Synthesis of Data Word Transducers
L\'eo Exibard, Emmanuel Filiot, Pierre-Alain Reynier

TL;DR
This paper explores the synthesis of data word transducers from specifications over infinite alphabets, revealing decidability results in various settings and extending classical reactive synthesis to data $ ext{omega}$-words.
Contribution
It introduces a framework for synthesizing transducers with registers from data $ ext{omega}$-word specifications, analyzing decidability across different specification types and register constraints.
Findings
Decidability in deterministic data $ ext{omega}$-word synthesis
Undecidability for nondeterministic specifications with data
Decidability can be recovered by restricting input tests in bounded synthesis
Abstract
In reactive synthesis, the goal is to automatically generate an implementation from a specification of the reactive and non-terminating input/output behaviours of a system. Specifications are usually modelled as logical formulae or automata over infinite sequences of signals (-words), while implementations are represented as transducers. In the classical setting, the set of signals is assumed to be finite. In this paper, we consider data -words instead, i.e., words over an infinite alphabet. In this context, we study specifications and implementations respectively given as automata and transducers extended with a finite set of registers. We consider different instances, depending on whether the specification is nondeterministic, universal or deterministic, and depending on whether the number of registers of the implementation is given or not. In the unbounded setting,…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
\lmcsdoi
17122 \lmcsheadingLABEL:LastPageDec. 17, 2019Mar. 18, 2021
\titlecommentThis paper is the journal version of [EFR19]. ACM Classification: Theory of computation Logic and verification; Theory of computation Automata over infinite objects; Theory of computation Transducers.
Synthesis of Data Word Transducers
Léo Exibard\rsupera,b
,
Emmanuel Filiot\rsuperb
and
Pierre-Alain Reynier\rsupera
\lsuperbUniversité libre de Bruxelles, Brussels, Belgium
{leo.exibard,efiliot}@ulb.ac.be
\lsuperbAix Marseille Univ, Université de Toulon, CNRS, LIS, Marseille, France
Abstract.
In reactive synthesis, the goal is to automatically generate an implementation from a specification of the reactive and non-terminating input/output behaviours of a system. Specifications are usually modelled as logical formulae or automata over infinite sequences of signals (-words), while implementations are represented as transducers. In the classical setting, the set of signals is assumed to be finite. In this paper, we consider data -words instead, i.e., words over an infinite alphabet. In this context, we study specifications and implementations respectively given as automata and transducers extended with a finite set of registers. We consider different instances, depending on whether the specification is nondeterministic, universal or deterministic, and depending on whether the number of registers of the implementation is given or not.
In the unbounded setting, we show undecidability for both universal and nondeterministic specifications, while decidability is recovered in the deterministic case. In the bounded setting, undecidability still holds for nondeterministic specifications, but can be recovered by disallowing tests over input data. The generic technique we use to show the latter result allows us to reprove some known result, namely decidability of bounded synthesis for universal specifications.
Key words and phrases:
Register Automata, Synthesis, Data words, Transducers
L. Exibard is funded by a FRIA fellowship from the F.R.S.-FNRS. E. Filiot is a research associate of F.R.S.-FNRS. He is supported by the ARC Project Transform Fédération Wallonie-Bruxelles and the FNRS CDR J013116F and MIS F451019F projects. P.-A. Reynier is partly funded by the DeLTA project (ANR–16–CE40–0007).
Introduction
Reactive synthesis is an active research domain whose goal is to design algorithmic methods able to automatically construct a reactive system from a specification of its admissible behaviours. Such systems are notoriously difficult to design correctly, and the main appealing idea of synthesis is to automatically generate systems that are correct by construction. Reactive systems are non-terminating systems that continuously interact with the environment in which they are executed, through input and output signals. At each time step, the system receives an input signal from a set In and produces an output signal from a set Out. An execution is then modelled as an infinite sequence alternating between input and output signals, i.e., an -word in . Classically, the sets In and Out are assumed to be finite and reactive systems are modelled as (sequential) transducers. Transducers are simple finite-state machines with transitions of type , which, at any state, can process any input signal and deterministically produce some output signal, while possibly moving, again deterministically, to a new state. A specification is then a language telling which are the acceptable behaviours of the system. It is also classically represented as an automaton, or as a logical formula then converted into an automaton. Some regular specifications may not be realisable by any transducer, and the realisability problem asks, given a regular specification , whether there exists a transducer whose behaviours satisfy (i.e., are included in ). The synthesis problem asks to construct if it exists.
A typical example of reactive system is that of a server granting requests from a finite set of clients . Requests are represented as the set of input signals (client requests the resource) and grants by the set of output signals (server grants client ’s request). A typical constraint to be imposed on such a system is that every request is eventually granted, which can be represented by the LTL formula . The latter specification is realisable for instance by the transducer which outputs whenever it reads and idle whenever it reads idle.
It is well-known that the realisability problem is decidable for -regular specifications. It is ExpTime-complete when represented by parity automata [BL69, PR89, FJLW16]; and 2ExpTime-complete for LTL specifications [PR89]. Such positive results have triggered a recent and very active research interest in efficient symbolic methods and tools for reactive synthesis (see e.g. [BCJ18]). Extensions of this classical setting have been proposed to capture more realistic scenarios [BCJ18]. However, only a few works have considered infinite sets of input and output signals. In the previous example, the number of clients is assumed to be finite, and small. To the best of our knowledge, existing synthesis tools do not handle large alphabets, although it is more realistic to consider an unbounded (infinite) set of client identifiers, e.g. . The goal of this paper is to investigate how reactive synthesis can be extended to handle infinite sets of signals.
Data words are infinite sequences of labelled data, i.e., pairs with a label from a finite alphabet and is a data from a countably infinite alphabet . They can naturally model executions of reactive systems over an infinite set of signals. Among other models, register automata are one of the main extensions of automata recognising languages of data words [KF94, Seg06]. They can use a finite set of registers in which to store data that are read, and to compare the current data with the content of some of the registers (in this paper, we allow comparison of equality). Likewise, transducers can be extended to register transducers as a model of reactive systems over data words: a register transducer is equipped with a set of registers, and when reading an input labelled data , it can test for equality with the content of some of its registers, and depending on the result of this test, deterministically assign some of its registers to and output a finite label along with the content of one of its registers. Its executions are then data words alternating between input and output labelled data, and register automata can thus be used to represent specifications, as languages of such data words.
Contributions
We consider two classical semantics for register automata, nondeterministic and universal, both with a parity acceptance condition, which give two classes of register automata respectively denoted NRA and URA. We study the parity acceptance condition because it can express the other classical acceptance conditions; e.g., Büchi and co-Büchi can be expressed with a 2-colours parity condition. Since NRA are not closed under complement (already over finite data words), NRA and URA define incomparable classes of specifications. The request-grant specification, as defined above, can be generalised to an infinite number of clients, and it is then expressible by an URA [KMB18]: whenever a request is made by client (labelled data ), universally trigger a run which stores in some register and verifies that the labelled data eventually occurs in the data word. In contrast, no NRA can define it. On the other hand, consider the specification : “all input data but one are copied on the output, the missing one being replaced by some data which occurred before it”, modelled as the set of data sequences for all and (finite labels are irrelevant and not represented). is not definable by any URA, as it would require to guess , which can be arbitrarily smaller than , but it is expressible by some NRA making this guess.
