Safety and Cosafety Comparator Automata for DiscountedSum Inclusion
Abstract
Discountedsum inclusion (DSinclusion, in short) formalizes the goal of comparing quantitative dimensions of systems such as cost, resource consumption, and the like, when the mode of aggregation for the quantitative dimension is discountedsum aggregation. Discountedsum comparator automata, or DScomparators in short, are Büchi automata that read two infinite sequences of weights synchronously and relate their discountedsum. Recent empirical investigations have shown that while DScomparators enable competitive algorithms for DSinclusion, they still suffer from the scalability bottleneck of Büchi operations.
Motivated by the connections between discountedsum and Büchi automata, this paper undertakes an investigation of languagetheoretic properties of DScomparators in order to mitigate the challenges of Büchi DScomparators to achieve improved scalability of DSinclusion. Our investigation uncovers that DScomparators possess safety and cosafety languagetheoretic properties. As a result, they enable reductions based on subset constructionbased methods as opposed to higher complexity Büchi complementation, yielding tighter worstcase complexity and improved empirical scalability for DSinclusion.
1 Introduction
The analysis of quantitative dimensions of computing systems such as cost, resource consumption, and distance metrics [6, 10, 28] has been studied thoroughly to design efficient computing systems. Costaware programsynthesis [14, 16] and lowcost programrepair [25] have found compelling applications in robotics [24, 29], education [22], and the like. Quantitative verification facilitates efficient system design by automatically determining if a system implementation is more efficient than a specification model. Investigations in quantitative verification have demonstrated their high computational complexity and practically intractable [17, 23]. This work addresses practical intractability of quantitative verification.
At the core of quantitative verification lies the problem of quantitative inclusion which formalizes the goal of determining which of two given systems is more efficient [17, 23, 31]. In quantitative inclusion, quantitative systems are abstracted as weighted automata [7, 21, 32]. A run in a weighted automaton is associated with a sequence of weights. The quantitative dimension of these runs is determined by the weight of runs, which is computed by taking an aggregate of the run’s weight sequence. Quantitative inclusion can be thought of as the quantitative generalization of (qualitative) language inclusion.
A commonly appearing mode of aggregation is that of Discountedsum (DS) aggregation which captures the intuition that weights incurred in the near future are more significant than those incurred later on [19]. The convergence of DS aggregation for all bounded infinite weightsequences makes it a preferred mode of aggregation across domains: Reinforcement learning [37], planning under uncertainty [34], and gametheory [33]. This work examines the problem of Discountedsum inclusion or DSinclusion that is quantitative inclusion when discounted sum is the mode of aggregation.
In theory, DSinclusion is PSPACEcomplete [12]. Recent algorithmic approaches have tapped into languagetheoretic properties of discountedsum aggregate function [12, 18] to design practical algorithms for DSinclusion [11, 12]. These algorithms use DScomparator automata (DScomparator, in short) as their main technique, and are purely automatatheoretic. While these algorithms outperform other existing approaches for DSinclusion in runtime [15, 17], even these do not scale well on weightedautomata with more than few hundreds of states [11]. This work contributes novel techniques and algorithms for DSinclusion to address the scalability challenge of DSinclusion
An indepth examination of the DScomparator based algorithm exposes their scalability bottleneck. DScomparator is a Büchi automaton that relates the discountedsum aggregate of two (bounded) weightsequences A and B by determining the membership of the interleaved pair of sequences (A, B) in the language of the comparator. As a result, DScomparators reduce DSinclusion to language inclusion between (nondeterministic) Büchi automaton. In spite of the fact that many techniques have been proposed to solve Büchi language inclusion efficiently in practice [4, 20], none of them can avoid at least an exponential blowup of \(2^{\mathcal {O}(n\log n)}\), for an nsized input, caused by a direct or indirect involvement of Büchi complementation [36, 40].
This work meets the scalability challenge of DSinclusion by delving deeper into languagetheoretic properties of discountedsum aggregate functions [18] in order to obtain algorithms for DSinclusion that render both tighter theoretical complexity and improved scalability. Specifically, we prove that DScomparators are expressed as safety automata or cosafety automata [26] (Sect. 3.1), and have compact deterministic constructions (Sect. 3.2). Safety and cosafety automata have the property that their complementation is performed by simpler and lower \(2^{\mathcal {O}(n)}\)complexity subsetconstruction methods [27]. As a result, they facilitate a procedure for DSinclusion that uses subsetconstruction based intermediate steps instead of Büchi complementation, yielding an improvement in theoretical complexity from \(2^{\mathcal {O}(n\cdot \log n)}\) to \(2^{\mathcal {O}(n)}\). Our subsetconstruction based procedure has yet another advantage over Büchi complementation as they support efficient onthefly implementations, yielding practical scalability as well (Sect. 4).
An empirical evaluation of our prototype tool \(\textsf {QuIPFly}\) for the proposed procedure against the prior DScomparator algorithm and other existing approaches for DSinclusion shows that QuIPFly outperforms them by orders of magnitude both in runtime and the number of benchmarks solved (Sect. 4).
2 Preliminaries and Related Work
A weightsequence, finite or infinite, is bounded if the absolute value of all of its elements are bounded by a fixed number.
Büchi Automaton: A Büchi automaton is a tuple \(\mathcal {A}= ( S \), \(\varSigma \), \(\delta \), \(s_\mathcal {I}\), \(\mathcal {F})\), where \( S \) is a finite set of states, \( \varSigma \) is a finite input alphabet, \( \delta \subseteq ( S \times \varSigma \times S ) \) is the transition relation, state \( s_\mathcal {I} \in S \) is the initial state, and \( \mathcal {F}\subseteq S \) is the set of accepting states [39]. A Büchi automaton is deterministic if for all states s and inputs a, \( \{s'(s, a, s') \in \delta \) for some \(s'\)}\( \le 1 \). Otherwise, it is nondeterministic. A Büchi automaton is complete if for all states s and inputs a, \( \{s'(s, a, s') \in \delta \) for some \(s'\)}\( \ge 1\). For a word \( w = w_0w_1\dots \in \varSigma ^{\omega } \), a run \( \rho \) of w is a sequence of states \(s_0s_1\dots \) s.t. \( s_0 = s_\mathcal {I}\), and \( \tau _i =(s_i, w_i, s_{i+1}) \in \delta \) for all i. Let \( inf (\rho ) \) denote the set of states that occur infinitely often in run \({\rho }\). A run \(\rho \) is an accepting run if \( inf (\rho )\cap \mathcal {F}\ne \emptyset \). A word w is an accepting word if it has an accepting run. The language of Büchi automaton \(\mathcal {A}\), denoted by \(\mathcal {L}(\mathcal {A})\) is the set of all words accepted by \(\mathcal {A}\). By abuse of notation, we write \( w \in \mathcal {A}\) and \(\rho \in \mathcal {A}\) if w and \(\rho \) are an accepting word and an accepting run of \(\mathcal {A}\). Büchi automata are closed under settheoretic union, intersection, and complementation [39].
