ffff ffff ffff ffff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff UNIVERSITÄT STUTTGART FAKULTÄT INFORMATIK Proceedings ASMICS Workshop Infinite Traces Tübingen, January 23 - 25, 1992 Volker Diekert, Werner Ebinger (Editors) Bericht 4/92 Preface The workshop Infinite Traces was held at Tübingen, Hotel Hospiz, from January 23 to 25, 1992. The idea to this workshop was born at the general ASMICS meeting at Menaggio. It is the second ASMICS workshop on Free Parially Commutative Monoids, the first one was held at Kochel 1989. Whereas the Kochel workshop gave an representative overview over the different activities in the research field, the subject of the new workshop was restricted to the special theme of infinite traces with the aim of gathering only few experts. The workshop was attended by 8 participants from six different European universities and in addition by three guests from the University of Stuttgart. The scientific programme started with lectures on Thursday, January 23 and ended at noon of Saturday January 25, 1992. In the afternoon of Saturday there was an excursion to the famous Hohenzollern castle at Hechingen about 30 km South of Tübingen. The good working athmosphere at Hotel Hospiz and the active collaboration made this meeting to a successful event. We thank all participants for their contribution. We would like to express our gratitude to ASMICS and the Institut für Informatik of the University of Stuttgart for financial and other support. In paricular, we thank Heike Photien for local help. Last, but not least we thank Frau Elke Veihelmann from Hotel Hospiz for the warm and kind reception. Stuttgart May 5, 1992 Volker Diekert Werner Ebinger 2 Programme Workshop Infinite Traces Tübingen, January 23-25, 1992, Hotel Hospiz Thursday January 23 9.30 { 9.40 Volker Diekert Opening 9.45 { 10.30 Giovanni Pighizzini Operations on asynchronous automata 11.15 { 12.15 Paul Gastin Büchi asynchronous cellular automata 16.15 { 17.15 Mike Stannett Convergence in trace languages Friday January 24 9.30 { 10.30 Hendrik Jan Hoogeboom Automata on infinite words 11.00 { 12.00 Werner Ebinger On logical definability of infinite trace languages 16.00 { 16.30 Mike Stannett Transfinite traces 17.45 { 18.30 Wojciech Penczek Temporal logic in trace systems 19.00 { 20.30 Volker Diekert (Chair) Discussion Saturday January 25 9.30 { 10.30 Antoine Petit Poset properties of complex traces 10.30 { 11.00 Volker Diekert Two extensions of existing models 11.15 { 12.45 Hendrik Jan Hoogeboom (Chair) Open problems session 14.00 { 17.00 Excursion 3 Contents Preface 1 Programme of the workshop 2 Participants of the workshop 4 G. Pighizzini: Synthesis of nondeterministic asynchronous automata 5 P. Gastin, A. Petit: Büchi asynchronous cellular automata 29 M. Stannett: Trace Convergence over infinite alphabets I 46 M. Stannett: Trace Convergence over infinite alphabets II 72 J. Engelfriet, H. J. Hoogeboom: Automata with storage on infinite words 82 W. Ebinger: On logical definability of !-trace languages 106 M. Kwiatowska, M. Stannett: On transfinite traces 123 W. Penczek: On temporal logics on trace systems 158 P. Gastin, A. Petit: Poset properties of complex trace languages 205 V. Diekert: Two extensions of the existing trace model 218 V. Diekert, P. Gastin, A. Petit: Rational and Recognizable Complex Trace Languages 225 Open problems 270 4 List of participants Workshop Infinite Traces, Tbingen, January 23-25, 1992 Hotel Hospiz Volker Diekert Stuttgart Werner Ebinger Stuttgart Hendrik Jan Hoogeboom Leiden Paul Gastin Paris Wojtek Penczek Warsaw Antoine Petit Orsay Giovanni Pighizzini Milano Nicoletta Sabadini Milano Mike Stannett Sheffield Guests Siegmar Gerber Stuttgart/Leipzig Anca Muscholl Stuttgart Klaus Reinhardt1 Stuttgart 1Not on the picture, since he took the photograph. Synthesis of Nondeterministic Asynchronous Automata Giovanni Pighizzini y Dipartimento di Scienze dell'Informazione Universit?a degli Studi di Milano Abstract In this paper we give an algorithm for building a nondeterministic asynchronous automaton recognizing the trace language [Maz77] denoted by a given recognizable expression. Moreover, we show that the number of states of the automaton so obtained is polynomial in the length of the expression. 1 Introduction Asynchronous Automata were introduced by W. Zielonka [Zie87] as algebraic abstactions of distributed systems. This kind of automata is very interesting since, as shown in [Zie87, CM88], they characterize the class of recognizable trace languages [BBMS81], that is the class of languages accepted by finite automata over free partially commutative monoids. Another characterization of the class of recognizable trace languages were discovered by E. Ochma?nski [Och85], proving that the class of recognizable trace languages coincides with the minimal class containing finite trace languages and closed under union, product and a new operation called concurrent iteration. In this paper we give an algorithm for building nondeterministic asynchronous automata accepting the union, the product and the concurrent yAuthor's address: Dipartimento di Scienze dell'Informazione, Via Comelico 39, 20135 Milano, Italy { Email: pighizzi@imiucca.csi.unimi.it PP Supported in part by the ESPRIT Basic Research Action No. 3166: \Algebraic and Syntactic Methods in Computer Science (ASMICS)" and by MURST 40%. 5 6 G. Pighizzini iteration of trace languages accepted by given nondeterministic asynchronous automata. Our constructions are nontrivial generalizations of the corresponding constructions for finite automata (see for example [HopUll67]). The number of states of the resulting automaton is polynomial in the number of states of the given automata. The algorithm for building the asynchronous automaton accepting the concurrent iteration of the language accepted by a given asynchronous automaton is obtained using a new interesting result concerning the iteration of trace languages. More precisely, we prove that the iteration of a trace language T can be expressed as finite union of the iterations of suitable languages T1; : : : ; Tm such that in every language Ti, 1 <= i <= m, all traces have exactly the same set of letters. 2 Traces and trace languages In this section we briefly recall the basic notions concerning trace languages. Definition 2.1 A concurrent alphabet is a pair (A; ?), where A is a finite alphabet and ? ? A ? A is a symmetric and irreflexive relation, called independency relation. If (a; b) 2 ? then we will say that a and b are independent letters; otherwise a and b are dependent. Cliques(A; ?) denotes a (fixed) family of cliques covering the complement of ?. The free partially commutative monoid (fpcm, for short) generated by (A; ?) is defined as the initial object in the category of monoids generated by A and satisfying, besides the usual monoid axioms, the set of \commutativity laws" fab = ba j a?bg. A trace is an element of M(A; ?). A trace language is a subset of M(A; ?). It is well{known that M(A; ?) is isomorphic to the quotient structure A= ?? where ?? is the least congruence over A? extending the set of commutativity laws. Then, a trace is an equivalence class of words. The equivalence class containing the word w 2 A? will be denoted as [w]? or by [w] if ? is understood. A trace x is said to be a prefix (suffix) of a trace t if and only if there is a trace z such that t = xz (t = zx, respectively). Synthesis of nondeterministic asynchronous automata 7 The set of symbols of a trace t 2 M(A; ?) will be denoted by alph(t), i.e. alph(ffl) = ; and alph(ta) = alph(t) [ fag for t 2 M(A; ?), a 2 A. Moreover, alph(T ) = S t2T alph(t) for every T ? M(A; ?). A subset ff ? A is said to be connected if for a; b 2 ff we can find a0; a1; : : : ; an 2 ff such that a0 = a; an = b and (ai?1; ai) = 2 ? for i = 1; : : : ; n. A trace t is connected if alph(t) is connected. A language T is connected if and only if every trace in T is connected. A trace u is a component of a trace t if u is connected and there exists a trace v such that t = uv and alph(u) ? alph(v) ? ?. The set of all components of a trace t will be denoted as c(t). We are interested in the usual regular operations (union, product and iteration, denoted, as usual, with the symbols ?, [ and ?, respectively), and in the operations on trace languages defined as follows: Definition 2.2 Let T be a trace language over the fpcm M(A; ?), and ff a subset of A. The decomposition of T , denoted by c(T ) is the set of all components of traces in T , i.e. c(T ) = S t2T c(t). The concurrent iteration (coiteration, for short) of T is the language T co?? = c(T )?. The ff{restriction of T is the set Tff = ft 2 T j alph(t) = ffg. Finally, the restricted iteration of T is the language T? defined as follows: T? = ? T+ if T = Tff for some connected set ff ? A ; otherwise, where, as usual, T+ denotes the language T ? T ?. The class Reg(A; ?) of regular trace languages over (A; ?) [Maz77] is defined as the smallest class containing the languages ;, f[ffl]g, f[a]g, for all a 2 A, and closed with respect to the regular operations. On the other hand, the class Rec(A; ?) of recognizable trace languages over (A; ?) can be defined in a standard way using the notion of M(A; ?){ automata [BBMS81]. It is known that if the independency relation ? is not empty then the class Rec(A; ?) is properly included in the class Reg(A; ?). The following characterization of the class Rec(A; ?) were obtained by Ochma?nski [Och85]: 8 G. Pighizzini Theorem 2.1 For every concurrent alphabet (A; ?), the class Rec(A; ?) of recognizable trace languages over (A; ?) is the smallest class of trace languages containing the languages ;, f[ffl]g, f[a]g, for all a 2 A, and closed under union, product and coiteration. As a consequence of the last theorem, every recognizable trace language can be denoted by a recognizable expression, i.e. an expression involving operators representing the operations of union, product and coiteration of trace languages. Given a set S, the family of subsets of S will be denoted as P(S). Lemma 2.1 Let P ? P(A) be a family of subsets of A and T ? M(A; ?) a trace language. If T is recognizable then also the language S ff2P Tff is recognizable. As a consequence of this lemma, for every recognizable language T the following sets are recognizable: the ff{restriction of T (Tff, for ff ? A), the set of all connected traces in T , the set of all nonconnected traces in T , the set ft 2 T j fl ? alph(t) ? ffg = S fl?fi?ff Tfi, for fl ? ff ? A. 3 A result on the iteration of trace lan- guages In this section we state our main result concerning the iteration of trace languages. Given a set ff ? A, ff 6= ;, a composition of ff is an ordered partition of ff, i.e. a sequence p1; : : : ; ps, s >= 1, of nonempty subsets of ff whose union is equal to ff and such that pi \ pj = ; for i 6= j. The set of all compositions of ff will be denoted by ?(ff). Theorem 3.1 Given a language T ? M(A; ?) and a set ff ? A, consider the language Z ? M(A; ?) so defined: Z = ?S (p1;:::;ps)2?(ff) XYp1XYp2 : : : YpsX; if ff 6= ;; f[ffl]g; otherwise, Synthesis of nondeterministic asynchronous automata 9 where X = S fi?ff(T ?)fi, and Ypj = S pj?fi?ff Tfi, for j = 1; : : : ; s. Then, (T ?)ff = Z+ and alph(t) = ff for every trace t 2 Z,i.e. Z = Zff. Proof. Before of proving the Theorem we remark that in the definition of X the union operation is extended to every subset fi strictly included in ff. For ff = ; the proof is trivial. Then, we suppose ff 6= ;. The inclusion Z+ ? (T ?)ff can be easily verified. The converse inclusion, is a consequence of the following lemma: Lemma 3.1 For every trace u 2 (T ?)ff, either u 2 Z or there are traces u0; u00 such that u = u0u00, u0 2 Z, ju00j < juj and u00 2 (T ?)ff. Proof. Since u 2 (T ?)ff and ff 6= ;, we can find traces u1; : : : ; um 2 T , m >= 1 such that u = u1 : : : um. Since alph(u) = ff, there is an index k, 1 <= k <= m, such that alph(u1 : : : uk) = ff and alph(u1 : : : uk?1) 6= ff. We consider the sequence ff1; : : : ; ffk of subsets of ff such that ffi = alph(ui) ? Si?1 j=1 ffj , for j = 1; : : : ; k. Clearly, Sk j=1 ffj = ff and ffi \ ffj = ;, for i 6= j. From the sequence ff1; : : : ; ffk, we extract the subsequence ffj1 ; : : : ; ffjs by eliminating the empty subsets (observe that js = k). This sequence is a composition of ff and ffjr ? alph(ujr) ? ff, for r = 1; : : : ; s. Then, ujr 2 Yffjr . By construction, the set fi = alph(ujr?1+1 : : : ujr?1) is strictly included in ff, for r = 1; : : : ; s, j0 = 0. On the other hand, ujr?1+1 : : : ujr?1 2 T ?. So: ujr?1+1 : : : ujr?1 2 (T ?)fi ? [ fi?ff (T ?)fi = X: This permits us to conclude that u1 : : : uk 2 XYffj1X : : : XYffjs and, observing that [ffl] 2 X , we have: u1 : : : uk 2 XYffj1X : : : XYffjsX ? Z: Now, we set u0 = u1 : : : uk and u00 = uk+1 : : : um. Observe that ju0j > 1 Clearly, alph(u00) ? ff. If alph(u00) = ff then u00 2 (T ?)ff and ju00j < juj and the statement is proved. On the other hand, if alph(u00) 6= ff then u00 2 (T ?)alph(u00) ? X . Recalling that u1 : : : uk 2 XYffj1X : : : XYffjs , it turns out that u = u0u00 2 (XYffj1 X : : : XYffjs )X ? Z. Then u 2 Z. This concludes the proof of the lemma. 10 G. Pighizzini Now, using the previous lemma, it is possible to show by induction on the length of traces t 2 M(A; ?) that t 2 (T ?)ff implies t 2 Z+. Then (T ?)ff ? Z+. Corollary 3.1 For every trace language T ? M(A; ?) there are languages T1; : : : ; Tm, m >= 0, such that T ? = Sm i=1(Ti)? and for every i (i = 1; : : : ; m) there is a subset ff of A for which Ti = (Ti)ff. 4 Asynchronous Automata In this section we briefly recall the definition and some properties of Asynchronous Automata. Definition 4.1 A nondeterministic asynchronous automaton (NAA) with n processes, over the concurrent alphabet (A; ?), is a tuple M = ? P1; : : : ; Pn; fffiaga2A; I ; F ? , where: - for i = 1; : : : ; n, Pi = (Ai; Si) is the ith process, where Si is its set of local states and Ai is its local alphabet, such that fA1; : : : ; Ang = Cliques(A; ?); - let P roc = f1; : : : ; ng, and, for a 2 A, let be Dom(a) = fi 2 P roc j a 2 Aig the set of (indices of) processes that execute a; then ffia : Q i2Dom(a) Si ! P( Q i2Dom(a) Si) is the local transition function associated to the letter a; - let S = Q i2Proc Si be the set of global states; then I ? S is the set of the initial states and F ? S is the set of final states. A global state will be denoted by a boldface letter, as s, while its ith component as si; given a global state s 2 S and a set of (indices of) processes ff = fi1; : : : ; ikg ? P roc, we will denote by sjff the vector whose components correspond to local states in ff, i.e. sjff = (si1 ; : : : ; sik ). The global transition function ? : S ? M(A; ?) ! P(S) of the automaton M is defined on the ground of local transition functions as follows. For every s; u 2 S, a 2 A, we have: u 2 ?(s; a) if and only Synthesis of nondeterministic asynchronous automata 11 if ujDom(a) 2 ffia(sjDom(a)) and ujDom(a) = sjDom(a). The extension to traces can be obtained in a standard way. The language accepted by the automaton M is defined as the set: T (M) = ft 2 M(A; ?) j ?(I ; t) \ F 6= ;g: If #I = 1 and # (ffia(si1 ; : : : ; sik )) <= 1 for every (si1 ; : : : ; sik ) 2 Q i2Dom(a) Si, a 2 A, the automaton M is said to be a deterministic asynchronous automaton (DAA). It is immediate to verify that to every asynchronous automaton can be associated a finite state automaton recognizing the same trace language. Moreover, given a finite automaton over the the fpcm M(A; ?) it is possible to construct a DAA with the same concurrent alphabet, accepting the same language. This result, not at all obvious, were obtained by W. Zielonka. Theorem 4.1 [Zie87] The class of languages accepted by deterministic asynchronous automata over (A; ?) coincides with the class Rec(A; ?) of trace languages recognized by M(A; ?){automata. Another proof of Theorem 4.1 can be found in [CM88]. From this point on, we consider a fixed concurrent alphabet (A; ?) with a fixed clique cover Cliques(A; ?) = fA1; : : : ; Ang, of the dependency relation. For all notations concerning NAA the reader is referred to this section. When we deal with different NAA M , M 0 and M 00, we always suppose that Ai = A0 i = A00 i and S0 i \ S00 i = ; for i 2 P roc. 4.1 Asynchronous automata with ffl{moves Here, we consider an extension of NAA useful in our algorithm. In the model we will consider every process can change its internal state, independently from the states of other processes and from the next input symbol, using an internal transition called ffl{move. The ffl{moves are represented extending every local alphabet with a new symbol. More 12 G. Pighizzini precisely, we consider the concurrent alphabet ( b A; b ?) such that b A = A [ fe1; : : : ; eng, where fe1; : : : ; eng \ A = ;, and b ? = ? [ f(ei; ej) j i 6= jg [ f(a; ei); (ei; a) j a 2 A ?Aig: Then Cliques( b A; b ?) = f b A1; : : : ; b Ang, where b Ai = Ai [ feig, i = 1; : : : ; n. To every trace ^t 2 M( b A; b ?) we associate the trace (^t) 2 M(A; ?) obtained erasing from ^t all letters not belonging to A. Given a language b T ? M( b A; b ?) we denote by ( b T ) the set S ^t2b T (^t). The following theorem states an important relationship between NAA over M( b A; b ?) and NAA over M(A; ?). Theorem 4.2 Let b T ? M( b A; b ?) be the language accepted by a NAA c M . Then, there exists a NAA over M(A; ?) accepting the language ( b T ). Proof (outline). The automaton M is defined as follows: Si = b Si, i = 1; : : : ; n; I = fs 2 S j 9w 2 M( b A; b ?) s:t: alph(w) ? fe1; : : : ; eng and s 2 b ?(b I ; w)g; F = b F ; for a 2 A with Dom(a) = fi1; : : : ; ikg, s 2 Q i2Dom(a) Si: ffi0 a(s) = fu 2 Y i2Dom(a) Si j 9s0; u0 2 b S s:t: s0 jDom(a) = s; u0 jDom(a) = u; 9w 2 M( b A; b ?) s:t: alph(w) ? fei1 ; : : : ; eikg; and u0 2 b ?(s0; aw)g: It is possible to prove that for t 2 M(A; ?) it holds: ?(I ; t) = S ^t2 ?1(t) b ?(I ; ^t). 5 Synthesis of Asynchronous Automata In this section we give an algorithm for building nondeterministic asynchronous automata from recognizable expressions. First, we observe that asynchronous automata accepting the languages ;, f[ffl]g and f[a]g; a 2 A, can be trivially constructed. Synthesis of nondeterministic asynchronous automata 13 5.1 Union The construction of a NAA M accepting the union of the languages accepted by two given NAA M 0 and M 00 is trivial. Then, we give it without any comment. We define M as follows: Si = S0 i [ S00 i , i = 1; : : : ; n; I = I 0 [ I 00; F = F 0 [ F 00; for a 2 A and s 2 Q i2Dom(a) Si: ffia(s) = 8 < : ffi0 a(s) if s 2 Q i2Dom(a) S0 i ffi00 a (s) if s 2 Q i2Dom(a) S00 i ; otherwise. It is easy to verify that for every global state s 2 I and for every trace t 2 M(A; ?) ?(s; t) is equal to ?0(s; t) (?00(s; t)) if s 2 I 0 (s 2 I 00, respectively). So, M can simulate the computations of M 0 and M 00 and it recognizes the language T (M 0) [ T (M 00). 5.2 Product Given two NAA M 0 and M 00, for every s 2 S0, let M 0 s be the NAA M 0 s = (P 0 1; : : : ; P 0 n; fffi0 aga2A; I 0; fsg) and for every s 2 S00 let sM 00 be the NAA sM 00 = (P 00 1 ; : : : ; P 00 n ; fffi00 aga2A; fsg; F 00). Then T (M 0) ? T (M 00) = [(s0;s00)2F 0?I00 T (M 0 s0 ? T (s00 M 00). This observation permit us of considering in this section only automata M 0 and M 00 such that #F 0 = 1 and #I 00 = 1. We will denote by F 0 = (F 0 1; : : : ; F 0 n) the only final state of M 0 and by I 00 = (I 00 1 ; : : : ; I 00 n) the only initial state of M 00. We define the following automaton M with ffl{moves. - Si = S0 i [ S00 i , i = 1; : : : ; n; - I = I 0; - F = F 00; - for a 2 A with Dom(a) = fi1; : : : ; ikg, sij 2 Sij , j = 1; : : : ; k: ffia(si1 ; : : : ; sik ) = 8 < : ffi0 a(si1 ; : : : ; sik ) if sij 2 S0 ij ; 1 <= j <= k; ffi00 a (si1 ; : : : ; sik ) if sij 2 S00 ij ; 1 <= j <= k; ; otherwise; 14 G. Pighizzini - for i = 1; : : : ; n, si 2 Si: ffiei(si) = ? fI 00 i g if si = F 0 i ; ; otherwise. Now, we prove that T (M) = T (M 0)f[e1 : : : en]gT (M 00). First, we get the following immediate remarks. Remarks (a) For every trace t 2 M(A; ?) (i.e., T does not contain any symbol corresponding to an ffl{move) and for every s 2 S0: ?(s; t) = ?0(s; t); (b) for every trace t 2 M(A; ?) and for every s 2 S00: ?(s; t) = ?00(s; t); (c) ?(F 0; [e1 : : : en]) = I 00; (d) for every t 2 T (M) every process Pi on input t executes exactly one ffl-move, i.e. jtjei = 1. Now, we can prove the following theorem. Theorem 5.1 T (M) = T (M 0)fe1 : : : engT (M 00) Proof. The inclusion of T (M 0)f[e1 : : : en]gT (M 00) in T (M) is an immediate consequence of previous remarks. In order to prove the converse inclusion, we consider a trace t 2 T (M ). From Remark (d), we can find traces u0; : : : ; un 2 M(A; ?) and a permutation (i1; : : : ; in) of (1; : : : ; n) such that t = u0ei1u1ei2 : : : einun. Let be 1 <= k <= n and a 2 alph(uk). Then uk = vaw for suitable traces v; w 2 M(A; ?) and t = u0 : : : eikvaweik+1 : : : un. Since M accepts t, there are global states s0; s00 2 S such that: s0 2 ?(I 0; u0 : : : eikv), s00 2 ?(s0; a) and ?(s00; weik+1 : : : un) \ F 6= ;. More precisely, we can observe that both local states s0 ij ; s00 ij belong to S0 ij , for j > k, while both s0 ij ; s00 ij belong to S00 ij for j <= k. Then, from the definition of ffia and from ?(s0; a) 6= ; it follows that either Dom(a) ? fik+1; : : : ; ing or Dom(a) ? fi1; : : : ; ikg. So, we can decompose uk as product of two independent traces u0 k and u00 k , s.t. Dom(u0 k) ? Synthesis of nondeterministic asynchronous automata 15 fik+1; : : : ; ing and Dom(u00 k) ? fi1; : : : ; ikg. Moreover Dom(u00 k)\Dom(u0 j ) = ; for j > k. Then, we can rewrite t as u0 0 : : : u0 n[e1 : : : en]u00 0 : : : u00 n. Finally, let s 2 I 0, q 2 F 00 be the states corresponding to the start and to the end of such an accepting computation. More precisely: s0 2 ?(s; u0 : : : eik v) and q 2 ?(s00; weik+1 : : : un). It is easy to observe that: F 0 2 ?0(s; u0 0 : : : u0 n) and q 2 ?00(I 00; u00 0 : : : u00 n). Then u0 0 : : : u0 n 2 T (M 0) and u00 0 : : : u00 n 2 T (M 00). Finally, applying the construction given in the proof of Theorem 4.2, we can obtain a NAA accepting the language T (M 0)T (M 00). 5.3 Concurrent iteration In this section, we will show how it is possible to construct a NAA recognizing the coiteration of the language recognized by a given NAA. To achieve this goal, we will prove that the coiteration T co?? of a trace language T can be expressed by means of the operations of union, product, decomposition, ff{restriction and restricted iteration, applied starting from T , and we will give algorithms for building asynchronous automata accepting the decomposition, the ff{restriction and the restricted iteration of the language accepted by a given NAA. First, we recall that T co?? = (c(T ))? = S ff?A((c(T ))?)ff and we prove that every language (T co??)ff = ((c(T ))?)ff can be expressed inductively from T and (T co??)fi , where fi is strictly included in ff, using the above mentioned operations. For ff = ;, we have (T co??); = f[ffl]g. Suppose now that ff 6= ;. If ff is nonconnected, we have (T co??)ff = ((c(T ))+)ff1 ?: : :?((c(T ))+)ffk , where the sets ff1; : : : ; ffk are the connected components of ff; then ((c(T ))+)ffj = (T co??)ffj , with ffj ? ff, j = 1; : : : ; k. On the other hand, if ff is connected, then by Theorem 3.1 we have: (T co??)ff = Z+, where Z = S (p1;:::;ps)2?(ff) XYp1XYp2 : : : YpsX , X = S fi?ff((c(T ))?)fi = S fi?ff(T co??)fi , and, for j = 1; : : : ; s, Ypj = 16 G. Pighizzini S pj?fi?ff c(T )fi . Moreover, alph(t) = ff, for every trace t 2 Z. Then Z+ = Z?. This implies that (T co??)ff = Z?. As a consequence of this discussion, it is easy to obtain the following new characterization of the class of recognizable trace languages: Theorem 5.2 The class Rec(A; ?) of recognizable trace languages over (A; ?) is the smallest class containing the languages ;, f[ffl]g, and f[a]g (for a 2 A) and closed with respect to the operations of union, product, decomposition, restricted iteration and ff{restriction. Now, we have to give the constructions of NAA accepting the ff{ restriction, the decomposition and the restricted iteration of the trace language accepted by a given NAA. 5.3.1 Restriction Here, we briefly describe how it is possible to build a NAA accepting the restriction of the language accepted by a given NAA. The idea is essentialy that of keeping in every local state the alphabet of the trace executed so far. More precisely, we consider the set of local states S0 i = Si? P(Ai), i 2 P roc, the set of initial global states I 0 = f((s1; ;); : : : ; (sn; ;)) j s 2 Ig, and the local transition function ffia, a 2 A, such that: ffi0 a((si1 ; ffi1); : : : ; (sik ; ffik )) = f((ui1 ; ffi1 [ fag); : : : ; (uik ; ffik [ fag)) j (ui1 ; : : : ; uik) 2 ffia(si1 ; : : : ; sik )g; for sij 2 Sij , ffij ? Aij , j = 1; : : : ; k, where fi1; : : : ; ikg = Dom(a). It is not difficult to verify that for every trace t 2 M(A; ?), it holds: ?0(I 0; t) = f((s1; alph(t) \ A1); : : : ; (sn; alph(t) \ An)) j s 2 ?(I ; t)g: We now define two NAAs Mk = (P 0 1; : : : ; P 0 n; fffi0 ag; I 0; Fk), k = 1; 2. M1 is obtained choosing as set of final states the set: F1 = f((s1; ff1); : : : ; (sn; ffn))j(s1; : : : ; sn) 2 Fg: Synthesis of nondeterministic asynchronous automata 17 Of course, the language accepted by M1 coincides with the language accepted by M , i.e., T (M1) = T (M ). Fixed a set ff ? A, in order to recognize the ff{restriction of T (M) we have to accept all traces of T (M) whose alphabet is exactly ff. This goal can be achieved setting F2 = f((s1; ff1); : : : ; (sn; ffn))j(s1; : : : ; sn) 2 F and n [ i=1 ffi = ffg: It is clear that T (M2) = (T (M))ff. 5.3.2 Decomposition The technique above explained for the construction of a NAA accepting the restriction of the language accepted by a given NAA, can be extended in order to obtain a NAA for the decomposition. Given a NAA M , we define the sets of local states S0 i = Si ?P(Ai)? Si, i = 1; : : : ; n, the set of initial global states I 00 = f((r1; ;; r1); : : : ; (rn; ;; rn)) j r 2 Ig, and the local transition function, for a 2 A, with Dom(a) = fi1; : : : ; ikg, sij ; rij 2 Sij , ffij ? Aij , j = 1; : : : ; k: ffi00 a ((si1 ; ffi1 ; ri1 ); : : : ; (sik ; ffik ; rik )) = f((ui1 ; ff1 [ fag; ri1 ); : : : ; (uik ; ffk [ fag; rik )) j (ui1 ; : : : ; uik) 2 ffia(si1 ; : : : ; sik)g: Then, for every t 2 M(A; ?) and for every r 2 S: ?00(((r1; ;; r1); : : : ; (rn; ;; rn)); t) = = f((s1; alph(t) \ A1; r1); : : : ; (sn; alph(t) \ An; rn)) j s 2 ?(r; t)g: Let now t be a trace in the language T (M) = T (M1) and t0 a connected component of t, i.e., t = t0t00, alph(t0) is connected and alph(t0) ? alph(t00) ? ?, for some t00 2 M(A; ?). Then t0 2 c(T (M )). Since t is accepted by M , we can find global states u 2 F , r 2 I such that u 2 ?(r; t). So: ((u1; alph(t) \ A1; r1); : : : ; (un; alph(t) \ An; rn)) 2 ?00(((r1; ;; r1); : : : ; (rn; ;; rn)); t): 18 G. Pighizzini Let be ? = Dom(t0) and, for i = 1; : : : ; n: (si; ffi; ri) = ? (ui; alph(t) \ Ai; ri) if i 2 ?, (ri; ;; ri) otherwise. It is possible to verify that: ((s1; ff1; r1); : : : ; (sn; ffn; rn)) 2 ?0(((r1; ;; r1); : : : ; (rn; ;; rn)); t0); the set Sn i=1 ffi = alph(t0) is connected and ffi ? (alph(t) \ Aj) ? ?, for i 2 ?, j 2 P roc ? ?. Moreover, it turns out that alph(t000) = alph(t0), t000t00 2 T (M) and t000 2 c(T (M)); for every trace t000 such that ((s1; ff1; r1); : : : ; (sn; ffn; rn)) 2 ?00(((r1; ;; r1); : : : ; (rn; ;; rn)); t000). From this discussion, we can conclude that the NAA M 00 = (P 00 1 ; : : : ; P 00 n ; fffi00 ag; I 00; F 00), where F 00 is the set: F 00 = f((s1; ff1; r1); : : : ; (sn; ffn; rn)) j r 2 I ; 9 u 2 F; t 2 M(A; ?) s:t: u 2 ?(r; t); 9? ? P roc s:t: 8i 2 ? si = ui; ffi = alph(t) \ Ai; 8i = 2 ? si = ri; ffi = ;; the set n [ i=1 ffi is connected and ffi ? (alph(t) \ Aj) ? ?; for i 2 ?; j 2 P roc ? ?g; recognizes the decomposition of T (M ). Remark The condition 9t 2 M(A; ?) s.t. u 2 ?(r; t) is useful to assure that only connected components of traces of T (M) are accepted. In fact, it can happen that there is none trace t such that u 2 ?(r; t), i.e. u is not reachable from r, but ((s1; ff1; r1); : : : ; (sn; ffn; rn)) 2 ?0(((r1; ;; r1); : : : ; (rn; ;; rn)); t0) for some t0 2 M(A; ?) ? c(T (M )), and the global state ((s1; ff1; r1); : : : ; (sn; ffn; rn)) satisfies the other requirements of the definition of F 00. Synthesis of nondeterministic asynchronous automata 19 5.3.3 Restricted iteration First, we observe that given a NAA M accepting a trace language T ? M(A; ?) we can decide if T = Tff for some connected set ff ? A, by constructing a finite state automaton M accepting T and verifying if M is equivalent to some automaton Mff accepting the language Tff for a connected ff ? A. Since the asynchronous automaton recognizing the empty language can be trivially constructed, from this point on we will consider the problem of building an asynchronous automaton accepting T? = T+, when T = Tff for some connected alphabet ff ? A. Let M be a NAA accepting a trace language T , such that T = Tff, for some connected set ff ? A. There is none loss of generality assuming that the following conditions hold: 1. ff = A; 2. there exists a map Ö : Sn i=1 Si ! P(A) such that if ?(I ; t) = s then Ö(si) = alph(t)\Ai, for i = 1; : : : ; n, t 2 M(A; ?) (this means that the automaton M records the letters of traces. Observe that if si is a compontent of some final state p, then Ö(si) = Ai). Suppose in fact that ff ? A. From the asynchronous automaton M it is possible to obtain an automaton f M by removing all the processes Pi such that Ai \ ff = ; and all transitions involving letters not belonging to ff. Applying the construction presented below, we will obtain an automaton f M 0 over the concurrent alphabet (ff; ?\(ff?ff)). This automaton can be easily extended to the concurrent alphabet (A; ?), by introducing dummy processes and null transition functions. We observe that for the automaton M1 defined in Section 5.3.1, the second condition holds. For sake of simplicity, first we suppose that #I = #F = 1. Then, we will denote by I = (I1; : : : ; In) and by F = (F1; : : : ; Fn) the only initial and the only final state of M , respectively. In the classical construction of the finite automaton N 0 recognizing the iteration of the language recognized by a given finite automaton N 20 G. Pighizzini (see e.g. [HopUll67]), an empty transition from the final state to the initial state is added to N . In our case, we want to construct an automaton M 0 recognizing all traces of the form t1[e1 : : : en]t2[e1 : : : en] : : : [e1 : : : en]tm such that m > 0 and ti 2 T (M ), i = 1; : : : ; m. However, as shown in the following example, the immediate generalization to asynchronous automata of the strategy used for finite automata does not work. Example Let (A; ?) be the concurrent alphabet with: A = fa; b; c; dg; ? = f(a; c); (c; a); (a; d); (d; a); (b; d); (d; b)g; and Cliques(A; ?) = fA1; A2; A3g, where A1 = fa; bg, A2 = fb; cg and A3 = fc; dg. Let M be the asynchronous automaton represented in Fig. 1. It is not difficult to see that M accepts the set T (M) = f[acbd]g. n n n n n n n n n - - ö ö - - @ @ ? ? ? ? ? @ @ R - - @ @ ? ? ? ? ? @ @ R - - I1 r1 F1 I2 r2 F2 I3 r3 F3 a a b c d Figure 1: automaton M Moreover, M satisfies the hypothesis stated above (that is ff = A and there exists the map Ö). Now, if we add, for every i 2 P roc, a transition from the component Fi of the final state to the component Ii of the initial state, the resulting automaton can recognize a set that properly includes (T (M))+. The automaton obtained applying this procedure in our specific case, is represented in Figure 2. Such an automaton accepts, for example, the trace [acbade2e3cbd]. Observe that Dom(b) = f1; 2g, Synthesis of nondeterministic asynchronous automata 21 but before the last occurrence of b, the process P2 executed one ffl{move, while none ffl{move was execute by P1. n n n n n n n n n - - ö ö - - @ @ ? ? ? ? ? @ @ R - - @ @ ? ? ? ? ? @ @ R - - I1 r1 F1 I2 r2 F2 I3 r3 F3 a a b c d ö - ö - ö - e1 e3 e2 Figure 2: automaton constructed introducing an ffl{move from every component of the final state to the corresponding component of the initial state We will show that, in order to avoid the problems arising in previous example, we have to circularly rearrange two isomorphic copies of the given NAA M . Formally, we define M 0 in the following way: - S0 i = Si ? f0; 1g, i = 1; : : : ; n; - I 0 = f((I1; 0); : : : ; (In; 0))g; - for a 2 A with Dom(a) = fi1; : : : ; ikg, sij 2 Sij , j = 1; : : : ; k, bi1 ; : : : ; bik 2 f0; 1g: ffi0 a((si1 ; bi1); : : : ; (sik ; bik )) = = f((ui1 ; b); : : : ; (uik ; b)) j (ui1 ; : : : ; uik) 2 ffia(si1 ; : : : ; sik )g; 22 G. Pighizzini if there exists b 2 f0; 1g s.t. bi1 = : : : = bik = b; ffi0 a((si1 ; bi1); : : : ; (sik ; bik )) = ; otherwise. - for i = 1; : : : ; n, si 2 Si, b 2 f0; 1g: ffi0 ei (si; b) = ? f(Ii; 1 ? b)g if si = Fi ; otherwise; - F 0 = f((F1; b); : : : ; (Fn; b)) j b 2 f0; 1gg. In Figure 3, the automaton M 0 obtained applying this costruction to the automaton M of Figure 1, is represented. n n n n n n n n n - - ö ö - - @ @ ? ? ? ? ? @ @ R - - @ @ ? ? ? ? ? @ @ R - - (I1;0) (r1;0) (F1;0) (I2;0) (r2;0) (F2;0) (I3;0) (r3;0) (F3;0) a a b c d n n n n n n n n n - - ö ö - - @ @ ? ? ? ? ? @ @ R - - @ @ ? ? ? ? ? @ @ R - - (I1;1) (r1;1) (F1;1) (I2;1) (r2;1) (F2;1) (I3;1) (r3;1) (F3;1) a a b c d - - - - - - e1 e2 e3 ö - ö - ö - e1 e3 e2 Figure 3: automaton M 0 To prove the correctness of the construction, we will show that the automaton M 0 so defined recognizes the set of the traces of the form t1[e1 : : : en]t2[e1 : : : en] : : : [e1 : : : en]tm, where m >= 1 and ti 2 T , i = 1; : : : ; m. It is not difficult to see that every trace of such a form is accepted by M 0. Then, we prove the converse result. First, we will prove the following remarks: Synthesis of nondeterministic asynchronous automata 23 Remarks (a) Between two ffl{moves of a process P 0 i in an accepting computation, there is at least one occurence of every letter of Ai. (b) In every accepting computation of M 0, before of the execution of a symbol a there is either at least one ffl{move of every process in Dom(a) or none ffl{move of processes in Dom(a). (c) If some process of M 0 performs an ffl{move on an accepted trace then every process performs an ffl{move. Remarks (a),(b) and (c) are consequences of the following lemmas, respectively. Lemma 5.1 If t 2 ( b A; b ?) is accepted by M 0 and t = t0eit1eit2, for suitable traces t0; t1; t2 2 ( b A; b ?), then Ai ? alph(t0), Ai ? alph(t1), Ai ? alph(t2). Proof. We prove that Ai ? alph(t1). The other proofs are very similar. First, we suppose that ei = 2 alph(t1). Since t 2 T (M 0), we can find suitable global states of M 0 such that: ((s1; b1); : : : ; (sn; bn)) 2 ?0(I 0; t0ei), ((u1; b0 1); : : : ; (un; b0 n)) 2 ?0(((s1; b1); : : : ; (sn; bn)); t1) and ?0(((u1; b0 1); : : : ; (un; b0 n)); eit2) \ F 0 6= ;. Since ei = 2 alph(t1), we have bi = b0 i. Moreover (si; bi) is reached after one ffl{move of the process Pi. Then si = Ii and Ö(si) = ;. Since ffiei(ui; b0 i) 6= ;, we have ui = Fi. Then Ö(ui) = Ai. This implies that Ai ? alph(t1). If ei 2 alph(t1), then there are traces v1; : : : ; vm such that t1 = v1eiv2ei : : : eivm and ei = 2 alph(vj), j = 1; : : : ; m. Using the previous argument it can be shown that Ai ? alph(vj). Lemma 5.2 Let t 2 M( b A; b ?) be a trace accepted by the automaton M 0, with t = ueivaw, for some u; v; w 2 M( b A; b ?), a 2 A, i 2 P roc, such that ei = 2 alph(u), and let j 2 P roc be an index such that ej = 2 alph(ueiv). Then fi; jg cannot be a subset of Dom(a). 24 G. Pighizzini Proof. Since t 2 T (M 0), there are s; s0; s00 2 S, b1; : : : ; bn; b0 1; : : : ; b0 n; b00 1 ; : : : ; b00 n 2 f0; 1g such that: ((s1; b1); : : : ; (sn; bn)) 2 ?0(((I1; 0); : : : ; (In; 0)); uei); ((s0 1; b0 1); : : : ; (s0 n; b0 n)) 2 ?0(((s1; b1); : : : ; (sn; bn)); v); ((s00 1 ; b00 1); : : : ; (s00 n; b00 n)) 2 ?0(((s0 1; b0 1); : : : ; (s0 n; b0 n)); a); ?0(((s00 1 ; b00 1); : : : ; (s00 n; b00 n)); w) \ F 0 6= ;: If both i; j belong to Dom(a) then from ?