However, we show (unsurprisingly) that the realisability problem by register transducers of specifications defined by NRA is undecidable. The same negative result also holds for URA, solving an open question raised in [KMB18]. On the positive side, we show that decidability is recovered for deterministic (parity) register automata (DRA) in which the output is driven by the input (meaning that it is contained in some register). We call this class the DRA with input-driven outputs, denoted by . One of the difficulties of register transducer synthesis is that the number of registers needed to realise the specification is, a priori, unbounded with regards to the number of registers of the specification. We show it is in fact not the case for : any specification expressed as a with registers is realisable by a register transducer iff it is realisable by a transducer with registers.
A way to obtain decidability is to fix a bound and to target register transducers with at most registers. This setting is called bounded synthesis in [KMB18], which establishes that bounded synthesis is decidable in 2ExpTime for URA. We show that unfortunately, bounded synthesis is still undecidable for NRA specifications (even when targetting implementations with a single register). To recover decidability for NRA, we disallow equality tests on the input data and add a syntactic requirement which entails that on any accepted word, each output data is the content of some register which has been assigned an input data occurring before. This defines a subclass of NRA that we call (input) test-free NRA (). can express how output data can be obtained from input data (by copying, moving or duplicating them), although they do not have the whole power of register automata on the input nor the output side. Note that the specification given before is -definable. To show that bounded synthesis is decidable for , we establish a generic transfer property characterising realisable data word specifications in terms of realisability of corresponding specifications over a finite alphabet, thus reducing to the well-known synthesis problem over a finite alphabet. Such property also allows us to reprove the result of [KMB18], with a rather short proof based on standard results from the theory of register automata, indicating that it might allow to establish decidability for other classes of data specifications. Our results are summarised in Table 1.
Related Work
As already mentioned, bounded synthesis of register transducers is considered in [KMB18] where it is shown to be decidable for URA. We reprove this result in a shorter way. Our proof bears some similarities with that of [KMB18], but it seems that our formulation benefits more from the use of existing results. The technique is also more generic and we instantiate it to . correspond to the one-way, nondeterministic version of the expressive transducer model of [DH16], which however does not consider the synthesis problem.
The synthesis problem over infinite alphabets is also considered in [ESK14], in which data represent identifiers and specifications (given as particular automata close to register automata) can depend on equality between identifiers. However, the class of implementations is very expressive: it allows for unbounded memory through a queue data structure. The synthesis problem is shown to be undecidable and a sound but incomplete algorithm is given.
Finally, classical reactive synthesis has strong connections with game theory on finite graphs. Some extension of games to infinite graphs whose vertices are valuations of variables in an infinite data domain have been considered in [FP18]. Such games are shown to be undecidable and a decidable restriction is proposed, which however does not seem to match our context.
1. Data Words and Register Automata
For a (possibly infinite) set , we denote by the set of infinite words over this alphabet. For , we let and the th letter of . For , we define their interleaving
1.1. Data Words
Let be a finite alphabet and a countably infinite set, denoting, all over this paper, a set of elements called data. We also distinguish an (arbitrary) data value . Given a set , let be the constant function defined by for all . A labelled data (or l-data for short) is a pair , where is the label and the data. We define the projections and . A data word over and is an infinite sequence of labelled data, i.e. a word . We extend the projections lab and dt to data words naturally, i.e. and . We denote the set of data words over and by (DW when clear from the context). A data word language is a subset . Note that in this paper, data words are infinite, otherwise they are called finite data words, and we denote by the set of finite data words.
1.2. Register Automata
Register automata are automata recognising data word languages. They were first introduced in [KF94] as finite-memory automata. Here, we define them in a spirit close to [LTV15], but over infinite words, with a parity acceptance condition. The current data can be compared for equality with the register contents via tests. Our tests are symbolic and defined via Boolean formulas of the following form. Given a set of registers, a test is a formula satisfying the following syntax:
[TABLE]
where . Given a valuation , a test and a data , we denote by the satisfiability of by in valuation , defined as if and if . The Boolean combinators behave as usual. We denote by the set of (symbolic) tests over .
{defi}
A register automaton (RA) is a tuple , where:
- •
is a finite alphabet of labels, is an infinite alphabet of data
- •
is a finite set of states and is the initial state
- •
is a finite set of registers. We denote .
- •
, where is the number of priorities, is the colouring function, used to define the acceptance condition
- •
is a set of transitions.
A transition is also written q\xrightarrow[\raisebox{5.38193pt}[0.0pt]{\scriptstyle\mathcal{A}}]{\sigma,\phi,\textnormal{{asgn}}}q^{\prime}. We may omit in the latter notation. Intuitively such transition means that on input () in state the automaton:
- (1)
checks that is satisfied by the current register contents and the current data 2. (2)
assigns to all the registers in asgn (asgn might be empty) 3. (3)
transitions to state .
is said to be deterministic if the tests are mutually exclusive, i.e., for any two distinct transitions of the form and , then either or is not satisfiable. The automaton is said to be complete if for any given state , any label , any data and any register valuation , there exists a transition such that .
1.3. Configurations and Runs
A configuration is a pair . Fix a transition . We say that enables on reading if , and . Let be the valuation defined by if , and otherwise. We extend this notation to configurations as follows: if enables on input , the successor configuration of by on input is . We also write to denote the successor of by transition when enables on input . The initial configuration is . Then, a run over a data word is an infinite sequence of transitions such that there exists a sequence of configurations such that is initial and for all , . With a run , we associate its sequence of states
1.4. Languages Defined by RA
Given a run , we denote, by a slight abuse of notation, the maximum color that occurs infinitely often in . Then, in the parity acceptance condition, is accepting whenever is even. We consider two dual semantics for RA: nondeterministic (N) and universal (U). Given a RA , depending on whether it is considered nondeterministic or universal, it recognises L_{N}(A)=\{w\mid\text{there exists an accepting run \rhow}\} or L_{U}(A)=\{w\mid\text{all runs \rhow are accepting}\}. Note that those semantics are dual: for a RA , by letting be a copy of with colouring function , we have that .
We denote by NRA (resp. URA) the class of register automata interpreted with a nondeterministic (resp. universal) parity acceptance condition, and given (resp. ), we write instead of (resp. ). We also denote by DRA the class of deterministic parity register automata.
2. Synthesis of Register Transducers
2.1. Specifications, Implementations and the Realisability Problem
Let and be two finite alphabets of labels, and a countable set of data. A relational data word is an element of . Such a word is called relational as it defines a pair of data words in through the following projections. If , we let and We denote by (just RW when clear from the context) the set of relational data words. A specification is simply a language . An implementation is a total function . From , we define another function which, with an input data word , associates the output data word such that , . also defines a language of relational data words .
We say that realises when , and that is realisable if there exists an implementation realising it. Note that since is a total function, we have that if is realisable, then in particular its domain is total, i.e. for all , there exists such that . Therefore, any specification whose domain is not total is not realisable according to this definition. For a discussion on this definition, see Section 5.
