The Complexity of Transducer Synthesis from Multi-Sequential Specifications
L\'eo Exibard, Emmanuel Filiot, Isma\"el Jecker

TL;DR
This paper investigates the complexity of synthesizing transducers from multi-sequential specifications, providing optimal decision procedures and constructing minimal-size realizations in both synchronous and asynchronous settings.
Contribution
It introduces decision procedures for the realisability problem in multi-sequential specifications, showing PSpace-completeness and optimal doubly exponential transducer constructions.
Findings
Realisability problem is PSpace-complete for multi-sequential specs.
Constructed transducers are doubly exponential in size, proven to be optimal.
Provided optimal algorithms for both synchronous and asynchronous cases.
Abstract
The transducer synthesis problem on finite words asks, given a specification , where and are sets of finite words, whether there exists an implementation which (1) fulfils the specification, i.e., for all , and (2) can be defined by some input-deterministic (aka sequential) transducer . If such an implementation exists, the procedure should also output . The realisability problem is the corresponding decision problem. For specifications given by synchronous transducers (which read and write alternately one symbol), this is the finite variant of the classical synthesis problem on -words, solved by B\"uchi and Landweber in 1969, and the realisability problem is known to be ExpTime-c in both finite and -word settings. For specifications given by asynchronous…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Aix-Marseille Université, Marseille, France
Université libre de Bruxelles, Brussels, [email protected]. Exibard is a PhD student funded by a FRIA fellowship from the F.R.S.-FNRS. Université libre de Bruxelles, Brussels, [email protected]. Filiot is a research associate of F.R.S.- FNRS. He is supported by the ARC Project Transform Fédération Wallonie-Bruxelles and the FNRS CDR project J013116F. Université libre de Bruxelles, Brussels, [email protected]. Jecker is an “aspirant FNRS” PhD student, funded by the F.R.S.-FNRS. \CopyrightLéo Exibard, Emmanuel Filiot and Ismaël Jecker
Acknowledgements.
We warmly thank the anonymous reviewers for their helpful comments and Christof Löding for pointing us to some related references. \EventEditorsIgor Potapov, Paul Spirakis, and James Worrell \EventNoEds3 \EventLongTitle43rd International Symposium on Mathematical Foundations of Computer Science (MFCS 2018) \EventShortTitleMFCS 2018 \EventAcronymMFCS \EventYear2018 \EventDateAugust 27–31, 2018 \EventLocationLiverpool, GB \EventLogo \SeriesVolume117 \ArticleNo46
The Complexity of Transducer Synthesis from Multi-Sequential Specifications
Léo Exibard
,
Emmanuel Filiot
and
Ismaël Jecker
Abstract.
The transducer synthesis problem on finite words asks, given a specification , where and are sets of finite words, whether there exists an implementation which (1) fulfils the specification, i.e., for all , and (2) can be defined by some input-deterministic (aka sequential) transducer . If such an implementation exists, the procedure should also output . The realisability problem is the corresponding decision problem.
For specifications given by synchronous transducers (which read and write alternately one symbol), this is the finite variant of the classical synthesis problem on -words, solved by Büchi and Landweber in 1969, and the realisability problem is known to be ExpTime-c in both finite and -word settings. For specifications given by asynchronous transducers (which can write a batch of symbols, or none, in a single step), the realisability problem is known to be undecidable.
We consider here the class of multi-sequential specifications, defined as finite unions of sequential transducers over possibly incomparable domains. We provide optimal decision procedures for the realisability problem in both the synchronous and asynchronous setting, showing that it is PSpace-c. Moreover, whenever the specification is realisable, we expose the construction of a sequential transducer that realises it and has a size that is doubly exponential, which we prove to be optimal.
Key words and phrases:
Transducers, Multi-Sequentiality, Synthesis
1991 Mathematics Subject Classification:
\ccsdesc[500]Theory of computation Logic Logic and verification,\ccsdesc[500]Theory of computation Formal languages and automata theory Automata extensions Transducers
1. Introduction
The realisability and synthesis problem
In general, the realisability problem is given by some input and output data domains , a specification defining for every the set of allowed outputs (assumed to be non-empty) and a class of target implementations consisting of (total) functions . It asks whether there exists such that for all , , i.e., the implementation satisfies the specification. The synthesis problem asks to generate (a representation of) . So, instead of designing and verifying its correctness a posteriori, a synthesis algorithm automatically generates from it, making it correct by construction. The underlying idea behind synthesis is that the specification may be written in a high-level language, e.g. a logic, and an implementation is a low-level computational model e.g. an automaton. It is based on the assumption that it is less error-prone to design a specification, i.e. to describe what a system has to do, than designing the system itself, i.e. describing how it must do it.