(((s0 1; b0 1); : : : ; (s0 n; b0 n)); a) 6= ; and from ej = 2 alph(uv), it turns out that b0 i = b0 j = 0. On the other hand, observing that after the ffl{move of the process Pi it holds bi = 1 and si = Ii, we can conclude that ei 2 alph(v), i.e. v = z0eiz00 for suitable traces z0 and z00. From Lemma 5.1 we have a 2 alph(z0) and jvj 6= 0. Then t = ueiv1aw1, for suitable traces v1; w1, with jv1j < jvj. We can iterate the proof for this decomposition. So, we will find a countable sequence of traces v1; v2; : : : such that for every k jvkj < jvk?1j and jvkj 6= 0. This is contradictory. Then Dom(a) cannot contain both indices i and j. Lemma 5.3 Let t 2 M( b A; b ?) be a trace accepted by the automaton M 0. If there is an index i 2 P roc such that ei 2 alph(t), then ej 2 alph(t), for every j 2 P roc. Proof. First, we prove the result for Ai \ Aj 6= ;. Since t is accepted, there exists a global state ((p1; b); : : : ; (pn; b)) belonging to ?0(I 0; t) \F 0 . Suppose that ej = 2 alph(t). This means that the component Pj does not perform ffl{moves and then b = 0. On the other hand ei 2 alph(t). Then, this ffl{move of the component Pi changes the last component of the local state of Pi from 0 to 1. So, at least another ffl{move must be performed by Pi in order to have b = 0. Then, we can decompose t as t = t0eit1eit2. As a consequence of Lemma 5.1, for every a letter a 2 Ai \ Aj , we have a 2 alph(t1). From Lemma 5.2, it turns out that fi; jg cannot be a subset of Dom(a). This is a contradiction. Then we conclude that ei 2 alph(t). To prove the lemma in the general case, we recall that the alphabet A is connected. Then, we can find a sequence Pi0 ; : : : ; Pim of processes such that i0 = i, im = j and Aik?1 \ Aik 6= ;, k = 1; : : : ; m. The Synthesis of nondeterministic asynchronous automata 25 proof of the lemma follows applying the previous argument to every pair (ik?1; ik). Now, we can prove the correctness of the construction stated here. Theorem 5.3 Let M 0 the NAA above defined. Then: T (M 0) = ft1[e1 : : : en]t2 : : : tm?1[e1 : : : en]tm j m >= 1 and t1; : : : ; tm 2 T (M)g: Proof. The difficult point is to prove that every trace accepted by the automaton M 0 has the form t1[e1 : : : en]t2 : : : tm?1[e1 : : : en]tm, with m >= 1, ti 2 T , i = 1; : : : ; m. First, we observe that every trace t accepted by M 0 without ffl-moves, i.e. alph(t) ? A, is accepted also by the automaton M . Then, t 2 T (M)+. Suppose now that t is accepted using at least one ffl-move. From Remark (c) it turns out that every process executes at least one ffl-move, i.e. ei 2 alph(t) for every i 2 P roc. So, we can decompose t as u0ei1u1ei2 : : : einun where (i1; : : : ; in) is a permutation of (1; : : : ; n) and eij = 2 alph(uk) for k < j. By Remark (b), either Dom(a) ? fi1; : : : ; ikg or Dom(a) ? fik+1; : : : ; ing, for every letter a 2 alph(uk), k = 1; : : : ; n. Then, uk = u0 ku00 k , where Dom(u0 k) ? fik+1; : : : ; ing and Dom(u00 k) ? fi1; : : : ; ikg. It is easy to verify that t = u0 0 : : : u0 n[e1 : : : en]u00 0 : : : u00 n. Let be t0 = u0 0 : : : u0 n and t00 = u00 0 : : : u00 n. We now briefly prove that t0 2 T (M) and t00 2 T (M 0). By definition of M 0, we can find b 2 f0; 1g such that: ((F1; b); : : : ; (Fn; b)) 2 ?0(((I1; 0); : : : ; (In; 0)); t0[e1 : : : en]t00): More precisely, observing the definition of ffi0 ei , we obtain: ((F1; 0); : : : ; (Fn; 0)) 2 ?0(((I1; 0); : : : ; (In; 0)); t0); ((I1; 1); : : : ; (In; 1)) 2 ?0(((F1; 0); : : : ; (Fn; 0)); [e1 : : : en]); ((F1; b); : : : ; (Fn; b)) 2 ?0(((I1; 1); : : : ; (In; 1)); t00). Since ei = 2 alph(t0), i = 1; : : : ; n, it turns out that F 2 ?(I ; t0) and then t0 2 T (M ). Furthermore, from these relationships, we can easily obtain: ((F1; 1 ? b); : : : ; (Fn; 1 ? b)) 2 ?0(((I1; 0); : : : ; (In; 0)); t00), that implies t00 2 T (M 0). At this point, iterating the previous proof on the trace t00 it turns out 26 G. Pighizzini that t is of the form t1[e1 : : : en]t2 : : : tm?1[e1 : : : en]tm, with tj 2 T (M ), j = 1; : : : ; m. Applying Theorem 4.2 to the automaton M 0, we can obtain a NAA accepting the language T (M)+. Now, we briefly discuss how it is possible to generalize the previous construction when there are no restrictions on the cardinality of sets I and F . The idea is very similar to particular case above considered. When a process Pi reaches a component of a final state, it can change its state, using an ffl{move, to go in a component of an initial state. The problem is to assure that all processes chose the same final and the same initial global state. This problem is solved in this way. At the start of the computation all processes are synchronized and an initial state s 2 I and a final state p 2 F are chosen. Then, the computation starts and every process simulates the corresponding process of M , keeping the pair (s; p) in its local state. When the process Pi arrives to simulate the local state pi of M , it can perform an empty transition choosing a new pair (s0; p0) 2 I ? F . When a symbol a 2 A is executed, all processes in Dom(a) are synchronized and they compare the pairs of initial and final states contained in their proper memories. If these pairs do not coincide then none transition is possible. Since all traces in the language accepted by M are connected and since the automaton M records the letters of traces, this method assures that in an accepting computation of M 0 all kth empty transitions of processes correspond to the same initial and to the same final state. Formally, the automaton M is defined as follows: - S0 i = Si ? I ? F ? f0; 1g, i = 1; : : : ; n; - I 0 = f((s1; s; p; 0); : : : ; (sn; s; p; 0)) j s 2 I ; p 2 Fg; - for a 2 A with Dom(a) = fi1; : : : ; ikg, sj 2 Sij , j = 1; : : : ; k, q1; : : : ; qk 2 I , p1; : : : ; pk 2 F , b1; : : : ; bk 2 f0; 1g: ffi0 a((s1; q1; p1; b1); : : : ; (sk; qk; pk; bk)) = = f((u1; q; p; b); : : : ; (uk; q; p; b)) j (u1; : : : ; uk) 2 ffia(s1; : : : ; sk)g; Synthesis of nondeterministic asynchronous automata 27 if there are q 2 I , p 2 F , b 2 f0; 1g, s.t. q1 = : : : = qk = q, p1 = : : : = pk = p, and b1 = : : : = bk = b; ffi0 a((s1; q1; p1; b1); : : : ; (sk; qk; pk; bk)) = ;; otherwise. - for i = 1; : : : ; n, si 2 Si, q 2 I , p 2 F , b 2 f0; 1g: ffi0 ei (si; q; p; b) = ? f(q0 i; q0; p0; 1 ? b) j q0 2 I ; p0 2 Fg if si = pi ; otherwise; - F 0 = f((p1; q; p; b); : : : ; (pn; q; p; b)) j q 2 I ; p 2 F; b 2 f0; 1gg. Previous remarks (a), (b) and (c) hold also in this case. The correctness proof given in Theorem 5.3 can be easily generalized. 6 Conclusion We conclude the paper with some considerations on the complexity of asynchronous automata obtained applying our constructions. It is not difficult to see that all constructions given in the paper (union, product, restriction, decomposition and restricted iteration) produce NAAs with a polynomial number of states with respect to the number of states of the NAAs given as input. Moreover, it is possible to observe that for a fixed concurrent alphabet (A; ?) the coiteration T co?? of a trace language T can be denoted as explained in Section 5.3 using an expression involving operations of union, product, decomposition, restriction and restricted iteration, whose length is polynomial in the length of the recognizable expression given for T . Then, using the algorithms presented in this paper, for every recognizable expression it is possible to build a nondeterministic asynchronous automaton recognizing the language denoted by it and whose number of (global and local) states is polynomial in the length of the given expression. 28 G. Pighizzini References [BBMS81] A. Bertoni, M. Brambilla, G. Mauri, and N. Sabadini. An application of the theory of free partially commutative monoids: asymptotic densities of trace languages. In Proc. 10th MFCS, Lecture Notes in Computer Science 118, pages 205{215, 1981. [CM88] R. Cori and Y. M?etivier. Approximation of a trace, asynchronous automata and the ordering of events in a distributed system. In Proc. 15th ICALP, Lecture Notes in Computer Science 317, pages 147{161, 1988. [HU79] J. Hopcroft and J. Ullman. Introduction to automata theory, languages and computations. Addison{Wesley, 1979. [Maz77] A. Mazurkiewicz. Concurrent program schemes and their interpretations. Technical Report DAIMI Rep. PB{78, Aarhus University, 1977. [Och85] E. Ochma?nski. Regular behaviour of concurrent systems. EATCS Bullettin, 27:56{67, 1985. [Zie87] W. Zielonka. Notes on finite asynchronous automata. RAIRO Inf. Theor., 21:99{135, 1987. 29 30 P. Gastin, A. Petit Büchi asynchronous cellular automata 31 32 P. Gastin, A. Petit Büchi asynchronous cellular automata 33 34 P. Gastin, A. Petit Büchi asynchronous cellular automata 35 36 P. Gastin, A. Petit Büchi asynchronous cellular automata 37 38 P. Gastin, A. Petit Büchi asynchronous cellular automata 39 40 P. Gastin, A. Petit Büchi asynchronous cellular automata 41 42 P. Gastin, A. Petit Büchi asynchronous cellular automata 43 44 P. Gastin, A. Petit Büchi asynchronous cellular automata 45 46 Trace Convergence over infinite alphabets I 47 48 M. Stannett Trace Convergence over infinite alphabets I 49 50 M. Stannett Trace Convergence over infinite alphabets I 51 52 M. Stannett Trace Convergence over infinite alphabets I 53 54 M. Stannett Trace Convergence over infinite alphabets I 55 56 M. Stannett Trace Convergence over infinite alphabets I 57 58 M. Stannett Trace Convergence over infinite alphabets I 59 60 M. Stannett Trace Convergence over infinite alphabets I 61 62 M. Stannett Trace Convergence over infinite alphabets I 63 64 M. Stannett Trace Convergence over infinite alphabets I 65 66 M. Stannett Trace Convergence over infinite alphabets I 67 68 M. Stannett Trace Convergence over infinite alphabets I 69 70 M. Stannett Trace Convergence over infinite alphabets I 71 72 Trace Convergence over infinite alphabets II 73 74 M. Stannett Trace Convergence over infinite alphabets II 75 76 M. Stannett Trace Convergence over infinite alphabets II 77 78 M. Stannett Trace Convergence over infinite alphabets II 79 80 M. Stannett Trace Convergence over infinite alphabets II 81 Automata with Storage on Infinite Words (Extended Abstract) 1 Joost Engelfriet and Hendrik Jan Hoogeboom Leiden University, Department of Computer Science P.O. Box 9512, 2300 RA Leiden, The Netherlands Abstract. For any storage type X, the !-languages accepted by X-automata are investigated. Six accepting conditions (including those introduced by Landweber) are compared for X-automata. The inclusions between the corresponding six families of !-languages are essentially the same as for finite state automata. Apart from unrestricted automata also realtime and deterministic automata are considered. The main tools for this investigation are (1) a characterization of the !-languages accepted by X-automata in terms of (inverse) X-transductions of finite state !-languages, and (2) the existence of topological upper bounds on some of the families of accepted !-languages (independent of the storage type X). Introduction An automaton A that is meant to work on finite input words may as well be given an infinite input word u: it works on u as if u were a `very 1This paper was previously presented at ICALP'89 and appeared in the proceedings of the conference ([EngHoo89]). A full version of the paper is scheduled to be published in Theoretical Computer Science in the spring of 1993. 82 Automata with storage on infinite words 83 large' finite word. The essential difference is in the way that A accepts u; obviously one cannot use acceptance by final state as for finite words. The first one to use automata to accept infinite words (with a particular acceptance criterion) was Büchi (in solving a decision problem in logic, [Büc60]). Another criterion was given by Muller ([Mul63]):A deterministic finite state automaton A accepts an infinite word u in the fashion of Muller if the set of states entered by A infinitely often during its computation on u belongs to a given family of `final' state sets. This family replaces the usual set of final states. Five criteria for accepting infinite words were proposed by Landweber in [Lan69], including those introduced by Büchi and Muller, and he characterized the five corresponding families of infinitary languages accepted by deterministic finite state automata in a topological setting. The relative power of these five acceptance criteria was subsequently compared for (nondeterministic) finite state automata ([Hos72, StaWag74]), pushdown automata ([Lin76, CohGol77, CohGol78a]), Turing machines ([WagSta77, CohGol78b]) and Petri nets ([Val83]). If one compares the results of these investigations, one notices some striking similarities (see the survey [Sta87]). It seems that the acceptance types have the same relative power independently of the storage used by the automaton involved. This observation is the main motivation for the present paper. Using a general framework we want to explain the similarities between the results obtained for the various specific types of automata (as is done for automata on finite words in [Gin75]). Our abstract model of storage is called a storage type. It describes the storage configurations together with the tests and transformations that can be applied to them. Automata equipped with a specific storage X (and a one-way input-tape) are called X-automata. We study six (rather than five) families of !-languages that can be accepted by an X-automaton using six different acceptance criteria on the sequence of states entered by the automaton during a computation. (It should be noted that acceptance can also be defined in terms of the storage configurations rather than the states, see [Sta77], but this will give quite different results, cf. [Val83]). A possible approach to comparing the six acceptance criteria is by giving constructions on automata that show how one acceptance 84 J. Engelfriet, H. J. Hoogeboom type can be simulated by another. In fact, as observed in [CohGol77, Val83], it is not too difficult to generalize most of the constructions given in [Hos72] for finite state automata, simply by `adding' storage instructions to the transitions. Hence it is not much of a surprise that the inclusions between the six families for X-automata are similar to those formed by the families for finite state automata. Of course, this is a rather boring and time-consuming approach. Also, if one wants to study X-automata satisfying a particular property (as, e.g., being real-time or deterministic), it is necessary to check for each of the constructions whether it preserves the property under consideration (and if not, to adapt the construction). We use a more efficient way of transferring the results for finite state automata to arbitrary storages. Our main tool is a characterization of the !-languages accepted by X-automata in terms of (infinitary) transductions applied to the !-languages accepted by finite state automata. Since we do not use the acceptance criteria to define transductions, this single result can be used to show that the inclusions that hold between the six families of finite state !-languages are also valid for X-automata. This of course does not indicate whether or not an inclusion is strict. We show that the topological upper-bounds on the complexity of accepted languages as given by Landweber for deterministic finite state automata can be generalized to X-automata (as already suggested in [Lan69]). This implies that for deterministic X-automata the inclusions are always strict (and the same holds for real-time automata). In Section 3 we study both arbitrary and deterministic X-automata. First we present the above-mentioned characterization of the corresponding families of !-languages (Theorem 3.3). From this we obtain the hierarchy for !-languages accepted by X-automata (Theorem 3.5). For specific storage types the hierarchy can be strict or it can collapse into a single family. We give a sufficient condition for such a collapse (Theorem 3.7). Real-time automata are investigated in Section 4. The inclusions between the families of !-languages accepted by real-time automata are very similar to those found in Section 3 (see Theorem 4.4). Here however, the inclusions are always strict. The counter-examples are obtained by establishing topological upper-bounds that are independent of the stor- Automata with storage on infinite words 85 age type. We return to deterministic automata in Section 5. Again we obtain topological upper-bounds on the accepted !-languages. Together with our basic characterization (given in Section 3) this is used to establish a proper hierarchy similar to the hierarchy for deterministic finite state automata (Theorem 5.4). In the final section we study a storage type of `maximal power'. The families of !-languages accepted by automata of this type belong to the lower levels of the topological hierarchy of Borel sets (Theorems 6.3 and 6.6). These results are similar to those obtained in [Arn83] and [Sta84] for transition systems. 1. Preliminaries We assume the reader to be familiar with the basic notions of infinitary languages, e.g., as discussed in one of the following surveys and introductions: [Eil74, HooRoz86, Sta87, Tho88]. The symbol ? (?) denotes set inclusion (strict set inclusion, respectively); in diagrams we will use ) (and !, respectively). We use u to indicate non-disjointness of sets, i.e., U u V if U \ V 6= ;. As usual, ?? and ?! denote the sets of finite words and infinite words (or !-words) over the alphabet ?. Their subsets are called (finitary) languages and infinitary languages (or !-languages), respectively. The empty word is denoted by ?. u[n] denotes the prefix of length n of a (!- )word u (when defined), and pref (v) denotes the set of (finite) prefixes of v. For a (!-)language K, pref (K) = [fpref (u)ju 2 Kg. An infinite sequence of finite words hxiii2N such that each xi is a prefix of xi+1 defines a unique element u of ?? [?! by taking the `least upper bound' of the sequence, i.e., the shortest u that has each xi as a prefix. u will be denoted by lubhxiii2N. Let K ? ?? be a finitary language. The !-power of K, denoted by K!, is fu 2 ?!ju = lubhxiii2N, where x0 2 K and xi+1 2 xi ? K for i 2 Ng, the adherence of K, denoted adh(K), is fu 2 ?!jpref (u) ? pref (K)g, and the limit of K, denoted lim(K), is fu 2 ?!jpref (u) \ K is infiniteg. 86 J. Engelfriet, H. J. Hoogeboom ?! can be turned into a (compact) metric space by defining the distance function d(u; v) = 2?minfnju[n]6=v[n]g for u 6= v. We will use G, and F to denote the family of open, respectively closed, sets in this topological space. Furthermore, Gffi is the family of denumerable intersections of open sets, and Fö is the family of denumerable unions of closed sets. There is a close correspondence between the !-languages in these families (that form the lower levels of the Borel hierarchy) and the language theoretical operations given above (see, e.g., [Lan69, StaWag74, BoaNiv80]). 1.1. Proposition. Let L ? ?!. Then (1) L 2 G if and only if L = K ? ?! for some K ? ??, (2) L 2 F if and only if L = adh(K) for some K ? ??, and (3) L 2 Gffi if and only if L = lim(K) for some K ? ??. 1.2. Proposition. 0?1 ? f0; 1g! 2 G ? F , f0; 1g? ? 1! 2 Fö ? Gffi, and (0?1)! 2 Gffi ?Fö. 2. Automata on !-Words: Definitions For finite words, the general notion of an automaton, using some kind of storage, was introduced in [HopUll67, Sco67, GinGre69]. The resulting AFA theory (Abstract Families of Automata) provides a useful framework for a uniform investigation of different types of automata (see [Gin75]). Here we attempt to set up a similar theory for automata on infinite words (see also [Sta77]). The particular variation of AFA theory that we use here is similar to the one in [EngVog87]. 2.1. Storage and Automata A storage type is a 5-tuple X = (C; Cin; P; F; ?), where C is a set of (storage) configurations, Cin ? C is a set of initial (storage) configura- Automata with storage on infinite words 87 tions, P is a set of predicate symbols, F is a set of instruction symbols, P \ F = ;, and ? is a meaning function which assigns to each p 2 P a (total) mapping ?(p) : C ! ftrue; falseg, and to each f 2 F a partial function ?(f) : C ! C. The set of all Boolean expressions over P , using the Boolean connectives ^, _ and :, and the constants true and false, is denoted by BE(P ); elements of this set are called tests. The meaning function is extended to BE(P ) in the obvious way. We extend ? also from F to F ? by defining ?(?) to be the identity on C and by setting ?(fÖ) = ?(Ö) ffi ?(f) for Ö 2 F ? and f 2 F . 2.1. Example. The storage type push-down, denoted PD, is defined by PD = (C; Cin; P; F; ?), where C = ?+, for a fixed infinite set ? (of push-down symbols), Cin = ?, P = ftop = fljfl 2 ?g [ fbottomg, F = fpush(fl)jfl 2 ?g [ fpopg, and, for c = au with a 2 ? and u 2 ??, ?(top = fl)(c) = true iff fl = a, ?(bottom)(c) = true iff u = ?, ?(push(fl))(c) = flc, ?(pop)(c) = u if u 6= ?, and undefined otherwise. The storage type counter is CTR = (N; f0g; fzerog; fincr ; decrg; ?), where, for n 2 N, ?(zero)(n) = true iff n = 0, ?(incr )(n) = n + 1, and ?(decr )(n) = n ? 1 if n >= 1, and undefined if n = 0. In the rest of this paper let X = (C; Cin; P; F; ?) be an arbitrary storage type. An X-transducer is a construct A = (Q; ?; ffi; qin; cin; ?), where Q is the finite set of states, ?(?) is the input (output) alphabet, qin 2 Q is the initial state, cin 2 Cin is the initial storage configuration, and the finite control ffi is a finite subset of Q? (? [ f?g)?BE(P ) ?Q?F ? ???, the elements of which are called transitions. We say that A is real-time if ffi ? Q??? BE(P ) ?Q? F ? ???. A is deterministic if, for every two different transitions (qi; ai; fii; q0 i; Öi; wi), i = 1; 2, from ffi with q1 = q2, either a1 6= a2 and a1; a2 6= ? or ?(fi1 ^ fi2)(c) = false for every c 2 C. An instantaneous description (ID) of A is an element (q; x; c; y) of Q ? ?? ? C ???; it intuitively means that A is in state q, has read x from the input tape, has c as its storage configuration, and has written y on its output tape. The step relation `A of A, is the binary relation 88 J. Engelfriet, H. J. Hoogeboom on Q??? ?C ??? defined by (q; x; c; y) `A (q0; x0; c0; y0) if there exists a transition (q; a; fi; q0; Ö; w) 2 ffi such that ?(fi)(c) = true, c0 = ?(Ö)(c), x0 = xa, and y0 = yw. Intuitively this means that if A is in state q and has the storage configuration c, it may use the transition (q; a; fi; q0; Ö; w) provided c satisfies the test fi, and then it changes its state to q0, reads a from its input tape, performs Ö to the storage configuration, and writes w on its output tape. A (infinite) run of A is an infinite sequence r = h?iii2N of ID's such that ?0 = (qin; ?; cin; ?), and ?i `A ?i+1 for each i 2 N; it is a run on input lubhxiii2N, and with output lubhyiii2N where ?i = (qi; xi; ci; yi). The sequence hqiii2N is called the state sequence of the run r. The (infinitary) transduction of A, denoted T (A), is defined as f(u; v) 2 ?! ? ?! j there is a run of A on input u with output vg. If A has no run on an infinite input word with a finite output word, then A is called !-preserving. XT (XT!) denotes the family of infinitary transductions of (!-preserving) X-transducers. The corresponding families of transductions of deterministic or real-time X-transducers are denoted by d-XT (d-XT!) and r-XT (r-XT!), respectively. 2.2. (ö,?)-Accepting Infinite Runs We will now discuss how an X-transducer A may be used to accept !- languages. Since, in this case, we are not interested in A's output, A is called an X-automaton. We drop the output component from A, and from its transitions and ID's. Let Q be a set and let f be a mapping N ! Q (i.e., an infinite sequence hf(i)ii2N over Q). The range of f is the set ran(f) = fq 2 Qjf(i) = q for some i 2 Ng; the infinity set of f is the set in(f) = fq 2 Qjf(i) = q for infinitely many i 2 Ng. Let D ? 2Q be a family of subsets of Q. Let ? be one of the relations ?, u or =, and let ö be either ran or in. We say that an infinite sequence f : N ! Q is (ö; ?)-accepting with respect to D if there exists a set D 2 D such that ö(f)?D. The relation between the notation we use (see [StaWag74]) and the Automata with storage on infinite words 89 five types of `i-acceptance' as originally defined in [Lan69] are given in the following table, together with a short intuitive name for some of these types of acceptance. (ran ; =)-acceptance, not considered by Landweber, was first studied in [StaWag74]. (ran; u) 1-accepting at least once (ran; ?) 10-accepting always (ran; =) | (in; u) 2-accepting infinitely often (Büchi) (in ; ?) 20-accepting from some moment on (in ; =) 3-accepting (Muller) Let A = (Q; ?; ffi; qin; cin) be an X-automaton, and let D ? 2Q be a family of subsets of Q. A run of A is called (ö; ?)-accepting with respect to D if its state sequence is (ö; ?)-accepting with respect to D. The !-language (ö; ?)-accepted by A with respect to D, denoted by Lö;?(A; D), is the set fu 2 ?!j there is a run of A on input u that is (ö; ?)-accepting with respect to Dg. The family of !-languages (ö; ?)- accepted by X-automata (with respect to some family of state sets) is denoted by XLö;?. Again we use the prefixes d- or r- if we restrict our considerations to deterministic or real-time automata. Finally, for a set D of states of A, the (finitary) language L?(A; D) accepted by A with respect to D is the set fx 2 ??j(qin; ?; cin) `? A (q; x; c) for some q 2 D and c 2 Cg, where `? A is the reflexive and transitive closure of `A. In the literature it is sometimes required that A is `total', e.g., in the sense that A has a run on every input word. We will not consider totality. Requiring totality changes (in general) the class XLö;?. A special storage type is used to model finite state automata. The trivial storage type FS equals (fc0g; fc0g; ;; ;; ;) for some arbitrary object c0. Since ;? = f?g the transitions of an FS-automaton can be assumed to be of the form (q; a; true; q0; ?). 2.2. Example. Let A be the (deterministic and real-time) FS-automaton 90 J. Engelfriet, H. J. Hoogeboom with state set Q = fq0; q1g, input alphabet ? = f0; 1g, initial state q0, and transitions (qi; j; true; qj ; ?) for i; j 2 f0; 1g. Let D = ffq1gg, and Q = fQg. Then Lran;u(A; D) = 0?1 ? f0; 1g! Lran;u(A; Q) = Lran;?(A; Q) = f0; 1g!, Lran;?(A; D) = Lran;=(A; D) = ;, Lran;=(A; Q) = 0?1 ? f0; 1g!, Lin;u(A; D) = (0?1)!, Lin;u(A; Q) = Lin;?(A; Q) = f0; 1g!, Lin;?(A; D) = Lin;=(A; D) = f0; 1g? ? 1!, Lin;=(A; Q) = (0?11?0)!. It is customary in the literature to define regular !-languages using real-time finite state automata. It can be shown that this restriction does not influence the families of (ö; ?)-accepted finite state !-languages, i.e., FSLö;? = r-FSLö;? and d-FSLö;? = dr-FSLö;?. Hence we have the following well-known relationships for these families (see, e.g., [Wag79] for references). Note that ! denotes proper inclusion. 2.3. Proposition. FSLin;u k FSLran;? FSLran;u = FSLran;= = FSLin;? FSLin;= k k k k d-FSLin;? k d-FSLran;? ! d-FSLran;u ! d-FSLran;= % & & % d-FSLin;= d-FSLin;u Note that when requiring totality the diagram is slightly different, caused by the fact that FSLran;u and d-FSLran;u become smaller. Finally we need (but do not define formally) the notion of the product Automata with storage on infinite words 91 of two storage types X1 and X2, denoted by X1?X2. It combines the power of the two storages X1 and X2 working in an independent fashion. Thus, e.g., the CTR?CTR-automaton is the well-known two-counter automaton. The product of n storage types, all equal to X, is denoted by Xn. An X?-automaton is an Xn-automaton for some n 2 N. Thus, e.g., each CTR?-automaton has an arbitrary (but fixed) number of counters. 3. The Basic Characterization In the next lemma we show how to separate an X-automaton in two phases: a phase in which the input is processed, and an acceptance phase. The first phase can be realized by an X-transducer (without acceptance criterion), and the second phase by a finite state automaton. 3.1. Lemma. XLö;? ? XT?1 ! (d-FSLö;?) and d-XLö;? ? d-XT?1 ! (d-FSLö;?). Proof. Let A be an X-automaton with input alphabet ? and state set Q; let D be a family of state sets for A. Consider the infinitary language K(ö; ?) consisting of the !-words over Q that are (ö; ?)-accepting sequences wrt. D. It belongs to d-FSLö;? since it is (ö; ?)-accepted by the deterministic finite state automaton B = (Q[fqog; Q; ffi1; qo; c0) with qo 62 Q and ffi1 = f(q0; q; true; q; ?)jq0 2 Q[ fqog; q 2 Qg. One easily sees that for r 2 Q!, the run r1 of B on r satisfies ran(r1) = ran(r)[fqog and in(r1) = in(r). Thus K(ö; ?) = Lö;?(B; Do) with Do = fD[fqogjD 2 Dg if (ö; ?) equals (ran; =) or (ran ; ?), and K(ö; ?) = Lö;?(B; D) in the four remaining cases. Modify A such that at each step it outputs its state, i.e., take ? = Q and replace every transition (q; a; fi; q0; Ö) by the transition (q; a; fi; q0; Ö; q). This gives an (!-preserving) X-transducer M that maps each !-word u over ? onto the state sequences of the runs of A on u. u is (ö; ?)- accepted by A if one of these state sequences belongs to K(ö; ?). Hence, Lö;?(A; D) = fu 2 ?!j(u; r) 2 T (M) for some r 2 K(ö; ?)g = T (M)?1 (K(ö; ?)). 92 J. Engelfriet, H. J. Hoogeboom 3.2. Lemma. For storage types X1 and X2, X1T?1 ! (X2Lö;?) ? (X1 ? X2)Lö;? and d-X1T?1 ! (d-X2Lö;?) ? d-(X1 ?X2)Lö;?. Proof. Let M be an !-preserving X1-transducer with input alphabet ?, let A be an X2-automaton with a family of state sets D. The lemma is proved by constructing an X1 ?X2-automaton B that (ö; ?)-accepts the !-language T (M)?1(Lö;?(A; D)) = fu 2 ?! 1 j(u; v) 2 T (M) for some v 2 Lö;?(A; D)g. Using a straightforward direct product construction we simulate M and A in two alternating phases: first we simulate M until it produces some nonempty output and we store this output in the states of B, then we simulate A on this output. Using such a simulation, a run rB of B on an !-word u can be decomposed into a run of M on u and an infinite run rA of A on the output v of M. Here the fact that M is !-preserving is essential in order to guarantee that v is infinite. If we restrict the state sequence of rB to the component of the states corresponding to A, it is equal (except for possible repetitions) to the state sequence of rA. This observation can be used to obtain a suitable family of state sets D0 for B. Some care has to be taken: D0 depends on the acceptance type. If we combine these lemma's we obtain our basic result: a characterization of the families XLö;? and d-XLö;? in terms of X-transductions and finite state !-languages. 3.3. Theorem. XLö;? = XT?1 ! (FSLö;?) and d-XLö;? = d-XT?1 ! (d-FSLö;?) Proof. For X1 = X and X2 = FS we get XLö;? ? XT?1 ! (FSLö;?) ? (X ? FS)Lö;? ? XLö;?. For some of the acceptance conditions the family FSLö;? can be replaced by a single !-language. Intuitively this !-language models the acceptance condition. A similar result was obtained in [WagSta77] for !- languages accepted by Turing machines, and (implicitly) in [LatTim86] for regular !-languages. Automata with storage on infinite words 93 3.4. Theorem. XLran;? = XT?1 ! (f1!g), XLran;u = XT?1 ! (f0?1 ? f0; 1g!g), XLin;? = XT?1 ! (ff0; 1g??1!g), and XLin;u = XT?1 ! (f(0?1)!g). Similar equalities hold for d-XLö;? and d-XT?1 ! . Proof. For ? 2 f?; ug we may assume that L 2 XLö;? is accepted by an X-automaton with respect to a family D = fDg (cf. [CohGol78a, Lemma 4.1.2]). Now (as in the proof of Lemma 3.1) change A into an X-transducer M that outputs 1 if its state is in D, and 0 otherwise. Using Theorem 3.3, we can carry over the known inclusions for the families FSLö;? (see Proposition 2.3) directly to the families XLö;? for arbitrary X, without being forced to generalize the proofs for FS-automata. Thus we obtain our next main result. 3.5. Theorem. XLran;? ? XLran;u = XLran;= = XLin;? ? XLin;u = XLin;=. The corresponding result for deterministic automata will be presented in Section 5. We cannot conclude that the inclusions are strict in general like for finite state !-languages (X = FS, Proposition 2.3) or push-down automata (X = PD, [CohGol77]). In fact, for certain storage types all six families XLö;? are equal (e.g., for Turing machines, see [CohGol78b]). In the remainder of this section we give a sufficient condition on X for all six families to be equal. It is based on the inclusion FSLin;u ? PDLran;?, which was proved in [CohGol77] using the pushdown as a counter. The storage type blind counter, denoted by BC, is equal to the storage type counter (see Example 2.1), except that it has no predicate symbols (cf. [Gre78] where it is called a partially blind counter). 3.6. Lemma. XLin;u ? (X ? BC)Lran;?. Proof. By Theorem 3.4, XLin;u = XT?1 ! (f(0?1)!g), while XT?1 ! (BCLran;?) ? (X ? BC)Lran;?, by Lemma 3.2. Hence it suffices to show that (0?1)! 2 BCLran;?. We construct a BC-automaton A that uses its (blind) counter to ensure that during its runs it can read any fi- 94 J. Engelfriet, H. J. Hoogeboom nite number of consecutive 0's, but not infinitely many consecutive 0's. A has two states q0 and q1 and, for i = 0; 1, transitions (qi; 0; true; q0; decr ) and (qi; 1; true; q1; ?), and the transition (q1; ?; true; q1; incr ). The initial state of A is q1. Take D = ffq0; q1gg. For each step on the letter 0 A decreases its counter. Whenever A reads the letter 1 it enters state q1. In this state, before reading the next input letter, A guesses the number of 0's on the tape before the next 1, and increases its counter value by (at least) this amount. Hence, if the storage type X can simulate an additional blind counter, all XLö;? are the same. 3.7. Theorem. If X can simulate X?BC, in the sense that (X?BC)Lran;? ? XLran;?, then XLran;? = XLin;u. Using this result we clearly reobtain the equality of the families of !-languages (ö; ?)-accepted by Turing machines ([CohGol78b]). It is obvious that the storage type BC? can simulate an additional blind counter. Hence for Petri net !-languages, with acceptance with respect to bounded markings (cf. [Val83]), and ?-labels allowed, the six families BC?Lö;? are all equal. Although these families were not (explicitly) compared in the literature, the inclusion r-BC?Lin;u ? BC?Lran;? is known (see [Car88, Theorem 3]). 4. Real-Time Automata As in Section 3, we obtain a characterization of the families r-XLö;? in terms of X-transductions and finite state !-languages. The proofs are slight variations of those of Lemma's 3.1 and 3.2. 4.1. Theorem. r-XLö;? = r-XT?1 ! (FSLö;?). This allows us, as in Section 3, to transfer the inclusions known for Automata with storage on infinite words 95 the families FSLö;? directly to the families r-XLö;?. Again we investigate when the remaining two inclusions are equalities and when they are strict. Perhaps somewhat surprisingly they turn out to be always strict, as shown next. 4.2. Lemma. Let A be a real-time X-automaton, with state set Q. Then Lran;?(A; fQg) = adh(L?(A; Q)). Proof. Let L = L?(A; Q). Note that Lran;?(A; fQg) is the set of all !- words on which there exists a run of A, without additional requirements on its state sequence. Assume that u 2 Lran;?(A; fQg). This implies that u[n] 2 L for each n 2 N and consequently u 2 adh(L). To prove the other inclusion let u 2 adh(L). Thus for each n 2 N A accepts the prefix u[n] of u. Define the sets En, n 2 N, of ID's of A that are reachable from the initial ID after reading u[n]. Since each of these sets is finite and nonempty, König's Lemma can be used to obtain a run of A on u. 4.3. Lemma. (1) r-XLran;? ? F and (2) r-XLin;? ? Fö. Proof. Since F and Fö are closed under union, it suffices to consider !-languages (ö; ?)-accepted with respect to a single state set. Let A = (Q; ?; ffi; qin; cin) be a real-time X-automaton and let D ? Q. Lran;?(A; fDg) does not change by restricting A to the states from D. Hence (1) is a consequence of the lemma above. Each (in ; ?)-accepting state sequence (w.r.t. fDg) of A falls apart into an initial part without restrictions, followed by an infinite part that stays within D. Thus Lin;?