The realisability problem consists, given a (finite representation of a) specification , in checking whether is realisable. In general, we parameterise this problem by classes of specifications and of implementations , defining the -realisability problem, denoted . Given a specification , it asks whether is realisable by some implementation . We now introduce the classes and we consider.
2.2. Specification Register Automata
In this paper, we consider specifications defined by register automata (hence alternately reading input and output labelled data). We assume that the set of states is partitioned into (called input states, reading only labels in ) and (called output states, reading only labels in ), where , and such that the transition relation alternates between these two sets, i.e.
[TABLE]
where (resp. ). We denote by DRA (resp. NRA, URA) the class of specifications defined by deterministic (resp. nondeterministic, universal) parity register automata. {exa} Remember the setting described in the introduction of a server granting requests from an unbounded set of clients . The input (resp. output) finite alphabets are and , while the set of data is any countably infinite set containing . Without loss of generality, is a set of client ids, so we can take . Then, as stated in the introduction, the specification that for all , every request of client is eventually granted can be expressed with the URA of Figure 1.
2.3. Register Transducers As Implementations
We consider implementations represented as transducers processing data words. A register transducer is a tuple where is a finite set of states with initial state , is a finite set of registers, and is the transition function (as before, ), assumed to be complete in the sense that, as for RA, for every state and label , for every data and register valuation , there exists a transition such that . When processing an l-data , compares with the content of some of its registers, and depending on the result, moves to another state, stores in some registers, and outputs some label in along with the content of some register .
Let us formally define the semantics of a register transducer , as an implementation . First, for a finite input data word in , we denote by the th configuration reached by on , where is initial and for all , is the unique configuration such that there exists a transition such that and . We let and . Then, we denote and . Note that if is interpreted as a DRA with exactly one transition per output state and whose states are all accepting (i.e. have even maximal parity [math]), then is indeed the language of such register automaton. We denote by the class of implementations defined by register transducers with at most registers, and by the class of implementations defined by register transducers. {exa} Consider again the specification of Example 2.2. Such specification is realisable for instance by the transducer which outputs whenever it reads and ( does not matter) whenever it reads idle, which is depicted in Figure 2.
2.4. Synthesis from Data-Free Specifications
If in the latter definitions of the synthesis problem, one considers specifications defined by RA with no registers (i.e. parity automata), and implementations defined by RT with no registers, then the data in data-words can be ignored and we are back to the classical reactive synthesis setting, for which important results are known: {thmC}[[BL69]] The realisability problem of (data-free) specifications given as (register-free) nondeterministic parity automata by (register-free) transducers is ExpTime-complete.
Proof.
The upper bound was first established in [BL69] and [PR89]. Hardness is folklore, but a proof in the particular case of finite words (easily adapted to the -word setting) can be found in [FJLW16, Proposition 6]. ∎
3. Unbounded Synthesis
In this section, we consider the unbounded synthesis problem . Thus, we do not fix a priori the number of registers of the implementation.
3.1. Undecidability Results
Let us first consider the case of NRA and URA, which are, in our setting, the most natural devices to express data word specifications. Unfortunately, the two corresponding problems happen to be undecidable:
Theorem 1**.**
* is undecidable.*
Proof 3.1**.**
We reduce the problem from the universality of NRA over finite words, which is undecidable [NSV04]. Let be a (finite data-word) NRA. Let be a specification which first reads some finite data word , then a separator (its associated data is arbitrary and not represented), then allows for swapping the first and second l-data on any input read later on, while also allowing to behave like the identity whenever . is also equal to the identity over any word not containing so that its domain is total. Formally, let , where:
[TABLE]
* is definable by a NRA running over relational data words, because each component is and NRA are closed under union. Recognising the interversion of the first two labels and after the in is easily done using nondeterminism, and the behaviour on data is the identity, so is NRA-definable. Then, emulating the identity over some NRA-definable domain is easy, so and are also NRA-definable.*
Now, if is universal, ie , then the identity over DW realises , since then and has total domain. Conversely, if , assume by contradiction that is realisable by a register transducer . Let . Then, for any , we must have ; but this implies guessing the second label while having only read the first one, which is not doable by any transducer as long as .
Actually, we can observe that such undecidability proof extends to , and to all for . Indeed, is universal iff is realisable by the identity over data words, which is implementable using a -register transducer:
Theorem 2**.**
For all , is undecidable.
Now, we can show that the unbounded synthesis problem is also undecidable for URA, answering a question left open in [KMB18].
Theorem 3**.**
* is undecidable.*
Proof 3.2**.**
We present a reduction to our synthesis problem from the emptiness problem of URA over finite words. The latter is undecidable by a direct reduction from the universality problem of NRA, which is undecidable by [NSV04].
First, consider the relation , each data of appears infinitely often in . is recognised by a -register URA which, upon reading a data in , stores it in its register and checks that it appears infinitely often in by visiting a state with maximal parity every time it sees (all other states have parity ). Note that for all , S_{1}\cap\{(u\#v,u\#w)\mid u\in\textsf{DW}_{\!f},v,w\in\textsf{DW}\text{ and uk distinct data}\} is realisable by a -register transducer: on reading , store each distinct data in one register, and after the output them in turn in a round-robin fashion. However, is not realisable: on reading the separator, any implementation must have all the data of in its registers, but the number of such data is not bounded ( can have pairwise distinct data and be of arbitrary length).
Then, let be a URA over finite data words. Consider the specification , where and . has total domain, and is recognisable by a URA. Indeed, URA are closed under union, by the same product construction as for the intersection of NRA [KF94], and each part is URA-recognisable: is, as described above, is by simulating on the output to check then looping over , and simply checks a regular property.
Now, if , let and let be the set of data distinct from that occur in . As a consequence of the closure under automorphisms of register automata [KF94, Proposition 2], we have: for any set such that , and for any injection such that , by extending to a morphism over data words in the usual way (and behaving as the identity over the finite labels), . Indeed, as register automata can only test for equality, acceptance is determined by the equality relations between the different data of the input, so we can rename them (with the exception of , which is a distinguished data).
Then, is realisable by a register transducer with registers. While it has not read a , reads its input and outputs it along the way, using one register to store the current data and output it immediately. Meanwhile, it also stores the first distinct data of in its registers. Its last register is used to keep in memory. If there is no in the input, then , so . Now, if some is read, outputs (along with an arbitrary data), and there are two cases: if the number of data in is lower than or equal to , realises , as described above. Otherwise, let be the set of data of distinct from , indexed by order of appearance . Then, let be such that for all and : is injective. Now, can output since it stored in its registers, hence realising . Conversely, if , then is not realisable. If it were, would be too, as a regular domain restriction, but we have seen above that this is not the case. Thus, is realisable iff .
3.2. A Decidable Subclass:
However, we show that restricting to DRA allows to recover decidability, modulo one additional assumption, namely that the output data of a transition has to be the content of some register. We formally define this class as follows:
{defi}
[ ] Let be a DRA. We say that is with input-driven outputs if for any output transition , the test is of the form for some . We denote by the class of DRA with input-driven outputs.