Synchronous transducer synthesis
In the original setting defined by Church [7, 29], are sets of -words over two alphabets respectively, and the specification is given by an -language as follows: , where is the projection on the th component. The language is represented by an MSO-sentence or, equivalently, an automaton. Such automata are also called (non-deterministic) synchronous transducers, as they can be seen as machines alternately reading one input symbol and synchronously producing one output symbol. In Church’s setting, the target implementations are synchronous sequential transducers (also called input-deterministic): they alternately read one input symbol and deterministically produce a symbol to output. Determinism is required because implementations are required to use only finite-memory. The Church’s instance of the realisability problem is decidable if the specification is given in MSO and ExpTime-c if it is given by a synchronous transducer [21]. For LTL specifications, it is 2ExpTime-c [27]. Motivated by reactive systems, the synthesis problem from LTL specifications has been revisited recently with efficient symbolic methods [20, 28, 14, 10, 18]. The synthesis problem in general has also motivated an active research on infinite games [1, 9, 5].
Asynchronous transducer synthesis
In the asynchronous setting, specifications may not strictly alternate between input and output symbols, hence they can no longer be seen as languages over . Similarly, the target implementations may not be synchronous: the system can delay its production of outputs, or produce several symbols at once. Transducers, in contrast to synchronous transducers, are by definition asynchronous: their transitions are labelled by pairs where is a symbol and a word, possibly empty. Since they are generally non-deterministic, to a single input word may correspond several output words, and thus transducers define subsets of . Therefore, they are well-suited to represent (asynchronous) specifications, and in their sequential version, asynchronous implementations. Any asynchronous specification is realisable by some unambiguous (functional) asynchronous transducer [24, 11, 3]. However, evaluating unambiguous transducers on arbitrarily long or even infinite input words may require arbitrarily large memory. Therefore, just as in Church’s setting, a sequentiality requirement can be put on implementations for efficient memory usage. However, the realisability of asynchronous specifications by (asynchronous) sequential transducers, which is called the sequential uniformisation problem in transducer-theoretic terms, is undecidable for finite words [4, 12]. If the specification is finite-valued (i.e. any input word has a constant number of output words), the problem is in 3ExpTime [12]. The proof of [12] is based on Ramsey’s theorem and word combinatorics arguments, and it is not clear how to reduce the complexity. This raises the question of whether there are natural and non-trivial subclasses of asynchronous specifications with better complexity.
Multi-sequential specifications
In this paper, we consider a class of specifications on finite words, i.e. , which strictly restricts the class of finite-valued specifications to so-called multi-sequential specifications. Such class is obtained by closure under finite unions of graphs of sequential functions. Precisely, where is the graph of a (partial) function defined by a sequential transducer. Likewise, a transducer is multi-sequential if it is a union of state-disjoint sequential transducers. For instance, consider the specification consisting of the pairs such that is a subword of of fixed length . This specification is multi-sequential: where . Clearly, can be represented by a sequential transducer, because is fixed: once the first symbol of is met in , output it, and proceed to the second symbol of , etc., until the last symbol of is produced, reject otherwise. The notion of multi-sequentiality has been introduced for functions in [6] and studied for relations in [19]. An important property of the class of multi-sequential specifications is its decidability in PTime: Given a transducer, it is decidable in PTime whether it defines a multi-sequential specification [19]. This fact and their natural definition as closure of sequential functions under union make multi-sequential specifications a good candidate for a class of specifications with better complexity than the known results of the literature.
Contributions
We investigate the complexity of sequential transducer synthesis from specifications defined by multi-sequential transducers on finite words. We show that both in the synchronous and asynchronous settings, the realisability problem is PSpace-complete. To the best of our knowledge, it is the first non-trivial class of specifications which admits a realisability test below ExpTime. If the specification is realisable, we show how to extract an implementation as a winning strategy in a two-player game called the synthesis game. It is parameterised by a value which bounds the maximal number of output symbols which can be queued before being outputted, allowing for an incremental synthesis algorithm. To keep track of such output symbols, we use the notion of delay [2].
Difficulties and examples
Let us briefly explain what are the main difficulties to overcome. Consider a multi-sequential specification. If all of the have disjoint domains, then is a function, which is realisable by a sequential transducer iff it is sequential. The latter can be tested in PTime [2]. The problem becomes more interesting and challenging when the have domains which are not necessarily disjoint. Consider for example the 2-sequential transducer of Fig. 1. The transducer accepts the words containing at least two ’s, and replaces ’s with ’s, and accepts the words containing at least one , and replaces ’s with ’s. This specification can be realised by a sequential transducer which waits two steps before outputting something, since it then knows whether the input contains at least one or two ’s. It then behaves as in the first case, and as in the second.
This example shows that a sequential realiser may have to wait before reacting, keeping in memory what remains to be output in the future. Take on the contrary the -sequential transducer of Fig. 1, which is the same as except that it can additionally read and copy ’s at any moment. In that case, a sequential realiser would have to store arbitrary long sequences of ’s before outputting them, for instance when processing words in . In particular, this specification is not sequentially realisable.
Structure of the paper
After a formal definition of transducer synthesis (Section 2), we solve the synchronous case and provide a characterisation of realisable synchronous multi-sequential specifications, decidable in PSpace (Section 3). Then, we present the notion of synthesis game (Section 4), which is a useful tool for the proofs and also to get a synthesis procedure. For the asynchronous setting, we define a recursive characterisation of realisable multi-sequential specifications and show that it can be decided in PSpace (Section 5).
