Specification of Deterministic Regular
Liveness Properties
Frank Nießner
⋆
telecommunications, networks & security Research Group
Department of Computer Science, University of Fribourg
Boulevard de P
´
erolles 90, CH–1700 Fribourg, Switzerland
Abstract. Even up-to-date automated verfication techniques are affected by the
fundamental complexity of verification algorithms which is caused by necessity
to decide subset conditions on certain languages. These languages are recogniz-
able by nondeterministic B
¨
uchi automata and represent a system behavior and the
desired properties of the system. The involved complementation process may lead
to an exponential blow-up in the size of the automata. In this paper we specify
the structure of a rich subclass of languages that can be characterized by deter-
ministic B
¨
uchi automata and hence be complemented rather easily. Furthermore,
we present examples of practically relevant properties belonging to this language
class.
1 Introduction
The behavior of systems that exhibit temporary perpetual behavior and have the ability
to react to their environment [7] can be appropriately described by regular ω-languages
[10] which are Eilenberg-limits [3] of prefix-closed regular languages. Here, the funda-
mental alphabet is the set of actions that may be performed by the considered system
and the system behavior is the set of all infinite action-sequences the system may per-
form. In this context, verification describes the process of checking whether the behav-
ior is a subset of an ω-language that contains all the action-sequences representing the
correct behavior of the system. We call this latter language a property.
Properties are as well be characterized by regular ω-languages and B
¨
uchi automata
respectively. Due to the difference between the language-classes which are recognizable
by deterministic and nondeterministic B
¨
uchi automata (the deterministic and nondeter-
ministic regular ω-languages) [2], verification becomes a different task since it might
be essential to ‘complement’ the, in general, nondeterministic property-automaton. This
can cause an automaton that is exponentially larger. However, we are able to compute
the complement of a property-automaton rather easily if it is deterministic [8].
Therefore, we investigate deterministic automata and deterministic properties re-
spectively. Even though we consider just a proper subset of all regular ω-languages, this
is no major drawback since deterministic properties contain a large class of practically
⋆
The author is supported by the Hasler Foundation under grant number 1922.
Nießner F. (2006).
Specification of Deterministic Regular Liveness Properties.
In Proceedings of the 4th International Workshop on Modelling, Simulation, Verification and Validation of Enterprise Information Systems, pages
173-178
DOI: 10.5220/0002482601730178
Copyright
c
SciTePress
relevant properties in general [8]. Furthermore, before we begin our considerations, we
will briefly explain that it is sufficient to focus on the particular class of properties called
liveness properties. Properties can be separated due to their intuitive meaning into safety
and liveness properties [1]. It is easy to show that safety properties are closed sets in the
Cantor topology and therefore are always deterministic [6]. Additionally, every prop-
erty can be represented by an intersection of a safety and a liveness property [1]. Taking
into account that determinism of regular ω-languages is preserved under intersection,
we obtain that a characterization of deterministic regular liveness properties suffices to
characterize all deterministic regular properties.
In this paper we will present the structure of deterministic regular liveness properties
in terms of regular prefix-free languages and, additionally, we will give some examples
of practically relevant subsets of this class.
2 Preliminaries
We assume the reader is familiar with the common notions of formal language and
automata theory as presented in [4]. For a finite set of actions Σ, let Σ
∗
be the set of all
finitely long sequences on Σ, let Σ
ω
be the set of all infinitely long sequences, and let
Σ
∞
= Σ
∗
∪ Σ
ω
. A set L ⊆ Σ
∗
is called a (finitary) language, a set L
ω
⊆ Σ
ω
is called
an ω-language.
Let L
∞
⊆ Σ
∞
. Then pre(L
∞
) = {v ∈ Σ
∗
| ∃w ∈ Σ
∞
: vw ∈ L
∞
} denotes
the set of all prefixes of L
∞
. We call a language L ⊆ Σ
∗
prefix-closed if and only if
pre(L) = L. Further, the Eilenberg-limit [3] (or limit for short) of a language L ⊆ Σ
∗
is given by lim(L) = {w ∈ Σ
ω
| ∃
∞
v ∈ pre(w) : v ∈ L}.