Such assumption rules out pathological, and to our opinion uninteresting and technical cases stemming from the asymmetry between the class of specifications and implementations. E.g., consider the single-register DRA in Fig. 3(a) (finite labels are arbitrary and not depicted). It starts by reading one input data and stores it in , asks that the corresponding output data is different from the content of , then accepts any output over any input (transitions are always takeable). It is not realisable because transducers necessarily output the content of some register (hence producing a data which already appeared). On the other hand, having tests of the form for instance does not imply unrealisability, as shown by the DRA of Fig. 3(b): it starts by reading one data , asks to copy it on the output, then reads another data , and requires that the output is either distinct from or equal to it, depending on whether . It happens that such specification is realisable by the identity.
We reduce the realisability of -specifications to solving a finite parity game. To ease its construction, we first need to confer additional properties to the specification automaton.
A RA is said to be locally concretisable if for every finite sequence of transitions , for every finite data word such that is a partial run of on , we have that for all transitions which are compatible with (i.e. such that the source state of is equal to the end state of ), there exists such that is a partial run of on . Note in particular that when is not a partial run, such condition trivially holds.
We say that a RA is in good form if
- (1)
it is locally concretisable 2. (2)
it is complete on its input states 3. (3)
its tests are maximally consistent conjunctions of atoms 4. (4)
any transition whose test is different from does not conduct an assignment ()
Lemma 4**.**
For all RA , there exists an equivalent RA in good form with exponentially many more states and transitions, and the same number of priorities and registers. Moreover if is a , so is .
Proof 3.3**.**
Let be a RA. First, we can assume that is complete on its input states: add two sink states and with transitions and for all , each with odd priority . Then, for all , and all finite label , add a transition where is a test which is satisfied by a data if and only if such data satisfies no other possible test. This does not affect determinism nor the recognised language (as each added state has odd priority), and preserves the fact of being ido.
Now, we enrich the states with information on the equalities between registers in the current register valuation. Formally, we define constraints111The notion of constraint is pervasive in the study of registers automata, e.g. to recognise the projection over finite labels. as equivalence relations on . In the following, we denote by the set of equivalence relations on . Given a valuation of registers in , we can associate to it an equivalence relation on in the natural way (two registers are equivalent iff ). We denote it by . We use the letter to denote an element of , and we call it a constraint.
We let be defined as follows:
- •
**
- •
**
- •
, for every
- •
* will be defined in the sequel.*
Given a constraint , and a set corresponding to an equivalence class of , we define a test corresponding to a maximally consistent conjunction of equalities and inequalities: . A data value satisfies this test iff it is equal to the (common) value stored in registers of . We also consider the test which corresponds to the case of a fresh data value, i.e. a data value distinct from all the values stored in registers.
Consider a transition . Given a formula as defined above, one can decide whether the formula is valid or not. If this is the case, then we add the following transition to :
[TABLE]
where is defined as follows: two registers are in relation with respect to if and only if one of the following cases holds:
- •
they are in relation in , and not in asgn
- •
they are both in asgn
- •
* belongs to and belongs to asgn, or vice versa.*
First, observe that since is complete on its input states, so is and property (2) holds. Moreover, by definition, satisfies property (3).
Now, one can show by induction on the length of the partial run that every partial run of over some finite data word reaching some configuration satisfies . Thus, for every run of , by denoting its sequence of configurations, we have .
Additionally, for each run of , we can build a run of in a deterministic manner: let be a run of over some data word , where for all , and let be its sequence of configurations. Correspondingly, let , where for each , with and . Then, again by induction, we can show that is a run of over , whose sequence of configurations is . Moreover, is accepting if and only if is accepting, since . Reciprocally, every run of can be projected to a run of by removing the , and this preserves acceptance. Overall, .
Now, let be a partial run of over some finite data word ending in some configuration ; recall that . Let be a transition compatible with , i.e. such that is the end state of . If , then , so any (where denotes the image of by ) is such that . If , then by construction corresponds to an equivalence class of , so and . Thus, by letting for some (its choice does not matter), we have that is a partial run of over . Overall, is locally concretisable, i.e. property (1) holds.
*The last step concerns property (4). Intuitively, the idea is that if the data read corresponds to a data stored in some register, then the assignment can be replaced by keeping in memory a relation between registers. This idea is merely an adaptation of the conversion from register automata (“-automata”, in their terminology) to finite-memory automata [KF94]. The states can be enriched with the right information to deal with these additional relations. *
In order to solve the unbounded register synthesis problem, we resort to a synthesis problem for data-free specifications. In that framework, when specifications are described by means of parity automata, synthesis problems can be solved using reductions to parity games. We thus quickly recall the notion of parity game. For a complete presentation, we refer the reader to [AG11].
A two-player parity game is given as a finite graph, in which vertices are partitioned among the two players, together with an initial vertex. A colouring function associates with each vertex an integer. It is used to define the winning plays as follows: a play is winning iff the maximum colour appearing infinitely often is even.
In the sequel, we will use the parity game associated with a DRA , which is denoted as . It is is defined as follows: its set of vertices is exactly that of . Player Adam owns input vertices, and the associated input transitions, while player Eve owns output vertices/transitions. The colouring function is that of , and the initial vertex is the initial state of .
Proposition 5**.**
Let be a in good form. Then, the following are equivalent:
- (1)
* is realisable by a register transducer with as many registers as * 2. (2)
* is realisable by an implementation222Recall that implementations are defined in subsection 2.1. * 3. (3)
Eve wins the parity game associated with
Proof 3.4**.**
We start with a preliminary remark on . As is a , every output transition has a test with at least one equality constraint ( for some ), and thus, as is in good form (property ), the assignment of output transitions are all empty. Note that 1 2 is immediate.
From the parity game to the realisability of : 3 1
Assume Eve wins the game . Parity games admit memoryless strategies, i.e. strategies whose actions only depend on the current state of the game. We can thus consider a memoryless winning strategy for Eve, which we denote by a mapping from output vertices to output edges of the game, i.e. from output states to output transitions of .
We now detail how we define from a register transducer with as set of registers:
- •
States are those of
- •
The initial state is that of
- •
Transitions are defined as follows. Consider some input state and some transition from to . By definition of , is an output state, and we let be the transition given by Eve’s strategy.
We write and . Thanks to our initial comment on the form of output transitions of in good form, there exists a register appearing with an equality constraint in the test of the transition , and we have . Then, we add to the transition .
Observe that is indeed a register transducer as for each state , it only uses transitions outgoing from in , hence it is deterministic as was.
We claim that realises . Consider some input data word, and the behaviour of on this data word. As is in good form, it is complete on its input states. This entails that this run is infinite. It corresponds to a play in compatible with Eve’s strategy . As is a winning strategy, this implies that the run is accepting, hence corresponds to some accepting run of , yielding the result.
From the realisability of to the parity game : 2 3
Assume that is realisable by an implementation . We let be the function it implements, and naturally extend it to finite words: for . Let us build from a winning strategy in , with memory .
We define by induction, and show that when is in memory state , the finite sequence of transitions constructed so far is a partial run of over ending in configuration . Initially, has memory .
