketch of proof – full proof in Appendix.
We treat the case of satisfiability. Based onLemma 4, we design a deterministic max-automaton to check conditions A and B . Condi-tion A can be checked with a deterministic parity automaton which tracks infinite decreasingone-sided chains. For condition B , for each register r , we have a deterministic parity au-tomaton checking whether there is an r -stabilising thread. Then, for each r , we construct adeterministic max-automaton which checks whether all r -trespassing one-sided (decreasingor increasing) chains have bounded depth. For that, one needs counters with a boundedcondition. This automaton can be made deterministic by using the max operation to mergeinformation about different one-sided chains that end up in the same register. Finally, wetake a product of all these automata. The product preserves determinism. ◭ The next result will come handy later when dealing with finite-memory strategies, so westate it here. We say an infinite sequence is lasso-shaped if it is of the form w = uv ω . ◮ Lemma 7.
Suppose a consistent constraint sequence is lasso-shaped, has no trespassinginfinitely decreasing nor increasing one-sided chains. If it has no infinitely decreasing one-sided chains (not necessarily trespassing), then it is satisfiable. If, additionally, it has nodecreasing one-sided chains of depth ≥ from moment and starts with C s.t. C | R = { r = s | r, s ∈ R } , then it is -satisfiable. Sketch of proof – full proof in Appendix.
Suppose a chain satisfies the conditions of thelemma and assume it has no infinitely decreasing one-sided chain. Then, assume that it hasunbounded-depth trespassing decreasing one-sided chains. Since it is lasso-shaped, there isa decreasing chain of depth at least the length of the lasso, and so we can show that there isan infinite decreasing one-sided chain, which is a contradiction. Assume is has unbounded-depth trespassing increasing one-sided chains. Similarly, since the constraint sequence is asso-shaped, one can show that it has an infinite trespassing increasing one-sided chain,which contradicts our assumption. So, such a constraint sequence satisfies conditions ( A )and ( B ) of Lem. 4, hence it is satisfiable. The 0-satisfiability case is shown similarly. ◭ Since the previous lemma does not talk about boundedness of chains, one do not needcounters anymore, so the conditions of Lemma 7 can be checked by an ω -regular automaton: ◮ Lemma 8.
For every R , there is a deterministic parity automaton of size exponential in | R | that accepts exactly all consistent constraint sequences that have no trespassing infinitelyincreasing nor decreasing one-sided chains, and no infinitely decreasing one-sided chains.The same result holds if we additionally require the absence of decreasing one-sided chainsof depth ≥ from moment , and the start with C s.t. C | R = { r = s | r, s ∈ R } . To solve register games, we show how to reduce them, in the case of a data domain D ∈{ N , Q } , to a two-player zero-sum turn-based game on a finite arena, with a winning objectivewhich is (1) ω -regular in the case D = Q , (2) definable by a deterministic max-automatonin the case D = N [8] (hence beyond ω -regularity). In case (1), it is well-known that suchgames are decidable, and for case (2), it is also known to be decidable as a consequence of aresult from [9]. While the latter result yields decidability, it does not provide our ExpTime upper bound for the solvability of register games over N by finite-memory strategies. Wethen further refine our reduction and show that the latter problem reduces to an ω -regulargames. Let us first recall the notion of two-player zero-sum games over finite arenas. Two-player zero-sum games over finite arenas. A two-player zero-sum game (or justtwo-player game) is a tuple G = ( V, V ∀ , V ∃ , v , E, W ) where V = V ∀ ⊎ V ∃ is a finite set ofvertices partitioned into vertices controlled by Adam and Eve, v ∈ V ∀ is the initial vertex, E ⊆ V ∀ × V ∃ ∪ V ∃ × V ∀ is a turn-based transition relation, and W ⊆ V ω is called the winningobjective . As for register games, a play is an infinite sequence of vertices starting in v andcompatible with E . It is winning if it belongs to W . A strategy for Eve is a mapping λ defined on all plays π.v where v ∈ V ∃ , such that λ ( π.v ) ∈ V ∃ and ( v, λ ( π.v )) ∈ E . A play π = v v . . . is compatible with λ if for all i ≥
0, if v i ∈ V ∃ , then v i +1 = λ ( v . . . v i ). Astrategy is winning if all plays compatible with it are winning.It is well-known that games with a winning objective given as a deterministic parityautomaton (on infinite words) can be solved in n d , where n is the size of the game plus thesize of the automaton, and d is the index of the parity function [26]. Solving games with awinning objective given as deterministic max-automata (see page 9) is decidable as well: ◮ Theorem 9 ([9]) . The following problem is decidable: given a 2-player game with a winningobjective given as a det. max-automaton, check whether Eve has a winning strategy.
Proof.
This result is not directly expressed as such in [9], where it is proved (in Exam-ple 2) that two-player games with a winning condition expressed in weak MSO plus theunbounded quantifier U over infinite words (WMSO+U) are decidable, as an applicationof the decidability of an MSO logic for trees. We do not define WMSO+U here, as it issufficient to know that WMSO+U can define all languages recognisable by deterministicmax-automata [8]. ◭ Reduction to two-player games.
We now show how to reduce register games over D to two-player games over finite arenas. Fix a register game G = ( R, V, V ∀ , V ∃ , v , ∆ , α ). Let easible D ( R ) denote the set of action words over R feasible in D . We construct the two-player game G f = ( V ′ , V ′∀ , V ′∃ , v ′ , E, W G ) where V ′ = V ′∀ ⊎ V ′∃ over a finite arena as follows.Intuitively, G f memorises in its states the last action taken. Formally, V ′∀ = { v } ∪ ( V ∀ × Asgn ), V ′∃ = V ∃ × Tst , v ′ = v , E = E ∪ E ∀ ∪ E ∃ where E = { ( v , ( v , tst )) | ∆( v , tst ) = v } , E ∀ = { (( v, asgn ) , ( v ′ , tst )) | ∆( v, tst ) = v ′ } and E ∃ = { (( v, tst ) , ( v ′ , asgn )) | ∆( v, asgn ) = v ′ } .The winning condition W G ⊆ ( V ′ ) ω of G f is given as the set of words W G = (cid:8) v ( v , tst )( v , asgn ) . . . | tst asgn . . . ∈ Feasible D ( R ) ⇒ v v . . . | = α (cid:9) . The next lemma, whose proof is in Appendix, shows the correctness of this construction: ◮ Lemma 10.
Eve wins G iff Eve wins G f . Moreover, she wins G with a finite-memorystrategy iff she wins G f with a finite-memory strategy. Our objective now is to characterise the set of action words feasible in Q and N , inorder to express the winning condition W G as a deterministic parity automaton and asa deterministic max-automaton respectively. Any action word naturally induces a uniqueconstraint sequence as defined in Sec. 3. E.g., over two registers R = { r, s } , any action wordstarting with { r < ∗ ∧ s < ∗} . { s } (test whether the current data d is above r and s andstore it in s ) induces a constraint sequence starting with { r = s ∧ r = r ′ ∧ s < s ′ ∧ r ′ < s ′ } (the atom r = s is due to all registers being all equal initially in a register game). The nextlemma shown in Appendix formalises this intuition (in which for technical reasons we needan additional register to always store the current data): ◮ Lemma 11.
Let R be a set of registers, r d R and D ∈ { N , Q } . There exists a mapping constr from action words over R to constraint sequences over R ∪ { r d } such that for allaction words a , a is feasible in D iff constr ( a ) is -satisfiable in D . Based on Lemma 11, Theorem 2 (0-satisfiability in Q ) and Theorem 6 (0-satisfiability in N )of Sec. 3, we obtain the following result which characterises the sets of feasible action words. ◮ Lemma 12.
For every R , the set of all feasible action words Feasible D ( R ) is definable bya deterministic parity automaton if D = Q ,a deterministic max-automaton if D = N .Moreover, these automata are exponential in R . Since parity automata and max-automata are closed under Boolean operations and de-terministic max-automata can express all ω -regular languages [8], we get: ◮ Corollary 13.
For every register game G , the set W G can be defined as:a deterministic parity automaton A if D = Q ,a deterministic max-automaton B if D = N .Moreover, these automata are exponential in the size of G , and for D = Q , the index of thepriority function of A is the same as for G . Proof of Theorem 1.(1,2).
