Bisimulation Minimization of Tree Automata - CiteSeerX

1 downloads 0 Views 211KB Size Report
The minimization of finite string automata (FA) is a well-studied problem, where the objective is to find the unique minimal FA that recognizes the same language ...
Bisimulation Minimization of Tree Automata Parosh Aziz Abdulla and Lisa Kaati Dept. of Information Technology, Uppsala University, P.O. Box 337 S–751 05 Uppsala, Sweden {parosh,lisa.kaati}@it.uu.se Johanna H¨ ogberg Department of Computing Science, Ume˚ a University S–901 87 Ume˚ a, Sweden [email protected] Abstract. We extend an algorithm by Paige and Tarjan that solves the coarsest stable refinement problem to the domain of trees. The algorithm is used to minimize non-deterministic tree automata (NTA) with respect to bisimulation. We show that our algorithm has an overall complexity of O(ˆ r m log n), where rˆ is the maximum rank of the input alphabet, m is the total size of the transition table, and n is the number of states.

c 2006 Copyright UMINF 06.25

1

ISSN 0348-0542

Introduction

We present an algorithm that minimizes non-deterministic tree automata with respect to bisimulation equivalence in time O(ˆ r m log n), where rˆ is the maximum rank of the input alphabet, m is the total size of the transition table, and n is the number of states. In the construction of this algorithm, we extend the algorithm proposed in [PT87] to the domain of trees. Since the time complexity reduces to O(m log n) if rˆ is constant, this retains the complexity of [PT87] in all cases where the maximum rank of the input alphabet is bounded. This holds in particular for monadic trees, i.e. the string case. The minimization of finite string automata (FA) is a well-studied problem, where the objective is to find the unique minimal FA that recognizes the same language as a given FA. In the deterministic case, efficient algorithms are available, e.g. the algorithm proposed by Hopcroft in [Hop71], where he uses a “process the smaller half” strategy to obtain a bound of O(n log n). However, it has been proven that minimization of non-deterministic finite automata (FA) is PSPACE complete [MS72], and what is worse, that the minimization problem for an NFA with n states cannot be efficiently approximated within the factor o(n), unless P = PSPACE [GS05]. To avoid exponential time, the problem must either be restricted (e.g. by considering a special class of devices or requiring additional information), or no approximation guarantees can be given. 1

Of course, this holds also for non-deterministic tree automata (NTA) because they generalize NFAs (as a string may be seen as a monadic tree). Hence, we cannot hope to find an efficient algorithm that performs well on all input NTAs. The algorithm presented in this paper takes advantage of the fact that bisimulation equivalence is computationally easier to decide than language equivalence, and that bisimulation equivalence implies language equivalence (although the converse does not hold in the general case) [Mil80]. When minimizing an NTA, we group states that are observationally equivalent and use the blocks of the resulting partition as states in the output NTA. As mentioned above, the time complexity becomes O(ˆ r m log n), as computed to O(m log n) by [PT87]. Interestingly, the maximum rank rˆ (which is the constant 1 in [PT87]) does not become an exponent. Instead, it influences the complexity rather modestly. Bisimulation minimization of tree automata is of particular interest in tree regular model checking (an extension of regular model checking [AJNS04]). In this field, the verification of infinite state systems with tree-like architecture is considered, and many of the associated algorithms would benefit from an efficient method to reduce the size of tree automata [AJMd02].

Related work To the best of our knowledge, there is no documented algorithm that uses bisimulation to minimize NTA, but we do know of a number of minimization algorithms that operate on various kinds of tree automata. For instance, algorithms for guided tree automata (GTA) are considered in [BKR97]. A GTA is a bottom-up tree automaton equipped with separate state spaces that are assigned by a top-down automaton. According to the authors, minimization of GTA is possible in time O(nm), (here, n is the total number of states and m the total representation size) but it still remains an open question whether or not tree automata can be minimized in time O(m log m). In [CLT05], Cristau et al. claim that a deterministic bottom-up tree automaton for unranked trees can be minimized in quadratic time using the algorithm proposed in [Hop71]. In [Bra68], the minimal tree automaton is computed using an algorithm that construct congruences of the input automaton until a fixed point is reached, but no results regarding the computational complexity are presented. In [NP97], Nivat and Podelski propose a generalization of deterministic topdown tree automata to r-l-deterministic top-down tree automata (l-r DTA). The recognizing power of this device lies strictly between that of “traditional” deterministic and non-deterministic top-down tree automata. Nivat and Podelski shows every l-r DTA A can be minimized to obtain the unique minimal l-r DTA recognizing L(A), although they do not formulate an explicit minimization algorithm. There have also been attempts to impose restrictions on NTAs to obtain devices with nicer mathematical properties. In [CGL+ 03], a new class of non-deterministic tree automata called residual finite tree automata (RFTA) is defined, where the bottom-up case gives a new characterization of regular tree languages. The authors state that for a given RFTA, there always exists a canonical NTA (the problem of finding it is still in PSPACE). 2

Outline In Section 2, we recall notions and notations from the fields of algebra and tree automata. In Section 3, we present our algorithm (a generalization of a partitioning algorithm found in [PT87]), and talk about correctness and time complexity. Section 4 describes the calculation steps of the algorithm in greater detail, but also discusses the computational complexity of each step. In Section 5, we explain how the algorithm can be applied to the minimization of NTA. The algorithm has also been implemented in Java, and in Section 6 we present experimental results obtained by running this prototype on real life examples, extracted from the framework of tree regular model checking. In the concluding Section 7, the reader finds a recapitulation of the main results and directions for future work.

2

Preliminaries

Tree automata S A ranked alphabet is a finite set of symbols Σ = k∈N Σ(k) which is partitioned into pairwise disjoint subsets Σ(k) . The symbols in Σ(k) are said to have rank k. The set TΣ of all trees over Σ is the smallest superset of Σ(0) that contains every f [t1 , . . . , tk ], where f ∈ Σ(k) , k ≥ 1, and t1 , . . . , tk ∈ TΣ . A subset of TΣ is called a tree language. A bottom-up tree automaton is a quadruple A = (Σ, Q , δ, F ) where - Σ is a ranked input alphabet, - Q is a finite set of states, - δ is a finite set of transition rules of the form f (q1 , . . . , qn ) → qn+1 , where f ∈ Σ(n) , and q1 , . . . , qn+1 ∈ Q , for some n ∈ N. In the special case when δ is a function, we say that the automaton is deterministic. - F ⊆ Q is a set of accepting states. The relation δ easily extends to trees, yielding a function δ : TΣ → P (Q ), where P (Q ) denotes the powerset of Q: for t = f [t1 , . . . , tk ] ∈ TΣ , we let δ(t) = {q | f (q1 , . . . , qk ) → q ∈ δ and qi ∈ δ(ti ) for all i : 1 ≤ i ≤ k} . The tree language recognized by an automaton A is L(A) = {t ∈ TΣ | δ(t) ∩ F 6= ∅} . Note that a deterministic bottom-up tree automaton A with a set of transition rules δ maps every tree in TΣ to a singleton set. In other words, in the deterministic case δ is a function from TΣ to the states of A. 3

