Lecture Notes in Computer Science 2500

Edited by G. Goos, J. Hartmanis, and J. van Leeuwen

3
Berlin
Heidelberg
New York
Barcelona
Hong Kong
London
Milan
Paris
Tokyo
Erich Grädel Wolfgang Thomas
Thomas Wilke (Eds.)

Automata Logics,
and Infinite Games
A Guide to Current Research

13
Volume Editors

Erich Grädel
RWTH Aachen, Mathematische Grundlagen der Informatik
52056 Aachen, Germany
E-mail: [email protected]
Wolfgang Thomas
RWTH Aachen, Lehrstuhl Informatik VII
52056 Aachen, Germany
E-mail: [email protected]
Thomas Wilke
Universität Kiel
Institut für Informatik und Praktische Mathematik
Christian-Albrechts-Platz 4, 24118 Kiel, Germany
E-mail: [email protected]

Cataloging-in-Publication Data applied for

A catalog record for this book is available from the Library of Congress.
Bibliographic information published by Die Deutsche Bibliothek
Die Deutsche Bibliothek lists this publication in the Deutsche Nationalbibliografie;
detailed bibliographic data is available in the Internet at <http://dnb.ddb.de>

CR Subject Classification (1998): F.1, F.3, F.4.1

ISSN 0302-9743
ISBN 3-540-00388-6 Springer-Verlag Berlin Heidelberg New York

This work is subject to copyright. All rights are reserved, whether the whole or part of the material is
concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting,
reproduction on microfilms or in any other way, and storage in data banks. Duplication of this publication
or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965,
in its current version, and permission for use must always be obtained from Springer-Verlag. Violations are
liable for prosecution under the German Copyright Law.
Springer-Verlag Berlin Heidelberg New York
a member of BertelsmannSpringer Science+Business Media GmbH

http://www.springer.de

© Springer-Verlag Berlin Heidelberg 2002

Printed in Germany
Typesetting: Camera-ready by author, data conversion by Boller Mediendesign
Printed on acid-free paper SPIN 10870758 06/3142 543210
Preface

A central aim of computer science is to put the development of hardware and

software systems on a mathematical basis which is both firm and practical. Such
a scientific foundation is needed especially in the construction of reactive pro-
grams, like communication protocols or control systems. Characteristic features
of such programs are the perpetual interaction with their environment as well
as their nonterminating behaviour.
For the construction and analysis of reactive programs an elegant and power-
ful theoretical basis has been developed with the theory of automata on infinite
objects. The main ingredients of this theory are:
• automata as a natural model of state-based systems,
• logical systems for the specification of nonterminating behaviour,
• infinite two-person games as a framework to model the ongoing interaction
between a program and its environment.
This theory of automata, logics, and infinite games has meanwhile produced
a large number of deep and mathematically appealing results. More important,
this theory is intimately connected with the development of algorithms for the
automatic verification (“model-checking”) and synthesis of hardware and soft-
ware systems. Numerous software tools have been developed on this basis, which
are now used in industrial practice. On the other hand, more powerful theoret-
ical results are needed for the continuous improvement of these tools and the
extension of their scope.
In this research, enormous progress was achieved over the past ten years, both
by new insights regarding the more classical results and by the creation of new
methods and constructions. This progress is so far documented only in conference
proceedings or journal papers but not in exhaustive surveys or monographs. This
volume is intended to fill this gap. In a sequence of 19 chapters, grouped into
eight parts, essential topics of the area are covered. The presentation is directed
at readers who have a knowlewdge of automata theory and logic as acquired in
undergraduate studies and who wish to enter current research in seminar work
or research projects.
In the introductory Part I, the two frameworks of the theory are introduced:
automata over infinite words (ω-automata), and infinite two-person games. Part
II takes up a central subject of the classical theory of ω-automata, namely de-
terminization procedures. The subsequent two parts deal with fundamental al-
gorithmic questions: the solution of games (Part III) and the transformation of
automata according to logical operations, in particular complementation (Part
IV). Some core logics to which this theory is applied are the subject of the fol-
lowing two parts (V and VI): the µ-calculus and monadic second-order logic.
The last two parts deal with recent extensions to strong logical frameworks: In
Part VII, the model-checking problem for monadic second-order logic over “tree-
like” infinite transition systems is solved, as well as the solution of infinite games
VI Preface

over certain graphs of this kind, and in the final part the logical framework is
extended to guarded logics. Each part ends with notes with further references;
however, these pointers to the literature are not meant to be exhaustive.
The volume is the outcome of a research seminar which took place in Dagstuhl
in February 2001. There were 19 young researchers participating in the seminar;
each of them prepared a presentation based on one or several recent articles,
reshaping the material in a form with special emphasis on motivation, examples,
justification of constructions, and also exercises.
Thanks are due to the International Conference and Research Center of
Dagstuhl and the “Gesellschaft für Informatik (GI)” for the support it provided.
Achim Blumensath and Christof Löding provided substantial help in technical
and editorial matters; we express our sincere thanks to them.
The editors hope that this book will help many readers to enter this fasci-
nating, mathematically attractive, and promising area of theoretical computer
science. As an incentive, many open problems are mentioned in the text. The
best success which the book could have would be to guide readers to the solution
of some of these problems.
Aachen, Kiel, October 2002 Erich Grädel
Wolfgang Thomas
Thomas Wilke
Contents

Part I. Introduction

1 ω-Automata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Berndt Farwer

2 Infinite Games . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
René Mazala

Part II. Determinization and Complementation

3 Determinization of Büchi-Automata . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Markus Roggenbach

4 Complementation of Büchi Automata Using Alternation . . . . . 61

Felix Klaedtke

5 Determinization and Complementation of Streett Automata . 79

Stefan Schwoon

Part III. Parity Games

6 Memoryless Determinacy of Parity Games . . . . . . . . . . . . . . . . . . . 95

Ralf Küsters

7 Algorithms for Parity Games . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Hartmut Klauck

Part IV. Tree Automata

8 Nondeterministic Tree Automata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Frank Nießner

9 Alternating Tree Automata and Parity Games . . . . . . . . . . . . . . . . 153

Daniel Kirsten

Part V. Modal µ-Calculus

10 Modal µ-Calculus and Alternating Tree Automata . . . . . . . . . . 171

Júlia Zappe
VIII Contents

11 Strictness of the Modal µ-Calculus Hierarchy . . . . . . . . . . . . . . . 185

Luca Alberucci

Part VI. Monadic Second-Order Logic

12 Decidability of S1S and S2S . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Mark Weyer

13 The Complexity of Translating Logic to Finite Automata . . . 231

Klaus Reinhardt

14 Expressive Power of Monadic Second-Order Logic and

Modal µ-Calculus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Philipp Rohde

Part VII. Tree-like Models

15 Prefix-Recognizable Graphs and Monadic Logic . . . . . . . . . . . . . 263

Martin Leucker

16 The Monadic Theory of Tree-like Structures . . . . . . . . . . . . . . . . 285

Dietmar Berwanger, Achim Blumensath

17 Two-Way Tree Automata Solving Pushdown Games . . . . . . . . 303

Thierry Cachat

Part VIII. Guarded Logics

18 Introduction to Guarded Logics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321

Thoralf Räsch

19 Automata for Guarded Fixed Point Logics . . . . . . . . . . . . . . . . . . 343

Dietmar Berwanger, Achim Blumensath

Part IX. Appendices

20 Some Fixed Point Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359

Carsten Fritz

Literature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365

Symbol Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
1 ω-Automata

Berndt Farwer

Fachbereich Informatik
Universität Hamburg

1.1 Introduction and Notation

Automata on infinite words have gained a great deal of importance since their
first definition some forty years ago. Apart from the interests from a theoretical
point of view they have practical importance for the specification and verification
of reactive systems that are not supposed to terminate at some point of time.
Operating systems are an example of such systems, as they should be ready to
process any user input as it is entered, without terminating after or during some
task.
The main topic covered in this chapter is the question how to define accep-
tance of infinite words by finite automata. In contrast to the case of finite words,
there are many possibilities, and it is a nontrivial problem to compare them with
respect to expressive power.
First publications referring to ω-languages date back to the 1960’s, at which
time Büchi obtained a decision procedure for a restricted second-order theory
of classical logic, the sequential calculus S1S (second order theory of one suc-
cessor), by using finite automata with infinite inputs [17]. Muller [133] defined a
similar concept in a totally different domain, namely in asynchronous switching
network theory. Starting from these studies, a theory of automaton definable
ω-languages (sets of infinite words) emerged. Connections were established with
other specification formalisms, e.g. regular expressions, grammars, and logical
systems. In this chapter, we confine ourselves to the automata theoretic view.

1.1.1 Notation
The symbol ω is used to denote the set of non-negative integers, i.e. ω :=
{0, 1, 2, 3, . . . }.
By Σ we denote a finite alphabet. Symbols from a given alphabet are denoted
by a, b, c . . . . Σ ∗ is the set of finite words over Σ, while Σ ω denotes the set of
infinite words (or ω-words) over Σ (i.e. each word α ∈ Σ ω has length |α| = ω).
Letters u, v, w, . . . denote finite words, infinite words are denoted by small greek
letters α, β, γ . . . . We write α = α(0)α(1) . . . with α(i) ∈ Σ. Often we indicate
infinite runs of automata by , σ, . . . . A set of ω-words over a given alphabet is
called an ω-language.
For words α and w, the number of occurrences of the letter a in α and w is
denoted by |α|a and |w|a , respectively. Given an ω-word α ∈ Σ ω , let

Occ(α) = {a ∈ Σ | ∃i α(i) = a}

E. Grädel et al. (Eds.): Automata, Logics, and Infinite Games, LNCS 2500, pp. 3-21, 2002.
 Springer-Verlag Berlin Heidelberg 2002
4 Berndt Farwer

be the (finite) set of letters occurring in α, and

Inf(α) = {a ∈ Σ | ∀i∃j > i α(j) = a}

be the (finite) set of letters occuring infinitely often in α.

The powerset of a set M is denoted by 2M and |M | denotes the cardinality of
M . The i-th projection of an ordered tuple or vector a = (a1 , . . . , ak ) is defined
for i ≤ k and is written πi (a) = ai .
The class of regular languages is denoted by REG.

1.2 ω-Automata

In classical formal language theory, the notion of acceptance of a word by an au-

tomaton is a well-known concept. One defines the notion of finite computation
or finite run of an automaton on a given input word, specifies the configura-
tions (by control states, or by control states and memory contents) which are
considered to be “final”, and declares an input accepted if a run exists on the
input which terminates in a final configuration.
In the present context we are interested only in the acceptance of words
by automata (and not in generation of ω-words by grammars). Also we only
consider finite automata. The definitions of acceptors and generators for context-
free languages and more general language classes have also been adapted to suit
the case of infinite words (see for example [113, 36, 37, 38]), or the survey [165].
In the remainder of this chapter we will use ω-automaton synonymously for finite
ω-automaton.
The usual definitions of deterministic and nondeterministic automata are
adapted to the case of ω-input-words by the introduction of new acceptance
conditions. For this purpose one introduces an “acceptance component” in the
specification of automata, which will arise in different formats.

Definition 1.1. An ω-automaton is a quintuple (Q, Σ, δ, qI , Acc), where Q is

a finite set of states, Σ is a finite alphabet, δ : Q × Σ → 2Q is the state transition
function, qI ∈ Q is the initial state, and Acc is the acceptance component.
In a deterministic ω-automaton, a transition function δ : Q × Σ → Q is used.

The acceptance component can be given as a set of states, as a set of state-

sets, or as a function from the set of states to a finite set of natural numbers.
Instances of all these case will be presented below.

Definition 1.2. Let A = (Q, Σ, δ, qI , Acc) be an ω-automaton. A run of A on

an ω-word α = a1 a2 · · · ∈ Σ ω is an infinite state sequence  = (0)(1)(2) · · · ∈
Qω , such that the following conditions hold:

(1) (0) = qI ,
(2) (i) ∈ δ((i − 1), ai ) for i ≥ 1 if A is nondeterministic,
(i) = δ((i − 1), ai ) for i ≥ 1 if A is deterministic.
 1 ω-Automata 5

With the different acceptance conditions defined in the following sections the
question arises how they are related in expressive power, i.e. whether there exist
transformations from one acceptance condition to another. If such transforma-
tions can be established another question naturally arises: what is the complexity
for the respective translations?
The size of an automaton A, denoted by |A|, is measured by the number
of its states, i.e. for A = (Q, Σ, δ, qI , Acc) the size is |A| = |Q|. In addition to
the number of states of an automaton the size of the acceptance condition is
also of some importance for the efficiency of the transformation. This is usually
measured by the number of designated sets or pairs of such. Details are given in
the respective sections.

1.3 Nondeterministic Models

1.3.1 Büchi Acceptance

The Büchi acceptance condition has originally been introduced for nondetermin-
istic ω-automata. In this case, the acceptance component is a set of states.

Definition 1.3. An ω-automaton A = (Q, Σ, δ, qI , F ) with acceptance com-

ponent F ⊆ Q is called Büchi automaton if it is used with the following
acceptance condition (Büchi acceptance): A word α ∈ Σ ω is accepted by A
iff there exists a run  of A on α satisfying the condition:

Inf() ∩ F = ∅

i.e. at least one of the states in F has to be visited infinitely often during the
run. L(A) := {α ∈ Σ ω | A accepts α} is the ω-language recognized by A.

Example 1.4. Consider the ω-language L over the alphabet {a, b} defined by

L := {α ∈ {a, b}ω | α ends with aω or α ends with (ab)ω }.

L is recognized by the nondeterministic Büchi automaton given by the state

transition diagram from Figure 1.1. The states from F are drawn with a double
circle.

a,b
q1 a
a

q0
b
a
q2 q3
a

Fig. 1.1. A Büchi automaton accepting the words from (a + b)∗ aω + (a + b)∗ (ab)ω
6 Berndt Farwer

Consider a Büchi automaton A = (Q, Σ, δ, qI , F ). Using this automaton with

initial state p and final state q we obtain a regular language W (p, q) of finite
words. An ω-word α is accepted by A iff some run of A on α visits some final
state q ∈ F infinitely often. This is equivalent to α ∈ W (q0 , q) · W (q, q)ω . Taking
the union over these sets for q ∈ F , we obtain the following representation result
for Büchi recognizable ω-languages.
Theorem 1.5. The Büchi recognizable ω-languages are the ω-languages of the
form

k
L= Ui Viω with k ∈ ω and Ui , Vi ∈ REG for i = 1, . . . , k
i=1
This family of ω-languages is also called the ω-Kleene closure of the class of
regular languages.
From this remark one concludes immediately that each nonempty Büchi rec-
ognizable ω-language contains an ultimately periodic word.
Let us also note that the emptiness problem is decidable for Büchi au-
tomata, i.e. there exists an algorithm that decides whether the language rec-
ognized by an arbitrary (nondeterministic) Büchi automaton is empty. Given
a Büchi automaton A, one computes the set of reachable states, and for each
reachable state q from F checks whether q is reachable from q by a nonempty
path. Such a loop exists if and only if there exists an infinite word α and a run
of A on α such that q is a recurring state in this run.

1.3.2 Muller Acceptance

The Muller acceptance condition refers to an acceptance component which is a
set of state sets F ⊆ 2Q .
Definition 1.6. An ω-automaton A = (Q, Σ, δ, qI , F ) with acceptance com-
ponent F ⊆ 2Q is called Muller automaton when used with the follwing
acceptance condition (Muller acceptance): A word α ∈ Σ ω is accepted by A
iff there exists a run  of A on α satisfying the condition:
Inf() ∈ F

i.e. the set of infinitely recurring states of  is exactly one of the sets in F .
Example 1.7. Consider again the ω-language L over {a, b} consisting of the ω-
words which end with aω or with (ab)ω . The deterministic Muller automaton
of Figure 1.2 recognizes L, where the acceptance component consists of the two
sets {qa } and {qa , qb }.
We now verify that nondeterministic Büchi automata and nondeterministic
Muller automata are equivalent in expressive power.
One direction is straightforward: for a Büchi automaton A = (Q, Σ, δ, qI , F )
define the family F of sets of states by collecting all subsets of Q which contain
a state from F .
 1 ω-Automata 7

b a
a
qb qa
b
Fig. 1.2. A state transition diagram where the state qa is reached after reading a and
qb after reading b.

Transformation 1.8. Let A = (Q, Σ, δ, qI , F ) be a Büchi automaton. Define the

Muller automaton A = (Q, Σ, δ, qI , F ) with F := {G ∈ 2Q | G ∩ F = ∅}. Then
L(A) = L(A ).

For the converse, a Muller automaton A = (Q, Σ, δ, qI , F ) is given. The

desired Büchi automaton A simulates A and, in order to accept, it guesses the
set G ∈ F which should turn out to be Inf() for the run  to be pursued.
For checking that the guess is correct, A makes another guess during the run,
namely from which position onwards exactly the states from G will be seen
again and again. This claim can be verified by accumulating the visited states in
memory until the set G is complete, then resetting the memory to ∅ and starting
accumulating again, and so on. If this reset occurs again and again (and no state
outside G is visited), the automaton A should accept. By declaring the “reset
states” as accepting ones, we obtain the required Büchi automaton.
For an implementation of this idea, we work with the set Q of original states
and introduce, for each set G ∈ F , a separate copy of Q ∩ G. We indicate such
states with index G (and write qG ). The automaton A does the two guesses
at the same moment, at which time it switches from a state p of Q to a state
from qG ∈ G and initializes the accumulation component to ∅. So the new states
for the accepting set G will be from G × 2G , where (qG , R) codes that q is the
current state of A and R is the set of accumulated states since the last reset
(where the R-value is ∅). So the set Q of states of A is


Q = Q ∪ · (G × 2G )
G∈F

 
and the set F of final states of A consists of the states (qG , ∅) for G ∈ F. We
do not give a formal definition of the transitions, which should be clear from the
description above.

Transformation 1.9. Let A = (Q, Σ, δ, qI , F ) be a Muller automaton. Define

a Büchi automaton A = (Q , Σ, δ  , qI , F  ) with Q , δ  , F  defined as described
above. Then L(A) = L(A ).

If Q has n states and F contains m sets then |Q | has at most n + mn2n = 2O(n)
states. Summarizing, we obtain the following result.

Theorem 1.10. A nondeterministic Büchi automaton with n states can be con-

verted into an equivalent Muller automaton of equal size, and a nondeterministic
Muller automaton with n states and m accepting sets can be transformed into
an equivalent Büchi automaton with ≤ n + mn2n states.
8 Berndt Farwer

b a
a
qb qa
b
c ba c
qc

c
Fig. 1.3. A state diagram where qx is reached after reading x.

The transformation sketched above transforms nondeterministic Büchi au-

tomata into nondeterministic Muller automata and conversely. For a given de-
terministic Büchi automaton the translation yields a deterministic Muller au-
tomaton. On the other hand, a deterministic Muller automaton is converted into
a nondeterminsitic Büchi automaton. As we shall see later, this nondeterminism
cannot in general be avoided.

1.3.3 Rabin and Streett Acceptance

The acceptance condition for Büchi automata is a positive condition on recur-

ring states for the acceptance of ω-words. In Muller automata the specification
by a set F is sharpened, because an accepting set F should contain precisely
the recurring states (and not more). There are also formalisms specifying accep-
tance and rejection criteria separately. The Rabin condition – also called pairs
condition – is such a condition.
The acceptance component is given by a finite family Ω of pairs (Ei , Fi ) of
designated state sets with the understanding that the sets Ei should be excluded
from an accepting run after a finite initial segment, while at least one state in
Fi has to be visited infinitely often.

Definition 1.11. An ω-automaton A = (Q, Σ, δ, qI , Ω) with acceptrance com-

ponent Ω = {(E1 , F1 ), . . . , (Ek , Fk )} with Ei , Fi ⊆ Q is called Rabin automa-
ton if it used with the following acceptance condition (Rabin acceptance): A
word α is accepted by A if there exists a run  of A on α such that

∃(E, F ) ∈ Ω(In() ∩ E = ∅) ∧ (Inf() ∩ F = ∅).

Example 1.12. The Rabin automaton with state transition diagram from Fig-
ure 1.2 and Rabin condition Ω = {({qb }, {qa })} accepts all words that consist
of infinitely many a’s but only finitely many b’s.
To specify the language consisting of all words that contain infinitely many
b’s only if they also contain infinitely many a’s with a Rabin automaton based
on the state graph from Figure 1.2 we have to use Ω = {(∅, {qa }), ({qa , qb }, ∅)}.
This condition can be paraphrased by saying that each word in the accepted
language has either infinitely many a’s or it has neither infinitely many a’s nor
infinitely many b’s. It is clear that in the latter case no ω-word can be accepted
 1 ω-Automata 9

and the condition could be simplified to Ω = {(∅, {qa })}. But in the presence of
a third symbol and a third state as depicted in Figure 1.3 two pairs are needed,
as the ω-word cω must be recognized: Ω = {(∅, {qa }), ({qa , qb }, {qc })}.

The Streett condition is dual to the Rabin condition. It is therefore some-

times called complemented pair condition. It can be viewed as a fairness
condition meaning that for each pair (E, F ) ∈ Ω, if some state from F is visited
infinitely often, there has to be a state from E that is also visited infinitely often
during an accepting run.

Definition 1.13. An ω-automaton A = (Q, Σ, δ, qI , Ω) with acceptance com-

ponent Ω = {(E1 , F1 ), . . . , (Ek , Fk )} with Ei , Fi ⊆ Q is called Streett automa-
ton if it is used with the following acceptance condition (Streett acceptance):
A word α is accepted by A if there exists a run  of A on α such that

∀(E, F ) ∈ Ω . ( Inf() ∩ E = ∅) ∨ ( Inf() ∩ F = ∅)

(equivalently: if Inf() ∩ F = ∅ then Inf() ∩ E = ∅).

Example 1.14. Let Σ = {a, b}. The language consisting of all words that contain
infinitely many a’s if they contain infinitely many b’s can be recognized by a
Streett automaton with the state graph from Figure 1.2. The condition can be
paraphrased as |α|b = ω ∨ |α|a = ω, i.e. |α|b = ω ⇒ |α|a = ω. In the automaton
of Figure 1.2 the two states qa and qb indicate that respectively symbol a or b has
been read in the previous step. The appropriate Streett automaton is obtained
by taking as acceptance component the set Ω = {({qa }, {qb })}.

Rabin automata and Streett automata are transformed into Muller automata
by simply gathering all state sets that satisfy the Rabin condition, respectively
Streett condition, into a Muller acceptance set.

Transformation 1.15. Let A = (Q, Σ, δ, qI , Ω) be a Rabin automaton, respec-

tively Streett automaton. Define a Muller automaton A = (Q, Σ, δ, qI , F ) with
F := {G ∈ 2Q | ∃(E, F ) ∈ Ω . G ∩ E = ∅ ∧ G ∩ F = ∅}, respectively with
F := {G ∈ 2Q | ∀(E, F ) ∈ Ω . G ∩ E = ∅ ∨ G ∩ F = ∅}. Then L(A) = L(A ).

For the converse it suffices to invoke the transformation of Muller automata

into Büchi automata, as in the preceding subsection, and to observe that Büchi
acceptance can be viewed as a special case of Rabin acceptance (for the set F
of final states take Ω = {(∅, F )}), as well as a special case of Streett condition
(for the set F of final states take Ω = {(F, Q)}).

1.3.4 The Parity Condition

The parity condition amounts to the Rabin condition for the special case where
the accepting pairs (E1 , F1 ), . . . , (Em , Fm ) form a chain with respect to set inclu-
sion. We consider the case of an increasing chain E1 ⊂ F1 ⊂ E2 ⊂ . . . Em ⊂ Fm .
10 Berndt Farwer

Let us associate indices (called colours) with states as follows: states of E1 re-
ceive colour 1, states of F1 \ E1 receive colour 2, and so on with the rule that
states of Ei \ Fi−1 have colour 2i − 1 and states of Fi \ Ei have colour 2i. An ω-
word α is then accepted by the Rabin automaton iff the least colour occurring
infinitely often in a run on α is even (hence the term “parity condition”).

Definition 1.16. An ω-automaton A = (Q, Σ, δ, qI , c) with acceptance com-

ponent c : Q → {1, . . . , k} (where k ∈ ω) is called parity automaton if it is
used with the following acceptance condition (parity condition): An ω-word
α ∈ Σ ω is accepted by A iff there exists a run  of A on α with

min{c(q) | q ∈ Inf()} is even

Sometimes it is more convenient to work with the condition that the maximal
colour occurring infinitely often in the run under consideration is even. This
applies to some constructions in later chapters of this book.

Example 1.17. Consider the parity automaton from Figure 1.4 with colouring
function c defined by c(qi ) = i.

a b
c
q0 a q1 b q2 q3
c
Fig. 1.4. Another ω-automaton

It accepts the ω-words with start with ab, continue by a finite sequence
of segments in a∗ cb∗ c, and end with aω ; so L(A) = ab(a∗ cb∗ c)∗ aω . For the
parity automaton A with the same transition graph but colouring c defined by
c (qi ) = i + 1 we obtain L(A ) = ab(a∗ cb∗ c)∗ bω ∨ ab(a∗ cb∗ c)ω .

It is obvious how a parity condition is cast into the form of a Rabin condition.

Transformation 1.18. Let A = (Q, Σ, δ, qI , c) be an ω-automaton be a parity

automaton with c : Q → {0, . . . , k}. An equivalent Rabin automaton A =
(Q, Σ, δ, qI , Ω) has the acceptance component Ω := {(E0 , F0 ), . . . , (Er , Fr )} with
r :=  k2 , Ei := {q ∈ Q | c(q) < 2i} and Fi := {q ∈ Q | c(q) ≤ 2i}.

1.3.5 Discussion

The equivalence results obtained above can be summarized as follows:

Theorem 1.19. (1) Nondeterministic Büchi automata, Muller automata, Ra-

bin automata, Streett automata, and parity automata are all equivalent in
expressive power, i.e. they recognize the same ω-languages.
 1 ω-Automata 11

(2) The ω-languages recognized by these ω-automata form the class ω-KC(REG),
i.e. the ω-Kleene closure of the class of regular languages.

The ω-languages in this class are commonly referred to as the regular ω-

languages, denoted by ω-REG.
At this point two fundamental questions arise.

• Are there types of deterministic ω-automata which recognize precisely the

ω-languages in ω-REG?
• Is the class ω-REG closed under complementation?

Both questions can be answered affirmatively; and both involve tedious work.
The complementation problem can be attacked via several approaches (see
Chapter 4 below). One possibility is to work with deterministic ω-automata and
thus use a reduction to the determinization problem.

1.4 Deterministic Models

In Chapter 3 below, it will be shown that deterministic Muller automata rec-

ognize precisely the regular ω-languages. In the present section, we discuss
the relation between deterministic Muller automata and other deterministic ω-
automata, and also give some remarks on the complementation problem. We shall
see that deterministic Muller automata, Rabin automata, Streett automata, and
parity automata are all equivalent in expressive power. Note that the equivalence
proof given above for the nondeterministic case cannot be copied: We proceeded
via nondeterministic Büchi automata and thus, even from deterministic Muller
automata, would obtain nondeterministic Rabin, Streett, and parity automata.
As we now verify, we cannot in general sharpen the construction of a Büchi
automaton to obtain a deterministic one.

1.4.1 The Büchi Condition for Deterministic ω-Automata

Let us see that Büchi automata are too weak to recognize even very simple
ω-languages from ω-REG. The Büchi automaton depicted in Figure 1.5 with
F = {q1 } accepts those ω-words over the alphabet {a, b} that have only finitely
many b’s.

a,b

a
q0 q1 a

Fig. 1.5. An automaton recognizing (a + b)aω

It is easy to provide an equivalent deterministic Muller automaton, using

two states qa , qb which are visited after reading a, b, respectively, and declaring
12 Berndt Farwer

F = {{qa }} as acceptance component (see Figure 1.2). Then a run is accepting

iff it ends by a sequence consisting of state qa only, which means that the input
word ends with aω .
If one would work with the Büchi acceptance condition, using a set F of
accepting states, then one has a specification of states which should be visited
infinitely often, but it is not directly possible to specify which states should be
seen only finitely often.
The argument which shows that deterministic Büchi automata are too weak
for recognizing L = (a + b)∗ bω works by contradiction: Assuming that the
deterministic Büchi automaton A with final state set F recognizes L, it will
on input bω visit an F -state after a finite prefix, say after the n0 -th letter. It
will also accept bn0 abω , visiting F -states infinitely often and hence after the a,
say when finishing the prefix bn0 abn1 . Continuing this construction the ω-word
bn0 abn1 abn2 a . . . is generated which causes A to pass through an F -state before
each letter a but which should of course be rejected.

1.4.2 Transforming Muller Automata to Rabin Automata

Let us now show that deterministic Muller automata, Rabin automata, Streett
automata, and parity automata all have the same expressive power. We show first
the crucial step, namely that deterministic Muller automata can be transformed
into deterministic Rabin automata.
We use a technique called latest appearance record (LAR). The idea is
to use permutations of the states of the given Muller automaton as new states,
extended by a hit position. So the memory of the new automaton stores lists
of states from the original automaton; this is in contrast to the construction
of Theorem 1.10 which produced a nondeterministic Büchi automaton from a
Muller automaton; in that case we stored sets of states of the original automaton
in the memory of the constructed one.
In a list of (distinct) states, we use the last entry for the current state in the
run on the given Muller automaton. The hit position (the position of the marker
() indicates where the last change occurred in the record. For every transition
from one state p to q in the original automaton, the state q is moved to the last
position of the record while the symbols which were to the right of q are shifted
one position to the left (so the previous place of q is filled again). The marker is
inserted in front of the position where q was taken from. So the positions before
the marker are untouched by the transition under consideration.

Transformation 1.20. Let A = (Σ, Q, δ, qI , F ) be a deterministic Muller automa-

ton. Assume w.l.o.g. that Q = {1, . . . , k} and qI = 1. Let ( be a new symbol, i.e.
( ∈ Q.
An equivalent Rabin automaton A is given by the following definition:
 is the set of all order vector words with hit position over Q, i.e.
• Q
 := {w ∈ (Q ∪ {(})∗ | ∀q ∈ Q ∪ {(} . |w|q = 1}
Q
 1 ω-Automata 13

• The initial state is qI := (k . . . 1.

• The transition function δ  is constructed as follows: Assume i, i ∈ Q, a ∈ Σ,

and δ(i, a) = i . Then δ  is defined for any word m1 . . . mr (mr+1 . . . mk ∈ Q

with mk = i. Supposing that i = ms , define

δ  (m1 . . . mr (mr+1 . . . mk , a) := (m1 . . . ms−1 (ms+1 . . . mk i ).

• The acceptance component is given by Ω = {(E1 , F1 ), . . . , (Ek , Fk )}, defined

as follows:
– Ej := {u(v | |u| < j}
– Fj := {u(v | |u| < j} ∪ {u(v | |u| = j ∧ {m ∈ Q | m  v} ∈ F}.
Here the infix relation m  v should be read as “m occurs in v”, since m is
a single letter.
Consider a run of the Muller automaton A, where the set of infinitely often
visited states is, say, J = {m1 , . . . , mj } This means that in the corresponding
run of the Rabin automaton A , the states of Q \ J will eventually reach the
first positions and then stay indefinitely in front of the marker. So finally the A -
states will be of the form u(v where the (Q \ J)-elements occur at the beginning
of u (or constitute the whole word u). Hence, eventually we will constantly have
|u| ≥ |Q \ J|, in other words |v| ≤ |J| = j. Clearly infinitely often we have
|v| = |J| = j, since otherwise, from some point onwards we would have |v| < j
and thus less than j states would be visited infinitely often.
So infinitely often a state u(v with |v| = j is seen but only finitely often a
state with v > j. Moreover, the states which constitute the word v in the first
case |v| = j form precisely the set J.
We can summarize this as follows:

Lemma 1.21. Let  be an infinite run of the deterministic Muller automaton

A with state set Q = {1, . . . , k} and let u0 (v0 , u1 (v1 , u2 (v2 , . . . be the correspond-
ing sequence of order vectors with hit, according to Transformation 1.20. Then
Inf() = J with |J| = j iff the following conditions hold:
• for only finitely many i we have |vi | > j (and hence |ui | ≤ k − j)
• for infinitely many i we have |vi | = j (and hence |ui | = k − j) and
J = {m ∈ Q | m  vi }.

The Muller automaton A accepts by the run  if the set J considered in the
Lemma belongs to F . This means that the run will infinitely often visit a state
in the defined set Fk−j but only finitely often visit states u(v with |u| < k − j,
i.e. states from Ek−j . So the Rabin condition of A is satisfied and A accepts in
this case. The converse implication (“if A accepts an input word, then A does”)
is shown analogously.
From the definition of the sets Ej , Fj we see that they are arranged in a chain:
E1 ⊆ F1 ⊆ E2 . . . ⊆ Ek ⊆ Fk . We can shorten the chain by admitting only pairs
where Ej = Fj , without altering the set of accepting runs. Then we are left with
a strictly increasing chain of sets, and thus have defined an ω-automaton which
is presentable as a parity automaton.
14 Berndt Farwer

Altogether we obtain the following result:

Theorem 1.22. By Transformation 1.20, a deterministic Muller automaton

with n states is transformed into a deterministic Rabin automaton with n · n!
states and n accepting pairs, and also into a deterministic parity automaton
with n · n! states and 2n colours.

Transformation 1.20 is given here for deterministic automata, but it works

analogously for nondeterministic automata.
In order to cover also Streett automata it is useful to look at the complemen-
tation of ω-languages. Note that the negation of the Rabin acceptance condition

(∗) ∃(E, F ) ∈ Ω (Inf() ∩ E = ∅) ∧ (Inf() ∩ F = ∅).

is equivalent to the Streett condition:

(∗∗) ∀(E, F ) ∈ Ω (Inf() ∩ E = ∅) ∨ (Inf() ∩ F = ∅)

Hence, when we transform a deterministic Rabin automaton recognizing L

into a Streett automaton by keeping all its components, including the acceptance
component, but using it in the form (∗∗) instead of (∗), then the resulting Streett
automaton recognizes the complement of L.
We can transform a deterministic Rabin automaton into an equivalent Streett
automaton by a detour through Muller automata. Namely, the complement of
an ω-language recognized by a deterministic Muller automaton is accepted by
the same automaton up to the set of designated state sets; this set F has to be
replaced by its complement w.r.t. the set of states Q of the automaton.

Transformation 1.23. Let A = (Q, Σ, δ, qI , F ) be a deterministic Muller aur-

tomaton. Then the Muller automaton A := (Q, Σ, δ, qI , 2Q \ F ) recognizes the
complement of L(A).

Now we can transform a deterministic Rabin automaton A into a deter-

ministic Streett automaton as follows: From A construct an equivalent Muller
automaton, by copying Transformation 1.15 for the deterministic case. Com-
plement the Muller automaton, and then apply Transformation 1.20 to obatain
a Rabin automaton A recognizing the compelement of L. Used as a Streett
automaton, A recognizes L, as desired.
The converse transformation from Streett to Rabin automata works analo-
gously.
As a consequence of the previous constructions we note the following:

Theorem 1.24. Deterministic Muller automata, Rabin automata, Streett au-

tomata, and parity automata recognize the same ω-languages, and the class of
ω-languages recognized by any of these types of ω-automata is closed under com-
plementation.
 1 ω-Automata 15

In this result, the complementation of parity automata would work as follows:

Write the parity condition as a Rabin condition, define the complement by read-
ing it as a Streett condition, pass to an equivalent Muller automaton, and obtain
from it an equivalent Rabin automaton by Transformation 1.20. This is simpli-
fied considerably by the direct approach, which applies the idea of exchanging
even and odd colours.
For showing that the complement of a language accepted by an ω-automa-
ton with parity condition is also acceptable by a parity automaton, the colour
function has to be modified such that henceforth every word previously not
accepted has even parity in its minimal colour value and uneven parity for all
previously accepted words.
Transformation 1.25. Let A = (Q, Σ, δ, qI , c) be a deterministic ω-automaton
with parity condition. Then the complement of L(A) is recognized by the parity
automaton A := (Q, Σ, δ, qI , c ) where c (q) = c(q) + 1.
So the complementation process is easy (and does not affect the number of
states of the automata) if we deal with deterministic Muller or parity automata.
For Rabin and Streett automata, the constructions above involve a blow-up
of 2O(n log n) (the growth-rate of n · n! as it appears in the LAR construction
of Transformation 1.20). The same applies to the transformation of Rabin into
Streett automata and conversely. In the next section we will see that this blow-up
is not avoidable.
Before turning to these lower bound results, we note a fact about accepting
runs of Rabin and Streett automata which will be used there.
Lemma 1.26. Let A = (Q, Σ, δ, qI , Ω) be an ω-automaton with Rabin con-
dition, and assume 1 , 2 are two nonaccepting runs. Then any run  with
Inf() = Inf(1 ) ∪ Inf(2 ) is also non-accepting.
For the proof assume that 1 , 2 are non-accepting but  with Inf() =
Inf(1 ) ∪ Inf(2 ) is accepting. Then for some accepting pair (E, F ) we have
Inf() ∩ E = ∅ and Inf() ∩ F = ∅. By Inf() = Inf(1 ) ∪ In(2 ) we must have
Inf(1 ) ∩ E = Inf(2 ) ∩ E = ∅, and also Inf(1 ) ∩ F = ∅ or Inf(2 ) ∩ F = ∅. So
one of the two runs i would be accepting, contradicting the assumption.
By duality, we obtain the following:
Lemma 1.27. Let A = (Q, Σ, δ, qI , Ω) be a Streett automaton, and assume
1 , 2 are two accepting runs. Then any run  with Inf() = Inf(1 ) ∪ Inf(2 ) is
also accepting.

1.5 Two Lower Bounds

In this section we establish two lower bounds of rate 2O(n log n) for the transfor-
mation of ω-automata:
(1) from nondeterministic Büchi automata to deterministic Rabin automata,
(2) from deterministic Streett to deterministic Rabin automata.
16 Berndt Farwer

n
…
2

q0 1 q1 q2 … qn

1,…,n,# 1,…,n,# 1,…,n,#

Fig. 1.6. Nondeterministic Büchi automaton An

The first lower bound will useful in Chapter 3, where a transformation from
Büchi automata to deterministic Rabin automata is presented, using the con-
struction of Safra [158]. The lower bound will show that Safra’s construction is
optimal.
The second lower bound is of interest in connection with the conversion of
Streett automata into Rabin automata (or conversely) presented above. The
lower bound result will be taken up again in Chapter 5, where Streett automata
are studied in more depth.

1.5.1 From Büchi Acceptance to Rabin Acceptance

The proof idea of the present section is due to Michel [128]. We follow the
presentation as given by Löding in [114].
In order to keep the representation of nondeterministic automata small, a
set of initial states is used in the examples that follow. It is obvious that the
automata can be presented in the usual format by adding just one state and
adding arcs from this new state for each arc leaving an initial state of the given
automaton.

Example 1.28. Consider the family of Büchi automata from Figure 1.6. This
family of automata (An )n≥2 is defined over the alphabets {1, . . . , n, #} respec-
tively. (The constraint n ≥ 2 is introduced for the proof of Lemma 1.29 where
two different permutations of symbols from {1, . . . , n} are assumed to exist.)
The languages Ln accepted by these automata can be characterised by the
condition: A word α is accepted by An iff there exists k and i1 , . . . , ik ∈ {1, . . . , n}
such that each pair ij ij+1 for j < k and ik i1 appears infinitely often in α.
We encode the symbols 1, . . . , n by words over {0, 1}∗ such that

0i 1 if i < n,
i is encoded by
0i 0∗ 1 if i = n

furthermore we keep # unaltered. Now we can specify the same family of lan-
guages w.r.t. the encoding by the family of automata (An )n≥2 over the fixed
alphabet {0, 1, #}. The size of An (in either of the two versions) is O(n).

The family of automata from the previous example can be used to prove the
following lemma.
 1 ω-Automata 17

v R

u
q0 q p

w
S

Fig. 1.7. An accepting run of A

Lemma 1.29. There exists a family of languages (Ln )n≥2 over the alphabet
{0, 1, #} recognizable by nondeterministic Büchi automata of size O(n) such
that any nondeterministic Streett automaton accepting the complement language
of Ln has at least n! states.

Proof ([114]). Let n ∈ ω and (i1 , . . . , in ), (j1 , . . . , jn ) be different permutations

of {1, . . . , n}. It is clear from the definition of the Büchi automaton An from
the previous example that the words α := (i1 . . . in #)ω and β := (j1 . . . jn #)ω
are not accepted by An . Hence, α and β belong to the complement language
L := {1, . . . , n, #}ω \ L(An ).
This means that for any Streett automaton A accepting L(A ) = L there
have to exist accepting runs α and β with R := Infα and S := Infβ . Due to
the Streett condition of A it is sufficient to show that R ∩ S = ∅, as there are
n! permutations of {1, . . . , n}, thus, leading to an automaton with no less than
n! states.
Now, assume on the contrary that there is some state q ∈ R ∩ S. Then there
has to exist an accepting run γ of A on a word γ = u(vw)ω such that u is a
subword read on some path from the initial state of A to the state q and v and
w are words read on paths from q to q cycling only through states from R and
S respectively. Suppose the infix v of α is given by i0 , . . . , ik ∈ {1, . . . , n} and
similarly w = j0 , . . . , jl ∈ {1, . . . , n}. This situation is depicted in Figure 1.7.
Since α = β there has to exist an index in which the two words differ. Let
m be the least of such indices, i.e. ∀x . x < m → ix = jx and im = jm . But
now there have to exist indices k  , l > m such that jm = ik
and im = jl
. This
leads to a sequence im , . . . , im+1 , . . . , im
−1 , im
jm , jm+1 , . . . , jl
−1 , jl
satisfying
the characterisation of the words in L(An ). So γ ∈ L(An ).
We now show that A also accepts γ, which contradicts the assumption
L(A ) = {1, . . . , n, #}ω \ L(An ). Namely, for the run ργ we know that Inf(ργ ) =
Inf(ρα ) ∪ Inf(ρβ ). Hence, by Lemma 1.27, the A -run ργ is accepting.

By the duality of Rabin and Streett conditions it is obvious that if there

exists an ω-automaton of size less than n! with Rabin condition that accepts
Ln then there also exists a deterministic Streett automaton that accepts the
complement language Σnω \ Ln with less than n! states. Thus from Lemma 1.29
we conclude the following theorem.
18 Berndt Farwer

n n n'
n n

…
1 1

1 1 1'

Fig. 1.8. Deterministic Streett automaton An

Theorem 1.30. There exists a family of languages (Ln )n≥2 over the alphabet
{0, 1, #} recognizable by nondeterministic Büchi automata of size O(n) such that
any equivalent deterministic Rabin automaton must be of size n! or larger.

1.5.2 A Lower Bound for the Transformation of Deterministic

Streett Automata to Deterministic Rabin Automata

The technique of latest appearance records is used for the transformation of var-
ious automata into parity automata. Two variants are studied in the literature:
state appearance records and index appearance records.
State appearance records have been introduced in Section 1.4.2 for the trans-
formation of Muller automata into Rabin automata. Löding [114] shows that any
transformation of a deterministic Streett automaton of size n with r pairs of des-
ignated sets into a deterministic Rabin automaton will result in an automaton
where the number of states is a factorial in min(n, r), and by the fact that par-
ity automata are special cases of Rabin automata, a transformation to a parity
condition will result in an automaton with at least min(n, r)! states and O(r)
colours. Since the automata used in the proof consist of n states and n pairs,
this also proves the optimality of the best known transformation from Muller
automata to automata with parity condition.
Due to the duality of Rabin and Streett conditions the result is transferrable
to the case with Rabin condition and Streett condition interchanged.
Index appearance records (IAR) are used for example by Safra [159] for the
transformation of nondeterministic Streett automata into deterministic Rabin
automata. The transformation, to be presented in full detail in Chapter 5 below,
takes a deterministic Streett automaton of size n with an acceptance condition
consisting of r pairs of designated sets to an equivalent deterministic Rabin
automaton of size nO(r)! that uses O(r) accepting pairs.
By Theorem 1.32 we obtain the optimality of the IAR construction. The
following example gives the family of automata on which the proof is based.

Example 1.31. Consider the family of deterministic Streett automata (An )n≥2
from Figure 1.8 with pairs of designated state sets Ωn = {(E1 , F1 ), . . . , (En , Fn )}
and Ei = {i}, Fi = {i }.
The language accepted by the automaton An can be characterised by the
symbols occurring in odd and even positions of the accepted words. Each word
 1 ω-Automata 19

α in L(An ) satisfies the condition that each symbol occurring infinitely often in
an odd position must also occur infinitely often in an even position of α.
This family of automata (An )n≥2 is defined over the alphabets {1, . . . , n},
respectively. By encoding the symbols 1, . . . , n by words over {0, 1}∗ such that

0i 1 if i < n,
i is encoded by i ∗
0 0 1 if i = n

we can specify the same family of languages w.r.t. the encoding by the family of
automata (An )n≥2 over the fixed alphabet {0, 1}. The construction is similar to
that in Section 1.5.1.

Theorem 1.32 ([114]). There exists a family of languages (Ln )n≥2 over the al-
phabet {0, 1} recognizable by deterministic Streett automata with O(n) states and
O(n) pairs of designated state sets such that any deterministic Rabin automaton
accepting Ln requires at least n! states.

Proof. The idea for proving Theorem 1.32 is motivated by the observation that
for any finite word u ∈ {1, . . . , n}∗ of even length, the word uα is accepted
by An iff α is accepted by An . It can be shown by induction over n that any
deterministic Rabin automaton accepting L(An ) must have at least n! states.
The base case for the induction is obvious: Any (Rabin) automaton accepting
a proper subset of the infinite words over a 2-letter alphabet with some word
having occurrences of both letters needs at least two states.
The induction step relies on the fact that any given deterministic Rabin
automaton A accepting L(An ) can be modified to a deterministic automaton
over {1, . . . , n} \ {i} for any i ∈ {1, . . . , n} by simply removing all arcs labelled
by i. Setting the initial state of the modified automaton to any q that is reachable
in An by an even number of state transitions we obtain a deterministic Rabin
automaton Aqi .
Because of the characterisation of L(An ) given above, it is clear that Aqi
accepts a language isomorphic up to the renaming of symbols to L(An−1 ). The
induction hypothesis requires the automaton Aqi to have at least (n − 1)! states.
For a complete proof the reader is referred to [114].

1.6 Weak Acceptance Conditions

In the previous sections we have defined acceptance by a reference to those states

in a run whcich occur infinitely often. For some purposes a “weak acceptance
condition” is appropriate. This is a condition on the set of states that occur at
least once (but maybe only finitely often) in a run.
Recall that
Occ() := {q ∈ Q | |−1 (q)| ≥ 1}
is the set of states that occur at least once in the run . Let A = (Q, Σ, δ, qI , Acc)
be an ω-automaton.
20 Berndt Farwer

There are different possibilities to use the set Occ() for acceptance. The
analogue to the Muller condition, introduced by Staiger and Wagner [166], uses
a family F of state sets and declares the run  accepting if

Occ() ∈ F .

Other acceptance modes refer to a set F of designated states and require

Occ() ∩ F = ∅,

(also called 1-acceptance, following [110]), and

Occ() ⊆ F,

also called 1 -acceptance.

These acceptance modes are special cases of Staiger-Wagner acceptance. In
the first case one collects in F all sets X with X ∩ F = ∅, in the second case the
sets X with X ⊆ F .
Example 1.33. To accept the ω-words over the alphabet {a, b} that have at least
one symbol a, we take an automaton A = ({qa , qb }, {a, b}, δ, qb, F ), where F =
{qa }, δ is defined according to the state transition graph of Figure 1.2, and
1-acceptance is used.
The requirement that only the word bω should be accepted can be specified
with the same transition graph, now with 1 -acceptance using the set F = {qb }.
i.e. the only state that may be visited in any successful run is qb .
In later chapters of the book also the parity condition will be used in the
weak sense. The requirement for acceptance is that the minimal (or maximal)
colour occurring in a run is even.
We show that acceptance by an occurrence set can be simulated by Büchi
acceptance. The idea is to simulate A and to accumulate the visited states in a
separate component of the state, signalling acceptance whenever this component
is a set from F .
Transformation 1.34. Let A = (Q, Σ, δ, qI , F ). The language L(A) recognized
by A with the Staiger-Wagner acceptance condition is recognized by a Büchi
automaton A = (Q × 2Q , Σ, δ  , (qI , {qI }), F  ) where δ  ((p, P ), a) contains all
states (p , P  ) with p ∈ δ(p) and P  = P ∪ {p }, and where F  contains all states
(p, P ) with P ∈ F .
The exponential blow-up can be avoided if only 1-acceptance or 1 -acceptance
are involved. In order to capture 1-acceptance via a set F by Büchi acceptance,
one introduces a transition from each F -state to a new state qf , with a tran-
sition back to qf , which serves as only final state in the Büchi automaton. For
1 -acceptance, it suffices to take the given automaton and use it as a Büchi
automaton (with the same set of designated states).
The reverse transformations are not possible; it should be obvious that an in-
finity condition in the definition of an ω-language cannot in general be simulated
 1 ω-Automata 21

by an occurrence condition. For example, the set L of ω-words over {a, b} with
infinitely many b is not recognizable by an ω-automaton with Staiger-Wagner
acceptance. Assuming such an automaton which recognizes L, say with n states,
one would consider an accepting run on the input word (an+1 b)ω . After some
finite prefix, say after (an+1 b)k , the run would have visited the states which
are visited at all. In the succeeding block an+1 the automaton assumes a loop,
which can be repeated if the input is changed to (an+1 b)k aω . So over this input
the same states would be visited as in the considered run over (an+1 b)ω . Hence
(an+1 b)k aω would be accepted, a contradiction.

1.7 Conclusion
We have shown the expressive equivalence of

• nondeterministic Büchi, Muller, Rabin, Streett, and parity automata

• deterministic Muller, Rabin, Streett, and parity automata

The missing link will be provided in Chapter 3 below: Nondeterministic Büchi

automata accept the same ω-languages as deterministic Muller automata.
Figure 1.9 gives an overview; it shows the dependencies and known bounds
for transformations between different models (including results that are shown
in Part II of the book).

n+kn·2n NB

2O(n log n) 2O(n log n) ,n

DM DR DS
n·2O(k log k) ,O(k)

2O(n log n) ,n
DP

Fig. 1.9. An overview of transformation bounds for ω-automata.

We indicate by D and N the deterministic, respectively, nondeterministic

versions and write B, M, R, S for Büchi, Muller, Rabin, Streett, respectively. The
noted complexity bounds are given as pairs (n , k  ) where n is the size of the
constructed automaton and k  the size of the acceptance component, relative to
the original sizes (n is the original number of states and k the size of the original
acceptance component). Dotted arrows are used for trivial transformations.
2 Infinite Games

René Mazala

Institut für Informatik

Martin-Luther-Universität Halle-Wittenberg

2.1 Introduction

This chapter is meant as an introduction to infinite two-person games on directed

graphs. We will define what they are, how they are played, what exactly a
strategy is, what we mean when we say a game is won by a certain player, etc.
We will introduce fundamental notions such as determinacy, forgetful strategies,
memoryless strategies, and so on. And we will state fundamental results, which
will be proved in later chapters.

2.2 Games

A game is composed of an arena and a winning condition. We will first study

arenas and then add winning conditions on top of arenas.

2.2.1 Arenas

An arena is a triple

A = (V0 , V1 , E) (2.1)

where V0 is a set of 0-vertices, V1 a set of 1-vertices, disjoint from V0 , and

E ⊆ (V0 ∪ V1 ) × (V0 ∪ V1 ) is the edge relation, sometimes also called the set
of moves. The union of V0 and V1 is denoted V . Observe that with this notation
the requirement for the edge relation reads E ⊆ V × V . The set of successors
of v ∈ V is defined by vE = { v
∈ V | (v, v
) ∈ E }.
The games we are interested in are played by two players, called Player 0
and Player 1. We will often fix σ ∈ {0, 1} and consider Player σ; if we then want
to refer to the other player, we will speak of him or her as Player σ’s opponent
and write Player σ. Formally, we set σ = 1 − σ for σ ∈ {0, 1}.
Observe that there is no restriction on the number of the successors of a
vertex in an arena. Also, we don’t require that (V, E) is a bipartite graph with
corresponding partition {V0 , V1 }.

2.2.2 Plays

A play of a game with an arena as above may be imagined in the following way:
a token is placed on some initial vertex v ∈ V . If v is a 0-vertex then Player 0

E. Grädel et al. (Eds.): Automata, Logics, and Infinite Games, LNCS 2500, pp. 23-38, 2002.
 Springer-Verlag Berlin Heidelberg 2002
24 René Mazala

moves the token from v to a successor v
∈ vE of v; symmetrically, if v is a

1-vertex then Player 1 moves the token from v to a successor v
∈ vE of v. More
concisely, when v is a σ-vertex, then Player σ moves the token from v to v
∈ vE.
Next, when v
is a σ-vertex, then Player σ moves the token from v
to v

∈ v
E.
This is repeated either infinitely often or until a vertex v without successors, a
dead end, is reached. Formally, a vertex v is called a dead end if vE = ∅.
We define a play in the arena A as above as being either

• an infinite path π = v0 v1 v2 · · · ∈ V ω with vi+1 ∈ vi E for all i ∈ ω (infinite

play) or
• a finite path π = v0 v1 · · · vl ∈ V + with vi+1 ∈ vi E for all i < l, but vl E = ∅
(finite play).

A prefix of a play is defined in the obvious way.

Now that we know what arenas and plays are we need to explain what kind
of winning conditions we are going to use and how arenas together with winning
conditions make games.

2.2.3 Games and Winning Sets

Let A be an arena as above and Win ⊆ V ω . The pair

(A, Win) (2.2)

is then called a game, where A is the arena of the game and Win its winning
set. The plays of that game are the plays in the arena A. Player 0 is declared
the winner of a play π in the game G iff

• π is a finite play π = v0 v1 · · · vl ∈ V + and vl is a 1-vertex where Player 1

can’t move anymore (when vl is a dead end) or
• π is an infinite play and π ∈ Win.

Player 1 wins π if Player 0 does not win π.

2.2.4 Winning Conditions

We will only be interested in winning sets that can be described using the ac-
ceptance conditions that were discussed in the previous chapter. But recall that
these acceptance conditions made only sense when used with automata with a
finite state space—a run of an infinite-state automaton might have no recurring
state. We will therefore colour the vertices of an arena and apply the acceptance
conditions from the previous chapter on colour sequences.
Let A be as above and assume χ : V → C is some function mapping the
vertices of the arena to a finite set C of so-called colours; such a function will
be called a colouring function. The colouring function is extended to plays in
a straightforward way. When π = v0 v1 · · · is a play, then its colouring, χ(π), is
given by χ(π) = χ(v0 )χ(v1 )χ(v2 ) · · · . So, when C is viewed as the state set of a
 2 Infinite Games 25

finite ω-automaton and Acc is an acceptance condition for this automaton (in
the sense of the previous chapter), then we will write Wχ (Acc) for the winning
set consisting of all infinite plays π where χ(π) is accepted according to Acc.
Depending on the actual acceptance condition we are interested in, this means
the following, where π stands for any element of V ω .

P
• Muller condition (Acc = F ⊆ 0 (C)): π ∈ Wχ (Acc) iff Inf(χ(π)) ∈ F .
• Rabin condition (Acc = {(E0 , F0 ), (E1 , F1 ), . . . , (Em−1 , Fm−1 )}):
π ∈ Wχ (Acc) iff ∃k ∈ [m] such that Inf(χ(π)) ∩ Ek = ∅ and Inf(χ(π)) ∩ Fk =
∅,
• Streett condition (Acc = {(E0 , F0 ), (E1 , F1 ), . . . , (Em−1 , Fm−1 )}):
π ∈ Wχ (Acc) iff ∀k ∈ [m].(Inf(χ(π)) ∩ Ek = ∅ ∨ Inf(χ(π)) ∩ Fk = ∅),
• Rabin chain condition (Acc = {(E0 , F0 ), (E1 , F1 ), . . . , (Em−1 , Fm−1 )} where
E0 ⊂ F0 ⊂ E1 ⊂ F1 ⊂ . . . ⊂ Em−1 ⊂ Fm−1 ): like the Rabin condition.
• Parity conditions (the colour set C is a finite subset of the integers):
– max-parity condition: π ∈ Wχ (Acc) iff max(Inf(χ(π))) is even.
– min-parity condition: π ∈ Wχ (Acc) iff min(Inf(χ(π))) is even.
• Büchi condition (Acc = F ⊆ C): π ∈ Wχ (Acc) iff Inf(χ(π)) ∩ F = ∅.
• 1-winning (Acc = F ⊆ C): π ∈ Wχ (Acc) iff Occ(χ(π)) ∩ F = ∅.

For simplicity, we will just write (A, χ, Acc) instead of (A, Wχ (Acc)). To indicate
that we are working with a certain acceptance/winning condition, we will speak
of Muller, Büchi, . . . games. We will say a game is a regular game if its
winning set is equal to Wχ (Acc) for some χ and some acceptance condition Acc
from above, except for 1-acceptance.
Example 2.1. Let A = (V0 , V1 , E, χ) be the (coloured) arena presented in Fig-
ure 2.1. We have the 0-vertices V0 = {z1 , z2 , z5 , z6 } (circles) and the 1-vertices
V1 = {z0 , z3 , z4 } (squares). The colours are C = {1, 2, 3, 4}. The edge relation E
and the colour mapping χ may be derived from the picture, i.e. χ(z4 ) = 2
or χ(z0 ) = 1. Note that we don’t have a dead end in our example. As a
winning condition we choose the Muller acceptance condition given by F =
{{1, 2}, {1, 2, 3, 4}}.
A possible infinite play in this game is π = z6 z3 z2 z4 z2 z4 z6 z5 (z2 z4 )ω . This
play is winning for Player 0 because χ(π) = 23121224(12)ω and Inf(χ(π)) =
{1, 2} ∈ F . The play π
= (z2 z4 z6 z3 )ω yields χ(π
) = (1223)ω and Inf(χ(π
)) =
/ F . Hence π
is winning for Player 1.
{1, 2, 3} ∈
When we want to fix a vertex where all plays we consider should start, we
add this vertex to the game: an initialized game is a tuple (G, vI ) where vI is
a vertex of the arena of G. A play of such a game is a play of the uninitialized
game which starts in vI .

2.3 Fundamental Questions

There are several obvious questions to ask when one is confronted with an ini-
tialized game as introduced in the previous section.
26 René Mazala

1 2
z0 z1

1 z2

3 z3 z4 2 z5 4

z6

Fig. 2.1. Coloured example arena

First, it would be interesting to know if one of the players can play in such a
game that regardless of how the other moves, the emerging plays will be wins for
him. This is the question whether the game is “determined”. We will formalize
this by introducing the notions of strategy and winning strategy, and we will
state the fundamental result that every regular game is determined; the result
itself will be proved in Chapter 6.
Second, when we consider games on finite graphs these can be input for an
algorithm and an obvious question to ask is if one can effectively (and maybe
efficiently) determine which of the two players wins the game. This question will
be answered in Chapter 7; the complexity of determining the winner heavily
depends on the type of the game (the winning condition) one is interested in.
Third, it is not only interesting to know who wins a game, but also how
a winning strategy looks like. Clearly, a winning strategy will tell the player
what to do next depending on the moves that have been taken thus far. We
will be interested in situations where the winning strategies are simple in the
sense that the next move of the player does only depend on the current vertex
or on a bounded amount of information on the moves that led to the current
position—we will be interested in “memoryless” or “forgetful” strategies. We
will describe this formally and state the main result that for every regular game
there is a forgetful winning strategy and that parity games even allow memoryless
strategies.

2.4 Strategies and Determinacy

In order to be able to define formally what it means for a player to win a game,
we need to introduce the notion of strategy.
 2 Infinite Games 27

2.4.1 Strategies

Let A be an arena as usual, σ ∈ {0, 1}, and fσ : V ∗ Vσ → V a partial function.

A prefix of a play π = v0 v1 · · · vl is said to be conform with fσ if for every i
with 0 ≤ i < l and vi ∈ Vσ the function fσ is defined at v0 · · · vi and we have
vi+1 = fσ (v0 · · · vi ). Note, that this also implies vi+1 ∈ vi E. A play (finite or
infinite) is conform with fσ if each of its prefixes is conform with fσ . Now we
call the function fσ a strategy for Player σ on U ⊆ V if it is defined for every
prefix of a play which is conform with it, starts in a vertex from U , and does
not end in a dead end of Player σ. When U is a singleton {v}, we say fσ is a
strategy for Player σ in v.
Let G = (A, Win) be an arbitrary game with A as usual, and fσ a strategy for
Player σ on U . The strategy fσ is said to be a winning strategy for Player σ
on U if all plays which are conform with fσ and start in a vertex from U are
wins for Player σ.

Example 2.2. We use the game from Example 2.1.

When Player 1 moves from z0 to z0 every time the token is located on z0 ,
then he will win every play that visits z0 . This means, in particular, that f1
defined by f1 (yz0 ) = z0 and f1 (yz4 ) = z6 (or = z1 ) is a winning strategy for
Player 1 on W1 = {z0 , z1 }.
Each play that doesn’t begin in z0 or z1 , visits the vertex z2 at some point.
Player 0 should under no circumstances move the token from z2 to z0 because
his opponent could win as described above. Hence, his only chance is to move
the token from z2 to z4 . The resulting plays will visit z2 and z4 infinitely often.
Player 1 should not choose vertex z2 every time the token visits vertex z4
because this would result in a play with suffix (z2 z4 )ω which is a win for Player 0.
So, Player 1 should once in a while move the token from z4 to z6 .
The situation for Player 0 in vertex z6 is a bit more complicated. If he always
decides for moving the token to z3 , then the resulting play has the form π =
· · · (z6 z3 z2 z4 (z2 z4 )∗ )ω and is a loss for him. Similarly, he will loose if he always
moves the token to z5 . But he is able to win if he alternates between z3 and z5 .
To sum this up, consider the function f0 defined by


z4 if π ∈ V ∗ z2

z
3 if π ∈ V ∗ z5 z2 z4 (z2 z4 )∗ z6
f0 (π) = . (2.3)
z5
 if π ∈ V ∗ z3 z2 z4 (z2 z4 )∗ z6


z3 if π ∈ (V \ {z3 , z5 })∗ z6

This is a winning strategy for Player 0 on W0 = {z2 , z3 , z4 , z5 , z6 }.

We say that Player σ wins a game G on U ⊆ V if he has a winning strategy

on U .

Example 2.3. In the game from Examples 2.1 and 2.2, Player 1 wins on {z0 , z1 }
whereas Player 0 wins on {z2 , z3 , z4 , z5 , z6 }.
28 René Mazala

When (G, vI ) is an initialized game, we say Player σ wins it if he wins G on

the singleton set {v}.
Clearly, every initialized game has at most one winner:

Remark 2.4. For any game G, if Player 0 wins G on U0 and Player 1 wins G on
U1 , then U0 ∩ U1 = ∅.

Exercise 2.1. Proof the above remark by contradiction.

Given a game G, we define the winning region for Player σ, denoted Wσ (G)
or Wσ for short, to be the set of all vertices v such that Player 0 wins (G, v).
Clearly:

Remark 2.5. For any game G, Player σ wins G on Wσ (G).

Exercise 2.2. Proof the above remark by showing that if U is a family of sets of
vertices
 such that Player σ wins on each element U ∈ U, then Player σ wins on
U.
U ∈U

2.4.2 Transforming Winning Conditions

In the previous chapter, we have seen how acceptance conditions for ω-automata
can be transformed into one another. The same can be done with games. This
will be explained in this section.
We first note:

Remark 2.6. For every regular game (A, χ, Acc) there exists a Muller winning
condition Acc
such that (A, χ, Acc) and (A, χ, Acc
) have the same winning
regions.

The main result says that it is enough to consider parity games. Therefore,
parity games are of our interest in the whole volume.

Theorem 2.7. For every Muller game (A, χ, F ) there exists a parity game
(A
, χ
, Acc
) and a function r : V → V
such that for every v ∈ V , Player σ
wins ((A, χ, F ), v) if and only if Player σ wins ((A
, χ
, Acc
), r(v)).

Proof. The proof will be similar to the transformation of Muller conditions in

Rabin conditions for ω-automaton in the previous chapter: We modify the LAR
memory with hit position from Transformation 1.20 to contain colours instead
of vertices because the acceptance condition for our games was defined for the
colour sequence. But we have to keep track of the visited vertices too. This is
done in a product construction. We will see that the constructed Rabin condition
can be rewritten as Rabin chain or max-parity condition.
Let (A, χ, F) be a Muller game, C the (finite) set of colours, and a marker
∈/ C, a symbol not occurring in C. Now set our LAR memory to
 := { w ∈ (C ∪ {})∗ | |w| ≥ 2 ∧ |w|
= 1 ∧ ∀a ∈ C(|w|a ≤ 1) } .
C (2.4)
 2 Infinite Games 29

 is the set of all words w over the alphabet C ∪ {} where  and at least one
C
colour are infixes of w and each colour appears at most once.
Now we can define our game (A
, χ
, Acc
). As vertices we choose
 and V1
:= V1 × C
V
:= V0
∪ V1
with V0
:= V0 × C  . (2.5)
The set of edges is given by
 

E
:= ((v, q), (v
, ϕ(v
, q)))  v ∈ V, v
∈ vE, q ∈ C (2.6)

where ϕ : V × C→C  is the memory update function that deletes the marker,
replaces the colour c := χ(v
) of the given vertex v
by the marker and finally
appends c. Formally, ϕ is defined as


xyzc if q = xcyz


ϕ(v , q) := xyzc if q = xycz (2.7)


qc else (c is not an infix of q)

for each v
∈ V and each q ∈ C  with c := χ(v
). The function that transforms
the initial vertex can be set to
r(v) := (v, χ(v)) . (2.8)
The new colouring function χ
: V
→ ω is defined by

2 ∗ |y| − 1 if { c ∈ C | c infix of y } ∈
/F
χ (v, xy) := . (2.9)
2 ∗ |y| otherwise

We conclude the description of the construction by declaring Acc
to be a max-

parity condition.
Now we have to prove the correctness of this construction which is similar to
Lemma 1.21 in the previous chapter. Let π = v0 v1 · · · ∈ V ω be an infinite play in
A. The corresponding play π
in A
is uniquely determined: The projection onto
the first component p1 (π
) = π is our original play, and the second component
ω with qi = xi yi defined by q0 := χ(v0 ) and qi+1 :=
is p2 (π
) = q0 q1 . . . ∈ C
ϕ(vi+1 , qi ) for each i ∈ ω. Let F := Inf(χ(π)) be the set of infinitely often
visited colours in the play π. Hence, from some point j ∈ ω on the marker 
stays within the last |F | + 1 positions: ∀i ≥ j |yi | ≤ |F |. Second, the marker
must infinitely often occur in position |F | + 1, positions numbered from right to
left, because each colour from F is infinitely often moved to the end. That is,
{ k ≥ j | |yk | = |F | and yk forms the set F } is infinite. Thus, by construction
of χ
, we have that the highest colour visited infinitely often in π
has the even
value 2 · |F | if F ∈ F and the odd value 2 · |F | − 1 otherwise. For finite plays,
the situation is even simpler.
In summary, a play π is winning for Player 0 in A if and only if π
is winning
for him in A
. Conversely, every play π
in A
starting in a vertex r(v) corresponds
to a play π in A, for which the same holds. So, Player 0 wins the initialized game
(A, v) if and only if he wins (A
, r(v)). 

30 René Mazala

a a b
z0 z1 z2

Fig. 2.2. Example for the reduction

Example 2.8. Let A be the arena in Figure 2.2, and F = {{b}} a Muller accep-
tance condition. The example play π = z1 z2 z0 z1 z2ω is winning for Player 0. The
winning regions are W0 = {z2 } and W1 = {z0 , z1 }. The constructed max-parity
game A
is presented in Figure 2.3. We get

π
= (z1 , a)(z2 , ab)(z0 , ba)(z1 , ba)(z2 , ab)(z2 , ab)ω (2.10)

with the colouring χ
(π
) = 133132ω which is winning for Player 0 too. The
winning region W0
for Player 0 is the set of all vertices with z2 in the first
component. W1
is the complement of W0
.

1 1 3 2

z0 , a z1 , a z2 , ab z2 , ab

z0 , ba z1 , ba z0 , ba z2 , b

1 1 3 2

Fig. 2.3. Constructed max-parity game

2.4.3 Determinacy

In all of our example games, the winning regions for Player 0 and Player 1
partition the set of vertices of the game. When a game has this property, we will
say it is determined.
Martin (see, e. g., [119], [95]) showed that every game with a Borel type
winning set is determined. In Chapter 6, we will show the following special case
of Martin’s theorem.

Theorem 2.9. Every parity game is determined.

Together with Theorem 2.7, the previous theorem implies:

Corollary 2.10. Every regular game is determined.
 2 Infinite Games 31

2.4.4 Forgetful and Memoryless Strategies

The objective of this section is to introduce some notions that help to explain
how complex a winning strategy is.
As a motivation, consider the game from Example 2.1 again. We argued that
in order to win it is necessary for Player 0 to alternate between moving the
token to z3 and z5 when it is on z6 . More precisely, it is necessary not to stick
to one of the two vertices from some point onwards. This means that Player 0
has to remember at least one bit, namely whether he moved to z3 or z5 when
the token was on z6 the last time. But from our argumentation, it is also clear
that it is not necessary to remember more than that. In other words, a finite
memory is sufficient for Player 0 to carry out his strategy. We will say Player 0
has a forgetful strategy. The situation is much easier for Player 1. He does not
need to remember anything; he simply moves to z0 every time the token is on
z0 . We will say Player 1 has a memoryless strategy.
Let G be a game as usual. A strategy fσ is said to be finite memory or
forgetful if there exists a finite set M , an element mI ∈ M , and functions
δ : V × M → M and g : V × M → V such that the following is true. When
π = v0 v1 · · · vl−1 is a prefix of a play in the domain of fσ and the sequence
m0 , m1 , . . . , ml is determined by m0 = mI and mi+1 = δ(vi , mi ), then fσ (π) =
g(vl , ml ).
Forgetful strategies that don’t need memory at all, that is, where one can
choose M to be a singleton, are called memoryless or positional. Observe that
a memoryless strategy fσ has the property that whenever fσ is defined for πv
and π
v, then fσ (πv) = fσ (π
v). This allows us to view memoryless strategies
as partial functions Vσ → V , and, for ease in notation, we will often use this
representation.
Example 2.11. In Example 2.2, the strategy f1 for Player 1 is memoryless. To
see this, observe that we can choose M to be a singleton, say M = {m}, and
set g(z0 , m) = z0 and g(z3 , m) = g(z4 , m) = z2 . So, Player 1 has a memoryless
winning strategy on W1 = {z0 , z1 }. Using the simplified notation, we could write
f1 (z0 ) = z0 and f1 (z3 ) = f1 (z4 ) = z2 .
Player 0 needs to store which one of the colours 3 (occurring on vertex z3 )
and 4 (on vertex z5 ) he visited last. This can be done with a memory M = {3, 4}.
More precisely, one can choose mI = 3,


3 if v = z3
δ(v, m) = 4 if v = z5 . (2.11)


m otherwise
and


z 4 if v = z2
g(v, m) = z3 if v = z6 and m = 4 . (2.12)


z5 if v = z6 and m = 3
Thus, Player 0 has a forgetful winning strategy on W0 = {z2 , z3 , z4 , z5 , z6 }.
32 René Mazala

In Example 2.2, we already stated that Player 0 must not move from z6 to
the same successor every time he visits z6 . So, Player 0 can’t have a memoryless
winning strategy.
We say that Player σ wins a game G forgetful when he has a forgetful
strategy for each point of his winning region. Accordingly, it is defined what it
means to win with finite memory, memoryless, and positional.
Exercise 2.3. Give an example for a game G such that Player 0 wins forgetful
on each {v} for v ∈ W0 , but he has no forgetful winning strategy on W0 . Can
you give an example where G is regular?
In exercise 2.2, the reader was asked to show that if U is some set of vertices
such that Player σ wins a given game G on every element of U , then he wins
G on U . This is easy to see. In Exercise 2.3, the reader is asked to provide an
example that shows that the corresponding statement is not true for forgetful
strategies. However, a corresponding statement is true for memoryless strategies
under a certain condition:
Lemma 2.12. Let G = (A, Win) be any game with countable vertex set V ,
V ∗ Win ⊆ Win and Win/V ∗ ⊆ Win, (2.13)
∗ ∗
where Win/V := { η ∈ V | ∃w ∈ V with wη ∈ Win } is the set of all suffixes
ω

of Win. Let U be a set of vertices such that Player σ has a memoryless winning
strategy for each element from U . Then Player σ has a memoryless winning
strategy on U .
Before we turn to the proof observe that the two conditions on the winning set
are satisfied in every regular game: A prefix of a winning play can be substituted
by any other finite word; the set of infinitely often visited colours stays the same.
Proof. The proof uses the axiom of choice. For every u ∈ U , let fσu : Vσ → V
be a partial function which is a memoryless winning strategy for Player σ on u.
Without loss of generality, we assume that for every u ∈ U the domain of fσu ,
denoted Du , is minimal with respect to set inclusion.
Let< be a well-ordering on U (therefore we choose V to be countable) and
D := Du . We have to define a memoryless winning strategy fσ : D → V .
u∈U
For each v ∈ D, let u(v) be the minimal vertex in U (with respect to the
u(v)
well-ordering) with v ∈ Du(v) , and set fσ (v) := fσ (v). Clearly, fσ is well
defined and memoryless. We have to show that fσ is a winning strategy on U .
Assume π = v0 v1 · · · is a play starting in U and conform with fσ . In each
u(v )
σ-vertex vj of the play π, Player σ has to choose the strategy fσ j . Let i
be such that u(vi ) is minimal (with respect to the well-ordering) in the set
{ u(vj ) | j ∈ ω and vj ∈ D }. Then, from this moment i on, the strategy fσ
u(v )
follows the strategy fσ i . The domain Du(vi ) was minimal with respect to
set inclusion, thus, the play vi vi+1 · · · is a suffix of a play that starts in u(vi ),
visits vi , and is conform to fσ i . Hence, π ∈ V ∗ (Win/V ∗ ) ⊆ Win by our two
u(v )

conditions, which completes the proof. 


 2 Infinite Games 33

2 1 1 2
z0 z1 z2 z3

Fig. 2.4. Example for the construction of a memoryless strategy

Example 2.13. Let A be the max-parity game in Figure 2.4. Clearly, Player 0
wins on each v ∈ U = {z1 , z2 }, i. e. with the memoryless strategies
• f0z1 (z1 ) = z2 and f0z1 (z2 ) = z3 ,
• f0z2 (z2 ) = z1 and f0z2 (z1 ) = z0 .
To find a memoryless strategy on U , Player 0 can not set f0 (z1 ) = f0z1 (z1 ) and
f0 (z2 ) = f0z2 (z2 ) because this yields an infinite loop in z1 and z2 which is a loss
for him. If z1 < z2 in the well-ordering of U , then we get f0 ≡ f0z1 . This is a
memoryless winning strategy on U .

In Theorem 6.6 in Chapter 6 we will show the following.

Theorem 2.14. In every parity game, both players win memoryless. This is
called memoryless determinacy of parity games.

From this, together with the construction in the proof of Theorem 2.7, we
can conclude:

Corollary 2.15. In every regular game, both players win forgetful. Analogously,
this is called forgetful or finite memory determinacy of regular games.

Proof. Let (A, χ, F ) be a Muller game, A
the max-parity game as constructed

in the proof of Theorem 2.7, and V ‘ = V × C  the set of vertices of A
with

C defined in Equation 2.4. The memoryless determinacy of parity games yields
memoryless winning strategies f0
and f1
on the winning regions W0
and W1

with W0
∪ W1
= V
.
Now the observations in the proof of Theorem 2.7 allow us to construct
forgetful strategies in A. The winning regions are Wσ = { v ∈ V | (v, χ(v)) ∈
Wσ
} for σ ∈ {0, 1}. We can use the finite memory M = C  for both strategies.
As initial memory state of (A, v) we choose mI = χ(v). The memory update
function δ is equal to ϕ from Equation 2.7. The forgetful strategies g0 and g1
are defined by

gσ (v, q) := fσ
((v, q)) (2.14)

for σ ∈ {0, 1}, v ∈ Vσ ∩ Wσ , and q ∈ C. 

Clearly, these strategies are forgetful winning strategies because gσ simulates
fσ
. 


Note that the initial memory state in the previous construction could be
chosen arbitrarily.
34 René Mazala

Exercise 2.4. Using the results from the previous chapter, determine how much
memory is sufficient and necessary to win Rabin and Muller games.

Theorem 2.14 states that parity games enjoy memoryless determinacy, that
is, winning strategies for both players can be chosen memoryless. It is easy to
show that in certain Muller games both players need memory to win. In between,
we have Rabin and Streett conditions. For those, one can actually prove that
one of the two players always has a memoryless winning strategy, but we will
not carry out the proof in this volume.

Theorem 2.16. In every Rabin game, Player 0 has a memoryless winning strat-
egy on his winning region. Symmetrically, in every Streett game, Player 1 has a
memoryless strategy on his winning region.

This theorem can also be applied to certain Muller automata on the grounds
of the following observation. A Muller condition (F0 , F1 ) can be rephrased as
Rabin condition if and only if F1 is closed under union.

Example 2.17. We got a memoryless strategy for Player 1 in our Example 2.11.
His winning condition F1 is expressible as Rabin condition:
{({3}, {4}), ({4}, {3}), ({1}, {2})}. He wins a play if it loops, for instance, finitely
often through one of the colours 3 or 4 and infinitely often through the other
colour. Note that the winning condition cannot be rephrased as a parity condi-
tion, that is, Rabin chain condition (on the same graph).

2.5 Solving Games with Simple Winning Conditions

In this section, we prove special instances of Corollaries 2.10 and 2.15 and The-
orem 2.14.

2.5.1 Reachability Games and Attractors

For a start, we consider games which do not really fit into the framework that
we have used thus far. Given an arena A = (V0 , V1 , E) and a set X ⊆ V the
reachability game R(A, X) is the game in which a play π (be it finite or
infinite) is winning for Player 0 if some vertex from X or a dead end belonging
to Player 1 occurs in π. This is different from the games we have studied so far
because a dead end for Player 0 does not need to be a loosing position for him.
Strategies for reachability games are defined as before, but with the difference
that a strategy for Player 0 does not need to be defined for arguments that end
in a vertex from X.

Proposition 2.18. Reachability games enjoy memoryless determinacy.

Proof. The proof is constructive in the sense that on finite graphs it can be
immediately turned into an algorithm which computes the winning regions and
the memoryless winning strategies.
 2 Infinite Games 35

Let A be an arena as usual and X ⊆ V . The winning region for Player 0 in

P P
R(A, X) and a memoryless winning strategy for Player 0 are defined inductively.
In the inductive step, we use the function pre : (V ) → (V ) defined by

pre(Y ) = { v ∈ V0 | vE ∩ Y = ∅ } ∪ { v ∈ V1 | vE ⊆ Y } (2.15)

Inductively, we set X 0 = X,

X ν+1 = X ν ∪ pre(X ν ) (2.16)

for all ordinals ν, and


Xξ = Xν (2.17)
ν<ξ

for each limit ordinal ξ. Let ξ be the smallest ordinal such that X ξ = X ξ+1 . We
claim that W := X ξ is Player 0’s winning region. Clearly, for every v ∈ W \ X
there exists a unique ordinal ξv < ξ such that v ∈ X ξv +1 \ X ξv . By the above
definition, we furthermore know that for every v ∈ W ∩V0 \X there exists v
∈ vE
such that v
∈ X ξv . We set f0 (v) = v
and claim that f0 is a memoryless strategy
for Player 0 on W . This can be easily proved by transfinite induction: One shows
that f0 is winning for Player 0 on X ν for every ν ≤ ξ. Hence, W ⊆ W0 .
On the other hand, let W
= V \ W and assume v ∈ W
. Then v ∈ / X. If
v is a dead end, it must be a dead end of Player 0 because all dead ends of
Player 1 belong to X 1 . But, on a dead end belonging to Player 0, Player 1 wins
immediately. If v is no dead end and belongs to V0 , we have v
∈ / W for every
v
∈ vE because otherwise v would belong to W . Similarly, if v is no dead end
and belongs to V1 , there exists v
∈ vE such that v
∈ / W because otherwise
v would belong to W . If we set f1 (v) = v
in this case, then f1 is clearly a
memoryless strategy for Player 1. Every play conform with this strategy and
starting in W
has the property that all its vertices belong to W
. Since W

does not contain vertices from X or dead ends of Player 1 this play must be
winning for Player 1. Hence, f1 is a winning strategy for Player 1 on W
and
V \ W = W
⊆ W1 , that is, W0 = W and W1 = V \ W . 


The winning region of Player 0 in a reachability game R(A, X) is denoted

Attr0 (A, X) and called 0-attractor of the set X in the arena A. A memoryless
winning strategy f0 as described in the above prove is called a corresponding
attractor strategy for Player 0. 1-attractor and attractor strategy for Player 1
are defined symmetrically, simply by exchanging V0 and V1 in the arena.

Exercise 2.5. Let A be an arbitrary arena, X ⊆ V , and aX : P (V ) → P (V )

the function defined by

aX (U ) := X ∪ pre(U ) . (2.18)

Show that aX is monotone with respect to set inclusion and that Attr0 (A, X) is
the least fixed point of aX .
36 René Mazala

Exercise 2.6. Show that in a finite arena with n vertices and m edges the at-
tractor of any set can be computed in time O(m + n).

Exercise 2.7. Let A be an arena and Y = V \ Attrσ (A, X) for some X ⊆ V .

Show that σ cannot escape Y in the sense that vE ⊆ Y for every v ∈ Y ∩ Vσ
and vE ∩ Y = ∅ for every v ∈ Y ∩ Vσ .

This exercise motivates the following definition. A σ-trap is a subset Y ⊆ V

such that vE ⊆ Y for every v ∈ Y ∩ Vσ and vE ∩ Y = ∅ for every v ∈ Y ∩ Vσ .
A function which picks for every v ∈ Y ∩ Vσ a vertex v
∈ vE ∩ Y is called a
trapping strategy for Player σ.

Remark 2.19. The complement of a σ-attractor is a σ-trap.

The above remark tells us that, without loss of generality, we can assume
that arenas have no dead ends. Let (A, Acc) be an arbitrary game with A =
(V0 , V1 , E). For σ ∈ {0, 1}, we set Uσ = Attrσ (A, ∅). Then Player σ wins (A, Acc)
on Uσ memoryless. Now, let V0
= V0 \ (U0 ∪ U1 ) and V1
= V1 \ (U0 ∪ U1 ) and
consider the arena A
= (V0
, V1
, E ∩ ((V0
∪ V1
) × (V0
∪ V1
))). Clearly, A
does
not have any dead end. Further, for every v ∈ V0
∪ V1
, Player 0 wins (A
, Acc, v)
iff he wins (A, Acc, v) and, symmetrically, Player 1 wins (A
, Acc, v) iff he wins
(A, Acc, v). More specifically, winning strategies for (A
, Acc) can be used in
(A, Acc).

Exercise 2.8. Work out the details of the above argument.

z0

z1 z2

Fig. 2.5. Dead end strategy for Player 1

Example 2.20. In the game depicted in Figure 2.5, Player 1 may prevent an
infinite play by moving the token to z2 . This is a dead end for Player 0 and
Player 1 wins.

2.5.2 1-acceptance

Using what we have proved about reachability games, we can now easily solve
1-games.

Proposition 2.21. 1-games enjoy memoryless determinacy.

 2 Infinite Games 37

Proof. Let G = (A, χ, F ) and define Y and V
by Y = Attr1 (G, ∅) and V
= V \Y .

Let A
= (V0 ∩ V
, V1 ∩ V
, E ∩ (V
× V
)). Observe that A
does not contain
any dead end of Player 0. We claim that W := Attr0 (A
, χ−1 (F )) is the winning
region of Player 0 in G.
Clearly, Y is a subset of the winning region of Player 1. Further, W ⊆ W0 ,
because on this set Player 0 can force the game into a dead end of Player 1 or a
vertex in χ−1 (F ) and go on forever because A
does not contain any dead end
of Player 0. Remember that V
is a 1-trap, that is, Player 1 cannot escape V
.
And on both sets, Y and W we have memoryless winning strategies (attractor
and trapping strategies) for the respective players. It is now sufficient to show
that Player 1 has a memoryless winning strategy on Z := V
\ W . Since Z is a
0-trap of A
, Player 1 can use his trapping strategy and the token will then stay
in Z forever or stay in Z until it is moved to a vertex in Y , which is winning for
Player 1 anyway. 


Exercise 2.9. Show that for finite arenas, the winning regions of 1-games can be
computed in time O(m + n). (See also Exercise 2.6.)

2.5.3 Büchi Acceptance

Obviously, Büchi games can viewed as parity games. So memoryless determinacy

follows from memoryless determinacy of parity games, which will be proved in
Chapter 6. Nevertheless, we give a straightforward proof along the lines of the
proofs that we have seen in the previous two subsections.

Theorem 2.22. Büchi games enjoy memoryless determinacy.

Proof. Like in the other solutions, we first describe how to construct the winning
region for Player 0 in a Büchi game (A, χ, F ).
We set Y = χ−1 (F ), and define inductively:

Z0 = V , (2.19)
X ξ = Attr0 (A, Z ξ ) , (2.20)
ξ ξ
Y = pre(X ) , (2.21)
Z =Y ∩Y ,
ξ+1 ξ
(2.22)

ξ
Z = Zν , (2.23)
ν<ξ

where the last equation only applies to limit ordinals ξ. Let ξ be the least ordinal
≥ 1 such that Z ξ = Z ξ+1 . We claim W := Attr0 (A, Z ξ ) is the winning region of
Player 0.
To prove W ⊆ W0 , we describe a memoryless winning strategy f0 for Player 0
on W . For every v ∈ V0 ∩ Z ξ , there exists v
∈ vE ∩ Attr0 (A, Z ξ ) and we set
f0 (v) = v
. For every other v ∈ V0 ∩ W , we know v ∈ Attr0 (A, Z ξ ), and thus
we set f0 (v) to the value of a respective attractor strategy. Now, the following is
38 René Mazala

easy to see. First, if a finite play starting in W is conform with f0 , then it ends
in a dead of Player 1, which means Player 0 wins. Second, if an infinite play
starting in W is conform with f0 it eventually reaches Z ξ and from this point
onwards it will reach Z ξ over and over again. But since Z ξ ⊆ Y (this is because
ξ ≥ 1), the play will be winning for Player 0.
To prove that W0 = W , we argue that Player 1 has a memoryless winning
strategy on W
:= V \ W . The winning strategy is defined as follows. For every
v ∈ W
there exists a least ν such that v ∈ X ν \ X ν+1 . (Note that X 0 = V and




X ν ⊆ X ν for all ordinals ν
and ν

with ν

< ν
.) Since X ν+1 is a 0-attractor,
V \X ν+1 is a 0-trap. We set f1 (v) to the value of a trapping strategy for Player 1
if v ∈ Y . Otherwise, it follows that v ∈ pre(X ν ), and thus, there exists some
v
∈ vE ∩ V \ X ν . We set f1 (v) = v
. By induction on ν, it is now easy to show
that f1 is a winning strategy for Player 1 on V \ X ν . It follows that f1 is a
winning strategy on W
. 


Exercise 2.10. Show that for a finite arena, the winning regions of a Büchi game
can be computed in time O(n(m + n)).
3 Determinization of Büchi-Automata

Markus Roggenbach

Bremen Institute for Safe Systems

Bremen University

For Bene

Introduction

To determinize Büchi automata it is necessary to switch to another class of

ω-automata, e.g. Muller or Rabin automata. The reason is that there exist lan-
guages which are accepted by some nondeterministic Büchi-automaton, but not
by any deterministic Büchi-automaton (c.f. section 3.1).
The history of constructions for determinizing Büchi automata is long: it
starts in 1963 with a faulty construction [133]. In 1966 McNaughton showed,
that a Büchi automaton can be transformed effectively into an equivalent de-
terministic Muller automaton [125]. Safra’s construction [158] of 1988 leads to
deterministic Rabin or Muller automata (c.f. section 3.2): given a nondetermin-
istic Büchi automaton with n states, the equivalent deterministic automaton has
2O(n log n) states. For Rabin automata, Safra’s construction is optimal (c.f. sec-
tion 3.3). The question whether it can be improved for Muller automata is open.
Safra’s construction is often felt to be difficult. Thus, in 1995 Muller and Schupp
[137] presented a ‘more intuitive’ alternative, which is also optimal for Rabin
automata.
Although Safra’s construction is optimal for Rabin automata, the resulting
automata often contain equivalent states, which can be eliminated. An example
for this effect is presented in Exercise3.6. As it is completely open how to min-
imize ω-automata, it would be quite interesting to develop procedures for ‘fine
tuning’ Safra’s construction. Some ideas in this direction can be found e.g. in
[153].
Considering the languages recognizable by different classes of automata we
obtain the following picture:

nondeterministic Büchi ⇔ nondeterministic Muller ⇔ nondeterministic Rabin

⇒

deterministic Büchi ⇒ deterministic Muller ⇔ deterministic Rabin

These relations hold thanks to the following results:

• Obviously the deterministic variant of a class of automata is included in the

nondeterministic variant of this class.
• Theorem 3.2 shows that the inclusion of the deterministic variant in the
nondeterministic variant is strict for Büchi automata.

E. Grädel et al. (Eds.): Automata, Logics, and Infinite Games, LNCS 2500, pp. 43-60, 2002.
 Springer-Verlag Berlin Heidelberg 2002
44 Markus Roggenbach

• Safra’s construction implies that the class of nondeterministic Büchi au-

tomata is included in the class of deterministic Muller automata as well as
in the class of deterministic Rabin automata (Theorem 3.6).
• Section 1.3.2 describes how to transform a nondeterministic Muller automa-
ton into an equivalent nondeterministic Büchi automaton.
• Transformation 1.15 of section 1.3.3 constructs an equivalent nondetermin-
istic Muller automaton from a given nondeterministic Rabin automaton.

The above picture also shows how determinization can be used for comple-
mentation: given a nondeterministic Büchi automaton accepting a language L,
use Safra’s construction to obtain an equivalent deterministic Muller automa-
ton with state set Q and system F of final state sets. With 2Q \F as system
of final state sets, this automaton accepts the complement of L. Applying the
construction of section 1.3.2 results in a Büchi automaton for the complement
of L.
Another application of Safra’s construction can be found in Klarlund, Mu-
kund and Sohoni [99]: they generalize the construction to asynchronous finite
automata accepting infinite Mazurkiewicz traces.
This chapter is organized as follows: section 3.1 shows that the inclusion
of the deterministic variant in the nondeterministic variant is strict for Büchi
automata. Then Safra’s construction is discussed and proven to be correct in
section 3.2. Finally, section 3.3 deals with the optimality of Safra’s construction.

3.1 Deterministic versus Nondeterministic

Büchi-Automata

Safra’s construction is a refinement of the classical powerset construction as

used in the determinization of automata over finite words (c.f. [87]): given an
automaton with states Q, the powerset construction uses sets of states from
Q – which we call macrostates here – as states of the desired deterministic
automaton. In order to understand Safra’s modifications, it is quite instructive
to study why the original construction fails for automata over infinite words.

Example 3.1. Consider the Büchi automaton A = ({qI , f }, {a, b}, ∆, qI, {f }),
where
∆ = {(qI , a, qI ), (qI , b, qI ), (qI , a, f ), (f, a, f )}
(c.f. Figure 3.11 ). This automaton A accepts the language

L := {α ∈ {a, b}ω | b (α) < ∞},

where b (α) denotes the number of ‘b’s occurring in word α.

The powerset construction for finite automata leads to the deterministic au-
tomaton shown in Figure 3.2. The only reasonable Büchi condition would be
1
We follow the convention to depict the initial state by an incoming arc without
source, and recurring states of a Büchi automaton by double circles.
 3 Determinization of Büchi-Automata 45

F = { {qI , f } }, which would also accept the word (ab)ω ∈ / L. The problem with
the corresponding run  = {qI }{qI , f }{qI}{qI , f } . . . is that – although there
are infinitely many macrostates containing f – we cannot extract a run of A
from  exhibiting infinitely many f : at any time when we could choose f from
a macrostate in , there is no transition with label b available in A.
Note that with

• F = {{ {qI, f } }} as Muller condition, and with

• ({ {qI } }, { {qI, f } }) as Rabin condition,

the automaton of Figure 3.2 accepts the desired language L.



a,b a

a
qI f

Fig. 3.1. A nondeterministic Büchi automaton.

b a

a
{qI } {qI , f }
b

Fig. 3.2. A deterministic Büchi automaton.

It is no accident that in the above example the powerset construction fails

in case of Büchi automata. The considered language cannot be accepted by any
deterministic Büchi automaton:

Theorem 3.2 (Deterministic versus Nondeterministic Büchi Automata).

There exist languages which are accepted by some nondeterministic Büchi-au-
tomaton but not by any deterministic Büchi-automaton.

Proof. Let Σ := {a, b}. Consider again the language L := {α ∈ Σ ω | b (α) < ∞}.
As shown in the above example, L is accepted by a nondeterministic Büchi
automaton.
Assume that there is a deterministic Büchi automaton A = (Q, Σ, δ, qI , F )
accepting L. This automaton accepts all words of the form σaω , where σ ∈ Σ ∗ .
Consider a reachable state q ∈ Q. Any finite word σq leading in A from the
initial state qI to q can be extended to an infinite word σq aω ∈ L, i.e. some
state f ∈ F occurs infinitely often in its run on A. Thus there must be a finite
sequence of a-transitions from q to a recurring state.
46 Markus Roggenbach

Let m be the maximal number of a-transitions which are needed in A to

get from a reachable state to a recurring state. Then A also accepts the word
α = (bam )ω ∈ / L: As A is deterministic, there exists a run  of A on (bam )ω .
By construction of α, the automaton A reaches, after each ‘b’, a recurring state
within the next m a-transitions. Thus  includes infinitely many occurrences of
recurring states, and α is accepted.


3.2 Safra’s Construction

The results of the previous section demonstrate that it is indeed necessary to

switch to another class of ω-automata in order to find an equivalent determin-
istic automaton for a given Büchi automaton. But example 3.1 leaves open the
question whether the powerset construction might be sufficient to obtain an
equivalent Rabin or Muller automaton. This is not the case for Rabin automata:

Example 3.3. Consider the Büchi automaton A = ({qI , q1 , q }, {1, }, ∆, qI , {qI })

of Figure 3.3.


1
qI q1 1,
1


q

1,

Fig. 3.3. A nondeterministic Büchi automaton.

Exercise 3.1. Apply the powerset construction to the nondeterministic Büchi

automaton of Figure 3.3. Prove that there exists no Rabin condition, that allows
to accept the same language with the resulting automaton.
Hint: Assume that there exists such a Rabin condition and consider the pair
(E, F ) which is necessary to accept the word 1(11 )ω .

The weakness of the powerset construction is that the resulting automaton

allows for too many ‘accepting’ runs: given a run of this automaton with infinitely
many macrostates containing a recurring state it might be impossible to ‘extract’
a sequence of states out of this run forming an accepting run of the original
nondeterministic Büchi automaton. Safra’s key idea is to modify the classical
powerset construction in such a way that it allows for such an operation.
 3 Determinization of Büchi-Automata 47

3.2.1 Safra’s Tricks

Before presenting the construction in detail, we discuss Safra’s tricks for extend-
ing the powerset construction in an informal way:

Trick 1: Initialize new runs of macrostates starting from recurring states.

Whenever recurring states occur in a macrostate, say M , the successor state
of M for some input a ∈ Σ gets an extra component. This component
consists of all states which can be reached under a from F ∩ M, c.f. Figure
3.4. This leads to new concept of states replacing the old macrostates by
‘sets’ of macrostates. The modified powerset construction can be applied
componentwise on these sets of macrostates. This trick corresponds to Step
2 in Safra’s construction, c.f. section 3.2.3.
This idea has the effect that every state included in an extra component has
– in the original nondeterministic Büchi automaton – a recurring state as
predecessor. Using this information in a clever way allows for constructing
an accepting run on the nondeterministic Büchi automaton from an accept-
ing run of the automaton obtained by the improved powerset construction,
c.f. Lemma 3.9. See Exercise3.2 for an example illustrating this trick.
Safra organizes these sets of macrostates as ordered trees with macrostates
as labels, the so-called Safra trees. Applying Trick 1 to a leaf gives rise to a
son, which increases the height of a Safra tree. Applying Trick 1 to a node,
which already has a son, gives rise to a younger brother of this son, which
might increase the width of a Safra tree. In order to obtain a finite set of
states in the automaton to be constructed this growth in height and width
has to be restricted: Trick 2 does so for width, while Trick 3 controls the
height.

Exercise 3.2. Apply Trick 1 on the Büchi automaton of example 3.1. How
does it prevent the run of (ab)ω to be accepting?

Trick 2: Keep track of joining runs of the nondeterministic Büchi automaton

just once.
To illustrate this trick we consider two finite runs

q1 q2 . . . f qi . . . qj−1 qj . . . qn qn+1 and q1 q2 . . . qi−1


qi . . . f  qj . . . qn qn+1

of a nondeterministic Büchi automaton on the same finite word a1 . . . an ,

where both runs start in state q1 , end in state qn+1 , and visit recurring
states f and f  , respectively. Figure 3.5 shows, how Trick 1 leads to extra
components: the recurring states f and f  give rise to components {qi } and
{qj }, respectively. As both runs join in state qn+1 , the extra components of
the last state are identical and hold the same ‘information’: state qn+1 has
– in the original nondeterministic Büchi automaton – a recurring state as
predecessor. As there is no need to store this information twice, the second
component can be removed. On Safra trees this operation is called ‘horizontal
merge’. It corresponds to Step 4 in Safra’s construction, c.f. section 3.2.3.
48 Markus Roggenbach

Trick 3: If all states in a macrostate have a recurring state as predecessor,

delete the corresponding components.
Figure 3.6 illustrates this situation: starting in a macrostate M, a finite run
leads via Trick 1 to a situation where we have a macrostate M  and extra
components K1 , . . . , Kk . If
M  = K1 ∪ · · · ∪ Kk ,
then all states collected in M  have a recurring state as predecessor. Encoding
this situation by marking macrostate M  with a special sign, say ‘!’, all extra
components can be removed. On Safra trees this operation is called ‘vertical
merge’. It corresponds to step Step 6 in Safra’s construction, c.f. section
3.2.3.

M with M ∩ F = ∅ a {q ∈ Q | (m, a, q) ∈ ∆, m ∈ M },
{q ∈ Q | (m, a, q) ∈ ∆, m ∈ F ∩ M }

Fig. 3.4. Illustration for Trick 1.

3.2.2 Safra Trees

Given some fixed set of states Q, Safra trees are ordered, directed trees over
some vocabulary V of node names, where the nodes have nonempty macrostates,
i.e. subsets of Q, as labels. Additionally to its macrostate, a node can be marked
with the special symbol ‘!’. Safra trees satisfy the following two conditions:
Condition 1: The union of brother macrostates is a proper subset of their
parent macrostate.
Condition 2: Brother macrostates are disjoint.
This has as a consequence that the number of nodes in a Safra tree is bounded
by |Q|. We prove this claim by induction on the height of Safra trees over Q : For
the empty tree with height 0, and also for a tree with height 1, which consists
just of a root node, the claim holds trivially. In the induction step observe that
the sons of the root define Safra trees of lower height over disjoint subsets Qi of
states (Condition 2). Thus,
by induction hypothesis, the number of
nodes in the
whole tree is bounded by
( i |Q i |) + 1. By Condition 1 we have i |Qi | < |Q|,
and we finally obtain ( i |Qi |) + 1 ≤ |Q|.
Interpreting this result in terms of height and branching of a Safra tree we
obtain:
• The height of a Safra tree is at most |Q|.
• Safra trees are finitely branching, a node has at most |Q| − 1 sons.
 3 Determinization of Büchi-Automata 49

{. . . , q1 , . . . } {. . . , qn+1 , . . . },
{qn+1 }, {qn+1 }

a1 an

{. . . , q2 , q2
, . . . } {. . . , qn , qn
, . . . },
{qn }, {qn
}

a2 an−1

.. ..
. .

ai−2 aj

{. . . , qj , qj
, . . . },
{. . . , f, qi−1 , . . . }
{qj }, {qj
}

ai−1 aj−1

{. . . , qi , qi
, . . . }, ai aj−2 {. . . , qj−1 , f
, . . . },

···
{qi } {qj−1 }

Fig. 3.5. Illustration for Trick 2.

··· M
,
M
K1
, . . . , Kk

Fig. 3.6. Illustration for Trick 3.

50 Markus Roggenbach

3.2.3 The Construction

Let B = (Q, Σ, qI , ∆, F ) be a nondeterministic Büchi automaton. Safra’s con-

struction yields a Safra tree as an initial state qI , a set of Safra trees as set of
states Q , and a transition function δ : Q × Σ → Q for the alphabet Σ. To
complete the construction a suitable accepting component has to be chosen: ei-
ther a system of final state sets F to obtain a deterministic Muller automaton
M = (Q , Σ, qI , δ, F ), or a set of accepting pairs Ω = {(E1 , F1 ), . . . , (Ek , Fk )}
to obtain a Rabin automaton R = (Q , Σ, qI , δ, Ω), that both accept the same
language as the original nondeterministic Büchi automaton B.
Choose V := {1, 2, . . . , 2 |Q|} as vocabulary for denoting nodes of Safra trees.
This is sufficient, as the number of nodes in Safra trees is bounded by |Q| = n,
and the computation of a successor of a Safra tree introduces at most n new
nodes at intermediate stages (c.f. Step 2).

(1) The initial state qI is the Safra tree consisting of the single node 1 labelled
with macrostate {qI }.
(2) The value of the transition function δ(T, a) for a given input a ∈ Σ and a
Safra tree T with a set N of nodes is computed as follows:
Step 1: Remove all marks ‘!’ in the Safra tree T.
Step 2: For every node v with macrostate M such that M ∩ F = ∅, create
a new node v  ∈ (V \N ), such that v  becomes the youngest son of v and
carries the macrostate M ∩ F.
Step 3: Apply the powerset construction on every node v, i.e. replace its
macrostate M by {q ∈ Q | ∃(m, a, q) ∈ ∆ : m ∈ M }.
Step 4 (horizontal merge): For every node v with macrostate M and
state q ∈ M, such that q also belongs to an older brother of v, remove q
from M.
Step 5: Remove all nodes with empty macrostates.
Step 6 (vertical merge): For every node whose label is equal to the union
of the labels of its sons, remove all the descendants of v and mark v with
‘!’.
(3) The set of states Q consists of all reachable Safra trees.

A Muller automaton is obtained by choosing the acceptance component as fol-

lows: A set S ⊆ Q of Safra trees is in the system F of final state sets if for some
node v ∈ V the following holds:

Muller 1: v appears in all Safra trees of S, and

Muller 2: v is marked at least once in S.

To obtain a Rabin automaton, one takes all pairs (Ev , Fv ), v ∈ V, as acceptance

component, where

Rabin 1: Ev consists of all Safra trees without a node v, and

Rabin 2: Fv consists of all Safra trees with node v marked ‘!’.
 3 Determinization of Büchi-Automata 51

We should check first, that – given a Safra tree T and an input symbol a
– the transition function δ computes indeed a Safra tree. This ensures that Q
consists of Safra trees, as the initial state qI is obviously a Safra tree.
Removing the marks ‘!’ from all nodes of a Safra tree T does not violate
Condition 1 or Condition 2, and as all macrostates are nonempty in T, they are
also nonempty after Step 1. Thus Step 1 preserves the Safra tree properties.
Applying Step 2 on a Safra tree T with a node v carrying a macrostate
M ⊆ F, yields a tree violating Condition 1, as v and its youngest son carry
afterwards the same label M. Computing new macrostates for all nodes of a tree
in Step 3 may lead to even more trouble:

(1) Afterwards, brother macrostates might share a state q ∈ Q, violating Con-

dition 2.
(2) The new computed macrostate can be the empty set.
(3) It might also happen, that Condition 1 is violated, i.e. the union of brother
macrostates equals the parent macrostate. This happens for example if in
Step 2 a node carries a macrostate M ⊆ F.

Step 4, Step 5, and Step 6 deal with these problems, resp.: Step 4 ensures Con-
dition 2 by horizontal merge of brother macrostates. Step 5 removes nodes with
empty macrostates. By vertical merge Step 6 fixes situations where Condition 1
is violated. Thus, we finally obtain after all six steps a Safra tree.

a,b c

a
a
qI f g a
a

Fig. 3.7. A nondeterministic Büchi automaton.

Example 3.4 (Applying Safra’s construction).

We apply Safra’s construction to the nondeterministic Büchi automaton
shown in Figure 3.7. Figure 3.8 and Figure 3.9 give some examples how to com-
pute the transition function δ: they present the resulting tree after executing a
certain step. If a step alters the tree, its name is typed bold. Note that the empty
tree  may arise as a result of Safra’s construction. The resulting automaton is
depicted in Figure 3.10.
To obtain a Rabin automaton, we choose – according to the above described
construction – two accepting pairs (E1 , F1 ) and (E2 , F2 ), where

• E1 = {}, F1 = {1 − {f }−!, 1 − {g}−!, 1 − {f, g}−!}, and

 
 1 − {qI , f, g} 
• E2 = {1−{qI }, , 1−{qI , f }, 1−{f }−!, 1−{g}−!}, F2 = ↓ .
 
2 − {g, f }−!
52 Markus Roggenbach

Computing δ(1 − {qI }, a) :

Step 1 Step 2 Step 3

1 − {qI } 1 − {qI } 1 − {qI , f }

Computing δ(1 − {qI }, c) :

Step 1 Step 2 Step 3 Step 4 Step 5

1 − {qI } 1 − {qI } 1−∅ 1−∅ 

Computing δ(1 − {qI , f }, c) :

Step 1 Step 2 Step 3 Step 4 Step 5 Step 6

1 − {qI , f } 1 − {qI , f } 1 − {f } 1 − {f } 1 − {f } 1 − {f } - !