Corollary 13, Lemma 10 and Theorem 9 yields the decidabilityof register games for D = N . For D = Q , we also get the claimed ExpTime complexity,moreover it is well-known that finite-memory strategies suffice to win 2-player ω -regulargames, hence we can conclude the proof for D = Q thanks again to Lemma 10.For D = N , the result of [9] used to show that two-player games with a winning conditiongiven by a deterministic max-automaton are decidable, does not allow us to conclude thatfinite-memory strategy suffice (there might not exist regular trees satisfying an WMSO+Uformula), and we leave here this question open. We now study the problem of deciding theexistence of finite-memory strategies in register games for N . eduction to two-player games with an ω -regular winning condition for D = N . We now prove that for solving the game G f with winning condition W G and finite-memory,it suffices to consider an ω -regular subset W regG ⊆ W G which satisfies that Eve wins G f withwinning condition W G and a finite-memory iff she wins G f with winning condition W regG .We let QFeasible N ( R ) the set of quasi-feasible action words over R , defined as the set ofwords a such that its induced constraint sequence (through the mapping constr defined inLemma 11) satisfies the conditions of Lemma 7 which entail 0-satisfiability of lasso-shapedconstraint sequences. We then define the winning condition W regG as: W regG = (cid:8) v ( v , tst )( v , asgn ) . . . | tst asgn . . . ∈ QFeasible N ( R ) ⇒ v v . . . | = α (cid:9) . Based on Lemma 8, it is easily shown that W regG is ω -regular: ◮ Lemma 14.
The set W regG can be defined by a deterministic parity automaton with anumber of states exponential in R and polynomial in the number of G vertices, and with thesame number of priorities as G . Finally, the following lemma states that considering W regG instead of W G is sound: ◮ Lemma 15.
For all register games G over D = N , Eve wins G f with finite-memory andwinning condition W G iff she wins G f with winning condition W regG . Proof.
Clearly, W regG ⊆ W G since Feasible N ( R ) ⊆ QFeasible N ( R ). Hence, if Eve wins G f with winning condition W regG (which can be assumed to be finite-memory since W regG is ω -regular), she also wins G f with winning condition W G with the same (finite-memory)strategy. Conversely, assume Eve wins G f with winning condition W G and a finite-memorystrategy λ but does not win G f with winning condition W regG . Since W regG is ω -regular, bydeterminacy, Adam has a strategy σ , which can be assumed to be finite-memory, such thatfor all strategies of Eve, the resulting play does not satisfy W regG . We exhibit a contradiction.Let π be the play compatible with λ and σ . Since λ is winning, we have π ∈ W regG but π W G . Therefore, the action word a induced by π (by projection) is not feasible but quasi-feasible. Since λ and σ are both finite-memory, π (and a ) are lasso-shaped. By definition ofquasi-feasibility, it means that the constraint sequence constr ( a ) satisfies the condition ofLemma 7. So, it is 0-satisfiable, and by Lemma 11 we get that a is feasible, contradiction. ◭ Proof of Theorem 1.(3).
Let G be a register game over D = N . By Lemma 10, we have thatEve wins G with finite-memory iff she wins G f with finite-memory and winning condition W G . Moreover, by Lemma 15, this is equivalent to Eve winning G f with winning condition W regG . By Lemma 14, W regG can be represented by a deterministic parity automaton ofexponential size with the same number of priorities as G . Hence, G f with winning condition W regG can be solved in ExpTime , concluding the proof. ◭ Data words.
Let Σ be a finite alphabet of labels . A data word over Σ and a linearly ordereddata domain D is an infinite sequence of pairs in Σ × D , and we denote by (Σ × D ) ω theset of data words over Σ and D . For all i ≥
1, we denote by w [ i ] the i th letter of w . Register transducers. A register transducer (RT) is a tuple T = (Σ I , Σ O , Q, q , R, δ, α ),where Σ I and Σ O are input and output alphabets of finite labels, Q is a set of states and q ∈ Q is initial , R is a finite set of registers , α is a parity function . The transition function δ is a (total) function δ : Q × Σ I × Tst → Asgn × Σ O × R × Q , which is required to be deterministicwhen the label in Σ O , the assignment, and the register r ∈ R have been chosen. Formally, it atisfies: ( asgn , σ O , r, q ) , ( asgn , σ O , r, q ) ∈ δ ( q, σ I , tst ) implies q = q . Hence we may write q ′ = δ ( σ I , tst , asgn , σ O , r ) when ( asgn , σ O , r, q ′ ) ∈ δ ( q, σ I , tst ).We now define the notion of run and the language semantics of T over a data domain D . A configuration of T is a pair ( q, v ) ∈ Q × D R . The configuration ( q , R ) is called initial . An input word (i-word) is a sequence from (Σ I × D ) ω ; an output word (o-word)is a sequence from (Σ O × D ) ω ; and an input-output word (io-word) is a sequence from((Σ I × D ) · (Σ O × D )) ω . Given an i-word w I and an o-word w O , we construct an io-word w I ⊗ w O = w I [1] w O [1] w I [2] w O [2] . . . . A run of T on an io-word w = ( σ I , d I )( σ O , d O )( σ I , d I ) . . . is a sequence of configurations ρ = ( q , v )( q , v ) . . . starting in the initial configuration andsuch that for every i ≥
0, there are asgn i and r i s.t. q i +1 = δ ( σ Ii , tst , asgn i , σ Oi , r i ) where tst is the unique test holding for v i and d Ii , v i +1 = update ( v i , d Ii , asgn i ), and d Oi = v i +1 ( r i ). Thei-word w I = ( σ I , d I )( σ I , d I ) . . . is called the input word of ρ , and we also say that ρ is a runof T on w I . The o-word ( σ O , d O )( σ O , d O ) . . . is called the output word of ρ .The run ρ is called accepting if it satisfies the parity condition wrt. α . We say that anio-word w is accepted by T if there exists an accepting run of T on w . The language of T ,denoted L ( T ), is the set of io-words accepted by T . The domain of T , denoted by dom( T ),is the set of all i-words w I such that there exists an accepting run of T on w I . Synthesis problem.
Given an RT T , the synthesis problem asks whether there existsa strategy that resolves non-determinism, i.e., selects outputs, while preserving the paritycondition. Let us formalize this notion. An output-selecting strategy (o-strategy) for T is afinite-state machine λ = ( P, p , τ ) where P is a finite set of states with initial state p and τ is a total transition function of type τ : P × Q × Σ I × Tst → Asgn × Σ O × R × P such thatfor all p ∈ P and ( q, σ I , tst ) ∈ Q × Σ I × Tst , if τ ( p, q, σ I , tst ) = ( asgn , σ O , r, p ′ ), then thereexists q ′ ∈ Q such that ( asgn , σ O , r, q ′ ) ∈ δ ( q, σ I , tst ). In other words, τ selects some elementin δ ( q, σ I , tst ). By using λ , we can restrict T to a register transducer denoted T ⊗ λ forwhich the transition function always outputs a singleton. Formally, T ⊗ λ = (Σ I , Σ O , Q × P, ( q , p ) , R, δ λ , ⊤ ) where ⊤ is a trivial parity condition (always true) and δ λ is definedby δ λ (( q, p ) , σ O , tst ) = { ( asgn , σ O , r, ( q ′ , p ′ )) } such that τ ( p, q, σ I , tst ) = ( asgn , σ O , r, p ′ ) and( asgn , σ O , r, q ′ ) ∈ δ ( q, σ I , tst ).The output-selecting strategy synthesis problem (or just synthesis problem) is the problemof deciding, given an RT T , whether there exists an o-selecting strategy λ s.t. L ( T ⊗ λ ) ⊆ L ( T ); such a strategy is called winning and T is called realisable. If such a strategy exists,the problem asks to provide λ as a finite-state machine. An example is given in Appendix.Note that since the parity condition of T ⊗ λ is trivial and the transition functions of T and λ are both total, the input domain of T ⊗ λ is universal. Therefore, if T does not have auniversal domain, it is unrealisable. This is realistic in scenarios where inputs are providedby the environment, so we do not want to restrict them. ◮ Theorem 16.