Now, assume is in state , and Adam just played . Then, Eve picks some data such that . Such data exists since is locally concretisable and the finite sequence of transitions constructed so far is the partial run over some data word. Let be the successor configuration of in on reading , i.e. , and let . Now, let . Correspondingly, let be the transition taken from on reading , i.e. such that . Such transition exists: let be some infinite suffix that we append to . Since is an implementation, is total and we know that , which means that admits an accepting run in . In particular, its prefix admits a partial run in , and its last transition is (such partial run is unique since is deterministic).
Then, Eve plays in and updates her memory to . The invariant indeed holds, as the play constructed so far is a partial run of over ending in configuration .
* is indeed a strategy, as it is defined for any possible sequence of actions of Adam. It remains to show that it is winning. Let be a play consistent with , which is also a run of by definition of . We need to show that is accepting. We define as , where is the input word stored in memory at step of the play (i.e. such that is in state for some after receiving actions of Adam). We then know that for all , is a partial run of over , so is a run of over . Since is an implementation, such run is accepting, i.e. satisfies the parity condition, which means that also satisfies the parity condition; it is thus winning. As a consequence, is a winning strategy in . *
Theorem 6**.**
(\textnormal{\textsf{DRA}_{\textsf{ido}}},\textnormal{{RT}})* is ExpTime-c.*
Proof 3.5**.**
First, we put in good form thanks to Lemma 4, resulting in some exponentially bigger. Then, by Proposition 5, it suffices to solve the parity game . It is well-known to be possible in time where is the number of states and the number of priorities. If denotes the number of states of and its number of priorities, then has states and the same number of priorities , hence checking the realisability of can be done in time , which is exponential with respect to the size of the input.
Hardness
The following proof is an adaptation of the one establishing PSpace-hardness of the nonemptiness problem for DRA presented in **[DL09, Theorem 5.1]**. Here, we use the input part to simulate universal transitions, and the output part to simulate nondeterministic ones, hence simulating alternation, which yields an ExpTime lower bound.
Thus, we reduce from the halting problem of alternating Turing machines over a binary alphabet with a linearly bounded tape. An alternating Turing machine is a tuple , where:
- •
* is a finite set of states, partitioned into existential () and universal () states: , where is the initial state*
- •
* is the transition function. *
A configuration of is then a triple , where is the machine state, is the head position, and is the tape content. It is existential if and universal if . A configuration is a successor of if there exists , , and is such that , and . is called the associated transition. A run of is then a tree whose nodes are configurations and whose branches can be finite or infinite, rooted in the initial configuration , and whose nodes satisfy the following properties:
- (1)
If the node is an existential configuration , then it has exactly one child, which is a successor configuration of . 2. (2)
If the node is a universal configuration , then its children are all its successor configurations.
Note that a branch is finite if and only if it ends in a universal configuration with no successor. The machine halts if it admits a run which is a finite tree (i.e. whose branches all end in a universal configuration with no successors). The following problem is ExpTime-hard **[CKS81]**: given an alternating Turing machine , decide whether halts.
Finally, a computation is a finite sequence of successive configurations (i.e. a finite path in a run). Let be a computation of , and the sequence of associated transitions. We encode such computation by the following data word over the alphabet :
[TABLE]
where are two distinct data respectively encoding letters [math] and , and we have if and otherwise. Then, if and if . does not matter.
Now, as in **[DL09]**, we can construct a DRA which accepts a data word iff it has a prefix that encodes a computation of from the initial state to a state with no successor. Indeed, the transitions are part of the input, so they do not have to be guessed: neither nondeterministic nor universal branching is needed here (they will respectively be simulated by the output and input player). For completeness, we describe the construction: has memory , along with an -bounded counter to keep track of the position of the reading head in , a variable taking its values in used to store the value of and a variable taking its values in to memorise ; which overall yields a memory. Its finite alphabet is , and it has registers: and respectively store and , and, for all , successively stores the different values of for . Then, a run of is as follows: initially, stores and , while checking that they are distinct. Then, it checks that . To check successorship, while maintaining the invariant that at any step , contains , the automaton, when reading , checks that (it was stored as the target of ), (i.e. that contains ), and updates the value of to , while checking that . Then, with the help of its registers and its counter , it checks that for all , and that .
*From such automaton, by adding *s to enforce the alternation between input and output, we can build a specification automaton such that the input player provides the encoding of the successive configurations, and resolves the universal branching, and the output player has to resolve nondeterminism (i.e. chooses which nondeterministic transition to take). Then, if the input player can force the computation to go on ad infinitum, he wins, otherwise (if either the provided encoding is not correct, or if the computation is finite), the output player wins. Formally:
[TABLE]
The data corresponding to the and do not matter, and are not depicted. Note that the even (i.e. universal) transitions are picked by the input player, while the odd (i.e. nondeterministic) transitions are picked by the output player.
*Now, if halts, admits an implementation, which behaves as follows: it first checks that the and given as input are indeed distinct. Then, it checks on-the-fly that the given input is indeed an encoding of the initial configuration, while outputting **s. It then checks that is indeed a successor of following , again while outputting **s. Then, if it receives a as input, it picks some which is a witness that is indeed accepting, and so on. If, at some point, the given input is not a valid encoding, then it behaves arbitrarily (e.g. by outputting only *s).
Conversely, if does not halt, then, by choosing an input whose universal transitions are witnesses that is not accepting, then either the implementation provides some non-admissible output at some point, or the computation goes ad infinitum, which breaks the specification.
*For readers familiar with game-theoretic formulations, winning strategies in the synthesis game of are in one-to-one correspondence with halting runs of . *
As a consequence of the fact that if a is realisable, then it is so by a register transducer with the same number of registers, we obtain the following corollary:
Corollary 7**.**
Let be two integers. We denote by \textnormal{\textsf{DRA}{\textsf{ido}}}[r] the class of with registers. (\textnormal{\textsf{DRA}{\textsf{ido}}}[r],\textnormal{{RT}}[k]) is in ExpTime.
4. Bounded Synthesis: A Generic Approach
In this section, we study the setting where target implementations are register transducers in the class , for some that we now fix for the whole section. For the complexity analysis, we assume is given as input, in unary. Indeed, describing a -register automaton in general requires bits, and not bits. We prove the decidable cases of the first line of Table 1 (page 1), by reducing the problems to realisability problems for data-free specifications.
4.1. Abstract Actions
We let be a set of registers. Our aim is to reduce the problem to a finite alphabet problem. First, since the set of test formulas over is infinite and there are doubly exponentially many non-equivalent formulas over , we rather synthesise transducers whose tests are maximally consistent conjunctions of atoms of the form or . Such conjunctions can be identified as subsets of in a natural way, e.g. for , the test is identified with the set . We call them explicit tests and denote them by the capital letter . An explicit test is converted into the (implicit) test . Explicit tests are for instance used in [Seg06].
We let . The finite input actions are which corresponds to picking a label and a test over the registers, and the output actions are , corresponding to picking some output symbol, some assignment and some register whose content is to be output.