Example 2.1 As a running example, let Σ = Σ(2) ∪ Σ(0) where Σ(2) = {a, b} and Σ(0) = {ε}. Consider the tree language L, such that a tree is an element of L if it contains at least one a and exactly one b. Let us now discuss how to recognize L by means of an NTA. For this, we need a set Q of 4 states: - a state qε such that δ(t) = qε if and only if t contains neither a’s nor b’s, - a state qa such that δ(t) = qa if and only if t contains a’s but no b’s, - a state qb such that δ(t) = qb if and only if t contains exactly one b, but no a’s, - a state qab such that δ(t) = qab if and only if t contains at least one a and exactly one b. Among these states, only qab is final. Also, δ contains the transition rules: ε () → qε b (qε , qε ) → qb a (qx , qy ) → qa for x, y ∈ {a, ε} a (qx , qy ) → qab for x ∈ {a, ε} and y ∈ {b, ab}, or x ∈ {b, ab} and y ∈ {a, ε}. The (rejecting) computation on input t = a[b[ε, ε], a[a[ε, ε], a[a[b[ε, ε], ε], ε]]] can be illustrated as follows, where the transitions “consume” the tree stepwise from the leaves towards the root: a

a a

b ε

ε

a ε

a

;

a qa



a

a

a

qε qε a qε

a qa

;

a qb

;

a qa

;

qb qε

a qb

a a qε

b qε qε qε

ε

a qb



ε

b ε

ε

;

qb

a

b

a ε

a

qab

;

No applicable transition rule exists.

qab

qab qε

Thus, δ(t) contains no accepting state, indicating that t does not belong to L. When we present our algorithm in Section 3, it will be useful to be able to address subsets of the set δ and positions in its constituent transition rules. For this purpose, let r = f (q1 , . . . , qn ) → qn+1 be a transition rule, then |r| denotes its length (i.e., |r| = n + 1), r(i) denotes the state qi , and q ∈ r indicates that r(i) = q for some i : 1 ≤ i ≤ |r|. For B ⊆ Q, take δB as the set {r ∈ δ | ∃q ∈ B such that q ∈ r} . 4

For technical convenience, we shall henceforth restrict ourselves to ranked alphabets containing at most one symbol of rank k for each k ∈ N. We can thus leave out the input symbol when writing a transition rule, without risk of confusion. Extending the algorithm presented in Section 3 to unrestricted alphabets is straight-forward and does not effect the results in any way.

Partition Refinement The coarsest refinement problem is the following: given a finite state automaton and an initial partitioning of the set of states, find the coarsest stable refinement of the given partitioning. To solve the coarsest refinement problem, a partition refinement algorithm is commonly used. The input is an initial partitioning of the state space, which is successively refined by the algorithm until the coarsest stable refinement is found. A famous example is the algorithm by Paige and Tarjan [PT87] which solves the relational coarsest refinement problem, i.e. the coarsest refinement problem with respect to a binary relation. The algorithm runs in time O(m log n), where m is the number of edges and n the number of states in the automaton (assuming that m ≥ n). The algorithm by Paige and Tarjan is, in turn, a generalization of an algorithm by Hopcroft [Hop71] that solves the coarsest refinement problem with respect to one or more binary functions. In [CDG+ 97], a partition refinement algorithm for minimization of deterministic tree automata (DTA) that does not rely on Hopcroft “process the smaller half” strategy is presented. However, nothing is written about the time complexity of this algorithm.

Equivalences Let A = (Σ, Q , δ, F ) be an arbitrary tree automaton, and let '0 and ', where '0 ⊆ ', be two equivalence relations of Q . We write (Q/') to denote the set of equivalence classes (which we henceforth refer to as blocks) of ', and [q]' to denote unique the block of ' that contains q. For a block B ∈ (Q/'), we write [[B]]'0 to denote the set  {B 0 ∈ Q/'0 | B 0 ⊆ B} .

While, for a block B 0 ∈ (Q/'0 ), we let [B 0 ]' represent the (unique) block B ∈ (Q/') such that B 0 ∈ [[B]]'0 . Figure 2 illustrates this notation. In the figure, B and D are blocks of partitions (Q /') and (Q /'0 ) respectively, and q is a state in Q.

Symbolic rules Let A = (Q, Σ, δ, F ) be an NTA, and let '0 and ' be equivalence relations on Q such that '0 is a refinement of '. To represent the set {([q1 ]' , . . . , [qk ]' ) → [q]' | (q1 , . . . , qk ) → q ∈ δ} 5

q

[q]'

[D]' (Q/')

D

(Q/'0 )

[[B]]' B Figure 1: An illustration of the operations on states and states space partitions introduced in this section. of symbolic rules with respect to ', we use the notation (δ/'). Conversely, if ρ = (D1 , . . . , Dk ) → Dk+1 is a symbolic rule, then the set of instances of ρ, denoted [[ρ]], is the set {(q1 , . . . , qk ) → qk+1 | qi ∈ Di , i : 1 ≤ i ≤ k + 1} ∩ δ . We write ρ(i) to refer to block Di of ρ, and B ∈ ρ to indicate that ρ(i) = B, for some i : 1 ≤ i ≤ |ρ|. The length of ρ is written |ρ|. For a transition rule r ∈ δ, we use [r]' to represent the unique symbolic rule ρ ∈ (δ/') such that r ∈ [[ρ]]. Given a rule ρ = (D1 , ..., Dn ) → Dn+1 in (δ/'), we let [[ρ]]'0 represent the set   0 ∈ δ/'0 | Di0 ∈ [[Di ]]'0 , for all i : 1 ≤ i ≤ n + 1} . { D10 , ..., Dn0 → Dn+1

To denote the subset

 0 | ∃i ∈ {1, . . . , n + 1} s.t. Di0 = B} { D10 , ..., Dn0 → Dn+1

0 0 of [[ρ]]'0 we write [[ρ]]B '0 . Conversely, for the symbolic rule ρ ∈ (δ/' ), we define [ρ0 ]' to be the (unique) symbolic rule ρ ∈ (δ/') such that ρ0 ∈ [[ρ]]'0 .

Example 2.2 Let A = (Q, Σ, δ, F ) be a non-deterministic tree automaton where Q = {q0 , q1 , . . . , q7 }, and δ contains the subset Q × Q 7→ Q. In addition, take ' and '0 to be equivalences modulo 2 and modulo 4, respectively. In other words, (Q/') = {{q0 , q2 , q4 , q6 }, {q1 , q3 , q5 , q7 }} , and (Q/'0 ) = {{q0 , q4 }, {q1 , q5 }, {q2 , q6 }, {q3 , q7 }} . Given the symbolic rule ρ = ([q0 ]'0 , [q3 ]'0 ) → [q2 ]'0 ∈ (δ/'0 ), we have |ρ| = 3, whereas ρ(1) = [q0 ]'0 , ρ(2) = [q3 ]'0 , and ρ(3) = [q2 ]'0 . 6

Furthermore, the set [[ρ]] is given by { (q0 , q3 ) → q2 , (q0 , q3 ) → q6 , (q0 , q7 ) → q2 , (q0 , q7 ) → q6 ,

(q4 , q3 ) → q2 , (q4 , q3 ) → q6 , (q4 , q7 ) → q2 , (q4 , q7 ) → q6 } .

