Logic and Automata I - Masaryk Universityeatcs-school.fi.muni.cz/_media/thomas1.pdfLogic and...

Logic and Automata I

Wolfgang Thomas

EATCS School, Telc, July 2014

The Plan

We present automata theory as a tool to make logic effective.

Four parts:

1. Some history

2. Automata on infinite words

First step: MSO-logic over finite wordsBuchi automataDeterminization

3. Tree automata and infinite games

4. Decidability of monadic theories

Wolfgang Thomas

Some History

Wolfgang Thomas

Why MSO-Logic? Tarski’s Problem

Godel, Turing, Tarski in the 1930’s:

The first-order theory of (N,+, ·, 0, 1) is undecidable.

If we use second-order logic, we get undecidability even for(N,+1, 0). We define addition (and similarly multiplication):

x + y = z iff each binary relation that contains (0, x) and isclosed under (m, n) 7→ (m + 1, n + 1) contains also (y, z)

Alfred Tarski asked:

Is the monadic second-order theory of (N,+1, 0) decidable?

Wolfgang Thomas

Alfred Tarski (1901 - 1983)

Wolfgang Thomas

“Model-Checking”

Today we call this a model-checking problem:

Is the model-checking problem

(N,+1, 0) |= ϕ?

w.r.t. MSO-logic decidable?

Other names: S1S, SC, B uchi’s arithmetic

In computer science, the emphasis has shifted:

Does a system model G satisfy a specification ϕ?

G is often an infinite (edge-labelled and vertex-labelled) graph.

Wolfgang Thomas

MSO Logic over (N,+1, 0)

We have

first-order variables x, y, z, . . . ranging over naturalnumbers

set variables X, Y , Z, . . . ranging over sets of naturalnumbers

terms formed from first-order variables and 0 byapplication of “ +1”

atomic formulas s = t and X(t) for terms s, t and setvariables X

connectives ¬,∨,∧,→,↔ and quantifiers ∃, ∀

Wolfgang Thomas

Example Formulas

Over (N,+1, 0) the induction axiom:

∀X(X(0)∧ ∀y(X(y) → X(y + 1)) → ∀zX(z))

Over graphs (V , E) 3-colorability:

∃X1∃X2∃X3(Partition(X1, X2, X3)

∧∀x∀y(E(x, y) →∨

i,j(Xi(x)∧ Xj(y))))

Over (N,+1, 0) the existence of automaton runs(e.g., for three states):

∃X1∃X2∃X3

(Partition(X1, X2, X3)

∧ initial-, transition-, and acceptance-condition )

Wolfgang Thomas

Transitive Closure

We have x ≤ y iff for all sets X containing x and closed undersuccessor, X(y) holds.

For any MSO-formula ϕ(z, z′), we write

ϕ∗(x, y) :=

∀X(X(x)∧∀z, z′(X(z)∧ϕ(z, z′) → X(z′)) → X(y))

Wolfgang Thomas

Example

“Each set with two successive elements contains an evennumber”

First define “ y is even”:

Set ϕ2(z, z′) := (z + 1) + 1 = z′

Even(y) := ϕ∗2(0, y)

Then we take the following formula:

∀X(∃x(X(x)∧ X(x + 1)) → ∃y(X(y)∧ Even(y)))

Wolfgang Thomas

Comparing with Presburger Arithmetic

R.M. Robinson 1958:

The MSO-theory of (N,+1, 2x, 0) is undecidable.

We follow a proof idea of Elgot and Rabin (1966).

Idea: Code binary relations by sets and simulate relationquantifiers by set quantifiers.

R = {(m0, n0), (m1, n1), . . .} 7→

MR = {m′0 < n′

0 < m′1 < n′

1 . . .}.

(m, n) ∈ R iffin the MR-list there are successive codes m′, n′ of m, n wherem′ sits on an odd position.

Wolfgang Thomas

Defining the Code

For each x we need an infinite set Cx of code numbers.

such that from z ∈ Cx the number x can be retrieved (by anMSO-formula).