2 − {f } 2 − {f } 2 − {f } 2 − {f }

Fig. 3.8. Steps from Safra’s Construction.

Note that we need indeed a ‘true’ Rabin condition: While it is possible to

choose E1 as the empty set, this is not the case for E2 : E2 = ∅ allows to accept
the word (aaab)ω ∈/ L.
The construction and discussion of the Muller condition is left as Exercise 3.4.



As the above example indicates, the constructed Rabin and Muller conditions
are not ‘minimal’. For Muller conditions the following restriction might lead to
a smaller a system of final state sets (the proof is left for Exercise 3.5):

Remark 3.5 (Refinement of the Muller Condition).

Restricting the system of final state sets F obtained by conditions Muller 1
and Muller 2 to those sets which form a strongly connected component in the
automaton leads to an equivalent Muller automaton.


Exercise 3.3. Apply Safra’s construction to the nondeterministic Büchi automa-

ton of Figure 3.3.
 3 Determinization of Büchi-Automata 53

Computing δ( 1 − {qI , f, g} , a) :
↓
2 − {g, f }−!

Step 1 Step 2 Step 3

1 − {qI , f, g} 1 − {qI , f, g} 1 − {qI , f, g}

2 − {g} 2 − {g} 3 − {f, g} 2 − {f, g} 3 − {f, g}

4 − {g} 4 − {f, g}

Step 4 Step 5 Step 6

1 − {qI , f, g} 1 − {qI , f, g} 1 − {qI , f, g}

2 − {f, g} 2 − {f, g} - !
2 − {f, g} 3−∅

4 − {f, g}
4 − {f, g}

Fig. 3.9. Some Steps from Safra’s Construction.

Exercise 3.4. Consider the nondeterministic Büchi automaton shown in Fig-

ure 3.7. Figure 3.10 shows the result of Safra’s construction. Compute a sys-
tem of final state sets F to obtain a deterministic Muller automaton M =
(Q , Σ, qI , δ, F ).
Argue, why this system F may be restricted to include only sets, which are
strongly connected components.

Exercise 3.5. Prove Remark 3.5. Is it possible to generalize this result to arbi-
trary Muller conditions?

Theorem 3.6 (Correctness). Let B = (Q, Σ, qI , ∆, F ) be a nondeterministic

Büchi automaton. Let M = (Q , Σ, qI , δ, F ) be the deterministic Muller and
54 Markus Roggenbach

a,b,c

c
1 − {qI } 
b b
b a b a

a
c a
1 − {qI , f } 1 − {f }−! 1 − {g}−! 1 − {f, g}−!
b c

c
c
a

b
1 − {qI , f, g}
↓ c
2 − {g}

1 − {qI , f, g}
↓
2 − {g, f }−!
a

Fig. 3.10. Safra’s construction applied on the automaton of Figure 3.7.

R = (Q , Σ, qI , δ, Ω) be the deterministic Rabin automaton obtained by Safra’s

construction. Then
L(B) = L(M) = L(R).

Proof. By Lemma 3.7 and Lemma 3.9.



Lemma 3.7 (Completeness). For the nondeterministic Büchi automaton B, the

deterministic Muller automaton M, and the deterministic Rabin automaton R
of Theorem 3.6 we have:

L(B) ⊆ L(M) and L(B) ⊆ L(R).

Proof. Let α ∈ L(B). As M and R are deterministic and have the same initial
state and transition relation there exists one run  on α of both automata. We
claim that there is at least one node v in the Safra trees of  such that

Claim 1: v – from a certain point on – is a node of all Safra trees in  and

Claim 2: v is marked ‘!’ infinitely often.

Concerning the Muller condition this proves that Inf( ) equals a set in the
system F of final states: condition Muller 1 is true because a Safra tree of  not
including v is not in Inf( ). As v is marked ‘!’ infinitely often in  and Q is a
finite set, there exists some Safra tree in Inf( ) with v marked ‘!’. Therefore also
 3 Determinization of Büchi-Automata 55

condition Muller 2 is fulfilled. Thus  is an accepting run of the deterministic

Muller automaton M, and we obtain α ∈ L(M).
The Rabin condition holds trivially for the accepting pair (Ev , Fv ) : Inf( ) ∩
Ev = ∅ is true thanks to Claim 1, Claim 2 implies Inf( ) ∩ Fv = ∅. Thus  is an
accepting run of the deterministic Rabin automaton R, and we obtain α ∈ L(R).
Claim 1 holds for the root node: As α ∈ L(B), there exists an accepting
run  in the nondeterministic Büchi automaton B. Thus the root of all Safra
trees occurring in the run  is nonempty: the root macrostate of the i-th Safra
tree in  includes (i) and therefore cannot be removed in Step 5 of the Safra
construction. If the root is marked ‘!’ infinitely often, also Claim 2 holds, and
we are done.
If the root is not marked ‘!’ infinitely often we need to consider another
candidate for v. As the run  of the nondeterministic Büchi automaton B is
accepting, there exists a state q ∈ Inf() ∩ F, which occurs infinitely often in the
root macrostate of the Safra trees in the run  . Consider the first occurrence of
q in  after the last occurrence of the mark ‘!’ at the root (if marks existed at
all). As q ∈ F, q will be put into the macrostate of the youngest son of the root
(Step 2 of Safra’s construction). From this point onwards, the states of the run 
appear in the macrostate of this son, or (due to the horizontal merge operation
in Step 4 of Safra’s construction) get associated to older brothers of this son.
Such a shift to an older brother can happen only a finite number of times: Due to
Condition 2 on Safra trees any node has only finitely many brothers, especially
only finitely many older brothers. Step 4 of Safra’s construction moves the state
of  to an older brother, while Step 2 of Safra’s construction leads to brothers
which are younger. Thus eventually the states of the run  remain in some fixed
son of the root.
This son is our new candidate for v. It cannot be removed by Step 5 of Safra’s
construction, as it carries the states of the run  and is therefore nonempty.
Furthermore, it cannot be removed by Step 6 of Safra’s construction, as the
root is no more marked ‘!’. Thus Claim 1 holds. If this son is marked marked ‘!’
infinitely often, also Claim 2 is true, and we are done.
Otherwise, proceed with this son (in which q occurs infinitely often) in the
same way as with the root above. Continuing this way, Claim 2 must hold even-
tually, since the depth of Safra trees is finite (Condition 1 on Safra trees).


The following lemma makes use of a result which is known as König’s Infinity
Lemma (for a proof and further discussion see e.g. [62]).

Theorem 3.8 (König’s Infinity Lemma).

An infinite rooted tree which is finitely branching (i.e., where each node has
only finitely many sons) has an infinite path.

Lemma 3.9 (Soundness). For the nondeterministic Büchi automaton B, the

deterministic Muller automaton M, and the deterministic Rabin automaton R
of Theorem 3.6 we have:

L(M) ⊆ L(B) and L(R) ⊆ L(B).

56 Markus Roggenbach

Proof. Let α ∈ L(M). Then there exists an accepting run  of the deterministic
Muller automaton M on α, i.e. Inf( ) ∈ F . Thus there exists some node v such
that
• v appears in all Safra trees of Inf( ), and
• v is marked at least once in Inf( ).
This has as consequences that
• v – from a certain point on – is a node of all Safra trees in  , and
• in  Safra trees Ti occur infinitely often with node v marked ‘!’, i.e.  has
the form
qI . . . T1 . . . T2 . . . T3 . . .
The same situation is achieved if we consider a word α ∈ L(R) : Then there
exists an accepting run  of the deterministic Rabin automaton R on α, i.e. there
exist a node v and an accepting pair (Ev , Fv ) such that Inf( ) ∩ Ev = ∅ and
Inf( ) ∩ Fv = ∅. By construction Ev consists of all Safra trees without node v
(Rabin 1), i.e. v – from a certain point on – is a node of all Safra trees in  . As
Fv consists of all Safra trees with node v marked ‘!’ (Rabin 2), infinitely many
Safra trees Ti with node v marked ‘!’ occur in  .
Thus we can proceed with the proof independently of the automaton under
consideration, taking a run  on a word α, which is accepted either by the Muller
automaton M or by the Rabin automaton R.
In order to mark the node v with ‘!’ in Step 6 of Safra’s construction, it is
necessary that – at least during the computation of the transition function δ – v
has to be a parent. To become a parent, Step 2 is the only possibility in Safra’s
construction. Thus in run  the node v carries before any occurrence of a Safra
tree Ti a macrostate containing a recurring state f ∈ F of the nondeterministic
Büchi automaton B.
We consider a subrun of  after the point, where v occurs in all Safra trees,
in more detail: Let T and U be Safra trees of  with node v marked ‘!’, such
that in no Safra tree between T and U node v is marked ‘!’. Let B be a Safra
tree between T and U such that v carries a macrostate with Q ∩ F = ∅, i.e.
T . . . B . . . U,
say  (i) = T,  (j) = B and  (k) = U, for some 0 ≤ i ≤ j < k. Note that T
and B might be identical. Let P, H, R be the macrostate of v in T, B, U, resp.
For the sake of simplicity assume for the moment that B is the only Safra
tree between T and U, where v carries a macrostate including a recurring state.
Later we will also deal with the general situation.
As  is a run on α, there exist subwords
α[i, j) := α(i)α(i + 1) . . . α(j − 1) and α[j, k) := α(j)α(j + 1) . . . α(k − 1)
of α corresponding to the finite subruns T . . . B and B . . . U of  .
Consider the computation of the successor state of B and the computation
of state U from some predecessor state, say X (which might be identical with
B), at certain points in Safra’s construction of the transition function δ :
 3 Determinization of Büchi-Automata 57

Point 1: During the computation of δ(B, α(j −1)) we obtain in Step 2 of Safra’s
construction a node w with macrostate H ∩ F as son of v. This node w
remains in all Safra trees before U, as no vertical merge takes place before
the computation of U.
Point 2: During the computation of U = δ(X, α(k − 1)), the condition of Step
6 of Safra’s construction becomes true, i.e., before Step 6 the nodes v and
it’s son w carry the same macrostate R.
The following picture shows the macrostates of v and w at these points, adds the
macrostate of v in T, and shows also the subwords corresponding to the subruns:
node in T at Point 1 at Point 2
α[i,j) α[j,k)
v P =⇒ H =⇒ R
⊆

=
α[j,k)
w H ∩F =⇒ R
As new macrostates on a node are computed in Step 3 by the classical powerset
construction, the lower row can be read: for all r ∈ R, there exists a h ∈ H∩F and
a finite run h . . . r of the nondeterministic Büchi automaton B on the subword
α[j, k). This run can be completed by the upper row: for all h ∈ H ∩ F, there
exists a p ∈ P and a finite run p . . . h of the nondeterministic Büchi automaton
B on the subword α[i, j). I.e., for all r ∈ R, there exists a p ∈ P and a run of B
on α[i, k) which leads from p to r while visiting a recurring state. Note that
• there might exist several such run segments, and
• that for any r ∈ R, there exists some predecessor p ∈ P – but not vice versa.
In general, there might occur several Safra trees between T and U, in which v
carries a macrostate including a recurring state. This changes our picture in the
way that we have to deal with several ‘Point 1’-situations, which might lead to
several sons of v. At Point 2 we take the union of all son macrostates. Looking
now for the run of B on α[i, k) ending in some r ∈ R, we take the first suitable
‘Point 1’-situation to switch from the lower to the upper row. This situation
arises, when the predecessor of some state r ∈ Q is a recurring state. As all
states in the macrostates of the sons of v stem from recurring states, such a
situation will always arise.
It remains to combine these finite run segments to a complete infinite run of
B : Let 0 < i1 < i2 < . . . be the positions of  at which v is marked ‘!’. Let
S0 := {qI } and Sj be the macrostate of v at position ij . Now we construct a
directed tree with
• pairs (q, j) as nodes, where q ∈ Sj , j ≥ 0, and
• as parent of a node (r, j + 1) we pick one of the pairs (p, j), such that p ∈ Sj
and there exists a subrun from p to r as described above.
Obviously, this is a well formed tree with (qI , 0) as root. It has infinitely many
nodes and is finitely branching. Thus, by König’s Lemma, c.f. Theorem 3.8, there
exists an infinite path (qI , 0)(q1 , 1) . . . in the tree. Collecting all subruns along
58 Markus Roggenbach

(qI , 0)

(f, 1)

(g, 2)

(f, 3) (g, 3)

(f, 4)

Fig. 3.11. Tree construction for ac(aac)ω .

(qI , 0)

(f, 1) (g, 1)

(f, 2) (g, 2)

(f, 3) (g, 3)

Fig. 3.12. Tree construction for aω .

this path, we obtain a run  of B on α, which visits infinitely often recurring

states.


Example 3.10 (Illustrating the Tree Construction for König’s Lemma).

We consider again the nondeterministic Büchi automaton shown in Figure
3.7 and the resulting automaton from Safra’s construction depicted in Figure
3.10.
The word ac(aac)ω leads to the following sequence of macrostates:
• S0 = {qI },
• S3i+1 = {f }, i ≥ 0,
• S3i+2 = {g}, i ≥ 0, and
• S3i+3 = {f, g}, i ≥ 0.
Figure 3.11 illustrates that we need indeed Königs Lemma to obtain an infinite
path in the tree constructed: The pair (f, 3) has no son, i.e., in node (f, 3) ends
a finite path of the tree.
The word aω demonstrates that there might be indeed a choice between
different parent nodes. Here we have as sequence of macrostates
 3 Determinization of Büchi-Automata 59

• S0 = {qI } and
• Si = {f, g}, i ≥ 1.
In Figure 3.12 one can see that the tree constructed is not uniquely determined:
as a parent for (g, j + 1) we have the choice between (f, j) and (g, j). For (g, 2)
we choose (f, 1), while (g, 3) has (g, 2) as parent.

Exercise 3.6. Apply Safra’s construction to the nondeterministic Büchi automa-
ton of Figure 3.1. Compare the result with the automaton of Figure 3.2 – which
states of the automaton obtained by Safra’s construction are equivalent?

3.3 Safra’s Construction Is Optimal

In section 3.2.2 we showed that – given some fixed set of states Q – the number
of nodes in a Safra tree is bounded by |Q|. Now we refine this result to obtain
an upper bound for the number of states necessary in Safra’s construction.
Theorem 3.11 (Complexity of Safra’s Construction). Safra’s construction
converts a nondeterministic Büchi automaton with n states into a deterministic
Muller automaton or into a deterministic Rabin automaton with 2O(n∗log(n))
states.
Proof. We have already seen that Safra trees consist of at most n nodes, and
that it is sufficient for Safra’s construction to have a vocabulary of 2n elements.
To compute a bound on the number of Safra trees, we describe them in terms
of functions:
• Let {q1 , . . . , qn } be the states of the nondeterministic Büchi automaton. To
describe the macrostate labels at all nodes of a Safra tree, it is sufficient
to know for any qi the node v with qi in its macrostate, which has the
greatest hight: by Condition 1 all ancestors of v carry also this state. Due to
Condition 2, qi can not be an element of any other node’s macrostate. Thus
the macrostate labelling can be captured by a function of type {q1 , . . . , qn } →
{0, 1, . . . , 2n}, where the value 0 is used for the case, that a state qi is not in
the Safra tree.
• The parent relation of a Safra tree can be encoded by a function of type
{1, . . . , 2n} → {0, 1, . . . , 2n}, where the value 0 is used for the case, that a
node v has no parent in the Safra tree.
• The next-older brother relation can also be captured by a function of type
{1, . . . , 2n} → {0, 1, . . . , 2n}, where the value 0 is used for the case, that a
node v has no next-older brother in the Safra tree.
• The marks ‘!’ can be encoded by a function of type {1, . . . , 2n} → {0, 1},
where 1 stands for ‘is marked’. For sake of similarity, we take here a function
of the same type as above, i.e. {1, . . . , 2n} → {0, 1, . . . , 2n}.
The number of combinations of such maps (and hence the number of possible
7n
Safra trees) is bounded by (2n + 1)n+3∗2n = (2n + 1)7n = 2log((2n+1) ) =
27n log(2n+1) ∈ 2O(n log(n)) .

60 Markus Roggenbach

This complexity bound is optimal in the following sense:

Corollary 3.12 (Optimality of Safra’s Construction). There is no conversion

of Büchi automata with n states into deterministic Rabin automata with 2O(n)
states.

Proof. We refer to Theorem 1.30.



Note that this result holds for Rabin automata, and that it is open whether
Safra’s construction can be improved for Muller automata.
4 Complementation of Büchi Automata Using
Alternation

Felix Klaedtke

Institut für Informatik

Albert-Ludwigs-Universität, Freiburg i. Br.

4.1 Introduction

Büchi presented in [18] a natural acceptance condition allowing nondeterministic

finite-state automata to define languages of infinite words: An automaton accepts
an infinite word if there is a run that passes through a final state infinitely often.
Such an automaton is called a Büchi automaton. Complementation of Büchi
automata is not obvious.
Several constructions for complementing Büchi automata can be found in
the literature. For example, Büchi himself gave a construction staying in the
framework of Büchi automata [18]. The correctness of the construction involves
a nontrivial combinatorial argument. Another construction, proposed by Mc-
Naugthon [125] and later sharpened by Safra [158], involves a very intricate
transformation to deterministic automata with a more general acceptance con-
dition.
We describe two other constructions for complementing Büchi automata
based on [97, 102, 184, 115, 201, 107]. The first construction stays in the frame-
work of Büchi automata [97, 201, 107] and is due to Klarlund. The second
construction takes a detour over alternating automata [102, 184, 115, 107]. We
show that both Büchi automata obtained by the two constructions are iso-
morphic [107]. The number of states of the complemented Büchi automaton
is 2O(n log n) where n is the number of states of the given Büchi automaton.
Hence the constructions described here have the same upper bound as by using
the Safra construction [158] (see Chapter 3).
In comparison to Büchi automata, the transition function of alternating au-
tomata is more general (in addition to existential choice, universal choice is also
allowed). Moreover, we use the “weak version” of alternating automata, i.e., the
acceptance condition is defined by mere reachability of some state. An advan-
tage of using alternating automata to show closure under complementation is
that much of the complexity of the construction is handled by the existential
and universal choice of a transition. Complementing an alternating automaton
can be done by dualizing its transition function and its acceptance condition.
We will use games to show the correctness of this construction. The comple-
mentation proof via infinite games sheds some light in the difference between
automata over infinite words and automata over infinite trees. In the game the-
oretic framework, the proofs of closure under complement can be compared by
the respective determinacy result. For Büchi automata complementation we only

E. Grädel et al. (Eds.): Automata, Logics, and Infinite Games, LNCS 2500, pp. 61-77, 2002.
 Springer-Verlag Berlin Heidelberg 2002
62 Felix Klaedtke

need a very simple determinacy proof based on a reachability analysis, whereas

tree automata complementation require the more complicated determinacy proof
for parity games ([183], and also Chapter 8).
The contribution of this chapter is twofold: First, two constructions for com-
plementing Büchi automata are described. Second, alternation is introduced and
it is shown that dualizing the transition function and the acceptance condition of
an alternating automaton corresponds to complementation. This proof is carried
out in a game theoretic setting. Chapter 9 uses similar techniques to show that
dualization of alternating automata over Kripke corresponds to complementa-
tion.
We proceed as follows. In Section 4.2 we provide background material. In Sec-
tion 4.3 we describe Klarlund’s construction for complementing Büchi automata.
In Section 4.4 we define weak alternating parity automata and show that dual-
ization corresponds to complementation. Finally, in Section 4.5 we reformulate
the construction in [97] by using weak alternating parity automata.

4.2 Preliminaries
In this section, we provide the needed background material for this chapter. We
denote the domain of a (total) function f with dom(f ). If f is a partial function
then dom(f ) denotes the set of elements for which f is defined. It will be always
clear from the context whether f is a total function or a partial function.

Words
Let Σ be a nonempty alphabet. A finite word α of length m ∈ ω over Σ is a
mapping from {0, . . . , m−1} to Σ. We often represent α as α(0)α(1) . . . α(m−1).
An infinite word α over Σ is a mapping from ω to Σ. We often represent α as
α(0)α(1)α(2) . . . . With Σ ω we denote the set of infinite words over Σ. Occ(α)
denotes the set of letters occurring in α ∈ Σ ω , i.e.
Occ(α) := { a ∈ Σ | there exists an i ∈ ω such that α(i) = a } ,
and Inf(α) denotes the set of letters occurring infinitely often in α ∈ Σ ω , i.e.
Inf(α) := { a ∈ Σ | for all i ∈ ω there is a j ∈ ω with j > i and α(j) = a } .

Büchi Automata
A Büchi automaton, BA for short, B is a tuple (Q, Σ, δ, qI , F ), where Q is
a finite set of states, Σ is a nonempty finite alphabet, δ : Q × Σ → (Q) is P
the transition function, qI ∈ Q is the initial state, and F ⊆ Q is the set of final
states.
A run  of B on α ∈ Σ ω is an infinite word over Q with (0) = qI and
(i + 1) ∈ δ((i), α(i)), for all i ∈ ω.  is accepting if a final state occurs
infinitely often in , i.e. F ∩ Inf() = ∅. B accepts α if there is an accepting
run of B on α; α is rejected otherwise. L(B) denotes the set of words that B
accepts.
 4 Complementation of Büchi Automata Using Alternation 63

Graphs
A graph G is a pair containing a set of vertices V and a set of edges E ⊆ V × V .
A path π in G is a nonempty finite word or an infinite word over V such that
(π(i), π(i + 1)) ∈ E, for all i + 1 ∈ dom(π). A path π is maximal if π is infinite,
or π is a finite path of length n and (π(n − 1), u) ∈ E, for all u ∈ V . A vertex
u ∈ V is reachable from v ∈ V if there is a path v0 v1 . . . vn with v = v0 and
u = vn . If n ≥ 1 then we say that u is nontrivially reachable from v. R(v)
denotes the set of vertices that are reachable from v.
We will often use graphs (V, E) together with a set C that contains some
information about the vertices in V . We will call the triple (V, E, C) also a
graph.

4.3 Complementing Büchi Automata

In this section, we describe a construction for complementing Büchi automata
proposed by Klarlund [97]. It is based on the classical subset construction for
nondeterministic word automata over finite words (see, e.g. [87]) that builds an
automaton describing all possible runs of the given nondeterministic automaton
on a word. In particular, a state of the constructed automaton that is reached
by reading a prefix of the input word, designates the subset of states that the
original automaton can reach by reading the prefix. Additionally, the constructed
automaton has to ensure that no run of the original automaton visits a final
state infinitely often. To show that this is possible, we use progress measures
which allow to verify locally (i.e., in terms of a single transition) that the global
property (i.e., that no finite state occurs infinitely often in any run) holds.

4.3.1 Run Graphs

To complement a Büchi automaton, we analyze all its possible runs on a word.
For doing so, we define a graph that embodies all these runs. Let B be the BA
(Q, Σ, δ, qI , F ), and let α ∈ Σ ω . The run graph G of B for α is a graph (V, E, C),
with


(i) the set of vertices V := i∈ω Si × {i}, where the Si s are inductively defined
by

S0 := {qI } and Si+1 := δ(q, α(i)) ,
q∈Si

for i ≥ 0,
(ii) the set of edges E := { ((p, i), (q, i + 1)) ∈ V × V | q ∈ δ(p, α(i)) }, and
(iii) the set of marked vertices C := { (q, i) ∈ V | q ∈ F }.
Note that each infinite path in the run graph G corresponds to a run of B on α.
From this it follows that B accepts α iff there is an infinite path in G on which
occur infinitely many vertices in C.
64 Felix Klaedtke

Lemma 4.1. Let G = (V, E, C) be a run graph of the BA B, and let α ∈ Σ ∗ .

Then, α ∈ B iff Inf(π) ∩ C = ∅, for all paths π in G.
We partition the vertices of a run graph G = (V, E, C) in an infinite sequence
of sets of vertices V0 , V1 , V2 , . . . such that V0 contains the vertices in V that have
only finitely many reachable vertices, V1 contains the vertices in V \ V0 that do
not have a nontrivially reachable vertex that is in C, V2 — analogously to V0
— contains the vertices in V \ (V0 ∪ V1 ) that have only finitely many reachable
vertices, and so on. We show that B rejects α iff there exists 0 ≤ k0 ≤ 2|Q| such
that Vk = ∅, for all k > k0 . To complement B we construct a BA that accepts a
word α ∈ Σ ω iff there exists such a partition of the run graph of B for α.
We need the following definitions. Let Q be a finite set. A sliced graph over
Q is a graph G = (V, E, C), where V ⊆ Q × ω, C ⊆ V , and for (p, i), (q, j) ∈ V ,
if ((p, i), (q, j)) ∈ E then j = i + 1. Note that a run graph is a sliced graph.
The sliced graph G = (V, E, C) is finitely marked if for all paths π in G,
Inf(π) ∩ C = ∅. The ith slice Si is the set { q ∈ Q | (q, i) ∈ V }. The width of
G, ||G|| for short, is the limes superior of the sequence (|Si |)i∈ω . In other words,
the width of a sliced graph is the largest cardinality of the slices S0 , S1 , . . . that
occurs infinitely often. The unmarked boundary U (G) is the set of vertices
that do not have a nontrivially reachable vertex that is marked, i.e.

U (G) := { v ∈ V | C ∩ (R(v) \ {v}) = ∅ } .

The finite boundary B(G) is the set of vertices that have only finitely many
reachable vertices, i.e.

B(G) := { v ∈ V | R(v) is a finite set } .

G \ U , for U ⊆ V , denotes the sliced graph (V  , E  , C  ) with V  := V \ U ,

E  := E ∩ (V  × V  ), and C  := C ∩ V  .
A progress measure of size m ∈ ω for a sliced graph G = (V, E, C) is a
function µ : V → {1, . . . , 2m + 1} satisfying the following three conditions: (i)
µ(u) ≥ µ(v), for all (u, v) ∈ E, (ii) if µ(u) = µ(v) and (u, v) ∈ E then µ(u) is
odd or v ∈ C, and (iii) there is no infinite path v0 v1 v2 · · · ∈ V ω where µ(v0 ) is
odd and µ(v0 ) = µ(v1 ) = µ(v2 ) = . . . .
Lemma 4.2. Let G = (V, E, C) be a sliced graph that is finitely marked. If
V = ∅ then U (G) = ∅.
Proof. For the sake of absurdity, assume that U (G) = ∅. Let v0 be some vertex
in V . Note that R(v0 )\ {v0 } = ∅ because of the assumption U (G) = ∅. There is a
finite path from v0 to a vertex v1 with v0 = v1 and v1 ∈ C, since v0 ∈ U (G). The
vertex v1 is not in U (G), since it is assumed that U (G) is empty. Repeating this
argument we get an infinite sequence v0 , v1 , v2 , . . . of distinct vertices, where vi+1
is reachable from vi , for i ≥ 0. Furthermore, vi ∈ C, for i > 0. This contradicts
the assumption that G is finitely marked. 

Lemma 4.3. Let G = (V, E, C) be a sliced graph. For every vertex v ∈ V \B(G),
there exists an infinite path in G \ B(G) starting with v.
 4 Complementation of Büchi Automata Using Alternation 65

Proof. If R(v) \ B(G) is infinite then, by König’s Lemma, there exists an infinite
path in G \ B(G) starting with v, since R(v) \ B(G) is infinite and G \ B(G) is
finitely branching.
It remains to show that R(v)\B(G) is infinite. So, for a contradiction assume
that R(v) \ B(G) is finite. Let

B := { u ∈ B(G) | there exists a u ∈ R(v) \ B(G) with (u , u) ∈ E } .

The set B is finite since R(v) \ B(G) is finite and G is finitely branching. Since
B ⊆ B(G), we have that R(u) is finite, for all u ∈ B. We have the following
equality:
  
R(v) = R(v) \ B(G) ∪ R(u) .
u∈B

In particular, R(v) is a finite union of finite sets. This is not possible since R(v)
is infinite, for all v ∈ V \ B(G). 


Let G = (V, E, C) be a sliced graph. We define a sequence of sliced graphs

G0 , G1 , . . . and a sequence of sets of vertices V0 , V1 , . . . as follows: G0 := G,
V0 := B(G), and

G2i+1 := G2i \ V2i , V2i+1 := U (G2i+1 ) , and

G2i+2 := G2i+1 \ V2i+1 , V2i+2 := B(G2i+1 ) ,

for i ≥ 0.
Lemma 4.4. Let G = (V, E, C) be a sliced graph that is finitely marked with
||G2i+1 || > 0, for some i ≥ 0. Then ||G2i+2 || < ||G2i+1 ||.

Proof. Since ||G2i+1 || > 0 the set of vertices of G2i+1 is not empty. From
Lemma 4.2 it follows that there is a vertex v0 ∈ U (G2i+1 ). From the definition of
G2i+1 = G2i \ V2i it follows that v0 ∈ V \ B(G) if i = 0, and v0 ∈ V  \ B(G2i−1 )
if i > 0, where V  is the set of vertices of G2i . From Lemma 4.3 we can conclude
that there exists an infinite path v0 v1 v2 . . . in G2i+1 . Obviously, vj ∈ U (G2i+1 ),
for all j ≥ 0. Let vj = (qj , kj ). It holds ||G2i+2 || < ||G2i+1 || since each slice of
G2i+2 with index kj does not contain qj . 


Corollary 4.5. Let G = (V, E, C) be a sliced graph that is finitely marked and
let n = ||G||. Then G2n+1 is the empty graph.

Proof. Note that n ≤ |Q| assuming V ⊆ Q × ω for some finite set Q. Assume
that G2n+1 is not the empty graph. It holds ||G2n+1 || > 0, since G2n+1 =
G2n \ B(G2n−1 ). From the lemma above it follows that n > ||G1 || > ||G3 || >
· · · > ||G2n+1 ||. This contradicts ||G2n+1 || > 0. 


Theorem 4.6. Let B = (Q, Σ, δ, qI , F ) be a BA and let α ∈ Σ ω . Then, B rejects

α iff there exists a progress measure of size |Q| for the run graph G = (V, E, C)
of B for α.
66 Felix Klaedtke

Proof. (⇒) Note that the run graph G is finitely marked by Lemma 4.1. Let
µ : V → {1, . . . , 2|Q| + 1} be the function defined by µ(v) := i + 1, where i is
the uniquely determined index with v ∈ Vi and v ∈ Vi+1 . From Corollary 4.5 it
follows that 1 ≤ i ≤ 2|Q| and thus µ is well-defined. It remains to show that µ
is a progress measure.
First, we show that there is no infinite path v0 v1 . . . with µ(v0 ) = µ(v1 ) = . . .
where µ(v0 ) is odd. Assume that µ(v0 ) = 2i + 1 for v0 ∈ V . Then v0 ∈ V2i . By
definition of V2i , the vertices in V2i have only finitely many reachable states in
G if i = 0 and G2i−1 if i > 0. Thus, every path v0 v1 . . . with 2i + 1 = µ(v0 ) =
µ(v1 ) = . . . must be finite.
Second, for (u, v) ∈ E, it holds µ(u) ≥ µ(v). This follows from the fact that
(i) u ∈ U (G ) implies v ∈ U (G ), and (ii) u ∈ B(G ) implies v ∈ B(G ), for every
sliced graph G = (V  , E  , C  ) with (u, v) ∈ V  .
Third, we show by contraposition that if µ(u) = µ(v) then µ(u) is odd or
v ∈ C, for (u, v) ∈ E. Assume that µ(u) is even and v ∈ C. Since µ(u) is
even, we have that u ∈ U (G2i+1 ), for some 0 ≤ i ≤ |Q|. Since v ∈ C, it holds
u ∈ U (G2i+1 ). Hence µ(u) = µ(v).
(⇐) Let µ : V → {1, . . . , 2|Q| + 1} be a progress measure for G. Let π be an
infinite path in G. Since µ is monotonicly decreasing, there exists a k ≥ 0 with
µ(π(k)) = µ(π(k + 1)) = . . . . By the definition of a progress measure, µ(π(k))
must be even and µ(π(k + i)) ∈ C. Thus, the corresponding run of π is not
accepting. Since π was chosen arbitrarily there is no accepting run of B on α by
Lemma 4.1. 


4.3.2 Complementation

The next lemma shows that BAs can check whether there exists a progress
measure or not.

Lemma 4.7. Let B = (Q, Σ, δ, qI, F ) be a BA. For every m ∈ ω, we can con-
struct a BA B  with 2O(|Q|+m log |Q|) states such that B  accepts α ∈ Σ ω iff there
exists a progress measure of size m for the run graph G of B for α.

Proof. Let Ψ be the set of partial functions from Q to {1, . . . , 2m + 1}. Note
that the cardinality of Ψ is |Q|O(m) = 2O(m log |Q|) . Moreover, let fI ∈ Ψ be the
partial function, where fI (qI ) := 2m + 1 and fI (q) is undefined for q = qI . Let B 
P
be the BA (Ψ × (Q), Σ, δ  , (fI , ∅), Ψ × {∅}) with (f  , P  ) ∈ δ  ((f, P ), a) iff the
following conditions are satisfied:

(1) q  ∈ dom(f  ) iff there exists q ∈ dom(f ) such that q  ∈ δ(q, a).

(2) f  (q  ) ≤ f (q), for q  ∈ δ(q, a). Moreover, if q  ∈ F and f (q) is even then
f  (q  ) < f (q).
(3) If P = ∅ then q ∈ P  iff f  (q) is odd, for q ∈ dom(f  ).
(4) If P = ∅ then q  ∈ P  iff there exists q ∈ P such that q  ∈ δ(q, a) and
f (q) = f (q  ) is odd.
 4 Complementation of Büchi Automata Using Alternation 67

The number of the states of B  is

|Ψ × P (Q)| = 2 O(m log |Q|) |Q|

2 = 2O(|Q|+m log |Q|) .

Before we prove the correctness of the construction, we give the intuitive

interpretation of a state (f, P ) occurring in a run: B  guesses with dom(f ) the
slice of the run graph of B, and with f (q) the value of a progress measure for
the vertices in the guessed slice. The second component takes care of the global
property of a progress measure µ, i.e., that there is no infinite path v0 v1 . . . such
that µ(v0 ) = µ(v1 ) = . . . and µ(v0 ) is odd.
(⇒) Let  be an accepting run of B  on α, with (k) = (fk , Pk ), for k ∈ ω,
and let G = (V, E, C) be the run graph of B for α. Let µ : V → {1, . . . , 2m + 1}
with µ(q, k) := f (q), for (k) = (f, P ). It remains to show that µ is a progress
measure for G.
Because of condition (1) it holds for all k ∈ ω that ((q, k), (q  , k + 1)) ∈ E iff
q ∈ dom(fk ), q  ∈ dom(fk+1 ), and q  ∈ δ(q, α(k)). This can be easily shown by
induction over k. Let (v, v  ) ∈ E. Because of condition (2), µ(v) ≤ µ(v  ), and if
v  ∈ C then µ(v) < µ(v  ). Note that Pk = ∅, for infinitely many k ∈ ω, since 
is accepting. Hence, the conditions (3) and (4) ensure that there is no infinite
path v0 v1 . . . in G, where µ(v0 ) = µ(v1 ) = . . . and µ(v0 ) is odd.
(⇐) Let µ : V → {1, . . . , 2m + 1} be a progress measure for the run graph
G = (V, E, C) of B for α. Note that α ∈ L(B), by Theorem 4.6. Let fk : Q →
{1, . . . , 2m + 1} be the partial function where fk (q) := µ(q, k), for q ∈ Sk , and
otherwise fk is undefined. Let  be the infinite word, with (0) := (fI , ∅) and for
k ≥ 0, (k + 1) := (fk+1 , Pk+1 ) with

Pk+1 := { q ∈ Q | fk+1 (q) is odd } ,

for Pk = ∅, and

Pk+1 := { q ∈ Q | fk (p) = fk+1 (q) is odd and ((p, k), (q, k + 1)) ∈ E }

otherwise.
By induction over k it is straightforward to show that  is a run of B  on α.
It remains to show that  is accepting, i.e., there are infinitely many k ∈ ω such
that Pk = ∅. For the sake of absurdity, assume that there is an n ∈ ω such that
Pn = ∅ and Pn+1 , Pn+2 , . . . = ∅. Note that if q ∈ Pk with k > n then there exists
a p ∈ Pn+1 such that the vertex (q, k) is reachable from a vertex (p, n + 1) in G.
Thus, there is an infinite path v0 v1 . . . with vi = (qi , ki ) for i ≥ 0, and there is
an infinite sequence of indices i0 < i1 < . . . such that qij ∈ Pkij for all j ≥ 0.
Since µ is a progress measure, it is µ(vij
) ≤ µ(vij ) for j  ≥ j. Thus, there exists
a k > n such that µ(vk ) is odd and µ(vk ) = µ(vk+1 ) = . . . . This contradicts the
assumption that µ is a progress measure. 


Let B = (Q, Σ, δ, qI , F ) be a BA, and let B be the BA from the construction

in the proof of Lemma 4.7 for m = |Q|. Note that B has 2O(|Q| log |Q|) states.
We claim that L(B) = Σ ω \ L(B). By Theorem 4.6, B rejects α ∈ Σ ω iff there
68 Felix Klaedtke

exists a progress measure of size |Q| for the run graph G of B for α, i.e., by the
construction of B that B accepts α.
Theorem 4.8. For any BA B = (Q, Σ, δ, qI, F ) we can construct a BA B with
L(B) = Σ ω \ L(B). Moreover, B has 2O(|Q| log |Q|) states.
In the remainder of the text, we reformulate the above described construc-
tion by using weak alternating parity automata. Much of the complexity of the
construction is handled by the existential and universal choice of a transition
of an alternating automaton. Complementing an alternating automaton can be
done by dualizing its transition function and its acceptance condition. We will
use games to show the correctness of this construction. This is an appetizer
for Chapter 9 where games are used to show that dualization of alternating
automata over Kripke structures corresponds to complementation.

4.4 Complementing Weak Alternating Parity Automata

The idea of alternation is to combine existential branching, as found, e.g., in
Büchi automata, with its dual, universal branching. The two kinds of branching
are specified by negation-free Boolean expressions over the states. For example,
q1 ∨ (q2 ∧ q3 ) intuitively denotes the nondeterministic choice of going either to
q1 , or simultaneously to q2 and q3 .
In this section, we show that a weak alternating parity automaton can be
complemented by dualizing its transition function and its acceptance condition.
The correspondence between dualization and complementation was first observed
by Muller and Schupp in [136] for weak alternating automata over infinite trees.
The proof that the dualized weak alternating parity automaton accepts the com-
plement is carried out in a game theoretic setting and is due to Thomas and
Löding [184, 115]. The key ingredient is the determinacy result of the games.

4.4.1 Weak Alternating Parity Automata

For a set X, B + (X) denotes the set of all positive Boolean formulas, i.e.,
Boolean formulas built from the elements in X, the constants 0 and 1, and the
connectives ∨ and ∧. A subset M of X is a model of θ ∈ B + (X) if θ evaluates
to true for the homomorphic extension of the truth assignment that assigns true
to the elements in M and false to the elements in X \ M . M is minimal if no
proper subset of M is a model of θ. Mod(θ) denotes the set of minimal models
of θ.
A weak alternating parity automaton, WAPA for short, A is a tuple
(Q, Σ, δ, qI , c), where Q, qI , and Σ are defined as before for Büchi automata;
δ : Q × Σ → B + (Q) is the transition function and c : Q → ω is the parity
function, where c(q) is called the parity of the state q ∈ Q. For P ⊆ Q, let
c(P ) := { c(q) | q ∈ P }.
Because of the universal choice in the transition function a run of a WAPA
A = (Q, Σ, δ, qI , c) is not an infinite sequence of states but a rooted acyclic graph.
 4 Complementation of Büchi Automata Using Alternation 69

(q0 , 0) (q0 , 2)
(q1 , 1) (q1 , 2) (q1 , 3)
(q2 , 1) (q2 , 2) (q2 , 3) (q2 , 4) ...

Fig. 4.1. Example of a run dag.

In such a graph the vertices are of the from (q, i), where q is a state and i ∈ ω.
The intuitive meaning of a vertex (q, i) is that A is in state q before reading the
ith input letter. Formally, a run dag G of A on α ∈ Σ ω is a graph (V, E), where
V ⊆ Q × ω with (i) (qI , 0) ∈ V , (ii) every vertex v is reachable from (qI , 0), (iii)
((p, i), (q, j)) ∈ E implies j = i + 1, and (iv) for all (p, i) ∈ V it holds that

{ q ∈ Q | ((p, i), (q, i + 1)) ∈ E } ∈ Mod(δ(p, α(i))) .

The ith slice Si is the set { q ∈ Q | (q, i) ∈ V }. An infinite path π in G satisfies

the acceptance condition of A if the minimum of the set { c(q) | (q, i) ∈ Occ(π) }
is even. The run dag G is accepting if every infinite path π in G satisfies the
acceptance condition. L(A) denotes the set of words for which there exists an
accepting run dag of A.

Example 4.9. Let A be the WAPA ({q0 , q1 , q2 }, {a}, δ, q0, c) with c(q0 ) = c(q1 ) :=
2, c(q2 ) := 1, and

δ(q0 , a) := q1 ∧ q2 , δ(q1 , a) := (q0 ∧ q1 ) ∨ q2 , δ(q2 , a) := q2 .

A run dag of A on the input word α = aaa . . . is depicted in Figure 4.1. Every
run dag on aaa . . . is non-accepting, since the slice S1 always contains q2 and
c(q2 ) = min{c(q0 ), c(q1 ), c(q2 )} is odd.

Exercise 4.1. The WAPA A = (Q, Σ, δ, qI , c) is stratified if for all p ∈ Q and

all a ∈ Σ, δ(p, a) ∈ B + ({ q ∈ Q | c(q) ≤ c(p) }). Show that a WAPA with n
states can be transformed in an equivalent stratified WAPA with O(n2 ) states.

4.4.2 Dualization and Games

Before we turn to the definition of the games, we define the dual of a WAPA. The
dual of a formula θ ∈ B + (X) is the formula θ ∈ B + (X), obtained by exchanging
0 and 1, and ∨ and ∧ in θ. Later, we will need the following lemma.

Lemma 4.10. Let θ ∈ B + (X). S ⊆ X is a model of θ iff for all R ∈ Mod(θ),

S ∩ R = ∅.

Proof. Without  loss of generality,

 we can assume
 that θ isin disjunctive normal
form, i.e. θ = R∈Mod(θ) v∈R v. It holds θ = R∈Mod(θ) v∈R v. Thus, S ⊆ X
is a model of θ iff it contains at least one element from each of the disjuncts. 

70 Felix Klaedtke

The dual automaton A of the WAPA A = (Q, Σ, δ, qI , c) is defined as

follows: A := (Q, Σ, δ, qI , c) where δ(q, a) := δ(q, a), for all q ∈ Q and a ∈ Σ,
and c(q) := c(q) + 1, for all q ∈ Q.
Since a state of A has an even parity iff it has an odd parity in A it follows
that a path π in a run dag of A satisfies the acceptance condition of A iff π does
not satisfy the acceptance condition of A.
A play in the game, for a WAPA A, C ⊆ ω, and an input word α, is played
by two players 0 and 1. The idea is that in the process of scanning the input
word α, reading the ith letter of α, player 0 picks in the ith round a set of active
states according to the transition function, and thereupon player 1 picks one of
these active states that has a parity in C. A play determines a path through a
run dag of A on α visiting only states that have a parity in C. Player 0 wins the
play if the acceptance condition of A is satisfied on this path, otherwise player 1
wins. The player 0 is often also named A(utomaton) in the literature, since he
chooses a model of the formula given by the automaton’s transition function,
and player 1 is often named P(athfinder), since he determines a path in a run
dag.
Formally, a (weak min-parity) game GA,α for a WAPA A = (Q, Σ, δ, qI , c)
and α ∈ Σ ω is a graph1 (V, E, C) that serves as an arena for the two players 0
and 1. The graph (V, E, C) is defined as follows:

P
(i) The set of vertices V can be partitioned into the two sets V0 and V1 with
V0 = Q × ω and V1 = Q × (Q) × ω.
(ii) The edge relation E ⊆ (V0 × V1 ) ∪ (V1 × V0 ) is defined by

((q, i), (q, M, j)) ∈ E iff j = i + 1 and M ∈ Mod(δ(q, α(i))) ,

and

((p, M, i), (q, j)) ∈ E iff j = i, q ∈ M, and c(q) ∈ C ,

for p, q ∈ Q, M ⊆ Q and i ∈ ω.
(iii) C ⊆ ω is a finite set of parities with c(qI ) ∈ C.

We also call a vertex of V a game position. Furthermore, we extend the parity

function c : Q → ω of A to the game positions of GA,α , i.e., c(v) is the parity
of the state occurring in the first component of v ∈ V . G∗A,α denotes the game
(V, E, C) with C := c(Q).

Example 4.11. The game G∗A,α , where A and α are taken from Example 4.9, is
depicted in Figure 4.2. Game positions that cannot be reached from the game
position (q0 , 0) are omitted. A solid outgoing line from a game position represents
a possible move of player 0 from that game position. The dashed lines are the
edges that correspond to the moves that player 1 can make.
1
Since we do not need to distinguish between arenas and games as, e.g., in Chapter 2
and Chapter 6, we will only use the notion of a game.
 4 Complementation of Büchi Automata Using Alternation 71

(q0 , 0) (q0 , {q1 , q2 }, 1) (q0 , 2)

(q1 , 1) (q1 , {q0 , q1 }, 2) (q1 , 2) ...

(q1 , {q2 }, 2)
(q2 , 2) (q2 , {q2 }, 2) (q2 , 2)
Fig. 4.2. Part of a game.

(q0 , 0) (q0 , {q1 , q2 }, 1) (q0 , 2)

(q1 , 1) (q1 , {q0 , q1 }, 2) (q1 , 2) ...

(q1 , {q2 }, 2)
(q2 , 2) (q2 , {q2 }, 2) (q2 , 2)
Fig. 4.3. Example of a play.

A play π is a maximal path in GA,α with π(0) = (qI , 0). In the following, let
σ denote the opponent of player σ ∈ {0, 1}, i.e. σ := 1 − σ. Player σ wins the
play π if

• π has finite length n and π(n − 1) ∈ Vσ , or

• π is infinite, and min{ c(π(k)) | k ∈ ω } = 2i + σ, for some i ∈ ω.

A (memory-less) strategy for player σ is a partial function fσ : Vσ → Vσ

such that for all v ∈ Vσ , where v has successors, we have (v, fσ (v)) ∈ E. The
play π is played according to fσ if fσ (π(k)) = π(k + 1), for all π(k) ∈ Vσ and
k + 1 ∈ dom(π). The strategy fσ is a winning strategy if player σ wins every
play that is played according to fσ .

Example 4.12. We define strategies for player 0 and player 1 for the game in
Example 4.11. The function f1 : V1 → V0 is defined by


(q1 , i) if S = {q0 , q1 } or S = {q1 , q2 },
f1 (q, S, i) := (q2 , i) if S = {q2 },

 
(q , i) otherwise (for some fixed q  ∈ S),

for q ∈ {q0 , q1 , q2 }, S ⊆ {q0 , q1 , q2 }, and i ∈ ω, is a strategy for player 1 in the

game from Example 4.11. f1 is not a good strategy because player 0 wins the
play if player 1 is playing according to the strategy f1 , and player 0 is playing
according to the strategy f0 : V0 → V1 with f0 (q0 , i) := (q0 , {q1 , q2 }, i + 1),
f0 (q1 , i) := (q1 , {q0 , q1 }, i + 1) and f0 (q2 , i) := (q2 , {q2 }, i + 1) with i ∈ ω. The
play is depicted in Figure 4.3. The chosen game positions are highlighted by a
box.
The strategy f0 : V1 → V0 with f1 (q0 , {q1 , q2 }, 1) := (q2 , 1) and f1 (v) :=
f1 (v), for v ∈ V1 with v = (q0 , {q1 , q2 }, 1), is a better strategy for player 1 since
it is a winning strategy for player 1.
72 Felix Klaedtke

The next lemma shows the tight relation between the acceptance condition
of WAPAs and winning strategies for player 0.
Lemma 4.13. Let A = (Q, Σ, δ, qI , c) be a WAPA and let α ∈ Σ ω . Player 0
has a winning strategy for the game G∗A,α iff A accepts α.

Proof. (⇐) Assume that there is an accepting run dag G of A on α with the
slices S0 , S1 , . . . . We define a strategy f0 of player 0 as follows: Given the game
position (q, i) with q ∈ Si , player 0 picks M ⊆ Si+1 with M ∈ Mod(δ(q, α(i)),
i.e. f0 (q, i) := (q, M, i + 1). For all other game position (q  , i ) ∈ V0 with q  ∈ Si
,
f0 (q  , i ) is arbitrary. In this way, starting from the game position (qI , 0), player 0
ensures that the play proceeds along a path through the run dag. Since the run
dag is accepting, player 0 has a winning strategy.
(⇒) A winning strategy f0 defines an accepting run dag: For i ≥ 0, the
slices Si are built-up inductively, beginning with the singleton S0 := {qI }. For
i > 0 and a game position (q, i − 1) that is picked by player 1, player 0’s strategy
prescribes a set of states
as the next move. The union of these states defines the
next slice Si , i.e. Si := q∈Si−1 { S ⊆ Q | f0 (q, i − 1) = (q, S, i) }. The edges from
the vertices in Si × {i} to the vertices in Si+1 × {i + 1} are inserted according
to the transition function. The run dag is accepting. 


The next lemma shows the determinacy of the games. For its proof we need
the definition of an attractor set of player σ of a set of game positions for a game
GA,α = (V, E, C).
The attractor of player σ of X ⊆ V , Attrσ (X) for short, contains all game
positions from which player σ can force player σ a visit (after finitely many
moves) to a game position in X or to a game position where player σ cannot
make a move.
Attr0σ (X) := X ,
σ (X) := Attrσ (X) ∪
Attri+1 i

{ u ∈ Vσ | there is a v ∈ Vσ with (u, v) ∈ E and v ∈ Attriσ (X) } ∪

{ u ∈ Vσ | for all v ∈ Vσ if (u, v) ∈ E then v ∈ Attriσ (X) } ,

and

Attrσ (X) := Attriσ (X) .
i∈ω

For instance, a game position v of player 0 is in Attri+10 (X) if it was already

in Attri0 (X) or player 0 can make a move to a game position in Attri0 (X). A
game position v of player 1 is in Attri+1 i
0 (X) if it was already in Attr0 (X) or all
i
game positions to which player 1 can move are in Attr0 (X). The attractor of
player 0 is the union of all Attri0 (X) for i ∈ ω. Figure 4.4 shows graphically the
construction of the attractor of player 0.
Note that for a game position outside Attrσ (X), player σ is always able to
avoid to visit a game position in X. If it is the turn of player σ, then it is
 4 Complementation of Büchi Automata Using Alternation 73

V0 ∪ V1

Attr20 (X)
Attr0 (X) Attr10 (X)
Attr00 (X) = X
(q, S, i) •
... •
• •

(q
, i
) •
..
.
•
Fig. 4.4. Construction of the attractor of player 0.

possible to stay outside of Attrσ (X), and if it is the turn of player σ, then it is
not possible for him to choose a game position in Attrσ (X).
Lemma 4.14. Let A = (Q, Σ, δ, qI, c) be a WAPA and let α ∈ Σ ω . Either
player 0 or player 1 has a winning strategy for the game GA,α = (V, E, C).
Proof. Let k := min C, and let T denote the set of game positions where player 1
can force player 0 to visit a game position from which player 0 cannot make a
move, i.e. T := Attr1 ({ u ∈ V0 | for all v ∈ V is (u, v) ∈
/ E }).
We show by induction over |C|, i.e., the number of parities in GA,α , that
either player 0 or player 1 has a winning strategy. For |C| = 1, player 0 has a
winning strategy if k is even and (qI , 0) ∈
/ T , and player 1 has a winning strategy
if k is odd or (qI , 0) ∈ T .
Let |C| > 1. If (qI , 0) ∈ T then obviously player 1 has a winning strategy.
Let (qI , 0) ∈ T and assume that k is even (the proof for the case that k is odd is
analogous). Moreover, let U = { v ∈ V | c(v) = k }.
If (qI , 0) ∈ Attr0 (U ), then player 0 has a winning strategy. If (qI , 0) ∈
Attr0 (U ) then we define the game GA,α by removing the parity k and by deleting
the edges (u, v) ∈ E ∩ V1 × V0 where u is a game position in U . By the induction
hypothesis we know that either player 0 or player 1 has a winning strategy for
GA,α . We will show that if player σ has a winning strategy in GA,α then the
player σ has also a winning strategy in GA,α .
Assume that player 1 has a winning strategy for GA,α . Playing according
to this strategy ensures the players to stay outside of Attr0 (U ) in any play in
GA,α , as otherwise there would be a game position belonging to Attr0 (U ) in
GA,α . Therefore, player 1 also has a winning strategy for GA,α .
Suppose that player 0 has a winning strategy for GA,α . If player 0 plays
according to this strategy in GA,α , then the only possibility for player 1 to give
another progression to the play as in GA,α is to move into Attr0 (U ) if possible.
But if player 1 picks a game position in Attr0 (U ), player 0 can force to visit a
game position in U . Then player 0 wins the play, due to the choice of U (note
that k is even). Therefore, player 0 has a winning strategy for GA,α . 

74 Felix Klaedtke

The next lemma connects winning strategies for the games G∗A,α and G∗A,α .

Lemma 4.15. Let A = (Q, Σ, δ, qI , c) be a WAPA and let α ∈ Σ ω . Player 0

has a winning strategy for G∗A,α iff player 1 has a winning strategy for G∗A,α .

Proof. (⇒) Let f0 be a winning strategy for player 0 for G∗A,α . Further, let
(q, S, k) be a game position of G∗A,α . If there exists a play in G∗A,α such that
(q, S, k) appears in this play, then S ∈ Mod(δ(q, α(k − 1))). We do not need
to define a strategy for vertices that do not appear in any play in G∗A,α . From
Lemma 4.10 it follows that there exists a p ∈ S ∩ W , for f0 (q, k − 1) = (q, W, k),
since W ∈ Mod(δ(q, α(k − 1))). We define a strategy of player 1 as f 1 (q, S, k) :=
(p, k).
We show that f 1 is a winning strategy for G∗A,α . For a play π in G∗A,α played
according to f 1 , there exists a play π in G∗A,α played according to f0 such that
c(π(i)) − 1 = c(π(i)), for all i ≥ 0. Since player 0 wins π in G∗A,α , player 1 wins
π in G∗A,α .
(⇐) Let f 1 be a winning strategy of player 1 for G∗A,α and let (q, k) be a
game position of G∗A,α . The set T := { p ∈ Q | (p, k + 1) = f 1 (q, R, k) with R ∈
Mod(δ(q, α(k))) } is a model of δ(q, α(k)) by Lemma 4.10. Let S ⊆ T be a
minimal model of δ(q, α(k)). As above, it can be shown that the strategy f0
with f0 (q, k) := (q, S, k + 1) is a winning strategy for G∗A,α for player 0. 


Now, we have all ingredients for proving that the dual automaton accepts
the complement.

Theorem 4.16. For a WAPA A = (Q, Σ, δ, qI, c) it holds that L(A) = Σ ω \

L(A).

Proof. We show that A does not accept α iff A accepts α, for α ∈ Σ ω . By

Lemma 4.13, A does not accept α iff player 0 does not have a winning strategy
for G∗A,α . By Lemma 4.15, this is equivalent to the case that player 1 does not
have a winning strategy for G∗A,α . By Lemma 4.14, this is equivalent to that
player 0 has a winning strategy for G∗A,α , i.e., by Lemma 4.13, A accepts α. 


4.5 Complementing Büchi Automata by Using Weak

Alternating Parity Automata

In Section 4.3 we have complemented a Büchi automaton by constructing a

Büchi automaton that checks whether there exists a progress measure. In this
section we give another construction for complementing Büchi automata. The
BA B is first transformed in an equivalent WAPA A. The dual automaton A is
transformed in an equivalent BA B.
 4 Complementation of Büchi Automata Using Alternation 75

4.5.1 From Büchi Automata to Weak Alternating Parity Automata

and Vice Versa
Theorem 4.17. For any Büchi automaton B we can construct a WAPA A with
L(B) = L(A). Moreover, if B has n states then A has O(n2 ) states.
Proof. Let B = (Q, Σ, δ, qI , F ) be a Büchi automaton. The desired WAPA A
is (Q × {0, . . . , 2|Q|}, Σ, δ , (qI , 2|Q|), c), where c(q, i) := i and the transition
function δ  is defined as
  
δ  ((p, i), a) := ∆(q, i) ∧ (q, j) ,
q∈δ(p,a) 0≤j<i

where ∆(q, i) := (q, i) if i is even or q ∈ F ; otherwise ∆(q, i) := 1.

L(B) ⊆ L(A): Let π be an accepting run of B on α ∈ L(B). The construction
of an accepting run dag G of A on α is straightforward. The slices of G are
defined as follows: S0 := {(qI , 2|Q|)} and Sk := { (π(k), i) | 0 ≤ i ≤ 2|Q| }, for
k > 0. The edges from the vertices in Sk × {k} to the vertices in Sk+1 × {k + 1}
are defined according to the transition function. Since π contains infinitely many
states of F , each vertex ((p, 2i + 1), k) on an infinite path in G does eventually
reach a vertex ((q, 2i), k  ). Thus, every infinite path in G satisfies the acceptance
condition.
L(A) ⊆ L(B): Let α ∈ L(B). We show that there exists an accepting run dag
of the dual automaton A on α. Thus α ∈ L(A) by Theorem 4.16. Intuitively, A
checks with its transition function the existence of a progress measure for G of
size |Q|:
  
δ  ((p, i), a) = ∆(q, i) ∨ (q, j) .
q∈δ(p,a) 0≤j<i

By Lemma 4.6, there exists a progress measure µ : V → {1, . . . , 2|Q| + 1} for

the run graph G = (V, E, C) of B for α. Let G := (V  , E  ) with
V  := { ((q, µ(q, k) − 1), k) | (q, k) ∈ V } ,
and there is an edge from ((q, µ(q, k) − 1), k) to ((q  , µ(q  , k + 1) − 1), k + 1) iff
((q, k), (q  , k + 1)) ∈ E. It is straightforward to show that G is an accepting run
dag of A on α. 

Exercise 4.2. Let B be the BA B = (Q, Σ, δ, qI , F ), and let A be the WAPA
(Q × {0, . . . , 2|Q|}, Σ, δ , (qI , 2|Q|), c) with c(q, i) := i and


 q∈δ(p,a) (q, 0) if i = 0,



(q, i) ∧ (q, i − 1) if i > 0 and i is even,
δ  ((p, i), a) := q∈δ(p,a)

 if p ∈ F and i is odd,
q∈δ(p,a) (q, i)


q∈δ(p,a) (q, i − 1) if p ∈ F and i is odd,

for p ∈ Q, 0 ≤ i ≤ 2|Q|, and a ∈ Σ. This construction is from [184]. Prove

L(A) = L(B) without using progress measures.
76 Felix Klaedtke

Exercise 4.3. The natural number m is an upper bound for the progress
measures for the BA B = (Q, Σ, δ, qI , F ) if for all α ∈ Σ ω , B rejects α iff there
exists a progress measure of size m for the run graph. Show that it is Pspace-
complete to decide if m ∈ ω is the smallest upper bound for the progress measure
for a BA. (Hint: Use the fact that the emptiness problem for WAPAs is Pspace-
complete.)

Theorem 4.18. For any WAPA A we can construct a Büchi automaton B with
2
L(A) = L(B). Moreover, if A has n states then B has 2O(n ) states; and if A is
stratified then B has 2 O(n)
states.

Proof. By Exercise 4.1, we can transform A in an equivalent stratified WAPA

A with O(n2 ) states.
We use a subset construction from [129]. At a given point k ∈ ω of a run of
the Büchi automaton B, B saves the kth slice of the run dag of A . As it reads
the next letter, it guesses the next slice of the run dag of A . In order to make
sure that every infinite path visits a final state infinitely often, B keeps track of
the states that owe a visit to a state with an even parity.
Let A = (Q, Σ, δ, qI , c), and let E denote the set of all states that have an
P P P
even parity. Then B := ( (Q) × (Q), Σ, δ  , ({qI }, ∅), (Q) × {∅}), where the
transition function δ  is defined by
 
δ  ((S, O), a) := { (S  , O \ E) | S  ∈ Mod δ(q, a) , O ⊆ S  , and
q∈S
 
O ∈ Mod δ(q, a) }
q∈O

and
 
δ  ((S, ∅), a) := { (S  , S  \ E) | S  ∈ Mod δ(q, a) } ,
q∈S

for a ∈ Σ and S, O ⊆ Q, O = ∅. We omit the proof for L(A ) = L(B). 



Exercise 4.4. Show that there is no linear translation from BAs to stratified WA-
PAs. (Hint: Use the family of languages (Ln )n≥2 from Theorem 1.30 in Chap-
ter 1.)

4.5.2 Complementation

Complementing a BA B can be done in three steps. First, by Theorem 4.17,

we can construct an equivalent WAPA A. Second, by Theorem 4.16, the dual
automaton A of A accepts the complement of B. Third, by Theorem 4.18, we
can construct a BA B that accepts the complement of B. Suppose that B has n
states. Then, A and A have both O(n2 ) states. Since A is already stratified, B
2
has 2O(n ) states.
 4 Complementation of Büchi Automata Using Alternation 77

The construction can be improved by tuning the translation from the WAPA
A to the BA B = (P, Σ, δ, qI , F ). The improvement is due to Kupferman and
P
Vardi [102]. Let Q be the set of states of B. Note that P = (Q × {0, . . . , 2n}) ×
P (Q × {0, . . . , 2n}) by the construction of B. A set S ⊆ Q × {0, . . . , 2n} is
consistent if (q, i), (q, j) ∈ S implies i = j. Let B  be the BA (P  , Σ, δ, qI , F ),
where P  be the set of pairs of consistent sets (S, O) with O ⊆ S, and the
transition function δ  is restricted to P  , i.e. δ  ((S, O), a) := δ((S, O), a), for
(S, O) ∈ P  .
Note that (S, O) ∈ P  can be represented by the set { q ∈ Q | (q, i) ∈ O }
and the partial function f : Q → {0, . . . , 2n}, where f (q) := i, for (q, i) ∈ S,
and otherwise f is undefined. It is easy to see that B  and the BA obtained by
the construction described in Section 4.3 are isomorphic. This was observed by
Kupferman and Vardi in [107]. Thus, L(B  ) = Σ ω \ L(B), and B  has 2O(n log n)
states.
5 Determinization and Complementation of
Streett Automata

Stefan Schwoon

Institut für Informatik

Technische Universität München

5.1 Introduction
Several classes of ω-automata have been proposed in the literature, most im-
portantly Büchi automata, Muller automata, and Rabin automata. It has been
shown that the expressiveness of all these models is equivalent.
Streett automata were first suggested in [171]. They differ from the other for-
malisms in their acceptance condition which models strong fairness constraints.
Again, their expressiveness is equal to that of Büchi automata; however, for
certain properties of ω-words Streett automata can have an exponentially more
succinct representation.
Here, we survey results about upper and lower bounds on the problems of
determinization and complementation of Streett automata. A relatively simple
argument yields a doubly exponential upper bound for determinization; how-
ever, Safra [159] found an exponential procedure, involving a transformation
from (non-deterministic) Streett automata to deterministic Rabin automata (see
Section 5.3), and another transformation from deterministic Streett automata
to deterministic Rabin automata (Section 5.4). We present a slight modification
of Safra’s method and try to provide ample intuition for the method and its
proof of correctness. Moreover, the results of [114] lead to lower bounds on these
problems; these, together with their proofs, are portrayed in Section 5.5.

5.2 Definitions
A (non-deterministic) Streett automaton A is a 5-tuple (Q, Σ, δ, q0 , Ω) where Q
is a finite set of states, Σ is a finite alphabet, δ : Q × Σ → 2Q is a transi-
tion function, q0 is an initial state, and Ω = {(L1 , U1 ), . . . , (Lh , Uh )} is an
acceptance condition where Li and Ui , 1 ≤ i ≤ h, are subsets of Q. We
call the tuples (Li , Ui ) the acceptance pairs of A. For deterministic automata,
|δ(q, a)| = 1 holds for all q ∈ Q, a ∈ Σ.
For an infinite word α ∈ Σ ω of the form α = α0 α1 . . . , we say that ξ ∈ Qω is
a run of A over α if ξ = ξ0 ξ1 . . . where ξ0 = q0 and ξi+1 ∈ δ(ξi , αi ) for all i ≥ 0.
The infinity set Inf(ξ) is the set of states visited infinitely often by ξ.
A word α ∈ Σ ω is accepted by the Streett automaton A if there is an infinite
run over α such that the following condition holds for all i ∈ {1, . . . , h}: If some
state in Li is visited infinitely often, then some state in Ui is visited infinitely
often, too. The set of infinite words accepted by A is denoted L(A).

E. Grädel et al. (Eds.): Automata, Logics, and Infinite Games, LNCS 2500, pp. 79-91, 2002.
 Springer-Verlag Berlin Heidelberg 2002
80 Stefan Schwoon

The acceptance condition can be seen as a model for strong fairness. If, for
each i, the states in Li represent a request for some action and Ui corresponds
to the execution of said action, then the condition postulates that every request
which is repeated an unbounded number of times is eventually granted.
A Rabin automaton has the same structure as a Streett automaton, but
with a different interpretation. The Rabin acceptance condition declares a run as
accepting if there exists an index i, 1 ≤ i ≤ h, such that Li is visited infinitely
often, but Ui is visited only finitely often.
Since their structures are the same, each Streett automaton can be inter-
preted as a Rabin automaton, and vice versa. Observe that the Rabin acceptance
condition is exactly the opposite of the Streett condition. Hence, in the deter-
ministic case where there is exactly one possible run for every input, the same
automaton under the Streett interpretation represents the complement of its lan-
guage under the Rabin interpretation. We will use this fact in our constructions
later on.
Definition 5.1. A set J ⊆ {1, . . . , h} is a witness set for α ∈ L(A) if there
is an accepting run over α such that for all indices j ∈ J the set Uj is visited
infinitely often, and for all indices j
∈
/ J the set Lj
is visited only finitely often.
It is easy to see that α ∈ L(A) exactly if α has at least one witness set. Hence,
the problem of checking acceptance of a Streett automaton can be reduced to
finding a witness set for the input. The constructions in later sections are based
on this idea.
Note also that an accepting run can yield multiple witness sets if there are
indices j where Lj is visited finitely often, and Uj is visited infinitely often.

5.3 Transformation of Non-deterministic Streett

Automata
Safra [159] showed an exponential complementation procedure for Streett au-
tomata. The procedure converts a non-deterministic Streett automaton A into a
deterministic Rabin automaton D for the same language (and hence a determin-
istic Streett automaton for the complement of L(A)). In this section we present
this construction, proving the following theorem:
Theorem 5.2. Given a non-deterministic Streett automaton A with n states
and h acceptance pairs, one can construct a deterministic Rabin automaton D
with 2O(nh log(nh)) states and O(nh) acceptance pairs such that D accepts L(A).
The automaton D simulates, for a given input, all possible runs of A and
tries to find an accepting witness set within these runs. Difficulties arise because
the number of potential witness sets is exponential. Therefore, the construction
observes only a (polynomial) number of “interesting” witness sets in every step,
and these sets change dynamically.
The sets are arranged in a hierarchical structure called a decomposition
in [159]. These can also be interpreted as trees (see for instance [94]). Every
 5 Determinization and Complementation of Streett Automata 81

node in such a tree represents a process that is “hoping” for a certain witness
set to be realised. The witness set of a parent node is a superset of that of its
child nodes.
A process for a witness set J observes a subset of the possible runs and waits
for all the Uj , j ∈ J, to be visited in order. If that happens without visiting
any Lj
, j
∈ / J, the process “succeeds” and starts over. If some Lj
, j
∈
/ J,
is encountered in a run, the process discards that run. If some process succeeds
infinitely often, D accepts.
Fix a Streett automaton A = (Q, Σ, δ, q0 , Ω) for the rest of the section,
where Ω = {(L1 , U1 ), . . . , (Lh , Uh )}. Let H = {1, . . . , h}. A (Q, H)-tree is a
finitely branching rooted tree whose leaves are labelled with non-empty subsets
of Q and whose edges are labelled by elements of H ∪ {0}. The labels of the
leaves are pairwise disjoint and, other than 0, no edge label occurs twice on
any path from the root to one of the leaves. Each node bears a name from the
set {1, . . . , 2 · |Q| · (h + 1)}. The child nodes of a parent are ordered (from left
to right, say). For each parent node, at least one child is connected by an edge
with a non-zero label.
The root node represents the “hope” that H is a witness set for the input.
If some node n represents witness set J, and an edge labelled j goes from n to
a child node, then the child node represents witness set J \ {j}. Informally, the
child node has given up on hoping for Uj to occur.
With this intuition in mind, we now present the formal construction of D.
We will explain this construction a bit more before we prove its correctness and
the size bound.

5.3.1 The Construction

D is a 5-tuple (Q
, Σ, δ
, q0
, Ω
) where the set of states Q
is the set of all (Q, H)-
trees, and the initial state q0
is a tree consisting of just the root node, labelled
with q0 , and having an arbitrary name.
The transition function is best described as an algorithm which transforms a
(Q, H)-tree q
into another tree δ
(q
, a) by a recursive procedure. Whenever we
create a new node in the procedure, we assume that it is given a fresh name, i.e.
one that does not yet occur in the whole tree. The procedure is parametrized by
a set of indices J and a tree t; initially, we set J := H, t := q
. The procedure
consists of the following steps;
(1) If t is a leaf labelled S and J = ∅, replace S by δ(S, a) and stop.
(2) If t is a leaf labelled S and J = ∅, then create a child labelled S and remove S
from the label of t. Label the edge to the child with max J and continue at
step 3.
(3) If t is not a leaf, assume that its root has l sub-trees t1 , . . . , tl and that the
edges leading to them are labelled j1 , . . . , jl (from left to right). For all i,
1 ≤ i ≤ l, we first apply the procedure recursively for the set J \ {ji } and
the tree ti .
Now, let Si , 1 ≤ i ≤ l be the sets of states occurring in leaves of ti after the
previous changes. If ji = 0, then for every state q ∈ Si we do the following:
82 Stefan Schwoon

• If q ∈ Lji , remove the state from its occurrence in ti and append to t a

new child leaf on the right labelled {q}. The edge to the child is labelled
max J.
• Otherwise, if q ∈ Uji , append a new child leaf on the right, label the edge
with max((J ∪ {0}) ∩ {0, . . . , ji − 1}), and give to the child the label {q}.
(4) Let t1 , . . . , tl
, l
≥ l be the subtrees of t after the previous changes (labelled
j1 , . . . , jl
), and let Si , 1 ≤ i ≤ l
, be the set of states occurring in ti . Repeat
the following for every state q that occurs in two different sets Si and Si
:
• If ji < ji
, remove q from ti
.
• If ji = ji
and i < i
, remove q from ti
.
(5) Remove any subtrees from t whose leaves have an empty label.
(6) If after the previous steps all edges going from the root of t to its subtrees
are labelled 0, then let S be the set of all states occurring in leaves of t.
Remove all subtrees, i.e. make t a leaf, with label S.

Acceptance Condition: Let Ω
= {(L
ν , Uν
)}1≤ν≤2|Q|(h+1) , where L
ν is the

set of all states (trees) containing a leaf named ν, and Uν
is the set of all states
in which ν does not occur.
Each process (or node) in D observes a subset of the possible runs of A.
However, every state of A occurs at most once in every tree of D. Basically, this
induces an equivalence relation over the runs; for a given prefix of the input, two
runs are in the same equivalence class if they end up in the same state after the
prefix is consumed. The placement of a state in the tree tries to extract the most
useful information (with regard to acceptance) from this equivalence class.
A process with witness set J waits for the runs in its area to pass through
all Uj , j ∈ J, in descending order and records their progress. Runs which are
waiting for Uj to occur are kept in a child process connected by an edge labelled j.
Runs which have passed all Uj are kept below an edge labelled 0. An edge label j
going from a parent process with set J to a child process thus has two functions
at once: It records the progress that the runs kept in the child have made with
respect to J, and it signifies that the child is managing the witness set J \ {j}.
In step 2 of the algorithm, leaves with a non-empty witness set are expanded;
all runs are waiting for the highest index to happen. In step 1, the transition
function of A is simulated. In step 3 we check for occurrences of the accepting
pairs. If in some process a run is waiting for Uj (i.e. the run is stored below
an edge labelled j), and Uj does happen, then the run is transferred to a new
child with the next lowest index (or 0, if all indices have been passed). If in
some process Lj
, j
∈
/ J, is seen, we have to remove that run from the process.
Recall that children have smaller witness sets than parents. Therefore, if a run
is unsuccessful for a parent, it is unsuccessful for its children, too. Moreover, if
a parent has a j-labelled edge to a child, then the run is still successful for the
parent, but not for the child. So we remove the state from the child and start it
over in the parent.
In step 4 we remove duplicate states from the tree. If we have one run that
has advanced to index i and another that has gone to i
, i
> i, then we keep the
more advanced one (otherwise we would throw away progress and might miss a
 5 Determinization and Complementation of Streett Automata 83

q1
a b
b a
q2 q3 L1 = {q2 }

b b U2 = {q3 , q5 }
b b

b
q4 q5
b
Fig. 5.1. Example Streett automaton.

completed cycle). If two runs are advanced to the same level, we keep the older
one, i.e. the one in the leftmost child (otherwise a state might change its position
in the tree too often).
In step 5 we clean up “dead” branches of the tree. In step 6, when all the
runs observed by a process have succeeded, we reset the process. In this way we
limit the growth of the tree.

5.3.2 An Example
Consider the non-deterministic Streett automaton A shown in Figure 5.1 which
has two accepting pairs. For the purposes of this example we will consider the
sets L1 = {q2 } and U2 = {q3 , q5 } only. Assume that the automaton has to
process input starting with abb.
Figure 5.2 shows the behaviour of the corresponding deterministic automa-
ton. Part (a) shows the steps made by the construction upon receiving the in-
put a. For a better demonstration we assume that the six steps are executed
on all leafs simultaneously; the correctness is not affected by this. Diagram (a1)
shows the initial state of the deterministic automaton, consisting of the root
labelled {q1 } and named 1.
Diagram (a2) shows the tree after expansion and simulation of A (i.e. steps 1
and 2 of the transition function). Diagram (a3) shows the result of step 3; q2
is in L1 and is thus “reset”; q3 is in U2 and hence advanced to the next index
by the root node. Now q3 appears twice below the root node; this is repaired in
step 4, shown in (a4). In the last step, the now empty sub-tree with the node
named 3 is removed; the result is in diagram (a5).
Part (b) of the figure shows the processing of the second input character.
Diagram (b1) shows the situation after steps 1 and 2. In (b2) the final result is
shown: q5 was advanced to a 0-labelled branch, and the duplicate q1 was removed
from the less advanced sub-tree of the root.
Part (c) demonstrates the third step; again we read a b. Diagram (c1) shows
the result of steps 1 and 2. Afterwards, q5 is removed from the left branch (since
it is less advanced), and the occurrence of q5 in the right branch is advanced to
a 0-labelled branch. Since that leaves the label 0 on all edges leaving node 4, the
84 Stefan Schwoon

(a)
(a1) (a2) (a3) (a4) (a5)

1 1 1 1 1
{q1 } 2 2 1 2 1 2 1

2 2 4 2 4 2 4

1
{q3 } {q3 } {q3 }
1 1 1 1 1

3 3 5 3 5 5
{q2 , q3 } {q3 } {q2 } ∅ {q2 } {q2 }

(b) (c)
(b1) (b2) (c1) (c2)

1 1 1 1

2 1 2 1 2 1 2 1

2 4 2 4 2 4 2 4

1 2 1 2 0 1 2 0 1 {q4 , q5 }

5 6 5 6 7 5 6 7 5
{q1 , q4 } {q1 , q5 } {q4 } {q1 } {q5 } {q1 , q5 } {q5 } 2
{q1 }

8
{q4 }

Fig. 5.2. (a) After input a. (b) After input ab. (c) After input abb.

subtrees of that node are collapsed according to step 6 of the transition. The
result is shown in Diagram (c2).

5.3.3 Proof of Correctness

We now prove Theorem 5.2 formally, i.e. we show that L(D) = L(A) and we
count the number of states in D.
(L(D) ⊆ L(A)) Suppose α ∈ L(D) is accepted by a run ξD where ν is a name
such that Uν
appears only finitely often and L
ν is visited infinitely often. Then,
after some point, every state contains a node n named ν which becomes a leaf
infinitely often. If n never disappears after some time, it is the root of a sub-tree
whose leaves never become empty, and the witness set J associated with n in
the transition function remains the same. Therefore α must have a run ξA in A
that touches states from Lj
, j
∈ (H \ J), only finitely often (since these states
would be absorbed by one of the parent nodes of n). If n is a leaf in one state,
it will create new leaves below itself in the next state unless J = ∅. In the latter
case ξA is accepting because no Lj , j ∈ H, is visited anymore. Otherwise, to
become a leaf again, n must first get a child with edge label 0, and for that
ξA must visit all Uj , j ∈ J (in descending order).
(L(A) ⊆ L(D)) Let ξA = (ξA i
)i≥0 be an accepting run of A for α, and let J be
its maximal witness set. Consider the unique run ξD = (ξD i
)i≥0 of α in D. For all
 5 Determinization and Complementation of Streett Automata 85

i ≥ 0, ξAi i
occurs in ξD . We first wait until ξA makes no more visits to any set Lj
,


j ∈/ J (which happens after consumption of a finite number of input symbols).
From now on, either ξD i
becomes a leaf infinitely many times, then α ∈ L(D).
i i
Otherwise we wait until ξD becomes a leaf for the last time. Thereafter, ξA
i i
always occurs in some sub-tree of ξD . We will see that ξA can ‘migrate’ from
one sub-tree to another as time goes on, but the number of migrations is finitely
bounded: Since all Uj , j ∈ J, occur infinitely often, ξA i
is moved to other sub-
trees until it eventually ends up in one whose edge is labelled with an element
of (H ∪ {0}) \ J. From there, ξA i
cannot migrate further via steps 3 or 6 of the
construction anymore, only via rule 4. But this can happen only finitely often
i
since the set of edge labels is finite, and since there is a leftmost sub-tree of ξD .
i
Eventually, ξA must end up in some sub-tree which it never leaves anymore. We
can repeat the argument recursively for this sub-tree until we arrive at one that
becomes a leaf infinitely many times. This recursion is of finite depth because
eventually we get to processes for the witness set J. If we do not get a leaf at
i
this level, then ξA must be in a 0-indexed sub-tree, and some other state must
be trapped in a non-0-indexed sub-tree. Thus, if we continue the recursion, the
i
0-indexed sub-trees containing ξA have less and less states. In the worst case, we
i
continue until a sub-tree contains only the single state ξA . Since ξA is accepting
with witness set J, and since all the sets Lj , j ∈ J occur infinitely often in the
accepting run of A, this node must become a leaf infinitely many times.
Let us count how many nodes a (Q, H)-tree can have. A tree has at most |Q|
leaves. Suppose a tree has no 0-labelled edges, then the length of a path from the
root to a leaf can be at most h. Such a tree can have at most |Q| · h nodes apart
from the root. Now consider trees with 0-edges. From the root, there must be at
least one path to a leaf without passing a 0-edge, and likewise from each node
which is the target of such an edge. So there can be at most |Q| − 1 such edges
(and nodes). Therefore, in total, a (Q, H)-tree can have at most m := |Q|·(h+1)
nodes.
With this knowledge we can determine the size of D, i.e. the number of
(Q, H)-trees. Let us consider unlabelled trees without names on the nodes first.
According to Cayley’s Theorem there can be at most mm−2 different trees with
m nodes (even ignoring the fact that we are only interested in trees with at most
|Q| leaves). We then have no more than (m − 1)h+1 choices to label the edges,
(2m)!/m! choices to name the nodes, and (|Q| + 1)|Q| choices to distribute states
among the leaves. Taking these results together, we get at most
2m!
mm−2 · (h + 1)m−1 · · (|Q| + 1)|Q| = 2O(m log m) = 2O(|Q|h log(|Q|h))
m!
different states.

5.4 Transformation of Deterministic Streett Automata

The construction from Section 5.3 yields a deterministic Streett automaton for
the complement of the language. In order to determinize the automaton, we need
86 Stefan Schwoon

another complementation procedure. In [159], Safra shows a conversion of deter-

ministic Streett automata to deterministic Rabin automata. This conversion is
exponential only in the number of acceptance pairs of the Streett automaton.

Theorem 5.3. Given a deterministic Streett automaton A with n states and

h acceptance pairs, one can construct a deterministic Rabin automaton D having
n · 2O(h log h) states and O(h) acceptance pairs such that D accepts L(A).

The construction is based on the idea of “index appearance records” (IAR),

also used for conversions from Streett or Rabin automata to other models. In the
Rabin automaton, the states record not only the state of the Streett automaton,
but also a permutation of the indices of all acceptance pairs. An index j can be
moved to the back of the permutation if Uj contains the current Streett state.
Fix a deterministic Streett automaton A = (Q, Σ, δ, q0 , Ω) with h accep-
tance pairs for the rest of the section, and consider the Rabin automaton D =
(Q
, Σ, δ
, q0
, Ω
) where

• Q
= Q × Π × {1, . . . , h + 1} × {1, . . . , h + 1} where Π is the set of all

permutations of {1, . . . , h};
• For a ∈ Σ and π = (j1 , . . . , jh ) let δ((q, π, l, u), a) = (q
, π
, l
, u
) such that
– q
= δ(q, a);
– l
= min({ i | q
∈ Lji } ∪ {h + 1});
– u
= min({ i | q
∈ Uji } ∪ {h + 1});
– if u
≤ h, then π
= (j1 , . . . , ju
−1 , ju
+1 , . . . , jh , ju
), else π
= π.


• q0 = (q0 , (1, . . . , h), h + 1, h + 1);
• Ω
= {(L
1 , U1
), . . . , (L
h+1 , Uh+1


)}; for 1 ≤ j ≤ h + 1,
let Lj = { (q, π, l, u) ∈ Q | u = j } and Uj
= { (q, π, l, u) ∈ Q
| l < j }.

In a D-state of the form (q, π, l, u), the state q simply records the state that
A would be in after the same input. The values for l and u contain information
about visits to the accepting pairs. If a set Lj is visited, then its position in
the current permutation π is recorded in l. Similarly, if a set Uj is visited, then
its position is written to u and additionally the index is shifted to the right in
the permutation. If multiple sets are visited in one step, then we choose the one
that’s leftmost in π.
The intuition behind this construction is that the permutation of the indices
maintained by D will take on the form outlined in Figure 5.3. Those indices j
for which Uj is visited only finitely often will eventually gather on the “left”
side of the permutation whereas the others will be moved to the back infinitely
often. If a run satisfies the acceptance condition, then the third component of
the D-states must always indicate the right half of the permutation from some
point on.

5.4.1 Proof of Correctness

We now prove Theorem 5.3. Clearly, the number of states in D is n · h! · (h + 1)2 .

Moreover, we claim that L(D) = L(A).
 5 Determinization and Complementation of Streett Automata 87

(L(D) ⊆ L(A)) Let α ∈ L(D). In the unique run of D over α, there must be
an index j such that (a) L
j is visited infinitely often and (b) Uj
is visited only
finitely often. Because of (b), if some Lk is visited infinitely often in A, then k
must occur infinitely often at position j or to the right of it in the permutation.
Because of (a) we know that no index with this property is allowed to keep its
position forever. Therefore it follows that k is also moved back to the end of the
permutation infinitely often, and every such move means a visit to Uk .
(L(A) ⊆ L(D)) Suppose α ∈ L(A), and consider the maximal witness set J
associated with its run. Let i = h − |J| + 1. At some point, for all k ∈/ J all the
finitely many visits to Lk and Uk have been made, so k is never moved back in
the permutation again. After that, we wait until all indices in J are eventually
moved to the back. From now on, all indices on positions left of i are outside of
J, so the D-run will never visit Ui
again. Whatever the index k on position i is,
it is from now on always an element of J. When A next visits Uk , D visits L
i .

5.4.2 Summary
Let A be a (non-deterministic) Streett automaton with n states and h accept-
ing pairs. According to Section 5.3 we can transform A to a deterministic au-
tomaton D accepting the complement of L(A) with 2O(nh log(nh)) ) states and
2n(h + 1) accepting pairs. The result of this section lets us transform D into an-
other deterministic Streett automaton accepting L(A) with the same asymptotic
bound on the number of states and 2n(h + 1) + 1 accepting pairs.

5.5 Lower Bounds

In [114] many lower bounds for transformations between automata on infinite
words are shown. Here we present the results with respect to Streett automata.
The results of [114] directly or indirectly prove that the problems of
(1) complementing non-deterministic Streett automata,
(2) complementing deterministic Streett automata,
(3) and determinizing Streett automata
require constructions with at least n! states if the input is an automaton with
n states. Hence, the upper bounds by Safra are optimal with respect to the
number of states.

H\J witness set J

i1 ij−1 ij ih

1 j−1 j h

L-sets occur moves infinitely often

finitely often

Fig. 5.3. Acceptance behaviour of D.

88 Stefan Schwoon

q1 q2 qn
0, ..., n 0, ..., n 0, ..., n
...
2 2
1
1 n
n

q0

Fig. 5.4. The automaton Bn .

5.5.1 Complementation of Non-deterministic Automata

In Section 3 of [114] a proof is given showing that conversion from a Büchi

automaton with n states to a non-deterministic Streett automaton accepting
the complement of the language involves a factorial blowup in the number of
states. Since a Büchi automaton can be seen as a Streett automaton with a
single accepting pair (non-final states, final states) the bound also holds for
complementation of non-deterministic Streett automata.
Consider the Büchi automaton Bn over the language Σn = {0, . . . , n} shown
in Figure 5.4. Bn has O(n) states, and we shall show that there is no Streett
automaton accepting the complement of L(Bn ) with less than n! states.
We first observe the following characterization of the language: A word α ∈
Σnω is in L(Bn ) exactly if there exist characters i1 , . . . , ik ∈ {1, . . . , n} such that
the sequences i1 i2 , . . . , ik i1 occur infinitely often in α. One direction is very easy
to show: If such sequences exist, then every occurrence of such a sequence allows
us to go through q0 in Bn , so α ∈ L(Bn ). For the reverse, assume that α ∈ L(Bn ),
so there is an accepting run ξ. Take any state qi1 , 1 ≤ i1 ≤ n that is visited
infinitely often in ξ. Whenever ξ leaves qi1 for q0 (i.e. infinitely often), take note
of the state that is visited directly after q0 . One of them, say qi2 , must occur
infinitely often. If i1 = i2 , we are done. Otherwise, repeat the argument for i2
until we get a circle. Since there are only finitely many states, this must happen
eventually.
Assume a Streett automaton An accepting the complement of L(Bn ). For
every permutation π = (i1 , . . . , in ) of {1, . . . , n}, let απ = (i1 . . . in 0)ω . From
the characterization of L(Bn ) it follows that απ ∈ / L(Bn ), hence An has an
accepting run ξπ . There are n! such permutations, and the following proof shows
that the infinity sets of all their accepting runs must be disjunct (and thus there
must be at least n! states in An ).
Let π = (i1 , . . . , in ) and π
= (j1 , . . . , jn ) be two different permutations, and
assume that there is a state q ∈ Inf(ξπ ) ∩ Inf(ξπ
). Using this we create a new
input α (and an associated run ξ) where we ‘interleave’ απ and απ
, i.e. for all
i ≥ 0 the i-th symbol of α is the i-th symbol of either απ or αiπ
. We switch from
απ to απ
whenever we pass q in the accepting run and if, since the last switch,
we have passed i1 . . . in and gone through all states in Inf(ξπ ) at least once.
 5 Determinization and Complementation of Streett Automata 89

0 0 0

1 1 1
0
q1 q2 qn
1 1 1

q0
0 1 0 1 0 1

0 0 0
1 0 0 0

0
0 0

Fig. 5.5. Automaton with a binary alphabet.

Analogously, we switch from απ
back to απ when we have passed the sequence
j1 . . . jn and visited the states in Inf(ξπ
).
We now derive a contradiction: Clearly, Inf(ξ) = Inf(ξπ ) ∪ Inf(ξπ
), i.e. ξ
satisfies An ’s acceptance condition: for every acceptance pair (Lk , Uk ) of An
such that Inf(ξ) has a state in Lk , said state must come from either Inf(ξπ ) or
Inf(ξπ
); and since both απ and απ
are in L(An ), Inf(ξ) also has a state from Uk .
So α ∈ L(An ).
On the other hand, one can show that α ∈ L(Bn ) which is a contradiction.
Take the smallest k such that ik = jk . Since ik must occur in π
later on, there
is l > k such that jl = ik . Similarly, there is m > k such that im = jk . Since α
infinitely often cycles through π and π
, the sequences ik ik+1 . . . im = jk and
jk jk+1 . . . jl = ik happen infinitely often, hence α matches the characterization
given above.
Note that the Streett automaton derived from Bn has only one acceptance
pair (albeit one of size O(n)). The alphabet is also of size O(n). However, the
idea can be transferred to a family of automata with a binary alphabet. Such
an automaton (still of size O(n)) is shown in Figure 5.5, (which corrects a slight
mistake in [114]).
In Figure 5.5 the input characters are replaced with the sequence ai b for
0 ≤ i < n and an a∗ b for n.

5.5.2 Complementation of Deterministic Automata

Another argument in [114] (Theorem 7) shows that even complementation of

deterministic Streett automata leads to a factorial blowup. Consider, for n ≥ 2,
the following Streett automaton An accepting a language Ln . An is of the form
(Qn , Σn , δn , q0n , Ωn ) where

• Qn = {−n, . . . , n} \ {0};
• Σn = {1, . . . , n};
• q0n = −1;
90 Stefan Schwoon

• δn (q, i) = −i and δn (−q, i) = i for q, i ∈ {1, . . . , n};

• Ωn = {({−1}, {1}), . . . , ({−n}, {n})}.

In other words, An switches from positive to negative states and back in

every step. After an odd number of steps we are in a positive state, and after
an even number of steps we are in a negative state; the ith symbol of the input
determines the “absolute value” of the (i + 1)-th state. The acceptance condition
thus states that an input character that occurs in odd positions infinitely often
must also be in even positions infinitely often.
For a word α ∈ Σnω we denote by even(α) and odd (α) the set of all input
symbols which occur infinitely often in even resp. odd positions in the input.
If i ∈ odd (α), this implies that the state −i is visited infinitely often. Hence,
α is in Ln exactly if odd (α) ⊆ even(α). Moreover, for a finite prefix u of even
length we have odd (uα) = odd (α) (analogously for even). In other words, in a
deterministic automaton for Ln all the states reachable by reading a prefix of
even length are language equivalent to the initial state (in a non-deterministic
automaton this need not be the case). We refer to these states as the even-states
of the automaton.
We now show that to recognize the complement of Ln , a deterministic Streett
automaton A
n needs at least n! states. The proof is by induction on n.
Basis. Let n = n! = 2. Automata with only one state can only accept either
∅ or Σ ω , so we need at least two states.
Step. Let n > 2, and let A
n be an automaton recognising the complement of
Ln . We make the following important observation: While reading the input, we
must be prepared for the case that the symbol n never occurs in the input any-
more. Then, for the rest of the input, A
n must have exactly the same acceptance
behaviour as A
n−1 (because A
n is deterministic). By the induction hypothesis,
this takes at least (n − 1)! states, and in particular, this number of states must
be reachable (without reading n) from the initial state and from all even-states.
Moreover, the analogue holds when some other symbol i stops appearing in the
input: The language of the suffixes accepted from now on is isomorphic to Ln−1 ,
so from every even-state we can reach at least (n − 1)! different states without
reading i.
Using these facts, we construct an input αi for each i ∈ {1, . . . , n}. Each run
consists of infinitely many phases, all constructed alike. The first phase starts
at the initial state. For αi we begin each phase by processing an input sequence
j j for every j ∈ Σ, j = i, in arbitrary order. Then we continue with arbitrary
input (but not i) until we have touched (n − 1)! different states and have read
an even-sized input. This is possible due to the previous observation; as long as
we haven’t touched (n − 1)! different states, we can reach at least one untouched
state from every even-state. Finally, we process the input j i for some j = i, and
continue with the next phase.
For every i, we have even(αi ) = {1, . . . , n} \ {i} and odd (αi ) = {1, . . . , n},
hence αi ∈ / Ln and αi ∈ L(A
n ). Since at any point in the corresponding run ξi
we can still expect to visit at least (n − 1)! different states, there must be at
least that many states which are visited infinitely often, i.e. |Inf(ξi )| ≥ (n − 1)!.
 5 Determinization and Complementation of Streett Automata 91

1, ..., n
q0 q1
1, ..., n

1, ..., n 1, ..., n ... 1, ..., n

q10 q20 0
qn

2, ..., n 2, ..., n 1, 3, ..., n 1, 3, ..., n 1, ..., n − 1 1, ..., n − 1

q11 q21 1
qn

1 2, ..., n 2 1, 3, ..., n n 1, ..., n − 1

q1f q2f f
qn

Fig. 5.6. The automaton Bn .

We conclude by showing that Inf(ξi ) ∩ Inf(ξj ) = ∅ if i = j. As a consequence,

the number of states in A
n is at least n · (n − 1)! = n!. Suppose there is a
state q ∈ Inf(ξi ) ∩ Inf(ξj ) for some i = j. Using this we could create a new
input α (and thus a corresponding run ξ), interleaving αi and αj ; we switch from
one to the other whenever we pass q and have gone through a complete phase
since the last change. Hence, on the one hand even(α) = odd (α) = {1, . . . , n},
i.e. α ∈/ L(A
n ). On the other hand, Inf(ξ) = Inf(ξi ) ∪ Inf(ξj ), i.e. α is accepted


by An by the same argument as in the previous subsection. We thus have a
contradiction.
Note that both the number of states and the number of acceptance pairs
is O(n). The size of the alphabet is also n but can be reduced to a binary
alphabet using a similar technique as the one in the previous subsection.

5.5.3 Determinization of Streett Automata

The previous argument leads to the conclusion that determinization of Streett

automata is inherently factorial. Consider the Büchi automaton Bn shown in
Figure 5.6 which accepts the complement of the language Ln of the previous
subsection.
Recall the acceptance condition of Ln ; its complement demands that there is
an input character i that occurs in odd positions infinitely often, but only finitely
often in even positions. The automaton in Figure 5.6 waits in the states q 0 and q 1
until it non-deterministically decides upon one character i which it expects never
to occur in even positions again. If the guess is correct, and if i occurs infinitely
often in odd positions, the automaton accepts.
Let Qn be the set of states of Bn , and let Fn be its final states. Bn has O(n)
states and an alphabet of size n. Since Bn can be interpreted as a Streett automa-
ton with one accepting pair (Qn \ Fn , Fn ), and since there is no deterministic
automaton accepting L(Bn ) with less than n! states we have that determinization
of Streett automata has the same lower bound.
6 Memoryless Determinacy of Parity Games

Ralf Küsters

Institut für Informatik und Praktische Mathematik

Christian-Albrechts-Universität zu Kiel

6.1 Introduction

In Chapter 2, parity games were introduced and it was claimed that these games
are determined and that both players have memoryless winning strategies. The
main purpose of this chapter is to provide proofs for this claim.
The determinacy and the memorylessness of parity games is exploited in
various areas inside and outside of game theory. For the purpose of this book,
automata theory, modal logics, and monadic second-order logics are the most
interesting among them.
More specifically, the word and emptiness problem for alternating tree au-
tomata as well as model checking and satisfiability in modal µ-calculus [100]
can be reduced to deciding the winner of a parity game. In fact, model checking
µ-calculus is equivalent via linear time reduction to this problem [56, 55, 202].
In Chapter 9 and 10, these reductions are presented.
In addition, parity games provide an elegant means to simplify the most diffi-
cult part of Rabin’s proof of the decidability of the monadic second-order theory
of the binary infinite tree [148], the complementation lemma for automata on
infinite trees. Although, from Rabin’s proof the determinacy of parity games fol-
lows implicitly, Rabin did not explicitly use games to show his result. The idea
to use games is due to Büchi [21] and it was applied successfully by Gurevich
and Harrington [77]. In turn, their paper has been followed by numerous other
attempts to clarify and simplify the proof of the complementation lemma; see,
for instance, a paper by Emerson and Jutla [55]. For the proof of the complemen-
tation lemma see Chapter 8. We refer to Part VI and VII for more on monadic
second-order logics.
The determinacy of parity games follows from a result due to Martin [119],
who has shown that Borel games, a class of games much larger than the class
of parity games we consider here, are determined. For our purpose, however,
this result does not suffice since the strategies employed there require to store
the complete history of a play, and thus, they require infinite memory. Gurevich
and Harrington [77] showed that finite-memory strategies suffice to win Muller
games, a class more general than parity games, but smaller than Borel games
(see Chapter 2).1 Later, it turned out that for parity games the winner only
needs a memoryless strategy. This was proved for the first time independently
by Emerson and Jutla [55] and Mostowski [132]. While these proofs were quite
1
Apparently, Büchi was the first to prove the existence of finite-memory strategies in
a manuscript sent to Gurevich and Harrington.

E. Grädel et al. (Eds.): Automata, Logics, and Infinite Games, LNCS 2500, pp. 95-106, 2002.
 Springer-Verlag Berlin Heidelberg 2002
96 Ralf Küsters

involved and non-constructive in the sense that the proofs did not exhibit memo-
ryless winning strategies, McNaughton [126] proposed a simpler and constructive
proof for Muller games played on finite graphs, from which he could derive an
exponential-time algorithm for computing finite-memory strategies. His results
also establish the existence of memoryless winning strategies for parity games
on finite graphs.
In the present chapter, we follow a proof proposed by Zielonka [203] to show
that parity games (on possibly infinite graphs) are determined and that the
winner of a game has a memoryless winning strategy. We present both a con-
structive and a non-constructive proof. In addition, we sketch algorithmic and
complexity-theoretic issues. We show that the problem of deciding the winner
of a parity game belongs to the complexity classes NP and co-NP. Based on
the constructive proof of determinacy, a simple deterministic exponential-time
algorithm is derived to compute the winning positions of players along with their
memoryless strategies. Jurdziński [92, 93] proved tighter complexity results and
developed more efficient algorithms. An in-depth treatment of his results and
other approaches for computing winning regions is provided in Chapter 7.
The present chapter is structured as follows. In Section 6.2, some basic no-
tions are introduced. They prepare for the proof of the main theorem of this
chapter, which is shown in Section 6.3. Finally, in Section 6.4 the mentioned
complexity-theoretic and algorithmic issues are discussed.
We assume that the reader is familiar with the notions introduced in Chap-
ter 2, such as parity games, (memoryless) strategies, determinacy, etc.
Throughout this chapter let G = (A, χ) denote a parity game with arena
A = (V0 , V1 , E) and colouring function χ. The set of vertices of G will be denoted
by V := V0 ∪ V1 .

6.2 Some Useful Notions

In this section we introduce and discuss different notions that are used later to
show memoryless determinacy of parity games.

6.2.1 Subgames
Let U ⊆ V be any subset of V . The subgraph of G induced by U is denoted

G[U ] = (A|U , χ|U )

where A|U = (V0 ∩ U, V1 ∩ U, E ∩ (U × U )) and χ|U is the restriction of χ to U .

The graph G[U ] is a subgame of G if every dead end in G[U ] is also a dead
end in G. In other words, in a subgame no new dead ends may be introduced.
Otherwise, winning regions could change. Let us look at an example.

Example 6.1. Figure 6.1 depicts a simple parity game, subsequently called Gex ,
with the vertices v0 , . . . , v7 and colours 0, 1, 2. As in Chapter 2, circles denote
0-vertices and boxes 1-vertices. In this game, G[{v5 , v6 }] is a subgame of G.
 6 Memoryless Determinacy of Parity Games 97

However, the subgraph G[{v5 , v6 , v7 }] of G is not a subgame of G since, in this

subgraph, v7 is a dead end, whereas it is not a dead end in G.

v0 v1 v2

1 1 0

v7 0 1 v3

1 2 2

v6 v5 v4
Fig. 6.1. A parity game

One easily shows the following lemma.

Lemma 6.2. Let U and U
be subsets of V such that G[U ] is a subgame of G
and (G[U ])[U
] is a subgame of G[U ]. Then, G[U
] is a subgame of G.
Proof. Exercise.

6.2.2 σ-Traps
The notion of a σ-trap was introduced in Chapter 2. Recall that if a token is
in a σ-trap U , then Player σ can play a strategy consisting in choosing always
successors inside of U . On the other hand, since all successors of σ-vertices in U
belong to U , Player σ has no possibility to force the token outside of U . In our
example, the set {v0 , v7 } is a 1-trap, while the set {v0 , v1 , v2 , v3 , v7 } is a 0-trap.
We summarize some simple properties of σ-traps.
Lemma 6.3. (1) For every σ-trap U in G, G[U ] is a
subgame.
(2) For every family {Ui }i∈I of σ-traps Ui , the union i∈I Ui is a σ-trap as well.
(3) If X is a σ-trap in G and Y is a subset of X, then Y is a σ-trap in G iff Y
is a σ-trap in G[X].
Proof. Exercise.
Note that the converse of (1) is not true. In our example, the set {v3 , v4 , v5 , v6 }
induces a subgame in G, but it is neither a 0-trap nor a 1-trap. Also observe that
the equivalence in (3) does not hold for nested traps of different types: If X is a
σ-trap in G and Y is a σ-trap in G[X], then, in general, Y is not a trap of any
kind (neither σ nor σ) in G.
98 Ralf Küsters

6.2.3 Attractors and Attractor Sets

Attractors and attractor sets were introduced in Chapter 2. Recall that the
attractor set Attrσ (G, X) ⊆ V for Player σ and set X is the set of vertices
from which Player σ has a strategy — and according to Proposition 2.18 a
memoryless strategy — to attract the token to X or a dead end in Vσ in a finite
(possibly 0) number of steps. In our example, Attr1 (Gex , {v2 }) = {v1 , v2 } and
Attr0 (Gex , {v2 }) contains all vertices of Gex .
We summarize relevant relationships between attractors and traps in the
following lemma.
Lemma 6.4. (1) The set V \ Attrσ (G, X) is a σ-trap in G.
(2) If X is a σ-trap in G, then so is Attrσ (G, X).
(3) X is a σ-trap in G iff Attrσ (G, V \ X) = V \ X.
(4) Attrσ (G, X) = V \ U where U is the greatest (w.r.t. set inclusion) σ-trap
contained in V \ X; U exists since ∅ is a σ-trap, and by Lemma 6.3, the
union of σ-traps is a σ-trap.

Proof. ad (1): See Exercise 2.7.

ad (2): Let X be a σ-trap. From every vertex in Attrσ (G, X), Player σ has a
strategy to force the token into X or a dead end in Vσ . In either case, from then
on there is no way for σ to choose a vertex outside of Attrσ (G, X). Note that all
dead ends in Vσ belong to σ’s attractor set.
ad (3): Assume that X is a σ-trap. This means that, starting from some
vertex in X, σ has a strategy to keep the token inside X and that X does not
contain a dead end in Vσ . Thus, Attrσ (G, V \ X) ⊆ V \ X, for otherwise σ would
have a way to force the token from some vertex in X into V \ X. The inclusion
in the other direction is trivial.
Conversely, assume Attrσ (G, V \ X) = V \ X. By (1), V \ Attrσ (G, V \ X) is
a σ-trap. Then, V \ (V \ X) = X shows that X is a σ-trap.
ad (4): By definition of U , X ⊆ V \ U . Hence, Attrσ (G, X) ⊆ Attrσ (G, V \ U )
(Exercise 2.5). Because U is a σ-trap, (3) implies Attrσ (G, X) ⊆ V \ U . For the
converse inclusion, we show that V \ Attrσ (G, X) ⊆ U . By (1), V \ Attrσ (G, X)
is a σ-trap. Moreover, X ⊆ Attrσ (G, X) implies V \ Attrσ (G, X) ⊆ V \ X. Since
U is the biggest σ-trap with U ⊆ V \ X, it follows V \ Attrσ (G, X) ⊆ U .


6.2.4 σ-Paradise

Intuitively, a σ-paradise in a game G is a region (a set of vertices) from which

σ cannot escape and σ wins from all vertices of this region using a memoryless
strategy.
Formally, a set U ⊆ V is a σ-paradise if

• U is a σ-trap, and
• there exists a memoryless winning strategy fσ for σ on U , i.e.,
– fσ is a total mapping from U ∩ Vσ into U such that, for all v ∈ U ∩ Vσ ,
fσ (v) ∈ vE; and
 6 Memoryless Determinacy of Parity Games 99

– for every v ∈ U and every play p in (G, v) conform with fσ , p is winning

for σ. (Note that since U is a σ-trap, p only contains nodes in U .)
Note that a σ-paradise is a subset of σ’s winning region Wσ . The following
lemma shows that the set of σ-paradises is closed under the attractor operation
and closed under union.
Lemma 6.5. (1) If U is a σ-paradise, then so is Attrσ
(G, U ).
(2) Let {Ui }i∈I be a family of σ-paradises. Then, U = i∈I Ui is a σ-paradise.
Proof. ad (1): By Lemma 6.4, Attrσ (G, U ) is a σ-trap. A memoryless winning
strategy for σ on this attractor set can be obtained as follows: For the vertices
v ∈ Attrσ (G, U ) \ U , σ has a memoryless strategy to force the token into U or
to a dead end in Vσ . In the latter case, σ wins. In the former case, once in U , σ
plays according to the memoryless winning strategy for U and wins as well.
ad (2): First note that U is a σ-trap as the union of σ-traps (Lemma 6.3). Let
wi denote the memoryless winning strategy on Ui for σ. A memoryless strategy
w on U for σ is constructed in the following way: Fix a well-ordering relation
< on I (here we use the axiom of choice to guarantee the existence of such an
ordering). Then for v ∈ U ∩ Vσ , we set w(v) = wi (v), where i is the least element
of I (w.r.t. <) such that v ∈ Ui . We need to show that w is a winning strategy
on U .
Let p = v0 v1 v2 · · · be an infinite play conform with w and let, for all k,
ik = min{ i ∈ I | vk ∈ Ui }. Obviously, vk ∈ Uik . More importantly, the successor
vertex vk+1 belongs to Uik as well (either vk is an σ-vertex and then all its
successors, in particular vk+1 , belong to the σ-trap Uik , or vk is a σ-vertex
and then vk+1 = w(vk ) = wik (vk ) ∈ Uik ). Moreover, vk+1 ∈ Uik implies that
ik+1 ≤ ik . Since an infinite non-increasing sequence of elements of a well-ordered
set is ultimately constant, we conclude that some suffix of p is conform with one
of the strategies wi . Thus, σ wins p.
Let p be a finite play. The dead end, say v, in p belongs to some Ui . Since
all vertices of Ui are winning for σ, we can conclude that v ∈ Vσ . Thus, σ wins
p.