The output-selecting strategy synthesis problem for register transducers overdata domain N (resp. Q ) is solvable in ExpTime . Sketch of proof – full proof in Appendix.
We reduce this problem to solving a registergame of polynomial size with finite-memory, which is decidable in
ExpTime by Theorem 1.The main difference between a register game and the synthesis problem is that register trans-ducers have finite labels and can output the content of a register. First, output registersare considered as letters from a finite alphabet as their actual content do not matter w.r.t.the synthesis of strategies selecting transitions. Then, we encode finite labels using extraregisters and force Adam to provide sufficiently many different data in some initial phasethat are stored in those extra registers. ◭ eferences Parosh Aziz Abdulla, Mohamed Faouzi Atig, Piotr Hofman, Richard Mayr, K. Narayan Ku-mar, and Patrick Totzke. Infinite-state energy games. In
Joint Meeting of the Twenty-ThirdEACSL Annual Conference on Computer Science Logic (CSL) and the Twenty-Ninth An-nual ACM/IEEE Symposium on Logic in Computer Science (LICS), CSL-LICS ’14, Vienna,Austria, July 14 - 18, 2014 , pages 7:1–7:10, 2014. S. Almagor, O. Kupferman, and G. Perelli. Synthesis of controllable nash equilibria in quan-titative objective game. In
Proc. 27th Int. Joint Conf. on Artificial Intelligence , pages 35–41,2018. Benjamin Aminof, Orna Kupferman, and Robby Lampert. Reasoning about online algorithmswith weighted automata.
ACM Trans. Algorithms , 6(2):28:1–28:36, 2010. G. Avni, T. A. Henzinger, and V. Chonev. Infinite-duration bidding games. In
Proc. 28th Int.Conf. on Concurrency Theory , volume 85 of
LIPIcs , pages 21:1–21:18, 2017. D. Berwanger, K. Chatterjee, M. De Wulf, L. Doyen, and T. A. Henzinger. Strategyconstruction for parity games with imperfect information.
Information and Computation ,208(10):1206–1220, 2010. Dietmar Berwanger. Admissibility in infinite games. In
STACS 2007, 24th Annual Sympo-sium on Theoretical Aspects of Computer Science, Aachen, Germany, February 22-24, 2007,Proceedings , pages 188–199, 2007. R. Bloem, K. Chatterjee, and B. Jobstmann. Graph games and reactive synthesis. In
Handbookof Model Checking. , pages 921–962. Springer, 2018. Mikołaj Bojańczyk. Weak mso with the unbounding quantifier.
Theory of Computing Systems ,48(3):554–576, 2011. Mikolaj Boja’nczyk. Weak MSO+U with path quantifiers over infinite trees. In
Automata,Languages, and Programming - 41st International Colloquium, ICALP 2014, Copenhagen,Denmark, July 8-11, 2014, Proceedings, Part II , pages 38–49, 2014. A.-J. Bouquet, O. Serre, and I. Walukiewicz. Pushdown games with unboundedness andregular conditions. In
Proc. 23rd Conf. on Foundations of Software Technology and TheoreticalComputer Science , volume 2914 of
Lecture Notes in Computer Science , pages 88–99. Springer,2003. T. Brihaye, V. Bruyère, J. De Pril, and H. Gimbert. On subgame perfection in quantitativereachability games.
Logical Methods in Computer Science , 9(1), 2012. Véronique Bruyère. Computer aided synthesis: A game-theoretic approach (survey). In
Developments in Language Theory - 21st International Conference, DLT 2017, Liège, Belgium,August 7-11, 2017, Proceedings , pages 3–35, 2017. J.R. Büchi and L.H. Landweber. Solving sequential conditions by finite-state strategies.
Trans.AMS , 138:295–311, 1969. K. Chatterjee and L. Doyen. The complexity of partial-observation parity games. In
Proc.16th Int. Conf. on Logic for Programming Artificial Intelligence and Reasoning , pages 1–14.Springer, 2010. K. Chatterjee and L. Doyen. Energy parity games. In
Proc. 37th Int. Colloq. on Automata,Languages, and Programming , pages 599–610, 2010. K. Chatterjee, T. A. Henzinger, and M. Jurdzinski. Games with secure equilibria. In
Proc.19th IEEE Symp. on Logic in Computer Science , pages 160–169, 2004. K. Chatterjee, T. A. Henzinger, and M. Jurdzinski. Quantitative stochastic parity games.pages 121–130, 2004. Krishnendu Chatterjee, Laurent Doyen, Emmanuel Filiot, and Jean-François Raskin. Dooms-day equilibria for omega-regular games.
Inf. Comput. , 254:296–315, 2017. Thomas Colcombet. Forms of determinism for automata (invited talk). In , pages 1–23, 2012.14 Rodica Condurache, Emmanuel Filiot, Raffaella Gentilini, and Jean-François Raskin. Thecomplexity of rational synthesis. In , pages 121:1–121:15, 2016. A. Degorre, L. Doyen, R. Gentilini, J. Raskin, and S. Torunczyk. Energy and mean-payoffgames with imperfect information. In
Proc. 19th Annual Conf. of the European Associationfor Computer Science Logic , pages 260–274, 2010. L. Exibard, E. Filiot, and P-A. Reynier. Synthesis of data word transducers. In
Proc. 30thInt. Conf. on Concurrency Theory , 2019. Emmanuel Filiot, Raffaella Gentilini, and Jean-François Raskin. Rational synthesis underimperfect information. In
Proceedings of the 33rd Annual ACM/IEEE Symposium on Logicin Computer Science, LICS 2018, Oxford, UK, July 09-12, 2018 , pages 422–431, 2018. Emmanuel Filiot, Ismaël Jecker, Nathan Lhote, Guillermo A. Pérez, and Jean-François Raskin.On delay and regret determinization of max-plus automata. In ,pages 1–12, 2017. Stefan Göller, Richard Mayr, and Anthony Widjaja To. On the computational complexity ofverifying one-counter processes. In
Proceedings of the 24th Annual IEEE Symposium on Logicin Computer Science, LICS 2009, 11-14 August 2009, Los Angeles, CA, USA , pages 235–244,2009. E. Grädel, W. Thomas, and T. Wilke.
Automata, Logics, and Infinite Games: A Guide toCurrent Research , volume 2500 of
Lecture Notes in Computer Science . Springer, 2002. T.A. Henzinger and N. Piterman. Solving games without determinization. In
Proc. 15thAnnual Conf. of the European Association for Computer Science Logic , volume 4207 of
LectureNotes in Computer Science , pages 394–410. Springer, 2006. A. Khalimov and O. Kupferman. Register-bounded synthesis. 2019. Full version from arxiv. A. Khalimov, B. Maderbacher, and R. Bloem. Bounded synthesis of register transducers.In , volume 11138 of
Lecture Notes in Computer Science , pages 494–510. Springer, 2018. Orna Kupferman, Giuseppe Perelli, and Moshe Y. Vardi. Synthesis with ra-tional environments.
Ann. Math. Artif. Intell. , 78(1):3–20, 2016. URL: https://doi.org/10.1007/s10472-016-9508-8 . S. Nain and M.Y. Vardi. Solving partial-information stochastic parity games. In
Proc. 28thIEEE Symp. on Logic in Computer Science , pages 341–348. IEEE Computer Society, 2013. N. Piterman and M. Vardi. Global model-checking of infinite-state systems. In
Proc. 16th Int.Conf. on Computer Aided Verification , volume 3114 of
Lecture Notes in Computer Science ,pages 387–400. Springer, 2004. J.-F. Raskin, K. Chatterjee, L. Doyen, and T. Henzinger. Algorithms for omega-regular gameswith imperfect information.