Related work
Games with delays have been used in [4, 15]. Perhaps the closest formulation to ours is that of [4]. However, it is tailored to automatic relation. Our game structure is more general, as it is defined for uniformising any transducer (defining a rational relation). In particular, our game structure is exponentially larger that the one of [4].
We would also like to mention an interesting related line of works on -words, where the specification is synchronous, but the implementation may be asynchronous [15, 17, 22, 23, 30, 31, 32]. Unlike the setting where the specification and implementations are both asynchronous, the realisability problem is decidable here, for -regular specifications (i.e., regular -languages over ), and ExpTime-c if the specification is given by a parity automaton [22]. In this setting, the authors often consider a notion of delay games. In these games, the delay is a quantitative notion, corresponding to the waiting time before outputting a symbol, while for us, a delay is a word that still remains to be output (this is a standard terminology in transducer theory). It is known in particular that constant “waiting time” (depending on the specification) is always sufficient to win, for -regular specifications. This is different to our setting: for instance, the function mapping any word of the form , for and , to is realisable by a sequential transducer, but the production of and might have to be delayed for an unbounded amount of time.
2. Transducer synthesis problem
Words
For an alphabet , we denote by the set of finite words over it, and by the empty word. The length of a word is its number of symbols. For , we denote by (resp. ) the set of words of length (resp. at most ). For , we write if is a prefix of , and denote by the word such that . For , the residual language is . Given , and , the residual relation is defined by .
Automata
In this paper, finite (non-deterministic) automata over an alphabet are denoted as tuples where is the alphabet, the set of states, among which (resp. ) denotes the initial (resp. final or accepting) states, and is the transition relation. is deterministic if there is only one initial state and for all , there exists at most one such that .
A run of on a word consists in either a single state if , or a sequence of transitions such that the target state of equals the source state of for all . It is said to be initial if the source state of is initial, and accepting if the target state of is accepting. If is the source state of and the target state of , we may write p\xrightarrow{{\raisebox{-2.0pt}[0.0pt][0.0pt]{ \scriptstyle{w} }}}_{\mathcal{A}}q to mean that there exists a run from to on . The language accepted by an automaton , denoted , is the set of words admitting an accepting run. A state is reachable (resp. co-reachable) if there is a run from an initial state (resp. to a final state) for some . A state is said to be useful if it is both reachable and co-reachable, and is said to be trim if all its states are useful. It is well-known that any automaton can be transformed into an equivalent trim automaton in PTime. Given two automata and , their disjoint union is the automaton .
Transducers
A transducer111Our definition is sometimes called real-time transducer in the literature, in contrast to transducers with -input transitions. For the purpose of this paper, this does not make a difference. over two alphabets is a tuple such that is an automaton over , called the input automaton, is a mapping, called the output function, associating with every transition an output word, and is a terminal function associating with every accepting state an output word. Given a run of on a word , its output is defined by if , and by if for some . We write p\xrightarrow{{\raisebox{-2.0pt}[0.0pt][0.0pt]{ \scriptstyle{u|v} }}}_{\mathcal{T}}q whenever there exists a run of on from to , such that , and say that produces . The relation defined by is the set of pairs such that p\xrightarrow{{\raisebox{-2.0pt}[0.0pt][0.0pt]{ \scriptstyle{u|v} }}}_{\mathcal{T}}q for and . We define by .
A transducer is trim if its input automaton is trim. It is called sequential if its input automaton is deterministic, and functional if is a function, i.e. for all , there exists at most one pair . In that case we let . Note that any sequential transducer is functional. A transducer is called synchronous (or sometimes letter-to-letter in the literature) if, whenever it reads an input symbol, it produces exactly one output symbol, i.e. for all transition , , and for all accepting state . For example, consider the transducer on Fig. 1 (the terminal function is assumed to output and is not depicted). It is sequential and synchronous. Its domain is .
Two transducers are said to be equivalent if they define the same relation. Finally, the disjoint union of transducers is naturally defined as the disjoint union of their input automata and the disjoint union of their output functions (seen as graphs). For all transducers , we have .
Transducer Synthesis Problem
Let be two alphabets of input and output symbols respectively. They may not necessarily be disjoint. A specification is a subset of , and an implementation is a function, possibly partial, from to . The transducer realisability problem asks, given a specification defined by a transducer , i.e. , whether there exists a sequential transducer such that and for all , . In that case, we say that realises (or ), and that is realisable by a sequential transducer, or sequentially realisable. We also say that is a realiser of . The synthesis problem asks to output . The realisability problem is undecidable in general [4, 12], but decidable, in 3ExpTime, if is finite-valued, i.e. there exists such that for all , [12].
Multi-sequential specifications
A transducer is called -sequential if it is the disjoint union of sequential transducers. It is called multi-sequential if it is -sequential for some . Observe that when the sequential transducers have pairwise disjoint domains, then is functional, but it may not be the case in general. Deciding whether given a transducer , there exists an equivalent multi-sequential transducer , can be done in PTime; however, may be exponentially larger than [19]. Minimising the number of sequential transducers of the disjoint union is also doable: deciding whether is equivalent to some -sequential transducer for given in unary is decidable in PSpace [8]. In this paper, we consider multi-sequential specification, i.e. relations defined by multi-sequential transducers.
