Automata-based Axiom Pinpointing

(1)

FranzBaader RafaelPe~naloza

thedateofreeiptandaeptaneshouldbeinsertedlater

Abstrat Axiompinpointinghasbeenintrodued indesription logis(DL)tohelp

theuserunderstandthereasonswhyonsequenesholdbyomputingminimalsubsets

of the knowledge base that have the onsequene in question (MinA). Most of the

pinpointing algorithms desribed inthe DL literature are obtained as extensions of

tableau-based reasoning algorithmsfor omputing onsequenes fromDL knowledge

bases. In this paper, we show that automata-based algorithmsfor reasoning inDLs

andotherlogisanalsobeextendedtopinpointingalgorithms.Theideaisthatthe

treeautomatononstrutedbytheautomata-basedapproahanbetransformedinto

a weighted tree automaton whose so-alled behaviour yields a pinpointing formula,

i.e.,amonotoneBooleanformulawhoseminimalvaluationsorrespondtotheMinAs.

We also develop an approah for omputing the behaviour of a givenweighted tree

automaton. Weuse theDL SI as wellas LinearTemporalLogi (LTL)to illustrate

ournewpinpointingapproah.

1Introdution

Desriptionlogis (DLs)[2℄ are afamilyof logi-basedknowledgerepresentationfor-

malisms,whihareemployedinvariousappliationdomains,suhasnaturallanguage

proessing, onguration, databases, and bio-medial ontologies, buttheir most no-

tablesuess so far isthe adoptionof theDL-basedlanguageOWL[21℄ asstandard

ontology language for the semanti web. As the size of DL-based ontologies grows,

toolsthat supportimprovingthe quality ofsuhontologiesbeome moreimportant.

DLreasoners[20,19,38℄anbeusedtodetetinonsisteniesandtoinferotherimpliit

onsequenes,suhassubsumptionrelationshipsbetweenoneptsorinstanerelation-

shipsbetweenindividualsandonepts.However,foradeveloperoruserofaDL-based

ontology,itisoftenquitehardtounderstandwhyaertainonsequeneomputedby

the reasoner atually follows from the knowledgebase. For example, in the urrent

FirstauthorpartiallysupportedbyNICTA,CanberraResearhLab.,andseondauthorfunded

bytheGermanResearhFoundation(DFG)undergrantGRK446.

TheoretialComputerSiene,TUDresden,Germany

(2)

DLversionofthemedialontologySNOMEDCT, 1

theoneptAmputation-of-Finger

is lassied as asubonept of Amputation-of-Arm. Finding thesix axiomsthat are

responsible forthis error[10℄ amongthemore than350,000 terminologialaxiomsof

SNOMEDwithoutsupportbyanautomatedreasoningtoolisnoteasy.

Axiom pinpointing [34℄ has been introdued to help developers or users of DL-

basedontologiesunderstandthereasonswhyaertainonsequeneholdsbyomputing

minimalsubsetsoftheknowledgebasethathavetheonsequeneinquestion(MinA).

There aretwogeneralapproahes for omputingMinAs:theblak-box approahand

the glass-box approah. Themost nave variant of the blak-box approah onsiders

all subsets of the ontology, and omputes for eah of them whether it still has the

onsequene ornot.More sophistiated versions[35,22℄ useavariant ofReiter's [32℄

hittingsettreealgorithmtoomputeallMinAs.Insteadofapplyingsuhablak-box

approahtoalargeontology,oneanalsorsttrytondasmallandeasytoompute

subsetoftheontologythatontainsallMinAs,andthenapplytheblak-boxapproah

to thissubset[10℄. Themainadvantageof theblak-boxapproah isthat itanuse

existing highly-optimized DLreasoners unhanged.However, itmay be neessaryto

allthereasoneranexponentialnumberoftimes.Inontrast,theglass-box approah

triestondall MinAsbyasinglerunofamodiedreasoner.

Mostoftheglass-boxpinpointingalgorithmsdesribedintheDLliterature (e.g.,

[4,34,33,27,25℄) areobtained as extensionsoftableau-based reasoningalgorithms[9℄

foromputingonsequenesfromDLknowledgebases.Thepinpointingalgorithmsand

proofs oftheir orretnessin thesepapersare given for a spei DL anda spei

typeofknowledgebaseonly,and itisnotlear towhihoftheknowntableau-based

algorithmsforDLstheapproahesreallygeneralize.Forexample,thepinpointingex-

tension desribed in [25℄, whih an deal with general onept inlusions (GCIs) in

the DL ALC, follows the approah introdued in[4℄, butsine GCIs require thein-

trodutionofso-alledblokingonditionsintothetableau-basedalgorithmtoensure

termination[9℄,therearesomenewnon-trivialproblemstobesolved.

Tooverometheproblemofhavingtodesignanewpinpointingextensionforevery

tableau-basedalgorithm, wehaveintrodued in[5℄ ageneralapproahfor extending

tableau-basedalgorithmstopinpointingalgorithms.Thisapproahhas,however,some

annoyinglimitations.First,itonlyappliestotableau-basedalgorithmsthatterminate

withoutrequiringanyyle-hekingmehanismsuhasbloking.Seond,termination

ofthetableau-basedalgorithmonestartswithdoesnotneessarilytransfertoitspin-

pointingextension. Thoughtheseproblemsan, inpriniple,besolvedbyrestriting

thegeneralframeworktoso-alledforesttableaux[8,7℄,thissolutionmakesthedeni-

tionsandproofsquiteompliatedandlessintuitive.Also,theapproahanstillonly

handlethe mostsimpleversion ofbloking,usuallyalledsubsetblokingintheDL

literature.

Inthepresentpaper,weproposeadierentgeneralapproahforobtainingglass-box

pinpointingalgorithms,whihalsoappliestoDLsforwhihtheterminationoftableau-

basedalgorithmsrequirestheuseofappropriateblokingonditions.Itiswell-known

thatautomataworkingoninnitetreesanoftenbeusedtoonstrutworst-aseopti-

maldeisionproeduresforsuhDLs[13,26,11,14,3℄.Inthisautomata-basedapproah,

theinputinferene problem is translatedintoatreeautomatonA ,whihis then

testedfor emptiness.Basially, ourapproahtransformsthetreeautomatonA into

aweightedtreeautomatonworkingoninnitetrees,whoseso-alledbehaviouryields

1

(3)

apinpointingformula, i.e., amonotone Boolean formulathat enodes all the MinAs

of .Toobtain anatualpinpointingalgorithm,we hadtodevelop analgorithm for

omputingthebehaviourofweightedtreeautomataworkingoninnitetrees.Whenwe

startedourwork,weouldnotndsuhanalgorithminthequiteextensiveliterature

on weighted automata. In fat, although weighted automata working onnite trees

[37℄ and weighted automataworking oninnite words [16℄ have beenonsidered for

quiteawhile,theresearhonweightedautomataworkingoninnitetrees hasstarted

onlyreently [23,15℄. During thedevelopment ofour work, analternative algorithm

for omputingthebehaviour ofweighted treeautomataworking oninnite trees has

independentlybeendevelopedin[15℄.Itturnsout,however,thatusingthisalgorithm

inour pinpointingappliation basiallyyields a blak-box approah for pinpointing,

ratherthanaglass-boxapproah,asouralgorithmdoes(seeSetion5.4).

We will use the DL SI, whih extends the basi DL ALC [36℄ with transitive

and inverse roles, as well as Linear Temporal Logi (LTL) [28,17℄ to illustrate our

newpinpointingapproah.Theuseof SI is,ontheonehand,motivatedby thefat

thatthepreseneofinversesinSIrequirestableau-basedalgorithmstouseabloking

onditionthatismoresophistiatedthansubsetbloking[9℄.Consequently,ourgeneral

resultsontableau-basedapproahforpinpointing[8,7℄donotapplytothisDL.Onthe

otherhand,theextensionoftheirapproahtoSIismentionedasanopenproblemin

[25℄.TheautomatausedtodeidesatisabilityinSIareso-alledloopingautomata,

whih do notuse anaeptane ondition. Our hoie of LTL as a seond example

is, onthe onehand,motivatedby the fat that automata-based algorithmsfor LTL

requiretheuseofautomatawithaBuhiaeptaneondition.

2

Onetheotherhand,

we believe that pinpointingan also be a useful inferene servie in appliations of

LTL.InLTLmodelheking[12℄, itdoesnotmakesenseto hek whetherasystem

desriptionsatisesagivenLTLformulaifthisformulaoritsnegationisunsatisable.

Pinpointing ould help the userto nd the reasons for the unsatisability and thus

orrettheformula.InLTLsynthesis[29,24℄onetriestogenerateareativenite-state

systemfrom aformalspeiation, whihisgivenas anLTLformula. Iftheformula

is unsatisable, then the speiation is obviously faulty, and needs to be repaired.

Pinpointingouldbeusedtosupporttherepair proess bylarifying thereasonsfor

unsatisability.