(A; fDg) = [ (qin;?;cin)`?(q;x;c) Lran;?(A(q; x; c); fD [ Qq;x;cg); where A(q; x; c) equals A, except that it has a new set of transitions, leading from a new initial state qin to q, reading x from the input, and transforming cin into c | these transitions copy the computation (qin; ?; cin) `? A (q; x; c). Qq;x;c is the set of states that were added to 96 J. Engelfriet, H. J. Hoogeboom obtain A(q; x; c). The above union is countable. Hence, by (1), every !-language in r-XLin;? is a countable union of F-sets, thus an Fö-set. These topological upper-bounds yield examples to show that the remaining two inclusions are strict for every storage type. Thus we obtain the next main result. 4.4. Theorem. r-XLran;? ? r-XLran;u = r-XLran;= = r-XLin;? ? r-XLin;u = r-XLin;=: Proof. According to Proposition 1.2, 0?1 ? f0; 1g! 62 F ? r-XLran;?; however 0?1 ? f0; 1g! 2 r-XLran;u (cf. Example 2.2). In the same way we have (0?1)! 62 Fö ? r-XLin;?, whereas (0?1)! 2 r-XLin;u. Perhaps one of the main reasons for obtaining the strict inclusions above, is that König's Lemma is applicable to real-time automata (Lemma 4.2). This argumentation can be extended to a larger class of automata. An X-automaton A has finite delay if there is no infinite run of A on a finite word. All results for real-time automata proved in this section also hold for automata with finite delay. We use the prefix f- to indicate finite delay. In general the families f-XLö;? and r-XLö;? are not equal. The !- language BIN! = fx ? akjx 2 f0; 1g?; 0 <= k <= nr(x)g ? b! [ f0; 1g!, where nr(x) denotes the integer represented by x 2 f0; 1g? as a binary number, can be accepted by a BC2-automaton with finite delay but not by a real-time BC?-automaton. More precisely, BIN! 2 f-BC2Lran;? ? r-BC?Lin;u. This example is essentially the one given by Jantzen ([Jan79]) to show that ?-labelled Petri nets are more powerful than real-time Petri nets (when accepting finitary languages). It is perhaps interesting to note that Petri nets with finite delay were considered in the context of !-languages. In [Car84] these nets are called prompt nets. This paper however focusses on nets that are 1-prompt, i.e., nets in which ?-transitions are allowed, but not two consecutive ?-transitions in a firing sequence (run). From our previous results it now follows that the following diagram holds for Petri nets (with acceptance with respect Automata with storage on infinite words 97 to bounded places, see [Val83] for real-time nets). We conjecture that the indicated inclusion (*) is an equality. 4.5 Theorem. BC?Lran;? = BC?Lran;u = BC?Lin;u * f ? BC?Lran;? ! f ? BC?Lran;u ! f ? BC?Lin;u " " " r ? BC?Lran;? ! r ? BC?Lran;u ! r ? BC?Lin;u 5. Deterministic Automata In this section we return to deterministic automata. Again we show that the diagram for d-FSLö;? (Proposition 2.3) holds for arbitrary d-XLö;?. 5.1. Lemma. Let A be a deterministic X-automaton with state set Q and input alphabet ?, and let D ? 2Q. Then (1) Lran;?(A; fQg)) = adh(L?(A; Q)), (2) Lran;u(A; D) = L?(A; [D) ? ?! \ adh(L?(A; Q)), and (3) Lin;u(A; D) = lim(L?(A; [D)). The above (simple) result enables us to give topological upper-bounds on the !-languages that are accepted by deterministic automata. Given two families K and L, K ^ L denotes fK \ LjK 2 K; L 2 Lg, and B(K) denotes the boolean closure of K. 5.2. Corollary. (1) d-XLran;? ? F , (2) d-XLran;u ? F ^ G, (3) d-XLran;= ? B(F), (4) d-XLin;? ? Fö , (5) d-XLin;u ? Gffi , and (6) d-XLin;= ? B(Fö). 98 J. Engelfriet, H. J. Hoogeboom Proof. (1,2,5) These are clear from Lemma 5.1. (4) Can be shown just as the inclusion r-XLin;? ? Fö in Lemma 4.3. (3,6) Consider an arbitrary deterministic X-automaton A and a family D of state sets for A. Then Lö;=(A; D) = S D2D(Lö;?(A; fDg) ? Lö;u(A; fQ ? Dg)). Now d-XLran;= ? B(F) and d-XLin;= ? B(Fö) follow. 5.3. Lemma. f0; 1g! ? 0?1 ? 0! 62 F ^ G. Proof. Assume that K = f0; 1g! ? 0?1 ? 0! is of the form L1 ? f0; 1g!\ adh(L2) for finitary languages L1 and L2. Since 0! 2 K ? L1 ? f0; 1g!, we have 0n 2 L1 for some n 2 N. On the other hand 0n10?1 ? 0! ? K ? adh(L2), so pref (0n10?) ? pref (L2). Consequently 0n1 ? 0! 2 L1 ? f0; 1g! \ adh(L2) = K; a contradiction. We now present the next main result. 5.4. Theorem. The following diagram holds: d-XLin;? d-XLran;? ! d-XLran;u ! d-XLran;= % & & % d-XLin;= d-XLin;u Proof. The inclusions follow from Proposition 2.3 and Theorem 3.3. Using the topological upper-bounds we have obtained, we find (using Proposition 1.2 and Lemma 5.3) that 0?1 ? f0; 1g! 62 d-XLran;?, f0; 1g!? 0?1 ? 0! 62 d-XLran;u, (0?1)! 62 d-XLin;?, and f0; 1g? ? 1! 62 d-XLin;u. However these !-languages are in respectively d-XLran;u, d-XLran;=, d-XLin;u, and d-XLin;?, as the reader will easily verify. From these observations the strictness of the inclusions (and the incomparabilities) follow. For some of the storages studied in the literature it was observed that the families d-XLin;? and d-XLin;u are `complementary', i.e., one contains the complements of the !-languages of the other. This is due to the fact that automata are often assumed to be `total', i.e., they should Automata with storage on infinite words 99 have a run on every possible input (this is called the continuity property in [CohGol77]). Since we do not have this requirement we cannot derive such a result for arbitrary X-automata. Instead, we need the following notion which previously has been quite helpful in complementing the finitary languages accepted by deterministic X-automata (cf. [EngVog87]). 5.5. Definition. Let X = (C; Cin; P; F; ?) be a storage type. X with infinite look-ahead, denoted X!LA, is the storage type (C; Cin; P 0; F; ?0), where P 0 = P [ finf(A)jA is an X-automatong, with ?0(x) = ?(x) for each x 2 P [ F , and ?0(inf(A))(c) = true if and only if there exists an infinite run of A on ? starting from (qin; ?; c), where qin is A's initial state. 5.6. Lemma. Let L ? ?!. (1) If L 2 d-XLö;=, then ?! ? L 2 d-X!LALö;=. (2) If L 2 d-XLin;? then ?! ? L 2 d-X!LALin;u. (3) If L 2 d-XLin;u then ?! ? L 2 d-X!LALin;?. Proof. Let A = (Q; ?; ffi; qin; cin) be a deterministic X-automaton. For (in ; ?) and (in ; u)-acceptance we may assume that we have a single state set D with respect to which we accept runs. If A has a run on each u in ?!, then ?! ? Lin;u(A; fDg) = Lin;?(A; fQ ? Dg). Similarly, the complement with respect to ?! of the !-language Lö;=(A; D) is equal to Lö;=(A; 2Q?D), provided that for each !-word u in ?! there is a run of A on u. Using infinite look-ahead A may be transformed in such a way that it satisfies this property. We add a special state qfail to A, with transitions (qfail; a,true,qfail; ?) for each a 2 ?, to which we will lead all `unsuccessful runs'. There are several possibilities for the behaviour of A on u to be 'unsuccessful'. (a) A blocks due to an undefined instruction. We can avoid that by testing the instruction as follows. For Ö 2 F ?, consider the X-automaton B(Ö) consisting of two states q0 and qloop (of which q0 is initial), and having two transitions (q0; ?,true,qloop; Ö) and (qloop; ?,true,qloop; ?). B(Ö) has a run on ? starting from (q0; ?; c) if and only if ?(Ö)(c) is defined. Now replace in A each transition (q; a; fi; q0; Ö) by transitions 100 J. Engelfriet, H. J. Hoogeboom (q; a; fi ^ inf(B(Ö)); q0; Ö) and (q; a; fi ^ : inf(B(Ö)); qfail; ?). (b) A has a run on a finite prefix of u. Replace in A each transition (q; a; fi; q0; Ö) by transitions (q; a; fi ^: inf(A(q)); q0; Ö) and (q; a; fi ^ inf(A(q)); qfail ; ?), where A(q) is the X-automaton that equals A, except that its initial state is q. (c) Finally A may block because in some ID there are no `useful' transitions: the present configuration satisfies none of the tests of the transitions that start in the present state (with a suitable input). This case is left to the reader. Note that if X!LA can be simulated by X (and this holds, e.g., for X = FS and X = PD), then the previous lemma shows that d-XLö;= is closed under complement, and that d-XLin;? and d-XLin;u contain the complements of each others !-languages. In the next section we need this property for a specific storage type. 6. A Universal Storage Type In this section we show the existence of a storage type of `maximal power'. 6.1. Definition. The universal storage type U equals (??; f?g; P; F; ?), where ? is a fixed infinite set of symbols, P = finKjK ? ??, for a finite ? ? ?g, F = fstore(x)jx 2 ??g, and, for c 2 ??, ?(inK)(c) = true iff c 2 K, and ?(store(x))(c) = cx. 6.2. Lemma. For every storage type X, U can simulate X, in the sense that XLö;? ? ULö;?, and similarly for d- and r-. Proof. Let X = (C; Cin; P; F; ?) and let A be a X-automaton with initial configuration cin. We will construct a U-automaton A0 with the same behaviour. We use the configurations of U to store the sequences of instruction symbols that are performed by A and encode those sequences that lead to configurations in which a given test is sat- Automata with storage on infinite words 101 isfied in a suitable language. Let FA be the (finite) subset of F of instruction symbols that are used in A. Without restriction we may assume that FA is included in ?, the alphabet of U. Let, for Ö 2 F ?, Def(Ö) = f 2 F ? Aj?( ? Ö)(cin) is definedg and, for fi 2 BE(P ), let True(fi) = f 2 F ? Ajc = ?( )(cin) is defined and ?(fi)(c) = trueg. Now A0 is obtained by replacing every transition (q; a; fi; q0; Ö) of A by the transition (q; a; inTrue(fi) ^ inDef(Ö); q0; store(Ö)). 6.3. Theorem. (1) d-ULran;? = F , (2) d-ULran;u = F ^ G, (3) d-ULran;= = B(F), (4) d-ULin;? = Fö , (5) d-ULin;u = Gffi , and (6) d-ULin;= = B(Fö). Proof. The inclusions from left to right follow from Corollary 5.2. (1,5) Let A be the U-automaton with transitions (qi; a; inK; q1; store(a)) and (qi; a; :inK; q0; store(a)) for a 2 ?, i 2 f0; 1g, and with initial state q1. For this automaton Lin;u(A; ffq1gg) = lim(K). This shows Gffi ? d-ULin;u. If K = pref (K), then Lran;?(A; ffq1gg) = adh(K), which shows F ? d-ULran;?. (2) Let B be the U-automaton with transitions (q0; a; :inL; q0; store(a)), (q0; a; inL; q1; store(a)), and (q1; a; inK; q1; store(a)) for a 2 ?, and with initial state q0. If K = pref (K), then Lran;u(A; ffq1gg) = L ? ?! \ adh(K). (3) For B(F) ? d-ULran;= it suffices to show, by (1) above, that d-ULran;= is closed under complement and union. The closure of d-ULran;= under complement follows from Lemma 5.6 and Lemma 6.2. The closure of d-ULran;= under union can be shown using an easy direct product construction (using the fact that U can simulate U? U). (4) Fö ? d-ULin;? follows by complementation from (5) above (see Lemma 5.6). (6) For B(Fö) ? d-ULin;= we use an argumentation analogous to (3) above. Note that these classes are related by the diagram in Theorem 5.4. 102 J. Engelfriet, H. J. Hoogeboom Thus in the deterministic case the maximal power of U can be expressed as a topological family, depending on the acceptance criterion. For finitary languages U is of no interest: every finitary language can be accepted by a deterministic real-time U-automaton. 6.4. Theorem. (1) dr-UT = d-UT equals the family of continuous functions with domain in Gffi . (2) dr-UT! = d-UT! equals the family of continuous functions with domain in F . Proof. Recall that the function f : ?! ! ?! is continuous in a word u if for each m 2 N there exists n 2 N such that f(u[n] ? ?!) ? f(u)[m] ? ?! . If (u; v) 2 T (M) for some deterministic transducer M, and M outputs the first m symbols of v on the first n symbols of u, then T (M)(u[n] ? ?!) ? v[m] ? ?!, where ? and ? are the input alphabet and output alphabet of M. Hence T (M) is continuous. Regarding the domain of transductions it can be shown that dom(d-UT) = d-ULin;u = Gffi , and dom(d-UT!) = d-ULran;? = F . We omit the proof of the reverse inclusions. 6.5. Theorem. ULö;? equals the family of continuous images of Gffi-sets. Proof. By Theorem 3.7 and Lemma 6.2 the ULö;? are all equal. It is easy to see that ULin;u ? dr-FST(d-ULin;u). Hence each set in ULin;u is the continuous image of the intersection of two Gffi-sets (the domain of the transducer and the d-ULin;u set) which again is a Gffi-set. The continuous images of Gffi-sets are exactly the ranges of deterministic realtime U-transductions. The following easy inclusions hold: ran(dr-UT) ? dom(dr-UT?1) ? dom(UT!) ? UT?1 ! (FSLin;u). By Theorem 3.3 this is ULin;u. Without proof we state the topological characterizations of the families r-ULö;? (cf. Lemma 4.3). The same equalities hold for f-. 6.6. Theorem. r-ULran;? = F , r-ULin;? = Fö, and r-ULin;u = ULin;u. Automata with storage on infinite words 103 Similar results were obtained by Arnold ([Arn83], cf. [Sta84]) for the more general framework of transition systems. He discusses the acceptance types (ran; ?), (in ; ?), and (in ; u)|somewhat reformulated to deal with a possibly infinite number of states|for various kinds of transition systems. It is not difficult to see that Arnold's deterministic, finitely branching, and countably branching transition systems correspond in our framework closely to automata that are deterministic, have finite delay, or are unrestricted, respectively. Note that his definitions do not allow ?-transitions, whereas in our framework the number of transitions applicable to an ID of an automaton is bounded by a constant (depending on the automaton). Acknowledgements We would like to thank dr. Ludwig Staiger for his useful suggestions, prof. Wolfgang Thomas for several motivating discussions, and prof. Volker Diekert for his continuous enthousiasm and for organizing this ACMICS workshop on infinite traces. References [Arn83] A. Arnold, Topological characterizations of infinite behaviours of transition systems, LNCS 154 (1983) 28-38 Springer Verlag, Berlin. [BoaNiv80] L. Boasson & N. Nivat, Adherences of languages, J. Comput. System Sci. 20 (1980) 285-309. [Büc60] J.R. Büchi, On a decision method in restricted second order arithmetic, in: Proc. Int. Congr. Logic, Methodology and Philosophy of Sciences 1960, Stanford University Press, Stanford, CA; 1962: [Car84] H. Carstensen, Fairness in deadlockfree Petri nets with the finite delay property, Proc 5th European Workshop on appl. and theory of Petri nets, Aarhus, 1984, pp. 234-253. 104 J. Engelfriet, H. J. Hoogeboom [Car88] H. Carstensen, Infinite behaviour of deterministic Petri nets, LNCS 324 (1988) 210-219 Springer Verlag, Berlin. [CohGol77] R.S. Cohen, A.Y. Gold, Theory of !-languages. II: A study of various models of !-type generation and recognition, J. Comput. System Sci. 15 (1977) 185-208. [CohGol78a] R.S. Cohen, A.Y. Gold, !-Computations on deterministic pushdown machines, J. Comput. System Sci. 16 (1978) 275- 300. [CohGol78b] R.S. Cohen, A.Y. Gold, !-Computations on Turing machines, Theor. Comput. Sci. 6 (1978) 1-23. [Eil74] S. Eilenberg, Automata, languages and machines, Ch. XIV: Infinite behavior of finite automata, Academic Press, New York and London, 1974. [EngHoo89] J. Engelfriet, H.J. Hoogebooom, Automata with storage on infinite words, in \Proceedings ICALP 1989" (G. Ausiello, M. Dezani-Ciancaglini, S. Ronchi Della Rocca, eds.) LNCS 372 (1989) 389-303, Springer Verlag, Berlin. [EngVog87] J. Engelfriet, H. Vogler, Look-ahead on pushdowns, Inform. and Computation 73 (1987) 245-279. [Gin75] S. Ginsburg, Algebraic and automata-theoretic properties of formal languages, 1975, North-Holland/American Elsevier, Amsterdam/New York. [GinGre69] S. Ginsburg, S.A. Greibach, Abstract families of Languages, in \Studies in abstract families of languages", Memoirs of the Amer.Math. Soc. 87 (1969) 1-32. [Gre78] S.A. Greibach, Remarks on blind and partially blind one-way multicounter machines, Theor. Comput. Sci. 7 (1978) 311-324. [HooRoz86] H.J. Hoogebooom, G. Rozenberg Infinitary languages { basic theory and applications to concurrent systems, in \Current trends in concurrency" (J.W. de Bakker, W.P. de Roever, G. Rozenberg, eds.) LNCS 224 (1986) 266-342, Springer Verlag, Berlin. [Hos72] R. Hossley, Finite tree automata and !-automata, MAC Technical report 102 MIT, summer 1972. [HopUll67] J.E. Hopcroft, J.D. Ullman, An approach to a unified theory Automata with storage on infinite words 105 of automata, The Bell System Technical Journal XVLI (1967) 1793-1829. [Jan79] M. Jantzen, On the hierarchy of Petri net Languages, RAIRO Inf. Th?eor. 13 (1979) 19-30. [Lan69] L.H. Landweber, Decision problems for !-automata, Math. Systems Theor. 3 (1969) 376-384. [LatTim86] M. Latteux, E. Timmerman, Two characterizations of rational adherences, Theor. Comput. Sci. 46 (1986) 101-106. [Lin76] M. Linna, On !-sets associated with context-free languages, Inform. and Control 31 (1976) 272-293. [Mul63] D.E. Muller, Infinite sequences and finite machines, AIEE Proc. 4th ann. symp. switch. circ. th. and log. design, 1963, pp.3-16. [Sco67] D. Scott, Some definitional suggestions for automata theory, J. Comput. System Sci. 1 (1967) 187-212. [Sta77] L. Staiger, Empty-storage-acceptance of !-languages, LNCS 56 (1977) 516-521, Springer Verlag, Berlin. [Sta84] L. Staiger, Projection lemmas for !-languages, Theor. Comput. Sci. 32 (1984) 331-337. [Sta87] L. Staiger, Research in the theory of !-languages, EIK 23 (1987) 415-439. [StaWag74] L. Staiger, K. Wagner, Automatentheoretische und automatenfreie Characterisierungen topologischer Klassen regulaerer Folgenmengen, EIK 10 (1974) 379-392. [Tho88] W. Thomas, Automata on infinite objects, in \Handbook for Theoretical Computer Science" (J. van Leeuwen, ed.), North- Holland, 1991. [Val83] R. Valk, Infinite behaviour of Petri nets, Theor. Comput. Sci. 25 (1983) 311-341. [Wag79] K. Wagner, On !-regular sets, Inform. and Control 43 (1979) 123-177. [WagSta77] K. Wagner, L. Staiger, Recursive !-languages, LNCS 56 (1977) 532-537, Springer Verlag, Berlin, see also: Rekursive Folgenmengen I, Zeitschr. math. Logik Grundlagen Math., 24 (1978) 523-528. On logical definability of !-trace languages y Werner Ebinger Universität Stuttgart Institut für Informatik Breitwiesenstr. 20{22 D 7000 Stuttgart 80 ebinger@informatik.uni-stuttgart.de April 1992 Abstract Our main result is the equivalence of monadic second order logic and recognizability for languages of infinite traces. This is a generalization of the work of Thomas [Tho90b]. We propose a logical characterization that is independent of any special sort of trace automata. For another approach we use standard constructions and Büchi asynchronous cellular automata defined by Gastin and Petit [GP91]. 1 Introduction The theory of !-trace languages is a generalization of the theory of !- word languages [Tho90b, for an overview] and of the theory of trace languages [Maz77]. Both theories are well studied. !-trace languages need some extra investigation, because there are new difficulties. The basic definitions of trace languages are explained well in other papers in yThis research has been supported by the EBRA working group No. 3166 ASMICS. 106 On logical definability of !-trace languages 107 these proceedings. So we only mention some important notions in this section. In the second section we will give a short introduction to monadic second order logic. In the third section we will prove equivalence of monadic second order logic and recognizability for !-trace languages. This is a generalization of the corresponding results for !-words [Tho90a, for an overview] and finite traces [Tho90b]. We will provide a new proof that does not depend on any special sort of automata for infinite traces. In the fourth section we will recall the definition of the Büchi asynchronous automata of Gastin and Petit [GP91] and give a more classical proof of the equivalence of monadic second order logic and automata for !-trace languages. In the fifth section we want to give some remarks on first order logic on !-traces and star-free sets. Similar ideas have been proposed independently by Hoogeboom and Thomas. However, they never were worked out extensively. We assume that the reader is familiar with the following notions of trace languages that can be found in other papers in this proceedings. In order to extend the free partially commutative monoid IM(?; D) [Maz77, Die90] over a dependence alphabet (?; D) to the infinite case, it is convenient to consider dependence graphs. In the monoid G(?; D) of infinite dependence graphs we consider the subset IR(?; D) of real traces where every node has a finite past, and the submonoid C(?; D) which is the quotient of G(?; D) by the coarsest congruence which preserves real traces [Die91]. We will use IM and IR as abbreviations for IM(?; D) and IR(?; D). A language of real traces is called recognizable if it is recognized by some morphism ? : IM ! S into a finite monoid. A real trace language R 2 IR is recognized by ? if for any sequence (ri), ri 2 IM we have r1 r2 r3 : : : 2 R ) ??1(?(r1)) ??1(?(r2)) ??1(?(r3)) : : : ? R The connection between recognizability for infinite traces and infinite words is given by [Gas91] R 2 Rec(IR) () '?1(R) 2 Rec(?1); where ' : ?1 ! IR(?; D) is the extension of the canonical mapping to the infinite case. 108 W. Ebinger 2 Monadic second order logic over !-traces We can represent a real trace t 2 IR(?; D) as a labeled partial order (V; <; `). Logical formulae can be defined over a structure with signature (V; <; (Pa)a2?). We use first order variables x, y, z, : : : ranging over V and monadic second order variables X , Y , Z, : : : ranging over P(V ). Formulae are defined inductively: - Predicates: First order predicates of the form x < y, Pa(x) and monadic second order predicates of the form X(x) are formulae for arbitrary variables x; y; X and all a 2 ?. - Logical operations: If ' and are formulae, then (' ^ ), (' _ ), and (:') are formulae, too. - Quantifiers: If ' is a formula, then 9x', 8x', 9X', and 8X' are formulae, too. This monadic second order logic is called MSOL. We will also write z 2 X instead of X(z) and freely use abbreviations like X ? Y . Of course, we can also express x = y and X = Y in MSOL. Example 1 We can express the property \t begins with b" by the formula 9x(Pb(x) ^ 8y(x = y _ x < y)): 2 In monadic second order the power of the logic does not depend on the difference between the <-relation and the edge relation of the Hasse diagram of (V; <), which constitutes some kind of successor relation. The edge relation E of the Hasse diagram of (V; <) is expressible by < (even in first order logic): x E y iff x < y ^ :9z(x < z ^ z < y); and vice versa (in monadic second order logic): x < y iff :x = y ^ On logical definability of !-trace languages 109 8X(x 2 X ^ 8z8z0(z 2 X ^ z E z0 ! z0 2 X) | {z } If a node is in X, then all <-greater nodes are in X, too. ! y 2 X) Now we are free to use both, the <-relation and the edge relation E in monadic second order formulae. Example 2 b a c ?? ? PP P aaa ?? ? b a c ?? ? PP P aaa ?? ? b a c ?? ? PP P aaa ?? ? : : : Traces of the language T = (bac)! over the dependence alphabet D : a | b | c are described by the following formula. The parts in quotes can be easily replaced by a proper formula (even in first order). \There is exactly one minimal node, labeled b." ^ \Every b-node has two successors, labeled a and c" ^ \Every b-node except the minimal one has two predecessors, labeled a and c" ^ \Every a-node has exactly one predecessor and one successor, both labeled b" ^ \Every c-node has exactly one predecessor and one successor, both labeled b" 2 In the fifth section we will go from formula to automata. These constructions can be simplified if we first reduce the logic MSOL to the restricted monadic second order logic MSOL0. The logic MSOL0 is the logic MSOL with the restriction, that there are no first order variables. Instead of first order predicates we use only second order predicates of the form Xi ? Xj , Xi < Xj , and Xi ? Pa. Here Xi < Xj means X and Y are singleton sets and the element of X is smaller than the element of 110 W. Ebinger Y . As formulae grow really huge using only these basic predicates, we give the following abbreviations: X = Y for X ? Y ^ Y ? X X 6= Y for :X = Y Sing(X) for 9Y ( \proper subset" z }| { Y ? X ^ Y 6= X ^ :9Z(Z ? X ^ Z 6= X ^ Z 6= Y ) | {z } \exactly one" ) We now describe how to eliminate first order variables by giving an example. A formula like 8x 9Y (x 2 Y ^ 9z(x < z ^ Pa(z)) is expressed as 8X(Sing(X) ! 9Y (X ? Y ^ 9Z(Sing(Z) ^ X < Z ^ Z ? Pa)): 3 Equivalence of recognizability and logic In this section we prove the equivalence of recognizability and logic. Our proof is independent of any special automata model for (infinite) traces. In the proof we will use c-rational trace languages [Och85, GPZ91] (also called co-rational). c-rational languages are defined inductively: - All finite trace languages A ? IM of finite traces are c-rational. - If A ? IM, B ? IM, and C ? IR are c-rational, then the concatenation AB and AC is c-rational. - If A ? IM is c-rational, then the concurrent iteration Ac? (called coiteration by Ochmansky) and the concurrent !-iteration Ac! are c-rational. For the concurrent iteration independent (connected) parts are iterated concurrently. This means Ac? (Ac!) in the usual star (omega) iteration over C(A) = f t 2 IM j t is a connected component of some s 2 A g. On logical definability of !-trace languages 111 We can also use a constraint version of c-iteration were only connected parts may be iterated. This gives the same class of c-rational languages. Theorem 3 A trace language T ? IR(?; D) is recognizable if and only if T is definable in monadic second order logic. Proof: The following figure shows what we have to prove. S T denotes the union of all traces t 2 T , that is the word language that contains all members of traces in T . For the canonical mapping ' : ?1 ! IR we have S T = '?1(T ). S T is S T is definable (Büchi) () recog- (1) =) in MSOL nizable [Gas91] () T is T is definable recogin MSOL nizable (2) (= T is [GPZ91] () c-rational (1): We can not use the same formula for both, traces and words, as the underlying interpretation of the order is different. For example the formula 9x; y; z Pa(x) ^ Pc(y) ^ Pb(z) ^ x < z ^ y < z ^ (x < y _ y < x) over the dependence alphabet D : a | b | c is not true for the trace acb, but it is true for both words in this trace. But it suffices to express the partial order on the traces by the linear order on the words. This can be done by one single first order formula, but in order to render it easier to follow, we proceed in two steps. We can first express the partial order by the edge relation E of the Hasse diagram of the dependence graph. This was described in the section on monadic second order logic. Then we express the edge relation E by the linear order on the words: x E y if and only if _ (a;b)2D ? Qa(x) ^ Qb(y) ^ x < y 112 W. Ebinger ^ 8z (x < z ^ z < y ! ^ c with (a; c) 2 D or (b; c) 2 D :Qc(z)) ? : Now if a trace t satisfies a formula ', then all words w in the trace satisfy the new formula '0, which we obtained by replacing the predicates x E y by the formula above. And vice versa if a word w 2 t satisfies the new formula '0, then all words w0 2 t in the same trace satisfy this new formula '0, and the trace t containing this word w satisfies the original formula '. We can formalize this using j= as abbreviation of \is a model for" t j= ' () 9w 2 t w j= '0 () 8w 2 t w j= '0: (2): For this implication of the diagram we perform an induction over the construction of concurrent rational (c-rational) expressions. - A is a finite set of traces: We give a formula 't for every single word in A and combine them in a disjunction 'A = _ t2A 't: - A [ B for c-rational sets A and B: Combine the formulae 'A and 'B for A and B to 'A[B = 'A _ 'B : - A ? B for c-rational sets A and B: For the formulae 'A and 'B we define formulae with restricted quantification. 'AjX for some set X is the formula 'A where we replace every subformula 9x by 9x (x 2 X^ ), 8x by 8x (x 2 X ! ), 9Y by 9Y (Y ? X^ ), and 8Y by 9Y (Y ? X ! ). The formula 'A?B is defined as possible max./min. elements of A/B _ fa1; : : : ; akg ? ? _ fb1; : : : ; blg ? ? 9xa1 : : : 9xak9xb1 : : : 9xbl incomparable ? ^ 1 <= i <= k 1 <= j <= k i 6= j (: xai < xaj ^ : xbi < xbj ) ^ On logical definability of !-trace languages 113 nothing between A and B ^ 1 <= i <= k 1 <= j <= l :9z (xai < z ^ z < xbj ) ^ every node belongs to a trace 8z _ 1 <= i <= k 1 <= j <= l ? z < xai _ z = xai _ xbj < z _ xbj = z ? ^ 'Ajfxj _ 1<=i<=k x<=xaig ^ 'B jfxj _ 1<=j<=l xbj <=xg ? - Ac?, Ac! for a c-rational set A, where only connected parts are iterated: The logical definability of Ac? was already claimed by Thomas [Tho90b]. We define 'Ac? and 'Ac! as 9Xmin9Xmax For every node x find borders of subtrace 8x _ fa1; : : : ; akg ? ? _ fb1; : : : ; blg ? ? 9xa1 : : : 9xak9xb1 : : : 9xbl ? xa1 2 Xmin ^ : : : ^ xak 2 Xmin ^ xb1 2 Xmax ^ : : : ^ xbl 2 Xmax ^ starting/ending nodes of the subtrace are incomparable and maximal such sets \xa1 : : : xak are a maximal antichain in Xmin (xa1 : : : xak are incomparable and there's no node in Xmin, that is incomparable to xa1 : : : xak)" ^ \xb1 : : : xbl are a maximal antichain in Xmax" ^ subtrace around x well bounded ^ 1<=i<=k xai <= x ^ ^ 1<=j<=l x <= xbj ^ :9z ?? (z < x ^ _ 1<=i<=k xai < z) _ (x < z ^ _ 1<=j<=l z < xbj ) ? ^ (z 2 Xmin _ z 2 Xmax) ? ^ 114 W. Ebinger Apply 'A to subtrace 'Aj>=fxaig;<=fxbj g ?! ^ 8x(\x minimal in the whole trace") ! x 2 Xmin) ^ for Ac?: 8x(\x maximal in the whole trace") ! x 2 Xmax) ^ _ 1<=i<=j?j (9x1 : : : 9xi 8x _ 1<=j<=i x <= xj) for Ac!: 8x9y x < y 2 4 Büchi Asynchronous Cellular Automata and equiv- alence to logic Büchi asynchronous automata and Büchi asynchronous cellular automata were defined by Gastin and Petit [GP91]. These are generalizations of Büchi automata on infinite words and asynchronous (cellular) automata defined by Zielonka [Zie87]. The recognition power of Büchi asynchronous automata is equal to the recognition power of Büchi asynchronous cellular automata, like it is equal in the finite case for asynchronous automata and asynchronous cellular automata. In this paper we restrict ourselves to Büchi asynchronous cellular automata. The proofs are almost the same for Büchi asynchronous automata, and some details might be even easier. Definition 4 A Büchi asynchronous cellular automaton A is a tuple A = ((Qa)a2?; (ffia)a2?; S; F; R) where Qa is the local state set for process a, ffia : Q i2D(A) Qi ! P(Qa) is the local transition function for process a, S ? Q a2? Qa is the set of starting states, F ? Q a2? Qa is the set of accepting states for finite traces and R ? Q a2? P(Qa) is the acceptance table for infinite traces. In order to define runs of such an automaton we consider a trace t 2 IR(?; D) as a labeled partial order (V; <; `) with ` : V ! A. A run On logical definability of !-trace languages 115 r of A on t is a function r : V [ fv0g ! ( S a2? Qa) [ S, where v0 is an additional <-minimal node v0, that is labeled with a starting state r(v0) 2 S, and for all v 2 V : r(v) 2 ffi`(v)((r(vi max))i2D(`(v))); where vi max is the <-maximal node labeled i before v. The set of locally repeated states is defined as fa(r) := f q 2 Qa j 9!v : (`(v) = a ^ r(v) = q) _ 9v(:9w(v < w ^ `(w) = a) ^ r(v) = q) g: (1) f(r) := Y a2? fa(r) (2) is the tuple of repeated states . The run r accepts t if f(r(t)) ? R for some R 2 R or if the maximal nodes of a finite run form a state in F . The accepted trace language of A is T (A) = f t j there exists an accepting run r g: Gastin and Petit [GP91] proved, that Büchi asynchronous cellular automata accept exactly the recognizable !-trace languages. These languages are closed under intersection \, union [, complement and the concurrent star operation c?. Example 5 The dependence graphs of traces in the language T = (b?bac)?b! with the dependence alphabet D : a | b | c look similar to the following one. b b a c b aaa !! ! aaa !! ! b b a c b aaa !! ! aaa !! ! b b : : : An automaton that accepts T is A = ((Qa)a2?; (ffia)a2?; S; F; R) with Qa = f0; 1g, Qb = f0; 1; 2g, Qc = f0; 1g, and the transition function ffia : (0; 1) 7! f1g ffib : (0; 0; 0) 7! f1; 2g (1; 0) 7! f0g (0; 1; 0) 7! f1g ffic : (1; 0) 7! f1g (1; 1; 1) 7! f0; 2g (0; 1) 7! f0g (1; 0; 1) 7! f0g (0; 2; 0) 7! f2g (1; 2; 1) 7! f2g 116 W. Ebinger There are two possibilities to define the acceptance table: R = f(f0g; f2g; f0g); (f1g; f2g; f1g)g or R0 = f(;; f2g; ;)g. An example for a run is given below. 1 1 1 1 0 aaa !! ! !! ! 0 0 0 0 2 aaa !! ! aaa !! ! 2 2 : : : b b a c b aaa !! ! aaa !! ! b b a c b aaa !! ! aaa !! ! b b : : : 0 0 0 global state (1; 1; 0) aaa ? ? ? ? ? ? 2 The equivalence of automata and logic is a consequence of the equivalence of recognizability and logic, since Büchi asynchronous cellular automata accept exactly the recognizable languages. In this section we will use the classical approach and provide an independent proof. We use standard techniques and some special constructions for Büchi asynchronous cellular automata. Since the case of finite traces has already been solved [Tho90b] we restrict ourselves to the case of infinite traces. Theorem 6 A trace language T ? IR(?; D) is accepted by some Büchi asynchronous cellular automaton if and only if T is definable in monadic second order logic. Proof: \)": Let A = ((Qa)a2?; (ffia)a2?; S; F = ;; R) with Qa = f0; : : : ; mag be a Büchi asynchronous cellular automaton which accepts T . Every trace t is considered as a structure (V; <; `). A computation r corresponds to a starting state s 2 S and sets Ya0; Ya1; : : : ; Yama (for every a 2 ?), where Yai = f v 2 V j `(v) = a ^ r(v) = i g contains all nodes that are labeled a and have the state i in the run r. The formula is given as follows. existence of a computation _ s2S 9Ya10 : : : 9Ya1ma1 On logical definability of !-trace languages 117 ... 9Yan0 : : : 9Yanman every node gets at most one state \disjunct sets" ^ labeling according to transition table 8v _ (p; a; q) q 2 ffia(p) ? Pa(v) ^ v 2 Yaq ^ find preceding state ^ b2D(a) ? 9w ? Pb(w) ^ w < v ^ :9u (w < u ^ u < v ^ Pb(u)) ^ Ybßb(p)(w) ? _ or the starting state ? :9w (Pa(w) ^ w < v) ^ \ßb(s) = ßb(p)" ??? ^ choose an element of the acceptance table _ R= Q a2? Ra2R ^ a2? l ^ i=1 Ra=fq1;:::;qlg infinite repetition ? 9X(\X is infinite." ^ X ? Yaqi ) _ only finitely many a 9v v 2 Yaqi ^ :9w (v < w ^ Pa(w) ? ! \(": Let ' be a second order formula that is in the restricted form of MSOL0 . Without loss of generality we have to consider predicates X ? Y , X < Y , and X ? Pa. We are going to perform induction over the construction of formulae. As there appear formulae with free variables in this induction we have to consider formulae '(X1; : : : ; Xn) with free variables X1; : : : ; Xn over the dependence alphabet (? ? f0; 1gn; Dn) with (a; ?) Dn (b; ?) iff a D b: 118 W. Ebinger Induction foundation: We are working with formulae '(X; Y ) with two free variables X , Y . In this case we use an alphabet ??f0; 1g2. The first additional digit indicates membership in X and the second additional digit indicates membership in Y . The generalization to arbitrary many free variables is easy. For all x 2 ? we consider processes x00, x01, x10, and x11. That gives a number of 4j?j processes. - X ? Y : This is a very simple automaton with only one global state 04j?j 2 S. The processes x00, x01, and x11 continue and stay in the local state 0, if they read a node labeled x00, x01, and x11. These are nodes that are in Y if they are in X . The processes x10 stop, because they read nodes that are in X , but not in Y . The acceptance table is R = (f0g; : : : ; f0g). ffix00(0D(x00)) = f0g ffix01(0D(x00)) = f0g ffix11(0D(x00)) = f0g ffix10(0D(x00)) = ; for all x 2 ? - X < Y : Again we start out with the global starting state 04j?j. The local state 0 indicates a process not having any information. 