Register-Bounded Synthesis by Khalimov, Ayrat & Kupferman, Orna
Register-Bounded Synthesis
Ayrat Khalimov
School of Computer Science and Engineering, The Hebrew University, Jerusalem, Israel
ayrat.khalimov@gmail.com
Orna Kupferman
School of Computer Science and Engineering, The Hebrew University, Jerusalem, Israel
orna@cs.huji.ac.il
Abstract
Traditional synthesis algorithms return, given a specification over finite sets of input and output
Boolean variables, a finite-state transducer all whose computations satisfy the specification. Many
real-life systems have an infinite state space. In particular, behaviors of systems with a finite control
yet variables that range over infinite domains, are specified by automata with infinite alphabets.
A register automaton has a finite set of registers, and its transitions are based on a comparison of
the letters in the input with these stored in its registers. Unfortunately, reasoning about register
automata is complex. In particular, the synthesis problem for specifications given by register
automata, where the goal is to generate correct register transducers, is undecidable.
We study the synthesis problem for systems with a bounded number of registers. Formally,
the register-bounded realizability problem is to decide, given a specification register automaton A
over infinite input and output alphabets and numbers ks and ke of registers, whether there is a
system transducer T with at most ks registers such that for all environment transducers T ′ with at
most ke registers, the computation T ‖T ′, generated by the interaction of T with T ′, satisfies the
specification A. The register-bounded synthesis problem is to construct such a transducer T , if exists.
The bounded setting captures better real-life scenarios where bounds on the systems and/or its
environment are known. In addition, the bounds are the key to new synthesis algorithms, and, as
recently shown in [24], they lead to decidability. Our contributions include a stronger specification
formalism (universal register parity automata), simpler algorithms, which enable a clean complexity
analysis, a study of settings in which both the system and the environment are bounded, and a
study of the theoretical aspects of the setting; in particular, the differences among a fixed, finite,
and infinite number of registers, and the determinacy of the corresponding games.
2012 ACM Subject Classification Theory of computation → Formal languages and automata theory
Keywords and phrases Synthesis, Register Automata, Register Transducers
Digital Object Identifier 10.4230/LIPIcs.CONCUR.2019.25
Related Version A full version of the paper is available at https://www.cs.huji.ac.il/~ornak/
publications/concur19.pdf.
1 Introduction
Synthesis is the automated construction of a system from its specification. The specification
distinguishes between outputs, generated by the system, and inputs, generated by its
environment. The system should realize the specification, namely satisfy it against all
possible environments. Thus, for every sequence of inputs, the system should generate a
sequence of outputs so that the induced computation satisfies the specification [10, 30]. The
systems are modelled by transducers: automata whose transitions are labeled by letters from
the input alphabet, which trigger the transition, and letters from the output alphabet, which
are generated when the transition is taken. Since its introduction, synthesis has been one
of the most studied problems in formal methods, with extensive research on wider settings,
heuristics, and applications [25, 1].
© Ayrat Khalimov and Orna Kupferman;
licensed under Creative Commons License CC-BY
30th International Conference on Concurrency Theory (CONCUR 2019).
Editors: Wan Fokkink and Rob van Glabbeek; Article No. 25; pp. 25:1–25:16
Leibniz International Proceedings in Informatics
Schloss Dagstuhl – Leibniz-Zentrum für Informatik, Dagstuhl Publishing, Germany
25:2 Register-Bounded Synthesis
Until recently, all studies of the synthesis problem considered finite state transducers that
realize specifications given by temporal-logic formulas over a finite set of Boolean propositions
or by finite-state automata. Many real-life systems, however, have an infinite state space.
One class of infinite-state systems, motivating this work, consists of systems in which the
control is finite and the source of infinity is the domain of the variables in the systems.
This includes, for example, data-independent programs [37, 20, 27], software with integer
parameters [5], communication protocols with message parameters [11], datalog systems with
infinite data domain [4, 36], and more [8, 6]. Lifting automata-based methods to the setting
of such systems requires the introduction of automata with infinite alphabets. The latter
include registers [33], pebbles [28, 34], or variables [18, 19], or handle the infinite alphabets
by attributing it by labels from an auxiliary finite alphabet [3, 2].
A register automaton [33] has a finite set of registers, each of which may contain a letter
from the infinite alphabet. The transitions of a register automaton do not refer explicitly to
each of the (infinitely many) input letters. Rather, they compare the letter in the input with
the content of the registers, and may also store the input letter in a register. Several variants
of this model have been studied. For example, [21] forces the content of the registers to be
different, [28] adds alternation and two-wayness, [22] allows the registers to change their
content nondeterministically during the run, and [35] adds the ability to check for uniqueness
of the input letter. Likewise, register transducers are adjusted to model systems whose
interaction involves input and output variables over an infinite domain: their transitions are
labeled by guards that compare the value in the input with the content of the registers. In
addition, while taking a transition, the transducer stores this value in some of its registers
and outputs a value stored in one of its registers. For example, a transition of a register
transducer can be “in state q5, if the value in the input is not equal to the value stored in
register #1, then store the value in the input into register #2, output the value stored in
register #1, and transit to state q3”. A register automaton can thus specify properties like
“every value read in the input in two successive cycles is output in the next cycle”. For more
elaborated examples, see Examples 1 and 2.
The transition to infinite alphabets makes reasoning much more complex. In particular,
the universality and containment problems for register automata are undecidable [28], and
so is the synthesis problem for specifications given by register automata [14]. While the
specifications used for the undecidability result in [14] are register automata with a fixed
number of registers, the realizing transducers are equipped with an unbounded queue of
registers: they can push the inputs into the queue, and later compare the inputs with the
values in the queue. This, for example, is helpful for realizing specifications like “every value
that appears in the input has to eventually appear on the output twice”. While the latter
can be specified by a register automaton with a single register, a realizing transducer for
it may behave as follows: it queues every incoming value into its queue, outputs the value
stored in the head of the queue twice, and dequeues it – which requires an unbounded queue
of registers. Moreover, as shown in [15], the synthesis problem stays undecidable even when
the number of registers in the realizing transducer is finite, yet not known in advance. In
[24], it is shown that bounding the number of registers of the realizing transducer makes the
synthesis problem decidable. Essentially, such a bound enables an abstraction of the infinite
number of register valuations to a finite number of equivalence relations. In more details,
since the transitions of the specification register automaton only compare the value in the
input with the content of its registers, we can abstract the exact values stored in the registers
and only maintain their partition into equivalence classes: two registers are in the same class
if they agree on the values stored in them. In particular, such a partition fixes the transition
that the automaton should take, and can be updated whenever the input value is stored in
some register.
A. Khalimov and O. Kupferman 25:3
In this paper we offer a comprehensive study of the synthesis problem for systems
with a bounded number of registers. As has been the case with bounded synthesis in the
finite-state setting [31, 13, 16, 26], the motivation for the study is both conceptual and
computational: First, the bounded setting captures better real-life scenarios where bounds
on the systems and/or its environment are known. Second, the bounds are the key to new
synthesis algorithms, and in the case of systems with an infinite variable domain, they
lead to decidability. Note that the only parameter we bound is the number of registers.
In particular, the size of the alphabet stays infinite, and the size of the system and its
environment stays unbounded1.