6.3 Determinacy
Following Zielonka [203] in this section we show that parity games are deter-
mined and that the winner of a parity game has a memoryless winning strategy.
Formally, the main theorem of this chapter reads as follows.
Theorem 6.6. The set of vertices of a parity game is partitioned into a 0-
paradise and a 1-paradise.
Note that the 0- and 1-paradises are the winning regions of the players. We
provide two proofs of this theorem. The first proof is non-constructive, whereas
the second one is constructive. For parity games on finite graphs, the latter proof
can even be turned into a recursive algorithm for computing the winning regions
of the players, along with their memoryless winning strategies (see Section 6.4)
100 Ralf Küsters

Attrσ (G[Xσ ], N )
Z

Zσ Zσ

     
Xσ Xσ
Fig. 6.2. Construction of Xσ and Xσ

Both proofs are carried by induction on the maximum parity occurring in G.

The core of the two proofs is summarized in the following three lemmas. The
first lemma is the induction basis and the other two lemmas form the main part
of the induction hypothesis.

Lemma 6.7. If the maximum parity of G is 0, then V is partitioned into a 0-

and a 1-paradise.

Proof. Since the maximum priority of G is 0, Player 1 can only win G on dead
ends in V0 or vertices from which he can force the token to such a dead end.
That is, the 1-paradise is the set Attr1 (G, ∅) with attr1 (G, ∅) as a memoryless
winning strategy. Since V \ Attr1 (G, ∅) is a 1-trap and the maximum priority of
G is 0, it es easy to see that V \ Attr1 (G, ∅) is a 0-paradise.


We will now assume that the maximum parity n of G is at least 1. By induction

and Lemma 6.7, we may assume that Theorem 6.6 holds for every parity game
with maximum parity less than n. Let

σ ≡ n mod 2 (6.1)
be the player that wins if the token visits infinitely often the maximum priority
n. Let Xσ be a σ-paradise such that Xσ := V \ Xσ is a σ-trap. Finally, let

N = { v ∈ Xσ | χ(v) = n } and Z = Xσ \ Attrσ (G[Xσ ], N ). (6.2)

Note that since Xσ is a σ-trap, G[Xσ ] is a subgame of G. Moreover, as a comple-
ment of an attractor set, Z is a σ-trap in G[Xσ ], and thus, G[Xσ ][Z] is a subgame
of G[Xσ ]. By Lemma 6.2, G[Z] is a subgame of G. The priorities of G[Z] are ele-
ments of {0, . . . , n − 1}. Thus, by the induction hypothesis, Z is partitioned into
a 0-paradise, Z0 , and a 1-paradise, Z1 , say with memoryless winning strategies
z0 and z1 , respectively. The situation described so far is depicted in Figure 6.2.
The set Zσ is a σ-trap in G[Z] and Z is a σ-trap in G[Xσ ]. Thus, according
to Lemma 6.3, Zσ is a σ-trap in G[Xσ ]. Consequently, Xσ ∪ Zσ is a σ-trap in
 6 Memoryless Determinacy of Parity Games 101

G: Once in Xσ , σ cannot move the token outside this set; although from Zσ , σ
can move the token inside Xσ , σ cannot move it outside Zσ in G[Xσ ]. Moreover,
when playing according to xσ in Xσ and according to zσ in Zσ two cases can
occur:

(1) At some moment in a play the token hits the set Xσ . Then, from this moment
on, σ plays according to xσ and wins the play.
(2) The token stays forever in Zσ . Since in this set, σ plays according to zσ , σ
wins as well.

This shows:
Lemma 6.8. The union Xσ ∪ Zσ is a σ-paradise.
This lemma will later allow us to extend σ-paradises. Conversely, if Xσ cannot
be extended in this way, one can show that it is not possible to extend Xσ at all
and that Xσ is a σ-paradise:

Lemma 6.9. If Zσ = ∅, then Xσ is a σ-paradise.

Proof. If Zσ = ∅, σ wins everywhere on G[Z] with zσ .

To win on Xσ , Player σ plays as follows on Xσ : If the token visits a vertex
v ∈ N , then σ moves it to any successor vertex v
inside of his winning region
Xσ . Note that there is always at least one such successor vertex since Xσ is
a σ-trap. If the token visits Attrσ (G[Xσ ], N ) \ N , then σ attracts it in a finite
number of steps to N or a dead end in Vσ . If the token is in Z, then σ plays
according to the winning strategy zσ on Z.
Formally, the winning strategy xσ for σ on Xσ is defined as follows: for
v ∈ Xσ ∩ Vσ set

 zσ (v) if v ∈ Z,
xσ (v) = attrσ (G[Xσ ], N )(v) if v ∈ Attrσ (G[Xσ ], N ) \ N, (6.3)


v if v ∈ N and v
∈ vE ∩ Xσ
Let p be any play conform with xσ starting at some vertex in Xσ . Then, three
cases can occur. First, from some moment on, the token stays forever inside of Z
and in this case some suffix of p is conform with zσ and Player σ wins. Second,
the token is moved to a dead end in Vσ ∩ (Attrσ (G[Xσ ], N ) \ N ), in which case σ
wins as well. Third, the token visits infinitely often the maximal priority n (i.e,
the set N ) and σ wins by (6.1).


With these lemmas at hand, the non-constructive and the constructive proofs of
Theorem 6.6 are rather straightforward.
A non-constructive proof of Theorem 6.6. Let n be the maximum priority
occurring in G. If n=0, then Theorem 6.6 follows from Lemma 6.7.
Suppose that n ≥ 1 and let σ be defined as in (6.1). Let Wσ = {Wσq }q∈Q
be the family of all σ-paradises. Because of Lemma 6.5 we know that Wσ =

q
q∈Q Wσ is the greatest among these σ-paradises, say with memoryless winning
102 Ralf Küsters

strategy wσ . If we now show that the complement Wσ = V \ Wσ of Wσ is a

σ-paradise, we are done.
We use Lemma 6.8 and 6.9. To this end, we first show that Wσ is a σ-
trap. Lemma 6.5 yields that Attrσ (G, Wσ ) is a σ-paradise. But since Wσ is the
greatest such paradise, we know Attrσ (G, Wσ ) = Wσ . Hence, Wσ is a σ-trap, as
a complement of a σ-attractor set (Lemma 6.4).
With Xσ := Wσ , Xσ := Wσ we can apply Lemma 6.8 and obtain that
Wσ ∪ Zσ is a σ-paradise. However, since Wσ is the greatest σ-paradise it follows
Zσ = ∅. By Lemma 6.9, we conclude that Wσ is a σ-paradise, which concludes
the non-constructive proof of Theorem 6.6.


In the above proof, the winning region Wσ was defined in a non-constructive

manner. In the following proof it is shown how Wσ can be constructed by trans-
finite induction. The construction is mainly based on Lemma 6.8. The set Wσ
will be specified as before.
A constructive proof of Theorem 6.6. The base case, n = 0, again follows
from Lemma 6.7 and for the induction step we assume n ≥ 1 and define σ as in
(6.1).
We construct by transfinite induction an increasing sequences of σ-paradises
Wσξ . The corresponding memoryless winning strategies are denoted wσξ . For ν <
ξ, wσξ will be an extension of wσν .


Initially, Wσ0 = ∅. For a limit ordinal ξ we set Wσξ = ν<ξ Wσν . By Lemma 6.5,
Wσξ is a σ-paradise. Since, by induction hypothesis, for every ν < ν
< ξ the


strategy wσν is an extension of wσν , we can define wσξ to be the union of the
strategies wσν with ν < ξ. Now, similar to the proof of Lemma 6.5, (2) one can
show that wσξ is a winning strategy on Wσξ .
For a nonlimit ordinal ξ + 1, we define Wσξ+1 using Lemma 6.8. But first, we
set
X ξ = Attrσ (G, Wσξ )
to be the attractor set for σ on Wσξ . Lemma 6.5 ensures that X ξ is a σ-paradise.
Moreover, the memoryless winning strategy on X ξ , call it xξ , extends wσξ .
Since X ξ is a σ-attractor set, V \X ξ is a σ-trap and we can apply Lemma 6.8.
We define
Wσξ+1 := X ξ ∪ Zσξ .
The set Wσξ+1 is a σ-paradise and wσξ+1 , defined as in the proof of the Lemma 6.8,
is a winning strategy on Wσξ+1 , and it extends wσξ .
This completes the construction of the increasing sequence of σ-paradises
Wσξ . Let ζ be the closure ordinal of the union of the Wσξ ’s, i.e., the smallest
ordinal such that
Wσζ = Wσζ+1

Let Wσ := Wσζ . We claim that Wσ = V \ Wσ is a σ-paradise. Since Wσ is a

σ-paradise, this would complete the constructive proof of Theorem 6.6.
 6 Memoryless Determinacy of Parity Games 103

We know Wσζ ⊆ X ζ = Attrσ (G, Wσζ ) ⊆ Wσζ+1 = Wσζ , implying that Wσ =

Attrσ (G, Wσ ). Thus, Wσ is a σ-trap, as a complement of a σ-attractor.
With Xσ := Wσ , Xσ := Wσ we can apply Lemma 6.8 and obtain that Wσ ∪Zσ
is a σ-paradise. By construction of Wσ , it follows Wσ = Wσ ∪ Zσ . Since Zσ and
Wσ are disjoint, we obtain that Zσ = ∅. Finally, Lemma 6.9 implies that Wσ is
a σ-paradise.


Alternative proofs. We conclude this section with some remarks on yet an-
other proof of determinacy. The proof presented by Emerson and Jutla [55] is
a non-inductive proof. The idea is that given a game the set W of winning po-
sitions of a player is expressed by a µ-calculus formula ϕ. Now it is possible to
deduce that the complement of W is indeed the set of winning positions for the
opponent from the fact that the negation of ϕ has the same form as ϕ after
exchanging the roles of both players. This shows that from every vertex one of
the players has a winning strategy, and thus, the game is determined. Note that
the µ-calculus formula and its negation, describing the winning positions of a
player and its adversary, respectively, allow to calculate the winning sets of both
players independently. In the non-constructive and constructive proofs presented
above, we first constructed Wσ , and depending on this set defined Wσ .
Finally, using a ranking argument, Emerson and Jutla proved (in a non-
constructive manner) the existence of memoryless winning strategies.

6.4 First Complexity and Algorithmic Results

In this section, we look at simple complexity-theoretic and algorithmic conse-
quences of Theorem 6.6 for deciding the winner of finite parity games, i.e.,
parity games on finite graphs. These results are presented here to give a feel-
ing for the complexity and algorithmic issues. They are, however, not optimal
compared to what is known from the literature. In fact, Jurdziński [92, 93] has
proved better results, which are discussed in detail in Chapter 7.

6.4.1 A Simple Complexity Result

Let Wins = { (G, v) | G is a finite parity game and v is a winning position of
Player 0 } be the problem of deciding whether, given an initialized finite parity
game, Player 0 wins.
As an easy consequence of Theorem 6.6, we obtain the following.
Corollary 6.10. Wins ∈ NP ∩ co-NP.

Proof. We first show that Wins ∈ NP. The following is a non-deterministic

polynomial-time algorithm for deciding Wins: (i) Given G and v, guess a mem-
oryless strategy w; (ii) check whether w is a memoryless winning strategy. We
need to show that the second step can be carried out in polynomial time.
The strategy w can be represented by a subgraph Gw of G. This subgraph
coincides with G except that all edges (v
, v

) where v
is a 0-vertex and v

=
104 Ralf Küsters

w(v
) are eliminated, i.e., for a 0-vertex we only keep the outgoing edge referred
to by w.
Given Gw , we need to check whether there exists a vertex v
reachable from
v in Gw such that a) χ(v
) is odd and b) v
lies on a cycle in Gw containing only
vertices of priority less or equal χ(v
). If, and only if, such a vertex v
does not
exist, w is a winning strategy for Player 0. Checking this can be carried out in
polynomial time. (We leave the proof as an exercise.) Thus, Wins ∈ NP.
We now show Wins ∈ co-NP. By Theorem 6.6, deciding (G, v) ∈ Wins means
deciding whether v is a winning position for Player 1. This can be achieved by
the above algorithm if we require χ(v
) to be even. (Alternatively, one can apply
the above NP-algorithm to the dual game, i.e., the one where 0-vertices and
1-vertices are switched and the priorities are increased by 1). Consequently,
Wins ∈ co-NP.

Exercise 6.1. Complete the proof of Corollary 6.10.
The result just proved also follows from the work by Emerson, Jutla, and Sistla
[56], who showed that the modal µ-calculus model checking problem is in NP ∩
co-NP. This problem is equivalent via linear time reduction to Wins. Jurdziński
[92] has proved the even stronger result that Wins ∈ UP ∩ co-UP, where UP
is the class of languages recognizable by unambiguous polynomial-time non-
deterministic Turing machines, i.e., those with at most one accepting computa-
tion of length polynomially bounded in the size of the input; as usual, co-UP
denotes the problems whose complement is in UP.

6.4.2 Computing Winning Regions

We now present a deterministic algorithm, called winning-regions, for computing
the winning regions (and corresponding winning strategies) of the two players
of a finite parity game. This algorithm is derived in a straightforward manner
from the constructive proof of Theorem 6.6, and therefore, its correctness follows
immediately.
The algorithm is depicted in Figure 6.3. It uses the function win-opponent
(cf. Figure 6.4) as a subroutine. Given a finite parity game, winning-regions re-
turns the tuple ((W0 , w0 ), (W1 , w1 )) where Wσ , σ ∈ {0, 1}, is the winning region
for Player σ and wσ is the corresponding memoryless winning strategy.
Following the constructive proof of Theorem 6.6, winning-regions first deter-
mines the highest priority n occurring in the game. If this priority is 0, paradises
as specified in the base case of the constructive proof are returned. Otherwise, for
σ ≡ n mod 2, Wσ along with the strategy wσ is computed using the subroutine
win-opponent (explained below). Finally, Wσ and wσ are determined according
to (6.3).
The procedure win-opponent exactly mimics the inductive definition of Wσ .
First, W is set to the empty set (corresponding to Wσ0 = ∅) and w is the empty
strategy, i.e., the strategy with empty domain. The loop body of win-opponent
follows the definition of Wσξ+1 ; since here we deal with finite parity games, nat-
ural induction suffices to construct Wσ .
 6 Memoryless Determinacy of Parity Games 105

winning-regions(G)
n := max{ χ(v) | v ∈ V }
If n = 0 then return ((V \ Attr1 (G, ∅), w0 ), (Attr1 (G, ∅), attr1 (G, ∅)))
// w0 is some memoryless strategy for Player 0

// otherwise
σ := n mod 2

// compute Wσ , wσ
(Wσ , wσ ) :=win-opponent(G, σ, n)

// compute Wσ , wσ
Wσ := V \ Wσ
N := { v ∈ Wσ | n ∈ χ(v) } // see (6.2)
Z := Wσ \ Attrσ (G[Wσ ], N ) // see (6.2)
((Z0 , z0 ), (Z1 , z1 )) :=winning-regions(G[Z])

∀v ∈ Wσ ∩ Vσ : // see (6.3)
8
< zσ (v) if v ∈ Z,
if v ∈ Attrσ (G[Wσ ], N ) \ N,
: v

wσ (v) = attrσ (G[Wσ ], N )(v)
if v ∈ N and v
∈ vE ∩ Wσ

return ((W0 , w0 ), (W1 , w1 ))

Fig. 6.3. A deterministic algorithm computing the winning regions of a parity game

To analyze the runtime of winning-regions, let l be the number of vertices,

m the number of edges, and n the maximum priority in G. Note that, w.l.o.g.,
we may assume n ≤ l. We also assume that every vertex has at least one in- or
outgoing edge. Thus, l ≤ 2m.
It is easy to see that all assignments, except for those involving recursive
function calls, in winning-regions and win-opponent can be carried out in time c·m
where c is some fixed (and big enough) constant: Recall from Exercise 2.6 that
attractor sets can be computed in time O(l + m). If we now denote by T (l, m, n)
the worst-case runtime of winning-regions on all inputs G, with G having the
parameters l, m, and n as specified before, and similarly, by S(l, m, n) the worst-
case runtime of win-opponent, we obtain the following inequalities:
T (l, m, 0) ≤ c · m
T (l, m, n + 1) ≤ c · m + S(l, m, n + 1)
S(l, m, n + 1) ≤ c · m + (l + 1) · T (l, m, n)
Note that win-opponent is only invoked in case n ≥ 1, thus we do not need
to consider S(l, m, 0). More importantly, the recursive call winning-regions(G[Z])
in winning-regions is not necessary, since the result of this call coincides with
the result of winning-regions(G[Z]) in the last iteration step of win-opponent.
Consequently, in the inequality for T (l, m, n + 1) we can omit the runtime for
this call. Solving the above inequality system yields that T (l, m, n) ∈ O(m · l n ).
This proves the following corollary.
106 Ralf Küsters

win-opponent(G, σ, n)

(W, w) := (∅, ∅) // corresponds to Wσ0 := ∅

Repeat
(W
, w
) := (W, w)
X := Attrσ (G, W )
∀v ∈ X ∩ Vσ :

w(v) if v ∈ W,
x(v) =
attrσ (G, W )(v) if v ∈ X \ W.

Y := V \ X;
N := { v ∈ Y | n = χ(v) } // see (6.2)
Z := Y \ Attrσ (G[Y ], N ) // see (6.2)
((Z0 , z0 ), (Z1 , z1 )) =winning-regions(G[Z])
W := X ∪ Zσ
∀v ∈ W :

x(v) if v ∈ X,
w(v) =
zσ (v) if v ∈ Zσ .

Until W
= W

return (W, w)

Fig. 6.4. A subroutine for winning-regions computing Wσ and wσ

Corollary 6.11. Computing the winning regions of finite parity games and the
corresponding memoryless winning strategies can be carried out in time O(m·ln ).
The best known deterministic algorithm for computing winning regions is due
to Jurdzińzski [93] and is discussed in Chapter 7 (see Theorem 7.25). Unlike the
algorithm presented here, Jurdzińzski’s algorithm only needs polynomial space.
The following chapter also includes other up-to-date approaches to the problem
of deciding the winner of a parity game.
7 Algorithms for Parity Games

Hartmut Klauck

School of Mathematics
Institute for Advanced Study, Princeton

7.1 Introduction
It is the aim of this chapter to review some of the algorithmic approaches to the
problem of computing winning strategies (resp. of deciding if a player has a win-
ning strategy from a given vertex) in parity games with finite arenas and other
two-player games. Parity games are equivalent via linear time reductions to the
problem of modal µ-calculus model checking (see Chapters 10 and 9), and this
model checking problem plays a major role in computer-aided verification. Fur-
thermore we will see that the problem is not too hard in a complexity-theoretic
sense, while no efficient algorithm for it is known so far. Also parity games are
the simplest of a whole chain of two-player games for which no efficient solu-
tions are known, further underlining the importance of looking for an efficient
algorithm solving this particular problem.
We will explain why the problem of solving parity games lies in UP ∩ co-UP,
explore its relations to some other games, and describe the theoretically most
efficient algorithm for the problem known so far. Furthermore we describe work
on more practically oriented algorithms following the paradigm of strategy im-
provement, for which a theoretical analysis stays elusive so far.
Recall that in a parity game we are given a (finite) graph with vertices labeled
by natural numbers. The vertex set is partitioned into vertices in which Player 0
moves and vertices in which Player 1 moves. In an initialized game we are also
given a starting vertex. In a play of the game a token is placed on the starting
vertex and is then moved over the graph by Player 0 and Player 1, each making
their move if the token is on one of their vertices. For simplicity we assume
that the graph is bipartite, so that each move from a Player 1 vertex leads to a
Player 0 vertex and vice versa. Each player follows some strategy. If the highest
priority of a vertex occurring infinitely often in the play is odd, then Player 1
wins, otherwise Player 0 wins. See Chapter 2 for more details.

Exercise 7.1. Show that one can convert any parity game on a nonbipartite game
arena into an equivalent parity game on a bipartite arena in linear time.

It is an important (and deep) result that the players may restrict themselves
to memoryless strategies (i.e., define their strategy by picking once and for all a
neighbor for each of their vertices thus not considering the path on which they
arrive there), see Theorem 6.6 in the previous chapter. This also implies that
for each vertex one of the players has a winning strategy, so there are no draws!


Supported by NSF Grant CCR 9987854.

E. Grädel et al. (Eds.): Automata, Logics, and Infinite Games, LNCS 2500, pp. 107-129, 2002.
 Springer-Verlag Berlin Heidelberg 2002
108 Hartmut Klauck

If the players use memoryless strategies, a play of the game leads after a finite
number of steps to a cycle in the underlying graph.
Rabin [148] first showed a complementation lemma for parity automata work-
ing on infinite trees (while providing a decidability result for a certain logic)
implicitly also proving the determinacy result for parity games. The applica-
tion of games to the complementation problem is due to Büchi [21]. Gurevich
and Harrington [77] gave an abbreviated proof of Rabin’s result, and Emerson
and Jutla [55] another simplified proof by showing equivalence to the modal
µ-calculus model checking problem (in which complementation is trivial). Their
result also implies that in fact a player who has a strategy so that he wins in an
initialized game also has a memoryless winning strategy. See also [126, 203] for
further work on these problems.
The first question arising is, of course, whether one can decide the winner
in a parity game efficiently, i.e., whether one can find the player who wins if
the play starts at a given vertex, given that this player plays optimally. We
are also interested in finding winning strategies. The aforementioned result that
the players can restrict themselves to memoryless strategies immediately implies
that the following trivial approach is successful (using exponential time): for a
given vertex go through all strategies of Player 1. For each such strategy go
through all strategies of Player 0 and check who wins. If there is a strategy of
Player 1 that wins against all strategies of Player 0 declare Player 1 the winner,
otherwise Player 0 wins. It is the main purpose of this chapter to review some
more efficient algorithms solving this problem.
Why are we interested in this problem? There are at least two reasons. One
is that the problem is deeply related to several important topics. First of all
the problem is equivalent to the problem of modal µ-calculus model checking
[55, 56], which in turn is of large importance for computer-aided verification.
So better algorithms for the problem lead to better model checkers, making
more expressive types of logical statements about finite systems checkable by
efficient algorithms. The modal µ-calculus was defined first by Kozen in [100],
see Chapter 10. Parity games are also at the heart of an interconnection between
languages defined by automata operating on infinite trees and monadic second
order logic [183], see Chapter 12.
Another important reason to study the problem is its current complexity-
theoretic classification. It is known [92] to lie in UP ∩ co-UP (and thus “not too
far above P”, see [142]), but not known to be in P so far, and it is one of the
few natural problems so. Trying to find a polynomial algorithm for the problem
is a natural pursuit.
In this chapter we describe the best algorithm for the problem known so
far (from [93]), show that the problem is in UP ∩ co-UP (following [92]), and
discuss other promising approaches to get better algorithms for the problem,
mainly the strategy improvement approach first defined in [85], and employed
in a completely combinatorial algorithm given in [191].
Further we discuss the connection of the game to other games of infinite du-
ration played on graphs, and see that it is the least difficult to solve of a series of
such games all lying in NP∩co-NP. So it is the most natural candidate to attack!
 7 Algorithms for Parity Games 109

This chapter is structured as follows: in the next section we introduce several

games on graphs considered in the chapter and explore some of their properties.
In Section 7.3 we deduce a first simple algorithm for the problem based on [204],
which is already quite good in both time and space complexity. In Section 7.4
we show why the problem is in UP ∩ co-UP. In Section 7.5 we describe the
efficient algorithm due to Jurdziński [93], which yields approximately a quadrat-
ically improved runtime compared to the simple algorithm (while maintaining
the space complexity). Section 7.6 discusses promising and more practical ap-
proaches based on strategy improvement. Section 7.7 collects a few conclusions.
Note that throughout the chapter logarithms are always base two, and that
space complexity is measured in the logarithmic cost measure (since we will be
dealing with problems involving weights). Regarding time complexity we will
stick to the measure in which elementary arithmetic operations cost unit time,
however. Also note that we will consider max-parity games throughout the chap-
ter, except in Section 7.5, where we will consider min-parity games to save some
notation.

7.2 Some More Infinite Games

To describe our algorithms for the solution of parity games and the containment
of this problem in UP ∩ co-UP, we will take a detour via some other two-player
games, which will be introduced now. Note that most of these games are no
games of chance, so no randomness is used in playing these games, just like
e.g. in the game of chess. Picking a good strategy in such a game may only be
hard because it takes a lot of time to do so! Also all these are games of full
information, in which all relevant data are accessible to both players as opposed
to e.g. most card games.
For definitions of infinite games, strategies, winning regions and related no-
tions we refer to Chapter 2.
The first kind of games we consider are parity games as defined in Chapter 2.
Recall the memoryless determinacy theorem for parity games, Theorem 6.6 in
Chapter 6.
Another natural kind of games are mean payoff games [49].
Definition 7.1. A mean payoff game is a quadruple (A, ν, d, w), where A
is an arena without dead ends, ν and d are natural numbers, and w : E →
{−d, . . . , d} assigns an integer weight to each edge.
Player 0 wins a play v0 v1 · · · , if

1

t
lim inf w(vi−1 , vi ) ≥ ν.
t→∞ t i=1

We also refer to the above limit as the value that Player 0 wins from Player 1
after the play.
Exercise 7.2. Extend the above definition so that dead ends are allowed. Do this
in a way so that both games are equivalent.
110 Hartmut Klauck

[147] and [92] describe polynomial time reductions from parity games to mean
payoff games. We will show how to perform such a reduction in the next section.
So parity games are not harder to solve than mean payoff games. Again it is
known that memoryless strategies suffice for the players of mean payoff games.
Surprisingly the proof is much easier than in the case of parity games.
Theorem 7.2 ([49]). Let (A, ν, d, w) be a mean payoff game. Then Player 0 has
a winning strategy from a set of vertices iff Player 0 has a memoryless winning
strategy from that set.
More precisely, for each vertex v0 there is a number ν(v0 ), called the value
of v0 , such that
(a) Player 0 has a memoryless strategy so that for every play v0 v1 · · · in which
he follows this strategy

1

t
lim inf w(vi−1 , vi ) ≥ ν(v0 ).
t→∞ t i=1

(b) Player 1 has a memoryless strategy so that for every v0 v1 · · · in which she
follows this strategy

1

t
lim sup w(vi−1 , vi ) ≤ ν(v0 ).
t→∞ t i=1

The above theorem allows us to speak of an optimal strategy, which means

a strategy that ensures for all plays (starting at some vertex v) that the corre-
sponding player wins at least the value ν(v).
To obtain the above result Ehrenfeucht and Mycielski also introduce a finite
variant of mean payoff games in which the play stops as soon as a loop is closed
and then the payoff of that loop is analyzed. Both games turn out to be basically
equivalent [49].
In the next section we will show how to solve mean payoff games in pseu-
dopolynomial time, i.e., in time polynomial in the size of the graph and the unary
encoded weights. Together with the reduction from parity games this yields an
algorithm for parity games which is already quite good.
The next games we consider are discounted payoff games [204]. Here the
importance of the weights decreases by a constant factor each time step in a
play. So intuitively only a finite beginning of the play is important. Basically
this can be viewed as yet another kind of averaging. The game will be important
for technical reasons.
Definition 7.3. A discounted payoff game is a tuple (A, ν, d, w, λ) where
A is an arena without dead ends, ν and d are natural numbers, w : E →
{−d, . . . , d} assigns an integer weight to each edge, and 0 < λ < 1 is the discount.
Player 0 wins a play v0 v1 · · · , if
∞


(1 − λ) λi w(vi , vi+1 ) ≥ ν.
i=0
 7 Algorithms for Parity Games 111

We also refer to the above left hand side as the value that Player 0 wins from
Player 1 after the play.

The correction term (1 − λ) arises to make sure that the value of a game
using only edges of weight a is also a.
Zwick and Paterson prove that for each vertex in a discounted payoff game
one of the players has a memoryless winning strategy. We will see the reason
for this in Section 7.4. Furthermore we will see in that section that mean payoff
games can be reduced in polynomial time to discounted payoff games. Note
however that the proofs for the facts that memoryless winning strategies exist
become simpler with each game defined so far (and that such a result for a more
difficult game does not immediately imply the corresponding result for the easier
game).
The most general games we mention are the simple stochastic games
defined by Condon [40]. In these finite games the vertex set is partitioned into
three sets of vertices: vertices in which Player 0 moves, in which Player 1 moves,
and random vertices, in which a random successor is chosen, plus two vertices
in which 1 is paid by Player 0 to Player 1 resp. 0 is paid by Player 0 to Player 1
(and the game ends). The expected amount paid to Player 1 is the result of
the game. Zwick and Paterson [204] show that discounted payoff games can
be reduced to simple stochastic games. So these are the most difficult to solve
of the games considered here. Moreover they are the only games of chance we
consider! Still it is possible to decide in NP∩co-NP whether the payoff of Player 1
exceeds a certain threshold. The reduction from parity games to simple stochastic
games that results increases the game arena only by a constant factor. Using an
algorithm by Ludwig [117], which solves simple stochastic games with fan-out 2,
and the reductions we get the following corollary.

Corollary 7.4. There is a randomized algorithm which computes √ the winning

regions of a given parity game with m edges in expected time 2O( m) .

This is the best algorithm we√know if the number of different priorities as-
signed to vertices is larger than m. The algorithm is notably subexponential,
if the graph is sparse. The time bound is understood as the expected value of
the running time (over coin tosses of the algorithm) in the worst case (over all
inputs).

7.3 A Simple Algorithm

In this section we want to describe a relatively simple algorithm for solving parity
games, or rather mean payoff games. The approach can also be adapted to solve
discounted payoff games.
Let us consider a parity game (A, Ω) where Ω assigns d different priorities to
the vertices. Our whole objective is to decrease the dependence of the runtime on
d, see Section 6.4 for the first algorithm in this direction presented here. Actually,
for very large d our algorithms will not be better than the trivial exponential
112 Hartmut Klauck

time algorithm testing all strategies. Why do we consider this parameter as

important? In applications to model checking this parameter gives us the depth
of nested fixed points used in expressions we want to check. The weaker the
dependence on d is, the more complicated formulae can be checked, e.g. for
all constant d our algorithm is polynomial time, which is not so for the trivial
algorithm. To see the effect of this compare with Theorem 10.19. Another concern
will be space complexity, which we prefer small as well.
In a first step we give the reduction to mean payoff games as in [92]. After-
wards we describe the algorithm of Zwick and Paterson [204] for these games
and analyze its performance for the original parity games. The algorithm will
be finding fixed points of a certain natural function, a property which also holds
(for a less obvious function) for the more complicated algorithm in section 7.5.

Lemma 7.5. A parity game on n vertices using d different priorities can be

reduced in polynomial time to a mean payoff game on n vertices using weights
from the set {−nd−1, . . . , nd−1 }, and using the same game arena.
Moreover winning strategies of the parity game are winning strategies of the
mean payoff game and vice versa.

Proof. Suppose our parity game is (A, Ω). W.l.o.g. the priorities are {0, . . . , d −
1}. The mean payoff game uses the same arena. An edge originating at a vertex v
with priority i = Ω(v) receives the weight w(v, u) = (−1)i ni . Let ν = 0. Clearly
all weights lie in the range {−nd−1, . . . , nd−1 }. This defines our mean payoff
game (A, 0, nd , w).
We claim that the value of the mean payoff game exceeds 0 for a pair of
memoryless strategies iff the same strategies lead to a play of the game in which
the highest priority vertex occurring infinitely often has an even priority.
W.l.o.g. we may assume that the players use memoryless strategies when
playing the mean payoff game, see Theorem 7.2. Then a play corresponds to a
path ending in a cycle. In the limit defining the value of the play the weights
on the initial segment before the cycle contribute zero. So the value of the game
is positive iff the sum of the weights on the cycle is positive. The weights are
from the set {−nd−1, nd−2 , −nd−3 , . . . , −n, 1}, assuming for concreteness that
d is even. Assume the weight wmax with the largest absolute value appearing
on the cycle is positive. Then the sum of the weights on the cycle is at least
wmax − (n − 1)wmax /n > 0, since there are at most n − 1 edges with weights not
equal to wmax in the cycle. The maximal weight is on an edge originating from
the vertex of highest priority, which must be even. Symmetrically if the weight
of largest absolute value is negative, the highest priority vertex must be odd.
So the mean payoff game and the parity game behave in the same way for
each pair of memoryless strategies, thus they are equivalent, and have the same
winning regions, and the same strategies lead to a win. 


Now we show how to solve mean payoff games efficiently if the weights are
small.
 7 Algorithms for Parity Games 113

Theorem 7.6. Given a mean payoff game (A, ν, d, w) where the arena has n
vertices and m edges, the winning region for Player 0 can be computed in time
O(n3 md) and space O(n · (log d + log n)).

Proof. It is our goal to find the values of the vertices efficiently. This immediately
gives us the winning region. Let νk (v) denote the following value: the players play
the game for k steps starting from vertex v (so they construct a path of length
k), then νk (v) denotes the sum of the edge weights traversed if both players play
optimally.
We want to compute the values ν(v) as the limit over k of the νk (v). First
let us characterize the latter value.
For every v ∈ V :

max(v,u)∈E {w(v, u) + νk−1 (u)} if v ∈ V0 ,
νk (v) = (7.1)
min(v,u)∈E {w(v, u) + νk−1 (u)} if v ∈ V1 .

Clearly ν0 (v) = 0 for all v ∈ V . Using this recursion we can easily compute
νk (v) for all v ∈ V in time O(km). Recall that we allow arithmetic operations
in unit time. Now we investigate how quickly νk (v)/k approaches ν(v).

Lemma 7.7. For all v ∈ V :

νk (v)/k − 2nd/k ≤ ν(v) ≤ νk (v)/k + 2nd/k.

First let us conclude the theorem from the above lemma. We compute all the
values νk (v) for k = 4n3 d. This takes time O(n3 md). All we have to store are
the νi (v) for the current i and i − 1. These are numbers of O(log(kd)) bits each,
so we need space O(n(log d + log n)).
Now we estimate ν(v) by ν  (v) = νk (v)/k. Clearly
1 2nd 2nd 1
ν  (v) − < ν  (v) − ≤ ν(v) ≤ ν  (v) + < ν  (v) + .
2n(n − 1) k k 2n(n − 1)

Now ν(v) can be expressed as the sum of weights on a cycle divided by the
length of the cycle due to Theorem 7.2, and is thus a rational with denominator
1
at most n. The minimal distance between two such rationals is at least n(n−1) ,
so there is exactly one rational number of this type in our interval. It is also easy
to find this number. We can go through all denominators l from 1 to n, estimate
ν(v) as ν  (v) · l/l and ν  (v) · l/l, if one of these numbers is in the interval,
we have found the solution. This takes about O(n) steps.
Knowing the vector of values of the game it is easy to compute winning
strategies by fixing memoryless strategies that satisfy equation 7.1.
Proof of Lemma 7.7. It is proved in [49] that the values of vertices in a mean
payoff game and in its following finite variant are equal: the game is played as
the infinite mean payoff game, but when the play forms a cycle the play ends
and the mean value of the edges on that cycle is paid to Player 0. Also the
optimal such value can be obtained using the same memoryless strategies as in
the infinite case.
114 Hartmut Klauck

Let f0 be a memoryless strategy of Player 0 that achieves the maximal values

for all vertices (against optimal strategies of Player 1) in the finite version of
the game. Let Player 1 play according to some (not necessarily memoryless)
strategy. We show that the value of a k step play starting in v is at least (k −
(n − 1)) · ν(v) − (n − 1)d. Consider any play of length k. The edges of the play
are placed consecutively on a stack. Whenever a cycle is formed, the cycle is
removed from the stack. Since the edges lying on the stack directly before the
removal of the cycle correspond to a play which has just formed its first cycle, the
mean value of the edges on the cycle is at least ν(v), because of the optimality
of f0 against all strategies of Player 1 in the finite version of the game. This
process continues, until the play is over and the stack contains no more cycles.
In this case there are at most n − 1 edges on the stack. The weight of each
such edge is at least −d. Thus the value of the k step play is always at least
(k − (n − 1)) · ν(v) − (n − 1)d > k · ν(v) − 2nd. So we know there is a memoryless
strategy for Player 0, so that he wins at least k · ν(v) − 2nd in the k step play,
no matter what Player 1 does. The other inequality is proved similarly. 


Note that the above proof uses the memoryless determinacy theorem for
mean payoff games [49].

Exercise 7.3. (1) Prove that mean payoff games and their finite variants are
equal in the above sense. Hint: Use the above idea with the stack.
(2) Use 1. to show that mean payoff games enjoy memoryless determinacy.

Corollary 7.8. Given a parity game (A, Ω) where d different priorities are as-
signed to vertices, the winning region and strategy of Player 0 can be computed
in time O(nd+2 m) and space O(d · n log n).

So there is a rather efficient solution to the problem if d is small. In section

5 we will see how to further reduce the dependence on d.

7.4 The Problem Is in UP ∩ co-UP

In this section we consider the problem from a complexity-theoretic point of

view. First observe that the problem of deciding whether a given vertex belongs
to the winning region of Player 0 in a given parity game is in NP: simply guess a
memoryless strategy for Player 0. Then remove all edges which are not consistent
with the strategy. Then one has to determine whether Player 1 can win if Player 0
uses his strategy, which comes down to testing whether there is no path from
the designated vertex to a cycle whose highest priority is odd. This is decidable
in deterministic polynomial time.

Exercise 7.4. Show that the following problem can be decided in polynomial
time: input is a game arena in which Player 0’s strategy is fixed (all vertices of
Player 0 have outdegree 1) plus a vertex in the arena. Is there a path from the
vertex to a cycle in which the highest priority is odd?
 7 Algorithms for Parity Games 115

Furthermore since each vertex is either in Player 0’s or in Player 1’s winning
region, the same argument gives an NP algorithm for deciding Player 1’s winning
region, which is a co-NP algorithm for deciding Player 0’s winning region. Thus
parity games are solvable in NP∩co-NP. This strongly indicates that the problem
is not NP-complete, since otherwise NP would be closed under complement and
the polynomial hierarchy would collapse (see e.g. [142]).
Now we review a result by Jurdziński [92] saying that the complexity of
the problem is potentially even lower. First we define (for completeness) the
complexity class UP (see [142]).

Definition 7.9. A problem is in the class UP, if there is a polynomial time non-
deterministic Turing machine, such that for each input that is accepted exactly
one computation accepts.

The class UP is believed to be a rather weak subclass of NP.

Our plan to put parity games into UP is as follows: we again use the reduction
to mean payoff games. Then we show how to reduce these to discounted payoff
games. There is an algorithm due to Zwick and Paterson for solving these games
in a very similar fashion to the one described in the previous section. This gives
us a set of equations whose unique solution is the vector of values of the game.
Furthermore using simple facts from linear algebra we prove that these solutions
can be specified with very few bits. Thus we get our unique and short witnesses.
Again the argument for co-UP is symmetric.
First we state the following observation from [204], which says that a mean
payoff game yields always a discounted payoff game of almost the same value, if
the discount factor is chosen large enough. The proof is similar to the proof of
Lemma 7.7.

Lemma 7.10. Let (A, ν, d, w) be a mean payoff game with an arena on n ver-
tices, played beginning in vertex v. Then rounding the value of the discounted
payoff game (A, ν, d, w, λ) with λ ≥ 1 − 1/(4n3 /d) to the nearest rational with
denominator smaller than n yields the value of the mean payoff game.

The following characterization of the values of vertices in a discounted payoff

game will be useful [204].

Lemma 7.11. The value vector ν̄ = (ν(v1 ), . . . , ν(vn )) containing the values of
vertices in a discounted payoff game equals the unique solution of the following
system of n equations

max(v,u)∈E {(1 − λ) · w(v, u) + λxu } if v ∈ V0 ,
xv = (7.2)
min(v,u)∈E {(1 − λ) · w(v, u) + λxu } if v ∈ V1 .

Proof. Let F be a function that maps a vector x̄ to the vector ȳ such that

max(v,u)∈E {(1 − λ) · w(v, u) + λxu } if v ∈ V0 ,
yv =
min(v,u)∈E {(1 − λ) · w(v, u) + λxu } if v ∈ V1 .
116 Hartmut Klauck

Then we are interested in vectors x̄ with x̄ = F (x̄), the fixed points of F . Let
||ȳ||∞ denote the maximum norm, then
∀ȳ, z̄ : ||F (ȳ) − F (z̄)||∞ ≤ λ||ȳ − z̄||∞ .
Since 0 < λ < 1 we have that F is a contracting function (with respect to the
maximum norm). Thus the limit x̄ = limn→∞ F n (0) exists and is the unique
solution to x̄ = F (x̄).
Now Player 0 can use the following strategy, provided he knows the vector
x̄ = F (x̄): at vertex v choose the neighboring vertex u that maximizes (1 −
λ)w(v, u) + λxu . Then Player 0 wins at least xv in a play starting at v. On the
other hand Player 1 may fix a strategy analogously so that her loss is also at
most xv . Thus the solution of F (x̄) = x̄ is the vector of values of the game. 

Obviously this lemma leads to a UP algorithm for the solution of discounted
payoff games, if the vector of values can be described by short numbers. Then we
can just guess these numbers and verify that the equations are satisfied. What is
a short number? The number must be representable using a polynomial number
of bits in the size of the game. The size of the game is the length of a description
of the game, including edge weights and λ.
But first let us note that the strategies obtained from the system of equations
are indeed memoryless. The proof of Lemma 7.11 does not presuppose such a
memoryless determinacy result.
Corollary 7.12. Let (A, ν, d, w, λ) be a discounted payoff game. Then Player 0
[Player 1] has a winning strategy from a set of vertices iff Player 0 [Player 1]
has a memoryless winning strategy from that set.
Lemma 7.13. The solution of the equations 7.2 can be written with polynomi-
ally many bits.
Proof. Let N be the size of the binary representation of the discounted payoff
game. Let ν̄ be the unique solution of the equations. Then this vector can be
written
ν̄ = (1 − λ) · w̄ + λ · Q · ν̄,
where w̄ is a suitable vector containing weights w(v, u), and Q is a 0,1-matrix
containing only a single one per row. Note that in order to write down this
system of equations one has to know the winning strategy.
Assume that λ = a/b is a rational included in the game representation, with
integers a, b satisfying log a, log b < N . Let A = b ·I − a·Q for the identity matrix
I, then A is an integer matrix with at most two nonzero integer entries per row.
The above equation can then be rewritten
A · ν̄ = (b − a) · w̄.
Due to Cramer’s rule the solution of this system can be written as the vector
containing det Av / det A on position v where Av is obtained from A by replacing
column v with (a − b) · w̄.
 7 Algorithms for Parity Games 117

The entries of A and Av are bounded in absolute value by 2N . This implies

that the determinants of the matrices A, Av are at most 2O(N ·|V |) . But then the
solution of the system of equation can be written by using a polynomial number
of bits in the length N . 


So we get the following.

Corollary 7.14. Deciding whether a vertex is in the winning region of Player 0

is possible in UP ∩ co-UP for parity games, mean payoff games, and discounted
payoff games.

Exercise 7.5. Formally describe how a nondeterministic Turing machine can

solve the decision problem associated to parity games unambiguously in polyno-
mial time.

Exercise 7.6. Devise an algorithm for discounted payoff games similar to the
algorithm described in Theorem 7.6.

7.5 A Better Algorithm

Now we describe the best algorithm for the solution of parity games known so
far, again due to Jurdziński [93]. The time complexity of the algorithm is O(d ·
n d/2

m · d/2
) for min-parity games with n vertices, m edges, and d ≥ 2 different
priorities. An algorithm with comparable time complexity has been given by
Seidl in [161]. But as opposed to previous algorithms Jurdziński’s algorithm uses
only space polynomially depending on d, namely O(dn log n), when achieving this
time bound (note that we use the logarithmic measure for space complexity).
The algorithm is fairly simple to describe and analyze after several technical
concepts have been explained.
First note that we will apply comparisons in the following to tuples of natural
numbers, referring to their lexicographical ordering. Furthermore we will use
symbols like <i , referring to the lexicographical ordering when restricted to the
first i components of a tuple (ignoring the other components). So e.g. (2, 4, 3) <
(2, 4, 5), but (2, 4, 3) =2 (2, 4, 5). Denote [i] = {0, . . . , i − 1}.
For a technical reason in this section Player 0 wins, if the lowest priority
occurring infinitely often is even, i.e., we are considering min-parity games. The
max-parity game can obviously be reduced to this variant and vice versa. Also
we exclude dead ends from the game graph, see Exercise 2.8.

Exercise 7.7. How can we reduce min-parity to max-parity games?

Fix a memoryless strategy of one player. This can be regarded as throwing

out all edges which are not consistent with this strategy. The remaining game
graph will be called a solitaire game, since the game is now played by one
player only. Obviously it suffices for this player to find a path leading to a cycle
in which the lowest vertex priority makes him win the game! So call a cycle
even, if the lowest priority of a vertex in the cycle is even, and otherwise odd.
118 Hartmut Klauck

Furthermore call a memoryless strategy f0 of Player 0 closed on a set of

vertices W , if every play starting in W and consistent with f0 stays in W , i.e.,
if for all v ∈ W ∩ V0 : f0 (v) ∈ W and for all v ∈ W ∩ V1 and all u ∈ vE : u ∈ W .
Now we see a simple condition that makes a player win:

Lemma 7.15. Let f0 be a memoryless strategy of Player 0 which is closed on a

set W . Then f0 is a winning strategy from all vertices in W iff all simple cycles
in the restriction of the solitaire game of f0 to the vertices in W are even.

Proof. From each vertex either Player 1 or Player 0 has a winning strategy. If
Player 1 has a winning strategy, then this can be assumed to be memoryless. So
assume Player 0 plays according to f0 and consider the resulting solitaire game.
Then Player 1 can win from a vertex v iff she can fix an edge for each vertex so
that the resulting path from v ends in a simple cycle which is odd. If no such
cycle exists, Player 1 cannot win (and Player 0 wins). If such a cycle exists, then
Player 1 wins iff she can find a path to that cycle. This happens at least for all
vertices on that cycle, so there are vertices where f0 is not winning. 


The key notion in the algorithm will be a parity progress measure. These are
labelings of the vertices of graphs with tuples of natural numbers having certain
properties. First we consider such labelings for solitaire games.

Definition 7.16. Let (A, Ω) be a solitaire game with vertex priorities Ω(v) ≤ d.
A function ρ : V0 ∪ V1 → INd+1 is a parity progress measure for the solitaire
game, if for all edges (v, w):

(a) ρ(v) ≥Ω(v) ρ(w) if Ω(v) is even.

(b) ρ(v) >Ω(v) ρ(w) if Ω(v) is odd.

The intuition behind the above definition is best explained through the fol-
lowing lemma.

Lemma 7.17. If there is a parity progress measure for a solitaire game G =

(A, Ω), then all simple cycles in G are even.
In particular in this case Player 0’s strategy used to derive G is winning.

Proof. Let ρ be a parity progress measure for a solitaire game G. Suppose there
is an odd cycle v1 , . . . , vl in G, let i = Ω(v1 ) be the lowest priority on the cycle,
which is odd. Then according to the definition of a parity progress measure
ρ(v1 ) >i ρ(v2 ) ≥i · · · ≥i ρ(vl ) ≥i ρ(v1 ), which is a contradiction. 


So parity progress measures are witnesses for winning strategies. It is true

that the above condition can also be reversed, i.e., if Player 0 wins from all
vertices, then there is a parity progress measure. But an important feature will
be that we can show the reverse condition while considering only a suitably
bounded number of parity progress measures. We will then be able to replace
the search for a winning strategy by the search for a parity progress measure
from a relatively small set.
 7 Algorithms for Parity Games 119

To define this “small” set let G = (A, Ω) be a solitaire game and Ω be a

function mapping vertices to {0, . . . , d}, and let Vi denote the set of vertices
having priority i. By definition there are d + 1 such sets. Instead of using INd+1
as the range of values of our parity progress measure we will use a set MG defined
by

MG := [1] × [|V1 | + 1] × [1] × [|V3 | + 1] × [1] × · · · × [1] × [|Vd | + 1],

assuming for simplicity that d is odd.

Lemma 7.18. If all simple cycles in a solitaire game G = (A, Ω) are even, then
there is a parity progress measure ρ : V → MG .

Proof. We define the parity progress measure explicitly from the solitaire game
G (as opposed to the inductive proof given in [93]). Let ai (v) be the maximal
number of vertices with priority i occurring on any path in G starting in v
and containing no vertex with priority smaller than i. This value is infinite,
if infinitely many vertices with priority i occur on some path with no smaller
priority occurring on that path. If v has priority smaller than i or there is no
path featuring a vertex with priority i but no smaller priority, then ai (v) = 0.
We then set ρ(v) = (0, a1 (v), 0, a3 (v), 0, . . . , 0, ad (v)) and claim that this is
a parity progress measure with the desired property.
First assume that some ai (v) is not finite for some odd i. Then there is an
infinite path starting at v such that the path contains no vertex with lower
priority than i, but infinitely many vertices with priority i. Thus the path must
contain some vertex with priority i twice, and we can construct a cycle with
least priority i, a contradiction to the assumption of the lemma.
Now we show that we have actually defined a mapping ρ : V → MG . As-
sume that ai (v) is larger than the number of vertices with priority i. Due to
the definition of ai (v) there is a path originating in v such that ai (v) vertices
with priority i show up before a vertex with priority smaller than i. If ai (v) is
larger than the number of vertices with priority i, such a vertex occurs twice.
Consequently there is a cycle containing as least priority i, again a contradiction.
It remains to show that we defined a parity progress measure. Let (v, w) be
any edge and i any odd number. If i = Ω(v), then ai (v) = ai (w) + 1. For all
smaller odd i we get ai (v) ≥ ai (w), because the edge (v, w) extended by a path
starting in w that contains k vertices with priority i but no smaller priority,
yields a path starting in v that contains k vertices with priority i but no smaller
priority. Thus for all v with odd priority ρ(v) >Ω(v) ρ(w) and for all v with even
priority ρ(v) ≥Ω(v) ρ(w). 


The construction allows a nice interpretation of the constructed parity prog-

ress measure. The tuple assigned to a vertex contains for all odd priorities the
maximal number of times this priority can be seen if Player 1 moves over the
graph, until a vertex with smaller priority is seen. Note that this interpretation
is not applicable to all parity progress measures.
120 Hartmut Klauck

Exercise 7.8. Find a parity game and a parity progress measure for which the
above intuition is not true.

What have we achieved by now? Given a strategy of one player we can

construct the solitaire game. Then a parity progress measure for such a graph
exists if and only if Player 0 has a winning strategy from all vertices. Also
parity progress measures from a relatively small set suffice for this. Our current
formulation does not allow to deal with graphs in which both winning regions
are nonempty. Secondly we have to extend our notion of a progress measure
to deal with game arenas, i.e., to graphs in which Player 1 has more than one
option to choose a strategy.
Now consider again the construction of the parity progress measure given in
the proof of the above lemma. If we drop the condition that all simple cycles
are even, then some of the values ai (v) are infinite. Clearly, if ai (v) = ∞, then
there is a path from v that sees infinitely many odd i and no smaller priorities,
so Player 1 might just walk that path and win. If, on the other hand, there is no
i with ai (v) = ∞, then Player 1 cannot win from v, because all paths starting
in v eventually reach an even priority occurring infinitely often. Note that we
excluded dead ends from game arenas in this section. We have a clear distinction
of the winning regions in a solitaire game.
So we introduce one more symbol into MG . Let MG denote MG ∪ {} where
 is larger than all elements of MG in the order >i for all i. If we identify all
ρ(v) containing the value ∞ at least once with , we get an extended parity
progress measure for solitaire games where the vertices with label  constitute
the winning region of Player 1.
To extend the notion of a progress measure to game arenas, we simply de-
mand that for each vertex in which Player 0 moves, there is at least one neighbor
satisfying a progress relation.

Definition 7.19. Let prog(ρ, v, w) denote the least m ∈ MG such that m ≥Ω(v)
ρ(w), and, if Ω(v) is odd, then m >Ω(v) ρ(w) or m = ρ(w) = .
A function ρ : V → MG is a game progress measure, if for all v ∈ V the
following two conditions hold:

(a) if v ∈ V0 then ρ ≥Ω(v) prog(ρ, v, w) for some edge (v, w).

(b) if v ∈ V1 then ρ ≥Ω(v) prog(ρ, v, w) for all edges (v, w).

Furthermore let ||ρ|| = {v ∈ V : ρ(v) = }.

Let us explain the intuition behind the above definition. A parity progress
measure captures the existence of a winning strategy for Player 0 from all ver-
tices in a solitaire game. The key feature of a parity progress measure is that
it decreases on edges originating from vertices with odd parity and does not
increase on other edges (with respect to some order depending on the priorities
of vertices).
In a game arena (as opposed to a solitaire game) the strategy of Player 0 is
not fixed, i.e., usually vertices belonging to both players have outdegree larger
 7 Algorithms for Parity Games 121

than one. Also there are usually nonempty winning regions for Player 0 and for
Player 1.
A game progress measure is defined with respect to Player 0. For each vertex
the above “decreasing” property must hold for some edge, if the vertex belongs
to Player 0, and for all edges, if the vertex belongs to Player 1. So we demand
the existence of an edge with the “decreasing” property for the multiple edges
originating in vertices belonging to Player 0. Furthermore we have introduced
the  element to deal with vertices in the possibly nonempty winning region of
Player 1. Note that in case we have assigned the top element to a vertex we can-
not demand that an edge leading to that vertex decreases the progress measure.
That is the reason for introducing the complications in the prog-notation.
If we restrict a game graph with a game progress measure ρ to the vertices
in ||ρ||, we get a solitaire game with a parity progress measure. Assume that this
parity progress measure equals the one constructed in the proof of Lemma 7.18.
In this case we get the following interpretation of the game progress measure:
the component ρi (v) for some odd i and some v ∈ ||ρ|| contains the number of
times Player 1 may force Player 0 to see priority i before some smaller priority
occurs, if Player 0 tries to minimize that value and Player 1 tries to maximize it.
Unfortunately this intuition does not hold true for all possible parity progress
measures as noted before, see Exercise 7.8
It is easy to find a game progress measure by assigning  to all vertices. This
measure does not tell us much. But it will turn out that we can try to maximize
the size of ||ρ|| and find the winning region of Player 0.
First we define a strategy from the measure ρ. Let f0ρ : V0 → V be a strategy
for Player 0 defined by taking for each vertex v a successor w which minimizes
ρ(w).

Lemma 7.20. If ρ is a game progress measure, then f0ρ is a winning strategy

for Player 0 from all vertices in ||ρ||.

Proof. Restrict the game arena to the vertices in ||ρ||. If we now fix the strategy
f0ρ we get that ρ is a parity progress measure on the resulting solitaire game. This
implies that all simple cycles in the solitaire game are even (using Lemma 7.17)
and the strategy wins from all vertices in ||ρ||, if f0ρ is closed on ||ρ|| due to
Lemma 7.15. But this is true, since the strategy would violate the conditions of
its game progress measure if it would use an edge leading from ||ρ|| to a vertex
labeled  in the solitaire game. 


So we are after game progress measures with large ||ρ||.

Lemma 7.21. For each parity game there is a game progress measure ρ such
that ||ρ|| is the winning region of Player 0.

Proof. Since each vertex is either in the winning region of Player 0 or of Player 1
we can assume that a winning strategy for Player 0 never leaves his winning set,
otherwise Player 1 could win after such a step. Fixing a memoryless winning
strategy with this winning region and restricting the vertices to the winning
122 Hartmut Klauck

region yields a solitaire game G containing no simple even cycle. Thus due to
Lemma 7.18 there is a parity progress measure ρ with values in MG . If we now
set ρ(v) =  for all vertices outside of G we get a game progress measure as
demanded. 

We are now almost done. Given a game, we have to find a game progress
measure that has a maximal number of vertices which do not have value . But
it is actually not really clear how to compute game progress measures at all,
except trivial ones.
So we take the following approach. We consider the set of all functions V →
MG . Our goal is to find one such function which is a game progress measure,
and in particular one with a maximal winning region. First we define an ordering
on these functions. Let ρ, σ be two such functions, then ρ  σ, if for all v ∈ V
we have ρ(v) ≤ σ(v). If also ρ = σ, then we write ρ < σ. With this ordering we
have a complete lattice structure on our set of functions. We will define certain
monotone operators in this lattice. The game progress measure we are looking
for is the least common fixed point of these operators.
We start from a function mapping all vertices to the all zero vector and apply
the set of operators that “push the function” towards a game progress measure.
Eventually this process will actually stop at a fixed point of the operators.
The applied operators work on one vertex label only, and in the worst case
during a run of the algorithm the label of such a vertex may take on all its
possible values. But then the number of such steps is no more than n times the
number of all labels, which is n · |MG |.
Let us define the operators now.
Definition 7.22. The operator Lift(ρ, v) is defined for v ∈ V and ρ : V → MG
as follows:

 ρ(u) if u = v,
Lift(ρ, v)(u) := max{ρ(v), min(v,w)∈E prog(ρ, v, w)} if u = v ∈ V0 ,

max{ρ(v), max(v,w)∈E prog(ρ, v, w)} if u = v ∈ V1 .
The following lemmas are obvious.
Lemma 7.23. For all v ∈ V the operator Lift(·, v) is monotone with respect to
the ordering .
Lemma 7.24. A function ρ : V → MG is a game progress measure iff it is a
simultaneous fixed point of all Lift(·, v) operators, i.e., iff Lift(ρ, v)  ρ for all
v ∈V.
Exercise 7.9. Prove the lemmas.
Now we have a correspondence between fixed points and game progress mea-
sures. We are interested in a game progress measure inducing the winning region.
To find such a measure we will be computing the least simultaneous fixed point
of all the operators. Due to a theorem of Tarski [175] and Knaster such a least
fixed point exists and can be computed in the following way (see also Chapter 20
in the appendix):
 7 Algorithms for Parity Games 123

We start with the function µ assigning 0 to every vertex. Then as as long

as µ <Lift(µ, v) for some v, apply the lift operator µ :=Lift(µ, v).
When the algorithm terminates, it has found the least simultaneous fixed
point of all lift operators. This is a game progress measure, and as we have seen
it is easy to derive a strategy for Player 0 from it.
Theorem 7.25. The winning region of Player 0 and Player 0’s winning strategy
in a parity game with n vertices, m edges, and d ≥ 2 different priorities can be
  d/2

computed in time O(d · m · d/2

n
) and space O(dn log n).

Proof. First let us argue that the algorithm actually finds the winning region
of Player 0. The computed game progress measure µ is the least simultaneous
fixed point of all the lift operators. The strategy f0µ induced by µ is a winning
strategy on the set of vertices ||µ|| due to Lemma 7.20. Therefore ||µ|| is a subset
of Player 0’s winning region. Furthermore ||µ|| is the largest set of vertices not
assigned  over all game progress measures. Thus it must be Player 0’s winning
region due to Lemma 7.21.
Now let us calculate the complexity of the algorithm. The space is very easy
to calculate. For each vertex we have to store an element of MG , which consists
of d numbers from the set [n]. Thus space used is O(d · n log n).
The time can be bounded as follows. The Lift(ρ, v) operator can be im-
plemented in time O(d · outdegree(v)). Every vertex may be lifted at most
|MG | times, so the time is upper bounded by O(|MG | · d · v outdegree(v)) =
O(md|MG |), if we ensure that we can always find a liftable vertex in constant
time. This is possible by maintaining a queue of liftable vertices. In the begin-
ning we insert all liftable vertices. Later we get a liftable vertex out of the queue,
lift it, and test all predecessors of the vertex for liftability. Liftable vertices are
marked liftable in an array, and if they change from non-liftable to liftable they
are inserted into the queue. These operations are possible within the given time
bound.
It remains now to estimate the size of MG . First assume that priority 0 is
used, and also assume that there are vertices with priorities i for all 0 ≤ i ≤ d−1.
If some priority is missing, we can diminish the higher priorities by 2 without
changing the game. Then
d/2

|MG | = (|V2i−1 | + 1).
i=1

We have
d/2

d−1
(|V2i−1 | + 1) ≤ |Vi | ≤ n,
i=1 i=0

because there is at least one vertex with every even priority, and there are at
most n vertices. Such a product is maximized when all the factors are equal, and
can thus be bounded by
124 Hartmut Klauck

 d/2

n
.
d/2

Now assume that priority 0 is not used. Then w.l.o.g. the priorities used are
{1, 2, . . . , d}. Inspection of the argument shows that it works in this case as well,
by switching the roles of the players in the proof and in the algorithm. 


Now let us mention that one has indeed to specify in which order the Lift
operators are applied, leading to a possible improvement by using a suitable such
order. But Jurdziński has shown [93] that there is an example where for each
such order policy the time bound is basically tight.

Exercise 7.10. Consider the following graph H4,3 where quadratic vertices be-
long to Player 1 and all other vertices to Player 0. The numbers in the vertices
are the priorities.

1 1 1

2 2 2 2 2 2 2

8 7 8 7 8 7 8

4 4 4 4 4 4 4

3 3 3

6 6 6 6 6 6 6

5 5 5

Fig. 7.1. The graph H4,3

Show that the vertices with priority 7 are lifted 44 times, no matter what
lifting policy is used. For this observe that for all vertices except those in the
second, indented layer Player 0 has a winning strategy, for all vertices in the
second layer Player 1 has a winning strategy, and hence  is the label assigned
to these vertices in the least progress measure. Furthermore show that the Lift
operator increases the labels of vertices with priority 7 only to their successors.
Generalize the graph to a family of graphs H,b with (+ − 1)·(3b + 1)+ (2b + 1)
vertices and priorities from the set {1, . . . , 2+}. Show that some vertices are lifted
(b + 1) times no matter what lifting policy is used. Conclude that the running
time bound of Theorem 7.25 is basically tight, in particular that the running
time is exponential in d.
 7 Algorithms for Parity Games 125

7.6 The Strategy Improvement Approach

In this section we briefly review another promising approach to solve parity

games, which should also be useful in implementations. A rigorous theoretical
analysis of this approach is missing, however.
The approach follows a quite general paradigm called strategy improve-
ment. In this approach one starts with a pair of strategies for Player 0 and Player
1, and applies some simple operation on one player’s strategy to “improve” it.
Then the other player responds with an optimal strategy given the first player’s
strategy. This process is iterated. Of course it has to be made precise, what a
better strategy is.
Strategy improvement was first proposed by Hoffman and Karp in 1966
[85] for stochastic games. Their algorithm proceeds basically by starting from
any pair of strategies, and in each iteration considers a vertex, that can be
“switched”, in our context a vertex at which changing the strategy “improves”
the solution. Then the player whose strategy is not yet changed responds with
an optimal strategy according to the other player’s strategy. This is done until
no such iteration is possible. In this case both strategies are optimal. One has to
show in particular, how to compute an optimal response strategy. Furthermore
is must be made clear what an improved strategy is (this is easy for stochastic
games). It is still unknown whether the Hoffmann-Karp algorithm terminates in
polynomial time.
Strategy improvement algorithms for parity games have been proposed by
Puri [147] and by Vöge and Jurdziński [191]. Both algorithms can do one itera-
tion in polynomial time, but the actual number of iterations may be large. The
algorithm due to Puri has the drawback that it is not a discrete algorithm, but
involves linear programming and high precision arithmetic. So we discuss some of
the ideas of the algorithm presented in [191]. Note that also the aforementioned
algorithm of Ludwig for simple stochastic games [117] falls into this category.
The algorithm follows the approach described above. First a strategy of
Player 0 is chosen randomly. Then an “optimal” response strategy is generated.
After this the strategy of Player 0 is “improved” by some simple operation. This
is done until both steps do not change the strategies anymore.
Instead of dealing with the strategies directly another combinatorial object
is considered, and connected to strategies. This object is a valuation. Roughly
speaking a valuation assigns to each vertex relevant information on a play start-
ing from that vertex. Certain types of valuations correspond to strategy pairs.
Furthermore an order is defined on valuations which captures whether one val-
uation is more valuable than another. This ordering allows to define optimal
valuations. Furthermore simple improvement rules can be defined. This gives us
all ingredients needed for a strategy improvement algorithm.
The first notion we need captures the kind of information we want to assign
to single vertices. Note that we are again considering max-parity games, in which
the vertex of highest priority occurring infinitely often is decisive. Furthermore,
without loss of generality, we assume that no priority occurs twice.
126 Hartmut Klauck

Definition 7.26. Let (A, Ω) be some parity game. Let wπ denote the vertex
with highest priority occurring infinitely often in a play π. Let Pπ denote the
set of vertices encountered in play π before wπ appears first and having higher
priority than wπ . Let l(x) denote the size of the set of vertices encountered before
wπ appears first.
The triple (wπ , Pπ , lπ ) is called the play profile of π.
A valuation is a mapping which assigns a play profile to every vertex.
A valuation is induced by a pair of strategies if it assigns to every vertex v
the play profile of the play consistent with the strategies and starting at v.

Exercise 7.11. Construct a parity game and a valuation so that no pair of strate-
gies corresponds to the valuation.
Construct a parity game and a valuation so that more than one pair of
strategies corresponds to the valuation.

Obviously not all valuations are consistent with strategy pairs. We are looking
for some nice conditions under which this is the case.
Consider the play profiles of vertices u, v with u = f0 (v) in a valuation in-
duced by strategies f0 , f1 . Call the plays originating at those vertices π(u), π(v).
Now obviously the most relevant vertex occurring infinitely often in the plays
starting at u and at v is the same. We can distinguish three cases.

(1) wπ(v) has larger or equal priority than v, but is not equal to v. In this case
Pπ(u) = Pπ(v) and lπ(u) = lπ(v) − 1.
(2) wπ(v) has smaller priority than v. In this case Pπ(v) = Pπ(u) ∪ {v} and
lπ(u) = lπ(v) − 1.
(3) wπ(v) = v. In this case Pπ(v) = ∅ and lπ(v) = 0. Furthermore Pπ(u) = ∅, since
there are no vertices on the cycle, which are more relevant than v.

These conditions allow us to define what we call a progress ordering. We

say that two vertices v, u obey a progress relation with respect to a valuation
φ if the above conditions hold for the play profiles assigned to the vertices, and
write v /φ u.
The following is straightforward.
Lemma 7.27. Let φ be a valuation satisfying v /φ f0 (v) resp. v /φ f1 (v) for all
v ∈ V , then (f0 , f1 ) induces φ.
Our goal is still to give sufficient conditions for valuations which are induced
by some pair of strategies.
We call a valuation φ locally progressive, if

∀u ∈ V ∃v ∈ V : v ∈ uE ∧ u /φ v.

This characterizes those valuations induced by strategies.

Lemma 7.28. A valuation is locally progressive iff there exists a strategy pair

inducing the valuation.
 7 Algorithms for Parity Games 127

Exercise 7.12. Prove the lemma. In particular, first show how to extract a strat-
egy pair from a locally progressive valuation so that the strategy pair induces
the valuation. Then show how to compute a locally progressive valuation when
given a pair of strategies. Analyze the time needed to do so.
We now have a close connection between strategy pairs and locally progressive
valuations. Our original goals were to find a way to get an “optimal” response
strategy, and a way to “improve” strategies by some simple operations. We now
define these with respect to valuations.
The first thing we need is a total ordering on the valuations. Since we assume
that no priority occurs twice, we simply take the order on the priorities.
Next we define another ordering on vertices. Let u ≺ v, if the priority of u
is smaller than the priority of v and v has even priority, and if v has smaller
priority than u and v has odd priority. So this ordering tells us how valuable
vertices are from the point of view of Player 0.
This can be extended to sets of vertices P, Q, saying that P ≺ Q if P = Q
and the highest vertex in the symmetric difference between P and Q is in Q, if
even, and in P , if odd.
Now extend the order to play profiles. Let (u, P, l) and (v, Q, r) be two play
profiles. Then (u, P, l) ≺ (v, Q, r) if u ≺ v, or if u = v and P ≺ Q or if u = v
and P = Q and [l < r iff v has odd priority].
This captures how advantageous a play profile may be for Player 0 compared
to another play profile. If the most relevant vertex is advantageous, then so is
the profile. If the most relevant vertex is the same, then the sets of vertices more
relevant but occurring only finitely often is decisive. If these are the same, then
the delay until the most relevant vertex appears decides. This is as much as we
can see from the play profile, and the profile has been designed to let us see that
much from it.
We are now able to state what optimal and improved valuations are.
Definition 7.29. A valuation φ is optimal for Player 0, if two vertices u and
v ∈ uE satisfy the progress relation u /φ v only if v is the ≺-maximal successor
of u or if φ(u) = (u, ∅, 0) and v = (u, ∅, k).
A symmetric definition optimal for Player 1. A valuation is optimal if it
is optimal for both players.
In other words, regarding the above defined value ordering the progress re-
lation increases only on optimal edges. Strategies inducing the valuation send
vertices to optimal neighbors.
Definition 7.30. A locally progressive valuation φ is improved for Player 0
in the following way: first a strategy for Player 0 is extracted from φ so that for
each vertex a successor is chosen which is maximal with respect to the ≺-order
on profiles with respect to φ, then a valuation is constructed which is compatible
with this strategy.
Note that if a locally progressive valuation is optimal for Player 0, then a
strategy for Player 0 can be extracted from the valuation by mapping each vertex
128 Hartmut Klauck

to its successor in the progress ordering. This strategy leads from each vertex
to a neighbor which is maximal in the value ordering. We can also extract a
strategy for Player 1 from the valuation. If Player 1 wins in a play from some
vertex v played as determined by those strategies, then Player 1 wins from v
also if Player 0 choses a different strategy, since this other strategy cannot lead
to vertices with a a more advantageous play profile for Player 0. Hence we can
collect the following consequences.

Lemma 7.31. Let φ be a locally progressive valuation which is optimal for

Player 0 [Player 1]. Then the strategies which are compatible with φ are winning
strategies for Player 1 [Player 0] on the set of vertices v whose play profile in φ
is (w, P, l) with Ω(w) odd [even], against all strategies of Player 0 [Player 1].
If φ is optimal (for both players) then all strategies compatible with φ are
winning strategies (from the respective winning regions of the players).

So it suffices to find an optimal valuation! Now we note that improved valu-

ations deserve their name.

Lemma 7.32. If φ is a locally progressive valuation that is optimal for Player 1

and φ is a locally progressive valuation that is improved for Player 0 with respect
to φ, then φ(v)  φ (v) for all v ∈ V .

Hence improving a locally progressive valuation cannot lead to a less advan-

tageous valuation. It is also strictly improved until it is optimal:

Exercise 7.13. Show that a locally progressive valuation that is optimal for
Player 1, and which does not change when it is improved for Player 0, is al-
ready optimal for both players.

Improving valuations is defined in an algorithmic manner via extracting a

improved strategies and computing a valuation induced by the strategies. Note
that this is possible in an efficient manner due to Exercise 7.12.
Now let us briefly describe the structure of the algorithm.
The algorithm starts with a random strategy for Player 0. Then in each
iteration first a locally progressive valuation is computed which is optimal for
Player 1. Player 0 responds by improving his strategy as described in Defini-
tion 7.29. This is done until the iteration does not change the valuations any-
more. Strategies are extracted from the valuations.

Theorem 7.33. The above algorithm computes winning strategies for Player 0
and Player 1. It can be implemented so that each iteration runs in time O(nm).

Proof. The first statement follows from the previous lemmas. For the implemen-
tation we have to discuss the computation of an optimal valuation for Player 1
given a strategy of Player 0.
For this Player 1 fixes Player 0’s strategy and then goes in ascending order
over all the vertices in the resulting solitaire game using the “reward ordering”
≺. For such a vertex v Player 1 tests, if there is a cycle containing v and otherwise
 7 Algorithms for Parity Games 129

only vertices of smaller priority. If so, then she computes the set of vertices from
which v can be reached (and thus also the cycle). Then a valuation is computed
on this component alone, and the component is removed, whereupon Player 1
continues with the next v.
To find an optimal valuation for the component from which the mentioned
cycle is reachable, notice that it is optimal for Player 1 to go to the cycle, since
v is the most profitable vertex which may occur infinitely often. It is her goal to
find a path from each vertex that reaches the cycle giving the lowest reward for
Player 0. All these computations are possible in time O(nm).
For more details see [191]. 


So we have another approach to find winning regions and strategies in parity

games. It is presently unknown how large the number of iterations may be in the
worst case, except for an exponential upper bound. Neither examples with a high
number of iterations nor good general upper bounds are known. Experiments
suggest that the algorithm behaves quite good for some interesting inputs. One
possible critique on this algorithm is that it does not make any use of a possibly
bounded number of priorities, but rather expands the partial order on vertices
induced by the priorities to a total order, resulting in n priorities used.

7.7 Conclusions

We have considered the problem of finding the winning regions of the two players
in a given parity game and in several other graph-based games. We have seen
that the problem can be solved in polynomial time, if the number of different
priorities assigned to vertices is only a constant.
Our interest in the problem comes from its equivalence to model checking in
the modal µ-calculus. Furthermore the problem is important as one of the few
natural problems in UP ∩ co-UP. We have shown how to prove this complexity
theoretic result. It is promising to investigate the complexity of the problem
further. One message is at least that the problem is very unlikely to be NP-
complete.
Furthermore we have discussed a simple, yet rather efficient algorithm, an
algorithm with a quadratically improved time complexity compared to the first
algorithm, and an attempt to solve the problem following the paradigm of strat-
egy improvement.
8 Nondeterministic Tree Automata

Frank Nießner

Institut für Informatik

Johann Wolfgang Goethe-Universität Frankfurt am Main

8.1 Introduction
The automaton models introduced so far mainly differ in their acceptance con-
ditions. However, they all consume infinite sequences of alphabet symbols, i.e.,
they consume ω-words. We therefore call these automata word automata. In
this chapter we define finite-state automata which process infinite trees instead
of infinite words and consequently we call them tree automata.
Automata on infinite objects, in general, play an important role in those ar-
eas of computer science where nonterminating systems are investigated. System
specifications can be translated to automata and thus questions about systems
are reduced to decision problems in automata theory. Tree automata are more
suitable than words when nondeterminism needs to be modelled.
Furthermore, there are close connections between tree automata and logical
theories, which allow to reduce decision problems in logic to decision problems
for automata. Such reductions will be thoroughly discussed in Chapter 11. Ra-
bin [148] showed decidability of monadic second-order logic using tree automata
which process infinite binary trees. The crucial part in his paper is a comple-
mentation theorem for nondeterministic finite-state automata on infinite trees.
The proof of this theorem implicitly entails determinacy of parity games. How-
ever, Büchi [21] observed that this proof can be much simplified when games
are applied explicitly. This approach was successfully implemented by numerous
authors, see for instance [77, 55]. Here, we present a game-theoretically based
proof of Rabin’s theorem according to Thomas [183] and Zielonka [203]. For this
purpose we use some results introduced in the previous chapters about infinite
games, especially the determinacy theorem for parity games.
Moreover, we consider the emptiness problem for finite-state automata on
infinite trees in terms of decidability and efficiency. These observations will be
useful in the subsequent chapter about monadic second-order logic.
The chapter is structured as follows. In Section 8.2 we introduce notations
and definitions. Section 8.3 introduces two tree automaton models which differ
in their acceptance conditions but recognize the same classes of tree languages.
We merely sketch the proof of equivalence between the two models. A game-
theoretical view on tree automata and their acceptance conditions, together
with the main results is given in Section 8.4. Then we are prepared to restate
the above-mentioned complementation theorem. The last section, Section 8.5,
discusses decidability questions of tree automata. We show that for a particular
class of tree automata it is decidable whether their recognized language is empty
or not.

E. Grädel et al. (Eds.): Automata, Logics, and Infinite Games, LNCS 2500, pp. 135-152, 2002.
 Springer-Verlag Berlin Heidelberg 2002
136 Frank Nießner

8.2 Preliminaries

The infinite binary tree is the set T ω = {0, 1}∗ of all finite words on {0, 1}.
The elements u ∈ T ω are the nodes of T ω where ε is the root and u0, u1 are the
immediate (say) left and right successors of node u.
We restrict ourselves to binary trees, since they are sufficient for most appli-
cations, see, for instance, Chapter 12.
Let u, v ∈ T ω , then v is a successor of u, denoted by u < v, if there exists a
w ∈ T ω such that v = uw.
An ω-word π ∈ {0, 1}ω is called a path of the binary tree T ω . The set
P re< (π) ⊂ {0, 1}∗ of all prefixes of path π (linearly ordered by <) describes the
set of nodes which occur in π.
For sets Θ, Σ and a mapping µ : Θ → Σ, we define the infinity set Inf(µ) =
{σ ∈ Σ | µ−1 (σ) is an infinite set}.
We consider here trees where the nodes are labeled with a symbol of an
alphabet. A mapping t : T ω → Σ labels trees with symbols of Σ. The set of all
Σ-labeled trees is denoted by TΣω (or TΣ for simplicity, if no confusion occurs).
Sometimes we are only interested in the labeling of a path π through t. Hence
let t|π : P re< (π) → Σ denote the restriction of the mapping t to π.
For n an integer and 1 ≤ i ≤ n, the projection onto the i-th coordinate
is the mapping pi : Σ n → Σ such that pi ((σ1 , σ2 , . . . , σn )) = σi . We extend
projections to labeled infinite trees. For a Σ1 × Σ2 -labeled tree t ∈ TΣω1 ×Σ2 ,
let p1 (t) ∈ TΣω1 be the corresponding tree labeled exclusively with elements of
Σ1 . Projections can be applied to sets as well. Thus a projection p1 (Θ) of a set
Θ ⊆ TΣω1 ×Σ2 is defined as p1 (Θ) = {p1 (t) | t ∈ Θ}.

Example 8.1. Let Σ = {a, b}, t(ε) = a, t(w0) = a and t(w1) = b, w ∈ {0, 1}∗.

Tω : ε t: a

0 1 a b

00 01 10 11 a b a b

Fig. 8.1. A tree with corresponding labeling

Exercise 8.1. Prove the above-mentioned assertion that binary trees suffice to
describe the general case, i.e., describe an encoding of trees with arbitrary finite
branching as binary trees.
 8 Nondeterministic Tree Automata 137

8.3 Finite-State Tree Automata

The automata seen so far processed finite or infinite sequences of alphabet sym-
bols. They consume one input symbol at a time and thereby enter a successor
state determined by a transition relation. It is obvious that we somehow have to
modify the automaton models in order to make them running on infinite trees.
Since each position in a binary tree has two successors (rather than one successor
as in infinite words) it is natural to define for a state out of a set Q and an input
symbol from Σ two successor states in the transition relation, that is, transitions
are now elements of Q × Σ × Q × Q. Computations then start at the root of
an input tree and work through the input on each path in parallel. A transition
(q, a, q1 , q2 ) allows to pass from state q at node u with input-tree label a to the
states q1 , q2 at the successor nodes u0, u1. Afterwards there may be transitions
which allow to continue from q1 and from q2 , and so on. This procedure yields a
Q-labeled tree which we call the run of an automaton on an input tree. Such a
run is successful if all the state sequences along the paths meet an acceptance
condition similar to the types of acceptance conditions known already from
sequential ω-automata.
We start with the description of a Muller tree automaton.

Definition 8.2. A Muller tree automaton is a quintuple A = (Q, Σ, ∆, qI , F )

where Q is a finite state set, Σ is a finite alphabet, ∆ ⊆ Q×Σ×Q×Q denotes the
transition relation, qI is an initial state and F ⊆ P (Q) is a set of designated state
sets. A run of A on an input tree t ∈ TΣ is a tree  ∈ TQ , satisfying (ε) = qI and
for all w ∈ {0, 1}∗ : ((w), t(w), (w0), (w1)) ∈ ∆. It is called successful if for
each path π ∈ {0, 1}ω the Muller acceptance condition is satisfied, that is,
if Inf(|π) ∈ F . We refer to Section 1.3.2 for a thorough definition of the Muller
acceptance condition. A accepts the tree t if there is a successful run of A on t.
The tree language recognized by A is the set T (A) = {t ∈ TAω | A accepts t}.

Example 8.3. We consider the tree language T = {t ∈ T{a,b} | there is a path π

through t such that t|π ∈ (a + b)∗ (ab)ω }. The language can be recognized by a
Muller tree automaton A that guesses a path through t and checks, if the label of
this path belongs to (a + b)∗ (ab)ω . For this purpose A memorizes in its state the
last read input symbol. If in the next step the current input symbol varies from
that in the state memory, then it gets noticed in A’s successor state, otherwise A
switches back to the initial state qI . Hence a path label in (a + b)∗ (ab)ω involves
an infinite alternation between a state qa memorizing input symbol a and a state
qb memorizing b. Therefore F includes the acceptance set {qa , qb }. It remains to
be explained how A can guess a path. Guessing a path means to decide whether
the left or the right successor node of the input tree belongs to the path. In
the corresponding run this node obtains the label qa or qb , depending on the
current input symbol. The remaining node gets the label qd which signals that
it is outside the guessed path.
Formally, A = ({qI , qa , qb , qd }, {a, b}, ∆, qI, {{qa , qb }, {qd }}). Transition re-
lation ∆ includes the following initial transitions (qI , a, qa , qd ), (qI , a, qd , qa ),
138 Frank Nießner

(qI , b, qb , qd ), (qI , b, qd , qb ). Since we do not care about the situation outside

the path guessed, i.e, in a run the left and right successors of a node labeled
by qd will get the label qd as well, independently of the current input sym-
bol, it follows (qd , a, qd , qd ) ∈ ∆ and (qd , b, qd , qd ) ∈ ∆. If for a node with
label qa the corresponding input label is b, then the automaton enters state
qb , formally (qa , b, qb , qd ), (qa , b, qd , qb ) ∈ ∆. Reading an a instead means that
there have been two consecutive a’s, i.e., we are still checking the label prefix
(a + b)∗ . In this case A reenters qI , that is, (qa , a, qI , qd ),(qa , a, qd , qI ) ∈ ∆. Since
the case for node label qb is symmetrical, (qb , a, qa , qd ),(qb , a, qd , qa ) ∈ ∆ and
(qb , b, qI , qd ),(qb , b, qd , qI ) ∈ ∆.
On the input tree t of Example 8.1 there exists a successful run  that could
start with the transitions depicted in Figure 8.2.

t: a : qI

a b qd qa

a b a b qd qd qb qd

Fig. 8.2. First transitions of 

Exercise 8.2. Define a Muller tree automaton recognizing the language T = {t ∈

T{a,b} | there is a path π through t such that after any occurrence of letter a in
π there is some occurrence of letter b}.

In a similar way we can define parity tree automata, that is, we adopt the
parity condition, introduced in [55], to tree automata. It will turn out that this
automaton model is particularly useful for the solution of the complementation
problem for automata on infinite trees.

Definition 8.4. A parity tree automaton is a quintuple A = (Q, Σ, ∆, qI , c)

where Q is a finite state set, Σ is a finite alphabet, ∆ ⊆ Q × Σ × Q × Q denotes
the transition relation, qI is an initial state, and c : Q → {0, ..., k}, k ∈ IN is
a function which assigns an index value out of a finite index set to each state
of the automaton. Sometimes the index values are called colors where c is the
corresponding coloring function. Again, a run of A on an input tree t ∈ TΣ is a
tree  ∈ TQ , satisfying (ε) = qI and ∀w ∈ {0, 1}∗ : ((w), t(w), (w0), (w1)) ∈
∆. We call it successful if for each path π ∈ {0, 1}ω the parity acceptance
condition is satisfied, that is, if min{c(q) | q ∈ Inf(|π)} is even. The tree
language recognized by A is the set T (A) = {t ∈ TAω | A accepts t}.

Example 8.5. We consider the tree language T = {t ∈ T{a,b} | for each path π
through t holds t|π ∈ aω ∪ (a + b)∗ bω }. The language can be recognized by a
 8 Nondeterministic Tree Automata 139

parity tree automaton A that checks simultaneously whether the labels of all
paths belong to aω ∪ (a + b)∗ bω or not. Hence there is no necessity to guess a
correct path, i.e, for each state the left and right successor states will be identical.
The automaton starts in the initial state qI and changes to successor states
qb , qb if an alphabet symbol b was read and remains in qI for a symbol a, respec-
tively. We observe that reading a symbol b means we cannot have a label aω
on the corresponding path. The following initial transitions (qI , b, qb , qb ), (qI , a,
qI , qI ) belong to the transition relation ∆ of A. The automaton remains in qb if
the corresponding input is a b, i.e., (qb , b, qb , qb ) ∈ ∆, otherwise it switches both
successor states and thus (qb , a, qa , qa ) ∈ ∆. A behaves symmetrically when its
current state is qa , that is, (qa , a, qa , qa ), (qa , b, qb , qb ) ∈ ∆.
While reading a’s, A labels the nodes of his run on t with qI . An alphabet
symbol b signals that from now on the automaton has to verify (a+b)∗ bω . This is
done by using the states qa and qb which indicate that the symbol last read was
a or b, respectively. On paths which labels belong to (a + b)∗ bω the automaton
remains, from some point of time, in state qb and consumes b’s exclusively. Thus,
if we index the states by c(qa ) = 1 and c(qb ) = 2 = c(qI ), we can ensure that
only the desired trees are accepted.

Exercise 8.3. Define a Muller and a parity tree automaton recognizing the lan-
guage T = {t ∈ T{a,b} | any path through t carries only finitely many b}.

Büchi, Rabin and Streett tree automata are defined analogously, i.e., we
provide the tree automata with a Büchi, Rabin or Streett acceptance condition.
For a thorough definition of these acceptance conditions see Chapter 1. Hence
a run of one of these automata is successful if and only if for each path of the
run the corresponding acceptance condition is satisfied. Büchi tree automata
differ from the other automaton models in terms of their generative capacity,
i.e., they differ in terms of the language class recognized. We state this fact in
the following theorem.

Theorem 8.6. Büchi tree automata are strictly weaker than Muller tree au-
tomata in the sense that there exists a Muller tree automaton recognizable lan-
guage which is not Büchi tree automaton recognizable [149].

Proof. The language T = {t ∈ T{a,b} | any path through t carries only finitely
many b} can obviously be recognized by a Muller tree automaton with transitions
(qI , a, qI , qI ), (q1 , a, qI , qI ), (qI , b, q1 , q1 ), (q1 , b, q1 , q1 ) and the designated set F =
{{qI }}. (This solves one part of the above exercise.) However, it can not be
recognized by any Büchi tree automaton.
Assume for contradiction that T is recognized by a Büchi tree automaton B =
(Q, Σ, ∆, qI , F ) such that card(Q) = n. Consider the input tree tn ∈ T{a,b} which
has a label b exactly at the nodes 1+ 0, 1+ 01+ 0, . . . , (1+ 0)n , i.e., at positions that
we reach by choosing the left successor after a sequence of right successors, but
only for at most n left choices. It is obvious that tn ∈ T . Thus there is a successful
run  of B on tn . On path 1ω a final state is visited infinitely often, hence there
must be a natural number m0 so that (1m0 ) ∈ F . The same observation holds
140 Frank Nießner

for path 1m0 01ω with m1 and (1m0 01m1 ) ∈ F . Proceeding in this way we obtain
n + 1 positions 1m0 , 1m0 01m1 , . . . , 1m0 01m1 0 . . . 1mn on which  runs through a
final state. This means that there must be positions, say u and v, where u < v
and (u) = (v) = f ∈ F . We consider the finite path πu in tn from u to v.
By construction this path performs at least one left turn and thus it contains a
node with label b. Now we construct another input tree tn by infinite repetition
of πu . This tree contains an infinite path which carries infinitely many b’s, thus
tn ∈ T , but we can easily construct a successful run on tn by copying the actions
of  to πu infinitely often, hence getting a contradiction. 


One can show that Muller, parity, Rabin and Streett tree automata all ac-
cept the same class of languages. The proofs are similar to those for sequential
automata from the first chapter. This is not a surprising fact because for tree
automata the appropriate acceptance condition is applied to each path of a run
separately, i.e., to a sequence of states.

Theorem 8.7. Muller, parity, Rabin and Streett tree automata all recognize the
same tree languages.
Proof. We sketch the transformations of tree automata according to those for
word automata described in Chapter 1.
We start with transforming Muller acceptance to parity acceptance. This
transformation reuses the modified LAR construction already introduced in
Section 1.4.2. Let A = ({1, 2, . . . , n}, Σ, 1, ∆, F ) be a Muller tree automaton.
The states of the parity tree automaton A are permutations of subsets of A’s
states together with a marker " that indicates the position of the last change in
the record. If (i, a, i , i ) ∈ ∆, then for all states u"v where i is the rightmost
symbol we have to add transitions (u"v, a, u "v  , u "v  ) to the transition relation
set of A . The states u "v  and u "v  are the successor states determined by the
rules described in Section 1.4.2. If the states out of

{ u"v | |u| < i } ∪ { u"v | |u| = i ∧ { a ∈ Σ | a  v } ∈ F }

are colored by 2i − 1 and the states out of

{ u"v | |u| = i ∧ { a ∈ Σ | a  v } ∈ F }

are colored by 2i then T (A) = T (A ).

Next we transform parity acceptance to a Streett acceptance condition. Let
A = (Q, Σ, ∆, qI , c) be a parity tree automaton where c : Q → {0, ..., k},

k ∈ IN. An equivalent Streett tree automaton
k is defined by A = (Q, Σ, ∆, qI , Ω)
where Ω := {(E0 , F0 ), . . . , (Er , Fr )}, r := 2 and for all i ∈ {0, . . . , r} the sets
Ei and Fi are determined by Ei := {q ∈ Q | c(q) < 2i + 1} and Fi := {q ∈ Q |
c(q) = 2i + 1}.
Next, we transform parity acceptance to a Rabin acceptance condition. Let
A = (Q, Σ, ∆, qI , c) be a parity tree automaton where c : Q → {0, ..., k},

k ∈ IN. An equivalent Rabin tree automaton
is defined by A = (Q, Σ, ∆, qI , Ω)
where Ω := {(E0 , F0 ), . . . , (Er , Fr )}, r := k2 and for all i ∈ {0, . . . , r} the sets
 8 Nondeterministic Tree Automata 141

Ei and Fi are determined by Ei := {q ∈ Q | c(q) < 2i} and Fi := {q ∈ Q |

c(q) = 2i}.
Next, we transform Streett acceptance to a Muller acceptance condition. Let
A = (Q, Σ, ∆, qI , Ω) be a Streett tree automaton. We define an equivalent Muller
tree automaton by A = ({1, 2, . . . , n}, Σ, 1, ∆, F ) where

F := { G ∈ P (Q) | ∀(E, F ) ∈ Ω . G ∩ E = ∅ ∨ G ∩ F = ∅ }.
Our final transformation transforms Rabin acceptance to Muller acceptance.
Let A = (Q, Σ, ∆, qI , Ω) be a Rabin tree automaton. We define an equivalent
Muller tree automaton by A = ({1, 2, . . . , n}, Σ, 1, ∆, F ) where

F := { G ∈ P (Q) | ∃(E, F ) ∈ Ω . G ∩ E = ∅ ∧ G ∩ F = ∅ }. 


Exercise 8.4. Give an example that shows that the straight-forward conversion
of Muller ω-automata to Büchi ω-automata from Chapter 1 does not work for
tree automata.

8.4 The Complementation Problem for Automata on

Infinite Trees

It is not difficult to prove closure under union, intersection and projection for
finite tree automata languages. We leave this as an exercise.

Exercise 8.5. Prove closure under union, intersection and projection for the class
of Muller tree automaton recognizable languages.

As already mentioned in the introduction, complementation is the essential

problem. We will now show closure under complementation for tree languages
acceptable by parity tree automata (and hence acceptable by Muller tree au-
tomata).
To simplify the proof we use a game-theoretical approach. We identify a
parity tree automaton A = (Q, Σ, ∆, qI , c) and an input tree t with an infinite
two-person game GA,t having Player 0 and Player 1 playing the game on t. The
rules of the game are the following ones. The Players move alternately. Player
0 starts a game by picking an initial transition from ∆ such that the alphabet
symbol of this transition equals that at the root of t. Player 1 determines whether
to proceed with the left or the right successor. His opponent reacts by again
selecting a transition from ∆ where the alphabet symbol now must equal the
input symbol of the left or right successor node in t and the current transition
state has to match the left or right successor state of the previous transition,
depending on Player 1’s selection. So in general, it is the task of Player 0 to pick
transitions and it is the task of Player 1 to determine a direction. Hence, due
to Gurevich and Harrington [77], Player 0 and Player 1 are sometimes called
automaton and pathfinder. The sequence of actions represents a play of the
game and induces an infinite sequence of states visited along the path across
142 Frank Nießner

t. Player 0 wins the play if this infinite state sequence satisfies the acceptance
condition of A, otherwise Player 1 wins. Player 0’s goal is it to show that the state
sequences for all paths of the corresponding run meet the acceptance condition,
i.e., that A accepts t. Player 1 tries to prevent Player 0 from being the winner,
his goal is to verify the existence of a path such that the corresponding state
sequence violates the acceptance condition of A, i.e., the rejection of t by A.

Example 8.8. For our input tree t and the parity tree automaton A introduced
in Example 8.5, Figure 8.3 shows the first moves in a play of GA,t . Each arrow
is labeled with that player whose decision determines the succeeding position.

ε, a, q 
  I
; ε, a, qI @
; @
; @
Player 0: Player 1:
a b −→ ; ;0, a, qI 1, b, qI@
@ −→

a b a b a b a b

; ε, a, qI @ ; ε, a, qI @
; @ ; @
; 1, b,@q @ Player 0: ;0,;a, q @ Player 1:
;
; a, qI
0,  @  −→ ;
I I
1, b, qI@
A@ −→

A

A
a b a b a b
10, a, qb 11, bqbA

Fig. 8.3. First moves in a play of GA,t

The positions from where on Player 0 or Player 1 have to react are called
game positions. Thus a play is an infinite sequence of game positions which
alternately belong to Player 0 or Player 1. A game can be considered as an
infinite graph which consists of all game positions as vertices. Edges between
different positions indicate that the succeeding position is reachable from the
preceding one by a valid action of Player 0 or Player 1, respectively. The game
positions of Player 0 are defined by

V0 := {(w, q) | w ∈ {0, 1}∗, q ∈ Q}.

 8 Nondeterministic Tree Automata 143

Player 1’s game positions are given by

V1 := {(w, τ ) | w ∈ {0, 1}∗, τ ∈ ∆t(w) },

where for each a ∈ Σ,

∆a := {τ ∈ ∆ | ∃q, q0 , q1 ∈ Q, τ = (q, a, q0 , q1 )}.

In a game position u = (w, q), Player 0 chooses a transition τ = (q, t(w), q0 ,
q1 ) and thus determines the states belonging to the successors of w. Further-
more, by this decision a game position v = (w, τ ) of Player 1 is established. The
edge (u, v) then represents a valid move of Player 0. Now Player 1 chooses a di-
rection i ∈ {0, 1} and determines from where to proceed, i.e., Player 1 determines
wi and thus establishes u = (wi, qi ) which is again a game position of Player 0.
The edge (v, u ) represents a valid move of Player 1. The usual starting position
of a play is (ε, qI ) and thus belongs to Player 0. Now we index the game posi-
tions with the colors of the states belonging to them, i.e., c((w, q)) = c(q) and
c((w, (q, t(w), q0 , q1 ))) = c(q). The games GA,t then meet exactly the definition
of min-parity games given in Chapter 4.
Furthermore the notions of a strategy, a memoryless strategy and a
winning strategy as defined in Section 2.4 apply to the games GA,t as well. A
winning strategy of a game GA,t and a successful run  ∈ TQ of the corresponding
automaton A = (Q, Σ, ∆, qI , c) are closely related.
The run  keeps track of all transitions that have to be chosen in order
to accept the input tree t. For any of the nodes (w, q), w ∈ {0, 1}∗, q ∈ Q,
where (w0, q0 ) and (w1, q1 ) are the immediate successors, we can derive the
corresponding transition τ = (q, t(w), q0 , q1 ) ∈ ∆. In other words, we know for
each node w in each path π through  which transition to apply. Each of these
paths is an infinite sequence of states that corresponds to a particular play of
the game GA,t . This play is won by Player 0, since the infinite state sequence
is a path of the successful run . The decisions of Player 1 determine the path
generated by the current play. Since  determines for each node and each path the
correct transition, Player 0 can always choose the right transition, independently
of Player 1’s decisions, i.e., Player 0 has a winning strategy. Thus if there exists
a successful run of A on t, then Player 0 has a winning strategy.
Conversely, we can use a winning strategy f0 for Player 0 in GA,t to construct
a successful run  of A on t. For each game position (w, q) of Player 0, f0
determines the correct transition τ = (q, t(w), q0 , q1 ). Player 0 must be prepared
to proceed at game position (w0, q0 ) or at game position (w1, q1 ) since he can not
predict Player 1’s decision. However, for both positions the winning strategy can
determine correct transitions such that the play can be continued to a winning
play for Player 0. Hence in  we label w by q, w0 by q0 and w1 by q1 . Proceeding
in this way we obtain the entire run  which is successful since it is determined
by a winning strategy of Player 0. Thus, if Player 0 has a winning strategy in
GA,t , then there exists a successful run of A on t.
We summarize these observations in the following lemma.
144 Frank Nießner

Lemma 8.9. A tree automaton A accepts an input tree t if and only if there is
a winning strategy for Player 0 from position (ε, qI ) in the game GA,t .

As already mentioned, a game GA,t which is identified with a parity tree

automaton A and an input tree t meets the definition of parity games. So we
can make use of central results about parity games. As is done in Theorem 6.6,
it can be shown that these games are determined and that memoryless winning
strategies suffice to win a game. Thus from any game position in GA,t , either
Player 0 or Player 1 has a memoryless winning strategy.
We are now prepared to focus on our original problem, namely the comple-
mentation of finite tree automata languages. Given a parity tree automaton A,
we have to specify a tree automaton B that accepts all input trees rejected by
A. Rejection means not accepting an input tree t, or in our game theoretical
notation, following Lemma 8.9, there is no winning strategy for Player 0 from
position (ε, qI ) in the game GA,t . However, the above-mentioned results about
parity games guarantee the existence of a memoryless winning strategy starting
at (ε, qI ) for Player 1. We will construct an automaton that checks exactly this.
First of all we observe that a memoryless strategy of Player 1 is a function
f : {0, 1}∗ × ∆ → {0, 1} determining a direction 0 (left successor) or 1 (right
successor). But there is a natural isomorphism between such functions and func-
tions {0, 1}∗ → (∆ → {0, 1}), which, by our definition, are trees. So we can
identify memoryless strategies for Player 1 and such trees. We call such trees
strategy trees, and if the corresponding strategy is winning for Player 1 in the
game GA,t , we say it is a winning tree for t.

Remark 8.10. Let A be a parity tree automaton and t be an input tree. There
exists a winning tree for Player 1 if and only if A does not accept t.

Given a parity tree automaton A and an input t we decide whether a tree

s is not a winning tree t using an ω-automaton M with parity acceptance con-
dition that checks for each path π of t and possible move by Player 0 sep-
arately whether the acceptance condition of A is met. If at least once A’s
acceptance condition is met, then s cannot be a winning tree for t and vice
versa. Clearly, the automaton M needs to handle all ω-words of the form u =
(s(ε), t(ε), π1 )(s(π1 ), t(π1 ), π2 ) . . . . Let L(s, t) be the language of all these words.

Example 8.11. Consider a path π = 01100 · · · through the tree t. An ω-word

u ∈ L(s, t) determined by π could look like the one depicted in Figure 8.4. Here,
every box represents a single alphabet symbol.

fε f0 f01 f011 f0110

u: t(ε) t(0) t(01) t(011) t(0110) . . .
0 1 1 0 0
Fig. 8.4. An ω-word determined by π
 8 Nondeterministic Tree Automata 145

Let A be as usual. The automaton M = (Q, Σ  , Λ, qI , c) is designed to handle

any trees s and t. So M’s alphabet is defined by Σ  = {(f, a, i) | f : ∆ →
{0, 1}, a ∈ Σ, i ∈ {0, 1}}. So A and M have the same acceptance condition. The
automaton M has to check for each possible move of Player 0 if the outcome
is winning for Player 0. This is done nondeterministically: for (f, a, i) ∈ Σ  ,
f ∈ mapa , and τ = (q, a, q0 , q1 ) ∈ ∆a such that f (τ ) = i, M has a transition
(q, (f, a, i), qi ). Here, for a ∈ Σ, mapa denotes the set of all mappings from ∆a
to {0, 1}.

Lemma 8.12. The tree s is a winning tree for t if and only if L(s, t)∩L(M) = ∅.

Proof. “If”: Let s be a winning tree. We assume the existence of a path π =

π1 π2 . . . such that the corresponding ω-word

u = (s(ε), t(ε), π1 )(s(π1 ), t(π1 ), π2 ) . . .

determined by π is an element of L(M). So there is a successful run  = qI q1 q2 . . .

of M on u. This implies for each transition

(qj , (s(π1 . . . πj ), t(π1 . . . πj ), πj+1 ), qj+1 )

that occurs in  the existence of an appropriate transition τj = (qj , t(π1 . . . πj ),

q0 , q1 ) of A such that s(π1 . . . πj ) = fπ1 ...πj where fπ1 ...πj (τj ) = πj+1 . If πj+1 = 0
then qj+1 = q0 otherwise qj+1 = q1 holds. Now we let these transitions τj be
Player 0’s choices in a play of GA,t where Player 1 reacts by choosing s(π1 . . . πj ).
The sequence of states visited along this play is  = qI q1 q2 . . . and satisfies M’s
acceptance condition. Hence Player 1 loses even though he played according to
s. So s cannot be a winning tree for t.
“Only if”: Let L(s, t)∩L(M) = ∅. We consider any play of the game GA,t and
assume (qj , t(π1 . . . πj ), q0 , q1 ) ∈ ∆ to be Player 0’s choice when π1 . . . πj is the
current node. Player 1 plays according to s. The successor state is determined by
s(π1 . . . πj ) as is described above, i.e., qj+1 ∈ {q0 , q1 }. Then we obtain an infinite
sequence  = qI q1 q2 . . . of states visited along the play. This sequence is as well
the run of M on the corresponding ω-word u = (s(ε), t(ε), π1 )(s(π1 ), t(π1 ), π2 ) . . .
∈ L(s, t). Since L(s, t) ∩ L(M) = ∅,  is not accepting. The run  is a particular
path of A’s run on t which is determined by Player 0’s choices. This implies that
A cannot accept t by this run. However, these observations hold for any run,
thus t ∈ T (A). 


The word automaton M accepts all sequences over Σ  which satisfy A’s
acceptance condition. However, we are actually interested in a tree automaton
B which recognizes T (B) = TΣω
\ T (A). Thus in order to construct B, we first
of all generate a word automaton S such that L(S) = Σ  \ L(M). For this
we apply Safra’s determinization construction to M as described in Chapter 3.
Actually Safra’s algorithm applies to nondeterministic Büchi-automata hence, by
the methods specified in Chapter 1, we transform M to a Büchi-automaton. Now
Safra’s construction yields a deterministic Rabin automaton that accepts L(M).
Since a Streett condition is dual to a Rabin condition, we equip the outcome of
146 Frank Nießner

Safra’s algorithm with a Streett condition instead of a Rabin condition to obtain

the desired word automaton S = (Q , Σ  , δ, qI , Ω) such that L(S) = Σ  \ L(M).
Note that due to the determinization process, the number of S’s states can only
be bounded by 2O(n log(n)) .
Now we are able to construct the desired tree automaton B = (Q , Σ, ∆ , qI ),
which runs S in parallel along each path of an input tree. The transition rela-
tion of B is defined by: (q, a, q1 , q2 ) ∈ ∆ if and only if there exist transitions
δ(q, (f, a, 0)) = q1 and δ(q, (f, a, 1)) = q2 where f ∈ mapa . Then T (B) accepts
TΣω
\ T (A), as we will prove next.

Theorem 8.13. The class of languages recognized by finite-state tree automata

is closed under complementation.

Proof. We make use of the constructions given above. It remains to be shown

that indeed T (B) = TΣω \ T (A).
We assume t ∈ T (B), i.e., there exists an accepting run  of B on t. Hence
for each path π = π1 π2 · · · ∈ {0, 1}ω the corresponding state sequence satisfies
Ω and for each node w ∈ {0, 1}∗ there are transitions δ(q, (s(w), t(w), 0) = q1
and δ(q, (s(w), t(w), 1) = q2 of S where s(w) ∈ mapt(w) and the corresponding
transition of B is (q, t(w), q1 , q2 ). This implies that all words u ∈ L(s, t) are
accepted by S and, since L(S) = Σ  \ L(M), L(s, t) ∩ L(M) = ∅. Due to
Lemma 8.12 and Remark 8.10, s is a winning tree for Player 1 and A does not
accept t.
Now let t ∈ T (A). This implies the existence of a winning tree s for Player
1 (cf. Lemma 8.10) such that L(s, t) ∩ L(M) = ∅ (cf. Lemma 8.12) where M is
the nondeterministic word automaton over alphabet Σ  as is constructed above.
It follows L(s, t) ⊆ S, i.e., for each path π = π1 π2 · · · ∈ {0, 1}ω there exists a
run on the ω-word u = (s(ε), t(ε), π1 )(s(π1 ), t(π1 ), π2 ) · · · ∈ L(s, t) that satisfies
Ω. Hence by construction of B there exists an accepting run  of B on t, that is,
t ∈ T (B). 


Even though the proof of closure under complement is somewhat lengthy due
to some technical details, it should be much easier to understand than the original
one presented by Rabin [148]. The proof given above highly benefits from a
game theoretical view, especially from the observation, that computations of tree
automata can be interpreted as parity games. Specifically, it is the determinacy
result for this class of games that induces the aforementioned simplification.