The symbolic rule [r]'0 , where r = (q5 , q7 ) → q1 ∈ δ, expands to ([q1 ]'0 , [q3 ]'0 ) → [q1 ]'0 . Finally, given the symbolic rule ρ = ([q0 ]' , [q1 ]' ) → [q1 ]' ∈ (δ/'), the set [[ρ]]'0 contains the following symbolic rules: ([q0 ]'0 , [q1 ]'0 ) → [q1 ]'0 , ([q0 ]'0 , [q1 ]'0 ) → [q3 ]'0 , ([q0 ]'0 , [q3 ]'0 ) → [q1 ]'0 , ([q0 ]'0 , [q3 ]'0 ) → [q3 ]'0 ,

([q2 ]'0 , [q1 ]'0 ) → [q1 ]'0 , ([q2 ]'0 , [q1 ]'0 ) → [q3 ]'0 , ([q2 ]'0 , [q3 ]'0 ) → [q1 ]'0 , ([q2 ]'0 , [q3 ]'0 ) → [q3 ]'0 .

Occurrences and counts Let ' be an equivalence relation and q a state, then the set of occurrences of q in ', denoted Occ(')(q), is the set of pairs (ρ, i) where ρ ∈ (δ/') and q ∈ ρ(i) for some i : 1 ≤ i ≤ |ρ|. Intuitively, Occ(')(q) identifies the symbolic rules in which [q] occurs in the rule, together with the position of such an occurrence. Given a block B in ', we define Occ(')(B)(q), to be {(ρ, i) | (ρ, i) ∈ Occ(')(q) and B ∈ ρ} . For a symbolic rule ρ, and a state q, we define count(ρ)(q) to be the size of the set {(r, i) | r ∈ [[ρ]] and ∃i ∈ {1 . . . |r|} s.t. r(i) = q}. P We extend the definition to a set Φ of symbolic rules such that count(Φ)(q) = ρ∈Φ count(ρ)(q).

Stability

Let ' and ∼ =, where ' ⊆ ∼ =, be equivalence relations on Q. The relation ' is if stable with respect to ∼ =)(p), and =)(q) = Occ(∼ = whenever q ' p then Occ(∼ stable if it is stable with respect to itself.

3

The algorithm

In this section, we introduce an algorithm for solving the coarsest stable refinement problem for NTAs. An instance of the problem consists of an NTA A = (Σ, Q , δ, F ) and an initial equivalence relation 'init on the states Q of A. The task is to find the coarsest stable refinement of 'init . The algorithm iterates over a sequence of steps (described in detail in Section 4), and generates two sequences of equivalence relations on Q, denoted by '0 , '1 , . . . , 't and ∼ =0 , ∼ =1 , . . . , ∼ =t , respectively. 7

Initially, the relation ∼ =0 = Q× Q, while '0 can be any proper refinement of ∼ =0 that is also stable with respect to ∼ =0 . In the (i+1)-th iteration, the equivalences 'i+1 and ∼ =i+1 are derived from 'i and ∼ =i as follows. Let Bi ∈ (Q/'i ) and ∼ Si ∈ (Q/=i ) be such that Bi ⊂ Si and |Bi | ≤ |Si | /2. As implied by Lemma 3.1, 'i is a proper refinement of ∼ =i so Bi and Si exist. We have that q ∼ =i+1 q 0 if 0 and only if two conditions are met. First, it must hold that q ∼ =i q , and second, 0 0 q ∈ Bi if and only if q ∈ Bi . Furthermore, for all q, q ∈ Q , it holds that q 'i+1 q 0 if and only if the following three conditions are satisfied: 1) q 'i q 0 2) Occ(∼ =i+1 )(Bi )(q) = Occ(∼ =i+1 )(Bi )(q 0 ) 3) For every ρ ∈ (δ/∼ =i ), it holds that     Bi 0 0 i (q) iff count(ρ)(q ) = count [[ρ]] count(ρ)(q) = count [[ρ]]B ∼ ∼ =i+1 (q ) . =i+1

Intuitively, the second and third conditions refine 'i with respect to Bi and Si − Bi respectively. The iteration continues until we reach the termination point t, at which we have 't = ∼ =t .

Correctness and time complexity We first prove correctness, and then consider the time complexity of the algorithm. We begin with an easy lemma: Lemma 3.1 The relation 'i is a refinement of ∼ =i , for all i : 0 ≤ i ≤ t. ∼0 = Q × Q. Suppose Proof By induction on i. The base case is trivial since =

that q 'i+1 q 0 . By definition of 'i+1 we have that q 'i q 0 , and by the induction hypothesis that q ∼ =i q 0 . Since q 'i q and Bi ∈ (Q/'i ) it follows that q ∈ Bi iff 0 q ∈ Bi . Using the definition of ∼ =i+1 , we conclude that q ∼ =i+1 q 0 .

This implies that 'i is a proper refinement for all i : 0 ≤ i < t, and that, up to the termination point, we will be able to pick Bi ∈ (Q/'i ) and Si ∈ (Q/∼ =i ) such that Bi is a proper subset of Si , and the size of |Bi | is at most half the size of |Si |. Next, we consider partial correctness of the algorithm which will follow from Lemma 3.2 and Lemma 3.5. Lemma 3.2 The relation 'i is stable with respect to ∼ =i , for all i : 1 ≤ i ≤ t. Proof The proof is carried out by induction on i. The base case, where i = 0, follows from the definitions of '0 and ∼ =0 . Suppose then that q 'i+1 q 0 , and that (ρ, j) is an element of Occ(∼ =i+1 ); we show that =i+1 )(q) for some ρ ∈ (δ/∼ ∼ (ρ, j) is also an element of Occ(=i+1 )(q 0 ). Depending on ρ, we have three cases: - First, Si − Bi ∈ / ρ and Bi ∈ / ρ. This means that ρ ∈ (δ/∼ =i ), and therefore ∼ (ρ, j) ∈ Occ(=i )(q). Since q 'i+1 q 0 , we know by definition that q 'i q 0 . By the induction hypothesis it follows that 'i is stable with respect to ∼ =i , and hence (ρ, j) ∈ Occ(∼ =i )(q 0 ). Since ρ ∈ (δ/∼ =i+1 ) it follows that 0 (ρ, j) ∈ Occ(∼ =i+1 )(q ). 8

- Second, Si − Bi ∈ ρ and Bi ∈ / ρ. Let ρ be a symbolic rule of the form (D1 , . . . , Dn ) → Dn+1 . Define ρ1 ∈ (δ/∼ =i ) to be the symbolic rule 1 where, for each k : 1 ≤ k ≤ n + 1, we have that D11 , . . . , Dn1 → Dn+1 Dk1 = Si if Dk = Si − Bi and Dk1 = Dk otherwise. We observe that 1 0 ∼ ρ1 = [ρ]∼ =i , and therefore ρ , j ∈ Occ(=i )(q). Since q 'i+1 q , we know 0 by definition that q 'i q . By the induction hypothesis itfollows that the relation 'i is stable with respect to ∼ =i )(q 0 ). =i , and hence ρ1 , j ∈ Occ(∼ From Bi ∈ / ρ we know that   i count(ρ)(q) > count [[ρ]]B ∼ =i+1 (q) . Since q 'i+1 q 0 it follows that

  0 i count(ρ)(q 0 ) > count [[ρ]]B ∼ =i+1 (q ) .