1 indicates a process suggesting that it has read the first node in X , 2 means that there was a node in X somewhere, and 3 stands for reading a node in Y after there has been a node somewhere in X . Every process x00 remains in state 0, if all dependent states are still in state 0. Every process x10 waits until it is active and then changes its local state to 1, if all dependent processes are still in state 0. Now the automaton has read a node that is in X but not in Y . Every process x00 that sees a 1 or 2 in a dependent state and is still in state 0 changes its own state to 2. In doing this they spread the news that there has been a node in X . A process x01 that sees a 1 or 2 in a dependent state changes its own state to 3, to indicate that it has read a node in Y that is <-greater than the first node that was in X . R = f Q a2? j jRaj = 1 for all a 2 ? and exactly once Ra = f1g and exactly once Ra = f3g g. On logical definability of !-trace languages 119 ffix00(0D(x00)) = f0g ffix00( f0; 1; 2gD(x00) | {z } some 1 or 2, qx00 = 0 ) = f2g ffix10(0D(x00)) = f1g ffix01( f0; 1; 2gD(x00) | {z } some 1 or 2, qx01 = 0 ) = f3g ffix00(f0; 1; 2; 3gD(x00) | {z } qx00 = q ) = fqg q 2 f1; 2; 3g - X ? Pa: Now we have only one free variable and we start from 02j?j 2 S. All processes x0 (for all x 2 ?) and the process a1 continue and stay in the local state 0. All other processes stop. The acceptance table is R = ff0g; : : : ; f0gg. ffix0(0; : : : ; 0) = f0g for all x 2 ? ffia1(0; : : : ; 0) = f0g Induction step: - Closure under conjunction ^ and disjunction _: Cartesian product of automata [GP91]. - Closure under complement :: Büchi asynchronous automata recognize exactly the recognizable languages [GP91] and these are closed under complement. - Closure under quantification (projection) of variables 9 (8 may be expressed by : and 9): The automaton for a formula 9X'(X) (we can easily add more free variables, that are not quantified in this step) over the alphabet ? ? f0; 1g is built taking the automaton for '(X). We melt every pair of processes x0; x1. The new process x has state set Qx = Qx0 ?Qx1 and guesses nondeterministically whether a node is in X or not and then performs a transition either in the component Qx0 or in the component Qx1. 2 120 W. Ebinger If we had a construction of a complement automaton, our proof would be completely constructive. A complementation construction similar to the standard complementation construction for Büchi automata does work. But we are looking for a more constructive complementation. 5 Star-free !-trace languages and first order logic In the case of finite traces [GRS91], finite words, and !-words [Tho90a, for an overview] star-free languages are exactly the first order definable ones. In order to investigate star-free !-trace languages we first have to give a definition of star-free !-trace languages. One possibility is to use star-free expressions with only boolean operations and concatenation, where the complement can be taken with respect to A? in order to get star-free sets of finite traces and with respect to A? and A! in order to get star-free sets of infinite traces. We can perform a part of the proof of the equivalence of recognizability and logic in the case of star-free languages and first order logic: S T is definable (10) =) in FO[<] Ladner, Thomas () T is S T is definable starin FO[<] free (20) (= T is (30) (= star-free For the implication (10) we have to express the <-relation on the traces directly by a first order formula using the <-relation on the words: x < y in the partial order on the traces if and only if _ (a1;a2)2D (a2;a3)2D ... (al?1;al)2D fa1;:::;alg?A jfa2;:::;algj=l?1 9x2 : : : 9xl?1 ? Qa1(x) ^ Qa2(x2) ^ : : : : : : ^ Qal?1(xl?1) ^ Qal(y) ^ x < x2 < : : : < xl?1 < y ? On logical definability of !-trace languages 121 For the implication (20) we replace the boolean operations by the corresponding logical operations. For concatenation we can use the first order formula that we gave in the proof of equivalence of logic and recognizability. The remaining direction (30) will be shown in a forthcoming joint work with V. Diekert and A. Muscholl. Acknowledgements The author wants to thank Volker Diekert, Paul Gastin, Hendrik Jan Hoogeboom, Anca Muscholl, Antoine Petit, and Wolfgang Thomas for many helpful discussions, corrections, and suggestions. References [Die90] V. Diekert. Combinatorics on Traces. Number 454 in Lecture Notes in Computer Science. Springer, Berlin-Heidelberg-New York, 1990. [Die91] V. Diekert. On the concatenation of infinite traces. In Choffrut C. et al., editors, Proceedings of the 8th Annual Symposium on Theoretical Aspects of Computer Science (STACS'91), Hamburg 1991, number 480 in Lecture Notes in Computer Science, pages 105{117. Springer, Berlin-Heidelberg-New York, 1991. [Gas91] P. Gastin. Recognizable and rational trace languages of finite and infinite traces. In Choffrut C. et al., editors, Proceedings of the 8th Annual Symposium on Theoretical Aspects of Computer Science (STACS'91), Hamburg 1991, number 480 in Lecture Notes in Computer Science, pages 89{104. Springer, Berlin-Heidelberg-New York, 1991. [GP91] Paul Gastin and Antoine Petit. Asynchronous automata for infinite traces. Rapport de Recherche 707, Universit?e de Paris- Sud, 1991. To appear in ICALP 1992, also this volume, pages 29{45. 122 W. Ebinger [GPZ91] P. Gastin, A. Petit, and W. Zielonka. A Kleene theorem for infinite trace languages. In J. Leach Albert et al., editors, Proceedings of the 18th International Colloquium on Automata Languages and Programming (ICALP'91), Madrid (Spain) 1991, number 510 in Lecture Notes in Computer Science, pages 254{266. Springer, Berlin-Heidelberg-New York, 1991. [GRS91] Giovanna Guaiana, Antonio Restivo, and Sergio Salemi. On aperiodic trace languages. In Choffrut C. et al., editors, Proceedings of the 8th Annual Symposium on Theoretical Aspects of Computer Science (STACS'91), Hamburg 1991, number 480 in Lecture Notes in Computer Science, pages 76{88. Springer, Berlin-Heidelberg-New York, 1991. [Maz77] A. Mazurkiewicz. Concurrent program schemes and their interpretations. DAIMI Rep. PB 78, Aarhus University, Aarhus, 1977. [Och85] E. Ochmanski. Regular behaviour of concurrent systems. Bulletin of the European Association for Theoretical Computer Science (EATCS), 27:56{67, Oct 1985. [Tho90a] Wolfgang Thomas. Automata on infinite objects. In Jan van Leeuwen, editor, Handbook of Theoretical Computer Science, chapter 4, pages 133{191. Elsevier Science Publishers B. V., 1990. [Tho90b] Wolfgang Thomas. On logical definability of trace languages. In V. Diekert, editor, Proceedings of a workshop of the ES- PRIT Basic Research Action No 3166: Algebraic and Syntactic Methods in Computer Science (ASMICS), Kochel am See, Bavaria, FRG (1989), Report TUM-I9002, Technical University of Munich, pages 172{182, 1990. [Zie87] W. Zielonka. Notes on finite asynchronous automata. R.A.I.R.O.-Informatique Th?eorique et Applications, 21:99{ 135, 1987. 123 124 M. Kwiatowska, M. Stannett On transfinite traces 125 126 M. Kwiatowska, M. Stannett On transfinite traces 127 128 M. Kwiatowska, M. Stannett On transfinite traces 129 130 M. Kwiatowska, M. Stannett On transfinite traces 131 132 M. Kwiatowska, M. Stannett On transfinite traces 133 134 M. Kwiatowska, M. Stannett On transfinite traces 135 136 M. Kwiatowska, M. Stannett On transfinite traces 137 138 M. Kwiatowska, M. Stannett On transfinite traces 139 140 M. Kwiatowska, M. Stannett On transfinite traces 141 142 M. Kwiatowska, M. Stannett On transfinite traces 143 144 M. Kwiatowska, M. Stannett On transfinite traces 145 146 M. Kwiatowska, M. Stannett On transfinite traces 147 148 M. Kwiatowska, M. Stannett On transfinite traces 149 150 M. Kwiatowska, M. Stannett On transfinite traces 151 152 M. Kwiatowska, M. Stannett On transfinite traces 153 154 M. Kwiatowska, M. Stannett On transfinite traces 155 156 M. Kwiatowska, M. Stannett On transfinite traces 157 On Temporal Logics for Trace Systems Wojciech Penczek? Institute of Computer Science, Polish Academy of Sciences 00-901 Warsaw, PKiN, P.O. Box 22, Poland March 1992 Abstract We investigate an extension of CTL (Computation Tree Logic) by past modalities, called CTLP , interpreted over Mazurkiewicz's trace systems. The logic is powerfull enough to express most of the partial order properties of distributed systems like serializability of database transactions, snapshots, parallel execution of program segments, or inevitability under concurrency fairness assumption. We show that a model checking problem for the logic is NP-hard, even if past modalities cannot be nested. Then, we give a one exponential time model checking algorithm for the logic without nested past modalities. We show that all the interesting partial order properties can be model checked using our algorithm. Then, we show that it is possible to extend the model checking algorithm to cover the whole language and its extension to CTL*P . At the end, we prove that the logic is undecidable and we discuss consequences of our results on using propositional versions of partial order temporal logics to synthesis of concurrent systems from their specifications. Keywords: Concurrency; Trace Systems; Partial Order Temporal Logics; Automated Verification. ?This research has been partly supported by the Netherlands grant NWO NF 3/62 - 500 and a grant from The Wolfson Research Awards Scheme in The United Kingdom. 158 On temporal logics on trace systems 159 1 Introduction Linear time [1] and branching time [2] temporal logics are usually applied for specifying and proving properties of concurrent systems and programs. Lately, several attempts have been made to use also logics interpreted over partial order structures [3 - 14]. The main motivation for defining these logics was to express properties inherent in the partial order interpretations, more specifically to distinguish concurrency from non-determinism. There are two approaches to extend linear and branching time temporal logics to partial order logics on global states. Either run modalities are introduced (see QISTL [5], ISTL [5,6], CCTL [9,15], Petri Net Logics [11,12]), or past operators over partial order semantics are defined (see POL [14], PN-logics [11,12], and [13, 16]). Temporal logics over partial order semantics allow for expressing properties not expressible in logics over interleaving semantics. These properties are: inevitability under concurrency fairness assumption [17,18], serializability of database transactions [13, 16], causal successor [11, 12, 14], or the parallel execution of program segments [13, 14]. Model checking is one of the main methods of automated verification of concurrent systems [38]. It has been intensively studied for linear-time temporal logics [19, 20], branching-time temporal logics [21 - 26], and modal ?-calculi [25,27]. Model checking has been also applied to prove properties of systems, represented by partial orders of local states [3, 4]. Methods for making it applicable to very large systems and of avoiding the state explosion problem have been proposed in [28 - 31]. As far no one has tried to investigate whether and how logics with partial order past operators, interpreted over global state models, can be used for automated verification of concurrent systems. Since Hennessy and Stirling [32] introduced backward modalities to program logics, all the work has concentrated around the induced equivalences [33,34], expressiveness issues [11,12,14,32,33], and proof systems [13,16]. In this paper we fill this gap. Moreover, our results explain why it is so difficult to deal with partial order logics, what is a common observation. We start with defining a logic CTLP , which is a simple extension of 160 W. Penczek CTL by past modalities. In fact, the language of CTLP is a restriction of that, considered in [3,4,13,16], and it is an extension of the language of Hennessy-Milner logic with past modalities [32]. Our choice is motivated by the following observations. CTL has proved to be a very usefull logic for automated verification. Model checking for CTL is linear in the size of a model and linear in the lenght of the formula [21], and the complexity of checking satisfiability is deterministic exponential in the size of a tested formula [35], whereas the complexity of model checking for CTL* is PSPACE-complete [22], and checking satisfiability is deterministic double exponential [36]. It turned out that it is possible to extend CTL to fair CTL (FCTL) [24] or to model check CTL formulas over fair paths [26] without changing the complexity of CTL model checking. Moreover, different methods dealing with the state explosion problem have been given [28,29]. We would be quite happy with these results, if the logic could distinguish concurrency from non-determinism and consequently, properties of partial order executions could be expressed. Unfortunately, this is not the case. Therefore, it seems very natural to consider a minimal extension of CTL s.t. properties of partial orders can be specified and proved. This can be done by introducing past modalities to the language. Then, our logic has to be interpreted over partial order models rather than over trees. Again, we select the simplest and the most frequently used partial order structures of global states, namely, Mazurkiewicz's trace systems (see [13,17,18,37,46]). In this paper we investigate consequences of our extension. Firstly, we show that for proving all the interesting partial order properties for finite state systems we can restrict ourselves to a model checking algorithm for the language without nested past modalities, call it CTLP?. Then, we prove that model checking for CTLP? is NP-hard. Consequently, we give a one exponential time model checking algorithm for this restricted language and show how it can be extended (if ever needed) to cover the whole logic. Our model checking algorithm requires a new technique, not applied before to model checking for CTL or CTL*. Secondly, we turn to the problem of determining satisfiability for CTLP formulas. To our surprise, we show that even CTLP? is not decidable. Since this result can be extended as well on other par- On temporal logics on trace systems 161 tial order temporal logics, interpreted over trace systems, like ISTL [13], or the logic, defined in [16], therefore we show an important limitation in applying partial order logics to synthesis of concurrent systems from their specifications. The rest of this paper is organized as follows. In section 2 trace systems are introduced. EN - systems and trace semantics is defined in section 3. Then, in section 4 the logic CTLP and its semantics is presented. Acceptors for finite state trace systems and model generators are defined in section 5. Section 6 contains the proof of NP-hardness of CTLP model checking and section 7 shows a model checking algorithm for CTLP? and its possible extensions. Undecidability of CTLP is proved in section 8 and then, in section 9, CTLP is compared with other temporal logics. Final remarks are given in section 10. 2 Trace Systems We start with introducing notions of traces and trace systems from [17]. By an independence alphabet we mean any ordered pair (?; I), where ? is a finite set of symbols (action names) and I ? ??? is a symmetric and irreflexive binary relation in ? (the independence relation). Let (?; I) be an independence alphabet. Define ? as the least congruence in the (standard) string monoid (??; ffi; ffl) such that (a; b) 2 I ) ab ? ba, for all a; b 2 ? i.e., w ? w0, if there is a finite sequence of strings w1; : : : ; wn s.t. w1 = w, wn = w0, and for each i < n, wi = uabv, wi+1 = ubav, for some (a; b) 2 I and u; v 2 ??. Equivalence classes of ? are called traces over (?; I). The trace generated by a string w is denoted by [w]. We use the following notations: - [??] = f[w] j w 2 ??g, [?+] = f[w] j w 2 ?+g, and [?] = f[a] j a 2 ?g. Concatenation of traces [w]; [v], denoted [w][v], is defined as [wv]. For more deatails about traces see [17]. Now, let T be the set of all traces over (?; I). The successor relation ! in T is defined as follows: [w1] ! [w2] iff there is a 2 ? such that [w1][a] = [w2]. The prefix relation <= in T is defined as a reflexive and 162 W. Penczek transitive closure of the successor relation i.e., <= = (!)?. By < we mean <= ? idT . Let ? 2 T and Q ? T . We use the following notations: - # ? = f? 0 2 T j ? 0 <= ?g, " ? = f? 0 2 T j ? <= ? 0g, - # Q = S ?2Qf? 0 2 T j ? 0 <= ?g, " Q = S ?2Qf? 0 2 T j ? <= ? 0g. We say that a subset Q of T dominates another subset R of T , if R ? # Q. Two traces are consistent, if there is a trace in T dominating both of them and inconsistent otherwise. A set R of traces is said to be proper, if any two of its consistent traces are dominated by a trace in R, and directed, if arbitrary two traces in R are dominated by a trace in R. A set of traces Q is said to be prefix-closed, if Q = # Q. By a trace system T over (?; I) we mean any prefix-closed and proper trace language over (?; I); traces T r(T ) in a trace system T is called states of T . A trace together with its prefixes represents a partial execution of the system. Maximal (w.r.t. the inclusion ordering) directed subsets R of T r(T ) is called runs of T . A run represents a single maximal execution of the system T . By a path in R ? T r(T ) we mean a maximal sequence x = ?0a0?1a1 : : : in R such that ?i[ai] = ?i+1 for all i >= 0. For convenience, we write also x = ?0?1 : : :. Let # x = f? 2 T r(T ) j ? <= ?i, for i >= 0g be a set of traces dominated by a path x. By an observation of a run R in T we mean any path x in R such that R = # x; we say also that x is an observation (of T ). Notice that an observation is such a path that is cofinal with some run. Thus, it carries the information about all actions executed in the run. A suffix ?iai?i+1ai+1 : : : of an observation x is said to be an observation starting at ?i. Lemma 2.1 A path x = ?0a0?1a1 : : : in T r(T ) is an observation iff (8a 2 ?)(8i 2 IN)(9j >= i)(?j [a] 62 T r(T ) or (a; aj) 62 I): Proof can be found in [13] or in [39]. Obviously, the above lemma holds for suffixes of observations. The comparison between the notion of an observation and the notion of a juste On temporal logics on trace systems 163 computation can be found in [18]. In fact, each juste path is an observation, but not the other way round. A subset Q ? T r(T ) is said to be inevitable, if each observation of T contains a state in Q. Inevitability is an important property for trace systems, discussed in [17,18]. Since one of the aims of this paper is to show a method of proving properties of trace systems by model checking, the finitely representable trace systems are of interest. They are called finite state trace systems. Definition 2.1 A trace system T is said to be finite state, if there is an equivalence relation EQ ? T r(T ) ? T r(T ) in the set of traces of T satisfying the following two conditions: 1. EQ has a finite index, 2. (8?; ? 0 2 T r(T ))(8ff 2 [?]) ((? EQ ? 0 and ?ff 2 T r(T )) ) (?ff EQ ? 0ff)). The above definition says that T contains a finite number of traces \distinguishable w.r.t. their continuations in T ". It should be noticed that T may have infinitely many traces with different histories i.e., # ? 6=# ? 0, for infinitely many ?; ? 0 2 T r(T ). Examples of trace systems and of accompanying notions are given in the next section. Trace systems are commonly used for giving semantics to Elementary Net Systems [17] and finite state programs. In [13] trace systems were used for giving semantics to a wider class of concurrent programs, namely those for which equivalence classes are associated with first order interpretations. Below, EN-systems are defined and it is shown how to define their trace semantics. EN-systems serve us as examples of finite state concurrent systems. 3 EN-systems and trace semantics Now, a subclass of Petri Nets, called EN-systems, is introduced. 164 W. Penczek Definition 3.1 (EN-system) A EN-system is an ordered quadruple N = (B; E; F; c0), where B and E are finite, disjoint, nonempty sets of places and transitions, resp., F ? B?E [E ?B is the flow relation, with dom(F ) [ dom(F ) = B [ E, and c0 ? B is the initial case. Any subset c of B is called a case. Nets are illustrated graphically using lines for representing transitions, circles for places, and arrows for the flow relation. Definition 3.2 Let N be a EN-system. For each x 2 B[E, the following sets are defined: - P re(x) = fy j (y; x) 2 Fg, - P ost(x) = fy j (x; y) 2 Fg, - P rox(x) = P re(x) [ P ost(x). Definition 3.3 (firing sequence) We say that a transition t is fireable at a case c and leads to the case c0 (written c[t > c0), if P re(t) ? c, P ost(t) ? c0, and c ? P re(t) = c0 ? P ost(t). A finite sequence of transitions w = t0t1 : : : tn is said to be a firing sequence of N , if there is a sequence of cases c1; : : : ; cn+1 s.t. ci[ti > ci+1, for i <= n. This is denoted by c0[w > ci+1. The case cn+1 is said to be reachable. Definition 3.4 A EN-system N is said to be contact-free iff for each reachable case c and for all t 2 E, the following condition holds: - P re(t) ? c implies P ost(t) \ (c ? P re(t)) = ;. Therefore, for contact-free nets a transiton t is fireable at c, if P re(t) ? c. All the EN-systems, used in the examples in the paper, are contact-free. Next, it is shown how trace systems give semantics to EN-systems. Definition 3.5 (trace semantics) The trace system T over (?; I) represents behaviour of a EN-system N = (B; E; F; c0), if the following conditions hold: On temporal logics on trace systems 165 - ? = E, - (a; b) 2 I iff P rox(a) \ P rox(b) = ;, and - T r(T ) = f[w] 2 [??] j w is a firing sequence of transitions in Ng. Example 3.1 Notice that trace systems giving a semantics to EN- systems are finite state. Let N = (B; E; F; c0) be a EN-system and T be the trace system representing behaviour of N . T is finite-state and EQ can be defined as follows: (8[w]; [w0] 2 T r(T ))(8c ? B) [w] EQ [w0] iff (c0[w> c , c0[w0 > c): To allow the comparison of the approach presented here with that of Peled and Pnueli, all the examples shown below are taken from their paper [13]. Example 3.2 (inevitability) Below, EN-system N1 together with its trace system semantics T1 is presented. ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? s s ? ? ? ? ? @ @ @ @ @ R ? ? ? ? ? ? ? ? ? ? ? ? @ @ @ @ @ I 2 1 4 5 3 a b c d Figure 1: EN-system N1 The EN-system N1 = (B1; E1; F1; c1 0), where 166 W. Penczek - B1 = f1; 2; 3; 4; 5g, - E1 = fa; b; c; dg, - F1 = f(1; a); (a; 2); (1; b); (b; 4); (3; b); (3; c); (c; 5); (5; d); (d; 3)g, - c1 0 = f1; 3g. - - - - - - - - ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? [a] [ac] [cda] [cdca] [ffl] [c] [cd] [cdc] [b] [cdb] Figure 2: Trace Semantics T1 of System N1 The independence alphabet (?; I) is defined as follows: - ? = fa; b; c; dg, - I = f(a; c); (c; a); (a; d); (d; a)g. There are infinitely many finite runs Ri and one infinite run R in the trace system T1: - Ri =# [(cd)ib], for i >= 0, - R = S1 i=1 # [(cd)ia] Every path in T r(T1) except for x = [ffl][c][cd][cdc]::: is an observation of T1. The following is an example of an inevitability property: On temporal logics on trace systems 167 - INEVITABILITY: Either a or b will be eventually executed. (i.e., cases containing 2 or 4 will be reached inevitably). One could be estonished that either a or b is inevitable as there is an infinite path x = [ffl][c][cd][cdc] : : : in which neither a nor b is executed. But this path is not an observation and according to the definition, a property is inevitable if it holds for each observation. Example 3.3 (serializability) Below, EN-system N2 and its trace semantics is presented. Then, an example of a serializability property is given. ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? s s s ? ? ? ? ? ? ? ? ? ? ? ? ??????? ? * H H H H H H H H Y H H H H H H H H Y ??????? ? * 9 7 8 a3 b3 5 6 a2 b2 3 4 a1 b1 1 2 Figure 3: EN-system N2 168 W. Penczek ? ? ? ? @ @ @ R ? ? ? ? @ @ @ R ? ? ? ? ? ? ? ? @ @ @ R ? ? ? ? @ @ @ R ? ? ? ? @ @ @ R ? ? ? ? @ @ @ R ? ? ? ? @ @ @ R ? ? ? ? @ @ @ R @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ ? ? ? ? ? ? ?? @ @ @ @ @ @ @ @ ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? [a1a2a3b1b2b3] [b1b2b3a1a2a3] [a1a2a3b1b2] [b1b2b3a1a2] [a1a2a3b1] [b1b2b3a1] [a1a2a3] [a1a2b1] [b1b2a1] [b1b2b3] [a1a2] [a1b1] [b1b2] [ a1 ] [ b1 ] [ - ] Figure 4: Trace Semantics T2 of N2 The EN-system N2 = (B2; E2; F2; c2 0) is defined as follows: - B2 = f1; 2; 3; 4; 5; 6; 7; 8; 9g, - E2 = fa1; a2; a2; b1; b2; b3g, - F2 = f(1; a1); (a1; 3); (3; a2); (a2; 5); (5; a3); (a3; 7); (a3; 9); (9; a2); (9; b2); (2; b1); (b1; 4); (4; b2); (b2; 6); (6; b3); (b3; 9); (b3; 8)g, On temporal logics on trace systems 169 - c2 0 = f1; 2; 9g. The trace system T2 contains two runs, marked by the thin and the thick lines. - SERIALIZABILITY: The net N2 can be thought of as implementing a database with two transactions T1 = fa1; a2; a3g and T2 = fb1; b2; b3g. Each transition can represent database read or write operation. An implementation is correct, if transactions are serializable. Serializability of T1 and T2 [13] in terms of trace semantics is as follows: In every run, there exists an observation in which either all the operations of T1 appear before those of T2, or the other way round, i.e., there is an observation, which behaves in a serial manner. One can check that indeed in each run there is an observation satisfying the above requirement, namely: - [ffl][a1][a1a2][a1a2a3][a1a2a3b1][a1a2a3b1b2][a1a2a3b1b2b3] in the \thick" line marked run, and - [ffl][b1][b1b2][b1b2b3][b1b2b3a1][b1b2b3a1a2][b1b2b3a1a2a3] in the \thin" line marked run. In the next part of the paper it is shown how to express the mentioned properties in the logic and then how to prove them by model checking. 4 Logic CTLP and its semantics Next, the language of CTLP is defined and then semantics is presented. 4.1 Syntax of CTLP Let ? be a fixed set of action names. Now, we define the set of state and path formulas of CTLP . Let PV be a set of propositional variables. 1. Each p 2 PV is a state formula, 170 W. Penczek 2. if ' and are state formulas, then so are ' ^ , :', 3. if ' is a state formula, then so are Ya' (for a 2 ?), and H', 4. if ' is a state formula, then Xa' (for a 2 ?), G', and 'U are path formulas, 5. if ' is a path formula, then E' is a state formula. The symbol E can be called an observation quantifier (it corresponds to path quantifiers in CTL). The other symbols have the following intuitive meaning: Xa - next step "along" a, U - Until, G - always in the future, Ya - backward step "along" a, H - always in the past. Path formulas are interpreted over observations and state formulas are evaluated at states of models. Formulas of the form Ya', H' are called past formulas. The following abbreviations are used: - ' _ def = :(:' ^ : ), - true def = ' _ :', for any ', - ' ) def = :' _ , - F' def = trueU', - P' def = :H:', - EX' def = W a2? EXa', AX' def = :EX:', - Y ' def = W a2? Ya', - AG' def = :EF:', - A('U ) def = :(E(: U(:' ^ : )) _ EG(: )). The lack of symmetry between backward and forward operators stems from the fact that the past of a state is conflict-free whereas the future may not. In this paper we also consider a logic CTLP?, which is a restriction of CTLP s.t. past formulas cannot be nested. On temporal logics on trace systems 171 4.2 Semantics of CTLP Now, we define formally the semantics of CTLP . Definition 4.1 A frame (for a trace system T over (?; I)) is a triple Fv0 = (W; !; v0), where W = T r(T ) is the set of traces of the trace system T , !? W ? ? ?W is a labelled transition relation s.t. ? a ! ? 0 iff ? 0 = ? [a], and v0 = [ffl]. Definition 4.2 A model (for a trace system T over (?; I)) is an ordered pair M = (Fv0 ; V ), where Fv0 = (W; !; v0) is a frame for T and V : W ?! 2PV is a valuation function. The notion of truth in M is defined by the relation j= as follows: 1. M;w0 j= p iff p 2 V (w0), for p 2 PV , 2. if '; are state formulas, M;w0 j= :' iff not M;w0 j= ', M;w0 j= ' ^ iff M;w0 j= ' and M;w0 j= , 3. M;w0 j= H' iff M;w0 j= ', for all w0 : w0 < w0, M;w0 j= Ya' iff M;w0 j= ', for some w0 : w0 a ! w0, 4. if x = w0a0w1a1 : : : is an observation starting at w0, then M;x j= Xa' iff M;w1 j= ' and a0 = a, M;x j= G' iff M;wi j= ' for all i >= 0, M;x j= 'U iff there is k >= 0 s.t. M;wk j= , and for all 0 <= i < k: M;wi j= ', 5. if ' is a path formula, then M;w0 j= E' iff M;x j= ', for some observation x starting at w0. 172 W. Penczek We say that a formula ' is valid in a model M (written M j= '), if M; v0 j= '. Such notion of validity in model is sometimes called the anchored validity. A formula ' is said to be valid, if M j= ', for all models M . The language of CTLP contains all the CTL formulas (with slightly different semantics, tuned to observations) and moreover the formulas with the past modalities H and Ya. Since our logic needs to be able to speak about actions, we have defined labelled next and backward step operators. However, we have done that only for simplicity. To show that we could have avoided introducing labelled operators we give the following example of a valuation function, which encodes labels of transitions. Then, labelled operators are expressible using their unlabelled versions. Example 4.1 Let PV? = fpa j a 2 ?g ? PV and let V satisfy the following condition: - pa 2 V (?) iff ]a(?) is odd, (]a(?) is the number of occurrences of a in ? ). Then, EXa' would be equivalent to a formula (pa ) EX(:pa ^ ')) ^ (:pa ) EX(pa ^ ')) and Ya' would be equivalent to a formula (pa ) Y (:pa ^ ')) ^ (:pa ) Y (pa ^ ')). 4.3 Expressiveness of CTLP We give several examples of expressiveness of CTLP . Then, we convince the reader that for finite state models, if we can express properties of partial executions and runs, then we can specify serializability. Let M = (Fv0 ; V ) be a model for a trace system T . - M; v0 j= AG' { ' is an invariant in T , - M; v0 j= AF' { ' is inevitable in T , (under a concurrency fairness assumption), - M; v0 j= EF' { ' is possible in T , On temporal logics on trace systems 173 - M; v0 j= EF (H' ^ ') { there is a partial execution in T s.t. ' holds at all its states, - M; v0 j= EG(H' ^ ') { there is a run in T s.t. ' holds at all its states, - M; v0 j= AF (P' _ ') { ' holds at some state of each run in T , - M; v0 j= EF (Ya(true)^Yb(true)) { actions a and b are independent in T , - M; v0 j= AG(' ) P ) { always if ' holds, held in the past; this formula allows for specifying snapshots of concurrent programs [13, 16], (' and do not contain temporal formulas). Assume now that the trace system T is finite state and given an equivalence relation EQ in T r(T ) s.t. jEQj = n. Moreover, we require that a valuation function of equivalent states is the same i.e., V (?) = V (? 0 ), if ? EQ ? 0. Now, we show how serializability of two transactions T1 and T2 can be specified. Obviously, we consider here a simplified version of serializability without taking into account aborts and any consistency conditions of specific operations of transactions. All these requirements could be also specified by translating first order formulas, defined in [16], into their propositional versions. Here, we concentrate our attention on specifying that transactions can be serialized. Let M = (Fv0 ; V ) be a model for T . Firstly, assume that transactions are executed only once. Denote by beforei and afteri the assertions meaning that control is before or after the execution of transaction Ti, respectively. Then, serializability of T1 and T2 can be expressed as follows: 1. (before1 ^ before2) ) AFP ((before1 ^ after2) _ (before2 ^ after1)), 2. AG(((before1 ^ after2) _ (before2 ^ after1)) ) AF (P (after1 ^ after2) _ (after1 ^ after2))). 174 W. Penczek The first formula expresses that each run contains a state at which either control is before the execution of T1 and after the execution of T2, or the other way round. The second formula says that each run contains a state at which control is after the execution of T1 and T2. Secondly, we assume that T1 and T2 are executed infinitely many times. We denote by "quiescenti" and \activei" the assertions meaning that a transaction Ti has already terminated or has not yet started, and that Ti is active, respectively. Moreover, we assume that we have a set of assertions f?1; : : : ; ?ng, identyfing uniquely states belonging to different equivalence classes of EQ i.e., at each state exactly one ?i holds and at states belonging to the same equivalence class the same ?j holds. Then, serializability of T1 and T2 can be expressed as follows: SER1: AG[ Vn j=1((?j ^ V2 i=1 quiescenti) ) AF ( V2 i=1 P (activei ^ P (?j)))] SER2: AG[( Vn j=1((?j ^ W2 i=1 activei) ) AFP (( V2 i=1 quiescenti ^P (?j )))] SER3: AG[ Vn j=1((?j ^ V2 i=1 quiescenti) ) AG(( V2 i=1(quiescenti^P (activei ^P (?j))) ) P ( V2 i=1 quiescenti^ P (?j))))] The formula SER1 expresses that if at some state s transactions T1 and T2 are quiescent, then for each run in the future of s transactions T1 and T2 will become active. The formula P (?j) is used in order to guarantee that the transactions become active in the future of s. The formula SER2 says that if at some state s the transactions T1 and T2 are active, then for each run at some state in the future of s the transactions T1 and T2 will become quiescent. We have to add also the third formula. Informally saying, the formula SER3 expresses that for each trace "starting" and "ending" at a state, where T1 and T2 are quiescent, but were active at some its prefix, there is a linearisation, which behaves in a serial manner. Example 4.2 Now, it is shown how the properties, we have discussed in the former examples, can be formally expressed by CTLP formulas. Firstly, models are defined. Let PVi = fpb j b 2 Big, where Bi is the set of places of EN-system Ni, for i 2 f1; 2g. The valuation function assigns to each state these propositions which correspond to marked places. On temporal logics on trace systems 175 The model M1 = (F 1 [ffl]; V1), for the trace system T1 is defined as follows: - F 1 [ffl] = (W1; !1; [ffl]) is the frame for T1, - V1 : W1 ?! 2PV1 s.t. { pb 2 V1([w]) iff pb 2 c, for the case c s.t. c1 0[w> c in N1. In the following way, the property, discussed in Example 3.2, can be expressed by CTLP formulas: - INEVITABILITY: p1 ^ p3 ) AF (p2 _ p4), The model M2 = (F 2 [ffl]; V2) for the trace system T2 is defined as follows: - F 2 [ffl] = (W2; !2; [ffl]) is the frame for T2, - V2 : W2 ?! 2PV2 s.t. { pb 2 V2([w]) iff b 2 c, for the case c s.t. c2 0[w> c in N2. In this case T1 and T2 can occur only once. Thus, our specification is simpler. In terms of propositional variables, the property can be expressed as: - SERIALIZABILITY: 1. p1 ^ p2 ^ p9 ) AFP ((p7 ^ p2 ^ p9) _ (p1 ^ p8 ^ p9)), 2. AG[((p7 ^ p2 ^ p9) _ (p1 ^ p8 ^ p9)) ) AF (P (p7 ^ p8 ^ p9) _ (p7 ^ p8 ^ p9))]. In the following sections, it is shown how to prove the above property by model checking. 5 Acceptors for finite state trace systems and model generators Firstly, we define formally a notion of a finite state model for CTLP . 176 W. Penczek Definition 5.1 A model M = (Fv0 ; V ) (for a trace system T ) is said to be finite state, if there is an equivalence relation EQ ? T r(T ) ? T r(T ) in the set of traces of T satisfying the conditions of the Definition 2.1 and 3. for each ?; ? 0 2 T r(T ), if ? EQ ? 0, then V (?) = V (? 