Inthenextsetion,werstintroduetheDLSIandthetemporallogiLTL,and

thenrealltherelevantdenitionsregardingpinpointing.Setion3denesgeneralized

Buhitree automata, their restritions to Buhitree automataand looping treeau-

tomata, andtheir generalization to the weighted ase. InSetion 4,we rstpresent

ourgeneralapproahforautomata-basedpinpointing,whihisbasedonthenotionof

anaxiomatiautomaton anditstransformation intoapinpointingautomaton.Then,

weshowthat thisapproahanbeappliedto SIand LTLby introduingaxiomati

automatafortheselogis.Thepinpointingautomatonisaweightedautomatonwhose

behaviour is the pinpointingformula. Thus, to apply our approah inpratie, one

needs to be able to ompute the behaviour of weighted generalized Buhi tree au-

tomata.InSetion5,we rstshowhowto omputethebehaviourofweightedBuhi

treeautomata.Seond,weexplainhowthisomputationanbesimpliedforthease

of weighted looping tree automata. For the DL SI, the pinpointingautomaton on-

2

Weould,ofourse,alsohaveusedaDLwithtransitivelosureofroles[1℄forthispurpose.

However,suhDLsareuntilnownotusedinappliations,andwealsowantedtomakelear

(4)

strutedbyourapproahissuhaweightedloopingtreeautomaton.Third,wedene

abehaviour-preservingpolynomial-timeredutionof weighted generalized Buhi tree

automata to weighted Buhi tree automata, whih yields an approah for omput-

ingthebehaviourofweightedgeneralizedBuhitreeautomata.Forthetemporallogi

LTL,thepinpointingautomatononstrutedbyourapproahisaweightedgeneralized

Buhitreeautomaton.Fourth,weompareourapproahforomputingthebehaviour

ofweightedBuhitreeautomatawiththeonedevelopedin[15℄.Setion6summarizes

theresultsofthepaperandgivessomeperspetivesonfurtherresearh.

Thisworkextendsthe resultsin[6℄ (theonfereneversion ofthis paper),whih

apply toloopingautomataonly,tothe aseof automatawithBuhiaeptaneon-

ditions.

2Preliminaries

Inthis setion, werst introduethe DL SI and the temporallogi LTL, and then

realltherelevantdenitionsregardingpinpointingfrom[5℄.

2.1 TheDesriptionLogiSI

Asmentionedabove,SIextendsthebasiDLALC withtransitiveandinverseroles.

Anexampleofarolethat shouldbeinterpretedas transitive ishas-desendant,while

has-anestorshouldbeinterpretedastheinverseofhas-desendant.Insteadofemploying

theusual approahof\hard-oding" inverseand transitiverolesinto thesyntaxand

semantisofoneptdesriptions,weallowtheuseofinverseandtransitivityaxiomsin

theknowledgebase.Thisenablesustopinpoint alsothesekindsofaxiomsasreasons

forertain onsequenes.Thus,theoneptdesriptions thatweonsiderinthisase

aresimplyALC oneptdesriptions.

Denition1 (ALC onept desriptions) LetN

C

beasetofoneptnamesand

N

R

asetofrolenames. Theset of ALC oneptdesriptions isthe smallestsetsuh

that

{ alloneptnamesareALConeptdesriptions;

{ ifC andD areALConeptdesriptions,thensoare:C,CtD,andCuD;

{ if C is anALC onept desription and r 2 N

R

, then 9r:C and 8r:C are ALC

oneptdesriptions.

Aninterpretation isapairI=( I

; I

)wherethedomain I

isanon-emptysetand

I

isafuntionthatassignstoeveryoneptnameAasetA I

I

andtoeveryrole

name r abinaryrelation r I

I

. Thisfuntionisextended toALC onept

desriptionsasfollows:

{ (CuD) I

=C I

\D I

; (CtD) I

=C I

[D I

; (:C) I

=

I

nC I

;

{ (9r:C) I

=fx2 I

jthereisay2 I

with(x;y)2r I

andy2C I

g;

{ (8r:C) I

=fx2 I

jforally2 I

,(x;y)2r I

impliesy2C I

g.

Inthispaperwerestritourattentiontoterminologialknowledge,whihisgiven

(5)

Denition2 (SI TBoxes) AnSI TBox isa niteset of axiomsof the following

form:

(i) CvDwhereCandD areALConeptdesriptions(GCI);

(ii) trans(r)wherer2N

R

(transitivityaxiom);

(iii) inv(r;s),wherer6=s2N

R

(inverseaxiom),

suhthateveryr2N

R

appearsinatmostoneinverseaxiom.

AninterpretationIisalled amodeloftheSITBoxT ifitsatisesallaxiomsin

T,i.e., if

(i) CvD2T impliesC I

D I

;

(ii) trans(r)2T impliesthatr I

istransitive;

(iii) inv(r;s)2T impliesthat(x;y)2r I

i(y;x)2s I

.

The main inferene problemsfor terminologial knowledge are satisability and

subsumption

Denition3 (satisability,subsumption)LetCandDbeALConeptdesrip-

tions andT anSITBox.We saythat C issatisable w.r.t. T if thereisamodelI

of T suhthat C I

6=;.Inthis ase, I is alsoalled amodel of C w.r.t. T.We all

Cunsatisable w.r.t.T ifitdoesnothaveamodelw.r.t.T.Finally,wesaythatC is

subsumedbyDw.r.t.T ifC I

D I

holdsineverymodelIofT.

Wewanttopinpointreasonsforunsatisability andforsubsumption.SineC issub-

sumedby D w.r.t.T i Cu:Disunsatisablew.r.t. T,itis obviously suÆientto

designapinpointingalgorithmforunsatisability.

Theautomata-basedapproahfordeiding(un)satisabilityusesthefat thatan

ALConeptdesriptionC issatisablew.r.t.anSITBoxT iithasaertaintree-

shapedmodel,alledHintikkatreeforCandT.Itonstrutsaloopingtreeautomaton

workingoninnitetrees whoseruns are exatlytheHintikkatrees for C andT (see

[3℄andSetion4.2),andthenteststhisautomatonforemptiness.

2.2 LinearTemporalLogi

LinearTemporalLogi(LTL)isanextensionofpropositionallogithatallowsreason-

ingabouttemporalproperties,wheretimeisseenasdisreteandlinear.Thesemantis

ofthislogi usethenotionofaomputation,whihintuitivelyorrespondtointerpre-

tationswhosedomainisxedtobethesetofnaturalnumbers.

Denition4 (LTL formulae) LetPbeasetofpropositional variables.Thesetof

LTLformulaeisthesmallestsetsuhthat

{ allpropositionalvariablesareLTLformulae,

{ ifand areLTLformulae,thensoare:;^ ;,andU .

A omputation is a funtion : N !

P

(P), where N represents the set of natural numbers.ThisfuntionisextendedtoLTLformulae asfollows, foreveryi2N :

{ :2(i)i2=(i); ^ 2(i)if; g(i);

(6)

{ U 2(i)ithereisajisuhthat 2(j)andforallk;ik<j,itholds

that2(k).

TheLTLformulaissatisableifthereisaomputationsuhthat2(0).

OneisusuallyinterestedindeidingwhetheragivenLTLformulaissatisableor

not.Here,wewilllookatthesatisabilityprobleminamorene-grainedmanner.We

areinterestedindetetingwhihpartsoftheformulaatuallyausetheunsatisability.

More preisely, we will assume that our formula is a onjuntion of LTLformulae,

and we want to ndout whih onjuntsare responsible for the unsatisability.We

additionally allow some of these onjunts to be trusted inthe sense that theywill

neverbeonsideredastheausesforunsatisability.Thus,weonsiderLTLformulae

thatare onjuntionsofastati formula, whihmustalwaysbethere,and asetof

refutableformulaeR,whihanberemoved.

Denition5 (axiomatisatisability)LetbeanLTLformulaandRaniteset

ofLTLformulae. We say that is a-satisablew.r.t. Rif ^

V

2R

issatisable,

i.e., there is a omputation suhthat R[fg (0). Inthis ase, is alled a

omputationfor(;R).

Wewill showinSetion4.3 howoneanonstrutaBuhitreeautomaton that has

as its suessful runs all omputations for the input, thus allowing us to redue a-

satisabilitytotheemptinessproblemforBuhitreeautomata.

2.3 BasiDenitionsforPinpointing

Following[5℄,wedenepinpointingnotforaspeilogi andinfereneproblem,but

ratherinamoregeneralsetting. Thetypeofinfereneproblemsthatwewillonsider

isdeidinga so-alled-propertyfor agivensetofaxiomatizedinputs.Toobtain an

intuitive understanding ofthe following denition, justassume that inputsare ALC

oneptdesriptions, admissiblesetsof axiomsareSITBoxes,andthe -propertyis

unsatisablility.

Denition6 (axiomatizedinput, -property)LetIandTbesetsofinputsand

axioms,respetively,andlet

P

admis

(T)

P

n

(T)beasetofnitesubsetsofTsuh

thatT 2

P

admis

(T)impliesT 0

2

P

admis

(T)forallT 0

T.Anaxiomatizedinputfor

Iand

P

admis

(T)isoftheform(I;T)whereI2IandT 2

P

admis (T).

A onsequene property(or-property for short)isasetPI

P

admis

(T)suh

that(I;T)2P implies(I;T 0

)2P foreveryT 0

2

P

admis

(T)withT 0

T.

Thereason why we have introdued the set

P

admis

(T) of admissible subsets of

T (rather than taking all nite subsets of T) is to allow us to impose additional

restritionsonthe sets ofaxiomsthat mustbe onsidered.For instane,SITBoxes

arenotarbitrarynitesetsofaxiomsoftheform(i), (ii),and(iii)(seeDenition2).

Inaddition, we requirethat every role name appearsin at most oneinverse axiom.

Clearly,thisrestritionsatisesourrequirementforadmissiblesetsofaxioms.