Logical Methods in Computer Science , 3(3), 2007. Luc Segoufin and Szymon Torunczyk. Automata based verification over linearly ordereddata domains. In . Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, 2011. Olivier Serre. Parity games played on transition graphs of one-counter processes. In
Foun-dations of Software Science and Computation Structures, 9th International Conference, FOS-SACS 2006, Held as Part of the Joint European Conferences on Theory and Practice ofSoftware, ETAPS 2006, Vienna, Austria, March 25-31, 2006, Proceedings , pages 337–351,2006. M. Ummels. The complexity of Nash equilibria in infinite multiplayer games. In
Proc. 11th Int.Conf. on Foundations of Software Science and Computation Structures , pages 20–34, 2008. I. Walukiewicz. Model checking ctl properties of pushdown systems. In
Proc. 20th Conf.on Foundations of Software Technology and Theoretical Computer Science , volume 1974 of
Lecture Notes in Computer Science , pages 127–138. Springer, 2000. U. Zwick and M.S. Paterson. The complexity of mean payoff games on graphs.
TheoreticalComputer Science , 158:343–359, 1996. 15
Semantics of register games as infinite-state parity games
We associate with G the infinite-state parity game G ∞ = ( V ∞ , V ∞∀ , V ∞∃ , v ∞ , E ∞ , α ∞ )defined by V ∀ = V ∀ × V al R , V ∃ = V ∃ × V al R × D , v ∞ = ( v , v ), and α ∞ (( v, ν )) = α ∞ (( v, ν, d )) = α ( v ). The transitions are defined as E ∞ = E ∞∀ ∪ E ∞∃ where: E ∞∀ = { (( v, v ) , ( v ′ , v , d )) | v ∈ V ∀ , v ∈ V al R , d ∈ D , ∃ tst ∈ Tst R , ∆( v, tst ) = v ′ ∧ v , d | = tst } E ∞∃ = { (( v, v , d ) , (∆( v, asgn ) , update ( v , d , asgn )) | v ∈ V ∃ , v ∈ V al R , d ∈ D , asgn ∈ Asgn R } The notions of plays are defined as for register games. A finite play π = ( v , v )( u , v , d )( v , v )( u , v , d ) . . . induces a sequence of tests tst tst . . . such that for all i , tst i is the unique test such that v i , d i | = tst i . Two finite plays π, π ′ are said to be equivalent, denoted by π ∼ π ′ whenever theyinduce the same sequence of tests, and their projection on V are equal. A strategy for Eve in G ∞ is a mapping λ : P lays G ∞ → V ∀ such that for all π ∈ P lays G ∞ , πλ ( π ) ∈ P lays G ∞ . It issaid to be test-driven if for all finite plays h = h ′ ( v, v , d ) and h = h ′ ( v, v , d ), if h ∼ h ,then there exists some assignment asgn ⊆ R such that λ ( h ) = ( u, update ( v , d , asgn )) and λ ( h ) = ( u, update ( v , d , asgn )). Note that then, h λ ( h ) ∼ h λ ( h ). ◮ Proposition 17.
Eve wins a register game G iff she wins the infinite-state parity game G ∞ with a test-based strategy. Proof.
Suppose there exists a winning strategy λ : Tst + R → Asgn R for Eve in G . We constructa winning strategy λ ∞ for Eve in G ∞ . Let π = ( v , v )( u , v , d )( v , v )( u , v , d ) . . . ( u k , v k , d k )be some finite play in G ∞ . This play induces a sequence of tests ρ = tst tst . . . andwe let asgn = λ ( ρ ). Then, λ ∞ ( π ) = ( v k +1 , v k +1 ) such that ∆( u k , asgn ) = v k +1 and v k +1 = update ( v k , d k , asgn ). This strategy λ ∞ is test-driven because the actions of Eveonly depends on the tests. It is easy to see that it is winning: let π be an infinite play π = ( v , v )( u , v , d )( v , v ) . . . compatible with λ ∞ , this play induces an action word a = tst asgn . . . which is feasible by v d v d . . . . Hence since λ is winning, v u . . . satis-fies the parity condition, hence π is winning as well by definition of α ∞ .Conversely, let λ ∞ be a winning test-based strategy winning for Eve in G ∞ . Since itis test-based, it can be seen as a strategy λ : Tst + R → Asgn R , which can be shown to bewinning for Eve in G . In particular, given h = tst . . . tst k , we let π ∞ a play in G ∞ whichinduces this sequence of tests and which is compatible with λ ∞ (if π ∞ does not exist, thenwe let λ ( h ) = asgn for some arbitrary asgn ). Then, let λ ∞ ( π ∞ ) = ( v, v ), and let asgn besome maximal assignment (for inclusion) such that v = update ( v ′ , d , asgn ), where v ′ is thelast valuation of π ∞ . We let λ ( h ) = asgn . This assignment, asgn depends on the choice of π ∞ , but since λ ∞ is test-based, asgn is unique with respect to h , thus λ is well-defined. Toshow that λ is winning, it suffices to take a feasible action word compatible with λ . Since itis feasible, this action word is actually induced by a proper play π of G ∞ which additionallyis compatible with λ ∞ , by definition of λ . This yield that π satisfies the parity condition α ∞ since λ ∞ is winning. Thus, by definition of α ∞ , we also get that π a satisfies α as well.Hence λ is winning. ◭ B Proofs of Section 3B.1 Proof of Lemma 18
Proof.
The directions ⇒ for both claims are simple, so we prove only direction ⇐ .Consider the first claim, direction ⇐ . Assume the sequence is consistent. We construct v v · · · ∈ ( Q R ) ω such that v i ∪ v ′ i +1 | = C i for all i . The construction proceeds step-by-step nd relies on the following fact ( † ): for every constraint C and v ∈ Q R such that v | = C | R ,there exists v ′ ∈ Q R ′ such that v ∪ v ′ | = C . Then define v , v . . . as follows: start with anarbitrary v satisfying v | = C | R . Given v i | = C i | R , let v i +1 be any valuation in Q R thatsatisfies v i ∪ v ′ i +1 | = C i (it exists by ( † )). Since v i +1 | = C i | R ′ , and unprime ( C i | R ′ ) = C i +1 | R by consistency, we have v i +1 | = C i +1 | R , and we can apply the argument again.We are left to prove the fact ( † ). The constraint C completely specifies the order on R ∪ R ′ , while v fixes the values for R , and v | = C | R . Hence we can uniquely order registers R ′ and the values { v ( r ) | r ∈ R } of R on the Q -line. Since Q is dense, it is always possibleto choose the values for R ′ that respect this order; we leave out the details.Consider the second claim, direction ⇐ . Since C C . . . is consistent, then by the firstclaim, it is satisfiable, hence it has a witnessing valuation v v . . . . The constraint C requiresall registers in R to start with the same value, so define d = v ( r ) for arbitrary r ∈ R . Let v ′ v ′ . . . be the valuations decreased by d : v ′ i ( r ) = v i ( r ) − d for every r ∈ R and i ≥
0. Thenew valuations satisfy the constraint sequence because the constraints in Q are invariantunder the shift (follows from the fact: if r < r holds for some v ∈ D R , then it holdsfor any v − d where d ∈ D ). The equality v ′ = 0 R means that the constraint sequence is0-satisfiable. ◭ B.2 Proof of Theorem 2
Proof.
The alphabet of the automaton consists of all constraints. By Lemma 18, for satisfia-bility, it suffices to construct the automaton that checks consistency, namely that every twoadjacent constraints C C in the input word satisfy the condition unprime ( C | R ′ ) = C | R .The construction is straightforward; we only sketch it. The automaton memorises the atoms C | R ′ of the last constraint C into its state, and on reading the next constraint C the au-tomaton checks that unprime ( C | R ′ ) = C | R . If this holds, the automaton transits into thestate that remembers C | R ′ ; if the check fails, the automaton goes into the rejecting sinkstate. And so on. The number of states is exponential in | R | , the parity index is 1. The au-tomaton for checking 0-satisfiability additionally checks that C | R = { r = s | r, s ∈ R } . ◭ B.3 Proof of Lemma 3
Proof.