0) (EQ respects V ). Then, we show how to represent finite state models in a finite way. First, we show how to represent frames by a special kind of labelled transition systems. Now, the definitions of labelled transition systems and concurrent transition systems are given, and related to trace systems. Concurrent transition systems have been introduced in [40] and investigated by many authors (see [41, 42]). Definition 5.2 (labelled transition system) A labelled transition system (lts) is a triple F = (W; ?; !) such that: 1. W is a non-empty, countable set of states, 2. ? is a non-empty, countable set of actions, 3. ! ? W ???W is a transition relation; we write w a ! w0 instead of (w; a; w0) 2!, The following notation is also used: - w ! w0, if there is a 2 ? s.t. w a ! w0, - w !? w0, it there is a sequence of states w0; : : : ; wn s.t. w = w0, w0 = wn, and wi ! wi+1 for 0 <= i < n. Definition 5.3 (concurrent transition system) A concurrent transition system (cts) is a 4-tuple F = (W; ?; !; I) such that: 1. (W; ?; !) is a labelled transition system, On temporal logics on trace systems 177 2. (?; I) is an independence alphabet, 3. (8w; w0; w00 2 W )(8a; b 2 ?) : (w a ! w0 b ! w00 and (a; b) 2 I) implies 9w000: w b ! w000 a ! w00, 4. (8w; w0; w00 2 W )(8a; b 2 ?) : (w a ! w0 and w b ! w00 and (a; b) 2 I) implies 9w000: w0 b ! w000 and w00 a ! w000, 5. (8w; w0; w00 2 W )(8a 2 ?): (w a ! w0 and w a ! w00) implies w0 = w00. Condition 3) requires that independent actions can commute, condition 4) is called a "diamond property". Condition 5) expresses unambiguity. In our case, this condition does not introduce any limitation, but it is convenient for using sequences of actions to denote paths. Definition 5.4 Let F = (W; ?; !; I) be a concurrent transition system and w0 2 W . - Fw0 = (W; ?; !; I ; w0) is said to be a rooted concurrent transition system - rcts, for short. - A path in Fw0 is any finite or infinite sequence x = w0a0w1a1 : : : s.t. wi ai ! wi+1, for i >= 0. - en(w0) = fa 2 ? j (9w 2 W ) : w0 a ! wg is the set of all the actions enabled at w0. The following notations are used. Let x = w0a0w1a1 : : : be a path in Fw0 . - x=? = a0a1 : : :, - T r(Fw0) = f[x=?] j x is a finite path in Fw0g, - Fw0 is said to accept a trace system T over (?; I), if T r(T ) = T r(Fw0 ). 178 W. Penczek - A path x is said to be an observation in Fw0 , if [ffl][a0][a0a1] : : : is an observation in T r(Fw0 ). - A suffix wiaiwi+1ai+1 : : : of an observation x is said to be an observation starting at wi. Next, it is shown that rooted concurrent transition systems accept trace systems. Fact 5.1 Let Fw0 be a rooted concurrent transition system. Then, T r(Fw0) over (?; I) is a trace system. Proof. It is easy to show that condition 4 in the definition of cts implies that T r(Fw0 ) is proper and condition 3 guarantees that T r(Fw0) is prefix-closed. Moreover, all trace systems have got their acceptors. Fact 5.2 Let T be any trace system. Then, there exists a rooted concurrent transition system Fw0 s.t. T r(Fw0) = T r(T ). Proof. Clearly, Fw0 = (T r(T ); ?; !; I ; [ffl]) is a rooted concurrent transition system, accepting T , where ? a ! ? 0 iff ? 0 = ? [a], for a 2 ?. If a trace system T is finite state and EQ is an equivalence relation in T r(T ), as described in the Definition 2.1, then there exists a finite rooted concurrent transition system accepting T . Definition 5.5 The quotient structure of T r(T ) by EQ is a 5-tuple Fw0 = (W; ?; !; I ; w0), where: - W = f[? ]EQ j ? 2 T r(T )g is a set of states, - (?; I) is an independence alphabet, - ! ? W???W is a transition relation such that [? ]EQ a ! [? 0]EQ, if there are traces ?1 2 [? ]EQ; ? 0 1 2 [? 0]EQ, and a 2 ? s.t. ?1[a] = ? 0 1, On temporal logics on trace systems 179 - w0 = [ffl]EQ. It is easy to check that Fw0 is a rooted concurrent transition system accepting T . Therefore, if a trace system T and an equivalence relation EQ in T r(T ) is given, then Definition 5.5 shows how to define the finite rcts accepting T . Example 5.1 (acceptors for trace systems) Below, we show the definitions of finite acceptors for the trace systems T1 and T2 of the Examples 3.2 and 3.3. ÖÄ O? ÖÄ O? ÖÄ O? ÖÄ O? ÖÄ O? ö - - ö ? ? ? ? ? ? ? ? ? ? ? 4 2,3 2,5 1,3 1,5 d c c d b a a Figure 5: The rcts F1 accepting the trace system T1 The rcts F 1 w10 = (W1; ?1; !1; I1; w1 0) accepting the trace system T1 is defined as follows: - W1 = ff1; 3g; f1; 5g; f4g; f2; 3g; f2; 5gg, - ?1 = fa; b; c; dg, - !1= f(f1; 3g; b; f4g); (f1; 3g; a; f2; 3g); (f1; 3g; c; f1; 5g); (f1; 5g; d; f1; 3g); (f1; 5g; a; f2; 5g); (f2; 5g; d; f2; 3g); (f2; 3g; c; f2; 5g)g, - I1 = f(a; c); (c; a); (d; a); (a; d)g, 180 W. Penczek - w1 0 = f1; 3g. One can easily notice that, in this case, F 1 w10 is the sequential case graph of N1, extended by the dependence relation. The trace system T2 itself defines the finite rcts F 2 w20 = (W2; ?2; !2; I2; w2 0), where: - W2 = T r(T2), - ?2 = fa1; a2; a3; b1; b2; b3g, - ? a !2 ? 0 iff ? [a] = ? 0, - I2 = ?2 ??2 ? (fa2; a3; b2; b3g2[ f(a1; a1); (b1; b1); (a1; a2); (a2; a1); (b1; b2); (b2; b1)g), - w2 0 = [ffl]. Now, let Fw = (W; ?; !; I ; w) be a rcts. Define an acceptance function AC : T r(Fw) ?! W assigning to each trace from T r(Fw) the state of Fw which accepts this trace, i.e., AC(?) = w0 iff there is a finite path x from w to w0 s.t. [x=?] = ? . Thanks to the conditions 4) and 5) in Definition 5.3, AC is defined correctly. In the standard way AC is extended on subsets of T r(Fw): AC(P ) = fAC(?) j ? 2 Pg, for P ? T r(Fw). Now, we define the notion of a model generator for a finite state model for a trace system T . Definition 5.6 Let M = (Fv0 ; V ) be a finite state model for a trace system T , and let EQ be an equivalence relation in T r(T ) respecting V . Then, a model generator for M is defined as MG = (Fw0 ; VG), where Fw0 is the quotient structure of T r(T ) by EQ and VG : [T r(T )]EQ ?! 2PV s.t. VG([? ]EQ) = V (?), for any ? 2 T r(T ). We say that a formula ' is true in a model generator MG at w0 (written MG;w0 j= '), if M; v0 j= '. Before discussing a model checking algorithm for CTLP , we show that, in fact, we can restrict ourselves to give an algorithm for CTLP? - the restriction of CTLP without nested past modalities and still we can On temporal logics on trace systems 181 check all the properties we are interested in. The only property, we have discussed, which required nested past operators, was serializability. But we show that for checking serializability, we can use a model checking algorithm for CTLP?. This follows from the following observation. Let M? be a restriction of the model M to states " ? \ T r(T ) i.e., M? is a submodel of M , generated by ? . Let ? be a proposition which holds only at the beginning state of each model M? i.e., ? ? Hfalse. Notice that: - M j= SER1 ^ SER2 ^ SER3 iff for each ? 2 T r(T ): M? j= SER10 ^ SER20 ^ SER30, where SER10: ( V2 i=1 quiescenti) ) AF ( V2 i=1 P (activei)) SER20: ( W2 i=1 activei) ) AFP ( V2 i=1 quiescenti) SER30: ( V2 i=1 quiescenti) ) AG(( V2 i=1(quiescenti ^ P (activei)) ) P ( V2 i=1 quiescenti ^ :?)) Since M is a finite state model, then there are at most jEQj nonisomorphic submodels M? . Let MG = (Fw0 ; VG), where Fw0 = (W; ?; ! ; I ; w0) be a model generator for M and let Mw G = (Fw; V w G ) be a model generator for M? , where AC(?) = w 2 W . Consequently, M j= SER1^SER2^SER3 iff Mw G ; w j= SER10 ^SER20 ^SER30, for each w 2 W . Therefore, fortunately we can give a model checking algorithm for CTLP? and we can still verify all the properties, discussed so far. Unfortunately, as we show in the next section, model checking for CTLP? is NP-hard. 6 NP-hardness of CTLP model checking In this section we show that model checking for CTLP?, and therefore for CTLP is NP-hard. Our problem has the following formulation: given a model generator MG = (Fw0 ; VG) and a formula ', is ' true in MG at w0 ? We prove that 3-SAT problem is polynomialy reducible to determining whether MG;w0 j= ', for some CTLP formula '. 182 W. Penczek Let = c1 ^ : : : ^ cm be a boolean formula in 3-CNF, where ci = li1 _ li2 _ li3 , for 1 <= i <= m, lij = xk or :xk for some k s.t. 1 <= k <= n, x1; : : : ; xn are the propositional variables appearing in . Let MG = (Fw0 ; VG) be a model generator (see the figure below), defined as follows: - let X = fxi j 1 <= i <= ng [ fx0 i j 1 <= i <= ng, Y = fyi j 0 <= i <= ng, - Fw0 = (W; ?; !; I ; w0), where - W = X [ Y , ? = X ? Y [ Y ?X , I = ;, - != f(yi?1; (yi?1; xi); xi); (yi?1; (yi?1; x0 i); x0 i); (xi; (xi; yi); yi); (x0 i; (x0 i; yi); yi) j 1 <= i <= ng, - w0 = y0, - PV = fci j 1 <= i <= mg, - V (xi) = fcj j xi appears as a literal in cjg, - V (x0 i) = fcj j :xi appears as a literal in cjg, - V (yi) = ;, for 0 <= i <= n. s s s s s s s s s s s ???? ? * HHHH H j???? ? * HHHH H j???? ? * HHHH H j???? ? * HHHH H j q q q q q q ???? ? * HHHH H j???? ? * HHHH H j y0 x1 x0 1 y1 x2 x0 2 y2 yn?1 xn x0 n yn Figure 8: The structure Fw0 of the model generator MG The following equivalence holds: *) is satisfiable iff MG;w0 j= EF (P c1 ^ : : : ^ P cm). On temporal logics on trace systems 183 The above follows from the fact that since the dependence relation I = ;, therefore the model, generated by MG, is a tree. Therefore, all ci must be true somewhere at the same path, which represents one of the possible valuations of propositional variables xi. This reduction is polynomial. Hence, model checking for CTLP is NP-hard. In fact we have proved even more. Namely, that model checking is NP-hard, even if past modalities cannot be nested, i.e., model checking for CTLP? is NP-hard. The next part of this paper is devoted for defining a model checking algorithm for CTLP? and then, it is shown how our method can be extended to cover the whole language of CTLP . 7 Model checking for CTLP? Altough, CTLP? seems to be a very mild extension of CTL, it turns out that using a model checking algorithm for CTLP? we can check all the partial order properties, we have discussed so far. Therefore, a model checking method for CTLP? is of interest. Because of NP-hardness, we can hardly believe in a polynomial time model checking algorithm. Thus, the best we can offer is an algorithm of one exponential complexity. Moreover, as we show later, as soon as we know how to check CTLP? formulas we can apply this method to the whole language of CTLP and its extension to CTL? P . Unfortunately, any of the known methods for model checking, applied to CTL or CTL*, cannot be used in the case of CTLP?. Showing why all these methods fail is going to be a good introduction to our method of model checking. Let MG = (Fw0 ; VG) be a model generator for M (we assume that the set PV of propositional variables is finite) and be a CTLP? formula to be checked over. Firstly, let's try to apply a method, used for CTL [21]. Immediately we find an obstacle. We do not know how to label states of a model generator MG with subformulas of containing past operators. This problem stems from the fact that it may happen that for some ?; ? 0 2 T r(Fw0 ): AC(?) = AC(? 0 ) = w in MG and for some H' 2 Subformulas( ), M; ? j= H' and M; ? 0 j= :H'. 184 W. Penczek Secondly, let's try to apply a method, used for LTTL [19] and CTL* [24]. Define a cross product of MG with all subsets of Subformulas( )[ PV . Then, we can obtain a structure which is not a concurrent transition system. In fact, it can violate all the conditions, but that, which cannot be repaired is a diamond property. It may happen that for some trace ? , two different states w and w0 in the new structure accept it. Since, w and w0 may have been assigned different formulas, therefore our construction fails. Looking at automata theoretic constructions [20] we realize that the same problems appear as in the former case. Therefore, we need a new technique. The general idea is to unwind MG s.t. we can assign past formulas to states of a new structure and then use the most efficient method of CTL model checking, tunned to observations. Let Fw0 = (W; ?; !; I ; w0) be a rcts, w 2 W , W 0 ? W , and ? 2 [??]. The following notations are used: - ?(?) = fa 2 ? j ? = ?1[a]?2, for some ?1; ?2 2 [??]g is the set of action names \occurring" in the trace ? . - en(w; W 0) = fa 2 ? j (9w0 2 W 0) : w a ! w0g defines actions, enabled at w and leading to the states from W 0, - ?I = fa 2 ? j (9b 2 ?) (a; b) 2 Ig is the set of actions for wich there is at least one independent action, - I(?) = f?0 ? ? j (9a 2 ?) : fag ??0 ? Ig [ f?g is the family of sets of actions ?0 s.t. there is at least one action independent with all its elements or ?0 = ?. We need the following lemmas. Lemma 7.1 A maximal path x = w0a0w1a1 : : : is an observation in Fw0 iff (8a 2 ?)(8i 2 IN)(9j >= i)(a 62 en(wjor ((a; aj) 62 I)) Proof follows directly from Lemma 2.1. On temporal logics on trace systems 185 Obviously, the above lemma holds also for observations starting at any w 2 W . The next lemma is a special case of Levi's Lemma for traces [17]. We present it with a short proof. Lemma 7.2 For each ?; ?1; ?2 2 [??] and ff 2 [?] the following condition holds: ?ff = ?1?2 iff 1) ?2 = ? 00ff and ?1? 00 = ? , for some ? 00 2 [??] or 2) ?1 = ? 0ff, fag ? ?(?2) ? I, and ? 0?2 = ? , for some ? 0 2 [??] and [a] = ff. Proof.(<=) Obvious. (=>) Let w be any linearisation of ?ff. Then w must be of the following form w = w0aw00, where [w0w00] = ? , [a] = ff, and fag??([w00]) ? I , (where fag?; = ;). Now, if we represent w by concatenation of two strings w1; w2 s.t. w = w1w2, then the following cases are possible: - w1 = w0 1 and w2 = w0 2aw00, where w0 = w0 1w0 2, or - w1 = w0aw00 1 and w2 = w00 2 , where w00 = w00 1 w00 2 . Now, let ?ff = ?1?2. Therefore, either ?1 = [w0 1] and ?2 = [w0 2aw00], where w0 = w0 1w0 2 and fag ? ?([w00]) ? I , or ?1 = [w0aw00 1 ] and ?2 = [w00 2 ], where w00 = w00 1 w00 2 and fag ? ?([w00]) ? I . This implies that either ?1 = [w0 1] and ?2 = ? 00[a], where ? 00 = [w0 2w00], ?1? 00 = [w0 1w0 2w00] = [w0w00] = ? , or ?1 = ? 0[a], fag ? ?([w00 2 ]) ? I , and ?2 = [w00 2 ], where ? 0 = [w0w00], ? 0?2 = [w0w00 1 w00 2 ] = [w0w00] = ? . Let MG = (Fw0 ; VG) be a model generator, where Fw0 = (W; ?; ! ; I ; w0), and let AC be the acceptance function for Fw0 . Let be a formula to be checked over the model, generated by MG. The general idea of our algorithm consists in defining a new model generator M 0 G for which AC 0(?) = AC 0(? 0 ) implies 186 W. Penczek - AC(# ?) = AC(# ? 0), and - for each a s.t. Ya' 2 Subformulas( ), if ? = ?1[a], then ? 0 = ? 0 1[a] and AC(?1) = AC(? 0 1), for some ?1; ? 0 1 2 [??]. The model generator M 0 G is built around the rcts accepting T r(Fw0 ), being the quotient structure of T r(Fw0) by the relation EQ. This relation is defined below. Let ?; ? 0 2 T r(Fw0) and ? ? ?. We define: - I (?) = I(?) [ ffag ? ? j Ya' 2 Subformulas( )g, - a function ? : 2? ?! I (?) s.t. ? = ?, if ? 2 I (?), ? = ?, if ? 62 I (?), - a function p : [??] ?! ftt; ffg s.t. p(? 0 ) = tt, if j? 0j = 1, p(? 0) = ff , if j? 0j 6= 1, - a function Rep : [??] ?! 2W?I (?)?ftt;ffg (tt stands for true and ff stands for false) s.t. - Rep(?) = f(AC(?1); ?(?2); p(?2)) j ?1?2 = ?g, - ? EQ ? 0 iff Rep(?) = Rep(? 0), - [? ]EQ = f? 0 2 T r(Fw0) j ? EQ ? 0g, - states(?) = fw 2 W j (w; ?; q) 2 Rep(? ), for any non-empty ? ? ? and any q 2 ftt; ffgg. Intuitively speaking, states(?) gives the set of all states in W accepting strict prefixes of ? , - pred(?) = f(w; ?; q) 2 Rep(?) j q = ttg, Intuitively speaking, pred(?) is the set of all states in W accepting predecessors of ? . The definition of Rep(?) gives rise to the equivalence relation satisfying the conditions of Definition 2.1 and carrying information about the past and predecessors of traces. The interested reader can check that Rep(? ), On temporal logics on trace systems 187 defined as fAC(? 0) j ? 0 <= ?g or fAC(? 0) j ? 0 ! ?g wouldn't give rise to an equivalence relation as required. Next, it is shown that EQ is indeed an equivalence relation, which can be used for defining a new finite representation of T r(Fw0 ). Lemma 7.3 The following conditions hold: i) ? EQ ? 0 implies AC(?) = AC(? 0 ), ii) EQ satisfies the conditions of the Definition 2.1, iii) ? EQ ? 0 implies states(?) = states(? 0) and pred(?) = pred(? 0 ). Proof. i) Assume that ? EQ ? 0. From the definition of Rep(? ), it follows that AC(?) = w for (w; ;; ff) 2 Rep(?) (it is exactly one element in Rep(?) of the form (w; ;; ff )). As Rep(?) = Rep(? 0), it follows that AC(?) = AC(? 0 ). ii) The index of EQ is obviously finite and moreover, it can be shown to be smaller than 22?jWj?jI (?)j. Then, we prove that ? EQ ? 0 and ?ff 2 T r(Fw0) implies ?ff EQ ? 0ff, for each ff 2 [?]. To this end we show that Rep(?ff) can be defined in terms of Rep(? ), ff, and (?; I). We need the following notation: for each w 2 W and a 2 en(w), by w(a) we denote the state w0 2 W s.t. w a ! w0. Now, we come back to the proof of ii). Let ff = [a]. - Rep(?ff) = (by definition) f(AC(?1); ?(?2); p(?2)) j ?1?2 = ?ffg = (by Lemma 7.2) - f(AC(?1); ?(? 00ff); p(? 00ff)) j ?1? 00 = ?g[ f(AC(? 0ff); ?(?2); p(?2)) j ? 0?2 = ? and fag??(?2) ? Ig = (by definition of Rep(?)) - f(w; ? [ fag; emp(?)) j (w; ?; q) 2 Rep(?)g[ f(w(a); ?; q) j (w; ?; q) 2 Rep(?) and fag ? ? ? Ig, where emp(?) = tt, if ? = ;, and emp(?) = ff , otherwise. 188 W. Penczek Notice that, Rep(?ff) = Rep(? 0ff), if Rep(?) = Rep(? 0). iii) It follows directly from the definitions of EQ, states(?) and pred(? ). Let F 0 w00 = (W 0; ?; !0; I ; w0 0) be the quotient structure of T r(Fw0) by the equivalence relation EQ s.t. elements of W 0 are of the form Rep(?) for ? 2 T r(Fw0) rather than [? ]EQ. We show now that F 0 w00 can be defined directly from Fw0 . The following notions simplify the rest of the construction. We define: - a function last : W 0 ?! W , s.t. last(w0) = w, if (w; ;; ff) 2 w0, - REP (w0a) = f(w; ? [ fag; emp(?)) j (w; ?; q) 2 w0g [ f(w(a); ?; q) j (w; ?; q) 2 w0 and fag ? ? ? Ig, for any w0 2 W 0 and a 2 en(last(w0)), (intuitively speaking, REP (w0a) defines the next state in W 0, reached after executing a at w0), The construction of F 0 w00 is performed inductively, in stages. Let F 1 w00 = (W 0 1; ?; ;; I ; w0 0), where W 0 1 = fw0 0g and w0 0 = f(w0; ;; ff)g. Now, for each node w0 of W 0 i ? W 0 i?1 (with W 0 0 = ;) we add all its successors in W 0 and extend !0 i, respectively. Let F i w00 = (W 0 i ; ?; !0 i; I ; w0 0) and W ; i = W 0 i ? W 0 i?1. Then, F i+1 w00 = (W 0 i+1; ?; !0 i+1; I ; w0 0), where - W 0 i+1 = W 0 i [ fREP (w0a) j w0 2 W ; i ; a 2 en(last(w0))g, - !0 i+1=!0 i [f(w0; a; REP (w0a)) j w0 2 W ; i ; a 2 en(last(w0))g. The construction stops at the least m, when Fm w00 = Fm+1 w00 . It is easy to see that Fm w00 is isomorphic to F 0 w00 . Then, the new model generator M 0 G = (F 0 w00 ; V 0) is defined as follows: - F 0 w00 = (W 0; ?; !0; I ; w0 0), On temporal logics on trace systems 189 - V 0 G : W 0 ?! 2PV is a valuation function satisfying the following condition: { p 2 V 0 G(w0) iff p 2 VG(last(w0)), for p 2 PV . 7.1 Improving the algorithm In order to decrease the number of elements of W 0 we may require that: - if (w; ?; tt) 2 Rep(? ), then (w; ?; ff) 62 Rep(? ), - if (w; ?; ff) 2 Rep(? ), then (w; ?0; ff) 62 Rep(? ), for ? ? ?0 and ? 6= ?0. The definition of Rep(?) with these changes remains correct. To estimate the complexity of the algorithm we have to assess how much it does cost to build M 0 G. Therefore, notice that: - jW 0j <= 22?jWj?jI (?)j. - Checking whether fag?? ? I , for all a 2 ?I and for all ? 2 I (?) costs j?I j ? jI (?)j ? j?I j ? jI j. - Checking whether ? [ fag 62 I (?), for all a 2 ?I and for all ? 2 I (?) costs j?I j ? jI (?)j ? j?I j ? jI j, since for each a 2 ?I and ? 2 I (?) the algorithm can check whether (fag?Con(?))\ I 6= ;, where Con(?) = fa0 2 ? j fa0g ? ? ? Ig (Con(?) has been already computed by the algorithm while checking whether fag ?? ? I , for all a 2 ?I ), which costs at most j?I j ? jI j. - At each state w0 of W 0 the cost of calculating the next states is O(jW j ? jI (?)j) for each a 2 en(last(w0)) i.e., O(j ! j ? jI (?)j). Thus, for all states w0 2 W 0 it is O(j ! j?jI (?)j?22?jWj?jI (?)j). Therefore, the complexity of building M 0 G is: O(j ! j ? jI (?)j ? 22?jWj?jI (?)j): Notice that for each subformula ' of and for each ?; ? 0 2 T r(Fw0 ), if AC 0(?) = AC 0(? 0), then M; ? j= ' iff M; ? 0 j= '. Therefore, we 190 W. Penczek label w0 2 W 0 with ' (written M 0 G; w0 j= '), if M; ? j= ', for some ? : AC 0(?) = w0. Obviously, for each subformula ' without past operators, for each ?; ? 0 2 T r(Fw0 ), if AC(?) = AC(? 0 ), then M; ? j= ' iff M; ? 0 j= '. Therefore, we label w 2 W with ' (written MG;w j= '), if M; ? j= ', for some ? : AC(?) = w. We write MG j= ', if MG;w j= ', for all w 2 W . Next, we show model checking algorithms. The method is inductive i.e., given a formula , starting from its shortest and most deeply nested subformula ' the algorithm labels these states of M 0 G with ', which accept traces, at which ' holds. Therefore, in case of checking a less nested subformula, it can be assumed that the states have just been labelled with all its subformulas. Firstly, we label states of MG with all the subformulas of , which do not contain past subformulas. Then, we label states of M 0 G with all the subformulas of . Below, we give algorithms for labelling states of M 0 G. These algorithms can be as well applied for labelling states of MG. We show how to label states of M 0 G with formulas of the form p, :', ' ^ fl, Ya', H', EXa', EG', and E('Ufl). 7.2 Model checking for p, :', ' ^ fl There is not a lot to do in the case of checking formulas of the form: - p 2 PV , - :', - ' ^ fl. Notice, that: 1. M 0 G; w0 j= p iff p 2 V 0 G(w0), for p 2 PV , 2. if '; fl are state formulas, M 0 G; w0 j= :' iff not M 0 G; w0 j= ', M 0 G; w0 j= ' ^ fl iff M 0 G; w0 j= ' and M 0 G; w0 j= fl. On temporal logics on trace systems 191 Therefore, in the first case we check whether p is an element of V 0 G(w0), in the second case we check whether w0 has been labelled with ' and in the third case we check whether w0 has been labelled with ' and fl. The complexity of checking a formula of the above form over all states is O(jW 0j). Now, we define algorithms for checking formulas of the form Ya', H', EXa', E('Ufl), and EG'. 7.3 Model checking for Ya' Observe that M 0 G; w0 j= Ya' iff there is (w; fag; tt) 2 w0 s.t. MG;w j= '. The complexity of labelling states of M 0 G with Ya' is O(jW 0j ? jW j ? jI (?)j). 7.4 Model checking for H' Observe that M 0 G; w0 j= H' iff for all (w; ?; q) 2 w0 if ? 6= ;, then MG;w j= '. The complexity of labelling states of M 0 G with H' is O(jW 0 j ? jW j ? jI (?)j). 7.5 Model checking for EXa' Observe that M 0 G; w0 j= EXa' iff there is w00 2 W 0 s.t. w0 a ! w00 and M 0 G; w00 j= '. Therefore, the algorithm finds all the states at which ' holds and labels all its a-predecessors with EXa'. The complexity of labelling states of M 0 G with EXa' is O(jW 0j + j !0 j). 7.6 Model checking for E('Ufl) Observe that M 0 G; w0 j= E('Ufl) iff there is a state w00 2 W 0 and a sequence of states w0 0; : : : ; w0 n 2 W 0 s.t. w0 = w0 0 ! : : : ! w0 n = w00 and M 0 G; w00 j= fl, M 0 G; w0 i j= ' for 0 <= i < n. The above follows from the following lemma: Lemma 7.4 Every finite path in F 0 w00 can be extended to an observation in F 0 w00 . 192 W. Penczek Proof follows from the fact that every finite path in T r(F 0 w00 ) can be extended to an observation in T r(F 0 w00 ) (see [17]). Firstly, all the states at which fl holds are labelled with E('Ufl). Secondly, the algorithm goes backwards using the relation !0?1 and labels all states at which ' holds with E('Ufl). The complexity of labelling states with E('Ufl) is O(jW 0j + j !0 j). 7.7 Model checking for EG' We assume that I 6= ;. Observe that M 0 G; w0 j= EG' iff there is an observation x starting at w0 s.t. M 0 G; w00 j= ', for each w00 on x. The model checking algorithm uses Lemma 7.1. Let W 0 ' = fw0 2 W 0 j M 0 G; w0 j= 'g be the subset of W 0, labelled with '. Firstly, the subset W 0 ' of W 0 is selected. By a strongly connected component in W 0 ' we mean any subset W 00 ? W 0 ' satisfying one of the following conditions: - (8w1; w2 2 W 00): w1 !0? w2 and w2 !0? w1, or - W 00 contains only one state w00 s.t. w00 does not have any successor in W 0. Secondly, all the maximal strongly connected components in W 0 ' are selected. Notice that they are disjoint. Next, the states of W 0 are labelled according to the following theorem: Theorem 7.1 M 0 G; w0 0 j= EG' iff w0 0 2 W 0 ' and there is a maximal strongly connected component W 00 in W 0 ' reachable from w0 0 by a path contained in W 0 ' and (*): (8a 2 ?)(9w0 2 W 00) a 62 en(w0) or fag ? en(w0; W 00) 6? I. Proof. (=>). If M 0 G; w0 0 j= EG', then there is an observation starting at w0 0, say x = w0 0a0w0 1a1 : : :, s.t. (8i >= 0) M 0 G; w0 i j= '. If x is finite, then the last state of x is a maximal strongly connected component in W 0 ' satisfying (*). On temporal logics on trace systems 193 Thus, let's assume that x is infinite. Let w00 be the first state on x s.t. each w0 2 W 0 either doesn't appear on x after w00 or appears infinitely many times. Then, the set W 00 of all states appearing on x after w00 is a strongly connected component. It follows from Lemma 7.1 that W 00 satisfies the required property. If W 00 is not a maximal strongly connected component, then it can be extended to it and the property in question is preserved. (<=). If W 00 contains only one state without any successor in W 0, then obviously M 0 G; w0 0 j= EG'. So, assume that this is not true. Take any path x = w0 0a0w0 1a1 : : : s.t. (8i >= 0) w0 i 2 W 0 ' and (8w0; w00 2 W 00) if w0 a !0 w00, then for infinitly many i: w0 i = w0, w0 i+1 = w00, and ai = a. Clearly, by the assumption and by Lemma 7.1, it follows that x is an observation and by construction x j= G'. Selecting W 0 ' and maximal strongly connected components costs O(jW 0 j + j !0 j) (see [21]). Then, components satisfying the property (*) in the Theorem 7.1 are labelled. This may cost O((jW 0 j+j !0 j )?j?j? jI j). If w0 0 is in W 0 ' and there is a path from w0 0 to a labelled component in W 0 ', then M 0 G; w0 0 j= EG', otherwise M 0 G; w0 0 j= :EG'. Therefore, the complexity of checking EG' is O(j?j ? jI j ? (jW 0j + j !0 j)). 7.7.1 Improving the algorithm Now, it is shown how to improve the algorithm. The above algorithm will be more efficient, if instead of checking for all a 2 ?, it will check only for those a, for which it exists at least one independent action i.e., a 2 ?I . If a 62 ?I , then fag ? en(w0; W 00) 6? I , so this does not need to be checked. Finding the set ?I costs O(jI j). Therefore, the complexity of the improved algorithm is O(j?I j ? jI j ? (jW 0j + j !0 j)): It was assumed that I 6= ;. In the other case, each path is an observation, so to prove that EG' holds does not require to check any property 194 W. Penczek about maximal strongly connected components. Then, the complexity is O(jW 0j + j !0 j). 7.8 Complexity of CTLP? model checking In order to handle an arbitrary CTLP? formula , the state-labelling algorithm is applied to the subformulas of starting with the shortest and most deeply nested one. Since j?I j ? jI j <= jI (?)j and j !0 j <= j ! j ? jW 0j, then each pass does not take more time than O(j ! j ? jI (?)j ? 22?jWj?jI (?)j), and since contains at most lenght( ) different subformulas, the algorithm requires time O(lenght( ) ? j ! j ? jI (?)j ? 22?jWj?jI (?)j): Example 7.1 (proving serializability) Below, it is shown how to prove serializability of the trace system T2. We have to check whether: 1. M2; [ffl] j= p1 ^ p2 ^ p9 ) AFP ((p7 ^ p2 ^ p9) _ (p1 ^ p8 ^ p9)), 2. M2; [ffl] j= AG[((p7 ^ p2 ^ p9) _ (p1 ^ p8 ^ p9)) ) AF (P (p7 ^ p8 ^ p9) _ (p7 ^ p8 ^ p9))]. Fortunately, in this case M2 is equall to its model generator. Therefore, we can carry out all the proofs over M2. The only difficult thing is to label states of M2 with the formulas: 1. AFP ((p7 ^ p2 ^ p9) _ (p1 ^ p8 ^ p9)), 2. AF (P (p7 ^ p8 ^ p9) _ (p7 ^ p8 ^ p9)). It is shown how to do that for the formula 1. First notice that: AFP ((p7 ^ p2 ^ p9) _ (p1 ^ p8 ^ p9)) ? :EGH', where ' = (:p7 _ :p2 _ :p9) ^ (:p1 _ :p8 _ :p9). Next, states of M2 are labelled with EGH'. Notice that ' 2 V2(? ), if ? 62 f[a1a2a3]; [b1b2b3]g. Therefore, M2; ? j= H' iff ? 62 (" [a1a2a3][ " [b1b2b3]) ? ([a1a2a3] [ [b1b2b3]). Now, using the algorithm for EG' in M2, we find that M2; [ffl] 6j= EGH'. Thus, M2; [ffl] j= AFP ((p7 ^ p2 ^ p9) _ (p1 ^ p8 ^ p9)). Consequently, we get M2; [ffl] j= p1 ^ p2 ^ p9 ) AFP ((p7 ^ p2 ^ p9) _ (p1 ^ p8 ^ p9)). On temporal logics on trace systems 195 7.9 Extending model checking to CTLP and CTL? P Our method of model checking can be easily extended s.t.: 1. past formulas can be nested - (model checking for CTLP ), 2. future formulas are those of CTL* [47] (CTL with nested path formulas) - (model checking for CTL*P?), 3. all the above extensions together - (model checking for CTL*P ). For 1), we define a sequence of unfoldings M1; : : : ; Mn, where M1 = M 0 G, n is the maximal depth of nested past formulas in , Mi+1 is obtained from Mi in the same way as M 0 G was obtained from MG. Then, we inductively label states of Mi with subformulas of containing nested past formulas of depth at most i. Then, M; [ffl] j= iff the beginning state of Mn is labelled with . In the worst case we can arrive at the complexity expn(2 ? jW j ? jI (?)j). In this case, the meaning of our result is only theoretical, but, at least, we have shown that it is decidable whether any CTLP formula is true in a finite state trace model. This result seems to be interesting on its own, especially in comparison with the result of chapter 9. For 2), after unwinding the model generator, we treat past formulas as fresh propositions and apply the standard methods for CTL* model checking [24]. Then, we arrive at the complexity exponential in the number of states and exponential in the number of subformulas of . For 3), we combine the methods of 1) and 2). 8 Undecidability of CTLP We now turn to the problem of determining the satisfiability of CTLP formulas. This problem may be stated as: Given a CTLP formula ', is there a model M = (Fv0 ; V ) s.t. M; v0 j= '. If ' is true at v0 of M , M is said to be a model of '. Note also that the CTLP formula ' is satisfiable iff :' is not valid, hence exhibiting a decision procedure for satisfiability amounts to deciding the validity problem. 196 W. Penczek Unfortunately, to our big surprise we have to report a negative result. CTLP is not decidable ! It turns out that we can encode a grid using our language. Consider a Petri Net N , composed of two independent transitions a and b, each of them can be executed infinitely many times. The trace system T giving the semantics to N is composed of all the traces belonging to the language [??], where ? = fa; bg and I = ???? id?. A frame for T is defined as F[ffl] = ([??]; !; [ffl]), It is possible to characterize this frame up to isomorphism. But, then one can encode the following recurring tiling problem, which has been shown to be undecidable in [43]. Below, we follow the definition of [44] and [45]. Let ? be a finite set of types of tiles such that for each T 2 ? each side - North, East, South and West - is assigned a number (N(T), E(T), S(T), and W(T), resp.). Let Co ? ?4 be a set of colors such that c = (T1; T2; T3; T4) 2 Co iff S(T1) = N(T3), E(T1) = W (T2), N(T4) = S(T2), and W (T4) = E(T3) (see the picture below). T3 T1 T4 T2 For each c = (T1; T2; T3; T4) 2 Co let U(c); R(c) ? Co, where U stands for Up and R stands for Right, with U(c) = fc0 2 Co j c0 = (T ; T 0; T1; T2), for some T ; T 0g, R(c) = fc0 2 Co j c0 = (T2; T ; T4; T 0), for some T ; T 0g. Let T0; Tf 2 ? be two special types. The problem is to find a coloring c : IN ? IN ?! Co such that for all i; j 2 N , c(i; j) 2 Co, c(0; 0) 2 fc0 2 Co j c0 = (T ; T 0; T0; T 00), for some T ; T 0; T 00g, c(i; j +1) 2 U(c(i; j)), and c(i+1; j) 2 R(c(i; j)), and there are infinitely On temporal logics on trace systems 197 many colors in the leftmost column, which contain the tile type Tf . The above formulation means that one has to exhibit a coloring of the lattice points in the plane such that if a point has a color c, then the point just above has a color from the set U(c) and the point to the right has a color from the set R(c), the beginning has a color of a given subset of Co and the given tile type Tf occurs infinitely often in the leftmost column. Let PV = fCi j ci 2 Cog. Now, it is possible to give a set of formulas of CTLP? s.t. its conjunction is satisfiable iff the recurring tiling problem has a solution. Firstly, we give formulas encoding the grid: (A): 1. AG(EXatrue ^ EXbtrue) 2. AG( V c2??fa;bg :EXctrue), 3. EF (Yatrue ^ Ybtrue) 1) expresses that two actions a and b are executed at each state. Since our model is a partially ordered set, therefore it contains infinitely many states. It follows from 2) that each of them has exactly two successors. 3) specifies that a and b are independent at some state. Thus, by definition of trace systems a and b are independent at each state. So, the frame is a grid representing a trace system [fa; bg?]. Now, we give formulas describing the tiling: (B): 1. W fCi j ci = (T ; T 0; T0; T 00), for some T ; T 0; T 00g, 2. AG( W (fCi j ci 2 Cog) ^ ( V fCi ) :Cj j i 6= jg)), 3. AG( V (fCi ) EXa( W fCj j cj 2 U(ci)g) j ci 2 Cog)), 4. AG( V (fCi ) EXb( W fCj j cj 2 R(ci)g) j ci 2 Cog)), 5. AG(:Ybtrue ) EF (:Ybtrue^ W fCi j type Tf occurs in color cig)). 1) expresses that the tile type T at the beginning is T0. 2) enforces exactly one color at each point of the grid. 3) and 4) ensures that 198 W. Penczek successors have the right color. 5) requires that the tile type Tf occurs infinitely often in the leftmost column. The recurring tiling problem has a solution iff the conjunction of our formulas A) and B) is satisfiable. As in [44], it follows that the validity problem for CTLP? is ß1 1 ? hard. It can be easily shown that our logic remains undecidable, even if it does not contain backward step operators, next step operators are not labelled, but a valuation function encodes labelling as shown in Example 4.1. Then, the formulas 1), 2) in A) and 3), 4) in B) can use unlabelled versions of next step operators (see Example 4.1), the formulas 3) in A) and 5) in B) can be replaced by: 3'. EXEX(pa ^ pb ^ P (pa ^ :pb) ^ P (pb ^ :pa)), 5'. AG(H(:pb)^:pb ) EF (H(:pb) ^:pb ^ W fCi j type Tf occurs in color cig)). The undecidability result explains why we couldn't use any standard methods for model checking. 9 Comparing CTLP with other logics CTLP contains CTL and, as it was said before, it can be seen as a restricted version of the logic, defined in [16]. The language of CTLP is an extension of that of Hennessy-Milner logic with backward modalities and a restriction of the language of POTL [3, 4]. CTLP resembles also the partial order logic (P.O.-logic), introduced by A. Sinachopoulos [14], which, however, does not contain path quantifiers. A similar logic, but with run operators (PN-logic), has been also defined by Reisig in [11,12]. CTLP differs from ISTL [13] in the definition of a frame; ISTL is interpreted on runs of trace systems. Our results on undecidability of checking satisfiability as well as the method of model checking can be easily extended on propositional versions of the following logics: Hennessy-Milner logic with backward modalities [32], ISTL [13], P.O.-logic [14], and the logic defined in [16], interpreted over trace systems. On temporal logics on trace systems 199 10 Final remarks The presented approach to model checking for a partial order logic with past modalities over structures of global states is the first one, known from the literature. In [4] model checking for a similar logic, interpreted over local state models has been investigated. Our paper is also the first one showing how to prove properties of partial order executions, of serializability, and snapshots by model checking. Therefore, it is not possible to compare the complexity of the model checking algorithm with others. Our method can be viewed as an extension and refinement of the method of Clarke and al. [21] to cover also partial order properties. The alternative approach would be to apply automata-theoretic techniques in the style of [20] or [31]. This, however, cannot be done immediately as it is not clear how to build automata accepting CTLP formulas. We have proved that model checking becomes NP-hard as soon as we have introduced backward modalities. Moreover, unfortunately, the best algorithm we could give is of exponential complexity in the number of states of a model and linear in the lenght of a formula. Therefore, our algorithm can be applied for systems with not too many states. It seems to be impossible to define an algorithm linear in the number of states of a model (and, obviously, exponential in the lenght of a formula). Our undecidability result shows that in general it is not possible to synthesise systems from their specifications in CTLP?, or any similar logic, e.g., defined in [13], [16]. Therefore, altough, serializability and run properties can be proved by model checking, they cannot be imposed on systems, synthesised from their specifications. ACKNOWLEDGEMENTS: The author wishes to thank dr. Ruurd Kuiper for improving the language of the paper. Special thanks are directed to my wife Agnieszka for the help in designing the figures. 