An alternating sequence of actions abstracts a set of relational data words of the form via a compatibility relation that we now define. We say that is compatible with if there exists a sequence of register configurations such that and for all , , and . In other words, is compatible with if there exists some -register transducer and a run such that for all , is of the form for some . Note that this sequence is unique if it exists. We denote by the set of relational data words compatible with . Given a specification , we let . The set is then a specification over the finite input and output alphabets and .
Theorem 8** (Transfer).**
Let be a data word specification. The following are equivalent:
- (1)
* is realisable by a transducer with registers.* 2. (2)
The (data-free) word specification is realisable by a (register-free) finite transducer.
Proof 4.1**.**
Let be a transducer with registers realising . The tests of are implicit tests, so in a first step we explicit them, possibly by adding new transitions to . Formally, a transition q\xrightarrow[\raisebox{5.38193pt}[0.0pt]{\scriptstyle T}]{\sigma_{\mathbbm{i}},\phi\mid\sigma_{\mathbbm{o}},\textnormal{{asgn}},r}q^{\prime} is replaced by all the transitions q\xrightarrow[\raisebox{5.38193pt}[0.0pt]{\scriptstyle T}]{\sigma_{\mathbbm{i}},E\mid\sigma_{\mathbbm{o}},\textnormal{{asgn}},r}q^{\prime} for all such that is true. The resulting transducer can be seen as a finite transducer over input alphabet and output alphabet . Moreover, since the transition function of is complete, it is also the case of (this is required by the definition of transducer defining implementations).
Let us show that is realisable by , i.e. . Take a sequence . We show that . Let . Then, there exists a run of on since . By definition of compatibility for , there exists a sequence of register configurations satisfying the conditions in the definition of compatibility. From this we can deduce that is an initial sequence of configurations of over , so . Finally, realises , and therefore .
Conversely, suppose that is realisable by some finite transducer over the input (output) alphabets (). Again, the transducer can be seen as a transducer with registers over data words with explicit tests. We show that realises , i.e., . Let . The run of over induces a sequence of actions in which, by definition of compatibility, satisfies . Moreover, . Hence, since realises , we get , so , concluding the proof.
4.2. The case of URA specifications
In this section, we show that for any a data word specification given as some URA, the language is effectively -regular, entailing the decidability of , by Theorem 8 and the decidability of (data-free) synthesis. Let us first prove a series of intermediate lemmas.
We define an operation between relational data words and sequences of actions as follows: is defined only if for all , where is the first component of (a label in ), by . Note that such operation is always defined when .
Lemma 9**.**
The language is definable by some NRA.
Proof 4.2**.**
We define an NRA with registers which roughly follows the actions it reads on its input. Its set of states is , with initial state . In state , it is only allowed to read labelled data in . On reading , it guesses some assignment asgn, performs the test and the assignment asgn and goes to state asgn. In any state , it is only allowed to read labelled data of the form , for which it tests whether is equal to the content of . It does no assignment and moves back to state . All states are accepting (i.e. have parity [math]). Such NRA has size .
Let be a specification defined by some URA with set of states . The following subset of is definable by some NRA, where denotes the complement of :
Lemma 10**.**
The language is definable by some NRA.
Proof 4.3**.**
Since is definable by the URA , is NRA-definable with , a copy of with colouring function , interpreted as an NRA. Let be some NRA defining (it exists by Lemma 9). It now suffices to take a product of and to get an NRA defining .
Given a data word language , we denote by its projection on labels. The language is obtained as the complement of the label projection of :
Lemma 11**.**
.
Proof 4.4**.**
Let . Then, .
We are now able to show the regularity of .
Lemma 12**.**
Let be a data word specification, . If is definable by some URA with states and registers, then is effectively -regular, definable by some deterministic parity automaton with states and priorities.
Proof 4.5**.**
First, is definable by some NRA with states and registers by Lemma 11, obtained as product between the NRA and the automaton obtained in Lemma 9, of size . It is known that the projection on the alphabet of labels of a language of data words recognised by some NRA is effectively regular [KF94]. The same construction, which is based on extending the state space with register equality types, carries over to -words, and one obtains a nondeterministic parity automaton with states and priorities recognising . It can be complemented into a deterministic parity automaton with states and priorities using standard constructions [Pit07].
We are now able to reprove the following result, known from [KMB18]:
Theorem 13**.**
For all , is in 2ExpTime.
Proof 4.6**.**
By Lemma 12, we construct a deterministic parity automaton for . Then, according to Theorem 8, it suffices to check whether it is realisable by a (register-free) transducer. The way to decide it is to see as a two-player parity game and check whether the protagonist has a winning strategy. Parity games can be solved in time [CJK*+*17] where is the number of states of the game and the number of priorities. Overall, solving it requires doubly exponential time, more precisely in .
4.3. The case of test-free NRA specifications
Unfortunately, by Theorem 2, the synthesis problem for specifications expressed as NRA is undecidable, even when the number of registers of the implementation is bounded. And indeed, if we mimic the reasoning of the previous section, we get that is definable by a URA, but Lemma 11 does not allow to conclude because:
Proposition 14**.**
There exists a data word language which is URA-definable and whose string projection is not -regular.
Proof 4.7**.**
Consider
[TABLE]
which consists in a word with pairwise distinct data followed by a word which contains at least all the data of , and extended with to make it infinite (here, the choice of does not matter). Such language can be interpreted as the request-grant specification, restricted to the case where all requests are made first, and are all made by pairwise distinct clients (plus a infinite padding). is recognised by an URA which, on reading , universally triggers a run checking that
- (1)
*Once a label is read, only *s are read; and after the last , only are read (this is an -regular property) 2. (2)
* does not appear again* 3. (3)
* appears at least once.*
Now, we have , which is not -regular.
In this section, we consider the class of NRA which do not perform tests on input data, which we call test-free nondeterministic register automata ( for short). Such restriction is inspired from [DH16], which defines transformations of data words using MSO interpretations with an MSO origin relation. The MSO interpretation describes the transformation over the finite alphabet (called the string transduction), as in [Cou94], while the MSO origin relation describes the relation between input and output data. Such relation does not depend on (un)equalities between different input data: it uniquely maps each output position to an input position, expressing that the output data at this position is equal to the corresponding input data. They then show that such model is equivalent to two-way deterministic transducers with data variables333Themselves equivalent to one-way streaming string transducers with data variables and parameters; such parameters are reminiscent of the guessing mechanism described in [KZ10].. Such data variables are used to implement the MSO origin relation: they are registers in which the transducer can store the input data values and output them, but it is not allowed to perform any test on the stored data, contrary to our model of register automata. To define , we apply the same restriction to NRA: they correspond to nondeterministic one-way transducers with data variables. Such machines can only rearrange input data (duplicate, erase, copy) regardless of the actual data values (as there are no tests). This way, as stated in Proposition 15, registers induce an origin relation between input and output data.
To avoid confusion between the nature of specifications and implementations, we prefer to define them as register automata, instead of transducers.
{defi}
[Test-free register automaton] A NRA is test-free if:
- (1)
Its input transitions do not depend on equality relations between input data: for all , if is an input transition, then . 2. (2)
Its output transitions consist in outputting the content of some register: for all , if is an output transition, then for some and .