Hence, (ρ, j) ∈ Occ(∼ =i )(q 0 ).

- Third, Bi ∈ ρ. This inclusion implies that (ρ, j) ∈ Occ(∼ =i+1 )(Bi )(q). Since q 'i+1 q 0 it follows that (ρ, j) ∈ Occ(∼ =i+1 )(Bi )(q 0 ), and hence we have (ρ, j) ∈ Occ(∼ =i+1 )(q). To simplify the proof of Lemma 3.5, we first state and prove two auxiliary lemmas (Lemma 3.3 and Lemma 3.4). Lemma 3.3 Any stable refinement ' of 'i , is also a stable refinement of ∼ =i+1 . Proof Consider q and q 0 such that q ' q 0 . We show that q ∼ =i+1 q 0 . Since ' is a refinement of 'i it follows that q 'i q 0 , and therefore by Lemma 3.1 we have that q ∼ =i q 0 . We consider three cases: ∼ 0 - First, if q 6∈ Si , then by definition [[q]]∼ =i = [[q]]∼ =i+1 . Since q =i q , it follows that q ∼ =i+1 q 0 . - Second, q ∈ Bi . By definition we know that Bi is a block of 'i . Let B be the unique block of ' such that q ∈ B and [B]'i = Bi . Since q ' q 0 it follows that q 0 ∈ B, so q ∈ Bi . Since Bi is a block of ∼ =i+1 it follows that 0 ∼ q =i+1 q . - Third, q ∈ Si − Bi . We know that Bi is a block of 'i and that Si is a union of blocks in 'i . This means that Si − Bi is a union of blocks in 'i . Let D ⊆ Si − Bi be the unique block of 'i such that q ∈ D. Since '⊆'i , there is a unique block D 0 in ' such that q ∈ D 0 and [D 0 ]'i = D. Since q ' q 0 , we know that q 0 ∈ D 0 . From [D 0 ]'i = D, it follows that q 0 ∈ D, and hence q 0 ∈ Si − Bi . Since q ∈ Si − Bi and Si − Bi is a block of ∼ =i+1 , 0. it follows that q ∼ q =i+1 Lemma 3.4 Consider equivalence relations '0 ⊆', a symbolic rule ρ ∈ (δ/'), a state q, and j : 1 ≤ j ≤ |ρ|. Then, we have (ρ, j) ∈ Occ(')(q) if and only if (ρ0 , j) ∈ Occ('0 )(q) for some ρ0 ∈ [[ρ]]'0 . 9

Proof The if -direction is obvious. To show the only if -direction, suppose that (ρ, j) ∈ Occ(')(q). Let ρ be of the form (D1 , . . . , Dn ) → Dn+1 . This means that there is a rule r ∈ δ of the form (q1 , . . . , qn ) → qn+1 where qj = q 0 and qk ∈ [[Dk ]] for each k : 1 ≤ k ≤ n + 1. Define ρ0 to be (D10 , . . . , Dn0 ) → Dn+1 , 0 where Dk = [[qk ]]' for each k : 1 ≤ k ≤ n + 1. Lemma 3.5 If ' is a stable refinement of '0 , then ' is also a refinement of 'i , for each i : 1 ≤ i ≤ t. Proof By induction on i. The base case is trivial. For the induction step, suppose that q ' q 0 . We show that q 'i+1 q 0 using the three conditions in the definition of 'i+1 . Condition (1) is satisfied by the induction hypothesis. For Condition (2), suppose that (ρ, j) ∈ Occ(∼ =i+1 )(Bi )(q). Since (ρ, j) is in Occ(∼ =i+1 )(Bi )(q) we know that Bi ∈ ρ and that (ρ, j) ∈ Occ(∼ =i+1 )(q). From the induction hypothesis we know that '⊆'i , and by Lemma 3.3 that '⊆∼ =i+1 . By Lemma 3.4 there is a ρ0 ∈ [[ρ]]' such that (ρ0 , j) ∈ Occ(')(q). Since q ' q 0 and ' is stable, we have that (ρ0 , j) ∈ Occ(')(q 0 ). From '⊆∼ =i+1 and ρ0 ∈ [[ρ]]' , it follows by Lemma 3.4 that (ρ, j) ∈ Occ(∼ =i+1 )(q 0 ). Since Bi ∈ ρ, we conclude 0 ∼ that (ρ, j) ∈ Occ(=i+1 )(Bi )(q ). Regarding Condition (3), assume that i count(ρ)(q) 6= count([[ρ]]B ∼ =i+1 )(q) .

We show that 0 i count(ρ)(q 0 ) 6= count([[ρ]]B ∼ =i+1 )(q ) .

From the above assumption, we know that there are ρ1 ∈ (ρ/∼ =i ) and j such that Bi 6∈ ρ1 and (ρ1 , j) is an element of Occ(∼ =i+1 )(q). From the induction hypothesis we know that '⊆'i , and hence by Lemma 3.3 it follows that '⊆∼ =i+1 . By Lemma 3.4 there is a ρ2 ∈ [[ρ1 ]]' , such that (ρ2 , j) ∈ Occ(')(q). Since q ' q 0 and ' is stable it follows that (ρ2 , j) ∈ Occ(')(q 0 ). From '⊆∼ =i+1 and ∼ ρ2 ∈ [[ρ1 ]]' , it follows by Lemma 3.4 that (ρ1 , j) is an element of Occ(=i+1 )(q 0 ), and hence the result. Lemma 3.6 There is a t ≤ n − 1 such that 't = ∼ =t . Proof As long as the algorithm has not terminated, we have Bi ⊂ Si and consequently ∼ =i+1 ⊂ ∼ =i . By finiteness of Q it follows that after at most t = |Q| − 1 steps we reach a point where there are no Bt ∈ (Q/'t ) and St ∈ (Q/∼ =t ) such that Bt ⊂ St and |Bt | ≤ |S2t | . This implies 't = ∼ =t . Now we are ready to prove correctness. Lemma 3.6 guarantees that the algorithm terminates, producing 't . According to Lemma 3.2, 't is stable with respect to ∼ =t , and since 't = ∼ =t , the equivalence 't is stable. The implication of this, in combination with Lemma 3.5, is stated as the following theorem. Theorem 3.7 The algorithm terminates with output 't , where 't is the coarsest stable refinement of '0 . 10

To simplify the discussion regarding time complexity, we formulate Lemma 3.8. Lemma 3.8 For each q ∈ Q and i < j if q ∈ Bi ∩ Bj then |Bj | ≤

|Bi | 2 .

Proof By definition we know that Bi is a block of ∼ =i+1 . Since i < j it follows by definition that ∼ =j is a refinement of ∼ =i , and hence that Bi is a union of blocks in the partition induced by ∼ =j . From the fact that q ∈ Bj we know that q ∈ Sj . Since q ∈ Bi it follows that Sj ⊆ Bi . Finally, from the inequality |S | |Bj | ≤ 2j it follows that |Bj | ≤ |B2i | . As demonstrated in Section 4, calculation steps 1 to 8 can each be performed in time   X O |r| , r∈δB

so this is also the time required by an entire iteration. The time complexity of the algorithm can then be written X X X |r| , |r| + . . . |r| + r∈δB0

r∈δBt

r∈δB1

where Bi is the B-block chosen during the ith iteration. Now, a transition rule r = (q1 , . . . , qk ) → qk+1 ∈ δ will only be contained in the set δBi , 0 ≤ i ≤ t, if state qj is contained in Bi for some j : 1 ≤ j ≤ k + 1. No state occurs in more than log n B-blocks (Lemma 3.8), and since r contains at most |r| distinct states, r cannot contribute by more than |r|2 log n to the total sum. This implies that the algorithm runs in time ! X 2 O ( |r| ) log n , r∈δ

which is bounded by O(ˆ r m log n), where rˆ is the maximum rank of the alphabet.