8.5 The Emptiness Problem for Automata on Infinite

Trees
Beside the closure properties of sets that are recognizable by nondeterministic
finite tree automata, algorithmic properties of the automata themselves are of
particular interest. In this section, we present an algorithm that decides whether
the language accepted by a parity tree automaton is empty or not. Furthermore,
we study the complexity of the algorithm.
 8 Nondeterministic Tree Automata 147

In order to prove the decidability result we first of all introduce input-free

tree automata. As the name suggests, this class of tree automata is defined
to operate without any input trees. More precisely, an input-free tree automa-
ton is of the form (Q, ∆, qI , Acc) where Q is a finite state set, qI a designated
initial state, ∆ ⊆ Q × Q × Q a transition relation, and an acceptance condi-
tion. For instance, in case of an input-free parity tree automaton A, a coloring
function c would be added. Input-free tree automata can also be defined even
without having an acceptance condition. If so, the automata merely consist of
Q, a designated initial state and a transition relation ∆ ⊆ Q × Q × Q.
We call an input-free tree automaton deterministic if and only if for all pairs
(q, q  , q  ), (q, p , p ) ∈ ∆, q  = p and q  = p holds.
A run of an input-free tree automaton is still a tree t ∈ TQ , defined in a
straightforward manner. If the automaton is deterministic, then t is unique and
belongs to a particular class of trees, the so-called regular trees. A tree is called
regular if and only if it has only a finite number of non-isomorphic subtrees.
Formally, this can be defined as follows. Given a tree t and a word u ∈ {0, 1}∗,
let tu be the tree defined by tu (v) = t(uv). Then t is called regular if the set
{ tu | u ∈ {0, 1}∗ } is finite.

Exercise 8.6. Prove the above claim that the unique run of a deterministic input-
free automaton is a regular tree.

Regular trees can be generated by deterministic finite automata via an addi-

tional output function with alphabet {0, 1}. Let A = (Q, {0, 1}, δ, qI, f ) be such
an automaton where f : Q → Σ  is an additional output function. This automa-
ton generates the tree t ∈ TΣ
defined by t(w) = f (δ(qI , w)), i.e., the label at
node w is A’s output after it has processed w. Note that the root label t(ε) is
the output of A in its initial state.

Example 8.14. In Figure 8.5 we present a deterministic finite automaton A =

({qI , qb , qd }, {0, 1}, δ, f ), where for each state the output function f has the state’s
index as output, thus generating the regular tree t.

t: I

1 qb 0
d b
qI 1 1

0 qd 0 d b b d

Fig. 8.5. Finite automaton A generating t

148 Frank Nießner

Exercise 8.7. Prove the above claim that a tree is regular if and only if it is
generated by a deterministic finite automaton with output function as described
above.

Deterministic input-free tree automata without acceptance conditions and

deterministic finite-state automata on a binary alphabet are closely related. To
see this, we define the state-output pairs (q, f (q)) of a deterministic finite au-
tomaton A = (Q, {0, 1}, δ, qI, f : Q → Σ  ) to be the states of an input-free tree
automaton B = (Q × Σ  , ∆, (qI , f (qI ))). Furthermore, we identify the inputs
0, 1 for A with the left and right branching of B, i.e., for all q ∈ Q, we let
((q, f (q)), (δ(q, 0), f (δ(q, 0))), (δ(q, 1), f (δ(q, 1)))) ∈ ∆. So B is deterministic and
a run of B generates in the second component of its states exactly the same tree
that A generates. Hence, in this sense both automaton models have the same
expressive power.

Example 8.15. Figure 8.6 presents a run  of the input-free tree automaton
B where {(qI , I), (qb , b), (qd , d)} is the state set, ∆ = (((qI , I), (qd , d), (qb , b)),
((qd , d), (qd , d), (qb , b)), ((qb , b), (qb , b), (qd , d))) and (qI , I) is the initial state.

: (qI , I) t: I

(qd , d) (qb , b) d b

(qd , d) (qb , b) (qb , b) (qd , d) d b b d

Fig. 8.6. A run  of B generating t

With respect to the emptiness problem, we now prove the following crucial
lemma.

Lemma 8.16. For each parity tree automaton A there exists an input-free tree
automaton A such that Tω (A) = ∅ if and only if A admits a successful run.

Proof. Given a parity tree automaton A = (Q, Σ, ∆, qI , c) we construct an

input-free tree automaton A = (Q × Σ, ∆ , {qI } × Σ, c ) which has the re-
quired property and behaves as follows. A guesses an input tree t in the second
component of its states nondeterministically. This can be realized by a suitable
modification of A’s transition relation. To be more exact, for each transition
(q, a, q  , q  ) ∈ ∆ we generate transitions ((q, a), (q  , x), (q  , y)) ∈ ∆ if there
exist (q  , x, p, p ), (q  , y, r, r ) ∈ ∆. Furthermore, for all states of A we define
c (q, a) = c(q). So the behavior of A on the guessed input t is identical to that
of A running on t. Hence, if A has a successful run, then Tω (A) = ∅ and vice
versa. 

 8 Nondeterministic Tree Automata 149

With every input-free tree automaton A = (Q, ∆, qI , c), we associate a parity

game GA which is won by Player 0 if and only if A has an accepting run. Clearly,
we do not have to keep track of input symbols and tree nodes in the corresponding
parity game GA . The game positions are states from the state set Q of A and
transitions over Q × Q × Q. More precisely, V0 = Q, V1 = ∆, and there are two
types of transitions. For every q ∈ Q, and (q, q  , q  ) ∈ ∆, we have (q, (q, q  , q  )) ∈
∆; for every (q, q  , q  ) ∈ ∆, we have ((q, q  , q  ), q  ), ((q, q  , q  ), q  ) ∈ ∆. The
coloring function maps q and (q, q  , q  ) to c(q).
Clearly, every strategy for Player 0 corresponds to a run and vice versa, and
every winning strategy corresponds to a successful run and vice versa.
Remark 8.17. An input-free tree automaton A admits a successful run if and
only if Player 0 wins GA .
Example 8.18. Consider an input-free tree automaton with state set Q = {qI , qa ,
qb , qd }, initial state qI and transition relation ∆ = {(qI , qa , qd ), (qI , qd , qb ), (qa , qa ,
qI ), (qa , qd , qa ), (qd , qd , qb ), (qb , qb , qd )}. The corresponding game graph is depicted
in Figure 8.7.

qI

qI qI
qa qd qd qb

qb
qa
qd

qb
qa qa
qb qd
qa qI qd qa qd
qd qb

Fig. 8.7. A finite game graph

Since the state set of a tree automaton is finite, the game graph of GA is
finite as well and, according to Sections 6.3 and 6.4, the winning strategies for
both players are effectively computable. This allows us to solve the emptiness
problem.
Theorem 8.19. For parity tree automata it is decidable whether their recognized
language is empty or not.
150 Frank Nießner

Proof. Given a parity tree automaton A, we assume A to be an input-free tree

automaton that has a successful run iff Tω (A) = ∅. Due to Lemma 8.16, such
an automaton exists. Now we identify A with the parity game GA
and keep in
mind that the corresponding game graph is finite because A is input-free. From
our game-theoretical considerations we know that there is a successful run of A
if and only if in GA
Player 0 wins from some initial position (qI , a). Since we
can effectively compute the winning regions for Player 0 when the game graph
is finite, we are able to decide whether there exists a successful run of A . 


Corollary 8.20. If the language of a parity tree automaton is not empty, then
it contains a regular tree.

Proof. We let A and A be defined as in the proof of Theorem 8.19. Now we

assume to have a successful run of A and a memoryless winning strategy for
Player 0 in GA
from some starting position (qI , a). This strategy determines
a subgraph of the game graph which is in fact a deterministic input-free tree
automaton without acceptance condition. To see this, we just extract the transi-
tions out of the subgraph’s game positions for Player 1. The tree automaton can
be considered as a part of A and generates a regular tree in the second com-
ponent of its states. Clearly, this regular tree is in Tω (A) because A behaves
exactly like A does. 


Figure 8.8 shows an illustrative example of the situation described in the

proof above.

Example 8.21. Consider the finite game graph GA
depicted in Figure 8.7. We
observe the absence of second components in our illustration; just consider the
second entry to be the index of the corresponding state. Furthermore, assume the
coloring c(qI , I) = 1, c(qb , b) = 2, c(qa , a) = 3 and c(qd , d) = 4. Thus a winning
strategy could determine the subgraph emphasized by solid arcs in Figure 8.8.
The regular tree generated by the subgraph is the one depicted in Figure 8.6.

To conclude we give time bounds for solving the emptiness problem.

Corollary 8.22. (1) The emptiness test for parity tree automata can be carried
out in time   d/2 
rn
O d · r2 m
d/2
where d ≥ 2 is the number of priorities used in the coloring function.
(2) The emptiness test for parity tree automata is in UP ∩ co-UP.

Proof. We analyze the proof of Theorem 8.19. Let A = (Q, Σ, ∆, qI , c) be a parity

tree automaton. Furthermore, let |∆| = m, |Q| = n, and |Σ| = r. In a first step
we have to construct the input-free tree automaton A = (Q×Σ, ∆ , {qI }×Σ, c ).
So this automaton has at most rn states with at most r2 m transitions. Next
we identify A with the parity game GA
and observe that there exist at most
rn + r2 m vertices and at most 3r2 m edges in this game. The last step invokes
 8 Nondeterministic Tree Automata 151

qI

qI qI
qa qd qd qb

qb
qa
qd

qb
qa qa
qb qd
qa qI qd qa qd
qd qb

Fig. 8.8. Subgraph determined by Player 0’s memoryless winning strategy

an algorithm that computes the winning regions and the winning strategy for
Player 0. Here we should apply the best algorithm for the problem known so
far (Jurdziński’s algorithm [93]) which is thoroughly discussed in Section 7.5.
Chapter 6 also presents tight time bounds for this problem, depending on the
number of edges, vertices and colors in the game graph. Using this, we get the
above bound.
Furthermore, in Chapter 6 it is shown that solving finite parity games lies in
the complexity theoretic class UP ∩ co-UP. This proves the second claim. 


Exercise 8.8. Use the above corollary to provide upper bounds for the complexity
of the emptiness problem for Rabin tree automata.

8.6 Conclusions

In this chapter we have introduced finite-state automata that are able to consume
input trees instead of unidimensional structures. We have applied the acceptance
conditions presented in Chapter 1 to our tree automata and have obtained that
the resulting models are all equivalent with regard to their acceptance capa-
bilities. Büchi tree automata are an exception; they are weaker, even in their
nondeterministic version.
Subsequently we have identified a tree automaton and its input tree with an
infinite two-person game. This was significant, since it has allowed us to benefit
from various results about infinite games, especially in the proof of closure under
152 Frank Nießner

complementation for sets which are recognizable by finite tree automata. This
complementation result is essential to prove the decidability of monadic second-
order logic and thus demonstrates the importance of tree automaton concepts.
More about this will be presented in the Chapter 12.
We have next studied the algorithmic properties of finite tree automata and
have shown decidability of the emptiness problem for parity tree automata by
again utilizing results about infinite games on finite graphs.
9 Alternating Tree Automata and Parity Games

Daniel Kirsten

Institut für Algebra

Technische Universität Dresden

9.1 Introduction

Since Büchi’s work in 1960 [17], automata play an important role in logic. Nu-
merous different notions of automata provide decision and complexity results in
various kinds of logic. Often, one develops a method to translate some given for-
mula ϕ into an appropriate finite automaton A such that L(ϕ) = L(A). Such a
translation reduces the model checking problem and the satisfiability problem in
some logic to the word problem and the emptiness problem for finite automata.
Moreover, such a translation provides algorithms to solve the model checking
and the satisfiability problems on a computer. Consequently, one is interested
in the decidability and the complexity of the word and emptiness problems of
automata.
In this chapter, we introduce the notion of alternating tree automata. They
have been introduced in [202] to get a better understanding of the modal µ-
calculus. Thus, alternating tree automata work on transition systems (Kripke
structures). We state complexity results for the word problem, the emptiness
problem and complementation.
The notion of parity games and related results play a crucial role within the
whole chapter. Parity games provide three advantages:

(1) We use parity games to define the semantics of alternating tree automata,
i.e., we define whether an automaton accepts or rejects some transition sys-
tem by the existence of a winning strategy for Player 0 in an appropriate
parity game.
(2) Parity games provide a straightforward, convenient construction to comple-
ment a given alternating tree automaton; moreover, the fact that parity
games are determined is used to prove the correctness of this construction.
(3) We use parity games to show the decidability of the word problem and the
emptiness problem. By applying Jurdziński’s result[93], we achieve strong
complexity bounds.

The reader should be familiar with parity games as introduced in Chapter 2 and
5. To prove the decidability of the emptiness problem we use various notions
of automata on infinite words such as Büchi automata, Rabin- and Streett-
automata, parity automata, and transformations between them as introduced in
Chapter 1 of this book. We also apply Safra’s construction from Chapter 3.
The results from the present chapter will be used to examine the modal
µ-calculus in Chapters 10 and 11. In particular, the complexity results of the

E. Grädel et al. (Eds.): Automata, Logics, and Infinite Games, LNCS 2500, pp. 153-167, 2002.
 Springer-Verlag Berlin Heidelberg 2002
154 Daniel Kirsten

word problem and emptiness problem will be used to show complexity results
for model checking and satisfiability in the modal µ-calculus.
This chapter is organized as follows: In Section 9.2, we introduce some basic
notions. In Section 9.3, we introduce alternating tree automata and their seman-
tics formally. Sections 9.4, 9.5, and 9.6 are devoted to the three main results:
The decidability and complexity of the word problem, the complementation of
alternating tree automata, and the decidability and complexity of the emptiness
problem. Some remarks and exercises close this chapter.
The main ideas presented here are due to [202]. Our complementation of
alternating tree automata is based on an idea from [137] with some extensions
to our concept of alternating tree automata.

9.2 Preliminaries
We fix a set of propositional variables P during this chapter. A transition
system is a triple S = (S, R, λ) where
• S is a set called states,
• R ⊆ S × S is a relation, and
P
• λ : P → (S) is a mapping which assigns a set of states to every proposi-
tional variable.

P
Transition systems are also known as Kripke structures. If we consider the inverse
mapping γ −1 : S → (P ), then we can regard transition systems as labeled,
directed graphs. For every variable p ∈ P and every state s ∈ λ(p), we say that
p is true in s, and for s ∈ S \ λ(p), we say that p is false in s.
For every s ∈ S, we denote

sR = {s ∈ S | (s, s ) ∈ R} and Rs = {s ∈ S | (s , s) ∈ R}.

A pointed transition system (S, sI ) is a transition system S = (S, R, λ)

with an initial state sI ∈ S. We call a transition system S = (S, R, λ) (resp.
(S, sI )) finite iff S is finite and λ(p) = ∅ for just finitely many p ∈ P .

9.3 Alternating Tree Automata

Our notion of an alternating tree automaton originates from [202]. An alternating
tree automaton is a device which accepts or rejects pointed transition systems
by parsing the paths.
In Subsection 9.3.1, we define alternating tree automata formally. In Subsec-
tion 9.3.2, we consider their semantics. At first, we discuss an ad hoc approach to
define the behaviour of alternating tree automata on pointed transition systems.
Then, we present two methods to define formally whether an alternating tree
automaton accepts or rejects a pointed transition system. Both of these methods
are based on parity games. The first method uses an infinite arena for almost
 9 Alternating Tree Automata and Parity Games 155

every transition system and is convenient in some proofs, for instance, to show
the closure under complement. The second method uses a more compact arena,
in particular, a finite one if the transition system in question is finite, and is
used to examine the complexity of the word problem. In Proposition 9.2, we
show that these two ways to define the semantics are equivalent.
In Section 9.3.3, we show a small lemma which is used to show the complexity
of the emptiness problem.
In Section 9.3.4, we discuss a syntactic extension to our concept of alternating
tree automata.

9.3.1 Formal Definition of Alternating Tree Automata

To define alternating tree automata formally, we need the notion of transition

conditions. For now, let Q be some set of symbols. The transition conditions
TCQ over Q are defined as follows:

• The symbols 0 and 1 are transition conditions.

• For every p ∈ P , p and ¬p are transition conditions.
• For every q ∈ Q, q, 2q, and 3q are transition conditions.
• For every q1 , q2 ∈ Q, q1 ∧ q2 and q1 ∨ q2 are transition conditions.

Note that this definition does not allow transition conditions like q1 ∧ 2q2 or
p ∧ q for p ∈ P and q ∈ Q. Below, we will explain a method to allow these more
complex transition conditions without violating our definition. An alternating
tree automaton is a tuple A = (Q, qI , δ, Ω) where

• Q is a finite set of states of the automaton,

• qI ∈ Q is a state called the initial state,
• δ : Q → TCQ is called transition function, and
• Ω : Q → ω is called priority function.

For convenience, we denote

 
Q2 := q ∈ Q  ∃q  ∈ Q : δ(q) = 2q  and

 
Q3 := q ∈ Q  ∃q  ∈ Q : δ(q) = 3q  .
For states q ∈ Q we define − q := q  if δ(q) = 2q  or δ(q) = 3q  . Otherwise, −
→ →
q
−
→ −
→
is not defined. For subsets V ⊆ Q, we define V := { q | q ∈ V }.

9.3.2 The Behavior of Alternating Tree Automata

Informal Explanation. We examine the behavior of an alternating tree au-

tomaton A = (Q, qI , δ, Ω) on a pointed transition system (S, sI ). At first, we
follow a straightforward approach without using parity games:
In every step, the automaton is in some state q ∈ Q, and it inspects some
state s ∈ S of the transition system. We can describe the situation by a pair
(q, s) ∈ Q × S. We call the pairs in Q × S instances.
156 Daniel Kirsten

In the beginning, the automaton is in the initial state qI and inspects the
state sI of the alternating tree automaton.
Now, assume that the automaton is in the state q and it inspects the state s,
i.e., the current instance is (q, s). The automaton tries to execute the transition
condition δ(q). If δ(q) ∈ {0, 1}, δ(q) = p, or δ(q) = ¬p for some p ∈ P , then the
automaton needs not to take any action.
If δ(q) = q  ∈ Q then the automaton changes into the state q  , but it does not
move to another state of the transition system, i.e., the new situation is (q  , s). If
δ(q) = q1 ∧q2 or δ(q) = q1 ∨q2 , then the automaton splits itself into two instances
(q1 , s) and (q2 , s). If δ(q) = 2q  or δ(q) = 3q  , then the automaton parses the
relation R of S. The automaton splits into several instances. These instances are
in state q  and inspect the successors of s in S, i.e., for every (s, s ) ∈ R we get
an instance (q  , s ). Thus, the set of new instances is {q  } × sR.
The result of this process is a possibly infinite parse tree with instances as
nodes. The main question is how does this tree determine whether A accepts or
rejects the pointed transition system (S, sI ). To answer this question, we try to
develop a notion of a “successful instance”. If δ(q) is a propositional variable p
and p is true in the state s, then the instance (q, s) is successful. Similarly, if
δ(q) = ¬p and s ∈ λ(p), then the instance is successful. Conversely, if δ(q) = p
but s ∈ λ(p) (or δ(q) = ¬p but s ∈ λ(p)), then the instance is not successful. If
δ(q) = 1, then the instance succeeds, but if δ(q) = 0, then it does not succeed.
If δ(q) = q  , then we have seen above that the automaton changes its state
to q  , i.e., the new situation is (q  , s). Straightforwardly, we simply say that the
instance (q, s) is successful iff (q  , s) is successful.
If δ(q) = q1 ∧q2 , then the instance (q, s) succeeds iff both the instances (q1 , s)
and (q2 , s) succeed. If δ(q) = q1 ∨ q2 , then the instance succeeds iff at least one
of the instances (q1 , s) and (q2 , s) succeeds.
The case δ(q) = 2q  is very similar to the case δ(q) = q1 ∧ q2 , above. If
δ(q) = 2q  , then the instance (q, s) succeeds iff for every s ∈ sR the instance
(q  , s ) succeeds. Finally, if δ(q) = 3q  , then the instance (q, s) succeeds iff there
is at least one s ∈ sR such that (q  , s ) succeeds.
The automaton accepts the transition system (S, sI ) iff the initial instance
(qI , sI ) succeeds.
If we try to formalize this idea of the notion of a “successful instance” then
we will encounter problems:

• If the parse tree is infinite, then successful instances cannot be determined

in a bottom-up-fashion.
• If δ(q) = q  , the we simply said that the instance (q, s) is successful iff (q  , s)
is successful. However, if δ(q) = q, then we end up in an infinite loop.

We resolve these problems by viewing the “evaluation problem” as solving a

certain game where infinite plays—that is where we run into problems—are
decided according to some acceptance (winning) condition that we have seen in
earlier chapters.
 9 Alternating Tree Automata and Parity Games 157

Formal Definition. Now, we solve these problems by defining the acceptance

of alternating tree automata using parity games.
Let (S, sI ) be a pointed transition system, and let A = (Q, qI , δ, Ω) be an
alternating tree automaton. To define the behavior of a A on (S, sI ), we consider
sequences of pairs from Q × S, i.e., we consider words over the alphabet Q × S.
For a word v ∈ (Q × S)∗ and a letter (q, s) ∈ Q × S, the notation v(q, s)
denotes the concatenation of v and (q, s).
The behavior of A on (S, sI ) is the least language V ⊆ (Q × S)∗ with
(qI , sI ) ∈ V such that for every word v(q, s) ∈ V we have:
• If δ(q) = q  for some q  ∈ Q, then v(q, s)(q  , s) ∈ V .
• If δ(q) = q1 ∧ q2 or δ(q) = q1 ∨ q2 for some q1 , q2 ∈ Q, then v(q, s)(q1 , s) ∈ V
and v(q, s)(q2 , s) ∈ V .
• If δ(q) = 2q  or δ(q) = 3q  for some q  ∈ Q, then v(q, s)(q  , s ) ∈ V for every
s ∈ sR.
We use parity games to define acceptance. At first, we define an arena (V0 , V1 , E).
We split the behavior V into V0 and V1 to define the locations of Player 0 and
Player 1. Some word v(q, s) ∈ V belongs to V0 iff one of the following conditions
holds:
• δ(q) = 0,
• δ(q) = p and s ∈ λ(p),
• δ(q) = ¬p and s ∈ λ(p),
• δ(q) = q  ,
• δ(q) = q1 ∨ q2 for some q1 , q2 ∈ Q, or
• δ(q) = 3q  .
Conversely, some word v(q, s) ∈ V belongs to V1 iff one of the following conditions
holds:
• δ(q) = 1,
• δ(q) = p and s ∈ λ(p),
• δ(q) = ¬p and s ∈ λ(p),
• δ(q) = q1 ∧ q2 for some q1 , q2 ∈ Q, or
• δ(q) = 2q  .
Clearly, V0 and V1 are a partition of V . We complete the definition of the parity
game by defining the moves and the priority mapping:

   
• E := v, v(q, s)  v(q, s) ∈ V, v = 
 
• Ω v(q, s) := Ω(q) for every v(q, s) ∈ V
As explained above, (qI , sI ) is the initial location.
The automaton A accepts the pointed transition system (S, sI ) iff there is
a winning strategy for Player 0 in the parity game G = (V0 , V1 , E), Ω, (qI , sI ) .
The language of A consists of the pointed transition systems which A accepts
and is denoted by L(A).
158 Daniel Kirsten

Example 9.1. At first, we consider several very simple alternating tree automata
with Q = {qI }.

(1) Let δ(qI ) = 2qI and Ω(qI ) = 0. Let (S, sI ) be any pointed transition system.
Player 0 has not any location in G  . However, Player 1 cannot win. He looses
every finite play. He also looses every infinite play, because the only priority
is 0. Hence, the automaton accepts every pointed transition system.
(2) Let δ(qI ) = 2qI and Ω(qI ) = 1. Again, Player 0 has no location. Let (S, sI ) be
any pointed transition system with some infinite path starting at sI . Player
1 can win the game by playing along the infinite path.
Conversely, let (S, sI ) be any pointed transition system in which every path
starting from sI is finite. There are just finite plays in G  . Thus, Player 1
looses every play in G  .
Consequently, the automaton accepts every pointed transition system (S, sI )
which has no infinite path starting at sI .
(3) Let δ(qI ) = 3qI and Ω(qI ) = 1. This automaton accepts not any pointed
transition system.

Exercise 9.1. Construct alternating tree automata for the following languages.

(1) The language of all pointed transition systems where p is true in the desig-
nated state.
(2) The language of all pointed transition systems that have an infinite path
starting in the designated state.
(3) The language of all pointed transition systems where on each infinite path
starting in the designated state p is true only finitely often.

Exercise 9.2. Let (S, ∫I ) and (S  , ∫I ) be two pointed transition systems and as-
sume ρ is a bisimulation between the two systems, that is, ρ ⊆ S × S  such that
the following holds true.

(1) (sI , sI ) ∈ ρ.

(2) For all (s, s ) ∈ ρ and p ∈ P , p holds in s iff p holds in s .
(3) For all (s, s ) ∈ ρ and ŝ ∈ sR there exists ŝ ∈ s R such that (ŝ, ŝ ) ∈ ρ.
(4) For all (s, s ) ∈ ρ and ŝ ∈ s R there exists ŝ ∈ sR such that (ŝ, ŝ ) ∈ ρ.

Show that for every alternating tree automaton A the following is true. A accepts
(S, sI ) iff A accepts (S  , sI ).

An Alternative Formal Definition. A disadvantage of the parity game G

defined is that its arena is possibly infinite, even if (S, sI ) is finite. Moreover,
even if there is no infinite path in (S, sI ) the game G can be infinite. We need
some more convenient way to define the behavior, in particular, to show the
decidability of the word problem, below.
We still assume (S, sI ) and A = (Q, qI , δ, Ω) from above. Let [V ] ⊆ Q × S
and [E] ⊆ [V ] × [V ] be the smallest graph with (qI , sI ) ∈ [V ] such that for every
(q, s) ∈ [V ] we have:
 9 Alternating Tree Automata and Parity Games 159
 
• If δ(q) = q  for some q  ∈ Q, then (q  , s) ∈ V and (q, s), (q  , s) ∈ [E] .
• If δ(q)
 = q1 ∧q2 orδ(q)
 = q1 ∨q2 for  some q1 , q2 ∈ Q, then (q1 , s), (q2 , s) ∈ [V ]
and (q, s), (q1 , s) , (q, s), (q2 , s) ∈ [E].
 δ(q) = 2 q or δ(q) = 3q for some q ∈ Q, then (q , s ) ∈ [V ] and
    
• If
(q, s), (q , s ) ∈ [E] for every s ∈ sR.
To define an arena from [V ] and [E], we split [V ] into [V0 ] and [V1 ] as above.
We simply use the priority mapping Ω and the initial location (qI , sI ). We define
a parity game by  
G  := ([V0 ], [V1 ], [E]), Ω, (qI , sI ) .
Let [ ] : (Q×S)+ → (Q×S) be the mapping which assigns every word in (Q×S)+
the last letter. Thus, [ ] maps locations from V to [V ]. Moreover, [ ] preserves
edges and priorities, and Player 0’s and Player 1’s locations are mapped to Player
0’s and Player 1’s locations, respectively. Consequently, G  can be obtained by
applying [ ] to G.
Proposition 9.2. Player 0 has a winning strategy in G iff Player 0 has a win-
ning strategy in G  .
Proof. At first, we observe that the mapping [ ] can be extended to plays by
applying [ ] to every location in the play. Thus, [ ] transforms plays in G to plays
in G  . If π  is some play in G  , then there is a unique play π in G such that
[π] = π  . Note that π is simply the sequence of all prefixes of π  . A play π in G is
won by Player 0 iff [π] in G  is won by Player 0. Hence, [ ] is a “winner-preserving”
bijection between plays in G and plays in G  .
To prove Proposition 9.2, we have to show that Player 0 (resp. 1) has a
winning strategy in G if Player 0 (resp. 1) has a winning strategy in G  .
Let f0 : [V0 ] → [V ] be a winning strategy for Player 0 in G  . We define
a mapping f0 : V0 → V by f0 (v) := vf0 ([v]). Let π be a play in G which is
consistent with f0 . Then, [π] is consistent with f0 , and thus, [π] and π are won
by Player 0. Consequently, f0 is a winning strategy for Player 0 in G.
Clearly, we can apply a symmetric argument if f1 : [V1 ] → [V ] is a winning
strategy for Player 1 in G  . 


9.3.3 Inflated Transition Conditions

We call transition conditions of the form q ∧ q and q ∨ q for q ∈ Q inflated. The
following lemma allows to simplify some technical details, later.
Lemma 9.3. For every alternating tree automaton A = (Q, qI , δ, Ω) there is an
automaton A = (Q, qI , δ  , Ω) with L(A) = L(A ) such that for every q ∈ Q δ  (q)
is not inflated.
Proof. We define δ  : Q → TCQ for q ∈ Q by
 
q , if δ(q) = q  ∧ q  for some q  ∈ Q
δ  (q) := q  , if δ(q) = q  ∨ q  for some q  ∈ Q

δ(q) , otherwise
Clearly, δ  (q) is not inflated for q ∈ Q.
160 Daniel Kirsten

Let (S, sI ) be some pointed transition system. We want to show that A

accepts (S, sI ) iff A accepts (S, sI ).At first, we observe that  A has the same
behavior V on (S, sI ) as A . Let G = (V0 , V1 , E), Ω, (qI , sI ) be the parity game
to determine
whether A accepts
 (S, SI ). 
Let V̂ = v(q, s) ∈ V1  δ(q) = q  ∧ q  for some q  ∈ Q . The locations in V̂
have exactly one successor. The parity game
 
G  = (V0 ∪ V̂ , V1 \ V̂ , E), Ω, (qI , sI )

determines whether A accepts (S, sI ).

The plays in G are exactly the plays in G  . The locations in V̂ cannot be the
last location in a play and the priority mappings in G and G  are the same. Thus,
some play π in G is won by Player 0 iff π is won by Player 0 in G  .
Let f0 : V0 → V be a winning strategy for Player 0 in G. There is a unique
extension f0 : V0 ∪ V̂ → V . Now, assume some play π in G  which is consistent
with f0 . Then, π in G  is consistent with f0 , and thus π is won by Player 0.
Conversely, let f1 : V1 → V be a winning strategy for Player 1 in G. Clearly,
the restriction of f1 to V1 \ V̂ is a winning strategy for Player 1 in G  .
Consequently, Player 0 has a winning strategy in G iff he has a winning
strategy in G  , i.e., A accepts (S, sI ) iff A accepts (S, sI ). 


9.3.4 Complex Transition Conditions

Our definition of transition conditions TCQ is restrictive. One could imagine
more complex transition conditions. For instance, there are situations in which
a condition ϕ like “Change the inner state to q1 if p is true, otherwise change
the inner state to q2 .” or formally ϕ = (q1 ∧ p) ∨ (q2 ∧ ¬p) is convenient although
such a condition does not belong to TCQ .
To model such a condition, we introduce new states qϕ , q(q1 ∧p) , q(q2 ∧¬p) , qp ,
q¬p , and we define:
δ(qϕ ) := q(q1 ∧p) ∨ q(q2 ∧¬p)
δ(q(q1 ∧p) ) := q1 ∧ qp
δ(q(q2 ∧¬p) ) := q2 ∧ q¬p
δ(qp ) := p
δ(q¬p ) := ¬p

This can be easily generalized:

Remark 9.4. Alternating tree automata where transition conditions are built up
from 0, 1, p, and ¬p using ∨, ∧, 3, and 2 in any way are no more powerful than
ordinary alternating tree automata.
Example 9.5. We consider the states qϕ , q(q1 ∧p) , q(q2 ∧¬p) , qp , q¬p from above,
and we complete the definition of δ by δ(q1 ) = δ(q2 ) = 2qϕ . We set Ω(q1 ) = 2
and we set the priorities of the other states to 1. Let qϕ be the initial state.
The automaton accepts some pointed transition system (S, sI ) iff every infi-
nite path starting from sI contains infinitely many states in which p is true.
 9 Alternating Tree Automata and Parity Games 161

Exercise 9.3. Describe an alternating tree automaton which accepts a pointed

transition system (S, sI ) iff for any two states s1 , s2 ∈ S with s1 Rs2 the variable
p is true in s1 iff p is not true in s2 .

9.4 The Word Problem

In this section, we deal with the word problem, which means to decide whether
a given alternating tree automaton A accepts a given finite pointed transition
system (S, sI ). In Section 10, this result will be used to determine the complexity
of the model checking problem for the modal µ-calculus.
We cannot solve the word problem by computing the whole behavior, because
the behavior is possibly infinite, even if (S, sI ) is finite. However, we can reduce
the parity game from the previous section to a finite parity game.
Theorem 9.6. Let A = (Q, qI , δ, Ω) be an alternating tree automaton with d
different non-zero priorities and let (S, sI ) be a finite pointed transition system.
(1) There is an algorithm which computes in time

 
|Q||S| + 1 d/2
O d |Q| |R|+1
d/2
  
and in space O d |Q| |S| log |Q| |S| whether A accepts (S, sI ).
(2) The problem whether A accepts (S, sI ) is in UP ∩ co-UP.
Before we turn to the proof, let us understand the upper bound on the time
complexity stated in the first part of the theorem. Let us consider the transition
system complexity, i.e., we fix an automaton A and consider the complexity in
dependence on the pointed transition system (S, sI ). Then, d|Q| is a constant
factor. Clearly, |R| cannot exceed |S|2 . Hence,

we roughly estimate
 |R| + 1 by
d/2
|S| and simplify the above formula to O |S| (|Q||S|)
2 2
. Roughly spoken,
the run-time of the algorithm is proportional to |S|2+d/2 . If for example d = 2,
then the run-time is proportional to |S|3 , i.e., one can determine whether A
accepts (S, sI ) in reasonable time. However, if d = 20 then the run-time of the
algorithm is proportional to |S|12 . Then, the word problem will be practically
unsolvable for reasonably big pointed transition systems.
Proof. The complexity of the word problem is in UP ∩ co-UP, because the prob-
lem to decide whether Player 0 has a winning strategy is in UP ∩ co-UP as
explained in Chapter 6.
To prove the first part, we apply Jurdziński’s result to the parity game G  .
To prove the complexity bound of the word problem, we have to examine
carefully the number of locations and moves, i.e., we have to estimate |[V ]| and
|[E]| (cf. [202]). The set of locations [V ] is a subset of Q × S, i.e., there are
at most |Q||S| locations. Let S  ⊆ S be the set of states in (S, sI ) which are
reachable from qI . Every state in S  except sI has at least one predecessor.
Hence, |R| ≥ |S  | − 1.
162 Daniel Kirsten

To determine |[E]|, we count the number of successors of every location in

|[V ]|. The successors of a location (q, s) ∈ [V ] are (q, s)[E]. We have

|[E]| = |(q, s)[E]| = |(q, s)[E]|.
(q,s)∈[V ] q∈Q (q,s)∈[V ]

Let q ∈ Q be some state. We estimate the sum

|(q, s)[E]|.
(q,s)∈[V ]

If δ(q) ∈ {0, 1} or δ(q) ∈ {p, ¬p}, then (q, s) has no successor, and we have

|(q, s)[E]| = 0.
(q,s)∈[V ]

If δ(q) ∈ Q, then every location (q, s) ∈ [V ] has exactly one successor, i.e.,

|(q, s)[E]| ≤ |S  | ≤ |R| + 1.
(q,s)∈[V ]

If δ(q) = q1 ∧ q2 or δ(q) = q1 ∨ q2 for some q1 , q2 ∈ Q, then we have

|(q, s)[E]| ≤ 2|S  | ≤ 2(|R| + 1).
(q,s)∈[V ]

Now, assume δ(q) = 2q  or δ(q) = 3q  for some q  ∈ Q. For every (q, s) ∈ [V ],

we have (q, s)[E] = {q  } × sR, i.e, |(q, s)[E]| = |sR|. We have

|(q, s)[E]| = |sR| ≤ |sR| = |R|.
(q,s)∈[V ] (q,s)∈[V ] s∈S


To sum up, we have (q,s)∈[V ] |(q, s)[E]| ≤ 2(|R| + 1) and |[E]| ≤ 2|Q|(|R| + 1).
Now, we can apply Jurdziński’s algorithm (Theorem 7.25, Section 7.5).  

9.5 Complementation

An advantage of alternating tree automata is the straightforward solution of the

complementation problem: Given an alternating tree automaton A, we can effec-
tively construct an alternating tree automaton Ā which accepts the complement
of the language of A. To prove the correctness of the construction we use the fact
that parity games are determined in a crucial way. We follow ideas from [137].

Theorem 9.7. Let A = (Q, qI , δ, Ω) be an alternating tree automaton. There is

an alternating tree automaton Ā = (Q, qI , δ̄, Ω̄) such that Ā accepts the comple-
ment of the language of A.
 9 Alternating Tree Automata and Parity Games 163

The definition of Ω̄ : Q → ω and δ̄ : Q → TCQ is easy: We simply set for

every q ∈ Q the priority Ω̄(q) = Ω(q) + 1 and


 0 , if δ(q) = 1



 1 , if δ(q) = 0



 ¬p , if δ(q) = p for some p ∈ P


p
 , if δ(q) = ¬p for some p ∈ P
δ̄(q) := q  , if δ(q) = q  for some q  ∈ Q



 q1 ∧ q2 , if δ(q) = q1 ∨ q2 for some q1 , q2 ∈ Q



 q1 ∨ q2 , if δ(q) = q1 ∧ q2 for some q1 , q2 ∈ Q




 3
 
q , if δ(q) = 2q  for some q  ∈ Q
2q , if δ(q) = 3q  for some q  ∈ Q
 
Proof. Let (S, sI ) be a pointed transition system and G = (V0 , V1 , E), Ω, (qI , sI )
be the parity game from Section 9.3.2 which determines whether A accepts
(S, sI ). We show that A accepts (S, sI ) iff Ā does not accept (S, sI ).
We examine the parity game Ḡ which determines whether Ā accepts (S, sI ).
Intuitively, we simply change the ownership of every location, and we increase
every priority by 1. Let V = V0 ∪ V1 be the locations of G and G  . Let V  ⊆ V
be the locations v(q, s) ∈ V with δ(q) = q  for some q  ∈ Q. We do not change
the ownership of locations in V  . The automaton Ā accepts (S, sI ) iff there is
winning strategy for Player 0 in the parity game
 
Ḡ = (V1 ∪ V  , V0 \ V  , E), Ω̄, (qI , sI ) .

Because parity games are determined (cf. Section 6.3), we have to show that
there is a winning strategy for Player 0 in G iff there is no winning strategy
for Player 1 in Ḡ. The argument is very similar to in the proof of Lemma 9.3.
Therefore, it is left as Exercise 9.4. 


Exercise 9.4. Complete the proof of Theorem 9.7:

(1) Assume a winning strategy for Player 0 in G and construct a winning strategy
for Player 1 in Ḡ.
(2) Assume a winning strategy for Player 1 in Ḡ and construct a winning strategy
for Player 0 in G.

Exercise 9.5. Theorem 9.7 tells us that the languages recognizing by alternating
tree automata are closed under complementation. Show that they are closed
under intersection and union as well.

9.6 The Emptiness Problem

In this section, we show the decidability of the emptiness problem for alternating
tree automata. As a byproduct, we show that an alternating tree automaton A
accepts a finite pointed transition system if A accepts at least one transition
164 Daniel Kirsten

system. This result is used in Chapter 10 to show that the modal µ-calculus
has the finite model property which means that every satisfyable formula in the
modal µ-calculus has a finite model.
We fix some alternating tree automaton A = (Q, qI , δ, Ω). By Lemma 9.3, we
can assume that for every q ∈ Q the transition condition δ(q) is not inflated.
At first, we give the notion of a tile, which is a graph consisting of states
from A with various properties. We construct a parity game T from these tiles.
In the parity game T , Player 0 can use some arbitrary pointed transition system
in L(A) to construct a winning strategy. Conversely, if we assume some winning
strategy for Player 0 in T , we can construct some pointed transition system
which A accepts.

9.6.1 Tiles
A tile over Q is a graph ϑ = (Vϑ , Eϑ ) where Vϑ ⊆ Q, E ⊆ Vϑ × Vϑ and
(1) ∀q ∈ Vϑ : δ(q) = 0  
(2) ¬ ∃q1 , q2 ∈ Vϑ ∃p ∈ P : δ(q1 ) = p ∧ δ(q2 ) = ¬p
(3) ∀q ∈ Vϑ : δ(q) = q1 −→ (q, q1) ∈ Eϑ 
(4) ∀q ∈ Vϑ : δ(q) = q1 ∧ q2 −→ (q, q1 ) ∈ Eϑ ∧ (q, q2 ) ∈ Eϑ 
(5) ∀q ∈ Vϑ : δ(q) = q1 ∨ q2 −→ (q, q1 ) ∈ Eϑ ↔ (q, q2 ) ∈ Eϑ
(6) For every cycle in (Vϑ , Eϑ ) the maximal priority of its states is even.
Note that (q, q1 ) ∈ Eϑ in (3) (and similarly in (4) and (5)) implies q1 ∈ Vϑ .
Further, note that in condition (5) it is possible that both q1 and q2 belong
to Vϑ as long as exactly one of the pairs (q, q1 ) or (q, q2 ) belongs to Eϑ . For
condition (5), it is useful that there are no inflated transition conditions in A.
A tile with port is a tuple (ϑ, q) where ϑ = (Vϑ , Eϑ ) is some tile and
q ∈ Vϑ ∩ Q3 . We denote the set of all tiles and all tiles with port by Θ and Θp ,
respectively.
We call a tile with port ϑ0 = (Vϑ0 , Eϑ0 , q0 ) and a tile ϑ1 = (Vϑ1 , Eϑ1 )
(similarly tile with port ϑ1 = (Vϑ1 , Eϑ1 , qϑ1 )) concatenable iff − →
q0 ∈ Vϑ1 and
−−−−−−→
Vϑ0 ∩ Q2 ⊆ Vϑ1 .
Let g = (ϑ1 , q1 ), (ϑ2 , q2 ), · · · ∈ Θω be an infinite sequence of tiles with port
where (ϑi , qi ) and (ϑi+1 , qi+1 ) are concatenable for every i ∈ ω. We define the
graph of g in a usual way:

• V := i∈ω {i} × Vi

      
 
• E := i∈ω (i,
 q 
), (i, q 
)  (q , q ) ∈ Ei ∪
   (i, qi ), (i + 1, −
→
qi )
 i∈ω
∪ i∈ω (i, q), (i + 1, − →
q )  q ∈ Vi ∩ Q2
We call an infinite path π in (V, E) even iff the maximal priority which occurs
in π infinitely often is even. We call the sequence g even iff every infinite path
π in (V, E) is even.
There can be infinite paths π in (V, E) which get stuck in one tile, i.e., there
is some integer i such that vertices (i , q) for any i > i and any q ∈ Q do not
occur in π. These paths π are even, because of (6) in the definition of a tile.
 9 Alternating Tree Automata and Parity Games 165

Proposition 9.8. There is a deterministic parity ω-automaton C with

4
2O(|Q| log |Q|) states and priorities bounded by O(|Q|4 ) which accepts a sequence
of concatenable tiles g ∈ Θω iff g is even.

Proof. At first, we construct a non-deterministic parity ω-automaton B. Then,

we construct C by a determinization and a complementation of B.
The set of states of B are Q × {0, . . . , |Q|}. Thus, B has m := |Q|(|Q| + 1)
states. The initial state of B is (qI , 0).
We specify the transition function δ by a set of triples. Let (q1 , i1 ), (q2 , i2 )
be
 two states of B, and let  (V, E, q) be a tile with port. There is a transition
(q1 , i1 ), (V, E, q), (q2 , i2 ) in B iff

• there is some state q  ∈ V with q  ∈ Q2 or q  = q and −

→
q = q2 ,
• there is some path in (V, E) which starts in q1 and ends in q  , and
• the maximal priority of the states in this path is i2 .

The priority of a state (q, i) is i + 1. Clearly, B accepts some infinite sequence of

concatenable tiles iff this sequence is not even. Finally, we construct C in several
steps:

(1) We convert B into a non-deterministic Büchi automaton B1 with L(B) =

L(B1 ). This transformation is straightforward. The automaton B1 has O(m2 )
states.
(2) We apply Safra’s construction (see Chapter 4) and transform B1 into a de-
2 2
terministic Rabin-automaton B2 . The automaton B2 has 2O(m log m ) states
and O(m2 ) accepting pairs.
(3) We realize that B2 is a deterministic Streett automaton for the complement
of the language of the Rabin-automaton B2 (see Chapter 1).
(4) We transform the Streett automaton B2 into a deterministic parity automa-
2 2
ton C (see Chapter 1). The automaton C still has 2O(m log m ) states and
O(m2 ) priorities. 


9.6.2 Parity Games over Tiles

We denote the set of states of the automaton C by QC an its initial state by qIC .
We construct a parity game T over tiles.
The locations are V0 := QC × Θp and V1 := QC × Θ.
We define the set of moves E. For every state q C ∈ QC and every tile with
port (ϑ, q) ∈ Θp , there is a move from (q C , ϑ) ∈ V1 to (q C , ϑ, q) ∈ V0 .
Let (q C , ϑ, q) ∈ V0 , and let (q1C , ϑ1 ) ∈ V1 . There is a move from (q C , ϑ, q) to
(q1C , ϑ1 ) iff (ϑ, q) and ϑ1 are concatenable and C admits a transition from q C to
q1C via (ϑ, q). Consequently, a move of Player 0 means to construct a tile, the
state q1C is determined by the automaton C. We can imagine Player 0 and 1 as
“tile constructor” and “port selector”, respectively.
We define the priority ΩT of a location (q C , ϑ) (resp. (q C , ϑ, q)) as the priority
of the state q C in the parity automaton C.
166 Daniel Kirsten

For convenience, we define a set of initial locations: Every location (qIC , ϑ)

of Player 0 is an initial location iff qI ∈ Vϑ . As the very first action in a play
Player 0 chooses one of these initial locations. A winning strategy for Player 0
has additionally to specify some initial location which Player 0 has to choose to
start the game. To know whether Player 0 has a winning strategy in some parity
game with multiple initial locations, we calculate Player 0’s winning region by
Jurdziński’s algorithm and check whether an initial place belongs to Player 0’s
winning region.
Theorem 9.9. The following three assertions are equivalent:

(1) The automaton A accepts at least one pointed transition system.

(2) There is a winning strategy for Player 0 in T .
(3) The automaton A accepts some pointed transition system with at most
4
2O(|Q| log |Q|) states.

Proof. (1) ⇒ (2) Let (S, sI ) be some pointed transition system which A accepts.
We consider the parity game G  from the proof of Theorem 9.6. Let f : [V0 ] → [V ]
be a memoryless winning strategy for Player 0 in G  . We construct a winning
strategy for Player 0 in T . The winning strategy which we construct is not
necessarily memoryless.
At first, we show a mechanism how Player 0 can construct tiles. He construct
tiles outgoing from some set V ⊆ Q w.r.t. some state s ∈ S. Player 0 starts his
construction with (V, ∅). He chooses some state q ∈ V , and adds new states and
edges in order to satisfy the closure properties (3), (4), (5) in the definition of a
tile. If for example δ(q) = q1 ∧ q2 , he adds two states q1 and q2 and two edges
(qI , q1 ) and (qI , q2 ) to the tile. Then, he has to take care about both q1 and q2 .
For example, let δ(q1 ) = q3 ∨ q4 . To satisfy property (5), Player 0 has to choose
between q3 and q4 . He simply calculates f (s, q1 ). If f (s, q1 ) = (s, q3 ), he adds
state q3 and the edge (q1 , q3 ) to his tile. Conversely, if f (s, q1 ) = (s, q4 ), he adds
q4 and (q1 , q4 ) to his tile.
Now, we explain a winning strategy for Player 0. At the beginning, Player
0 constructs a tile outgoing from {qI } w.r.t. sI . Let us call this tile ϑ1 . Player
0 chooses (qIC , ϑ1 ) as initial location. Next, Player 1 chooses some port, i.e., he
chooses a state from q ∈ Vϑ1 ∩ Q and moves to (qIC , ϑ1 , q).
Then, Player 0 has to move to a state/tile pair (q2C , ϑ2 ). It suffices to construct
ϑ2 , because q2C is determined by C. Let f (sI , q) = (s , q  ). Player 0 constructs ϑ2
−−−−−−→
outgoing from Vϑ1 ∩ Q2 ∪ {− →q } w.r.t. s .
It is easy but technically involved to verify that this technique yields a win-
ning strategy for Player 0.
(2) ⇒ (3) Let f : V0 → V1 be a memoryless winning strategy for Player 0 in
the parity game T .
We construct a pointed transition system which A accepts. Its states are
Player 1’s locations V1 = QC × Θ. We can estimate |V1 | by |QC | |Θ|, which is
4 2 4
2O(|Q| log |Q|) · 2|Q|+|Q| , i.e., 2O(|Q| log |Q|) .
 9 Alternating Tree Automata and Parity Games 167

To define λ : P → ℘(V0 ), condition (2) in the definition of a tile is crucial.

For some p ∈ P and some location (q C , ϑ) ∈ V0 , we let (q C , ϑ) ∈ λ(p) iff there is
some state q ∈ Vϑ with δ(q) = p.
Let (qIC , ϑI ) ∈ V1 be the location which Player 0 chooses as initial location.
This location is the initial state of our pointed transition system. We define the
accessibility relation: There is some edge from (q1C , ϑ1 ) to (q2C , ϑ2 ) iff there is
some state q ∈ Vϑ1 ∩ Q3 such that f (q1C , ϑ1 , q) = (q2C , ϑ2 ), i.e., iff the winning
strategy of Player 0 in T leads to (q2C , ϑ2 ).
It remains to show that A really accepts this pointed transition system. We
consider the “small” parity game G  from the the proof of Theorem 9.6. Let
(q C , ϑ, q) be some location of Player 0. If δ(q) = q1 ∨ q2 for some q1 , q2 ∈ Q,
then the winning strategy for Player 0 is determined within the tile ϑ itself. If
δ(q) = 3q1 for some q1 ∈ Q, then Player 0 simply uses the winning strategy f
from T .
(3) ⇒ (1) This is obvious. 


Corollary 9.10. The problem whether some alternating tree automaton accepts
at least one pointed transition system is decidable in Exptime.

Exercise 9.6. Let T be a class of pointed transition systems and P  ⊆ P . The

cylindrification of T with respect to P  consists of all pointed transition systems
that coincide with some transition system from T on all propositions except the
ones from P  . Show that if T is recognized by an alternating tree automaton,
then so are its cylindrifications.

9.7 Acknowledgements
The author thanks Thomas Wilke for reading and improving a preliminary ver-
sion of this chapter.
10 Modal µ-Calculus and Alternating Tree
Automata

Júlia Zappe

Institut für Informatik

Ludwig-Maximilians-Universität München

10.1 Introduction

The modal µ-calculus is a logic that combines simple modal operators with
fixed point operators to provide a form of recursion. The modal µ-calculus—as
we use it today—was introduced in 1983 by Dexter Kozen [100]. It is well suited
for specifying properties of transition systems. For this reason, there is a great
interest in efficient solutions of the model checking and the satisfiability problem.
In this chapter these problems will be reduced to the corresponding prob-
lems for alternating tree automata, that is, to the problems of acceptance and
nonemptiness, respectively. This will be realised by giving a translation which
constructs for every formula ϕ an alternating tree automaton A(ϕ). Such an au-
tomaton accepts a pointed transition system iff the formula ϕ holds true in this
transition system. Solutions of the acceptance problem and the nonemptiness
problem were already given in Chapter 9.
The first comprehensive survey about the close connection between fixed
point calculi and alternating tree automata was given by Damian Niwiński in
[139]. The investigations presented in [139] are rather general and applicable to
a number of fixed point calculi. The translation described in this chapter was
introduced by Thomas Wilke in [202] and is specific to the modal µ-calculus.

P
Notation. As in the previous chapters ω denotes the set of the natural numbers.
The power set of a set S is denoted by (S). Further, we fix an enumerable set
P of propositional variables.
With regard to parity games we will use the notations and notions introduced
in Chapter 6. In addition, for a parity game G and a vertex v ∈ V G let G ↓ v
denote the subgame of G consisting of the vertices of G reachable from v, having
the same edges between them and the same priorities as in the game G.
When proving the correctness of our translation the following lemma about
parity games will be useful:

Lemma 10.1. Let (G, v) be an initialised parity game, f a memoryless winning

strategy for Player 0 in this game and π a play consistent with f . Let v  = π(i)
for some i ∈ ω. Then the restriction of f to the vertices of G ↓ v  is a winning
strategy for Player 0 in the game G ↓ v  .

Exercise 10.1. Prove the above lemma.

E. Grädel et al. (Eds.): Automata, Logics, and Infinite Games, LNCS 2500, pp. 171-184, 2002.
 Springer-Verlag Berlin Heidelberg 2002
172 Júlia Zappe

Transition systems and pointed transition systems are defined as in Chap-

ter 9. Let S = (S, R, λ) be a transition system, S  ⊆ S and p ∈ P a propositional
variable. The interpretation λ[p → S  ] is defined by


  S if p = p
λ[p → S ](p ) = 
λ(p ) if p = p

S[p → S  ] denotes the following transition system:

S[p → S  ] = (S, R, λ[p → S  ])

The acceptance for alternating tree automata was defined in Chapter 9 in

terms of winning strategies in certain parity games. We will write G(A, S, s) for
the “simpler” corresponding (initialised) parity game with vertices V ⊆ Q × S
where Q is the set of states of A and S the set of states of S. This parity game was
constructed for finite pointed transition systems in Chapter 9, Subsection 9.3.2,
as an alternative definition for the behaviour of an alternating tree automaton,
see also Proposition 9.2.
An important notion concerning the complexity of an alternating tree au-
tomaton is its index. In order to define it we first need the notion of the tran-
sition graph of A. Let A = (Q, qI , δ, Ω) be an alternating tree automaton. The
transition graph G(A) has the set Q as vertex set. There is an edge from a vertex
q to q  iff q  appears in the transition condition δ(q).
Now we can define the index of A.
Let C A be the set of all strongly connected components of G(A). For C ∈ C A ,
let mAC be the number of different priorities of states occurring in C, i.e.,

mA A
C = |{Ω (q) | q ∈ C}|

The index of the automaton is defined as the maximum of all these values, i.e.,

ind(A) = max({mA A
C | C ∈ C } ∪ {0})

10.2 Modal µ-Calculus

In this Section we introduce the modal µ-calculus. First we give the definitions
of syntax and semantics for the modal µ-calculus. Then we introduce the notion
of alternation depth of a formula.

10.2.1 Syntax
Definition 10.2. The set Lµ of formulas of the modal µ-calculus is inductively
defined as follows:
- ⊥,  ∈ Lµ .
- For every atomic proposition p ∈ P : p, ¬p ∈ Lµ .
- If ϕ, ψ ∈ Lµ then ϕ ∨ ψ, ϕ ∧ ψ ∈ Lµ .
 10 Modal µ-Calculus and Alternating Tree Automata 173

- If ϕ ∈ Lµ then 2ϕ, 3ϕ ∈ Lµ
- If p ∈ P , ϕ ∈ Lµ and p occurs in ϕ only positively then µp ϕ, νp ϕ ∈ Lµ .

Remark 10.3. Note that in the definition of Lµ negations can only be applied
to propositional variables. However, we will see that the negation of an arbi-
trary formula can easily be expressed, using de Morgan laws and the following
equivalences:
ψ1 ∨ ψ2 ↔ ¬(¬ψ1 ∧ ¬ψ2 ) , (10.1)
3ψ ↔ ¬2¬ψ , (10.2)
µp ψ ↔ ¬νp¬ψ[p/¬p] , (10.3)
where ψ[p/¬p] means that in ψ every occurrence of p is replaced by ¬p and vice
versa. We defined Lµ in this way (without using auxiliary fixed point variables),
because the translation of formulas into automata is simpler for formulas of this
form.

The operators µ and ν are called fixed point operators. They are viewed as
quantifiers. Accordingly, the set free(ϕ) of free variables of an Lµ formula ϕ is
defined inductively as follows:
- free(⊥) = free() = ∅,
- free(p) = free(¬p) = {p},
- free(ϕ ∨ ψ) = free(ϕ ∧ ψ) = free(ϕ) ∪ free(ψ),
- free(2ϕ) = free(3ϕ) = free(ϕ),
- free(µp ϕ) = free(νp ϕ) = free(ϕ) \ {p}.
The sets Fµ and Fν of µ- and ν-formulas, respectively, are defined as follows:
Fµ = {µp ψ | ψ ∈ Lµ } ,
Fν = {νp ψ | ψ ∈ Lµ } .
Formulas from the set Fη = Fµ ∪ Fν are called fixed point formulas.

10.2.2 Semantics
Formulas of the modal µ-calculus are interpreted on pointed transition systems.
The modal operators 3 and 2 have their usual meaning. In order to define the
semantics of fixed point formulas we need the Knaster–Tarski Theorem for the
special case of the power set lattice:
P
Proposition 10.4 (Knaster and Tarski). Let S be a set and g : (S) → (S) P
a function monotonic with respect to set inclusion. Then g has a least fixed
point µg and a greatest fixed point νg. These fixed points satisfy the following
equations:

µg = {S  ⊆ S | g(S  ) ⊆ S  } ,

νg = {S  ⊆ S | g(S  ) ⊇ S  } .
174 Júlia Zappe

The proof of this theorem and further results on fixed points are summarised in
the Appendix of this book, Chapter 20.
Definition 10.5. Let S = (S, R, λ) be a transition system. For a formula ϕ ∈ Lµ
the set ϕS ⊆ S is defined as follows:

- ⊥S = ∅, S = S ,
- pS = λ(p), ¬pS = S \ λ(p) for p ∈ P ,
- ψ1 ∨ ψ2 S = ψ1 S ∪ ψ2 S ,
- ψ1 ∧ ψ2 S = ψ1 S ∩ ψ2 S ,
- 2ψS = {s ∈ S | sR ⊆ ψS } ,
- 3ψS = {s ∈ S | sR ∩ ψS = ∅} ,

- µp ψS = {S  ⊆ S | ψS[p→S
] ⊆ S  } ,

- νp ψS = {S  ⊆ S | ψS[p→S
] ⊇ S  } .

Intuitively, ϕS denotes the set of states where ϕ holds true. For a pointed
transition system (S, s) and a formula ϕ ∈ Lµ we will write (S, s) |= ϕ for
s ∈ ϕS .
Note that µp ψS and νp ψS are the least and greatest fixed points, resp.,
of the following function:

g: P (S) → P (S), S  → ψS[p→S
]

This function is monotonic because of the condition on ψ stated in Definition 10.2

that p occurs in ψ only positively.

Exercise 10.2. Prove the above claim about negating Lµ -formulas, see (10.1)–
(10.3).

Let ϕ, ψ be Lµ formulas. We will write ψ ≤ ϕ for “ψ is a subformula of ϕ”

and ψ < ϕ for “ψ ≤ ϕ and ψ = ϕ”.
A formula ϕ ∈ Lµ is in normal form if every propositional variable p in
ϕ is quantified at most once and all occurrences of p are in the scope of its
quantification. For a bound variable p occurring in a formula ϕ in normal form,
the unique subformula ηp ψ (for η ∈ {µ, ν}) of ϕ will be denoted by ϕp . Clearly,
for every Lµ formula one can easily build an equivalent formula in normal form
just by renaming bound variables, if it is necessary.
Let us now give a couple of examples to indicate how properties of transition
systems can be described by formulas of the modal µ-calculus.

Example 10.6. Let ϕ := νp0 (ψ ∧ 3p0 ). This formula can be read as follows: ϕ
holds true in the current state s0 iff ψ holds true in s0 and there is a successor s1
of s0 at which ϕ holds true. By unfolding the formula ϕ it follows that ψ holds
true at s1 and that s1 also has a successor s2 such that at s2 the formula ϕ holds
true. Since ϕ is a greatest fixed point, we may loop for ever and we obtain an
infinite path such that at each vertex on this path ψ holds true.
 10 Modal µ-Calculus and Alternating Tree Automata 175

Exercise 10.3. Give an Lµ -formula ϕ such that the following holds: s ∈ ϕS iff
all paths in S starting in s are finite.

Exercise 10.4. Let ψ be an Lµ -formula and S = (S, R, λ) a transition system.

Find an Lµ -formula ϕ such that (S, s) |= ϕ iff there exists a state reachable from
s in which ψ holds.

Exercise 10.5. Let ψ be an arbitrary Lµ -formula, S = (S, R, λ) a transition

system and s ∈ S. Give an Lµ -formula ϕ with the following property: s ∈ ϕS
iff there exists a path π starting in s such that on this path the formula ψ holds
true infinitely often, that is, the set {i ∈ ω | π(i) ∈ ψS } is infinite.

Example 10.7. Let G = (V0 , V1 , E, Ω) be a parity game as defined in Chapter 6

and X ⊆ V = V0 ∪ V1 . Let S = (S, R, λ) be a transition system and p, p0 ∈ P
propositional variables such that the following holds:
- S=V
- R=E
- λ(p) = X and λ(p0 ) := V0

The attractor set Attr0 (G, X) for Player 0 (c. f. Section 6.2 in Chapter 6) can be
defined by the following formula:

ϕ := µp (p ∨ ((p0 ∧ 3p ) ∨ (¬p0 ∧ 2p ))),

that is, (S, v) |= ϕ iff v ∈ Attr0 (G, X). Here, we use the least fixed point operator,
because a vertex in X must be reached after a finite number of steps and thus,
the equation p = p ∨ ((p0 ∧ 3p) ∨ (¬p0 ∧ 2p )) may be applied only finitely
many times.

Example 10.8. Let G be a max-parity game with |{Ω(v)|v ∈ V }| = n+1 (without

loss of generality Ω(V ) = {0, . . . , n}), S a transition system and p0 , . . . , pn , p ∈
P such that the following holds:
- S=V
- R=E
- λ(pi ) = Ω −1 ({i}), λ(p) = V0

We give a formula ϕ that describes the set of winning positions for Player 0 in
the game G:
 
 
ϕ = ηpn η̄pn−1 ηpn−2 . . . νp0  (p ∧ pi ∧ 3pi ) ∨ (¬p ∧ pi ∧ 2pi )
i≤n i≤n

where η = η̄ and η = µ if n is odd and η = ν if n is even. In order to see that this

formula is correct, i.e., (S, v) |= ϕ iff (G, v) is won by Player 0, one constructs
the automaton A(ϕ) and compares it with the automaton that was constructed
in Chapter 9.
176 Júlia Zappe

Remark 10.9. The interpretation of a formula does not depend on the interpreta-
tion of its bound variables, i.e., for a formula ϕ with p ∈
/ free(ϕ) and a transition
system S the following holds: ϕS = ϕS[p→S
] for all S  ⊆ S.

Now we define the graph, G(ϕ) = (V (ϕ), E(ϕ)), of an Lµ formula ϕ in

normal form.
V (ϕ) := {ψ ∈ Lµ | ψ is a subformula of ϕ}
The edge relation E(ϕ) is defined inductively:

- if ϕ = ⊥, , p, ¬p, then E(ϕ) := ∅,

- if ϕ = ψ1 ∨ ψ2 , ψ1 ∧ ψ2 , then E(ϕ) := E(ψ1 ) ∪ E(ψ2 ) ∪ {(ϕ, ψ1 ), (ϕ, ψ2 )},
- if ϕ = 2ψ, 3ψ, then E(ϕ) := E(ψ) ∪ {(ϕ, ψ)},
- if ϕ = µp ψ, νp ψ, then E(ϕ) := E(ψ) ∪ {(ϕ, ψ), (p, ϕ)}

For a formula ψ in G(ϕ) let SCCϕ (ψ) denote the strongly connected compo-
nent of G(ϕ) the formula belongs to.

10.2.3 Alternation Depth

Now we define the notion of alternation depth of an Lµ formula, that is,

the number of alternations between µ- and ν-operators. We could simply count
syntactic alternations between least and greatest fixed point operators, but we
prefer to use a more sophisticated definition that was introduced by Damian
Niwiński in [138]. This definition yields better complexity bounds, e. g. for the
model-checking for the modal µ-calculus.
Definition 10.10. For a formula ϕ ∈ Lµ in normal form its alternation depth
α(ϕ) is defined inductively:

- α(⊥) = α() = α(p) = α(¬p) = 0

- α(ψ1 ∧ ψ2 ) = α(ψ1 ∨ ψ2 ) = max{α(ψ1 ), α(ψ2 )}
- α(2ψ) = α(3ψ) = α(ψ)
- α(µp ψ) = max({1, α(ψ)} ∪ {α(νp ψ  ) + 1 | νp ψ  ≤ ψ, p ∈ free(νp ψ  )})
- α(νp ψ) = max({1, α(ψ)} ∪ {α(µp ψ  ) + 1 | µp ψ  ≤ ψ, p ∈ free(µp ψ  )})

This can be rephrased as follows. Let ϕ an Lµ formula. Consider the graph

G(ϕ) of ϕ and suppose that the alternation depths of all proper subformulas of ϕ
have already been determined. Let M be the maximum of all these values. If ϕ is
a fixed point formula ηp ψ and it has a subformula η  p ψ  ∈ SCCϕ (ϕ) such that
η = η  , p ∈ free(η  p ψ  ) and α(η  p ψ  ) = M , then α(ϕ) = M + 1. Otherwise the
alternation depth of ϕ is max(1, M ). If ϕ is not a fixed point formula, then its
alternation depth is simply M . In particular, the alternation depth of a formula
is greater or equal to the alternation depth of any subformula.

Example 10.11. Let ϕ be the formula from Example 10.6, now letting ψ = p,
that is, ϕ := νp0 (p ∧ 3p0). By Definition 10.10, the alternation depth of this
formula is equal to 1.
 10 Modal µ-Calculus and Alternating Tree Automata 177

Example 10.12. Let ϕ := νp1 (µp2 (p ∨ 3p2 ) ∧ 2p1 ). Then α(µp2 (p ∨ 3p2 )) = 1
/ free(µp2 (p ∨ 3p2 )) the alternation depth of ϕ is 1.
and because of p1 ∈

Example 10.13. Let ψ = µp1 ((p2 ∧p0 )∨p1 ) and ϕ := νp2 (3ψ). Clearly, α(3ψ) =
α(ψ) = 1. Since p2 ∈ free(ψ), it follows that α(ϕ) = 2.

10.3 Translation into Alternating Tree Automata

We now give a translation which for every Lµ formula ϕ constructs an alternating

tree automaton A(ϕ) such that the following is true:

(S, s) ∈ L(A(ϕ)) iff (S, s) |= ϕ

As already mentioned in the introduction, by using this translation the model-

checking and the satisfiability problem can be reduced to the acceptance and
the nonemptiness problem, resp., for alternating tree automata. Thus, the cor-
responding results of Chapter 9, namely Theorem 9.6 and Theorem 9.9, can be
applied.
Since we aim at using the automaton A(ϕ) to obtain efficient solutions for the
above mentioned problems, it is important that our translation is also efficient.
In other words, we would like to keep the automaton as small as possible. Beside
the size of the state space, another characteristic number for the size of an
alternating tree automaton is its index. The translation we are going to present
here is such that the number of the states of A(ϕ) is equal to the number of
subformulas of ϕ and the index of A(ϕ) is equal to the alternation depth of the
formula ϕ.

10.3.1 Formal Definition

Let ϕ be an Lµ formula in normal form. The structure of the automaton A(ϕ)

that will be constructed is very similar to the structure of the graph G(ϕ) of
the formula. For each subformula ψ of ϕ the automaton has a state denoted by
ψ. The initial state is ϕ itself. A state χ occurs in the transition condition
δ(ψ) of the state ψ iff χ is a successor of ψ in the graph G(ϕ). In addition,
the transition function reflects the outermost connective of ψ.
For example, δ(ψ1 ∧ ψ2 ) = ψ1  ∧ ψ2  and δ(3ψ) = 3ψ. In the case that
ψ = p for a propositional variable p ∈ free(ϕ) the automaton has simply to
check if in the current state p holds true. Thus, δ(p) = p. More interesting is
the case in which p is a bound variable in ϕ. Let ϕp = ηp ψ be the subformula of
ϕ that binds p. Then δ(p) = ϕp , that is, when unfolding the equation “ϕp =
ψ[p := ϕp ]” will be applied. The difference between the least and the greatest
fixed points will be expressed by the priority function. Least fixed point formulas
obtain an odd, greatest fixed point formulas an even priority. In addition, fixed
point formulas with greater alternation depth also have a higher priority.
178 Júlia Zappe

Definition 10.14. Let ϕ be an Lµ formula in normal form. We define the al-

ternating tree automaton A(ϕ) as follows:

A(ϕ) = (Q, qI , δ, Ω)

where
- Q := {ψ | ψ ≤ ϕ},
- qI := ϕ,
- δ : Q → TCQ is defined by:
δ(⊥) = 0, δ() = 1,


p if p ∈ free(ϕ),
δ(p) = δ(¬p) = ¬p,
ϕp  if p ∈
/ free(ϕ),
δ(ψ ∧ χ) = ψ ∧ χ, δ(ψ ∨ χ) = ψ ∨ χ,
δ(2ψ) = 2ψ, δ(3ψ) = 3ψ,
δ(µp ψ) = ψ, δ(νp ψ) = ψ.

- The priority function Ω : Q → ω is defined by:

Ω(ψ) = the smallest odd number greater or equal to α(ψ) − 1 for ψ ∈ Fµ ,
Ω(ψ) = the smallest even number greater or equal to α(ψ)− 1 for ψ ∈ Fν ,
Ω(ψ) = 0 for ψ ∈
/ Fη .
Remark 10.15. Since the acceptance for this automaton is defined in terms of
the parity game G := G(A(ϕ), S, s), we now analyse this game. Its initial vertex
is (ϕ, s). The edge relation E G is given by


{(ψ  , s ) | ψ   in δ(ψ)} if ψ = 2ψ  , 3ψ 
(ψ, s )E G =
{(ψ , s ) | ψ  in δ(ψ), s ∈ s R} if ψ = 2ψ  , 3ψ 
    

The priority of a vertex v := (ψ, s) where ψ is a fixed point formula depends

on the alternation depth of ψ and on the outermost fixed point operator; for a
µ-formula the priority is odd and for a ν-formula the priority is even.
A vertex v = (ψ, s ) belongs to Player 0 iff
- ψ = ⊥,
- ψ = p, p ∈ free(ϕ) and s ∈
/ λ(p),
- ψ = ¬p, p ∈ free(ϕ) and s ∈ λ(p),
- ψ = p, p ∈/ free(ϕ),
- ψ = ηp ψ  ,
- ψ = ψ1 ∨ ψ2 for some ψ1 , ψ2 ∈ Lµ ,
- ψ = 3ψ  .
In all other cases, it belongs to Player 1. Note that the structure of the game
(the game graph) does not depend on the mapping λ of the transition system
S. Further, for ψ = p ∈ free(ϕ) the question whether a vertex (ψ, s) belongs
to Player 0 or to Player 1 depends only on λ. For all other formulas it depends
neither on ϕ nor on S.
 10 Modal µ-Calculus and Alternating Tree Automata 179

10.3.2 Correctness

We prove the correctness of the translation presented in the previous section and
start with a couple of lemma.
We will write G(ψ, S, s) for the game G(A(ψ), S, s).

Lemma 10.16. Let ψ1 , ψ2 be Lµ formulas in normal form. Then the following

is true:
L(A(ψ1 ∧ ψ2 )) = L(A(ψ1 )) ∩ L(A(ψ2 )),
L(A(ψ1 ∨ ψ2 )) = L(A(ψ1 )) ∪ L(A(ψ2 )).

Proof. We only prove the first assertion, the proof of the second assertion being
similar.
“⊆”: Let (S, s) ∈ L(A(ψ1 ∧ ψ2 )). By the definition of acceptance for alternat-
ing tree automata (cf. Chapter 9) there exists a memoryless winning strategy f
for Player 0 in the initialised parity game G(ψ1 ∧ψ2 , S, s). By Lemma 10.1, it fol-
lows that Player 0 has winning strategies for the games G(ψ1 ∧ψ2 , S, s) ↓ (ψi , s).
Since G(ψi , S, s) = G(ψ1 ∧ ψ2 , S, s) ↓ (ψi , s), the claim follows.
“⊇”: Let (S, s) ∈ L(A(ψ1 )) ∩ L(A(ψ2 )), that is, Player 0 has winning strate-
gies f01 and f02 for the games G(ψ1 , S, s) and G(ψ2 , S, s), respectively. Then
Player 0 can play in the game G(ψ1 ∧ ψ2 , S, s) as follows: the initial vertex
(ψ1 ∧ ψ2 , s) belongs to Player 1 and it has exactly two successors, namely
(ψ1 , s) and (ψ2 , s). If Player 1 chooses (ψ1 , s), then Player 0 can play in
accordance with f01 and he wins. Similarly, if Player 1 chooses the other successor
of the initial vertex, Player 0 can play in accordance with f02 and he also wins.
Therefore Player 0 wins the game G(ψ1 ∧ ψ2 , S, s). 2
Lemma 10.17. Let ψ be an Lµ formula in normal form. Then the following is
true:
L(A(2ψ)) = {(S, s) | ∀s ∈ sR : (S, s ) ∈ L(A(ψ)),
L(A(3ψ)) = {(S, s) | ∃s ∈ sR : (S, s ) ∈ L(A(ψ))}.

Proof. We only prove the second assertion.

“⊆”: Let (S, s) ∈ L(A(3ψ)). By the definition of acceptance, Player 0 has
a memoryless winning strategy f in the game (G, v0 ) := G(3ψ, S, s). This game
has the initial vertex v0 = (3ψ, s) which belongs to Player 0. Further, the
following is true:
v0 E G = {(ψ, s ) | s ∈ sR}.
Since f is a winning strategy for Player 0, there is an s ∈ sR such that f (v0 ) =
(ψ, s ). Because of G(ψ, S, s ) = G(3ψ, S, s) ↓ (ψ, s ), by Lemma 10.1 it follows
that the restriction of f to this subgame is a winning strategy for Player 0.
Therefore, for this s we have (S, s ) ∈ L(A(ψ)).
“⊇”: Let (S, s) be a pointed transition system and s a successor of s such
that (S, s ) ∈ L(A(ψ)); that is, Player 0 has a memoryless winning strategy f
in the game (G, v0 ) := G(ψ, S, s ) (in particular: v0 = (ψ, s )). Clearly, the
180 Júlia Zappe

following strategy is a (memoryless) winning strategy for Player 0 in the game

G(3ψ, S, s):

 f (v) if v ∈ V G ∩ dom(f )
if v = (3ψ, s) .
f (v) :=
v0
2
Theorem 10.18. Let ϕ be an Lµ formula in normal form. Then for every
pointed transition system (S, s) the following holds:

(S, s) |= ϕ iff (S, s) ∈ L(A(ϕ))

Proof. We proceed by induction on the size of the formula ϕ.

Case ϕ = ⊥, , p, ¬p for p ∈ P . The claim follows directly from the definition
of A(ϕ).
Case ϕ = ψ1 ∧ ψ2 . By induction hypothesis we can assume that the following
is true: (S, s) |= ψi iff (S, s) ∈ L(A(ψi )) for i = 1, 2. Thus, the claim follows by
Lemma 10.16.
Case ϕ = ψ1 ∨ ψ2 . Similar to the previous case.
Case ϕ = 2ψ We use the definition of the semantics of 2ψ, the induction
hypothesis, and Lemma 10.17 to obtain that (S, s) |= ϕ iff (S, s ) |= ψ holds
for all successors s of s iff (S, s ) ∈ L(A(ψ)) holds for all successors s of s iff
(S, s) ∈ L(A(2ψ)).
Case ϕ = 3ψ. The proof is similar to the one for 2ψ.
Case ϕ = µp ψ. Let S = (S, R, λ) and

g : S  → ψS[p→S
] = {s | (S[p → S  ], s ) ∈ L(A(ψ))}

I.H.
(10.4)

Since
(S, s) |= µp ψ iff s ∈ µg
and

(S, s) ∈ L(A(µp ψ)) iff Player 0 wins the game G(µp ψ, S, s)

we have to show that

µg = {s ∈ S | Player 0 wins the game G(µp ψ, S, s)} .

“⊆”: Let Sµ abbreviate the right hand side of the above equation, i.e., Sµ is the
set of winning positions
of Player 0 in the game G(µp ψ, S, s).
Since µg = {S  ⊆ S | g(S  ) ⊆ S  }, it suffices to show that g(Sµ ) ⊆ Sµ . Let
s ∈ g(Sµ ), that is (cf. 10.4), Player 0 has a memoryless winning strategy f in
the game G(ψ, S[p → Sµ ], s). We must prove (cf. definition of Sµ ) that Player 0
wins the game G(µpψ, S, s), too. In order to show this we study this game more
carefully.
The game G(µp ψ, S, s) has initial vertex (µp ψ, s) and this vertex has an
outgoing edge to the initial vertex of G(ψ, S[p → Sµ ], s), i.e., to (ψ, s).
 10 Modal µ-Calculus and Alternating Tree Automata 181

Further, the game has all the vertices and edges of the game
G(ψ, S[p → Sµ ], s). In addition, every vertex of the form (p, s ) has an edge
to the initial vertex (µp ψ, s ) of the game G(µp ψ, S, s ). All vertices belong to
the same Player as in the original game, except for the vertices (p, s ) which
are now Player 0’s vertices (cf. Remark 10.15) .
Now we will show that Player 0 wins this game. At first Player 0 moves
the pebble to (ψ, s). Now he plays in accordance with his memoryless winning
strategy f for the game G(ψ, S[p → Sµ ], s) until the play reaches a vertex of
the form (p, s ) (if no vertex of this form will be reached, then Player 0 wins,
because in this case the resulting play is a play in the game G(ψ, S[p → Sµ ], s)
and f is a winning strategy for Player 0 in this game). Such a vertex was a dead
end in the game G(ψ, S[p → Sµ ], s). Since Player 0 played with f , this vertex
must have belonged to Player 1 in the game G(ψ, S[p → Sµ ], s), that is, s ∈ Sµ
(= λ[p → Sµ ](p)). By the definition of Sµ , Player 0 has a winning strategy
for G(µpψ, S, s ). Now, he can move the pebble to (µp ψ, s ) and then play in
accordance with this winning strategy and he wins.
“⊇”: For the converse we prove that every fixed point of g is a superset of
Sµ , that is,
for all S  ⊆ S : if g(S  ) = S  then Sµ ⊆ S 

Let S  be a fixed point of g and s0 ∈ Sµ . Suppose that s0 ∈ / S  = g(S  ). Because of

s0 ∈ Sµ there exists a winning strategy f for Player 0 in the game G(µp ψ, S, s0 ).
By our assumption (s0 ∈ / S  = g(S  )), the restriction of f to the vertices of the

game G(ψ, S[p → S ], s0 ) can not be a winning strategy for Player 0. Thus, there
exists a play π0 in G(ψ, S[p → S  ], s0 ) consistent with the restriction of f won
by Player 1. Comparing the two games one can easily see that π0 must be finite
and its last vertex must be of the form (p, s1 ). Since Player 1 wins this play,
it follows that s1 ∈/ S  . On the other hand, (µp ψ, s0 )π0 is a prefix of a play
π consistent with f in the game G(µp ψ, S, s0 ) where f is a winning strategy.
As (p, s1 ) has exactly one successor in G(µp ψ, S, s0 ), namely (µp ψ, s1 )), the
sequence (µp ψ, s0 )π0 (µp ψ, s1 ) is also a prefix of the play π. The play π is
consistent with f and so it follows by Lemma 10.1 that the restriction of f is
a winning strategy for Player 0 in G(µp ψ, S, s0 ) ↓ (µpψ, s1 ) = G(µp ψ, S, s1 ).
Thus, s1 ∈ Sµ .
Now we have a new vertex (µp ψ, s1 ) such that s1 ∈ Sµ but s1 ∈ / S  . As
above, it follows that the restriction of f to the vertices of G(ψ, S[p → S  ], s1 )
is not a winning strategy for Player 0 and we obtain a vertex (µp ψ, s2 ) and
a (finite) play π1 in G(ψ, S[p → S  ], s1 ) consistent with (the restriction of) f
such that (p, s2 ) is the last vertex in π1 , s2 ∈ Sµ and s2 ∈ / S  . Inductively we
obtain an infinite sequence of vertices ((µp ψ, si ))i∈ω and an infinite sequence
of (finite) plays (πi )i∈ω in the games G(ψ, S[p → S  ], si ) consistent with the
restrictions of f . Hence, the following play is a play in G(µp ψ, S, s0 ) which is
consistent with f and is therefore won by Player 0:

π = (µp ψ, s0 )π0 (µp ψ, s1 )π1 (µp ψ, s2 ) . . .

182 Júlia Zappe

Since Ω(µp ψ) is the maximum priority of the automaton A(µp ψ) and it is
odd, we have a contradiction.
Case ϕ = νp ψ. Let S and g be as in the previous case. We have to show:
νg = {s ∈ S | Player 0 wins the game G(νp ψ, S, s)} .
“⊇”: Let Sν abbreviate the set on the right hand side, i.e., let Sν be the set of

for Player 0 in the game G(νp ψ, S, s).
the winning positions
Due to νg = {S  ⊆ S | S  ⊆ g(S  )}, it suffices to show that Sν ⊆ g(Sν ).
Let s ∈ Sν , that is, Player 0 has a memoryless winning strategy f in the game
G(νp ψ, S, s). We have to prove that Player 0 wins the game G(ψ, S[p → Sν ], s)
as well. We show that the restriction of f is a winning strategy for Player 0
in this game. Clearly, every infinite play consistent with the restriction is won
by Player 0, because such a play is a play consistent with f in the original
game. Let π be a finite play consistent with the restriction of f in the game
G(ψ, S[p → Sν ], s). The last vertex is a dead end in the game G(ψ, S[p → Sν ], s).
If this vertex is also a dead end in the original game then π is a play consistent
with f in the original game and therefore won by Player 0. If this vertex has a
successor in the original game, then it must be of the form (p, s ). As in the
previous case it follows that the restriction of f is a winning strategy for Player 0
in the game G(νp ψ, S, s) ↓ (νp ψ, s ) = G(νp ψ, S, s ). Hence, s ∈ Sν and so the
vertex (p, s ) belongs to Player 1 in the game G(ψ, S[p → Sν ], s). Therefore,
Player 0 wins also this play.
“⊆”: For the converse, let s ∈ νg. Because of νg = g(νg) for every s ∈
νg there exists a memoryless winning strategy fs
for Player 0 in the game
G(ψ, S[p → νg], s ). We have to show that Player 0 wins the game G(νp ψ, S, s).
The initial vertex of the game is (νp ψ, s) and its unique successor is (ψ, s),
the initial vertex of the game G(ψ, S[p → νg], s). So, Player 0 moves the pebble
to this vertex and then he plays in accordance with fs unless a vertex (p, s1 )
is reached (in particular, the play is a play in G(ψ, S[p → νg], s) consistent with
fs ). This vertex is a dead end in the game G(ψ, S[p → νg], s). Since this play is
consistent with fs , the vertex belongs to Player 1, that is, s1 ∈ νg. The vertex
(p, s1 ) has exactly one outgoing edge that leads to the vertex (νp ψ, s1 ). This
vertex has also only one successor, namely (ψ, s1 ). Now Player 0 should play
in accordance with the strategy fs1 until a vertex (p, s2 ) is reached. After the
two trivial steps (to the vertex (νp ψ, s2 ) and then to (ψ, s2 )) he should play
as given by fs2 and so on. We want to prove that if he plays in this way, he wins.
Let π denote the resulting play.
We distinguish two cases.
First case:
∃i ∈ ω∀j > i∀s ∈ S : π(j) = (p, s )
In this case there exists a j > i such that the suffix π(j)π(j + 1) . . . of π is
an infinite play consistent with fs
in a game G(ψ, S[p → νg], s ). Since fs
is a
winning strategy for Player 0 in this game, he wins π.
Second case:
∀i ∈ ω∃j > i∃s ∈ S : π(j) = (p, s )
 10 Modal µ-Calculus and Alternating Tree Automata 183

In this case vertices of the form (νp ψ, s ) occur infinitely often in π. Their
priority, Ω(νp ψ), is the maximum priority in the entire game, it is even and
so Player 0 wins. 2
Exercise 10.6. In the above proof, we dealt with the least fixed point operator
and the greatest fixed point operator separately. Use Theorem 9.7 to show that
it is enough to consider only one of the two fixed point operators.

10.4 Model-Checking and Satisfiability

Now we are able to apply the results of Chapter 9 on the acceptance and empti-
ness problem for alternating tree automata, i. e. Theorems 9.6 and Corollary 9.10
to solve the model checking and the satisfiability problem for the modal µ-
calculus.
Note that the alternation depth α(ϕ) of a formula ϕ is equal to the index
ind(A(ϕ)) and that the number of states of A(ϕ) equals the number of subfor-
mulas of ϕ. In the case of the automaton A(ϕ) the index is equal to the number
of its different non-zero priorities.
Corollary 10.19. Let ϕ be an Lµ formula with α(ϕ) ≥ 2 and (S, s) a pointed
transition system. The model-checking problem is solvable in time
  α(ϕ)/2 
|ϕ||S|
O α(ϕ)|Q|(|R| + 1) α(ϕ)/2

and in space  
O α(ϕ)|ϕ||S| log(|ϕ||S|)
where |ϕ| denotes the number of subformulas of ϕ.
The model-checking problem for the modal µ-calculus is in UP ∩ co-UP.
Observe that the time complexity bound is exponential in #α(ϕ)$/2. However,
since formulas which specify properties of transition systems are usually not too
long and have a rather small alternation depth, this complexity is practically as
good as polynomial in the size of the state space of the transition system.
The following Corollary is a straightforward consequence of Corollary 9.10.

Corollary 10.20. The satisfiability problem for the modal µ-calculus is in Ex-
ptime.

10.5 Concluding Remarks

In this chapter we introduced modal µ-calculus and we proved that for each
Lµ -formula one can construct an equivalent alternating tree automaton. From
this, together with the results from the previous chapter, we derived reasonable
bounds for the complexity of the model checking problem for the modal µ-
calculus and a tight bound for the satisfiability problem.
184 Júlia Zappe

In the following chapter it will be shown that there also is a way to translate
every alternating tree automaton into an equivalent modal µ-calculus formula.
This will be used to prove that the alternation hierarchy of the modal µ-calculus
is strict. The deep connection between modal µ-calculus and monadic second-
order logic will be revealed in Chapter 14.
11 Strictness of the Modal µ-Calculus
Hierarchy

Luca Alberucci

Informatik und Angewandte Mathematik

Universität Bern

11.1 Introduction

The two main results of this chapter are the translation of alternating automata
into the modal µ-calculus and the hierarchy theorem for the modal µ-calculus.
The first main result was initially proven by Niwinski in [139]. He introduces
automata on semi-algebras and shows the equivalence with certain fixed point
terms on so-called powerset algebras. By using the fact that on binary struc-
tures the µ-calculus corresponds to a certain powerset algebra, this result can
then be applied to the modal µ-calculus to obtain the equivalence of alternat-
ing automata and the calculus, on binary transition systems. We give a direct
translation of automata to µ-formulae, using the alternating automata model
introduced by Wilke in [202], and discussed in this volume in Chapter 9. The
translation will be such that for every automaton there is a µ-formula which is
equivalent to it on all transition systems. In this sense the new result we get is a
generalization of the original one by Niwinski, since we are not restricting ourself
to binary transition systems. By combining our result with Chapter 10, where
µ-formulae are translated to alternating automata, we get the equivalence on
all transition systems. The established equivalence is such that the alternation
depth of the µ-formulae corresponds to the index of the automata.
The second main result was first proved independently by Bradfield in [13]
and Lenzi in [112]. Our proof follows the one of Arnold in [5]. We first prove
a hierarchy theorem for alternating automata. Then, by using the equivalence
result established previously, we get the hierarchy theorem for the modal µ-
calculus.
This chapter contains five sections: Section 11.2 reviews the basic notions
which will be needed later. Section 11.3 introduces hierarchies, both for µ-
formulae and for alternating automata. In Section 11.4 we translate alternating
automata into the modal µ-calculus. And in Section 11.5 we prove the hierarchy
theorems for alternating automata and for the modal µ-calculus.

11.2 Preliminaries

With regard to alternating tree automata and the modal µ-calculus we use al-
most the same definitions and the same notation that were introduced in Chap-
ters 9 and 10.

E. Grädel et al. (Eds.): Automata, Logics, and Infinite Games, LNCS 2500, pp. 185-201, 2002.
 Springer-Verlag Berlin Heidelberg 2002
186 Luca Alberucci

The differences are as follows. First, we use letters X, Y , . . . to denote

quantified propositional variables in modal µ-calculus. That is, we will write
µXφ instead of µpφ. Second, in our model of alternating automata, we allow
complex transition conditions (which we can do without loss of generality, see
Subsection 9.3.4), we fix a finite set P of propropositional variables, which is
then explicitely stated in the tuple describing the automaton, and we allow the
priority function to be partial. More precisely, it must only be defined on the
states that belong to some strongly connected component of the transition graph
of the automaton in question.
We also use the following notation. Suppose ϕ contains propositional vari-
ables X1 , . . . , Xn (we then often write ϕ(X1 , . . . , Xn )) and that S1 , . . . , Sn are
sets of states of a given transition system S. Then we write ϕ(S1 , . . . , Sn )S
for ϕ(X1 , . . . , Xn )S[X1 →S1 ,... ,Xn →Sn ] .
Notice that a transition condition δ(q) can be interpreted as a modal formula
(and hence as a modal µ-calculus formula) over propositional variables in Q ∪ P ,
say q1 , . . . , qn . To indicate that we are interested in this interpretation, we write
δq (q1 , . . . , qn ) for δ(q).
Recall that the index, ind(A), of an automaton A is defined as


ind(A) := max {|Ω(Q )| | Q ⊆ Q, Q is strongly connected} ∪ {0} .

There are essentially two ways of defining acceptance of a pointed transition

system (S, sI ) by an automaton A. One option is to proceed as in Chapter 9,
with parity games. The second option uses the notion of an accepting run of
an automaton over a transition system. This is how we proceed in the present
chapter.
We first define runs only for automata with simple transition conditions.
With the help of Remark 11.1 and Exercise 11.1 the notion of run can then be
extended to automata with complex transition conditions.
Let A be an automaton with state q0 and S be a transition system with
state s0 . We define  to be a q0 -run on s0 of A on S if  is a (S × Q)-vertex-
labeled tree of the form (V, E, ), where V is the set of vertices, E is a binary
relation on V , and  is the labeling function. If v0 is the root of V , then (v0 )
must be (s0 , q0 ). Moreover for all vertices v ∈ V , with label (s, q), the following
requirements must be fulfilled:
• δ(q) = 0,
• if δ(q) = p then s ∈ pS , and if δ(q) = ¬p then s ∈ pS ,
• if δ(q) = q  , then there is a v  ∈ vE such that (v  ) = (s, q  ),
• 3
if δ(q) = q  , then there is a v  ∈ vE such that (v  ) = (s , q  ) where s ∈ sR,
• if δ(q) = q  , then for all s ∈ sR there is a v  ∈ vE such that (v  ) = (s , q  ),
• if δ(q) = q  ∨ q  , then there is a v  ∈ vE such that we have (v  ) = (s, q  ) or
(v  ) = (s, q  ),
• if δ(q) = q  ∧ q  , then there are v  , v  ∈ vE such that (v  ) = (s, q  ) and
(v  ) = (s, q  ).
where vE = {v  ∈ V | (v, v  ) ∈ E}, similarly for sR.
 11 Strictness of the Modal µ-Calculus Hierarchy 187

An infinite branch of a run is accepting if the highest priority which ap-

pears infinitely often is even. A run is accepting when all infinite branches are
accepting. An automaton A accepts a pointed transition system S = (S, sI ) if
there is an accepting qI -run on sI of A on S (where qI is the initial state of A).
Let A = (Q, P, q1 , δ, Ω) be an automaton, S = (S, R, λ) a transition system
and  = (V, E, ) a run. For all v ∈ V and q ∈ Q we define

SvE|q := {s ∈ S | ∃v  (v  ∈ vE and (v  ) = (s, q))}.

From the above definition, the following is clear.

Remark 11.1. Let A = ({q1 , . . . , qn }, P, qI , δ, Ω) be an automaton, S = (S, R, λ)

a transition system and  = (V, E, ) a (S × Q)-vertex-labeled tree with root v0 .
The following two sentences are equivalent:

(1)  = (V, E, ) is a q0 -run on s0 of A on S.

(2) (v0 ) = (s0 , q0 ) and for all vertices v which are labeled by (s, q) we have
s ∈ δq (SvE|q1 , . . . , SvE|qn )S .

This justifies that we define that a run of an alternating tree automaton with
complex transition conditions is required to satisfy the second condition.

Exercise 11.1. Give a direct definition of run for automata with complex transi-
tion conditions, without using the notion of equivalent simple automaton. Show
that your automaton accepts the same runs as the equivalent simple automaton.
(Hint: Use the equivalence established in Remark 11.1.)

11.3 Hierarchies

In this section we introduce hierarchies both for alternating automata and for
µ-formulae.
Before we introduce a hierarchy on the formulae Lµ let us define two operators
µ and ν on classes of µ-formulae. Let Φ be a class of µ-formulae. We define µ(Φ)
to be the smallest class of formulae such that the following requirements are
fulfilled:

(i) Φ ⊆ µ(Φ) and ¬Φ ⊆ µ(Φ), where ¬Φ := {¬ϕ | ϕ ∈ Φ}.

(ii) If ψ ∈ µ(Φ) then µX.ψ ∈ µ(Φ) (provided that each appearance of X in ψ
is positive).
3
(iii) If ψ, ϕ ∈ µ(Φ) then ψ ∧ ϕ ∈ µ(Φ), ψ ∨ ϕ ∈ µ(Φ), ψ ∈ µ(Φ) and ψ ∈ µ(Φ).
(iv) If ψ, ϕ ∈ µ(Φ) and X ∈ F ree(ψ), then ϕ[ψ/X] ∈ µ(Φ).

ν(Φ) is defined analogously to µ(Φ) with the only difference that (ii) is substi-
tuted by:

(ii’) If ψ ∈ ν(Φ) then νX.ψ ∈ ν(Φ) (provided that each appearance of X in ψ is

positive).
188 Luca Alberucci

With the help of the previous definitions we introduce two modal µ-calculus
hierarchies. The first one is on the syntactical side, that is, it is a hierarchy of
classes of µ-formulae, and the second one is on the semantical side, that is, it is
a hierarchy of classes of transition systems.
For all natural numbers n we define the classes of µ-formulae Σnµ and Πnµ
inductively:

• Σ0µ and Π0µ are equal and consist of all fixed point free µ-formulae.
µ
• Σn+1 = µ(Πnµ ).
µ
• Πn+1 = ν(Σnµ ).

All Πnµ and Σnµ form the syntactic modal µ-calculus hierarchy.
To define the semantical counterpart of this hierarchy, we introduce the class
ϕ for all µ-formulae ϕ. It consists of all pointed transition systems (S, sI ) such
that sI ∈ ϕS . The semantical modal µ-calculus hierarchy consists of all
Σnµ TR and Πnµ TR , which are the following classes of pointed transition systems:

• Σnµ TR = {ϕ | ϕ ∈ Σnµ },

• Πnµ TR = {ϕ | ϕ ∈ Πnµ }.

It is obvious that we have

 
Lµ = Σnµ = Πnµ .
n∈ω n∈ω

Furthermore from the definitions above, we can easily prove that

(Σnµ ∪ Πnµ ) ( Πn+1

µ
,

and that

(Σnµ ∪ Πnµ ) ( Σn+1

µ
.

This clearly shows that on the syntactical side we have a strict hierarchy of
formulae. Showing an equivalent result on the semantical side will be the second
main result of this chapter.

Lemma 11.2. The following holds for all natural numbers n:

• Σnµ TR = {¬ϕ | ϕ ∈ Πnµ } = {TR − ϕ | ϕ ∈ Πnµ TR },

• Πnµ TR = {¬ϕ | ϕ ∈ Σnµ } = {TR − ϕ | ϕ ∈ Σnµ TR }.

Above, TR denotes the class of all pointed transition systems.

Proof. By Lemma 20.9 in Chapter 20 we have for all transition system S and
all formulae ϕ

¬νX.ϕS = µX.¬ϕ[¬X/X]S and ¬µX.ϕS = νX.¬ϕ[¬X/X]S .

With this fact we can easily prove the lemma. 


 11 Strictness of the Modal µ-Calculus Hierarchy 189

Let us now introduce a syntactical and a semantical hierarchy for automata.

We first introduce the syntactical hierarchy, which consists of the following
classes of alternating automata.

• Σ0 = Π0 consists of all automata of index 0.

• Σn (n > 0) contains Σn−1 ∪ Πn−1 and all automata of index n where the
maximal priority on any strongly connected component of the transition
graph of the automaton is odd.
• Πn (n > 0) contains Σn−1 ∪ Πn−1 and all automata of index n where the
maximal priority on any strongly connected component of the transition
graph of the automaton is even.

For the semantical part, if A is the class of all pointed transition systems
accepted by an automaton A, we define

• ΣnTR = {A | A ∈ Σn },
• ΠnTR = {A | A ∈ Πn }.

We conclude this section by stating a lemma, which follows from the Com-
plementation Theorem 9.7.

Lemma 11.3. For all automata A ∈ Σn (∈ Πn ) there is an automaton  ∈

Πn (∈ Σn ) such that

 = TR − A,

where TR is the class of all pointed transition systems.

Exercise 11.2. Suppose A ∈ Σn . Show that there is an equivalent automaton A

(i.e. A = A ), where the range of the priority function is {0, . . . , n − 1} if n
is even, and {1, . . . , n} if n is odd. Formulate and show the analogous claim for
Πn -automata.

11.4 From Alternating Automata to µ-Calculus

In this section we discuss how to translate alternating automata into µ-calculus

formulae.
The first lemma deals with simultaneous fixed points of monotone functionals.
It is a reformulation of Theorem 20.12 in Chapter 20, in terms of the µ-calculus.

Lemma 11.4. Assume that Φ is a class of functions which contains µ-formulae

δ1 (s1 , . . . , sk ), . . . , δk (s1 , . . . , sk ) where all sj (j = 1, . . . , k) appear only pos-
itively. Moreover define for all transition systems S = (S, R, λ) a functional
P P
FS : (S k ) → (S k ) as

FS : (S1 , . . . , Sk ) → (δ1 (S1 , . . . , Sk )S , . . . , δk (S1 , . . . , Sk )S ).

190 Luca Alberucci

There are µ-formulae τ1 , . . . , τk in ν(Φ) and ρ1 , . . . , ρk in µ(Φ) such that for all
transition systems S we have (where GFP(FS ) denotes the greatest fixed point
of FS and LFP(FS ) the least fixed point)

(τ1 S , . . . , τk S ) = GFP(FS )

and

(ρ1 S , . . . , ρk S ) = LFP(FS ).

Example 11.5. We illustrate, how we can construct these simultaneous fixed

points in the case k = 2, i.e., when we have δ1 (X, Y ) and δ2 (X, Y ).

• τ1 = νX.δ1 (X, Y )[νY.δ2 (X, Y )/Y ],

• τ2 = νY.δ2 (X, Y )[νX.δ1 (X, Y )/X],
• ρ1 = µX.δ1 (X, Y )[µY.δ2 (X, Y )/Y ],
• ρ2 = µY.δ2 (X, Y )[µX.δ1 (X, Y )/X].

We are now able to prove the main result of this section.

Theorem 11.6. For any alternating automaton A = (Q, P, δ, qI , Ω) one can

construct a µ-formula τA (over propositional variables P ∪ Q) such that, for all
pointed transition systems (S, sI ), we have

A accepts (S, sI ) ⇔ sI ∈ τA S .

Moreover, if A is Σn , then τA can be chosen in Σnµ ; if A is Πn , then τA can be

chosen in Πnµ .

Proof. The proof goes by induction on the index n of the automaton. We assume
for all alternating automata A that the priority function is defined only on
strongly connected components of the transition graph. Moreover, we assume
that the cardinality of the range of the priority function of an automaton of
index n is also n. This is no real restriction, since all automata are equivalent to
one fulfilling these assumptions. There will be two cases for the induction step
(n > 0):
Case 1: If the maximal priority m is even, we will consider k auxiliary au-
tomata of index ≤ n − 1, in which the states of Ω −1 [m] are moved into variables.
Then we will apply the greatest fixed point operator.
Case 2: If the maximal priority m is odd, we consider the complement  of
our automaton A. By Lemma 11.3, Â can be chosen to have the same index as A,
but with maximal priority even. Thus, if we assume that the induction step for
Case 1 has been made, we have a Πnµ -formula τ representing the complement.
By Lemma 11.2 we know that there is a formula τA ∈ Σnµ which is equivalent to
¬τ . It is easy to check that τA is the Σnµ -formula fulfilling the requirements of
the theorem. So, only the induction step for Case 1 has to be carried out.
The informal description above shows that greatest fixed points capture the
automata with even maximal priority and the least fixed points, as negations
 11 Strictness of the Modal µ-Calculus Hierarchy 191

of greatest fixed points, the automata with an odd maximal priority. Before we
carry out the induction, let us explain what means ‘moving states into variables’.
We need to define two transformations for automata:
The first takes an automaton A = (Q, P, δ, qI , Ω) and a set X ( Q such that
qI ∈ X and defines a new automaton

Af ree(X) = (Q − X, P ∪ X, δ  , qI , Ω  )

where δ  and Ω  are the restrictions of δ (resp. Ω) to Q − X. This is the trans-

formation which converts states of the automaton into variables. Notice that the
runs of Af ree(X) are like the ‘beginning’ of a run of the automaton A. If we reach
a point (s, q), where q ∈ X the run of Af ree(X) stops, whereas if it was a run of
the automaton A it would go on.
The second transformation on automata helps us to deal with the restriction
qI ∈ X we had on the first transformation. It takes an automaton as above, a
state q ∈ Q and a new symbol q̂ ∈ Q ∪ P and defines a new automaton

Astart(q) = (Q ∪ {q̂}, P, δ  , q̂, Ω)

where δ  is equal to δ on Q and δ  (q̂) = δ(q). It is clear, that Astart(q) accepts

the same pointed transition systems as A with initial state q. Moreover, note
that for all X ⊆ Q, the introduction of q̂ makes possible for all automata to do
the operation (Astart(q) )f ree(X) (shorter Astart(q)f ree(X) ).
Let us now carry out the induction on the index n of an automaton A =
(Q, P, δ, qI , Ω).
n = 0 : In this case, the transition graph of the automaton does not have any
strongly connected component. This means we can easily find an equivalent Σ0µ
formula as follows. We take δ(qI ) and replace every occurrence of a state q in
this formula by the respective transition condition, δ(a). If the resulting formula
still contains states, we proceed in the same fashion. The fact that the transition
graph of the automaton does not contain any strongly connected component
ensure that the process eventually terminates. The resulting formula must obvi-
ously be equivalent to the automaton. We leave the details as an exercise.
n > 0 : As shown before it is enough to do the induction step only for Case
1. We define U to be the set of states Ω −1 [m], where m is the maximal priority,
assuming that qI ∈ U ; otherwise we consider the semantically equivalent automa-
ton Astart(qI ) . Suppose U = {q1 , . . . , qk }. We consider the automata Af ree(U )
and Astart(qi )f ree(U ) for all i = 1, . . . , k. It is easy to see that all these automata
are of index ≤ n − 1. So by induction hypothesis, there are µ-formulae τ0 (q)
and τ1 (q), . . . , τk (q) in Σnµ (where q = (q1 , . . . , qk )) such that for all pointed
transition systems (S, sI ) we have

Af ree(U ) accepts (S, sI ) ⇔ sI ∈ τ0 (q)S

and

Astart(qi )f ree(U ) accepts (S, sI ) ⇔ sI ∈ τi (q)S ,

192 Luca Alberucci

for all i = 1, . . . , k. Now consider the functionals FS : P(S k ) → P(S k ) with

FS : (S1 , . . . , Sk ) → (τ1 (S1 , . . . , Sk )S , . . . , τk (S1 , . . . , Sk )S ).

µ
By Lemma 11.4 there are µ-formulae ρ1 , . . . , ρk in Πn+1 such that for all tran-
sition systems S, (ρ1 S , . . . , ρk S ) is the greatest fixed point of FS . In order
to do the induction step let us make the following claim.

Claim. For all pointed transition systems (S, sI ) and for all i = 1. . . . , k we have
the two following facts:

(1) Astart(qi ) accepts (S, sI ) ⇔ sI ∈ ρi S .

(2) A accepts (S, sI ) ⇔ sI ∈ τ0 [ρ1 /q1 , . . . , ρk /qk ]S .
µ
Since τ0 [ρ1 /q1 , . . . , ρk /qk ] ∈ Πn+1 the claim completes the induction step for
Case 1.
We will prove the claim by first showing that (1) implies (2) and then showing
the correctness of (1).
Proof that (1) implies (2). Let us remark that by choice of τ0 and by (1) we
have

sI ∈ τ0 [ρ1 /q1 , . . . , ρk /qk ]S ⇔ Af ree(U ) accepts (S  , sI ),

where S  = S[q1 → ASstart(q1 ) , . . . , qk → ASstart(qk ) ] and ASstart(qi ) is the set of

states s in S such that Astart(qi ) accepts (S, s). So it is enough to show

A accepts (S, sI ) ⇔ Af ree(U ) accepts (S  , sI ).

To prove the ‘only if’ direction let us assume that  is a qI -run on sI of the
automaton A on S. We want to convert it into a qI -run on sI of the automaton
Af ree(U ) on S  . Let us do the conversion for every branch of . If we have a
branch where there is no state of U , then we do not change anything, otherwise,
when we meet the first qi ∈ U appearing in the branch, we cut off the rest.
The new end point we get is of the form (s, qi ), where by assumption (S, s) is
accepted by A with new initial state qi . Using the fact that this automaton is
equivalent to Astart(qi ) and that qi is now a variable, which by definition is true
in s ∈ S (under the valuation λ ), we get the desired result. The proof of the ‘if’
direction follows similar arguments.
Proof of (1). As before AS is the set of all points s in S such that (S, s) is ac-
cepted by A. By definition of ρi we have to prove that (ASstart(q1 ) , . . . , ASstart(qk ) )
is the greatest fixed point of FS , and so by Tarski-Knaster:

(i) (ASstart(q1 ) , . . . , ASstart(qk ) ) ⊆ FS (ASstart(q1 ) , . . . , ASstart(qk ) )

(ii) For all (S1 , . . . , Sk ) ⊆ S k such that (S1 , . . . , Sk ) ⊆ FS (S1 , . . . , Sk ) we have

(S1 , . . . , Sk ) ⊆ (ASstart(q1 ) , . . . , ASstart(qk ) ).