Safety and Cosafety Properties: Let \( \mathcal {L}\subseteq \varSigma ^\omega \) be a language over alphabet \(\varSigma \). A finite word \(w \in \varSigma ^*\) is a bad prefix for \(\mathcal {L}\) if for all infinite words \(y \in \varSigma ^\omega \), \(x\cdot y \notin \mathcal {L}\). A language \(\mathcal {L}\) is a safety language if every word \( w \notin \mathcal {L}\) has a bad prefix for \(\mathcal {L}\). A language \(\mathcal {L}\) is a cosafety language if its complement language is a safety language [5]. When a safety or cosafety language is an \(\omega \)regular language, the Büchi automaton representing it is called a safety or cosafety automaton, respectively [26]. Wlog, safety and cosafety automaton contain a sink state from which every outgoing transitions loops back to the sink state and there is a transition on every alphabet symbol. All states except the sink state are accepting in a safety automaton, while only the sink state is accepting in a cosafety automaton. Unlike Büchi complementation, complementation of safety and cosafety automaton is conducted by simpler subset construction with a lower \(2^{\mathcal {O}(n)}\) blowup. The complementation of safety automaton is a cosafety automaton, and viceversa. Safety automata are closed under intersection, and cosafety automata are closed under union.
Comparator Automaton: For a finiteset of integers \(\varSigma \), an aggregate function \(f:\mathbb {Z}^{\omega }\rightarrow \mathbb {R}\), and equality or inequality relation \(\mathsf {R} \in \{<,>,\le , \ge , =, \ne \}\), the comparison language for f with relation \(\mathsf {R}\) is a language of infinite words over the alphabet \(\varSigma \times \varSigma \) that accepts a pair (A, B) iff f(A) \(\mathsf {R}\) f(B) holds. A comparator automaton (comparator, in short) for aggregate function f and relation \(\mathsf {R}\) is an automaton that accepts the comparison language for f with \(\mathsf {R}\) [12]. A comparator is said to be regular if its automaton is a Büchi automaton.
Weighted Automaton: A weighted automaton over infinite words is a tuple \(\mathcal {A}= (\mathcal {M}, \gamma , f)\), where \(\mathcal {M} = ( S , \varSigma , \delta , s_\mathcal {I}, S ) \) is a complete Büchi automaton with all states as accepting, \(\gamma : \delta \rightarrow \mathbb {N}\) is a weight function, and \(f: \mathbb {N}^{\omega } \rightarrow \mathbb {R}\) is the aggregate function [17, 31]. Words and runs in weighted automata are defined as in Büchi automata. The weightsequence of run \(\rho = s_0 s_1 \dots \) of word \(w = w_0w_1\dots \) is given by \(wt_{\rho } = n_0 n_1 n_2\dots \) where \(n_i = \gamma (s_i, w_i, s_{i+1})\) for all i. The weight of a run \(\rho \), denoted by \(f(\rho )\), is given by \(f(wt_{\rho })\). Here the weight of a word \(w \in \varSigma ^{\omega }\) in weighted automata is defined as \(wt_{\mathcal {A}}(w) = sup \{f(\rho )  \rho \) is a run of w in \(\mathcal {A}\}\).
Quantitative Inclusion: Let P and Q be weighted automata with the same aggregate function. The strict quantitative inclusion problem, denoted by \(P \subset Q\), asks whether for all words \(w \in \varSigma ^{\omega }\), \(wt_{P}(w) < wt_{Q}(w)\). The nonstrict quantitative inclusion problem, denoted by \(P \subseteq Q\), asks whether for all words \(w \in \varSigma ^{\omega }\), \(wt_{P}(w) \le wt_{Q}(w)\). Comparison language or comparator of a quantitative inclusion problem refer to the comparison language or comparator of the associated aggregate function.
Discountedsum Inclusion: Let \( A = A_0,A_1,\dots \) be a weight sequence, \( d>1 \) be a rational number. The discountedsum (DS in short) of A with integer discountfactor \( d >1\) is \( DS ({A}, {d}) = \varSigma _{i=0}^{\infty }\frac{A_i}{d^i} \). DScomparison language and DScomparator with discountfactor \(d>1\) are the comparison language and comparator obtained for the discountedsum aggregate function with discountfactor \(d>1\), respectively. Strict or nonstrict discountedsum inclusion is strict or nonstrict quantitative inclusion with the discountedsum aggregate function, respectively. For brevity, we abbreviate discountedsum inclusion to DSinclusion.
Related Work. The decidability of DSinclusion is an open problem when the discountfactor \(d>1\) is arbitrary. Recent work has established that DSinclusion is \(\textsf {PSPACE}\)complete when the discountfactor is an integer [12]. This work investigates algorithmic approaches to DSinclusion with integer discountfactors.
Two contrasting solution approaches have been identified for DSinclusion. The first approach is hybrid [17]. It separates out the languagetheoretic aspects of weightedautomata from the numerical aspects, and solves each separately [15, 17]. More specifically, the hybrid approach solves the languagetheoretic aspects by DSdeterminization [15] and the numerical aspect is performed by linear programming [8, 9] sequentially. To the best of our knowledge, this procedure cannot be performed in parallel. As a result, this approach must always incur the exponential cost of DSdeterminization.
The second approach is purelyautomata theoretic [12]. This approach uses regular DScomparator to reduce DSinclusion to language inclusion between nondeterministic Büchi automata [11, 12]. While the purely automatatheoretic approach scales better than the hybrid approach in runtime [11], its scalability suffers from fundamental algorithmic limitations of Büchi language inclusion. A key ingredient of Büchi languageinclusion is Büchi complementation [36]. Büchi complementation is \(2^{\mathcal {O}(n \log n)}\) in the worstcase, and is practically intractable [40]. These limitations also feature in the theoretical complexity and practical performance of DSinclusion. The complexity of DSinclusion between weighted automata P and Q with regular DScomparator C for integer discountfactor \(d>1\) is \(P\cdot 2^{\mathcal {O}(PQC\cdot \log (PQC))}\).
This work improves the worstcase complexity and practical performance of the purely automata theoretic approach for DSinclusion by a closer investigation of languagetheoretic properties of DScomparators. In particular, we identify that DScomparator for integer discountfactor form a safety or cosafety automata (depending on the relation \(\mathsf {R}\)). We show that complementation advantage of safety/cosafety automata not only improves the theoretical complexity of DSinclusion with integer discountfactor but also facilitate onthefly implementations that significantly improve practical performance.
3 DSinclusion with Integer DiscountFactor
This section covers the core technical contributions of this paper. We uncover novel languagetheoretic properties of DScomparison languages and utilize them to obtain tighter theoretical upperbound for DSinclusion with integer discountfactor. Unless mentioned otherwise, the discountfactor is an integer.
In Sect. 3.1 we prove that DScomparison languages are either safety or cosafety for all rational discountfactors. Since DScomparison languages are \(\omega \)regular for integer discountfactors [12], we obtain that DScomparators for integer discountfactors form safety or cosafety automata. Next, Sect. 3.2 makes use of newly obtained safety/cosafety properties of DScomparator to present the first deterministic constructions for DScomparators. These deterministic construction are compact in the sense that they match their nondeterministic counterparts in number of states [11]. Section 3.3 evaluates the complexity of quantitative inclusion with regular safety/cosafety comparators, and observes that its complexity is lower than the complexity for quantitative inclusion with regular comparators. Finally, since DScomparators are regular safety/cosafety, our analysis shows that the complexity of DSinclusion is improved as a consequence of the complexity observed for quantitativeinclusion with regular safety/cosafety comparators.
We begin with formal definitions of safety/cosafety comparison languages and safety/cosafety comparators:
Definition 1
(Safety and cosafety comparison languages). Let \(\varSigma \) be a finite set of integers, \(f:\mathbb {Z}^{\omega }\rightarrow \mathbb {R}\) be an aggregate function, and \(\mathsf {R} \in \{\le , <, \ge , >, =, \ne \}\) be a relation. A comparison language L over \(\varSigma \times \varSigma \) for aggregate function f and relation \(\mathsf {R} \) is said to be a safety comparison language (or a cosafety comparison language) if L is a safety language (or a cosafety language).