TheproblemsofunsatisabilityofALConeptdesriptionsw.r.t.SITBoxesand

(7)

onsistofallALConeptdesriptions,TofallGCIs,transitivityaxioms,andinverse

axioms,and

P

admis

(T)ofallSITBoxes.Thefollowingisa-property:

P=f(C ;T)jCisunsatisablew.r.t.Tg:

Likewise,ifIandTbothonsistofallLTLformulaeand

P

admis

(T)=

P

n

(T),then

P=f(;R)jisa-unsatisablew.r.t.Rg

isa-property.

Denition7 Given anaxiomatized input =(I;T) and a-property P, a setof

axioms S T is alled a minimal axiom set (MinA) for w.r.t. P if (I;S) 2 P

and (I;S 0

)2=P foreveryS 0

S.Thesetof allMinAs for w.r.t. Pis denotedby

MIN

P( ) .

NotethatthenotionofaMinAisonlyinterestingif 2P;otherwise,themonotoniity

requirementforP entailsthatMIN

P( )

=;.Letusinstantiatethisdenitionforthe

two-propertieswehaveintroduedabove.

Inour SI example, onsider the axiomatized input =(Au8r:C ;T) where T

onsistsof

ax

1

: Av9r:B; ax

2

: Bv8s::A; ax

3

: Cv:B; ax

4

: inv (r;s) (1)

It is easy to see that 2 P, and that the set of all MinAs for is MIN

P( )

=

ffax

1

;ax

2

;ax

4 g;fax

1

;ax

3 gg.

ForthelogiLTL,onsidertheaxiomatizedinput =(q;R)whereRisgivenby

ax

1

: pU:q; ax

2

: :p; ax

3

: q; ax

4

: :(q^p): (2)

ThesetofallMinAsfor isthenMIN

P( )

=ffax

1

;ax

2

;ax

3 g;fax

1

;ax

3

;ax

4

gg.Thus,

in the LTL formula q^pU:q ^:p^q^:(q^p), the MinAs tell us whih

minimal ombinations ofthe last four onjuntsare responsible for unsatiability in

thepreseneofq.

Onemight think that pinpointing (i.e., the omputation of MinAs) an onlybe

appliedintheLTLsettingiftheformulaoneisinterestedinisalargeonjuntionof

small formulae. Atrstsight, itisnotlearhowasubformula thatdoesnotour

as a top-level onjunt ould be pinpointed as a ulprit for unsatisability.This is,

however,possiblebyreplaingsuhasubformula byanewpropositionalvariablep

andaddingthe\denition"(p , )asatop-levelonjunttotheformulaobtained

thisway.

3

InsteadofomputingallMinAs,oneanalsoomputeapinpointingformula.To

denethisformula,weassumethateveryaxiomt2Tislabelledwithauniquepropo-

sitionalvariable,lab(t).Letlab(T)bethesetofallpropositionalvariableslabellingan

axiominT.AmonotoneBooleanformulaoverlab(T)isaBooleanformulausingvari-

ablesinlab(T)andonlytheonnetivesonjuntionanddisjuntion.Inaddition,the

onstants>and?,whihalwaysevaluatetotrueandfalse,respetively,aremonotone

Boolean formulae. Weidentifyapropositionalvaluation withthe setofpropositional

variablesthatitmakestrue.ForavaluationVlab(T),letT

V

=ft2T jlab(t)2Vg.

ReallthatifT 2

P

admis

(T)thenforeveryT 0

T itholdsthatT 0

2

P

admis (T).In

partiularthismeansthatT

V 2

P

admis

(T)foreveryvaluationV.

3

Here,isanabbreviationfor:(>U:)and

1 ,

2

isanabbreviationfor:(

1

^:

2 )^

:(: ^ ).

(8)

Denition8 (pinpointing formula)Givena-propertyPandanaxiomatizedin-

put =(I;T), themonotone Boolean formula overlab(T) isalled apinpointing

formula for w.r.t.Pifthefollowingholdsfor everyvaluationV lab(T):

(I;T

V

)2P i V satises:

InourSI example,weantakelab(T)=fax

1

;:::;ax

4

gassetofpropositional vari-

ables. It is easy to see that ax

1

^((ax

2

^ax

4 )_ax

3

) is a pinpointing formula. In

the LTLexample, we antake the sameset of propositional variables.In this ase,

ax

1

^ax

3

^(ax

2 _ax

4

)isapinpointingformula.

Valuationsanbe orderedbysetinlusion.Thefollowing is animmediate onse-

queneofthedenitionofapinpointingformula [4℄:ifapinpointingformula for

w.r.t.P,then

MIN

P( )

=fT

V

jV isaminimalvaluationsatisfyingg:

Thisshows thatitis enoughtodesignanalgorithmfor omputingapinpointingfor-

mula toobtain allMinAs. However,the redutionsuggestedby theabove identityis

not polynomial. Onepossible way to obtain MIN

P( )

from is to rst transform

intodisjuntivenormalform,andthenremovesuperuousdisjunts.Itiswell-known

that this anause anexponentialblow-up. Thisshould, however, notbe viewedas

adisadvantageofapproahesomputingthepinpointingformula ratherthandiretly

MIN

P( )

.If suha blow-uphappens, thenthe pinpointing formulaatually yields a

ompatrepresentationofall MinAs.

3BuhiTree Automata

In this setion, we introdue both unweighted and weighted generalized Buhi tree

automata. These automata reeive innite trees of a xed arity k as inputs. For a

positive integerk,wedenotethe setf1;:::;kgbyK.Thenodes ofourtrees anbe

identiedby words inK

inthe usualway: therootnodeis identiedbythe empty

word",and thei-th suessorofthenodeu isidentiedby uifor1ik.Inthe

ase oflabelledtrees, we will refer tothe labelling ofthe nodeu2K

inthetree r

by r(u). Wewillalsouse

!

r(u)todenotethetuple

!

r(u)=(r(u);r(u1);:::;r(uk)).An

innitetreerwithlabelsfromasetQanberepresentedasamappingr:K

!Q.

For our purpose, it is suÆient to use unlabelled innite trees as inputsfor our

treeautomata.Foraxedarityk,thereisexatlyonesuhtree,whihweanidentify

withthesetofitsnodes,i.e.,withK

.Wewill alsousetheoneptof apathinthis

tree.A pathis asubsetpK

suhthat "2pandfor everyu2pthereis exatly

onei;1ikwithui2p.

Denition9 (Buhitreeautomaton)AgeneralizedB uhitreeautomatonforarity

k is a tuple(Q;;I;F

1

;:::;Fn),where Q is anite setof states, Q k +1

is the

transition relation, I Q isthe set ofinitial states, and F

1

;:::;Fn Q are setsof

nal states. A generalized Buhitree automaton is alled B uhi automaton if it has

onlyonesetofnalstates;i.e.,ifn=1.Itisalledloopingtree automatonifn=0.

Arun of a generalizedBuhiautomaton onthe unlabelled treeK

is alabelled

!

(9)

everypathpand everyi;1in,thereareinnitely manynodes u2p suhthat

r(u)2F

i .

TheemptinessproblemforgeneralizedBuhitreeautomataforaritykistheprob-

lemofdeidingwhether agivensuhautomaton hasasuessful runr withr(")2I

ornot.

Letus illustrate the notions introdued inthis denition on asimple Buhiau-

tomaton.

Example1 ConsidertheBuhitreeautomatonA ex

=(Q;;I;F)forarity2,where

{ Q=fq

0

;q

1

;q

2

;q

3

g,I=fq

0

g,andF =fq

1

;q

3 g:

{ =f(q

0

;q

1

;q

1 );(q

0

;q

2

;q

2 );(q

1

;q

1

;q

1 );(q

2

;q

2

;q

2 );(q

2

;q

3

;q

3 )g.

Thisautomaton has tworuns that labelthe root withthe initial stateq

0 :r

1 , whih

labelsallthenon-rootnodeswithq

1 ,andr

2

,whihlabelsallthenon-rootnodeswith

q

2

;thelatterisnotsuessful,buttheformeris.Thus,A ex

hasr

1

asasuessfulrun

thatlabelstheroot withaninitialstate.Thebinarytreer

3

thatlabelstheroot with

q

0

andall thenon-rootnodeswithq

3

isnot arunofA ex

.Finally,therunr

4 ,whih

labelsallnodeswithq

1

,isasuessfulrunofA ex

,butitdoesnotlabeltherootwith

aninitialstate.

Althoughadiretalgorithmfordeidingthe emptinessproblemfor ageneralized

Buhiautomatonisskethedin[40℄,inthejournalversionofthatpaper[41℄,theideais

simpliedbypresentingaredutiontotheemptinessproblemforBuhiautomata.Our

treatmentofweightedautomatawillfollowasimilarapproah.First,wewillshowhow

toomputethebehaviourofweightedBuhiautomatabyanapproahthatisinspired

bytheemptinesstest forBuhiautomata.

4

Then,wewillintroduearedutionfrom

weightedgeneralizedBuhiautomatatoweightedBuhiautomatathat preservesthe

behaviour.

Wewilllaterextendautomata-baseddeisionproeduresintoalgorithmsthatom-

putepinpointingformulae by transforming Buhiautomata intoweighted Buhiau-

tomata.Theweightsofsuhautomataomefromadistributivelattie [18℄.

Denition10 (distributive lattie) Adistributivelattieisapartiallyorderedset

(S;

S

)suhthatinmaandsupremaofarbitrarynitesubsetsofS alwaysexistand

distributeovereahother.Thedistributivelattie(S;

S

)isalledniteifitsarrier

setSisnite.