Set Cx := {2i · (2x + 1) | i ≥ 0}.

From a number z = 2i · (2x + 1) obtain x:

iteratively divide by 2

if this is no more possible subtract 1 and divide by 2

Obtain an MSO-formula for “ z is a code of x”

Wolfgang Thomas

Details

Let ϕ2(y, y′) := y′ is half of y)

Then

“ z is a code of x”: ∃s(ϕ∗2(z, s)∧ s = 2x + 1)

Translation of ∃R(R(x, y) . . .):

∃X(∃z∃z′(z is code of x ∧ z′ is code of y

∧OddPos(X, z)∧ Next(X, z, z′))

Wolfgang Thomas

Buchi’s Theorem

Richard J. B uchi (1924 - 1984)

The MSO-theory of (N,+1, 0) is decidable.

MSO-formulas can be translated into “B uchi automata”.Wolfgang Thomas

Wolfgang Thomas

First Step: MSO over Finite Words

Wolfgang Thomas

Words coded by Sets

Consider w = (01)(

00)(

00)(

11)(

10)

Domain of letter positions: D = {0, 1, 2, 3, 4}

For an infinite word this domain is N.

w is identified with a pair of sets: K1 = {3, 4} , K2 = {0, 3}

A word over {0, 1}n with domain D can be identified with ann-tuple (K1, . . . , Kn) of subsets of D.

Wolfgang Thomas

A Definable Language

Consider the regular language L0 over {0, 1}2

containing the words where

between any two letters (∗1) there is a letter (0∗)

w = (01)(

00)(

00)(

11)(

10) satsfies this.

ϕ(X1, X2) = ∀x∀y(x < y ∧ X2(x)∧ X2(y) →

∃z (x < z ∧ z < y ∧¬X1(z)))

Wolfgang Thomas

BET Theorem

J.R. Buchi C.C. Elgot B.A. Trakhtenbrot

Theorem of B uchi-Elgot-Trakhtenbrot (1960):

Finite automata and monadic second-order fomulas canexpress the same properties of finite words.

Wolfgang Thomas

From Automata to MSO-Logic

A0:

q0 q1 q2

0

0

1

1

We look for an MSO-formula ϕ “equivalent” to A0

It should express over w that A0 accepts w.

Wolfgang Thomas

q0 q1 q2

0

0

1

1

An input word and an accepting run:

0 0 0 1 1

1

0

0

0

1

0

1

0

0

0

1

0

0

0

1

0

0

1

Wolfgang Thomas

q0 q1 q2

0

0

1

1

ϕ(X) :=

∃Y0∃Y1∃Y2(Partition(Y0, Y1, Y2)∧ Y0(min)

∧∀x((Y0(x)∧¬X(x)∧ Y1(x + 1))

∨(Y1(x)∧¬X(x)∧ Y0(x + 1))

∨(Y1(x)∧ X(x)∧ Y2(x + 1))

∨(Y2(x)∧ X(x)∧ Y2(x + 1)))

∧(Y1(max)∨ Y2(max))∧ X(max))

Wolfgang Thomas

Preparing MSO for Easy Induction

Work with a dialect of MSO in which the first-order variablesare cancelled.

Simulate x by a singleton variable {x}.

Atomic formulas: X ⊆ Y , Sing (X), Succ (X, Y), X < Y .

Exampleϕ(X1, X2) = ∀x∀y(x < y ∧ X2(x)∧ X2(y) → ∃z ¬X1(z))

ϕ′(X1, X2) = ∀X∀Y(X < Y ∧ X ⊆ X2 ∧ Y ⊆ X2(y) →

∃Z(Sing(Z)∧¬Z ⊆ X1))

Task: Find for any ϕ(X1, . . . , Xn) a corresponding automatonover {0, 1}n.

Wolfgang Thomas

From MSO to Automata (Finite Words)

Proceed by induction on formulas.