Direction ⇒ . Suppose a constraint sequence C C ... is satisfiable by some valuations v v ... . Assume ¬ A ′ : there is an infinite decreasing two-sided chain χ = ( r , m )( r , m ) ... .Let v m ( r ) = d ⋆ be the data value at the start of the chain. Each decrease ( r i , m i ) > ( r i +1 , m i +1 ) in the chain χ requires the data to decrease as well: v i ( r i ) > v i +1 ( r i +1 ). Hencethere must be an infinite number of data values between d ⋆ and 0, which is impossible in N .Hence A ′ must hold. Now assume ¬ B ′ : there is a sequence of two-sided trespassing chainsof unbounded depth. By definition of trespassing, there is at least one stabilised thread; letan r -thread be the maximal among them. Let d ⋆ be the stabilised value of the r -thread. Bydefinition of trespassing chains, they lay below the r -thread, and the values of registers inthem are bounded by d ⋆ , hence the depths of such chains are bounded by d ⋆ , contradictingthe assumption ¬ B ′ . Hence B ′ holds.Direction ⇐ . Given a consistent constraint sequence C C ... satisfying A ′ and B ′ , weconstruct a sequence of register valuations v v ... such that v i ∪ v ′ i +1 | = C i for all i ≥ v ′ = { r ′ v ( r ) | r ∈ R } ). For a register r and moment i ∈ N , let d ( r, i ) be the largestdepth of two-sided chains from ( r, i ); the depth d ( r, i ) can be 0 but not ∞ , by assumption A ′ . Then, for every r ∈ R and i ∈ N , set v i ( r ) = d ( r, i ) . We now prove that for all i , the satisfaction v i ∪ v ′ i +1 | = C i holds, i.e. all atoms of C i are alue time i i +1 r a r b r ′ Figure 3
Proving the direction ¬ A ′ ⇒ ¬ A in Lemma 4. The two-sided chain is in black, theconstructed one-sided chain is in blue. satisfied. Pick an arbitrary atom t ⊲⊳ t of C i , where t , t ∈ R ∪ R ′ . Define m t = i + 1 if t is a primed register, else m t = i ; similarly define m t . There are two cases. t ⊲⊳ t is t = t . Then the deepest chains from ( t , m t ) and ( t , m t ) have the samedepth, d ( t , m t ) = d ( t , m t ), and hence v i ∪ v ′ i +1 satisfies the atom. t ⊲⊳ t is t > t . Then, any chain ( t , m t ) ... from ( t , m t ) can be prefixed by ( t , m t )to create the deeper chain ( t , m t ) > ( t , m t ) ... . Hence d ( t , m t ) > d ( t , m t ), therefore v i ∪ v ′ i +1 satisfies the atom.This concludes the proof. ◭ B.4 Proof of Lemma 4
Proof.
We show that the conditions A ∧ B hold iff the conditions A ′ ∧ B ′ from Lemma 3hold; which implies the result by Lemma 3. The directions ¬ A ⇒ ¬ A ′ and ¬ B ⇒ ¬ B ′ follow from the definition of chains.Direction ¬ A ′ ⇒ ¬ A . Given an infinite two-sided chain χ = ( r a , i ) . . . , we constructan infinite descending one-sided chain χ ′ . The construction is illustrated in Figure 3. Ourone-sided chain χ ′ starts in ( r a , i ). The area on the left from i -timeline contains i · | R | points, but χ has an infinite depth hence at some point it must go to the right from i . Let r b be the smallest register visited at moment i by χ ; we first assume that r b is differentfrom r a (the other case is later). Let χ go ( r b , i ) ⊲ ( r ′ , i + 1). We append this to χ ′ and get χ ′ = ( r a , i ) > ( r b , i ) ⊲ ( r ′ , i + 1). If r a and r b were actually the same, so the chain χ moved( r a , i ) ⊲ ( r ′ , i + 1), then we would append only ( r a , i ) ⊲ ( r ′ , i + 1). By repeating the argumentfrom the point ( r ′ , i + 1), we construct the infinite descending one-sided chain χ ′ . Hence ¬ A holds.Direction ¬ B ′ ⇒ ¬ B . Given a sequence of trespassing two-sided chains of unboundeddepth, we need to create a sequence of trespassing one-sided chains of unbounded depth.We extract a witnessing one-sided chain of a required depth from a sufficiently deep two-sided chain. To this end, we represent the two-sided chain as a clique with colored edges,and whose one-colored subcliques represent all one-sided chains. We then use the Ramseytheorem that says a monochromatic subclique of a required size always exists if a clique islarge enough. From the monochromatic subclique we extract the sought one-sided chain.The Ramsey theorem is about clique graphs with colored edges. For the number n ∈ N of vertices, let K n denote the clique graph and E K n — its edges, and let color : E K n →{ , . . . , c } be the edge-coloring function, where c is the number of edge colors in theclique. A clique is monochromatic if all its edges have the same color ( c = 1). The Ramseytheorem says: alue time
12 345 678 (a)
A given two-chain (w/o stuttering) value time
12 345 678 (d)
Constructed increasing one-chain value time (b)
Clique: shown the edges for the top5 points only. Try completing the rest. value time
12 345 678 (c)
Monochromatic subclique with ele-ments 1, 2, 5, 8
Figure 4
Proving the direction ¬ B ′ ⇒ ¬ B in Lemma 4 Fix the number c of edge colors. ( ∀ n )( ∃ l )( ∀ color : E K l → { , . . . , c } ): there existsa monochromatic subclique of K l with n vertices. The number l is called Ramseynumber for ( c, n ).I.e., for any given n , there is a sufficiently large size l such that any colored clique of thissize contains a monochromatic subclique of size n . We will only use c = 3.Given a sequence of two-sided chains of unbounded depth, we show how to build asequence of one-sided chains of unbounded depth. Suppose we want to build a one-sidedchain of depth n , and let l be Ramsey number for (3 , n ). Because the two-sided chains fromthe sequence have unbounded depth, there is a two-sided chain χ of depth l . From it weconstruct the following colored clique (the construction is illustrated in Figure 4).Remove stuttering elements from χ : whenever ( r i , m i ) = ( r i +1 , m i +1 ) appears in χ ,remove ( r i +1 , m i +1 ). We repeat this until no stuttering elements appear. Let χ > =( r , m ) > · · · > ( r l , m l ) be the resulting sequence; it is strictly decreasing, and contains l pairs (the same as the depth of the original χ ). Note the following property ( † ): for everynot necessarily adjacent ( r i , m i ) > ( r j , m j ), there is a one-sided chain ( r i , m i ) . . . ( r j , m j );it is decreasing if m i < m j , and increasing otherwise; its depth is at least 1.The elements ( r, m ) of χ > serve as the vertices of the colored clique. The edge-coloringfunction is: for every ( r a , m a ) > ( r b , m b ) in χ > , let color (cid:0) ( r a , m a ) , ( r b , m b ) (cid:1) be ր if m a < m b , ց if m a > m b , ↓ if m a = m b . Figure 4b gives an example.By applying the Ramsey theorem, we get a monochromatic subclique of size n with vertices V ⊆ { ( r , m ) , . . . , ( r l , m l ) } . Its color cannot be ↓ when n > | R | , because a time line hasmaximum | R | points. Suppose the subclique color is ր (the case of ց is similar). We buildthe increasing sequence χ ⋆ = ( r ⋆ , m ⋆ ) < · · · < ( r ⋆n , m ⋆n ), where m ⋆i < m ⋆i +1 and ( r ⋆i , m ⋆i ) ∈ V ,for every plausible i . The sequence χ ⋆ may not satisfy the definition of one-sided chains,because the removal of stuttering elements that performed at the beginning can cause timejumps m i +1 > m i + 1. But it is easy—relying on the property ( † )—to construct the one- ided chain χ ⋆⋆ of depth n from χ ⋆ by inserting the necessary elements between ( r i , m i ) and( r i +1 , m i +1 ). Finally, when the subclique has color ց , the resulting chain is decreasing.Thus, for every given n , we constructed either a decreasing or increasing trespassingone-sided chain of depth n —in other words, a sequence of such chains of unbounded depth.Hence ¬ B holds, which concludes the proof of direction ¬ B ′ ⇒ ¬ B . ◭ B.5 Proof of Theorem 6
We first show the following lemma: ◮ Lemma 18.
Let R be a set of registers and D = Q . A constraint sequence C C . . . issatisfiable iff it is consistent. It is -satisfiable iff it is consistent and C | R = { r = r | r , r ∈ R } . Proof.