We now make the relation with the notion of origin precise: as shown in [DFL18], there is a tight connection between origin graphs and data words. Here, the encoding is slightly different, as we do not necessarily ask that the data labelling input position is equal to . However, as long as the input data are all pairwise distinct, such encoding carries to our setting: the output data at position is equal to , where is the (input) origin position. Thus, in the following, we let AllDiff denote the set of relational data words whose input data are pairwise distinct:
[TABLE]
where, by convention . Then, as we will show, the behaviour of an over AllDiff determines its origin relation, and hence its behaviour over the entire data domain.
To a run , we associate the origin function , with the convention . In other words, is the last input position at which the register output at position was assigned, so the corresponding input data is the one which is output (if the register has never been assigned, it contains , which, by convention, is the data associated with input position [math]).
Now, for an origin function and for a relational data word , we say is compatible with the origin function , denoted , whenever for all , , with the convention .
The following proposition shows that actual data values in a word do not matter with respect to membership in some , only the compatibility with origin functions does:
Proposition 15**.**
Let and a sequence of transitions of some . Then,
- (1)
If is a run over , then . 2. (2)
If is a run over and , then for all , . 3. (3)
If and have the same finite labels and if , then is a run over .
Proof 4.8**.**
(1) and (3) follow from the semantics of , which do not conduct any test on the input data. The direction of (2) is exactly (1). Now, assume admits as a run, and let such that . Then, let be such that . By (1) we know that , so . Since , this implies , so, overall, .
It is not clear whether is regular for specifications, but we show that it suffices to consider another set denoted W_{S,k}^{\textnormal{\textsf{tf}}} which is easier to analyse (and can be proven regular), which describes the behaviour of over input with pairwise distinct data. Indeed, as expressed by the above proposition, cannot conduct tests on input data, and their behaviour only depends on the input labels. Thus, it suffices to study runs on input words whose data are all distinct; such choice ensures that two equal input data will not ease the task of the implementation. Otherwise, it could be that on reading a data word, two registers and are equal, and then the implementation can simultaneously take transitions labelled with and . An interesting side-product of this approach is that it implies that we can restrict to test-free implementations. A test-free transducer is a transducer whose transitions do not depend on tests over input data, i.e., for all transitions t=q\xrightarrow[\raisebox{5.38193pt}[0.0pt]{\scriptstyle}]{\sigma_{\mathbbm{i}},\phi\mid\textnormal{{asgn}},\sigma_{\mathbbm{o}},r}q^{\prime}\in\delta, we have .
Proposition 16**.**
Let be a specification, and . The following are equivalent:
- (1)
* is realisable* 2. (2)
W_{S,k}^{\textnormal{\textsf{tf}}}=\{\overline{a}\in{(A_{\mathbbm{i}}^{\varnothing}A_{\mathbbm{o}}^{k})}^{\omega}\mid\textnormal{{Comp}}(\overline{a})\cap S\cap{\textsc{AllDiff}}\neq\varnothing\}* is realisable by a (register-free) transducer with input alphabet * 3. (3)
* is realisable by a test-free transducer*
Proof 4.9**.**
* is trivial.*
: If is realisable, then, by Theorem 8, is realisable by some transducer . Now, since transducers are closed under regular domain restriction, is realisable by restricted to the input alphabet ; more precisely, by the transducer with the same set of states as and transition function . Moreover, W_{S,k}^{\varnothing}\subseteq W_{S,k}^{\textnormal{\textsf{tf}}}. Indeed, let . Then, . It is easy to build by induction a data word , so . Thus, W_{S,k}^{\textnormal{\textsf{tf}}} is realisable by any transducer realising .
: Now, assume W_{S,k}^{\textnormal{\textsf{tf}}} is realisable by some transducer . We show that , when ignoring the input tests, is actually an implementation of . Thus, let be the same transducer as except that all input tests have been replaced with . Formally, q\xrightarrow[\raisebox{5.38193pt}[0.0pt]{\scriptstyle I^{\prime}}]{\sigma_{\mathbbm{i}},\top\mid\textnormal{{asgn}},\sigma_{\mathbbm{o}},r}q^{\prime} iff q\xrightarrow[\raisebox{5.38193pt}[0.0pt]{\scriptstyle I}]{\sigma_{\mathbbm{i}},\varnothing\mid\textnormal{{asgn}},\sigma_{\mathbbm{o}},r}q^{\prime} Note that , interpreted as a register transducer, is test-free. Let , and be the input action in with same finite labels as . Let , and let (such exists because, as above, ). Then, since , they admit the same run in , so . Now, , so it admits an accepting run in , which implies . Moreover, so, by Proposition 15 (2), we get . Therefore, , so, by Proposition 15 (3), admits as a run, i.e. . Overall, , meaning that is a (test-free) implementation of .
Finally, W_{S,k}^{\textnormal{\textsf{tf}}}=\{\overline{a}\in{(A_{\mathbbm{i}}^{\varnothing}A_{\mathbbm{o}}^{k})}^{\omega}\mid\textnormal{{Comp}}(\overline{a})\cap S\cap\textsc{AllDiff}\neq\varnothing\} is regular. Indeed, W_{S,k}^{\textnormal{\textsf{tf}}}=\{\overline{a}\in{(A_{\mathbbm{i}}^{\varnothing}A_{\mathbbm{o}}^{k})}^{\omega}\mid\textnormal{{Comp}}(\overline{a})\cap S^{\varnothing}\neq\varnothing\}, where is the same automaton as except that all input transitions have been replaced with , because, for all , (the direction is trivial, and the stems from the fact that an AllDiff input only takes transitions).
Then, L_{S,k}^{\textnormal{\textsf{tf}}}=\{w\otimes\overline{a}\in\textsf{RW}\otimes{(A_{\mathbbm{i}}^{\varnothing}A_{\mathbbm{o}}^{k})}^{\omega}\mid w\in\textsf{Comp}(\overline{a})\cap S^{\varnothing}\} is NRA-definable. Indeed, is -definable, so is NRA-definable, and by Lemma 9, is NRA-definable, so their product recognises L_{S,k}^{\textnormal{\textsf{tf}}}. Finally, W_{S,k}^{\textnormal{\textsf{tf}}}=\textsf{lab}(L_{S,k}^{\textnormal{\textsf{tf}}}), and the projection of a NRA over some finite alphabet is regular [KF94].
Overall, by Theorem 8, we finally get (the complexity analysis is the same as for URA):
Theorem 17**.**
For all , (\textnormal{\textsf{NRA}_{\textsf{tf}}},\textnormal{{RT}}[k]) is decidable and in 2ExpTime.