Let us start with the conceptual motivation. It is by now realized that requiring a
realizing system to satisfy the specification against all possible environments is often too
demanding. Dually, allowing all possible systems is perhaps not demanding enough. This issue
is traditionally approached by adding assumptions on the system and/or the environment,
which are modeled as part of the specification (see e.g. [9]). In bounded synthesis in the
finite-state setting, the assumptions on the system and its environment are given by means
of bounds on the sizes of their state space [31, 26]. In the setting of register transducers,
bounding the size of the state spaces of the system and its environment is not of much interest,
as a register may be used to store the value of the state. Thus, the interesting parameter
to bound is the number of allowed registers. Indeed, this setting corresponds to systems
with a finite control and a finite number of memory elements, each maintaining a value from
an infinite domain. Formally, the register-bounded realizability problem is to decide, given a
specification register automaton A over infinite input and output alphabets and numbers ks
and ke of registers, whether there is a system transducer T with at most ks registers such
that for all environment transducers T ′ with at most ke registers, the computation T‖T ′,
generated by the interaction of T with T ′, satisfies the specification A. The register-bounded
synthesis problem is to construct such a transducer T , if exists.
We continue to the computational motivation and describe our contribution. Our
specifications are given by universal register parity automata on infinite words (reg-UPW, for
short). Thus, each configuration of the automaton may have several successor configurations,
and an infinite word is accepted if all the possible runs on it are accepting. Reg-UPWs
are more expressive than deterministic register parity automata or universal register Büchi
automata, and are more succinct than universal register co-Büchi automata. Reg-UPWs
are incomparable with nondeterministic register parity automata (reg-NPW). There are
good reasons to work with the universal (rather than nondeterministic) model. First, basic
questions are undecidable for reg-NPW. In particular, [12] shows undecidability of the
universality problem for nondeterministic register weak automata with a single register,
which can be shown to imply undecidability of reg-NPW register-bounded synthesis. Second,
as we demonstrate in Section 2, the class of properties that are expressible by reg-UPWs is
more interesting in practice. In particular, reg-UPWs are easily closed under conjunction,
which is crucial for synthesis.
We describe a simple algorithm for the register-bounded synthesis problem for reg-UPW
specifications ([24] only handles co-Büchi automata), which enables a clean complexity
analysis ([24] only shows decidability). We study the settings in which both the system and
1 We note, however, that bounding the number of states in the realizing transducer has proven to be helpful
also in the context of systems over infinite alphabets. For example, [17] describes a CEGAR-based
synthesis algorithm that approaches the general undecidable synthesis problem by iteratively refining
under-approximating systems of bounded sizes.
CONCUR 2019
25:4 Register-Bounded Synthesis
the environment are bounded ([24] only bounds the system), and we study the theoretical
aspects of the setting; in particular, the differences between a fixed, a finite yet unbounded,
and an infinite number of registers, and the determinacy of the corresponding games.
Our synthesis algorithm reduces the register-bounded synthesis problem to the traditional
synthesis problem. Specifically, given a specification reg-UPW A with kA registers, and
numbers ks and ke, we construct a (register-less) UPW A′ that abstracts the values in the
registers of A and consider instead equivalences among registers in the three sets of registers
involved: these of A, and these of the system and environment transducers. The synthesis
problem for A is then reduced to that of A′. In Section 3 we solve the case where the
environment is not bounded (thus ke =∞) and then in Section 4 continue to the general case.
Our complexity analysis carefully takes into account the fact that in the determinization of
A′, the registers of A and the environment behave universally, whereas these of the system
behave deterministically. Accordingly, the complexity of the register-bounded synthesis
problem for A with n states, finite alphabet of size m, and index c, can be solved in time
(cmn(ks + ke + kA))O(cn(ks+ke+kA)
(ke+kA+1)). Thus, it is polynomial in m, exponential in c,
n, and ks, and doubly-exponential only in kA and ke. In the full version [23], we also study
determinacy of register-bounded synthesis and show that for all ks ∈ N and ke ∈ N∪{∞}, the
problem is not determined: there are specifications that are neither realizable by a bounded
system (with respect to bounded environments), nor their negations are realizable by a
bounded environment (with respect to bounded systems). This corresponds to the picture
obtained for bounded synthesis for finite-state systems, where the size of the state space is
bounded (we bound only the number of registers) [26]. We also examine the difference in the
strength of systems and environments with a fixed, finite, or infinite number of registers, and
the existence of a cut-off point, namely a finite-model property characterizing settings where
a finite and bounded number of registers suffices.
2 Preliminaries
2.1 Register Automata
Let ΣI and ΣO be two finite alphabets and let D be an infinite domain of data values. We
consider systems that get inputs in ΣI × D and respond with outputs in ΣO × D. Let
Σ = ΣI × ΣO. Computations of systems as above are words in 〈σ0, i0, o0〉〈σ1, i1, o1〉... ∈
(Σ×D ×D)ω. Register automata specify languages of such words. Let B = {true, false}. A
k-register word automaton is a tuple A = 〈Σ, Q, q0, R, v0, δ, α〉, where Σ is a finite alphabet,
Q is the set of states, q0 ∈ Q is an initial state, R is a set of k registers, v0 ∈ DR is an initial
register valuation, δ : Q × (Σ × BR × BR) → 2Q×BR is a transition function, and α is an
acceptance condition (we later define several acceptance conditions). Intuitively, when A
is in state q and reads a letter 〈σ, i, o〉 ∈ Σ×D ×D, it compares i and o with the content
of its registers and branches into several new configurations according to the result of this
comparison. In more detail, rather than specifying a transition for each element in Σ×D×D,
the transition function δ specifies a transition for each element in Σ× BR × BR, where the
two guards in BR compare the values stored in the registers with i and o. Then, δ directs A
into a set of pairs in Q×BR, each describing a successor state and a storing mask, indicating
which registers are going to store i.
A configuration of A is a pair 〈q, v〉 ∈ Q×DR, describing the state that A visits and the
content of its registers. A run of A starts in the configuration 〈q0, v0〉, and continues to form
an infinite sequence of successive configurations. In order to define runs formally, we first
need some notations. Given a valuation v ∈ DR and a value d ∈ D, let v ∼ d denote the
A. Khalimov and O. Kupferman 25:5
Boolean assignment g ∈ BR that indicates the agreement of v with d. Thus, for every r ∈ R,
we have g(r) = true iff v(r) = d. The function update : DR×D×BR → DR maps a valuation
v ∈ DR, a value d ∈ D, and a storing mask a ∈ BR, to the valuation obtained from v by
changing the value stored in registers that are positive in a to d. Formally, for every r ∈ R,
we have that update(v, d, a)(r) is d if a(r) = true and is v(r) otherwise. Note that it need
not be the case that update(v, d, a) ∼ d = a. Indeed, if v(r) = d, then update(v, d, a)(r) = d
regardless of a(r).
For two configurations 〈q′, v′〉 and 〈q, v〉 in Q×DR, and a triple 〈σ, i, o〉 ∈ Σ×D ×D,
we say that 〈q′, v′〉 is a 〈σ, i, o〉-successor of 〈q, v〉 if there exists a ∈ BR such that 〈q′, a〉 ∈
δ(q, 〈σ, v ∼ i, v ∼ o〉) and v′ = update(v, i, a).
Now, a run of A on a word w = 〈σ0, i0, o0〉〈σ1, i1, o1〉... ∈ (Σ × D × D)ω is an infinite
sequence 〈q0, v0〉〈q1, v1〉... ∈ (Q×DR)ω of configurations such that for every j ≥ 0, we have
that 〈qj+1, vj+1〉 is a 〈σj , ij , oj〉-successor of 〈qj , vj〉. Note that there may be several different
runs on the same word. Note also that since δ may return an empty set of possible transitions,
a configuration 〈qj , vj〉 need not have 〈σj , ij , oj〉-successors. There, the sequence of successive
configurations is finite, and is not a run.