Any weighted automaton uses as weights onlynitely many elements of the under-

lyingdistributive lattie. Sine nitely generated distributive latties are nite [18℄,

the losure of this set under the lattie operations inmum and supremumyields a

nitedistributivelattie.Forthisreason,wewillinthefollowing assumewithoutloss

of generality that the weights of our weighted Buhi automaton ome from a nite

distributivelattie(S;

S ).

Inthe following, we will often simply use the arrier set S to denote the nite

distributive lattie (S;

S

). Theinmum(supremum)of asubsetT S will bede-

notedby

N

t2T t(

L

t2T

t).Wewill oftenomputetheinmum(supremum)

N

i2I t

i

(

L

i2I t

i

)overaninnitesetofindiesI.However,thenitenessofthelattieandthe

4

(10)

idempotenyoftheoperatorsinmumandsupremumensurethatthesetsoverwhih

the operators are atually appliedare nite,and hene inmumand supremum are

well-denedinthisase.Fortheinmum(supremum)oftwoelements,wewillalsouse

inxnotation,i.e.,writet

1 t

2 (t

1 t

2

)todenotetheinmum(supremum)oftheset

ft

1

;t

2

g.Theleastelement ofS (i.e.,theinmumofthewholesetS) willbedenoted

by0,andthegreatestelement(i.e.,thesupremumofthewholesetS)by1.

Itshouldbenotedthatourassumptionthattheweightsomefromanitedistribu-

tivelattieis strongerthantheoneusuallyenounteredintheliteratureonweighted

automata. In fat, for automata working onnite words or trees, it is suÆient to

assumethatthe weightsomefromaso-alledsemiring[37℄.Inordertohaveawell-

denedbehaviouralsoforweightedautomataworkingoninniteobjets,theexistene

of inniteproduts and sumsis required[16,31℄. Asmentionedabove, ourniteness

assumptionensuresthat suhinnite produts andsums areatually nite.Thead-

ditionalproperties imposedbyourrequirementto haveadistributivelattie (inpar-

tiular,distributivityandtheidempotenyofprodutandsum)areneessaryfor our

approah of omputing the behaviour of weighted Buhi automata (see Setion 5).

Thesestrongerassumptionsarenotproblematiinourpinpointingappliation:aswe

will see later, the weights we will enounter in our omputation of the pinpointing

formulaatuallyomefromanitelygeneratedfreedistributivelattie.

Denition11 (weightedBuhiautomaton)LetS beanitedistributivelattie.

A weighted generalized B uhi automaton (WGBA)overS for arity k is atuple A=

(Q;in;wt;F

1

;:::;F

n

) where Q is a nite set of states, in : Q ! S is the initial

distribution,wt:Q k +1

!Sassignsweightstotransitions,andF

1

;:::;F

n

Qarethe

setsofnalstates. AWGBAisalledweightedB uhiautomaton(WBA)ifn=1and

weightedlooping automaton(WLA)ifn=0.

A run of the WGBA A is a labelled tree r : K

! Q. The weight of this run

is wt(r) =

N

u2K

wt(

!

r(u)). This run is suessful if, for every path p and every

i;1 i n, thereare innitely manynodes u 2 p suhthat r(u)2 F

i

. Letsu

A

denotethesetofallsuessfulrunsofA.ThebehaviouroftheautomatonAis

kAk:=

M

r2su

A

in(r("))wt(r):

LetusillustratethisdenitionontheexampleofaWBAovertheBooleansemiring

thatsimulatesan(unweighted)Buhitreeautomaton.

Example2 TheBooleansemiringB =(f0;1g;^;_;1;0)isanitedistributivelattie,

wherethepartialorderisdenedas1

B

0.Notethatwehavedened1tobesmaller

than 0, and thus onjuntion yields the supremum (i.e., is the \addition" ) and

disjuntionyieldstheinmum(i.e.,isthe\multipliation").Likewise,1istheleast

element0,and0isthe greatestelement 1.Thereason forthisunorthodox denition

isthatthismakesiteasytotransformagivenBuhitreeautomatonA=(Q;;I;F)

into aWBA Aw onB suhthat thebehaviourof Aw is 0iA hasasuessful run

that labelsthe rootwith aninitialstate. InAw,theinitial distributionmapsinitial

statesto0andall otherstatesto1;atupleinQ k +1

getsweight 0ifitbelongsto,

andweight 1otherwise.

ConsidertheWBAA ex

w

thatisobtainedbyapplyingthisonstrutiontotheBuhi

treeautomatonA ex

ofExample1.Therunr

1

hasweight0sineallthetransitionsit

(11)

disjuntion.Sinethisrunissuessful,itontributesthesummandin(q

0 )wt(r

1 )=

0_0 = 0 to the behaviour of A ex

w

. Sine addition is onjuntion, this auses the

behaviour of A ex

w

to be 0.Let usnevertheless onsider someother runs.Therun r

2

also hasweight 0 andstarts withthe initial state q

0

.However, sinethis run is not

suessful,in(q

0

)wt(r

2

)is notusedasasummandwhenomputingthebehaviour

ofA ex

w

.Thetreer

3

isasuessfulrunofA ex

w

,butitisnotarunofA ex

.Sineituses

the transition (q

3

;q

3

;q

3

), whose weight is 1,its overall weight is 1 as well. Thus,it

ontributesthesummandin(q

0 )wt(r

3

)=0_1=1tothebehaviourofA ex

w

,butthis

summandis\eatenup"bythesummand0ontributedtothesum(i.e.,onjuntion)

bytherunr

1

.Finally,therunr

4

,isasuessfulrunofA ex

w

,whihhasweight0.Sine

q

1

isnotaninitialstateofA ex

,itontributesthesummandwt(q

1 )wt(r

4

)=1_0=1

tothebehaviourofA ex

w .

Bygeneralzing theobservationswehavemadefor therunsr

1

;r

2

;r

3

;r

4 ofA

ex

w ,it

iseasyseethatthefollowingholdsfor anyBuhitreeautomatonA:thebehaviourof

Awis0iAhasasuessfulrunthatlabelstheroot withaninitialstate.

InSetion5,wewilldevelopanapproahforomputingthebehaviourofweighted

(generalized)Buhitreeautomatathatgeneralizestheemptinesstestfor(generalized)

Buhitreeautomata.Butrst,weshowhowtoreduetheproblemofomputingthe

pinpointingformulatotheproblemofomputingthebehaviourofaWGBA.

4Automata-basedPinpointing

Inthissetion,werstintrodueourgeneralapproahforautomata-basedpinpointing,

andthenshowhowitanbeappliedtondingapinpointingformulaforunsatisability

inSIandLTL.

4.1 TheGeneralApproah

Basially,theautomata-basedapproahfordeidinga-propertyPtakesaxiomatized

inputs =(I;T)andtranslatesthemintoautomataA suhthat 2PiA does

not have a suessful run. For example, the automaton onstruted from a onept

desriptionCandaTBoxT hasasuessfulruniCissatisablew.r.t.T,wherethe

-propertyisunsatisability.Ifthetranslationfrom toA isanarbitraryfuntion,

then we have no way of knowing how the axioms in T inuene the behaviour of

theautomaton,andthusitisnotlear howtoonstrutaorrespondingpinpointing

automaton.Forthisreason,wewillassumethattheautomatonA for =(I;T)ina

ertainsensealsoontainsautomataforall axiomatizedinputs(I;T 0

)withT 0

T, 5

whihanbe obtainedbyappropriatelyrestriting the statesandtransitions ofA .

Tobemore preise, let A =(Q;;I;F

1

;:::;Fn) be a generalizedBuhiautomaton

foraritykand =(I;T)anaxiomatizedinput.Thefuntionsres:T !

P

(Q k +1

)

and Ires:T !

P

(Q)are respetively alled atransition restriting funtionand an initialrestritingfuntion.TherestritingfuntionsresandIresanbeextendedto

setsofaxiomsT 0

T asfollows:

res (T 0

):=

\

t2T 0

res (t) and Ires (T 0

):=

\

t2T 0

Ires(t):

5

(12)

ForT 0

T,theT 0

-restritedsubautomatonofAw.r.t.resandIresisdenedas

A

jT

0 :=(Q;\res (T 0

);I\Ires(T 0

);F

1

;:::;F

n ):

Denition12 (axiomati automaton) Let A=(Q;;I;F

1

;:::;Fn) bea gener-

alized Buhi automaton for arity k, = (I;T) an axiomatized input, and res :

T !

P

(Q k +1

) andIres:T !

P

(Q)atransitionand aninitial restritingfuntion, respetively.Thenweall(A;res ;Ires )anaxiomatiautomatonfor .

Given a-property P, we say that (A;res ;Ires) is orret for w.r.t. P ifthe

followingholdsforeveryT 0

T:(I;T 0

)2PiA

jT

0 doesnothaveasuessfulrunr

withr(")2I\Ires(T 0

).

Givena orret axiomatiautomaton for =(I;T), we andeide(I;T 0

)2 P

forT 0

T byapplyingtheemptinesstestforgeneralizedBuhiautomatatoA

jT 0.

Example3 Let =(I;T)be anaxiomatizedinput, whereT =fax

1

;ax

2

;ax

3 g,and

assumethat,forallT 0

T,the-propertyPholdsfor(I;T 0

)ifax

1

;ax

2 g\T

0

6=;.

Thus,MIN

P( )

=ffax

1 g;fax

2

gg,andax

1 _ax

2

isapinpointingformula.