1
Let w = σ
1
σ
2
. . . ∈ Σ
ω
.
Then we define Inf (w ) = {σ ∈ Σ | ∃
∞
i : σ
i
= σ}.
A finite state automaton is capable of accepting strings. It is given by a quintuple
A = (Q, Σ, δ, q
0
, F ), where Q is a non-empty finite set of states, Σ is a non-empty
finite set of input symbols, q
0
∈ Q is the initial state, F ⊆ Q is a set of final states, and
δ : Q × Σ → 2
Q
denotes the transition function. We assume the transition function δ
to be extended to 2
Q
× Σ
∗
→ 2
Q
as usual. A is deterministic if |δ(q , σ)| ≤ 1, for each
q ∈ Q, σ ∈ Σ. A tripel (q, σ, p) ∈ Q × Σ × Q s.t. δ(q, σ) ∋ p is a transition of A.
Let v = σ
1
σ
2
. . . σ
n
∈ Σ
∗
and w = σ
1
σ
2
. . . ∈ Σ
ω
. A finite state sequence
ρ(v) = r
0
r
1
. . . r
n
∈ Q
∗
denotes a finite run of A on v if δ(r
i
, σ
i+1
) ∋ r
i+1
for
0 ≤ i < n. The finite run ρ(v) is successful if r
0
= q
0
and r
n
∈ F . An infinite state
sequence ρ(w) = r
0
r
1
. . . ∈ Q
ω
denotes a run of A on w if δ(r
i
, σ
i+1
) ∋ r
i+1
for
0 ≤ i. The run ρ(w) is successful if r
0
= q
0
and Inf (ρ(w )) ∩ F 6= ∅.
Subject to its acceptance condition, A turns into a finite automaton or a B
¨
uchi au-
tomaton. If we define A to accept all v ∈ Σ
∗
such that δ(q
0
, v)∩F 6= ∅, then A is a finite
automaton (FA) and L(A) = {v ∈ Σ
∗
| There is a successful finite run of A on v} is
a regular language. If we define A to accept each w ∈ Σ
ω
such that there are infinitely
many different v ∈ pre(w) such that δ(q
0
, v) ∩ F 6= ∅, then A turns into a B
¨
uchi
automaton (BA) and L
ω
(A) = {w ∈ Σ
ω
| There is a successful run of A on w} is a
regular ω-language. Throughout this paper we assume our automata to be reduced, i.e.,
they don’t have useless states or transitions.
1
Read ‘∃
∞
... : ...’ as ‘there exist infinitely many different ... such that ...’.
174
3 System Behavior, Properties and Verification
When we consider the behavior of a reactive system, it would make no sense to al-
low for finite computations having prefixes that are not a finite behavior as well. Thus,
the language representing the finite behavior of the system is prefix-closed and can be
recognized by a finite automaton with only accepting states. Furthermore, since it is
reasonable to consider the behavior to be the ‘infinitely continued’ finite behavior of
the system, we consider the behavior to be the limit of a prefix-closed language.
Intuitively, a property partitions Σ
ω
into the set Y ⊆ Σ
ω
of sequences that satisfy
the property and the set N ⊆ Σ
ω
of sequences that do not. For a formal definition of a
property we simply identify it with the set Y ⊆ Σ
ω
that satisfies it. A system behavior
B satisfies a property P ⊆ Σ
ω
linearly if and only if B ⊆ P .
Properties can be classified by their intuitive meaning [5, 1]. There are properties
demanding that ‘nothing undesired will happen’. We call these properties safety prop-
erties. If an undesired action occurs in a computation then this computation, indepen-
dently of further actions, does not satisfy the property. Thus, a property P ⊆ Σ
ω
is called a safety property if and only if from w 6∈ P follows the existence of a
u ∈ pre(w), such that uv 6∈ P for all w, v ∈ Σ
ω
[1]. Another important class of
properties are the liveness properties. These properties demand that ‘a desired action
or action sequence occurs eventually’ but without specifying the point in time and the
number of occurences (once or repeatedly). Furthermore, the possible satisfaction of
the property must be independent of the computation performed so far. This means that
for all finite computations v ∈ Σ
∗
there must exist an infinite continuation w ∈ Σ
ω
such that vw ∈ P . A reformulation yields [1]: P ⊆ Σ
ω
is a liveness property if and
only if pre(P) = Σ
∗
. The classification of properties into safety and liveness properties
is well-founded since a common result from topology states that every property is the
intersection of a safety and a liveness property [1].