4

Iterations

In this section we describe the data structures used in the representation of the equivalences 'i and ∼ =i (see Section 3). Also, we use a number of auxiliary data structures which allow efficient implementation of each iteration in the algorithm. Finally, we describe how to implement each iteration. Each state is represented by a record which we identify with the state itself. We maintain three lists of blocks: - P corresponds to blocks in 'i . Each block is represented by a record which we will identify with the block itself. Each block S in P contains a pointer to a doubly linked list of its elements; and each state points to the block in P containing it. Each block in P is also equipped with a natural number which indicates its size. 11

- X corresponds to the blocks in ∼ =i . Each block is represented by a record which we will henceforth identify with the block itself. A block in the list X is said to be simple if it contains a single block of P , and compound otherwise. Each block in X contains a pointer to a doubly linked list of the blocks of P contained in it; and each block S in P contains a pointer to the block of X containing it. - C is a sublist of X containing only the compound blocks in X. The elements of the lists described above are doubly linked. This allows for deletion of elements in constant time. A transition rule r is represented by a doubly linked list of elements. The ith element of this list (which corresponds to state q) is a record with: - pointers to the next and previous elements of r (if any). - pointers to the ith element in the previous and the next rule in [r]∼ =i . - a pointer to the symbolic rule ρ = [r]∼ =i . - pointers c, c1 , and c2 to three counters containing natural numbers. Intuitively, given a rule r, the pointer c points to count(ρ)(q) where ρ = [r]∼ =i . The counters c1 and c2 are temporary variables, used during the iterations, to point to count(ρ0 )(q) and   count [[ρ]] B (q) , ∼ =i+1

respectively, where ρ0 = [r]∼ =i+1 . A state has a pointer to the list of rules in which it occurs. A symbolic rule ρ is represented by a record which is pointed to by all instances of ρ.

Initialization In the initial configuration, all transition rules r ∈ δ points to (the only) symbolic rule ρ0 ∈ (δ/∼ =0 ). Each position of a transition rule r (which corresponds to a state q) points to a counter count(ρ0 )(q). The list X contains only one block. This block is compound and it is also the only block contained in C. Step 1: Select compound block S. Remove a compound block S from C. Examine the first two blocks in S. Let B be the smaller one. If they are equal in size then B can be arbitrarily chosen to be anyone of them. These blocks correspond to Bi and Si chosen during the ith iteration (Section 3). This step can be performed in constant time. Step 2: Remove B from S. This step is to maintain the invariant that 0 0 ∼ q =i+1 q implies that q ∈ B iff q ∈ B. Remove B from S and create a new block S 0 in X. The block S 0 is simple and contains B as its only block. If S is still compound, put it back into C. Observe that the elements of X will now correspond to the blocks of ∼ =i+1 . This step can be performed in constant time. 12

Step 3: Calculate new symbolic rules. Note that each symbolic rule ∼ ρ ∈ (δ/=i ) will potentially give raise to a set of rules in (δ/∼ =i+1 ), namely those ¬B in [[ρ]]B and [[ρ]] , and that these rules are obtained from ρ by replacing ∼ ∼ =i+1 =i+1 occurrences of S in ρ either by Bi or S − B. The purpose of Step 3 is to derive ∼ the rules in [[ρ]]B ∼ =i+1 , i.e., to generate those members of (δ/= i+1 ) in which B occurs at least once. For this purpose, we build, for each ρ with [[ρ]]B ∼ =i+1 6= ∅, a tree Tρ which encodes the symbolic rules in [[ρ]]B ∼ =i+1 . A list of existing trees is maintained throughout the current iteration. The rule ρ will maintain a pointer1 to Tρ , while each tree will maintain a pointer to the list of its leafs. ∼i+1 ). Each The edges of the tree are labeled with blocks in X (i.e., blocks in = path π from the root to a leaf is of length |ρ|, and corresponds to one symbolic rule ρ0 = [ρ]∼ =i+1 . More precisely, the root-to-leaf concatenation of the labels of edges along π defines the blocks which appear in ρ0 from left to right. Thus, the ith edge in π is labeled by ρ0 (i), for i : 1 ≤ i ≤ |ρ0 |. Furthermore, the leaf at the end of π points to a list Lρ0 of rules which are instances of ρ0 . The elements of different rules in Lρ0 are also linked together: position j in each rule has a pointer to position j of the next rule in Lρ0 . This gives the list Lρ0 a “matrix” form where the rows correspond to rules and the columns correspond to given positions in the rules. When Tρ is completely constructed, each symbolic rule 0 ρ0 ∈ [[ρ]]B ∼ =i+1 will be represented by a path in Tρ ; and each instance of ρ will be present in the list associated with the corresponding leaf. To construct Tρ , we go through the elements of B. For each element q ∈ B, we go through the list of rules r with q ∈ r. Recall that q has a pointer to this list. To prevent that a certain rule is considered twice, we mark encountered rules (and unmark them at the end of the step). For a rule r, we find the symbolic rule ρ = [r]∼ =i . This can be done since each r has a pointer to ρ, and since the existing symbolic rules still correspond to those in (δ/∼ =i ) (they have yet not been modified to reflect ∼ =i+1 ). We also find the tree Tρ by following pointer from each symbolic rule ρ to Tρ . If Tρ does not exist yet, we create it, add it to the list of currently existing trees, and add a pointer to it from ρ. Now we modify Tρ by “adding” r to it. The addition process is carried out as follows. Let r be of the form (q1 , . . . , qn ) → qn+1 . We simultaneously traverse r (from left to right) and Tρ (in a top-down manner). We start from q1 and the root of the tree. At step j of the traversal, we consider the state qj together with a node nj in Tρ . We check whether there is an edge leaving nj which is labeled by [qj ]∼ =i+1 (we can find [qj ]∼ =i+1 by following the pointer to the block in P containing qj and from there following the pointer to the corresponding block in X). If such an edge exists, we follow the edge one step down the tree to the next node nj+1 . We also move one step to the right in r to the state qj+1 . If no such an edge exists, we create a new edge nj+1 connected to nj and labeled with [qi ]∼ =i+1 (again moving one step to the right in r). Checking existence of the right edge takes constant time. This is due to the fact that each node may have at most two outgoing edges (in fact a node has only outgoing edge unless the edges are labeled by B or S). Once we 1

Pointer from each symbolic rule ρ to Tρ .