Example: Succ(X1, X2)

q0 q1 q2

(00)

(10) (0

1)

(00)

Use nondeterministic automata:

Then atomic formulas, ∨,∃ are easy.

For complementation use the subset construction to obtain adeterministic automaton which is easily complementable.

Wolfgang Thomas

Buchi Automata

Wolfgang Thomas

Definition

A Buchi automaton (NBA) has the form A = (Q, Σ, q0, ∆, F)

with

finite state-set Q, initial state q0, set F ⊆ Q of final states,

transition relation ∆ ⊆ Q × Σ × Q

A accepts the input word α ∈ Σω if there is a run of A on α

such that ∃ωi (i) ∈ F.

L(A) := {α ∈ Σω | A accepts α}

is the ω-language recognized by A.

L is called Buchi recognizable if L = L(A) for some B uchiautomaton A.

Wolfgang Thomas

Buchi’s Version of “B uchi Automaton”

Σω1 : (∃r) · A[r(0)]∧ ∀t B[i(t), r(t), r(t′)]∧ (∃ωt) C[r(t)]

This formula type is motivated by a representation of Σ11-sets

in the Cantor space.

Buchi showed closure properties of this formula class andderived that this is a normal form of formulas of S1S.

This is a kind of “quantifier elimination”.

Wolfgang Thomas

Periodicity

Given A = (Q, Σ, q0, ∆, F) define

Wpq = {w ∈ Σ∗ | A : p

w→ q}

Then L(A) =⋃

q∈F Wq0q · (Wq,q)ω

An ω-language is B uchi recognizable iff it is a finite union ofω-languages U · V ω with regular U, V ⊆ Σ

∗

Consequence: A nonempty B uchi-recognizable ω-languagecontains an ultimately periodic ω-word.

Wolfgang Thomas

Buchi’s Theorem

An ω-language is MSO-definable iff it is B uchi recognizable

From automata to MSO: as over finite words.

From MSO to automata: Proceed again by induction.Only complementation is difficult.

Wolfgang Thomas

Complementation

Idea: Represent also the complement- ω-language as a finiteunion of sets U · V ω with regular U, V .

As U, V use equivalence classes of an equivalence relation:

u ∼A v :⇔ A : pu→ q ⇔ A : p

v→ q

and A : pu→ q via F ⇔ A : p

v→ q via F

This is an equivalence relation.

The ∼A-class of u is captured by two lists of edges (p, q):

those (p, q) with A : pu→ q

those (p, q) with A : pu→ q via F

∼A is of finite index, and each ∼A-class is regular.

Wolfgang Thomas

A Crucial Property

Assume U · V ω ∩ L(A) , 6O, where U, V are ∼A-classes.

Then U · V ω ⊆ L(A).

By assumption we have:

A : q0u→ p1

v1→ p2v2→ p3

v3→ . . . with u ∈ U, vi ∈ V

where via infinitely many vi a final state is passed.

Consider β = u′v′1v′

2v′3 . . . in U · V ω with u′ ∈ U, v′

i ∈ V .

Apply u ∼A u′ and vi ∼A v′i :

A : q0u′

→ p1v′

1→ p2v′

2→ p3v′

3→ . . .

where via infinitely many v′i a final state is passed.

Wolfgang Thomas

Last Missing Step

We want to show (with ∼A-classes U, V ):

L(A) =⋃

{U · V ω|U · V ω ∩ L(A) = 6O}

Missing step: Show that each α belongs to some U · V ω

where U, V are ∼A-classes.

Ramsey’s Theorem:

Given a coloring of all pairs i < j of natural numbers, there isan infinite “homogeneous” set H ⊆ N and a fixed color c suchthat each pair i < j with i, j ∈ H is colored with c.

Take as color for (i, j) the ∼A-class of α[i, j)

Wolfgang Thomas

Consequences

1. The MSO-theory of (N,+1, 0) is decidable.Proof: Transform a sentence ϕ into a B uchi automatonover {0, 1}0 (i.e. with unlabelled transitions) and checkwhether there is a reachable q ∈ F with a loop back to q.