11 References [1]: Manna, Z., Pnueli, A., The Anchored Version of the Temporal 200 W. Penczek Framework, LNCS 354, 1988. [2]: Emerson, E.A., Srinivasan, J., Branching Time Temporal Logic, LNCS 354, 1988. [3]: Pinter, S.S., Wolper,P., A Temporal Logic for Reasoning about Partially Ordered Computations, Proc. 3rd Symp. on Principles of Distributed Computing, pp. 28-37, Vancouver 1984. [4]: Kornatzky, Y., Pinter, S.S., A Model Checker for Partial Order Temporal Logic, EE Pub n. 597, Department of Electrical Engineering, Technion - Israel Institute of Technology, 1986. [5]: Katz, S., Peled, D., Interleaving Set Temporal Logic, 6th ACM Symposium on Principles of Distributed Computing, Vancouver Canada, pp. 178-190, 1987. [6]: Katz, S., Peled, D., An Efficient Verification Method for Parallel and Distributed Programs, LNCS 354, 1988. [7]: Lodaya, K., Thiagarajan, P.S., A Modal Logic for a Subclass of Event Structures, LNCS 267, pp. 290-303, 1987. [8]: Penczek, W., A Temporal Logic for The Local Specification of Concurrent Systems, Information Processing, pp. 857-862, IFIP, 1989. [9]: Penczek, W., A Concurrent Branching Time Temporal Logic, Proceedings of the Workshop on Computer Science Logic, Kaiserslautern, LNCS 440, pp. 337-354, 1990. [10]: Mukund, M., Thiagarajan, P.S., An Axiomatization of Event Structures, LNCS 405, 1989. [11]: Reisig, W., Temporal Logic and Causality in Concurrent Systems, LNCS 335, 1988. [12]: Reisig, W., Towards a Temporal Logic of Causality and Choice in Distributed Systems, LNCS 354, pp. 606-627, 1989. On temporal logics on trace systems 201 [13]: Peled, D., Pnueli, A., Proving Partial Order Liveness Properties, Proc. of ICALP, pp. 553-571, 1990. [14]: Sinachopoulos A, Partial Order Logics for Elementary Net Systems: State- and Event - approches, Proc. of CONCUR'90, 1990. [15]: Penczek, W., Proving Partial Order Properties Using CCTL, manuscript, 1991. [16]: Peled, D., Katz, S., and Pnueli, A., Specifying and Proving Serializability in Temporal Logic, Proc. of LICS, 1991. [17 ]: Mazurkiewicz, A., Basic Notions of Trace Theory, LNCS 354, pp. 285-363, 1988. [18]: Mazurkiewicz, A., Ochmanski, E., Penczek, W., Concurrent Systems and Inevitability, TCS 64, pp. 281-304, 1989. [19]: Lichtenstein, O., and Pnueli, A., Checking that Finite State Concurrent Programs Satisfy their Linear Specification. Proc. of the 12th ACM Symposium on Principles of Programming Languages, pp. 97-107, New Orleans, 1985. [20]: Vardi, M.Y., Wolper. P., An Automata-Theoretic Approach to Automatic Program Verification, Proc. of LICS, pp. 322-331, 1986. [21]: Clarke, E.M., Emerson, E.A., Sistla, A.P., Automatic Verification of Finite State Concurrent Systems Using Temporal Logic Specifications: A Practical Approach, Proc. 10th Annual ACM Symp. on Principles of Programming Languages, Austin, pp. 117-126, 1983, and ACM Transactions on Programming Languages and Systems, 8(2), pp. 244-263, 1986. [22]: Sistla, A.P., Clarke, E., The Complexity of Propositional Temporal Logic, 14th ACM Symposium on Theory of Computing, May 1982, pp. 159-167. 202 W. Penczek [23]: Emerson, E.A., Clarke, E.M., Using Branching Time Logic to Synthesize Synchronization Skeletons, Science of Computer Programming, vol. 2, pp. 241-266, 1982. [24 ]: Emerson, E.A., Lei, C.L., Modalities for Model Checking: Branching Time Logics Strikes Back, Science of Comp. Programming, vol. 8, pp. 275 - 306, 1987. [25]: Emerson, E.A., Lei, C.L., Efficient Model Checking in Fragments of the Propositional ?-calculus, Proc. of LICS, 1986. [26]: Emerson, E.A., Lei, C.L., Temporal Reasoning Under Generalized Fairness Constraints, LNCS 210, pp. 21-36, 1986. [27]: Stirling, C., Walker, A General Tableau Technique for Verifying Temporal Properties of Concurrent Programs, in Semantics for Concurrency, eds. M.Z. Kwiatkowska, M.W. Shields, and R.M. Thomas, pp. 1-15, Leicester 1990. [28]: Burch, J.R., Clarke E.M., McMillan, K.L., Dill, D.L., and Hwang L.J., Symbolic Model Checking: 1020 States and Beyond. Proc. of LICS, 1990. [29]: Clarke, E.M., and Grumberg, O., Avoiding the State Explosion Problem in Temporal Logic Model-Checking Algorithms. Proc of 5th ACM Symposium on Principles of Distributed Computing, pp. 293-303, 1987. [30]: Valmari, A., A Stubborn Attack on State Explosion, Proc. of Workshop on Computer Aided Verification, Rutgers, 1990. [31]: Godefroid, P., Wolper, P., A Partial Approach to Model Checking, Proc. of LICS, 1991. [32]: Hennessy, M., and Stirling, C., The Power of the Future Perfect in Program Logics, Information and Control 67, pp. 23-52, 1985. [33]: de Nicola, R., Vaandrager, F., Three Logics for Branching Bisimulation, Proc. of LICS, 1990. On temporal logics on trace systems 203 [34]: de Nicola, R., Montanari, U., and Vaandrager, F., Back and Forth Bisimulations, Proc. of CONCUR'90, 1990. [35]: Emerson, E.A., Halpern, J.Y., Decision Procedures and Expressiveness in the Temporal Logic of Branching Time, Journal of Computer and System Sciences 30, pp. 1-24, 1985. [36]: Courcoubetis, C., Vardi, M.Y., and Wolper, P., Reasoning about Fair Concurrent Programs, Proc. of the 18th Annual ACM Symp. on Theory on Computing, pp. 283-294, 1986. [37]: Godefroid, P., Using Partial Orders to Improve Automatic Verification Methods, Proc. of Computer-Aided Verification Workshop, Rutgers, New Jersey, 1990. [38]: Wolper, P., On the Relation of Programs and Computations to Models of Temporal Logic, LNCS 398, pp. 75 -123, 1987. [39]: Kwiatkowska, M., Fairness for Non-Interleaving Concurrency, PhD Thesis, University of Leicester, 1989. [40]: Bednarczyk, M., Categories of Asynchronous Transition Systems, Ph.d. thesis, University of Sussex, 1987. [41]: Droste M., Concurrency, Automata and Domains, LNCS 443, pp. 195 - 208, 1990. [42]: Stark, E.W., Concurrent Transition Systems, TCS 64, pp. 221-269, 1989. [43]: Harel, D., Recurring Dominoes: Making the Highly Undecidable Highly Understandable, Annals of discrete mathematics, 24, pp. 51 - 72, 1985. [44]: Parikh, R., Decidability and Undecidability in Distributed Transition Systems, A perspective in theoretical computer science, Vol. 16, 1988. [45]: Paech, B., Concurrency as a Modality, Ph. d. thesis, Munchen University, 1991. 204 W. Penczek [46 ]: Aalbersberg I.J., Rozenberg G., Theory of traces, TCS 60, pp. 1- 82, 1988. [47]: Emerson, E.A., Halpern, J.Y., Sometimes and \Not Never" Revisited: On Branching versus Linear Time Temporal Logic, Journal of the ACM 33 (1), pp. 151-178, 1986. 205 206 P. Gastin, A. Petit Poset properties of complex trace languages 207 208 P. Gastin, A. Petit Poset properties of complex trace languages 209 210 P. Gastin, A. Petit Poset properties of complex trace languages 211 212 P. Gastin, A. Petit Poset properties of complex trace languages 213 214 P. Gastin, A. Petit Poset properties of complex trace languages 215 216 P. Gastin, A. Petit Poset properties of complex trace languages 217 Two extensions of the existing trace model (Abstract) Volker Diekert Institut für Informatik Universität Stuttgart Breitwiesenstr. 20 - 22 D-7000 Stuttgart 80 April 1, 1992 The aim of this abstract is to sketch some ideas how to extend the existing trace model in two different directions. Although not done here, we would like to emphasize that both extensions could be combined from a quite general viewpoint. We will give neither proofs nor other details. This will be done in a forthcomming paper. For references we use standard references on traces, semi-traces and partial order sematics without any explicit citation. The related work can be found elsewhere. 1 Philosophy One of the drawbacks of the existing trace model is that we are not able to express dynamic concurrency. A possible solution is to use pomsets (= partial words = labelled partial orders) for a description of a concurrent process. This enlarges of course the expressive power, but we pay this by loosing many nice algebraic and combinatorial properties of traces. so we risk to loose what make this model attractive and feasable. The original idea of Mazurkiewicz is collecting different sequential observations (or runs) into a single trace. However, this can be applied to pomsets, too. 218 Two extensions of the existing trace model 219 At first glance this seems to be even a more complicated model than pomsets; but since the model becomes more abstract, we obtain in fact a simplification. 2 Formality Our starting point is a fixed (finite) semi-dependence alphabet (?; D). This corresponds to the static independence relation which is known, say from the given net topology of a concurrent system. For example, if a concurrent system is specified by a Petri net (place/transition net) then we obtain a semi-dependency between transitions a and b soon as one output place of a is an input place of b. On the other hand, if a 6= b and there is no such place, then we know that any sequential observation uabv would give rise to another possible execution ubav, or more precisely, the execution of a and b has been concurrently. (N.b. that concurrency does not mean at the same time.) The difference between a semi-dependence relation and a dependence (without the prefix semi-) relation is simply that we do not require symmetry of D. However, we will keep the usual technical restriction that D is a reflexive relation. Given (?; D), the set of semi-traces is the set of finite acyclic labelled graphs [V; E; >=] where V = f1; : : : ; ng is the set of vertices, >= : V ! E is the labelling and edges are from i to j if and only if i < j and (>=(i); >=(j)) 2 D. Since the static dependency does not reflect the full concurrent behaviour, it may happen that in the modelized process i and j were independent, although i < j and (>=(i); >=(j)) 2 D. Thus, we will consider the following. The objects are labelled acyclic graphs [V; E; >=] as above; but we require ony that an edge from i to j implies (>=(i); >=(j)) 2 D and that edges are always between vertices with the same label. We call such a graph a partial trace over (?; D). Moreover, we identify such a graph with its induced partial order. Therefore, partial traces form a subset of those pom-sets over ? where identically labelled vertices are totally ordered (= semi-words over ?). However, instead of thinking of subsets, the much better viewpoint is to think of a partial trace as an equivalence class of semi-words. This equivalence is obtained by a forget operator 220 V. Diekert which simply forgets the ordering between actions a and b if (a; b) = 2 D. On the set of partial traces we have at least three useful operations. The most basic one is the concatenation or maybe better: composition. We define [V1; E1; >=1][V2; E2; >=2] by the disjoint union of labelled graphes with new edges from i 2 V1 to j 2 V2 whenever (>=(i); >=(j)) 2 D. This defines a monoid of partial traces P(?; D) where the neutral element is the empty graph [;; ;; ;]. The second important operation is derivation: Given a partial trace [V; E; >=] we are allowed to introduce a new edge from i to j if (>=(i); >=(j)) 2 D and if in addition the resulting graph rests acyclic. This corresponds to a linearization operator or to a weakening of the concurrency. The third operation is synchronization. Here we use essentially the assumption that vertices with the same label are totally ordered. We can synchronize partial traces [V1; E1; >=1] and [V2; E2; >=2]only if for all a 2 >=1(V1) \ >=2(V2) the number of vertices with label a is equal. Then we can identify these vertices according to their ordering and we demand that the union of the graphs rests acyclic. In order to see that the concept above is useful, assume that (?; D) is specified through a P/T-system. Then one can define whether a pomset over ? is enabled and in this case its execution is defined. The basic property, which becomes crucial here, is that one can speak of an enabled partial trace since one can show that no or all representing pomsets are enabled. It is also easy to see that the set of enabled partial traces is closed with respect to derivation. Furthermore, the synchronization operator for nets corresponds to the synchronization of partial traces. In fact, synchronization can be viewed as another motivation to generalize the semi-trace model. Indeed, contrary to traces, semi-traces are not closed with respect to synchronization. The synchronization of two semi-traces may yield a partial trace which is no semi-trace anymore. This can be seen from the following example. Two extensions of the existing trace model 221 (?; D) = c a d b ö - 6 ? The synchronization of the two semi-traces s1 = [cabdg and s2 = [bdcag yields the partial trace s1 k s2 = c a d b ö - The reader may verify that this is no semi-trace anymore. It is also a simple exercise to give a Petri net interpretation for this phenomenon. 3 Functoriality In the following let us analyse some algebraic properties of partial traces. The key observation is that partial traces have a length and that one can prove Levi's lemma. Hence by a well-known result of Christine Duboc partial traces form a free partially commutative monoid. Thus, although considering much more general objects than traces, we stay still inside the theory of free partially commutative monoids. There is only one additional difficulty. We have to consider infinitely generated monoids, in general. Using functorial properties this can be avoided to some extent. There is an embedding of the monoid of partial traces into a finite directed product of free monoids which are generated by at most two letters, 222 V. Diekert only. This can be explained as follows. First, we define a morphism between semi-dependence alphabets h : (?0; D0) ?! (?; D) to be a mapping h : ?0 ! ? such that (a; b) 2 D0 implies (h(a); h(b)) 2 D. This yields a contra-variant functor, since h defines a monoid homomorphism h? : P(?; D) ?! P(?0; D0) in the following way. Given [V; E; >=] 2 P(?; D) the partial trace h?([V; E; >=]) is obtained by replacing each vertex a by the set h?1(a) without any edge, (thus by a step). For a0 2 h?1(a) and b0 2 h?1(b) an edge is introduced if and only if (a0; b0) 2 D0 and there has been an edge from the corresponding a to b in [V; E; >=]. The interesting fact (and main theorem on this construction) is that h? is injective if and only if h is surjective on vertices and edges. Now, let (?; D) be any semi-dependence alphabet. Then (?; D) can be covered by the disjoint union of directed edges and some isolated points. This covering can be expressed by a surjective morphism between semi-dependence alphabets. The functorial game above then yields an embedding of P(?; D) into a finite directed product of monoids which are either of type P (a ! b) (i.e. of type P (fa; bg; f(a; b)g)) or isomorphic to a?. Thus, it is enough to have a closer look at P (a ! b) for two letters a; b. It turns out that P (a ! b) is isomorphic to fa; bg?; the free monoid on two letters. The derivation becomes a semi-Thue system. Again we leave this as an exercise as well as to show that P (a ? b), where the dependence relation is symmetric, is an infinitely generated free monoid. Thus, P (a ? b) is definitely not isomorphic to fa; bg? This functorial approach can be viewed as a synchronization and we obtain that any partial trace is the synchronization of a tuple of words. The translation to P/T systems yields that a process which is described by a partial trace is exactly the synchronization of certain sequences which are recorded locally at places. 4 Compositionality For the rest of this abstract we briefly indicate a possible extension of the existing trace model to capture some aspects of non-terminating processes. Two extensions of the existing trace model 223 We restrict ourselves to the classical case of traces over a symmetric dependence relation D ? ?? ?. This restriction is in fact not necessary and a more general theory over partial traces would be possible. However, since anyhow we sketch ideas only, full generality does not seem to be appropriate here. We consider infinite (real) traces. They are approximated by their finite prefixes, or what is the same, we consider infinite directed sets (with respect to prefix ordering) of finite traces. It is well-known that a meaningfull concatenation is not possible for such objects and this led to the notion of complex trace. A (ff?) complex trace is roughly a pair (r; A) where r is a real trace (i.e. a finite or infinite trace) and A is a subset of ?. Not every set A is allowed, basically we will demand that A contains all letters which appear infinitely often in r. The semantical idea is that the (finite) set A represents the smallest set of actions we always have to wait for before we can terminate the process r. Thus, for r infinite we have A 6= ; and of course we can never terminate. However, what is possible is that if action b is independent of A then we can perform b in parallel to r after some finite time. This leads to the following calculus (r; A)(s; B) = (r ? ?A(s); A [ B [ öA(s)) where ?A(s) is the maximal prefix of s which is independent of A and öA(s) is the alphabet of the suffix ?A(s)?1s. Using prefix ordering on complex traces we obtain a Scott domain. However, as it is known from words, the concatenation is not continuous. This is not surprising, since if r0 <= r and s0 <= s then we can not expect that r0s0 is a prefix of rs. So, in some sense it gives no information about the process rs we are interested in. The idea to solve this problem can be explained with the help of complex traces. Let us assume that we describe a process by a complex trace (r; A). What we will do is to approximate (r; A) by a sequence (ri; Ai)i>=1 where ri <= r is a finite prefix and Ai is the alphabetic information about the future, is Ai = alphabet(r?1r) \ A. Now, it is not realistic to assume that the exact information about Ai is available all the time (or at any time). The question is whether we should be content with a larger or smaller 224 V. Diekert set than the actual Ai. A first guess might be smaller. We claim that this is false for the application we have in mind. Consider simply the extreme case: without knowing explicitly that a process has terminated we should wait. Something might still happen and we should not start a second process, if it depends on the result of the first one. Thus, the solution larger is more safe. This leads to the following ordering: (r; A) <= (s; B) if and only if r <= s and (B [ alphabet(r?1s)) ? A. This ordering looks asymmetric, but in the interpretation of the second component as wait for these possible actions, it is clear that if r is a finite process and A ? B, then (r; A) is a better approximation of r than (r; B). The pair (r; ;) is the exact information about r including the explicit information about termination. The mathematical counterpart to this somewhat philosophical reasons to study such objects is that we obtain a complex-like domain where concatenation is continuous. In particular, if (r0; A0) <= (r; A); (s0; B0) <= (s; B) in this new ordering, then the complex product (r0?A0 ; (s0); A0 [ B0[öA0(s0)) is a better approximation of the composed process (r; A)(s; B) than (r; A), in general. 5 Reality Whether or not the ideas sketched above will rest a mathematical game or will lead to a useful formalism with realistic applications is open for the moment. We hopefully think that this question will have a positive answer and that this will become more clear, once this abstract will have been transformed into a complete paper. Rational and Recognizable Complex Trace Languages ? Volker Diekert Universität Stuttgart Institut für Informatik Breitwiesenstr. 20-22 D-7000 Stuttgart 80 Paul Gastin Universit?e Paris 6 LITP, Institut Blaise Pascal 4, place Jussieu F-75252 Paris Cedex 05 Antoine Petit Universit?e Paris Sud LRI, URA CNRS 410 B^ at. 490 F-91405 Orsay Cedex April 1992 Abstract Mazurkiewicz defined traces as an algebraic model of finite concurrent processes. In order to modelize non-terminating processes a good notion of infinite trace was needed, which finally led to the notion of complex trace. For complex traces an associative concatenation and an !-iteration are defined. This paper defines and investigates rational and recognizable complex trace languages. We prove various closure results such as the closure under boolean operations (for recognizable languages), ?This research has been supported by the ESPRIT Basic Research Actions No. 3166 ASMICS and No. 3148 DEMON. 225 226 V. Diekert, P. Gastin, A. Petit concatenation, and left and right quotients by recognizable sets. Then we study sufficient conditions ensuring the recognizability of the finite and infinite iterations of complex trace languages. We introduce a generalization of the notion of concurrent iteration which leads to the main result of the paper: the generalization of Kleene's and Ochmanski's theorems to complex trace languages. 0 Introduction The concept of traces has been introduced by A. Mazurkiewicz [Maz77] as a suitable semantics for non-sequential processes. Let us refer, for instance, surveys [Maz87, AR88, Per89] or the monograph [Die90]. Also, in these references, an extensive bibliography on the subject is given. There are at least two possible ways to see a trace. A trace can be considered as the set of all possible sequential observations of a concurrent process. The semantics of each sequential observation is given, in a classical way, by a finite word. Hence, a trace is an equivalence class of words. From a different viewpoint, we may see a trace as a finite labeled acyclic graph where edges represent the (causal) dependency of actions. Such a graph is called a dependence graph and the semantics is that an execution has to respect the induced partial order. In this way, the process is modeled as a labeled partial order with an explicit description of concurrency. Whatever the approach chosen, there is a natural definition of the concatenation of two traces and the set of traces forms a monoid. In fact, this monoid has been introduced and studied independently by Cartier and Foata in combinatorics [CF69]. Recognizable languages describe the behavior of finite state systems and hence form one of the basic families of a monoid. For trace monoids, this family is closed under boolean operations and concatenation, [Fli74, CP85], but it turns out that a trace language T may be recognizable whereas T ? is not. The family of recognizable languages is in fact strictly included in the family of rational trace languages which is the smallest family of trace languages containing the finite languages and which is closed under union, concatenation, and star-iteration. In order to gen- Rational and Recognizable Complex Trace Languages 227 eralize Kleene's theorem to trace languages it was then necessary to find a new operation instead of star-iteration. In a first step, M?etivier and Ochmanski, [M?et86, Och85], proved independently that T ? is recognizable if T is recognizable and consists of connected traces, only. This led Ochmanski to introduce a concurrent version of the star-iteration, called the c-star in the following. The c-star of T is the usual star taken over all connected components of traces in T . Replacing simply the star by the c-star operation, Ochmanski obtains the equality of recognizable and c-rational trace languages [Och85]. Let us mention that the search for sufficient conditions ensuring the recognizability of T ? is an ongoing work, [Sak87, Och90, MR91]. In order to describe non-sequential processes which never terminate, e.g. distributed operating systems, the notion of infinite trace was needed. It seems that the first explicit definition of infinite traces was given by Mazurkiewicz [Maz87]. He defines an (infinite) trace as an (infinite) prefix closed directed subset of finite traces. This is the same as an (infinite) dependence graph where each vertex has finitely many predecessors only, [Maz87, Thm.13]. In the following these objects are called here real traces. At least implicitly, real traces occur already in [FR82], but a systematic study began only recently and several papers are devoted to this subject, [BMP90, Kwi90, Gas90, Gas91, GR91]. One can show that there can be no convenient associative concatenation on real traces, contrary to the set of all (say countable) dependence graphs. However, since the complement of real traces in the monoid of all dependence graphs forms an ideal, one can smash all non-real dependence graphs into a single zero element. In this way, Gastin obtains a monoid which consists of all real traces with only one additional zero element. In this monoid, rational and recognizable languages can be defined in a natural way, [Gas90]. These families are closed under the usual operations, but similarly to the case of finite traces, recognizable sets are not closed neither under star-iteration nor under !-iteration. In [GPZ91] Gastin, Petit and Zielonka gave sufficient conditions which ensure the recognizability of T ? and T!. However, substantially they used some finiteness properties due to simplifications by the concatenation with zero. One of the main drawback of this concatenation is that a!a = 0 6= 228 V. Diekert, P. Gastin, A. Petit a!, contrary to the word case. Diekert proposed another solution to the problem of concatenation and defined the notion of complex trace [Die91]. A possible way to see a complex trace is to start with an arbitrary dependence graph. From this graph we remember in a first component its maximal real prefix and in a second component we remember those letters which depend on actions occurring either infinitely often or in the transfinite part of the graph. Thus, a complex trace is simply a real trace together with a second component which is some finite alphabetic information. Therefore, complex traces are slightly less abstract than real traces. The advantage is that the concatenation and !-iteration are fully defined for complex traces. In particular we have a!a = a! for all letters a. Furthermore, in the special case of a full (empty respectively) dependence relation we just reobtain the usual construct of finite or infinite words (vectors respectively). The aim of this paper is to define in a proper way rational and recognizable complex trace languages and to investigate their basic properties. We show various closure properties such as closure under boolean operations (for recognizable languages), concatenation, and left and right quotients by recognizable sets. Then we give sufficient conditions ensuring the recognizability of T ? and T!. Contrary to the concatenation with zero, in the complex calculation of T ? (T! respectively) an unbounded (infinite respectively) number of factors of infinite traces may be relevant. Therefore, we have to develop new techniques, which help to analyze these iterated products. In a next step we introduce the concurrent iterations c-? and c-! for complex trace languages. For this we define connected components of complex traces and the c-iterations are the usual iterations over all connected components of elements of a given language. This leads to the family of c-rational complex trace languages. Our main result is the generalization of Kleene's and Ochmanski's theorems to complex trace languages. It states that c-rational languages are the same as recognizable languages. This result is a proper generalization of Kleene's theorem for finite words, Büchi's theorem for infinite words and Ochmanski's theorem for finite traces. The paper is organized as follows: In Section 1 we recall some definitions and facts about dependence graphs, real and complex traces, and Rational and Recognizable Complex Trace Languages 229 rational and recognizable languages. The section on rational and recognizable real trace languages (Section 2) contains all basic material which is crucial for the following. This section contains new results as well as previously known results where, however, different proofs are presented in most cases. The corresponding section for complex trace languages (Section 3) generalizes the results on real traces to complex traces. In the final section (Section 4) we define connected components of complex traces and the concurrent iteration which leads to our main result. An Extended Abstract of a preliminary version of this paper appeared at MFCS'91, [DGP91]. 1 Preliminaries 1.1 Dependence graphs Let (X; D) be a finite dependence alphabet, i.e., X is a finite alphabet with a reflexive and symmetric relation D ? X ? X which is called the dependence relation. The complement I = X ?X n D is called the independence relation. The quotient monoid IM(X; D) = X?=fab = ba j (a; b) 2 Ig is the monoid of (finite) traces. It is possible to introduce infinite traces using an equivalence relation on infinite words, the definition of infinite traces is however more natural using dependence graphs. A dependence graph (over (X; D)) is (an isomorphism class of) a labeled acyclic graph [V; E; >=] where V is a countable set of vertices, E ? V ?V is the set of arcs, >= : V ! X is the labeling and it holds - edges are between dependent vertices : 8x; y 2 V , (>=(x); >=(y)) 2 D () x = y or (x; y) 2 E or (y; x) 2 E - the induced partial order (V; E?) is well-founded : there does not exist an infinite sequence (xi) ? V such that (xi+1; xi) 2 E for all i. The set of dependence graphs is denoted by G(X;D). Note that, in a dependence graph, any subset of vertices with the same label is 230 V. Diekert, P. Gastin, A. Petit well-ordered. This allows to think of dependence graphs by standard representation where the vertices are pairs (a; i) with a 2 X and i is a countable ordinal. The restriction to countable sets is not essential here, we simply need any upper bound on the cardinality in order to stay inside set-theory. For g = [V; E; >=] 2 G(X;D) the cardinality of V is called the length of g, denoted by jgj. For U ? V , let U #= fp 2 V j (p; p0) 2 E? for some p0 2 Ug be the downward closure of U. The restriction of g to U # is a dependence graph. The set of minimal elements of g is min(g) = fp 2 V j p#= fpgg. Since min(g) = min(g)#, it may be viewed as a dependence graph which is finite since the alphabet is finite. The set G(X;D) is a monoid by the concatenation [V1; E1; >=1]?[V2; E2; >=2] = [V; E; >=], where [V; E; >=] is the disjoint union of [V1; E1; >=1] and [V2; E2; >=2] together with new arcs (p1; p2) for all p1 2 V1, p2 2 V2 such that (>=1(p1); >=2(p2)) 2 D. The neutral element is the empty graph 1 = [;; ;; ;]. The concatenation generalizes immediately to an infinite product. Let (gi) be any sequence of dependence graphs, then g = g1g2 : : : 2 G(X;D) is defined as the disjoint union of the graphs (gi) with new arcs from vertices of gi to vertices of gj whenever i < j and the vertices have dependent labels. Thus, for any set L ? G(X;D), the !-iteration L! = fg1g2 : : : j gi 2 L for i >= 1g ?G(X;D) is defined. (In fact, we can define in the same way Lff for any countable ordinal ff.) Using these products, we define the canonical mapping ' from the free monoid of finite and infinite words X1 into the monoid of dependence graphs G(X;D) by '(a) = [fpg; ;; p 7! a] for all a 2 X and '(a1a2 : : :) = '(a1)'(a2) : : : for all word a1a2 : : : 2 X1. In other words, the dependence graph '(a1a2 : : :) has vertices p1; p2; : : : labeled by a1; a2; : : : and edges from pi to pj if and only if i < j and (ai; aj) 2 D. The congruence induced by ' on X? is exactly the congruence generated by fab = ba j (a; b) 2 Ig. Therefore, the monoid of finite traces IM(X; D) can be identified with the submonoid of finite dependence graphs and we have IM(X; D) ?G(X;D). The image '(X1) ? G(X;D) is called the set of real traces and is denoted by IR(X; D). The set of real traces can be characterized as those Rational and Recognizable Complex Trace Languages 231 dependence graphs where every vertex p has a finite downward closure p#. This is a proper subset of G(X;D). The main disadvantage of IR(X; D) is that there is a convenient notion of concatenation only if D is transitive, i.e., when IM(X; D) = X? 1 ?? ? ??X? k is a direct product of free monoids. In this case, IR(X; D) = X1 1 ?? ? ??X1 k . However, even in this case, the concatenation will be different from the (natural) concatenation of G(X;D). In fact, (for X 6= ;) the set IR(X; D) is never a submonoid of G(X;D). Consider any pair (a; b) 2 D. Then a!b 2 G(X;D) is not real, since the vertex with label b depends on infinitely many vertices. In particular, the canonical mapping ' : X1 ! G(X;D) is not a morphism. It neither commutes with the concatenation nor with the !-iteration, in general. More precisely, let L; K ? X1 then we have '(L ? K) 6= '(L) ? '(K) and '(L!) 6= '(L)! as soon as L contains an infinite word and K contains a nonempty word. 1.2 Complex traces Every dependence graph g = [V; E; >=] 2 G(X;D) splits into its real part Re(g) = fp 2 V j p# is finiteg and its transfinite part Tr(g) = fp 2 V j p# is infiniteg. Of course, Re(g), Tr(g) are viewed as dependence graphs by restricting E and >= correspondingly. Note that for all g 2 G(X;D) it holds g = Re(g) ? Tr(g). The mapping Re : G(X;D) ! IR(X; D) does not define a congruence of G(X;D). However, we can define the coarsest congruence of G(X;D) such that any two congruent dependence graphs g and g0 verify Re(g) = Re(g0). Dependence graphs falling in the same congruence class are called practically undistinguishable and the quotient of G(X;D) by this congruence is the monoid of complex traces C(X; D), [Die91]. In order to give an explicit description of C(X; D) we need a few more notations. For a dependence graph g 2 G(X;D) the alphabet of g, denoted by alph(g), is the set >=?1(V ). Hence, alph(g) is the set of letters occurring in g. The alphabet at infinity of g denoted by alphinf(g), is the set of letters occurring infinitely often in g together with alph(Tr(g)). For a subset A ? X we denote the set of letters depending on A by D(A) = fb 2 X j 9a 2 A : (a; b) 2 Dg, and the set of letters independent 232 V. Diekert, P. Gastin, A. Petit of A by I(A) = X n D(A) = fb 2 X j 8a 2 A : (a; b) 2 Ig. Finally, for a dependence graph g 2 G(X;D), we define its imaginary part Im(g) by Im(g) = D(alphinf(g)). Using these notations, the coarsest congruence of G(X;D) which respects real parts admits the following characterization. Two dependence graphs g and g0 are congruent (or practically undistinguishable) if and only if Re(g) = Re(g0) and Im(g) = Im(g0). Therefore, a complex trace is a pair (Re(g); Im(g)) for some dependence graph g 2 G(X;D). Often, we denote a complex trace by (r; D(A)) where r 2 IR(X; D) and A ? X . Note that the real part r is uniquely defined by the complex trace whereas the subset A ? X is not known, in general. (It is only D(A) which is given by the complex trace.) The concatenation of C(X; D) is inherited from G(X;D), but of course it is convenient to have an explicit formula. For this purpose, we introduce the ?-notation. Let g 2 G(X;D) be a dependence graph and A ? X be any subset. Then ?A(g) 2 IR(X; D) is the maximal real prefix of g containing letters from I(A), only. Thus, for g = [V; E; >=], the prefix ?A(g) is the restriction of g to fp 2 V j p # is finite and alph(p#) ? I(A)g. Note that, for g 2 G(X;D) and A ? X , we have ?A(g) = ?A(Re(g)). Hence the ?-notation is also well-defined for complex traces. Since G(X;D) is left-cancellative, [Die91], there is a unique dependence graph SuffA(g) such that g = ?A(g) ? SuffA(g). With these notations the concatenation in C(X; D) becomes [Die91]: (r; D(A)) ? (s; D(B)) = (r ? ?A(s); D(A [ B [ alph(SuffA(s)))) This formula is of first importance for the calculus on complex traces and will be used throughout. It turns out that the coarsest congruence on G(X;D) which respects real parts is also a \congruence" for the !-product on G(X;D). Therefore, the !