13

reach a leaf (after |ρ| steps), we insert r in the list pointed to by the leaf. More precisely, we go through r from left to right. For element j in r, we remove any existing (old) links to and from elements of other lists, and add a double link to element j of the rule which was previously first in the list of rules (before the insertion of r). This is to maintain the matrix form, i.e., the invariant that corresponding elements in rules in the same list are linked. If the leaf had just been created, we add it to the list of leafs of the tree. Notice that the time complexity of the current step is   X O |r| . r∈δB

In fact, as we shall see all subsequent steps have the same complexity.

Step 4: Create counters. In this step, we create new counters to reflect the introduction of the new symbolic rules, and update the values of the temporary pointers c1 and c2 in the relevant rules. We go through the list of existing trees and through the list of leafs of each tree. For a given leaf representing a symbolic rule ρ0 , we consider the associated list Lρ0 , and consider each rule r in the corresponding list. We scan the rule r, and each position (corresponding to a state q). If it is the first time we encounter q during the scanning of the current leaf, we create the counter count(ρ0 )(q), and make both q and pointer c1 of the current position point to it. If it is not the first time, we find count(ρ0 )(q) by following the pointer from the current position to q, and from q to the counter. We increase its value and create a pointer to it from c1 of the current position. We create and modify   count [[ρ]] B (q) ∼ =i+1 in a similar manner, with two differences, namely (i) we use c2 instead of c1 ; and (ii) we check whether it is the first time we encounter q during the scanning of the current tree (rather than the current leaf). To prevent that the same is considered twice during the scanning of r, we mark encountered states. When the scanning of r has been completed, we scan r one more time and unmark all states. When we have scanned all rules in the current leaf, we go through all rules and positions one more time and delete the pointers we have created from states q to the counters count(ρ0 )(q) (preserving the ones from c2 ). When we have scanned all leafs in the current tree, we delete the corresponding pointers to   count [[ρ]] B (q) . ∼ =i+1 Step 5: Refine P with respect to B. Each position j : 1 ≤ j ≤ |ρ0 | may potentially give raise to a split of the blocks in P . A state q1 which occurs in position j in the left hand side of a rule r ∈ [[ρ0 ]] (i.e., r(j) = q1 for some j : 1 ≤ j ≤ |ρ0 | − 1) should not be in the same block as a state q2 which does not occur in position j of any rule in [[ρ0 ]]. The reason is that this would imply ∼i+1 )(B)(q 0 ) . Occ(∼ =i+1 )(B)(q) 6= Occ(= 14

To reflect this in our blocks, we go through all trees and all leafs in a tree. For a leaf corresponding to a rule ρ0 , we iterate over all positions j : 1 ≤ j ≤ |ρ0 | − 1, and scan position j of all the rules in Lρ0 one by one. This can be done due to the matrix form, where position j in each rule has a pointer to position j of the next rule in Lρ0 . Let q be the state in the position and rule currently under consideration. We find the block D of P containing q. We create an associated block D 0 if one does not already exist. We move q to D 0 decreasing the size of D and increasing the size of D 0 . During the scanning, we construct a list which contains all blocks which have been split. After we have scanned position j of all rules in Lρ0 , we go through the new list of blocks. For each block D (and associated block D 0 ), we remove the record for D if it has become empty (all its elements have been moved to D 0 ); otherwise if the block of X containing D has become compound by the split, we add this block to C. Step 6: Refine P with respect to S − B. For each tree Tρ , and all of its leaves, we go through the list Lρ0 , and scan every rule r in Lρ0 . Let q be the state of r currently scanned. We determine whether the counters pointed to by c and c1 have the same values. This corresponds to checking whether   count(ρ)(q) = count [[ρ]] B (q) . ∼ =i+1 If the equality holds, we find the block D of P containing q, and create an associated block D 0 if one does not already exist. Afterward, the new list of blocks is processed in the same way as in Step 4.

Step 7: Update the counters. This step updates the counters for every state in every rule in [[ρ]]¬B ∼ =i+1 . For each tree Tρ in the list of trees created in Step 3, we go through all the leaves of Tρ . For a given leaf and an associated list Lρ0 , we scan each rule r in Lρ0 from left to right. Let q be the state that is currently scanned. We subtract the value of the counter pointed to by c2 from that pointed to by c and put the value back in the latter. This corresponds to the assignment count(ρ)(q) := count(ρ)(q) − count([[ρ]] B )(q) . ∼ =i+1 To prevent that the same state is processed more than once, we mark encountered states. When the scanning of all leafs of Tρ has been completed, we scan all leaves one more time and unmark all states. During the same scan we change the pointer c of a cell and make it point to the same counter as c2 . Now, we destroy, for each state q, the pointers c1 and c2 and the corresponding counters. Step 8: Update symbolic rules. We go through each tree Tρ . For each leaf we create a new symbolic rule ρ0 . We go through the associated list of rules, and make the rules point to ρ0 . After Tρ has been processed, it is destroyed.

15

5

NTA minimization with respect to bisimulation

We now discuss how the algorithm presented in Section 3 can be applied to the minimization of non-deterministic tree automata, with respect to bisimulation equivalence. We begin with a formal definition of bisimulation equivalence.

Bisimulation equivalence Definition 5.1 Let A = (Q, Σ, δ, F ) and A0 = (Q0 , Σ, δ0 , F 0 ) be two NTA. A relation ' ⊆ Q × Q0 is a bisimulation relation if the following two conditions hold for all states q ∈ Q and q 0 ∈ Q0 such that q ' q 0 : First, q ∈ F if and only if q 0 ∈ F 0 . Second, the fact that there exists a rule (q1 , . . . , qi , . . . , qk−1 ) → qk ∈ δ , where q = qi and i ≤ k, implies that there exists a rule  0 q10 , . . . , qi0 , . . . , qk−1 → qk0 ∈ δ0 ,

such that q 0 = qi0 and qj ' qj0 for all j : 1 ≤ j ≤ k, and vice versa.

States q and q 0 as above are said to be bisimilar (with respect to '). We consider A and A0 to be bisimulation equivalent (and write A ∼ A0 ) if there is a bisimulation relation according to which every state in Q is bisimilar to a state in Q0 , and every state in Q0 to a state in Q. To facilitate the upcoming proof of Lemma 5.3 (which states that bisimulation equivalence implies language equality), we first state and prove the auxiliary Lemma 5.2. To improve readability, we introduce the following notation. When A = (Q, Σ, δ, F ) is a nondeterministic tree automaton, the subset {t | δ(t) = q} of TΣ is denoted by Lq (A). Lemma 5.2 Let A = (Q, Σ, δ, F ) and A0 = (Q0 , Σ, δ0 , F 0 ) be a pair of bisimulation equivalent NTA. If states q ∈ Q and q 0 ∈ Q0 are bisimilar, then the equivalence Lq (A) = Lq0 (A0 ) holds. The inductive proof is omitted, as it is very straightforward given the induction hypothesis that the statement is true if we only consider trees of height ≤ k. Lemma 5.3 Bisimulation equivalence implies language equality. Proof Let A = (Q, Σ, δ, F ) and A0 = (Q0 , Σ, δ0 , F 0 ) be a pair of bisimulation equivalent NTA. Assume that t ∈ L(A), then δ(t) = q for some q ∈ F . Since A and A0 are bisimulation equivalent, there exists at state q 0 ∈ F 0 bisimilar to q. According to Lemma 5.2, q 0 ∈ δ0 (t) so t ∈ L(A0 ). The same argument also holds for the opposite direction. We also show that bisimulation equivalence is, as its name implies, a proper equivalence relation.