Definition 2
(Safety and cosafety comparators). Let \(\varSigma \) be a finite set of integers, \(f:\mathbb {Z}^{\omega }\rightarrow \mathbb {R}\) be an aggregate function, and \(\mathsf {R} \in \{\le , <, \ge , >, =, \ne \}\) be a relation. A comparator for aggregate function f and relation \(\mathsf {R}\) is a safety comparator (or cosafety comparator) is the comparison language for f and \(\mathsf {R}\) is a safety language (or cosafety language).
A safety comparator is regular if its language is \(\omega \)regular (equivalently, if its automaton is a safety automaton). Likewise, a cosafety comparator is regular if its language is \(\omega \)regular (equivalently, automaton is a cosafety automaton).
By complementation duality of safety and cosafety languages, comparison language for an aggregate function f for nonstrict inequality \(\le \) is safety iff the comparison language for f for strict inequality < is cosafety. Since safety languages and safety automata are closed under intersection, safety comparison languages and regular safety comparator for nonstrict inequality renders the same for equality. Similarly, since cosafety languages and cosafety automata are closed under union, cosafety comparison languages and regular cosafety comparators for nonstrict inequality render the same for the inequality relation. Therefore, it suffices to examine the comparison language for one relation only.
It is worth noting that for weightsequences A and B and all relations \(\mathsf {R}\), we have that \( DS ({A}, {d})\) \(\mathsf {R}\) \( DS ({B}, {d})\) iff \( DS ({AB}, {d})\) \(\mathsf {R}\) 0, where \((AB)_i = A_i  B_i\) for all \(i\ge 0\). Prior work [11] shows that we can define DScomparison language with upper bound \(\mu \), discountfactor \(d> 1\), and relation \(\mathsf {R}\) to accept infinite and bounded weightsequence C over \(\{\mu , \dots , \mu \}\) iff \( DS ({C}, {d})\) \(\mathsf {R}\) 0 holds. Similarly, DScomparator with the same parameters \(\mu \), \(d> 1\), accepts the DScomparison language with parameters \(\mu \), d and \(\mathsf {R}\). We adopt these definitions for DScomparison languages and DScomparators
Throughout this section, the concatenation of finite sequence x with finite or infinite sequence y is denoted by \(x\cdot y\) in the following.
3.1 DScomparison Languages and Their Safety/Cosafety Properties
The central result of this section is that DScomparison languages are safety or cosafety languages for all (integer and noninteger) discountfactors (Theorem 1). In particular, since DScomparison languages are \(\omega \)regular for integer discountfactors [12], this implies that DScomparators for integer discountfactors form safety or cosafety automata (Corollary 1).
The argument for safety/cosafety of DScomparison languages depends on the property that the discountedsum aggregate of all bounded weightsequences exists for all discountfactors \(d>1\) [35].
Theorem 1
 1.
DScomparison languages are safety languages for relations \(\mathsf {R} \in \{\le , \ge , =\}\)
 2.
DScomparison language are cosafety languages for relations \(\mathsf {R} \in \{<, >, \ne \}\).
Proof
(Proof sketch). Due to duality of safety/cosafety languages, it suffices to show that DScomparison language with \( \le \) is a safety language.
Let DScomparison language with upper bound \(\mu \), rational discountfactor \(d>1\) and relation \(\le \) be denoted by \(\mathcal {L}^{\mu ,d}_\le \). Suppose that \(\mathcal {L}^{\mu ,d}_\le \) is not a safety language. Let W be a weightsequence in the complement of \(\mathcal {L}^{\mu ,d}_\le \) such that W does not have a bad prefix. Then the following hold: (a). \( DS ({W}, {d}) > 0\) (b). For all \(i\ge 0\), the ilength prefix W[i] of W can be extended to an infinite and bounded weightsequence \(W[i]\cdot Y^i\) such that \( DS ({W[i]\cdot Y^i}, {d}) \le 0\).
Note that \( DS ({W}, {d}) = DS ({W[i]}, {d}) + \frac{1}{d^i} \cdot DS ({W[i\dots ]}, {d})\) where \(W[i\dots ] = W_{i}W_{i+1}\dots \) and \( DS ({W[i]}, {d})\) is the discountedsum of the finite sequence \(W[i]\) i.e. \( DS ({W[i]}, {d}) = \varSigma _{j=0}^{j=i1} \frac{W[j]}{d^j}\). Similarly, \( DS ({W[i]\cdot Y^i}, {d}) = DS ({W[i]}, {d}) + \frac{1}{d^i} \cdot DS ({Y^i}, {d})\). The contribution of tail sequences \(W[i\dots ]\) and \(Y^i\) to the discountedsum of W and \(W[i]\cdot Y^i\), respectively, diminishes exponentially as the value of i increases. In addition, since W and \(W[i]\cdot Y^i\) share a common ilength prefix \(W[i]\), their discountedsum values must converge to each other. The discounted sum of W is fixed and greater than 0, due to convergence there must be a \(k\ge 0\) such that \( DS ({W[k]\cdot Y^k}, {d}) > 0\). Contradiction to (b).
Therefore, DScomparison language with \( \le \) is a safety language. \(\square \)
Semantically this result implies that for a boundedweight sequence C and rational discountfactor \(d>1\), if \( DS ({C}, {d}) > 0\) then C must have a finite prefix \(C_{\mathsf {pre}}\) such that the discountedsum of the finite prefix is so large that no infinite extension by bounded weightsequence Y can reduce the discountedsum of \(C_{\mathsf {pre}}\cdot Y\) with the same discountfactor d to zero or below.
Prior work shows that DScomparison languages are expressed by Büchi automata iff the discountfactor is an integer [13]. Therefore:
Corollary 1
 1.
DScomparators are regular safety for relations \(\mathsf {R} \in \{\le , \ge , =\}\)
 2.
DScomparators are regular cosafety for relations \(\mathsf {R} \in \{<, >, \ne \}\).
Lastly, it is worth mentioning that for the same reason [13] DScomparators for noninteger rational discountfactors do not form safety or cosafety automata.
3.2 Deterministic DScomparator for Integer DiscountFactor
This section issues deterministic safety/cosafety constructions for DScomparators with integer discountfactors. This is different from prior works since they supply nondeterministic Büchi constructions only [11, 12]. An outcome of DScomparators being regular safety/cosafety (Corollary 1) is a proof that DScomparators permit deterministic Büchi constructions, since nondeterministic and deterministic safety automata (and cosafety automata) have equal expressiveness [26]. Therefore, one way to obtain deterministic Büchi construction for DScomparators is to determinize the nondeterministic constructions using standard procedures [26, 36]. However, this will result in exponentially larger deterministic constructions. To this end, this section offers direct deterministic safety/cosafety automata constructions for DScomparator that not only avoid an exponential blowup but also match their nondeterministic counterparts in number of states (Theorem 3).
Key ideas. Due to duality and closure properties of safety/cosafety automata, we only present the construction of deterministic safety automata for DScomparator with upper bound \(\mu \), integer discountfactor \(d>1\) and relation \(\le \), denoted by \(\mathcal {A}^{\mu ,d}_\le \). We proceed by obtaining a deterministic finite automaton, (DFA), denoted by \(\mathsf {bad}(\mu , d,\le )\), for the language of badprefixes of \(\mathcal {A}^{\mu ,d}_\le \) (Theorem 2). Trivial modifications to \(\mathsf {bad}(\mu , d,\le )\) will furnish the coveted deterministic safety automata for \(\mathcal {A}^{\mu ,d}_\le \) (Theorem 3).