Verifying a system means deciding subset conditions of the form B ⊆ P which
can be algorithmically performed by checking B ∩
P = ∅ (where L
ω
= Σ
ω
\ L
ω
).
However, the problem of complementing B
¨
uchi automata is PSPACE-complete [10]
and may result in an automaton of size up to 2
O(n log n)
[9]. An exponential blow-up
can be avoided if we restrict the properties to be deterministic. Then, a deterministic
B
¨
uchi automaton suffices to describe a property P and it can be complemented in linear
time, yielding a B
¨
uchi automaton (which is not necessarily deterministic anymore) that
recognizes P and has at most twice as many states (plus one in addition) compared to
the original one [8].
4 Deterministic Regular Liveness Properties
We will now have a closer look on the structure of deterministic liveness properties.
A good point of origin is the well-known specification for deterministic regular ω-
languages which is based on regular prefix-free languages [3]. Here, a language L ⊆ Σ
∗
is called prefix-free if no proper prefix of a string in L is in L. It is called maximal
prefix-free if it is prefix-free and for all w ∈ Σ
∗
\ L holds: L ∪ {w} is not prefix-free
anymore. In this case we have pre(L · Σ
∗
) = Σ
∗
. The specification is given by
175
Lemma 1. A regular ω-language L
ω
⊆ Σ
ω
is deterministic if and only if there exist
regular prefix-free languages U
i
, V
i
⊆ Σ
∗
, 1 ≤ i ≤ n such that L
ω
=
S
1≤i≤n
U
i
· V
ω
i
.
A proof can be found in [3]. Instead, we give an intuitive explanation that provides
hints on how to improve this characterization towards a specification for deterministic
liveness properties.
Obviously, to each deterministic regular ω-language there exists a deterministic
B
¨
uchi automaton A = (Q, Σ, δ, q
0
, F ) that recognizes it. Hence, this automaton has
at least one accepting state, say 1, and, since it accepts infinite action sequences, there
must be at least one loop, i.e., a sequence of transitions that starts and ends in this
accepting state without passing it intermediately. In general, there might be infinitely
many of such sequences. We collect all these sequences in a set, say V
1
⊆ Σ
∗
. In fact,
V
1
is a regular language and it is prefix-free, since A is deterministic. Furthermore,
there must exist at least one finite sequence of transitions that start in q
0
and ends up in
1. Again, there might be more than just one such sequence (even infinitely many) and
we collect all of them in a set U
1
⊆ Σ
∗
. Notice that U
1
is as well regular und prefix-free
since A is deterministic. Then U
1
· V
ω
1
contains all infinite sequences that A accepts in
state 1. These observasions hold for each accepting state from F = {1, . . . , n} of A.
Thus, L(A) =
S
1≤i≤n
U
i
· V
ω
i
, where U
i
, V
i
⊆ Σ
∗
are regular prefix-free languages.
In a certain sense, the determinism is captured in the prefix-freedom of the regular
languages U
i
, V
i
⊆ Σ
∗
(or vice versa). Due to their determinism, the representation
given in Lemma 1 holds as well for deterministic regular liveness properties. However,
there must exist additional constraints on U
i
, V
i
⊆ Σ
∗
that capture the ‘liveness’ of a
property. Recall that P is a liveness property if and only if pre(P) = Σ
∗
. Furthermore,
notice that we can add an arbitrary deterministic regular ω-language to P (determin-
istic regular ω-languages are closed under union) and still have a deterministic regular
liveness property.