Direction ⇒ . The first two items follow from the definition of satisfiability andLemma 4. Consider the last item: suppose there is such a chain. Then, at the momentwhen the chain strictly decreases and goes to some register s , the register s would need tohave a value below 0, which is impossible in N .Direction ⇐ . Since the conditions A ∧ B hold, the sequence is satisfiable, hence it alsosatisfies the conditions A ′ ∧ B ′ from Lemma 3. In the proof of Lemma 3, we showed that inthis case the following valuations v v ... satisfy the sequence: for every r ∈ R and moment i ∈ N , set v i ( r ) (the value of r at moment i ) to the largest depth of the two-sided chainsstarting in ( r, i ). We construct v v ... as above, and get a witness of satisfaction of ourconstraint sequence. But note that at moment 0, v = 0 R , by the last item. Hence theconstraint sequence is 0-satisfiable. ◭ Proof of Theorem 6.
The max-automaton will accept a constraint sequence iff it is consis-tent and has no infinitely decreasing one-sided chains and no trespassing one-sided chainsof unbounded depth. By Lemma 4, such a sequence is satisfiable.The max-automaton A = A c ∧ A ¬∞ ∧ (cid:0) A ¬ s ∨ W r ∈ R ( A rm ∧ A r ¬ u ) (cid:1) has five components,and can be described as follows: a constraint sequence is accepted iff it is consistent ( A c ),has no infinitely descending chains ( A ¬∞ ), either has no stabilising threads ( A ¬ s ) or one ofthe registers is maximal ( A rm ) and there are no unbounded r -trespassing chains ( A r ¬ u ). A c The parity automaton A c checks consistency, namely that ∀ i : unprime ( C i | R ′ ) = ( C i +1 ) | R . A ¬∞ The parity automaton A ¬∞ ensures there are no infinitely decreasing chains. First,we construct the automaton A ∞ that accepts a constraint sequence iff it has such a chain.Intuitively, the automaton guesses such a chain. It starts in the initial state q . It loopsin q until it nondeterministically decides that now is the starting moment of the chain, inwhich case it also guesses the first register r of the chain, and it transits into the next statewhile memorising r . When the automaton is in a state with r and reads a constraint C , itguesses the next register r n , verifies that ( r ′ n > r ) ∈ C or ( r ′ n = r ) ∈ C , and transits intothe state that remembers r n . The Büchi acceptance condition ensures that the automatonleaves the initial state and transits from some r to some r n with ( r ′ n > r ) ∈ C infinitelyoften. To get A ¬∞ , we determinise and complement A ∞ . A ¬ s The parity automaton A ¬ s accepts a sequence iff it has no stabilising threads, equiv.,for every r , the constraints satisfy ( r = r ′ ) infinitely often. A rm Given a register r , the parity automaton A rm accepts a sequence iff r is maximal amongall stabilising threads. The automaton loops in its initial state until it decides to nondeter-ministically pick a set R s ⊆ R with r ∈ R s of all stabilising threads and a moment m whenall registers in R s have stabilised, then it verifies that from now on the registers R s do not hange their values while all others do, and that the register r is maximal among R s . Thesechecks mean that every constraint C read after the moment m contains r s = r ′ s and r ≥ r s ,for every r s ∈ R s ; and for every r o R s , we read C with r o = r ′ o infinitely often. A rm isparity and can be determinised. It is not hard to show that the result is exponential in | R | . A r ¬ u Given a register r m , the max-automaton A r m ¬ u ensures the following: if r m is maximalin a constraint sequence, then there are no increasing or decreasing trespassing one-sidedchains of unbounded depth. The automaton A r m ¬ u is a conjunction B % ∧ B of two automatathat check the absence of decreasing and increasing chains. We only describe B % .The automaton B % has a set Cn of | R | number of counters. In its state, B % maintains apartial mapping cn : R → Cn . We write cn ( R ) to denote the counters used by the mapping.Intuitively, in each state of the automaton B % , for each cn -mapped register r , the value ofthe counter cn ( r ) reflects the depth of the deepest trespassing decreasing one-sided chainthat ends in r in the current moment of the automaton run. We maintain this property of cn during the transition of B % on reading a constraint C , using operations of max-automataon counters and register-order information from C . On reading C , the automaton does thefollowing:Counters releasing. For every r : if r < r m and r ′ > r ′ m , then the automaton performs reset on the counter cn ( r ) and removes r from the mapping cn .Counters allocation. For every r : if r ≥ r m and r ′ < r ′ m , then pick a counter c ∈ Cn \ cn ( R ) and then map r c in cn .Counters updating. Fix an arbitrary register r such that r ′ < r ′ m holds in C . Let R tre>r ′ = { r o | r o < r m ∧ r o > r ′ } be the trespassing registers that are larger than theupdated r . If R tre>r ′ is not empty, let cn ( R tre>r ′ ) be the set of their counters. Let r = be aregister s.t. r = = r ′ (may not exist). Then, the automaton does the following operationon the counter cn ( r ): reset when R tre>r ′ is empty and r = does not exist: the condition means that nodecreasing trespassing chain can be extended into r ′ ; copy ( cn ( r = )) when R tre>r ′ is empty and r = exists: only the chains ending in r = can beextended into r ′ , and since r = = r ′ , the deepest chain keeps its depth; max (cid:0) cn ( R tre>r ′ ) (cid:1) + 1 when R tre>r ′ is not empty and r = does not exist: the chains fromregisters in R tre>r ′ can be extended into r ′ , and since r ′ is lower than any register in R tre>r ′ , their depths increase. The new value of counter cn ( r ) reflects the deepest chain. max (cid:0) max ( cn ( R tre>r ′ )) + 1 , cn ( r = ) (cid:1) when R tre>r ′ is not empty and r = exists: some chainsfrom registers in R tre>r ′ can be decremented into r ′ , and there is also a chain from r = that can be extended into r ′ without its depth changed. The updated value of thecounter cn ( r ) reflects the deepest resulting chain.Thus, B % moves into the successor state with the updated mapping cn while performing theoperations on the counters, as described above. The acceptance condition of B % requires allcounters to be bounded. The number of states of B % is exponential in | R | .Finally, for the case of 0-satisfiability, the automaton A also needs to satisfy the additionalconditions stated in Lemma 5, namely that the constraint sequence starts with C s.t. C | R = { r = s | r, s ∈ R } and that there are no decreasing one-sided chains from moment 0 of depth ≥
1. These constructions are simple and omitted. ◭ B.6 Proof of Lemma 7
We first prove the following intermediate lemma. Lemma 19.
Suppose a consistent constraint sequence is lasso-shaped and has no tres-passing infinitely decreasing nor increasing one-sided chains. Then it has no trespassing unboundedly decreasing or increasing one-sided chains.
Proof.
If there are no stabilising threads in a given constraint sequence, the proof is trivial,so we assume their presence, and let an r m -thread be maximal among them. The lasso-shaped constraint sequence has the form C . . . C k − ( C k . . . C k + l ) ω . We focus on the loop C k . . . C k + l . Let R m = { r | ( r < r m ) ∈ C k } . Property ( † ): For every r ∈ R m , theconstraints C k . . . C k + l cannot have increasing or decreasing chains of depth > r at a moment of reading C k and ending in r ′ (primed r ) at moment of reading C k + l .I.e., the constraints C k . . . C k + l cannot require any register r ∈ R m to strictly increase (ordecrease) along the loop. If this was the case, we would get a trespassing infinitely increasing(or decreasing) one-sided chain, contradicting the lemma premise.To derive the lemma conclusion, suppose, by contradiction, that there are trespassingunboundedly increasing one-sided chains (the other case is similar). At some point, suchchains will start circling the loop C k . . . C k + l more than | R | times. Consider the registersvisited by such a chain at the moments of C k . The number of registers is | R | , but the chainvisits C k more than | R | times, hence some register r is visited twice. I.e., the chain visits r ata moment of reading C k and visits r again at a moment of reading another C k later. Sincethe chain’s depth is > C k | R = unprime ( C k + l | R ′ ) by consistency of the constraintsequence, we derive a contradiction with the property ( † ). Hence our assumption is wrong,and the sequence has no trespassing unboundedly increasing chains. The case of decreasingchains is similar. ◭ Proof of Lemma 7.
The first item (about satisfiability) follows from Lemma 19 and 4. Thesecond item (about 0-satisfiability) follows from Lemma 19 and 5. ◭ C Proofs of Section 4C.1 Proof of Lemma 10
Proof.