Construction. We begin with some definitions. Let W be a finite weightsequence. By abuse of notation, the discountedsum of finitesequence W with discountfactor d is defined as \( DS ({W}, {d}) = DS ({W\cdot 0^{\omega }}, {d})\). The recoverablegap of a finite weightsequences W with discount factor d, denoted \(\mathsf {gap}(W,d)\), is its normalized discountedsum: If \(W = \varepsilon \) (the empty sequence), \(\mathsf {gap}(\varepsilon ,d) = 0\), and \(\mathsf {gap}(W,d) = d^{W1}\cdot DS ({W}, {d})\) otherwise [15]. Observe that the recoverablegap has an inductive definition i.e. \(\mathsf {gap}(\varepsilon ,d) = 0\), where \(\varepsilon \) is the empty weightsequence, and \(\mathsf {gap}(W\cdot v,d) = d\cdot \mathsf {gap}(W,d) + v\), where \(v \in \{\mu ,\dots ,\mu \}\).
This observation influences a sketch for \(\mathsf {bad}(\mu , d,\le )\). Suppose all possible values for recoverablegap of weight sequences forms the set of states. Then, the transition relation of the DFA can mimic the inductive definition of recoverable gap i.e. there is a transition from state s to t on alphabet \(v \in \{\mu , \dots , \mu \}\) iff \(t = d\cdot s + v\), where s and v are recoverablegap values of weightsequences. There is one caveat here: There are infinitely many possibilities for the values of recoverable gap. We need to limit the recoverable gap values to finitely many values of interest. The core aspect of this construction is to identify these values.
First, we obtain a lower bound on recoverable gap for badprefixes of \(\mathcal {A}^{\mu ,d}_\le \):
Lemma 1
Let \(\mu \) and \(d>1 \) be the bound and discountfactor, resp. Let \(\mathsf {T}= \frac{\mu }{d1}\) be the threshold value. Let W be a nonempty, bounded, finite weightsequence. Weight sequence W is a badprefix of \(\mathcal {A}^{\mu ,d}_\le \) iff \(\mathsf {gap}(W,d) > \mathsf {T}\).
Proof
Let a finite weightsequence W be a badprefix of \(\mathcal {A}^{\mu ,d}_\le \). Then, \( DS ({W\cdot Y}, {d}) > 0\) for all infinite and bounded weightsequences Y. Since \( DS ({W\cdot Y}, {d}) = DS ({W}, {d}) + \frac{1}{d^{W}}\cdot DS ({Y}, {d})\), we get \(\inf ( DS ({W}, {d}) + \frac{1}{d^{W}}\cdot DS ({Y}, {d}))> 0 \implies DS ({W}, {d}) + + \frac{1}{d^{W}}\cdot \inf ( DS ({Y}, {d}))>0\) as W is a fixed sequence. Hence \( DS ({W}, {d}) + \frac{\mathsf {T}}{d^{W1}}> 0\implies \mathsf {gap}(W,d)  T>0\). Conversely, for all infinite, bounded, weightsequence Y, \( DS ({W\cdot Y}, {d}) \cdot d^{W1} = \mathsf {gap}(W,d) + \frac{1}{d}\cdot DS ({Y}, {d})\). Since \(\mathsf {gap}(W,d)> T\), \(\inf ( DS ({Y}, {d})) = \mathsf {T}\cdot d\), we get \( DS ({W\cdot Y}, {d})\)\(>0\). \(\square \)
Since all finite and bounded extensions of badprefixes are also badprefixes, Lemma 1 implies that if the recoverablegap of a finite sequence is strinctly lower that threshold \(\mathsf {T}\), then recoverable gap of all of its extensions also exceed \(\mathsf {T}\). Since recoverable gap exceeding threshold \(\mathsf {T}\) is the precise condition for badprefixes, all states with recoverable gap exceeding \(\mathsf {T}\) can be merged into a single state. Note, this state forms an accepting sink in \(\mathsf {bad}(\mu , d,\le )\).
Next, we attempt to merge very low recoverable gap value into a single state. For this purpose, we define verygood prefixes for \(\mathcal {A}^{\mu ,d}_\le \): A finite and bounded weightsequence W is a very good prefix for language of \(\mathcal {A}^{\mu ,d}_\le \) if for all infinite, bounded extensions of W by Y, \( DS ({W\cdot Y}, {d})\le 0\). A proof similar to Lemma 1 proves an upper bound for the recoverable gap of verygood prefixes of \(\mathcal {A}^{\mu ,d}_\le \):
Lemma 2
Let \(\mu \) and \(d>1 \) be the bound and discountfactor, resp. Let \(\mathsf {T}= \frac{\mu }{d1}\) be the threshold value. Let W be a nonempty, bounded, finite weightsequence. Weightsequence W is a verygood prefix of \(\mathcal {A}^{\mu ,d}_\le \) iff \(\mathsf {gap}(W,d) \le \mathsf {T}\).
Clearly, finite extensions of verygood prefixes are also verygood prefixes. Further, \(\mathsf {bad}(\mu , d,\le )\) must not accept verygood prefixes. Thus, by reasoning as earlier we get that all recoverable gap values that are less than or equal to \(\mathsf {T}\) can be merged into one nonaccepting sink state in \(\mathsf {bad}(\mu , d,\le )\).
Finally, for an integer discountfactor the recoverable gap is an integer. Let \(\lfloor x \rfloor \) denote the floor of \(x\in \mathbb {R}\) e.g. \(\lfloor 2.3 \rfloor = 2\), \(\lfloor 2 \rfloor = 2\), \(\lfloor 2.3 \rfloor = 3\). Then,
Corollary 2
Let \(\mu \) be the bound and \( d>1\) an integer discountfactor. Let \(\mathsf {T}= \frac{\mu }{d1}\) be the threshold. Let W be a nonempty, bounded, finite weightsequence.

W is a bad prefix of \(\mathcal {A}^{\mu ,d}_\le \) iff \(\mathsf {gap}(W,d) > \lfloor \mathsf {T} \rfloor \)

W is a verygood prefix of \(\mathcal {A}^{\mu ,d}_\le \) iff \(\mathsf {gap}(W,d) \le \lfloor \mathsf {T} \rfloor \)
So, the recoverable gap value is either one of \(\{\lfloor \mathsf {T} \rfloor +1, \dots , \lfloor \mathsf {T} \rfloor \}\), or less than or equal to \(\lfloor \mathsf {T} \rfloor \), or greater than \(\lfloor \mathsf {T} \rfloor \). This curbs the statespace to \(\mathcal {O}(\mu )\)many values of interest, as \(\mathsf {T}= \frac{\mu }{d1} < \frac{\mu \cdot d}{d1}\) and \(1<\frac{d}{d1}\le 2\). Lastly, since \(\mathsf {gap}(\varepsilon ,d) = 0\), state 0 must be the initial state.

States \(S= \{\lfloor \mathsf {T} \rfloor +1, \dots , \lfloor \mathsf {T} \rfloor \} \cup \{\mathsf {bad}, \mathsf {veryGood}\}\)

Initial state \(s_I= 0\), Accepting states \(\mathcal {F}= \{\mathsf {bad}\}\)

Alphabet \(\varSigma = \{\mu , \mu +1,\dots , \mu 1, \mu \}\)
 Transition function \(\delta \subseteq S\times \varSigma \rightarrow S\) where \((s,a,t) \in \delta \) then:
 1.