When A is a parity automaton, α : Q → {0, ..., c − 1}, for an index c ∈ N, a run ρ is
accepting if the maximal rank that is visited by ρ infinitely often is even. Formally, ρ =
〈q0, v0〉〈q1, v1〉... is accepting if max{j ∈ {0, ..., c− 1} : α(ql) = j for infinitely many l ≥ 0} is
even. The co-Büchi acceptance condition is a special case of parity, with c = 2. Thus, ρ is
accepting if vertices 〈q, v〉 with α(q) = 1 are visited only finitely often. When A is universal,
it accepts the word w if all the runs of A on w are accepting. Note that since we require runs
to be infinite, the universal quantification on the runs means that a configuration with no
successors is like an accepting configuration: once we reach it, there are no restrictions on the
suffix of the word. The language of A, denoted L(A), is the set of all words that A accepts.
We sometimes use w |= A to indicate that w ∈ L(A). We use reg-UPW and reg-UCW to
abbreviate a universal register parity and co-Büchi automata, respectively. A (register-less)
UPW can be viewed as a special case of a reg-UPW with no registers. In particular, it has
no initial valuation and its transition function is of the form δ : Q× Σ→ 2Q.
I Example 1. The reg-UCW A appearing in Figure 1 specifies an arbiter with a single output
signal ack (that is, ΣI is a singleton, and we ignore it, and ΣO = 2{ack}) that gets in each
moment in time an input data value i, and outputs either ack or ¬ack along with an output
data value o. It accepts a word if every input data value different from the previous one is
eventually outputted with ack. The acceptance condition α requires runs to visit q1 only
finitely often. The reg-UCW A has a single register, thus R = {r1}, and we describe vectors
in Σ × BR × BR by triples in {ack,¬ack} × {0, 1} × {0, 1}, possibly replacing some of the
parameters by _, indicating that both values of this parameter apply. We continue to describe
q0 q1
i = r1
i 6= r1/store1
i 6= r1/store1
¬ack ∨ o 6= r1
Figure 1 The reg-UCW A. The edge labels are symbolic, where the expressions i 6= r1 and i = r1
mean that the i-guard is 0 and 1 respectively, and the expression o 6= r1 means that the o-guard is
0. The label store1 means the storing mask is 1, while its absence means it is 0. The state q1 is
doubly-circled, indicating that a run is accepting iff it visits q1 only finitely often.
CONCUR 2019
25:6 Register-Bounded Synthesis
the transition function. First, δ(q0, 〈_, 1,_〉) = {〈q0, 0〉}. That is, if the input data value
agrees with the one stored in r1, we only loop in q0. Then, δ(q0, 〈_, 0,_〉) = {〈q0, 1〉, 〈q1, 1〉}.
That is, if the input data value differs from the one stored in r1, then A both loops in q0
and sends a copy to q1, and stores the value of the input data value in r1. In state q1, we
have δ(q1, 〈ack,_, 1〉) = ∅, thus the copy sent to q1 fulfils its mission when it reads an ack
with an output data value that agrees with the one stored in r1. In all other cases, the copy
stays in q1. Thus, δ(q1, 〈¬ack,_,_〉) = δ(q1, 〈ack,_, 0〉) = 〈q1, 0〉. The parity acceptance
condition α = {q0 7→ 0, q1 7→ 1} then guarantees that all copies sent to q1 eventually fulfil
their missions. We note that the universality of A is used in order to detect all data values
that are not stored in r1: a copy of the automaton is launched for each of them. Such a
detection is impossible in a deterministic or even a nondeterministic register automaton.
2.2 Register Transducers
Register transducers model systems with inputs in ΣI×D and outputs in ΣO×D. Every such
system implements a strategy (ΣI ×D)+ → ΣO ×D, describing the output it generates after
reading a sequence of inputs. A register transducer is a tuple T = 〈ΣI ,ΣO, S, s0, R, v0, τ〉,
where ΣI and ΣO are input and output finite alphabets, S is a set of states, s0 ∈ S is an initial
state, R is a set of registers, v0 ∈ DR is an initial register valuation, and τ : S× (ΣI ×BR)→
S × BR × ΣO × R is a transition function. Intuitively, when T is in state s and reads a
letter 〈i, i〉 ∈ ΣI ×D, it compares i with the content of its registers. Depending on i and
the comparison, it transits deterministically to a successor state and may store the data
value i into its registers. It also outputs a letter in ΣO and a value stored in one of the
registers. Note that a register may store either its initial value or some value seen earlier as
a data input.
Formally, a configuration of T is a pair in S × DR, and successive configurations are
defined in a way similar to the one defined for automata, except that T is deterministic: given
a configuration 〈s, v〉 ∈ S ×DR and an input 〈i, i〉 ∈ ΣI ×D, let τ(s, 〈i, v ∼ i〉) = 〈s′, a, o, r〉.
Then, the 〈i, i〉-successor of 〈s, v〉 is 〈s′, update(v, i, a)〉.
Given an input word w = 〈i0, i0〉〈i1, i1〉... ∈ (ΣI ×D)ω, the run of T on w is the sequence
〈s0, v0〉〈s1, v1〉... ∈ (S ×DR)ω, where for all j ≥ 0, we have that 〈sj+1, vj+1〉 is the 〈ij , ij〉-
successor of 〈sj , vj〉. For every j ≥ 0, let τ(sj , ij , vj ∼ ij) = 〈sj+1, aj , oj , rj〉. Then, the
computation of T on w is the sequence 〈〈i0, o0〉, i0, o0〉〈〈i1, o1〉, i1, o1〉... ∈ ((ΣI×ΣO)×D×D)ω
such that for every j ≥ 0, we have that oj = update(vj , ij , aj)(rj). Thus, the transducer
moves from sj to sj+1, stores ij in registers that are positive in aj , and then outputs oj and
the (updated) content of register rj . A (register-less) transducer is a special case of a register
transducer with no registers. In particular, it has no initial valuation and its transition
function is of the form τ : S × ΣI → S × ΣO.
For a register transducer T and a reg-UPW A, we say that T realizes A, denoted T |= A,
if for all input words w ∈ (ΣI ×D)ω, the computation of T on w is in the language of A.
I Example 2. Figure 2 describes a register transducer that realizes the reg-UCW from
Example 1. The input alphabet ΣI is a singleton and we ignore it. The output alphabet
ΣO = 2{ack}, and the register set R = {r1, r2}. The transducer loops in the initial state
s0 if the current data input equals the previous data input (which is stored in register r1).
Otherwise (i 6= r1), the transducer stores the new data value into r1, does not raise ack,
outputs the value of register r1 (it has to output something), and moves into state s1. Now,
if it does not see a new data input (i = r1), then – in order to acknowledge the previous
data input – it raises ack, outputs the previous data input from r1, and returns into s0.
A. Khalimov and O. Kupferman 25:7
Alternatively, if in state s1 the transducer sees a new data input (i 6= r1), then it stores into
r2, raises ack, outputs the previous data input from r1, and moves into s2. From there, if no
new data input was seen, the transducer moves into s3, while outputting the value of r2 and
raising ack. And so on. Thus, in states s0 and s1 register r1 contains the previous data input,
while in states s2 and s3 it is stored in register r2. Finally, register r1 is initialized with the
same value as the automaton register, while r2 can start with anything. We conclude with a
remark that there is a simpler transducer that realizes the same reg-UCW: It always raises
ack, stores alternatingly into r1 and r2 while outputting alternatingly the value of r2 and r1.
But such a transducer produces spurious acks, while our transducer does not.
s0 s1 s2 s3
i = r1/〈¬ack , r1〉
i 6= r1/〈¬ack , r1, store1〉
i = r1/〈ack , r1〉
i 6= r1/〈ack , r1, store2〉
i 6= r2/〈ack , r2, store1〉
i = r2/〈ack , r2〉
i 6= r2/〈¬ack , r2, store2〉
i = r2/〈¬ack , r2〉
Figure 2 A register transducer that realizes the reg-UCW A from Example 1. The edge labeling
for ΣO and the guards is symbolic, and is similar to that in Figure 1.