PSpace-hardness
In both the synchronous and asynchronous case, the realisability problem of multi-sequential specifications by (a)synchronous sequential transducers is PSpace-hard.
We build a reduction from the emptiness problem of the intersection of DFA on some alphabet , proven PSpace-c in [25]. We define a specification over by where and . If there exists , then on the domain , the specification is a function which is not definable by any sequential transducer, thus not sequentially realisable, since it would imply counting the s (in the synchronous setting, it suffices to take since a synchronous transducer would be forced to guess the future). Conversely, if , then the identity function (trivially definable by a synchronous sequential transducer) realises the specification.
It is readily seen that each (resp. ) is definable by a 2-(resp. 1-)sequential transducer, hence is multi-sequential, concluding the proof.
3. The synchronous setting
In this section, we consider first the synchronous setting, where the specification is given as a disjoint union of synchronous sequential transducers, and the target implementations are synchronous sequential transducers. Not only is this setting interesting in itself, but it helps to understand the asynchronous setting. First, we characterise the realisable specifications through a property called the residual property, then we show it is decidable in PSpace.
Residual property
Let be an -sequential transducer on . Intuitively, the residual property says that if on some input prefix , two sequential transducers of the union disagree on their outputs, i.e. produce different outputs, then a synchronous realiser of must “drop” one of the two transducers. However, it must do so while preserving the residual domain , i.e., the realiser must still accept any word of . For example, consider again Fig. 1 and the specification defined by . On input , the two transducers disagree, hence, since we want a synchronous realiser, a choice has to be made and therefore one of the two transducers must be dropped. However, by doing so, the residual domain will not be fully covered by the remaining transducer. For example, if a realiser chooses to output when reading , the residual language is not covered anymore. As a matter of fact, is not realisable by any sequential and synchronous transducer.
Formally, let and let be runs of some respectively, on . We say that and agree on their output if . Now, is called smooth if every admits an initial run on input , and all these runs agree on the corresponding output. The word is called critical if it is not smooth.
We say that satisfies the residual property if for every critical prefix of a word of , there exists a subset satisfying:
- (1)
All the transducers , , produce the same output on ; 2. (2)
; 3. (3)
is realisable by a synchronous and sequential transducer.
Theorem 3.1**.**
A specification defined by a synchronous multi-sequential transducer is realisable by a synchronous sequential transducer iff satisfies the residual property.
Proof 3.2** (Sketch).**
If is realised by a synchronous sequential transducer , for every critical prefix , let be the set of such that and map the same output to . Property 1 is satisfied by definition, and the other two follow from the fact that is sequential and realises .
Conversely, if the residual property is satisfied, we can construct a synchronous and sequential realiser. The idea is to make a synchronised product of all the transducers , and, whenever on some input symbol at least two of them disagree on the output, we know by the residual property that there exists a subset of them having the good properties . Then, the realiser just goes on simulating all the transducers corresponding to in parallel.
It also shows that if the property is satisfied, then we can synthesise a realiser, which might however be exponentially larger than .
Theorem 3.3**.**
The realisability problem of synchronous multi-sequential specifications by synchronous sequential transducers is PSpace-complete.
Proof 3.4** (Sketch).**
The PSpace-hardness is obtained by reducing the problem from the emptiness problem of the intersection of DFAs (cf Section 2 p. 2).
To show membership to PSpace, given a transducer , we show that the residual property can be tested by a non-deterministic algorithm running in polynomial space. First, we bound the size of witnesses of the negation of the property: roughly, if there is such witness, namely a critical prefix , then there exists a critical prefix of exponential length (in ) such that for any subset , one of the conditions is falsified. Then, the algorithm guesses the prefix on the fly, simulating all transducers in parallel and keeping their states in memory (it also needs a counter for the length of ). As soon as the transducers disagree on an output symbol, for each subset (they can obviously be enumerated using only polynomial space), the algorithm checks whether property , or is falsified. Checking property is easy: it suffices to look at the symbols produced when reading the last input symbol. Checking property can be done using the current set of states reached by the transducers on input , and by using any PSpace algorithm for automata inclusion. Finally, to check property , it suffices to recursively apply the PSpace algorithm described so far on a smaller set of transducers. The stack of recursive calls is linear in , hence the memory used by the whole procedure remains polynomial.
4. The synthesis game
We now define a 2-player safety game from a transducer such that if Eve wins the game then is realisable by a sequential transducer. This game notion will prove useful to show the correctness of the characterisation of Theorem 5.2, and may also be used as a practical way to synthesise implementations, as winning strategies of this game. In the asynchronous setting, two different runs of a transducer on the same input word may not only produce different outputs, but also the same output at different rates (i.e. one run is ahead, output-wise, of the other for some time). This leads us to the notion of delays, a classical tool to compare outputs in transducer theory. Let us define this notion formally.