If \(s \in \{\mathsf {bad}, \mathsf {veryGood}\}\), then \(t = s\) for all \(a \in \varSigma \)
 2.If \(s\in \{\lfloor \mathsf {T} \rfloor +1, \dots , \lfloor \mathsf {T} \rfloor \}\), and \(a \in \varSigma \)
 (a)
If \(\lfloor \mathsf {T} \rfloor < d\cdot s+a \le \lfloor \mathsf {T} \rfloor \), then \(t = d\cdot s+a\)
 (b)
If \(d\cdot s+a > \lfloor \mathsf {T} \rfloor \), then \(t = \mathsf {bad}\)
 (c)
If \(d\cdot s+a \le \lfloor \mathsf {T} \rfloor \), then \(t = \mathsf {veryGood}\)
 (a)
 1.
Theorem 2
Let \(\mu \) be the upper bound, \(d>1\) be the integer discountfactor. \(\mathsf {bad}(\mu , d,\le )\) accepts finite, bounded, weightsequence iff it is a badprefix of \(\mathcal {A}^{\mu , d}_\le \).
Proof

\(\mathsf {last} \in \{\lfloor \mathsf {T} \rfloor +1, \dots , \lfloor \mathsf {T} \rfloor \}\) iff \(\mathsf {gap}(W,d) = \mathsf {last}\)

\(\mathsf {last} = \mathsf {bad}\) iff \(\mathsf {gap}(W,d) > \lfloor \mathsf {T} \rfloor \)

\(\mathsf {last} = \mathsf {veryGood}\) iff \(\mathsf {gap}(W,d) \le \lfloor \mathsf {T} \rfloor \)
Therefore, a finite, bounded weightsequence is accepted iff its recoverable gap is greater than \(\lfloor \mathsf {T} \rfloor \). In other words, iff it is a badprefix of \(\mathcal {A}^{\mu , d}_\le \). \(\square \)
\(\mathcal {A}^{\mu ,d}_\le \) is obtained from \(\mathsf {bad}(\mu , d,\le )\) by applying coBüchi acceptance condition.
Theorem 3
Let \(\mu \) be the upper bound, and \(d>1\) be the integer discountfactor. DScomparator for all inequalities and equality are either deterministic safety or deterministic cosafety automata with \(\mathcal {O}(\mu )\) states.
As a matter of fact, the most compact nondeterministic DScomparator constructions with parameters \(\mu \), d and R also contain \(\mathcal {O}(\mu )\) states [11].
3.3 Quantitative Inclusion with Safety/Cosafety Comparators
This section investigates quantitative language inclusion with regular safety/cosafety comparators. Unlike quantitative inclusion with regular comparators, quantitative inclusion with regular safety/cosafety comparators is able to circumvent Büchi complementation with intermediate subsetconstruction steps. As a result, complexity of quantitative inclusion with regular safety/cosafety comparator is lower than the same with regular comparators [12] (Theorem 4). Finally, since DScomparators are regular safety/cosafety comparators, the algorithm for quantitative inclusion with regular safety/cosafety comparators applies to DSinclusion yielding a lower complexity algorithm for DSinclusion (Corollary 5).
 1.
Use regular safety/cosafety comparators to construct the maximal automaton of Q i.e. an automaton that accepts all maximal runs of Q (Corollary 3).
 2.
Use the regular safety/cosafety comparator and the maximal automaton to construct a counterexample automaton that accepts all counterexample runs of the inclusion problem \(P \subseteq Q\) (or \(P\subset Q\)) (Lemma 5).
 3.
Solve quantitative inclusion for safety/cosafety comparator by checking for emptiness of the counterexample (Theorem 4). Finally, since DScomparators are regular safety/cosafety automaton (Corollary 1), apply Theorem 4 to obtain an algorithm for DSinclusion that uses regular safety/cosafety comparators (Corollary 5).
Let W be a weighted automaton. Then the annotated automaton of W, denoted by \(\hat{W}\), is the Büchi automaton obtained by transforming transition \(s\xrightarrow {a}t \) with weight v in W to transition \(s\xrightarrow {a, v} t\) in \(\hat{W}\). Observe that \(\hat{W}\) is a safety automaton since all its states are accepting. A run on word w with weight sequence wt in W corresponds to an annotated word (w, wt) in \(\hat{W}\), and viceversa.
Maximal Automaton.
This section covers the construction of the maximal automaton from a weighted automaton. Let W and \(\hat{W}\) be a weighted automaton and its annotated automaton, respectively. We call an annotated word \((w, wt_1)\) in \(\hat{W}\) maximal if for all other words of the form \((w, wt_2)\) in \(\hat{W}\), \( wt (wt_1)\ge wt (wt_2)\). Clearly, \((w,wt_1)\) is a maximal word in \(\hat{W}\) iff word w has a run with weight sequence \(wt_1\) in W that is maximal. We define maximal automaton of weighted automaton W, denoted \(\mathsf {Maximal}(W)\), to be the automaton that accepts all maximal words of its annotated automata \(\hat{W}\).
We show that when the comparator is regular safety/cosafety, the construction of the maximal automata incurs a \(2^{\mathcal {O}(n)}\) blowup. This section exposes the construction for maximal automaton when comparator for nonstrict inequality is regular safety. The other case when the comparator for strict inequality is regular cosafety has been deferred to the appendix.
Lemma 3
Let W be a weighted automaton with regular safety comparator for nonstrict inequality. Then the language of \(\mathsf {Maximal}(W)\) is a safety language.
Proof
(Proof sketch). An annotated word \((w, wt_1)\) is not maximal in \(\hat{W}\) for one of the following two reasons: Either \((w, wt_1)\) is not a word in \(\hat{W}\), or there exists another word \((w, wt_2)\) in \(\hat{W}\) s.t. \( wt (wt_1) < wt (wt_2)\) (equivalently \((wt_1, wt_2)\) is not in the comparator nonstrict inequality). Both \(\hat{W}\) and comparator for nonstrict inequality are safety languages, so the language of maximal words must also be a safety language. \(\square \)
We now proceed to construct the safety automata for \(\mathsf {Maximal}(W)\)
Intuition. The intuition behind the construction of maximal automaton follows directly from the definition of maximal words. Let \(\hat{W}\) be the annotated automaton for weighted automaton W. Let \(\hat{\varSigma }\) denote the alphabet of \(\hat{W}\). Then an annotated word \((w,wt_1) \in \hat{\varSigma }^{\omega }\) is a word in \(\mathsf {Maximal}(W)\) if (a) \((w,wt_1) \in \hat{W}\), and (b) For all words \((w,wt_2) \in \hat{W}\), \( wt (wt_1) \ge wt (wt_2)\).
The challenge here is to construct an automaton for condition (b). Intuitively, this automaton simulates the following action: As the automaton reads word \((w, wt_1)\), it must spawn all words of the form \((w, wt_2)\) in \(\hat{W}\), while also ensuring that \( wt (wt_1) \ge wt (wt_2)\) holds for every word \((w,wt_2)\) in \(\hat{W}\). Since \(\hat{W}\) is a safety automaton, for a word \((w,wt_1)\in \hat{\varSigma }^{\omega }\), all words of the form \((w,wt_2)\in \hat{W}\) can be traced by subsetconstruction. Similarly since the comparator C for nonstrict inequality (\(\ge \)) is a safety automaton, all words of the form \((wt_1, wt_2) \in C\) can be traced by subsetconstruction as well. The construction needs to carefully align the word \((w, wt_1)\) with the all possible \( (w,wt_2) \in \hat{W}\) and \((wt_1, wt_2)\in C\).

Set of states \(S\) consists of tuples of the form (s, X), where \(s \in S_W\), and \(X = \{(t,c)  t\in S_W, c\in S_C\}\)

\(\hat{\varSigma }\) is the alphabet of \(\hat{W}\)

Initial state \(s_I= (s_w, \{(s_w, s_c)\})\), where \(s_w\) and \(s_c\) are initial states in \(\hat{W}\) and C, respectively.