2.3 Synthesis with an Infinite or Unbounded Number of System
Registers
The realizability problem is to decide, given a reg-UPW A over ΣI × ΣO ×D ×D, whether
there is a register transducer all whose computations are accepted by A. The synthesis
problem is to construct such a transducer, if exists.
The realizability and synthesis problems in the context of specifications and systems with
an infinite data domain was first studied in [14]. The transducers in [14] have an infinite
number of registers, all initialized to the same value. The automata in [14] are universal
register automata with a variant of weak acceptance condition, and additionally do not allow
for register re-assignment. It is shown in [14] that the synthesis problems is undecidable,
already for automata with only two registers. Since our automata and transducers are more
powerful, undecidability applies to our setting. Thus, when the number of registers in the
system is infinite, the realizability and synthesis problems are undecidable.
Consider now the case where the number of registers is finite but not fixed a-priori. It
is shown in [12] that the nonemptiness problem for universal 2-register automata on finite
words is undecidable. It is not hard to reduce their nonemptiness problem to the synthesis
problem for 2-register UPWs, which implies the undecidability of the latter. Thus, we get
the following.
I Theorem 3 ([12, 14]). The synthesis problem of transducers with an infinite or a finite
but unbounded number of registers for specifications given by 2-register UPWs is undecidable.
In the case of an infinite number of registers, undecidability holds even when the transducer
registers are initialized with the same value.
3 Synthesis with a Fixed Number of System Registers
The system-bounded realizability problem is to decide, given a reg-UPW A over ΣI×ΣO×D×D
and a number ks of registers, whether there is a transducer with at most ks registers all whose
computations are accepted by A. The system-bounded synthesis problem is to construct such
a transducer, if exists.
CONCUR 2019
25:8 Register-Bounded Synthesis
Let A = 〈Σ, Q, q0, RA, vA0 , δ, α〉, and let |RA| = kA. Recall that Σ = ΣI × ΣO. We define
a UPW A′ (that is, with no registers) that abstracts the values stored in RA. Instead, A′
maintains an equivalence relation over the registers of A and the registers of the realizing
transducer, indicating which of them agree on the values stored in them.
Let Rs denote a set of ks registers, namely these of the realizing transducer (we subscript
its elements by s as this transducer models the system), and let R = RA ∪Rs. For valuations
vA ∈ DRA and vs ∈ DRs , let vA ∪ vs be the valuation in DR obtained by taking their union.
Likewise, for a valuation v ∈ DR, let vA and vs denote the projections of v on RA and Rs,
respectively. Let Π be the set of all equivalence relations over R. Consider an element π ∈ Π,
thus π ⊆ R × R. For two registers r, r′ ∈ R, we write π(r, r′) to denote that r and r′ are
equivalent in π. Note that r and r′ may be both in RA, both in Rs, or one in RA and one in
Rs. Each equivalence relation π ∈ Π induces a partition of R into equivalence classes, and we
sometimes refer to the elements in Π as partitions of R. Then, for π ∈ Π, we talk about sets
S ∈ π, where S ⊆ R, and π(r, r′) indicates that r and r′ are in the same set in the partition.
Let f : DR → Π map a register valuation v ∈ DR to the partition π ∈ Π, where for every
two registers r, r′ ∈ R, we have that π(r, r′) iff v(r) = v(r′).
Recall that we describe guards and storing masks on a set R of registers by Boolean
functions in BR. Each assignment g ∈ BR corresponds to a set of registers characterized
by g. In the sequel, we sometimes refer to Boolean assignments as sets, thus assume that
g ⊆ R, and talk about union and intersection of assignments, referring to the sets they
characterize. Consider a partition π of R and a Boolean assignment gs ⊆ Rs. We say that gs
is π-consistent if there is an equivalence class S ∈ π∪{∅} such that S∩Rs = gs. We then say
that 〈π, gs〉 chooses S. Note that for gs = ∅, the set S is either empty or contains no system
registers, and might be not unique. For example, if RA = {#1, #2, #3, #4}, Rs = {#5, #6}, and
π = {{#1}, {#2, #3}, {#4, #5}, {#6}}, then 〈π, {#5}〉 chooses only {#4, #5}, the pair 〈π, {#6}〉
chooses only {#6}, and 〈π,∅〉 chooses {#1}, {#2, #3}, or ∅. For a set SA ⊆ RA, we say
that 〈π, gs〉 A-chooses SA if there is a set S ∈ π ∪ {∅} such that 〈π, gs〉 chooses S and
SA = S ∩ RA. Thus, 〈π, gs〉 A-chooses SA if 〈π, gs〉 chooses a set whose RA registers are
these in SA. Continuing the previous example, 〈π, {#5}〉 A-chooses {#4}, the pair 〈π, {#6}〉
A-chooses ∅, and 〈π,∅〉 A-chooses {#1}, {#2, #3}, or ∅. Finally, for a register r ∈ R, the
pair 〈π, r〉 A-chooses the unique set SA ⊆ RA if SA = S ∩RA, for the set S ∈ π such that
r ∈ S. In the example above, the pairs 〈π, #4〉 and 〈π, #5〉 both A-choose {#4}, and the pair
〈π, #6〉 A-chooses ∅.
The following lemma follows immediately from the definitions.
I Lemma 4. Consider a partition π of R = Rs ∪RA and a valuation v ∈ DR s.t. f(v) = π.
Then:
(a) for every i ∈ D, the guard vs ∼ i is π-consistent and A-chooses the guard vA ∼ i,
(b) for every guard g ∈ (π ∪ {∅}), there exists i ∈ D satisfying (v ∼ i) = g, and
(c) for every r ∈ R, the pair 〈π, r〉 A-chooses vA ∼ v(r).
Recall the function update : DR×D×BR → DR, where update(v, d, a) is obtained from v
by storing d in the registers in a. We now define a function update′ : Π×BR×BR → Π, which
adjusts the update function to the abstraction of valuations by partitions. Intuitively, for a
partition π ∈ Π, a guard g ∈ (π ∪ {∅}), and a storing mask a ⊆ R, we obtain the partition
update′(π, g, a) from π by moving the registers in a either into the equivalence class of g (if
g is not empty), or into a new equivalence class. Formally, update′(π, g, a) = {S \ a : S ∈
π \ g} \ {∅}∪{g∪a}. Note that, in particular, update′(π,∅, a) = {S \a : S ∈ π} \ {∅}∪{a}.
A. Khalimov and O. Kupferman 25:9
I Lemma 5. For every valuation v ∈ DR, value i ∈ D, and storing mask a ⊆ R, we have
that f(update(v, i, a)) = update′(f(v), v ∼ i, a).
We are now ready to define the abstraction of A. In addition to ks, the abstraction is
parameterized by a partition π0 of the system and automaton registers. Given ks and π0, the
(ks, π0)-abstraction of A is the UPW A′ = 〈Σ′, Q′, q′0, δ′, α′〉 with the following components.
Q′ = Q × Π and q′0 = 〈q0, π0〉. Thus, each state in A′ is a pair 〈q, π〉, abstracting
configurations 〈q, vA〉 of A and register valuations vs of an anticipated transducer that
satisfy f(vs ∪ vA) = π.
Σ′ = Σ × BRs × Rs × BRs . Recall that in A, the transition function is δ : Q × (Σ ×
BRA × BRA) → 2Q×BRA , and when A is in configuration 〈q, vA〉 and reads a letter
〈σ, i, o〉 ∈ Σ × D × D, it proceeds according to 〈σ, gAi , gAo 〉 ∈ Σ × BRA × BRA , where
gAi is vA ∼ i and gAo is vA ∼ o. Also, each successor state q′ is paired with a storing
mask aAi ∈ BRA , which induces a successor configuration 〈q′, update(v, i, aAi )〉. Intuitively,
each letter 〈σ, gsi , rs, asi 〉 ∈ Σ′, together with the current partition, induces choices for
〈σ, gAi , gAo , aAi 〉 ∈ Σ× BRA × BRA × BRA which determine the transitions in A that the
abstraction follows.