Considertheaxiomatiautomaton(A ex

;res ;Ires),where

{ A ex

istheBuhitreeautomatonintroduedinExample1;

{ thetransitionrestritingfuntionisdenedasres (ax

1

)=nf(q

1

;q

1

;q

1 )g,

res(ax

2

)=,andres (ax

3

)=nf(q

2

;q

2

;q

2 )g;

{ theinitialrestritingfuntionisdenedasIres(ax

1

)=I,Ires(ax

2 )=;,

andIres(ax

3 )=I.

It is easy to see that (A ex

;res ;Ires) is orret for w.r.t. P. In fat, reall that

the onlysuessful run of A ex

isr

1

, whih labels the root with q

0

andall non-root

nodeswithq

1

.Now,assumethatT 0

T.Ifax

1 2T

0

,thenthetransition(q

1

;q

1

;q

1 ),

whihisusedintherunr

1

,isnolongeravailable,andthusr

1

isnotarunofA

jT 0.If

ax

2 2T

0

,thenA

jT

0 doesnothaveaninitialstate,and thusr

1

nolongerstartswith

aninitialstate.Finally,havingax

3 inT

0

doesnotremovetherunr

1

sinethisaxiom

onlyremovesthetransition (q

2

;q

2

;q

2

), whihis notused inr

1

,and italso does not

hangethe set ofinitial states. Consequently,wehaveseen that A

jT 0

doesnothave

arunthatlabelstherootwithaninitialstateifax

1

;ax

2 g\T

0

6=;,andthusiP

holdsfor(I;T 0

).

Now, we show how to transforma orret axiomati automaton into aweighted

generalizedBuhiautomatonwhosebehaviourisapinpointingformulafortheinput.

This weighted automaton uses the T-Boolean semiring, whih is dened as B T

:=

(

^

B(T);^;_;>;?),where

^

B(T) is thequotient set ofall monotone Boolean formulae

overlab(T) by thepropositional equivalenerelation,i.e., twopropositionally equiv-

alent formulae orrespond to the same element of

^

B(T). It is easy to see that this

semiringis indeed adistributive lattie, where the partialorderis dened as

i ! isvalid. Furthermore,as T is nite,this lattie is also nite.

6

Notethat,

similartotheaseoftheBooleansemiringB,onjuntionisthesemiringaddition(i.e.,

yieldsthesupremum)anddisjuntionisthesemiringmultipliation(i.e.,yieldsthe

inmum).Likewise,>istheleastelement0and?isthegreatestelement1.

6 T

(13)

Denition13 (pinpointing automaton) Let (A;res ;Ires) be an axiomatiau-

tomaton for = (I;T), with A = (Q;;I;F

1

;:::;F

n

). The violating funtions

vio:Q k +1

!B T

andIvio:Q!B T

aregivenby

vio(q

0

;q

1

;:::;q

k ) :=

_

ft2Tj(q0;q1;:::;qk)=2res (t)g lab(t);

Ivio(q) :=

_

ft2Tjq2Ires(t)g= lab(t);

wheretheemptydisjuntionyields?.

Thepinpointingautomatoninduedby(A;res ;Ires )w.r.t.T istheWGBAover

B T

(A;res ;Ires) pin

=(Q;in;wt;F

1

;:::;Fn),where

in(q):=

(

Ivio(q) ifq2I,

> otherwise;

wt(q

0

;q

1

;:::;q

k ):=

(

vio(q

0

;q

1

;:::;q

k

) if(q

0

;q

1

;:::;q

k )2,

> otherwise.

It is easyto seethat, if r : K

! Q is a runof A, then itsweight is given by

wt(r) =

W

u2K

vio(

!

r(u)); otherwise, wt(r) =>.Intuitively,the violating funtion

vio expresses whih axiomsare not\satised" by agiven transition, and thusthe

weightofarunaumulatesalltheaxiomsviolatedbyanyofthetransitionsappearing

aslabelsinit.Additionally,thefuntionIviorepresentstheaxiomsthatareviolatedby

theinitialstateofthisrun.Removingalltheaxiomsappearinginthesetwoformulae

wouldyield a subsetof axioms whihatually allows for this run;and hene,if the

runissuessfuland theroot islabelledwithaninitialstate, duetoorretness,the

propertydoesnotholdanymore.Conjoiningthisinformationforallpossiblesuessful

runsleadsustoapinpointingformula.

Beforeformulating and provingthis fatmore formally,let usillustrate theon-

strution of the pinpointing automaton on the axiomati automaton introdued in

Example3.

Example4 Let (A ex

;res ;Ires) be the axiomati automaton from Example 3. The

orrespondingpinpointingautomatonhastheinitialdistributionin,where

in(q

0 )=ax

2

and in(q

1 )=in(q

2 )=in(q

3 )=>;

andtheweight funtionwt,where

wt(q

1

;q

1

;q

1 )=ax

1

and wt(q

2

;q

2

;q

2 )=ax

3

;

wt(q;q 0

;q 00

)=? if (q;q 0

;q 00

)2nf(q

1

;q

1

;q

1 );(q

2

;q

2

;q

2 )g;

wt(q;q 0

;q 00

)=> if (q;q 0

;q 00

)62:

The behaviour of this WBA is k(A ex

;res ;Ires) pin

k =

V

r2su

A ex

in(r("))_wt(r).

Obviously,onlysuessfulrunsthat labeltherootwithq

0

anontributeaonjunt

dierentfrom>tothisonjuntion.ThereisasinglesuessfulrunofA ex

thatsatises

thisrestrition:therunr

1

,whihlabelstherootwithq

0

andallothernodeswithq

1 .

Theweightofthisruniswt(r

1

)=wt(q

0

;q

1

;q

1 )_wt(q

1

;q

1

;q

1

)=?_ax

1

=ax

1 .Sine

in(q

0 )=ax

2

,thisshowsthatk(A ex

;res ;Ires) pin

k=ax

2 _ax

1

,whihisapinpointing

(14)

Theorem 1 LetP be a -property, and =(I;T) anaxiomatized input. Iftheax-

iomatiautomaton(A;res ;Ires) isorretfor w.r.t.P,thenk(A;res ;Ires) pin

kis

apinpointingformula for w.r.t.P.

Proof Weneedtoshowthat,for everyvaluationV lab(T),itholdsthat V satises

k(A;res ;Ires) pin

ki (I;T

V

) 2P. Let V lab(T). Suppose rstthat (I;T

V ) 2= P.

Sine(A;res ;Ires)isorretfor w.r.t.P,theremustbeasuessfulrunrofA

jTV

with r(") 2 I\Ires(T

V

). Consequently,

!

r(u) 2 res (T

V

) holds for every u 2 K

,

and thus V annot satisfy vio(

!

r(u)), for any u 2 K

. Siner is a suessful run

of A

jTV

, it is also a suessful run of A, whih implies wt(r) =

W

u2K

vio(

!

r(u)).

Thus, V doesnot satisfy wt(r).Sine r(") 2 I,we know that in(r("))=Ivio(r("));

additionally,r(")2Ires (T

V

) impliesthat V doesnotsatisfy Ivio(r(")). Thus,V does

notsatisfyin(r("))_wt(r).ButthenV alsoannotsatisfy

V

r2su

A

in(r("))_wt(r)=

k(A;res ;Ires) pin

k.

Conversely,ifV doesnot satisfy k(A;res ;Ires) pin

k=

V

r2su

A

in(r("))_wt(r),

thentheremustexistasuessfulrunrsuhthatV doesnotsatisfyin(r("))_wt(r).

This implies that r(") 2 I \Ires(T

V

) and that

!

r(u) 2 res (T

V

) for all u 2 K

.

Consequently, r is a suessful run of A

jTV

with r(") 2 I\Ires(T

V

), whih shows

(I;T

V

)2=P,bytheorretnessoftheaxiomatiautomaton. ut

4.2 ConstrutingAxiomatiAutomataforSI

IfwewanttoapplyTheorem1toobtainanautomata-basedapproahforpinpointing

unsatisabilityinSI,wemustshowhow,givenanALConeptdesriptionC andan

SITBoxT,weanonstrutanaxiomatiautomaton(A

C;T

;res

C;T

;Ires

C;T )that

isorretfor(C ;T)w.r.t.unsatisability.Forthispurpose,wemustadapttheknown

onstrutionofaloopingautomatonfor SI from[3℄ suhthat ityieldsanaxiomati

automaton.

7

Asmentionedbefore, theautomata-based approahfordeiding(un)satisability

usesthefatthat aoneptis satisable iithasa so-alledHintikkatree.Theau-

tomatontobeonstrutedwillhaveexatlytheseHintikkatreesasitsruns.Intuitively,

Hintikkatreesareobtainedfromtree-shapedmodelsbylabellingeverynodewiththe

\relevant"oneptdesriptionstowhihitbelongs.

Following[3℄,weassumethatalloneptdesriptionsareinnegationnormalform

(NNF),i.e.,negationappearsonlydiretlyinfrontofoneptnames.AnyALConept

desription anbetransformedintoNNFinlinear timeusingdeMorgan, dualityof

quantiers,andeliminationofdoublenegations.WedenotetheNNFofC by nnf(C)

andnnf(:C)byvC.GivenanALConeptdesriptionCandanSITBoxT,theset

ofrelevantoneptdesriptionsisthesetofallsubdesriptionsofCandoftheonept

desriptionsvDtE forDvE2T.Wedenotethissetbysub(C ;T).Thesetofrole

namesourringinC or T isdenotedby rol(C ;T).Thestatesofour automatonare

so-alled Hintikkasets,whihinadditiontosubdesriptions alsoontaininformation

aboutwhihrolesaresupposedtobetransitive.

