Keywords

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

1 Introduction

Since the last decade, learning-based automata inference techniques [7, 11, 30, 36] have received significant attention from the community of formal system analysis. In general, the primary applications of automata learning in the community can be categorized into two: improving efficiency and scalability of verification [6, 15, 17, 19, 21, 23, 25, 33] and synthesizing abstract system model for further analysis [1, 5, 16, 18, 22, 24, 26, 35, 37, 40].

The former usually is based on the so called assume-guarantee compositional verification approach, which divides a verification task into several subtasks via a composition rule. Learning algorithms are applied to construct environmental assumptions of components in the rule automatically. For the latter, automata learning has been used to automatically generate interface model of computer programs [5, 22, 26, 37, 41], a model of system error traces for diagnosis purpose [16], behavior model of programs for statistical program analysis [18], and model-based testing and verification [24, 35, 40].

Besides the classical finite automata learning algorithms, people also apply and develop learning algorithm for richer models for the above two applications. For example, learning algorithms for register automata [27, 28] have been developed and applied to synthesis system and program interface models. Learning algorithm for timed automata has been developed for automated compositional verification for timed systems [33]. However, all the results mentioned above are for checking safety properties or synthesizing finite behavior models of systems/programs. Büchi automaton is the standard model for describing liveness properties of distributed systems [4]. The model has been applied in automata theoretical model checking [39] to describe the property to be verified. It is also often used in the synthesis of reactive systems. Moreover, Büchi automata have been used as a means to prove program termination [31]. However, unlike the case for finite automata learning, learning algorithms for Büchi automata are very rarely used in our community. We believe this is a potentially fertile area for further investigation.

The first learning algorithm for the full-class of \(\omega \)-regular languages represented as Büchi automata was described in [20], based on the \(L^*\) algorithm [7] and the result of [14]. Recently, Angluin and Fisman propose a new learning algorithm for \(\omega \)-regular languages [10] using a formalism called a family of DFAs (FDFAs), based on the results of [34]. The main problem of applying their algorithm in verification and synthesis is that their algorithm requires a teacher for FDFAs. In this paper, we show that their algorithm can be adapted to support Büchi automata teachers.

We propose a novel \(\omega \)-regular learning algorithm based on FDFAs and a classification tree structure (inspired by the tree-based \(L^*\) algorithm in [30]). The worst case storage space required by our algorithm is quadratically better than the table-based algorithm proposed in [10]. Experimental results show that our tree-based algorithms have the best performance among others regarding the number of solved learning tasks.

For regular language learning, there are robust and publicly available libraries, e.g., libalf [12] and LearnLib [29]. A similar library is still lacking for Büchi automata learning. We implement the first publicly available Büchi automata learning library, named ROLL (Regular Omega Language Learning, http://iscasmc.ios.ac.cn/roll), which includes all Büchi automata learning algorithms of the full class of \(\omega \)-regular languages available in the literature and the ones proposed in this paper. We compare the performance of those algorithms using a benchmark consisting of 295 Büchi automata corresponding to all 295 LTL specifications available in BüchiStore [38].

To summarize, our contribution includes the following. (1) Adapting the algorithm of [10] to support Büchi automata teachers. (2) A novel learning algorithm for \(\omega \)-regular language based on FDFAs and classification trees. (3) The publicly available library ROLL that includes all Büchi automata learning algorithms can be found in the literature. (4) A comprehensive empirical evaluation of Büchi automata learning algorithms.

2 Preliminaries

Let A and B be two sets. We use \(A \oplus B\) to denote their symmetric difference, i.e., the set \((A\setminus B) \cup (B\setminus A)\). Let \(\varSigma \) be a finite set called alphabet. We use \(\epsilon \) to represent an empty word. The set of all finite words is denoted by \(\varSigma ^*\), and the set of all infinite words, called \(\omega \)-words, is denoted by \(\varSigma ^\omega \). Moreover, we also denote by \(\varSigma ^+\) the set \(\varSigma ^*\setminus \{\epsilon \}\). We use \(|u|\) to denote the length of the finite word u. We use \([i\cdots j]\) to denote the set \(\{i, i+1, \cdots , j\}\). We denote by w[i] the i-th letter of a word w. We use w[i..k] to denote the subword of w starting at the i-th letter and ending at the k-th letter, inclusive, when \(i\le k\) and the empty word \(\epsilon \) when \(i > k\). A language is a subset of \(\varSigma ^*\) and an \(\omega \) -language is a subset of \(\varSigma ^\omega \). Words of the form \(uv^\omega \) are called ultimately periodic words. We use a pair of finite words (uv) to denote the ultimately periodic word \(w= uv^\omega \). We also call (uv) a decomposition of w. For an \(\omega \)-language \(L\), let \(\text {UP}(L) = \{uv^\omega \mid u \in \varSigma ^*,v \in \varSigma ^+,uv^\omega \in L\}\), i.e., all ultimately periodic words in \(L\).