Delays
Given two words , their longest common prefix is denoted by . The delay between and is an element of defined by . Intuitively, if a transducer produces and another one produces , then is what can safely be output by the two transducers and what remains to be produced by each of them respectively. This notion is naturally extended to tuples of words: where .
We now introduce notations that are useful when comparing the outputs of different runs on the same input of a transducer over with . Given a pair , where is intended to be some delay associated with state , given a transition and some output word prefix of , we denote by the “next” pair (state,delay), assuming that is output, i.e. . More generally, given a (total) function associating each state with a set of delays, we let . For , maps every state which can be reached from by reading to the corresponding delays obtained by outputting the longest common prefix of the words that can be formed from the previous delays and the output on these transitions. Formally, we call safe output of for the word . Then .
The synthesis game
In the synchronous setting, synthesis problems are classically solved by reduction to two-player games in which the players alternately choose one input symbol (the adversary, whom we call Adam) and one output symbol (the protagonist, called Eve). Their interaction induces a pair of input and output words by concatenating their respective symbols, and the protagonist wins if such pair satisfies the specification, or if the input word is out of the domain. Then, a finite-memory winning strategy in the game corresponds to an implementation of the specification.
In the asynchronous setting, the protagonist may choose arbitrary output words at each round instead of a single symbol, and one needs to introduce output delays in the game in order to define the winning condition in a regular manner. The game we now present follows this idea. Given a transducer with , and , we build a two-player safety game , called the synthesis game, whose vertices keep track of the runs in and the associated delays. More precisely, it consists of two disjoint sets of vertices and , respectively controlled by Adam and Eve. The initial vertex is where if , and otherwise.
Eve’s vertices are Adam’s vertices extended with the last input symbol picked by Adam. Suppose now that the game has been played for some rounds and is currently in some vertex of Adam. Along these rounds, Adam has chosen a sequence of input symbols, and Eve has chosen a set of runs over from the initial states. is the set of states in which these runs end. Each run induces some delays compared to the longest common prefix of all the outputs they can produce. maps each state to the delays of the runs ending in it. Eve’s actions consist in selecting some of these runs to prevent some delays to grow too high, i.e., she can drop from any set some of its elements. By restricting the set of possible runs, Eve can be in a situation where some state of is accepting while none of the states of is, in which case she loses, as none of the runs she has selected accepts the input word chosen by Adam. Such vertices constitute the set of unsafe vertices she needs to avoid.
More precisely, the set of Adam’s transitions and Eve’s transitions are defined as follows. From any game position , Adam can pick a symbol and the game evolves to the position . From , Eve’s actions is a subset (she can “drop” some pairs of ), and the game evolves to where is the set of states reached from by reading , and maps any to the set .
Given , we define the -synthesis game as the restriction of to delays of length at most : , where , , etc. There is no deadlock in because Eve can always play , at the risk of going to an unsafe position.
Example
First, note that by definition of the game, any reachable vertex or satisfies . Figure 2 represents the -synthesis game for (cf Figure 1). The states depicted in a vertex correspond to , together with their values by (thanks to the previous remark, there is no need to represent the values assigns for the states outside ). The circle vertices are Eve’s positions, whose labels are not depicted, as they are just the label of their predecessor vertex extended with Adam’s action. Bold nodes correspond to the unsafe states. Let us now explain how the game proceeds in more detail. First, since both and are complete and sequential, for each state of Adam, contains exactly one state of and one state of . Eve’s actions in the synthesis game, which consist in dropping a subset of pairs (state,delay), actually correspond here to “dropping” one of the two sequential transducers: at any moment, she can choose to drop , which leads her into the red part of the game, or to drop , which leads her into the blue part of the game. Note that once she has dropped one of the transducers, she is stuck in the corresponding part.
The initial vertex, owned by Adam, corresponds to being in the initial states of both and , with no delays. If Adam chooses to play as the first input letter, Eve has four choices. Either she keeps both transducers, with a delay of length , or she drops one of them, or both (not depicted). If Eve chooses to drop , respectively , Adam can then play a , respectively an , which leads her into an unsafe state. Note that this proves that Eve cannot win the [math]-synthesis game corresponding to . If Eve keeps both, she has to drop one of them once Adam plays a second letter, since otherwise the delay would grow larger than . However, in both cases she has a move which ensures her a win: if Adam plays a second , Eve can safely drop since the accepting state of has been reached, and if Adam plays , Eve can safely drop since the accepting state of has been reached. If Adam chooses to play a in the first place, Eve can immediately drop and win. Hence, Eve wins the -synthesis game associated to . The described strategy then directly induces a sequential transducer realising the specification.
Proposition 4.1**.**
Let be a specification defined by some transducer . If Eve wins the -synthesis game for some , then is realisable by a sequential transducer.
Proof 4.2** (Sketch).**
If Eve wins the -synthesis game, then, since it is a safety game, she can win with a positional strategy. Thus, her actions only depend on the last visited vertex. This allows to reconstruct a realiser for , whose states are the possible vertices of Adam visited by the strategy. Then, when Adam chooses an input symbol in a vertex and Eve decides to go to some vertex from , then in the realiser, we add a transition from to on , outputting the safe output of for .