 11 Strictness of the Modal µ-Calculus Hierarchy 193

We first prove (i). Recall that the i-th component of the tuple

FS (ASstart(q1 ) , . . . , ASstart(qk ) )

is of the form

τi (ASstart(q1 ) /q1 , . . . , ASstart(qk ) /qk )S .

Since τi was the formula equivalent to the automaton Astart(qi )f ree(U) it is

enough to show the following, for all states s in S:

Astart(qi ) accepts (S, s) ⇒ Astart(qi )f ree(U) accepts (S  , s) (11.1)

where S  is S[q1 → ASstart(q1 ) , . . . qk → ASstart(qk ) ]. This is very similar to what

we showed above when we proved (1); we leave the details as an exercise, see
Exercise 11.4.
To prove (ii) let (S1 , . . . , Sk ) satisfy the premise of (ii), and let si ∈ Si . Since


si ∈ τi (S1 , . . . , Sk )S , by hypothesis about τi we have si ∈ ASstart(qi )f ree(U) ,
where S  is S[q1 → S1 , . . . , qk → Sk ] (recall that τi is of the form τi (q1 , . . . , qk )).
So there is an accepting run of Astart(qi )f ree(U) with the property that if it has
a vertex (sj , qj ) such that qj ∈ U , then it is a leaf and we have sj ∈ Sj . Hence
we can reapply the premise of (ii) and construct a sj -run of Astart(qj )f ree(U) ,
such that for all leaves of the form (qj
, sj
) with qj
∈ U the premise of (ii)
can be “re-”reapplied . Iterating this process, in the limit we get an accepting
run of Astart(qi ) for si , since the following holds for all branches. If the branch
is finite, then its end point is of the form (σ, s), where σ ∈ {q1 , . . . , qk }. By
assumption we have s ∈ λ(σ) = λ (σ) (where λ is the valuation of S  ). For
the infinite branches we have two cases. For the first case the infinite branch
contains only finitely many states q which are in U . Then it easily follows that
from the last appearance of a q ∈ U on, this branch is the same as a branch
of an accepting run of an automaton Astart(ql )f ree(U) . So the highest priority
appearing infinitely often must be even, and the branch is accepted. For the
other case, there are infinitely many states of U in the branch, and since U is
the set where the priority function has its maximal value m and m is even, we
again have an accepting branch. 


Exercise 11.3. Carry out the details of the induction base.

Exercise 11.4. Carry out the details of the proof of the implication (11.1).
As a consequence of the above theorem and the results of the previous chap-
ter, we note:

Corollary 11.7. For every n,

ΣnµTR = ΣnTR and ΠnµTR = ΠnTR .

We conclude this section by giving an example of an automaton and an

equivalent µ-formula obtained with the construction described in the proof.
194 Luca Alberucci

Example 11.8. Given an automaton A = ({q0 , q1 , q2 }, {p1 , p2 }, δ, q0 , Ω) such that

3
δ(q0 ) = q1 , δ(q1 ) = q2 ∨ q0 and δ(q2 ) = p1 ∧ q1 , and such that Ω(q0 ) = 1 (i.e.
q0 is not in the domain of Ω) and Ω(q1 ) = Ω(q2 ) = 2. We construct an equivalent
µ-formula, following the proof of Theorem 11.6 (we use trivial equivalences of
µ-formulae to get more compact representations).
We set U = {q1 , q2 }. By construction the formula ϕ equivalent to the automa-
ton has the structure τ0 [ρ1 /q1 , ρ2 /q2 ], where the formulae τ0 , ρ1 , ρ2 are defined
as follows:
• τ0 is equivalent to Af ree(U) ,
• ρ1 , ρ2 are formulae such that for all S we have (ρ1 S , ρ2 S ) = GFP(F1 ),
where F1 is the functional

F1 : (S1 , S2 ) → τ1 (S1 , S2 ), τ2 (S1 , S2 )S ,

where τ1 (q1 , q2 ) is the formula equivalent to Astart(q1 )f ree(U) and τ2 (q1 , q2 )

is the formula equivalent to Astart(q2 )f ree(U) .
By construction we also have for all transition systems S:
• Af ree(U ) is equivalent to LFP(F2 ) with

F2 : S → q1 S .

• Astart(q1 )f ree(U ) is equivalent to the second component of LFP(F3 ) with

F3 : (S0 , S1 ) → (q1 , q2 ∨ 3S0)S .

• Astart(q2 )f ree(U ) is equivalent to the second component of LFP(F4 ) with

F4 : (S0 , S2 ) → (q1 , p1 ∧ q1 )S .

Putting all this together we obtain (Example 11.5 may be useful for a better
understanding):
• τ0 = q1 ,
3
• τ1 = q2 ∨ q1 ,
• τ2 = p1 ∧ q1 .
So we get

F1 : (S1 , S2 ) → S2 ∨ 3S1, p1 ∧ S1S

which gives us

(ρ1 , ρ2 ) = (νX.((p1 ∧ X) ∨ 3X), νY.(p1 ∧ νX.(p1 ∧ X)))

and so we have

ϕ = (νX.((p1 ∧ X) ∨ 3X)).

 11 Strictness of the Modal µ-Calculus Hierarchy 195

11.5 Hierarchy Theorems

In this section we prove that the hierarchy of modal µ-calculus on transition
systems is strict. We proceed similarly to Arnold in [5]. In the first subsection
we show the strictness of the hierarchy induced by automata and then use this
to get the main result in the second subsection.

11.5.1 Hierarchy Theorem for Automata

We assume that for all automata A ∈ Σn the range of the priority function is
ΩΣn and that for all automata A ∈ Πn the range is ΩΠn , where ΩΣn and ΩΠn
are defined as follows.
• n = 0: If A ∈ Σn or A ∈ Πn then ΩΣ0 = ΩΠ0 = ∅.
• n even (n = 0):
– If A ∈ Σn then ΩΣn = {0, . . . , n − 1}.
– If A ∈ Πn then ΩΠn = {1, . . . , n}.
• n odd:
– If A ∈ Σn then ΩΣn = {1, . . . , n}.
– If A ∈ Πn then ΩΠn = {0, . . . , n − 1}.
The assumptions we have made above are no real restriction, since all au-
tomata are equivalent to one fulfilling these assumptions (see Exercise 11.2).
For every natural number n we now introduce the Σn -Test Automaton
TΣn and the Πn -Test Automaton TΠn .These test automata are designed to be
“universal” in the sense that they accept encodings of arbitrary runs of automata
in Σn and Πn , respectively.
All TΣn are of the form (where u is a new symbol)
TΣn = (QΣn , P, qu , δΣn , Ω)
and all TΠn are of the form
TΠn = (QΠn , P, qu , δΠn , Ω)
where:
• QΣn = {qi | i ∈ ΩΣn } ∪ {qu },
• QΠn = {qi | i ∈ ΩΠn } ∪ {qu },
• P = {cu } ∪ {c0 , c1 , c2 , . . . } ∪ {du } ∪ {d0 , d1 , d2 , . . . },
• for all states qj ∈ QΣn we have:
 
δ(qj ) = (ci ∧ qi ) ∨ 3
(di ∧ qi ),
qi ∈QΣn qi ∈QΣn

• for all states qj ∈ QΠn we have:

 
δ(qj ) = (ci ∧ qi ) ∨ (di ∧ 3qi),
qi ∈QΠn qi ∈QΠn

• Ω(qj ) = j if j = u and Ω(qu ) ↑.

196 Luca Alberucci

In the following, we only consider pointed transition systems which are rooted
trees with degree at most 2, which we will call binary transition systems. This
will be no restriction at all, because if formulas do not agree on such structures,
then they will definitely not agree on all structures.
We reduce the problem of acceptance of a binary transition system S by
a given automaton A ∈ Σn (resp. Πn ) to the acceptance of another binary
transition system GA,q (S) by TΣn (resp. TΠn ). This transition system will in
some sense be a representation of the game tree described in Chapter 9 and
which was used to define acceptance of a tree.
To define this transition system, let us introduce a more compact notation for
binary transition systems: In the sequel the symbols t1 , t2 , . . . stand for binary
trees, when no confusion arises we also use them to denote binary transition
systems. 1 is the trivial binary tree (or transition system), that is, the one with
no states. If t1 and t2 are two binary transition systems and a is a subset of the
propositional variables then a(t1 , t2 ) denotes a binary transition system with a
new root v such that exactly the variables in a are valid there and such that v
has two edges to the roots of t1 and t2 , respectively. (Observe that this means
that we do not distinguish between a(t1 , t2 ) and a(t2 , t1 ).) If v should only have
one son (resp. no son) we write a(t1 , 1) (resp. a(1, 1)). If a = {p} we also write
p(t1 , t2 ). Obviously, for any binary transition system there are a, t1 , t2 such that
it is of the form a(t1 , t2 ) (when v is chosen in the right way).
Let A = (Q, P, qI , δ, Ω) ∈ Σn (resp. Πn ) be an automaton and q a state of
A. With every binary transition system t we associate a new binary transition
system GA,q (t). The definition of this transition system is inductive, according
to the following rules.

• If δ(q) = q  ∧ q  and Ω(q) = i ∈ ω then

GA,q (a(t1 , t2 )) = ci (GA,q
(a(t1 , t2 )), GA,q

(a(t1 , t2 ))),

• if δ(q) = q  ∨ q  and Ω(q) = i ∈ ω then

GA,q (a(t1 , t2 )) = di (GA,q
(a(t1 , t2 )), GA,q

(a(t1 , t2 ))),

• if δ(q) = q  and Ω(q) = i ∈ ω then

GA,q (a(t1 , t2 )) = ci (GA,q
(a(t1 , t2 )), 1),

• if δ(q) = 3q, Ω(q) = i ∈ ω and t1 = 1 or t2 = 1 then

GA,q (a(t1 , t2 )) = di (GA,q
(t1 ), GA,q
(t2 )),

• if δ(q) = q  , Ω(q) = i ∈ ω and t1 = 1 or t2 = 1 then

GA,q (a(t1 , t2 )) = ci (GA,q
(t1 ), GA,q
(t2 )),

• if δ(q) = q  ∧ q  and Ω(q) ↑ then

GA,q (a(t1 , t2 )) = cu (GA,q
(a(t1 , t2 )), GA,q

(a(t1 , t2 ))),

 11 Strictness of the Modal µ-Calculus Hierarchy 197

• if δ(q) = q  ∨ q  and Ω(q) ↑ then

GA,q (a(t1 , t2 )) = du (GA,q
(a(t1 , t2 )), GA,q

(a(t1 , t2 ))),
• if δ(q) = q  and Ω(q) ↑ then
GA,q (a(t1 , t2 )) = cu (GA,q
(a(t1 , t2 )), 1),
• if δ(q) = 3q, Ω(q) ↑ and t1 = 1 or t2 = 1 then
GA,q (a(t1 , t2 )) = du (GA,q
(t1 ), GA,q
(t2 )),
• if δ(q) = q  , Ω(q) ↑ and t1 = 1 or t2 = 1 then
GA,q (a(t1 , t2 )) = cu (GA,q
(t1 ), GA,q
(t2 )),
• if δ(q) = 3q and t1 = t2 = 1 then
GA,q (a(t1 , t2 )) = ∅,
• if δ(q) = q  and t1 = t2 = 1 then
GA,q (a(t1 , t2 )) = P,
• if δ(q) = , or δ(q) = p and p ∈ a then
GA,q (a(t1 , t2 )) = P,
• if δ(q) = ⊥, or δ(q) = p and p ∈ a then
GA,q (a(t1 , t2 )) = ∅.
It is easy to see that GA,q (a(t1 , t2 )) is a binary transition system.
Example 11.9. Figure 11.1 shows a transition system S together with GA,q1 (S)
and GA,q1 (GA,q1 (S)) =: G2A,q1 (S). S is a binary transition system over a set
of propositional variables {p1 , p2 } of the form p1 (t1 , t2 ), where t1 = p1 (1, 1) and
t2 = p2 (1, 1). Furthermore A = ({q, q2 , q3 , q4 }, {p1 , p2 }, δ, q1 , Ω) is an alternating
Π2 -automaton with:
• δ(q1 ) = q2 ,
• δ(q2 ) = q4 ∨ q3 ,
• δ(q3 ) = p1 ,
• 3
δ(q4 ) = q1 ,
• Ω(q1 ) = Ω(q4 ) = 1 and
• Ω(q2 ) = Ω(q3 ) = 2.
It can easily be seen that GA,q (S) is a representation of the game tree de-
scribed in Chapter 9 (which there is called behaviour), where the choice nodes
for player 0 are the d-nodes and the choice nodes for player 1 are the c-nodes.
Furthermore, it follows easily from the definition that the Test Automaton ac-
cepts the game tree if and only if player 0 has a winning strategy. Since, as it
is shown in Chapter 9, the existence of a winning strategy for player 0 implies
acceptance we get the following lemma.
198 Luca Alberucci

p1

p1 p2

c1

d2 d2

∅ P ∅ ∅

c1

d2 d2

d1 ∅ d1 ∅

P P P P
Fig. 11.1. S, GA,q1 (S) and G2A,q1 (S)

Lemma 11.10. For any binary transition system S and any automaton A with
initial state q, we have:
• If A ∈ Σn :
S ∈ A ⇔ GA,q (S) ∈ TΣn .
• If A ∈ Πn :
S ∈ A ⇔ GA,q (S) ∈ TΠn .
The proof of the next lemma needs the notion of limit tree. Suppose we
have a sequence of trees (tn )n∈ω which is monotone, that is, the following holds:
For all m ∈ ω there is a n(m) ∈ ω such that for all n , n ≥ n(m) the trees tn

and tn

are identical up to depth m.
In that case we can define the limit tree lim((tn )n∈ω ) of the sequence (tn )n∈ω
such that for all natural numbers m the limit tree is identical to tn(m) up to depth
m. Notice that lim((tn )n∈ω ) is well defined since (tn )n∈ω is monotone.
Lemma 11.11. Let A ∈ Σn (∈ Πn ) be an automaton. There is an automaton
A ∈ Σn (∈ Πn ) with initial state q  and a transition system FA
,q such that
A = A  and GA
,q
(FA
,q
) = FA
,q
.
 11 Strictness of the Modal µ-Calculus Hierarchy 199

Proof. Let A be an automaton of the form (Q, P, qI , δ, Ω). For the semantically
equivalent automaton A we take a new state q  and set

A = (Q ∪ {q  }, P, q  , δ  , Ω  )

where δ  is equal to δ on Q and δ  (q  ) = qI ∧ qI ; and where Ω  is equal to Ω on Q

and Ω  (q  ) ↑. It can easily be seen that A = A  and that if A ∈ Σn (∈ Πn )
then A ∈ Σn (∈ Πn ).
Observe that the modification of the automaton ensures the following. Given
two binary transition systems S and S  which are identical up to depth m,
GA
,q
(S) and GA
,q
(S  ) are identical up to depth m + 1.
Let us construct the fixed point FA
,q
. We first define a monotone sequence
(tn )n∈ω of binary transition systems: t0 is the binary transition system S of the
form cu (1, 1) and

tn+1 = GA
,q
(tn ).

By induction on n, with the help of the claim, we can easily prove that for all n
the trees tn and tn+1 are identical up to depth n. From that, the monotonicity
of (tn )n∈ω easily follows. We set

FA
,q
= lim((tn )n∈ω ).

By definition of the limit tree we see that FA
,q
is a fixed point of GA
,q
, and
this completes the proof. 


We now prove the hierarchy theorem.

Theorem 11.12. For all natural numbers n we have:

TR
(1) Σn+1 = ΣnTR ,
(2) Πn+1 = ΠnTR .
TR

TR
Proof. 1. Proof by contradiction. Suppose Σn+1 = ΣnTR . By definition, it follows
that Πn ⊆ Σn . With Lemma 11.3 we get
TR TR

TR − TΣn  ∈ ΣnTR .

So, there exists a Σn -automaton A such that TR − TΣn  = A. By Lemmas

11.10 and 11.11 there is a semantically equivalent automaton A ∈ Σn and a
transition system FA
such that

FA
∈ TΣn  ⇔ FA
∈ A .

Since A  = A = TR − TΣn  we get

FA
∈ TΣn  ⇔ FA
∈ TR − TΣn 

and hence a contradiction, which proves part 1 of the theorem.

2. can be proven similarly to part 1.
200 Luca Alberucci

11.5.2 Hierarchy Theorem for the µ-Calculus

We apply Theorem 11.12 to the modal µ-calculus. From Corollary 11.7 and
Theorem 11.12, we immediately get:
Corollary 11.13. For all natural numbers n we have:
µTR
(1) Σnµ TR = Σn+1 ,
µTR
(2) Πnµ TR = Πn+1 .
The theorem shows us that no finite part of the modal µ-hierarchy has the
expressiveness of the whole calculus. In this sense, it can be seen as the evidence
that the modal µ-calculus hierarchy is strict. Let us prove two corollaries before
we illustrate the modal µ-calculus hierarchy.
Corollary 11.14. For all natural numbers n > 0 we have
Σnµ TR = ΠnµTR .
Proof. We prove the contrapositive. Suppose that we have Σnµ TR = ΠnµTR for
µTR µ
an n > 0. Now, let ϕ ∈ Σn+1 \ ΣnµTR . So there is a ψ ∈ Σn+1 such that
µ
ϕ = ψ. Since Σn+1 = µ(Πn ), by definition of the operator µ there are
µ

formulae ψ1 , . . . , ψm , ¬ψm+1 , . . . , ¬ψm+k such that all ψi ∈ Πnµ and such that
3
ψ is obtained from these formulae using ∧, ∨, µ, , and substitution. Using
this representation of ψ we show that the formula is equivalent to a formula
ψ  ∈ Σnµ . Hence we have ψ ∈ Σnµ TR , which is a contradiction to Corollary 11.13,
since we have ϕ = ψ.
So, let us show the equivalence of ψ to a ψ  ∈ Σnµ . In the construction
of ψ we started from formulae ψ1 , . . . , ψm , ¬ψm+1 , . . . , ¬ψm+k such that all
ψi ∈ Πnµ . Since by assumption Σnµ TR = ΠnµTR , for all i ∈ {1, . . . , m} there are
formulae ψi ∈ Σnµ which are equivalent to ψi . Further, by Lemma 11.2 for all
i ∈ {m + 1, . . . , m + k} there are formulae ψi ∈ Σnµ equivalent to ¬ψi . Hence
ψ is equivalent to a formula constructed analogously starting from formulae
ψ1 , . . . , ψm
 
, ψm+1 
, . . . , ψm+k , where all ψi ∈ Σnµ , that is ψ is obtained from
3
the ψi by using ∧, ∨, µ, , and substitution. Since Σnµ is closed under these


operations, we have Σnµ = µ(Πn−1 µ

). That means that ψ  ∈ Σnµ . Since ψ  is
equivalent to ψ the proof is completed. 

Corollary 11.15. For all natural numbers n we have:
(1) Σnµ TR ( Πn+1
µTR
,
(2) Πnµ TR
( Σn+1 .
µTR

Proof. 1. We prove the contrapositive. Suppose that Σnµ TR ( Πn+1 µTR

does not
µTR µTR
hold. Since it is clear that Σnµ TR ⊆ Πn+1 holds we then have Σnµ TR = Πn+1 .
µTR µTR
Now, suppose we have ϕ ∈ Σn+1 , by Lemma 11.2 we have ¬ϕ ∈ Πn+1 and
with our assumption we get ¬ϕ ∈ ΣnµTR and by Lemma 11.2 ϕ ∈ ΠnµTR .
µTR
Since ϕ was arbitrary we have Πnµ TR = Σn+1 . All together, this gives to us
µTR µTR
Σnµ TR = Πn+1 and Πnµ TR = Σn+1 .
 11 Strictness of the Modal µ-Calculus Hierarchy 201

But then we easily get

µTR µTR µTR µTR
Σn+1 ⊆ Πn+1 and Πn+1 ⊆ Σn+1
which is not the case by Corollary 11.14.
2. is proven similarly. 

We end with Figure 11.2 which illustrates the structure of the modal µ-
calculus hierarchy.

LTR
µ
s

; ; @@
Π3µTR ; =
s @Σ s
µTR

6@
I@ 
;
;6
3

@@ ; ;
;
;
; @@
Π2µTR ;; = @@ Σ
s s
µTR

6@
I@ 6
;
2

@@ ;;
@;
;; @@
Π1µTR ;; = @@ Σ
s s
µTR

I@
@ 
;
1

;
@@;; s

Σ0µTR = Π0µTR
Fig. 11.2. The modal µ-calculus hierarchy. Notice that the arrows stand for strict
inclusion and that LTR
µ = {ϕ | ϕ ∈ Lµ }.
12 Decidability of S1S and S2S

Mark Weyer

Institut für Mathematische Logik

Universität Freiburg

Overview

The purpose of this chapter is to prove the decidability of monadic second-order

logic over infinite words and infinite binary trees, denoted S1S and S2S. It is
organized as follows.
Section 12.1 tries to motivate the topic by showing its position relative to
decidability questions of other logics. It may be regarded as an introduction, but
it is not required for understanding the subsequent sections. In the Section 12.2
we define the logics and prove some expressibility lemmata, which will be needed
later, and which familiarize the reader with the logics. In Section 12.3 we char-
acterize the logics by means of automata. The decidability proofs are carried
out in Section 12.4 based on material from earlier chapters. This section also
contains a variety of corollaries concerning the decidability of other logics. In
Section 12.5 we investigate special model properties of these logics, exploiting
the structure of the decidability proofs.
We assume that the reader is familiar with the basic concepts of mathematical
logic, as can be obtained by reading the central parts of [48].

12.1 Looking for Decidability

Inspired by an idea of Lullus, Leibniz hoped to develop a calculus for the decision
of truth in the most general sense, allowing to settle even philosophical ques-
tions by computation (his terminology was different, though). Many discoveries
of the 1930’s (e.g., Gödel’s Incompleteness Theorem [66]) implied that such a
calculus can not exist. However, this left open the undecidablility of truth in spe-
cial subtopics of mathematics. Charting the boundary between decidability and
undecidability remained and still remains an important question in many areas.
For instance, the undecidability result [121] for Hilbert’s Tenth Problem [81] was
not proved until 1970.
Proofs of undecidability of a logical formalism often work by encoding some
computationally complete calculus in the logic (which implies that the logic itself
is a computationally complete calculus). Suppose we choose Turing Machines.
A run of a Turing Machine can be described by a coloured two-dimensional
grid, where the configuration extends to the right and time extends downwards.
Therefore, whenever a logic is expressive enough to encode infinite or arbitrarily
large finite (coloured) grids, it is undecidable.

E. Grädel et al. (Eds.): Automata, Logics, and Infinite Games, LNCS 2500, pp. 207-230, 2002.
 Springer-Verlag Berlin Heidelberg 2002
208 Mark Weyer

This applies to general first-order logic and first-order logic over finite struc-
tures because the vocabulary may be chosen to allow such an encoding rather
directly. In fact, a single binary relation suffices. On the other hand, if the class
of structures that the logic reasons about limits the interpretation of these re-
lations, decidability may become possible again. An important example is Pres-
burger arithmetic, i.e., the first-order theory of the structure (ω, +), which has
been proved to be decidable in 1929 [146]. What about second-order logic? It
is undecidable even over very limited classes of structures, because unrestricted
binary relations can be created by second-order quantification. This even holds
for universal and weak second-order logic. Hence logics with the expressiveness
of first-order logic or above can only be decidable in cases where second-order
quantification over binary relations is prohibited and no freely interpretable bi-
nary relations occur in the vocabulary. This leads to the investigation of monadic
second-order logic.
Let us gather some results.
(1) The first-order theory of arithmetic (ω, +, ·) is undecidable, which is basically
due to Gödel.
(2) The first-order theory of the field of reals (R, +, ·) is decidable, a result due
to Tarski [174].
(3) The monadic second-order theory of (R, +, ·) is undecidable, because the set
ω ( R is definable and hence arithmetic may be embedded.
(4) The first-order theory of (ω, +) is decidable, as mentioned above.
(5) The monadic second-order theory of (ω, +) is undecidable: An n × k grid
may be encoded by an appropriate subset of ω, using +1 and +2k to move
left and down.
This background leads us to monadic second-order logic over structures that
are weaker than (ω, +). An obvious choice is (ω, S0 ), where S0 is the successor
relation. We will show that the monadic second-order theory of this structure,
often called S1S, is decidable. We instead use the name S1S for monadic second-
order logic over ω-words. Decidability issues of both approaches are equivalent,
because ω-words may be regarded as colourings of the structure (ω, S0 ) and
monadic second-order logic is able to reason about colourings.
The structure (ω, S0 ) is free of rank one among the structures with one unary
function. An obvious generalization is to admit more than one unary function.
The structure that is free of rank one then is an infinite tree with fixed branching.
We show decidability in that case as well.1 Much of the research that is covered
in other chapters has been initiated by the decidability question of S1S and such
generalizations.
In Section 18.5 an extension of monadic second-order logic, called guarded
second-order logic, will be introduced. Guarded second-order logic over usual
1
The curious reader might ask about further generalizations. The monadic and weak
monadic second-order theories of infinite free structures are decidable if, and only
if, no higher arity than 1 occurs among the functions. The first-order theories of
arbitrary free structures are decidable. However, that is not among the topics of this
book.
 12 Decidability of S1S and S2S 209

structures is equivalent to monadic second-order logic over incidence structures.

In the context of guarded second-order logic the connection between grids and
decidability is even closer. By a theorem of Robertson and Seymour [155], a
class of graphs contains arbitrarily large grids as graph minors if, and only if, it
has unbounded tree-width (cf. Definition 18.14). The notion of graph minors is
inexpressible in monadic second-order logic, but expressible in guarded second-
order logic, which leads to the following result.
Theorem 12.1 (Seese [160]). Guarded second-order logic over a class of graphs
is undecidable if the class has unbounded tree-width.
For monadic second-order logic, this is not true. The class of all cliques has
unbounded tree-width but its monadic second-order theory is decidable. The
converse of the theorem does not hold either. Undecidability of logics may have
other origins, such as undecidability of pertainment to the class. But there are
partial converses, such as the following.
Theorem 12.2. For every natural number k, guarded second-order logic over
the class of all structures that have tree-width at most k is decidable.
This theorem is subsumed by Theorem 18.28, which is proved in Chapter 18.

12.2 MSO, S1S, and S2S

Monadic second-order logic (MSOfor short) allows quantification over individuals
and sets of individuals. Consider, for example, the formula

    
∀P ∀x∀y P x ∧ Exy → P y → ∀x∀y P x ↔ P y .

Suppose that E is the edge relation of an undirected graph. Then the subformula
  
∀x∀y P x ∧ Exy → P y
states that the set P (which is a subset of the set of vertices) is closed under
E. Hence it is the union of some of the graph’s connected components. The
subformula  
∀x∀y P x ↔ P y
states that P does not separate any of the graph’s vertices. So, the whole formula
specifies that no union of connected components separates any vertices. This is
equivalent to connectivity of the graph.
In this example two different versions of quantification were used: (first-order)
quantification over vertices by ∀x . . . and ∀y . . . and (second-order) quantifica-
tion over sets of vertices by ∀P . . . . We may equivalently replace quantification
over individuals by quantification over sets containing exactly one individual
(singleton sets). This leads us to a normal form of monadic second-order logic,
which we use as a definition.
A vocabulary is a set of relational symbols, each of which has a specified
arity. A symbol R ∈ σ is called monadic if its arity is one, i.e., if it is used to
denote sets.
210 Mark Weyer

Definition 12.3. The formulae of monadic second-order logic of vocabu-

lary σ, denoted MSO [σ], are defined simultaneously for all vocabularies σ by
induction.
(1) If R, S ∈ σ are monadic, then R ⊆ S is in MSO [σ].
(2) If R1 , . . . , Rk ∈ σ are monadic and S ∈ σ has arity k, then SR1 . . . Rk is in
MSO [σ].
(3) If ϕ and ψ are in MSO [σ], then so are ¬ϕ, ϕ ∨ ψ and ϕ ∧ ψ.
(4) If ϕ is in MSO [σ ∪· {R}] and R is monadic, then ∃Rϕ and ∀Rϕ are in
MSO [σ]. Note that in this case the parameter σ changes.
The satisfaction relation |= is defined for all vocabularies σ, all σ-structures
A and all ϕ ∈ MSO [σ] along the same induction.
(1) A |= R ⊆ S iff RA ⊆ S A .  
(2) A |= SR1 . . . Rk iff S A ∩ R1A × · · · × RkA = ∅ or in other words iff there are
individuals a1 ∈ R1A , . . . , ak ∈ RkA such that (a1 , . . . , ak ) ∈ S A .
(3) A |= ¬ϕ iff not A |= ϕ.
A |= ϕ ∨ ψ iff at least one of A |= ϕ and A |= ψ.
A |= ϕ ∧ ψ iff both A |= ϕ and A |= ψ.
(4) A |= ∃Rϕ iff B |= ϕ for at least one σ ∪· {R}-expansion B of A.
A |= ∀Rϕ iff B |= ϕ for all σ ∪· {R}-expansions B of A.
Definition 12.4. Weak monadic second-order logic (WMSO) has the same
syntax as MSO, but quantification is restricted to finite sets. Hence, the satisfac-
tion relation |=W is defined in the same way as |=, with the following exception:
(4) A |=W ∃Rϕ iff B |=W ϕ for at least one σ ∪· {R}-expansion B of A such that
RB is finite.
A |=W ∀Rϕ iff B |=W ϕ for all σ ∪· {R}-expansions B of A such that RB is
finite.
Definition 12.5. We use the following shorthand notations for (W)MSO-for-
mulae, where I = {i1 , . . . , in } is a finite set, x, P , and Q are arbitrary monadic
relation symbols, and ϕ, ψ, ϕi1 , . . . , ϕin are arbitrary (W)MSO-formulae.

X=∅ for ∀Y X ⊆ Y
sing (x) for ¬x = ∅ ∧ ∀X (X ⊆ x → (x ⊆ X ∨ X = ∅))
x∈P for sing (x) ∧ x ⊆ P
P =Q for P ⊆Q ∧ Q⊆P
ϕ→ ψ for ¬ϕ ∨ ψ
ϕi for ϕi1 ∧ · · · ∧ ϕin

i∈I
ϕi for ϕi1 ∨ · · · ∨ ϕin
i∈I
∃x ∈ P ϕ for ∃x (x ∈ P ∧ ϕ)
∀x ∈ P ϕ for ∀x (x ∈ P → ϕ)
Note that A |= sing (P ) iff P A is a singleton set, i.e., contains exactly one element.
Moreover, we use set theoretical operations that are clearly (W)MSO-definable
such as P ∪ Q, P ∩ Q, P \ Q, and P ∪· Q.
 12 Decidability of S1S and S2S 211

Note. As above we use lowercase variable names x, y, z, x0 , . . . to denote monadic

relation symbols that should be thought of as containing singletons.

ω-words and infinite binary trees as structures. Appropriate structures

can be used to represent ω-words and infinite binary trees. Since the represen-
tation is not canonic, we have to explicate it. For this purpose let Σ be an
alphabet.
 
Definition 12.6. Let W = (W, S0W , PaW a∈Σ ) be a structure with vocabulary
σ = {S0 } ∪ { Pa | a ∈ Σ }. W is called an ω-word with alphabet Σ, if
(1) S0 is binary and all Pa are monadic,
(2) W = ω is the set of word positions,
(3) S0W = { (n, n + 1) | n ∈ ω } is the successor relation, and
(4) the PaW form a partition of W .
 
Let T = (T, S0T , S1T , PaT a∈Σ ) be a structure with vocabulary σ = {S0 , S1 } ∪
{ Pa | a ∈ Σ }. T is called an infinite binary tree with alphabet Σ, if
(1) S0 and S1 are binary while all Pa are monadic,
∗
(2) T = {0, 1} is the set of tree positions,
(3) S0 = { (w, w0) | w ∈ T } and S1T = { (w, w1) | w ∈ T } are the two successor
T
relations, and
(4) the PaT form a partition of T .

Vocabularies that satisfy Condition (1) are called word vocabularies or

tree vocabularies, respectively. If Condition (1) to Condition (3) are satisfied,
W is called an extended ω-word and T is called an extended infinite binary
tree.
Note. We could push the analogy between ω-words and infinite binary trees one
step further by identifying natural numbers n ∈ ω with words 0n ∈ {0}∗ .
Definition 12.7. We define the following logics.
(1) S1S is the logic MSO over ω-words, i.e., the satisfaction relation |= is re-
stricted on the left-hand side to structures that are ω-words.
(2) WS1S is WMSO over ω-words.
(3) S2S is MSO over infinite binary trees.
(4) WS2S is WMSO over infinite binary trees.

For a more precise treatment of what a logic is, cf. Definition 12.28 and the
subsequent remark and examples.
Definition 12.8. Define the orderings < and ≺ of word or tree positions by:
≤ := { (n, n + m) | n, m ∈ ω }
∗
 := { (w, wv) | w, v ∈ {0, 1} }
< := { (n, m) ∈ ≤ | n = m }
≺ := { (w, v) ∈  | w = v }
212 Mark Weyer

Thus < is the transitive closure of the successor relation of ω-words. It intuitively
specifies whether or not a position is closer to the initial position than another.
Similarly, ≺ is the transitive closure of the union of both successor relations. It,
in turn, specifies whether or not a position is closer to the root than another.
Exercise 12.1. Express in S1S that every occurrence of a is eventually followed
by an occurrence of b. More precisely: find an S1S-formula ϕ such that for ω-
words W we have W |= ϕ iff W has the mentioned property. You may use the
predicates < and ≤ (due to Lemma 12.11).
Lemma 12.9 (Being initially closed is (W)S1S-expressible). There is a for-
mula Incl1 (P ) ∈ MSO such that for all extended ω-words W the following are
equivalent.

(1) W |= Incl1 (P ),
(2) W |=W Incl1 (P ),
(3) y ∈ P W implies x ∈ P W for all word positions x ≤ y.

Proof. Choose, for example,

  
Incl1 (P ) = ∀x∀y sing (x) ∧ S0 xy ∧ y ∈ P → x ∈ P .

2
Lemma 12.10. Being initially closed is (W)S2S-expressible
Proof. This time, choose
  
Incl2 (P ) = ∀x∀y sing (x) ∧ (S0 xy ∨ S1 xy) ∧ y ∈ P → x ∈ P .

2
Lemma 12.11. The relations ≤ and < are (W)S1S-expressible, the relations 
and ≺ are (W)S2S-expressible.
Proof. Observe that a ≤ b iff a is contained in all initially closed sets that contain
b iff a is contained in all initially closed finite sets that contain b. The same holds
for a  b. Therefore we set
  
x ≤ y := sing (y) ∧ ∀P Incl1 (P ) ∧ y ∈ P  → x ∈ P  ,
x  y := sing (y) ∧ ∀P Incl2 (P ) ∧ y ∈ P → x ∈ P ,
x < y := x ≤ y ∧ ¬x = y,
x ≺ y := x  y ∧ ¬x = y.
2
Lemma 12.12 (Lexicographic ordering is (W)S2S-expressible). There is a for-
mula Lex (x, y) such that for all extended infinite binary trees T where xT and y T
are singletons, say xT = {a} and y T = {b}, the following holds. T |= Lex (x, y)
iff a precedes b in the lexicographic ordering of tree positions (viewed as words
with alphabet {0, 1}).
 12 Decidability of S1S and S2S 213

Proof. We start by expressing that a common prefix of x and y is followed by 0

in x and by 1 in y:
 
ϕ := ∃z∃z0 ∃z1 sing (z) ∧ S0 zz0 ∧ S1 zz1 ∧ z0  x ∧ z1  y .

The lexicographic ordering is the union of this relation and the prefix relation.
Hence we assemble
Lex (x, y) := ϕ ∨ (x ≺ y) .
2
Lemma 12.13 (Infiniteness is S1S- and S2S-expressible). There are formulae
Inf 1 (P ) ∈ MSO and Inf 2 (P ) ∈ MSO such that for ω-words W respectively in-
finite binary trees T we have W |= Inf 1 (P ) respectively T |= Inf 2 (P ) iff P W
respectively P T is infinite.
There are also formulae Fin1 (P ) ∈ MSO and Fin2 (P ) ∈ MSO expressing
finiteness of P W respectively P T .

Proof. We only construct Inf 2 (P ).

We claim that a set S of tree positions is infinite iff there is a non-empty set
S  of tree positions such that for all a ∈ S  there are b ∈ S, b ∈ S  with a ≺ b
and a ≺ b . For the ‘if’ part suppose that S  is given. By recursively gathering
the b it follows that S  is infinite. Since every element in S may appear only
finitely often as a b for some a ∈ S  , S has to be infinite as well. For the ‘only
if’ part suppose that S is infinite. Then there must be one child of the root
such that S, restricted to the associated subtree, is still infinite. By recursion
we define a path S  such that for all a ∈ S  there are still infinitely many b ∈ S
with a ≺ b. This set S  satisfies the condition.
Now we are able to define Inf 2 (P )

 
Inf 2 (P ) = ∃P  P  = ∅ ∧ ∀x ∈ P  ∃y ∈ P ∃y  ∈ P  x ≺ y ∧ x ≺ y  .

2
Lemma 12.14. Being a path is S2S-expressible.

Proof. Observe that being a path is equivalent to being minimal among the
infinite initially closed sets. Therefore we set

  
Path (P ) := Inf 2 (P ) ∧ Incl2 (P ) ∧ ∀Q Inf 2 (Q) ∧ Incl2 (Q) ∧ Q ⊆ P → Q = P .

12.3 Characterization of S1S and S2S

We intend to prove the decidability of S1S and S2S. For this purpose we char-
acterize these logics by means of automata. The characterization is the content
of the Theorems of Büchi and Rabin.
214 Mark Weyer

Theorem 12.15 (Büchi [18]). Büchi word automata and S1S are expressively
equivalent. Moreover, the equivalence is effective.

Theorem 12.16 (Rabin [148]). Muller tree automata and S2S are expressively
equivalent. Moreover, the equivalence is effective.

These theorems might need some explanation (for a precise formulation, see
the next four lemmata). Automata and formulae both define languages of ω-
words (infinite binary trees) over a certain alphabet. Automata do so by recogni-
tion, formulae by the satisfaction relation. Such languages are generally thought
of as properties of ω-words (infinite binary trees) that are expressed by the au-
tomata or formulae. ‘Expressive equivalence’ means that the same languages
may be defined by the two formalisms, and ‘effectiveness’ means that automata
and formulae can be translated effectively into each other.

Example 12.17. Consider the language T from Example 8.3 which is recognizable
by a Muller tree automaton. We can also give a formula ϕ ∈ S2S such that

T = { T | T is an infinite binary tree and T |= ϕ },

namely


ϕ = ∃P ∃A∃B∃I Path (P ) ∧ P = A ∪· B ∪· I ∧ Incl2 (I) ∧ Fin2 (I) ∧

A ⊆ Pa ∧ B ⊆ Pb ∧ ¬S0 AA ∧ ¬S1 AA ∧ ¬S0 BB ∧ ¬S1 BB

(cf. Lemma 12.10, Lemma 12.13 and Lemma 12.14). Rabin’s Theorem states that
this is no coincidence. Whenever there is an automaton describing some property
of infinite binary trees there is also a formula describing the same property and
vice versa.

The proofs of Theorem 12.15 and Theorem 12.16 are split into the following
four lemmata. Instead of Büchi acceptance conditions we use Muller conditions.

Lemma 12.18. There is an algorithm that upon input of a Muller word au-
tomaton A produces a formula ϕA ∈ S1S such that for all ω-words W we have
W |= ϕA iff A accepts W.
Lemma 12.19. There is an algorithm that upon input of an S1S-formula ϕ
produces a Muller word automaton Aϕ such that for all ω-words W we have
W |= ϕ iff Aϕ accepts W.
Lemma 12.20. There is an algorithm that upon input of a Muller tree automa-
ton A produces a formula ϕA ∈ S2S such that for all infinite binary trees T we
have T |= ϕA iff A accepts T.

Lemma 12.21. There is an algorithm that upon input of an S2S-formula ϕ

produces a Muller tree automaton Aϕ such that for all infinite binary trees T we
have T |= ϕ iff Aϕ accepts T.
 12 Decidability of S1S and S2S 215

Due to the the obvious similarities we only prove the latter two lemmata.
Proof (of Lemma 12.20). Let A = (Q, Σ, qI , ∆, F ) be the given Muller tree
automaton. We construct an equivalent MSO-formula ϕA .
Note that the acceptance condition ‘there is a tree of states satisfying the
following conditions: . . . ’ already is in the form of existential second-order quan-
tification. Monadic second-order symbols R̄ = (Rq )q∈Q are used to encode the
‘tree of states’ of A. What remains is to express the ‘conditions’.
The overall shape of ϕA is
ϕA = ∃R̄ (Part ∧ Init ∧ Trans ∧ Accept) .
A tree of states that contains state q at position x is represented by a structure
T iff x ∈ RqT and x ∈ RqT
for all q = q. This is formalized by

Stateq (x) := x ∈ Rq ∧ ¬x ∈ Rq
.
q
∈Q\{q}

Part expresses that the Rq form a partition, i.e., that the R̄ indeed encode a tree
of states.  

Part := ∀x sing (x) → Stateq (x) .

q∈Q

Init formalizes the initial condition, i.e., that the root is in state qI .

 
Init := ∃x StateqI (x) ∧ ∀y sing (y) → x  y

(cf. Lemma 12.11). Consistency of R̄ with the transition relation is guaranteed

by Trans.

 
Trans := ∀x∀y0 ∀y1 sing (x) ∧ sing (y0 ) ∧ sing (y1 ) ∧ S0 xy0 ∧ S1 xy1 →
  
Stateq (x) ∧ x ∈ Pa ∧ Stateq0 (y0 ) ∧ Stateq1 (y1 ) .
(q,a,q0 ,q1 )∈∆

In order to express the acceptance condition, we have to formalize infinite occur-

rence of states in paths. Let P be a monadic symbol that we think of as encoding
a path. Then
 
InfOccq (P ) := ∃Q Q ⊆ P ∧ Q ⊆ Rq ∧ Inf 2 (Q)
states that the state q occurs infinitely often within the path encoded by P (cf.
Lemma 12.13). Using this, we express the Muller condition F for the path P by
 

 
Muller (P ) :=  InfOccq (P ) ∧ ¬ InfOccq (P )
F ∈F q∈F q ∈F

and global acceptance by

 
Accept := ∀P Path (P ) → Muller (P )
(cf. Lemma 12.14) 2
216 Mark Weyer

Proof (of Lemma 12.21). We proceed using induction on ϕ. In order to apply

induction, though, the statement has to be modified such that not only infinite
binary trees, but also extended infinite binary trees are permitted. First we have
to express how extended binary trees may be represented by trees. It is safe,
though, to skip these technical details and resume at the following claim.
Let Σ be an alphabet and Σ  be an arbitrary set, disjoint from Σ. We define
[Σ, Σ  ] to be the alphabet Σ × P (Σ  ). [Σ, Σ  ] is a representation of the set
of choices when exactly one element is to be picked from Σ and arbitrarily
many from Σ  . When applied to extended infinite binary trees, the symbols Pa
for a ∈ Σ have to satisfy Condition (4) of Definition 12.6 (infinite binary trees),
while the symbols Pa for a ∈ Σ  do not (because they are bound by a quantifier).
For a ∈ Σ ∪· Σ  we use χa to denote the subset of [Σ, Σ  ] which is formed by
those encodings that express the choice of a.

{ (a , S) ∈ [Σ, Σ  ] | a = a } , if a ∈ Σ,
χa =
{ (a , S) ∈ [Σ, Σ  ] | a ∈ S } , if a ∈ Σ  .

Now, let σ be a tree vocabulary for the alphabet Σ ∪· Σ  . An infinite binary

tree T with alphabet [Σ, Σ  ] encodes a σ-structure T̃ being an extended infinite
binary tree as follows. 
PaT̃ = PaT
.
a
∈χa

Obviously T̃ and T are isomorphic if Σ  = ∅. Therefore Lemma 12.21 is

subsumed by the following claim for Σ  = ∅.
Claim. There is an algorithm that upon input of Σ, Σ  , and ϕ (which is an
S2S-formula of appropriate vocabulary) produces a Muller tree automaton Aϕ
with alphabet [Σ, Σ  ] such that for all infinite binary trees T we have T̃ |= ϕ iff
Aϕ accepts T.
We proceed using induction on ϕ, simultaneously for all Σ  .
(1) To begin with, consider the formula ϕ = Pa ⊆ Pb . We have T̃ |= ϕ iff at
every position x the following local condition holds: if a occurs at position
x then so does b.
To illustrate what that means, suppose that Σ = {a, c} and Σ  = {b, d}.
The labels of T that belong to a (i.e., the elements of χa ) are

(a, ∅) (a, {b}) (a, {d}) (a, {b, d})

and the labels that belong to b are
(a, {b}) (a, {b, d}) (c, {b}) (c, {b, d})
Therefore the automaton Aϕ verifies that the labels
(a, ∅) (a, {d})
do not occur in T.
 12 Decidability of S1S and S2S 217

In general we set Aϕ = ({q} , q, ∆, {{q}}), where

∆ = { (q, a , q, q) | a ∈ χa \ χb } .
(2) The construction of automata for the remaining base cases is left to the
reader.
(3;4a) For formulae of the form ¬ϕ, ϕ ∨ ψ , ϕ ∧ ψ, and ∃Pa ϕ, the induction
step coincides with closedness of the class of Muller-recognizable tree
languages under complementation, union, intersection and projection (cf.
Chapter 8).
(4b) For the remaining case suppose that ϕ = ∀Pa ψ. Note that ϕ is equivalent
to ¬∃Pa ¬ψ, so we may set Aϕ = A¬∃Pa ¬ψ .
2
Remark 12.22. A straightforward analysis of the size of the constructed au-
tomata reveals that the only expensive step is negation. By use of an appropriate
normal form for formulae we may eliminate negation up to quantifier alternation.
Then the automaton Aϕ has at most
·O(n)

·
2· q+1
2
states, where n is the length of ϕ and q is the number of quantifier changes in
ϕ. In Chapter 13 it is proved that this is optimal.
Exercise 12.2. By combining the algorithms from the two proofs we obtain an
algorithm that calculates a normal form for S2S. What is that normal form and
what is its analogon for S1S?
At this point the reader is invited to a short digression that characterizes the
cases of WMSO as well as the cases of finite words and finite trees.
Lemma 12.23. Any language that is definable in WS1S (WS2S) is also defin-
able in S1S (S2S).
Proof. Suppose n ∈ {1, 2}, ϕ ∈ WSnS, and ϕ defines the language
 L. Now

replace
 every subformula
 of ϕ of the form ∃Rψ or ∀Rψ by ∃R Fin n (R) ∧ ψ or
∀R Finn (R) → ψ respectively, where Finn (R) stems from Lemma 12.13. Let
ϕ be the resulting formula.
Clearly we have A |= ϕ iff A |=W ϕ for ω-words (or infinite binary trees) A.
2
For WS1S and S1S, the converse is also true.
Theorem 12.24 (Büchi [18]). For ω-languages L the following are effectively
equivalent.
(1) L is Büchi-recognizable.
(2) L is WS1S-definable.
(3) L is S1S-definable.
218 Mark Weyer

Proof. We add two more statements.

(4) L is Muller-recognizable.
(5) L is deterministic-Muller-recognizable.
Lemma 12.23 proves that (2) implies (3). Lemma 12.19 proves that (3) implies
(4). Chapter 1 shows the effective equivalence of (1), (4), and (5). It remains to
show that (5) implies (2). This parallels the proof of Lemma 12.20. Now, however,
the automaton A is deterministic.
Due to the impossibility of representing a complete run using only finite
sets, we restrict all investigations to initial segments of runs. Their domain is
associated with the monadic symbol I. As in the proof of Lemma 12.20 we use a
tuple R̄ = (Rq )q∈Q of monadic symbols to encode trees of states. This time the
formulae are defined as

Stateq (x) := x ∈ Rq ∧ ¬x ∈ Rq
,
q
∈Q\{q}

Part := ∀x ∈ I Stateq (x) ,

q∈Q

 
Init := ∃x StateqI (x) ∧ ∀y sing (y) → x ≤ y

(cf. Lemma 12.11),

 

 
Trans := ∀x ∈ I∀y ∈ I S0 xy → Stateq (x) ∧ x ∈ Pa ∧ Stateq
(y)  .
(q,a,q
)∈∆

The fact that the one and only run is in state q at position x is expressed by the
formula Occq (x).

 
Occq (x) := ∃I Incl1 (I) ∧ x ∈ I ∧ ∃R̄ Part ∧ Init ∧ Trans ∧ Stateq (x)

(cf. Lemma 12.9). Now we may finish with

 
InfOccq := ∀x sing (x) → ∃y x < y ∧ Occq (y) ,
 

 
Accept :=  InfOccq ∧ ¬ InfOccq  ,
F ∈F q∈F q ∈F

because for ω-words W we have W |= Accept iff A recognizes W. 2

This result raises the question whether or not WS2S = S2S. However, this is
not the case. It is crucial for the proof just presented that the word automaton
is deterministic. For tree automata this is not always possible: the automaton
Asing(Pa ) may serve as a counterexample. In fact WS2S is strictly weaker than
S2S. We mention the following result without proof.
 12 Decidability of S1S and S2S 219

Theorem 12.25 (Rabin [149]). For languages L of infinite binary trees the
following are equivalent.

(1) Both L and its complement are Büchi-recognizable.

(2) L is WS2S-definable.

Using this theorem, it can easily be verified that the inclusion WS2S ⊆ S2S
is strict. The language defined by ‘there is a path containing infinitely many
b’, is Büchi-recognizable but its complement is not, cf. Chapter 8. Hence this
language is S2S-expressible but not WS2S-expressible.
These examinations are also relevant in the finite case, where we have to
replace the concept of

ω-word by finite word

infinite binary tree by finite binary tree
Muller word automaton by finite automaton
Muller tree automaton by bottom-up tree automaton

and obtain the following theorems.

Theorem 12.26 (Büchi [17], Elgot [51] and Trakhtenbrot [186]). For lan-
guages L of finite words the following are effectively equivalent.

(1) L is recognizable by a finite automaton.

(2) L is (W)MSO-definable within the class of finite words.

Theorem 12.27 (Thatcher and Wright [176], Doner [45]). For languages L
of finite binary trees the following are effectively equivalent.

(1) L is recognizable by a bottom-up tree automaton.

(2) L is (W)MSO-definable within the class of finite binary trees.

The only part that needs further explanation is the notion of bottom-up tree
automata. It differs from Muller tree automata in the following ways.

(1) The initial condition is situated at the frontier:

Whenever a child of a node is missing, the automaton acts as if the missing
child was labelled with the state qI .
(2) The acceptance condition F ⊆ Q is situated at the root:
A run is called accepting if the state at the root is contained in F .
(3) The automaton may be imagined as visiting the leaves of the input tree first
and making its way towards the root by merging information of siblings into
their parent.
Due to this behaviour, the automaton is called ‘bottom-up’.
220 Mark Weyer

emptiness of automata

(W)MSO over finite words (W)MSO over finite trees

WS1S WS2S

S1S S2S
Presburger arithmetic MSO over countable orders

FO over (R, +) SωB

SωS

SnS

Fig. 12.1. A map through the decidability statements of Section 12.4

12.4 Decidability

An overview over the present section is given by Figure 12.1 that charts the
decidability results ahead.

Definition 12.28. A logic is a triple (C, |=, L), where

(1) C = (C [σ])σ is a family of classes of structures indexed by vocabularies.

(2) L = (L [σ])σ is a family indexed by vocabularies, the language of the logic,
(3) |== (|=σ )σ is a family of binary relations indexed by vocabularies, the sat-
isfaction relation of the logic.
(4) For all vocabularies σ it holds that |=σ ⊆ (C [σ] × L [σ]).

Remark 12.29. Despite the indexing, we will usually regard C and L assingle
classes and |= as a single relation. Furthermore we will assume the union L [σ]
σ
to be disjoint and the index vocabulary to be computable from the formula. This
can be achieved by replacing each ϕ ∈ L [σ] by (σ, ϕ).

Example 12.30. In the case of WS1S, C is the class of ω-words, |= is |=W , and L
is the syntax of MSO for word vocabularies. (For other vocabularies C [σ], L [σ]
and |=σ are empty.)

Example 12.31. In the case of modal µ-calculus, C is the class of pointed transi-
tion systems (S, s), |= is as in Definition 10.5, and L is the set Lµ .

Definition 12.32. A logic (C, |=, L) is called decidable if there is an algorithm

that decides upon input of a formula ϕ ∈ L [σ] whether or not ϕ is a tautology,
i.e., whether or not A |= ϕ for all structures A ∈ C [σ].
 12 Decidability of S1S and S2S 221

Note. Section 12.1 mentions that S1S and S2S sometimes are considered as the-
ories rather than logics. Theories of structures may be regarded as the special
cases of logics in which the class C contains only one structure. Then, decidability
of tautology becomes decidability of truth in (or satisfaction by) that structure.

Theorem 12.33. (1) (W)MSO over finite words is decidable [17, 51].
(2) WS1S is decidable [18].
(3) S1S is decidable [18].
(4) (W)MSO over finite binary trees is decidable [176, 45].
(5) WS2S is decidable [148].
(6) S2S is decidable [148].

Proof. Part (2) and Part (5) are proved after Lemma 12.36 as an application
of Lemma 12.23. For the other parts, suppose a formula ϕ is given. By one
of Theorem 12.26, Theorem 12.15, Theorem 12.27 or Theorem 12.16 we may
effectively construct an automaton A such that A accepts A iff A |= ¬ϕ. The
question whether or not A |= ϕ always holds can be reduced to the question
whether or not the language of A is empty. But emptiness of all these languages
is decidable.
How do we decide emptiness of these automata?
For (1) and (4), there are simple algorithms for determining the reachable
states. It suffices to check whether or not some final state is reachable.
For (6), emptiness of the automata is covered in Chapter 8. Let us recall this
in more detail. In Section 8.3 it is indicated that a Muller tree automaton can
be transformed into a parity tree automaton. In the proof of Theorem 8.19 it is
shown how the emptiness question of this automaton can be rewritten into the
winning question of some finite parity game. Decision of the latter is covered in
Chapter 6 and Chapter 7.
For (3), we may proceed completely analogously. Some parts have already
been established in other chapters: The transformation of the automata is indi-
cated in Chapter 1. The decision of the winning question is the same as for (6)
and is covered in Chapter 6 and Chapter 7. 2
These decidability results may be further exploited by reducing decidability
questions of other logics to them.

Definition 12.34. Let (C1 , |=1 , L1 ) and (C2 , |=2 , L2 ) be logics. An effective
translation from (C1 , |=1 , L1 ) to (C2 , |=2 , L2 ) is a tuple (v, R, f ), where

(1) v is a mapping from vocabularies to vocabularies,

(2) R = (Rσ )σ is a family of relations Rσ ⊆ C1 [σ] × C2 [v (σ)] that are onto on
both sides,
(3) f = (fσ )σ is a family of mappings fσ : L1 [σ] → L2 [v (σ)],
(4) the two-argument mapping (σ, ϕ) → fσ (ϕ) is effective and
(5) for all vocabularies σ, all formulae ϕ ∈ L1 [σ] and all structures A1 ∈ C1 [σ],
A2 ∈ C2 [v (σ)] such that (A1, A2 ) ∈ Rσ we have A1 |=1 ϕ iff A2 |=2 fσ (ϕ).
222 Mark Weyer

Remark 12.35. As above for logics, we will usually neglect the indexing by vo-
cabularies. We will regard R as a single relation and f as a single mapping.
Furthermore the mapping v can be constructed from f and is omitted from the
notation.
Lemma 12.36. If L2 is decidable and if there is an effective translation (v, R, f )
from L1 to L2 , then L1 is decidable.
Proof. As a decision procedure for L1 , given a formula ϕ ∈ L1 [σ], apply the
decision procedure for L2 to fσ (ϕ).
For the correctness of this decision procedure, recall that fσ (ϕ) is a tautology
iff A2 |=2 fσ (ϕ) for all A2 ∈ C2 [v (σ)]. Since Rσ is onto on the right-hand side,
this is the case iff A2 |=2 fσ (ϕ) for all (A1 , A2 ) ∈ Rσ . By Condition (5) for
effective translations this is the case iff A1 |=1 ϕ for all (A1 , A2 ) ∈ Rσ . Since Rσ
is onto on the left-hand side, this is the case iff A1 |=1 ϕ for all A1 ∈ C1 [σ]. 2
So far, the proofs of Part (2) and Part (5) of Theorem 12.33 have been
omitted. Now we are able to prove these parts as a trivial application of the
lemma.
Proof. We use the effective translation (R, f ), where each R is the identity and
f is as in the proof of Lemma 12.23. 2
Definition 12.37. Let n > 2. The logic SnS for infinite trees with branching
of fixed arity n is defined in a completely analogous way to S2S.
The same holds for SωS, in which case there is one successor function Si for
every natural number i and hence ω-ary branching.  
The logic SωB is different. It is MSO over structures T = (T, S T , PaT a∈Σ )
that are ω-ary branching unordered trees (of height ω), i.e., S T is the one suc-
cessor relation (the union of all successor relations in former cases). Formally we
might set
T = ω∗
S T = { (v, vα) | v ∈ ω ∗ , α ∈ ω }
Proposition 12.38. SωS is decidable.

Proof. Note that in an ω-ary tree, the n-th child of a node x is the n-th right
sibling of the 0-th child of x. Instead of 0th child, first child, second child, etc. we
may use the notions of leftmost child and next sibling. Instead of infinitely many
successor relations we only need two relations to describe tree positions. These
are identified with S0 and S1 respectively and the ω-ary tree can be embedded
in a binary tree. This lifts to an embedding of SωS-structures in S2S-structures.
cf. Figure 12.2 and Figure 12.3 for a visualization of an example with Σ = {a, b}.
More specifically, we state an effective translation (R, f ) from SωS to S2S.
For the relation R we give a bijection β from positions in ω-ary trees to the set
B of binary tree positions not starting with 1. Note that B is S2S-expressible.
β (ε) := ε
β (vn) := β (v) 01n
 12 Decidability of S1S and S2S 223

0 1 2 3

b a b b

0 1 2

a b a

Fig. 12.2. An SωS-tree . . .

a
0

b a b b



1 1 1 1
0

a b a



1 1 1

Fig. 12.3. . . . viewed as an S2S-tree

Now, we can extend β to a one-to-many relation R between SωS-structures

and S2S-structures. We label a position β (x) in a binary tree equal to the posi-
tion x in the ω-ary tree and all positions starting with 1 arbitrarily.
The mapping f applies the following replacements to atomic subformulae.

P ⊆ Q → P ∩ B ⊆ Q ∩ B
P X → P (X ∩ B)
S0 XY → S0 (X
 ∩ B) (Y ∩ B) 
 
Sn+1 XY → ∃z̄ zi ∈ B ∧ S0 Xz0 ∧ S1 zi zi+1 ∧ S1 zn Y
0≤i≤n 0≤i<n
224 Mark Weyer

In addition to implementing the transformation due to β this also restricts the

semantics to the tree positions in B. 2
Proposition 12.39. SωB is decidable.

Proof. We may use nearly the same effective translation as in the case of SωS.
The only change is that SXY has to be translated to a formula stating ‘There
are x ∈ X ∩ B and y ∈ Y such that y is of the form x01n ’. This can be done by
   
∀Z ∀x∀x ((x ∈ X ∩ B ∧ S0 xx ) ∨ (x ∈ Z ∧ S1 xx )) → Zx → ZY .

2
Proposition 12.40. SnS is decidable for all n > 2.

Proof. It is clear that the concept of binary tree automaton can be adapted in
such a way that all the results from Chapter 8 and Section 12.3 also hold for
the case of SnS (for finite n). A proof of Proposition 12.40 might explicate this
fact. More simply, one can find an effective translation (R, f ) from SnS to SωS,
because there is a trivial injection ι from positions of n-ary trees to positions
of ω-ary trees. The proof works similar to the one of Proposition 12.38; here, ι
assumes the role that β did formerly. 2
 
Definition 12.41. A structure O = O, <O is called a dense linear order
without endpoints if

(1) <O is a linear ordering of O.

(2) For all x ∈ O there are y, z ∈ O such that y <O x <O z.
(3) For all x, y ∈ O such that x <O y there is z ∈ O such that x <O z <O y.

Lemma 12.42 (Cantor [25]). All countable dense linear orders without end-
points are isomorphic.
   
Proof. Suppose O, <O and P, <P are dense linear orders without endpoints
and β is a monotone bijection from a finite subset O ( O to a finite subset
P  ( P . Suppose further that o ∈ O\O is given. Due to the fact that <P is dense
and without endpoints there is an element p ∈ P \ P  such that β ∪· {o → p} is a
monotone bijection between O ∪· {o} and P  ∪· {p}. Similar arguments succeed,
if p ∈ P \ P  is given.
Let η : ω → O ∪· P be an enumeration of O ∪· P . By a naı̈ve induction we can
construct an increasing sequence (βn )n∈ω of monotone bijections between finite
subsets of O and P , such that for all n ∈ ω it holds that η (n) is in the domain
or range of βn+1 : Let β0 be the empty bijection. Let βn+1 = βn if η (n) already

is in the domain or range of βn . Use the above extension otherwise. Then βn
n∈ω
is a monotone bijection from O to P , i.e., an isomorphism from O to P.
For a set-theoretical foundation of the naı̈ve induction we have to use the
Lemma of Zorn. 2
 12 Decidability of S1S and S2S 225

Lemma 12.43. MSO is decidable over countable dense linear orders without
endpoints.

Proof. Since all countable dense linear orders without endpoints are isomorphic,
it suffices to prove that ({O} , |=, MSO) is decidable
 for one countable dense
linear order without endpoints O = O, <O . We will choose as O the set of
binary tree positions and as <O the ordering from left to right. This ordering is
S2S-definable because x <O y iff x1 precedes y1 in the lexicographic ordering of
Lemma 12.12. It is straightforward to translate MSO over this order to S2S. It
remains to prove that this order is dense and without endpoints.
For lack of endpoints let x ∈ O be given. We have to construct y, z ∈ O such
that y <O x <O z. Choose y = x0, z = x1. For denseness let x, y ∈ O be given
such that x <O y. We have to construct z ∈ O such that x <O z <O y. Suppose
first that x is at a larger depth in the tree than y. In this case choose z = x1,
otherwise choose z = y0. 2
Proposition 12.44. MSO is decidable over countable linear orders.

Proof. It is easy to see that every countable linear order is a suborder of a

countable dense linear order without endpoints. Therefore all countable linear
orders can be embedded in the structure O of the previous lemma. This gives
rise to an effective translation as follows.
Let R be the total relation. For the construction of f let us first fix a monadic
symbol U . f works by relativizing all quantifications to U and adding ∀U at the
front. Then O |= f (ϕ) iff P |= ϕ for all linear orders P that are suborders of O
iff P |= ϕ for all countable linear orders. 2
In first-order logic, or FO for short, quantification is permitted only over
individuals.

Definition 12.45. Presburger arithmetic is first-order logic over the struc-

ture (ω, +) where
+ = { (a, b, c) ∈ ω 3 | a + b = c }.

Proposition 12.46 (Presburger [146]). Presburger arithmetic is decidable.

Proof. Again, we use an effective translation (R, f ), this time to WS1S. R is the
total relation. Consequently only the definition of f remains.
We will use binary number representation to interpret natural numbers in
WS1S. A finite set N ⊆ ω of word positions encodes the natural number n given
by 
n= 2i .
i∈N

P
Let V be a set of variables (for natural numbers). An ω-word w with alphabet
(V ) encodes a family (nv )v∈V of natural numbers via the sets Nv := { i < ω |
v ∈ wi }. For example, the ω-word

{a, c} {b, c} {a, b} {c} ∅ω

226 Mark Weyer

encodes
Na = {0, 2} na = 5
Nb = {1, 2} nb = 6
Nc = {0, 1, 3} nc = 11
Addition of numbers is specified most easily by an automaton implementing the
blackboard addition algorithm. The automaton

∅ {a}
{a,c} {b}
{b,c} {a,b,c}
{a,b}
q0 q1
{c}

expresses that na + nb = nc . Let us see how it works. If the automaton is, e.g.,
in state q1 , then a carry of 1 has to be considered in addition to the digits of
na and nb . If these digits are 0 and 1 respectively, then nc will have a digit 0 at
the considered position. Hence, the position is labelled with b and neither with
a nor c. Therefore the corresponding transition is labelled with {b} and leads
back to q1 because the next carry is again 1. The automaton can be translated
into a WS1S-formula. The remainder of the construction of f provides no more
difficulties. 2
This technique extends to the addition of real numbers:
Proposition 12.47. FO over the structure (R, +) (additive group of real num-
bers) is decidable.
Proof. We identify real numbers r with pairs (n, x), where n is an integer,
0 ≤ x < 1, and r = n + x. By writing n in two’s complement binary repre-
sentation we can identify integers with {0, 1}-words not containing both 0 and
1 infinitely often. x can be written in normal binary representation, identifying
fractional parts with {0, 1}-words containing 0 infinitely often. Examples: The
real number π is represented by the two words 110000 . . . (for 3, the usual direc-
tion is . . . 000011) and 001001000011111 . . . (for 0.1415 . . . ). The real number
−6.25 is represented by the two words 1001111 . . . (for −7) and 1100000 . . .
(for 0.75). Therefore a variable for (R, +) may be transformed into two monadic
symbols of S1S. Specifying addition using this encoding can be done similar to
the case of Presburger arithmetic. 2
Using a different proof technique, Tarski [174] proved in 1948 that even FO
over (R, +, ·) is decidable.

12.5 Special Model Properties

Given a satisfiable formula in some logic, we are often interested in structures of
particularly simple nature that satisfy the formula. For instance, the Löwenheim-
Skolem-Tarski Theorem (cf. [83]) tells us that satisfiable first-order formulae have
 12 Decidability of S1S and S2S 227

countable models. Therefore, we say that FO has the countable model property.
We are interested in similar special model properties for other logics. These
are closely related to the fact that the logics cannot identify every structure (up
to isomorphism). Often the decidability of a logic can be established via a special
model property.
The automata theoretic nature which underlies the proofs of many theorems
in this chapter will yield special model properties for the logics that appeared in
the previous section. It is known from Theorem 8.19 that every tree automaton
recognizing a non-empty language accepts a regular tree. (Recall that an infinite
binary tree is called regular if its labelling can be generated by a deterministic
tree automaton with output (Chapter 8), or equivalently if it contains, up to
isomorphism, only finitely many subtrees (Chapter 15).) The analogon for ω-
words is treated in the following exercise.

Exercise 12.3. Prove that every word automaton (say with parity condition)
with non-empty language accepts an eventually periodic ω-word. An ω-word v
is called eventually periodic, if it is of the form v1 v2ω . You may want to look
up the proof of Theorem 8.19.
By the equivalence of word and tree automata with S1S and S2S, we obtain
special model properties of these logics.
Proposition 12.48 (Eventually periodic model property). Each satisfiable S1S
formula is satisfied by an eventually periodic ω-word.
Proposition 12.49 (Regular model property). Each satisfiable S2S formula is
satisfied by a regular infinite binary tree.

Exercise 12.4. Prove that model checking S2S over regular trees is decidable: On
input of an S2S-formula ϕ and a regular binary tree T (given by its generating
automaton) it can be decided whether or not T |= ϕ.

Now, let us resume the investigation of countable linear orders. A regular

order is an induced suborder of the infinite binary tree which is induced by a
regular language (recall that tree positions are words).
Proposition 12.50. Each MSO-formula that is satisfied by a countable linear
order is also satisfied by a regular order.
Proof. The proof of Proposition 12.44 shows that if ϕ is satisfiable by a countable
order then ∃U ϕ is satisfied by the infinite binary tree, where ϕ expresses that ϕ
holds for the induced suborder of the infinite binary tree which is induced
 by U .
Hence ϕ holds for a suitable (extended) binary tree T, S0T , S1T , U T . We may
conclude that ϕ also holds for a regular (extended) binary tree, which finishes
the proof. 2
Of course, this is not satisfying in itself: The class of regular orders is not even
closed under order-isomorphisms of the infinite binary branching tree. Instead,
Proposition 12.52 will give an algebraic characterization.
228 Mark Weyer

Definition 12.51 (Läuchli and Leonard [111]). Let O be a minimal class of

(linear) orders such that
(1) The one-point order is in O.
(2) If O1 and O2 are orders in O then there is also an order in O that is
isomorphic to O1 + O2 .
(3) If O is an order in O then there is also an order in O that is isomorphic to
(ω, <) × O = O + O + . . . .
(4) If O is an order in O then there is also an order in O that is isomorphic to
(ω, >) × O = · · · + O + O.
(5) If Ō is a finite tuple (say of length n) of orders in O then there is also an
order in O that is a countable dense shuffling without endpoints of Ō.
In order to understand dense shufflings without endpoints, consider the fol-
lowing axioms, which are modifications of those for dense linear orders without
endpoints.
(1) The tuple S̄ of length n is a partition of S.
(2) < is a linear ordering of S.
(3) For all x ∈ S, 0 ≤ i < n there are y, z ∈ Si such that y < x < z.
(4) For all x, y ∈ S, 0 ≤ i < n such that x < y there is z ∈ Si such that
x < z < y.
As before, there is up to isomorphisms only one countable structure S satisfying
these axioms. Take this structure and for all i replace every point of the colour
Si by a copy of Oi . Every order isomorphic to the resulting order is called a
countable dense shuffling without endpoints of Ō.
Proposition 12.52 (Heilbrunner [79]). The regular orders coincide, up to iso-
morphisms, with the class O.
Corollary 12.53. MSO over countable orders has the O model property.
For FO over (R, +) we obtain:
Lemma 12.54. Let ϕ be an FO-formula with free variables x̄, ȳ and let c̄ ∈ Q .
 ā ∈ R such that (R, +, ā, c̄) |= ϕ then there is also a tuple
If there is a tuple
b̄ ∈ Q such that R, +, b̄, c̄ |= ϕ.
Proof. After applying the translation from Proposition 12.47, we have to prove
that if an S1S-formula ψ is satisfied by an ω-word encoding real numbers ā
and rational numbers c̄, then ψ is also satisfied by an ω-word encoding rational
numbers b̄ instead of ā but the same rational numbers c̄. Examining the encoding
reveals that a rational number is encoded by two eventually periodic ω-words.
These can be identified by suitable automata and hence be defined by suitable
formulae. Therefore, we may eliminate c̄ from the ω-word by a modification of
ψ.
Suppose W |= ψ, where W encodes any real numbers ā. By the eventually
periodic model property of S1S, ψ is also satisfied by an eventually periodic
ω-word V. But V can only encode rational numbers. 2
 12 Decidability of S1S and S2S 229

The Lemma may be used to prove the following.

Proposition 12.55 ((R, +) and (Q , +) are elementarily equivalent). For every

FO-formula ϕ we have (R, +) |= ϕ iff (Q , +) |= ϕ.

Proof. For an FO-formula ϕ, let ϕ denote the formula that is obtained from ϕ
by replacing all quantifiers ∃x ( · ) and ∀x ( · ) by ∃x ∈ Q ( · ) and ∀x ∈ Q ( · ). Since
Q is not FO-definable in (R, +), ϕ is a priori not equivalent over (R, +) to any
FO-formula. Therefore we will interpret ϕ in the structure (R, Q , +). Obviously
for ā ∈ Q we have (R, Q , +, ā) |= ϕ iff (Q , +, ā) |= ϕ. As a consequence it suffices
to show that (R, +, ā) |= ϕ iff (R, Q , +, ā) |= ϕ for ā ∈ Q . This will be shown
by induction on the formula ϕ.
The claim is trivial for quantifier-free ϕ because in that case ϕ = ϕ. The
induction steps ϕ1 ∧ ϕ2 , ϕ1 ∨ ϕ2 , or ¬ϕ1 are easy as well. Let us prove the case
ϕ = ∃xψ. The case ϕ = ∀xψ can be handled as ¬∃x¬ψ, since these two formulae
are equivalent.
Suppose (R, +, ā) |= ϕ with ā ∈ Q . Then there is an a ∈ R such that
(R, +, ā, a) |= ψ. Using Lemma 12.54 there is also a b ∈ Q such that (R, +, ā, b) |=
ψ. By the induction hypothesis we may conclude that (R, Q , +, ā, b) |= ψ  . Then
(R, Q , +, ā) |= ∃x ∈ Q ψ  which is (R, Q , +, ā) |= ϕ .
For the converse suppose (R, Q , +, ā) |= ϕ . Then there is an a ∈ Q such
that (R, Q , +, ā, a) |= ψ  . With the induction hypothesis we may conclude that
(R, +, ā, a) |= ψ. Since a ∈ R holds anyway we have (R, +, ā) |= ∃xψ which is
(R, +, ā) |= ϕ. 2
The modal µ-calculus. It was proved already in Chapter 10 that the modal µ-
calculus Lµ is decidable. In fact, this is closely related to special model properties
of Lµ and to the embedding of Lµ into MSO (for details, see also Chapter 14).
Countable model property: Each satisfiable formula in Lµ has a countable model.
Tree model property: Each satisfiable formula in Lµ has a tree model.
The countable model property holds for fixed point logics in general (for a
proof, see Chapter 18). The tree model property follows from the invariance of Lµ
under bisimulation (see Chapter 14) and the possibility to unravel any transition
system to a bisimilar tree model. Together, the two results imply that Lµ has the
countable tree model property. Since every formula in Lµ can be translated into
an equivalent MSO-formula, the decidability of Lµ follows from the decidability
of SωB.
For a related result concerning the more powerful guarded fixed point logic
µGF, see Chapter 18. Finally we prove that Lµ has the finite model property.

Proposition 12.56 (Finite model property). Each satisfiable formula of the

modal µ-calculus is satisfiable by a finite transition system.

Proof. The essence of the proof is that the generating automaton of a regular
tree already is a pointed finite transition system.
230 Mark Weyer

Let ϕ ∈ Lµ be satisfiable. We can transform ϕ first to a satisfiable formula

ϕ ∈ SωB and from there, via the translation in the proof of Proposition 12.39, to
a satisfiable formula ϕ ∈ S2S. We conclude that the latter possesses a regular
model T with generating automaton A = (Q, {0, 1} , qI , δ  , f ). Shifting T
back through the translations, we obtain models T of ϕ and (S, s) of ϕ. T
is just the ω-ary tree that is generated by the automaton A = (Q, ω, qI , δ  , f ),
where
δ  (q, n) := δ  (q, 01n ) .
In order to understand S = (S, R, λ), observe that it is an induced subtree of
the infinite ω-ary tree that is induced by U T for some relational symbol U .

Therefore s = ε, S = U , R = { (v, vn) | vn ∈ U T } and λ = α ◦ f ◦ δ  (qI , · )

T

for some coding function α.

Now consider the finite transition system S0 = (QU , ∆, α ◦ f ), where

QU = { q ∈ Q | f (q) does encode U }

∆ = { (q1 , q2 ) ∈ QU × QU | q2 = δ  (q1 , n) for some n ∈ ω }.

Because S is non-empty and initially closed, we have ε ∈ S and hence qI ∈ QU .
Furthermore it is straightforward to check that (S0 , qI ) and (S, s) are bisimilar
(cf. Chapter 14 for a treatment of bisimulation) via the bisimulation relation

{ (q, v) ∈ QU × S | q = δ  (qI , v) }.

Hence (S0 , qI ) |= ϕ. 2
Obviously, this proposition also establishes the finite model property of every
modal or temporal logic that can be embedded into Lµ (such as LTL, CTL,
CTL∗ etc.) We finally remark that using the translation of Lµ into alternating
tree automata one obtains a stronger version of the tree model property and
better complexity bounds (see Chapters 9 and 10).
Tree model property with bounded degree: Each satisfiable formula ϕ ∈ Lµ has
a tree model of degree ≤ |ϕ|.
Complexity: The satisfiability problem for Lµ is Exptime-complete.
For related results in the context of guarded logics, see Chapter 19.
13 The Complexity of Translating Logic to
Finite Automata

Klaus Reinhardt

Wilhelm-Schickhard Institut für Informatik

Eberhard-Karls-Universität Tübingen

13.1 Introduction
The aim of this chapter is to show a non-elementary lower bound for the com-
plexity of translating logic to finite automata.
Here a function is elementary if it is O(hk (n)) for one of the k-fold exponential
functions hk with h0 (n) = n and hk+1 (n) = 2hk (n) .
The non-elementary lower bound is established directly by constructing a
sequence of formulas which describe counters of binary numbers whose length is
of non-elementary growth. This will show that the growth rate for corresponding
finite automata is also non-elementary.
The main motivation for this result is the question how efficiently the decid-
ability in Theorem 12.33 of Chapter 12 can be accomplished. The construction
of a finite automaton using Lemma 12.19 can lead to an exponentiation in each
step of recursion, where a negation forces to make the automaton deterministic
(nondeterminism is caused by existential quantifiers). The following Section 13.2
shows that this blowup cannot be avoided for monadic second-order logic over
finite words. This can be seen as an exercise for Section 13.3 which shows the
same even for first-order logic with < over finite words.
Furthermore, using the counters mentioned above, configurations of Turing
machines are admeasured in Section 13.4, showing that the satisfiability problem
(over word models) for first-order logic with < and also for monadic second-order
logic is complete for a non-elementary complexity class, which means that there
is no principally better method of proving decidability of WS1S (Theorem 12.33
of Chapter 12), or the satisfiability of first-order logic with < over words, than
by the standard construction of the corresponding automata.
The kind of construction used in this chapter appears in [122, 123] and [170]
in connection with picture languages and regular expressions.

13.2 Monadic Second-Order Logic

We use a method similar to the cyclically counting method in [122]. In the
following we recursively define a formula ϕA
n describing the language

Ln = 0∗ 10F (n)−1 10∗

with the following non-elementary function F :
F (1) = 1, F (n + 1) = F (n)2F (n)

E. Grädel et al. (Eds.): Automata, Logics, and Infinite Games, LNCS 2500, pp. 231-238, 2002.
 Springer-Verlag Berlin Heidelberg 2002
232 Klaus Reinhardt

This means that a word w ∈ {0, 1}∗ is in Ln iff ϕA n (w) is true, where A is

a predicate such that for a position x in the word A(x) is true iff wx = 1.
Obviously any automaton recognizing the language 0∗ 10F (n)−1 10∗ needs at least
F (n) states. (Otherwise a state would appear twice between the two 1’s and allow
pumping the number of 0’s between the two 1’s.)
The formula ϕn (A) is constructed recursively over n. Let us start the induc-
tive definition with

1 = ∃x(A(x) ∧ A(x + 1) ∧ ∀y(y = x ∨ y = x + 1 ∨ ¬A(y)))

ϕA
describing the language 0∗ 110∗ . The formula says that there are exactly 2 posi-
tions x and x + 1 having a 1.
For the recursion we use ϕA n to determine if two positions a and b have dis-
tance F (n). This distance is now the length of a counter that is inremented from
the binary number 0 . . . 0 to 1 . . . 1. The length is used to control the first and last
counter counter value by means of two formulas InitializeC and FinalizeC, and
the correct sequence of counter values is fixed by two formulas StartIncrement
and Carry, by locally checking all corresponding bit positions in neighbor values.
Recursively define

n+1 = ∃x∃y( A(x) ∧ A(y) ∧ ∀z z = x ∨ z = y ∨ ¬A(z)∧

ϕA
∃B∃C ∀a∀b( (∃A(ϕA n ∧ a < b ≤ y ∧ A(a) ∧ A(b)) →
(InitializeC ∧ StartIncrement ∧ Carry ∧ FinalizeC)))
Note that the syntax allows to reuse the variable A, which occurs twice under
the scope of the existential quantifier, outside of the set quantifier; this makes
it possible to define ϕAn using only a finite number of variable-symbols. Here
C contains blocks with consecutive counter representations and B marks the
beginning of each block. The recursive use of the predicate A makes sure that a
and b have exactly the distance of a block length. This means a complete counter
sequence is used to admeasure the length of only one counter for the next n.
InitializeC := (a = x) → (B(a) ∧ ¬C(a) ∧ ∀c(a < c < b → (¬C(c) ∧ ¬B(c)))
makes sure that the first block contains only zeros and exactly the beginning of
the block (least significant bit) is marked by B.
StartIncrement := (B(a) ∨ B(b)) → (B(b) ∧ ¬(C(a) ↔ C(b)))
makes sure that the first (least significant) bit in each block changes each time
and simultaneously takes care that B is continued which means that B also has
a 1 at the next beginning of a block.
Carry := ((C(a) ∧ ¬C(b)) ↔ (¬C(a + 1) ↔ C(b + 1))) ∨ B(a + 1)
makes sure that a 1 changes to a 0 exactly if in the corresponding bit in the
following block, the next bit (if it was not the last in the block) must change.
FinalizeC := (b = y) ↔ (B(a) ∧ ∀c(a ≤ c < b → C(c))
makes sure that the last block is the one containing only 1’s.
 13 The Complexity of Translating Logic to Finite Automata 233

Theorem 13.1. The formula ϕA n defined above has size O(n) and defines the
language {0∗ 10F (n)−1 10∗ }, for which a finite automaton must have at least F (n)
states.

Example:
The language 0∗ 102047 10∗ is described by ϕA
4 , where the existentially quantified
C contains all binary representations of numbers from 0 to 255 having length 8.
In the figure below, a gap is inserted between these blocks to support readability.
To check the correctness of C and the block-marks in B, the formula recursively
∗ 7 ∗
uses ϕA3 describing 0 10 10 , where the corresponding C contains all binary
representations of numbers from 0 to 3 having length 2. This recursively uses
∗ ∗
ϕA A
2 describing 0 1010 , the corresponding C containing 0 and 1 finally using ϕ1 .

A: 0...0 10000000 00000000 00000000... 00000000 00000000 10...

C: 00000000 10000000 01000000... 01111111 11111111 00...
B: 10000000 10000000 10000000... 10000000 10000000 10...
A: 0...0 10000000 10...
C: 00100111 00...
B: 10101010 10...
A: 0...0 1010...
C: 0100...
B: 1110...

Exercise 13.1. Which language is described by ϕA

5?

Exercise 13.2. Assume we would replace Carry by the condition

((C(a) ∨ C(a + 1)) ↔ C(b + 1)) ∨ B(a + 1);

which language would be described by ϕA

n now?

13.3 First-Order Logic with <

In the preceding section, we could concentrate on one level of recursion, since the
counters on lower levels where guessed and stored in a existentially quantified
predicate and thus hidden. Now, as in first-order logic we have only quantification
on singletons available, we need to have all necessary informations of all levels
to be present in the word. Therefore the counters have to work cyclically like
in [122, 123] and [170], and furthermore each bit of a counter is followed by a
counter on the next lower level containing the position of the bit. These counters
can be used to identify corresponding positions in counters.
We use the non-elementary function G defined by

G(1) = 2, G(n + 1) = 2G(n)

and the alphabets Σk = {$k , 0k , 1k } for k ≤ n, which allow us to represent

k−1
n
counters on each level. Let Σ<k = i=1 Σi and Σ>k = i=k+1 Σi , furthermore
234 Klaus Reinhardt

we use Σ>k (x) as abbreviation for the formula $k+1 (x) ∨ 0k+1 (x) ∨ ... ∨ 1n (x)
meaning that the symbol at position x is $k+1 or 0k+1 or ... or 1n .
The representations of the counters are defined inductively starting with
c1,0 := $1 01 , c1,1 := $1 11 , representing 0 and 1 on the first alphabet. Then for
example on the second alphabet c2,0 := $2 02 c1,0 02 c1,1 , c2,1 := $2 12 c1,0 02 c1,1 ,
c2,2 := $2 02 c1,0 12 c1,1 and c2,3 := $2 12 c1,0 12 c1,1 represent the numbers from 0
to 3. On the k-th alphabet ck+1,0 := $k+1 0k+1 ck,0 0k+1 ck,1 ...0k+1 ck,G(k)−1 repre-
sents 0 and in general we have

ck+1,i := $k+1 x0 ck,0 x1 ck,1 ...xG(k)−1 ck,G(k)−1 ,

where the number i with 0 ≤ i < G(k + 1) is encoded in binary as

xG(k)−1 xG(k)−2 ...x1 x0 = hk+1 (bin(i));

here hk+1 (0) = 0k+1 and hk+1 (1) = 1k+1 .

Now we inductively define formulas ϕk , which make sure that the counters
count cyclically until the k-th level. On the first level we define the formula ϕ1
∗ ∗ ∗
for the language (Σ>1 c1,0 Σ>1 c1,1 )+ Σ>1 as follows:

ϕ1 := ∃x($1 (x) ∧ 01 (x + 1) ∧ ∀y < x Σ>1 (y))∧

∀x(01 (x) → ∃y > x($1 (y) ∧ 11 (y + 1) ∧ ∀z(x < z < y → Σ>1 (z))))∧
∀x(11 (x) → ∃y > x($1 (y) ∧ 01 (y + 1) ∧ ∀z(x < z < y → Σ>1 (z)))∨
∀z > x Σ>1 (z)).

Recursively for k > 1 we define the formula ϕk for the language

∗ ∗ ∗ ∗
(Σ>k ck,0 Σ>k ck,1 ...Σ>k ck,G(k)−1 )+ Σ>k

as follows: First we use the formula ϕk−1 to describe the necessary condition,
that the word contains the counters on level k − 1 in correct order. Now we can
use these counters to identify corresponding positions in the counter on level k.
This allows to define the equality of two counters starting on positions x and
y by the identity of the digit before each sub-counter representation starting
on position x in the first counter with the digit before the equal sub-counter
representation starting on position y  in the second counter:

Equalk (x, y) :=
∀ x > x(($k−1 (x ) ∧ ¬∃u x < u < x ∧ $k (u)) →
∃y  > y( $k−1 (x ) ∧ Equalk−1 (x , y  ) ∧ ¬∃u y < u < y  ∧ $k (u)∧
(0k (x − 1) ↔ 0k (y  − 1)))).

Two counters are equal if the digit before equal sub-counter representations
are equal, because they are ordered by recursion, the induction starts with
Equal1 (x, y) := (01 (x + 1) ↔ 01 (y + 1)))).
Now we can define the neighbor relation Nextk (x, y) expressing that the
counter starting on position y contains the by one incremented number con-
tained in the counter starting on position x. We proceed as follows (see the
 13 The Complexity of Translating Logic to Finite Automata 235

formula presented below): The first (least significant) bit always changes (line
2). For every but the first sub-counter starting on position x (line 3) there is
a corresponding sub-counter starting on position y  , which represents the same
number and and which is in the second counter (line 4). The previous bits (fol-
lowed by sub-counters on the position x and y  in line 5 such that there is no
other sub-counter on position u described in line 6 or 7 between them) cause a
change of the bit iff it changes from 1k to 0k (and thus causes a carry described
in line 8).

(1) Nextk (x, y) :=

(2) (0k (x + 1) ↔ 1k (y + 1))∧
(3) ∀ x ((x + 2 < x < y ∧ $k−1 (x )) →
(4) ∃y  > y ($k−1 (y  ) ∧ Equalk−1 (x , y  ) ∧ ¬∃u y < u < y  ∧ $k (u)∧
(5) ∃ x < x , y  < y  ($k−1 (x ) ∧ $k−1 (y  )∧
(6) ¬∃u x < u < x ∧ $k−1 (u)∧
(7) ¬∃u y  < u < y  ∧ $k−1 (u)∧
(8) ((0k (x − 1) ↔ 1k (y  − 1)) ↔ (1k (x − 1) ∧ 0k (y  − 1)))))).

The formula

Initializek (x) := $k (x) ∧ ∃y > x($k (x) ∧ ¬∃z(x < z < y ∧ (1k (z) ∨ $k (z))))

makes sure that the counter starting on position x is zero.

We now present the desired formula ϕk : It uses recursion (line 1) to ensure
the correctness of the counters on level k − 1. The first counter has only zeros
(line 2). In every counter exactly the first sub-counter has only zeros (line 3); this
makes sure that each number is only once represented by a sub-counter which
makes the choice of y  in Equalk (x, y) and Nextk (x, y) unique. Every counter
starting on position x ends at some position y and either there is a following
counter starting on position z, which has the next binary number (line 4-6) or
it is the last counter consisting only of 1’s (line 7-8). Furthermore every digit of
the counter must be followed by a sub-counter (line 9):

(1) ϕk := ϕk−1 ∧
(2) ∃x(Initializek (x) ∧ ∀y < x Σ>k (y))∧
(3) ∀x($k (x) ↔ Initializek−1 (x + 2))∧
(4) ∀x($k (x) → (∃y > x( (∀u(x < u ≤ y → (Σ<k (u) ∨ 0k (u) ∨ 1k (u)))∧
(5) ∃z > y( $k (z) ∧ Nextk (x, z)∧
(6) ∀u(y < u < z → Σ>k (u))))∨
(7) (∀u(x < u ≤ y → (Σ<k (u) ∨ 1k (u)))∧
(8) ∀u > y Σ>k (u)))))∧
(9) ∀x((0k (x) ∨ 1k (x)) → $k−1 (x + 1)).

The length of the formula Equalk and thus also the formula Nextk grows
linear with k. Thus the length of ϕn is in O(n2 ). (If we count the representation
of a variable indexed by n as having length log n, we even have O(n2 log n). )
On the other hand a finite automaton recognizing the language described by ϕn
236 Klaus Reinhardt

needs at least one state for each of the G(n) counters. This means we have a
sequence of formulas ϕn , where the growth rate for the size of equivalent finite
automata is non-elementary.

Theorem 13.2. The formula ϕn defined above has size O(n2 log n) and defines
∗ ∗ ∗ ∗
the language (Σ>n cn,0 Σ>n cn,1 ...Σ>n cn,G(n)−1 )+ Σ>n , for which a finite automa-
ton must have at least G(n) states.

Exercise 13.3. Give a better lower bound for the number of states in Theorem
13.2.

13.4 Simulation of a Turing Machine by Logic

Definition 13.3. Let DTIME(f (n)) (resp. NTIME(f (n)), DSPACE(f (n)) or
NSPACE(f (n)) ) be the class of languages, which can be recognized by a deter-
ministic (resp. nondeterministic) Turing machine in time f (n) time (resp. space)
for inputs of length n (see [87]).

Remark 13.4. For G as defined above, we have

 
DTIME(G(cn)) = NSPACE(G(cn)),
c c

since even a single increment in the input size already allows an exponential
increase in time to simulate the NSPACE-machine.

Theorem 13.5. The
satisfiability problem for first-order logic with < over finite
words is complete for DSPACE(G(cn)) under polynomial time reductions.
c

Proof. For containment in the class see the proof of Lemma 12.21 (and the
following Remark 12.22) in Chapter 12, where the given formula is translated to
a finite automaton. The worst case for one step of recursion in this translation is
an exponential blowup, which occurs when the automaton is made deterministic
in order to translate negation by recognizing the complement.
To show hardness, we use the following reduction: Let L be recognized by
a deterministic one-tape Turing machine M = (Σ, Q, δ, b, q0, qf ) using G(cn)
space, with the blank symbol b ∈ Σ. A word w = w1 w2 · · · wn is accepted by
M if there is a sequence w = $C0 $C1 $ · · · $Cf of configurations over Σ ∪ (Σ ×
Q) ∪ {$} with the initial configuration C0 = (w1 , q0 )w2 w3 · · · wn b · · · b, a final
configuration Cf starting with (b, qf ) (w.l.o.g M moves to the beginning, when
it accepts,), |$Ci | = g(m) with m := cn for i ≤ f and Ci ⇒M Ci+1 for i < f .
Since the k-th symbol in $Ci+1 depends only on the k − 1-th, k-th, and k + 1-
th symbol, we can construct a first-order formula ϕδ (x, y, z, y  ), which is true
iff the symbol ∈ Σ ∪ (Σ × Q) ∪ {$} at position y  is the correct consequence
of (x, y, z) in the previous configuration (respecting the separation marker $).
Here y  corresponds to position y in the previous configuration. For example if
(q, a)(x) and d(y) and δ(q, a) = (q  , e, R), which means that the machine is in
 13 The Complexity of Translating Logic to Finite Automata 237

state q on the symbol a and the consequence is that it enters state q  , writes a e
and goes right, then ϕδ (x, y, z, y  ) is true iff (q  , d)(y  ), which means that in the
following configuration the machine is in state q  on symbol d. Or if (q, a)(y) and
δ(q, a) = (q  , e, R), then ϕδ (x, y, z, y  ) is true iff e(y  ), which means that in the
following configuration there is the e, which was written by the machine (but
the machine has moved away). Since δ is finite, ϕδ is a finite formula as well.
Now we extend the construction in the previous
m+1 section in the following way:
Let Σm+1 := Σ ∪ (Σ × Q) ∪ {$} and Σ>k = i=k+1 Σi . Instead of describing

w = $w2 w3 · · · wg(m)

 
$ · · · wt·G(m) ,

which would not enable the identification of corresponding positions, we describe

w = $cm,0 w2 cm,1 w3 cm,2 · · · wG(m)

 
cm,G(m)−1 $cm,0 · · · wt·G(m) cm,G(m)−1 ,

where each symbol is followed by a counter containing its position. We use the
following formula:
(1) ϕM(w) := ϕm ∧ $(1) ∧ InitializeCw ∧
(2) ∀x($(x) ↔ Initializem (x + 1))∧
(3) ∀x(Σm+1 (x) ↔ $m (x + 1))∧
(4) ∀x, y, z( (Σm+1 (x) ∧ Σm+1 (y) ∧ Σm+1 (z)∧
(5) ¬∃u(x < u < z ∧ u = y ∧ (Σm+1 (u)) →
(6) (∃y  > z( Equalm (y + 1, y  + 1) ∧ ϕδ (x, y, z, y  )∧
(7) ¬∃u(z < u < y  ∧ Equalm (y + 1, u)))∨
(8) (¬∃y > z(Equalm (y + 1, y  + 1))∧


(9) ($(y) → (b, qf )(z)))),

Here line 2 says that the separation marker $ is exactly at those positions which
are followed by the counter representation cm,0 . Line 3 says that each symbol of
the configuration in followed by a counter, line 4 says that for all triples x, y, z
of symbols of a configuration, which are (line 5) subsequent in the configuration,
which means there are only symbols of the counter in-between, there is (line
6) a position y  followed by the same counter as y with the symbol, which is
determined by δ. Line 7 makes sure that it is indeed the following configuration.
The alternative of line 8 is that there is no following configuration and (line 9)
the current configuration is a final configuration Cf . Line 1 makes sure that the
counters work in the correct way according to the previous section and the first
configuration is $C0 , which is expressed by
InitializeCw := ∃ x1 < x2 < ... < xn < y
( (w1 , q0 )(x1 ) ∧ w2 (x2 ) ∧ w3 (x3 ) ∧ ...wn (xn ) ∧ $(y)∧
∀u < y(∃i u = xi ∨ Σ≤m (u) ∨ (b(u) ∧ xn < u)))

where line 1 and 2 define the positions occupied by the input symbols and
line 3 says that all other symbols are either symbols of the counter or blank
symbols filling the tape after the input w (this excludes the $). Thus the size
of InitializeCw is linear. According to the previous section, the formula ϕm and
238 Klaus Reinhardt

thus also ϕM(w) has a size of O(m2 log m) = O(n2 log n) and can on input w be
written in polynomial time. The machine M accepts w iff ϕM(w) is satisfiable.
2
Corollary 13.6. Satisfiability of first-order formulas with < over finite words
is in no elementary space-bounded complexity class.

A word w = w0 . . . wm−1 over the alphabet Σ = {a1 , . . . , an } can be coded

by a partition of the initial segment {0, . . . , m−1} of the natural numbers into n
sets (where the k-th set contains all i with wi = ak ). Satisfiability of a first-order
formula ϕ over finite words can thus be expressed by an WMSO-sentence over
the set of natural numbers (applying existential quantification to the monadic
letter predicates occurring in ϕ, adding a clause which says that these sets form
a partition of an initial segment of ω). Thus we can conclude the following:

Corollary 13.7. The theory WS1S, i.e., the set of WMSO-sentences

which are
true in the the structure (ω, +1, <), is complete for the class DSPACE(G(cn))
c
under polynomial time reduction, and thus is contained in no elementary space-
bounded complexity class.



Exercise 13.4. Schow that DSPACE(G(cn)) = DSPACE(F (cn)) (for F de-
c c
fined in Section 13.2).
14 Expressive Power of Monadic Second-Order
Logic and Modal µ-Calculus

Philipp Rohde

Lehrstuhl für Informatik VII

RWTH Aachen

14.1 Introduction

We consider monadic second order logic (MSO) and the modal µ-calculus (Lµ )
over transition systems (Kripke structures). It is well known that every class
of transition systems which is definable by a sentence of Lµ is definable by a
sentence of MSO as well. It will be shown that the converse is also true for an
important fragment of MSO: every class of transition systems which is MSO-
definable and which is closed under bisimulation – i.e., the sentence does not
distinguish between bisimilar models – is also Lµ -definable. Hence we obtain the
following expressive completeness result: the bisimulation invariant fragment of
MSO and Lµ are equivalent. The result was proved by David Janin and Igor
Walukiewicz. Our presentation is based on their article [91]. The main step is the
development of automata-based characterizations of Lµ over arbitrary transition
systems and of MSO over transition trees (see also Chapter 16). It turns out that
there is a general notion of automaton subsuming both characterizations, so we
obtain a common ground to compare these two logics. Moreover we need the
notion of the ω-unravelling for a transition system, on the one hand to obtain
a bisimilar transition tree and on the other hand to increase the possibilities of
choosing successors.
We start with a section introducing the notions of transition systems and
transition trees, bisimulations and the ω-unravelling. In Section 14.3 we repeat
the definitions of MSO and Lµ . In Section 14.4 we develop a general notion of
automaton and acceptance conditions in terms of games to obtain the charac-
terizations of the two logics. In the last section we will prove the main result
mentioned above.

14.2 Preliminary Definitions

Let Prop = {p, p
, . . . } ∪ {⊥, } be a set of unary predicate symbols (proposi-

tional letters) and Rel = {r, r
, . . . } a set of binary predicate symbols (letters for
relations). We consider a signature containing only symbols from Prop and Rel.
Let Var = {X, Y, . . . } be a countable set of variables.

Definition 14.1. Let S M be a non-empty set of states and srM an element of

S M . For each r ∈ Rel let rM a binary relation on S M and for each p ∈ Prop

E. Grädel et al. (Eds.): Automata, Logics, and Infinite Games, LNCS 2500, pp. 239-257, 2002.
 Springer-Verlag Berlin Heidelberg 2002
240 Philipp Rohde

let pM ⊆ S M a subset of S M . A transition system M with source sr M–

transition system for short – is the tuple

M M 
S , sr , { rM | r ∈ Rel }, { pM | p ∈ Prop } .
For every r ∈ Rel and state s ∈ S M let
sccM

r (s) := { s ∈ S
M
| (s, s
) ∈ rM }
be the set of r-successors of s.
A transition system M is called a transition tree if for every state s ∈ S M
there is a unique path to the root of the tree (alias the source of the system),
i.e., a unique finite sequence s0 , . . . , sn in S M such that s0 = srM , sn = s and
for every i ∈ {0, . . . , n − 1} we have si+1 ∈ sccMri (si ) for exactly one ri ∈ Rel.

Definition 14.2. Two transition systems M and N are bisimilar – denoted

by M ∼ N – if there is a bisimulation relation R ⊆ S M × S N such that for
every (s, t) ∈ R, p ∈ Prop and r ∈ Rel:


• srM , srN ∈ R,
• s satisfies p in M iff t satisfies p in N , i.e., s ∈ pM ⇐⇒ t ∈ pN holds,
• “Zig”: for every r-successor s
of s in M there exists a r-successor t
of t in
N such that (s
, t
) ∈ R,
• “Zag”: for every r-successor t
of t in N there exists a r-successor s
of s in
M such that (s
, t
) ∈ R.
Bisimulations are also known as zigzagrelations. For an example of a bisimulation
see Fig. 14.1.

R
• •

r0M r1M r0N r1N

r0M r1N

• • • • • •

Fig. 14.1. Two bisimilar transition systems M and N .

Let C be a class of transition systems. We say C is bisimulation closed if

for all transition systems M and N the following holds:
M ∈ C ∧ N ∼ M =⇒ N ∈ C.
 14 Expressive Power of MSO and Lµ 241

Exercise 14.1. Show that ∼ is an equivalence relation on the class of all transition
systems.

Definition 14.3. Let M be a transition system and s ∈ S M . An ω-path to s

is a finite sequence

s0 (a1 , r1 , s1 )(a2 , r2 , s2 ) . . . (an , rn , sn ),

where s0 = srM , sn = s, ai ∈ ω and each si+1 is a ri -successor of si , i.e.,

si+1 ∈ sccM 
ri (si ) holds for every i ∈ {0, . . . , n − 1}. The ω-unravelling M of
M is the transition system defined as follows:
c
• S M is the set of the ω-paths to the elements of S M ,
c
• the sources are identical: srM = srM ,
c c
• for u, v ∈ S M and r ∈ Rel we set (u, v) ∈ rM iff v is a one-term extension
of u, i.e., there are a ∈ ω and s ∈ S M such that v = u(a, r, s),
c c c
• for v ∈ S M and p ∈ Prop we set v ∈ pM iff either v = srM and srM ∈ pM
c
or v = u(a, r, s) for some u ∈ S M , a ∈ ω, r ∈ Rel such that s ∈ pM .

For an example of an ω-unravelling see Fig. 14.2.

Exercise 14.2. Let M be a transition system. Show that:

(1) The ω-unravelling M is always unique and a transition tree,


(2) M and M are bisimilar.
c
Hint: Consider the following relation R ⊆ S M × S M :

(s, t) ∈ R :⇐⇒ t is an ω-path to s.

The main property of the ω-unravelling for our purpose is, that we always
have enough possibilities to choose a different r-successor for finitely many r-
 In other words: Let t be an r-successor of s in
successors of an element in M.
M and let u be an ω-path to s. Then there are infinitely many r-successors of
 which are bisimilar to t.
u in M

Definition 14.4. Let M and N be two transition systems. M is an extension

of N – denoted by M  N – if there is a partial function h : S M → S N such
that for every s ∈ S M , r ∈ Rel and p ∈ Prop:


• the source in M is mapped to the source in N : h srM = srN ,
• s satisfies p in M iff h(s) satisfies p in N : s ∈ pM ⇐⇒ h(s) ∈ pN ,
• s
is a r-successor
 of s in M if and only if h(s
) is a r-successor of h(s) in
N : h sccM r (s) = scc N
r (h(s)).

Exercise 14.3. Show that if M is an extension of N then M is bisimilar to N ,

so the notion of bisimulation is more general than the notion of extension.
242 Philipp Rohde

M
r1
s1

M s0 M
r3 M
r4

M
r2 M
s2 r0

•···
5
• 0 •
5 3
•···

Mc •

• 9 •···
2 1
• •···
9
5 •
0
•···

Fig. 14.2. A transition system M with source s0 = srM and a part of its ω-unravelling
c
M (we suppressed the labelling of the nodes). Notice that in fact every node has
infinitely many sons.

In fact we have:

Theorem 14.5 (Castellani 1987). Two transition systems M1 and M2 are

bisimilar iff there is a transition system N such that M1  N and M2  N .

The proof can be found in [27]. Notice that one direction is the statement of
the last exercise. N can be seen as quotient of M1 and M2 under bisimulation
relation, i.e., the minimal representative of the equivalence class [M1 ]∼ .
In the countable case we obtain:

Exercise 14.4. Let M and N be transition systems such that S M and S N are
countable. Show that:

• M is an extension of M,
 and N
• If M and N are bisimilar then M  are isomorphic.
 14 Expressive Power of MSO and Lµ 243

14.3 Monadic Second Order Logic and the Modal

µ-Calculus

These two logics will be interpreted over transition systems. There are several
ways to define MSO over transition systems, for example by using two types
of variables (first-order and second-order variables) or by introducing a new
predicate sing(X) for singleton sets. We use the following definition:

Definition 14.6. The signature of monadic second order logic (MSO) over
transition systems contains unary predicate symbols from Prop, binary predicate
symbols from Rel, the constant symbol sr and variables from Var. Formulae of
MSO are defined inductively by the following grammar. Let p ∈ Prop, r ∈ Rel
and X, Y ∈ Var:

• sr(X),
• p(X),
• r(X, Y ),
• X ⊆Y,
• ¬ϕ for any formula ϕ,
• ϕ ∨ ψ for any formulae ϕ and ψ,
• ∃X.ϕ(X) for any formula ϕ.

Other connectives, such as the conjunction ∧, the implication =⇒ and the

universal quantification ∀ are defined as abbreviations within this logic as usual.
Furthermore we define the equality by X = Y iff X ⊆ Y ∧ Y ⊆ X. A sentence
is a formula without free variables. A formula resp. sentence of MSO is called a
MSO-formula resp. MSO-sentence.
Note that ’monadic’ refers to the fact that the only second-order quantifi-
cation that is allowed is over monadic, i.e., unary predicates. Binary predicate
symbols may occur in MSO-formulae, but only the unary ones may be quantified
over.
For a given transition system M and an assignment β : Var → P
M
S the
satisfaction relation |= is defined inductively by:

(M, β) |= sr(X) iff β(X) = {srM },

(M, β) |= p(X) iff β(X) ⊆ pM ,
(M, β) |= r(X, Y ) iff there are s, t ∈ S M such that β(X) = {s},
β(Y ) = {t} and (s, t) ∈ rM ,
(M, β) |= X ⊆ Y iff β(X) ⊆ β(Y ),
(M, β) |= ϕ ∨ ψ iff (M, β) |= ϕ or (M, β) |= ψ,
(M, β) |= ¬ϕ iff not (M, β) |= ϕ,
(M, β) |= ∃X.ϕ(X) iff there is a T ⊆ S M such that
(M, β[X := T ]) |= ϕ(X),
244 Philipp Rohde

where β[X := T ] denotes the assignment such that β[X := T ](X) = T and
β[X := T ](Y ) = β(Y ) for Y = X.
For a MSO-sentence ϕ we write M |= ϕ if (M, β) |= ϕ is true for an arbitrary
assignment. A MSO-sentence ϕ defines a class of transition systems by

C MSO (ϕ) := { M | M is a transition system and M |= ϕ }.