A finite automaton (FA) is a tuple \(A= (\varSigma , Q, q_0, F, \delta )\) consisting of a finite alphabet \(\varSigma \), a finite set \(Q\) of states, an initial state \(q_0\), a set \(F\subseteq Q\) of accepting states, and a transition relation \(\delta \subseteq Q\times \varSigma \times Q\). For convenience, we also use \(\delta (q, a)\) to denote the set \(\{q'\mid (q, a, q') \in \delta \}\). A run of an FA on a finite word \(v = a_1 a_2 a_3 \cdots a_n\) is a sequence of states \(q_0, q_1, \cdots , q_n\) such that \((q_i, a_{i+1}, q_{i+1}) \in \delta \). The run v is accepting if \(q_n\in F\). A word u is accepting if it has an accepting run. The language of A, denoted by \(L(A)\), is the set \( \{u\in \varSigma ^*\mid u\ \text {is accepted by}\ A\}\). Given two FAs A and B, one can construct a product FA \(A\times B\) recognizing \(L(A) \cap L(B)\) using a standard product construction.

A deterministic finite automaton (DFA) is an FA such that \(\delta (q, a)\) is a singleton for any \(q\in Q\) and \(a\in \varSigma \). For DFA, we write \(\delta (q, a) = q'\) instead of \(\delta (q, a) = \{q'\}\). The transition can be lifted to words by defining \(\delta (q, \epsilon ) = q\) and \(\delta (q,av)=\delta (\delta (q,a), v)\) for \(q\in Q, a\in \varSigma \) and \(v\in \varSigma ^*\). We also use \(A(v)\) as a shorthand for \(\delta (q_0, v)\).

A Büchi automaton (BA) has the same structure as an FA, except that it accepts only infinite words. A run of an infinite word in a BA is an infinite sequence of states defined similarly to the case of a finite word in an FA. An infinite word w is accepted by a BA iff it has a run visiting at least one accepting state infinitely often. The language defined by a BA \(A\), denoted by \(L(A)\), is the set \(\{w\in \varSigma ^\omega \mid w\ \text {is accepted by}\ A\}\). An \(\omega \)-language \(L\subseteq \varSigma ^\omega \) is \(\omega \)-regular iff there exists a BA \(A\) such that \(L= L(A)\).

Theorem 1

(Ultimately Periodic Words of \(\omega \) -Regular Languages [13]). Let \(L\), \(L'\) be two \(\omega \)-regular languages. Then \(L=L'\) if and only if \(\text {UP}(L)=\text {UP}(L')\).

Definition 1

(Family of DFAs ( \(\textsc {FDFA}\) ) [10]). A family of DFAs \(\mathcal {F}=(M, \{A^q\})\) over an alphabet \(\varSigma \) consists of a leading automaton \(M=(\varSigma , Q, q_0, \delta )\) and progress DFAs \(A^q=(\varSigma , Q_q, s_q, \delta _q, F_q)\) for each \(q\in Q\).

Notice that the leading automaton \(M\) is a DFA without accepting states. Each \(\textsc {FDFA}\) \(\mathcal {F}\) characterizes a set of ultimately periodic words \(\text {UP}(\mathcal {F})\). Formally, an ultimately periodic word w is in \(\text {UP}(\mathcal {F})\) iff it has a decomposition (uv) accepted by \(\mathcal {F}\). A decomposition (uv) is accepted by \(\mathcal {F}\) iff \(M(uv) = M(u)\) and \(v \in L(A^{M(u)})\). An example of an \(\textsc {FDFA}\) \(\mathcal {F}\) is depicted in Fig. 1. The leading automaton \(M\) has only one state \(\epsilon \). The progress automaton of \(\epsilon \) is \(A^{\epsilon }\). The word \((ba)^\omega \) is in \(UP(\mathcal {F})\) because it has a decomposition (baba) such that \(M(ba\cdot ba) = M(ba)\) and \(ba\in L(A^{M(ba)})=L(A^{\epsilon })\). It is easy to see that the decomposition (babab) is not accepted by \(\mathcal {F}\) since \(ab\not \in L(A^{M(bab)})=L(A^{\epsilon })\).