For every state 〈q, π〉 ∈ Q′ and letter 〈σ, gsi , rs, asi 〉 ∈ Σ′, we have that 〈q′, π′〉 ∈
δ′(〈q, π〉, 〈σ, gsi , rs, asi 〉) iff there exist gAi , gAo , aAi ∈ BRA such that the following condi-
tions hold.
gAi is A-chosen by 〈π, gsi 〉. Let gi = gsi ∪ gAi . Note that gi ∈ (π ∪ {∅}).
Recall that the output value in register transducers refers to the updated register
values, namely their values in the successor configuration. Therefore, when we compare
the data output of a transducer with the register values of the automaton, we first have
to update the values of the system transducer. For this, we introduce the partition
π?. Let π? be the partition after updating the system registers in π according to the
guard gsi and the storing mask asi . Thus, π? = update
′(π, gi, asi ).
gAo is A-chosen by 〈π?, rs〉. Note that since the set chosen by 〈π?, rs〉 is not empty, gAo
is unique.
〈q′, aAi 〉 ∈ δ(q, 〈σ, gAi , gAo 〉).
We can now complete updating the partition. The partition π′ is the result of updating
the registers of A in π? according to the guard gAi and the storing mask aAi . Let
g?i = gi ∪ asi be the updated guard after system storing. Then π′ = update
′(π?, g?i , aAi ).
The acceptance condition of A′ is induced from the one of A. Thus, for every state
〈q, π〉 ∈ Q′, we have that α′(〈q, π〉) = α(q).
Recall that the abstraction of A is parameterized by both the number of registers that
the system transducer may have as well as an initial partition for the registers of both the
system and the automaton. Let vA ∈ DRA be a valuation of the automaton registers. A
partition π ∈ Π is consistent with vA if there is a register valuation vs ∈ DRs such that
π = f(vA ∪ vs). Thus, all automaton registers are related according to vA, and the system
registers are unrestricted.
I Example 6. Let D = N, RA = {#1, #2, #3, #4}, and Rs = {#5, #6, #7}. Then the partition
π = {{#1, #4, #5}, {#2, #6}, {#3}, {#7}} is consistent with the valuation vA ∈ DRA for which
vA(#1) = vA(#4) = 9, vA(#2) = 2, and vA(#3) = 13. Indeed, taking vs ∈ DRs with vs(#5) = 9,
vs(#6) = 2, and vs(#7) = 14 results in π = f(vA ∪ vs). Note that different valuations
vs ∈ DRs may witness the consistency of π with vA. In our example, all these with vs(#5) = 9,
vs(#6) = 2, and vs(#7) 6∈ {2, 9, 13}. Also, several different partitions may be consistent with
a given valuation vA ∈ DRA . In our example, all these in which register #1 and #4 are in the
same set, different from the (different) sets of #2 and #3.
CONCUR 2019
25:10 Register-Bounded Synthesis
We can now state our main theorem, relating the realizability of A with realizability of its
abstraction. Consider a ks-register ΣI/ΣO-transducer T = 〈ΣI ,ΣO, S, s0, R, v0, τ〉. We can
view T as a (register-less) Σ′I/Σ′O–transducer T ′, for Σ′I = ΣI × BR and Σ′O = BR ×ΣO ×R.
Indeed, the transition function τ : S × (ΣI ×BR)→ S ×BR ×ΣO ×R of T can be viewed as
τ ′ : S × Σ′I → S × Σ′O. When v0 ∈ DRs is fixed, we say that T and T ′ correspond to each
other. Essentially, our main theorem follows from the fact that a reg-UPW A is realized
by a ks-transducer T iff the abstraction of A is realized by the register-less transducer that
corresponds to T . Formally, we have the following.
I Theorem 7. Consider a reg-UPW A with Σ = ΣI × ΣO, set of registers RA, and an
initial valuation vA0 . Then, A is realizable by a ks-register ΣI/ΣO-transducer with a set
of registers Rs iff there is a partition π0 of R = Rs ∪ RA, consistent with vA0 , such that
the (ks, π0)-abstraction of A is realizable by a (ΣI × BRs)/(ΣO ×Rs × BRs)-transducer. In
particular, a transducer that realizes the (ks, π0)-abstraction of A corresponds to a ks-register
transducer that realizes A.
Proof sketch. Let A = 〈Σ, Q, q0, RA, vA0 , δ, α〉 and let A′ be its (ks, π0)-abstraction, where
π0 is a partition of R consistent with vA0 . We prove that for every valuation vs0 ∈ DRs
satisfying f(vA0 ∪ vs0) = π0, ks-register ΣI/ΣO-transducer T initialized with vs0, and register-
less (ΣI × BRs)/(BRs × ΣO ×Rs)-transducer T ′, where T and T ′ correspond to each other,
it holds that T |= A iff T ′ |= A′. The theorem then follows.
Assume first that T 6|= A. We prove that T ′ 6|= A′. Since T 6|= A, there is an input
sequence wIT = 〈i0, i0〉〈i1, i1〉..., a run ρT = 〈s0, vs0〉〈s1, vs1〉... of T on wIT , a computation
wT =
〈
〈i0, o0〉, i0, o0
〉〈
〈i1, o1〉, i1, o1
〉
... that T generates when it follows ρT , and a rejecting
run ρA = 〈q0, vA0 〉〈q1, vA1 〉... of A on the computation wT . Note that A may have several
runs on wT . Since it is universal, and A rejects wT , we know that at least one of them
does not satisfy α. We show that wIT and ρT induce an input sequence wIT ′ to T ′ such that
A′ rejects the computation of T ′ on wIT ′ . We define wIT ′ = 〈i0, vs0 ∼ i0〉〈i1, vs1 ∼ i1〉.... The
word wIT ′ uniquely defines the computation wT ′ and the run ρT ′ = s0s1... of T ′. We now
define the rejecting run ρA′ of A′ on wT ′ . It starts in the configuration 〈q0, π0〉. Suppose
that in step j ≥ 0, the run ρA reaches the configuration 〈q, vA〉, the run ρT reaches the
configuration 〈s, vs〉, and the run ρA′ reaches the state 〈q, π〉. Assume that π = f(vA ∪ vs).
Since π0 = f(vA0 ∪ vs0), this holds for j = 0. Assume that in ρT , the transducer T transit in
the step j from 〈s, vs〉 to 〈s′, v′s〉, while reading 〈i, i〉 and outputting 〈o, o〉. Note that the
respective letter of the computation wT ′ is σ′ = 〈〈i, o〉, gsi , rs, as〉, where gsi = (vs ∼ i) and
it holds that 〈s′, as, o, rs〉 = τ(s, i, gsi ). Let 〈q′, v′A〉 be a 〈〈i, o〉, i, o〉-successor of 〈q, vA〉 as
appears in ρA. In the full version [23], we prove that the pair 〈q′, π′〉 is a σ′-successor of
〈q, π〉 in A′, where π′ = f(v′A ∪ v′s). By repeatedly applying the above claim, we can start
from 〈q0, π0〉 and, for all j ≥ 0, get the successor 〈qj+1, πj+1〉 of 〈qj , πj〉, obtaining the sought
run ρA′ . Also, by the definition of α′, the fact ρA is rejecting implies that so is ρA′ , and so
we are done.