Let C be a class of transition systems. C is MSO-definable if there is a MSO-

sentence ϕ defining the class, i.e., C = C MSO (ϕ) holds.
Remark 14.7. Not all MSO-definable classes of transition systems are bisimula-
tion closed. Consider for example the MSO-sentence



ϕ := ∃X∃Y. sr(X) ∧ r(X, Y ) ∧ ∀Z. r(X, Z) =⇒ Y = Z .

The sentence ϕ states that there is exactly one r-successor of the source. The class
C MSO (ϕ) cannot be bisimulation closed because a bisimulation relation cannot
fix any number of r-successors, i.e., if there is a r-successor in one transition
system then there is one in all bisimilar systems, but there could be arbitrary
many.
In the following we repeat the definition of the µ-calculus (cf. Chapter 10).
Definition 14.8. The signature of the modal µ-calculus L over transition
systems contains only unary predicate symbols from Prop, binary predicate sym-
bols from Rel and variables from Var. Formulae are defined inductively by the
following grammar. Let p ∈ Prop, r ∈ Rel and X ∈ Var:
• X,
• p,
• ¬ϕ for any formula ϕ,
• ϕ ∨ ψ for any formulae ϕ and ψ,
• rϕ for any formula ϕ,
• µX.ϕ(X) for any formula ϕ(X) where X occurs only positively, i.e., under
an even number of negations.

The dual of the modality r is denoted by [r] and defined by [r]ϕ := ¬r¬ϕ.

P
A formula resp. sentence of Lµ is called a Lµ -formula resp. Lµ
-sentence.
 For a
given transition system M and an assignment β : Var → S M we define
inductively the set ϕM
β in which the Lµ -formula ϕ is true:

XM
β := β(X),

pM M
β := p ,

¬ϕM
β := S
M
− ϕM
β ,

ϕ ∨ ψM M M
β := ϕβ ∪ ψβ ,
 
M 

rϕM
β := s ∈ S sccM M
r (s) ∩ ϕβ = ∅ ,

 
µX.ϕ(X)Mβ := T ⊆ S M  ϕ(X)M β[X:=T ] ⊆ T .
 14 Expressive Power of MSO and Lµ 245

Notice that we already used the Knaster-Tarski Theorem in the definition of

µX.ϕ(X) (cf. Theorem 20.4 in Chapter 20): due to the restriction that X may
only occur positively in ϕ(X), the operation T → ϕ(X)M β[X:=T ] is monotone
with respect to subset inclusion and the (existing) least fixed point of this map
is exactly µX.ϕ(X)M β . Monotone maps also have greatest fixed points. This
is denoted by νX.ϕ(X) and defined as ¬µX.¬ϕ[X := ¬X].
For a Lµ -sentence ϕ we write (M, s) |= ϕ if s ∈ ϕM
β holds for an arbitrary
assignment. A Lµ -sentence ϕ defines a class C (ϕ) of transition systems by
Lµ

 

C Lµ (ϕ) := M  M is a transition system and M, srM |= ϕ .

Let C be a class of transition systems. C is L -definable if there is a Lµ -sentence

ϕ defining the class, i.e., C = C Lµ (ϕ) holds.

As opposed to the situation of MSO we have:

Proposition 14.9. Every Lµ -definable class is bisimulation closed.

Proof. Let M and N be two transition systems and let R be a bisimulation

relation between M and N . It is easy to see that for any Lµ -sentence ϕ and for
all s ∈ S M , t ∈ S N with (s, t) ∈ R the following holds:

s ∈ ϕM N
β ⇐⇒ t ∈ ϕβ ∗ ,

where β ∗
is an assignment

 for N derived from the assignment β for M. Because
we have srM , srN ∈ R it follows:



M, srM |= ϕ ∧ N ∼ M =⇒ N , srN |= ϕ.

Hence C Lµ (ϕ) is bisimulation closed. 

Remark 14.10. We consider only definability by sentences. For MSO it makes no
difference because the quantification is available. But in the case of the µ-calculus
it is a proper restriction. To show this we define for an arbitrary Lµ -formula ϕ:
 
M  M is a transition system and
L
C∗ µ (ϕ) :=

srM ∈ ϕM
β for all assignments β .

A class C of transition systems is called L -formula-definable if there is a Lµ -

formula ϕ defining the class. There are Lµ -formula-definable classes which are
not closed under bisimulation. Consider for example the following Lµ -formula
where r ∈ Rel:

ϕ := ¬(rX ∧ r¬X).
L
Let C := C∗ µ (ϕ). For a transition system M and an arbitrary assignment β
we have srM ∈ ϕM β iff either the set β(X) or the complement of β(X) does
not contain any r-successor of srM , i.e., for all M in C we have that either
246 Philipp Rohde

M
M
sccM
r sr ∩ β(X) is empty or sccM r sr is a subset of β(X) for every as-
signment β(X). In particular we obtain for the special case β(X)
M:= {s} with
s ∈ S M that there is at most one s ∈ S M such that s ∈ sccM r sr for every
M ∈ C. But there are transition systems without this property although they
are bisimilar to M, so C is not bisimulation closed (cf. Remark 14.7).

One direction of the expressive completeness result is the following:

Proposition 14.11. Every Lµ -definable class is MSO-definable as well.

Proof. For every Lµ -formula ϕ there is a MSO-formula ϕ∗ (X) where the variable
X does not occur in ϕ and such that for every transition system M and every
assignment β with β(X) = {s} for some s ∈ S M :

(M, β) |= ϕ∗ (X) ⇐⇒ s ∈ ϕM

β .

For that we define recursively:

• For ϕ = Y let ϕ∗ (X) := X
⊆ Y , 

• For ϕ = p let ϕ∗ (X) := ∃Y. p(Y ) ∧ X ⊆ Y ,
• For ϕ = ¬ψ let ϕ∗ (X) := ¬ψ ∗ (X),
• For ϕ = ψ ∨ χ let ϕ∗ (X) := ψ ∗
(X) ∨ χ∗ (X), 
• For ϕ = rψ let ϕ∗ (X) := ∃Y. r(X, Y ) ∧ ψ ∗ (Y ) where Y does not occur in
ψ,
• For ϕ = µY.ψ(Y ) let ϕ∗ (X) be a pure second order version of the statement


∀Y. ∀z(z ∈ ψ ∗ (Y ) −→ z ∈ Y ) −→ X ⊆ Y ,

where z is an additional first order variable.

It is easy to check that ϕ∗ satisfies the property above. We obtain for any as-
signment β:


M, srM |= ϕ ⇐⇒ srM ∈ ϕM β


⇐⇒ M, β[X := {srM }] |= ϕ∗ (X)


⇐⇒ (M, β) |= ∃X. sr(X) ∧ ϕ∗ (X) .


For an arbitrary Lµ -sentence ϕ the formula ϕ̃ := ∃X. sr(X) ∧ ϕ∗ (X) is a MSO-
sentence. Hence it follows C Lµ (ϕ) = C MSO (ϕ̃). 

14.4 µ-Automata and µ-Games

Definition 14.12. Let U = {p1 , . . . , pn } be a finite set of propositional letters

and Sent(U) a set of sentences of the first order logic (possibly with equality
predicate) over the signature consisting of the unary predicates {p1 , . . . , pn }. A
marking of a set T is a function m : U → (T ).P
 14 Expressive Power of MSO and Lµ 247

In the sequel we consider structures of the form (T, { m(p) | p ∈ U }), i.e., a
structure with carrier T where each predicate p ∈ U is interpreted as m(p). If a
sentence ϕ ∈ Sent(U) is satisfied in this structure we write as usual

(T, { m(p) | p ∈ U }) |= ϕ.

In our situation we fix a transition system M. Let Q be a finite set of states

(distinct from the ones of S M ) and let ΣR ⊆ Rel be a finite set of letters for
relations. Then we let U := ΣR × Q. So each predicate p ∈ U is of the form
p = (r, q) for r ∈ ΣR and q ∈ Q. We fix a state s ∈ S M and consider the set T
of the r-successors of s for all r ∈ ΣR .
Example 14.13. Let Q := {q1 , q2 } and ΣR := {r}. Let s ∈ S M and let m(r, q1 )
and m(r, q2 ) be sets of r-successors of s. In the structure N with carrier sccM r (s)
the predicate p1 will be interpreted as
 m(r, q 1 ) and p as
2  m(r, q 2 ). We
 consider
the first order formula ϕ := ∃x1 , x2 . i=1,2 pi (xi ) ∧ ∀y. i=1,2 pi (y) . Then we
have:

N |= ϕ ⇐⇒ m(r, q1 ) = ∅ ∧ m(r, q2 ) = ∅ ∧ m(r, q1 ) ∪ m(r, q2 ) = sccM

r (s).

So ϕ is true in N iff m(r, q1 ) and m(r, q2 ) forms a partition of the set of r-

successors of s into two non-empty (but not necessarily disjunct) sets.
We are now ready to define the notion of µ-automata:
Definition 14.14. Let Q be a finite set of states and qI ∈ Q an initial state.
Let ΣP ⊆ Prop be a finite set of unary predicate

 symbols, ΣR ⊆ Rel a finite set
of binary predicate symbols and δ : Q × P
ΣP → Sent(ΣR × Q) a transition
function. Finally let Ω : Q → ω be a parity function defining the acceptance
condition. Then we call the tuple

(Q, ΣP , ΣR , qI , δ, Ω)

an µ-automaton A.
In fact this is the definition of an alternating parity automaton. Observe
that the µ-automaton has two alphabets ΣP and ΣR , the first is for checking
properties of states and the second is for checking the labels of taken transitions.
We will define the acceptance of arbitrary transition systems by the µ-
automaton in terms of games. But we introduce first some abbreviations: for
a given transition system M and a state s ∈ S M let
   
LM (s) := p ∈ ΣP  (M, s) |= p = p ∈ Prop  s ∈ pM ∩ ΣP

be the set of all propositional letters p in ΣP such that s satisfies p in M and

SCCM (s) := sccMr (s)
r∈ΣR

the set of all r-successors of s for r ∈ ΣR .

248 Philipp Rohde

Definition 14.15. Let M be a transition system and let A be a µ-automaton.

We consider the following µ-game G(M, A):

(s0 , q0 ) m1 (s1 , q1 ) m2 (s2 , q2 ) ···


The initial position is (s0 , q0 ) = srM , qI . If the current position is (si , qi )
then Player 0 is to move. Player
0 chooses a marking mi+1 of SCCM (si ) – i.e.,
a function mi+1 : ΣR × Q → P SCCM (si ) – such that:

• for every r ∈ ΣR and every q ∈ Q the elements of mi+1 (r, q) are r-successors
of si ,

• the structure N := SCC
M (si ), { mi+1  (r, q) | r ∈ ΣR , q ∈ Q } is a model of
the first order sentence δ qi , LM (si ) :


N |= δ qi , LM (si ) .

If the current position is a marking mi then Player 1 is to move and he chooses

ri ∈ ΣR , qi ∈ Q and a state si ∈ mi (ri , qi ). The pair (si , qi ) becomes the next
position.
The criterion for winning the µ-game is as follows: one player wins if the other
cannot make a move. Otherwise the play is infinite and we obtain the sequence

M 
sr , qI , m1 , (s1 , q1 ), m2 , . . .

Let π = qI q1 q2 . . . be the sequence of played states. Because of the finiteness of

Q and the pigeonhole principle there is a j ∈ ω such that j appears infinitely
often in the sequence Ω(qI ), Ω(q1 ), . . . Let min Inf(Ω(π)) be the smallest number
with this property. Then Player 0 wins the µ-game iff min Inf(Ω(π)) is even. So
G(M, A) is in fact a sort of a parity game.
The transition system M is accepted by the µ-automaton A if there is
a winning strategy f0 for Player 0 in the µ-game G(M, A). The class

L(A) := { M | M is a transition system accepted by A }

is called the language recognized by A.

We define for every n ∈ ω the formula diff of first order logic as follows:

diff(x1 , . . . , xn ) :=  xj .
xi =
1≤i<j≤n

The formula “diff” states that the values of x1 , . . . , xn are pairwise different.
The main tool for our purpose is the following correspondence of µ-automata
and formulae of Lµ and MSO respectively which was proved by Janin and
Walukiewicz.
 14 Expressive Power of MSO and Lµ 249

Theorem 14.16.
(1) A class C of transition systems is L -definable iff C = L(A) for a µ-
automaton A = (Q, ΣP , ΣR , qI , δ, Ω) such that Sent(ΣR × Q) contains only
disjunctions of sentences of the form:

  
∃x1 , . . . , xm . pki (xi ) ∧ ∀y. pki (y) ,
1≤i≤m 1≤i≤m

where pki ∈ ΣR × Q for i ∈ {1, . . . , m};

(2) A class C of transition systems is L -formula-definable iff C = L(A)
for a µ-automaton A (Q, ΣP , ΣR , qI , δ, Ω) such that Sent(ΣR × Q) contains
only disjunctions of formulae of the form:

 
∃x1 , . . . , xm . pki (xi ) ∧ ∀y.χ(y) ,
1≤i≤m

where pki ∈ ΣR × Q for i ∈ {1, . . . , m} and χ(y) is a disjunction of conjunc-

tions of formulae of the form p(y) for p ∈ ΣR × Q;
(3) A class C of transition trees is MSO-definable iff C = L(A) for a µ-
automaton A (Q, ΣP , ΣR , qI , δ, Ω) such that Sent(ΣR × Q) contains only dis-
junctions of formulae of the form:


∃x1 , . . . , xm . pki (xi ) ∧ diff(x1 , . . . , xm ) ∧
1≤i≤m


∀y. diff(y, x1 , . . . , xm ) −→ χ(y) ,

where pki ∈ ΣR × Q for i ∈ {1, . . . , m} and χ(y) is a disjunction of conjunc-

tions of formulae of the form p(y) for p ∈ ΣR × Q.

 i.e., the set Sent(ΣR × Q)

In all three cases empty disjunctions are allowed,
may contain the sentence ϕ = ⊥ (since we have ∅ = ⊥).
In fact it can be shown that, if the µ-automaton A has the alphabets ΣP
and ΣR then the corresponding formula which defines the class C is also in
this language, i.e., only unary and binary predicate symbols of ΣP and ΣR
respectively occur in the formula. The converse also holds: if C is defined by a
formula ϕ such that the set of unary predicate symbols in ϕ is ΣP and its set
of binary predicate symbols is ΣR then the corresponding µ-automata may be
assumed to have the same alphabets ΣP and ΣR .
Item (1) is a reformulation of a result in [90] and the proof of item (2) can
be found in [89]. For item (3) see Lemma 16.23 in Chapter 16.
Since most readers will not be familiar with µ-automata and the games played
on them and since their transition function is unusual we will give an example
here.

Example 14.17. We consider the Lµ -formula ϕ := r∗ p which is equivalent to

µX.(p ∨ rX). So we have (M, s) |= ϕ iff there is a (possibly empty) r-path
250 Philipp Rohde

starting from s to a state in M where p holds. Let ΣP := {p}, ΣR := {r} and

Q := {q1 , q2 }. We define the µ-automaton

A := (Q, ΣP , ΣR , q1 , δ, Ω) ,

where the parity function is defined as Ω(q1 ) = 1, Ω(q2 ) = 0 and the transition
function as

  
∃x1 , x2 . i=1,2 pi (xi ) ∧ ∀y. i=1,2 pi (y) if q = q1 and P = ∅,
δ(q, P ) :=

∀y.⊥ ∨ ∃x. p2 (x) ∧ ∀y.p2 (y) otherwise.
 
Notice that since we have ∅ =  and ∅ = ⊥ the sentence

  
∃x1 , . . . , xk . pi (xi ) ∧ ∀y. pi (y) (14.1)
1≤i≤k 1≤i≤k

is equivalent to ∀y.⊥ for k = 0. Hence the formulae δ(q, P ) are disjunctions of

sentences of the form (14.1) and therefore as stated in Theorem 14.16(1).
Let M be an arbitrary transition system. We consider the µ-game G :=
G(M, A). Notice that the game always starts with the position (srM , q1 ). If the
M
current position in G is (s, qj )
for j = 1,
 2 and s ∈ S then a move of Player 0 is
a marking m : ΣR × Q → P M
sccr (s) . This move is legal if the structure with
carrier sccM M
r (s) is a model of the formula δ(qj , L (s)), where the predicate pi
is interpreted as the set m(r, qi ) for i = 1, 2.
Claim. Assume that the current position in G is (s, q2 ). Then Player 0 has a
strategy to win.
Proof (of Claim). Player 0 plays the marking m defined as m(r, q1 ) = ∅ and
m(r, q2 ) = sccMr (s). We have to check that m is indeed a legal move and that
this move leads Player 0 toward winning the game.
Case 1. There is no r-successor of s in M. Then the structure with carrier ∅ is
a model of ∀y.⊥, hence the move is legal. Since both m(r, q1 ) and m(r, q2 ) are
empty Player 1 cannot respond with any position and looses the game.
Case 2. The set sccM r (s) is non-empty. Since p2 is interpreted as m(r, q2 ) =
sccM
r (s) we have

M 

sccr (s), {m(r, q1 ), m(r, q2 )} |= ∃x. p2 (x) ∧ ∀y.p2 (y) ,

so the move is legal as well. Since m(r, q1 ) is empty Player 1 can only respond
with a position (t, q2 ) where t is a r-successor of s. To this position we can
apply the same strategy again. If the resulting play is infinite then only q2 is
encountered infinitely often. So we have min Inf(Ω(π)) = 0 and therefore Player
0 wins the game. (Claim)
Now we prove that C Lµ (ϕ) = L(A).

(⊆) Let M be a transition system with M, srM |= ϕ, i.e., there is a se-
quence s0 = srM , s1 , . . . , sn with si+1 ∈ sccM
r (si ) for i < n such that (M, sn ) |=
p. We may assume that (M, si ) |= p for i < n.
 14 Expressive Power of MSO and Lµ 251

If the current position is (si , q1 ) with i < n then Player 0 plays the mark-
ing mi+1 defined by mi+1 (r, q1 ) = {si+1 } and mi+1 (r, q2 ) = sccM r (si ). Since
LM (si ) = ∅ we have

M 
sccr (si ), {mi+1 (r, q1 ), mi+1 (r, q2 )} |= δ(q1 , ∅),
so the move is legal. Then Player 1 must respond with the position (si+1 , q1 ),
since otherwise he would loose the game by the claim above.
So eventually the position (sn , q1 ) is reached. Player 0 then plays the marking
with mn+1 (r, q1 ) = ∅ and mn+1 (r, q2 ) = sccM M
r (sn ). Now we have L (sn ) = {p}
and the move is legal by

M 
sccr (sn ), {mn+1 (r, q2 ), mn+1 (r, q1 )} |= δ(q1 , {p}).
If Player 1 can make a move at all he can only respond with the position (t, q2 )
for an r-successor t of sn , so by the claim above he looses the game. This means
that the strategy for Player 0 presented above is a winning strategy in the game
G(M, A) and therefore we obtain M ∈ L(A).

(⊇) Let M be a transition system with M, srM |= ϕ. Let (s, q1 ) be the
current position in the game G. Since we have ΣR = {r} the states si of any
prefix of a play in G form an r-path of M starting in srM . By the assumption we
have (M, s) |= p and therefore LM (s) = ∅. Player 0 has to satisfy δ(q1 , ∅) in the
structure with carrier sccM r (s), so he must play two non-empty subsets m(r, q1 )
and m(r, q2 ) of sccM
r (s) such that the union is the whole set (cf. Example 14.13).
Otherwise he would loose the game. If he can make a move at all then let
t ∈ m(r, q1 ) be an r-successor of s. Player 1 responds with the position (t, q1 ).
By the assumption we have (M, t) |= p as well, so we can apply the same
strategy again. With this strategy either Player 0 cannot make a move or an
infinite game is played, where only q1 is encountered infinitely often. Because
Ω(q1 ) is odd Player 1 wins the game. So we obtain a winning strategy for Player
1 and therefore we have M ∈ L(A).

14.5 Expressive Completeness

Theorem 14.16 suggest a strong connection between monadic second order logic
and the modal µ-calculus. But the basic sentences of MSO are more expressive.
We are for example able to compare the number of r-successors of a state s
with some constant by the use of the existential quantification together with
the formula “diff(x)”. On the other hand we conjecture that the equivalent
µ-automaton for a MSO-definable and bisimulation closed class of transition
systems should not use the formula “diff” and hence the class should be also
Lµ -definable by the last theorem. In this section we will prove this conjecture.
Notice that the considered µ-automata are non-deterministic, so the argument
must deal with this fact, i.e., the µ-automaton may have only runs using instances
of the formula “diff” but nevertheless the µ-automaton accepts a bisimulation
closed class. This means that at last the acceptance of this class does not depend
on the use of instances of the formula “diff” in the particular run.
252 Philipp Rohde

Theorem 14.18. Let C be a bisimulation closed class of transition systems,

then

C is MSO-definable ⇐⇒ C is Lµ -definable.

For one direction we need the following lemma:

Lemma 14.19. Let ϕ be a MSO-sentence. Then there is an effectively con-

 such that for every transition system M:
structible Lµ -sentence ϕ


 |= ϕ ⇐⇒ M, srM |= ϕ.
M 

Before proving the lemma let us show how it implies the theorem:

Proof (of Theorem 14.18). Let C be a bisimulation closed class of transition

systems.
(⇐) By Proposition 14.11 every Lµ -definable class is MSO-definable as well.
(⇒) Let ϕ be a MSO-sentence defining the class C. Let M be an arbitrary
transition system. By Exercise 14.2, M and M are bisimilar. Since C is bisimu-

lation closed we obtain M |= ϕ ⇐⇒ M |= ϕ. Let ϕ  be the Lµ -sentence given by
Lemma 14.19, so


M |= ϕ ⇐⇒ M  |= ϕ ⇐⇒ M, srM |= ϕ. 

In particular we have C = C MSO (ϕ) = C Lµ (ϕ)

 and so C is Lµ -definable. 
It remains to prove the lemma:

Proof (of Lemma 14.19). For a formula ψ of the form


∃x1 , . . . , xm . pki (xi ) ∧ diff(x1 , . . . , xm ) ∧
1≤i≤m


∀y. diff(y, x1 , . . . , xm ) −→ χ(y) (14.2)

we define the formula ψ ∗ by substituting “true” for “diff” in ψ:

 
ψ ∗ := ∃x1 , . . . , xm . pki (xi ) ∧ ∀y.χ(y) . (14.3)
1≤i≤m

For a disjunction θ = ψ1 ∨ · · · ∨ ψl let θ∗ := ψ1∗ ∨ · · · ∨ ψl∗ .

Let ϕ be a MSO-sentence and let C be the class of transition trees defined
by ϕ (notice that we consider transition trees here). By Theorem 14.16(3) there
is a µ-automaton A = (Q, ΣP , ΣR , qI , δ, Ω) such that C = L(A) and all formulae
of Sent(ΣR × Q) have the form as stated in the theorem. In particular for every
q ∈ Q and P ⊆ ΣP the formula δ(q, P ) is a disjunction of formulae of the form
given by (14.2). Let δ ∗ (q, P ) := (δ(q, P ))∗ . We define the µ-automaton A∗ by

A∗ = (Q, ΣP , ΣR , qI , δ ∗ , Ω) .
 14 Expressive Power of MSO and Lµ 253

 is
Claim. Let M be a transition system. Then M is accepted by A∗ iff M
accepted by A.

Before proving the claim let us show how it implies the lemma. By defi-
nition of the function δ ∗ the µ-automaton A∗ has the required form of The-
orem 14.16(2). Hence there is a Lµ -sentence ϕ  such that L(A∗ ) = C Lµ (ϕ).
 By

Exercise 14.2 the ω-unravelling M is a transition tree for every transition system
M, hence we obtain by the claim

 ∈ C = L(A) ⇐⇒ M ∈ L(A∗ ) = C Lµ (ϕ).

M 

So we have


 |= ϕ ⇐⇒ M, srM |= ϕ.
M 

It remains to prove the claim:

Proof (of Claim). (⇒) Suppose that M is accepted by A∗ . We want to show

that M is accepted by A. We consider the µ-games G ∗ := G(M, A∗ ) and G :=
 A). By the assumption Player 0 has a winning strategy f ∗ in the game G ∗ .
G(M, 0
We want to define inductively a winning strategy f0 for Player 0 in the game G.
For that we play the games G ∗ and G simultaneously and transfer each move of
Player 1 from G to G ∗ . Then we transfer the suggested move of Player 0 by the
given

M strategy
 f0∗ in the game G ∗ back to G. Both games have the initial position
sr , qI . Let

M 
sr , qI , m1 , (u1 , q1 ), . . . , mn , (un , qn )

be a prefix of a play in the game G according to the induction. Since we have

that ui+1 is an ri+1 -successor of ui for some ri+1 ∈ ΣR we may assume that
ui+1 = ui (ai+1 , ri+1 , si+1 ) holds for every i < n with ai+1 ∈ ω and si+1 ∈ S M .
Consider the corresponding prefix

M  ∗
sr , qI , m1 , (s1 , q1 ), . . . , m∗n , (sn , qn )

in the game G ∗ where si+1 is an ri+1 -successor of si and m∗i

∗ ∗
are according to the strategy f0 . Let mn+1 : ΣR × Q → P

theMmarkings

SCC (sn ) be the
marking suggested by f0∗ for the current position (sn , qn ). We define the marking
mn+1 : ΣR × Q →


P c 
SCCM (un ) by
 
mn+1 (r, q) := un (a, r, t)  t ∈ m∗n+1 (r, q) .
a∈ω

In particular we have

m∗n+1 = ∅ =⇒ mn+1 = ∅. (14.4)

254 Philipp Rohde

By definition of the ω-unravelling we have mn+1 (r, q) ⊆ sccM

c
r (un ). Moreover it
holds

sn ∈ pM ⇐⇒ un ∈ pM ,
c (14.5)
c
in particular LM (sn ) = LM (un ) and therefore



c ∗
δ ∗ qn , LM (sn ) = δ qn , LM (un ) . (14.6)

Next we define abbreviations for the two first order structures which occur in
the rules of the games:


N := SCCM (sn ), { m∗n+1 (r, q) | r ∈ ΣR , q ∈ Q }

and
 c(un ), { mn+1(r, q) | r ∈ ΣR , q ∈ Q } .
 := SCCM
N

By the fact that m∗n+1 is a legal move of Player 0 in the game G ∗ we have


N |= δ ∗ qn , LM (sn ) . (14.7)


Let ψ ∗ be some satisfied disjunct of δ ∗ qn , LM (sn ) of the form (14.3). We will
show that
 |= ψ,
N

where ψ has the original form given by (14.2). By (14.4) the ‘existential part’
of ψ is satisfied by the structure N  as well. Because of the ω-indexing there are
infinitely many elements in mn+1 (r, q) corresponding to each single element in
m∗n+1 (r, q). Hence we can always choose pairwise different witnesses in N  , i.e.,
the formula diff(x1 , . . . , xm ) is additionally satisfied.
Next we check that N  is a model of ∀y.χ(y) as well, in particular the re-


striction ∀y. diff(y, x1 , . . . , xm ) −→ χ(y) and therefore ψ is satisfied by N  . To
c
see this let v = un (a, r, t) be an arbitrary element of SCCM (un ). Then t is an
r-successor of sn and by (14.7) we have N |= χ(t), i.e., N is a model of some ap-
propriate predicates p(t) occurring in χ. Since each p is interpreted as m∗n+1 (r, q)
for some q ∈ Q it follows that t ∈ m∗n+1 (r, q) and therefore v ∈ mn+1 (r, q) by
the definition of mn+1 . This means that N  is a model of the same predicates
p(v) and therefore a model of χ(v).
In summary this means that taking mn+1 is indeed a legal move of Player 0
in the game G. So we define the value of the strategy f0 for the current position
by mn+1 . From this position Player 1 chooses some rn+1 ∈ ΣR , qn+1 ∈ Q and a
state un+1 ∈ mn+1 (rn+1 , qn+1 ) with un+1 = un (a, rn+1 , t). The pair (un+1 , qn+1 )
becomes the next position in the game G. Now we let sn+1 := t and continue the
game G ∗ by the move (sn+1 , qn+1 ) of Player 1. We arrive at prefixes of plays in
G and G ∗ satisfying our initial assumption.
 14 Expressive Power of MSO and Lµ 255

It is clear that if Player 1 gets stuck in the game G ∗ then he cannot make
a move in the game G as well. On the other hand by the inductive definition of
the strategy f0 Player 0 can always make a move in G. Hence he cannot lose in
a finite number of rounds. For an infinite play the result is the sequence

M 
sr , qI , m1 , (u1 , q1 ), . . . , mn , (un , qn ), . . .

The corresponding play in G ∗ is infinite as well:

M  ∗
sr , qI , m1 , (s1 , q1 ), . . . , m∗n , (sn , qn ), . . .

Let π = qI q1 q2 . . . be the sequence of the played automaton states, which is the

same for both games. Because the play in G ∗ is according to the winning strategy
f0∗ the smallest integer appearing infinitely often in the sequence Ω(qI )Ω(q1 ) . . .
is even. But the parity function Ω is identical for both automata and therefore
the value of min Inf(Ω(π)) is the same. It follows that Player 0 wins the game
G as well. Hence f0 is indeed a winning strategy for Player 0 and M  is accepted
by the µ-automaton A.
(⇐) Suppose now that M  is accepted by A and let f0 be a winning strategy
for Player 0 in the game G. The argument is analogous to the one above with
interchanged roles of the games, i.e., now we want to define inductively a winning
strategy f0∗ for Player 0 in the game G ∗ . We use the same notations as before.
Let

M  ∗
sr , qI , m1 , (s1 , q1 ), . . . , m∗n , (sn , qn )

be a prefix of a play in the game G ∗ according to the induction and let

M 
sr , qI , m1 , (u1 , q1 ), . . . , mn , (un , qn )

be the corresponding prefix in the game G where we have: if si+1 ∈ sccM r (si )
holds for r ∈ ΣR then ui+1 = ui (a, r, si+1 ) for some a ∈ ω. The markings mi are
played according to the strategy f0 .
Let mn+1 : ΣR × Q →


P c 
SCCM (un ) be the marking suggested by f0 . We
define the marking m∗n+1 : ΣR × Q →


P 
SCCM (sn ) by
 

m∗n+1 (r, q) := t ∈ S M  ∃a ∈ ω. un (a, r, t) ∈ mn+1 (r, q) .

Again we have m∗n+1 (r, q) ⊆ sccMr (sn ) by the definition of the ω-unravelling.
Since mn+1 is a legal move of Player 0 in the game G we have

c(un ).
 |= δ qn , LM
N (14.8)

c 
Let ψ be some satisfied disjunct of δ qn , LM (un ) . We have to check that m∗n+1
is indeed a legal move of Player 0 in the game G ∗ . By (14.6) it suffices to show
that

N |= ψ ∗ , (14.9)
256 Philipp Rohde

where ψ ∗ is the formula defined by (14.3). We may assume that the occurring
predicates are pki = (ri
, qi
) with ri
∈ ΣR and qi
∈ Q for every i ∈ {1, . . . , m}.
First we check that

m∗n+1 (ri
, qi
) = ∅ for i ∈ {1, . . . , m}

and therefore

N |= ∃x1 , . . . , xm . pki (xi ). (14.10)
1≤i≤m


 |= ∃x1 , . . . , xm .
By (14.8) it follows that N  |=
pki (xi ), in particular N
1≤i≤m
∃xi .pki (xi ) for every i ∈ {1, . . . , m}. Hence there is some v ∈ SCCM (un ) such
c
that v ∈ mn+1 (ri
, qi
). By the definition of successors in M  and the fact that




mn+1 (ri , qi ) contains only ri -successors of un in M we have v = un (a, ri
, t) for
some a ∈ ω and t ∈ S M . Hence t ∈ m∗n+1 (ri
, qi
) by the definition of m∗n+1 . Next
we check

N |= ∀y.χ(y). (14.11)

Let t ∈ sccM r (sn ) for some r ∈ ΣR . We use again the property of the ω-
unravelling that there are infinitely many different r-successors of un in M  cor-
responding to each r-successor of sn in M. Hence there exists an a ∈ ω such that
for v = un (a, r, t) we have N  |= diff(v, x1 , . . . , xm ). Therefore N
 |= χ(v) holds
by (14.8). Since χ is monotone in the predicates  we obtain N |= χ(t). To see this,
notice that χ(v) has the form χ(v) = w w pw,w (v) with pw,w ∈ ΣR × Q. So
we have N  |= pw,w (v) for some appropriate pairs (w, w
), i.e., v is an element
of mn+1 (r, qw,w ). We obtain t ∈ m∗n+1 (r, qw,w ) by the definition of m∗n+1 and
therefore N |= pw,w (t) for the same predicates, i.e., N |= χ(t) is true. By (14.10)
and (14.11) and the definition of ψ ∗ we have N |= ψ ∗ . This proves (14.9).
Taking m∗n+1 is therefore a legal move of Player 0 in the game G ∗ . We define
the value of the strategy f0∗ for the current position by m∗n+1 and arrive at the
prefix

M 
sr , qI , m1 , (u1 , q1 ), . . . , mn , (un , qn ), mn+1

in the game G and the corresponding prefix

M  ∗
sr , qI , m1 , (s1 , q1 ), . . . , m∗n , (sn , qn ), m∗n+1

in the game G ∗ . From this position in G ∗ Player 1 chooses some rn+1 ∈ ΣR ,

qn+1 ∈ Q and a state sn+1 ∈ m∗n+1 (rn+1 , qn+1 ) and the pair (sn+1 , qn+1 ) be-
comes the next position in G ∗ . By definition of m∗n+1 there is an a ∈ ω such
that un (a, rn+1 , sn+1 ) ∈ mn+1 (rn+1 , qn+1 ). We choose some an+1 ∈ ω with this
property and define

un+1 := un (an+1 , rn+1 , sn+1 ).

 14 Expressive Power of MSO and Lµ 257

Then (un+1 , qn+1 ) is a legal move of Player 1 in the game G and we continue
it by this move. Again we arrive at prefixes of plays in G and G ∗ satisfying our
initial assumptions.
We have to check that f0∗ is indeed a winning strategy for Player 0 in the
game G ∗ . By the inductive definition of f0∗ Player 0 can always make a move and
hence he cannot lose in a finite number of rounds. As in the first case the played
automaton states in any infinite play of G and in the corresponding infinite play
of G ∗ are the same and the parity functions of both automata are identical. Since
the play in G is according to the winning strategy f0 of Player 0 the value of
min Inf(Ω(π)) is even. It follows that Player 0 wins the game G ∗ as well. Hence f0∗
is indeed a winning strategy for Player 0 and M is accepted by the µ-automaton
A∗ .

This completes the proof of the Claim and of Lemma 14.19. 

Since the branching time temporal logic CTL∗ is easily translatable into
monadic second order logic over unwindings of transition systems and formulae
resulting from this translation are bisimulation closed we obtain immediately a
result of Dam shown in [44]:

Corollary 14.20. CTL∗ is translatable into Lµ .

15 Prefix-Recognizable Graphs and
Monadic Logic

Martin Leucker

Department of Computer Systems

Uppsala University

15.1 Introduction

In 1969, Rabin [148] showed that the monadic second-order theory (MSO-theory)
of infinite binary trees is decidable (see Chapter 12 of this volume or [183]). Ever
since, it has been an interesting goal to extend this result to other classes of
objects.
Muller and Schupp [135] showed that the class of pushdown graphs has a
decidable MSO-theory. This class is obtained by considering the configuration
graphs of pushdown machines. The result was later extended to the class of
regular graphs introduced by Courcelle [42], which are defined as solutions of
graph-grammar equations.
Prefix-recognizable graphs were introduced by Caucal in [28]. They extend
the pushdown graphs of Muller and Schupp and the regular graphs of Courcelle.
Originally, Caucal introduced this class of graphs via transformations on the
complete infinite binary tree. The decidability result of their MSO-theory was
obtained by showing that these transformations are definable by MSO-formulas.
Hereby, the decidability result of the MSO-theory of trees was transferred to
the class of prefix-recognizable graphs. The approach can also be understood
as interpreting prefix-recognizable graphs in the infinite binary tree by means of
MSO-formulas. Barthelmann [6] and Blumensath [12] showed independently that
Caucal’s class of graphs coincides with the class of graphs MSO-interpretable in
the infinite binary tree. In simple words, prefix-recognizable graphs provide a
decidability proof of their MSO-theory via MSO-interpretations in the infinite
binary tree.
The aim of this chapter is to present prefix-recognizable graphs and to show
several of their representations. In contrast to Caucal’s original outline, we start
with graphs that are MSO-interpretable in the binary tree. In this way, we
obtain a natural class of graphs which trivially have a decidable MSO-theory
(see Section 15.3). We then provide several representations of these graphs in
Section 15.3 and Section 15.5. We learn that prefix-recognizable graphs can be
represented by means of prefix-transition systems, whose prefixes form regular
languages, justifying the name of this class. Furthermore, we introduce Caucal’s
transformations on the binary tree and show that they induce the same class of
graphs.


Supported by European Research Training Network “Games”.

E. Grädel et al. (Eds.): Automata, Logics, and Infinite Games, LNCS 2500, pp. 263-283, 2002.
 Springer-Verlag Berlin Heidelberg 2002
264 Martin Leucker

Although the class of prefix-recognizable graphs is the largest natural class

proving a decidability via interpretation in the binary tree, it should be men-
tioned that there are graphs which are not prefix-recognizable but have a de-
cidable MSO-theory (see [12]). A different natural class of structures having a
decidable MSO-theory is presented in Chapter 16.
This chapter is organized as follows. In Section 15.2, we fix our notation and
introduce basic concepts. Section 15.3 introduces prefix-recognizable graphs as
graphs which are MSO-interpretable in the infinite binary tree and provides a
first representation. In Section 15.4 we present transformations on graphs and
show some of their properties. Applying all these transformations on the binary
tree will yield the same class of graphs. This is shown in Section 15.5. A char-
acterization in terms of pushdown graphs in given in Section 15.6. We conclude
by summarizing our results and by giving further representations.

15.2 Preliminaries

We denote alphabets by Σ, Γ, . . . , and N . The most important alphabet consid-

ered in this chapter is the binary alphabet consisting of 0 and 1. It is denoted
by B = {0, 1}. As usual, a language over Σ is a subset of Σ ∗ , the set of finite
sequences of elements of Σ. The elements of Σ ∗ are called words. The empty
word is denoted by ε. Σ + denotes Σ ∗ \ {ε}. The class of regular languages
over Σ is denoted by REG(Σ ∗ ). For two sets of words U and V , we denote by
U V their language product, i.e., U V = {uv | u ∈ U, v ∈ V }.
A tree over an alphabet N is a structure T = (T, (σa )a∈N ). Here, T ⊆ N ∗
is prefix-closed and is called the domain of T. The a-successor relation σa
contains all pairs (x, xa) for xa ∈ T . The complete tree over N is TN :=
(N ∗ , (σa )a∈N ). It is sometimes convenient to regard trees as partial orders (T, 
, ), where  is the prefix-ordering and x  y denotes the longest common pre-
fix of x and y. Further, we identify a prefix-closed set T ⊆ N ∗ with the tree
(T, (σa )a∈N ). A Σ-labelled tree (Σ-tree for short) is either represented as a
structure (T, (σa )a∈N , (Pa )a∈Σ ) with Pa ⊆ T or simply as a mapping T → Σ.
Finally, a regular tree is a tree with only finitely many subtrees up to iso-
morphism. In the following, by tree we will usually mean a complete infinite
tree.
Figure 15.1 shows part of the infinite binary tree. Note that node 0 has
successors 00 and 01. Hence, node s is a descendant of s iff s = su for an
appropriate word u. Sets of successors might therefore be represented by sets
of suffixes. Originally, sets of descendants were identified by prefixes, yielding
the notion of prefix-recognizable graphs. We follow the suffix approach because it
simplifies our notation. It is clear that everything presented in this chapter can
be turned into a “prefix” version by a simple “reversal” operator.
The kind of graphs we are going to consider are edge-labelled directed graphs.
As for trees, the vertices will usually be words over some alphabet N , and the
edge labels are from some alphabet Σ. Such a graph is also called Σ-graph.
The edge set is partitioned into sets Ea collecting the edges labelled a. Thus
 15 Prefix-Recognizable Graphs and Monadic Logic 265

0 1

00 01 10 11

Fig. 15.1. A part of the binary tree

graphs will be represented in the form G = (V, (Ea )a∈Σ ). For convenience we
allow graphs to be represented also in the form G = (V, E) for V ⊆ N ∗ and
E ⊆ N ∗ ×Σ ×N ∗ . Sometimes, we simply use a ternary relation E ⊆ N ∗ ×Σ ×N ∗
for a graph G, in which case we assume VG (the set of nodes of ) to be G
implicitly defined by VG = {s | ∃a ∈ Σ, ∃t ∈ N ∗ .(s, a, t) ∈ E or (t, a, s) ∈ E}. It
is obvious that our notion of graphs subsumes that of trees.
Another key feature of our notion of graphs is that their nodes can be asso-
ciated with words over some alphabet Σ. Hence, the nodes of graphs constitute
languages. It is a traditional task to deal with finite representations of infinite
languages by means of automata. Taking languages as the domain for our node
sets, we provide the framework of automata theory for defining, characterizing,
and modifying the corresponding graphs.
Let G = (V, (Ea )a∈Σ ) be a graph. An edge (s, t) ∈ Ea is denoted by s−→t,
a
G
or, if G is fixed, by s−→t. A path from s to t in G via a word u = a1 . . . ak ∈ Σ ∗
a

is a sequence
a1 a k
s = p1 −→ · · · −→ pk+1 = t
G G
u
for s, t ∈ V , and appropriate nodes pi ∈ V . We write s=⇒t iff there is path from
G
s to t via u. Again, we may omit the subscript G if it is clear from the context.
L
We write s=⇒t to denote that there is path from s to t via a word u which is
in L. A root of a graph is a node from which all other nodes are reachable, i.e.,
r ∈ V is a root iff for all s ∈ V there is a u ∈ Σ ∗ such that there is path from r
to s via u.
Given a sequence of edges, its sequence of labels is a word over the alphabet
Σ. Given two nodes s and t of a graph G, we define the language L(G, s, t) to
be the union of all words which are obtained on paths from s to t in G in the
way described above. The union of L(G, s, t) for arbitrary nodes s and t of G is
abbreviated by L(G).
a
A letter a can be associated with the set of a-labelled edges {p−→q}, while
a word w = a1 . . . an over Σ can be associated with the w-paths from a node p
a1 an
to a node q, p = p0 −→ · · · −→p n = q.
a
Given sets of words W, U , and V we denote by W (U −→V ) the set of edges
a a
{wu−→wv | w ∈ W, u ∈ U, v ∈ V }. In a similar manner, we define U −→V . A
graph G is called recognizable iff there are a natural number n and a1 , . . . , an ∈
Σ, U1 , V1 , . . . , Un , Vn ∈ REG(Σ ∗ ) such that G = U1 −→V
a1 an
1 ∪ · · · ∪ Un −→Vn .
Let us recall the automata theoretic notations from Chapter 1. We denote
finite automata over words by tuples A = (Q, Σ, ∆, q0 , F ) with a set of states
266 Martin Leucker

Q, alphabet Σ, transition relation ∆, initial state q0 , and acceptance condition

F . Sometimes, if the automaton is deterministic, ∆ is replaced by a function δ.
The language accepted by A is denoted by L(A).
The power set of a set Σ is denoted by (Σ). P
Let us recall some basic definitions regarding monadic second-order logic.
MSO-logic extends first-order logic FO by quantification over sets. First-order
variables are usually denoted by x, y, . . . and second-order variables by X, Y, . . . ,
X1 , . . . We write ϕ(x, y) to denote that ϕ has free variables among x and y. The
theory of a structure comprises all formulas that hold in the structure. For
a graph G, we denote by MTh(G) its theory. For a thorough introduction to
MSO-logic we refer to Chapter 12 of this volume.

15.3 Prefix-Recognizable Graphs

Given a structure B, an MSO-formula ϕ(x) with a free first order variable x

induces the set B = ϕB (x) = {b | B |= ϕ(b)}. We can specify a graph G = (V, E)
by providing MSO-formulas ϕ(x) and ψ(x, y) such that V = ϕB (x) and E =
ψ B (x, y) (defined analogously). In this case we say that G is MSO-interpretable
in B via the formulas ϕ, ψ. Interpretations are a general tool for obtaining classes
of finitely presented structures with sets of desired properties.
In this section we introduce a class of graphs via MSO-interpretations in
the infinite binary tree. Since the latter has a decidable MSO-theory, we obtain
a natural class of graphs with a decidable MSO-theory. Furthermore, we give a
representation of these graphs in terms of prefix transition graphs whose prefixes
form regular sets of words. This justifies the name prefix-recognizable graphs.
Let us make the notion of an MSO-interpretation precise:

Definition 15.1. Let A = (A, R1 , . . . , Rn ) and B be relational structures. A

(one-dimensional) MSO-interpretation of A in B is a sequence

I = (δ(x), ε(x, y), ϕR1 (x̄), . . . , ϕRn (x̄))

of MSO-formulas such that

= (δ B (x), ϕB
A∼ B
R (x̄), . . . , ϕR
1 n
(x̄))/εB (x, y)

To make the previous structure well-defined, we require εB to be a congruence

of the structure (δ B (x), ϕB B
R1 (x̄), . . . , ϕRn (x̄)).

We write I : A ≤MSO B if I is an MSO-interpretation of A in B. Since A

is uniquely determined by B and I , we can regard I as a functor and denote
A by I (B). The coordinate map from δB (x) to A, the universe of A, is also
denoted by I . We call I injective if the coordinate map is injective.
If I is clear from the context, or if we want to express that there is an
interpretation of A in B, we simply write A ≤MSO B. In the latter case, we also
say that A is MSO-interpretable in B.
 15 Prefix-Recognizable Graphs and Monadic Logic 267

Example 15.2. Words are MSO-interpretable in the binary tree. Intuitively, an

infinite word can be obtained in the infinite binary tree by considering a single
branch. First, observe that Root (y) = ¬∃x S1 xy identifies the root of a tree. Let
us take the path obtained by always considering the right successor. Then, the
universe of a word is the minimal set of nodes that contains a root and all right
successors. Thus we define

δ(x) = ∀U (∃yU y ∧ Root (y) ∧ ∀p∀q(U p ∧ S1 pq → U q) → U x)

The successor relation is simply defined by ϕS0 (x, y) = S1 xy and every set
of labels Pa can be defined by ϕPa (x) = Pa x. It is now easy to see that I =
(δ(x), ε(x, y), ϕS0 , (ϕPa )a∈Σ ) is an MSO-interpretation of the word A in B where
ε is assumed to express the identity relation of δ A .
Exercise 15.1. A structure A = (A, <A ) is called a dense open order if <A is a
total order on A, if for all x ∈ A there are y, z ∈ A such that y <A x <A z, and
if for all x, y ∈ A such that x <A y there is a z ∈ A such that x <A z <A y.
Show that a dense open order can be interpreted in the infinite binary tree.
Theorem 15.3. If A ≤MSO B and B has a decidable MSO-theory then A has
a decidable MSO-theory.
Proof. We give a sketch of the proof. The details are left as an exercise for the
reader. Let I = (δ(x), ε(x, y), ϕR1 (x̄), . . . , ϕRn (x̄)) be an MSO-interpretation of
A in B. Consider a formula ϕ. Let ϕ be obtained from ϕ in the following way:
Replace every relational symbol R in ϕ by its defining formula ϕR . Furthermore,
relativize every quantifier to δ(x), i.e. substitute ∃xϕ by ∃x(δ(x) ∧ ϕ) and ∀xϕ
by ∀x(δ(x) → ϕ). Now it is easy to see that A |= ϕ iff B |= ϕ .
Since we are interested in interpreting graphs with labelled edges in struc-
tures, we deal with interpretations of the form I = (δ(x), ε(x, y), (ϕRa (x, y))a∈Σ ).
The decidability of the monadic second-order theory of TB was established
by Rabin in [148]. Thus, if we consider MSO-interpretations in the binary tree
we get structures with a decidable MSO-theory.
Corollary 15.4. Every graph which is MSO-interpretable in the infinite binary
tree TB has a decidable monadic second-order theory.
Let us now give a representation of the graphs which are MSO-interpretable
in TBin terms of prefix-transition graphs having regular prefixes.
Definition 15.5. Let Σ be an alphabet. A graph G = (V, (Ea )a∈Σ ) is called
prefix-recognizable iff it is isomorphic to a graph of the form


n
a i
Wi (Ui −→Vi)
i=1

for some n ≥ 0, a1 , . . . , an ∈ Σ and languages U1 , V1 , W1 , . . . , Un , Vn , Wn ∈

REG(B ∗ ). The class of prefix-recognizable graphs with edge labels among Σ is
denoted by PRG(Σ) or PRG if Σ is fixed.
268 Martin Leucker

We will show in Section 15.5 that we can choose an arbitrary alphabet with
at least two elements instead of B .

Example 15.6. Let us consider the graph with edge labels a and b given by
a b
B ∗ ((ε−→B ) ∪ B ∗ .(B + −→ε)). It is depicted in Figure 15.2. Note that this graph
is (A∗ , Ra , Rb ) is isomorphic to (ω, succ, >), where succ is the successor relation
on the natural numbers.

b b
b b b
a a a
ε A A2 A3

Fig. 15.2. A prefix-recognizable graph with infinite out-degree

This example shows that prefix-recognizable graphs may have nodes with
infinite out-degree. The class of prefix-recognizable graphs is a strict extension
of the class of regular graphs, since the latter have only a finite out-degree [42].
Every prefix-recognizable graph can be represented by a finite collection of
a
prefix-recognizable rewrite rules w.u−→v where w, u, and v are regular
expressions. This way of representing prefix-recognizable graphs will be employed
in Chapter 17.
Let us proceed to show that prefix-recognizable graphs coincide with graphs
that are MSO-definable in TB . In our constructions, we need to code tuples of
sets as labelled trees.

Definition 15.7. For sets X0 , . . . , Xn−1 ⊆ B ∗ , abbreviated by X̄, denote by

TX̄ the B n -labelled binary tree such that the i-th component of the label TX̄ (y)
for a node y is 1 iff y ∈ Xi . Singletons Xi = {xi } (i = 0, . . . , n − 1) are also
abbreviated by x̄.

Furthermore, we employ Rabin’s tree theorem which gives the relation be-
tween tree automata and MSO-logic: (see also Chapter 12 and [179])

Theorem 15.8. For each ϕ(X̄, x̄) ∈ MSO there is a tree-automaton A such
that L(A) = {TX̄ x̄ | TB |= ϕ(X̄, x̄)}.

Let us establish the representation first for injective interpretations.

Proposition 15.9. Let G be a graph which is MSO-interpretable n in TB via an

injective interpretation. Then G is isomorphic to i=1 Wi (Ui −→V
ai
i ) for some
n ≥ 0; a1 , . . . , an ∈ Σ; U1 , V1 , W1 , . . . , Un , Vn , Wn ∈ REG(B ∗ ).
 15 Prefix-Recognizable Graphs and Monadic Logic 269

Proof. Let I : G ≤MSO TB be an injective MSO-interpretation of G in TB . Note

that G = (V, (Ea )a∈Σ ) and every edge relation E is defined by a formula ϕ(x, y).
We have to show that every such edge relation E can be written as a finite union
of W (U → V ) where U, V , and W are regular. Let A = (Q, B , ∆, q0 , Ω) be the
tree-automaton associated with ϕ with respect to TB (cf. Chapter 12). Thus
L(A) = {Txy | TB |= ϕ(x, y)}. Note that every Txy ∈ L(A) is labelled by tuples
in B 2 . Nearly all nodes are labelled by [0, 0], except the node representing x, in
which the first component of the tuple is 1 and the node representing y, in which
the second component of the tuple is 1. Figure 15.3 shows a typical situation.
Observe, that each pair x and y can be written as a wu and wv in the way
described in the introductory section.
We construct languages Uq , Vq , and Wq such that u ∈ Uq , v ∈ Vq , and w ∈ Wq
if and only if there is an accepting
 run of A on T{wu}{wv} where the node w is
labelled by q. Thus, E = q∈Q Wq (Uq → Vq ). We show that every Uq , Vq , Wq is
regular, and since Q is finite, we are done.
Let Q0 ⊆ Q be the subset of states from which A accepts the tree labelled by
[0, 0] everywhere. Note that this set is computable for A. Obviously, wu or wv can
only occur in a subtree not labelled by [0, 0] everywhere. Hence, a node labelled
by the state q from which wu and wv are reachable is in this subtree. Hence, we
let Wq be the language recognized by the automaton (Q, B , ∆Wq , q0 , {q}) where

∆Wq := { (p, 0, p ) | (p, [0, 0], p , p0 ) ∈ ∆, p0 ∈ Q0 }

∪ { (p, 1, p ) | (p, [0, 0], p0 , p ) ∈ ∆, p0 ∈ Q0 }

If the desired state q is reached, we have to look for a node labelled by [1, ] for
an element of Uq and for a node labelled by [ , 1] for an element of Vq . Hence,
we let Uq := L((Q∪·{qf }, B , ∆Uq , q, {qf })) where

∆Uq := { (p, 0, p ) | (p, [0, c], p , p0 ) ∈ ∆, p0 ∈ Q0 , c ∈ B }

∪ { (p, 1, p ) | (p, [0, c], p0 , p ) ∈ ∆, p0 ∈ Q0 , c ∈ B }
∪ { (p, c, qf ) | (p, [1, d], p0 , p0 ) ∈ ∆, p0 , p0 ∈ Q0 , c, d ∈ B }

Vq is defined similar to Uq , only the tuples (labels) are switched.

q0 [0, 0] ε
w
q w
u v
[1, 0] wu = x
qf [0, 1] wv = y
qf

Fig. 15.3. A run of the tree automaton

270 Martin Leucker

Let us verify that it suffices to consider injective MSO-interpretations. Hence,

we may assume that the equivalence classes with respect to εB are singletons.
Let us first show the following lemma:

Lemma 15.10. Let D ⊆ B ∗ be regular and E ⊆ D × D an equivalence relation

which is prefix-recognizable.1 There is a regular language D ⊆ D such that D
contains exactly one element of each E-class.

Proof. Denote the E-class of x by [x], define p[x] := inf  [x] and sx := (p[x] )−1 x.
Let ϕp (x, y) be an MSO-definition of the function x → p[x] . Finally, let s be the
number of states of the tree automaton associated with E. We claim that each
class [x] has an element of length less than |p[x] | + s. Thus, one can define

D := {x ∈ D | sx ≤ sy for all y ∈ [x]}

where ≤ is the lexicographic ordering which is definable since the length of the
words is bounded so that we only need to consider finitely many cases.
To prove the claim, choose x0 , x1 ∈ [x] such that x0  x1 = p[x] . Since
(x0 , x1 ) ∈ E there are regular languages U, V, and W such that x0 = wu, x1 = wv
for u ∈ U , v ∈ V , and w ∈ W with w  p[x] . If |wu| ≥ |p[x] | + s then, by a
pumping argument, there exists some u ∈ U such that |p[x] | ≤ |wu | ≤ |p[x] | + s.
Hence, (wu , x1 ) ∈ E is an element of the desired length.

Let us return to εB . Since it is a binary relation, it may be understood as the

edge relation of a graph. By Proposition 15.9, this is prefix-recognizable, and by
the previous lemma, there is a regular set D which contains for every equivalence
class with respect to εB a single element. Since D is regular, there is an MSO-
formula δ  (x) defining D . Hence, if A ∼ = (δ B (x), ϕB B B
R1 (x̄), . . . , ϕRn (x̄))/ε (x, y)
B
then A is also isomorphic to (δ  (x), ϕB B
R1 (x̄), . . . , ϕRn (x̄)). Thus, the following
corollary holds.

Corollary 15.11.
(1) PRG is closed under prefix-recognizable congruences.
(2) Each graph MSO-interpretable in the binary tree has an injective MSO-
interpretation in TB .

Let us summarize the previous results:

Lemma 15.12. Suppose G is MSO-interpretable in TB . Then

n
G is isomorphic to a i
Wi (Ui −→Vi)
i=1

for some n ≥ 0; a1 , . . . , an ∈ Σ; U1 , V1 , W1 , . . . , Un , Vn , Wn ∈ REG(B ∗ ).

It is easy to see that also the converse holds.

1
in the sense of E considered as a set of edges
 15 Prefix-Recognizable Graphs and Monadic Logic 271

Lemma 15.13. Let G be a graph isomorphic to

n
a i
Wi (Ui −→Vi)
i=1

for some n ≥ 0; a1 , . . . , an ∈ Σ; U1 , V1 , W1 , . . . , Un , Vn , Wn ∈ REG(B ∗ ). Then

G is MSO-interpretable in TB .
Proof. We have to show that for each a ∈ {a1 , . . . , an } there is a formula
ϕRa (x, y) interpreting the a-edges in TB . Clearly, the prefix-ordering  on binary
strings is MSO-definable in TB . Further, for each regular language L ⊆ B ∗ there
exists an MSO-formula ϕL (u, v) stating the u  v and the labelling of the path
from u to v in TB is in L. The latter can be expressed by the formula Path L (x, y)
that can be defined inductively on L by:

Path ∅ (x, y) = ∃X(x ∈ X ∧ ¬(x ∈ X)) “false”

Path {b} (x, y) = Sb xy
Path L+M (x, y) = Path L (x, y) ∨ Path M (x, y)
Path L.M (x, y) = ∃z(Path L (x, z) ∧ Path M (z, y))
Path L∗ (x, y) = ∀X ((x ∈ X∧
∀p∀q((p ∈ X ∧ Path L (p, q)) → q ∈ X)) → y ∈ X)
 ai
We now see that, {i|a=ai } Wi (Ui −→Vi ) can be defined by


ϕRa (x, y) = ∃z (ϕWi (ε, z) ∧ ϕUi (z, x) ∧ ϕVi (z, y)) .
{i|a=ai }

Combining the previous two lemmas we get

Theorem 15.14. A graph G is MSO-interpretable in TB iff it is isomorphic to

n
a i
Wi (Ui −→Vi)
i=1

for some n ≥ 0; a1 , . . . , an ∈ Σ; U1 , V1 , W1 , . . . , Un , Vn , Wn ∈ REG(B ∗ ).

In other words, a graph is MSO-interpretable in TB iff it is prefix-recognizable.

Caucal introduced prefix-recognizable graphs employing transformations on
the binary tree instead of MSO-interpretations. We will redevelop his approach in
the next section, obtaining further representations of prefix-recognizable graphs.

15.4 Transformations on Graphs

In this section, we introduce several transformations on the complete infinite
binary tree. For the first two transformations, we will prove that they are defin-
able within MSO, giving rise to MSO-interpretations of graphs in TB . In other
words, we obtain prefix-recognizable graphs by employing our transformations.
272 Martin Leucker

We will employ these transformations in the next section to obtain further rep-
resentations of prefix-recognizable graphs.
The idea of the first transformation is to collapse paths within a given graph
to a single edge with a new label in the new graph. To be able to deal with
inverse edges of a graph, we introduce the notion of an inverse alphabet.
Definition 15.15. Let Σ be an alphabet. The inverse alphabet of Σ is the
set Σ := {a | a ∈ Σ} which is a disjoint copy of Σ. The extended alphabet of
Σ is the union of Σ and its inverse alphabet and is denoted by Σ̂.
Words over the extended alphabet of Σ may correspond to paths with inverse
edges. For example, the word abb may be understood as the set of pairs of nodes
a b b
(p, q) such that there are p1 and p2 with p1 −→p, p1 −→p2 , and p2 −→q.
We extend the notion of inverse letters to inverse words by defining for every
u = x1 . . . xk ∈ Σ̂ ∗ the inverse u of u by u = xk . . . x1 . Here, every xi is an
element of Σ̂ and for xi = a, a ∈ Σ, xi is identified with a.
Given a word u over Σ̂, we assign to u a normal form u↓ which is obtained
by removing all pairs aa or aa in u. Formally, we could define for Σ a rewrite
system ↓Σ ⊆ Σ̂ ∗ × Σ̂ ∗ by ↓Σ := {(aa, ε), (aa, ε) | a ∈ Σ} and show that it is
terminating and confluent. Hence, we can speak also about the normal form of
u.
Let us now define our first transformation. It is based on the notion of an
extended substitution.
Definition 15.16. Let Σ and Γ be two alphabets. An extended substitution
from Γ to Σ is a homomorphism from Γ into the power set of words over the
extended alphabet Σ̂. More precisely, h is a mapping such that for every b ∈ Γ

h(b) ∈ P (Σ̂ )
∗

and furthermore h(ε) = {ε} and h(uv) = h(u)h(v).

h is called regular iff h(b) is a regular set for all b ∈ Γ , and finite iff h(b) is
a finite set for all b ∈ Γ .

P
Sometimes, we silently assume an extended substitution to be extended to a
mapping from Γ̂ ∗ to (Σ̂ ∗ ) by h(b) = h(b) for b ∈ Γ .
Now we are ready to make precise the notion of an inverse substitution of a
graph.
Definition 15.17. Let G = (V, E) be a graph with edge labels from a given
P
alphabet Σ. Furthermore, let Γ be an alphabet, and let h : Γ → (Σ̂ ∗ ) be an
extended substitution. We define the inverse substitution h−1 (G) to be the
graph G = (V, E  ) such that
b u
s−→ t iff ∃u ∈ h(b) s=⇒t
G G
for all s, t ∈ V . The inverse substitution is called regular (respectively finite)
iff h is a regular (respectively finite) extended finite substitution.
 15 Prefix-Recognizable Graphs and Monadic Logic 273

Example 15.18. Let Σ = {a} be a singleton alphabet. Consider the extended

substitution given by h(a) = {0̄1}. The corresponding inverse substitution of
the infinite binary tree is shown in Figure 15.4.

•
0 1

• 0̄1 • • a •
a
0 1 0 1

• 0̄1 • • 0̄1 • • a • • a •

Fig. 15.4. A non-connected prefix-recognizable graph

For the graphs under consideration, we may assume without loss of generality
that their nodes are words over some alphabet Σ. Hence, the nodes of our graphs
constitute languages. A natural operation on languages is restriction. We will
consequently also consider a second transformation on the binary tree called
restriction.

Definition 15.19. Let G = (V, E) be a graph with universe V ⊆ N ∗ and edges

E ⊆ V × Σ × V for given alphabets N and Σ. Let L be a language over N . The
restriction of G with respect to L is defined to be the graph

(V ∩ L, E ∩ (L × Σ × L))

and is denoted by G|L . The restriction is called regular (respectively finite) iff

L is a regular (respectively finite) set.

A subgraph of a given graph G can be identified by a restriction such that

its nodes belong to the restricted language.
Let us show that regular restrictions of regular inverse substitutions are de-
finable in MSO to obtain one of our main results:

Theorem 15.20. Given a graph G with a unique root r, a regular substitution

h, and a regular label language L ∈ REG(N̂ ∗ ), we have:

MTh(G) decidable =⇒ MTh(h−1 (G)|LG ) decidable

L
where LG := {s | r=⇒s}.
G
Proof. Let ϕ be an MSO-formula. Observe that an a-successor of h−1 (G)|LG
corresponds to an h(a)-path in G. Furthermore, an element (a node) x exists
in h−1 (G)|LG iff it is the starting point or end point of some path in G and is
not removed because of the restriction with respect to L. The latter means that
274 Martin Leucker

the element is reached by some L-path from the root z of the graph. Hence, we
define the formula ϕL,h,z inductively:
Sa xy L,h,z = Path h(a) (x, y)
(x ∈ X)L,h,z = x∈X
(¬ϕ)L,h,z = ¬(ϕL,h,z )
(ϕ ∧ ψ)L,h,z = ϕL,h,z ∧ ψ L,h,z
(∃Xϕ)L,h,z = ∃XϕL,h,z
(∃xϕ)L,h,z = ∃x (Path L (z, x) ∧ ∃y(Path M (x, y) ∨ Path M (y, x))
∧ϕL,h,z

where M = h(a) and Path L (x, y) is as in Lemma 15.13. It is easy to see that

h−1 (G)|LG |= ϕ iff G |= ∃z (∀y Path N ∗ (x, y) ∧ ϕL,h,z ).

Note that the first conjunct assures that z is indeed a root of G.

The previous proof can easily be employed for defining an interpretation of
a graph h−1 (G)|LG in G. The successor relations are explicitly given and the
domain is easily defined using our ideas that led to the definition of the ∃x case.
The congruence ε(x, y) can be defined to be equality. Thus, we see:
Corollary 15.21. Regular restrictions of regular inverse substitutions of TB
yield prefix-recognizable graphs.
We conclude that the graph shown in Example 15.18 is prefix-recognizable.
Thus, we see that prefix-recognizable graphs are not necessarily connected. This
distinguishes prefix-recognizable graphs from tree-like structures presented in
Chapter 16.
As mentioned above, we will show in the next section that prefix-recognizable
graphs are indeed the graphs obtained as regular restrictions of regular inverse
substitutions of TB , establishing a further representation of the studied objects.
A further transformation considered is a marking of nodes belonging to a
given set. To mark nodes of our graph, we introduce a new symbol # ∈ Σ, and, as
we will see in the next section, add a #-edge for nodes to be marked. Therefore,
we consider also paths including this symbol #. To simplify our notation, we
write Σ̂# for an extended alphabet together with the symbol #. Also, we consider
∗
normalizations which further reduce # to the empty word ε. For a word u ∈ Σ̂#
its corresponding normal form is denoted by u↓#.
Definition 15.22. Let G = (V, E) be a graph with universe V ⊆ N ∗ and edges
E ⊆ V × Σ × V for given alphabets N and Σ. Let L be a language over N . The
marking of G, with respect to L, by a new symbol # not in Σ is defined to be
the graph
#
(V, E  ), where E  = E ∪ {s−→s | s ∈ L},

and is denoted by #L (G). The marking is called regular (respectively finite)

iff L is a regular (respectively finite) set.
 15 Prefix-Recognizable Graphs and Monadic Logic 275

Instead of Σ̂, we sometimes consider Σ̂# . All definitions extend to this case
in the obvious way.
Let us collect some properties and interrelations of the transformations men-
tioned above.

Lemma 15.23. Let Σ, Γ , and Ξ be alphabets, and G be a Σ-graph. Let h be an

extended substitution from Γ to Σ, and g one from Ξ to Γ . Then the following
holds:
u h(u)
=⇒ t iff s=⇒t for any u ∈ Γ + and s, t ∈ VG .
(1) s −1
h ( ) G G
(2) g (h (G)) = ((g ◦ h)−1 (G))|Vh−1 (G) , and if ε ∈ g(Ξ)
−1 −1

then g −1 (h−1 (G)) = ((g ◦ h)−1 (G)).

Definition 15.24. A set L is called stable in a graph G, iff any path between

vertices in L contains only vertices in L:

If s0 −→s1 · · · sn−1 −→sn and s0 , sn ∈ L then s1 , . . . , sn−1 ∈ L.

G G
For example, L is stable in G|L . A simple but useful insight is that a restric-
tion to any stable set commutes with any inverse substitution.

Lemma 15.25. If L is stable in G then

h−1 (G|L ) = h−1 (G)|L .

Any restriction of an image of a graph is an image of a marking of the graph:

Lemma 15.26. Let G = (V, E) be a graph with universe V ⊆ N ∗ and edges

E ⊆ V × Σ × V for given alphabets N and Σ. Let L be a language over N . Let #
be a new symbol not in Σ. Furthermore, let h be an extended substitution from
an alphabet Γ to Σ. Then

(h−1 (G))|L = g −1 (#L (G)),

with g(b) = #h(b)# for every b ∈ Γ .

Proof. By definition, g −1 (#L (G)) = {s−→t | ∃u ∈ g(b).s =⇒ t}. Since the

b u
#L ( ) G
words in the image under g are the ones under h with a # enclosing ele-
b u b
ments of L, we conclude that {s−→t | ∃u ∈ g(b).s =⇒ t} = {s−→t | ∃u ∈
G
#L ( )
u b u
h(b).s =⇒ t and s, t ∈ L}. The latter is equal to {s−→t | ∃u ∈ h(b).s=⇒t and
#L ( )G G
s, t ∈ L} since the words in the images of h do not contain the symbol #. Thus,
we obtain g −1 (#L (G)) = h−1 (G)|L .

We now show that the restriction to normal forms preserves regularity.

276 Martin Leucker

Lemma 15.27. Let L ∈ REG(N ∗ ) and M ∈ REG(N̂#

∗
). Then we have in an
effective way

(L(#L (TN )) ∩ M )↓# ∈ REG(N ∗ ).

Proof. Let M  = (L(#L (TN )) ∩ M )↓# . Let A = (Q, N̂# , δ, q0 , F ) be a finite

automaton recognizing M . We colour any vertex u ∈ N ∗ of TN by the set c(u)
of states p such that (p, u) is a vertex of the product Q × #L (TN ) reachable
from (q0 , ε):

c(u) = {p | L((Q, N̂# , δ, q0 , {p})) ∩ L(#L (TN ), ε, u) = ∅}

Hence, M  = {u ∈ N ∗ | c(u) ∩ F = ∅}. We show that M  is regular by proving

that c is a regular colouring of #L (TN ). We consider the following equivalence
≡ on N ∗ :

u ≡ v iff c(u) = c(v) and u−1 L = v −1 L

Note that u−1 L is an abbreviation for {w ∈ N ∗ | uw ∈ L}. As the image of c is

finite and L is regular, the equivalence ≡ is of finite index. Further, it is a simple
a
matter to show that ≡ is right-regular. So H := {[u]−→[ua] | u ∈ N ∗ and a ∈

N } is finite and M = L(H, [ε], {[u] | c(u) ∩ F = ∅}) is regular. Here, [u] denotes
the equivalence class of u with respect to ≡.
To show the effectiveness of the construction of M  , it suffices to show that
H can be effectively constructed. The latter is clear if c(u) is computable. This
can be seen by recalling that

(1) L(A) is regular,

(2) L(#L (TN ), ε, u) is context-free for every u ∈ N ∗ ,
(3) and the intersection of a regular and a context-free language is context-free.

Hence, the emptiness of L(A) ∩ L(#L (TN )), ε, u) is decidable.

Let us now show that instead of an arbitrary extended substitution, we can

assume the image to be normalized in the following sense:

Proposition 15.28. Let h be an extended substitution, yielding for each a ∈ Σ

a language over N̂# , and L ⊆ N ∗ . Let G be the graph with all edges of the form
w(u↓# )−→w(v↓# ) for uv ∈ h(a), u, v ∈ L(#w−1 L (TN )), and w ∈ N ∗ . Then
a

h−1 (#L (TN )) = G.

Proof. We show that h−1 (#L (TN )) ⊆ G. Let a

s −→ t. Thus, there is a
h−1 (#L ( TN ))
z ∗ u v
z ∈ h(a), such that s =⇒ t. Let w = s  t, w ∈ N . Hence, s =⇒ w =⇒ t,
#L ( TN ) #L ( TN ) #L ( TN )
with uv = z, and w is the node “closest to the root”. There are x, y ∈ N ∗ ,
u v u
such that s = wx and t = wy, with x =⇒ ε =⇒ y. So, ε =⇒ x,
#w−1 L ( TN ) #w−1 L ( TN ) #w−1 L ( TN )
 15 Prefix-Recognizable Graphs and Monadic Logic 277

u ∈ L(#w−1 L (TN )), and x = u↓# = u↓# . Similarly, v ∈ L(#w−1 L (TN )) and
a
y = v↓# . Thus, s = wx = wu↓# and t = wy = w(v↓# ). Finally, we have s−→t.
G
Let us now show the converse direction, i.e. G ⊆ h−1 (#L (TN )). Consider
s−→t. There are uv ∈ h(a) and w ∈ N ∗ , such that u, v ∈ L(#w−1 L (TN )), s =
a
G
t. Since u ∈ L(#w−1 L (TN )),
a
wu↓# , t = w(v↓# ). We must show that s −→
h−1 (#L ( TN ))
u u u
we have ε =⇒ u↓# = u↓# . So, u↓# =⇒ ε, s = wu↓# =⇒ w. In a
#w−1 L ( TN ) #w−1 L ( TN ) #L ( TN )
v uv h(a)
similar manner, we show that w =⇒ w(v↓# ) = t. Thus, s =⇒ t, s =⇒ t,
#L ( TN ) #L ( TN ) #L ( TN )
a
and s −→ t.
h−1 (#L ( TN ))

Proposition 15.28 is rather technical, but allows a simple presentation if we

introduce further notation.

Definition 15.29. Let Σ and N be alphabets, L ⊆ N ∗ , and G a graph, whose

edge relation is a subset of N ∗ × Σ × N ∗ . The right concatenation of G by L
is the graph

G.L := {uw−→vw
a a
| u−→v and w ∈ L}
G
Similarly, we define their left concatenation L.G. For the sake of brevity, we
also write GL and LG instead of G.L and L.G, respectively.

It is folklore that a regular language L ∈ REG(N ∗ ) is the union of finitely

many equivalence classes, given in the following form:

[u]L := {v | v −1 L = u−1 L} and [L] := {[u]L | u ∈ N ∗ }

Now, Proposition 15.28 can be stated for regular extended substitutions in

the following way:

∗
Corollary 15.30. For any substitution h : Σ → N̂# and L ∈ REG(N ∗ ), we
have that h−1 (#L (TN )) equals


W {u↓#−→v↓# | uv ∈ h(a) and u, v ∈ L(#W −1 L (TN ))}.
a

W ∈[L]

If we further omit markings, we can simplify Proposition 15.28 to:

Corollary 15.31. For any substitution h : Σ → N̂ ∗ we have that

h−1 (TN ) = N ∗ {u−→v | uv ∈ h(a)↓, u, v ∈ N ∗ and a ∈ Σ}.

a
278 Martin Leucker

15.5 Representations of Prefix-Recognizable Graphs

In Section 15.4, we introduced inverse substitution, restriction, and marking
as transformations on graphs. Here, we introduce classes of graphs as regular
restrictions of regular inverse substitutions on the complete binary tree. Fur-
thermore, we show that these classes can be obtained by considering regular
inverse substitutions of regular markings on the binary tree. Additionally, we
prove that any complete tree can be employed instead of the binary one. Last
but not least, we give a representation in terms of prefix-transition graphs which
provides a link to Section 15.3.
Definition 15.32. Let Σ and N be alphabets. We define the classes PRGN (Σ)|
∗
and PRG#N (Σ) of graphs with edge labels over Σ and nodes in N :
• G∈ PRGN (Σ)| iff G is isomorphic to h−1 (TN )|L for a suitable regular
extended substitution h from Σ to N and L ∈ REG(N ∗ ).
• G ∈ PRG# N (Σ) iff G is isomorphic to h
−1
(#L (TN )) for a suitable regular
extended substitution h from Σ to N and L ∈ REG(N ∗ ).
Proposition 15.33. For every alphabet N with B ⊆ N , we have
PRGN (Σ)| = PRGB (Σ)| = PRG# #
B (Σ) = PRGN (Σ)
(1) (2) (3)
Proof. We show that PRGN (Σ)| ⊆ PRG# N (Σ) ⊆ PRGB (Σ)| ⊆ PRGN (Σ)| .
This shows PRGN (Σ)| = PRGB (Σ)| = PRG#
N (Σ). The last equation implies for
#
N = B also PRGB (Σ)| = PRGB (Σ).
(1) First we show PRGN (Σ)| ⊆ PRG# N (Σ). Let G ∈ PRGN (Σ)| . So G is iso-
morphic to h−1 (TN )|L for a regular extended substitution h from Σ to N
and L ∈ REG(N ∗ ). By Lemma 15.26, h−1 (TN )|L = g −1 (#L (TN )) with
g(a) = #h(a)# for all a ∈ Σ.
(2) We now show PRG# N (Σ) ⊆ PRGB (Σ)| . Let G ∈ PRGN (Σ). So G is isomor-
#

phic to h−1 (#L (TN )) for a regular extended substitution h from Σ to N

and L ∈ REG(N ∗ ).
Let AL = (Q, N, δ, q0 , F ) be a finite and complete deterministic automaton
recognizing L. Without loss of generality, we may assume that for p, q ∈ Q
we have that δ(p, a) = δ(q, b) implies a = b.2 Thus, every reachable state
of Q has a unique “incoming” letter a. Let P denote the set of all se-
quences of states which can be obtained from the initial state q0 via δ:
P = {q0 p1 . . . pk | ∃k ≥ 0, ∃a1 , . . . , ak ∈ N, δ(q0 , a1 ) = p1 , δ(pi−1 , ai ) =
pi for all i ∈ {1, . . . , k}}. So every such sequence q0 p1 . . . pk corresponds to
a unique word a1 . . . ak . Furthermore, it is easy to see that P is a regular set.
Now consider the finite and therefore regular extended substitution f defined
by
f (a) = {ppq | δ(p, a) = q}
f (#) = {pp | p ∈ F }
2
Otherwise, duplicate states of AL appropriately.
 15 Prefix-Recognizable Graphs and Monadic Logic 279

Then: #L (TN ) is isomorphic to f −1 (TQ )|P . Instead of giving a formal proof,

#
let us consider as an example the transition s −→ s. Then s = a1 . . . ak ∈ L.
#L ( TN )
There is a unique sequence q0 p1 . . . pk with δ(q0 , a1 ) = p1 , δ(pi−1 , ai ) = pi for
i ∈ {1, . . . , k}, pk ∈ F , and q0 p1 . . . pk ∈ P . Hence, there is a corresponding
path from node q0 to node q0 p1 . . . pk in f −1 (TQ )|P labelled by a1 . . . ak .
This situation is depicted in Figure 15.5.

q0
q0
p1 a0
q0 p1

pk ∈ F ak
. . . pk
#

Fig. 15.5. Words vs. State

By definition, P is the vertex set of the connected component of f −1 (TQ )

containing q0 . Hence, P is stable for f −1 (TQ ).
We could now easily prove that G (isomorphic to h−1 (#L (TN ))) is isomor-
phic to h−1 (f −1 (TQ ))|P . However, we want to achieve such a result for B
instead of Q. Therefore, we use a standard encoding of elements of Q by
sequences of zeros and ones. Let Q = {p1 , . . . , pn } and for i ∈ {1, . . . , n}
g(pi ) = 01i−1 .
Furthermore, let M = g({p1 , . . . , pn }∗ ) = {0, . . . , 01n−1 }∗ . Note that M is
stable for g −1 (TB ). Then we have
g[TQ ] = g −1 (TB )|M .
The latter means that TQ is isomorphic to g −1 (TB )|M (via the isomorphism
g). Figure 15.6 depicts an encoding of the ternary tree in the binary tree.
The corresponding encoding function is given by:
g(a0 ) = 0
g(a1 ) = 01
g(a2 ) = 011
Since #L (TN ) is isomorphic to f −1 (TQ )|P , it is also isomorphic to the iso-
morphic image of f −1 (TQ )|P via g. Hence, it is isomorphic to:
g[f −1 (TQ )|P ] = g[f −1 (TQ )]|g(P )
= f −1 (g[TQ ])|g(P )
= f −1 (g −1 (TB )|M )|g(P )
= f −1 (g −1 (TB ))|M∩g(P ) Lemma 15.25
= (f ◦ g)−1 (TB )|Vg−1 (T ) ∩M∩g(P ) Lemma 15.23
B
= (f ◦ g)−1 (TB )|g(P )
280 Martin Leucker
• •

a0 a2
0 1 a1
a0

• a1 • • • •

0 1 0 1 a0 a2 a0
a0 a2 a1 a1

• a1 • • • • • • • •

0 1 0 1 0 1 0 1
a0
a2

• • • • • • • •

Fig. 15.6. Encoding a ternary tree in the binary tree

Note that g(P ) is stable for (f ◦ g)−1 (TB ), and, using Lemma 15.25, G is
isomorphic to:

h−1 ((f ◦ g)−1 (TB )|g(P ) )

= (h ◦ f ◦ g)−1 (TB )|g(P )
= ((h ◦ f ◦ g)↓# )−1 (TB )|g(P )

where for any x ∈ Σ, ((h ◦ f ◦ g)↓# )(x) = ((f ◦ g)(h(x)))↓# . As f ◦ g is a

finite substitution, we have ((h ◦ f ◦ g)↓# ) is a regular extended substitution.
Hence, G ∈ PRGB (Σ)| .
(3) Finally, we show PRGB (Σ)| ⊆ PRGN (Σ)| . Let G ∈ PRGB (Σ)| . So G is
isomorphic to h−1 (TB )|L ) for a regular extended substitution h : Σ → B and
L ∈ REG(B ∗ ). We have TB = ι−1 (TN )|B∗ , where ι denotes the identity on
B . Note that B ∗ is stable for ι−1 (TN ). Hence, G is isomorphic to:

h−1 (ι−1 (TN )|B∗ )|L = (h−1 (ι−1 (TN ))|B∗ )|L by Lemma 15.25
= (h ◦ ι)−1 (TN )|Vι−1 (T ) ∩B∗ ∩L by Lemma 15.23
= (h ◦ ι)−1 (TN )|B∗ ∩L
N

Since h ◦ ι is a regular extended substitution, we have G ∈ PRGB (Σ)| .

We now give three important representations of prefix-recognizable graphs.

Theorem 15.34 ([28]). Given an alphabet N with at least two letters, the fol-
lowing properties are equivalent:

(1) G is interpretable in TB .
(2) G ∈ PRGN (Σ)| .
(3) G is isomorphic to (N ∗ H)|L for some recognizable H ⊆ N ∗ × Σ × N ∗ and
∗
L ∈ REG(N ).
n
(4) G is isomorphic to i=1 Wi (Ui −→V
ai
i ) for some n ≥ 0; a1 , . . . , an ∈ Σ;
U1 , V1 , W1 , . . . , Un , Vn , Wn ∈ REG(N ∗ ).
 15 Prefix-Recognizable Graphs and Monadic Logic 281

Proof. (2) ⇒ (3): Assume G ∈ PRGN (Σ)| . So G is isomorphic to h−1 (TN )|L
for an appropriate extended substitution h from Σ to N and L ∈ REG(N ∗ ). By
Corollary 15.31, we can write h−1 (TN ) as N ∗ H for
∗
H = {uv ∈ h(a)↓ ∩ N N ∗ , a ∈ Σ}.

Since h is regular, h(a) is a regular language, let us say C. We are done by

∗
showing that C↓ ∩ N N ∗ is a finite union of the form U V for U, V ∈ REG(N ∗ ).
Let A = (Q, N̂ , δ, q0 , F ) be the automaton recognizing C. It is easy to see that
∗
C↓ ∩ N N ∗ equals


(L(Q, N, δ, q0 , q) ∩ L(TN ))↓(L(Q, N, δ, q, F ) ∩ L(TN ))↓,
q∈Q

and regularity follows from Lemma 15.27.

(2) ⇒ (4): Consider G ∈ PRGN (Σ)| . Hence, G is isomorphic to a h−1 (TN )|L
for a suitable regular extended substitution from Σ to N and L ∈ REG(N ∗ ).
For every a ∈ Σ, let Aa = (Qa , N̂# , δa , q0a , Fa ) be the automaton recognizing
h(a). By Corollary 15.30 and similar arguments as in the previous case, we can
write h−1 (TN ) as

a
W (U (a, q)−→V (a, q)),
W ∈[L]
a∈Σ
q∈Qa

where

U (a, q) = (L(Qa , N̂# , δa , q0a , q) ∩ L(#W −1 L (TN )))↓#

and

V (a, q) = (L(Qa , N̂# , δa , q, Fa ) ∩ L(#W −1 L (TN )))↓# .

Regularity again follows from Lemma 15.27.

(3) ⇒ (2): Let H ⊆ N ∗ ×Σ ×N ∗ be a recognizable graph and L ∈ REG(N ∗ ).
By Corollary 15.31, H = h−1 (TN ), such that h(a) = {uv | u−→v} for every
a
H
a ∈ Σ.
n
(4) ⇒ (2): Let G be isomorphic to i=1 Wi (Ui −→V
ai
i ) for some n ≥ 1;
∗
a1 , . . . , an ∈ Σ; U1 , V1
, W1 , . . . , Un , Vn , Wn ∈ REG(N
 ). Define L to be the
n
regular language L = i=1 Wi ai , and let h(a) = {Ui ai #ai Vi | ai = a} for
every a ∈ Σ be a regular extended substitution. Then G = h−1 (#L (TN )).
We have shown that (2) – (4) are equivalent. We had already shown in
Theorem 15.14 that (1) implies (4) and (2) implies (1), using Proposition 15.33.
Thus, all equivalences are shown.
282 Martin Leucker

15.6 Automata for Prefix-Recognizable Graphs

Let us conclude this chapter with a simple link from prefix-recognizable graphs
to pushdown automata. The result is due to Stirling [168], and the proof is due
to Caucal.3
Theorem 15.35. Regular restrictions of the ε-closures of pushdown graphs are
prefix-recognizable graphs.
Proof. “⇒”: Let us consider ε to be a new symbol. Then, the transition graph of
a pushdown automaton with ε-transitions is a regular graph. The ε-closure of this
graph can be obtained by an inverse regular mapping. Since regular graphs are
a special kind of prefix-recognizable graphs and the class of prefix-recognizable
graphs is closed with respect to regular inverse substitutions, we have that the
latter is prefix-recognizable. n
“⇐”: Let G = ( i=1 (Ui =⇒V
ai ∗
i )N )|L be a prefix-recognizable graph with
∗
U1 , V1 , . . . , Un , Vn , L ∈ REG(N ). For each Ui and Vi we have finite automata
AUi = (Qi , N, δi , q0i , Fi ) and Bi = (Qi , N, δi , q0i , Fi ) recognizing Ui and
U U U U V V V V V

Vi , respectively. Assume that these automata have pairwise disjoint state sets.
Let # be a new symbol and construct the following rewriting system R:
ε U
# =⇒ q0i
ε
pa =⇒ q if q ∈ δiU (p, a)
ε
p =⇒ q if p ∈ FiU and q ∈ FjU
ε
q =⇒ pa if q ∈ δiV (p, a)
V ai
q0i =⇒ #
So G is equal to the restriction to #L of the ε-closure of the prefix transition
graph of R.

15.7 Conclusion
In this chapter we introduced the class of prefix-recognizable graphs, originally
introduced by Caucal (cf. [28]). We have shown that this class of graphs is the
largest class of graphs providing a decidable MSO-theory provable by interpre-
tation in the infinite binary tree.
Several further representations of prefix-recognizable graphs were given in
the literature. Let us sum up (some) known results in the following theorem.
Whenever the formal notions are not clear, we refer the reader to the citations
given.
Theorem 15.36. Let G be a graph. The following statements are equivalent:
(1) G = h−1 (TB )|C for aregular substitution h and a regular language C.
(2) G is isomorphic to ni=1 Wi (Ui −→Va i
i ) for some n ≥ 0; a1 , . . . , an ∈ Σ;
U1 , V1 , W1 , . . . , Un , Vn , Wn ∈ REG(N ∗ ).
3
private communication
 15 Prefix-Recognizable Graphs and Monadic Logic 283

(3) G = h−1 (#C (TB )) for a regular substitution h and a regular marking C.
(4) G is MSO-interpretable in the binary tree TB .
(5) G is VR-equational.
(6) G is a prefix-transition graph of Type-2.
(7) G is the configuration graph of a pushdown automaton with ε-transitions.
The equivalence of (1) – (3) was obtained by Caucal in [28]. (4) and (5) are
shown in [6] and [12]. The last two characterizations are due to Stirling [168]. In
this chapter, we have shown the equivalence of (1) – (4) and (7).
Two-player games for push-down graphs and prefix-recognizable are studied
Chapter 17. A different natural class of objects providing a decidable MSO-
theory is presented in Chapter 16.
16 The Monadic Theory of Tree-like Structures

Dietmar Berwanger and Achim Blumensath

Mathematische Grundlagen der Informatik

RWTH Aachen

16.1 Introduction
Initiated by the work of Büchi, Läuchli, Rabin, and Shelah in the late 60s,
the investigation of monadic second-order logic (MSO) has received continuous
attention. The attractiveness of MSO is due to the fact that, on the one hand, it
is quite expressive subsuming – besides first-order logic – most modal logics, in
particular the µ-calculus. On the other hand, MSO is simple enough such that
model-checking is still decidable for many structures. Hence, one can obtain
decidability results for several logics by just considering MSO.
For these reasons it is an important task to classify those structures for which
MSO model-checking is decidable. So far, only partial results are known and it
seems doubtful whether a complete characterisation can be obtained.
On the one hand, a useful tool to prove undecidability is the result that MSO
model-checking for the grid ω × ω is undecidable. On the other hand, Rabin’s
famous tree theorem states that, for the complete binary tree, model-checking
is decidable. Since many structures can be interpreted in the binary tree this
provides a wide range of decidability results. Furthermore, we often only need
to consider trees, as many modal logics have the tree-model property.
In this chapter we present a generalisation of Rabin’s Tree Theorem. Given
a structure A we construct its iteration A∗ which is a tree whose vertices are
finite sequences of elements of A. For each relation R of A its iteration has the
relation
R∗ := { (wa0 , . . . , war ) | ā ∈ R, w ∈ A∗ }.
Additionally, we include the successor relation son containing all pairs (w, wa)
for w ∈ A∗ , a ∈ A, and the clone relation cl consisting of all elements of the
form waa. Muchnik’s Theorem states that model-checking is decidable for A if
and only if it is so for A∗ . The first published proof appears in Semenov [162]. It
generalises an unpublished result of Stupp [173] described in Shelah [163] where
the clone relation was left out. Our presentation follows Walukiewicz [200].
For the proof we employ the usual technique of translating formulae into
automata and vice versa. Since, in general, we are operating on trees of infinite
degree, a new type of automaton is needed where the transition function is
defined by MSO-formulae. Furthermore, in order to handle the clone relation,
the transition function has to depend on the current position in the input tree.
In the next section we introduce the kind of automaton we will use to prove
Muchnik’s Theorem but in a more general version than needed, and we prove
that these automata are closed under boolean operations and projection.

E. Grädel et al. (Eds.): Automata, Logics, and Infinite Games, LNCS 2500, pp. 285-301, 2002.
 Springer-Verlag Berlin Heidelberg 2002
286 Dietmar Berwanger and Achim Blumensath

In Section 16.3 we will restrict the class of automata to those with MSO-
definable transition function and the translation between automata and MSO-
formulae is presented.
Finally, Section 16.4 contains the proof of Muchnik’s Theorem.

16.2 Automata

To fix our notation, let [n] := {0, . . . , n − 1}. By B + (X) we denote the set
of (infinitary) positive boolean formulae over X, i.e., all formulae constructed
from X with disjunction and conjunction. An interpretation of a formula ϕ ∈
B + (X) is a set I ⊆ X of atoms we consider true. A Σ-labelled A-tree is a
function T : A∗ → Σ which assigns a label T (w) to each vertex w ∈ A∗ .
The main tool used for the investigation of MSO are automata on A-trees.
Since A is not required to be finite we need a model of automaton which can
work with trees of arbitrary degree. In addition the clone relation cl makes it
necessary that the transition function depends on the current position in the
input tree. Thus, we define a very general type of automaton which we will
restrict suitably in the next section.

Definition 16.1. A tree automaton is a tuple

A = (Q, Σ, A, δ, qI , W )

where the input is a Σ-labelled A-tree, Q is the set of states, qI is the initial
state, W ⊆ Qω is the acceptance condition, and
∗
δ : Q × Σ → B + (Q × A)A

is the transition function which assigns to each state q and input symbol c a
function δ(q, c) : A∗ → B + (Q × A). Frequently we will write δ(q, c, w) instead of
δ(q, c)(w).

Note that the transition function and acceptance condition of these automata
are not finite. To obtain finite automata we will represent the transition function
by an MSO-formula and consider only parity acceptance conditions in the next
section. For simplicity all results in this section are stated and proved for the
general model.
The language accepted by an automaton is defined by way of games. Recall
that a game G = (V0 , V1 , E, W ) consists of sets V0 and V1 of vertices associated
to the respective players, an edge relation E, and the set of winning plays W .

Definition 16.2. Let A = (Q, Σ, A, δ, qI , W ) be an automaton and T : A∗ → Σ

a tree. The game G(A, T ) is defined as follows:
(a) The set of vertices is


Q ∪ B + (Q × A) × A∗ .
 16 The Monadic Theory of Tree-like Structures 287

V0 consists of all pairs (q, w) ∈ Q × A∗ and all pairs of the form (ϕ, w) where
ϕ is either atomic or a disjunction, and V1 consists of all pairs where ϕ is a
conjunction.
(b) The initial position is (qI , ε).

(c) Each node (q, w) has the successor δ(q, T (w), w), w . The successors of
nodes (ϕ ◦ ψ, w) are
(ϕ, w) and (ψ, w) where ◦ is either ∧ or ∨. Finally, the
successor of nodes (q, a), w with atomic formulae is (q, wa).
(d) Let (ξi , wi )i<ω be a play. Consider the subsequence (ξik , wik )k<ω of po-
sitions where ξik = qk is a state. The play is winning if the sequence q0 q1 . . . is
in W .
The language L(A) recognised by A is the set of all trees T such that player 0
has a winning strategy for the game G(A, T ).

Sometimes it is more convenient to use a simpler game where several moves

of the same kind are replaced by a single one. Assume that δ is in disjunctive
normal form. The abridged game Ǧ(A, T ) is defined by replacing (a) and (c) in
the above definition by:
(a ) The set of vertices consists of V0 := Q × A∗ and

 V
1 := P
(Q × A) × A∗ .
(c ) Each node (q, w) ∈ V0 with δ(q, T (w), w) = i Φi has the successors
(Φi , w) for each i. The successors of some node (Φ, w) ∈ V1 are the nodes (q, wa)
for (q, a) ∈ Φ.
Both versions of the game are obviously equivalent. In the following sections
we will consider only parity acceptance conditions.

Definition 16.3. A parity condition is given by a function Ω : Q → [n]

and defines the set of all sequences (qi )i<ω ∈ Qω such that the least number
appearing infinitely often in the sequence (Ω(qi ))i<ω is even.

In the remainder of this section we will prove that automata as defined above
are closed under union, complement, and projection. This property is needed in
the next section in order to translate formulae into automata. We start with the
union.

Definition 16.4. Let Ai = (Qi , Σ, A, δi , qiI , Wi ), i = 1, 2, be tree automata.

Their sum is the automaton


A0 + A1 := Q1 ∪· Q2 ∪· {qI }, Σ, A, δ, qI , W

where

δ(q, c, w) := δi (q, c, w) for q ∈ Qi ,

δ(qI , c, w) := δ0 (q0I , c, w) ∨ δ1 (q1I , c, w),

and W consists of all sequences q0 q1 q2 . . . such that q0 = qI and qiI q1 q2 . . . ∈ Wi

for some i.

Lemma 16.5. L(A0 + A1 ) = L(A0 ) ∪ L(A1 ).

288 Dietmar Berwanger and Achim Blumensath

Proof. Note that G(A0 + A1 , T ) consists of disjoint copies of G(A0 , T ) and

G(A1 , T ), and a new initial position from which player 0 has to choose one
of the two subgames. Obviously, each winning strategy for player 0 in G(A0 , T )
or G(A1 , T ) is also a winning strategy in G(A0 + A1 , T ). On the other hand, if
σ is a winning strategy for player 0 in the compound game it is also winning
in either G(A0 , T ) or G(A1 , T ) depending on which subgame player 0 chooses in
his first move. 


Complementation is easy as well.

Definition 16.6. Let A = (Q, Σ, A, δ, qI , W ). Ā := (Q, Σ, A, δ̄, qI , W̄ ) is the

automaton with

δ̄(q, c, w) := δ(q, c, w) and W̄ := Qω \ W.

Here ϕ denotes the dual of ϕ, i.e., the formula where each ∧ is replaced by ∨
and vice versa.

Lemma 16.7. T ∈ L(Ā) iff T ∈

/ L(A).

Proof. Let G(Ā, T ) = (V̄0 , V̄1 , Ē, W̄ ). Note that in G(Ā, T ) the roles of player
0 and 1 are exchanged. V̄0 consists of all former V1 -nodes, and V̄1 contains all
V0 -nodes except for the atomic ones. Since the latter have exactly one successor
it is irrelevant which player they are assigned to. Thus, each choice of player 0
in the old game is made by player 1 in the new one and vice versa. Hence, each
winning strategy σ for player 0 in G(A, T ) is a strategy for player 1 in G(Ā, T )
which ensures that the resulting play induces a sequence in W = Qω \ W̄ . Thus,
σ is winning for 1. The other direction follows by symmetry. 


The closure under projections is the hardest part to prove. The projec-
tion Π(L) of a tree-language L is the set of all trees T : A∗ → Σ such that
there is a tree T  : A∗ → Σ × {0, 1} in L with T  (w) = (T (w), iw ) for some
iw ∈ {0, 1} and all w ∈ A∗ .
The proof is split into several parts. We prove closure under projection for
non-deterministic automata, and show that each alternating automaton can be
transformed into an equivalent non-deterministic one.

Definition 16.8. An automaton A := (Q, Σ, A, δ, qI , W )is  non-determinis-

tic if each formula δ(q, c, w) is in disjunctive normal-form i k (qik , aik ) where,
for each fixed i, all the aik are different.

Definition 16.9. Let A = (Q, Σ × {0, 1}, A, δ, qI, W ) be a non-deterministic

automaton. Define AΠ := (Q, Σ, A, δΠ , qI , W ) where

δΠ (q, c, w) := δ(q, (c, 0), w) ∨ δ(q, (c, 1), w).

Lemma 16.10. L(AΠ ) = Π(L(A))

 16 The Monadic Theory of Tree-like Structures 289

Proof. (⊇) Let σ be a winning strategy for player 0 in G(A, T ). G(AΠ , Π(T ))
contains additional vertices of the form (ϕ0 ∨ ϕ1 , w) where ϕi = δ(q, (c, i), w).
By defining
σ(ϕ0 ∨ ϕ1 , w) := ϕi for the i with T (w) = (c, i)
we obtain a strategy for player 0 in the new game. This strategy is winning since,
if one removes the additional vertices from a play according to the extended
strategy, a play according to σ in the original game is obtained which is winning
by assumption.
(⊆) Let σ be a winning strategy for player 0 in G(AΠ , T ). We have to define
a tree T  ∈ L(A) with T = Π(T  ). Since AΠ is non-deterministic the game has
the following structure: At each position ((q, a), w) with
 
δ(q, T (w), w) = i k (qik , aik )

player 0 chooses some conjunction k (qik , aik ) out of which player 1 picks a
successor (qik , aik ). Thus, for each word w ∈ A∗ there is at most one state q such
that a play according to σ reaches the position (q, w). Let σ(ϕ0 ∨ϕ1 , w) = (ϕi , w)
where ϕ0 ∨ ϕ1 = δ(q, T (w), w). We define T  by T  (w) := (T (w), i). 

It remains to show how to translate alternating automata to non-determin-
istic ones. To do so we need some notation to modify transition relations.
Definition 16.11. Let ϕ ∈ B + (Q × A).  
(a) The collection of ϕ is defined as follows. Let i k (qik , aik ) be the
disjunctive normal-form of ϕ.
collect(ϕ) :=
 

Qi (a), a ∈ B + ( (Q) × A)P
i a∈A

where Qi (a) := { qik | aik = a }.

(b) Let q  ∈ Q . The shift of ϕ by q  is the formula shq ϕ ∈ B + (Q × Q × A)
obtained from ϕ by replacing all atoms (q, a) by (q  , q, a).
(c) For S ⊆ Q × Q let
(S)2 := { q | (q  , q) ∈ S for some q  }.
The translation is performed in two steps. First, the alternating automaton is
transformed into a non-deterministic one with an obscure non-parity acceptance
condition. Then, the result is turned into a normal non-deterministic parity
automaton. The construction used for the first step is the usual one. For each
node of the input tree the automaton stores the set of states of the original
automaton from which the corresponding subtree must be accepted. That is, for
universal choices of the alternating automaton, all successors are remembered,
whereas for existential choices, only one successor is picked non-deterministically.
What makes matters slightly more complicated is the fact that, in order to define
the acceptance condition, the new automaton has to remember not only the set
of current states but their predecessors as well, i.e., its states are of the form
(q  , q) where q is the current state of the original automaton and q  is the previous
one.
290 Dietmar Berwanger and Achim Blumensath

Definition 16.12. Let A = (Q, Σ, A, δ, qI , W ) be an alternating automaton.

An :=


P
(Q × Q), Σ, A, δn , {(qI , qI )}, Wn


is the automaton where


δn (S, c, w) := collect shq δ(q, c, w).
q∈(S)2

P
A sequence (qi )i<ω ∈ Qω is called a trace of (Si )i<ω ∈ (Q × Q)ω if (qi , qi+1 ) ∈
P
Si for all i < ω. Wn consists of all sequences (Si )i<ω ∈ (Q × Q)ω such that
every trace of (Si )i<ω is in W .

Lemma 16.13. An is a non-deterministic automaton with L(An ) = L(A).

Proof. The definition of collect ensures that An is non-deterministic.

(⊇) Let T ∈ L(A) and let σ be the corresponding winning strategy for
player 0 in Ǧ(A, T ). To define a strategy σn in Ǧ(An , T ) consider a position
(S, w) ∈Ǧ(A, T ). Let σ(q, w) = (Φq , w) for q ∈ (S)2 . We define σn (S, w) :=
(collect Φ, w) where

Φ= shq Φq .
q∈(S)2

This is valid since (collect Φ, w) is a successor of (q, w).
To show that σn is a winning strategy consider the result (Si )i<ω of a play
according to σn . If (Φ, w) ∈ σn (Si , w) and (Si+1 , a) ∈ Φ, then for each (q, q  ) ∈
Si+1 it holds that (q  , a) ∈ Φq . Thus, all traces of (Si )i<ω are plays according
to σ and therefore winning.
(⊆) Let σn be a – not necessarily memoryless – winning strategy for player 0
in Ǧ(An , T ). We construct a winning strategy for player 0 in Ǧ(A, T ) as follows.
Let pn be a play according to σn in Ǧ(An , T ) with last position (S, w), and let p
be the play according to σ. By induction we ensure that the last position in p is
of the form (q, w) for some q ∈ (S)2 . Let (Φn , w) = σn (pn ) and define

Φ := { (q  , a) | (S  , a) ∈ Φn and ((q, q  ), a) ∈ S  for some S  }.


Then Φ is a conjunction in δ(q, T (w), w), by definition of δn , and we can set
σ(p) := (Φ, w). The answer of player 0 to this move consists of some position
(q  , wa) for (q  , a) ∈ Φ. Suppose that in Ǧ(An , T ) player 1 chooses the position
(Sa , wa) where Sa is the unique state such that (Sa , a) ∈ Φn . Since (q, q  ) ∈ Sa
the induction hypothesis is satisfied for the extended plays p(Φ, w)(q  , wa) and
pn (Φn , w)(Sa , a).
It follows that each play p according to σ in Ǧ(A, T ) is a trace of some play pn
according to σn and therefore winning by construction of An . 


The automaton An constructed above does not have a parity acceptance

condition. Since we intend to consider only parity automata in the next section,
 16 The Monadic Theory of Tree-like Structures 291

we have to construct a non-deterministic automaton with such an acceptance

condition. It is easy to see that, provided that the original automaton does have

P P
a parity acceptance condition, there is some parity automaton on infinite words
B = (P, (Q × Q), δ, p0 , Ω) which recognises Wn ⊆ (Q × Q)ω . Let Ap be the
product automaton of An and B, that is,


P
Ap = P × (Q × Q), Σ, A, δp , (p0 , qnI ), Σp


where

δp ((p, S), c, w) = shp δn (S, c, w) for p := δ(p, S)

and Ωp (p, S) = Ω(p).

Lemma 16.14. Ap is a parity automaton with L(Ap ) = L(An ).

Proof. Let σ be a winning strategy for player 0 in Ǧ(An , T ). We define a corre-

sponding strategy σ  in Ǧ(Ap , T ) by


σ  ((p, S), w) := shp Φ, w

where (Φ, w) = σ(S, w) and p = δ(p, S). That way every play





(p0 , S0 ), w0 Φ0 , w0 (p1 , S1 ), w1 Φ1 , w1 . . .

in Ǧ(Ap , T ) according to σ  is induced by a play

(S0 , w0 )(Φ0 , w0 )(S1 , w1 )(Φ1 , w1 ) . . .

in Ǧ(An , T ) according to σ. Further, (pi )i<ω is the run of B on (Si )i<ω . Since
the second play is winning, the first one is so as well, by definition of B. Hence,
σ  is a winning condition. The other direction is proved analogously. 


In the next section we will define a restricted class of automata where we

only allow transition-functions which are MSO-definable. In order to transfer
the results of this section we need to extract the required closure properties of
the set of allowed transition-functions from the above proofs.
Theorem 16.15. Let T be a class of functions f : A∗ → B + (Q × A) where
A and Q may be different for each f ∈ T . If T is closed under disjunction,
conjunction, dual, shift, and collection then the class of automata with transition
functions δ : Q × Σ → T is closed under union, complement, and projection.

16.3 Tree-like Structures

The type of automata defined in the previous section is much too powerful. In
order to prove Muchnik’s Theorem we have to find a subclass which corresponds
exactly to MSO on the class of trees obtained from relational structures by the
operation of iteration.
292 Dietmar Berwanger and Achim Blumensath

Definition 16.16. Let A = (A, R0 , . . . ) be a τ -structure. The iteration of A

is the structure A∗ := (A∗ , son, cl, R0∗ , . . . ) of signature τ ∗ := τ ∪· {son, cl} where

son := { (w, wa) | w ∈ A∗ , a ∈ A },

cl := { waa | w ∈ A∗ , a ∈ A },
Ri∗ := { (wa0 , . . . , war ) | w ∈ A∗ , ā ∈ Ri }.