Direction ⇐ . Let λ : Tst + R → Asgn R be a winning strategy in G . Then we construct λ f a winning strategy in G f as follows. For a finite play π = v ( v , tst )( v , asgn ) . . . ( v n , tst n ),we let λ f ( π ) = ( v n +1 , asgn n +1 ) such that asgn n +1 = λ ( tst tst . . . tst n ) and v n +1 = ∆( v n , asgn n ).Let π = v ( v , tst )( v , asgn ) . . . be an infinite play compatible with λ f . Assume that a = tst asgn . . . is a feasible action word. By definition of λ f , we have that a ∈ Outcome G ( λ ).By definition of winning strategies in register games, we get that π a = v v v . . . satisfiesthe parity condition.Direction ⇒ . Let λ f : P lays G f → V ∀ be a winning strategy in G f . We construct awinning strategy λ : Tst + R → Asgn R in G as follows. Let ρ = tst . . . tst k be some sequence oftests. For all i ∈ { , . . . , k − } , we define v , u , v , u , . . . , v k ∈ V and asgn , . . . , asgn k induc-tively, such that v is the initial vertex of G and for all 0 ≤ i ≤ k , u i = ∆( v i , tst i ), asgn i +1 = λ f ( v ( u , tst )( v , asgn ) . . . ( u i , tst i )), and v i +1 = ∆( u i , tst i ). We finally let λ ( tst . . . tst k ) = asgn k +1 . Let us show that λ is winning. Let a = tst asgn tst asgn · · · ∈ Outcome G ( λ ) andlet π a = v u v u . . . . Assume that a is feasible, we have to show that π a satisfies the paritycondition. By definition of λ , we also get that v ( u , tst )( v , asgn ) · · · ∈ Outcome G f ( λ f ).Since λ f is winning, by definition of W G , we get that π a satisfies the parity condition. Hence, λ is winning.The back-and-forth translation of finite-memory strategies can be done similarly, con-cluding the proof. ◭ .2 Proof of Lemma 11 Proof.
We briefly recall a few definitions from Section 3. A constraint C relates the valuesof the registers in the current and next moments; it is a maximal consistent set of atomsof the form t ⊲⊳ t , where ⊲⊳ ∈ { <, = } and each t and t is a register or a primed register(a primed register describes the register in the next moment). A state constraint relatesregisters at one moment only, so it does not talk about primed registers. Given constraint C , we write C | R to denote the atoms describing the current moment, and C R ′ — the nextmoment. We write unprime ( C | R ′ ) to denote the atoms of C | R ′ after renaming r ′ r forevery r ′ ∈ R ′ . Thus, both C | R and unprime ( C | R ′ ) are state constraints. A constraintsequence is an infinite sequence of constraints; it is 0-satisfiable if there is a sequence ofregister valuations starting in 0 R that satisfy all constraints. Now we prove the lemma.Let R d = R ⊎ { r d } , where the register r d will play a role of the last input data. Let Πbe the set of all state constraints on R d ; thus each π ∈ Π contains atoms of the form r ⊲⊳ s where r, s ∈ R d and ⊲⊳ ∈ { <, = } .Given π , tst , asgn , we define the mapping constr : ( π, tst , asgn ) C as follows. (Thedefinition is as expected, but we should be careful about handling of r d ; it is the last item.)The constraint C includes all atoms of the state constraint π (that relates the registersat the beginning of the step).Recall that neither tst nor asgn talk about r d . For readability, we shorten ( t ⊲⊳ t ) ∈ C to simply t ⊲⊳ t , ( ∗ ⊲⊳ r ) ∈ tst to ∗ ⊲⊳ r , and a ≤ b means ( a < b ) ∨ ( a = b ).We define the order at the end of the step as follows. For every two different r, s ∈ R : r ′ = s ′ iff ( r = s ) ∧ r, s asgn or r ∈ asgn ∧ ( ∗ = s ) or r, s ∈ asgn ; r ′ < s ′ iff ( r < s ) ∧ r, s asgn or ( ∗ < s ) ∧ r ∈ asgn ∧ s asgn ; r ′ = r ′ d iff ( r = ∗ ) or r ∈ asgn ; r ′ ⊲⊳ r ′ d iff ( r ⊲⊳ ∗ ) ∧ r asgn , for ⊲⊳ ∈ { <, > } ;So far we defined the order of the registers at the beginning and the end of the step. Nowwe relate the values between these two moments. For every r ∈ R : r = r ′ iff r asgn or r ∈ asgn ∧ ( ∗ = r ); r ⊲⊳ r ′ iff r ∈ asgn ∧ ( r ⊲⊳ ∗ ), for ⊲⊳ ∈ { <, > } ;Finally, we relate the values of r d between the moments. There are two cases.The value of r d crosses another register: ∃ r ∈ R : ( r d < r ) ∧ ( ∗ ≥ r ). Then ( r ′ d > r d ).Similarly for the opposite direction: if ∃ r ∈ R : ( r d > r ) ∧ ( ∗ ≤ r ) then ( r ′ d < r d ).Otherwise, the value of r d does not cross any register boundary. Then r ′ d = r d .Using the mapping constr , every action word a = tst asgn tst asgn . . . can be uniquelymapped to the constraint sequence constr ( a ) = C C . . . as follows: C = constr ( π , tst , asgn ),set π = unprime ( C | R ′ d ), then C = constr ( π , tst , asgn ), and so on.We now prove the statement of the lemma, namely that an action word a is feasible iff theconstraint sequence constr ( a ) is 0-satisfiable.The proof follows from the definitions of feasibility and 0-satisfiability, and from the fol-lowing simple property of feasible action words. Every feasible action word has a witness v d v d · · · ∈ ( D R · D ) ω such that: if some tst is repeated twice and no assignment is done,then the value d stays the same. This property is needed because of the last item in thedefinition of constr where we set r ′ d = r d . ◭ C.3 Proof of Lemma 12
Proof.
We describe a deterministic (parity or max) automaton F accepting all feasibleaction words. Let V the deterministic (parity or max) automaton accepting all 0-satisfiable onstraint sequences (see Theorems 2 or 6). Our automaton F in its state ( q V , π ) tracks thestate q V of V and the state constraint π . From ( q V , π ), on reading first tst and then asgn ,the automaton creates the constraint C = constr ( π, tst , asgn ), then simulates V on reading C , which gives q ′ V , and updates π ′ = unprime ( C | R ′ d ); hence F transits into ( q ′ V , π ′ ). In thebeginning all registers are equal, so the initial state of F is ( q V , π ), where q V is initial for V and π = { r = s | r, s ∈ R d } . The acceptance is defined by the automaton V . Using theproperties of constr and of the automaton V , it is easy to see that the automaton F acceptsan action word iff it is feasible. The size of F is exponential in R . ◭ D Example and Proofs of Section 5D.1 Example
In Figure 5, we revisit the typical example of a server granting requests from a set of clients.Each client has a unique priority p ∈ N , expressing whether s/he should take precedenceover others. Note that the number of clients is thus unbounded a priori. The server isequipped with a buffer of size k , and should ensure that (1) there are never more than k pending requests and (2) every request is eventually granted and (3) when a request isgranted, it is the one with highest priority. Requests are represented as the set of inputsignals Σ I = { (req , p ) | p ∈ N } ∪ { idle } and grants by the set of output signals Σ O = { ( g, i ) | i ∈ C } ∪ { idle } (server grants client i ’s request). Each client is modelled by his/her uniquepriority; (req , p ) means that the client with priority p requests the ressource and (grt , p )means that his/her request is granted. As input, idle means that no request is conducted atthis moment; as output, that no request is granted.The latter specification is realisable for instance by the transducer which outputs (grt , p )whenever it reads (req , p ) and idle whenever it reads idle (Figure 6). Such specification canbe enriched as follows: on the first step, the implementation should output idle, modellingthe fact that there is an initial request. This is doable since deterministic register automataare closed under intersection. Then, the specification does not admit any implementationanymore: if, initially, some client with low priority inputs some request, it is necessarilybuffered (as the implementation has to initially output idle), and it will then starve foreverif, afterwards, clients with higher priority repeatedly send requests to the server. This can bemitigated e.g. by allowing the implementation to break the precedence order finitely manytimes. Then, an implementation would have to used its two registers as buffers, alwaysgranting the pending specification with highest precedence. D.2 Proof of Theorem 16
Proof.