Assume now that T ′ 6|= A′. We prove that T 6|= A. Since T ′ 6|= A′, there is an input
sequence wIT ′ that induces the run ρT ′ = s0s1... and the computation wT ′ of T ′ such that wT ′
generates a rejecting run ρA′ = 〈q0, π0〉〈q1, π1〉... in A′. Given wT ′ (and hence ρT ′) and ρA′ ,
we construct a computation wT of T that induces a rejecting run ρA in A. The run ρT starts
in 〈s0, vs0〉, and the run ρA starts in 〈q0, vA0 〉. Suppose that in some step j ≥ 0, the run ρT ′
reaches a state s, the run ρA′ reaches a state 〈q, π〉, the run ρT reaches a configuration 〈s, vs〉,
and the run ρA reaches a configuration 〈q, vA〉. Assume that π = f(vs ∪ vA). This holds for
j = 0. Assume that T ′ transits into s′ when reading 〈i, gsi 〉 and outputting 〈as, o, rs〉, and
that A′ transits into 〈q′, π′〉 when reading 〈〈i, o〉, gsi , rs, as〉. Then, as we prove in the full
A. Khalimov and O. Kupferman 25:11
version [23], there exist i ∈ D such that the transducer T transits into 〈s′, v′s〉 on reading
〈i, i〉, the automaton A transits into 〈q′, v′A〉 on reading 〈〈i, o〉, i, o〉, where o = v′s(rs), and
f(v′s ∪ v′A) = π′. Applying the above claim in the initial step, when j = 0, we construct the
configuration 〈s1, vs1〉 of ρT , the configuration 〈q1, vA1 〉 of ρA, and the first letter 〈〈i, o〉, i, o〉
of wT . Note that the claim preconditions hold, in particular, f(vs1 ∪ vA1 ) = π1, so we can
apply it again. By an iterative application, we construct the sought computation wT and
the rejecting run ρA on wT . J
We can now analyze the complexity of our synthesis algorithm. Recall that the input
to the problem is a reg-UPW A and an integer ks ≥ 0, and the output is a ks-register
transducer that realizes A, or an answer that no such transducer exists. Theorem 7 reduces
the problem for A with n states, index c, and kA registers, to the synthesis problem of a
(register-less) UPW A′ with n(kA + ks)kA+ks states and index c. Indeed, the state space
of A′ is the product of that of A with the set of possible partitions of the registers of A
and these of the generated transducer, and the number of such partitions is bounded by
(kA + ks)kA+ks . Note that A′ is parameterized by both ks and π0. While ks is fixed, π0
depends on the initial partition of Rs. Thus, we may need to repeat the reduction |Πs| ≤ k kss
times, where Πs is the set of system partitions. By [29, 32] a UPW with N states and index c
can be determinized to a DPW with (Nc)O(Nc) states and index O(Nc). Then, the synthesis
problem for DPW reduces linearly, up to a multiplicative factor in the sizes of the alphabets,
to solving parity games, which can be done in time at most O((n′)5), for a game with n′
vertices and index c′ < logn′ [7]. The alphabet of A′ is Σ′ = Σ × BRs × Rs × BRs . Let
m = |Σ|. Then, |Σ′| = m · 2O(ks). Thus, the new factor in the complexity is |Σ|, which is
typically much smaller than N . It follows that the synthesis problem for A′ can be solved
in time (Nmc)O(Nc) =
(
cmn(kA + ks)kA+ks
)O(cn(kA+ks)kA+ks). Thus, a naive analysis gives
a complexity that is doubly-exponential in kA and ks and is exponential in n and c. As
we argue below, the analysis can be tightened to a one that is doubly-exponential only in
kA and is exponential in n, c, and ks. Essentially, this follows from the fact that while the
partition-component in the state space of A′ behaves universally with respect to the registers
in RA, it is deterministic with respect to these in Rs. Consequently, when counting the
number of states in the DPW obtained by determinizing A′, we can replace the number of
all possible partitions of R by the number of partitions of R for a fixed partition of Rs. For
more details, see [23].
I Theorem 8. Register-bounded synthesis with ks system registers for reg-UPWs with n
states, finite alphabet of size m, index c, and kA registers, is solvable in time (cmn(ks +
kA))O(cnkA(ks+kA)
kA ). Thus, it is polynomial in m, exponential in n, c, and ks, and doubly-
exponential in kA.
We note that when the specification automaton A is a reg-UCW, its abstraction A′ is
a UCW. Since reg-UCWs can be expressed as reg-UPWs with c = 2, the obtained time
complexity for the case where specifications are reg-UCWs is (mn(ks + kA))O(nkA(ks+kA)
kA ).
4 Synthesis with a Fixed Number of System and Environment
Registers
In this section, we consider the system-bounded synthesis problem with respect to restricted
environments. Such environments are expressible by a register transducer with a bounded
number of registers. Clearly, restricting the environments makes more specifications realizable.
As we shall see, however, the complexity of the synthesis problem increases. An important
CONCUR 2019
25:12 Register-Bounded Synthesis
conceptual difference between the setting studied in Section 3 and the one here is that once
we fix the number of registers of both the system and the environment, we also fix the
number of data values that may participate in the interaction. Indeed, the only data outputs
that the system and environment transducers may generate during the interaction are these
stored in their registers in their initial valuations.
In order to define the bounded setting, we first have to define the interaction between sys-
tem and environment transducers. Consider a system transducer Tsys =
〈ΣI ,ΣO, Ss, ss0, Rs, vs0, τs〉 and an environment transducer Tenv = 〈ΣO,ΣI , Se, se0, Re, ve0, τe〉.
Note that the outputs of the environments are the inputs of the system, and vice versa. We
denote the computation that is the interaction between the two transducers by Tenv‖Tsys,
indicating that the environment initiates the interaction and is the first transducer to move.
Recall that τe : Se × (ΣO × BRe)→ Se × BRe × ΣI ×Re. The ΣO and BRe components of
the transition depends on the output of the system, which are generated when the system
moves between states. Likewise, τs : Ss × (ΣI × BRs)→ Ss × BRs × ΣO ×Rs, with the ΣI
and BRs components depending on the output of the environment. Recall that we assume
that the environment moves first. Accordingly, for the first step of the interaction we assume
that the ΣO and BRe components are induced by the pair 〈∅, v0(r0)〉, for some designated
register r0 ∈ Re.
Formally, Tenv‖Tsys = 〈〈i0, o0〉, i0, o0〉〈〈i1, o1〉, i1, o1〉... ∈ ((ΣI × ΣO) × D × D)ω is
such that there are runs ρe = 〈se0, ve0〉〈se1, ve1〉〈se2, ve2〉... ∈ (Se × DRe)ω of Tenv and ρs =
〈ss0, vs0〉〈ss1, vs1〉〈ss2, vs2〉... ∈ (Ss ×DRs)ω of Tsys such that the following hold. Let 〈o−1, o−1〉 =
〈∅, ve0(re0)〉. Then, for every j ≥ 0, the following hold:
τe(sej , oj−1, vej ∼ oj−1) = 〈sej+1, aej , ij , rej 〉, ij = vej (rej ), and vej+1 = update(vej , oj−1, aej).
That is, in each round in the interaction, including the first round, the environment
moves first, the configuration 〈sej+1, vej+1〉 is the 〈oj−1, oj−1〉-successor of 〈sej , vej 〉, and the
transition taken in this move fixes ij and ij .
τs(ssj , ij , vsj ∼ ij) = 〈ssj+1, asj , oj , rsj 〉, oj = vsj (rsj ), and vsj+1 = update(vsj , ij , asj). That
is, the system respond by moving to the configuration 〈ssj+1, vsj+1〉, which is the 〈ij , ij〉-
successor of 〈ssj , vsj 〉, and the transition taken in this move fixes oj and oj .