16

Lemma 5.4 Bisimulation equivalence is an equivalence relation. Proof Reflexivity and symmetry are obvious. For transitivity, let A1 = (Q1 , Σ, δ1 , F 1 ), A2 = (Q2 , Σ, δ2 , F 2 ), and A3 = (Q3 , Σ, δ3 , F 2 ) be three NTA, and '12 , '23 bisimulation relations on Q1 × Q2 and Q2 × Q3 , respectively. Furthermore, let '13 be the relation on Q1 × Q3 given by q 1 '13 q 3 if and only if there is a q 2 ∈ Q2 , such that q 1 '12 q 2 and q 2 '23 q 3 . We show that '13 is a bisimulation relation. Suppose that q 1 '13 q 3 . By definition, there exists a q 2 ∈ Q2 such that q 1 ∈ F 1 and q 3 ∈ F 3 if and only if q 2 ∈ F 2 , so q 1 ∈ F 1 if and only if q 3 ∈ F 3 . Moreover, the existence of a rule  1 1 , q 1 , qi1 , . . . , qk−1 q11 , . . . , qi−1 → qk1 ∈ δ1 , implies that there is a rule

 2 2 → qk2 ∈ δ2 , , q 2 , qi2 , . . . , qk−1 q12 , . . . , qi−1

such that qi1 '12 qi2 , for all i : 1 ≤ i ≤ k, which implies that there is a rule  3 3 → qk3 ∈ δ3 , q13 , . . . , qi−1 , q 3 , qi3 , . . . , qk−1

such that qi1 '12 qi2 , for all i : 1 ≤ i ≤ k. Hence, qi1 '12 qi2 and qi2 '23 qi3 , so qi1 'l3 qi3 , for all i : 1 ≤ i ≤ k.

The minimization procedure We now describe the actual minimization procedure, beginning with an easy observation: if A and A0 are bisimulation equivalent NTAs and the bisimulation relation between their states is one-to-one, then A and A0 are isomorphic. To produce the unique minimal tree automaton that is bisimilar to a given tree automaton A = (Q, Σ, δ, F ), we first apply the algorithm of Section 3 with an initial partition 'init derived from {F, Q \ F } (we shall soon discuss how) to find an equivalence relation ' on Q, such that (Q/') is the coarsest stable partition of Q, and then output A' = ((Q/') , Σ, (δ/') , (F/')). As the reader may recall from Section 3, we require that (a) 'init is a proper refinement of ∼ =0 = Q × Q and also that (b) 'init is stable with respect to ∼ =0 . In the general case, these conditions do not hold for the partition {F, Q \ F }, so it cannot be used as the initial partition of the algorithm. It is fortunate then that we can construct a partition 'init from {F, Q \ F } in time O(m) that meets both condition (a) and (b): we first check if F = ∅, in which case we just output the unique minimal automaton accepting the empty language. If, on the other hand, F is non-empty, we iterate over the transition rules in δ and separate every pair of states q, q 0 in the same block for which there is a symbolic rule ρ ∈ (δ/∼ =0 ) and a position i ∈ {1, . . . , |ρ|} such that exactly one of q and q 0 occurs at position i of ρ. When this iteration is complete, the resulting partition is our sought 'init . Note that in the event that F = Q and 'init = {F, Q \ F }, we have that {F, Q \ F } is actually the coarsest stable refinement of itself.

17

Lemma 5.5 The input automaton and the output automaton returned by the minimization algorithm are bisimulation equivalent. Proof Let A = (Q, Σ, δ, F ) be an NTA, and let A' = ((Q/') , Σ, (δ/') , (F/')) be the NTA returned by the minimization algorithm. Furthermore, let '0 be the relation on Q × (Q/') given by q '0 D iff [q]' = D. We show that '0 is a bisimulation relation. Since ' is a refinement of {F, Q \ F }, the first condition holds. It should also be clear that (q1 , . . . , qi−1 , q, qi , . . . , qk−1 ) → qk ∈ δ, implies ([q1 ]' , . . . , [qi−1 ]' , [q]' , [qi ]' , . . . , [qk−1 ]' ) → [qk ]' ∈ (δ/') , so the second condition holds in one direction. Finally, assume that (D1 , . . . , Di−1 , [q]' , Di , . . . , Dk−1 ) → Dk ∈ (δ/') . Then, there must exist a transition rule  0 0 , q 0 , qi0 , . . . , qk−1 q10 , . . . , qi−1 → qk0 ∈ δ ,

such that q 0 ∈ [q]' and qi ∈ Di , i : 1 ≤ i ≤ k. By the definition of stability, there is a rule (q1 , . . . , qi−1 , q, qi , . . . , qk−1 ) → qk ∈ δ , such that qi ' qi0 , for all i : 1 ≤ i ≤ k, so qi ∈ Di , for all i : 1 ≤ i ≤ k. Theorem 5.6 Given an automaton A, the minimization algorithm returns the unique minimal bisimulation-equivalent automaton recognizing L(A). Let A = (Q, Σ, δ, F ) be an NTA, and let A' = ((Q/') , Σ, (δ/') , (F/')) be the NTA returned by the minimization algorithm. According to Theorem 3.7, (Q/') is the coarsest stable refinement of {F, Q\F }. By Lemma 5.5, automata A' and A are bisimulation equivalent. Let A0 = (Q0 , Σ, δ0 , F 0 ) be a minimal NTA bisimulation equivalent with A. Since A and A0 are bisimulation equivalent, there is an equivalence relation '0 on Q, such that q '0 q 0 if q and q 0 are both bisimilar to the same state in Q0 . The partition (Q/'0 ) is stable, and a refinement of {F, Q \ F }. In combination with the assumption that A0 is minimal, we have that (Q/'0 ) is the unique coarsest stable refinement of {F, Q \ F }, and hence that ' = '0 . Since both A' and A0 are bisimulation equivalent to A, they are also bisimulation equivalent to each other (Lemma 5.4), and since they each have |(Q/')| states, this relation is one-to-one. Hence, A' and A0 are isomorphic. Note that all deterministic tree automata (DTA) that recognize the same language are bisimulation equivalent to each other, because they are all bisimulation equivalent to the unique minimal DTA that recognizes this language, and bisimulation equivalence, like all equivalence relations, is transitive. Lemma 5.7 Given a DTA A, the minimization algorithm returns the unique minimal DTA recognizing L(A). 18

Proof Let A = (Q, Σ, δ, F ) be an input automaton and A0 = (Q0 , Σ, δ0 , F 0 ) the bisimulation equivalent output automaton. We show that if A is deterministic, then so is A0 . Note that an NTA is deterministic if and only if it maps every input tree to exactly one state. This means that since A is deterministic, the elements of {L(q) | q ∈ Q} are pairwise disjoint and [ L(q) = TΣ . q∈Q

Since every state q ∈ Q0 has a bisimilar state q 0 ∈ Q0 and L(q 0 ) = L(q), we have that [ L(q 0 ) = TΣ . q 0 ∈Q0