 Let states \((s,X), (s,X') \in S\) such that \(X = \{(t_1,c_1),\dots , (t_n, c_n)\}\) and \(X' = \{(t'_1,c'_1),\dots , (t'_m, c'_m)\}\) . Then \((s,X) \xrightarrow {(a,v)} (s',X') \in \delta \) iff
 1.
\(s \xrightarrow {(a,v)} s'\) is a transition in \(\hat{W}\), and
 2.
\((t'_j,c'_j) \in X'\) if there exists \((t_i, c_i)\in X\), and a weight \(v'\) such that \(t_i \xrightarrow {a,v'} t'_j\) and \(c_i \xrightarrow {v,v'} c'_j\) are transitions in \(\hat{W}\) and C, respectively.
 1.

\((s, \{(t_1,c_1),\dots , (t_n, c_n)\}) \in \mathcal {F}\) iff s and all \(t_i\) are accepting in \(\hat{W}\), and all \(c_i\) is accepting in C.
Lemma 4
Let W be a weighted automaton with regular safety comparator C for nonstrict inequality. Then the size of \( \mathsf {Maximal}({W})\) is \(W\cdot 2^{\mathcal {O}(W\cdot C)}\).
Proof
(Proof sketch). A state \((s, \{(t_1,c_1),\dots , (t_n, c_n)\})\) is nonaccepting in the automata if one of s,\(t_i\) or \(c_j\) is nonaccepting in underlying automata \(\hat{W}\) and the comparator. Since \(\hat{W}\) and the comparator automata are safety, all outgoing transitions from a nonaccepting state go to nonaccepting state in the underlying automata. Therefore, all outgoing transitions from a nonaccepting state in \(\mathsf {Maximal}(W)\) go to nonaccepting state in \(\mathsf {Maximal}(W)\). Therefore, \(\mathsf {Maximal}(W)\) is a safety automaton. To see correctness of the transition relation, one must prove that transitions of type (1.) satisfy condition (a), while transitions of type (2.) satisfy condition (b). \(\mathsf {Maximal}(W)\) forms the conjunction of (a) and (b), hence accepts the language of maximal words of W.
A similar construction proves that the maximal automata of weighted automata W with regular safety comparator C for strict inequality contains \(W\cdot 2^{\mathcal {O}(W\cdot C)}\) states. In this case, however, the maximal automaton may not be a safety automaton. Therefore, Lemma 4 generalizes to:
Corollary 3
Let W be a weighted automaton with regular safety/cosafety comparator C. Then \(\mathsf {Maximal}(W)\) is a Büchi automaton of size \(W\cdot 2^{\mathcal {O}(W\cdot C)} \).
Counterexample Automaton. This section covers the construction of the counterexample automaton. Given weightedautomata P and Q, an annotated word \((w, wt_P)\) in annotated automata \(\hat{P}\) is a counterexample word of \(P\subseteq Q\) (or \( P\subset Q\)) if there exists \((w,wt_Q)\) in \(\mathsf {Maximal}(Q)\) s.t. \( wt (wt_P) > wt (wt_Q)\) (or \( wt (wt_P) \ge wt (wt_Q)\)). Clearly, annotated word \((w, wt_P)\) is a counterexample word iff there exists a counterexample run of w with weightsequence \(wt_P\) in P.
For this section, we abbreviate strict and nonstrict to \(\mathsf {strct}\) and \(\mathsf {nstrct}\), respectively. For \(\mathsf {inc}\in \{\mathsf {strct}, \mathsf {nstrct}\}\), the counterexample automaton for \(\mathsf {inc}\)quantitative inclusion, denoted by \(\mathsf {Counterexample}(\mathsf {inc})\), is the automaton that contains all counterexample words of the problem instance. We construct the counterexample automaton as follows:
Lemma 5
Let P, Q be weightedautomata with regular safety/cosafety comparators. For \(\mathsf {inc}\in \{\mathsf {strct}, \mathsf {nstrct}\}\), \(\mathsf {Counterexample}(\mathsf {inc})\) is a Büchi automaton.
Proof
We construct Büchi automaton \(\mathsf {Counterexample}(\mathsf {inc})\) for \(\mathsf {inc}\in \{\mathsf {strct}, \mathsf {nstrct}\}\) that contains the counterexample words of \(\mathsf {inc}\)quantitative inclusion. Since the comparator are regular safety/cosafety, \(\mathsf {Maximal}(Q)\) is a Büchi automaton (Corollary 3). Construct the product \(\hat{P}\times \mathsf {Maximal}(Q)\) such that transition \((p_1,q_1)\xrightarrow {a,v_1,v_2}(p_1,q_2)\) is in the product iff \(p_1 \xrightarrow {a, v_1} p_1\) and \(q_1 \xrightarrow {a, v_2} q_2\) are transitions in \(\hat{P}\) and \(\mathsf {Maximal}(Q)\), respectively. A state (p, q) is accepting if both p and q are accepting in \(\hat{P}\) and \(\mathsf {Maximal}(Q)\). One can show that the product accepts \((w, wt_P, wt_Q)\) iff \((w,wt_P)\) and \((w, wt_Q)\) are words in \(\hat{P}\) and \(\mathsf {Maximal}(Q)\), respectively.
If \(\mathsf {inc}= \mathsf {strct}\), intersect \(\hat{P}\times \mathsf {Maximal}(Q)\) with comparator for \(\ge \). If \(\mathsf {inc}= \mathsf {nstrct}\), intersect \(\hat{P}\times \mathsf {Maximal}(Q)\) with comparator for >. Since the comparator is a safety or cosafety automaton, the intersection is taken without the cyclic counter. Therefore, \((s_1,t_1)\xrightarrow {a,v_1,v_2}(s_2,t_2)\) is a transition in the intersection iff \(s_1\xrightarrow {a,v_1,v_2} s_2\) and \(t_1\xrightarrow {v_1,v_2} t_2\) are transitions in the product and the appropriate comparator, respectively. State (s, t) is accepting if both s and t are accepting. The intersection will accept \((w, wt_P, wt_Q)\) iff \((w, wt_P)\) is a counterexample of \(\mathsf {inc}\)quantitative inclusion. \(\mathsf {Counterexample}(\mathsf {inc})\) is obtained by projecting out the intersection as follows: Transition \( m\xrightarrow {a,v_1,v_2} n \) is transformed to \(m\xrightarrow {a,v_1} n \). \(\square \)
Quantitative Inclusion and DSinclusion. In this section, we give the final algorithm for quantitative inclusion with regular safety/cosafety comparators. Since DScomparators are regular safety/cosafety comparators, this gives us an algorithm for DSinclusion with improved complexity than previous results.
Theorem 4

Strict quantitative inclusion \(P\subset Q\) is reduced to emptiness checking of a Büchi automaton of size \(PC_\le Q\cdot 2^{\mathcal {O}(Q\cdot C_<)}\).

Nonstrict quantitative inclusion \(P\subseteq Q\) is reduced to emptiness checking of a Büchi automaton of size \(PC_<Q\cdot 2^{\mathcal {O}(Q\cdot C_<)}\).