Synthesis algorithm
It is worth noting that the synthesis game allows for a synthesis procedure: for ascending values of , test whether Eve wins the -synthesis game (this can be done in PTime in the size of the game). If it is the case, then by Proposition 4.1 the specification is realisable, and we can even extract an implementation corresponding to a winning strategy of Eve. If it is not the case, then increment and try again, until reaches some given upper bound . The -synthesis game is exponentially large in general (in the transducer defining the specification, and in ). Solving this game efficiently, using for instance symbolic methods, as done for LTL synthesis in the synchronous case [10, 13], is beyond the scope of this paper, but is an interesting research direction.
This algorithm is not complete in general: it is shown for instance in [12] that some specifications defined by transducers are realisable by sequential transducers while Eve has no winning strategy in for any . Still, the converse of Proposition 4.1 holds for some subclasses of specifications . For example, in the synchronous setting, where we want to synthesise a synchronous sequential transducer, it suffices to take . This gives an ExpTime procedure to check the realisability of by a synchronous sequential transducer. If is finite-valued, then by taking large enough (triply exponential in ), we get completeness [12]. Finally, if is functional, then Eve wins for some iff is equivalent to a sequential transducer, and a polynomial (in ) suffices [2].
In this paper, we obtain completeness for multi-sequential specifications by taking exponential in (Proposition 5.4). While this allows us to decide realisability using the game approach, the time complexity will not be optimal (2ExpTime). We indeed devise, in Section 5, a PSpace realisability-checking procedure based on an effective characterisation of realisable multi-sequential specifications. If the PSpace procedure concludes that the specification is realisable, one can run the former game-solving procedure to synthesise a realiser, for ascending values of . This way, one may hope to synthesise a “small” realiser.
5. The asynchronous setting
We first characterise recursively the multi-sequential specifications which are sequentially realisable (Theorem 5.2). Then, we provide an equivalent characterisation, non-recursive and easier to check algorithmically, but more technical.
Similarly to the synchronous case, we define a notion of critical situation to which a realiser must react. In the synchronous case, it was just a prefix on which at least two sequential transducers were producing different outputs. In the asynchronous case, two sequential transducers may produce different outputs on the same prefix, but this may not be problematic in the case where one is ahead of the other, i.e., the output of one run is a prefix of the output of the other. A critical situation is rather a prefix where the delays between all the outputs of the sequential transducers are too large. Since no bound is known a priori to define “too large”, we formalise a critical situation as a prefix of the form , such that at least two sequential transducers loop on , and have a different delay before and after the loop. By iterating this loop, i.e. by taking a prefix , the delay between these two transducers will grow unboundedly when increases. For such loops, the situation will get critical if a realiser does not react.
Definition 5.1** (critical loop).**
Let be an -sequential transducer. A critical loop for is a triple such that
- (1)
for all , there exists an initial run of on ; 2. (2)
for all , there is no run of on ; 3. (3)
There exists such that .
Our characterisation echoes the one of the synchronous setting. It says that whenever there is a critical situation (a critical loop), a realiser must be able to drop some of the sequential transducers, in order to prevent the delays to grow unboundedly, while preserving the residual domain. Formally:
Theorem 5.2** (recursive characterisation).**
Let be a multi-sequential transducer over . Then is realisable by a sequential transducer, iff, for all critical loops , there exists such that
- (1)
, (following the notations of Definition 5.1), 2. (2)
, 3. (3)
* is realisable by a sequential transducer, where .*
Proof 5.3** (Sketch).**
* Let be a sequential transducer realising . For every critical loop of , the corresponding set is obtained by getting rid of all the transducers that stray arbitrarily far from on the input words of the form . Then, the first property is immediate, and the other two follow from the fact that is sequential and realises .*
* Conversely, assuming that whenever a critical loop is met there exists a set satisfying the three conditions, we prove by induction on the degree of sequentiality of that Eve has a winning strategy in the -synthesis game for , for some well-chosen value depending on . By Proposition 4.1, this entails the existence of a sequential realiser.*
Note that in the synthesis game, since is a union of sequential transducers, for each accessible vertex of Adam, and for every , there is at most one state of occurring in , and if there exists such a state, . As a consequence, Eve’s actions in the synthesis game, which consist in dropping a subset of pairs (state,delay), actually correspond here to “dropping” a subset of sequential transducers.
If , then is sequential, and the strategy of Eve that consists in never dropping is winning. Now, suppose that . In order to demonstrate that Eve has a winning strategy, we show that for every input word chosen by Adam, either Eve can keep track of all the transducers in the -synthesis game, which ensures her a win, or she can drop some transducers on the way, while reaching a state from which she has a winning strategy.
Let , and let be the state reached by Eve on input if she drops nothing. If is not part of the -synthesis game, i.e., for some , with , this implies the existence of a decomposition of such that is a critical loop for some . Then, by hypothesis, there exists a subset which satisfies the three conditions of the theorem, hence is realisable by a sequential transducer. In particular, satisfies the conditions on critical loops (implication shown before), and, by the induction hypothesis (since is -sequential and ), Eve has a winning strategy in the -synthesis game for from the initial vertex. Lifting this strategy to the -synthesis game for yields a winning strategy for Eve from the state , where is the state reached by Eve on input if she drops nothing, and is obtained from by dropping all the transducers that are not part of .