For simplicity we will use a variant of monadic second-order logic where all
first-order variables are eliminated. That is, formulae are constructed from atoms
of the form X ⊆ Y and RX0 . . . Xr by boolean operations and set quantification.
Using slightly non-standard semantics we say that RX̄ holds if ā ∈ R for some
elements ai ∈ Xi . Note that we do not require the Xi to be singletons. Obviously,
each MSO-formula can be brought into this form.

Example 16.17. The iteration G∗ := (V ∗ , son, cl, E ∗ ) of a graph G = (V, E)

consists of all finite sequences w ∈ V ∗ of vertices. We will construct an MSO-
definition of those sequences which are paths in the original graph G. A word
w ∈ V ∗ is a path in G if for all prefixes of the form uab with u ∈ V ∗ and a, b ∈ V
there is an edge (a, b) ∈ E. The prefix relation  is MSO-definable being the
transitive closure of the son relation. Given a prefix y := uab the word z := uaa
can be obtained using the clone relation as follows:


ψ(y, z) := ∃u son(u, y) ∧ son(u, z) ∧ cl(z) .

Thus, the set of paths in G can be defined by

ϕ(x) := ∀y∀z(y  x ∧ ψ(y, z) → E ∗ yz).

In order to evaluate MSO-formulae over the iteration of some structure we

translate them into automata where the transition function is defined by MSO-
formulae. This is done in such a way that the resulting class of automata is
expressively equivalent to monadic second-order logic.
Definition 16.18. Let A be a structure and fix some n ∈ ω. The function
ϕA : A∗ → B + ([n] × A)

induced by ϕ(C, Q̄) ∈ MSO on A is defined by

 

ϕA (ε) := { (q, b) | b ∈ Sq } S0 , . . . , Sn−1 ⊆ A such that

A |= ϕ(∅, S̄) ,
 

ϕA (wa) := { (q, b) | b ∈ Sq } S0 , . . . , Sn−1 ⊆ A such that

A |= ϕ({a}, S̄) .

Let TAn be the set of all such functions.

 16 The Monadic Theory of Tree-like Structures 293

Definition 16.19. An MSO-automaton is a tuple A = (Q, Σ, δ, qI , Ω) where

Q = [n] for some n ∈ ω and δ : Q × Σ → MSO. A accepts a Σ-labelled
structure A∗ if the automaton AA := (Q, Σ, A, δA , qI , Ω) does so, where δ :
Q × Σ → TAn is defined by δA (q, c) := δ(q, c)A .

In order to translate formulae into automata, the latter must be closed under
all operations available in the respective logic.
Proposition 16.20. MSO-automata are closed under boolean operations and
projection.

Proof. By Theorem 16.15 it is sufficient to show closure under or, and, dual,
shift, and collection. To do so we will frequently need to convert between inter-
pretations I ⊆ Q × A of boolean formulae ϕA (w) ∈ B + (Q × A) and sets Q̄
such that A |= ϕ(C, Q̄). Given I ⊆ Q × A define

Qi (I) := { a ∈ A | (qi , a) ∈ I }

for i < n, and given Q0 , . . . , Qn−1 ⊆ A define

I(Q̄) := { (qi , a) | a ∈ Qi , i < n }.

Note that I(Q̄(I)) = I and Qi (I(Q̄)) = Qi . Then

I |= ϕA (w) iff A |= ϕ(C, Q̄(I))

and vice versa. (Here and below C denotes the set consisting of the last element
of w.)
(or) For the disjunction of two MSO-definable functions we can simply take
the disjunction of their definitions since

I |= ϕ0 A (w) ∨ ϕ1 A (w)

iff I |= ϕi A (w) for some i
iff A |= ϕi (C, Q̄(I)) for some i
iff A |= ϕ0 (C, Q̄(I)) ∨ ϕ1 (C, Q̄(I))
iff I |= ϕ0 ∨ ϕ1 A (w).

(dual) The definition of the dual operation is slightly more involved.

I |= ϕA (w)
iff Q × A \ I |= ϕA (w)
iff J |= ϕA (w) implies J ∩ I = ∅
iff A |= ϕ(C, P̄ ) implies Pi ∩ Qi (I) = ∅ for some i

 
iff A |= ∀P̄ ϕ(C, P̄ ) → i<n Pi ∩ Qi = ∅

(and) follows from (or) and (dual).

294 Dietmar Berwanger and Achim Blumensath

(shift) For a shift we simply need to renumber the states. If the pair (qi , qk )
is encoded as number ni + k we obtain

ϕ(C, Qni+0 , . . . , Qni+n−1 ).

(collection) The collection of a formula can be defined the following way:

I |= collect ϕA (w)

iff there are QS ⊆ QS (I) such that Q̄ partitions A and A |= ϕ(C, P̄ )
where a ∈ Pi : iff i ∈ S for the unique S ⊆ [n] with a ∈ QS
iff there are Q̄ partitioning A such that A |= ϕ(C, P̄ ) where

Pi := S:i∈S QS

iff A |= ϕ(C, P̄ ) for some Pi ⊆ S:i∈S QS with
Pi ∩ QS = ∅ for all S with i ∈
/S

    
iff A |= ∃P̄ ϕ(C, P̄ ) ∧ i<n Pi ⊆ S:i∈S QS ∧ S⊆[n] i∈S
/ Pi ∩ QS = ∅ .


Using the preceding proposition we can state the equivalence result. We

say that an automaton A is equivalent to an MSO-formula ϕ(X0 , . . . , Xm−1 )

P
if L(A) consists of those structures whose labelling encode sets Ū such that
ϕ(Ū ) holds. The encoding of Ū is the ([m])-labelled tree T such that

T (w) = { i ∈ [m] | w ∈ Xi }

for all w ∈ {0, 1}∗.

Theorem 16.21. For every formula ϕ ∈ MSO there is an equivalent MSO-au-

tomaton and vice versa.

P
Proof. (⇒) By induction on ϕ(X̄) we construct an equivalent MSO-automaton
A := (Q, ([m]), δ, q0 , Ω). Since or corresponds to union, negation to comple-
ment, and existential quantifiers to projection, and MSO-automata are closed
under all of those operations we only need to construct automata for atomic
formulae.
(Xi ⊆ Xj ) We have to check for every element w of the input tree T that
i∈/ T (w) or j ∈ T (w). Thus, we set Q := {q0 } with Ω(q0 ) := 0 and define the
transition function such that

a∈A (q0 , a) if i ∈
/ c or j ∈ c,
δA (q0 , c, w) =
false otherwise.

for each input structure A∗ . This can be done by setting


∀xQ0 x if i ∈
/ c or j ∈ c,
δ(q0 , c) :=
false otherwise.
 16 The Monadic Theory of Tree-like Structures 295

(R∗ (Xi1 , . . . , Xik )) Set Q := {q0 , . . . , qk } and Ω(qi ) := 1. The automaton

guesses a node in the input tree while in state q0 and checks whether its children
are in the relation R. That is,
 
δA (q0 , c, w) = (q0 , a) ∨ { (q1 , a1 ) ∧ · · · ∧ (qk , ak ) | ā ∈ RA },
a∈A

true if j ∈ c,
δA (qj , c, w) = for 1 ≤ j ≤ k.
false otherwise,

The corresponding MSO-definition is

δ(q0 , c) := ∃xQ0 x ∨ ∃x̄(Rx̄ ∧ Q1 x1 ∧ · · · ∧ Qk xk ),


true if ij ∈ c,
δ(qj , c) = for 1 ≤ j ≤ k.
false otherwise,

(son(Xi , Xj )) Let Q := {q0 , q1 } and Ω(qi ) := 1. We guess some element

w ∈ Xi having a successor in Xj .

(q0 , a) if i ∈
/ c,
δA (q0 , c, w) = a∈A

a∈A (q0 , a) ∨ (q1 , a) otherwise,

true if j ∈ c,
δA (q1 , c, w) =
false otherwise.

The corresponding MSO-definition is


∃xQ0 x if i ∈
/ c,
δ(q0 , c) :=
∃x(Q0 x ∨ Q1 x) otherwise,

true if j ∈ c,
δ(q1 , c) :=
false otherwise.

(cl(Xi )) Let Q := {q0 , q1 } and Ω(qi ) := 1. We guess some element wa such

that its successor waa is in Xi .

(q0 , a) if w = ε,
δA (q0 , c, w) = a∈A
(q
a∈A 0 , a) ∨ (q 1 , b) if w = w b,

true if i ∈ c,
δA (q1 , c, w) =
false otherwise.

The corresponding MSO-definition is

δ(q0 , c) := ∃xQ0 x ∨ ∃x(Cx ∧ Q1 x),


true if i ∈ c,
δ(q1 , c) :=
false otherwise.
296 Dietmar Berwanger and Achim Blumensath

Note that this is the only place where the transition function actually depends
on the current vertex.
(⇐) Let A = (Q, Σ, δ, 0, Ω) be an MSO-automaton and fix an input struc-
ture A∗ . W.l.o.g. assume that A is non-deterministic. A∗ is accepted by A if
there is an accepting run 1 : A∗ → Q of A on A∗ . This can be expressed by an
MSO-formula ϕ(X̄) in the following way: we quantify existentially over tuples Q̄
encoding 1 (i.e., Qi = 1−1 (i)), and then check that at each position w ∈ A∗
a valid transition is used and that each path in 1 is accepting. 


Before proceeding to the proof of Muchnik’s Theorem let us take a look at

the case of empty signature. A structure with empty signature is simply a set A.
Its iteration is the tree (A∗ , son, cl). The clone relation is not very useful in this
case, so we drop it. Hence, the transition formulae of MSO-automata do not
depend on C and the following lemma implies that we can restrict our attention
to MSO-automata with monotone formulae.
Lemma 16.22. For every MSO-automaton there is an equivalent one where the
formulae ϕ(C, Q̄) := δ(q, c) are monotone in Q0 , . . . , Qn−1 .

Proof. Suppose that ϕ(C, Q̄) is not monotone. We can replace it by

 
ϕ (C, Q̄) := ∃P̄ Pi ⊆ Qi ∧ ϕ(C, P̄ ) .
i<n

ϕ is obviously monotone. Further it is easy to see that the automaton obtained

in this way is equivalent to the original one by constructing an accepting run of
the former from one of the latter and vice versa. 


Let z be a first-order variable and X0 , . . . , Xn−1 set variables. A type of z over X̄

is a formula of the form
 
τ (z; X̄) := Xi z ∧ ¬Xi z
i∈S i∈S
/

for some S ⊆ [n]. Further, define


diff(x̄) := xi = xk .
i<k

The next lemma provides a normalform for MSO-automata over the empty sig-
nature.
Lemma 16.23. Every monotone MSO-formula ϕ(X̄) over the empty signature
is equivalent to a disjunction of FO-formulae of the form
  
∃ȳ diff(ȳ) ∧ ϑi (yi ) ∧ ∀z diff(ȳ, z) → ϑ (z)
i<n i<m

where the ϑi and ϑi are the positive part of some type.
 16 The Monadic Theory of Tree-like Structures 297

Proof. Using Ehrenfeucht-Fraı̈ssé games it is easy to show that two structures

are n-equivalent, i.e., indistinguishable by formulae of quantifier rank at most n,
if, for every type τ (z; X̄), the number of elements satisfying τ are equal or both
are greater than n. Thus, every first-order formula ϕ(X̄) with n-quantifiers is
equivalent to a disjunction of formulae of the form
  
∃ȳ diff(ȳ) ∧ τi (yi ) ∧ ∀z diff(ȳ, z) → τ  (z)
i<n i<m

each of which defines one of those n-equivalence classes where ϕ holds. If ϕ(X̄) is
monotone we can drop all negative atoms of the τi , τi .
Analogously, one can show the claim also for MSO-formulae
Q0 Y0 · · · Qn−1 Yn−1 ϕ(X̄, Ȳ )
with ϕ ∈ FO, since the effect of set quantifiers amounts to splitting each type
into two. 


16.4 Muchnik’s Theorem

We are now ready to prove the main result of this chapter.
Theorem 16.24 (Muchnik). For every sentence ϕ ∈ MSO one can effectively
construct a sentence ϕ̂ ∈ MSO such that
A |= ϕ̂ iff A∗ |= ϕ
for all structures A.
Corollary 16.25. Let A be a structure. MSO model-checking is decidable for A
if and only if it is so for A∗ .
Before giving the proof let us demonstrate how Rabin’s Tree Theorem follows
from Muchnik’s Theorem.
Example 16.26. Consider the structure A with universe {0, 1} and two unary
predicates L = {0} and R = {1}. MSO model-checking for A is decidable since
A is finite. According to Muchnik’s Theorem, model-checking is also decidable
for A∗ . A∗ is similar to the binary tree. The universe is {0, 1}∗, and the relations
are
L∗ = { w0 | w ∈ {0, 1}∗ },
R∗ = { w1 | w ∈ {0, 1}∗ },
son = { (w, wa) | a ∈ {0, 1}, w ∈ {0, 1}∗ },
cl = { waa | a ∈ {0, 1}, w ∈ {0, 1}∗ }.
In order to prove that model-checking for the binary tree is decidable it is suffi-
cient to define its relations in A∗ :
S0 xy := son(x, y) ∧ L∗ y, S1 xy := son(x, y) ∧ R∗ y.
298 Dietmar Berwanger and Achim Blumensath

Similarly the decidability of SωS can be obtained directly without the need to
interpret the infinitely branching tree into the binary one.
Example 16.27. Let A := (ω, ≤). The iteration A∗ has universe ω∗ and relations
≤∗ = { (wa, wb) | a ≤ b, w ∈ ω ∗ },
son = { (w, wa) | a ∈ ω, w ∈ ω ∗ },
cl = { waa | a ∈ ω, w ∈ ω ∗ }.

The proof of Muchnik’s Theorem is split into several steps. First, let A =
(Q, Σ, δ, qI , Ω) be the MSO-automaton equivalent to ϕ. W.l.o.g. assume that
Ω(i) = i for all i ∈ Q = [n]. Note that the input alphabet Σ = {∅} of A is
unary since ϕ is a sentence. We construct a formula ϕ̂ stating that player 0 has
a winning strategy in the game Ǧ(A, A). Hence,

A |= ϕ̂ iff A∗ ∈ L(A) iff A∗ |= ϕ.
A µ-calculus formula defining the winning set is given in Example 10.8 of Chap-
ter 10. Translated into monadic fixed point logic it looks like

LFPZn ,x · · · GFPZ1 ,x ηi (x, Z̄)
i≤n
with

ηi := Si x ∧ [V0 x → ∃y(Exy ∧ Zi y)] ∧ [V1 x → ∀y(Exy → Zi y)].

The game structure. In order to evaluate the above formula we need to embed
Ǧ(A, A) in the structure A. First, we reduce the second component of a position
(X, w) from w ∈ A∗ to a single symbol a ∈ A. Let G  (A, A) be the game obtained
from Ǧ(A, A∗ ) by identifying all nodes of the form (q, wa) and (q, w a), i.e.:
(a) Let V0 := Q × A. The vertices of player 0 are V0 ∪ {(q0 , ε)}, those of
P
player 1 are V1 := (Q × A).
(b) The initial position is  (q0 , ε).
(c) Let δ(q, ∅)A (a) = i Φi for a ∈ A∪{ε}. The node (q, a) ∈ V0 has the
successors Φi for all i. Nodes Φ ∈ V1 have their members (q, a) ∈ Φ as successors.
(d) A play (q0 , a0 ), Φ0 , (q1 , a1 ), Φ1 , . . . is winning if the sequence (qi )i<ω sat-
isfies the parity condition Ω.

Lemma 16.28. Player 0 has a winning strategy from the vertex (q, wa) in the
game Ǧ(A, A∗ ) if and only if he has one from the vertex (q, a) in the game
G  (A, A).

Proof. The unravelings of Ǧ(A, A∗ ) and G  (A, A) from the respective vertices are
isomorphic. 


In the second step we encode the game G  (A, A) as the structure


G(A, A) := V0 ∪ V1 , E, eq2 , V0 , V1 , (Sq )q∈Q , R0 , . . .
 16 The Monadic Theory of Tree-like Structures 299

where (V0 , V1 , E) is the graph of the game,

eq2 (q, a)(q  , a ) : iff a = a ,

Sq (q  , a) : iff q = q  ,
Ri (q0 , a0 ) . . . (qr , ar ) : iff (a0 , . . . , ar ) ∈ RiA .

Note that these relations only contain elements of V0 . Let G(A, A)|V0 denote the
restriction of G(A, A) to V0 .
Finally, we can embed G(A, A)|V0 in A via an interpretation.
Definition 16.29. Let A = (A, R0 , . . . , Rr ) and B be structures. An interpre-
tation of A in B is a sequence
 
I := k, (ϑR
ı̄ )R,ı̄

where, given R of arity r, the indices ı̄ range over [k]r , such that

(i) A∼= B × [k],


 
= (a1 , i1 ), . . . , (ar , ir ) B |= ϑı̄ j (ā) .
Rj ∼
R
(ii)

The use of interpretations is made possible by the following property.

Lemma 16.30. Let I be an interpretation and ϕ ∈ MSO. There is a formula ϕI
such that

I(A) |= ϕ iff A |= ϕI
for every structure A.
To construct ϕI one simply replaces each relation in ϕ by its definition.
Lemma 16.31. There is an interpretation I with G(A, A)|V0 = I(A) for all
structures A.
Proof. Let I be defined by
eq
ϑik 2 (X, Y ) := X = Y,

Si true if i = k,
ϑk (X) :=
false otherwise,

RX̄ if k0 = · · · = kr ,
ϑR i
(X̄) :=
k̄
false otherwise. 

In order to speak about all of G(A, A) in its restriction to V0 we treat elements
P
Φ ∈ V1 = (V0 ) as sets Φ ⊆ V0 . All we have to do is to define the edge relation.
We split E into three parts

E0 ⊆ V0 × V1 , E1 ⊆ V1 × V0 , and E2 ⊆ {(q0 , ε)} × V1

which we have to define separately by formulae ε0 (x, Y ), ε1 (X, y), and ε2 (Y ).

300 Dietmar Berwanger and Achim Blumensath

Lemma 16.32. There are formulae ε0 (x, Y ), ε1 (X, y), and ε2 (Y ) defining the
edge relations E0 , E1 and E2 respectively.


Proof. Since Φ, (q, a) ∈ E1 iff (q, a) ∈ Φ we set
ε1 (Y, x) := Y x.
The definition of ε0 is more involved. Let δq (C, Q̄) := δ(q, ∅)A . We have
((q, a), Φ) ∈ E0 iff A |= δq ({a}, Q̄)
where Qi := { b | (i, b) ∈ Φ }. In order to evaluate δq we need to define A in-
side G(A, A). Since the latter consists of |Q| copies of A with universes (Sq )q∈Q ,
we pick one such copy and relativise δq to it. For simplicity we choose Sq corre-
sponding to the first component of (q, a).


((q, a), Φ) ∈ E0 iff G(A, A)|V0 |= δqSq {(q, a)}, Q̄
where Qi := { (q, b) | (i, b) ∈ Φ }. This condition can be written as

G(A, A)|V0 |= ∃C∃Q̄ δqSq (C, Q̄) ∧ C = {(q, a)}
 
∧ Qi = { (q, b) | (i, b) ∈ Φ } .
i∈Q
Thus, we define


ε0 (x, Y ) := Sq x ∧ εq0 (x, Y )
q∈Q
where
 
εq0 (x, Y ) := ∃C∃Q̄ δqSq (C, Q̄) ∧ C = {x} ∧ Qi = { (q, b) | (i, b) ∈ Y } .
i∈Q

Obviously, Qi = { (q, b) | (i, b) ∈ Y } can be expressed by an MSO-formula

using eq2 .
In the same way we define
 
Sq
ε2 (Y ) := ∃Q̄ δq0 0 (∅, Q̄) ∧ Qi = { (q0 , b) | (i, b) ∈ Y } .
i∈Q 


The winning set. It remains to evaluate the formula


LFPZ1 ,x · · · GFPZn ,x ηi (x, Z̄)
i≤n
with
ηi := Si x ∧ [V0 x → ∃y(Exy ∧ Zi y)] ∧ [V1 x → ∀y(Exy → Zi y)]
which defines the winning set in the original game graph G  (A, A). Since in the
given game the nodes of V0 and V1 are strictly alternating, we remain in V0 if
we take two steps each time.


ηi := Si x ∧ V0 x ∧ ∃y V1 x ∧ Exy ∧ ∀z(Eyz → Zi z)
 16 The Monadic Theory of Tree-like Structures 301

It is easy to prove the following result:

Lemma 16.33. The formulae
 
GFPZ1 ,x i≤n ηi and GFPZ1 ,x i≤n ηi
define the same subset of V0 in G(A, A) for each assignment of the free variables.
Finally, interpreting elements of V1 by subsets of V0 , as explained above, we
obtain


ηi := Si x ∧ V0 x ∧ ∃Y Y ⊆ V0 ∧ ε0 (x, Y ) ∧ ∀z(ε1 (Y, z) → Zi z)
Again, the equivalence of ηi and ηi is checked easily. Thus, we can state that
player 0 has a winning strategy in G  (A, A) from position (q0 , ε) by

 
ϕ̂ := ∃Y ε2 (Y ) ∧ ∀x ε0 (Y, x) → LFPZ1 ,x · · · GFPZn ,x i≤n ηi .
This concludes the proof of Theorem 16.24.
We end this chapter with an application of Muchnik’s Theorem to algebraic
trees. Trees are represented as structures T = (T, (Ea )a∈Σ , (Pc )c∈Γ ) where Σ is
a finite alphabet, T ⊆ Σ ∗ , Pc ⊆ T are unary predicates, and the edge relations
are
Ea := { (w, wa) | w ∈ T }.
Such a tree is called algebraic if the set
{ wc ∈ Σ ∗ Γ | w ∈ T, w ∈ Pc } ⊆ Σ ∗ Γ
is a deterministic context-free language.
Algebraic trees can be obtained using a variant of iterations. The unraveling
of a graph G = (V, (Ea )a∈Σ , (Pc )c∈Γ ) is the tree G := (T, (E a )a∈Σ , (Pc )c∈Γ )
where T consists of all paths of G and the relations are defined by
a := { wuv ∈ T | (u, v) ∈ Ea , w ∈ V ∗ },
E
Pc := { wv ∈ T | v ∈ Pc , w ∈ V ∗ }.
We have already seen that the set T of paths is definable in the iteration of a
graph. Obviously, the predicates Ea and Pc are also definable. Thus, the unrav-
eling of a graph can be interpreted in its iteration.
The following characterisation of algebraic trees was given by Courcelle [41,
42].
Proposition 16.34. Every algebraic tree is the unraveling of an HR-equational
graph.
We omit the definition of HR-equational graphs. Their only property that is
important in this context is that MSO-model-checking is decidable for them.
Thus, we obtain the following result:
Theorem 16.35. MSO-model-checking is decidable for algebraic trees.
17 Two-Way Tree Automata Solving
Pushdown Games

Thierry Cachat

Lehrstuhl für Informatik VII

RWTH Aachen

17.1 Introduction
Parity games (where the winner is determined by the parity of the maximal
priority appearing infinitely often) were presented in Chapter 2 and algorithms
solving parity games for the case of finite graphs in Chapter 7. In this paper we
study parity games on a simple class of infinite graphs: the pushdown (transition)
graphs. In [106], Kupferman and Vardi have given a very powerful method for the
µ-calculus model checking of these graphs: the formalism of two-way alternating
tree automata. This is a generalization of the (one-way) tree automata presented
in Chapters 8 and 9.
The transition graph of the pushdown automaton defines the arena: the graph
of the play and the partition of the vertex set needed to specify the parity winning
condition. We know from Chapter 6 that such games are determined and that
each of both players has a memoryless winning strategy on his winning region.
The aim of this paper is to show how to compute effectively the winning region
of Player 0 and a memoryless winning strategy. The idea of [106] is to simulate
the pushdown system in the full W -tree, where W is a finite set of directions,
and to use the expressive power of alternating two-way tree automata to answer
these questions. Finally it is necessary to translate the 2-way tree automaton into
an equivalent nondeterministic one-way tree automaton, with the construction
from [190].
In the next section we define two-way alternating automata and the effective
construction from [190] of equivalent one-way nondeterministic automata. In
Section 17.3 we apply these results to solve parity games over pushdown graphs
and to compute winning strategies. Section 17.4 presents an example. Some
extensions and modifications are discussed in Section 17.5.

17.2 Reduction 2-way to 1-way

The formalism of alternating two-way parity tree automata is very “power-
ful”, but we cannot handle directly these automata to answer our questions
of nonemptiness (for the winning region) and strategy synthesis. We need the
reduction presented in this section, which constructs step by step a one-way
nondeterministic tree automaton that is equivalent to a given two-way alternat-
ing automaton A, in the sense that they accept the same set of trees (finite or
infinite).

E. Grädel et al. (Eds.): Automata, Logics, and Infinite Games, LNCS 2500, pp. 303-317, 2002.
 Springer-Verlag Berlin Heidelberg 2002
304 Thierry Cachat

17.2.1 Definition of Two-Way Automata

Given a finite set W of directions, a W -tree is a prefix closed set T ⊆ W ∗ ,

i.e., if x.d ∈ T , where x ∈ W ∗ and d ∈ W , then also x ∈ T . We will sometimes
forget the “.” of the concatenation. The elements of T are called nodes, the
empty word  is the root of T . For every x.d ∈ T, d ∈ W the node x is the
unique parent of x.d, and x.d is a child of x. The direction of a node x.d
(= ) is d. The full infinite tree is T = W ∗ . A path (branch) of a tree T is
a sequence β ∈ T ∞ such that β = u0 u1 · · · un or β = u0 u1 u2 · · · , u0 =  and
∀i < n, ∃d ∈ W, ui+1 = ui .d. A path can be finite or infinite.
Given two finite alphabets W and Σ, a Σ-labeled W -tree is a pair T, l
where T is a W -tree and l : T −→ Σ maps each node of T to a letter in Σ. When
W and Σ are not important or clear from the context, we call T, l a labeled
tree.
We recall that for a finite set X, B + (X) is the set of positive Boolean formulas
over X (i.e., Boolean formulas built from elements in X using only ∧ and ∨),
where we also allow the formulas true and false . For a set Y ⊆ X and a
formula θ ∈ B + (X), we say that Y satisfies θ iff assigning true to elements in
Y and false to elements in X\Y makes θ true.
To navigate through the tree let ext(W ) := W ∪· {, ↑} be the extension of
W : The symbol ↑ means “go to parent node” and  means “stay on the present
node”. To simplify the notation we define ∀u ∈ W ∗ , d ∈ W, u. = u and ud↑= u.
The node ↑ is not defined.
An alternating two-way automaton over Σ-labeled W -trees is a tuple
A := (Q, Σ, δ, qI , Acc) where

Q is a finite set of states,

Σ is the input alphabet,
δ : Q × Σ −→ B + (ext(W ) × Q) is the transition function,
qI is the initial state, and
Acc is the acceptance condition.

x q’

q
xA xA

xAB q’’

Fig. 17.1. Example of a transition δ(q, A) = (↑, q
) ∧ (B, q

), with the convention that
the label is equal to the last letter of the node
 17 Two-Way Tree Automata Solving Pushdown Games 305

The idea of a transition δ(q, l1 ) = (↑, q  )∧(d, q  ) is the following: if the automaton
A is in state q on the node x of the labeled tree T, l and reads the input
l1 = l(x), it will send a “copy” of A in state q  to the parent node of x and
another copy in state q  to xd. See Figure 17.1. After that the two copies are
running independently. They may come again to the same node with two different
states.
More precisely a run of an alternating two-way automaton A over a labeled
tree W ∗ , l is another labeled tree Tr , r in which every node is labeled by an
element of W ∗ × Q. The latter tree is like the unfolding of the run, its structure
is quite different from W ∗ . A node in Tr , labeled by (x, q), describes a “copy”
of the automaton that is in state q and is situated at the node x of W ∗ . Note
that many nodes of Tr can correspond to the same node of W ∗ , because the
automaton can come back to a previously visited node. The label of a node
and its successors have to satisfy the transition function. Formally, a run Tr , r
is a Σr -labeled Γ -tree, for some (almost arbitrary) set Γ of directions, where
Σr := W ∗ × Q and Tr , r satisfies the following conditions:

(a)  ∈ Tr and r() = (, qI )

(b) Consider y ∈ Tr with r(y) = (x, q) and δ(q, l(x)) = θ. Then there is a
(possibly empty) set Y ⊆ ext(W ) × Q, such that Y satisfies θ, and for all
d, q  ∈ Y , there is γ ∈ Γ such that y.γ ∈ Tr and the following holds:
r(y.γ) = (x.d, q  ).

Remember that x.d can be x. or x.↑, and the latter is defined only if x = . So
the run cannot go up from the root of the input tree. Note that it cannot use a
transition δ(q, l(x)) = false since the formula false cannot be satisfied.
A run Tr , r is accepting if all its infinite paths satisfy the acceptance con-
dition Acc (the finite paths of a run end with a transition θ = true , which is
viewed as successful termination). We consider here only parity acceptance con-
ditions (see previous chapters): Acc is given by a priority function Ω : Q −→ [m].
An infinite path β ∈ Tr ω satisfies the acceptance condition iff the smallest prior-
ity appearing infinitely often in this path is even: min Inf(Ω(r(β))) is even. Such
a path in the run consists of following only one “copy” of the automaton. An
automaton accepts a labeled tree if and only if there exists a run that accepts it.
The tree language accepted by an automaton A is denoted L(A). Two automata
are equivalent if they accept the same tree language.

The automaton A = (Q, Σ, δ, qI , Ω) and the input tree T, l are now fixed
for the rest of the Section 17.2. In the next subsections we will study how the
automaton A can accept the given tree. The strategy for A will give information
about the transitions used by A (because A is not deterministic). Then the
annotation will store the priorities seen during the detours of A. With all these
auxiliary tools, it is possible to construct a one-way tree automaton that checks
whether A accepts a tree.
306 Thierry Cachat

17.2.2 Strategy
In the same way as in Chapters 6, 4 and 8 of this book, A itself (as an alternating
automaton) is equivalent to a two-player parity game. The initial configuration
of this game is (, qI ) (= r()). From a configuration (x, q), x ∈ T, q ∈ Q, Player
0 chooses a set Y ⊆ ext(W ) × Q that satisfies δ(q, l(x)), then Player 1 chooses
d, q  ∈ Y , the new configuration is (x.d, q  ) and so on. If x.d is not defined or
δ(q, l(x)) = false then Player 1 wins immediately. If Y is empty (δ(q, l(x)) =
true ) then Player 0 wins immediately. If the play is infinite, then Player 0 wins
iff the parity condition is satisfied. So Player 0 is trying to show that A accepts
the input tree, and Player 1 is trying to challenge that.
Player 0 has a memoryless winning strategy iff A has an accepting run (see
Chapter 6). In other words, if A has an accepting run, then it has an accepting
run using a memoryless winning strategy: choosing always the same “transitions”
from the same node and state. We decompose the run of A using this strategy.
Definition 17.1. A strategy for A and a given tree is a mapping
τ : W ∗ −→ P (Q × ext(W ) × Q).
Intuitively (q, d, q  ) ∈ τ (x) means that if A is in state q on the node x, it has to
send a copy in state q  to node xd. It is memoryless because it depends only on
x. Note that the strategy does not read the labels, but it is defined for a fixed
tree T, l . See an example on Figure 17.2.

q1 q3 {(q1,A,q2),(q3,B,q4)}

^
{(q2,|,q3),
q2 q4
(q2,B,q5)}

q5

Fig. 17.2. Part of a run and the corresponding strategy

In this subsection we want to verify with a one-way automaton some simple

conditions on the strategy τ of an alternating two way tree automaton A. The
first condition for a strategy to be correct (at node x) is to satisfy the transition
of A. The second condition is that the strategy can be followed: if (q, d, q  ) ∈ τ (x)
then the strategy τ (xd) has to be defined in xd for the state q  , such that the
run can continue. Formally, both conditions are:
∀x ∈ W ∗ , ∀(q, d, q  ) ∈ τ (x) :
{ (d2 , q2 ) | (q, d2 , q2 ) ∈ τ (x) } satisfies δ(q, l(x)), and (17.1)
 
∃d1 , q1 , (q , d1 , q1 ) ∈ τ (xd) or ∅ satisfies δ(q , l(xd)), (17.2)
 17 Two-Way Tree Automata Solving Pushdown Games 307

and for the root:

∃d1 , q1 , (qI , d1 , q1 ) ∈ τ () or ∅ satisfies δ(qI , l()). (17.3)

Considering St := P
(Q × ext(W ) × Q) as an alphabet, a (St × Σ)-labeled
tree defines a memoryless strategy on the corresponding Σ-labeled tree. We
will construct a one-way automaton B that checks that this strategy is correct
according to the previous requirements. For (q, d, q  ) ∈ τ (x), if d ∈ W it has just
to check in the direction d downwards that the strategy is well defined for q  ,
but if d =↑, he must have remembered that the strategy was defined for q  in the
P P
parent-node. The states of B are pairs Q1 , Q2 ∈ (Q) × (Q), where q  ∈ Q1
means that B has to check (down) that the strategy can be followed for q  , and
q  ∈ Q2 means that q  is already allowed at the parent node.

P P
B := ( (Q) × (Q), St × Σ, δB , {qI }, ∅ , true ) where (17.4)
δB (Q1 , Q2 , τ1 , l1 ) :=
IF ∀q ∈ Q1 , { (d2 , q2 ) | (q, d2 , q2 ) ∈ τ1 } satisfies δ(q, l1 ), and (17.5)
∀(q  , , q) ∈ τ1 , { (d2 , q2 ) | (q, d2 , q2 ) ∈ τ1 } satisfies δ(q, l1 ), and (17.6)
∀(q, ↑, q  ) ∈ τ1 , q  ∈ Q2 (17.7)

 
THEN d, { q  | ∃ (q, d, q  ) ∈ τ1 }, Q2 (17.8)
d∈W
with Q2 := { q  | ∃ d1 , q1 , (q  , d1 , q1 ) ∈ τ1 or ∅ satisfies δ(q  , l1 ) }, (17.9)
ELSE false . (17.10)

The acceptance condition is easy to enunciate: it just requires that each path of
B is infinite (i.e., the transition is possible at each node). Note that although we
have used the formalism of alternating automata, B is a deterministic one-way
automaton: B sends exactly one copy to each son of the current node. It has 4|Q|
states.
In condition (17.5) there is no requirement on the q ∈ Q1 , that’s why the
condition (17.1) above is stronger. This is not a problem for the following, as we
are searching some winning strategy (one could define the minimal valid strategy
as in [190]). If A follows the strategy, its run is “deterministic” on the input tree
labeled by St × Σ.
A path β in a strategy (tree) τ is a sequence (u0 , q0 ), (u1 , q1 ), (u2 , q2 ), · · ·
of pairs from W ∗ × Q such that (u0 , q0 ) = (, qI ) and for all i > 0, there is
some ci ∈ ext(W ) such that (qi , ci , qi+1 ) ∈ τ (ui ) and ui+1 = ui ci . Thus, β just
follows (nondeterministically) the “transitions” of τ . The parity condition for β
is defined exactly the same way as for a path of (a run of) A. We say that τ is
accepting if all infinite paths in τ are accepting.
Proposition 17.2. A two-way alternating parity automaton accepts an input
tree iff it has an accepting strategy tree over the input tree.
With the help of a so called annotation, we will check in the following subsections
whether a strategy is accepting.
308 Thierry Cachat

17.2.3 Annotation

The previous automaton B just checks that the strategy can be followed (ad
infinitum) but forgets the priorities of A. To check the acceptance condition, it
is necessary to follow each path of A up and down, and remember the priorities
appearing. Such a path can be decomposed into a downwards path and several
finite detours from the path, that come back to their origin (in a loop). Because
each node has a unique parent and A starts at the root, we consider only down-
wards detour (each move ↑ is in a detour). That is to say, if a node is visited
more than once by a run β, we know that the first time it was visited, the run
came from above. To keep track of these finite detours, we use the following
annotation.
Definition 17.3. An annotation for A and a given tree is a mapping

η : W ∗ −→ P (Q × [m] × Q). (17.11)

q1 q3 {(q1,2,q3)}

q2 q4

Fig. 17.3. Part of a run and the corresponding annotation, assuming that Ω(q2 ) =
2, Ω(q3 ) = 3

Intuitively (q, f, q  ) ∈ η(x) means that from node x and state q there is a
detour that comes back to x with state q  and the smallest priority seen along
this detour is f . Figure 17.3 presents an example. By definition, the following
conditions are required for the annotation η of a given strategy τ :

∀ q, q  ∈ Q, x ∈ W ∗ , d ∈ W, f, f  ∈ [m] :
(q, , q  ) ∈ τ (x) ⇒ (q, Ω(q  ), q  ) ∈ η(x), (17.12)
 
(q1 , f, q2 ) ∈ η(x), (q2 , f , q3 ) ∈ η(x) ⇒ (q1 , min(f, f ), q3 ) ∈ η(x), (17.13)
(q, d, q1 ) ∈ τ (x), (q1 , ↑, q  ) ∈ τ (xd) ⇒ (q, min(Ω(q1 ), Ω(q  )), q  ) ∈ η(x),
(17.14)
(q, d, q1 ) ∈ τ (x), (q1 , f, q2 ) ∈ η(xd), (q2 , ↑, q  ) ∈ τ (xd)
⇒ (q, min(Ω(q1 ), f, Ω(q  )), q  ) ∈ η(x). (17.15)

P
Considering An := (Q × [m] × Q) as an alphabet, the aim is to construct a
one-way automaton C on (An×St)-labeled trees that checks that the annotation
satisfies these requirements. The conditions 17.12 and 17.13 above can be checked
in each node (independently) without memory. For the last two, the automaton
 17 Two-Way Tree Automata Solving Pushdown Games 309

has to remember the whole η(x) from the parent node x, and the part of τ (x)
leading to the current node.
C := (An × P (Q × Q), An × St, δ , ∅, ∅ , true ),
C

where
δC (η0 , α , η1 , τ1 ) :=
IF conditions 17.12 and 17.13 hold for η1 and τ1 AND
∀(q, q1 ) ∈ α, (q1 , ↑, q  ) ∈ τ1 ⇒ (q, min(Ω(q1 ), Ω(q  )), q  ) ∈ η0
∀(q, q1 ) ∈ α, (q1 , f, q2 ) ∈ η1 , (q2 , ↑, q  ) ∈ τ1
⇒ (q, min(Ω(q1 ), f, Ω(q  )), q  ) ∈ η0

 
THEN d, η1 , { (q, q1 ) | ∃ (q, d, q1 ) ∈ τ1 }
d∈W
ELSE false .
2 2
Similarly to B, C is a deterministic one-way automaton with 2|Q| m · 2|Q| =
2
2|Q| (m+1) states, and the acceptance condition is very simple: each path has to
be infinite. Note that if a part of the tree is not visited by the original automaton
A, the strategy and annotation can be empty on this part. The automaton C does
not check that the annotation is minimal, but this is not a problem. With the
help of the annotation one can determine if a path of A respects the acceptance
condition or not, as showed in the next subsection.

17.2.4 Parity Acceptance

Up to now the automata B and C together just check that the strategy and
annotation for the run of A are correct, but do not verify that the run of A
is accepting, i.e., that each path is valid. With the help of the annotation we
can “simulate” (follow) a path of A with a one-way automaton, and determine
the parity condition for this path. This one-way automaton does not go into the
detours, but reads the smallest priority appearing in them.
D := (Q × [m], An × St, δD , qI , 0 , Ω0 ),
 
δD (q, i , η1 , τ1 ) := (d, q  , Ω(q  ) ) ∨ (, q  , f ).
(q,d,q
)∈τ 1 ,d∈W (q,f,q
)∈η1

At each step D either goes down following the strategy, or simulates a detour
with an -move and the corresponding priority. The second component ([m])
of the states of D just remembers the last priority seen. We can transform D
into a nondeterministic one-way automaton D without -moves with the same
state space. Note that D can possibly stay forever in the same node by using
-transitions, either in an accepting run or not. This possibility can be checked
by D just by reading the current annotation, with a transition true or false .
We will use D and D to find the invalid paths of the run of A, just by
changing the acceptance condition: Ω0 (q, i ) := i + 1.
310 Thierry Cachat

Proposition 17.4. The one-way tree automaton D accepts a (An × St)-labeled

tree iff the corresponding run of A is not accepting.
But D is not deterministic, and accepts a tree if D has some accepting run.
We can view D as a word automaton: it follows just a branch of the tree. For
this reason it is possible to co-determinize it: determinize and complement it
in a singly exponential construction (see Chapter 8 and 9) to construct the
automaton D that accepts those of the (An × St)-labeled trees that represent
the accepting runs of A.
We will define the product E := B × C × D of the previous automata, that
accepts a (An × St × Σ)-labeled input tree iff the corresponding run of A is
accepting. Let

E := (QB × QC × QD , An × St × Σ, δE , qI,E , Acc),

δE (qB , qC , qD , η1 , τ1 , l1 ) :=
δB (qB , τ1 , l1 ), δC (qC , η1 , τ1 ), δD (qD , η1 , τ1 ) ,

where QB is the state space of B, and so on. The acceptance condition of E is

then exactly the one of D.
We define the automaton E  to be the “projection” of E on the input al-
phabet Σ: E  nondeterministically guesses the labels from An × St. Finally
E  is a nondeterministic one-way tree-automaton on Σ-labeled trees that is
equivalent to A: it accepts the same trees. The strategy and annotation de-
pended on the input tree, now after the projection, E  can search the run
of A for each input tree. The automaton E is deterministic and has (like E  )
2 2
4|Q| · 2|Q| (m+1) · 2c|Q|m = 2|Q| (m+1) · 2|Q|(2+cm) states.
Theorem 17.5 ([190]). To every alternating two-way parity tree automaton A
there exists an equivalent nondeterministic one-way tree automaton E, in the
sense that they recognize the same tree language: L(A) = L(E).
Corollary 17.6 ([190]). The emptiness problem for alternating two-way tree
automata is in Exptime.

17.3 Application: Pushdown Games

We use alternating two-way automata to solve parity games on pushdown graphs.
Thanks to the previous section the results are effective.

17.3.1 Definition of the Game

We first recall the definition of two player parity games. The arena A :=
(V0 , V1 , E) is a graph, composed of two disjoint sets of vertices, V0 and V1 ,
and a set of edges E ⊆ V × V , where V = V0 ∪· V1 . To define a parity game
G := (A, ΩG ) we need a mapping ΩG : V −→ [m], m < ω which assigns a priority
to each vertex. Then the initialized game (G, vI ) is given with an initial vertex
vI ∈ V .
 17 Two-Way Tree Automata Solving Pushdown Games 311

A play of (G, vI ) proceeds as follows:

(a) v0 = vI is the first “current state” of the play,

(b) from state vi , i > 0, if vi ∈ V0 (resp. vi ∈ V1 ) then Player 0 (resp. Player 1)
chooses a successor vi+1 ∈ vi E, which is the new current state.

The play is then the sequence π = v0 v1 · · · ∈ V ∞ . This sequence is maximal: it

is finite only if no more move is possible. We consider min-parity games:

Player 0 wins π iff min Inf(ΩG (π)) is even.

These definitions are essentially the same for finite and infinite arena. We con-
sider now pushdown graphs: (V, E) is the (possibly infinite) transition graph of
a pushdown system, which is an unlabeled pushdown automaton.
Definition 17.7. A pushdown system (PDS) is a tuple Z := (P, W, ∆)
where:

(a) P is a finite set of (control) states,

(b) W is a finite (stack) alphabet,
(c) ∆ ⊆ P × W × P × W ∗ is a finite transition relation.

A stack content is a word from W ∗ . Unlike standard notation we write the top
of the stack at the right of the word (we are considering suffix rewriting as in
Chapter 15). A configuration is a stack content and a control state: (w, p),
shortly wp, where w ∈ W ∗ , p ∈ P . The transition graph of Z is (V, E) where
V = W ∗ P is the whole set of configurations and ∀u, w ∈ W ∗ , ∀a ∈ W, ∀p, p ∈ P

(uap)E(uwp ) ⇔ (p, a, p , w) ∈ ∆.

This defines a vertex labeled graph: each vertex is labeled by his name, the
edges have no label. We use the name pushdown system, like in [61] because
the transitions are not labeled: we are not interested in the language recognized
by the pushdown automaton but in the underlying transition graph. To obtain
a parity game, it remains to define the sets V0 and V1 , associating the vertices
to the two players, and the priorities of the configurations. One fixes a disjoint
union P = P0 ∪· P1 , then V0 = W ∗ P0 and V1 = W ∗ P1 . The mapping ΩG is first
defined on P , then ΩG (wp) = ΩG (p), ∀w ∈ W ∗ and p ∈ P . So the player and the
priority only depend on the control states of Z, like in [196] and [198]. These
restrictions will be discussed later in Section 17.5.1.
The pushdown game is completely defined if we also fix an initial configu-
ration vI ∈ V : vI = wI pI .

17.3.2 Winning Region

We construct an alternating two-way automaton A that determines if Player

0 can win the game (G, vI ), i.e., wins every play, whatever Player 1 does. The
automaton A will simulate the transitions of the pushdown system Z on the full
312 Thierry Cachat

W -tree, guess nondeterministically the best moves of Player 0 and follow each
possible move of Player 1 using alternation.
As an example, the transition (p, a, p , bc) ∈ ∆ from a configuration uap of
the pushdown system can be simulated by a two-way automaton over the full
W -tree from the node ua by the following sequence of moves: ↑, b, c because
ua↑bc = ubc. We have chosen suffix rewriting rather than prefix to conform with
the notation of the tree. The control states of Z are represented in the states of
A.
For our particular application, we simplify the definition of two-way automata
a little. The full W -tree will not be labeled by an input alphabet Σ, and the
automaton will “read” the last letter of the node, almost the same way as a
pushdown automaton (as remarked in [106], another solution is to check that
each label is equal to the last letter of its node).
To simulate with many steps a transition of Z, A has to remember in its
states the letters it has to write (see Figure 17.4). Let

tails(∆) := { u ∈ W ∗ | ∃v, a, p, p (p, a, p , vu) ∈ ∆ ∨ vu = vI },

A := (P × tails(∆), W, δ, pI , vI , Ω),
∀ b, l1 ∈ W, x ∈ W ∗ , p ∈ P :
δA (p, b.x , l1 ) := (b, p, x ), (17.16)

δA (p,  , l1 ) := (↑, p , w ) if p ∈ P0 , (17.17)
(p,l1 ,p
,w)∈∆


δA (p,  , l1 ) := (↑, p , w ) if p ∈ P1 . (17.18)
(p,l1 ,p
,w)∈∆

<q,EB>
x
<q,B>
<p,ε >
xA xE

xEB
<q,ε >

Fig. 17.4. Transition (p, A, q, EB) of the PDS (long arrow) simulated by the two-way
automaton

From a state p, bx (bx =  because b ∈ W ) the automaton goes down

in direction b, that is to say writes b, whatever it reads, and remembers the
(sub)word x it still has to write and the state p of the pushdown system. These
intermediate states just simulate a transition of Z, they do not correspond to
a particular configuration of the game. Only a state p,  on a node w ∈ W ∗
corresponds to a configuration wp of the game. If p ∈ P1 then wp ∈ V1 and A
 17 Two-Way Tree Automata Solving Pushdown Games 313

executes all the possible moves of Player 1, to ensure that Player 0 can win after
each of these moves. But if p ∈ P0 , A chooses nondeterministically a move of
Player 0 and tries to make Player 0 win.
The “winning” condition of A is almost the same as the one of G: Ω(p, x ) =
ΩG (p). The initial state of A causes it to go “deterministically” to the initial
configuration of the game.
Theorem 17.8. Player 0 has a winning strategy in (G, vI ) iff A accepts the full
infinite tree W ∗ .

Proof. By definition, A accepts W ∗ iff there exists an accepting run Tr , r . Each

path in Tr , r describes a play of the game, with the same winning condition. If
each path is accepting, then each play is winning for Player 0, and every possible
answer of Player 1 is in Tr , r . That describes a winning strategy for Player 0.
Conversely a winning strategy for Player 0 determines a tree of all the plays that
follow it, which is an accepting run for A.

These strategies are not necessarily memoryless as presented, but the result of
Chapter 6 holds for both formalisms: there is a memoryless winning strategy if
there is a winning strategy.

17.3.3 Winning Strategy

Once the automaton E of Theorem 17.5 is defined, we know from Chapter 8,

Theorem 8.19, that we can solve the emptiness problem and generate a regular
tree in L(E) if L(E) = ∅. Implicitly in that tree the states of E describe a strategy
for A (Section 17.2.2), i.e., for the game (G, vI ). If we follow a path (branch) of
that tree, E corresponds to a deterministic word automaton F that can output
the moves of Player 0. Finally F defines a memoryless winning strategy for
Player 0 in (G, vI ) under the assumption that L(E) = ∅, i.e., if Player 0 wins the
game.
More precisely F accepts all configurations in the winning region connected
to vI and each final state of F is labeled by a move of player 0, such that the
strategy defined in this way is winning. This result from [106] is stronger (and
more general, see Section 17.5.2) than the result of [196] that prove the existence
of a pushdown strategy. The finite automaton F can easily be simulated with a
pushdown automaton that defines a strategy like in [196].
Since we have considered an initial configuration vI , the previous results do
not define the memoryless winning strategy over the whole winning region of
Player 0, but only over the nodes that can be reached by the play starting from
vI .
314 Thierry Cachat

17.4 Example

We present here a simple example of pushdown game to illustrate the results of

this chapter. Using notations of section 17.3, let

W = {a, ⊥}, P0 = {p0 }, P1 = {p1 , p3 },

∆ = {(p1 , ⊥, p1 , ⊥a), (p1 , a, p1 , aa), (p1 , a, p0 , a), (p0 , a, p0 , ), (p0 , ⊥, p1 , ⊥),
(p0 , ⊥, p3 , ⊥), (p3 , ⊥, p3 , ⊥)},
ΩG (p1 ) = 0, ΩG (p0 ) = ΩG (p3 ) = 1.

The game graph looks as follows:

⊥p1 /0 ⊥p0 /1 ⊥p3 /1

⊥ap1 /0 ⊥ap0 /1

⊥aap1 /0 ⊥aap0 /1

··· ···

We consider the initial position qI = pI , vI = p1 , ⊥ . For the automaton A we

get tails(∆) = {, ⊥, ⊥a, a, aa}. Transitions are

δA (p1 ,  , a) := (↑, p1 , aa ) ∧ (↑, p0 , a ), (Player 1)

δA (p0 ,  , ⊥) := (↑, p3 , ⊥ ) ∨ (↑, p1 , ⊥ ). (Player 0)

As a shortcut we consider

δA (p1 ,  , a) := (, p1 , a ) ∧ (, p0 ,  ),

δA (p0 ,  , ⊥) := (, p3 ,  ) ∨ (, p1 ,  ).

Other transition rules are straightforward. The strategy τ is only relevant at

the node ⊥p0 , where Player 0 has a real choice: he must go to ⊥p1 , otherwise
Player 1 wins. We put

τ (⊥) = {(p0 , , p1 ), (p1 , a, p1 ), (p3 , , p3 )}.

Other values are forced:

∀i > 0, τ (⊥ai ) = {(p1 , a, p1 ), (p1 , , p0 ), (p0 , ↑, p0 )}.

 17 Two-Way Tree Automata Solving Pushdown Games 315

Following the rules for the annotation we get for all i ≥ 0:

(p0 , , p1 ) ∈ τ (⊥) ⇒ (p0 , 0, p1 ) ∈ η(⊥) cf 17.12

(p1 , , p0 ) ∈ τ (⊥a i+1
) ⇒ (p1 , 1, p0 ) ∈ η(⊥a i+1
) cf 17.12
(p1 , a, p1 ) ∈ τ (⊥a ), (p1 , 1, p0 ) ∈ η(⊥a
i i+1
), (p0 , ↑, p0 ) ∈ τ (⊥a i+1
)
⇒ (p1 , min(0, 1, 1), p0 ) ∈ η(⊥a ) ⇒ (p1 , 0, p0 ) ∈ η(⊥a )
i i
cf 17.15
(p1 , 0, p0 ) ∈ η(⊥), (p0 , 0, p1 ) ∈ η(⊥)
⇒ (p0 , 0, p0 ) ∈ η(⊥), (p1 , 0, p1 ) ∈ η(⊥) cf 17.13

Now we can see that D can not find an accepting path, i.e., a winning path for
Player 1. Player 0 win the game from qI , provided he never moves to the vertex
⊥p3 . Unlike finite graphs, we can have here arbitrary long paths with (minimal)
priority 1, but no infinite path winning for Player 1.
Exercise 17.1. Complete the solution of this example, and compute the strategy
according to section 17.3.3.

17.5 Discussion, Extension

We discuss here some conventions and hypotheses we have made, sometimes

implicitly.

17.5.1 Discussion on the Conventions

We have assumed that the priority of a configuration depends only on the con-
trol state. Another possibility is to define regular set of states for each priority,
or equivalently a finite automaton with output (over the alphabet W ∪· P ) that
accepts each configuration and outputs its priority. That wouldn’t be more gen-
eral: this automaton can be simulated by the states of the one-way automaton
E (or by A with new labels on the tree). Otherwise it can be simulated by Z by
extending the stack alphabet. The same ideas apply for the definition of V0 and
V1 in V .
A usual convention for an arena (V0 , V1 , E) is that E ⊆ V0 × V1 ∪ V1 × V0 ,
i.e., Player 0 and 1 alternate. This convention may clarify the situation but is
not essential for us. If a pushdown system Z does not satisfy it, we can add
“dummy” states to obtain a new pushdown game Z  which is equivalent to Z
and satisfies the condition that in the new states there is only one possible move
(choice).
The usual convention is also that a player who cannot move has lost. This is
convenient with our formalism if we consider (see equations 17.17 and 17.18) that
an empty disjunction is false and an empty conjunction is true (analogously it
agrees with the definitions of  and  in µ-calculus). With pushdown games we
can simulate another convention. We know in which configuration no transition
is possible: if the stack is empty, or if there are no q  , u with (q, a, q  , u) ∈ ∆.
316 Thierry Cachat

We can add new transitions to a particular state for the second case, and for
the first case we can use a new symbol as the “bottom” of the stack, that can
neither be put nor removed, and new transitions for this symbol.

17.5.2 Extensions
One can easily extend the results presented in this paper to any suffix (resp.
prefix) rewrite system, either by simulating it with a pushdown automaton (up
to bisimilarity) or by adapting our construction to allow A to go up along a
fixed word (stored in its memory). In contrast one could restrict the pushdown
system so that a transition consists just of pushing or popping one letter, which
is equivalent to the general model.
In [106] other results are obtained with the help of two-way automata: the
model checking procedure is extended to any µ-calculus formula (Theorem 2)
over any context-free or even prefix recognizable graph (Theorem 5). In the
present paper we have just considered the problem of solving parity games. On
the other hand, each µ-calculus formula on a pushdown system is equivalent to
a parity game. To simulate the prefix recognizable rewrite rules (see Chapter
15), the two-way automaton simulates the finite automata that recognize the
different parts of the word (the prefix, the old suffix and the new suffix) using
alternation and guessing the correct rule.

17.6 Conclusion
After some technical work to make the two-way automata “usable”, it was pos-
sible to compute winning regions and winning strategies. This formalism is very
powerful and hopefully comprehensible.
Its expressive power is the same as the µ-calculus on trees and on the tran-
sition systems that can be simulated on trees: pushdown systems and prefix
recognizable graphs.
Chapter 15 of this book deals with another result about model checking: it
is shown that Monadic Second Order logic (MSO) is decidable on prefix rec-
ognizable graphs. It is well known (see Chapter 14) that MSO is at least as
expressive as µ-calculus, so implicitly the model-checking problem for µ-calculus
on prefix-recognizable graphs was already solved by Caucal in [28]. It is natural
to define parity games on prefix-recognizable graphs the same way as we have
done: a configuration (node of the game graph) is a word, for clarity we suppose
that the priority and the player (V0 and V1 ) are given by the first letter of the
word. In fact we can define in MSO the winning region of Player 0 (resp. Player
1).
But if we compare both approaches in more detail, important differences
show up: the MSO formula describes the whole winning region: the decision
procedure gives a finite automaton that recognizes the whole set of winning
vertices of Player 0 (resp. 1). On the contrary, the construction presented in the
present chapter just checks one at a time if a given “initial” configuration is in
 17 Two-Way Tree Automata Solving Pushdown Games 317

the winning region. On the other hand, it is proved in [106] that his technique
generates a winning strategy for this initialized game, represented by a finite
automaton.
A similar result could be obtained by the methods introduced in Chapter
15, if a strategy could be defined in MSO. Unfortunately, this is not possible
over the given arena. Indeed, a strategy is a binary relation, or a function from
the vertices to the vertices, and it is not allowed in MSO to quantify about
(non monadic) relations. Note that a strategy provides more information than
a winning region does. It is possible to stay forever in the winning region and
not win (never reach the “goal”). One cannot quantify about paths: they are not
uniquely defined by their set of nodes. Finally, if the prefix-recognizable graph
is a directed tree, and the game played from the root (top-down), the situation
is much simpler: the strategy is a subtree with some good conditions, and is
MSO-definable. (This gives an answer to a question of [180].) But in general
the unraveling tree of a prefix-recognizable graph from a given vertex is not a
prefix-recognizable graph (it is an algebraic tree, but this is outside the scope of
this book).
18 Introduction to Guarded Logics

Thoralf Räsch

Institut für Mathematik

Universität Potsdam

18.1 Introduction

Guarded logics are a family of logical formalisms that generalize certain desir-
able properties of modal logics from transition systems to the setting of arbitrary
relational structures. Modal logics are widely used in a number of areas in com-
puter science, particularly for the specification and verification of hardware and
software systems, for knowledge representation, in databases, and in artificial
intelligence. The most basic modal logic is propositional modal logic ML, which
is just the fixed-point free part of the µ-calculus (see Chapter 10). But modal
logics, broadly conceived, form a family of many different formalisms, including
temporal logics, description logics, process logics, etc, many of which are also
closely related to automata. An important reason for the successful applications
of modal logics is their good balance between expressive power and computa-
tional complexity. This means that on the one hand, the relevant statements for
many applications are expressible in these logics, and on the other hand, the
usual reasoning tasks are decidable and admit reasonably efficient algorithms.
In particular, the satisfiability problem is decidable for most modal logics,
including the modal µ-calculus (for instance via automata based methods). This
in sharp contrast with first-order logic where even quite simple fragments are un-
decidable. Vardi [189] explicitely formulated the question, to find reasons for the
robust decidability properties of modal logics. Note, however, that satisfiability
problems tend to be of relatively high complexity. Even for plain propositional
logic satisfiability is NP-complete and for more powerful logics it quickly be-
comes Pspace- or Exptime-hard. For instance the satifiability problems for
propositional modal logic ML and the modal µ-calculus are Pspace-complete
[109] and Exptime-complete [54].
There is a standard translation of ML into first-order logic (FO), inductively
taking a modal formula ϕ to a first-order formula ϕ∗ . This translation takes
aϕ
to ∃y( Ea xy ∧ ϕ∗ (y) ) and [a]ϕ to ∀y( Ea xy → ϕ∗ (y) ). The first-order formulae
that correspond to ML-formulae under this translation form what in [4] is called
the modal fragment of first-order logic. It has been shown that this fragment has
interesting properties, in particular a semantic characterisation via bisimulation:
The properties definable in ML are precisely the properties that are first-order
definable and invariant under bisimulation (see Chapter 14). Another important
feature is the so-called tree model property which was already considered in [189].
We will look at a generalisation of this property in Section 18.4.

E. Grädel et al. (Eds.): Automata, Logics, and Infinite Games, LNCS 2500, pp. 321-341, 2002.
 Springer-Verlag Berlin Heidelberg 2002
322 Thoralf Räsch

Both bisimulation invariance and the tree model property are important for
the analysis of modal logics. In the following we will use these ideas for investi-
gating guarded logics.
To understand guarded logics let us come back to the question of Vardi
mentioned above: What are the reasons for the good algorithmic properties of
modal logics? Looking at a typical formula of the modal fragment, say ∃y(Ea xy∧
ϕ∗ (y) ), we note that we only need at most binary predicates and two variables.
This strong restriction might be an answer but there is another observation: We
only use quantifiers that are somehow restricted or guarded by the predicate E.
Let us look at this property in a more general context.
In [4], Andréka, van Benthem and Németi have introduced the guarded frag-
ment GF of first-order logic which we will define in the next section. Roughly,
the idea is to consider arbitrary first-order languages but only allow guarded
quantifiers. The concept of a guarded quantifier needs to be defined and we will
see that there are several different ways to do it. Even a rather liberal notion
of guardedness, clique-guarded quantification, leads to decidable extensions of
propositional modal logic and the µ-calculus. Moreover, these clique-guarded
logics will give us the possibility to prove general statements about guarded log-
ics. In fact, we prove in Theorem 18.23 a general decidability result for various
logics, particularly for guarded logics.
With this goal in mind we will define in Section 18.2 the guarded logics GF
and CGF, and their fixed point extensions µGF and µCGF (that correspond
to thew modal µ-calculus). In Section 18.3 we shall prove some basic properties
of these logics, e.g., that GF can define precisely the model classes that are
first-order definable and closed under guarded bisimulation. We will prove that
even our the most liberal guarded fixed point logic µCGF has a (generalised) tree
model property (Theorem 18.17). In Section 18.5 we define guarded second-order
logics, GSO and CliqueSO, which generalize monadic second-order MSO. We
shall then be prepared to prove the general decidability result, Theorem 18.23),
in Section 18.6.
Note that this decidability result is based on the decidability of monadic the-
ory of trees and therefore does not provide good complexity bounds for guarded
logics. For complexity issues and decision procedures for guarded logics that are
based automata-theoretic methods we refer to Chapter 19. Further information
on guarded logics can be found in [65, 67, 69, 68, 71, 72, 73, 74, 75, 86]. The
exposition in this chapter is based on [67, 72, 73, 74].

18.2 Guarded Logics

In general the concept of guarded logics can be defined by restricting quantifica-
tion not only in first-order logic but also in second-order logic, fixed point logic
or infinitary logics in such a way that, semantically speaking, each formula can
‘speak’ only about elements that are ‘very close together’ or ‘guarded’. Syntac-
tically, this means that all first-order quantifiers must be relativised by certain
‘guard formulae’ that tie together all free variables in the scope of a quantifier.
Quantification appears in one of the form
 18 Introduction to Guarded Logics 323

∃ȳ( α(x̄, ȳ) ∧ ϕ(x̄, ȳ) ) or ∀ȳ( α(x̄, ȳ) → ϕ(x̄, ȳ) ),

where quantifiers may range over a tuple ȳ of variables, ‘guarded’ by a formula

α that must contain all free variables of the formula ϕ. The guard formulae are
of a simple syntactic form (in the basic version, they are just atoms). Depending
on the conditions imposed on guard formulae, one has logics with different levels
of ‘closeness’ or ‘guardedness’.

The Guarded Fragment

Let us start with the classical guarded logic, the so-called guarded fragment (GF)
defined by induction as follows:

Definition 18.1. The guarded fragment (GF) is the smallest collection of

formulae with the following properties.

(i) Every atomic formulae belongs to GF.

(ii) GF is closed under propositional connectives ¬, ∨, ∧, →, ↔.
(iii) If x̄ and ȳ are tuples of variables, α(x̄, ȳ) is an atomic formula, and ϕ(x̄, ȳ)
is a formula in GF such that free(ϕ) ⊆ free(α) = {x̄, ȳ}, then the formulae
∃ȳ( α(x̄, ȳ) ∧ ϕ(x̄, ȳ) ) and ∀ȳ( α(x̄, ȳ) → ϕ(x̄, ȳ) ) belong to GF.

For short we write

( ∃ȳ.α(x̄, ȳ) )ϕ(x̄, ȳ) for ∃ȳ( α(x̄, ȳ) ∧ ϕ(x̄, ȳ) ) and
( ∀ȳ.α(x̄, ȳ) )ϕ(x̄, ȳ) for ∀ȳ( α(x̄, ȳ) → ϕ(x̄, ȳ) ).

Let us stress that all free variables of the formula must be contained in the
guard. Note that we just have generalised the modal concept we have spoken
about in the first section. Clearly, the aforementioned translation of modal logics
into first-order logic uses only guarded quantification, so we see immediately that
the modal fragment is contained in GF. The guarded fragment generalises the
modal fragment by dropping the restrictions to use only two variables and only
monadic and binary predicates, and retains the restriction that quantifiers must
be guarded.

Definition 18.2. Let A be a structure with universe A and vocabulary τ . A

set X = {a1 , . . . , an } ⊆ A is guarded in A if there exists an atomic formula
α(x1 , . . . , xn ) such that A |= α(a1 , . . . , an ). A tuple (b1 , . . . , bn ) ∈ B n is guarded
if {b1 , . . . , bn } ⊆ X for some guarded set X.

The Clique-Guarded Fragment

We next consider a more liberal notion of guarded quantification and define the
clique-guarded fragment CGF of first-order logic. Although we will have more
freedom to take formulae, CGF still has the nice properties we are expecting
from a suitable generalisation of ML.
324 Thoralf Räsch

Definition 18.3. The Gaifman graph of a relational structure A is the undi-

rected graph G(A) = (A, E A ) where
E A := {(a, a ) | a = a , there exists a guarded set X ⊆ A such that a, a ∈ X}.

A set of nodes in a graph is called a clique if every node of that set is adjacent
to any other node of it.

Definition 18.4. A set X of elements of a structure A is clique-guarded in

A if it induces a clique in G(A).
Obviously, guarded sets are also clique-guarded. To see that the converse is false,
consider the structure A = (A, R) with universe A = {a1 , a2 , a3 , b12 , b23 , b13 }
and one ternary relation R containing the triangles (a1 , a2 , b12 ), (a2 , a3 , b23 ),
(a1 , a3 , b13 ). Then the set {a1 , a2 , a3 } is not guarded but induces a clique in
G(A).
Note that, for each finite vocabulary τ and each k ∈ N there is a positive,
existential first-order formula clique(x1 , . . . , xk ) such that for every τ -structure
A and all a1 , . . . , ak ∈ A the following holds.
A |= clique(a1 , . . . , ak ) ⇐⇒ a1 , . . . , ak induce a clique in G(A).

Definition 18.5. The clique-guarded fragment, denoted CGF, is defined in

the same way as GF (see Definition 18.1), except that the quantifier rule is
changed as follows.

(c”) If ϕ(x̄, ȳ) is in CGF, then ∃ȳ( clique(x̄, ȳ) ∧ ϕ(x̄, ȳ) ) and ∀ȳ( clique(x̄, ȳ) →
ϕ(x̄, ȳ) ) belong to CGF where free(ψ) ⊆ free(clique) = {x̄, ȳ}.

For short we write

( ∃ȳ.clique(x̄, ȳ) )ϕ(x̄, ȳ) for ∃ȳ( clique(x̄, ȳ) ∧ ϕ(x̄, ȳ) ) and
( ∀ȳ.clique(x̄, ȳ) )ϕ(x̄, ȳ) for ∀ȳ( clique(x̄, ȳ) → ϕ(x̄, ȳ) ).

Guarded Fixed Point Logics

So far we have defined guarded fragments of first-order logics, which generalize
propositional modal logic. But now we can go on and generalize also the modal
µ-calculus to obtain guarded variants of least fixed fixed point logic.

Definition 18.6. The guarded fixed point logics µGF and µCGF are obtained
by adding to GF and CGF, respectively, the following rules for constructing fixed
point formulae.
Let W be a k-ary relation symbol, x̄ = (x1 , . . . , xk ) a k-tuple of distinct
variables and ϕ(W, x̄) be a guarded formula that contains only positive oc-
currences of W , no free first-order variables other than x1 , . . . , xk and where
W is not used in guards.
Then we can build the formulae LFPW,x̄ (ϕ)(x̄) and GFPW,x̄ (ϕ)(x̄).
 18 Introduction to Guarded Logics 325

The semantics of the fixed point formulae is the following. Given a structure
A providing interpretations for all free second-order variables in ϕ except W , let
ϕA be the operator on k-ary relations W ⊆ Ak defined by

W → ϕA (W ) := {ā ∈ Ak | A |= ϕ(W, ā)}.

Since W occurs only positively in ϕ, this operator is monotone — i.e., W ⊆ W 

implies ϕA (W ) ⊆ ϕA (W  ) — and therefore has a least fixed point LFP(ϕA ) and
a greatest fixed point GFP(ϕA ). The semantics of least fixed point formulae is
defined by

A |= LFPW,x̄ (ϕ(W, x̄))(ā) ⇐⇒ ā ∈ LFP(ϕA )

and similarly for GFP-formulae.

An instructive example of a guarded fixed point sentence is
∃xyF xy ∧ ∀xy( F xy → ∃xF yx ) ∧ ∀xy( F xy → LFPW,x ( ∀y(F yx → W y) )(x)).
Here, the first two conjuncts say that there exists an F -edge and that every
F -edge can be extended to an infinite path. The third conjunct asserts that each
point x on an F -edge is in the least fixed point of the the operator W → {w |
all F -predecessors of w are in W }. This least fixed point is the set of points
that have only finitely many F -predecessors. Hence, the sentence says that there
is an infinite forward F -chain but no infinite backward F -chain. This means in
particular that F does not cycle. Thus, this sentence is only satisfiable in infinite
models. This shows that, contrary to the µ-calculus, guarded fixed point logics
do not have the finite model property.
Least and greatest fixed points can be defined inductively as we have already
seen in Chapter 10. For a formula ϕ(W, x̄) with k-ary relation variable W a
structure A, for ordinals α, and limit ordinals λ set
W 0 := ? W̃ 0 := Ak
W α+1
:= ϕA (W α ) W̃α+1
:= ϕA (W̃ α )


W λ := α<λ W α W̃ λ := α<λ W̃ α

The relations W α and W̃ α are called the stages of the LFP- or GFP-induction,
respectively, of ϕ(W, x̄) on A. Since the operator ϕA is monotone, we have W 0 ⊆
W 1 ⊆ · · · ⊆ W α ⊆ W α+1 ⊆ · · · and W̃ 0 ⊇ W̃ 1 ⊇ · · · ⊇ W̃ α ⊇ W̃ α+1 ⊇ · · · and
there exist ordinals α, α such that W α = LFP(ϕA ) and W̃ α = GFP(ϕA ). These

are called the closure ordinals of the LFP- or GFP-induction, respectively, of

ϕ(W, x̄) on A.

Countable Models
While the finite model property fails for guarded fixed point logics we recall that
the so-called Löwenheim-Skolem property holds even for the (unguarded) least
fixed point logic (FO + LFP), i.e., every satisfiable fixed point sentence has a
countable model.
326 Thoralf Räsch

Lemma 18.7 ([73]). Every satisfiable sentence in (FO+LFP), and hence every
satisfiable sentence in µGF, and µCGF, has a model of countable cardinality.

Proof. We only have to look at fixed point formulae. Therefore, let us consider
ψ(x̄) := LFPR,x̄ ( ϕ(R, x̄) )(x̄), with first-order formula ϕ such that A |= ψ(ā) for
some infinite A.
For any ordinal α, let Rα be the α-th stage of the least fixed point induction
of ϕ on A. Expand A by a monadic relation U , a binary relation <, and an
(m + 1)-ary relation S (where m is the arity of R) such that

(i) (U, <) is a well-ordering of length γ + 1, and < is empty outside U .

(ii) S describes the stages of ϕA in the following way:

S := {(u, b̄) | for some ordinal α ≤ γ, u is the α-th element of (U, <), b̄ ∈ Rα }.

In the expanded structure A∗ := (A, U, <, S), the stages of the operator ϕA are
defined by the sentence:

η := ∀u∀x̄( Sux̄ ←→ ∃z( z < u ∧ ϕ[ Rȳ/∃z(z < u ∧ Sz ȳ) ](x̄) ) ).

Here, ϕ[ Rȳ/∃z(z < u ∧ Sz ȳ) ](x̄) is the formula obtained from ϕ(R, x̄) by re-
placing all occurrences of subformula Rȳ by ∃z( z < u ∧ Sz ȳ ).

Now, let B∗ := (B, U B , <B , S B ) be a countable elementary substructure

of A∗ , containing the tuple ā. Since A∗ |= η, also B∗ |= η and therefore S B
encodes the stages of ϕB . Since also B∗ |= ∃uSuā, it follows that ā is contained
in the least fixed point of ϕB , i.e., B |= ψ(ā).
A straightforward iteration of this argument gives the desired result for arbi-
trary nesting of fixed point operators, and hence for the entire fixed point logic
(FO+LFP). 2

Infinitary Guarded Logics

Fixed point logics have a close relationship to infinitary logics (with bounded
number of variables). In order to formulate general statements we will consider
the following logics.

Definition 18.8. GF∞ and CGF∞ are the canonical infinitary variants of the
guarded fragments GF and CGF, respectively. For instance, GF∞ extends GF
by the following rule
 for building
 new formulae: If Φ ⊆ GF∞ is any set of
formulae, then also Φ and Φ are formulae of GF∞ . The definition for CGF∞
is analogous.

In the following we explicitly talk about the clique-guarded case only, i.e.,
about µCGF and CGF∞ but all results apply to the guarded as well. The fol-
lowing simple observation relates µCGF and CGF∞ . Recall that the width of
a formula is the the maximal number of free variables in its subformulae.
 18 Introduction to Guarded Logics 327

Lemma 18.9 ([73]). For each ϕ ∈ µCGF of width k and each cardinal γ, there
is a ϕ ∈ CGF∞ , also of width k, which is equivalent to ϕ on all structures of
cardinality up to γ.

Proof. Consider a typical fixed point formula LFPR,x̄ ( ϕ(R, x̄) )(x̄). For every
ordinal α there is a formula ϕα ∈ CGF∞ that defines the stage α of the fixed
point induction of ϕ. Indeed, let ϕ0 := ⊥, let ϕα+1 := ϕ[Rȳ/ϕα (ȳ)](x̄), that is,
the formula that one obtains from ϕ(R, x̄) if one replaces each  atom Rȳ (for any
ȳ) by the formula ϕα (ȳ), and for limit ordinals λ, let ϕλ := α<λ ϕα (x̄).
But on structures of bounded cardinality, also the closure ordinal of any fixed
point formula is bounded. Hence, for every cardinal γ there is an ordinal α such
that LFPR,x̄ ( ϕ(R, x̄) )(x̄) is equivalent to ϕα (x̄) on structures of cardinality at
most γ. 2

18.3 Guarded Bisimulations

One of the main tools for the analysis of the modal µ-calculus is the notion of
bisimulation. We are going to generalise this idea now in the context of guarded
logics.
For GF, the so-called guarded bisimulations play a fundamental role for char-
acterising the expressive power, in the same way as bisimulation is crucial for un-
derstanding modal logics. For instance, the characterisation theorem by van Ben-
them, saying that a property is definable in propositional modal logic if and only
if it is first-order definable and invariant under bisimulation, has a natural ana-
logue for the guarded fragment.

Lemma 18.10 ([4]). GF can define precisely the model classes that are first-
order definable and closed under guarded bisimulations.

We are going to consider clique-bisimulations and prove a similar result for

the clique-guarded fragment CGF. The notions of guarded bisimulations can be
defined analogously.

Definition 18.11. A clique-k-bisimulation between two τ -structures A and

B is a non-empty set I of finite partial isomorphisms f : X → Y from A to B
where X ⊆ A and Y ⊆ B are clique-guarded sets of size at most k such that the
following ‘back and forth’ conditions are satisfied: For every f : X → Y in I,

(forth) for every clique-guarded set X  ⊆ A of size at most k there exists

a partial isomorphism g : X  → Y  in I such that f and g agree
on X ∩ X  ;
(back) for every clique-guarded set Y  ⊆ B of size at most k there exists
a partial isomorphism g : X  → Y  in I such that f −1 and g −1
agree on Y ∩ Y  .
328 Thoralf Räsch

More generally, a clique-bisimulation is defined in the same way but with-

out the restriction on the size of the sets X, X  , Y , Y  . Finally, we say that
two structures are clique-(k-)bisimilar if there exists a clique-(k-)bisimulation
between them. Furthermore, two structures are clique-bisimilar if and only if
they are clique-k-bisimilar for all k. One can describe clique-k-bisimilarity also
via a guarded variant of the infinitary Ehrenfeucht-Fraissé game with k pebbles.
One just has to impose that after every move, the set of all pebbled elements
induces a clique in the Gaifman graph of each of the two structures. Then A and
B are clique-k-bisimilar if and only if the second player has a winning strategy
for this guarded game.
Adapting basic and well-known model-theoretic techniques to the present
situation one obtains the following result.
Theorem 18.12 ([73]). For all τ -structures A and B the following two condi-
tions are equivalent.

(i) A and B are clique-k-bisimilar.

(ii) For all sentences ϕ ∈ CGF∞ of width at most k, A |= ϕ ⇐⇒ B |= ϕ.
Proof. To prove the direction from (i) to (ii) let I be a clique-k-bisimulation
between A and B, let a1 , . . . , an ∈ A and b1 , . . . , bn ∈ B and also ϕ(x1 , . . . , xn )
be a formula in CGF∞ of width at most k such that A |= ϕ(a1 , . . . , an ) and
B |= ¬ϕ(b1 , . . . , bn ). We are going to show by induction on ϕ that there is no
partial isomorphism f ∈ I with f (a1 ) = b1 , . . . , f (an ) = bn . By setting n = 0,
this proves the claim. 
If ϕ is atomic this is obvious, and the induction steps for the formulae ϕ = Φ
and ϕ = ¬ψ are immediate. Hence the only interesting case concerns formulae
of the form:

ϕ(x̄) := ( ∃ȳ.clique(x̄, ȳ) )ψ(x̄, ȳ).

Since A |= ϕ(ā), there exists a tuple ā in A such that A |= clique(ā, ā ) ∧
ψ(ā, ā ). Suppose—towards a contradiction—that some f ∈ I takes the tuples ā
to b̄. Since the set {a1 , . . . , an , a1 , . . . , am } is clique-guarded there exists a partial
isomorphism g ∈ I, taking ā to b̄ and ā to some tuple b̄ in B. But then the set
{b1 , . . . , bn , b1 , . . . , bm } must be clique-guarded as well and B |= ¬ψ(b̄, b̄ ), which
contradicts the induction hypothesis.
For the direction from (ii) to (i), let I be the set of all partial isomorphisms
ā → b̄, taking a clique-guarded tuple ā in A to a clique-guarded tuple b̄ in B
such that for all formulae ϕ(x̄) ∈ CGF∞ of width at most k, A |= ϕ(ā) if and
only if B |= ϕ(b̄). Since A and B cannot be distinguished by sentences of width
k in CGF∞ , I contains the empty map and is therefore non-empty. It remains
to show that I satisfies the ‘back and forth’ properties.
For the ‘forth’ property, take any partial isomorphism f : X → Y in I and any
clique-guarded set X  in A of size at most k. Let X  = {a1 , . . . , an , a1 , . . . , am }
where X ∩ X  = {a1 , . . . , an }. We only have to show that there exists g ∈ I,
defined on X  that coincides with f on X ∩ X  .
 18 Introduction to Guarded Logics 329

Suppose that we cannot find such g. For ā := (a1 , . . . , an ), ā := (a1 , . . . , am ),
and b̄ := f (ā), let T be the set of all tuples b̄ := (b1 , . . . , bm ) such that
{b1 , . . . , bn , b1 , . . . , bm } is clique-guarded in B. Since there is no appropriate
g ∈ I there exists for every tuple b̄ ∈ T a formula ψb̄
(x̄, ȳ) ∈ CGF∞ such
that A |= ψb̄
(b̄, b̄ ). But then we can construct the formula

ϕ(x̄) := ( ∃ȳ.clique(x̄, ȳ) ) {ψb̄
(x̄, ȳ) | b̄ ∈ T }.

Clearly, A |= ϕ(ā) but also B |= ¬ϕ(b̄) which is impossible knowing that f ∈ I

maps ā to b̄. The proof for the ‘back’ property is analogous. 2
In particular, this shows that clique-(k-)bisimilar structures cannot be sepa-
rated by µCGF-sentences (of width k, respectively).

We show next that we can find a similar characterisation for CGF and clique-
guarded bisimulation as we have already seen in Chapter 14 for the propositional
modal logic as bisimulation-invariant fragments of first-order logic. The proof is
a straightforward adaption of van Benthem’s proof for modal logic. Recall that
every structure has an ω-saturated elementary extension.

Theorem 18.13 ([73]). A first-order sentence is invariant under clique-guarded

bisimulation if and only if it is equivalent to a CGF-sentence.

Proof. We have already established that CGF-sentences (in fact, even sentences
from CGF∞ ) are invariant under clique-guarded bisimulation. For the converse,
suppose that ψ is a satisfiable first-order sentence that is invariant under clique-
guarded bisimulation. Let Φ be the set of sentences ϕ ∈ CGF such that ψ |= ϕ.
It suffices to show that Φ |= ψ.
Indeed, then by the compactness theorem, already a finite conjunction of
sentences from Φ will then imply, and hence be equivalent to, ψ.
Since ψ was assumed to be satisfiable, so is Φ. Take any model A |= Φ. We
have to prove that A |= ψ. Let TCGF (A) be the CGF-theory of A, i.e., the set of
all CGF-sentences that hold in A.
Claim. TCGF (A) ∪ {ψ} is satisfiable.
Otherwise, there were sentences ϕ1 , . . . , ϕn ∈ TCGF (A) such that ψ |= ¬(ϕ1 ∧
· · · ∧ ϕn ). Hence ¬(ϕ1 ∧ · · · ∧ ϕn ) is a CGF-sentence implied by ψ and is there-
fore contained in Φ. But then A |= ¬(ϕ1 ∧ · · · ∧ ϕn ) which is impossible since
ϕ1 , . . . , ϕn ∈ TCGF (A). This proves the claim.
Now, take any model B |= TCGF (A)∪{ψ}, and let A+ and B+ be ω-saturated
elementary extensions of A and B, respectively.
Claim. A+ and B+ are clique-bisimilar.
In order to prove the claim, let I be the set of partial isomorphisms f : X → Y
from clique-guarded subsets of B+ such that, for all formulae ϕ(x̄) in CGF and
all tuples ā from X, we have that A+ |= ϕ(ā) if and only if B+ |= ϕ(f ā).
330 Thoralf Räsch

The fact that A+ and B+ are ω-saturated implies that the ‘back and forth’
conditions for the clique-guarded bisimulations are satisfied by I. Indeed, let
f ∈ I, and let X  be any clique-guarded set in A+ , with X ∩ X  = {a1 , . . . , ar }
and X  \ X = {a1 , . . . , as }. Let Φ be the set of all formulae in CGF of the form
ϕ(f a1 , . . . , f ar , y1 , . . . , ys ) such that A+ |= ϕ(a1 , . . . , ar , a1 , . . . , as ).
For every formula ϕ(f ā, ȳ) ∈ Φ, we have A+ |= ( ∃ȳ.clique(ā, ȳ) )ϕ(ā, ȳ) and
therefore also B+ |= ( ∃ȳ.clique(f ā, ȳ) )ϕ(f ā, ȳ). Hence, Φ is a consistent type of
(B+ , f ā) which—by ω-saturation—is realised in B+ by some fixed tuple b̄ such
that (f ā, b̄) is clique-guarded. And so, the function g taking ā to f ā and ā to b̄
is a partial isomorphism with domain X  that coincides with f on X ∩ X  .
The ‘back’ property is proved in the same way, exploiting that A+ is ω-
saturated.
We can now complete the proof of the theorem: Since B |= ψ and B+ is an
elementary extension of B, we have that B+ |= ψ. By assumption, ψ is invariant
under clique-guarded bisimulation, so A+ |= ψ and therefore also A |= ψ. 2
An analogous result applies to clique-k-bisimulations and CGF-sentences of
width k, for any k ∈ N .

18.4 Tree Model Property

We will now define the notion of tree width which is an important tool in graph
theory as well. It measures how closely a structure resembles a tree. Informally,
a structure has tree width ≤ k if it can be covered by (possibly overlapping)
substructures of size at most k + 1 which are arranged in a tree-like manner. So,
forests will have tree width 1 and cycles tree width 2 (cf. Figure 18.1).

Definition 18.14. A structure A has tree width k if k is the minimal natural

number satisfying the following condition: There exists a directed tree T = (V, E)
and a function F : V → {X ⊆ A ; |X| ≤ k + 1}, assigning to every node v of T
a set F (v) of at most k + 1 elements of A such that the following two conditions
hold:

(i) For every guarded set X in A there exists a node v of T with X ⊆ F (v).
(ii) For every element b of A, the set of nodes {v ∈ V : b ∈ F (v)} is connected
(and hence induces a subtree of T ).

For each node v of T , F (v) induces a substructure F(v) ⊆ A of cardinality at

most k + 1. We call (T, (F(v) | v ∈ T )) a tree decomposition of width k of A.

Lemma 18.15 ([73]). Guarded and clique-guarded sets are contained in some
F (v) of a tree decomposition (T, (F(v) | v ∈ T )).

Proof. By definition for guarded sets this is true. We show that it also holds for
a general clique-guarded set X. For each a ∈ X, let Va be the set of nodes v such
that a ∈ F (v). By definition of a tree decomposition, each Vb induces a subtree
 18 Introduction to Guarded Logics 331

Fig. 18.1. The upper part shows a graph (circle) with seven nodes divided into clusters
of size ‘2 + 1’ whereas the lower one gives us the arrangement of these clusters in a
tree-like manner. Note, each edge of the circle is contained in at least one cluster and
the arrangement is in the sense of (ii) of Definition 18.14.

of T . For all a, a ∈ X the intersection Va ∩ Va
is non-empty, since b and b are

adjacent in G(A) and must therefore coexist in some atomic fact that is true in
A. It is known that any collection of pairwise overlapping subtrees of a tree has
a common node (cf. [154, p. 94]). Hence there is a node v of the tree T such that
F (v) contains all elements of X. 2
With this in mind we can define a general notion of the so-called tree model
property.

Definition 18.16. Let L be a logic and C a class of structures. We say that L

has the generalised tree model property on C if there exists a computable
function t, assigning to every sentence ϕ ∈ L a natural number t(ϕ) such that,
whenever ϕ is satisfiable on C, then there also exists a model A |= ϕ such that
A ∈ C and A has tree width at most t(ϕ). In the case where C is the class of all
structures, we simply say that L has the generalised tree model property.

The definition is very general since it only requires that the bound t(ϕ) on
the tree width of a model for ϕ must be computable from ϕ.
We can prove the tree model property for the logics we are considering.

Theorem 18.17 ([73]). Every satisfiable sentence in µCGF with width k has
a countable model of tree width at most k − 1. In particular, µCGF has the
generalised tree model property.

Proof. We can unravel any given structure to get a bisimilar tree-like structure.
The idea is to look at the local situation of the structure and paste copies of
small parts of it together, arranged as a tree.
332 Thoralf Räsch

The k-unravelling A(k) of a structure A is defined inductively. We build a

tree T together with functions F and G such that for each node v of T , F (v)
induces a clique-guarded substructure F(v) ⊆ A, and G(v) induces a substructure
G ⊆ A(k) that is isomorphic to F(v). Furthermore, (T, (G(v) | v ∈ T )) will be a
tree decomposition of A(k) .
The root of T is λ, with F (λ) = G(λ) = ?. Given a node v of T with
F (v) = {a1 , . . . , ar } and G(v) = {a1 , . . . , ar } we create for every clique-guarded
set {b1 , . . . , bs } in A with s ≤ k a successor node w of v such that F (w) =
{b1 , . . . , bs } and G(w) is the set {b1 , . . . , ns } which is defined as follows: For those
i, such that bi = aj ∈ F (v), put bi = aj such that G(w) has the same overlap
with G(v) as F (w) has with F (v). The other bi in G(w) are fresh elements.
Let fw : F (w) → G(w) be the bijection taking bi to bi for i = 1, . . . , s. For
F(w) being the substructures of A induced by F (w), define G(w) such that fw
is an isomorphism from F(w) to G(w).
Finally, A(k) is the structure with the tree decomposition (T, (G(v) | v ∈ T )).
Note that the k-unravelling of a structure has tree width at most k − 1.
Claim. A and A(k) are k-bisimilar.
This is witnessed by the set I, consisting of all functions fv : F (v) → G(v)
for all nodes v of T .
Thus, it follows that no sentence of width k in CGF∞ , and hence no sentence
of width k in µCGF distinguishes between a structure and its k-unravelling.
Since every satisfiable sentence in µCGF has a model of at most countable
cardinality—by Lemma 18.7—and since the k-unravelling of a countable model
is again countable, our claim is proved. 2

18.5 Guarded Second-Order Logic

At this point we want to discuss another generalisation of GF. Let us consider
the natural second-order extension of the guarded fragment.
Definition 18.18. Guarded second-order logic (GSO) is second-order logic,
where second-order quantification appears only in the following form:
( ∃X.∀ȳ(X ȳ → guarded(ȳ) )ϕ(X) and ( ∀X.∀ȳ(X ȳ → guarded(ȳ) )ϕ(X).
Here, guarded(ȳ) is a first-order formula expressing that ȳ is a guarded tu-
ple.
n More explicitly,
  on structures with relations R1 , . . . , Rn let guarded(ȳ) :=
i1 ∃x̄(Ri ȳ ∧ j l y = j = xl ). Obviously, GSO includes full first-order logic
and so GSO is undecidable and, unlike GF and µGF, not invariant under guarded
bisimulation. Also note that, as singletons are always guarded, the monadic ver-
sion of guarded second-order logic coincides with full MSO. Consequently, since
MSO is strictly more expressive than FO, the same is true for GSO. Further-
more, Lemma 18.20 below shows that GSO collapses to MSO over words. So, we
can get the analogue embeddings as in the case of modal logic—cf. Figure 18.2.
The robustness of GSO is underlined by the following statement.
 18 Introduction to Guarded Logics 333

ML FO GF FO

Lµ MSO µGF GSO

Fig. 18.2. Embeddings around ML and GF

Lemma 18.19 ([74]). The following fragments of second-order logic are equally
expressive.

(i) The extension of GF by full second-order quantification.

(ii) The extension of GF by second-order quantification with guarded semantics.
(iii) Guarded second-order logic GSO.

Proof. It obviously suffices to present translations from (i) and (iii) to (ii).
For the direction from (i) to (ii) consider a second-order variable X in a
formula according to (i) which is meant to range over arbitrary rather than
guarded relations. Consider first the case of sentences. For any atom X occurring
in the scope of a guarded quantification (Qȳ.α(ȳ z̄))ϕ where the occurrence of
x̄ is free in ϕ, the x̄ all occur in α. It follows that only truth values of X x̄ for
guarded tuples have an influence on the truth value of ϕ.
For formulae with free variables the quantifier-free part (w.r.t. first-order
quantification) may depend on truth-values for unguarded tuples. However, since
the number of free variables is fixed, there is only a fixed number of possibilities
for the second-order variables that can be explicitly enumerated.
So, if ∃Xϕ(x̄) is a subformula of the given formula type (i) that occurs outside
of any first-order quantifier we translate it into type (ii) as follows: Let H =
H(X, x̄) be the set of all {X}-structures with universe x̄. For this transformation
we assume  that no variable in ϕ is reused in quantifications. Replace ∃Xϕ(x̄)
with ∃X A∈H ϕA (x̄) where ϕA is obtained from ϕ by substituting all atoms
X ȳ where ȳ ⊆ x̄ with ⊥ if A |= X ȳ, and with  otherwise.

For the direction from (iii) to (ii) it suffices to show that unrestricted first-
order quantification can be simulated by guarded second-order quantification
over GF ranging over monadic variables: Each element variable x is replaced by
a set-variable X, and we use the following rules for translating formulae:

x=y → ∀x(Xx ↔ Y x)

Rx̄ → (∃x̄.Rx̄) Xi xi
i

Z x̄ → ( ∃x̄.guarded(x̄) )( Xi xi ∧ Z x̄)
i
∃xϕ(x, ȳ) → ∃X( ϕ(X, ȳ) ∧ singleton(X) )
334 Thoralf Räsch

where ‘guarded(x̄)’ for vocabulary τ = {R1 , . . . , Rn } is the following formula:


t 
guarded(x1 , . . . , xn ) := ∃ȳ(Ri ȳ ∧ xl = yj )
i=1 l j

and ‘singleton(X)’ states that X contains exactly one element:

singleton(X) := ∃xXx ∧ ∀Y ( ∀x(Y x → Xx) → (∀x¬Y x ∨ (∀xY x ↔ Xx)) ).
Note that these translations — particularly singleton(X)—are in GF, since first-
order quantification over a single first-order variable x is always guarded (by
x = x). 2
Lemma 18.20 ([74]). Guarded second-order logic (GSO) lies strictly between
monadic second-order logic (MSO) and full second-order logic (SO).

Proof. Obviously, we have MSO ⊆ GSO ⊆ SO. We now show that both inclu-
sions are strict.
First we consider Hamiltonicity of graphs, i.e. the question whether a given
graph contains a closed walk that contains every vertex exactly once. This prop-
erty can be expressed by the following GSO-formula:
∃H ( ∀x∀y (Hxy → Exy) ∧ ∀x (∃=1 y Hxy ∧ ∃=1 yHyx) ∧
∀X[ (∃xXx ∧ ∀x∀y(Hxy ∧ Xx → Xy)) → ∀xXx ]
Evaluated on a graph G = (V, E) the formula says that there exists a H ⊆ E with
unique successors and predecessors such that (V, H) is connected. This means
that G has a Hamilton cycle. As Hamiltonicity is known not to be expressible
in MSO (see [47]), this shows that GSO is more expressive than MSO.

In order to prove the second part we show that GSO collapses to MSO over
words. Hence, GSO is not more expressive than MSO over words, i.e., able to
define exactly the regular languages. On the other hand, full second-order logic
is known to capture the polynomial-time hierarchy and, hence, much stronger
than MSO.
We represent words w = w1 · · · wn−1 ∈ A∗ by word structures ({0, . . . , n −
1}, S, (Pa | a ∈ A)) where S = {(i, i + 1) | i < n − 1} and Pa is the set of positions
in the word carrying the letter a, i.e., Pa = {i < n | wi = a}. The predicate of
maximal arity in a word structure is the successor relation, so a guarded set is
either a singleton or a set {i, i + 1}. As guarded n-ary relation therefore contains
only n-tuples (a1 , . . . , an ) such that {a1 , . . . , an } ⊆ {i, i + 1} for some i and
can therefore be encoded by a sequence of monadic relations. For instance a
guarded n-ary relation X can be represented by (Xu | u ∈ {0, 1}n ), where for
each u = (u0 , . . . , un−1 ), Xu := {i < n − 1 | (i + u0 , . . . , i + un−1 ) ∈ X}. This
was all we needed for our goal. 2
Similarly to GSO, we now can apply this idea to the clique-guarded case.
 18 Introduction to Guarded Logics 335

Definition 18.21. Clique-guarded second-order logic (CliqueSO) is full

second-order logic with clique-guarded semantics for the second-order quanti-
fiers.
As in the case of GSO it should be clear that the semantic restrictions for the
second-order quantifiers could also be captured purely syntactically, by admitting
second-order quantifications similarly to the GSO case only of the form
( ∃X.∀ȳ(X ȳ → clique(ȳ) )ϕ(X) and ( ∀X.∀ȳ(X ȳ → clique(ȳ) )ϕ(X).
The proof of Lemma 18.19 carries over immediately to the analogous result for
CGF and CliqueSO. It is also not difficult to prove that CliqueSO is a proper
subset of full second-order logic, for instance on words. To summarise, we have
the following hierarchy of logics:
GF ( LGF ( CGF ( FO ( MSO ( GSO ⊆ CliqueSO ( SO.
We can go one step further and consider the relation between the µ-calculus and
monadic second-order logic: Being able to embed the former into the latter one
we can now try to do the same with µGF and GSO.
Lemma 18.22 ([74]). µGF ( GSO, i.e., we can embed the guarded fixed point
logic into the guarded second order logic and. Moreover, the last one is strictly
more powerful.
Proof. First of all we consider the following restriction of the definition the
guarded fixed point logic: Let us only allow least (or greatest) fixed points over
variable-guarded formulae, or fixed points like LFPX,x̄ ( ϕ(X, x̄) ∧ guarded(x̄) ).
We refer to these as strictly guarded fixed points.
Claim. Any formula of µGF is logically equivalent to one in which all fixed
points are strictly guarded.
So the restriction of µGF to strictly guarded fixed points does not diminish
its expressive power.
Assuming the claim, we may—without loss of generality—consider µGF for-
mulae whose fixed point applications are strictly guarded such that these fixed
points are themselves guarded relations. It is clear that such fixed points are
definable within GSO by means of the usual second-order characterisation of
least and greatest fixed points:

LFPX,x̄ ( ϕ(X, x̄) ) ⇐⇒ ∀X[ (∀ȳ.guarded(ȳ))( ϕ(X, ȳ) → X x̄ ) ].

Is is also clear that GSO is strictly more powerful than µGF: For instance as
GSO includes all of MSO, it is neither decidable nor invariant under guarded
bisimulation.
It remains to prove the claim now. Consider a least fixed point expression of
the form LFPX,x̄ ( ϕ(X, x̄) ). Inductively, we assume that all fixed points within
ϕ are in strictly guarded form. Looking at X-atoms in ϕ(X, x̄), we distinguish
the following cases:
336 Thoralf Räsch

(i) X-atoms in the scope of guarded first-order quantification.

(ii) X-atoms in the scope of least or greatest fixed point operators.
(iii) X-atoms at quantifier-free level, X z̄, z̄ ⊆ x̄.
For occurrences of type (i) or (iii) we may replace X by its guarded part through-
out the fixed point iteration. For type (ii) occurrences that are not of the type
(i) this relies on the inductive assumption that fixed points within ϕ are strictly
guarded. As far as guarded tuples are concerned, even an atom of type (iii) can
evaluate to true for a guarded instantiation of x̄ in ϕ(x̄) only if it would also
evaluate to true for the guarded part of X. Hence, inductively, we find that the
guarded part ( LFPX (ϕ) )g of the fixed point LFPX,x̄ ( ϕ(X, x̄) ) is definable as a
strictly guarded fixed point:

( LFPX (ϕ) )g := LFPX,x̄ ( ϕ(X, x̄) ∧ guarded(x̄) ).

Let ϕ( ( LFPX (ϕ) )g , X, x̄) be the result of substituting

LFPX,x̄ ( ϕ(X, x̄) ∧ guarded(x̄) )

for all occurrences of X apart from those of type (iii). As ( LFPX (ϕ) )g ⊆
LFPX,x̄ ( ϕ(X, x̄) ) and by monotonicity, we clearly have

LFPX,x̄ ( ϕ(X, x̄) ) = LFPX,x̄ ( ϕ( ( LFPX (ϕ) )g , X, x̄) ).

Note that, the only remaining free occurrences of X in ϕ( ( LFPX (ϕ) )g , X, x̄)
are at the quantifier free level. It follows that the fixed point iteration in

LFPX,x̄ ( ϕ( ( LFPX (ϕ) )g , X, x̄) )

is bounded in the sense that the fixed point is attained within an uniformly
bounded finite number of iterations, since there are only finitely many quantifier
free types over a vocabulary enriched by names for all the X-free constituents
of ϕ( ( LFPX (ϕ) )g , X, x̄) which are static for the fixed point process in question.
By unravelling this finite number of iterations within GF we can conclude that
LFPX,x̄ ( ϕ(X, x̄) ) is GF-definable from strictly guarded fixed points. 2

18.6 A Criterion for Decidability

In this section we prove the general criterion for decidability that we promised
earlier.
Theorem 18.23 ([67]). Let L be a logic, C a class of structures such that the
following two conditions are satisfied.
(i) L has the generalised tree model property on C.
(ii) Every sentence ϕ ∈ L can be effectively translated to a sentence of CliqueSO
that is equivalent to ϕ on C.
Then SatC (L), the satisfiability problem for L on C, is decidable.
 18 Introduction to Guarded Logics 337

The proof is based on the following powerful decidability result which can be
found in [163, 185]:
Theorem 18.24 (Shelah, LeTourneau). The monadic second-order theory of
the class of all trees is decidable.
From Chapter 12 we know that SωS the MSO-theory of countable trees is
decidable. So, we are going to reduce the given logic L to the CliqueSO-theory
of trees with bounded tree width which we will further reduce to SωS where we
know that satisfiability is decidable.
Let Ck (τ ) be the class of all τ -structures of tree width at most k. We are
going to prove the statement by reducing, for every k ∈ N , the CliqueSO-theory
of Ck (τ ) to the monadic second-order theory of trees.

Tree Representation of Structures

We first need to represent structures of bounded tree width by ordinary trees
with a finite set of labels.
Towards this let τ be a finite relational vocabulary, and let (T, (F(v) | v ∈ T ))
be a tree decomposition of width k of a τ -structure D with universe D. We fix a
set K of 2(k + 1) constants and choose a function f : D → K assigning to each
element d of D a constant ad ∈ K such that the following condition is satisfied:
If v and w are adjacent nodes of T , then distinct elements of F(v) ∪ F(w)
are always mapped to distinct constants of K.
For each constant a ∈ K, let Qa be the set of those nodes v ∈ T at which
the constant a occurs, i.e., for which there exists an element d ∈ F(v) such
that f (d) = a. Further, we introduce for each m-ary relation R of D a tuple
R̄ := (Rā | ā ∈ K m ) of monadic relations on T with
Ra := { v ∈ T | there exist d1 , . . . , dm ∈ F(v) such that
F(v) |= Rd1 · · · dm and f (d1 ) = a1 , . . . , f (dm ) = am }.
Here, the tree T = (V, E) together with the monadic relations Qa and Ra —for
R ∈ τ —is called the tree structure T (D) associated with D (strictly speaking,
with its tree decomposition and with K and f ). Note that two occurrences of a
constant a ∈ K at nodes u and v of T represent the same element of D if and
only if a occurs in the label of all nodes on the link between u and v. Recall, the
link between two nodes u and v in a tree T is the smallest connected subgraph
of T containing both u and v.
An arbitrary tree T = (V, E) with monadic relations Qa and R̄ does define a
tree decomposition of width k of some structure D, providing that the following
axioms are satisfied:

(i) At each node v, at most k + 1 of the predicates Qa are true.

(ii) Neighbouring nodes agree on their common elements. For all m-ary relation
symbols R ∈ τ we have the axiom
338 Thoralf Räsch

 
consistent(R̄) := ā∈K m ∀x∀y((Exy ∧ a∈ā (Qa x∧Qa y) → (Rā x ↔ Rā y)).

The conjunction over all these conditions forms a first-order axiom θ over the
vocabulary τ ∗ := {E} ∪ {Qa | a ∈ K} ∪ {Rā | ā ∈ K m }. Given a tree structure T
with underlying tree T = (V, E) and monadic predicates Qa and Rā satisfying
θ, we obtain a structure D such that T (D) = T as follows:
For every constant a ∈ K, we call two nodes u and w of T a-equivalent
if T |= Qa v for all nodes v on the link between u and w. Clearly, this is an
equivalence relation on QTa . We write [v]a for an a-equivalence class of the node
v. The universe of D is the set of all a-equivalence classes of T for a a ∈ K, i.e.,
D := { [v]a | v ∈ T, a ∈ K, T |= Qa v}. For every m-ary relation symbol R in τ ,
we then define
RD := { ( [v1 ]a1 , . . . , [vm ]am ) | T |= Ra1 ···am v for some
(and hence all) v ∈ [v1 ]a1 ∩ · · · ∩ [vm ]am }.

The Translation
For every formula ϕ(x1 , . . . , xm ) ∈ CliqueSO(τ ) and every tuple ā = (a1 , . . . , am )
over K, we now construct a monadic second-order formula ϕā (z̄) of vocabulary
τ ∗ , with one free variable. The formula ϕa (z) describes in the associated tree
structure T (D) the same properties of guarded tuples as ϕ(x̄) does in D. We will
make this statement more precise below. To define this translation we exploit
the fact that clique-guarded tuples in D are somehow local in T (D), i.e., they
coexist at some node of T (D)—cf. Lemma 18.15.
On a directed tree T = (V, E) we can express that U contains all nodes on
the link between x and y by the formula
connect(U, x, y) := U x ∧ U y ∧ ∃r(U r ∧ ∀z(Ezr → ¬U z)
∧∀w∀z( Ewz ∧ U z ∧ z = r → U w) ).
For any set ā ⊆ K we can then construct a monadic second-order formula

linkā (x, y) := ∃U ( connect(U, x, y) ∧ ∀z(U z → Qa z) )
a∈ā

saying that the tuple ā occurs at all nodes on the link between x and y.
Lemma 18.25. For every tuple ā ∈ K m , let
  
cliqueā (z) := ∃y( linka,a
(y, z) ∧ Rb̄ y ).
a,a
∈ā R∈τ b̄:a,a
∈b̄

Let v be a node of T (D), let d¯ be the tuple in F(v) with f (d)

¯ = ā. Then

T (D) |= cliqueā (v) if and only if d¯ is clique-guarded in D.

Proof. The formula cliqueā (v) says that for any pair a, a of components of ā,
there is a node w such that:
 18 Introduction to Guarded Logics 339

• The nodes a and a occur at all nodes on the link from v to w and hence
represent the same elements d and d at w as they do at v.
• T (D) |= Rb̄ w for some predicate R and some tuple b̄ that contains both a
and a . By induction hypothesis, this means that d and d are components
of some tuple d̄ such that D |= Rd̄ .
Hence T (D) |= cliqueā (v) if and only if the tuple d¯ induces a clique in the
Gaifman graph G(D). 2
A clique-guarded relation X ⊆ Dm consists only of local tuples. Therefore,
X can be represented in the same way as the basic relations of D by a tuple
X̄ = (Xā | ā ∈ K m ) of monadic predicates on T (D). So, we define

clique-guarded(X̄) := consistent(X̄) ∧ ∀y( Xā y → cliqueā (y) ).
ā∈K m

Lemma 18.26. For any D, a tuple X̄ := (Xā | ā ∈ K m ) of monadic predicates

on T (D) encodes a clique-guarded m-ary relation on D if and only if T (D) |=
clique-guarded(X̄).
With Lemma 18.25 the proof is straightforward.
Since first-order quantification on CliqueSO can be assumed to be of the form
( ∃ȳ.clique(x̄, ȳ))η(x̄, ȳ). Without loss of generality we can define the translation
as follows.