Proof
Strict and nonstrict are abbreviated to \(\mathsf {strct}\) and \(\mathsf {nstrct}\), respectively. For \(\mathsf {inc}\in \{\mathsf {strct}, \mathsf {nstrct}\}\), \(\mathsf {inc}\)quantitative inclusion holds iff \(\mathsf {Counterexample}(\mathsf {inc})\) is empty. Size of \(\mathsf {Counterexample}(\mathsf {inc}) \) is the product of size of P, \(\mathsf {Maximal}(Q)\) (Corollary 3), and the appropriate comparator as described in Lemma 5. \(\square \)
In contrast, quantitative inclusion with regular comparators reduces to emptiness of a Büchi automaton with \(P\cdot 2^{\mathcal {O}(PQC\cdot \log (PQC))}\) states [12]. The \(2^{\mathcal {O}(n\log n)}\) blowup is unavoidable due to Büchi complementation. Hence, quantitative inclusion with regular safety/cosafety has lower worstcase complexity.
Lastly, we use the results of developed in previous sections to solve DSinclusion. Since DScomparators are regular safety/cosafety (Corollary 1), an immediate consequence of Theorem 4 is an improvement in the worstcase complexity of DSinclusion in comparison to prior results with regular DScomparators. Furthermore, since the regular safety/cosafety DScomparators are of the same size for all inequalities (Theorem 3), we get:
Corollary 4
Let P, Q be weightedautomata, and C be a regular safety/cosafety DScomparator with integer discountfactor \(d>1\). Strict DSinclusion reduces to emptiness checking of a safety automaton of size \(PCQ\cdot 2^{\mathcal {O}(Q\cdot C)}\).
Proof
(Proof sketch). When comparator for nonstrict inequality is safetyautomaton, as it is for DScomparator, the maximal automaton is a safety automaton (Lemma 3). One can then show that the counterexample automata is also a safety automaton.
A similar argument proves nonstrict DSinclusion reduces to emptiness of a weakBüchi automaton [27] of size \(PCQ\cdot 2^{\mathcal {O}(Q\cdot C)}\) (see Appendix).
Corollary 5
([DSinclusion with safety/cosafety comparator). Let P, Q be weightedautomata, and C be a regular (co)safety DScomparator with integer discountfactor \(d>1\).The complexity of DSinclusion is \(PCQ\cdot 2^{\mathcal {O}(Q\cdot C)}\).
4 Implementation and Experimental Evaluation
The goal of the empirical analysis is to examine performance of DSinclusion with integer discountfactor with safety/cosafety comparators against existing tools to investigate the practical merit of our algorithm. We compare against (a) Regularcomparator based tool QuIP, and (b) DSdeterminization and linearprogramming tool DetLP.
Implementation Details. The algorithm for strictDSinclusion with integer discount factor \(d>1\) proposed in Corollary 4 and nonstrict DSinclusion checks for emptiness of the counterexample automata. A naive algorithm will construct the counterexample automata fully, and then check if they are empty by ensuring the absence of an accepting lasso.
We implement a more efficient algorithm. In our implementation, we make use of the fact that the constructions for DSinclusion use subsetconstruction intermediate steps. This facilitates an onthefly procedure since successor states of state in the counterexample automata can be determined directly from input weighted automata and the comparator automata. The algorithm terminates as soon as an accepting lasso is detected. When an accepting lasso is absent, the algorithm traverses all states and edges of the counterexample automata.
We implement the optimized onthefly algorithm in a prototype QuIPFly. QuIPFly is written in Python 2.7.12. QuIPFly employs basic implementationlevel optimizations to avoid excessive recomputation.
Design and Setup for Experiments. Due to lack of standardized benchmarks for weighted automata, we follow a standard approach to performance evaluation of automatatheoretic tools [3, 30, 38] by experimenting with randomly generated benchmarks, using random benchmark generation procedure described in [11].
The parameters for each experiment are number of states \(s_P\) and \(s_Q\) of weighted automata, transition density \(\delta \), maximum weight wt, integer discountfactor d, and \(\mathsf {inc}\in \{\mathsf {strct}, \mathsf {nstrct}\}\). In each experiment, weighted automata P and Q are randomly generated, and runtime of \(\mathsf {inc}\)DSinclusion for all three tools is reported with a timeout of 900 s. We run the experiment for each parameter tuple 50 times. All experiments are run on a single node of a highperformance cluster consisting of two quadcore IntelXeon processor running at 2.83 GHz, with 8 GB of memory per node. We experiment with \(s_P = s_Q\) ranging from 0–1500 in increments of 25, \(\delta \in \{3,3.5,4\}\), \(d = 3\), and \(wt \in \{d^1+1, d^31, d^41\}\).
Observations and Inferences.^{1} For clarity of exposition, we present the observations for only one parametertuple. Trends and observations for other parameters were similar.
QuIPFly Outperforms. QuIP by at least an order of magnitude in runtime. Figure 1 plots the median runtime of all 50 experiments for the given parametervalues for QuIP and QuIPFly. More importantly, QuIPFly solves all of our benchmarks within a fraction of the timeout, whereas QuIP struggled to solve at least 50% of the benchmarks with larger inputs (beyond \(s_P = s_Q = 1000\)). Primary cause of failure is memory overflow inside RABIT. We conclude that regular safety/cosafety comparators outperform their regular counterpart, giving credit to the simpler subsetconstructions vs. Büchi complementation.
QuIPFly Outperforms. DetLP comprehensively in runtime and in number of benchmarks solved. We were unable to plot DetLP in Fig. 1 since it solved fewer than 50% benchmarks even with small input instances. Figure 2 compares the runtime of both tools on the same set of 50 benchmarks for a representative parametertuple on which all 50 benchmarks were solved. The plot shows that QuIPFly beats DetLP by 2–4 orders of magnitude on all benchmarks.
Overall Verdict. Overall, QuIPFly outperforms QuIP and DetLP by a significant margin along both axes, runtime and number of benchmarks solved. This analysis gives unanimous evidence in favor of our safety/cosafety approach to solving DSinclusion.
5 Concluding Remarks
 1.
Pure automatatheoretic techniques of DScomparator are better for DSinclusion;
 2.
Indepth languagetheoretic analysis improve both theoretical complexity and practical scalability of DSinclusion;
 3.
DScomparators are compact deterministic safety or cosafety automata.
To the best of our knowledge, this is the first work that applies languagetheoretic properties such as safety/cosafety in the context of quantitative reasoning.
More broadly, this paper demonstrates that the close integration of languagetheoretic and quantitative properties can render novel algorithms for quantitative reasoning that can benefit from advances in qualitative reasoning.
Footnotes
 1.
Figures are best viewed online and in color.
Notes
Acknowledgements
We thank anonymous reviewers for their comments. We thank D. Fried, L. M. Tabajara, and A. Verma for their valuable inputs on initial drafts of the paper. This work was partially supported by NSF Grant No. CCF1704883.
References
 1.