The proof of Theorem 5.2 shows that if a multi-sequential specification is realisable, Eve wins the -synthesis game for computable from the specification, as stated in Proposition 5.4. As explained in Section 4, solving the -synthesis game for ascending values of then provides a practical way to synthesise a realiser, but the complexity is not optimal.
Proposition 5.4** (bounded delay).**
Let be a specification defined by an -sequential transducer . Then is realisable by some sequential transducer iff Eve wins the -synthesis game for , where is the longest output occurring on a transition of , and is the maximal number of states of a sequential transducer of .
Theorem 5.5**.**
A realisable specification defined by a multi-sequential transducer with states admits a realiser of size doubly exponential in . Moreover, there exists a family of realisable specifications such that for every , is definable by a multi-sequential transducer of size polynomial in , and every sequential transducer realising has a size that is doubly exponential in .
Proof 5.6**.**
Let be a realisable specification defined by an -sequential transducer with a set of states of size . Note that , hence, by Proposition 5.4, Eve wins the -synthesis game for some exponential in . Then, the construction presented in the proof of Proposition 4.1 exposes a realiser whose set of states consists of Adam’s vertices that are reachable in the -synthesis game. For every such vertex , since is -sequential, there is at most sates satisfying . Moreover, for every such state we have for some satisfying . Therefore, the size of is bounded by , which is doubly exponential in .
In order to expose the family , we use the notion of -pairs, presented in [22]. For every , let us consider the alphabet . A bad -pair of a word is a pair of positions such that , and for all , . Then every satisfying admits a bad -pair for some , and there exists a word, denoted by , that has size , and contains no -pair (see [22]). We now consider the finite alphabet . For every , let denote the alphabet . We denote by and the projections on the first, respectively second component. Let be the function mapping to the word obtained by taking the last letter of and putting it at the beginning, i.e., where and satisfy . We consider the specification
[TABLE]
Then is definable by an -sequential transducers with states, since the function is definable by the union of sequential transducers of size , and for every , the set of words containing a bad -pair is recognisable by a deterministic automaton of size . Moreover, since every word of size greater than admits a bad -pair for some , is realised by the sequential transducer mapping every word satisfying to , and every satisfying to .
We now show that every sequential transducer realising has at least states. Let be a sequential transducer realising . For every such that , let denote the word satisfying and . We now show that for every pair of distinct words of size , the states reached by on input and are distinct. This allows us to conclude the proof, since contains such words. Given satisfying , let \rho_{v}:p_{0}\xrightarrow{{\raisebox{-1.0pt}[0.0pt][0.0pt]{ \scriptstyle{\psi_{v}|v^{\prime}} }}}p_{v} denote the accepting run of on input . Then , since if the first letter of was an , would not be able to produce an acceptable output on input , and a similar contradiction would be reached if the first letter of was a . Therefore, the output associated to is produced by the terminal function of , i.e., . Since is injective, for every pair of distinct words of size , .
We are now ready to show how to decide the realisability of multi-sequential specifications in PSpace. Consider the characterisation given in Theorem 5.2. We rely on the notion of witness for the non-satisfaction of this characterisation, and we show how to decide the existence of a witness, using a reduction to the emptiness of reversal-bounded counter machines.
The notion of witness intuitively consists in the following ingredients: (1) an unfolding (modeled as a tree) of the recursive characterisation of Theorem 5.2 and (2) an explicit formulation of delay differences using simple properties of words. Formally, given an -sequential transducer , where each is sequential, a witness for is a finite tree whose nodes are labelled in . For any node of , we denote by its label. For all nodes of , it is required that:
- (1)
(maximality) if is the root, ; 2. (2)
(consistency) can be split into two disjoint sets such that for all there is no run of on , and for all there is a run of on from its initial state , of the form q_{0}^{i}\xrightarrow{{\raisebox{-1.0pt}[0.0pt][0.0pt]{ \scriptstyle{u_{x}|\alpha_{x,i}}}}}p_{x,i}\xrightarrow{{\raisebox{-1.0pt}[0.0pt][0.0pt]{\scriptstyle{v_{x}|\beta_{x,i}} }}}p_{x,i}; 3. (3)
(monotonicity) if is a child of , then and is a prefix of ; 4. (4)
(partition) if is the set of children of , then partitions ; 5. (5)
(delays) if and are different children of , for all and , either or, and, and mismatch222Two words mismatch if there is a position such that and the th letter of differs from the th letter of .; 6. (6)
(leaves) if is a leaf, then there is such that and for all .