Fig. 1.
figure 1

An example of an \(\textsc {FDFA}\)

Full size image

For any \(\omega \)-regular language \(L\), there exists an \(\textsc {FDFA}\) \(\mathcal {F}\) such that \(\text {UP}(L) = \text {UP}(\mathcal {F})\) [10]. We show in Sect. 6 that it is not the case for the reverse direction. More precisely, in [10], three kinds of \(\textsc {FDFA}\)s are suggested as the canonical representations of \(\omega \)-regular languages, namely periodic \(\textsc {FDFA}\), syntactic \(\textsc {FDFA}\) and recurrent \(\textsc {FDFA}\). Their formal definitions are given in terms of right congruence.

An equivalence relation \(\backsim \) on \(\varSigma ^*\) is a right congruence if \(x\backsim y\) implies \(xv\backsim yv\) for every \(x, y, v\in \varSigma ^*\). The index of \(\backsim \), denoted by \(|\) \(\backsim \) \(|\), is the number of equivalence classes of \(\backsim \). We use \(\varSigma ^*/_{\backsim }\) to denote the equivalence classes of the right congruence \(\backsim \). A finite right congruence is a right congruence with a finite index. For a word \(v\in \varSigma ^*\), we use the notation \( [v] _{\backsim }\) to represent the class of \(\backsim \) in which v resides and ignore the subscript \(\backsim \) when the context is clear. The right congruence \(\backsim _{L}\) of a given \(\omega \)-regular language \(L\) is defined such that \(x\backsim _{L}y\) iff \(\forall w\in \varSigma ^\omega .xw\in L\Longleftrightarrow yw\in L\). The index of \(\backsim _{L}\) is finite because it is not larger than the number of states in a deterministic Muller automaton recognizing \(L\) [34].

Definition 2

(Canonical \(\textsc {FDFA}\) [10]). Given an \(\omega \)-regular language \(L\), a periodic (respectively, syntactic and recurrent) \(\textsc {FDFA}\) \(\mathcal {F}= (M, \{A^q\})\) of L is defined as follows. The leading automaton M is the tuple \((\varSigma , \varSigma ^*/_{\backsim _{L}}, [\epsilon ] _{\backsim _{L}}, \delta )\), where \(\delta ( [u] _{\backsim _{L}}, a) = [ua] _{\backsim _{L}}\) for all \(u\in \varSigma ^*\) and \(a \in \varSigma \).

We define the right congruences \(\approx ^{u}_P, \approx ^{u}_S\), and \(\approx ^{u}_R\) for progress automata \(A^u\) of periodic, syntactic, and recurrent \(\textsc {FDFA}\) respectively as follows:

$$\begin{aligned} \begin{array}{lll} x\approx ^{u}_{P} y \text { iff } &{} &{}\forall v\in \varSigma ^*, u(xv)^\omega \in L\Longleftrightarrow u(yv)^\omega \in L, \\ x\approx ^{u}_{S} y \text { iff } ux\backsim _{L} uy&{} \text {and} &{} \forall v\in \varSigma ^*, uxv\backsim _{L} u \Longrightarrow (u(xv)^\omega \in L\Longleftrightarrow u(yv)^\omega \in L), \text { and} \\ x\approx ^{u}_{R} y \text { iff } &{} &{} \forall v\in \varSigma ^*, uxv\backsim _{L} u\wedge u(xv)^\omega \in L\Longleftrightarrow uyv\backsim _{L} u\wedge u(yv)^\omega \in L. \end{array} \end{aligned}$$

The progress automaton \(A^u\) is the tuple \((\varSigma , \varSigma ^*/_{\approx ^{u}_K}, [\epsilon ] _{\approx ^{u}_K}, \delta _K, F_K)\), where \(\delta _K( [u] _{\approx ^{u}_K}, a) = [ua] _{\approx ^{u}_K}\) for all \(u\in \varSigma ^*\) and \(a \in \varSigma \). The accepting states \(F_K\) is the set of equivalence classes \( [v] _{\approx ^{u}_K}\) for which \(uv\backsim _{L} u\) and \(uv^\omega \in L\) when \(K \in \{S, R\}\) and the set of equivalence classes \( [v] _{\approx ^{u}_K}\) for which \(uv^\omega \in L\) when \(K \in \{P\}\).