7

Onthe onehand,theonstrution in[3℄ismoreomplexthanthe onegivenhere sine

the statesofthe automatain[3℄ontainadditionalinformationneededfordeteting yles

inarunasearlyaspossible,whihisnotrelevantforthepresentpaper.Ontheotherhand,

thestatesoftheautomataonstrutedhereontainadditionalinformationabouttransitivity

(15)

Denition14 (Hintikkaset) AsetHsub(C ;T)[rol(C ;T) isalled aHintikka

set for(C ;T)ifthefollowingthreeonditions aresatised:

(i) ifDuE2H,thenfD;EgH;

(ii) ifDtE2H,thenfD;Eg\H6=;;and

(iii) thereisnooneptnameAsuhthatfA;:AgH.

TheHintikkasetH isompatiblewith theGCI DvE 2T if itis theemptysetor

ontains vDtE.It isompatible withthetransitivity axiom trans(r)2T ifitisthe

emptysetorontainsr.Finally,itisompatiblewiththeinverseaxiominv(r;s)2T if

r2Himpliess2Handvieversa.

Thearityk ofour automatonis determinedby thenumberofexistentialrestri-

tions,i.e.,oneptdesriptionsoftheform9r:D,ontainedinsub(C ;T).Sineweneed

toknowwhihsuessorinthetreeorrespondstowhihexistentialrestrition,wex

anarbitrary bijetion':f9r:Dj9r:D2sub(C ;T)g!K.Toobtainfullk-arytrees,

we will use nodes labelled with the empty set (whih is a Hintikka set) as dummy

nodes.Thefollowing Hintikkaonditions willbe usedtodenethetransitionsof our

automaton.

Denition15 (Hintikka ondition) The tupleofHintikkasets (H

0

;H

1

;:::;H

k )

for (C ;T) satises the Hintikka ondition if thefollowing holdsfor everyexistential

restrition9r:D2sub(C ;T):

{ If9r:D 2H

0

, thenH

'(9r:D)

ontains D as wellas everyE for whihthere is a

valuerestrition8r:E2H

0

;if,inaddition,r2H

0

,then8r:EbelongstoH

'(9r:D)

foreveryvaluerestrition8r:E2H

0 .

{ If9r:D2=H

0

,thenH

'(9r:D)

=;.

This tupleis ompatible with the GCI D v E 2 T (ompatible with the transitivity

axiom trans(r)2T)ifallitsomponentsare ompatiblewithD vE(trans(r)).Itis

ompatible with the inverse axiom inv(r;s)2 T if all itsomponentsare ompatible

withinv(r;s),and thefollowingholdsfor allt2fr;sg andt 2fr;sgnftg:for every

8t:F 2H

'(9t :D)

,thesetH

0

ontainsF,andadditionally8t :F ift2H

0 .

WearenowreadytodenetheaxiomatiautomatonforunsatisabilityinSI.

Denition16 (axiomatiautomatonfor SI)LetCbeanALConeptdesrip-

tion,T anSI TBox, and k the numberof existential restritions insub(C ;T). The

axiomatiautomaton(A

C;T

;res

C;T

;Ires

C;T

)hasasitsrstomponentthelooping

automatonA

C;T

:=(Q;;I),where

{ QonsistsofallHintikkasetsfor(C ;T);

{ onsistsofall(H

0

;H

1

;:::;H

k )2Q

k +1

thatsatisfytheHintikkaondition;

{ I:=fH2QjC2Hg.

Thetransition restriting funtionres

C;T

mapseahaxiomt2T tothe setof all

tuplesinthatare ompatiblewitht.Theinitialrestriting funtionIres

C;T maps

eahaxiom t 2 T to the set Q, i.e., there is eetively norestrition onthe initial

statesimposedbytheaxioms.

Corretnessofthisautomatononstrutionanbeshownbyaneasyadaptationof

(16)

Theorem 2 LetCbeanALConeptdesriptionandT anSITBox.Theaxiomati

automaton(A

C;T

;res

C;T

;Ires

C;T

)isorretfor(C ;T)w.r.t.unsatisability.

Theorem1shows that itis enough toomputethe behaviourof thepinpointing

automaton(A

C;T

;res

C;T

;Ires

C;T )

induedby(A

C;T

;res

C;T

;Ires

C;T

) inorder

toobtainapinpointingformulafor (C ;T)w.r.t. unsatisability.InSetion5,wewill

show how this behaviour an be omputed, but rst we present an example of an

axiomatiautomatonwheretheuseofaBuhiaeptaneonditionisneessary.

4.3 ConstrutingAxiomatiAutomataforLTL

TheaxiomatiautomatonforLTLa-unsatisabilitywillhaveasstatessetsofformulae

similarto the Hintikkasets introdued for SI, buttheywill need to satisfy slightly

dierentonditions,duetothefatthatwewillnotassumethattheformulaeusedare

innegationnormalform.

8

GivenanLTLformulaandasetofLTLformulaeR,the

losure of(;R)is thesetofall subformulae ofandR, andtheirnegations, where

doublenegationsareanelled.Wedenotethissetasl(;R).

Following[42℄,thestatesofourautomatonareelementarysetsofformulae,whih

playtheroleoftheHintikkasetsoftheprevioussubsetion.Elementarysetsaremax-

imalandonsistentsetsofsubformulaeinl(;R).

Denition17 (elementary set) Theset Hl(;R) is alled anelementaryset

for(;R)ifitsatisesthefollowingonditions:

{ :2Hi2=H, forall:2l(;R);

{ ^ 2Hif; gH, forall^ 2l(;R);

{ 2HimpliesU 2H, forallU 2l(;R);

{ ifU 2Hand 2=H,then2H

Theautomatononstrutedfromagiveninput(;R)takesunarytreesasinput,i.e.,

itsrunsareinnitewordsoverthesetofstates.Thetransitionrelationisthusbinary.

It plays the role of the Hintikka ondition, ensuring that temporal restritions are

transferedtosuessornodeswhenneessary.

Denition18 (ompatible)Atuple(H;H 0

)ofelementarysetsisalledompatible

ifitsatisesthefollowing onditions:

{ forall 2l(;R), 2Hi 2H 0

;and

{ forallU 2l(;R),U 2Hieither(i) 2Hor(ii)2HandU 2H 0

.

Therunsofourautomatonwill besequenesofelementarysets whereeahtwoon-

seutiveonesformaompatibletuple.Inontrastto thease forSI,thepreseneof

arun ofthis automaton doesnot imply theexistene of aomputation. Thereason

is that one an delay the satisfation of an untilformula indenitely; that is, every

nodein the runmay ontain the formula U while none ontains , violating this

waythelastonditioninthedenitionofaomputationfortheinput.Inordertorule

outthesekindsofrunsand makesurethateahuntilformulais eventuallysatised,

wewillimposeageneralizedBuhiondition,whihintroduesasetofnalstatesfor

eahuntilformulainl(;R).

8

AlthoughitispossibletotransformLTLformulaeintonegationnormalform,wedeided

nottodothisinordertostayasloseaspossibletothe knownautomatononstrutionfor

(17)

Denition19 (axiomati automatonfor LTL)LetandRbeanLTLformula

and a set of LTLformulae, respetively, and let

1 U

1

;:::;

n U

n

be all the until

formulaeinl(;R).Theaxiomatiautomaton(A

;R

;res

;R

;Ires

;R

)hasasitsrst

omponentthegeneralizedBuhiautomatonA

;R

:=(Q;;I;F

1

;:::;Fn), 9

where

{ Qisthesetofallelementarysetsfor(;R);

{ onsistsofallompatiblepairs(H;H 0

)2QQ;

{ I:=fH2Qj2Hg;

{ F

i

:=fH 2Qj

i

2Hor

i U

i

= 2Hg.

For every 2 R,the transition restriting andinitial restriting funtionsare given

byres

;R

( ):=andIres

;R

( ):=fH2Qj 2Hg,respetively.

Corretnessofthisautomatonanbeshownbyasimpleadaptationoftheproofin[42℄.

Theorem 3 Let bean LTLformula andR aset of LTLformulae. Theaxiomati

automaton(A

;R

;res

;R

;Ires

;R

)isorretfor(;R)w.r.t.a-unsatisability.

From Theorem 1 we know that it suÆes to omputethe behaviour of the pin-

pointingautomaton (A

;R

;res

;R

;Ires

;R )

induedby(A

;R

;res

;R

;Ires

;R )

in orderto obtain a pinpointing formula for (;R) w.r.t. a-unsatisability. We will

shownowhowthisbehaviouranbeomputed.

5Computingthe BehaviourofWeighted TreeAutomata

Inthissetion,werstshowhowthebehaviourofaweightedBuhiautomaton(WBA)

on a nitedistributive lattie anbe omputed by two nested iterations. Then, we

desribehowthisapproahanbesimpliedtoasingle\bottom-up"iterationforthe

speialaseofaweightedloopingautomaton(WLA).Next,weshowthatanyweighted

generalizedBuhiautomaton(WGBA)anberedued,inpolynomialtime,toaWBA

thathasthesamebehaviour.Thisredutionfollowstheideasthathavepreviouslybeen

usedfor thease ofunweightedautomata[41℄.Finally,weompareourapproahfor

omputingthebehaviourofaweighted Buhiautomatonwiththeoneindependently

developedin[15℄.