-iteration L! of a complex trace language L is well-defined. Note that, following the general definition of the !-product for dependence graphs, we have L! = L? [ (L n f1g)! if 1 2 L. In the remainder, we identify a real trace r with the complex trace (r; D(alphinf(r))) = (r; Im(r)). Thus, we have IM(X; D) ? IR(X; D) ? C(X; D) and C(X; D) is a quotient monoid of G(X;D). For a subset Rational and Recognizable Complex Trace Languages 233 A ? X and a language L ? C(X; D) (L ? IR(X; D) respectively, L ? G(X;D) respectively) we define LA = fx 2 L j Im(x) = D(A)g. Note that IR(X; D); = C(X; D); = G(X;D); = IM(X; D). A language L is called finitary if L = L;, i.e., L ? IM(X; D). The link between real and complex trace languages can be done using concatenations by finite shift-traces. A finite trace sA;B is called a shift trace from D(A) to D(B) if for some complex trace (r; D(A)) we have (r; D(A)) ? sA;B = (r; D(B)). In this case, we have (t; D(A)) ? sA;B = (t; D(B)) for all complex traces (t; D(A)). A shift trace sA;B satisfies ?A(sA;B) = 1 (i.e., min(sA;B) ? D(A) and D(A[ alph(sA;B)) = D(B)). Shift traces from D(A) to D(B) do not exist for all pairs (A; B). The necessary and sufficient condition is that there exists a sequence of letters a1; : : : ; ak such that ai 2 D(A [ fa1; : : : ; ai?1g) for 1 <= i <= k and D(B) = D(A [ fa1; : : : ; akg). We simply write A shift B in this case. If A shift B then some shift trace sA;B can be chosen of length at most jD(B)j. It is easy to see that every complex trace language L ?C(X;D) can be written as a finite union of real trace languages concatenated by shift traces: L = [ A shift B (Re(LB) \ IR(X; D)A) ? sA;B (3) Let us point out that the word monoid X1 with right-absorbent concatenation x ? y = x for x 2 X! is just the special case of the complex trace monoid C(X; D) for a full dependence relation D = X ? X . In fact, if the independence relation is empty then the imaginary part is redundant. For a word x we have Im(x) = ; if x is finite and Im(x) = X otherwise (i.e., if x is an infinite word). Furthermore, the partition X1 = X? [ X! is the partition of X1 into (X1); and (X1)X . In the remainder, we will study rational and recognizable complex trace languages. As it becomes clear from Equation (3), the overall strategy is to transfer results from real trace languages. Since IR(X; D) = '(X1), a basic technique used here to obtain results on real traces is to work with representing words. The next section briefly recalls some well-known properties of word languages. 234 V. Diekert, P. Gastin, A. Petit 1.3 Regular languages We have (at least) two possibilities to define regular subsets of the monoid of finite and infinite words X1. We can use either rational expressions or finite state acceptors. This leads to the families of rational and recognizable languages respectively. The family of rational word languages, Rat(X1), is defined as the smallest family of subsets of X1 which contains all finite languages of finite words and which is closed under the operations union, concatenation, ?-iteration, and !-iteration. From the definition of the concatenation in X1, it is clear that we may restrict the operations of concatenation L ? K, of Kleene-? L?, and of !-iteration L! to the case of finitary languages L ? X?. Thus, we are never forced to use the right-absorbent concatenation x ? y = x with x 2 X!. We define recognizable word languages using non-deterministic Büchi automata. There are several equivalent possibilities to give acceptance conditions. For technical reasons we use here acceptance by transitions. This allows in particular to construct automata which accept languages from X1 without separation of the finitary part. Moreover, this acceptance type is very convenient for our purposes since from the set of transitions which occur infinitely often in a path, we can deduce directly the alphabet at infinity of its label. To be precise, we define a Büchi automaton to be a tuple (Q; ffi; q0; ?) where Q is the finite set of states, ffi ? Q ? (X [ f1g) ? Q is a finite set of labeled arcs called transitions, q0 2 Q is the initial state, and ? ? ffi is the set of final transitions. An infinite path is a sequence q0; x1; q1; x2; q2; : : : where (qi?1; xi; qi) 2 ffi for all i > 0 and its label is the word x1x2 ? ? ? 2 X1. A finite or infinite word x is accepted if there exists an infinite path labeled by x, starting in q0 and repeating some transition from ? infinitely often. Note that, finite words can be accepted by infinite loops of 1-transitions. A language L ? X1 is called recognizable if it is accepted by some Büchi automaton. Another equivalent definition for recognizable languages is to use recognizing morphisms. Let ? : X? ! S be a morphism to a finite monoid S. We say that ? recognizes a language L ? X1 if for any finite or infinite sequence (xi) ? X?, we have x1x2 : : : 2 L implies Rational and Recognizable Complex Trace Languages 235 ??1?(x1)??1?(x2) : : : ? L. Using Ramsey factorization, one can show that any recognizable language can be written as a finite union L = [ (s;e)2P XsX! e (4) where Xs = ??1(s), Xe = ??1(e) and P = f(s; e) 2 S ?S j se = s; e2 = e; XsX! e \ L 6= ;g. Büchi's classical theorem asserts that for X1 the families of rational languages and of recognizable languages coincide. We can therefore use the term regular languages without any ambiguity if it refers to word languages which are rational (recognizable respectively.) A detailed study of regular word languages can be found in [PP91]. 1.4 Ramsey factorization Let ? : M ?! S be a morphism from an arbitrary monoid M to a finite monoid S and let u0; u1; : : : be an infinite sequence of elements of M . There exist an infinite increasing sequence of integers i0 < i1 < : : : and s; e 2 S such that se = s, e2 = e, ?(u0 : : : ui0) = s and ?(u1+ij : : : uik) = e for all 0 <= j < k. This is called a Ramsey factorization of the infinite sequence u0; u1; : : : . The existence of a Ramsey factorization is one of the fundamental principles used in this paper. A simple and direct proof of this result can be found in [PP91]. It is also a trivial application of Ramsey's Theorem [Gra81]. 2 Rational and recognizable real trace lan- guages Recall that in a general monoid M , the family Rat(M) is the least family which contains the finite sets and which is closed under union, product and Kleene's iteration. This definition applies in particular for the free monoid X? and the finitary trace monoid IM(X; D). In order to define 236 V. Diekert, P. Gastin, A. Petit the family Rat(X1), we start with finite sets of finite words and the closure under !-iteration is required, too. Since there is no concatenation defined for real traces in general, we use restricted operations, only. Definition: The family of rational real trace languages, Rat(IR(X; D)), is the smallest family satisfying the following conditions: i) Every finite set of finite traces is rational. ii) If K;L ? IR(X; D) are rational, then the union K [ L is rational. iii) If K;L ? IR(X; D) are rational and if in addition K ? IM(X; D), then K ? L, K?, and K! are rational. This definition is consistent with the definitions of Rat(X1) and Rat(IM(X; D)) since Rat(IR(X; D)) = Rat(X1) when D = X ? X is the full dependence relation and for L ? IM(X; D) we have L 2 Rat(IR(X; D)) if and only if L 2 Rat(IM(X; D)). Note that the canonical mapping ' : X1 ! IR(X; D) commutes with these restricted operations. This is used in the next proposition which gives several equivalent characterizations of the family Rat(IR(X; D)). Proposition 2.1 Let L ? IR(X; D) be any real trace language. Then the following assertions are equivalent. i) The language L is rational, i.e., L 2 Rat(IR(X; D)) ii) The language L is the image of a regular word language, i.e., L = '(L0) for some L0 2 Rat(X1). iii) The language L can be written as a finite union L = [ 1<=i<=k MiN! i where Mi, Ni are finitary rational trace languages for all 1 <= i <= k. Proof: i) ) ii): First, assume that L is a finite set of finite traces. We have L = '('?1(L)) and '?1(L) is rational since it is finite. Now, Rational and Recognizable Complex Trace Languages 237 for K 0; L0 ? X1 we have '(K 0 [ L0) = '(K 0) [ '(L0) and if moreover K 0 ? X? then '(K 0 ? L0) = '(K 0) ? '(L0), '(K0?) = '(K 0)? and '(K 0!) = '(K 0)!. Therefore, the result follows by induction on the rational expression defining L. ii) ) iii): Using Equation (4) we obtain L0 = S 1<=i<=k M 0 i ? N 0! i where M 0 i ; N 0 i 2 Rat(X?) for 1 <= i <= k. Since ' commutes with these operations, we obtain L = S 1<=i<=k '(M 0 i ) ? '(N 0 i )!. Using again the same property of ' we deduce that the languages '(M 0 i ); '(N 0 i ) are finitary rational trace languages, which concludes this part. iii) ) i): trivial. 2 Recall that we have defined recognizable word languages by Büchi automata. In order to define recognizable real trace languages we will consider automata which accept closed languages. A word language L ? X1 is said to be closed (with respect to (X; D)) if L = '?1'(L) for the canonical mapping ' : X1 ! IR(X; D). If a Büchi automaton accepts a closed language then there is no ambiguity in saying which real traces are accepted. Moreover we will see that it is decidable whether a Büchi automaton accepts a closed language or not. This approach leads to the following definition. Definition: A language L ? IR(X; D) is called recognizable if '?1(L) is a (closed) regular word language. The family of recognizable real trace languages is denoted by Rec(IR(X; D)). Remark 2.2 Since the family Rec(X1) is a boolean algebra, it follows directly from this definition that the family of recognizable real trace languages forms a boolean algebra, too. It is closed under union, intersection, and complementation. Another possible way to define recognizable languages is, exactly as in the word case, by recognizing morphisms. Let ? : IM(X; D) ! S be a morphism to a finite monoid S. We say that ? recognizes a language L ? IR(X; D), if for any finite or infinite sequence (xi) ? IM(X; D), x1x2 : : : 2 L implies ??1?(x1)??1?(x2) : : : ? L. We could also use the generalization to trace languages of the syntactic congruence defined by 238 V. Diekert, P. Gastin, A. Petit Arnold for word languages [Arn85]. Given L ? IR(X; D), two finite traces x, y are syntactically congruent if and only if: 8u; v 2 IM(X; D) : u(xv)! 2 L , u(yv)! 2 L 8u; v; w 2 IM(X; D) : uxvw! 2 L , uyvw! 2 L We denote the syntactic congruence of L by ?L and we obtain a canonical morphism ?L : IM(X; D) ! IM(X; D)= ?L. In general, neither IM(X; D)= ?L is finite nor does ?L recognize L. This is true however if L is recognizable. We have the following proposition, stating that all approaches are equivalent. Proposition 2.3 ([Gas91]) A language L ? IR(X; D) is recognizable if and only if any of the following equivalent definitions is satisfied. i) The language L is the image of a closed regular word language. ii) There exists a morphism ? form IM(X; D) to a finite monoid S recognizing L. iii) The syntactic congruence ?L is of finite index in IM(X; D) and the syntactic morphism ?L recognizes L. From Propositions 2.1 and 2.3, it is clear that every recognizable language is rational. The converse holds for strings by Büchi's Theorem. However, as soon as there is a pair (a; b) 2 I of independent letters, we find a finitary rational language, e.g., L = '(ab)? ? IM(X; D), which is rational but not recognizable (since '?1(L) = fw 2 fa; bg? j jwja = jwjbg is not a recognizable word language). An example of an !-language L ? IR(X; D) n IM(X; D) which is rational but not recognizable, can be constructed on three letters, say a, b, c where there is at least one pair of independent letters, say (a; b) 2 I . Then the rational language L = '(ab)? ? '(c)! is not recognizable since the projection of '?1(L) to fa; bg1 is fw 2 fa; bg? j jwja = jwjbg. We leave it as an exercise to the reader to show that no such two letters example exists. Rational trace languages are not closed under intersection, in general. For example, let (X; D) = a b c then '(ab)?'(c)? \ Rational and Recognizable Complex Trace Languages 239 '(b)?'(ac)? = f'(anbncn) j n >= 0g, which is not rational since the projection to fb; cg? yields the non rational language fbncn j n >= 0g ? fb; cg?. However we have the following observation. It is stated as a lemma since we will use it throughout. Lemma 2.4 Let K ? IR(X; D) be rational and L ? IR(X; D) be recognizable. Then the intersection K \ L is rational. Proof: Let K 0; L0 ? X1 be regular word languages such that '(K 0) = K, '(L0) = L and L0 is closed. Then K 0 \L0 is a regular word language and we have '(K 0 \ L0) = K \ L. Hence, by Proposition 2.1, K \ L is rational. 2 The following combinatorial lemma becomes important below. Lemma 2.5 Let t = t1t2 : : :, z = z1z2 : : : 2 X1 be two factorizations for t; z 2 X1 with ti; zi 2 X?. Then we have '(t) = '(z) 2 IR(X; D) if and only if there are sequences of integers 0 = m0 < m1 < m2 < : : :, 0 = n0 < n1 < n2 < : : :, and finite words 1 = y0; x1; y1; x2; y2; : : : 2 X? such that it holds for all i >= 1: '(yi?1xi) = '(t1+mi?1 : : : tmi) '(xiyi) = '(z1+ni?1 : : : zni) A rough picture of the situation described in the lemma above is given in the following picture. '(t) = '(t1 ? ? ? tm1) '(t1+m1 ? ? ? tm2) '(t1+m2 ? ? ? tm3) : : : = '(x1) '(y1x2) '(y2x3) : : : = '(x1y1) '(x2y2) '(x3y3) : : : = '(z1 ? ? ? zn1) '(z1+n1 ? ? ? zn2) '(z1+n2 ? ? ? zn3) : : : = '(z) Double factorization of two words representing the same real trace Proof: It is clear that the conditions imply '(t) = '(y0x1y1x2y2 : : :) = '(z). Therefore it is enough to show the other direction and we may assume '(t) = '(z). Let y0 = 1, x1 = t1 and m1 = 1. Then we may assume 240 V. Diekert, P. Gastin, A. Petit by induction that for some k >= 1 we found indices 0 = m0 < : : : < mk and 0 = n0 < : : : < nk?1 and finite words 1 = y0; x1; : : : ; yk?1; xk such that '(yi?1xi) = '(t1+mi?1 : : : tmi) for 1 <= i <= k '(xiyi) = '(z1+ni?1 : : : zni) for 1 <= i <= k ? 1: Since '(y0x1 : : : yk?1xk) is a finite prefix of '(t) = '(z) and '(y0x1 : : : xk?1yk?1) = '(z1 : : : znk?1) it follows from the left-cancellativity of IR(X; D) that '(xk) is a finite prefix of '(z1+nk?1z2+nk?1 : : :). Hence we find some nk > nk?1 such that '(xk) is a prefix of '(z1+nk?1 : : : znk ), i.e., '(xkyk) = '(z1+nk?1 : : : znk) for some yk 2 X?. A symmetric argument yields that for some mk+1 > mk there exists xk+1 2 X? such that '(ykxk+1) = '(t1+mk : : : tmk+1 ). This concludes the proof of the lemma. 2 A first application of the lemma above shows that it is decidable whether a regular word language is closed by computing its syntactic congruence. If a language L ? X1 is closed, then obviously its syntactic congruence ?L verifies ab ?L ba for all (a; b) 2 I . The converse is easy for finitary languages. The next theorem states that the converse is true, in general. The decidability result follows since the syntactic congruence of a regular word language is computable [PP91]. Theorem 2.6 A regular language L ? X1 is closed (i.e., L = '?1'(L)) if and only if we have ab ?L ba for all (a; b) 2 I. Proof: We have to show that ab ?L ba for all (a; b) 2 I implies L = '?1'(L). Let t 2 L and z 2 X1 such that '(t) = '(z). Applying Lemma 2.5 to the trivial factorizations t = a1a2 : : : and z = b1b2 : : : with ai; bi 2 X [ f1g, we find two new factorizations t = t1t2 : : : and z = z1z2 : : : with ti; zi 2 X? and a sequence of finite words 1 = y0; x1; y1; x2; y2; : : : 2 X? such that '(yi?1xi) = '(ti) and '(xiyi) = '(zi) for i >= 1. Let ?L : X? ! X?= ?L be the syntactic morphism of L. Since ab ?L ba for all (a; b) 2 I we have ?(ti) = ?(yi?1xi) for i >= 1. Since Rational and Recognizable Complex Trace Languages 241 ? recognizes L this implies y0x1y1x2 : : : 2 L. In the same way, ?(zi) = ?(xiyi) for i >= 1, whence z 2 L. 2 However, the main interest in Lemma 2.5 results from the fact that it yields a simplified proof for the following result. Theorem 2.7 ([GPZ91]) Let L ? IM(X; D) be a finitary recognizable trace language such that L = L+. Then L! ? IR(X; D) is recognizable, too. Proof: Let (Q; ffi; q0; F ) be a classical finite deterministic word automaton recognizing '?1(L) by final states, i.e., F ? Q and a finite path is accepted if its initial state is q0 and its final state is in F . We now construct a Büchi automaton recognizing '?1(L!) as follows. The set of states is Q?Q?P(X) and the initial state is (q0; q0; ;). For each letter a 2 X and state (q; q0; A) 2 Q ? Q ? P(X) we define the transition (q; q0; A) a ?! (q; ffi(q0; a); A [ fag) and if a 2 I(A) then additionally another transition (q; q0; A) a ?! (ffi(q; a); q0; A) Furthermore, if q 2 F , we add a final 1-transition: (q; q0; A) 1 ?! (q0; q0; ;): Such a non-deterministic jump signifies that a member of '?1(L) has been computed in the first component. Note that, if we have a path (p; p0; A) ? ?! z (q; q0; B) without 1- transition in this automaton then there exist x; y 2 X? such that '(z) = '(xy), q = ffi(p; x), q0 = ffi(p0; y) and B = A [ alph(y). (The converse is trivially true.) According to the definition of Section 1.3 this automaton accepts all finite or infinite words which are labelings of infinite paths using infinitely many final 1-transitions. By definition, the accepted language is recognizable. Thus, we have to show only that the accepted language is '?1(L!). 242 V. Diekert, P. Gastin, A. Petit First, let z 2 X1 be an accepted word. Marking the final transitions in its accepted path, we obtain the factorization: (q0; q0; ;) ? ?! z1 (q1; q0 1; A1) 1 ?! (q0 1; q0; ;) ? ?! z2 (q2; q0 2; A2) 1 ?! (q0 2; q0; ;) ? ?! z3 : : : with z = z1z2z3 : : :. Using the remark above, we find a sequence or finite words x1; y1; x2; y2; : : : 2 X? such that, with q0 0 = q0, we have '(zi) = '(xiyi), qi = ffi(q0 i?1; xi) and q0 i = ffi(q0; yi) for all i >= 1. Thus, with y0 = 1, we obtain for all i >= 1 ffi(q0; yi?1xi) = qi 2 F , i.e., yi?1xi 2 '?1(L). Hence, we have '(z) = '(x1y1)'(x2y2) : : : = '(y0x1)'(y1x2) : : : 2 L!. For the other direction let z = b1b2 : : : 2 X1 be any word in '?1(L!). Then we have '(z) = '(t) for some t = t1t2 : : : 2 X1 with ti 2 '?1(L) for all i >= 1. Using Lemma 2.5, we obtain a sequence of finite words 1 = y0; x1; y1; x2; y2; : : : 2 X? and two factorizations z = z1z2 : : : and t = (t1 : : : tm1)(t1+m1 : : : tm2) : : : such that for all i >= 1 we have '(zi) = '(xiyi) and '(yi?1xi) = '(t1+mi?1 : : : tmi) 2 L? = L Therefore, we find an accepting path for z as follows: (q0; q0; ;) ? ?! z1 (ffi(q0; x1); ffi(q0; y1); alph(y1)) 1 ?! (ffi(q0; y1); q0; ;) ? ?! z2 (ffi(q0; y1x2); ffi(q0; y2); alph(y2)) 1 ?! (ffi(q0; y2); q0; ;) ? ?! z3 : : : 2 The main application of the theorem above is when L is connected. A finite trace is called connected if it is connected as a dependence graph or what is the same if its alphabet induces a connected subgraph of (X; D). A finitary language is called connected if all its elements are connected. Due to independent works by M?etivier [M?et86] and Ochmanski [Och85], it is known that L? (and hence L+) is recognizable if L is recognizable and connected. Therefore we have the following corollary. Rational and Recognizable Complex Trace Languages 243 Corollary 2.8 Let L ? IM(X; D) be recognizable and connected. Then L! is recognizable. Proof: We have L! = (L+)!. 2 Note that in G(X;D) the concatenation xy of two real traces is real if and only if alphinf(x) ? alph(y) ? I . Therefore, even if the concatenation K ? L, as a rational operation on real trace languages, has been defined only when K is finitary, it can clearly be extended to the case where alphinf(x) ? alph(y) ? I for all x 2 K and y 2 L. The reason that the rational operation was defined in a more restricted way was to maintain commutation with the canonical mapping ' : X1 ! IR(X; D). This property is not important for the closure under concatenation of Rec(IR(X; D)). It was proved by Gastin [Gas91] that the family of recognizable real trace languages is closed under this extension of the real concatenation. The key to the proof of this result is the following lemma which introduces the I-shuffle and for which we give a new proof using non-deterministic Büchi automata. For the sake of simplicity, we write (x; y) 2 I if two words or real traces x and y are fully independent, i.e., if alph(x) ? alph(y) ? I . Lemma 2.9 Let K 0; L0 ? X1 be regular. Then the following I-shuffle is regular, too. K 0 ttI L0 = fu1v1u2v2 : : : 2 X1 j u1u2 : : : 2 K 0; v1v2 : : : 2 L0 and (vi; uj) 2 I for all i < jg Proof: For i = 1; 2, let Ai = (Qi; ffii; qi;0; ?i) be Büchi automata accepting K 0 and L0 respectively. We may assume that for i = 1; 2, (qi; 1; qi) 2 ffii for all qi 2 Qi. We construct an automaton A for K 0 ttI L0 as follows. The set of states is Q1 ? Q2 ? P(X) ? P(f1; 2g) and the initial state is (q1;0; q2;0; ;; ;). We define simultaneously the transitions of A and their projections on A1 and A2. - If t1 = (q1; x; q0 1) 2 ffi1 and alph(x) ?A ? I then (q1; q2; A; B) x ?! (q0 1; q2; A; B0) 244 V. Diekert, P. Gastin, A. Petit with B0 = B [ f1g if t1 2 ?1 and B0 = B otherwise. Moreover, the projections of this transition are t1 and (q2; 1; q2) respectively. - If t2 = (q2; x; q0 2) 2 ffi2 then (q1; q2; A; B) x ?! (q1; q0 2; A [ alph(x); B0) with B0 = B [ f2g if t2 2 ?2 and B0 = B otherwise. Moreover, the projections of this transition are (q1; 1; q1) and t2 respectively. - Finally, we add the final 1-transitions (q1; q2; A; f1; 2g) 1 ?! (q1; q2; A; ;) whose projections are (q1; 1; q1) and (q2; 1; q2) respectively. Let us show that the language accepted by this automaton is K 0 ttI L0. Let P be an accepted path of A with label w. Clearly, the projections P1 and P2 of P are paths of A1 and A2. Let u and v be the labels of P1 and P2. From the definition of the transitions, we can easily verify that w 2 u ttI v. Moreover, between two final transitions of P there must be at least one final transition in the corresponding parts of P1 and P2. Therefore, P1 and P2 are accepted paths and w 2 K 0 ttI L0. Conversely, let w 2 K 0 ttI L0. We have w = u1v1u2v2 : : : with u = u1u2 : : : 2 K 0, v = v1v2 : : : 2 L0 and (vi; uj) 2 I for all i < j. Let q1;0 = p0 ? ?! u1 p1 ? ?! u2 p2 ? ?! u3 p3 : : : be an accepting path in A1 for u and let q2;0 = q0 ? ?! v1 q1 ? ?! v2 q2 ? ?! v3 q3 : : : Rational and Recognizable Complex Trace Languages 245 be an accepting path in A2 for v. We construct an accepting path for w in A as follows: (p0; q0; ;; ;) ? ?! u1 (p1; q0; ;; B1) ? ?! v1 (p1; q1; alph(v1); B0 1) 1 ?! (p1; q1; alph(v1); B00 1 ) ? ?! u2 (p2; q1; alph(v1); B2) ? ?! v2 (p2; q2; alph(v1v2); B0 2) 1 ?! (p2; q2; alph(v1v2); B00 2 ) ? ?! u3 (p3; q2; alph(v1v2); B3) ? ?! v3 : : : with for all i >= 1, B00 i = ; if B0 i = f1; 2g and B00 i = B0 i otherwise. 2 Proposition 2.10 ([Gas91]) Let K;L ? IR(X; D) be recognizable (rational respectively) real trace languages such that for all x 2 K, y 2 L it holds alphinf(x) ? alph(y) ? I. Then K ? L is recognizable (rational respectively). Proof: Consider the canonical mapping ' : X1 ! IR(X; D). First, observe that for u; v 2 X1, uttIv is not empty if and only if alphinf(u)? alph(v) ? I . Moreover, in this case, '(w) = '(u)?'(v) for all w 2 uttIv. Now, there exist regular languages K 0; L0 ? X1 such that '(K 0) = K and '(L0) = L. By the observation above, we have '(K 0 ttI L0) = K ? L. Hence, by Lemma 2.9 and Proposition 2.1, K ? L is rational. Finally, if K and L are recognizable, we may assume that K 0 = '?1(K) and L0 = '?1(L) are closed (Proposition 2.3). We claim that in this case, K 0 ttI L0 is closed too, i.e., K 0 ttI L0 = '?1(K ? L), which proves that K ? L is recognizable. Let w 2 '?1'(K 0 ttI L0) = '?1(K ? L) then '(w) = x ? y for some x 2 K and y 2 L. We denote by wi the i-th letter of w or 1 if jwj < i. For a letter a and a word (or a real trace) x we denote by jxja the number of occurrences of a in x. We construct two sequences u1; v1; u2; v2; : : : 2 X [ f1g as follows: ui = wi, vi = 1 if jxjwi >= jw1 : : : wijwi and ui = 1, vi = wi otherwise. Clearly, w = u1v1u2v2 : : :. Let u = u1u2 : : : and v = v1v2 : : :. From '(w) = x ? y we deduce that '(u) = x, '(v) = y and (vi; uj) 2 I for all 246 V. Diekert, P. Gastin, A. Petit i < j. Hence, u 2 '?1(K) = K 0, v 2 '?1(L) = L0 and w 2 K 0 ttI L0 which proves the claim. 2 Remark that Proposition 2.10 states that the family Rat(IR(X; D)) is closed under this extended concatenation. Hence, we may have replaced the concatenation restricted to finitary languages on the left by this extended one without changing the family Rat(IR(X; D)). As stated in Proposition 2.1, a real trace language L is rational if and only if it can be written as a finite union of sets of the form M ? N! where M;N ? IM(X; D) are rational. For recognizable languages this can be strengthened to the following normal form result. Proposition 2.11 ([GPZ91]) A real trace language L ? IR(X; D) is recognizable if and only if it can be written as a finite union of sets of the form M ? N! 1 ? ? ? N! k = M ? (N1 ? ? ? Nk)! where M;N1; : : : ; Nk ? IM(X; D) are recognizable languages such that all traces in Ni are connected and have the same alphabet Ai with Ai ?Aj ? I for i 6= j. Proof: First, it is clear by Remark 2.2, Corollary 2.8 and Proposition 2.10 that every such finite union is recognizable. The original proof [GPZ91] for the other direction uses Mezei's Theorem. Here we simply use Ramsey factorization. Let ?0 : IM(X; D) ! S0 be a morphism recognizing L ? IR(X; D). We define the direct product S = S0 ? P(X) where the operation on the power set P(X) is union and the morphism ? : IM(X; D) ! S by ?(x) = (?0(x); alph(x)) for all x 2 IM(X; D). Note that ? recognizes L, too. Moreover, for s 2 S, the second projection alph(s) is well-defined and satisfies alph(x) = alph(?(x)) for all x 2 IM(X; D). This property will be used in the remainder of the proof. Using Ramsey factorization, recall that we obtain [Gas91]: L = [ (s;e)2P ??1(s) ? ??1(e)! where P = f(s; e) 2 S ? S j se = s; e2 = e and ??1(s) ? ??1(e)! \ L 6= ;g. For each (s; e) 2 P , we decompose the alphabet A = alph(e) into Rational and Recognizable Complex Trace Languages 247 connected components, A = Sk i=1 Ai such that Ai is not empty and connected and Ai ? Aj ? I for all i 6= j. Moreover, we define the finite set E = f(e1; : : : ; ek) j e = e1 ? ? ? ek and alph(ei) = Ai; for all 1 <= i <= kg We claim that ??1(s)??1(e)! = [ (e1;:::;ek)2E ??1(s)??1(e1)! ? ? ? ??1(ek)! which conclude the proof. Note that, in the definition of E, we could require in addition that sei = s and e2 i = ei but this is not necessary for the proof of this proposition. From the alphabetic property of ?, we obtain ??1(e1)! ? ? ? ??1(ek)! = (??1(e1) ? ? ? ??1(ek))! Moreover, ??1(e1) ? ? ? ??1(ek) ? ??1(e), hence one inclusion is clear. Conversely, we define a morphism : ??1(e) ! E as follows. Let x be in ??1(e). Since alph(x) = alph(e) = A, x admits a unique decomposition in connected components x = x1 ? ? ? xk such that alph(xi) = Ai for all 1 <= i <= k. Then we set (x) = (?(x1); : : : ; ?(xk)). Now, let x0x1x2 : : : 2 ??1(s)??1(e)! with x0 2 ??1(s) and xi 2 ??1(e) for all i >= 1. Using Ramsey factorization, we obtain an infinite sequence of integers 0 < i1 < i2 < i3 < : : : and a tuple (e1; : : : ; ek) 2 E such that (x1+ij : : : xik ) = (e1; : : : ; ek) for all 1 <= j < k. Hence, x1+ij ? ? ? xij+1 2 ??1(e1) ? ? ? ??1(ek) for all j >= 1 and we obtain x1+i1x2+i1x3+i1 : : : 2 (??1(e1) ? ? ? ??1(ek))! = ??1(e1)! ? ? ? ??1(ek)! . This proves the claim since ?(x0x1 : : : xi1 ) = se ? ? ? e = se = s. 2 Corollary 2.12 The family of recognizable real languages is the smallest family which contains finite sets of finite traces and which is closed under union, concatenation restricted to finitary languages on the left, and Kleene ? and !-iteration both restricted to finitary connected languages. The final results of this section show the closure of rational and recognizable languages by left and right quotient. These results will become 248 V. Diekert, P. Gastin, A. Petit crucial in the next section. Theorem 2.13 Let K ? IR(X; D) be arbitrary and L ? IR(X; D) be recognizable. Then the following left and right quotients are recognizable, too: K?1 ? L = fy 2 IR(X; D) j xy 2 L for some x 2 K with alphinf(x) ? alph(y) ? Ig L ? K?1 = fx 2 IR(X; D) j xy 2 L for some y 2 K with alphinf(x) ? alph(y) ? Ig If, in addition, K ? IR(X; D) is recognizable, then the quotients are effectively computable. Proof: Let ? : IM(X; D) ?! S be a morphism onto a finite monoid S which recognizes L and let Xs = ??1(s) for s 2 S. As in the proof of Proposition 2.11, we may also assume that alph(s) is well-defined for s 2 S and alph(x) = alph(s) for all x 2 Xs. For s; t 2 S, we write (s; t) 2 I if alph(s) ? alph(t) ? I . Since recognizable languages are closed under union, we may assume that L = XrX! d for some r; d 2 S with rd = r and d2 = d. Using Theorem 2.7 and Proposition 2.10, the result follows from the claim: K?1 ? L = [ (t;f)2Q XtX! f where Q = f(t; f) 2 S ? S j tf = t; f2 = f and XsX! e \ K 6= ; for some (s; e) 2 S ? S with se = s; e2 = e; r = st; d = ef; and (e; tf) 2 Ig: Note that the computation of Q is effective as soon as K is recognizable. Let y 2 XtX! f for (t; f) 2 Q. Choose x 2 XsX! e \ K accordingly to the definition of Q. Then we have xy 2 XsX! e XtX! f = XsXt(XeXf )! ? XrX! d = L Rational and Recognizable Complex Trace Languages 249 Hence, one inclusion of the claim is trivial. For the other direction, let y 2 K?1 ? L and choose x 2 K such that xy 2 L with alphinf(x) ? alph(y) ? I . Then we can write xy = z1z2 : : : with z1 2 Xr and zi 2 Xd for i >= 2. Hence, there exist x1; x2; : : : ; y1; y2; : : : such that zi = xiyi for i >= 1; x = x1x2 : : : ; y = y1y2 : : : ; and (yi; xj) 2 I for i < j. Ramsey factorization applied to the sequence x = x1x2 : : : shows that we may assume x1 2 Xs; xi 2 Xe for i >= 2 and some s; e 2 S such that se = s and e2 = e. In the next step, applying the same argument to the sequence y = y1y2 : : :, we may assume y1 2 Xt; yi 2 Xf for i >= 2 and some t; f 2 S with tf = t and f2 = f . Since alphinf(x) = alph(e) and alph(y) = alph(tf ), we have (e; tf) 2 I . Hence (t; f) 2 Q. This shows the other inclusion. The proof for L ? K?1 is symmetric. 2 For rational languages such a general result does not hold. We have the following counter example. Example: Let IM(X; D) = fa; bg??fc; dg??feg? be a direct product of three free monoids. Consider the following two rational sets: K = (ae)?b and L = (ac)?b(de)?. Then we have K?1L ? fc; dg? ? feg?. The projection of K?1L to fc; dg? yields the non-rational set fw 2 fc; dg? j jwjc <= jwjdg. In order to have an example of !- languages, simply substitute b by b!. However, the quotient of a rational language by a recognizable language is effectively rational. This is stated in the next Theorem. Theorem 2.14 Let K ? IR(X; D) be recognizable and L ? IR(X; D) be rational. Then the following left and right quotients are effectively computable and rational, too: K?1 ? L = fy 2 IR(X; D) j xy 2 L for some x 2 K with alphinf(x) ? alph(y) ? Ig L ? K?1 = fx 2 IR(X; D) j xy 2 L for some y 2 K with alphinf(x) ? alph(y) ? Ig Proof: We give the proof for K?1 ? L only. The other case L ? K?1 is obtained analogously. Let K 0 = '?1(K) and L0 ? X1 be a regular 250 V. Diekert, P. Gastin, A. Petit language such that '(L0) = L. Let X1; X2 be two copies of X and let ^ X = X1 [ X2. Define three morphisms h; p1; p2 from ^ X1 in X1 by h(ai) = a, pi(ai) = a and pj(ai) = 1 for i; j = 1; 2 with i 6= j. Finally, define the regular language W ? ^ X1 by its complement W = [(a;b)2D ^ X?b2 ^ X?a1 ^ X1. Since regular word languages are closed under morphism, inverse morphism and intersection, the language N 0 = p2(p?1 1 (K 0)\h?1(L0)\W ) is regular, too. Moreover, it is easy to verify that N 0 = fv1v2 : : : 2 X1 j 9u1u2 : : : 2 K 0 with u1v1u2v2 : : : 2 L0 and (vi; uj) 2 I for all i < jg = fv 2 X1 j (u ttI v) \ L0 6= ; for some u 2 K 0g We claim that '(N 0) = K?1 ? L which proves that K?1 ? L is rational. Let v be in N 0. There exists w 2 (u ttI v) \ L0 for some u 2 K 0. In the proof of Proposition 2.10 we have shown that '(w) = '(u) ? '(v). Therefore, '(v) 2 K?1 ? L. Conversely, let y be in K?1 ? L. There exists x 2 K such that alphinf(x) ? alph(y) ? I and z = xy 2 L. Let w 2 '?1(z) \ L0. In the proof of Proposition 2.10 we have shown that '?1(xy) = '?1(x)ttI '?1(y). Hence, there exist u 2 '?1(x) and v 2 '?1(y) such that w 2 u ttI v, whence (u ttI v) \ L0 6= ;. Since u 2 '?1(x) ? '?1(K) = K 0, we obtain v 2 N 0. 2 3 Rational and recognizable complex trace languages Recall the following notations. Let L ? C(X; D) be a complex trace language and A ? X be a subset of the alphabet. We denote by LA = fx 2 L j Im(x) = D(A)g and ?A(L) = f?A(x) j x 2 Lg where ?A(x) is the maximal real prefix of Re(x) containing letters independent of A, only. It will be useful to have a finer partition. Let L ? C(X; D) and A; B ? X . We define LA;B = fx 2 L j Im(yx) = D(B) for some y 2 C(X; D)Ag. Note that in the definition above the existential \for some" Rational and Recognizable Complex Trace Languages 251 can be replaced by \for all". The reason to introduce LA;B is that if we concatenate any complex trace y 2 C(X; D)A with some x 2 L such that yx 2 C(X; D)B , then in fact x 2 LA;B. Note that in this case Re(yx) = Re(y)?A(x), therefore, we are also interested in the language ?A;B(L) which is defined by ?A;B(L) = ?A(LA;B). The formulae given in the next lemma will be useful throughout. Lemma 3.1 Let K;L ? C(X; D) be complex trace languages and B ? X. Then the following formulae hold: i) LB = L;;B ii) L = S C?X LB;C iii) ?B(L) = S C?X ?B;C(L) iv) (KL)B = S A?X KALA;B v) Re((KL)B) = S A?X Re(KA)?A;B(L) Proof: i) is obvious. ii) Let x 2 L and y 2 C(X; D)B . Then, D(B) ? Im(yx) = D(C) for some C ? X . Therefore x 2 LB;C . iii) follows since ?A commutes with union. iv) We have (KL)B = S A?X(KAL)B = S A?X(KALA;B). At last, for any x 2 KA and any y 2 LA;B , Re(xy) = Re(x)?A(y) and v) follows from iv). 2 Finally, we define ?A(L) = ?A;A(L). Each trace in ?A(L) is finite since alph(u) ? I(A) and Im(u) ? D(A) implies Im(u) = ;. Note also that ?;(L) is just the finitary part L; = L \ IM(X; D). Later, we will introduce finite components, which could be characterized as the union of ?A(L) over A ? X . For the moment we are interested in the ?A(L), because we have the following formula. Lemma 3.2 Let L ? C(X; D) be a complex trace language and y 2 f?; !g. Let A be the finite set of sequences A = f(A0; : : : ; Ak) j ; = D(A0)? 6= ? ? ? ? 6= D(Ak) ? Xg. Then the language Ly is the finite union Ly = [ (A0;:::;Ak)2A ?A0(L)?LA0;A1 : : : ?Ak?1(L)?LAk?1;Ak?Ak(L)y 252 V. Diekert, P. Gastin, A. Petit Proof: The proof uses in a crucial way the observation that, if x; y 2 C(X; D) and Im(x) = Im(xy) = D(A) then ?A(y) = ?A(y) and xy = x?A(y). Let x = x1x2 : : : 2 Ly, xi 2 L. Eventually, the sequence of alphabets Im(x1) ? Im(x1x2) ? ? ? ? becomes stationary. Therefore, there exist an integer k, a sequence of integers 0 = i0 < i1 < : : : < ik < ik+1 = ! and a sequence (A0; : : : ; Ak) 2 A such that Im(x1 : : : xn) = D(Aj) for all ij <= n < ij+1 and 0 <= j <= k. Define now the sequence (yn)n>=1 by yn = ?Aj (xn) 2 ?Aj (L) if ij < n < ij+1 for some 0 <= j <= k and by yn = xn 2 LAj?1;Aj if n = ij for some 1 <= j <= k. From the observation above, it follows x1 : : : xn = y1 : : : yn for all n and thus x = y1y2 : : : yn : : :. Therefore, x 2 ?A0(L)?LA0;A1 : : : ?Ak?1(L)?LAk?1;Ak?Ak(L)y Conversely, we show by induction on k that ?A0(L)?LA0;A1 : : : ?Ak?1(L)? LAk?1;Ak?Ak (L)y ? Ly, for any (A0; : : : ; Ak) 2 A. For k = 0 this for- mula becomes ?;(L)y = Ly ; ? Ly which is clear. Assume that, for any (A0; : : : ; Ak) 2 A, the inclusion holds and let (A0; : : : ; Ak+1) 2 A. By induction hypothesis applied to (A0; : : : ; Ak), we have in particular: ?A0(L)?LA0;A1 : : : ?Ak?1(L)?LAk?1;Ak?Ak(L)? ? L? (5) Since all the complex traces belonging to the left hand side of Equation (5) have clearly D(Ak) as imaginary part, it follows: ?A0(L)?LA0;A1 : : : ?Ak?1(L)?LAk?1;Ak?Ak (L)? ? (L?)Ak Therefore the inclusion for (A0; : : : ; Ak+1) follows since (L?)AkLAk;Ak+1 ? (L?)Ak+1 and, from the observation above, (L?)Ak+1?Ak+1(L)y ? Ly for y 2 f?; !g. 2 We are now ready to define rational and recognizable complex trace languages. There will be various equivalent characterizations for these notions which justify the following definition. Definition: A complex trace language L ? C(X; D) is called rational (recognizable respectively) if for all A ? X the real language Rational and Recognizable Complex Trace Languages 253 Re(LA) is rational (recognizable respectively). The families are denoted by Rat(C(X; D)) and Rec(C(X; D)) respectively. Proposition 3.3 The family Rec(C(X; D)) is a boolean algebra : it is closed under union, intersection, and complementation. The family Rat(C(X; D)) is closed under union. Proof: Since Re : C(X; D) ! IR(X; D) commutes with union, it follows from results of Section 2 on real traces that Rat(C(X; D)) and Rec(C(X; D)) are closed under union. The closure of Rec(C(X; D)) under intersection and complementation follows from Remark 2.2 and the formulae: for all K;L ? C(X; D) and A ? X , Re(KA \ LA) = Re(KA) \ Re(LA) and Re((C(X; D) n K)A) = Re(C(X; D)A) n Re(KA). 