5. Synthesis and Uniformisation
In this section, we discuss the connection between synthesis and uniformisation of relations, which is a more general problem: as pointed out in Section 2, if is realisable by a register transducer, then, in particular, it has a total domain, i.e. , otherwise it cannot be that for a register transducer, since by definition of transducers . However, when defining a specification, the user might be interested only in a subset of behaviours (for instance, s/he knows that all input data will be pairwise distinct). In the finite alphabet setting, since the formalisms used to express specifications are closed under complement (whether it is LTL or -automata), it is actually not a restriction to assume that the input domain of the specification is total: it suffices to complete the specification by allowing any behaviour on the input not considered. However, since register automata are not closed under complement, such approach is not possible here. Thus, it is relevant to generalise the realisability problem to the case where the domain of the specification is not total. This can be done by equipping register transducers with an acceptance condition. It is also necessary to adapt the notion of realisability; otherwise, any transducer accepting no words realises any specification. (since it is always the case that ). A natural way is to consider synthesis as a uniformisation problem [FJLW16]. An (implementation) function is said to uniformise a (specification) relation whenever:
- (1)
and 2. (2)
for all
Note that constraint 1 is the main difference with the notion of realisability.
In the context of reactive synthesis, where is defined from an implementation and is given as a language of relational words, it can be rephrased as
- (1)
and 2. (2)
for all
Note that such definition coincides with the one of realisability of Section 2 when the class of implementations has total domain, because then it is equivalent to asking . In the following, we denote by the uniformisation problem from specifications in to implementations in . Unfortunately, this setting is actually much harder, as shown by the next two theorems:
Theorem 18**.**
Given a specification represented by a DRA, checking whether is undecidable.
Proof 5.1**.**
We reduce from the universality problem of NRA, which is undecidable [NSV04]. Let be an NRA. We encode as the domain of some DRA specification: the input transitions are the same as the transitions of the original automaton, but when there is some nondeterminism, its resolution is postponed to the corresponding output transition, whose finite label corresponds to the chosen transition. In the vocabulary of games, the input player chooses the finite input label and the equality relation of the input data to the registers of , and the output player resolves the nondeterminism. Thus, we construct a DRA accepting is a run of over .
Thus, define , where is defined as follows: for all , and , we define the input transition q\xrightarrow[\raisebox{5.38193pt}[0.0pt]{\scriptstyle D}]{\sigma,\phi,\{r_{0}\}}(q,(\sigma,\phi)). Then, for all t=q\xrightarrow[\raisebox{5.38193pt}[0.0pt]{\scriptstyle A}]{\sigma,\phi,\textnormal{{asgn}}}q^{\prime}\in\delta, we define the output transition (q,(\sigma,\phi))\xrightarrow[\raisebox{5.38193pt}[0.0pt]{\scriptstyle D}]{t,\phi\wedge r_{0}^{=},\textnormal{{asgn}}}q^{\prime}. Then, let and . Such automaton is indeed deterministic, and it recognises the relation is a run of over . Then, is universal iff is universal.
Such result extends to NRA and URA, whose DRA are a special case. Note that the unbounded realisability problem for DRA is not reducible to deciding whether the domain is total: if the specification is not realisable, it is not possible to determine whether it is because the domain of is not total or because is not realisable by a sequential machine (e.g. asks to output right away a data that will only be input in the future).
Then, while the uniformisation setting obviously preserves the undecidability results from the synthesis setting, the above result allows to show that the somehow more general uniformisation problem is undecidable. For instance, we can prove:
Theorem 19**.**
For all , is undecidable.
Proof 5.2**.**
Consider some unrealisable URA specification and the following specification mapping to such that , defined only when is a finite data word accepted by some URA . Clearly, is URA-definable and realisable iff its domain is empty, i.e. . However, emptiness of URA is an undecidable problem.
If the domain of the specification is DRA-recognisable, it is possible to reduce the uniformisation problem to realisability, by allowing any behaviour on the complement of the domain (which is then DRA-recognisable). However, such property is undecidable as a direct corollary of Theorem 18.
Conclusion
In this paper, we have given a picture of the decidability landscape of the synthesis of register transducers from register automata specifications. We studied the parity acceptance condition because of its generality, but our results allow to reduce the synthesis problem for register automata specifications to the one for finite automata while preserving the acceptance condition. We have also introduced and studied test-free NRA, which do not have the ability to test their input, but still have the power of duplicating, removing or copying the input data to form the output. We have shown that they allow to recover decidability in the presence of non-determinism, in the bounded synthesis case. We leave open the unbounded case, which we conjecture to be decidable. As future work, we want to study synthesis problems for register automata which are able to test additional properties over the data. In particular, allowing to compare data for an order over [BLP10b, FHL16] looks promising. Note that most other natural predicates immediately yield undecidability, e.g. adding +1. Another direction is to study specifications given by logical formulae, for decidable data words logics such as two-variable fragments of FO [BMS*+*06, SZ12, DFL18]. Such problem is however much more challenging, as there do not exist good correspondence between logic and automata in the realm of data words, except in very restricted settings [BLP10a].
Acknowledgments
The authors would like to thank Ayrat Khalimov for his remarks and suggestions, which helped improve the quality of the paper. They also thank the anonymous reviewers, who took the time to read the paper in detail and subsequently suggested important clarifications as well as simplifications in the proofs.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[AG 11] Krzysztof R. Apt and Erich Grädel. Lectures in Game Theory for Computer Scientists . Cambridge University Press, New York, NY, USA, 1st edition, 2011.
- 2[BCJ 18] Roderick Bloem, Krishnendu Chatterjee, and Barbara Jobstmann. Graph Games and Reactive Synthesis , pages 921–962. Springer International Publishing, Cham, 2018.
- 3[BL 69] J.R. Büchi and L.H. Landweber. Solving sequential conditions by finite-state strategies. Transactions of the American Mathematical Society , 138:295–311, 1969.
- 4[BLP 10a] Michael Benedikt, Clemens Ley, and Gabriele Puppis. Automata vs. logics on data words. In Anuj Dawar and Helmut Veith, editors, Computer Science Logic, 24th International Workshop, CSL 2010, 19th Annual Conference of the EACSL, Brno, Czech Republic, August 23-27, 2010. Proceedings , volume 6247 of Lecture Notes in Computer Science , pages 110–124. Springer, 2010.
- 5[BLP 10b] Michael Benedikt, Clemens Ley, and Gabriele Puppis. What you must remember when processing data words. In Alberto H. F. Laender and Laks V. S. Lakshmanan, editors, Proceedings of the 4th Alberto Mendelzon International Workshop on Foundations of Data Management, Buenos Aires, Argentina, May 17-20, 2010 , volume 619 of CEUR Workshop Proceedings . CEUR-WS.org, 2010.
- 6[BMS + 06] Mikołaj Bojańczyk, Anca Muscholl, Thomas Schwentick, Luc Segoufin, and Claire David. Two-Variable Logic on Words with Data. In Proceedings of the 21th IEEE Symposium on Logic in Computer Science (LICS 2006) , pages 7–16. ACM, 2006.
- 7[CJK + 17] Cristian S. Calude, Sanjay Jain, Bakhadyr Khoussainov, Wei Li, and Frank Stephan. Deciding parity games in quasipolynomial time. In Proceedings of the 49th Annual ACM SIGACT Symposium on Theory of Computing (STOC 2017) , pages 252–263. ACM, 2017.
- 8[CKS 81] Ashok K. Chandra, Dexter C. Kozen, and Larry J. Stockmeyer. Alternation. J. ACM , 28(1):114–133, January 1981.