The environment-system-bounded realizability problem is to decide, given a reg-UPW
A over ΣI × ΣO × D × D, and numbers ks and ke of system and environment registers,
respectively, whether there is a system transducer Tsys with at most ks registers such that
for all environment transducers Tenv with at most ke registers, we have that Tenv‖Tsys |= A.
The environment-system-bounded synthesis problem is to construct such a system transducer,
if exists.
Let A = 〈Σ, Q, q0, RA, vA0 , δ, α〉. As in the construction in Section 3, we define a (register-
less) UPW A′ that abstracts the registers of A and maintains instead the equivalence relation
between the registers. Here, however, the equivalence relation refers to the registers of A, of
the system, and of the environment. Let Rs and Re denote the sets of system and environment
registers, respectively. Let R = Rs ∪Re ∪RA, Π be the set of equivalence relations over R,
and f : DR → Π map a register valuation to the partition it induces. We modify the function
update′ from Section 3 to refer to registers directly, namely update′ : Π×R× BR → Π maps
〈π, r, a〉 to the partition resulting from moving the registers in a into the equivalence class of
r. Formally, update′(π, r, a) = {S \ a : S ∈ π \ C} \ {∅} ∪ {C ∪ a}, where C ∈ π and r ∈ C.
The update function has properties similar to these stated in Lemma 5.
I Lemma 9. For every valuation v ∈ DR, register r ∈ R, and storing mask a ⊆ R, we have
that f(update(v, v(r), a)) = update′(f(v), r, a).
A. Khalimov and O. Kupferman 25:13
Given a reg-UPW A, bounds ks, ke ∈ N, and an initial partition π0 ∈ DR, the (ks, ke, π0)-
abstraction of A is the UPW A′ = 〈Σ′, Q′, q′0, δ′, α′〉, defined as follows.
Σ′ = Σ×Rs × BRs × BRs .
Q′ = (Q×Π×Rs) ∪ {q′0}. A state 〈q, π, rs〉 ∈ Q×Π×Rs contains, in addition to the
original state q and partition π, the register rs whose value was output by the system
transducer in the previous move.
The initial state q′0 = 〈q0, π0, re0〉. It contains the environment register re0, because in the
first move the environment transducer reads its own data value ve0(re0).
Defining δ′, we use two auxiliary partitions: First, π? corresponds to the register valuation
after the environment transducer moves and updates its registers. Then, π?? corresponds
to the register valuations after the system transducer moves and updates its registers.
Finally, the destination partition π′ corresponds to the register valuation after A moves.
For every state 〈q, π, r〉 ∈ (Q×Π×Rs) ∪ {〈q0, π0, re0〉} and letter 〈σ, rs, gsi , asi 〉 ∈ Σ′, we
have that 〈q′, π′, rs〉 ∈ δ′(〈q, π, r〉, 〈σ, rs, gsi , asi 〉) iff there exist re ∈ Re, aeo ∈ BRe , and
aAi ∈ BRA satisfying the following.
Let π? = update′(π, r, aeo ). That is, the environment transducer updates its registers
using the previous system value. (In the initial state, the environment transducer uses
the value stored in its register re0.)
Let C ∈ π? be the set that contains re. We require that (C ∩Rs) = gsi .
Let π?? = update′(π?, re, asi ). That is, the system transducer updates its registers
using the value stored currently in the register that the environment outputs.
The automaton A transits and updates its registers using the values in the registers of
the environment and system transducers. Hence, the input guard gAi is A-chosen by
〈π??, re〉, while the output guard gAo is A-chosen by 〈π??, rs〉. Thus, we require that
〈q′, aAi 〉 ∈ δ(q, 〈σ, gAi , gAo 〉) and π′ = update
′(π??, re, aAi ).
The acceptance condition of A′ is induced from the one of A. Thus, for every state
〈q, π, r〉 ∈ Q′, we have that α′(〈q, π, r〉) = α(q).
Recall that the abstraction of A is parameterized by both the number of registers that
the system transducer may have as well as an initial partition for the registers of the system,
the environment, and the automaton. Let vA ∈ DRA be a valuation of the automaton
registers, and πs a partition of Rs. A partition π ∈ Π is consistent with vA and πs if there
are register valuations vs ∈ DRs and ve ∈ DRe s.t. πs = f(vs) and π = f(vA ∪ vs ∪ ve). Thus,
automata registers are related according to vA0 , system registers are related according to πs,
and environment registers are not related in any special way.
I Theorem 10. Consider a reg-UPW A with Σ = ΣI × ΣO, set of registers RA, and an
initial valuation vA0 . Then, A is realizable by a ks-register ΣI/ΣO-transducer with a set of
registers Rs with respect to environments that are ke-register ΣO/ΣI-transducers iff there
is a partition πs of Rs and a (ΣI × BRs)/(ΣO × Rs × BRs)-transducer T ′ such that for
every partition π0 of R that is consistent with vA0 and πs, the transducer T ′ realizes the
(ks, ke, π0)-abstraction of A.
Proof sketch. The theorem follows from the following claim, which we prove in [23]. Fix a
system ks-register transducer Tsys with an initial valuation vs0, and fix an environment initial
valuation ve0. Let A′ be the (ks, ke, π0)-abstraction of A with π0 = f(vs0∪ve0∪vA0 ). Let T ′sys be
the register-less transducer corresponding to Tsys. Then, we have that T ′sys |= A′ iff for every
environment transducer Tenv with the initial valuation ve0, it holds that Tenv‖Tsys |= A. J
CONCUR 2019
25:14 Register-Bounded Synthesis
We now analyze the complexity of the environment-system-bounded synthesis problem.
Using Theorem 10, we can reduce the synthesis problem for ks system and ke environment
registers, reg-UPW A with n states, index c, and kA registers, to the synthesis problem of
a (register-less) UPW A′ with O(nkk) states and index c, where k = ks + ke + kA. Recall
that the reduction does not create a single instance of the register-less synthesis problem,
and instead requires to find a system partition πs such that the (ks, ke, π0)-abstractions of
A, for every π0 consistent with vA0 and πs, are realized by a single transducer. There can
be no more than ksks system partitions, and we are going to enumerate them one by one.
Now, once a system partition πs is fixed, we can create a single UPW that represents the
intersection of the abstraction UPWs for each π0 consistent with πs and vA0 . To this end, we
create one initial state per π0, while the rest of the definition stays the same. The number of
initial states is bounded by (ks + ke + kA)ke . Let us call this automaton A′. By the same
naive analysis as in the system-bounded case, the synthesis problem for A′ can be solved in
time (Nmc)O(Nc) =
(
cmnkk
)O(cnkk), where m = |Σ| is the size of the finite alphabet of A.
In order to account for enumeration of system partitions, we multiply it by ksks , but this
does not affect the asymptotic complexity. Thus, the environment-system-bounded synthesis
problem is doubly-exponential in kA, ks, and ke, and is exponential in n and c.
As in the case of system-bounded synthesis, we can use the fact that the system-partition
component in the state space of A′ is deterministic with respect to the registers in Rs, and
behaves universally only with respect to the registers in RA and Re. The universal behavior
with respect to Re follows from the fact that a system transducer plays against all possible
environment transducers. Accordingly, we can tighten the complexity as follows.
I Theorem 11. Environment-system-bounded synthesis with ks system and ke environment
registers for reg-UPWs with n states, finite alphabet of size m, index c, and kA registers is
solvable in time (cmn(ks + ke + kA))O(cn(ks+ke+kA)
(ke+kA+1)). Thus, it is polynomial in m,
exponential in c, n, and ks, and doubly-exponential in kA and ke.
References
1 R. Bloem, K. Chatterjee, and B. Jobstmann. Graph Games and Reactive Synthesis. In
Handbook of Model Checking., pages 921–962. Springer, 2018.