2 For any real trace language L ? IR(X; D) and any subset A ? X , it holds Re(LA) = fr 2 L j Im(r)g = D(A)g = L \ IR(X; D)A. Since '?1(IR(X; D)A) = [ fB?XjD(B)=D(A)g fx 2 X1 j alphinf(x) = Bg the set IR(X; D)A is a recognizable real trace language. Therefore if L is a rational (recognizable respectively) real trace language, then so is Re(LA) for any A ? X . Hence L is also a rational (recognizable respectively) complex trace language. More precisely, we have (as expected) Rat(IR(X; D)) = fL ? IR(X; D) j L 2 Rat(C(X; D))g and Rec(IR(X; D)) = fL ? IR(X; D) j L 2 Rec(C(X; D))g. At last, note that since Re(L) = S A?X Re(LA), we have also the inclusionsRe(Rat(C(X; D))) ? Rat(IR(X; D)) and Re(Rec(C(X; D))) ? Rec(IR(X; D)). The situation is summarized in the following figure. Rec(IR(X; D)) ? Rec(C(X; D)) Re ?! Rec(IR(X; D)) \ \ \ Rat(IR(X; D)) ? Rat(C(X; D)) Re ?! Rat(IR(X; D)) Before we continue the reader should be convinced that it makes no sense to define a language L ? C(X; D) to be rational (recognizable respectively) if the projection Re(L) ? IR(X; D) is rational (recognizable 254 V. Diekert, P. Gastin, A. Petit respectively). Both classes of languages would be uncountable. (Note that the families of rational and recognizable complex trace languages are countable. Indeed, a complex trace language is entirely defined by the languages LA for A ? X and the family of rational real trace languages is countable since it is defined by rational expressions.) For instance, if (X; D) = a b c, for any P ? IN, the language LP = f('(b)j'(a)! ; D(a)) j j 2 Pg [ f('(b)j'(a)! ; D(a; b)) j j 62 Pg verifies '?1(Re(LP )) = a?b! and would be therefore recognizable. Note also that the family of recognizable languages would not be closed under intersection. Namely if (X; D) = a b c d and L = '(ac)?'(b)!'(c) [ f'(a); '(c)g?'(b)! , Re(L) = f'(a); '(c)g?'(b)! is a recognizable real trace language whereas Lfb;cg = L\C(X;D)fb;cg is not recognizable since Re(Lfb;cg) = '(ac)?'(b)!. Similarly, since the canonical mapping ' : X1 ! C(X; D) is not surjective, it cannot be used neither to define a language L ?C(X;D) to be recognizable. For example, simply asking that '?1(L) ? X1 has to be regular would yield that any language not containing real traces is recognizable. (Of course, according to our definition, L 2 Rec(C(X; D)) implies that '?1(L) ? X1 is regular.) Lemma 3.4 Let L ? C(X; D) be rational (recognizable respectively) and A; B ? X. Then the languages LA;B ? C(X; D) and ?A;B(L) ? IR(X; D) are rational (recognizable respectively). Proof: First, we show the assertion for LA;B. Note that (LA;B)C = (LC)A;B for all C ? X . Thus, Re((LA;B)C) = Re((LC)A;B) = Re(fx 2 LC j Im(yx) = D(B) for some y 2 C(X; D)Ag) = fr 2 Re(LC) j Im(yr) [ D(C) = D(B) for some y 2 C(X; D)Ag = Re(LC) \ K where K = fr 2 IR(X; D) j D(A [ C [ SuffA(r)) = D(B)g. Using Remark 2.2 and Lemma 2.4, we are reduced to prove that the language K is recognizable. Indeed, it is easy to verify that the language Rational and Recognizable Complex Trace Languages 255 '?1(K) is accepted by the following deterministic Büchi automaton. The set of states is P(X), the initial state is A and for all q 2 P(X) and a 2 X we have the transition (q; a; q0) where q0 = q [ fag if a 2 D(q) and q0 = q otherwise. A transition (q; a; q0) is final if and only if D(A [ C [ q) = D(B). For ?A;B(L) we have ?A;B(L) = ?A(LA;B) by definition. Hence it is enough to show the assertion for ?A(L). Since ?A(L) = ?A(Re(L)), we are reduced to consider real trace language L ? IR(X; D). For L ? IR(X; D) we have ?A(L) = M \(L ? Suff?1 A ) where M = fx 2 IR(X; D) j alph(x) ? I(A)g and SuffA = fr 2 IR(X; D) j min(r) ? D(A)g = IR(X; D)n [ a2I(A) a?IR(X; D) Since M and SuffA are recognizable, the results follow from Lemma 2.4, Theorems 2.13, and 2.14. 2 So far, we have allowed as rational operation on real traces the concatenation K ? L, only if K is finitary. This was motivated by the fact that IR(X; D) is not a monoid. For complex traces such a restriction is obviously not adequate and our first result underlines this. It follows directly from Lemma 3.1, v), Proposition 2.10 and Lemma 3.4. Theorem 3.5 Let K;L 2 C(X; D) be rational (recognizable respectively). Then the concatenation K ? L has the same property. We can now extend Proposition 2.1 and Proposition 2.11 and give normal forms for rational and recognizable complex trace languages. Corollary 3.6 i) A language L ? C(X; D) is rational if and only if it can be written as a finite union of sets of the form MN!s where M;N ? IM(X; D) are finitary and rational and s 2 IM(X; D) is a finite (shift-)trace. ii) A language L ? C(X; D) is recognizable if and only if it can be written as a finite union of sets of the form MN! 1 : : : N! k s where M;N1; : : : ; Nk ? IM(X; D) are finitary and recognizable, each trace in Ni has the same connected alphabet Ai, Ai ? Aj ? I for i 6= j, and s 2 IM(X; D) is a finite (shift-)trace. 256 V. Diekert, P. Gastin, A. Petit Proof: We have seen in the preliminaries every complex trace language L ?C(X;D) can be written as a finite union: L = [ A shift B (Re(LB) \ IR(X; D)A)sA;B where sA;B is some finite shift trace from D(A) to D(B). Hence if L is rational (recognizable respectively), Proposition 2.1 (Proposition 2.11 respectively) applied to languages Re(LB) \ IR(X; D)A yield the only-if parts of the corollary. The if-parts come from the inclusions Rat(IR(X; D)) ? Rat(C(X; D)) (Rec(IR(X; D)) ? Rec(C(X; D)) respectively) and the closures under concatenation, Theorem 3.5. 2 Since the concatenation and the !-product are fully defined in C(X; D), the ?-iteration and the !-iteration should be allowed as rational operations, in full generality. The next theorem states that this is indeed the case. Theorem 3.7 Let L 2 Rat(C(X; D)) be a rational complex trace language. Then L? and L! are rational. Proof: If L is a rational complex trace language, from Lemma 3.4, we deduce in particular that ?A(L) ? IM(X; D) is a finitary rational trace language for all A ? X . Hence, for all A ? X , ?A(L)? and ?A(L)! are rational real trace languages, too. Thus, the theorem follows from Lemma 3.2, Proposition 3.3 and Theorem 3.5. 2 From closure under union, Theorems 3.5, 3.7 and Corollary 3.6, we obtain the following characterization which could also be used for a convenient definition of rational complex trace languages. Corollary 3.8 The family of rational complex trace languages is the smallest family which contains all finitary rational trace languages and which is closed under union, concatenation, Kleene-?, and !-iteration. Of course, we cannot expect that recognizable languages are closed under Kleene-? or !-iteration, in general. However, let L be a recognizable complex trace language such that ?A(L)? ? IM(X; D) is recognizable for all A ? X . From Theorem 2.7, we deduce that, for all A ? X , Rational and Recognizable Complex Trace Languages 257 ?A(L)! is recognizable, too. Hence, from Lemma 3.2 and closures under union and concatenation we obtain the following corollary. It is our strongest result concerning the question when the star- and !-iteration of a recognizable complex trace language is recognizable. Corollary 3.9 Let L ? C(X; D) be a recognizable complex trace language such that ?A(L)? ? IM(X; D) is recognizable for all A ? X. Then L? and L! are recognizable complex trace languages, too. 2 We finish this section by an extension of Theorems 2.13 and 2.14 to complex trace languages. Theorem 3.10 Let K ?C(X;D) be arbitrary (recognizable respectively) and L ? C(X; D) be recognizable (rational respectively). Then the following left and right quotients are recognizable (rational respectively), too: L ? K?1 = fx 2 C(X; D) j xy 2 L for some y 2 Kg K?1 ? L = fy 2 C(X; D) j xy 2 L for some x 2 Kg If K is recognizable, then the quotients are effectively computable. Proof: First we consider Re((L ? K?1)A) for some A ? X . We have (L ? K?1)A = [ B?X (LB ? K?1)A = [ B?X (LB ? K?1 A;B)A Hence, it remains to prove that Re((LB ? K?1 A;B)A) is a recognizable (rational respectively) real trace language. We have Re((LB ? K?1 A;B)A) = fr 2 Re(C(X; D)A) j r ? ?A(y) 2 Re(LB) for some y 2 KA;Bg = Re(C(X; D)A) \ Re(LB) ? (?A;B(K))?1 Hence, the results follow from Remark 2.2, Lemma 2.4, Theorems 2.13, 2.14 and Lemma 3.4. 258 V. Diekert, P. Gastin, A. Petit The calculus for K?1?L is slightly different. First, note that K?1?L = [A?B?XK?1 A ? LB . Then we have K?1 A ? LB = fy 2 C(X; D)A;B j r?A(y) 2 Re(LB) for some r 2 Re(KA)g =C(X;D)A;B \ fy 2 C(X; D) j ?A(y) 2 Re(KA)?1 ? Re(LB)g Since by Theorems 2.13 and 2.14, Re(KA)?1 ? Re(LB) is recognizable (rational respectively) the results follow from the claim: Claim: Let R ? IR(X; D) be rational (recognizable respectively) then M = fy 2 C(X; D) j ?A(y) 2 Rg is rational (recognizable respectively). For all B ? X , we have Re(MB) = Re(C(X; D)B) \ fr 2 IR(X; D) j ?A(r) 2 Rg. Therefore, the claim follow directly from fr 2 IR(X; D) j ?A(r) 2 Rg = (fr 2 IR(X; D) j alph(r) ? I(A)g\R)?SuffA where SuffA is the recognizable set defined in Lemma 3.4. 2 In the section below we will introduce connected and finitary connected components and we will extend Kleene's and Ochmanski's theorems to complex trace languages. 4 C-rational complex trace languages In order to define concurrent iterations for complex trace languages, we need first a notion of connectedness for complex traces. Intuitively, a trace is connected if it cannot be split into two non-empty independent traces. Thus, let us introduce the notion of independence. This notion is clear in G(X;D): two graphs f and g are independent if alph(f) ? alph(g) ? I . Unfortunately, we cannot use this definition in C(X; D) since the alphabet of a complex trace is not well-defined. Nevertheless, it is easy to verify that the independence relation in G(X;D) factorizes to complex traces. Hence the independence relation in C(X; D) is welldefined and can be characterized as follows. Two complex traces x = (u; D(A)), y = (v; D(B)) 2 C(X; D) are independent if (alph(u) [ A) ? Rational and Recognizable Complex Trace Languages 259 (alph(v) [ B) ? I , in this case we will simply write (x; y) 2 I . Note that this is well-defined since D(B) = D(B0) implies (alph(u) [ A) ? (alph(v) [ B) ? I , (alph(u) [ A) \ D(alph(v) [ B) = ; , (alph(u) [ A) \ D(alph(v) [ B0) = ; , D(alph(u) [ A) \ (alph(v) [ B0) = ; This leads to the following definition. Definition: A complex trace z is called connected if for all factorization z = xy where x, y are independent, either x = 1 or y = 1. A trace x is called a connected component of z 2 C(X; D) if either x = z = 1 or x is a non-empty connected trace such that z = xy for some y independent of x. The trace z is said to be finitary connected if it admits at most one finite connected component. For any non-empty trace z, we will denote by C(z) (respectively FC(z) = C(z) \ IM(X; D)) the set of connected components (respectively finite connected components) of z. These notations are as usual extended to languages. A language is said to be connected (respectively finitary connected) if all its elements are connected (respectively finitary connected). Note that a direct translation of the above definition can be used to define connectedness notions on dependence graphs as well. These notions coincide with the natural notion of connectedness in G(X;D): a dependence graph is connected if and only if so is its underlying undirected graph. Unfortunately, this natural notion does not factorize to complex traces. The same complex trace might have connected as well as disconnected representing dependence graphs. For example let (X; D) = a b c. Then the complex trace x = ((ac)!; X) is represented by the connected dependence graph (ac)!b as well as by the disconnected graph a!c!. This explains why we define the notion of connected traces through the independence relation. For finitary connectedness the situation is simpler. A trace x 2 IM(X; D) is a finite connected component of z 2 C(X; D) if and only if x is finite and a connected component of any representing dependence graph of z. The following proposition precises the links between the two notions of connectedness in G(X;D) and C(X; D). 260 V. Diekert, P. Gastin, A. Petit Proposition 4.1 Let x 2 C(X; D) be a complex trace. i) x is connected if and only if all its representatives in G(X;D) are connected. ii) Let f 2 G(X;D) be any representative of x and let ff1; : : : ; fkg be the set of finite connected components of f . Then FC(x) = ff1; : : : ; fkg. Proof: i) Let f be a representative of x in G(X;D). Suppose that f = gh with alph(g) ? alph(h) ? I . Let y; z be the complex traces represented by g; h respectively. Hence x = yz with (y; z) 2 I . Since x is connected, we get y = 1 or z = 1 and thus g = 1 or h = 1. Therefore f is connected. Conversely, suppose that x = yz with (y; z) 2 I . Let g; h be representatives in G(X;D) of the complex traces y; z respectively. Hence gh is a representative of x and (g; h) 2 I . Thus g = 1 or h = 1, hence y = 1 or z = 1 and x is connected. ii) Let g be a finite connected component of f , f = gh for some h 2 G(X;D) with alph(g) ? alph(h) ? I . Let y be the complex trace represented by h. Since g is finite, we get x = gy with (g; y) 2 I . Moreover g is a connected complex trace from i). Hence g 2 FC(x). Conversely, let y 2 FC(x). Then x = yz for some complex trace z such that (y; z) 2 I . Since G(X;D) is left cancellative [Die91], the dependence graph y?1f is well-defined and is a representative of the complex trace z. Hence y is a finite connected component of f = y(y?1f ). 2 In order to generalize Büchi's and Ochmanski's Theorems to complex traces, we need a link to the language ?A(L) defined above. For a complex trace x, any non-empty product over pairwise independent finite connected components of x is called a finite component of x. For a language L ?C(X;D), the set of finite components of the elements of L is denoted by FinComp(L). Lemma 4.2 Let L ? C(X; D) be recognizable. Then the following assertions hold. Rational and Recognizable Complex Trace Languages 261 i) FinComp(L) = S A?X ?A(L) ii) FC(L) and C(L) are recognizable Proof: i) Let t 2 ?A(L). By definition, we have alph(t) ? I(A) and Im(t) ? D(A), hence Im(t) = ; and thus t is finite. Moreover, there exists some x 2 LA;A such that t = ?A(x). Hence x = t ? (r; Im(x)) and, since x 2 LA;A, we have (D(alph(r)) [ Im(x)) ? D(A). Thus, from alph(t) ? I(A), (t; (r; Im(x))) 2 I . Therefore t 2 FinComp(LA;A) ? FinComp(L). Conversely, let t 2 FinComp(L), there exist some u 2 L and v 2 C(X; D) such that u = tv with (t; v) 2 I . Let B = alph(t) and A = I(B), note that B ? I(A). We claim that t = ?A(u) and u 2 LA;A whence t 2 ?A(L). Let v = (r; D(C)), since (t; v) 2 I , we have by definition B ? (alph(r) [ C) ? I , and thus (alph(r) [ C) ? I(B) = A. Hence alph(r) ? A, in particular alph(r) \ I(A) = ; and then ?A(u) = t. We get also C ? A, hence u 2 LA;A and the claim is proved. ii) Let NC be the set of non-connected complex traces. It is easy to verify that NC = S (A[B)?(E[F )?I K(A;B) ? K(E;F ) where, for all A; B ? X , K(A;B) = fx 2 C(X; D)B n f1g j alph(Re(x)) = Ag. Now, it turns out that C(L) = ( [ (A[B)?(E[F )?I (K(A; B)?1 ? L)\K(E;F )) \ (C(X; D) n NC) Clearly, for all A; B ? X , the set K(A;B) is recognizable. From Proposition 3.3 and Theorems 3.5 and 3.10, we deduce that NC and C(L) are recognizable. Thus the set FC(L) = C(L) \ IM(X; D) is recognizable, too.2 Theorem 4.3 Let L ?C(X;D) be recognizable. If L is finitary-connected (in particular if L is connected) or if FC(L) ? L?, then L? and L! are recognizable. Proof: If L is finitary connected, then FinComp(L) is connected and from Lemma 4.2 i), it holds that ?A(L) is connected for all A ? X . 262 V. Diekert, P. Gastin, A. Petit Since by Lemma 3.4 ?A(L) is also recognizable, ?A(L)? is recognizable by [M?et86, Och85]. Hence L? and L! are recognizable by Corollary 3.9. Assume that FC(L) ? L?. We will also show that ?A(L)? is recognizable for all A ? X . For this purpose, we claim that ?A(L)? = ?A(FC(L))?. Remark first that if t is a finite connected trace, from Lemma 4.2 i) applied to L = ftg, we get that, for any A ? X , either ?A(t) = ftg if alph(t) ? I(A) or ?A(t) = ; otherwise. Let now t be in ?A(L) and ft1; : : : ; tkg be the connected components of t. From Lemma 4.2 i), we have ft1; : : : ; tkg ? C(FinComp(L)) = FC(L). From the remark above, for all 1 <= i <= k, we get ftig = ?A(ti) and thus ti 2 ?A(FC(L)). Hence ?A(L) ? ?A(FC(L))?, and ?A(L)? ? ?A(FC(L))?, too. Conversely, since FC(L) ? L?, we have ?A(FC(L)) ? FinComp(FC(L)) = FC(L) ? L?. Let t 2 ?A(FC(L)) ? L?, in particular alph(t) ? I(A) and t = t1 : : : tk with ti 2 L; and alph(ti) ? I(A) for 1 <= i <= k. From the remark above, ftig = ?A(ti) ? ?A(L), for 1 <= i <= k. Therefore t 2 ?A(L)? and ?A(FC(L)) ? ?A(L)?. Finally ?A(L)? = ?A(FC(L))? and the claim is proved. Since ?A(FC(L)) is connected, we obtain from [M?et86, Och85] that ?A(L)? is recognizable. 2 Corollary 4.4 Let L ? C(X; D) be a recognizable, then (FC(L) [ L)? and (FC(L) [ L)! are recognizable, too. Proof: This is immediate from the theorem above and the observation that we have FC(FC(L) [ L) = FC(L). 2 Beside its own interest, Corollary 4.4 yields a simple proof of the following result which is surprising, since the ?-iteration of a single trace is not recognizable, in general. Corollary 4.5 Let x 2 C(X; D) be a recognizable complex trace, i.e., fxg 2 Rec(C(X; D)), then x! is recognizable. Rational and Recognizable Complex Trace Languages 263 Proof: Choose A ? X such that D(A) = Im(x!). Then we claim that fx!g = ((FC(fxg) [ fxg)!)A One inclusion is obvious. Conversely, let z 2 ((FC(fxg)[fxg)!)A. Since Im(z) = Im(x!) = D(alph(Re(x))) [ Im(x), we deduce that z = zx = zx!. Now, let FC(fxg) = fx1; : : : ; xkg and let y = (x1 : : : xk)?1 ? x. From the definition of connected components, it holds that x1; : : : ; xk; y are pairwise independent. Therefore z = xn+n1 1 : : : xn+nk k yn for some 0 <= n1; : : : ; nk; n <= !, x! = x! 1 : : : x! k y! and hence zx! = x! . 2 Now, we extend the concurrent iteration of Ochmanski [Och85] to complex traces. Definition: Let L ?C(X;D). Then the concurrent iterations of L are defined by Lc?? = (C(L))? and Lc?! = (C(L))! . Since C(L) is connected, we obtain from Lemma 4.2 and Theorem 4.3: Corollary 4.6 Let L ? C(X; D) be recognizable. Then Lc?? and Lc?! are recognizable. Definition: The family of c-rational complex trace languages,c ? Rat( C(X; D)), is the smallest family which contains all finite sets of finite traces and which is closed under the operations union, concatenation and concurrent iterations c-? and c-!. We are now ready to state our main result. Theorem 4.7 Rec(C(X; D)) = c ? Rat(C(X; D)) Proof: We have seen that Rec(C(X; D)) is a boolean algebra closed under concatenation (Theorem 3.5) and concurrent iterations (Corollary 4.6). Hence c ? Rat(C(X; D)) ? Rec(C(X; D)). Conversely, we have seen (Corollary 3.6) that every recognizable language can be written as a finite union over languages of type MN! 1 : : : N! k s where M;N1; : : : ; Nk ? IM(X; D) are recognizable and s 2 IM(X; D) is a finite trace. Moreover all 264 V. Diekert, P. Gastin, A. Petit traces in Ni have the same connected alphabet and hence N! i = Nc?! i . From Ochmanski's theorem [Och85], the recognizable finitary languages M and Ni, for 1 <= i <= k, are in c ? Rat(C(X; D)). Therefore L is also in c ? Rat(C(X; D)). 2 Remark 4.8 i) Every recognizable complex trace language has effectively a c-rational expression where the concurrent iterations are allowed only for finitary languages which are connected. (Hence where the concurrent iterations become the usual Kleene-? and !-iteration.) ii) We could have defined the finitary concurrent iteration of a language L as Lfc?y = (FC(L) [ L)y for y 2 f?; !g. An analogue of Theorem 4.7 with a suitable definition of fc ? Rat(C(X; D)) also holds in this case. 5 Conclusion In this paper we have studied the families of rational and recognizable languages of complex traces. We showed that classical results on finite and infinite words and finite traces have a natural extension to complex traces. In our investigations we followed mainly an algebraic viewpoint with the final goal to establish the Kleene-Ochmanki-Theorem. Of course, other characterizations of the recognizable languages are of high interest. For instance, word languages can be defined by monadic second order logic [Büc62]. The equivalent work for finite traces can be found in [Tho90] and for for real traces in [Ebi92]. Its generalization to complex traces seems to be without any additional difficulty. Besides, the most well-known characterizations of recognizable languages use the notion of finite automata. Recognizable word languages are languages which are accepted by (non-deterministic) Büchi automata or by deterministic Muller automata. Asynchronous (cellular) automata [Zie87, Zie89] provide distributed acceptors for recognizable languages of finite traces. With a suitable Büchi like condition, non-deterministic Rational and Recognizable Complex Trace Languages 265 asynchronous (cellular) automata accept exactly the recognizable languages of real traces [GP92] and may be easily extended to accept complex trace languages. Hence, the main open problem in this field is to obtain a characterization of recognizable languages of infinite traces with an appropriate model of finite deterministic automata. Acknowledgements: We thank Anca Muscholl for fruitful discussions and for the simple example before Theorem 2.14. References [AR88] I.J. Aalbersberg and G. Rozenberg. Theory of traces. Theoret. Comput. Sci., 60:1{82, 1988. [Arn85] A. Arnold. A syntactic congruence for rational !-languages. Theoret. Comput. Sci., 39:333{335, 1985. [BMP90] P. Bonizzoni, G. Mauri, and G. Pighizzini. About infinite traces. In V. Diekert, editor, Proceedings of the ASMICS workshop Free Partially Commutative Monoids, Kochel am See (Germany) 1989, Report TUM-I9002, Technical University of Munich, pages 1{10, 1990. [Büc62] R. Büchi. On a decision method in restricted second order arithmetic. In Proc. Internat. Congress on Logic, Methodology and Philosophy, pages 1{11. Standford University Press, 1962. [CF69] P. Cartier and D. Foata. Probl?emes combinatoires de commutation et r?earrangements. Lecture Notes in Mathematics 85. Springer, Berlin-Heidelberg-New York, 1969. [CP85] R. Cori and D. Perrin. Automates et commutations partielles. R.A.I.R.O.-Informatique Th?eorique et Applications, 19:21{32, 1985. [DGP91] V. Diekert, P. Gastin, and A. Petit. Recognizable complex trace languages. In A. Tarlecki, editor, Proceedings of the 16th Symposium on Mathematical Foundations of Computer 266 V. Diekert, P. Gastin, A. Petit Science (MFCS'91), Kazimierz Dolny (Poland) 1991, Lecture Notes in Computer Science 520, pages 131{140. Springer, Berlin-Heidelberg-New York, 1991. [Die90] V. Diekert. Combinatorics on Traces. Lecture Notes in Computer Science 454. Springer, Berlin-Heidelberg-New York, 1990. [Die91] V. Diekert. On the concatenation of infinite traces. In C. Choffrut et al., editors, Proceedings of the 8th Annual Symposium on Theoretical Aspects of Computer Science (STACS'91), Hamburg (Germany) 1991, Lecture Notes in Computer Science 480, pages 105{117. Springer, Berlin-Heidelberg-New York, 1991. [Ebi92] W. Ebinger. On logical definability of infinite trace languages. In V. Diekert et al., editors, Proceedings ASMICS Workshop Infinite Traces, Tübingen (Germany) 1992, Bericht 4/92, Fakultät Informatik, Universität Stuttgart, 1992. This volume pages 106{122. [Fli74] M. Fliess. Matrices de Hankel. J. Math. Pures et Appl., 53:197{224, 1974. [FR82] M.P. Fl?e and G. Roucairol. On the serializability of iterated transactions. In Proceedings ACM SIGACT-SIGOPS, Symposium on Principles of Distr. Comp., Ottawa (Canada) 1982, pages 194{200, 1982. [Gas90] P. Gastin. Infinite traces. In I. Guessarian, editor, Proceedings of the Spring School of Theoretical Computer Science on Semantics of Systems of Concurrent Processes, Lecture Notes in Computer Science 469, pages 277{308. Springer, Berlin- Heidelberg-New York, 1990. [Gas91] P. Gastin. Recognizable and rational trace languages of finite and infinite traces. In C. Choffrut et al., editors, Proceedings Rational and Recognizable Complex Trace Languages 267 of the 8th Annual Symposium on Theoretical Aspects of Computer Science (STACS'91), Hamburg (Germany))1991, Lecture Notes in Computer Science 480, pages 89{104. Springer, Berlin-Heidelberg-New York, 1991. [GP92] P. Gastin and A. Petit. Asynchronous cellular automata for infinite traces. In W. Kuich, editor, Proceedings of the 19th International Colloquium on Automata Languages and Programming (ICALP'92), Vienna (Austria) 1992, Lecture Notes in Computer Science. Springer, Berlin-Heidelberg-New York, 1992. Also available as Tech. Rep. 91-68, LITP, Universit?e Paris 6, France, 1991. [GPZ91] P. Gastin, A. Petit, and W. Zielonka. A Kleene theorem for infinite trace languages. In J. Leach Albert et al., editors, Proceedings of the 18th International Colloquium on Automata Languages and Programming (ICALP'91), Madrid (Spain) 1991, Lecture Notes in Computer Science 510, pages 254{266. Springer, Berlin-Heidelberg-New York, 1991. [GR91] P. Gastin and B. Rozoy. The poset of infinitary traces. Technical Report, LITP 91.24, Universit?e de Paris 6, 1991. To appear in Theoret. Comp. Sci. [Gra81] R. Graham. Rudiments of Ramsey theory. Regional Conference Series in Mathematics 45, 1981. [Kwi90] M. Kwiatkowska. A metric for traces. Imform. Proc. Letters, 35:129{135, 1990. [Maz77] A. Mazurkiewicz. Concurrent program schemes and their interpretations. DAIMI Rep. PB 78, Aarhus University, Aarhus, 1977. [Maz87] A. Mazurkiewicz. Trace theory. In W. Brauer et al., editors, Petri Nets, Applications and Relationship to other Models of Concurrency, Lecture Notes in Computer Science 255, pages 279{324. Springer, Berlin-Heidelberg-New York, 1987. 268 V. Diekert, P. Gastin, A. Petit [M?et86] Y. M?etivier. Une condition suffisante de reconnaissabilit?e dans un monö?de partiellement commutatif. R.A.I.R.O.- Informatique Th?eorique et Applications, 20:121{127, 1986. [MR91] Y. M?etivier and B. Rozoy. On the star operation in free partially commutative monoids. International Journal of Foundations of Computer Science, 2:257{265, 1991. [Och85] E. Ochmanski. Regular behaviour of concurrent systems. Bull. of the European Association for Theoretical Computer Science (EATCS), 27:56{67, Oct 1985. [Och90] E. Ochmanski. Notes on a star mystery. Bull. of the European Association for Theoretical Computer Science (EATCS), 40:252{257, Feb 1990. [Per89] D. Perrin. Partial commutations. In G. Ausiello et al., editors, Proceedings of the 16th International Colloquium on Automata, Languages and Programming (ICALP'89), Stresa (Italy) 1989, Lecture Notes in Computer Science 372, pages 637{651. Springer, Berlin-Heidelberg-New York, 1989. [PP91] D. Perrin and J.E. Pin. Mots Infinis. Technical Report, LITP 91.06, Universit?e de Paris 6, 1991. [Sak87] J. Sakarovitch. On regular trace languages. Theoret. Comput. Sci., 52:59{75, 1987. [Tho90] W. Thomas. On logical definability of trace languages. In V. Diekert, editor, Proceedings of the ASMICS workshop Free Partially Commutative Monoids, Kochel am See, Oktober 1989, Report TUM-I9002, Technical University of Munich, pages 1{10, 1990. [Zie87] W. Zielonka. Notes on finite asynchronous automata. R.A.I.R.O.-Informatique Th?eorique et Applications, 21:99{ 135, 1987. Rational and Recognizable Complex Trace Languages 269 [Zie89] W. Zielonka. Safe executions of recognizable trace languages by asynchronous automata. In A. R. Mayer et al., editors, Proceedings Symposium on Logical Foundations of Computer Science, Logic at Botik '89, Pereslavl-Zalessky (USSR) 1989, Lecture Notes in Computer Science 363, pages 278{289. Springer, Berlin-Heidelberg-New York, 1989. 270 Open problems 271 Open problems in trace theory proposed by Giovanni Pighizzini and Nicoletta Sabadini 1 Determinization of asynchronous automata A very surprising result obtained by W. Zielonka [Zie87] is the solution of the following problem: Problem 1 Given a deterministic automaton over the free partially commutative monoid find a deterministic asynchronous automaton accepting the same trace language. The proof given by Zielonka is rather complicated and it seems difficult to simplify it, despite all efforts, e.g. [CM88]. The characterization of the class of recognizable trace languages given by Ochma?nski [Och85] suggests a different approch to Problem 1 similar to the usual proof of Kleene's Theorem [Pig92]. Unfortunately, the automaton so obtained is nondeterministic. Even if the possibility of obtaining an equivalent deterministic asynchronous automaton is a consequence of Zielonka's result, up to date there is not any direct construction. Thus, we state the following problem: Open problem 1 Find a \new" strategy to transform nondeterministic asynchronous automata in deterministic asynchronous automata, without using Zielonka's proof. 272 Open problems 273 We briefly point out that the main difficult of Zielonka's result is to obtain a distributed automaton starting from a monoid automaton, in such a way that there is a link between their states. Our open problem seems to be easier since the input is already a distributed automaton; in spite of this, similar technical problems arise. Similar considerations can be formulated for asynchronous cellular automata. 2 Probabilistic asynchronous automata As a second open problem, we still propose the generalization of Zielonka's Theorem to probabilistic asynchronous automata. Probabilistic asynchronous automata were introduced in [MS89]. In [JPS90], the following problem were positively solved in the case of concurrent alphabets with acyclic dependency graph. Open problem 2 Given a concurrent alphabet (?; C), does the class of behaviours of F(?; C){probabilistic asynchronous automata coincide with the class of behaviours of probabilistic asynchronous automata over (?; C) ? In the general case this problem is still open. 3 Extensions of the notion of infinite trace An extension of the notion of finite traces was recently proposed by A. Arnold [Arn91], by considering pomsets without self{concurrency. In this extension the concurrency relation is not fixed a priori. A similar extension in the infinite case could be useful to describe infinite behaviours of concurrent systems. So, we state the following problem: Open problem 3 Extend the theory of infinite traces to pomsets without self{concurrency, giving a suitable notion of recognizing devices. 274 4 The equivalence and the inclusion prob- lems for k{ambiguous regular trace lan- guages The equivalence problem (inclusion problem, resp.) for a class C of trace languages consists in deciding if L0 = L00 (L0 ? L00, resp.), where L0 and L00 are languages in the class C. Let Rk(?; C) denotes the class of regular trace languages over the concurrent alphabet (?; C) with degree of ambiguity k [BMS82b] and R0(?; C) the class of recognizable trace languages. We briefly recall that R0(?; C) ? R1(?; C) ? : : : ? Rk(?; C) ? : : : ? R(?; C); where R(?; C) is the class of regular trace languages over (?; C). It is known that for the class R0(?; C) the equivalence problem is decidable for all concurrent alphabets, while for the class R(?; C) it is decidable if and only if the concurrency relation C is transitive [BMS82a, AH87]. In [BPS88], it was proved that there exists a concurrent alphabet (?; C) with nontransitive concurrency relation such that the equivalence problem for R1(?; C) is decidable. This result has been recently extended in [Var91] proving that for every concurrent alphabet (?; C), the equivalence problem for R1(?; C) is decidable. Up to date, there is none result concerning the classes Rk(?; C) for k >= 2. Open problem 4 For every k >= 2, characterize the class of concurrent alphabets (?; C) such that the equivalence problem for trace languages in Rk(?; C) is decidable. For the class R(?; C) of regular trace languages, the inclusion problem is decidable if and only if the independency relation C is transitive [Sak90]. Moreover, the same problem for R0(?; C) is decidable for every concurrent alphabet. None result is known for the class R1(?; C) of unambiguous regular trace languages and for k{ambiguous regular trace languages. Open problems 275 Open problem 5 For every k >= 1, characterize the class of concurrent alphabets (?; C) such that the inclusion problem for trace languages in Rk(?; C) is decidable. References [AH87] IJ. Aalbersberg and H. Hoogeboom. Decision problems for regular trace languages. In Proc. 14th ICALP, Lecture Notes in Computer Science 267, pages 251{259, 1987. [Arn91] A. Arnold. An extension of the notions of traces and of asynchronous automata. RAIRO Inf. Theor., 25:355{393, 1991. [BMS82a] A. Bertoni, G. Mauri, and N. Sabadini. Equivalence and membership problems for regular trace languages. In Proc. 9th ICALP, Lecture Notes in Computer Science 140, pages 61{71, 1982. [BMS82b] A. Bertoni, G. Mauri, and N. Sabadini. A hierarchy of regular trace languages and some combinatorial applications. In Proc. 2nd World Conference on Mathematics at the Service of Men, pages 146{153, Las Palmas, 1982. [BPS88] D. Bruschi, G. Pighizzini, and N. Sabadini. On the existence of the minimum asynchronous automaton and on decision problems for unambiguous regular trace languages. In Proc. 5th STACS, Lecture Notes in Computer Science 294, pages 334{346, 1988. To appear in Information and Computation. [CM88] R. Cori and Y. M?etivier. Approximation of a trace, asynchronous automata and the ordering of events in a distributed system. In Proc. 15th ICALP, Lecture Notes in Computer Science 317, pages 147{161, 1988. [JPS90] S. Jesi, G. Pighizzini, and N. Sabadini. Probabilistic asynchronous automata. In Proceedings of the workshop: Free partially commutative monoids, Institüt für Informatic { Technische Universität München { TUM{I9002, pages 99{114, 1990. 276 [MS89] P. Massazza and N. Sabadini. Some applications and techniques for generating functions. In Proc. CAAP 89, Lecture Notes in Computer Science 351, pages 321{336, 1989. [Och85] E. Ochma?nski. Regular behaviour of concurrent systems. EATCS Bullettin, 27:56{67, 1985. [Pig92] G. Pighizzini. Synthesis of nondeterministic asynchronous automata. 1992. These proceedings. [Sak90] J. Sakarovitch. The \last" decision problem on rational trace languages. In Proceedings of the workshop: Free partially commutative monoids, Institüt für Informatic { Technische Universität München { TUM{I9002, pages 168{171, 1990. [Var91] S. Varricchio. On the decidability of the equivalence problem for partially commutative rational power series, 1991. Manuscript. [Zie87] W. Zielonka. Notes on finite asynchronous automata. RAIRO Inf. Theor., 21:99{135, 1987.