Now, let U
i
, V
i
⊆ Σ
∗
be regular prefix-free languages such that P =
S
1≤i≤n
U
i
·
V
ω
i
. Hence, we must have pre(
S
1 ≤i≤n
U
i
· V
ω
i
) = Σ
∗
. Some of the U
j
might be
prefixes of a U
i
, i 6= j, and if this is the case, then we can skip them without destroying
the ‘liveness’ of the rest, i.e., pre(
S
s∈S
U
s
· V
ω
s
) = Σ
∗
, where S = {1, . . . , n} \ R
and R is the set of indices j such that U
j
is a prefix of a U
i
, i 6= j. This implies
pre(
S
s∈S
U
s
) · Σ
∗
= Σ
∗
which means that pre(
S
s∈S
U
s
) is maximal prefix-free.
Moreover, we must have pre(V
ω
s
) = Σ
∗
for s ∈ S. From pre(V
ω
s
) = Σ
∗
follows
pre(V
s
· Σ
∗
) = Σ
∗
, i.e., the regular languages V
s
, s ∈ S, must be maximal prefix-free,
whereas the V
r
, r ∈ R are at least prefix-free. The deterministic regular ω-language
S
r∈R
U
r
· V
ω
r
can be considered as addition to that part that still describes a determin-
istic regular liveness property. Thus we obtain the following lemma
Lemma 2. L
ω
is a deterministic regular liveness property if and only if there exist
regular prefix-free languages U
i
, V
i
⊆ Σ
∗
, 1 ≤ i ≤ n, such that L
ω
=
S
1≤i≤n
U
i
· V
ω
i
and there exists a subset L
K
=
S
s∈S
U
s
· V
ω
s
of L
ω
, where S ⊆ {1, . . . , n}, such that
S
s∈S
U
s
and the V
s
are maximal prefix-free for all s ∈ S.
We exemplify the concept using the B
¨
uchi automaton A depicted in Figure 1.
176
a
b
b
a
0
1
4
3
5
6
b
a,b
2
b
a
a
a,b
a
b
Fig.1. B
¨
uchi automaton A.
Example 1. We have four accepting states (the double-circled ones). The prefix-free
sets corresponding to state 2 are U
1
= (a + ba) and V
1
= a. Thus, (a + ba) · a
ω
is
the set of ω-words that A recognizes in state 2. The sets corresponding to state 3 are
U
2
= bb, V
2
= (a + b) and A recognizes bb · (a + b)
ω
in state 3. For state 4 we obtain
U
3
= (a + ba)a
∗
b, V
3
= (a + b)a
∗
b and the ω-language a + ba)a
∗
b · ((a + b)a
∗
b)
ω
.
The sets corresponding to state 5 are U
4
= (a + ba)a
∗
b(a + b)a, V
4
= (ab + b)(a + b)a
and thus the ω-language accepted in state 5 is U
4
= (a + ba)a
∗
b(a + b)a · ((ab +
b)(a + b)a)
ω
. We observe that U
1
, U
2
⊆ pre(U
4
). Hence, L(A) = L
K
∪ L
Z
where
L
K
= (bb · (a + b)
ω
) ∪ ((a + ba)a
∗
b(a + b)a · ((ab + b)(a + b)a)
ω
) is a deterministic
regular liveness property and L
Z
= ((a + ba) · a
ω
) ∪ (a + ba)a
∗
b · ((a + b)a
∗
b)
ω
) is a
deterministic regular ω-language.
5 Practically Relevant Deterministic Regular Liveness Properties
This section introduces two classes of practically relevant deterministic regular liveness
properties and indicates how they can be extend using Lemma 2. Some of the consid-
erations can as well be found in [8]. From the previous observations follows that the
determinism is captured in the prefix-freedom of the involved regular languages. A lan-
guage L is prefix-free if and only if no word in L is a proper prefix of another word in L
or, in other words, if and only if L \ (L · Σ
+
) [3]. We denote the operation L \ (L · Σ
+
)
that establishes the prefix-free language corresponding to L by π(L). Observe that for
all regular languages L ⊆ Σ
∗
, π(Σ
∗
· L) is a maximal regular prefix-free language.
Furthermore, we obtain from Lemma 2 as a special case the following corollary.
Corollary 1. Let U, V ⊆ Σ
∗
be regular prefix-free languages. Then U · V
ω
is a deter-
ministic regular liveness property if and only if U and V are maximal [8].