 2.RabitReduce. http://www.languageinclusion.org/
 3.Abdulla, P.A., et al.: Simulation subsumption in ramseybased büchi automata universality and inclusion testing. In: Proceedings of CAV, pp. 132–147. Springer (2010)Google Scholar
 4.Abdulla, P.A., et al.. Advanced ramseybased büchi automata inclusion testing. In: Proceedings of CONCUR, vol. 11, pp. 187–202. Springer (2011)Google Scholar
 5.Alpern, B., Schneider, F.B.: Recognizing safety and liveness. Distrib. Comput. 2(3), 117–126 (1987)CrossRefGoogle Scholar
 6.Alur, R., Mamouras, K.: An introduction to the streamqre language. Dependable Softw. Syst. Eng. 50, 1 (2017)Google Scholar
 7.Aminof, B., Kupferman, O., Lampert, R.: Reasoning about online algorithms with weighted automata. Trans. Algorithms 6(2), 28 (2010)MathSciNetzbMATHGoogle Scholar
 8.Andersen, G., Conitzer, V.: Fast equilibrium computation for infinitely repeated games. In: Proceedings of AAAI, pp. 53–59 (2013)Google Scholar
 9.Andersson, D.: An improved algorithm for discounted payoff games. In: ESSLLI Student Session, pp. 91–98 (2006)Google Scholar
 10.Baier, C.: Probabilistic model checking. In: Dependable Software Systems Engineering, pp. 1–23 (2016)Google Scholar
 11.Bansal, S., Chaudhuri, S., Vardi, M.Y.: Automata vs linearprogramming discountedsum inclusion. In: Proceedings of International Conference on ComputerAided Verification (CAV) (2018)Google Scholar
 12.Bansal, S., Chaudhuri, S., Vardi, M.Y. : Comparator automata in quantitative verification. In: Proceedings of International Conference on Foundations of Software Science and Computation Structures (FoSSaCS) (2018)Google Scholar
 13.Bansal, S., Chaudhuri, S., Vardi, M.Y.: Comparator automata in quantitative verification (full version). CoRR, abs/1812.06569 (2018)Google Scholar
 14.Bloem, R., Chatterjee, K., Henzinger, T.A., Jobstmann, B.: Better quality in synthesis through quantitative objectives. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 140–156. Springer, Heidelberg (2009). https://doi.org/10.1007/9783642026584_14CrossRefGoogle Scholar
 15.Boker, U., Henzinger, T.A.: Exact and approximate determinization of discountedsum automata. LMCS 10(1), 1–13 (2014)MathSciNetzbMATHGoogle Scholar
 16.Chakrabarti, A., Chatterjee, K., Henzinger, T.A., Kupferman, O., Majumdar, R.: Verifying quantitative properties using bound functions. In: Borrione, D., Paul, W. (eds.) CHARME 2005. LNCS, vol. 3725, pp. 50–64. Springer, Heidelberg (2005). https://doi.org/10.1007/11560548_7CrossRefGoogle Scholar
 17.Chatterjee, K., Doyen, L., Henzinger, T.A.: Quantitative languages. Trans. Computat. Logic 11(4), 23 (2010)MathSciNetzbMATHGoogle Scholar
 18.Chaudhuri, S., Sankaranarayanan, S., Vardi, M.Y.: Regular real analysis. In: Proceedings of LICS, pp. 509–518 (2013)Google Scholar
 19.de Alfaro, L., Henzinger, T.A., Majumdar, R.: Discounting the future in systems theory. In: Baeten, J.C.M., Lenstra, J.K., Parrow, J., Woeginger, G.J. (eds.) ICALP 2003. LNCS, vol. 2719, pp. 1022–1037. Springer, Heidelberg (2003). https://doi.org/10.1007/3540450610_79CrossRefGoogle Scholar
 20.Doyen, L., Raskin, J.F.: Antichain algorithms for finite automata. In: Esparza, J., Majumdar, R. (eds.) TACAS 2010. LNCS, vol. 6015, pp. 2–22. Springer, Heidelberg (2010). https://doi.org/10.1007/9783642120022_2CrossRefzbMATHGoogle Scholar
 21.Droste, M., Kuich, W., Vogler, H.: Handbook of Weighted Automata. Springer, Berlin (2009)CrossRefGoogle Scholar
 22.D’Antoni, L., Samanta, R., Singh, R.: Qlose: program repair with quantitative objectives. In: Proceedings of CAV, pp. 383–401. Springer (2016)Google Scholar
 23.Filiot, E., Gentilini, R., Raskin, J.F.: Quantitative languages defined by functional automata. In: Koutny, M., Ulidowski, I. (eds.) CONCUR 2012. LNCS, vol. 7454, pp. 132–146. Springer, Heidelberg (2012). https://doi.org/10.1007/9783642329401_11CrossRefGoogle Scholar
 24.He, K., Lahijanian, M., Kavraki, L.E., Vardi, M.Y.: Reactive synthesis for finite tasks under resource constraints. In: 2017 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS), pp. 5326–5332. IEEE (2017)Google Scholar
 25.Hu, Q., DAntoni, L.: Syntaxguided synthesis with quantitative syntactic objectives. In: Chockler, H., Weissenbacher, G. (eds.) CAV 2018. LNCS, vol. 10981, pp. 386–403. Springer, Cham (2018). https://doi.org/10.1007/9783319961453_21CrossRefGoogle Scholar
 26.Kupferman, O., Vardi, M.Y.: Model checking of safety properties. In: Halbwachs, N., Peled, D. (eds.) CAV 1999. LNCS, vol. 1633, pp. 172–183. Springer, Heidelberg (1999). https://doi.org/10.1007/3540486836_17CrossRefGoogle Scholar
 27.Kupferman, O., Vardi, M.Y.: Weak alternating automata are not that weak. Trans. Computat. Logic 2(3), 408–429 (2001)MathSciNetCrossRefGoogle Scholar
 28.Kwiatkowska, M.: Quantitative verification: models, techniques and tools. In: Proceedings 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE), pp. 449–458. ACM Press, September 2007Google Scholar
 29.Lahijanian, M., Almagor, S., Fried, D., Kavraki, L.E., Vardi, M.Y.: This time the robot settles for a cost: a quantitative approach to temporal logic planning with partial satisfaction. In: AAAI, pp. 3664–3671 (2015)Google Scholar
 30.Mayr, R., Clemente, L.: Advanced automata minimization. ACM SIGPLAN Not. 48(1), 63–74 (2013)CrossRefGoogle Scholar
 31.Mohri, M.: Weighted automata algorithms. In: Droste, M., Kuich, W., Vogler, H. (eds.) Handbook of Weighted Automata. Monographs in Theoretical Computer Science. An EATCS Series. Springer, Berlin (2009). https://doi.org/10.1007/9783642014925_6CrossRefGoogle Scholar
 32.Mohri, M., Pereira, F., Riley, M.: Weighted finitestate transducers in speech recognition. Comput. Speech Lang. 16(1), 69–88 (2002)CrossRefGoogle Scholar
 33.Osborne, M.J., Rubinstein, A.: A Course in Game Theory. MIT press, Cambridge (1994)zbMATHGoogle Scholar
 34.Puterman, M.L.: Markov decision processes. Handbooks Oper. Res. Manag. Sci. 2, 331–434 (1990)MathSciNetCrossRefGoogle Scholar
 35.Rudin, W.: Principles of Mathematical Analysis, vol. 3. McGrawHill, New York (1964)zbMATHGoogle Scholar
 36.Safra, S.: On the complexity of \(\omega \)automata. In: Proceedings of FOCS, pp. 319–327. IEEE (1988)Google Scholar
 37.Sutton, R.S., Barto, A.G.: Introduction to Reinforcement Learning, vol. 135. MIT press, Cambridge (1998)zbMATHGoogle Scholar
 38.Tabakov, D., Vardi, M.Y.: Experimental evaluation of classical automata constructions. In: Sutcliffe, G., Voronkov, A. (eds.) LPAR 2005. LNCS (LNAI), vol. 3835, pp. 396–411. Springer, Heidelberg (2005). https://doi.org/10.1007/11591191_28CrossRefGoogle Scholar
 39.Thomas, W., Wilke, T., et al.: Automata, Logics, and Infinite Games: A Guide to Current Research, vol. 2500. Springer Science & Business Media, Berlin (2002)zbMATHGoogle Scholar
 40.Vardi, M.Y.: The büchi complementation saga. In: Annual Symposium on Theoretical Aspects of Computer Science, pp. 12–22. Springer (2007)Google Scholar
Copyright information
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.