5.1 ComputingtheBehaviourofaWBA

Clearly,the naveapproahthat diretlyusesthe denitionofthebehaviourby rst

omputingandthenaddinguptheweightsofallsuessfulrunswouldnotproduea

resultinnitetimesinethereare potentiallyinnitely manysuessfulruns, whih

are themselves innite. Instead, we will use aniterative method for omputing the

behaviour,whihgeneralizes theemptinesstestfor Buhiautomata

9

If n=0,i.e.,and Rdonotontainuntilformulae,thenthisautomatonisatuallya

(18)

TheEmptinessTestforB uhiAutomata

Theemptiness problemfor Buhiautomataanbedeidedintimepolynomialinthe

size oftheautomaton [30,41℄. Thedeisionproedureonstrutsthe setofall states

thatannotour aslabels inanysuessfulrun;we willallthesestatesbad states.

Weantryto disprove thatastate isbad bytryingtoonstrut anitepartialrun

whereeverypathendsinanalstate.

10

Everystatefor whihthisonstrutionfails

islearly bad,buttheremaybebad statesfor whihthis onstrutionsueeds.The

reason is that some of the nal states reahedby the nite runmay themselvesbe

bad.Thus,inorderto omputeallbad stateswe mustiteratethis proess,where in

thenextiterationthepartialrunisrequiredtoreahnalstatesthatarenotalready

knowntobebad.Notie,however,thattheonstrutionofanitepartialrunendingin

non-badnalstatesanitselfberealizedbyaniterativeproedure.Hene,thedeision

proedurefor theemptiness problemusestwonestediterations. Intheinnerloop,we

trytoonstrutanitepartialrunnishingin(non-bad)nalstatesforeverystate.In

theouterloop,weusetheresultoftheinneriterationtoupdatethesetof(known)bad

states,andthenre-starttheinneriterationwiththisnewinformation.Letusallthe

statesfor whihthereisanitepartialrunnishinginnon-badnalstatesadequate.

First, any state q 2 Q for whih thereis a transition leading to onlynon-bad nal

statesislearlyadequate.Then,everystateforwhihthereisatransitionleadingonly

to states that are either(i) nal and not bad or (ii) already knownto beadequate

isalso adequate.Obviously,duringthis iteration,the setofadequatestatesbeomes

stable afteratmost jQjiterations. Theouterloopthenaddsall thestatesthatwere

foundnottobeadequatetothesetofbadstates.Thesetofbadstatesmaintainedin

thisouteriterationbeomesstableafteratmostjQjsteps.Itanbeshownthatthere

isasuessfulrunthatstartswithaninitialstateinotallinitialstatesareontained

inthesetofbadstatesomputedthisway.Thisyieldsanemptinesstestthatrunsin

timepolynomialinthenumberofstates(see[41℄fordetails).

Example5 LetusillustratethisapproahontheBuhiautomatonA ex

ofExample1.

First,wetrytoonstrut,foreverystate,anitepartialrunwhereeverypathendsin

analstate.Thisispossibleforq

0 ,q

1 ,andq

2

,butnotforq

3

.Thus,inthisiteration,

q

0

;q

1

;q

2

aretheadequatestates,andq

3

isnotadequate,whihmeansthatq

3

isadded

tothe setofbad states.Inthe nextiteration, q

2

turnsouttobe nolongeradequate

sineit anonlyreahthebad nalstateq

3

.Thus,itis alsoputintothe setofbad

states. Afterthat, the proess beomes stable, i.e., the set fq

2

;q

3

gis the set ofbad

statesomputedbythealgorithm.Sinetheinitialstateq

0

doesnotbelongtothisset,

weknowthatthereisasuessfulrunthatstartswiththisinitialstate.

EmptinessTestbyBehaviourComputation

BeforetreatingthegeneralaseofaWBA,weonsiderthespeialaseofaweighted

automatonovertheBooleansemiringthatsimulatesanunweightedone.InExample2,

wehavedened,foreveryBuhitreeautomatonAaWBAAwsuhthatthebehaviour

ofAw is0iAhasasuessfulrunthatlabelstherootwithaninitialstate.Inthis

ase, theomputationof thebehaviour ofAw basiallyoinideswiththeemptiness

testappliedtoA.

10

(19)

Infat,theemptinesstestforBuhiautomataskethedaboveanbeadaptedsuh

thatitomputesthe behaviourofA

w

asfollows. Weonstrutafuntionbad:Q!

f0;1gsuhthat bad(q)=1 iq is abad state.Theouteriteration of thealgorithm

willupdatethisfuntionateverystep.Inthebeginning,nostateisknowntobebad,

andthuswestart theiterationwith bad

0

(q)=0forall q2Q.Nowassumethatthe

funtionbad

i

:Q!f0;1gfori0hasalreadybeenomputed.Forthenextstepof

theiteration,wealltheinnerlooptoupdatethesetofadequatestates.Inthisloop,

wearegoingtoomputethefuntionadq i

:Q!f0;1g.Here,adq i

(q)=1meansthat

qisnot anadequatestate,i.e.,thatitisnotpossibletoonstrutarunstartingwith

this statewhereeahpathreahesat leastonenon-bad nalstate.Atthe beginning

we know nothing about the adequate states, so we set adq i

0

(q) = 1 for all q 2 Q.

Assumethatwe havealreadyomputedadq i

n

:Q!f0;1g. Toknowwhetherastate

shouldbeomeadequateinthenextstep,weneedtohekforeahtransitionstarting

fromthisstatewhetherthenalstatesreahedbythetransitionarenon-badandthe

non-nalstatesarealreadyknowntobeadequate.Thus,wehave

adq i

n+1 (q)=

^

(q;q

1

;:::;q

k )2Q

k +1 wt(q;q

1

;:::;q

k )_

_

qj2F= adq

i

j (q

j )_

_

q

j 2F

bad

i (q

j ): (3)

Thefuntionadq i

isthelimitofthisinneriteration,whihisreahedafteratmostjQj

steps.Withthisfuntion,wedene

bad

i+1

(q)=bad

i

(q)_adq i

(q):

Thefuntionbadisthelimitofthisouteriteration,whihisalsoreahedafteratmost

jQjsteps.Thisomputationofthefuntionbadbytwonestediterationsbasiallysim-

ulatestheomputationofallbadstatesintheemptinesstestforBuhitreeautomata

skethedabove.Itisthuseasytoshowthatbad(q)=1iqisabadstate,i.e.,annot

ourasalabelinasuessfulrunofA.

Given the denitionof A

w

,it is easy to seethat a run r : K

!Q of A

w has

weight0iitisarunofA(seeExample2).Consequently,Ahasasuessfulrunthat

startswithaninitialstate ikAwk=

V

r2suA

w

in(r("))_wt(r)=0.Putting these

observations together,wethus have:the behaviourof Aw is 0i Ahas asuessful

run that starts with an initial state i there is an initial state q (i.e., in(q) = 0)

that is not bad (i.e.,bad(q) =0). This shows that thebehaviour of A

w

is given by

V

q2Q

in(q)_bad(q).

Next, we show thatthe behaviour ofaWBA analwaysbeomputed by suha

proedurewithtwonestediterations.

ComputingtheBehaviourintheGeneralCaseofanArbitrary WBA

Inthe following, we assumethat A=(Q;in;wt;F) is anarbitrary,butxed,WBA

overthe nitedistributive lattie (S;

S

). We will show that theWBA A induesa

monotoneoperatorQ:S Q

!S Q

,where S Q

isthe setofallmappingsfromQtoS,

andthat thebehaviourofAaneasilybeobtainedfromthegreatestxpointofthis

operator.Thepartialorder

S

anbetransferredtoS Q

intheusualway,byapplying

itomponent-wise:for; 0

2S Q

,wedene

S Q

0

i(q)

S

0

(q)forall q2Q.

Itiseasytoseethat(S Q

;

S

Q)isagainanitedistributivelattie.Wewilluseand

also todenote the inmum andsupremuminS Q

.Theleast (greatest)elementof

S Q

isthefuntion

e

⁰⁽

e

¹⁾^that^maps^every^q²^Q^to⁰^(1).

(20)

Thedenitionof theoperatorQwill followtheideaoftheiterativeproedurewe

skethedbeforefor solving the emptinessproblem. We fous rst onthe innerloop,

whihisrealizedbyanothermonotoneoperatorO.Notiethattheinternaliterationof

thealgorithmdependsonthesetofbadstatesomputedsofar.Wewillassumethat

thisinformation isgivenbyafuntionf2S Q

.Thus,weatually deneanoperator

O

f

for eahsuhf.FollowingtheideaofEquation(3),theoperatorO

f

isdenedas

followsfor every2S Q

:

O

f

()(q)=

M

(q;q

1

;:::;q

k )2Q

k +1 wt(q;q

1

;:::;q

k )

O

k

j=1 step

f ()(q

j

); (4)

where

step

f

()(q)=

(

f(q) ifq2F

(q) otherwise

Lemma1 For every f 2 S Q

the operator O

f

is monotone, i.e.,

S Q

0

implies

O

f

()

S Q

O

f (

0

).

Proof Let; 0

2S Q

besuhthat

S Q

0

.Thisimpliesalsostep

f

()

S Q

step

f (

0

).