Claim 1. If L(q10 ) ∩ L(q20 ) 6= ∅ then L(q10 ) = L(q20 ). Due to the definition of bisimulation equivalence, there exists states q1 and q2 in Q that are bisimilar to q10 and q20 , respectively. Since L(q1 ) ∩ L(q2 ) cannot be empty, it can only be so that q1 = q2 , and hence L(q10 ) = L(q1 ) = L(q2 ) = L(q20 ). Since A0 is the minimal automaton that is bisimulation equivalent to A, it cannot have two states q10 , q20 such that L(q10 ) = L(q2 )0 . If it were so, then an even smaller automaton A00 could be derived by abandoning either q10 or q20 , together with all transition rules containing that state, and this A00 would also be bisimulation equivalent with A. Hence, the elements of {L(q 0 ) | q 0 ∈ Q0 } are pairwise disjoint, and A0 is consequently deterministic. The behavior described in Lemma 5.7 makes it impossible to give a nontrivial approximation bound for the performance of the minimization algorithm. To see why, recall that there is a family of tree languages T such that if L ∈ T , then the minimal DTA that recognizes L is exponentially larger than a minimal NTA recognizing the same language. This means that given any DTA A such that L(A) ∈ T , the algorithm will return a potentially smaller, but still deterministic, tree automaton, and hence misses the optimum with an exponential factor.

6

Experiments

As mentioned in the introduction, we have implemented our algorithm in Java. To test the algorithm on real life examples we used tree automata that arose during computations in the framework of tree regular model checking. Tree regular model checking is the name of a family of techniques for analyzing infinite state systems in which states are represented by trees, set of states by tree automata, and transitions by tree transducers. Most tree regular model checking algorithms rely heavily on efficient methods for checking bisimulation since the automata often increase in size during the verification process and some computations are simply not feasible without minimization.

19

The NTAs that we have minimized arose during verification of the Percolate protocol and the Leader Election protocol. The Percolate protocol operates on a tree of processes. The protocol simulates the way results propagate in a set of logical-or gates organized in a tree. A more detailed description on the protocol can be found in [KMM+ 01]. The Leader Election protocol consists of a set of processes (represented by the leaves of a tree) that wants to elect a leader. Each process first decides whether to be a candidate or not. The election process then proceeds in two phases. First, the internal nodes checks their children to see if at least one of them has decided to be a candidate. If that is the case, the internal node becomes a candidate as well. Secondly, the root elects one candidate non-deterministically among its children. After this, every internal node that has been elected, elects one of its children (that has declared that it is a candidate). The protocol is further described in [ALdR06]. Table 1 shows the execution time, and the size of the tree automata before and after running our minimization algorithm. Protocol Percolate Leader

States 18 21 25 49

Input Trans. 333 594 384 3081

States 5 5 9 14

Output Trans. 38 45 43 167

Time (s) 0.2 1.3 0.3 30.6

Table 1: The results from applying the bisimulation minimization algorithm to tree automata that arose in the verification of protocols Perculate and Leader.

7

Conclusion and future work

We have extended an algorithm by Paige and Tarjan for solving the coarsest stable partition problem to the domain of trees, and obtained a running time of O(ˆ r m log n), where rˆ is the maximum rank of the input alphabet, m is the total size of the transition table, and n is the number of states. As demonstrated, the extended algorithm can be used to minimize non-deterministic tree automata with respect to bisimulation equivalence. One direction for future work is to integrate the minimization algorithm in the framework of tree regular model checking, where tree automata are encoded symbolically. Since many of the algorithms in this framework rely heavily on minimization, we believe that the performance would be improved if our algorithm could be integrated in this setting. We plan to implement a symbolic version of our algorithm where we consider both binary decision diagrams and SAT solvers to perform the necessary operations on the symbolic encoding. Another direction for future work is to extend our algorithm to work on nondeterministic automata on unranked trees. Unranked tree automata are used in numerous areas of XML-related research [Nev02]. For example, in the context 20

of XML schema languages a minimized schema would improve the running time or memory consumption for document validation. Unranked tree automata can be modeled in different ways. In [CLT05], a minimization algorithm for deterministic unranked tree automata is described, while complexity results for a different model of deterministic unranked tree automata can be found in [MN06].

References [AJMd02]

P. A. Abdulla, B. Jonsson, P. Mahata, and J. d’Orso. Regular tree model checking. In CAV, pages 555–568, 2002.

[AJNS04]

P. A. Abdulla, B. Jonsson, M. Nilsson, and M. Saksena. A survey of regular model checking. In CONCUR, pages 35–48, 2004.

[ALdR06]

P. A. Abdulla, A. Legay, J. d’Orso, and A. Rezine. Tree regular model checking: A simulation-based approach. To appear in Journal of Logic and Algebraic Programming, 2006.

[BKR97]

M. Biehl, N. Klarlund, and T. Rauhe. Algorithms for guided tree automata. In First International Workshop on Implementing Automata, LNCS 1260. Springer Verlag, 1997.

[Bra68]

W. S. Brainerd. The minimalization of tree automata. Information and Control, 13(5):484–491, Nov 1968.

[CDG+ 97] H. Comon, M. Dauchet, R. Gilleron, F. Jacquemard, D. Lugiez, S. Tison, and M. Tommasi. Tree automata techniques and applications. Available on: http://www.grappa.univ-lille3.fr/tata, 1997. release October, 2002. [CGL+ 03] J. Carme, R. Gilleron, A. Lemay, A. Terlutte, and M. Tommasi. Residual finite tree automata, 2003. [CLT05]

J. Cristau, C. L¨oding, and W. Thomas. Deterministic automata on unranked trees. In Proceedings of the 15th International Symposium on the Fundamentals of Computation Theory, FCT 2005. Springer Verlag, 2005.

[GS05]

G. Gramlich and G. Schnitger. Minimizing nfas and regular expressions. In LNCS: 22nd International Symposium on Theoretical Aspects of Computer Science. Springer-Verlag, 2005.

[Hop71]

J. E. Hopcroft. An n log n algorithm for minimizing states in a finite automaton. In Z. Kohavi, editor, Theory of Machines and Computations. Academic Press, 1971.

[KMM+ 01] Y. Kesten, O. Maler, M. Marcus, A. Pnueli, and E. Shahar. Symbolic model checking with rich assertional languages. Theoretical Computer Science, 256(1-2):93–112, 2001. 21

[Mil80]

R. Milner. A calculus of communicating systems. Lecture Notes in Computer Science, 92, 1980.

[MN06]

W. Martens and J. Niehren. On the minimization of XML schemas and tree automata for unranked trees. Journal of Computer and System Sciences, 2006.

[MS72]

A. R. Meyer and L. J. Stockmeyer. The equivalence problem for regular expressions with squaring requires exponential space. In Proceedings of the 13th Annual IEEE Symposium on Switching and Automata Theory, pages 125–129, 1972.

[Nev02]

F. Neven. Automata, logic, and xml. In CSL ’02: Proceedings of the 16th International Workshop and 11th Annual Conference of the EACSL on Computer Science Logic. Springer-Verlag, 2002.

[NP97]

M. Nivat and A. Podelski. Minimal ascending and descending tree automata. SIAM Journal on Computing, 26(1):39–58, 1997.

[PT87]

R. Paige and R. Tarjan. Three partition refinement algorithms. SIAM Journal on Computing, 16:973–989, 1987.

22