2 M. Bojańczyk, A. Muscholl, T. Schwentick, and L. Segoufin. Two-variable logic on data trees
and XML reasoning. Journal of the ACM, 56(3):1–48, 2009.
3 M. Bojanczyk, A. Muscholl, T. Schwentick, L. Segoufin, and C. David. Two-Variable Logic on
Words with Data. In Proc. 21st IEEE Symp. on Logic in Computer Science, pages 7–16, 2006.
4 A. Bouajjani, P. Habermehl, Y. Jurski, and M. Sighireanu. Rewriting systems with data. In
FCT, pages 1–22, 2007.
5 A. Bouajjani, P. Habermehl, and R R. Mayr. Automatic verification of recursive procedures
with one integer parameter. Theoretical Computer Science, 295:85–106, 2003.
6 M. Brambilla, S. Ceri, S. Comai, P. Fraternali, and I. Manolescu. Specification and Design of
Workflow-Driven Hypertexts. J. Web Eng., 1(2):163–182, 2003.
7 C.S. Calude, S. Jain, B. Khoussainov, W. Li, and F. Stephan. Deciding parity games in
quasipolynomial time. In Proc. 49th ACM Symp. on Theory of Computing, pages 252–263,
2017.
8 S. Ceri, P. Fraternali, A. Bongio, M. Brambilla, S. Comai, and M. Matera. Designing Data-
Intensive Web Applications. Morgan Kaufmann Publishers Inc., San Francisco, CA, USA,
2002.
9 K. Chatterjee, T. Henzinger, and B. Jobstmann. Environment Assumptions for Synthesis. In
Proc. 19th Int. Conf. on Concurrency Theory, volume 5201 of Lecture Notes in Computer
Science, pages 147–161. Springer, 2008.
A. Khalimov and O. Kupferman 25:15
10 A. Church. Logic, arithmetics, and automata. In Proc. Int. Congress of Mathematicians, 1962,
pages 23–35. Institut Mittag-Leffler, 1963.
11 G. Delzanno, A. Sangnier, and R. Traverso. Parameterized Verification of Broadcast Networks
of Register Automata. In P. A. Abdulla and I. Potapov, editors, Reachability Problems, pages
109–121, Berlin, Heidelberg, 2013. Springer.
12 S. Demri and R. Lazic. LTL with the freeze quantifier and register automata. ACM Trans.
Comput. Log., 10(3):16:1–16:30, 2009.
13 R. Ehlers. Symbolic bounded synthesis. In Proc. 22nd Int. Conf. on Computer Aided
Verification, volume 6174 of Lecture Notes in Computer Science, pages 365–379. Springer,
2010.
14 R. Ehlers, S. Seshia, and H. Kress-Gazit. Synthesis with Identifiers. In Proc. 15th Int. Conf.
on Verification, Model Checking, and Abstract Interpretation, volume 8318 of Lecture Notes in
Computer Science, pages 415–433. Springer, 2014.
15 L. Exibard, E. Filiot, and P-A. Reynier. Synthesis of Data Word Transducers. In Proc. 30th
Int. Conf. on Concurrency Theory, 2019.
16 E. Filiot, N. Jin, and J.-F. Raskin. An Antichain Algorithm for LTL Realizability. In Proc.
21st Int. Conf. on Computer Aided Verification, volume 5643, pages 263–277, 2009.
17 B. Finkbeiner, F. Klein, R. Piskac, and M. Santolucito. Temporal Stream Logic: Synthesis
beyond the Bools. In Proc. 31st Int. Conf. on Computer Aided Verification, 2019.
18 O. Grumberg, O. Kupferman, and S. Sheinvald. Variable Automata over Infinite Alphabets.
In Proc. 4th Int. Conf. on Language and Automata Theory and Applications, volume 6031 of
Lecture Notes in Computer Science, pages 561–572. Springer, 2010.
19 O. Grumberg, O. Kupferman, and S. Sheinvald. An Automata-Theoretic Approach to
Reasoning about Parameterized Systems and Specifications. In 11th Int. Symp. on Automated
Technology for Verification and Analysis, pages 397–411, 2013.
20 R. Hojati, D.L. Dill, and R.K. Brayton. Verifying linear temporal properties of data insens-
itive controllers using finite instantiations. In Hardware Description Languages and their
Applications, pages 60–73. Springer, 1997.
21 M. Kaminski and N. Francez. Finite-memory automata. Theoretical Computer Science,
134(2):329–363, 1994.
22 M. Kaminski and D. Zeitlin. Extending finite-memory automata with non-deterministic
reassignment. In AFL, pages 195–207, 2008.
23 A. Khalimov and O. Kupferman. Register-bounded Synthesis, 2019. Full version, available on
the author’s personal pages.
24 A. Khalimov, B. Maderbacher, and R. Bloem. Bounded Synthesis of Register Transducers.
In 16th Int. Symp. on Automated Technology for Verification and Analysis, volume 11138 of
Lecture Notes in Computer Science, pages 494–510. Springer, 2018.
25 O. Kupferman. Recent Challenges and Ideas in Temporal Synthesis. In Proc. 38th International
Conference on Current Trends in Theory and Practice of Computer Science, volume 7147 of
Lecture Notes in Computer Science, pages 88–98. Springer, 2012.
26 O. Kupferman, Y. Lustig, M.Y. Vardi, and M. Yannakakis. Temporal Synthesis for Bounded
Systems and Environments. In Proc. 28th Symp. on Theoretical Aspects of Computer Science,
pages 615–626, 2011.
27 R. Lazić and D. Nowak. A Unifying Approach to Data-Independence. In Proc. 11th Int. Conf.
on Concurrency Theory, pages 581–596. Springer Berlin Heidelberg, 2000.
28 F. Neven, T. Schwentick, and V. Vianu. Towards Regular Languages over Infinite Alphabets. In
26th Int. Symp. on Mathematical Foundations of Computer Science, pages 560–572. Springer-
Verlag, 2001.
29 N. Piterman. From Nondeterministic Büchi and Streett Automata to Deterministic Parity
Automata. In Proc. 21st IEEE Symp. on Logic in Computer Science, pages 255–264. IEEE
press, 2006.
CONCUR 2019
25:16 Register-Bounded Synthesis
30 A. Pnueli and R. Rosner. On the Synthesis of a Reactive Module. In Proc. 16th ACM Symp.
on Principles of Programming Languages, pages 179–190, 1989.
31 S. Schewe and B. Finkbeiner. Bounded Synthesis. In 5th Int. Symp. on Automated Technology
for Verification and Analysis, volume 4762 of Lecture Notes in Computer Science, pages
474–488. Springer, 2007.
32 S. Schewe and T. Varghese. Determinising Parity Automata. In 39th Int. Symp. on Mathem-
atical Foundations of Computer Science, volume 8634 of Lecture Notes in Computer Science,
pages 486–498. Springer, 2014.
33 Y. Shemesh and N.: Francez. Finite-state unification automata and relational languages.
Information and Computation, 114:192–213, 1994.
34 T. Tan. Pebble Automata for Data Languages: Separation, Decidability, and Undecidability.
PhD thesis, Technion - Computer Science Department, 2009.
35 N. Tzevelekos. Fresh-register Automata. In Proc. 38th ACM Symp. on Principles of Program-
ming Languages, pages 295–306, New York, NY, USA, 2011. ACM.
36 V. Vianu. Automatic verification of database-driven systems: a new frontier. In ICDT ’09,
pages 1–13, 2009.
37 P. Wolper. Expressing Interesting Properties of Programs in Propositional Temporal Logic.
In Proc. 13th ACM Symp. on Principles of Programming Languages, pages 184–192, 1986.