Thus,wehaveforeveryq2Q:

O

f

()(q) =

M

(q;q

1

;:::;q

k )2Q

k +1 wt(q;q

1

;:::;q

k )

O

k

j=1 step

f ()(q

j )

S

M

(q;q1;:::;q

k )2Q

k +1 wt(q;q

1

;:::;q

k )

O

k

j=1 step

f (

0

)(q

j )=O

f (

0

):

u t

Sine we know that S Q

is nite, this in partiular means that the operator O

f is

ontinuous.ByTarski'sxpointtheorem[39℄,thisimpliesthatO

f has

L

n0 O

n

f (

e

⁰⁾^as

itsleastxpoint(lfp).FinitenessofS Q

yieldsthatthislfpisreahedafternitelymany

iterations: thereexists a smallest m;0 m jSj jQj

suhthat O m

f

(

e

⁰⁾ ⁼^O^m+1

f (^0),

e

and for thism wehave

L

n0 O

n

f

(

e

^{0 )}⁼^O^m

f

(

e

^{0 ).}^This ^yields^a ^bound^on^the ^number

of iterations that is exponential in the size of the automaton. We will later show

(seeTheorem6)thatit ispossibleto improvethis boundtoapolynomialnumberof

iterations,measuredinthenumberofstates.

Reallthattheintuitionoftheinternaliterationwastondoutfromwhihstates

it is possible to builda nitepartial runthat nishes innal states. In the general

ase,theoperatorsOwillhelpinomputingtheweightsofallsuhpartialruns.Next,

wegiveaformaldenitionofthenotionofanitepartialrun.

Denition20 (nite run) A nitetree is anitesett K

that islosed under

prexes and suh that, if ui 2 t for some u 2 K

and i 2 K, then uj 2 t for all

j;1jk.Anodeu2tisalledaleaf ifthereisnoj;1jk,suhthatuj2t.

Thesetofallleafnodesofanitetreetis denotedbylnode(t).Thedepthofanite

treetisthelengthofthelargestwordint.

A niterun is a mapping r :t !Q, where tis a nitetree. Givensuha run,

(21)

Wedenotebyruns

1

thesetofallniterunsrofdepthatleast1suhthat,forevery

nodeu6=",r(u)2F ifandonlyifuisaleaf.Additionally,foreveryn1,letruns n

1

denotethe setof all niteruns inruns

1

havingdepthat most n.For astate q2 Q,

runs

1

(q)=fr2runs

1

jr(")=qg;analogously,runs n

1

(q)=fr2runs n

1

jr(")=qg.

Theweightofaniterunr:t!Qiswt(r)=

N

u2tnlnode (t)

wt(r(u);r(u1);:::;r(uk)).

Lookingagainatthespeialaseofaweightedautomatonsimulatinganunweighted

one,weseethatduring theinneriterationwedonotwanttoomputetheweightsof

all niterunsinruns

1

butonlythosethatnish instatesthat are notbad.Inother

words,wemultiplytheweightoftherun,bythefuntionbadomputedsofarapplied

toeahofitsleafs.Givenafuntionf:Q!S,wedenethef-weightofaniterun

r aswt

f

(r)=wt(r)

N

q2leaf(r)

f(q).ThelfpoftheoperatorO

f

omputesthesum

ofthef-weightsofallrunsinruns

1 .

Lemma2 Foralln0andallq2Q,O n

f

(

e

^0)(q)⁼

L

r2runs n

1 (q)

wt

f (r).

Proof Theproofisbyindutiononn.Forn=0,theresultfollowsfromthefatthat

runs 0

1

=;,andhene

L

r2runs 0

1 (q)

wt

f

(r)=0=

e

^0(q)⁼^O⁰

f

(

e

^{0 )(q).}^Assume^now^that

theidentityholdsforn.Givenatuple(q

1

;:::;q

k )2Q

k

,leti

1

;:::;i

l

bealltheindies

suhthat q

i

j

=

2F forall j;1jl ,andi

l+1

;:::;i

k

thoseindiessuhthatq

i

j 2F

forallj;l+1jk.For1jl ,wewillabbreviateruns n

1 (q

ij )asrn

n

j

andleaf(r

j )

aslf

j

.Inaddition,Fisanabbreviationfortheprodut

N

^k

j=l+1 f(q

ij

).Then,

O n+1

f

(

e

^{0 )(q)}⁼

M

(q

1

;:::;q

k )2Q

k wt(q;q

1

;:::;q

k )

O

k

j=1 step

f (O

n

f (

e

^0))(qj

) (5)

=

M

(q1;:::;q

k )2Q

k wt(q;q

1

;:::;q

k )

O

l

j=1 O

n

f (

e

^0)(qi

j )

O

k

j=l+1 f(q

i

j

) (6)

=

M

(q

1

;:::;q

k )2Q

k wt(q;q

1

;:::;q

k )(

O

l

j=1

M

r

j 2rn

n

j wt

f (r

j

))F (7)

=

M

(q1;:::;qk)2Q k

wt(q;q

1

;:::;q

k )(

M

r

1 2rn

n

1

;:::;r

l 2rn

n

l

O

l

j=1 wt

f (r

j

))F (8)

=

M

(q

1

;:::;q

k )2Q

k wt(q;q

1

;:::;q

k )(

M

r12rn n

1

;:::;rl2rn n

l

O

l

j=1 wt(r

j )

O

p2lf

j

f(p))F (9)

=

M

(q

1

;:::;q

k )2Q

k

M

r12rn n

1

;:::;rl2rn n

l wt(q;q

1

;:::;q

k )

O

qj2F= wt(r

j )

O

p2lf

j

f(p)F(10)

=

M

r2runs n+1

1 (q)

wt(r)

O

p2leaf(r)

f(p) (11)

=

M

r2runs n+1

1 (q)

wt

f (r):

Identities(5)and(6)employthedenitionoftheoperatorO

f

andstep

f

,respetively,

and (7)appliesthe indutionhypothesis. Identity(8)uses thefat thatS Q

is adis-

(22)

usesthedenitionofthef-weight.Identity(10)usesagainthedistributivitytomulti-

plywt(q;q

1

;:::;q

k

)in.Finally,Identity(11)simpliesthetwosumsbyonstrutinga

runoflargerdepth.Insteadofonsideringrstthe transition(q;q

1

;:::;q

k

)and then

runsofdepthuptonstartingwitheahq

ij

,wesimplytaketheorrespondingrunof

depthn+1startingatq.Thisrunlabelstherootwithqandthesuessornodeiwith

q

i .Ifq

i

isanalstate,thenitremainsasaleaf,otherwise, belowthenodeiwehave

theformerrunstartingwithq

i

.Thus,thesetofleafsofthislargerrunistheunionof

thesets ofleafs ofthe runsr

j

andthe setofthoseq

i

s thatare nalstates. Thelast

identitymerelyappliesthedenitionoff-weightagain. ut

Theorem 4 Letf2S Q

andassume that

0

isthelfpoftheoperator O

f

.Then,for

every q2Q,

0 (q)=

L

r2runs

1 (q)

wt

f (r).

Proof ByLemma2,wehave

M

n0 O

n

f

(^0)(q)

e

⁼

M

n0

M

r2runs n

1 (q)

wt

f (r)=

M

r2runs1(q) wt

f (r):

Tarski's xpoint theorem says that the least xpoint of O

f is

L

n0 O

n

f

(

e

^0), ^whih

ompletestheproofofthetheorem. ut

Beforeturningourattentiontotheouteriterationofthemethodforomputingthe

behaviour,wewill present aboundonthe numberof stepsthatare neessarybefore

reahingthexpointoftheinneriteration.

Denition21 AWBAism-nalisingif,foreveryf2S Q

andeverypartialrunrin

runs

1

(q),thereisapartialrunsrinruns m

1

(q)suhthat wt

f (r)

S wt

f (sr).

WewillrstshowthateveryWBAism-nalisingforanymgreatertothenumber

ofstatesjQj.Afterwardswewillshowhowthispropertyyieldsaboundonthenumber

ofiterationsneededtoreahtheleastxpointofO

f .

Theorem 5 LetAbeaWBAwithless thanmstates.ThenAism-nalising.

Proof Let f 2 S Q

and onsider arun r 2 runs

1

(q). If r 2 runs m

1

(q), then thereis

nothingtoprove.Otherwise,ifr2=runs m

1

(q),thentheremustbeapathinroflength

greaterthanm.Sinetherearelessthanmdierentstates,theremustbetwonon-root

nodesu;vinthispathsuhthatr(u)=r(v).Sinethesenodesareonthesamepath,

weanassumew.l.o.g. thatv=uv 0

forsomev 0

2K

nf"g.Wedeneanewrunsas

follows: foreverynodew,ifthereisnow 0

for whihw=uw 0

,thensets(w):=r(w);

otherwise (thatis, ifw = uw 0

for somew 0

) set s(uw 0

) :=r(vw 0

).This onstrution

denesaninjetivefuntiongfromthenodesofstothenodesofrsuhthat,forevery

nodew of s, we have s(w) =r(g(w)).Notiethat this funtionis notsurjetive, as

thereisnowsuhthatg(w)=u.Thus,shas lessnodes thanr.Furthermore,every

transitioninsisalsoatransition inr,andforeveryw2leaf(s),g(w)2leaf(r).This

impliesthatwt

f (r)

S wt

f

(s).Ifsisstillnotinruns m

1

,thenweanrepeatthesame

proessto produeasmallerruns 0

withasmallerf-weight,untilwe ndonethatis

inruns m

1

. ut

Theorem 6 IfAism-nalising,thenO m

(

e

⁰⁾îs^the^lfpôfÔf .