Intuitively, conditions and require that the words are critical loops. The delay difference required in the definition of critical loops is not explicit here, but rather replaced by simple properties of words (condition 5), which are easier to check algorithmically. These properties are not strictly equivalent to delay difference, but up to iterating the loop on a sufficient number of times, they are. Conditions correspond to properties of the subsets met when unfolding the recursive characterisation of Theorem 5.2. They also allow us to bound linearly the number of nodes of a witness. As announced, all these conditions characterise the unrealisable multi-sequential specifications:
Lemma 5.7**.**
A multi-sequential specification defined by a trim transducer is not realisable by a sequential transducer if and only if there exists a witness for .
Theorem 5.8**.**
The realisability problem by some sequential transducer of a specification defined by a multi-sequential transducer is PSpace-c.
Proof 5.9** (Sketch).**
PSpace-hardness has been shown in Section 2. To show PSpace-easyness, we reduce the problem to deciding the emptiness of the language of a counter machine, whose counters make at most reversal (i.e. move from increasing to decreasing mode). This is known to be in NLogSpace [16]. Our machine is exponentially large (in the transducer defining the specification), but can be constructed on the fly, hence we get PSpace.
A bit more precisely, we first define the notion of skeleton , which is a witness without the words , hence there are finitely many skeletons, each one of polynomial size. Given an enumeration in depth-first order of the nodes of , we construct a counter machine which recognises sequences of the form such that if we extend any label of a node in with the pair of words , where is the path from the root to , we get a witness. Hence, there exists a witness iff there exists a skeleton such that is non-empty. Our algorithm non-deterministically guesses a skeleton and runs a procedure to check in PSpace the emptiness of .
Let us intuitively explain how works. Conditions and are regular, so no counter is needed there. Counters are only necessary to check Condition , for instance to compute the length of the words , and to check the existence of a mismatch between a word and a word . First, a mismatch position is guessed, by incrementing for some time two counters and in parallel. Then, they are decremented according to the length of outputs produced by simulating the transitions of and respectively. When one of them reaches [math], say , we store the th symbol of the output of on in memory. We do the same for and later on check that the two stored symbols are different.
6. Conclusion
We have identified a class of specifications (whose membership is decidable in PTime), for which the sequential realisability problem is PSpace-c, both in the asynchronous and synchronous settings. This is in contrast to the general case, which is ExpTime-c for synchronous specifications, and undecidable in the asynchronous case. Our procedure allows to synthesise a sequential transducer whenever the specification is realisable, and allows for incremental testing, via the solvability of a two-player game parameterised by the longest output allowed to be queued by a realiser before being output.
While the class of multi-sequential specifications is natural, as the closure of graphs of sequential functions under finite unions, we believe that it may also be interesting for practical applications. In particular, Vardi and Lustig have defined the concept of synthesis from component libraries [26], in the synchronous setting, over infinite words. In this setting, given a set of components (synchronous sequential transducers over finite words), a specification over infinite words, the question is whether the components can be arranged in such a way which realises the specification (by linking the final states of the components to the initial state of another component). This problem was shown to be decidable. We would like to investigate another way of reusing existing components, which is tightly related to multi-sequential specifications: given components represented as sequential transducers and a specification , decide whether there exists a sequential function such that and have the same domain, and satisfies . This is beyond the scope of this paper but we plan to investigate further this question in the near future.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] Rajeev Alur, Thomas A. Henzinger, and Orna Kupferman. Alternating-time temporal logic. Journal of the ACM , 49(5):672–713, 2002. URL: http://doi.acm.org/10.1145/585265.585270 .
- 2[2] Marie-Pierre Béal, Olivier Carton, Christophe Prieur, and Jacques Sakarovitch. Squaring transducers: an efficient procedure for deciding functionality and sequentiality. Theoretical Computer Science , 292(1):45–63, 2003.
- 3[3] Jean Berstel and Luc Boasson. Transductions and context-free languages. Ed. Teubner , pages 1–278, 1979.
- 4[4] Arnaud Carayol and Christof Löding. Uniformization in Automata Theory. In Proceedings of the 14th Congress of Logic, Methodology and Philosophy of Science Nancy, July 19-26, 2011 , pages 153–178, London, 2014. College Publications.
- 5[5] Krishnendu Chatterjee, Thomas A. Henzinger, and Nir Piterman. Strategy logic. Information and Computation , 208(6):677–693, 2010. URL: https://doi.org/10.1016/j.ic.2009.07.004 . · doi ↗
- 6[6] Christian Choffrut and Marcel Paul Schützenberger. Décomposition de fonctions rationnelles. In 2nd Annual Symposium on Theoretical Aspects of Computer Science, STACS , pages 213–226, 1986.
- 7[7] Church, Alonzo. Logic, arithmetic and automata. In International Congress of Mathematics , pages 23–35, Stockholm, 1962.
- 8[8] Laure Daviaud, Ismaël Jecker, Pierre-Alain Reynier, and Didier Villevalois. Degree of sequentiality of weighted automata. In Javier Esparza and Andrzej S. Murawski, editors, Proceedings of the 20th International Conference on Foundations of Software Science and Computation Structures, FOSSACS 2017, Uppsala, Sweden, April 22-29 , pages 215–230. Springer Berlin Heidelberg, 2017. URL: https://doi.org/10.1007/978-3-662-54458-7_13 . · doi ↗