(i) If ϕ(x̄) is an atom Sxi1 · · · xim (where S is either a relation symbol R ∈ τ

or a relation variable X), then ϕā (z) := Sb̄ z where b̄ := (ai1 , . . . , aim ).
(ii) If ϕ = (xi = xj ), let ϕā (z) =  if ai = aj and ϕā (z) = ⊥ otherwise.
(iii) If ϕ = (η ∧ θ), let ϕā (z) = (ηā (z) ∧ θā (z)).
(iv) If ϕ = ¬θ, let ϕā (z) = ¬θā (z).
(v) If ϕ = ( ∃ȳ.clique(x̄, ȳ) )η(x̄, ȳ), let
 
ϕā (z) := ∃y( ηā (y, z) ∧ ( Qb y ∧ cliqueāb̄ (y) ∧ ηāb̄ (y)) ).
b̄ b∈b̄

(vi) If ϕ = ∃Y θ for some m-ary relation variable Y , let

ϕā (z) := ∃Ȳ ( clique-guarded(Ȳ ) ∧ θā (z) ).

Here, Ȳ is a tuple (Yb̄ | b̄ ∈ K m ) of set variables.

The translation takes a sentence ϕ ∈ CliqueSO to a formula ϕ? (z) without

introducing new constants.

The Showdown
We are now well-prepared to bring it all together using techniques from [73] with
the following two theorems:
340 Thoralf Räsch

Theorem 18.27. For each structure D ∈ Ck (τ ), with tree representation T (D),

and for every sentence ϕ ∈ CliqueSO we have
D |= ϕ if and only if T (D) |= ∀zϕ? (z).

Proof. By induction, we will prove a slightly more general statement.

Let ϕ(x̄, Y1 , . . . , Ym ) be a formula in CliqueSO with free first- and second-
order variables as displayed, with translation ϕā (Ȳ1 , . . . , Ȳm , z). Let D be a struc-
ture, expanded by clique-guarded relations J1 , . . . , Jm and let T (D) be the asso-
ciated tree structure, expanded by the representations J¯1 , . . . , J¯m of the relations
J1 , . . . , Jm .
Claim. For every node v of T (D) and every tuple d¯ ⊆ F(v) with f (d)
¯ = ā,

D |= ϕ(d,¯ J1 , . . . , Jm ) if and only if T (D) |= ϕā (v, J¯1 , . . . , J¯m ).

The only cases that need to be discussed here are first-order and second-
order quantifications. If ϕ(x̄) = (∃ȳ .clique(x̄, ȳ))η(x̄, ȳ) and D |= ϕ(d),¯ then
there exists a tuple d̄ such that D |= clique(d, d̄ ) ∧ η(d, d̄ ).
 ¯  ¯ 

By Lemma 18.15, there exists a node w of T such that all components of

d¯ ∪ d̄ are contained in F(w). Let f (d̄ ) = b̄. By induction hypothesis, it follows
that

T (D) |= Qb w ∧ cliqueāb̄ (w) ∧ ηāb̄ (w).
b∈b̄

Let U be the set of nodes on the link between v and w. Then, the tuple d¯
occurs in F(u) for all nodes u ∈ U . It follows that T (D) |= linkā (v, w). Hence,
T (D) |= ϕā (v).
Conversely, if T (D) |= ϕā (v), then there exists a node w such that the con-
stants ā occur at all nodes on the link between v and w (and hence correspond
to the same tuple d) ¯ and such that T (D) |= clique (w) ∧ η (w) for some tuple
āb̄ āb̄
b̄. By induction hypothesis this implies that D |= clique(d, ¯ d̄ ) ∧ η(d,
¯ d̄ ) for some
tuple d̄ , hence D |= ϕ(d).
 ¯
With ϕ(x̄) = ∃Y θ the claim follows immediate from the induction hypothesis
and from Lemma 18.26. 2
Theorem 18.28. For each k ∈ N , the CliqueSO-theory of Ck is decidable.

Proof. Let ϕ be a sentence in CliqueSO of vocabulary τ . We translate ϕ into a

monadic second-order sentence ϕ∗ such that ϕ belongs to the CliqueSO-theory
of Ck if and only if ϕ∗ is in the monadic theory of all trees.
Fix a set K of 2k + 1 constants and let Q̄ be the tuple of monadic relations
Qa for a ∈ K. Further, for each m-ary relation symbol R ∈ τ , let R̄ be the
tuple of monadic relation Rā where ā ∈ K m . The desired monadic second-order
sentence has the form:

ϕ∗ := (∀Q̄)(∀R̄)( θ → ∀xϕ? (x) ).

 18 Introduction to Guarded Logics 341

Here, θ is the first-order axiom expressing that the tree T expanded by the
relations Q̄ and R̄ is a tree structure T (D) associated to some τ -structure D.
By Theorem 18.27, T (D) |= ∀xϕ? (x) if and only if D |= ϕ. Hence ϕ is true on
all structures of tree width at most k if and only if ϕ∗ is true on all trees. 2
Theorem 18.23 now follows immediately: Given an arbitrary sentence we test
satisfiability via the tree model property by testing satisfiability of its translation
into CliqueSO on trees. In this way we obtain an equivalent satifiability problem,
which is decidable by Theorem 18.28.
19 Automata for Guarded Fixed Point Logics

Dietmar Berwanger and Achim Blumensath

Mathematische Grundlagen der Informatik

RWTH Aachen

19.1 Introduction

The guarded fixed point logics µGF and µCGF introduced in the previous chap-
ter extend the guarded fragments of first-order logic GF and CGF on the one
hand and the modal µ-calculus on the other hand. Thereby, the expressive power
of the underlying formalisms is increased considerably. On transition systems,
for instance, µGF already subsumes the µ-calculus with backwards modalities.
Hence, the question arises, whether these logics are still manageable algorithmi-
cally. In this chapter we will study the complexity of their satisfiability problems.
As a consequence of the general criterion stated in Theorem 18.23, it fol-
lows that the satisfiability problems for µGF and µCGF are decidable. Yet, the
argument does not allow us to derive precise complexity bounds for the deci-
sion problem. A lower bound can be obtained from the respective results for Lµ
and GF. For Lµ the satisfiability problem is Exptime-complete [54], whereas
for GF it is complete for 2Exptime [73]. However, if we consider formulae of
bounded width, i.e., with a bounded number of variables, it becomes Exptime-
complete as well.
Following Grädel and Walukiewicz [75, 73] we will prove that even for µCGF,
the strongest logic considered, the satisfiability problem is still in 2Exptime
in the general case, and in Exptime for formulae of bounded width. In other
words, the fixed point extensions of guarded logics are almost for free in terms
of complexity of the satisfiability problem.
Given the expressive power of these logics, this result is rather surprising. For
instance, in contrast to Lµ , already the weakest guarded fixed point logic µGF
lacks the finite model property. An example of a formula with only infinite
models was given in the previous chapter:

(∃xy.Exy) ∧ (∀xy.Exy)(∃z.Eyz)[LFPZ,z (∀y.Eyz)Zy](z).

A crucial model theoretic aspect of guarded logics is their (generalised) tree

model property stated in Theorem 18.16. Informally, this asserts that models of
guarded formulae can be represented as trees. In [189, 71] Vardi and Grädel em-
phasise that the tree model property seems to be the key feature responsible for
the good algorithmic behavior of modal logics because it makes them amenable
to automata-theoretic techniques for solving satisfiability and model-checking
problems. The generalised tree model property allows us to lift these techniques
to guarded logics. In order to decide whether a given formula ψ is satisfiable
one can construct two automata: the first one, called model checking automaton,

E. Grädel et al. (Eds.): Automata, Logics, and Infinite Games, LNCS 2500, pp. 343-355, 2002.
 Springer-Verlag Berlin Heidelberg 2002
344 Dietmar Berwanger and Achim Blumensath

takes an appropriate representation of a structure as input and accepts if and

only if the structure satisfies ψ; the other automaton recognises the set of all
appropriate representations. Then, the formula is satisfiable iff the product of
these automata recognises a non-empty language.
This scheme outlines the plan of the present chapter. First, we introduce
appropriate tree representations of structures in Section 19.2 together with a
suitable automata model. For a better understanding we will proceed on two
tracks. On the one hand, we define the unravelling tree of a structure. The nodes
of this tree are associated to the guarded sets of the structure, in such a way that
every node has all guarded sets represented in its successors. This rich encoding
allows checking of the encoded model by rather simple automata. Moreover,
the underlying technique was already discussed in the previous chapter, in the
proof of Theorem 18.17. On the other hand, we introduce decomposition trees
which, being more compact representations, require more sophisticated two-way
automata for model checking.
Section 19.3 is dedicated to the construction of the model checking automa-
ton. Starting from input structures encoded as unravelling trees, we define a
one-way automaton which, when viewed as a two-way automaton, still recog-
nises the same structures, but in a different encoding, as decomposition trees.
At that point, the two tracks of our exposition converge.
Finally, Section 19.4 concludes the reduction by presenting an automaton
which recognises valid decomposition trees. Putting all pieces together we are
able to derive the desired complexity bounds for the satisfiability problem.

19.2 Requisites
19.2.1 Clique Guarded Fixed Point Formulae
When speaking of formulae we always mean µCGF-formulae as introduced in
the previous chapter. To simplify our notation we will, however, omit the clique
guards, i.e., instead of (∃x̄.clique(x̄))η(x̄) we will write ∃x̄.η(x̄) and accordingly
for universal formulae.
Furthermore, we will assume that all formulae are well named and in negation
normal form, that is, fixed point variables are defined at most once and negation
applies to atomic formulae only. Clearly, every µCGF-formula can be rewritten
to meet these requirements.
A crucial parameter of a formula is its width which is defined as the greatest
number of free variables occurring in a subformula. Equivalently, a formula has
width k iff it can be transformed, by renaming of variables, so that it uses only
k variables. In the following we will always assume that every formula of width k
is written with the variables {x0 , x1 , . . . , xk−1 }.

19.2.2 Tree Representations

In order to use tree automata for model checking and satisfiability we encode
structures by trees. Recall that every subformula of a formula of width k can
 19 Automata for Guarded Fixed Point Logics 345

a
a
b c

b c

d d
e g
e f g
f

Fig. 19.1. A structure with relations of arity 1, 2, and 3 and its Gaifman graph

refer to at most k structure elements at the same time, which, moreover, have
to be guarded. On account of this, we associate to a given structure A a tree
whose nodes are labelled by the substructures of A induced by at most k guarded
elements. In addition, the overlap of two adjacent nodes is stored in the label of
their common edge.
Let us fix some notation for the remainder of this chapter. The set of guarded
subsets of size at most k of a σ-structure A is denoted by

Γk (A) := { K ⊆ A | K is k-clique-guarded in A }.
The substructures induced by these sets are mapped onto the fixed universe
[k] = {0, . . . , k − 1} and then arranged to form a tree while keeping track of
overlaps along the edges. Thus, the nodes of the resulting trees are labelled by
the alphabet

Σk := { C | C is a σ-structure over a universe C ⊆ [k] }

while the edges are labelled by subsets of [k]. We call trees labelled by these
alphabets shortly k-type trees. When we speak about a D-edge, we mean an
edge labelled with D ⊆ [k], and a D-neighbour or D-successor of a node is a
neighbour respectively a successor along some D-edge.

Definition 19.1. For a given width k, the k-unravelling tree of a structure A

is the k-type tree T over the set of nodes Γk (A)∗ labelled as follows:

(i) The root of T is labelled with the empty structure (∅, σ) and all outgoing
edges are labelled with ∅.
(ii) Every node v ∈ Γk (A)∗ K is labelled with an isomorphic copy C of A|K , the
restriction of A to K ∈ Γk (A).
(iii) If π : A|K → C and π  : A|K → C are isomorphisms labelling, respectively,
a node v ∈ Γk (A)∗ K and its successor v  = vK  , then π and π  agree on
K ∩ K  and the edge (v, v  ) is labelled with π(K ∩ K  ).
346 Dietmar Berwanger and Achim Blumensath

Remark 19.2. It is easy to see that for every D-edge (v, v  ) of an unravelling
tree T the following conditions hold:
(i) Consistency: the labels C of v and C of v  agree on D, that is, C|D = C |D .
(ii) Completeness: for any H ⊆ [k] the H-successors of v and v  agree on
D ∩ H, i.e., there is a one-to-one map assigning to each H-successor w of v
an H-successor w of v  such that the labels of w and w agree on D ∩ H.

Generally, we call a k-type tree consistent, if it satisfies the first condition.

Let us now look at the relationship between a tree representation and the encoded
structure.

Definition 19.3. Given a consistent k-type tree T , consider the disjoint sum of
its node labels,


D := · { (C, v) | C is the label of v ∈ T }.
Let ∼ be the least equivalence relation on the universe of D with
(i, v) ∼ (i, v  ) if v  is a successor of v and i is in the label of (v, v  ).

Then, by consistency of T , ∼ is a congruence relation on D. We call the quotient

D/∼ the structure recovered from T .
Definition 19.4. The k-unravelling A(k) of a structure A is the structure
recovered from the k-unravelling tree of A.

Since µCGF is invariant under guarded bisimulation (see [73]), it follows

that sentences of width up to k cannot distinguish between a structure A and
its k-unravelling A(k) .

Proposition 19.5. Every structure A is k-clique bisimilar to its k-unravelling

Ak . That is, for all µCGF-sentences ψ of width at most k we have
A |= ψ iff A(k) |= ψ.
If we recall the notion of tree decomposition of a structure introduced in the
previous chapter we can easily establish the following connection.

Proposition 19.6. A k-type tree T is a tree decomposition of some structure A

iff the structure recovered from T is isomorphic to A.

This relationship suggests tree decompositions as candidates for structure

representations.

Definition 19.7. For a given width k, a k-decomposition tree of a structure

A is a k-type tree T
where
(i) for every K ∈ Γk (A) there is a node labelled with (an copy of) A|K ;
(ii) the labels of any two nodes connected by a D-edge agree on D;
 19 Automata for Guarded Fixed Point Logics 347

1
2
3
{1} {2, 3}

2 2
1 1 3

{1, 3} {1, 2}
{2}

3
2
1 2 3 2
1
1
{1}
{3}

1
1
2
3
3

{1}
{2, 3}

2 1
3 1 2

{1, 3} {1, 2} {2}

3 2
3 2 1 2 1
1 3

{3} {1, 3}

1 1
3 2 3

Fig. 19.2. A k-decomposition tree of the structure in Fig. 19.2.2

(iii) every node v is labelled with A|K for some K ∈ Γk (A) via an isomorphism π.
Moreover, for each K  ∈ Γk (A) there is a node v  labelled with A|K
, such
that all edges on the path between v and v  include π(K ∩ K  ) in their
labels.

Remark 19.8. (i) The k-unravelling tree of a structure is also a k-decomposition

tree of that structure.
348 Dietmar Berwanger and Achim Blumensath

c b c b
...... ......
a d a

e f g

Fig. 19.3. The structure recovered from the decomposition tree in Fig. 19.2.2

(ii) Each k-decomposition tree of a structure A induces a subtree in the k-

unravelling tree of A.
It is an easy exercise to show that the process of k-decomposing a structure
preserves its properties up to bisimulation, yielding a more compact representa-
tion than unravelling does.
Proposition 19.9. Given a structure A, let A be the structure recovered from
a k-decomposition tree of A. Then A and A are clique-k-bisimilar.

19.2.3 The Automata Model

We employ alternating automata that work on trees where nodes and edges are
labelled.
Definition 19.10. An alternating tree automaton over a node alphabet Σ
and an edge alphabet ∆ is given by a tuple
A = (Q, Σ, ∆, δ, qI , Ω)
where Q = Q0 ∪· Q1 is the set of universal and existential states, qI designates
the initial state, Ω : Q → ω is a parity condition and
δ :Q×Σ → P (∆ × Q)
is the transition function. The pairs (d, q) ∈ ∆ × Q are called transitions.
We define the behaviour of such automata by way of games.
Definition 19.11. Let A = (Q, Σ, ∆, δ, qI , Ω) be an automaton and T an ap-
propriately labelled tree. The game G(A, T ) associated to A and T is the parity
game with positions Q × T and acceptance condition Ω played as follows.
Every play starts in state qI at the root of T . Assume that the play reached
some position (q, v) where the node v is labelled with c. If q belongs to Q0 ,
Player 0 can move to a position (q  , v  ) if
(i) there is a transition (d, q  ) ∈ δ(q, c) and
(ii) v  is a d-successor of v.
The moves of Player 1 are defined analogously.
 19 Automata for Guarded Fixed Point Logics 349

The language L(A) accepted by a tree automaton A is the set of all trees T ,
such that Player 0 has a winning strategy in the game G(A, T ).
Usually, automata are defined as devices scanning their input only in one
direction. However, for our purpose it is convenient to allow them to move back-
wards and remain still as well.
Definition 19.12. An alternating two-way tree automaton is given in the
same way as a (one-way) alternating automaton,
A2 = (Q, Σ, ∆, δ, qI , Ω)
where acceptance is defined in a different way. The game G(A2 , T ) associated
to a two-way automaton A2 and a tree T is the parity game obtained as in
Definition 19.11, but replacing rule (2) with
(ii’) either v  = v or v  is a d-neighbour of v.
The language L(A2 ) accepted by a two-way tree automaton A2 is the set of all
trees T such that Player 0 has a winning strategy in the game G(A2 , T ).

19.3 Model Checking

The results presented in Chapter 14 and 10 reveal a close relationship between
alternating automata and games on the one side, and logical formalisms on the
other side. The automaton constructed in Section 10.3 for Lµ translates first-
order operations into state transitions, while fixed point predicates are encoded
as priorities.
In a similar way, we will construct automata for µCGF. But unlike Lµ , where
a formula is evaluated at a single node of a transition system, a µCGF-formula
with several free variables may involve several structure elements. Since these
elements have to be clique-guarded, they appear together in the label of some
node in the unravelling (or, decomposition) tree. To allow our automaton to
access the structure in the node labels of the input tree, its states will contain
two components: a subformula, and an assignment of the variables appearing
free therein.
The closure cl(ψ) of a formula ψ is the set consisting of all subformulae of ψ
together with the formulae true and false.
Definition 19.13. To any formula ψ ∈ µCGF of width k we associate the
P
automaton Aψ = (Q, Σk , ([k]), δ, qI , Ω) over k-type trees where the state set
Q := { (ϕ, β) | ϕ ∈ cl(ψ) and β : {x0 . . . xk−1 } → [k] }
is partitioned into existential and universal states by
Q0 := { (ϕ, β) | ϕ = false, or ϕ = η ∨ ϑ, or ϕ = ∃ȳ.η }, and
Q1 := Q \ Q0 .
The initial state is qI = (ψ, ∅) where ∅ stands for the void assignment.
350 Dietmar Berwanger and Achim Blumensath

It remains to specify the transition function. To simplify our notation we

use expressions HS with H ⊆ [k] and S ⊆ Q to denote the set of transitions
{ D ⊆ [k] | H ⊆ D } × S. In particular, when we refer to the universe of C we
write ·S instead of CS. Furthermore, omitting parenthesis, we simply write
δ(ϕ, β, C) instead of δ((ϕ, β), C).

(i) If ϕ = true or ϕ = false then δ(ϕ, β, C) = ∅.

(ii) If ϕ is a σ-atom or a negated σ-atom then

·{(true, ∅)} if C, β |= ϕ,
δ(ϕ, β, C) =
·{(false, ∅)} if C, β |= ϕ.

(iii) If ϕ = η ∧ ϑ or ϕ = η ∨ ϑ then

δ(ϕ, β, C) = ·{(η, β), (ϑ, β)}.

(iv) If ϕ(x̄) = FPT ȳ (η)(x̄) then

δ(ϕ, β, C) = ·{(η, β)}.

(v) If ϕ(x̄) = T x̄ and FPT ȳ (η)(x̄) it the unique definition of T in ψ then

δ(ϕ, β, C) = ·{(η, β)}.

(vi) If ϕ(x̄) = ∃ȳ.η(x̄, ȳ) or ϕ(x) = ∀ȳ.η(x̄, ȳ) then

δ(ϕ, β, C) =·{ (η, β  ) | β  |x̄ = β|x̄ } ∪ β(x̄){(ϕ, β)}.

Finally, if the fixed point variables of ψ occur in the order Z1 , . . . , Zn the parity
condition is given by


 2i ϕ = Zi x̄ and Zi is a GFP-variable,




2i + 1 ϕ = Zi x̄ and Zi is an LFP-variable,
Ω(ϕ, β) := 2n + 4 ϕ = ∀ȳ.η,



 2n + 3 ϕ = ∃ȳ.η,


2n + 2 otherwise.

The automaton works in a similar way as the Lµ -automata defined in Sec-

tion 10.3: disjunctions are decomposed by Player 0, conjunctions by Player 1 and
fixed points are regenerated. Atomic statements are verified locally and termi-
nate the run. Acceptance of infinite runs is determined by the priority function
which reflects the nesting and type of fixed point definitions. Note that, except
when dealing with quantifiers, the automaton changes only the formula compo-
nent of its states, while the variable assignment remains the same. Moreover,
the ·-transitions allow to move only to successors that retain the structure
information of the current node.
To understand the handling of quantification, consider, e.g., an existential
formula ϕ(x̄) = ∃ȳ.η(x̄, ȳ). Player 0 may use a transition from β(x̄){(ϕ, β)}
 19 Automata for Guarded Fixed Point Logics 351

to proceed to a successor that retains the structure living on elements currently

assigned to the free variables x̄. In this way, he can reassign the quantified
variables ȳ to elements of the chosen successor. After such a move, the formula
in the new state is still ϕ and Player 0 is again in turn to move. But, as existential
formulae have odd priority, he can reiterate these moves only finitely many times
and must then take a transition of the form ·{ (η, β  ) | β  |x̄ = β|x̄ }.
Given an input tree that k-unravels a structure A, the structures labelling
the nodes are all induced by k-cliques in A. Moreover, from each node (a copy
of) every other k-clique of A is accessible within one move.
It remains to prove that our construction is correct, that is, that we can use
the automaton defined above to solve the model checking problem for µCGF.
Proposition 19.14. Given a formula ψ of width k and a structure A, the au-
tomaton Aψ accepts the k-unravelling tree of A iff A |= ψ.
Proof. It is convenient to argue in terms of games. Model checking games for
µCGF were introduced in [11] as a generalisation of the model checking games
for Lµ . Although defined for finite structures, the extension of these games to
the transfinite case is straightforward.
Let T be the k-unravelling tree of the structure A. We will show that the
game which determines acceptance of T by the automaton Aψ is essentially the
model checking game associated to A and ψ.
Let G be the acceptance game G(Aψ , T ). We can simplify this game by col-
lapsing positions which share the same formula and map its free variables to the
same part of the structure.
Recall that any node v of T is labelled via some isomorphism π. Furthermore,
at every position (ϕ, β, v) in a play of G, the image of π includes the image of
the assignment β. Thus, we can define a mapping from the positions of G to
{ (ϕ, χ) | ϕ ∈ cl(ψ) and χ : {x0 . . . xk−1 } → A } as follows:
· : (ϕ, β, v) → (ϕ, π −1 ◦ β).

\ \
By the construction of G, we can easily verify that this mapping induces a
congruence relation ∼
 among the positions of G,

 (ϕ, β, v  ) iff
(ϕ, β, v) ∼ (ϕ, β, v) = (ϕ, β, v  ),
which is also a bisimulation on G.
Consider now the (strong homomorphic) image G of G under · . On the one
hand, G and G are bisimilar via · and, consequently, the same player has a win-
ning strategy in both plays. On the other hand, G is almost the model checking
game G  = G(A, ψ) as defined in [11]. The only difference arises at positions
(ϕ, χ) where ϕ is an existential or universal formula, say ϕ = ∃ȳη(x̄, ȳ). Then,
the model checking game allows moves to (η, χ ) with χ such that
(i) χ and χ agree on the values of x̄ and
(ii) A, χ |= clique(x̄, ȳ),
whereas in G the legal moves go either to (ϕ, χ ) with χ as above, or to (η, χ).
352 Dietmar Berwanger and Achim Blumensath

Nevertheless, we will show that the same player wins both G  and G.  If

Player 0 has a winning strategy in the model checking game G , he can also
 as long as no existential formula is met. Otherwise, at
play this strategy in G,
positions (ϕ, χ) as above, he can imitate the move to the position (η, χ ) he
would perform in G  by taking two steps:
(i) move to (ϕ, χ ); this is possible since, for every χ agreeing with χ on the
free variables of ϕ, the position (ϕ, χ ) is reachable from (ϕ, χ) in one step.
(ii) At (ϕ, χ ) it’s still Player 0 turn: move to (η, χ ).
Towards a contradiction, let us assume that Player 1 wins this play. Then, after
any universal formula ϕ = ∀ȳη(x̄, ȳ) occurring in the play, there can follow
only finitely many positions with ϕ until Player 1 chooses some position (η, χ );
otherwise he would lose with the highest even priority. But then, Player 1 also
wins by choosing (ϕ, χ ) right from position (ϕ, χ) and proceeding with (η, χ ).
However, these two moves translate into one move in the corresponding play of
G  which leads Player 1 to a win in G despite Player 0’s winning strategy, which
is not possible. This concludes our proof that a player has a winning strategy in
the model checking game iff he has one in the acceptance game.

The correctness of our construction relies on the fact that the input trees are
complete in the sense of Remark 19.2 (ii). That is, if the current node is labelled
by a k-clique of the represented structure, then every other k-clique appears in
the label of some successor node. Unfortunately, it is very hard to check whether
a given tree satisfies this property. By letting Aψ run as a two-way automaton
A2ψ , we can relax this requirement and claim instead that every k-clique shall be
reachable via a finite path from the current node.
Proposition 19.15. Given a formula ψ of width k and a structure A, let T be
a k-decomposition tree of A. Then the automaton A2ψ accepts T iff A |= ψ.

Proof. The idea is to show that A2ψ runs on T in a similar way as its one-way
variant does on the k-unravelling tree T  of A. Towards this we will transform
the acceptance game G(A2ψ , T ) by introducing shortcuts into a game which is
bisimilar to the acceptance game G(A, T  ) of the one-way automaton.
Let G ∗ be the least game extending G := G(A2ψ , T ) by new transitions in such
a way that, whenever there are two transitions

(ϕ, β, v) → (ϕ, β, v  ) → (ϕ, β, v  )

in G ∗ , the shortcut (ϕ, β, v) → (ϕ, β, v  ) is also a transition in G ∗ .

Observe that the new transitions just shortcut a sequence of steps in the
original game, all performed by the same player. To see that this does not change
the winning partitions, assume, towards a contradiction, that Player 1 has a
winning strategy for G ∗ while Player 0 has one for G. All moves in G are still
available in G ∗ , so Player 0 can apply his winning strategy for G in the play π
of G ∗ against the winning strategy of Player 1. Let us now look at the play
in G in which both players move like in π except at positions (ϕ, β, v) where
 19 Automata for Guarded Fixed Point Logics 353

Player 1 used a shortcut to, say (ϕ, β, v  ), for ϕ a universal formula. At that
point, Player 1 can move step by step via finitely many positions (ϕ, β, w) along
the path leading to the destination of the shortcut. From there, the play proceeds
like in π. Clearly, Player 1 wins this play in G in contradiction to our assumption
on Player 0’s winning strategy.
The mapping · which was defined in the proof of Proposition 19.14 can be
applied to the positions of G ∗ . It induces a congruence relation on G ∗ and, as
such, a bisimulation between G ∗ and its strong homomorphic image G∗ . This
image is precisely the game G(  Aψ , T  ) which is bisimilar to G(Aψ , T  ).
Accordingly, the automaton A2ψ accepts the k-decomposition tree T iff Aψ
accepts the k-unravelling tree T  .

19.4 Satisfiability
The model checking automata introduced above operate correctly on inputs
which represent structures. But in order to solve the satisfiability problem this
does not suffice. We need to make sure that all inputs which do not represent
structures are rejected.

Checking representation validity. From a given a k-type tree T , we can

recover a structure according to Definition 19.3, only if T is consistent, that is,
if every node agrees with its D-neighbours on the D-part of its label.
Provided T is consistent, let A be the recovered structure. Now T is a k-
decomposition tree of A iff every node label of T induces a clique in A. This is
crucial, since the model-checking automaton assumes that all elements appear-
ing in the label of its input represent clique-guarded elements of the structure.
Another way to formulate this condition is: For every node v and every pair of
elements {i, j} ⊆ [k] in its label, there is a node v  in which i and j are guarded
by an atom and all edges on the path between v and v  include {i, j} in their
labels.
Now, we build an automaton that checks the above two conditions.
Definition 19.16. For every width k, we construct a two-way automaton A2k =
P
(Q, Σk , ([k]), δ, check, Ω) over k-type trees whose set of states is partitioned
into
Q0 = {false} ∪ [k]2 and
Q1 = {true, check} ∪ { Rā | R ∈ σ, ā ⊆ [k] }.
In state check the automaton allows Player 1 to move freely on the input
tree to reach a node where either the consistency or the guardedness condition
may be violated. At that event, state Rā records the loss of the atom Rā along
an edge that preserves ā while the states (i, j) ∈ [k]2 indicate the search for
witnesses to the guardedness of i and j. The transitions are as follows.


δ(check, C) = ∅{check} ∪ { ā{Rā} | C |= Rā }
∪ ·{ (i, j) | C |= clique(i, j) }.
354 Dietmar Berwanger and Achim Blumensath

At a node where the elements i and j are not guarded, Player 1 can challenge
his opponent to find a node where {i, j} appear guarded, along a path where
these elements persist in the edge labels.

δ((i, j), C) =
·{true} C |= clique(i, j),
{i, j}{(i, j)} otherwise.

Also, Player 1 may pick a currently valid atomic fact to check whether it is indeed
preserved along the edges that contain all involved elements in their label.

δ(Rā, C) =
·{true} C |= Rā,
·{false} otherwise.

If the player agree on a local test, the run is finite: δ(true) = δ(false) = ∅.
On an infinite run, the automaton assumes forever either the state check or
some state (i, j). Since in the first case Player 0 should win, we set Ω(check) = 0.
In the second case, instead, Player 0 should lose, because he does not provide a
witness to the guardedness of i and j after a finite number of steps. To enforce
that, we set Ω((i, j)) = 1 for all (i, j) ∈ [k]2 .
It is easy to see that the above checks ensure the consistency and the guard-
edness of the input tree.
Lemma 19.17. The automaton A2k recognises the set of k-decomposition trees
of all σ-structures.

Reduction to the emptiness problem. After having constructed an automa-

ton A2ψ for the model checking of a tree representation and an automaton A2k
to check the validity of the input tree, we can build the product automaton
Bψ2 := A2ψ × A2k which recognises precisely the set of k-decomposition trees of
all models of ψ. In this way, the satisfiability problem for ψ is reduced to the
emptiness problem for Bψ2 .
Proposition 19.18. A µCGF formula ψ is satisfiable iff L(Bψ ) = ∅.

Emptiness of two-way automata. In order to establish the complexity of

the emptiness problem for our automata model we will reduce it to the two-way
automata introduced by Vardi [190] defined for input trees of bounded branching
degree.
Lemma 19.19. Any two-way automaton recognising a non-empty language, ac-
cepts some tree whose degree is bounded by the size of its state set.
Proof. Let A2 be a two-way automaton accepting some input tree T . Hence,
Player 0 has a winning strategy in the parity game G(A2 , T ) and, by [55, 132],
even a memoryless one: f : Q0 × T → Q × T . For any node v ∈ T , let S(v) be
the set of nodes targeted by f at some position with v:
S(v) := { v  ∈ T | f (q, v) ∈ Q × {v  } for some q ∈ Q0 }.
 19 Automata for Guarded Fixed Point Logics 355

Consider now the tree T  obtained from T by discarding at every node v

those successors which are not in S(v). Since |S(v)| ≤ |Q0 |, this yields a tree of
branching degree bounded by |Q0 | ≤ |Q|. Moreover, f is still a winning strategy
in G(A2 , T  ). In other words, the automaton A2 also accepts T  .

19.5 Complexity
Since Vardi’s automata work on trees with unlabelled edges, we have to remove
the edge labels and place them into their target node. Then, our automaton has
to verify the validity of taken transitions, thus, requiring a blow-up of its state
set by the size of the edge alphabet. Taking into account this modification, we
can transfer the complexity of the emptiness test of Vardi’s automata to our
model.

Theorem 19.20. The emptiness of a two-way alternating automaton with s

2
states and t edge symbols can be decided in time 2O((st) ) .

For the computations in the remainder of this chapter, let us fix a formula ψ

of size n and width k. Note that, the number of states of the automata A2ψ and
A2k is bounded by O(n · k k ). Accordingly, their product Bψ2 has at most O(n2 k 2k )
states. From Lemma 19.19 we can now infer a stronger variant of the tree model
property for µCGF.
Proposition 19.21. Any satisfiable µCGF-formula of width k has a model with
a tree decomposition of width at most k − 1 and branching degree bounded by
O(n2 k 2k ).
By Theorem 19.20, the reduction of the satisfiability problem for ψ to the
emptiness of Bψ2 yields the following complexity bounds:
k 4 4 4k log k O(n)
2O((n·k ) )
= 2O(n 2 )
= 22 .
4
When k is bounded by a constant, the above expression boils down to 2O(n ) .
Since the complexity results on CGF quoted in the introduction of this chap-
ter imply hardness of this bounds, we can state:
Theorem 19.22. The satisfiability problem for µCGF is 2Exptime-complete
in the general case. For clique guarded fixed point sentences of bounded width it
is Exptime-complete.
20 Some Fixed Point Basics

Carsten Fritz

Institut für Informatik und Praktische Mathematik

Christian-Albrechts-Universität zu Kiel

This chapter is intended to give the reader a brief overview of some basic no-
tations and theorems regarding fixed points of monotone functions on complete
lattices. The main results stated and proved here are the Knaster-Tarski Theo-
rem [175] (Theorem 20.4), and Theorem 20.12 on the characterization of simul-
taneous fixed points. That is, this chapter provides proofs and some additional
insights to propositions introduced in Chapter 10.
Therefore, our main interest is the µ-calculus dealing with fixed points of
monotone functions on the complete lattice of subsets of the states of a Kripke
structure. Consequently, power set lattices will be our main models of complete
lattices, but our approach will be somewhat more general.

20.1 Preliminaries
We fix a complete lattice L = (L, ≤, , ⊥), i.e.
(1) L is a non-empty set,
(2) ≤ is a partial order on L such that every subset M ⊆ L has a supremum
and an infimum,
(3) , ⊥ ∈ L are the greatest and least elements, respectively, of L, i.e., for every
x ∈ L, ⊥ ≤ x ≤  holds.
Note that inf ∅ = , sup ∅ = ⊥. Our main instance of a complete lattice
P
(A), ⊆, A, ∅) of 
P
is the power set lattice (
an arbitrary set A. For a subset
M ⊆ (A), we have inf M = M , sup M = M .
Let On be the class of ordinals. For a cardinal c, let c+ be the least ordinal
such that |c+ | > c.
Definition 20.1. Let f : L → L be a function.
(1) x ∈ L is a fixed point of f iff f (x) = x.
(2) x is the least (greatest) fixed point of f iff x is a fixed point of f and
x ≤ y (y ≤ x) holds for all fixed points y of f .
(3) f is monotone iff for all x, y ∈ L, x ≤ y implies f (x) ≤ f (y).
(4) f is inflationary iff x ≤ f (x) holds for all x ∈ L.
(5) We inductively define a sequence (f α )α∈On of elements f α ∈ L by
f 0 := ⊥,
f α+1 := f (f α ),
f λ := sup f α for limit ordinals λ.
α<λ

(6) f is inductive iff f β ≤ f α holds for all α, β ∈ On, β < α.

E. Grädel et al. (Eds.): Automata, Logics, and Infinite Games, LNCS 2500, pp. 359-364, 2002.
 Springer-Verlag Berlin Heidelberg 2002
360 Carsten Fritz

The following lemma connects these notions.

Lemma 20.2. (i) If f is monotone or inflationary, it also is inductive.

(ii) If f is inductive, there is an inflationary function g : L → L such that
g α = f α for all α ∈ On.
(iii) If f is inductive, there is an α ∈ On such that |α| ≤ |L| and f α+1 = f α
(i.e., f α is a fixed point of f ). If L is the power set lattice of a set A, there
is an α ∈ On such that f α is a fixed point of f and |α| ≤ |A|.

Proof. (i) First, let f be monotone. To show that f is inductive, we use induc-
tion on α:
(α = 0): Trivial.
(α → α + 1): Using the monotonicity of f and the induction hypothesis, we
have f α+1 = f (f α ) ≥ f (f β ) = f β+1 for all β < α. Thus f β ≤ f α+1 for all
β < α + 1.
(α a limit ordinal): Immediately by the definition of f α .
The proof for inflationary f is trivial.
(ii) Let f be inductive and define g : L → L, x
→ sup{x, f (x)}. Obviously, g is
inflationary. By induction, we show ∀α ∈ On(g α = f α ):
(α = 0): g 0 = ⊥ = f 0
(α → α + 1): The induction hypothesis yields g α+1 = g(g α ) = g(f α ) =
sup{f α , f (f α )}. Since f is inductive, sup{f α , f (f α )} = f α+1 .
(α a limit ordinal): By induction hypothesis, g α = sup g β = sup f β = f α .
β<α β<α
(iii) Assume that there is no such α. Then, for every α < β < |L|+ , f α = f β .
That is, the set { f α ∈ L | α < |L|+ } ⊆ L has cardinality ||L|+ | > |L|.
Contradiction. If L is the power set lattice of a set A, there is an xα ∈
f α+1 \ f α for every α < |A|+ . Thus X := { xα | α < |A|+ } is a subset of
A, but |X| = ||A|+ | > |A|. Contradiction.

Definition 20.3. The least α ∈ On such that f α+1 = f α is the closure ordi-
nal of f . Notation: cl(f ). For monotone f , we define f ! := f cl(f ) .

20.2 Least and Greatest Fixed Points

The Knaster-Tarski Theorem [175] asserts the existence of a least and a greatest
fixed point of any monotone function on a complete lattice. More precisely, these
fixed points are the infimum and supremum, respectively, of certain subsets of
the complete lattice and can be generated inductively.

Theorem 20.4 (Knaster and Tarski). Let f : L → L be monotone. Then there

is a least fixed point LFP(f ) and a greatest fixed point GFP(f ) of f . These are

LFP(f ) = inf{ x ∈ L | f (x) ≤ x }

GFP(f ) = sup{ x ∈ L | x ≤ f (x) }.
 20 Some Fixed Point Basics 361

Proof. Let Φ := { x ∈ L | f (x) ≤ x } and y := inf Φ. We first show that y is a

fixed point of f .
(f (y) ≤ y): For all x ∈ Φ, y ≤ x holds. Since f is monotone, we have (using
the definition of Φ) ∀x ∈ Φ(f (y) ≤ f (x) ≤ x). Thus f (y) ≤ inf Φ = y.
(y ≤ f (y)): Using f (y) ≤ y and the monotonicity of f , we have f (f (y)) ≤
f (y), i.e., f (y) ∈ Φ. Thus y = inf Φ ≤ f (y).
This shows that y is a fixed point of f . Since y is the infimum of Φ, in
particular y ≤ x holds for all x ∈ L such that f (x) = x. Thus y is the least fixed
point of f .
The proof for the greatest fixed point is similar.
Now we show that the least fixed point of a monotone f : L → L is contained
in the sequence (f α )α∈On and can thus be computed inductively.
Lemma 20.5. Let f : L → L be a monotone function. Then LFP(f ) = f ! .

Proof. Again, let Φ := { x ∈ L | f (x) ≤ x }. By definition, f ! is a fixed point,

thus LFP(f ) ≤ f ! . To show the reverse, it suffices to establish

∀α ∈ On, x ∈ Φ(f α ≤ x),

using induction on α.
(α = 0): f 0 = ⊥ ≤ x for all x ∈ L.
(α → α + 1): Let x ∈ Φ. By induction hypothesis, f α ≤ x. Thus we have
f α+1
= f (f α ) ≤ f (x) ≤ x, using the monotonicity of f .
(α a limit ordinal): By induction hypothesis, f β ≤ x holds for all β < α,
x ∈ Φ, which implies f α = sup f β ≤ x.
β<α

To generate the greatest fixed point in the same fashion, we introduce a dual
sequence (f ∗α )α∈On .

Definition 20.6. For a function f : L → L, the sequence (f ∗α )α∈On of elements

f ∗α ∈ L is defined inductively as follows:

f ∗0 = 
f ∗(α+1) = f (f ∗α )
f ∗λ = inf f ∗α for limit ordinals λ.
α<λ

Note that (f ∗α )α∈On is a decreasing sequence for monotone f . We define

∗!
f := f ∗α for the least α such that f ∗(α+1) = f ∗α .
Lemma 20.7. Let f : L → L be monotone. Then GFP(f ) = f ∗! .

Proof. Dual to the proof of Lemma 20.5.

In the case of power set lattices – which is our main interest – we can exploit
the duality of least and greatest fixed points.
For the remainder of this section, let L be the power set lattice of a set A.
362 Carsten Fritz

P
Definition 20.8. For every function f : (A) → (A), the dual function P
P P
f  : (A) → (A) of f is defined by f  (X) := f (X) where X := A \ X.

Note that f  = f .

Lemma 20.9. Let f : P (A) → P (A) be monotone.

(i) f  is monotone.
(ii) LFP(f ) = GFP(f  ) and GFP(f ) = LFP(f  )

P
Proof. (i) Let X, Y ∈ (A), X ⊆ Y . Thus Y ⊆ X, and f (Y ) ⊆ f (X) by the
monotonicity of f , which implies f (X) ⊆ f (Y ).
(ii) At first, we note that the first claim implies the second: If LFP(f ) = GFP(f  )
then LFP(f  ) = GFP(f  ) = GFP(f ).
To prove the first claim, we show by induction that f α = f ∗α holds for all
α ∈ On.
(α = 0): f 0 = ∅ = A = f ∗0
(α → α + 1): We have

f α+1 = f (f α )
= f (f ∗α ) (Ind. Hyp.)
= f  (f ∗α ) (by Def. 20.8)
= f ∗(α+1) (by Def. 20.6)



(α a limit ordinal): Here we have f α = fβ = fβ = f ∗β = f ∗α ,
β<α β<α β<α
using the induction hypothesis for the third equation.

20.3 Simultaneous Fixed Points

Let n ∈ ω and L0 = (L0 , ≤0 , 0 , ⊥0 ), . . . , Ln−1 = (Ln−1 , ≤n−1 , n−1 , ⊥n−1 ) be
complete lattices.
Define L := L0 × . . . × Ln−1 and

L := (L, ≤, (0, . . . , n−1 ), (⊥0 , . . . , ⊥n−1 )),

where ≤ is defined by

(x0 , . . . , xn−1 ) ≤ (y0 , . . . , yn−1 ) : iff ∀i ∈ [n](xi ≤i yi ).

It is easy to see that L is a complete lattice, the product lattice of L0 , . . . ,

Ln−1 . We will also write L = L0 × . . . × Ln−1 .
Now let f0 : L → L0 , . . . , fn−1 : L → Ln−1 be monotone functions. Obvi-
ously,

f : L → L, (x0 , . . . , xn−1 )
→ (f0 (x0 , . . . , xn−1 ), . . . , fn−1 (x0 , . . . , xn−1 ))
 20 Some Fixed Point Basics 363

is a monotone function as well and thus has a least and a greatest fixed point
(Theorem 20.4). These are called the simultaneous (least and greatest) fixed
points of f0 , . . . , fn−1 .
We now wish to compute the least and greatest fixed points of f by generating
nested fixed points of monotone functions defined on the lattices L0 , . . . , Ln−1 .
For the sake of brevity (and clarity), we restrict ourselves to the case n = 2 and
the computation of the least fixed point, but the generalization is straightfor-
ward.
Let g : L → L0 and h : L → L1 be monotone functions, and let f : L →
L, (x0 , x1 )
→ (g(x0 , x1 ), h(x0 , x1 )). Let LFP(f ) =: ((f ! )0 , (f ! )1 ) ∈ L0 ×L1 denote
the least fixed point of f , i.e., (f ! )i = pri (f ! ) (i = 0, 1). For α ∈ On, we define
fiα := pri (f α ) (i = 0, 1).
The following lemmas give us a computation recipe at hand:
For every x ∈ L0 , we define hx : L1 → L1 , y
→ h(x, y). The monotonicity of
h implies the monotonicity of hx , so we can generate, for every x ∈ L0 , the least
fixed point LFP(hx ) = h!x ∈ L1 (cf. Lemma 20.5).

Lemma 20.10. The function e : L0 → L0 , x

→ g(x, h!x ) is monotone. We have
(e! , h!e! ) = ((f ! )0 , (f ! )1 ).

Proof. We first show that e is monotone. To do so, it suffices to show that x

→ h!x
is monotone. Indeed, if x
→ h!x is monotone, then

x ≤0 x ⇒ e(x) = g(x, h!x ) ≤0 g(x , h!x
) = e(x )

since g is monotone.
Hence we show ∀α ∈ On(∀x, x ∈ L0 (x ≤0 x → hα x ≤1 hx
)) by induction
α

on α:
(α = 0): Trivial.
(α → α + 1): Let x ≤0 x . We have hα+1
x = h(x, hα 
x ) ≤1 h(x , hx
) = hx
.
α α+1

 β
(α a limit ordinal): Let x ≤0 x . hx = sup hx ≤1 sup hx
= hx
.
α β α
β<α β<α
Next, we show that (f ! )1 is a fixed point of h(f ! )0 ; this implies h!(f ! )0 ≤1 (f ! )1 :
h(f ! )0 ((f ! )1 ) = h((f ! )0 , (f ! )1 ) = pr1 (f ((f ! )0 , (f ! )1 )) = (f ! )1 , since ((f ! )0 , (f ! )1 )
is a fixed point of f .
Now we show e! ≤0 (f ! )0 . This implies h!e! ≤1 h!(f ! )0 , since x
→ h!x is mono-
tone.
(e! ≤0 (f ! )0 ): Using h!(f ! )0 ≤1 (f ! )1 and the monotonicity of g, we have
e((f ! )0 ) = g((f ! )0 , h!(f ! )0 ) ≤0 g((f ! )0 , (f ! )1 ) = pr0 (f ((f ! )0 , (f ! )1 )) = (f ! )0 , that
is, (f ! )0 ∈ { x ∈ L0 | e(x) ≤0 x }. Now since e! = inf{ x ∈ L0 | e(x) ≤ x }, we
have e! ≤0 (f ! )0 .
We now know that h!e! ≤1 h!(f ! )0 ≤1 (f ! )1 and e! ≤0 (f ! )0 .
To show that f ! = ((f ! )0 , (f ! )1 ) ≤ (e! , h!e! ) and hence (e! , h!e! ) = LFP(f ), it
suffices to establish ∀α ∈ On(f α ≤ (e! , h!e! )), as usual by induction on α.
(α = 0): Trivial.
364 Carsten Fritz

(α → α + 1): Using the induction hypothesis, we have f α+1 = f (f0α , f1α ) =

(g(f0α , f1α ), h(f0α , f1α )) ≤ (g(e! , h!e! ), h(e! , h!e! )). By the definitions of e! and he! ,
(g(e! , h!e! ), h(e! , h!e! )) = (e(e! ), he! (h!e! )) = (e! , h!e! ).
(α a limit ordinal): We use the definition of ≤ and the induction hypothesis,
getting f α = sup (f0β , f1β ) = (sup f0β , sup f1β ) ≤ (e! , h!e! ).
β<α β<α β<α

In other words,

pr0 (LFP(f )) = LFP(x

→ g(x, LFP(y
→ h(x, y)))).

In the same manner, we can show

Lemma 20.11. Let gy : L0 → L0 , x

→ g(x, y), for every y ∈ L1 , and let
e : L1 → L1 , y
→ h(gy! , y). The functions gy and e are monotone, and we have
((f ! )0 , (f ! )1 ) = (ge! ! , e! ).

These lemmas imply

Theorem 20.12. Let L = L0 × L1 be the product lattice of the lattices L0 =

(L0 , ≤0 , 0 , ⊥0 ) and L1 = (L1 , ≤1 , 1 , ⊥1 ), and let g : L → L0 , h : L → L1 be
monotone functions. Let f : L → L, (x0 , x1 )
→ (g(x0 , x1 ), h(x0 , x1 )). Then

pr0 (LFP(f )) = LFP(x

→ g(x, LFP(y
→ h(x, y)))),
pr1 (LFP(f )) = LFP(y
→ h(LFP(x
→ g(x, y)), y)).
Literature

1. Martı́n Abadi, Leslie Lamport, and Pierre Wolper, Realizable and unrealizable
specifications of reactive systems, Proceedings of the 16th International Collo-
quium on Automata, Languages and Programming, ICALP ’89, Lecture Notes in
Computer Science, vol. 372, Springer-Verlag, 1989, pp. 1–17. [40]
2. Luca de Alfaro and Thomas A. Henzinger, Concurrent omega-regular games, Pro-
ceedings of the 15th IEEE Symposium on Logic in Computer Science, LICS 2000,
IEEE Computer Society Press, 2000, pp. 141–154. [40]
3. Luca de Alfaro, Thomas A. Henzinger, and Freddy Y. C. Mang, The control of
synchronous systems, Proceedings of the 11th International Conference on Con-
currency Theory, CONCUR 2000, Lecture Notes in Computer Science, vol. 1877,
Springer-Verlag, 2000, pp. 458–473. [40]
4. Hajnal Andréka, István Németi, and Johan van Benthem, Modal logic and bounded
fragments of predicate logic, Journal of Philosophical Logic 27 (1998), no. 3, 217–
274. [321, 322, 327, 356]
5. André Arnold, The µ-calculus alternation-depth hierarchy is strict on binary trees,
Theoretical Informatics and Applications 33 (1999), no. 4–5, 329–340. [185, 195,
202]
6. Klaus Barthelmann, When can an equational simple graph be generated by hyper-
edge replacement?, Proceedings of the 23rd International Symposium on Mathe-
matical Foundations of Computer Science, MFCS ’98, Lecture Notes in Computer
Science, vol. 1450, Springer-Verlag, 1998, pp. 543–552. [263, 283, 318]
7. Johan van Benthem, Modal correspondence theory, Ph.D. thesis, Instituut voor
Logica en Grondslagenonderzoek van Exacte Wetenschappen, Universiteit van
Amsterdam, The Netherlands, 1976. [258]
8. , Dynamic bits and pieces, Tech. Report LP-97-01, Institute for Logic,
Language and Computation, University of Amsterdam, The Netherlands, 1997.
[356]
9. , Modal logic in two gestalts, Advances in Modal Logic, Volume II (Stan-
ford, California), CSLI Publications, 1998, pp. 73–100. [356]
10. Orna Bernholtz, Moshe Y. Vardi, and Pierre Wolper, An automata-theoretic ap-
proach to branching-time model checking, Proceedings of the 6th International
Conference on Computer Aided Verification, CAV ’94, Lecture Notes in Com-
puter Science, vol. 818, Springer-Verlag, 1994, pp. 142–155. [203]
11. Dietmar Berwanger and Erich Grädel, Games and model checking for guarded log-
ics, Proceedings of the 8th International Conference on Logic for Programming,
Artificial Intelligence and Reasoning, LPAR 2001, Lecture Notes in Artificial In-
telligence, vol. 2250, Springer-Verlag, 2001, pp. 70–84. [351, 356]
12. Achim Blumensath, Prefix-recognizable graphs and monadic second order logic,
Tech. Report AIB-06-2001, RWTH Aachen, Germany, 2001. [263, 264, 283, 318]
13. Julian C. Bradfield, The modal mu-calculus alternation hierarchy is strict, Pro-
ceedings of the 7th International Conference on Concurrency Theory, CON-
CUR ’96, Lecture Notes in Computer Science, vol. 1119, Springer-Verlag, 1996,
pp. 232–246. [185, 202]
14. , The modal µ-calculus alternation hierarchy is strict, Theoretical Com-
puter Science 195 (1998), no. 2, 133–153. [202]
366 Literature

15. , Simplifying the modal mu-calculus alternation hierarchy, Proceedings

of the 15th Annual Symposium on Theoretical Aspects of Computer Science,
STACS ’98, Lecture Notes in Computer Science, vol. 1373, Springer-Verlag, 1998,
pp. 39–49. [202]
16. Julian C. Bradfield and Colin Stirling, Modal logics and mu-calculi: an introduc-
tion, Handbook of Process Algebra (Jan A. Bergstra, Alban Ponse, and Scott A.
Smolka, eds.), Elsevier, 2001, pp. 293–332. [203]
17. J. Richard Büchi, Weak second-order arithmetic and finite automata, Zeitschrift
für mathematische Logik und Grundlagen der Mathematik 6 (1960), 66–92. [3,
153, 219, 221, 258]
18. , On a decision method in restricted second order arithmetic, International
Congress on Logic, Methodology and Philosophy of Science, Stanford University
Press, 1962, pp. 1–11. [39, 61, 92, 214, 217, 221, 258]
19. , Decision methods in the theory of ordinals, Bulletin of the American
Mathematical Society 71 (1965), 767–770. [258]
20. , The monadic theory of ω1 , Decidable Theories II, Lecture Notes in Math-
ematics, vol. 328, Springer-Verlag, 1973, pp. 1–127. [258]
21. , Using determinacy to eliminate quantifiers, Fundamentals of Computa-
tion Theory, Lecture Notes in Computer Science, vol. 56, Springer-Verlag, 1977,
pp. 367–378. [95, 108, 135]
22. J. Richard Büchi and Lawrence H. Landweber, Solving sequential conditions by
finite-state strategies, Transactions of the American Mathematical Society 138
(1969), 295–311. [39]
23. Olaf Burkart, Automatic verification of sequential infinite-state processes, Lecture
Notes in Computer Science, vol. 1354, Springer-Verlag, 1997. [318]
24. Olaf Burkart and Bernhard Steffen, Model checking for context-free processes,
Proceedings of the 3rd International Conference on Concurrency Theory, CON-
CUR ’92, Lecture Notes in Computer Science, vol. 630, Springer-Verlag, 1992,
pp. 123–137. [318]
25. Georg Cantor, Beiträge zur Begründung der transfiniten Mengenlehre, Mathema-
tische Annalen 46 (1895), 481–512. [224]
26. Olivier Carton and Wolfgang Thomas, The monadic theory of morphic infinite
words and generalizations, Information and Computation 176 (2002), 51–76. [258]
27. Ilaria Castellani, Bisimulations and abstraction homomorphisms, Journal of Com-
puter and System Sciences 34 (1987), no. 2–3, 210–235. [242]
28. Didier Caucal, On infinite transition graphs having a decidable monadic the-
ory, Proceedings of the 23rd International Colloquium on Automata, Languages
and Programming, ICALP ’96, Lecture Notes in Computer Science, vol. 1099,
Springer-Verlag, 1996, pp. 194–205. [263, 280, 282, 283, 316, 318]
29. , Sur des graphes infinis réguliers, Institut de Formation Supérieure en
Informatique et en Communication, L’Université des Rennes 1, 1998, Habilitation
thesis. [318]
30. , On infinite transition graphs having a decidable monadic theory, Theo-
retical Computer Science (2001), To appear. [318]
31. , On the transition graphs of Turing machines, Proceedings of the 3rd
International Conference Machines, Computations, and Universality, MCU ’01,
Lecture Notes in Computer Science, vol. 2055, Springer-Verlag, 2001, pp. 177–
189. [318]
32. , On infinite terms having a decidable monadic theory, Proceedings of
the 27th International Symposium on Mathematical Foundations of Computer
 Literature 367

Science, MFCS ’02, Lecture Notes in Computer Science, Springer-Verlag, 2002,

pp. 165–176. [258, 318]
33. Ashok K. Chandra, Dexter Kozen, and Larry J. Stockmeyer, Alternation, Journal
of the ACM 28 (1981), no. 1, 114–133. [168]
34. Yaacov Choueka, Theories of automata on omega-tapes: A simplified approach,
Journal of Computer and System Sciences 8 (1974), no. 2, 117–141. [92]
35. Alonzo Church, Logic, arithmetic, and automata, Proceedings of the International
Congress of Mathematicians (Stockholm, Sweden), 1962. [39]
36. Rina S. Cohen and Arie Y. Gold, Theory of ω-languages I & II, Journal of Com-
puter and System Science 15 (1977), no. 2, 169–208. [4]
37. , ω-computations on deterministic pushdown machines, Journal of Com-
puter and System Science 16 (1978), no. 3, 275–300. [4]
38. , ω-computations on turing machines, Theoretical Computer Science 6
(1978), 1–23. [4]
39. Kevin J. Compton and C. Ward Henson, A uniform method for proving lower
bounds on the computational complexity of logical theories, Annals of Pure and
Applied Logic 48 (1990), no. 1, 1–79. [258]
40. Anne Condon, The complexity of stochastic games, Information and Computation
96 (1992), no. 2, 203–224. [111]
41. Bruno Courcelle, The monadic second order logic of graphs, II: Infinite graphs of
bounded width, Mathematical System Theory 21 (1989), no. 4, 187–222. [301]
42. , The monadic second order logic of graphs, IX: Machines and their be-
haviours, Theoretical Computer Science 151 (1995), no. 1, 125–162. [263, 268,
301, 318]
43. Bruno Courcelle and Igor Walukiewicz, Monadic second-order logic, graph con-
verings and unfoldings of transition systems, Annals of Pure and Applied Logic
92 (1998), no. 1, 35–62. [318]
44. Mads Dam, CTL* and ECTL* as fragments of the modal µ-calculus, Theoretical
Computer Science 126 (1994), no. 1, 77–96. [257]
45. John Doner, Tree acceptors and some of their applications, Journal of Computer
and System Sciences 4 (1970), no. 5, 406–451. [219, 221, 258]
46. Stefan Dziembowski, Marcin Jurdziński, and Igor Walukiewicz, How much mem-
ory is needed to win infinite games?, Proceedings of the 12th Annual IEEE Sym-
posium on Logic in Computer Science, LICS ’97, IEEE Computer Society Press,
1997, pp. 99–110. [39]
47. Heinz-Dieter Ebbinghaus and Jörg Flum, Finite model theory, Perspectives in
Mathematical Logic, Springer-Verlag, 1995. [334]
48. Heinz-Dieter Ebbinghaus, Jörg Flum, and Wolfgang Thomas, Mathematical logic,
Undergraduate texts in mathematics, Spinger-Verlag, 1984. [207]
49. Andrzej Ehrenfeucht and Jan Mycielski, Positional strategies for mean payoff
games, International Journal of Game Theory 8 (1979), 109–113. [109, 110, 113,
114]
50. Samuel Eilenberg, Automata, languages and machines, vol. A, Academic Press,
New York, 1974. [92]
51. Calvin C. Elgot, Decision problems of finite automata design and related arith-
metics, Transactions of the American Mathematical Society 98 (1961), 21–51.
[219, 221, 258]
52. Calvin C. Elgot and Michael O. Rabin, Decidability and undefinability of sec-
ond (first) order theory of (generalized) successor, Journal of Symbolic Logic 31
(1966), 169–181. [258]
368 Literature

53. E. Allen Emerson, Temporal and modal logic, Handbook of Theoretical Computer
Science (Jan van Leeuwen, ed.), vol. B: Formal Models and Sematics, Elsevier,
1990, pp. 995–1072. [203]
54. E. Allen Emerson and Charanjit S. Jutla, The complexity of tree automata and
logics of programs (exteded abstract), Proceedings of the 29th Annual Symposium
on Foundations of Computer Science, FoCS ’88, IEEE Computer Society Press,
1988, pp. 328–337. [130, 168, 203, 321, 343]
55. , Tree automata, mu-calculus and determinacy (extended abstract), Pro-
ceedings of the 32nd Annual Symposium on Foundations of Computer Science,
FoCS ’91, IEEE Computer Society Press, 1991, pp. 368–377. [39, 95, 103, 108,
130, 135, 138, 202, 354]
56. E. Allen Emerson, Charanjit S. Jutla, and A. Prasad Sistla, On model-checking
for fragments of µ-calculus, Proceedings of the 5th International Conference on
Computer Aided Verification, CAV ’93, Lecture Notes in Computer Science, vol.
697, Springer-Verlag, 1993, pp. 385–396. [95, 104, 108]
57. , On model checking for the µ-calculus and its fragments, Theoretical Com-
puter Science 258 (2001), no. 1–2, 491–522. [202]
58. E. Allen Emerson and Chin-Laung Lei, Efficient model checking in fragments of
the propositional mu-calculus (extended abstract), Proceedings of the Symposium
on Logic in Computer Science, LICS ’86, IEEE Computer Society Press, 1986,
pp. 267–278. [202, 203]
59. E. Allen Emerson and A. Prasad Sistla, Deciding full branching time logic, Infor-
mation and Control 61 (1984), no. 3, 175–201. [92]
60. Joost Engelfriet and Hendrik Jan Hoogeboom, X-automata on ω-words, Theoret-
ical Computer Science 110 (1993), 1–51. [39]
61. Javier Esparza, David Hansel, Peter Rossmanith, and Stefan Schwoon, Efficient
algorithms for model checking pushdown systems, Proceedings of the 12th Inter-
national Conference on Computer Aided Verification, CAV 2000, Lecture Notes
in Computer Science, vol. 1855, Springer-Verlag, 2000, pp. 232–247. [311]
62. Shimon Even, Graph algorithms, Pitman Publishing, London, 1979. [55]
63. Jeanne Ferrante and Charles W. Rackoff, The computational complexity of logical
theories, Lecture Notes in Mathematics, vol. 718, Springer-Verlag, 1979. [258]
64. Markus Frick and Martin Grohe, The complexity of first-order and monadic
second-order logic revisited, Proceedings of the 17th IEEE Symposium on Logic in
Computer Science, LICS ’02, IEEE Computer Society Press, 2002, pp. 215–224.
[258]
65. Harald Ganziger, Christoph Meyer, and Margus Veanes, The two-variable guarded
fragment with transitive relations, Proceedings of the 14th IEEE Symposium on
Logic in Computer Science, LICS ’99, IEEE Computer Society Press, 1999, pp. 24–
34. [322, 356]
66. Kurt Gödel, Über formal unentscheidbare Sätze der Principia Mathematica und
verwandter Systeme I, Monatshefte für Mathematik und Physik 38 (1931), 173–
198. [207]
67. Elisabeth Gonçalves and Erich Grädel, Decidability issues for action guarded
logics, Proceedings of the 2000 International Workshop on Description Logics,
DL 2000, 2000, pp. 123–132. [322, 336, 356]
68. Georg Gottlob, Erich Grädel, and Helmut Veith, Datalog LITE: A deductive query
language with linear time model checking, ACM Transactions on Computional
Logic 3 (2002), no. 1, 42–79. [322, 356]
 Literature 369

69. Erich Grädel, The decidability of guarded fixed point logic, JFAK. Essay Decicated
to Johan van Benthem on the occasion of his 50th Birthday, CD-ROM (Jelle
Gerbrandy, Maarten Marx, Maarten de Rijke, and Yde Venema, eds.), Amsterdam
University, 1999. [322, 356]
70. , Decision procedures for guarded logics, Proceedings of 16th International
Conference on Automated Deduction, CADE ’99, Lecture Notes in Artificial In-
telligence, vol. 1632, Springer-Verlag, 1999, pp. 31–51. [356]
71. , On the restrainning power of guards, Journal of Symbolic Logic 64 (1999),
1719–1742. [322, 343, 356]
72. , Why are modal logics so robustly decidable?, Current Trends in Theo-
retical Computer Science, Entering the 21st Century (Gheorghe Paun, Grzegorz
Rozenberg, and Arto Salomaa, eds.), World Scientific, 2001, pp. 393–498. [322,
356]
73. , Guarded fixed point logics and the monadic theory of countable trees,
Theoretical Computer Science 288 (2002), 129 – 152. [322, 326, 327, 328, 329,
330, 331, 339, 343, 346, 356]
74. Erich Grädel, Colin Hirsch, and Martin Otto, Back and forth between guarded and
modal logics, ACM Transactions on Computional Logic 3 (2002), no. 3, 418–463.
[322, 333, 334, 335, 356]
75. Erich Grädel and Igor Walukiewicz, Guarded fixed point logic, Proceedings of the
4th Annual IEEE Symposium on Logic in Computer Science, LICS ’99, IEEE
Computer Society Press, 1999, pp. 45–54. [322, 343, 356]
76. Yuri Gurevich, Monadic second-order theories, Model-Theoretical Logics (Jon
Barwise and Solomon Feferman, eds.), Springer-Verlag, 1985, pp. 479–506. [258]
77. Yuri Gurevich and Leo Harrington, Trees, automata and games, Proceedings of
the 14th Annual ACM Symposium on Theory of Computing, STOC ’82, ACM
Press, 1982, pp. 60–65. [39, 95, 108, 135, 141]
78. Yuri Gurevich, Menachem Magidor, and Saharon Shelah, The monadic theory of
ω2 , Jounal of Symbolic Logic 48 (1983), 387–398. [258]
79. Stephan Heilbrunner, An algorithm for the solution of fixed-point equations for
infinite words, R.A.I.R.O. Informatique théorique/Theoretical Informatics 14
(1980), no. 2, 131–141. [228]
80. B. Herwig, Zur Modelltheorie von Lµ , Ph.D. thesis, Universität Freiburg, Ger-
many, 1989. [130]
81. David Hilbert, Mathematische Probleme. Vortrag, gehalten auf dem interna-
tionalen Mathematiker-Kongress zu Paris 1900, Nachrichten von der Königl. Ge-
sellschaft der Wissenschaften zu Göttingen, Mathematisch-Physikalische Klasse
(1900), 253–297. [207]
82. Colin Hirsch, Guarded logics: Algorithms and bisimulation, Ph.D. thesis, RWTH
Aachen, Germany, 2002. [356]
83. Wilfrid Hodges, Model theory, Encyclopedia of Mathematics and its Applications,
Cambridge University Press, 1993. [226]
84. Ian Hodkinson, Loosely guarded fragment has finite model property, Studia Logica
70 (2002), 205–240. [356]
85. A. Hoffmann and Richard M. Karp, On nonterminating stochastic games, Man-
agement Science 12 (1966), 359–370. [108, 125]
86. Eva Hoogland, Maarten Marx, and Martin Otto, Beth definability for the guarded
fragment, Proceedings of the 6th International Conference on Logic for Program-
ming and Automated Reasoning, LPAR ’99), Lecture Notes in Computer Science,
vol. 1705, Springer-Verlag, 1999, pp. 273–285. [322, 356]
370 Literature

87. John E. Hopcroft and Jeffrey D. Ullman, Introduction to automata theory, lan-
guages, and computation, Addison-Wesley, 1979. [44, 63, 236]
88. Robert Hossley and Charles W. Rackoff, The emptiness problem for automata
on infinite trees, Proceedings of the 13th Annual Symposium on Switching and
Automata Theory, IEEE Computer Society Press, 1972, pp. 121–124. [168]
89. David Janin, Propriérés logiques du non-déterminisme et µ-calcul modal, Ph.D.
thesis, LaBRI – Université de Bordeaux I, France, 1995. [249]
90. David Janin and Igor Walukiewicz, Automata for the modal mu-calculus and re-
lated results, Proceedings of the 20th International Symposium on Mathematical
Foundations of Computer Science, MFCS ’95, Lecture Notes in Computer Science,
vol. 969, Springer-Verlag, 1995, pp. 552–562. [249, 259]
91. , On the expressive completeness of the propositional mu-calculus with re-
spect to monadic second order logic, Proceedings of the 7th International Confer-
ence on Concurrency Theory, CONCUR ’96, Lecture Notes in Computer Science,
vol. 1119, Springer-Verlag, 1996, pp. 263–277. [239, 259]
92. Marcin Jurdziński, Deciding the winner in parity games is in UP ∩ co-UP, Infor-
mation Processing Letters 68 (1998), no. 3, 119–124. [96, 103, 104, 108, 110, 112,
115, 130]
93. , Small progress measures for solving parity games, Proceedings of the 17th
Annual Symposium on Theoretical Aspects of Computer Science, STACS 2000,
Lecture Notes in Computer Science, vol. 1770, Springer-Verlag, 2000, pp. 290–301.
[96, 103, 106, 108, 109, 117, 119, 124, 130, 151, 153, 202]
94. Charanjit S. Jutla, Determinization and memoryless winning strategies, Informa-
tion and Computation 133 (1997), no. 2, 117–134. [80]
95. Alexander S. Kechris, Classical descriptive set theory, Graduate Texts in Mathe-
matics, Springer-Verlag, 1995. [30]
96. Bakhadyr Khoussainov and Anil Nerode, Automata theory and its applications,
Progress in Computer Science and Applied Logic, vol. 21, Birkhäuser, 2001. [39]
97. Nils Klarlund, Progress measures for complementation of omega-automata with
applications to temporal logic, Proceedings of the 32nd Annual Symposium on
Foundations of Computer Science, FoCS ’91, IEEE Computer Society Press, 1991,
pp. 358–367. [61, 62, 63]
98. , Progress measures, immediate determinacy, and a subset construction for
tree automata, Annals of Pure and Applied Logic 69 (1994), no. 2–3, 243–268.
[39]
99. Nils Klarlund, Madhavan Mukund, and Milind A. Sohoni, Determinizing Büchi
asynchronous automata, Proceedings of the 15th Conference on Foundations of
Software Technology and Theoretical Computer Science, FSTTCS ’95, Lecture
Notes in Computer Science, no. 1026, Springer-Verlag, 1995, pp. 456–470. [44]
100. Dexter Kozen, Results on the propositional mu-calculus, Theoretical Computer
Science 27 (1983), 333–354. [95, 108, 171, 202, 203]
101. Orna Kupferman, P. Madhusudan, P. S. Thiagarajan, and Moshe Y. Vardi, Open
systems in reactive environments: Control and synthesis, Proceedings of the 11th
International Conference on Concurrency Theory, CONCUR 2000, Lecture Notes
in Computer Science, vol. 1877, Springer-Verlag, 2000, pp. 92–107. [40]
102. Orna Kupferman and Moshe Y. Vardi, Weak alternating automata are not that
weak, Proceedings of the Fifth Israel Symposium on Theory of Computing and
Systems, ISTCS ’97, IEEE Computer Society Press, 1997, pp. 147–158. [61, 77]
103. , Weak alternating automata and tree automata emptiness, Proceedings of
the 30th Annual ACM Symposium on Theory of Computing, STOC ’98, ACM
Press, 1998, pp. 224–233. [168]
 Literature 371

104. , Chruch’s problem revisted, The Bulletin of Symbolic Logic 5 (1999), no. 2,
245–263. [40]
105. , The weakness of self-complementation, Proceedings of the 16th Annual
Symposium on Theoretical Aspects of Computer Science, STACS ’99, Lecture
Notes in Computer Science, vol. 1563, Springer-Verlag, 1999, pp. 455–466. [168]
106. , An automata-theoretic approach to reasoning about infinite-state systems,
Proceedings of the 12th International Conference on Computer Aided Verification,
CAV 2000), Lecture Notes in Computer Science, vol. 1855, Springer-Verlag, 2000.
[303, 312, 313, 316, 317, 318]
107. , Weak alternating automata are not that weak, ACM Transactions on
Computional Logic 2 (2001), no. 3, 408–429. [61, 77]
108. Ralf Küsters and Thomas Wilke, Determinizing Büchi asynchronous automata,
Proceedings of the 22th Conference on Foundations of Software Technology and
Theoretical Computer Science, FSTTCS ’02, Lecture Notes in Computer Science,
Springer-Verlag, 2002, To appear. [202]
109. Richard E. Ladner, The computational complexity of provability in systems of
propositinal modal logic, SIAM Journal on Computing 6 (1977), no. 3, 467–480.
[321]
110. Lawrence H. Landweber, Decision problems for ω-automata, Mathematical Sys-
tems Theory 3 (1969), no. 4, 376–384. [20, 39]
111. H. Läuchli and J. Leonard, On the elementary theory of linear order, Fundamenta
Mathematicae 59 (1966), 109–116. [228]
112. Giacomo Lenzi, A hierarchy theorem for the mu-calculus, Proceedings of the
23rd International Colloquium on Automata, Languages and Programming,
ICALP ’96, Lecture Notes in Computer Science, vol. 1099, Springer-Verlag, 1996,
pp. 87–97. [185, 202]
113. Matti Linna, On ω-sets associated with context-free languages, Information and
Control 31 (1976), no. 3, 272–293. [4]
114. Christof Löding, Optimal bounds for the transformation of omega-automata, Pro-
ceedings of the 19th Conference on Foundations of Software Technology and The-
oretical Computer Science, FSTTCS ’99, Lecture Notes in Computer Science, vol.
1738, Springer-Verlag, 1999, pp. 97–109. [16, 17, 18, 19, 39, 79, 87, 88, 89]
115. Christof Löding and Wolfgang Thomas, Alternating automata and logics over
infinite words, Proceedings of the IFIP International Conference on Theoretical
Computer Science, IFIP TCS 2000, Lecture Notes in Computer Science, vol. 1872,
Springer-Verlag, 2000. [61, 68]
116. David E. Long, Anca Browne, Edmund M. Clarke, Somesh Jha, and Wilfredo R.
Marrero, An improved algorithm for the evaluation of fixpoint expressions, Pro-
ceedings of the 6th International Conference on Computer Aided Verification,
CAV ’94, Lecture Notes in Computer Science, vol. 818, Springer-Verlag, 1994,
pp. 338–350. [202]
117. Walter Ludwig, A subexponential randomized algorithm for the simple stochastic
game problem, Information and Computation 117 (1995), no. 1, 151–155. [111,
125, 130]
118. P. Madhusudan and P.S. Thiagarajan, Distributed controller synthesis for local
specifications, Proceedings of the 28th International Colloquium on Automata,
Languages and Programming, ICALP ’01, Lecture Notes in Computer Science,
vol. 2076, Springer-Verlag, 2001, pp. 396–407. [40]
119. Donald A. Martin, Borel determinacy, Annals of Mathematics 102 (1975), 363–
371. [30, 95, 130]
372 Literature

120. Maarten Marx, Tolerance logic, Tech. Report IR-469, Faculteit der Exacte Weten-
schappen, Vrije Universiteit Amsterdam, The Netherlands, 1999. [356]
121. Yuri Matiyasevich, Diophantine nature of enumerable sets (Russian), Doklady
Akademija Nauk SSSR 191 (1970), no. 2, 279–282. [207]
122. Oliver Matz, Dot-depth and monadic quantifier alternation over pictures, Ph.D.
thesis, RWTH Aachen, Germany, 1999, Aachener Informatik Berichte 99-08. [231,
233, 258]
123. , Dot-depth, monadic quantifier alternation, and first-order closure over
grids and pictures, Theoretical Computer Science 270 (2002), no. 1–2, 1–70. [231,
233, 258]
124. Robert McNaughton, Finite-state infinite games, Tech. report, Project MAC,
Massachusetts Institute of Technology, USA, 1965. [39]
125. , Testing and generating infinite sequences by a finite automaton, Infor-
mation and Control 9 (1966), no. 5, 521–530. [39, 43, 61, 92]
126. , Infinite games played on finite graphs, Annals of Pure and Applies Logic
65 (1993), no. 2, 149–184. [39, 96, 108, 130]
127. A. R. Meyer, Weak monadic second order theory of successor is not elementary-
recursive, Proceedings of the Boston University Logic Colloquium, Springer-
Verlag, 1975, pp. 132–154. [258]
128. Max Michel, Complementation is more difficult with automata on infinite words,
Manuscript, CNET, Paris, 1988. [16, 39]
129. Satoru Miyano and Takeshi Hayashi, Alternating finite automata on ω-words,
Theoretical Computer Science 32 (1984), 321–330. [76]
130. Faron Moller and Alexander Rabinovich, On the expressive power of CTL*, Pro-
ceedings of the 14th IEEE Symposium on Logic in Computer Science, LICS ’99,
IEEE Computer Society Press, 1999, pp. 360–369. [259]
131. Andrzej Wlodzimierz Mostowski, Regular expressions for infinite trees and a stan-
dard form of automata, Computation Theory, Lecture Notes in Computer Science,
vol. 208, Springer-Verlag, 1984, pp. 157–168. [39, 130]
132. , Games with forbidden positions, Tech. Report 78, Instytut Matematyki,
Uniwersytet Gdański, Poland, 1991. [39, 95, 130, 354]
133. David E. Muller, Infinite sequences and finite machines, Proceedings of the 4th
IEEE Symposioum on Switching Circuit Theory and Logical Design, 1963, pp. 3–
16. [3, 39, 43, 92, 168]
134. David E. Muller, Ahmed Saoudi, and Paul E. Schupp, Alternating automata, the
weak monadic theory of the tree, and its complexity, Proceedings of the 13th In-
ternational Colloquium on Automata, Languages and Programming, ICALP ’86,
Lecture Notes in Computer Science, vol. 226, Springer-Verlag, 1986, pp. 275–283.
[168]
135. David E. Muller and Paul E. Schupp, The theory of ends, pushdown automata,
and second-order logic, Theoretical Computer Science 37 (1985), 51–75. [263,
318]
136. , Alternating automata on infinite trees, Theoretical Computer Science 54
(1987), 267–276. [68, 168]
137. , Simulating alternating tree automata by nondeterministic automata: New
results and new proofs of the theorems of Rabin, McNaughton and Safra, Theo-
retical Computer Science 141 (1995), no. 1–2, 69–107. [43, 92, 154, 162]
138. Damian Niwiński, On fixed-point clones (extended abstract), Proceedings of the
13th International Colloquium on Automata, Languages and Programming,
ICALP ’86, Lecture Notes in Computer Science, vol. 226, Springer-Verlag, 1986,
pp. 464–473. [176]
 Literature 373

139. , Fixed point characterization of infinite behavior of finite-state systems,

Theoretical Computer Science 189 (1997), no. 1–2, 1–69. [171, 185]
140. Martin Otto, Eliminating recursion in the µ-calculus, Proceedings of the 16th
Annual Symposium on Theoretical Aspects of Computer Science, STACS ’99,
Lecture Notes in Computer Science, vol. 1563, Springer-Verlag, 1999, pp. 531–
540. [202]
141. , Modal and guarded characterisation theorems over finite transition sys-
tems, Proceedings of the 17th IEEE Symposium on Logic in Computer Science,
LICS 2002, IEEE Computer Society Press, 2002, pp. 371–380. [356]
142. Christos H. Papadimitriou, Complexity theory, Addison Wesley, 1994. [108, 115]
143. Dominique Perrin and Jean-Eric Pin, Infinite words, available on
http://www.liafa.jussieu.fr/∼jep/Resumes/InfiniteWords.html. [39]
144. Amir Pnueli and Roni Rosner, On the synthesis of a reactive module, Proceed-
ings of the Sixteenth Annual ACM Symposium on Principles of Programming
Languages, POPL ’89, ACM Press, 1989, pp. 179–190. [40, 168]
145. , Distributed reactive systems are hard to synthesize, Proceedings of the
31st Annual Symposium on Foundations of Computer Science, FoCS ’90, IEEE
Computer Society Press, 1990, pp. 746–757. [40]
146. Mojzesz Presburger, Über die Vollständigkeit eines gewissen Systems der Arith-
metik ganzer Zahlen, in welchem die Addition als einzige Operation hervortritt,
Comptes Rendus du Ier Congrès des Mathématiciens des Pays Slaves, Warszawa
(1929), 92–101. [208, 225]
147. Anuj Puri, Theory of hybrid systems and discrete event systems, Ph.D. thesis,
University of California, Berkeley, 1995. [110, 125, 130]
148. Michael O. Rabin, Decidability of second-order theories and automata on infinite
trees, Transactions of the American Mathematical Society 141 (1969), 1–35. [95,
108, 135, 146, 168, 214, 221, 258, 263, 267]
149. , Weakly definable relations and special automata, Mathematical Logic and
Foundations of Set Theory, North-Holland, 1970, pp. 1–23. [139, 168, 219]
150. , Automata on infinite objects and Church’s problem, American Mathe-
matical Society (1972). [39, 92, 168]
151. , Decidable theories, Handbook of Mathematical Logic (Jon Barwise, ed.),
North-Holland, 1977, pp. 595–629. [258]
152. Peter J. Ramadge and W. Murray Wonham, The control of discrete event systems,
Proceedings of the IEEE 77 (1989), no. 1, 81–98. [40]
153. Roman R. Redziejowski, Construction of a deterministic ω-automaton using
derivatives, Theoretical Informatics and Applications 33 (1999), no. 2, 133–158.
[43]
154. Bruce Reed, Tree width and tangles: A new conectivity measure and some applica-
tions, Surveys in Combinatorics (Rosemary A. Bailey, ed.), Cambridge University
Press, 1997, pp. 87–162. [331]
155. Neil Robertson and Paul D. Seymour, Graph minors. V. Excluding a planar graph,
Journal of Combinatorial Theory, Series B 41 (1986), 92–114. [209]
156. Eric Rosen, Modal logic over finite structures, Journal of Logic, Language, and
Information 6 (1997), 427–439. [258]
157. Bertrand Le Saec, Jean-Eric Pin, and Pascal Weil, A purely algebraic proof
of McNaughton’s theorem on infinite words, Proceedings of the 11th Confer-
ence on Foundations of Software Technology and Theoretical Computer Science,
FSTTCS ’91, Lecture Notes in Computer Science, no. 560, Springer-Verlag, 1991,
pp. 141–151. [92]
374 Literature

158. Shmuel Safra, On the complexity of omega-automata, Proceedings of the 29th An-
nual Symposium on Foundations of Computer Science, FoCS ’88, IEEE Computer
Society Press, 1988, pp. 319–327. [16, 43, 61, 92]
159. , Exponential determinization for omega-automata with strong-fairness ac-
ceptance condition (extended abstract), Proceedings of the 24th Annual ACM
Symposium on the Theory of Computing, STOC ’92, ACM Press, 1992, pp. 275–
282. [18, 79, 80, 86, 92]
160. Detlef Seese, The structure of the models of decidable monadic theories of graphs,
Annals of Pure and Applied Logic 53 (1991), no. 2, 169–195. [209]
161. Helmut Seidl, Fast and simple nested fixpoints, Information Processing Letters 59
(1996), no. 6, 303–308. [117, 130, 202]
162. Alexei L. Semenov, Decidability of monadic theories, Proceedings of the 11th
International Symposium on Mathematical Foundations of Computer Science,
MFCS ’84, Lecture Notes in Computer Science, vol. 176, Springer-Verlag, 1984,
pp. 162–175. [285]
163. Saharon Shelah, The monadic second order theory of order, Annals of Mathemat-
ics 102 (1975), 379–419. [258, 285, 337]
164. Ludwig Staiger, Research in the theory of ω-languages, Journal of Information
Processing Cybernetics EIK 23 (1987), 415–439. [39]
165. , ω-languages, Handbook of Formal Language Theory, vol. III, Springer-
Verlag, 1997, pp. 339–387. [4, 39]
166. Ludwig Staiger and Klaus W. Wagner, Automatentheoretische und Automaten-
freie Charakterisierungen Topologischer Klassen Regulärer Folgenmengen, Elek-
tronische Informationsverarbeitung und Kybernetik EIK 10 (1974), 379–392. [20]
167. Colin Stirling, Local model checking games, Proceedings of the 6th International
Conference on Concurrency Theory, CONCUR ’95, Lecture Notes in Computer
Science, vol. 962, Springer-Verlag, 1995, pp. 1–11. [130]
168. , Decidability of bisimulation equivalence for pushdown processes, Tech.
Report EDI-INF-RR-0005, School of Informatics, University of Edinburgh, Scot-
tland, 2000. [282, 283, 318]
169. , Modal and temporal properties of processes, Texts in Computer Science,
Springer-Verlag, 2001. [202]
170. Larry J. Stockmeyer, The complexity of decision problems in automata theory
and logic, Ph.D. thesis, Deptartment of Electrical Engineering, MIT, Boston,
Massachusetts, 1974. [231, 233, 258]
171. Robert S. Streett, Propositional dynamic logic of looping and converse is elemen-
tary decidable, Information and Control 54 (1982), no. 1–2, 121–141. [39, 79]
172. Robert S. Streett and E. Allen Emerson, An automata theoretic decision procedure
for the propositional mu-calculus, Information and Computation 81 (1989), no. 3,
249–264. [202]
173. Jonathan Stupp, The lattice-model is recursive in the original model., Tech. re-
port, Institute of Mathematics, The Hebrew University, Jerusalem, Israel, 1975.
[285, 318]
174. Alfred Tarski, A decision method for elementary algebra and geometry, Tech.
report, Rand Corporation, Santa Monica, California, 1948. [208, 226]
175. , A lattice-theoretical fixpoint theorem and its applications, Pacific Journal
of Mathematics 5 (1955), 285–309. [122, 359, 360]
176. James W. Thatcher and Jesse B. Wright, Generalized finite automata theory with
an application to a decision problem of second-order logic, Mathematical Systems
Theory 2 (1968), no. 1, 57–81. [219, 221, 258]
 Literature 375

177. John G. Thistle and W. Murray Wonham, Supervision of infinite behavior of

discrete-event systems, SIAM Journal on Control and Optimization 32 (1994),
no. 4, 1098–1113. [40]
178. Wolfgang Thomas, A combinatorial approach to the theory of ω-automata, Infor-
mation and Control 48 (1981), 261–283. [92]
179. , Automata on infinite objects, Handbook of Theoretical Computer Sci-
ence, vol. B: Formal Models and Semantics, Elsevier, 1990, pp. 133–192. [39, 92,
268]
180. , On the synthesis of strategies in infinite games, Proceedings of the 12th
Annual Symposium on Theoretical Aspects of Computer Science, STACS ’95,
Lecture Notes in Computer Science, vol. 900, Springer-Verlag, 1995, pp. 1–13.
[39, 130, 317]
181. , Languages, automata and logic, Tech. Report 9607, Institut für Infor-
matik und Praktische Mathematik, Christian-Albrechts-Universität Kiel, Ger-
many, 1996. [130]
182. , Ehrenfeucht games, the composition method, and the monadic theory
of ordinal words, Structures in Logic and Computer Science, Lecture Notes in
Computer Science, vol. 1261, Springer-Verlag, 1997, pp. 118–143. [258]
183. , Languages, automata, and logic, Handbook of Formal Language Theory,
vol. III, Springer-Verlag, 1997, pp. 389–455. [39, 62, 108, 130, 135, 263]
184. , Complementation of Büchi automata revisited, Jewels are Forever, Con-
tributions on Theoretical Computer Science in Honor of Arto Salomaa, Springer-
Verlag, 1999, pp. 109–120. [61, 68, 75]
185. John Joseph Le Tourneau, Decision problems related to the concept of operation,
Ph.D. thesis, University of California, Berkeley, 1968. [337]
186. Boris A. Trakhtenbrot, Finite automata and the logic of monadic predicates, Dokl.
Akad. Nauk SSSR 140 (1961), 326–329. [219]
187. , Finite automata and the logic of one-place predicates, Sibirian Mathe-
matical Journal 13 (1962), 103–131, (in Russian). [258]
188. Boris A. Trakhtenbrot and Y.M. Barzdin, Finite automata: Behavior and synthe-
sis, North-Holland, 1973. [39]
189. Moshe Y. Vardi, Why is modal logic so robustly decidable?, Descriptive Complex-
ity and Finite Models: Proceedings of a DIMACS Workshop, vol. 31, American
Mathematical Society, 1996, pp. 149–184. [321, 343]
190. , Reasoning about the past with two-way automata., Proceedings of the
25th International Colloquium on Automata, Languages and Programming,
ICALP ’98, Lecture Notes in Computer Science, vol. 1443, Springer-Verlag, 1998,
pp. 628–641. [303, 307, 310, 318, 354]
191. Jens Vöge and Marcin Jurdziński, A discrete strategy improvement algorithm for
solving parity games, Proceedings of the 12th International Conference on Com-
puter Aided Verification, CAV 2000, Lecture Notes in Computer Science, vol.
1855, Springer-Verlag, 2000, pp. 202–215. [108, 125, 129, 130]
192. Klaus W. Wagner, On ω-regular sets, Information and Control 43 (1979), 123–
177. [39]
193. Igor Walukiewicz, A complete deductive system for the mu-calculus, Ph.D. thesis,
Institute of Informatics, Warsaw University, Poland, 1993. [203]
194. , On completeness of the mu-calculus, Proceedings of the 8th Annual IEEE
Symposium on Logic in Computer Science, LICS ’93, IEEE Computer Society
Press, 1993, pp. 136–146. [203]
376 Literature

195. , Completeness of Kozen’s axiomatisation of the propositional µ-calculus,

Proceedings of the 10th Annual IEEE Symposium on Logic in Computer Science,
LICS ’95, IEEE Computer Society Press, 1995, pp. 14–24. [203]
196. , Pushdown processes: Games and model checking, Proceedings of the
8th International Conference on Computer Aided Verification, CAV ’96, Lecture
Notes in Computer Science, vol. 1102, Springer-Verlag, 1996, pp. 62–74. [311,
313, 318]
197. , Completeness of Kozen’s axiomatisation of the propositional mu-calculus,
Information and Computation 157 (2000), no. 1–2, 142–182. [203]
198. , Pushdown processes: Games and model checking, Information and Com-
putation 164 (2001), no. 2, 234–263. [311]
199. , Deciding low levels of tree-automata hierarchy, Electronic Notes in The-
oretical Computer Science 67 (2002). [202]
200. , Monadic second-order logic on tree-like structures, Theoretical Computer
Science 275 (2002), no. 1–2, 311–346. [285, 318]
201. Thomas Wilke, Klarlund’s optimal complementation procedure for Büchi au-
tomata, Unpublished Note, 2000. [61]
202. , Alternating tree automata, parity games, and modal µ-calculus, Bull. Soc.
Math. Belg. 8 (2001), no. 2. [95, 153, 154, 161, 171, 185]
203. Wieslaw Zielonka, Infinite games on finitely coloured graphs with applications to
automata on infinite trees, Theoretical Computer Science 200 (1998), no. 1–2,
135–183. [39, 96, 99, 108, 130, 135]
204. Uri Zwick and Mike Paterson, The complexity of mean payoff games on graphs,
Theoretical Computer Science 158 (1996), no. 1–2, 343–359. [109, 110, 111, 112,
115, 130]
Symbol Index

1 5
Σ∗ finite words over Σ 3 even(α) symbols occurring infinitely
Σω infinite words over Σ 3 often in even positions
|α|a number of a in α 3 90
Occ(α) symbols occurring in α 3 odd (α) symbols occurring infinitely
Inf(α) symbols occurring infinitely often in odd positions 90
often 4
REG class of regular languages 4
6
L(A) language accepted by A 5
G[U ] subgame of G induced by U
96
2
vE E-successors of v 23 7
σ player 23
σ the other player 23 || · ||∞ maximum norm 116
π play 24 <i restricted lexicographical
|w|a number of a in w 28 ordering 117
Attrσ (G, X) σ-attractor of X in G 35 [i] {0, . . . , i − 1} 117
MG range of progress measures
119
3 MG extended range of progress
measures 120
b (α) number of b in word α 44 prog progress function 120
||ρ|| winning vertices 120
ordering on progress
4
measures 122
α(i) i-th letter of α 62 Lift lift operator 122
Occ(α) letters occurring in α 62 wπ vertex with highest priority
Inf(α) letters occurring infinitely occurring infinitely often
often in α 62 126
R(v) vertices reachable from v Pπ vertices before wπ 126
63 l(x) length of path to wπ 126
set of marked vertices 63 φ progress ordering 126
C
||G|| width of a sliced graph 64 ≺ value ordering 127
U (G) unmarked boundary 64
µ progress measure 64 8
B+ (X) positive Boolean formulas
68 Tω infinite binary tree 136
Mod(θ) minimal models 68 P re< (π) prefixes of π 136
θ dual of θ 69 TΣω , TΣ Σ-labeled trees 136
A dual of A 70 pi projection 136
GA,α weak min-parity game 70 T (A) tree language recognized
Attrσ (X) attractor 72 by A 137
378 Symbol Index

9 ϕA formula equivalent to A
214
P propositional variables 154
Aϕ automaton equivalent to ϕ
sR successors of s 154
214
Rs predecessors of s 154
O class of orderings 228
TCQ transition conditions 155
Q2 universal states 155
Q3 existential states 155 13
−
→q successor of q 155 ϕA
n defines 0∗ 10f (n)−1 10∗ 231
[v] the last letter of v 159 Σk S
{$k , 0k , 1k } 233
Θ, Θp set of tiles 164
S
k−1
Σ<k i=1 Σi 233
n
Σ>k i=k+1 Σi 233
10 ϕk cyclical counter 234
G ↓v subgame 171
[p → S  ] substitution 172 14
G(A) transition graph of A 172 sr source of a transition system
ind(A) index of A 172 239
Fµ set of µ-formulas 173 sccM
r (s) r-successors of s 240
Fν set of ν-formulas 173 ∼ bisimulation 240
Fη Fµ ∪ Fν 173 c
M ω-unravelling of M 241
ψ≤ϕ ψ is a subformula of ϕ 174  extension relation 241
G(ϕ) graph of ϕ 176 C MSO (ϕ) class defined by a MSO-
SCCϕ (ψ) strongly connected compo- sentence 244
nent of G(ϕ) containing ψ C Lµ (ϕ) class defined by a Lµ -
176 sentence 245
α(ϕ) alternation depth of ϕ 176 L(A) language recognized by A
ψ state for ψ 177 248

11 15
Σnµ , Πnµ fixed point hierarchy of Lµ REG(Σ ∗ ) regular subset of Σ ∗ 264
188 TN tree over N 264
ϕ models of ϕ 188 VG nodes of G 265
edge from s to t in G 265
a
, Πnµ TR semantical hierarchy 188
Σnµ TR s−→t
Σn , Π n automata hierarchy 189
G
A class accepted by A 189
s=⇒t
a
G path from s to t in G 265
ΣnTR , ΠnTR semantical automata
L path in L from s to t 265
s−→t
hierarchy 189 L(G, s, t) language of G wrt. s and t
TR class of pointed transition 265
systems 189 L(G) language of G 265
TΣn Σn -test automaton 195 W (U→V ) sets of edges 265
TΠn Πn -test automaton 195 MTh(G) monadic theory of G 266
GA,q transformed transition ≤MSO MSO-interpretation 266
system 196 I (B) interpretation 266
Σ inverse alphabet 272
Σ̂ extended alphabet 272
12 u↓ normal form of u 272
|=W weak satisfaction relation h(b) extended substitution 272
210 Σ̂# marked extended alphabet
≺ prefix order 211 274
 Symbol Index 379

u↓# normal form of u 274 3 “stay on the present node”

# L ( G) marking of G by L 274 304
PRGN (Σ)| prefix-recognizable graph η annotation 308
278 tails(∆) suffix of words in ∆ 312
PRG# N (Σ) prefix-recognizable graph
278
18
16 G(A) Gaifman graph of A 324
A(k) k-unravelling of A 332
[n] the set {0, . . . , n − 1} 286
B+ (X) positive boolean formulae
286 19
A∗ iteration 292
A
ϕA function defined by ϕ 292 A(k) k-unravelling of 346

17 20
∞ finite or infinite words over class of ordinals 359
T On
Σ 304 cl(f ) closure ordinal 360
T, l a Σ-labeled W -tree 304 f! f cl(f ) 360
ext(W ) alphabet W ∪· {3, ↑} 304 LFP least fixed point 360
↑ “go to parent node” 304 GFP greatest fixed point 360
Index

acceptance condition – tree, 135, 137, 219, 286

– 1-acceptance, 20 – – alternating, 155, 157, 158, 348
– 1
-acceptance, 20 – – bottom-up, 219
– Büchi, 5, 11, 16 – – Büchi, 139
– complemented pair, 9 – – complement, 141, 144, 146, 162
– fairness, 9 – – deterministic, 147
– Muller, 6, 12, 137 – – input free, 147
– pairs, 8, 79 – – Muller, 137, 139–141, 214
– parity, 10, 138, 287 – – parity, 138, 140
– Rabin, 8, 12, 16 – – Rabin, 139–141
– Streett, 9, 16, 79 – – Streett, 139–141
– weak, 19 – weak alternating parity, 68, 74–76
accepting run, 62, 187 – – stratified, 69
alphabet – word, 135, 219
– extended, 272 – – Büchi, 214
– inverse, 272
BA, see Büchi automaton
alternating tree automaton, 155, 157,
behavior, 157
158, 348
binary alphabet, 264
alternating two-way automaton, 349, 355
bisimulation, 240, 321, 327
alternation depth, 176
bottom-up tree automaton, 219
annotation, 308
Büchi
arena, 23, 310
– acceptance condition, 5, 11, 16
attractor, 35, 72
– automaton, 43, 53, 59, 60, 62, 65, 75,
automaton
76
– alternating two-way, 304, 349, 355
– – complement, 68
– Büchi, 43, 53, 59, 60, 62, 65, 75, 76
– – deterministic, 11, 45
– – complement, 68
– – nondeterministic, 45
– – deterministic, 11, 45
– – tree, 139
– – nondeterministic, 45
– – word, 214
– dual, 70
– game, 25, 37
– finite, 219 – winning condition, 25
– µ-automaton, 247, 249
– MSO, 293 CGF, see clique-guarded fragment
– Muller, 43 CGF∞ , 326
– – deterministic, 53, 59, 60 clique-bisimulation, 327
– nondeterministic, 288 clique-guarded fragment, 324
– ω-automaton, 4 clique-guarded second-order logic, 335,
– – complement, 44 340
– – deterministic, 43, 89 clique-guarded set, 324
– – nondeterministic, 4, 43, 88 clique-k-bisimulation, 327
– Rabin, 43, 53, 59, 60 CliqueSO, 335, 340
– – deterministic, 18 closed strategy, 118
– Streett, 79 closure ordinal, 325, 360
– – deterministic, 18, 86 colouring function, 24
– – nondeterministic, 80 complement, 236
382 Index

complementation, 44, 68, 74, 88, 89, 141, – – Jurdziński’s algorithm, 123
144, 146, 162 – – simple algorithm, 114
complemented pair condition, 9 – – strategy improvement algorithm, 125
concatenable, 164 – – subexponential algorithm, 111
configuration, 311 – – UP-algorithm, 117
conform, 27 – positional, 32
coordinate map, 266 – Rabin chain, 25
counter, 232 – reachability, 34
CTL∗ , 257 – regular, 25
– simple stochastic, 111
dead end, 24 – solitaire, 117
decomposition tree, 346 – subgame, 96
dense shuffling, 228 – weak parity, 70
determinacy, 30, 33, 99 game graph, 142
discounted payoff game, 110 game position, 70, 142
domain, 264 game progress measure, 120
dual automaton, 70 GF, see guarded fragment
dual positive Boolean formula, 69 GF∞ , 326
graph, 63
even cycle, 117 – context-free, 318
extended infinite binary tree, 211 – finitely marked, 64
extended parity progress measure, 120 – left concatenation, 277
extended substitution, 272 – prefix-recognizable, 263, 267
– pushdown, 263
fairness condition, 9 – regular, 263
finite memory determinacy, 33 – right concatenation, 277
finite model property, 229, 343 – Σ-graph, 264
finitely marked graph, 64 – sliced, 64
first-order logic, 226, 233, 236, 238 greatest fixed point, 173, 359
fixed point, 359 guarded bisimulation, 327
– greatest, 173, 359 guarded fragment, 323
– least, 173, 359 guarded second-order logic, 209, 332
– simultaneous, 363 guarded set, 323
fixed point formulas, 173
fixed point operators, 173 hit position, 12
FO, see first-order logic
forgetful determinacy, 33 IAR, see index appearance record
index, 172, 186
Gaifman graph, 324 index appearance records, 86
game, 24 inductive function, 359
– 1-game, 25, 36 infinite binary tree, 136, 211
– Büchi, 25, 37 infinity set, 79, 136
– discounted payoff, 110 inflated, 159
– initialized, 25, 310 inflationary function, 359
– µ-game, 248 initialized game, 25
– mean payoff, 109, 110 initially closed, 212
– memoryless, 32 instance, 155
– Muller, 25, 28 interpretation, 299
– parity, 25, 28, 141, 143, 310 inverse alphabet, 272
– – finite, 103, 106 inverse substitution, 272
 Index 383

iteration, 285, 292 MSO automaton, 293

MSO-interpretation, 266
Jurdziński’s algorithm, 123 Muller
– acceptance condition, 6, 12
König’s lemma, 55 – automaton, 43
Kripke structure, 154 – – deterministic, 53, 59, 60
– – tree, 137, 139–141, 214
labeled tree, 136, 264 – game, 25, 28
language, 264 – winning condition, 25, 52
– finite words, 219
– ω-language, 3, 217 negation normal form, 344
– tree, 219 nondeterministic automaton, 288
LAR, see latest appearance record
ω-automaton, 4
latest appearance record, 12
ω-Kleene closure, 6
latest appearance records, 140
ω-language, 3, 217
lattice, 359, 362 ω-path, 241
least fixed point, 173, 359 ω-unravelling, 241
lift operator, 122 ω-word, 3
limit tree, 198 odd cycle, 117
logic, 220 optimal strategy, 110
– first-order, 226, 233, 236, 238 order
– guarded second-order, 209 – countable linear, 225
– monadic second-order, 209, 210, 219, – dense linear, 224
221, 225, 231, 238, 243, 244, 337 – lexicographic, 212
– weak monadic second-order, 210, 221, – prefix, 211, 264
238 – regular, 228
µ-automaton, 247, 249 Πn -test automaton, 195
µ-calculus, 174, 220, 245, 324 pairs acceptance condition, 8
– finite model property, 229 paradise, 98, 99
– formula, 172 parity acceptance condition, 10, 138, 287
– – graph of a, 176 parity automaton
– hierarchy, 188, 199, 200 – tree, 138, 140
– model checking, 107, 183 – weak alternating, 68, 74–76
– normal form, 174 – – stratified, 69
µCGF, 324, 354, 355 parity game, 25, 28, 141, 143
µ-game, 248 – finite, 103, 106
µGF, 324 – Jurdziński’s algorithm, 123
macrostate, 44 – simple algorithm, 114
marking, 246, 274 – strategy improvement algorithm, 125
Mazurkiewicz trace, 44 – subexponential algorithm, 111
mean payoff game, 109, 110 – UP-algorithm, 117
memoryless determinacy, 33 – weak parity, 70
memoryless game, 32 parity progress measure, 118
modal fragment, 321 parity winning condition, 25
modal µ-calculus, see µ-calculus path, 63, 213
monadic second-order logic, 209, 210, – in a tree, 136, 304
219, 221, 225, 231, 238, 243, 244, 337 – maximal, 63
monotone function, 359 play, 24, 71, 141
MSO, see monadic second-order logic pointed transition system, 154
384 Index

positional game, 32 sliced graph, 64

positive Boolean formula, 68 SnS, 222, 224
– dual, 69 SωB, 222, 224
prefix-recognizable graph, 263, 267 solitaire game, 117
prefix-recognizable rewrite rules, 268 SωS, 222
Presburger arithmetic, 225 stable, 275
process, 318 strategy, 27, 143
progress measure, 64, 65 – attractor, 35
– game, 120 – closed, 118
– parity, 118 – finite memory, 31
– – extended , 120 – forgetful, 31
progress ordering, 126 – memoryless, 31, 143
projection, 136 – of a tree-automaton, 306
pushdown – optimal, 110
– game, 311 – positional, 31
– system, 311 – trapping, 36
pushdown graph, 263 – winning, 27, 128, 143
stratified weak alternating parity
quantifier alternation, 217 automaton, 69
Streett
Rabin – acceptance condition, 9, 16, 79
– acceptance condition, 8, 12, 16 – automaton, 79
– automaton, 43 – – deterministic, 18, 86
– – deterministic, 18, 53, 59, 60 – – nondeterministic, 80
– – tree, 139–141 – – tree, 139–141
– winning condition, 25 – winning condition, 25
Rabin chain subgame, 96
– game, 25 successors, 23
– winning condition, 25 sum of automata, 287
recognizable, 265
recovered structure, 346 theory, 266
regular game, 25 tile, 164
regular graph, 263 transition conditions, 155
regular tree, 147, 264 transition graph, 311
restriction, 273 – of an alternating tree automaton, 172
run, 4, 62, 79, 186 transition system, 154
– accepting, 62, 187 – extension, 241
– of a tree automaton, 137 – ω-unravelling, 241
run dag, 69 – pointed, 154
run graph, 63 – with source, 240
transition tree, 240
Σ-graph, 264 translation of logics, 222
Σn -test automaton, 195 trap, 36, 97
S1S, 211, 214, 217 tree, 136, 264, 286
S2S, 211, 214, 217 – W -tree, 304
Safra tree, 47, 48 – Σ-labeled W -, 304
Safra’s construction, 46, 50 – complete, 264
satisfaction relation, 210 – consistent, 346
simple stochastic game, 111 – emptiness problem, 149
slice, 64 – finite binary, 219
 Index 385

– full infinite, 304 weak acceptance condition, see accep-

– infinite binary, 136, 211, 219 tance condition
– – extended, 211 weak alternating parity automaton, 68,
– k-type, 345 74–76
– regular, 147, 264 weak monadic second-order logic, 210,
– strategy, 144 221, 238
– winning, 144 well named formula, 344
tree automaton, 135, 137, 286 width of a formula, 326, 344
– alternating, 155, 157, 158, 348 width of a sliced graph, 64
– alternating two-way, 349, 355 winning condition, 24, 28, 34
– Büchi, 139 – 1-winning, 25
– complement, 141, 144, 146 – Büchi, 25
– deterministic, 147 – Muller, 25, 52
– input free, 147 – parity, 25
– Muller, 137, 139–141, 214 – Rabin, 25
– parity, 138, 140 – Rabin chain, 25
– Rabin, 139–141 – Streett, 25
– Streett, 139–141 winning region, 28, 104
tree decomposition, 330 winning set, 24
tree model property, 321, 331, 355 winning strategy, 27, 128, 143
tree width, 330 winning tree, 144
Turing machine, 236 witness set, 80
WMSO, see weak monadic second-order
unmarked boundary, 64 logic
unravelling, 346 word
unravelling tree, 345 – accepted, 62
UP, 104, 115 – finite, 219
valuation, 125–127 – ω-word, 3, 219
vocabulary, 209 – – as structure, 211
– – extended, 211
WAPA, see weak alternating parity WS1S, 211, 217, 220
automaton WS2S, 211, 217, 219