Using this result we establish the following classes of deterministic regular liveness
properties. Let L ⊆ Σ
∗
be a regular language. Then the ω-language P
evt
= Σ
∗
· L ·
Σ
ω
demands a regular pattern in L to occur eventually. P
evt
is a deterministic regular
liveness property since Σ
∗
·L ·Σ
ω
= π(Σ
∗
·L) ·Σ
ω
and Σ is a maximal regular prefix-
free language [8]. Thus, by Corollary 1, the assertion follows. In a similar way we can
discuss P
inf
= (Σ
∗
· L)
ω
. P
inf
demands regular patterns in L to occur infinitely often.
Since (Σ
∗
· L)
ω
= (π(Σ
∗
· L))
ω
= π(Σ
∗
· L) · (π(Σ
∗
· L))
ω
, we obtain by Corollary 1
that P
inf
is a deterministic regular liveness property.
Notice that P
evt
and P
inf
represent huge classes of properties since there are no
restrictions on L (except for regularity). For instance, we could replace L by (L · Σ
∗
)
n
,
177
where n is a natural number, Kleene star‘*’ or Kleene plus‘+’. All these expressions
describe regular languages and thus P
evt
and P
inf
would remain deterministic regular
liveness properties.
Furthermore, Lemma 2 allows to unify any (finite) number of such deterministic
regular liveness properties and we still obtain a deterministic regular liveness property.
And there is yet another method to extend these property classes. In the representation
given in Lemma 2, we demand the deterministic regular languages V
s
to be maximal
prefix-free so as to ensure that pre(V
ω
s
) = Σ
∗
. However, this holds as well for any
deterministic regular liveness property. Thus, in the representation given in Lemma 2
we can replace arbitrarily many V
ω
s
by P
evt
, P
inf
or any deterministic regular live-
ness property and the result will be a deterministic regular liveness property. Notice the
idempotency of this statement: the resulting deterministic regular liveness property can
again replace one (or arbitrarily many) of the maximal prefix-free sets V
s
. Hence, the
class of deterministic regular liveness properties is rather comprehensive and contains
various practically relevant properties.
6 Conclusion
We have considered in detail the deterministic regular liveness properties, since they
form a subclass of regular liveness properties for which an exponential blow-up in the
number of states can be avoided in the corresponding verification process. We presented
a specification for these languages and demonstrated the richness of this language class.
References
1. B. Alpern and F.B. Schneider, Defining liveness, Information Processing Letters, 21(4), pp
181-185, 1985.
2. J.R. B
¨
uchi, On a decision method in restricted second order arithmetic, In E. Nagel et al.,
editors, Proceedings of the International Congress on Logic, Methodology and Philosophy of
Science 1960, pp 1-11. Stanford University Press, 1962.
3. S. Eilenberg, Automata, Languages and Machines, volume A, Academic Press, New York,
1974.
4. J. E. Hopcroft and J. D. Ullman, Introduction to Automata Theory, Languages and Computa-
tion, Addison-Wesley Publishing Company, 1979.
5. L. Lamport, Proving the correctness of multiprocess programs, IEEE Transactions on Soft-
ware Engineering, SE-3(2), pp 125-143, 1977.
6. Z. Manna and A. Pnueli, A hierarchy of temporal properties, Proceedings of the 9th Annual
ACM Symposium on Principles of Distributed Computing, ACM Press, pp 377-408, 1990.
7. Z. Manna and A. Pnueli, The Temporal Logic of Reactive and Concurrent Systems-
Specification, Springer Verlag, New York, first edition, 1992.
8. F. Nießner, U. Nitsche, and P. Ochsenschl
¨
ager, Deterministic ω-Regular Liveness Properties,
In Symeon Bozapalidis, editor, Proceedings of the 3rd International Conference on Develop-
ments in Language Theory (DLT’97), pp 237-247, 1997.
9. S. Safra, On the complexity of ω-automata, Proceedings of the 29th Annual IEEE Symposium
on Foundations of Computer Science, IEEE, pp 319-327, 1988.
10. W. Thomas, Automata on infinite objects, in J. van Leeuwen, editor, Formal Models and
Semantics, volume B of Handbook of Theoretical Computer Science, pp 133-191, Elsevier,
1990.
178