In this paper, by an abuse of notation, we use a finite word u to denote the state in a DFA in which the equivalence class \( [u] \) resides.

Lemma 1

[10]. Let \(\mathcal {F}\) be a periodic (syntactic, recurrent) \(\textsc {FDFA}\) of an \(\omega \)-regular language \(L\). Then \(\text {UP}(\mathcal {F})=\text {UP}(L)\).

Lemma 2

[9]. Let \(\mathcal {F}\) be a periodic (syntactic, recurrent) \(\textsc {FDFA}\) of an \(\omega \)-regular language \(L\). One can construct a BA recognizing \(L\) from \(\mathcal {F}\).

3 Büchi Automata Learning Framework Based on \(\textsc {FDFA}\)

We begin with an introduction of the framework of learning BA recognizing an unknown \(\omega \)-regular language \(L\).

Fig. 2.
figure 2

Overview of the learning framework based on \(\textsc {FDFA}\) learning. The components in boxes are results from existing works. The components in boxes are our new contributions. (Color figure online)

Full size image

Overview of the Framework: First, we assume that we already have a BA teacher who knows the unknown \(\omega \)-regular language \(L\) and answers membership and equivalence queries about \(L\). More precisely, a membership query \(\mathsf {Mem^{BA}}(uv^\omega )\) asks if \(uv^\omega \in L\). For an equivalence query \(\mathsf {Equ^{BA}}(B)\), the BA teacher answers “yes” when \(L(B)=L\), otherwise it returns “no” as well as a counterexample \(uv^\omega \in L\oplus L(B)\).

The framework depicted in Fig. 2 consists of two components, namely the \(\textsc {FDFA}\) learner and the \(\textsc {FDFA}\) teacher. Note that one can place any \(\textsc {FDFA}\) learning algorithm to the \(\textsc {FDFA}\) learner component. For instance, one can use the \(\textsc {FDFA}\) learner from [10] which employs a table to store query results, or the \(\textsc {FDFA}\) learner using a classification tree proposed in this paper. The \(\textsc {FDFA}\) teacher can be any teacher who can answer membership and equivalence queries about an unknown \(\textsc {FDFA}\).

FDFA Learners: The \(\textsc {FDFA}\) learners component will be introduced in Sects. 4 and 5. We first briefly review the table-based \(\textsc {FDFA}\) learning algorithms [10] in Sect. 4. Our tree-based learning algorithm for canonical \(\textsc {FDFA}\)s will be introduced in Sect. 5. The algorithm is inspired by the tree-based \(L^*\) learning algorithm [30]. Nevertheless, applying the tree structure to learn \(\textsc {FDFA}\)s is not a trivial task. For example, instead of a binary tree used in [30], we need to use a K-ary tree to learn syntactic FDFAs. The use of K-ary tree complicates the procedure of refining the classification tree and automaton construction. More details will be provided in Sect. 5.

FDFA Teacher: The task of the \(\textsc {FDFA}\) teacher is to answer queries \(\mathsf {Mem^{FDFA}}(u,v)\) and \(\mathsf {Equ^{FDFA}}(F)\) posed by the \(\textsc {FDFA}\) learner. Answering \(\mathsf {Mem^{FDFA}}(u,v)\) is easy. The \(\textsc {FDFA}\) teacher just needs to redirect the result of \(\mathsf {Mem^{BA}}(uv^\omega )\) to the \(\textsc {FDFA}\) learner. Answering equivalence query \(\mathsf {Equ^{FDFA}}(F)\) is more tricky.