Given a register transducer T we construct a register game G T such that there existsan o-selecting strategy λ such that L ( T ⊗ λ ) ⊆ L ( T ) iff there exists a finite-state winningstrategy for Eve in G T . To decide the latter, by Theorem 1 it suffices to decide the existenceof a winning strategy.The only difference between a register transducer and a game is that register transducershave input and output labels, and can output the content of a register. Assume a slightlydifferent definition of register transducers, with transitions of type δ : Q × Tst R → Asgn R × Q ,and the condition that ( asgn , q ) , ( asgn , q ) ∈ δ ( q, tst ) implies q = q . Equivalently, wecould assume that | Σ I | = | Σ O | = 1 and that T always output the same register. We call thistype of register transducer a register transducer is pre-game form . Then, it is immediate tosee that solving the synthesis problem for an RT T in pre-game form reduces to a registergame. The only difference is that we have to split transitions of T into two transitions of the , ⊤ store ( r ) , grt , out ( r ) store ( r ) , idle , ⊤ req , d > r store ( r ) , grt , out ( r ) store ( r ) , idle , ⊤ idle , ⊤ g r t , o u t ( r ) req , d ≤ r store ( r ) , grt , out ( r ) req , d > r store ( r ) , grt , out ( r ) store ( r ) , grt , out ( r )req , d ≤ r store ( r ) , idle , ⊤ idle , ⊤ idle , ⊤ grt , out ( r ) store ( r ) , idle , ⊤ idle , ⊤ store ( r ) , idle , ⊤ i d l e , ⊤ i d l e , ⊤ grt , out ( r ) Figure 5
A specification of a server with a buffer of size k = 2, ensuring that every request iseventually granted, with precedence to the highest priority. On the output, out ( r ) means that thetransducer outputs the content of r . ⊤ is a macro for two transitions, with respectively out ( r ) and out ( r ). game: the first where Adam picks the test and the second where Eve picks the assignment.We now show that any register transducer T can be turned into an RT in pre-game form T ′ ,such that T is realisable iff T ′ is realisable. Moreover, winning strategies realising T ′ can betranslated back to winning strategies realising T .Since the concrete values of the output register do not matter (only the state dynamics of T matters), they can be considered as labels. So, w.l.o.g. we assume that the transitions of T have not output registers. Formally, assume that T = (Σ I , Σ O , Q, q , R, δ, α ), where δ : Q × Σ I × Tst R → Σ O × Asgn R × Q . Now, we show that we can always assume that | Σ I | = | Σ O | = 1and therefore further assume that δ is of type δ : Q × Tst R → Asgn R × Q , while keeping theproperty that for all q, tst , asgn , there exists a unique q ′ such that ( asgn , q ′ ) ∈ δ ( q, tst ). Thisis done by encoding input and output labels as different data values, which are read by thetransducer in an initial phase, and then by replacing occurrences of symbols in Σ I and Σ O onthe transitions of T as particular tests and assignments respectively. Formally, assume thatΣ I = { σ , . . . , σ n } and Σ O = { β , . . . , β m } and they are disjoint. We modify T by asking itto read n + m different data intended to represent the elements of Σ I and Σ O respectively. T initially store those n + m data in n + m registers r σ , . . . , r σ n , r β , . . . , r β m and duringthis phase, check that those data are all pairwise different with the test tst alldiff = V i r σ i = ∗ ∧ V j r β j = ∗ . Then, any transition of the form t = ( q, σ I , tst , σ O , asgn , q ′ ) is replaced by eq , ⊤ | store ( r ) , grt , out ( r )idle , ⊤ | idle , out ( r ) Figure 6
A transducer immediately granting each request it receives. On reading idle, thetransducer can output anything, here it outputs 0 (the content of r ). the two transitions ( q, r σ I = ∗ ∧ V j = i r σ j = ∗ , asgn ′ = { r σ O } , t ) and ( t, tst , asgn , q ′ ). The newpriority function assigns priority 0 to the newly added states and priority α ( q ) for the otherstates q ∈ Q . The new register transducer T ′ is finally completed by missing transitions (tomake its transition function total) to a sink accepting state (with an even priority). This sinkstate has a loop which for any test, always assign the same assignment (randomly chosen)that we write asgn ∗ . Note that T ′ is now in pre-game form. Claim there exists a winning o-selecting strategy in T iff there exists a winning o-selectingstrategy in T ′ . Proof
From left to right. If there is a winning o-selecting strategy λ in T . Then, itcan be turned into the following winning o-selecting strategy λ ′ in T ′ . In the initial phase(reading n + m different data), if at some point a test different from tst alldiff is providedto the strategy λ ′ , then it means that the transducer evolves to the sink accepting stateand hence the strategy λ ′ in this sink state is to always select the unique assignment asgn ∗ .Otherwise, it means that n + m different data have been provided and after the initial phasethe strategy λ ′ mimics λ . Now, let t = ( q, σ I , tst , σ O , asgn , q ′ ) a transition of T has in thedefinition of T ′ . If from ( q, σ I , tst ) the strategy λ prescribes to select ( σ O , asgn , q ′ ), thestrategy λ ′ first from ( q, r σ I = ∗ ∧ V j = i r σ j = ∗ ) prescribes to select ( asgn ′ = { r σ O } , t ) andfrom ( t, tst ) it prescribes to select ( asgn , q ′ ). The new strategy λ ′ is winning as it simulates λ which is winning as well. The converse is proved similarly. From a winning strategy λ ′ wecan construct a winning strategy λ which simulates two steps of λ ′ in one step. End ofClaim Proof.
Now, let T ′ = ( Q, q , R, δ, α ) an RT in pre-game form, where δ has type δ : Q × Tst R → Asgn R × Q is such that for all q, tst , asgn , there exists a unique q ′ such that ( asgn , q ′ ) ∈ δ ( q, tst ).We construct the game G T ′ = ( V ∀ , V ∃ , v , ∆ , α ′ ) as follows: V ∀ = QV ∃ = Q × Tst R v = q ∆( q, tst ) = ( q, tst )∆(( q, tst ) , asgn ) is the unique q ′ such that ( asgn , q ′ ) ∈ δ ( q, tst ) α ′ ( q ) = α ′ ( q, tst ) = α ( q )Let us briefly sketch why the reduction is correct. Suppose that T ′ is realisable by someo-selecting strategy λ , i.e. a strategy such that L ( T ′ ⊗ λ ) ⊆ L ( T ′ ). It is easy to transfer thisstrategy into a strategy λ ′ in the register game G T ′ which naturally simulates λ , because T and T ′ are almost similar in structure, the only difference being that G T ′ have split eachtransition of T into two transitions of Adam and Eve respectively, and tests information arealso included in its states. To show that λ ′ is winning, take an action word a = tst asgn . . . in the outcome of λ ′ and suppose it is feasible by some v d . . . . Since λ ′ simulates λ , weget that d d · · · ∈ L ( T ′ ⊗ λ ). Since L ( T ′ ⊗ λ ) ⊆ L ( T ′ ), we get that d d · · · ∈ L ( T ′ ). This eans that the sequence of states q q . . . in T ′ corresponding to the run v d . . . satisfiesthe parity condition. By definition of G T ′ , we get that π a = q ( q , tst ) q ( q , tst ) . . . andhence by definition of α ′ , π a satisfies α ′ . This shows that λ ′ is winning.The converse is shown similarly, from a winning strategy λ ′ in G T ′ we naturally definea strategy λ in T ′ which simulates in one-step two steps of λ ′ . In particular, λ ′ selects thetransitions of T ′ which corresponds to Eve’s choices in G T ′ . It can be shown similarly asbefore that λ ′ is also winning.Moreover, these back-and-forth translations between strategies of T ′ and strategies of G T ′ preserves the fact of being finite-memory. Finally, the construction of T ′ can be done inpolynomial time, and therefore the whole procedure runs (construction of T ′ , constructionof G T and solving G T ) in ExpTime . ◭◭