2. MSO-formulas over (N,+1, 0) can be rewritten asEMSO-formulas.

3. Model checking:Check whether for each path of a transition system S aformula ϕ holds.Check whether the intersection automaton of S and A¬ϕ

accepts some ω-word.

Wolfgang Thomas

Determinization

Wolfgang Thomas

Deterministic B uchi Automata (DBA)

are of the form A = (Q, Σ, q0, δ, F) with δ : Q × Σ → Q

A accepts α if its unique run on α visits F infinitely often.

This means: The DFA A accepts infinitely many prefixes of α

Let ϕ(X1, . . . , Xn) be a formula equivalent to the DFA A

Modify ϕ(X1, . . . , Xn) to a formula ϕ′(X1, . . . , Xn, y) saying“the segment up to position y satisfies ϕ”

Then the DBA A is equivalent to the formula

∀x∃y (x < y ∧ϕ′(X1, . . . , Xn, y)) where ϕ′ is bounded in y.

So: DBA-recognizable ω-languages are Π02-sets of the Borel

hierarchy (as opposed to Σ11 sets for NBA).

Wolfgang Thomas

Weakness of DBA

Consider the ω-language (0 + 1)∗0ω, recognized by an NBA:

q0 q1

0, 1

0

0

Assume the DBA A recognizes (0 + 1)∗0ω.

Reading 0ω it will reach a final state after 0n0

Reading 0n010ω it will reach a final state after 0n010n1

etc.

So on 0n010n110n21 . . . A will visit final states infinitely often,contradiction.

Wolfgang Thomas

Muller Automata

are a form of ω-automata that recognize the Booleancombinations of DBA-recognizable sets.

Format: A = (Q, Σ, q0, δ,F)

with δ : Q × Σ → Q, F = {F1, . . . , Fk} where Fi ⊆ Q

Acceptance: A accepts α iff for the unique run we have

k∨

i=1

(∧

q∈Fi

∃ωm (m) = q ∧∧

q∈Q\Fi

¬∃ωm (m) = q)

Write Aq for the det. B uchi automaton (Q, Σ, q0, δ,{q}).

L(A) =k⋃

i=1

(⋂

q∈Fi

L(Aq)∩⋂

q∈Q\Fi

L(Aq))

Wolfgang Thomas

McNaughton’s Theorem

R. McNaughton (1924 - 2014)

Each B uchi automaton an be transformed into a (deterministic)Muller automaton.

Wolfgang Thomas

McNaughton’s Theorem Logically

The ω-language defined by a B uchi automaton can be definedby a Boolean combination of formulas

∀x∃y(x < y ∧ϕ(y)) where ϕ(y) is bounded in y

In logical terminology we are reducing a Σ11-statement to a

Boolean combination of Π02-statements.

In other words: The B uchi recognizable ω-languages are allincluded in a low level of the Borel hierarchy (of the Cantorspace).

Wolfgang Thomas

Constructions of Automata

Muller (1963), with a flaw

McNaughton (1966)

Choueka (1974)

Th., using logic (1981)

Safra (1988)with optimal growth rate 2O(n log n) for number of states

Muller and Schupp (1995)

Fogharty, K ahler, Vardi, Wilke (2013)

and others . . .

Wolfgang Thomas

Buchi Determinization: The Task

Given B uchi automaton B = (Q, Σ, q0, ∆, F) and input α

Computation tree of the B-runs on α:

Wolfgang Thomas

A First Attempt: Subset Construction

Collect for each input-prefix w the states reachable via w,thus obtaining “macrostates”.

Wolfgang Thomas

Branching Off and Ticking

Assume we have a nonterminating thread of macrostates.

Branch off a second thread starting from final states, redoingthe subset construction from there.

When the second thread merges with the first thread,

cancel the macrostate of the second threadsignal the past visit to a final state by ticking the firstmacrostate.

Wolfgang Thomas

Ticking Infinitely Often

Assume that infinitely many ticks occur on the first thread.

P1 R1X P2 R2X Pi RiX

⊆ = ⊆ = . . . ⊆ =F1 R1 F2 R2 Fi Ri

From each Ri state we can trace back a finite run with ≥ i

visits to F.

Build a tree from these run segments (each from some Rj toRj+1) constructed backwards from the Ri-states for i ≥ 0.

Apply K onig’s Lemma to this infinite, finitely branching tree.

Obtain an infinite run infinitely many visits to F; so B accepts.

Wolfgang Thomas

The Hydra

We have to open a new thread whenever final states are met!

Wolfgang Thomas

Defeating the Hydra: Safra Trees

Observe that a parent set properly contains the union ofthe children.

Avoid double occurrences of states among brother nodes:Delete a state when it already occurs in an older brother.

We obtain a Safra tree:

a finite ordered tree of macrostates, possibly some ofthem ticked

where the children of a node are disjoint and their union aproper subset of the parent.

There are only finitely many such trees. These are the states ofthe desired Muller automaton M.

Wolfgang Thomas

Transitions of M

From a Safra tree s via letter a the following Safra tree results:

1. For each node whose label contains final states, branchoff a new son containing these final states.

2. To each node label apply the subset construction via inputletter a.

3. Cancel state q if it occurs also in an older brother node.Cancel a node if it has label 6O

4. Cancel all children (and their descendants) if the union oftheir labels equals the parent label, and in this case tickthe parent.

Wolfgang Thomas

Acceptance

A run s0s1s2 . . . is accepting if from some si onwards somenode stays uncancelled in sisi+1si+2 . . . and is ticked infinitelyoften.

Then by construction we have L(M) ⊆ L(B).

This is a Boolean combination of B uchi conditions on the runs0s1s2 . . .:

For some node name k:

there are only finitely many si where k is missing.

there are infinitely many si where the label of k is ticked.

Wolfgang Thomas

Finishing the formal definition

We name the nodes of a Safra tree s by natural numbers 1, 2, . . .

In a Safra tree s, a given state q occurs along a path up tosome point, the “characteristic node”.

The Safra tree is given by a function σ : Q → N

mapping q to its characteristic node(σ(q) = 0 indicates that q is not present.)

Consequence: Each Safra tree has ≤ |Q| nodes.

We need a node name reservoir from 1 to 2|Q|:When starting a new branch we should use a name not used inthe previous tree.

Wolfgang Thomas

Completeness of the Construction

Show L(B) ⊆ L(M). Let α ∈ L(B).

Consider a run of B on α, visiting say the final state q againand again. Analyze the M-run of Safra trees on α.

If root is ticked infinitely often, M accepts.Otherwise look at first occurrence of q afterwards:

Here q is put into a son of the root, and the accepting B-runfinally stays in a fixed son k1 of the root.

If k1 is ticked infinitely often, M accepts.Otherwise continue analogously and get a son k2 of k1 wherethe B-run finally stays.

At some stage the tick occurs infinitely often, otherwise theheight of the Safra trees would be unbounded.

Wolfgang Thomas

Number of Safra Trees

If q occurs in Safra tree, there is a unique node (“characteristicnode”) which contains q but such that no son contains q.

We need four functions to describe a Safra tree:

1. function Q → {0, . . . , 2n} giving the characteristic node2. X-label function: {1, . . . , 2n} → {0, 1}

3. parent function: {1, . . . , 2n} → {0, . . . , 2n}

4. older-brother function: {1, . . . , 2n} → {0, . . . , 2n}

Number of Safra trees ≤ number of such functions

≤ (2n + 1)n · 22n · (2n + 1)2n · (2n + 1)2n

≤ (2n + 1)7n ∈ 2O(n log n)

Wolfgang Thomas

The Conclusion of B uchi’s Paper

Wolfgang Thomas