The \(\textsc {FDFA}\) teacher needs to transform an \(\textsc {FDFA}\) F to a BA B to pose an equivalence query \(\mathsf {Equ^{BA}}(B)\). In Sect. 6, we show that, in general, it is impossible to build a BA B from an \(\textsc {FDFA}\) F such that \(\text {UP}(L(B)) = \text {UP}(F)\). Therefore in Sect. 6, we propose two methods to approximate \(\text {UP}(F)\), namely the under-approximation method and the over-approximation method. As the name indicates, the under-approximation (respectively, over-approximation) method constructs a BA B from F such that \(\text {UP}(L(B)) \subseteq \text {UP}(F)\) (respectively, \(\text {UP}(F) \subseteq \text {UP}(L(B))\)). The under-approximation method is modified from the algorithm in [14]. Note that if the \(\textsc {FDFA}\)s are the canonical representations, the BAs built by the under-approximation method recognize the same ultimately periodic words as the \(\textsc {FDFA}\)s, which makes it a complete method for BA learning (Lemmas 1 and 2). As for the over-approximation method, we cannot guarantee to get a BA B such that \(\text {UP}(L(B))=\text {UP}(F)\) even if the F is a canonical representation, which thus makes it an incomplete method. However, in the worst case, the over-approximation method produces a BA whose number of states is only quadratic in the size of the \(\textsc {FDFA}\). In contrast, the number of states in the BA constructed by the under-approximation method is cubic in the size of the \(\textsc {FDFA}\).

Counterexample Analysis: If the \(\textsc {FDFA}\) teacher receives “no” and a counterexample \(uv^\omega \) from the BA teacher, the \(\textsc {FDFA}\) teacher has to return “no” as well as a valid decomposition \((u', v')\) that can be used by the \(\textsc {FDFA}\) learner to refine F. In Sect. 7, we show how the \(\textsc {FDFA}\) teacher chooses a pair \((u', v')\) from \(uv^\omega \) that allows \(\textsc {FDFA}\) learner to refine current \(\textsc {FDFA}\) F. As the dashed line with a label F in Fig. 2 indicates, we use the current conjectured \(\textsc {FDFA}\) F to analyze the counterexample. The under-approximation method and the over-approximation method of \(\textsc {FDFA}\) to BA translation require different counterexample analysis procedures. More details will be provided in Sect. 7.

Once the BA teacher answers “yes” for the equivalence query \(\mathsf {Equ^{BA}}(B)\), the \(\textsc {FDFA}\) teacher will terminate the learning procedure and outputs a BA recognizing \(L\).

Due to the lack of space, all missing proofs and details for our Büchi learning algorithm are provided in [32].

4 Table-Based Learning Algorithm for \(\textsc {FDFA}\)s

In this section, we briefly introduce the table-based learner for FDFAs [10]. It employs a structure called observation table [7] to organize the results obtained from queries and propose candidate FDFAs. The table-based FDFA learner simultaneously runs several instances of DFA learners. The DFA learners are very similar to the \(L^*\) algorithm [7], except that they use different conditions to decide if two strings belong to the same state (based on Definition 2). More precisely, the FDFA learner uses one DFA learner \(L^*_{M}\) for the leading automaton \(M\), and for each state u in \(M\), one DFA learner \(L^*_{A^u}\) for each progress automaton \(A^u\). The table-based learning procedure works as follows. The learner \(L^*_{M}\) first closes the observation table by posing membership queries and then constructs a candidate for leading automaton \(M\). For every state u in \(M\), the table-based algorithm runs an instance of DFA learner \(L^*_{A^u}\) to find the progress automaton \(A^u\). When all DFA learners propose candidate DFAs, the FDFA learner assembles them to an FDFA \(\mathcal {F}= (M, \{A^u\})\) and then poses an equivalence query for it. The \(\textsc {FDFA}\) teacher will either return “yes” which means the learning algorithm succeeds or return “no” accompanying with a counterexample. Once receiving the counterexample, the table-based algorithm will decide which DFA learner should refine its candidate DFA. We refer interested readers to [10] for more details of the table-based algorithm.

5 Tree-Based Learning Algorithm for \(\textsc {FDFA}\)s

In this section, we provide our tree-based learning algorithm for \(\textsc {FDFA}\)s. To that end, we first define the classification tree structure for \(\textsc {FDFA}\) learning in Sect. 5.1 and present the tree-based algorithm in Sect. 5.2.

5.1 Classification Tree Structure in Learning

Here we present our classification tree structure for \(\textsc {FDFA}\) learning. Compared to the classification tree defined in [30], ours is not restricted to be a binary tree. Formally, a classification tree is a tuple \(\mathcal {T}= (N, r, L_n, L_e)\) where \(N = I \cup T\) is a set of nodes consisting of the set I of internal nodes and the set T of terminal nodes, the node \(r\in N\) is the root of the tree, \(L_n: N\rightarrow \varSigma ^*\cup (\varSigma ^*\times \varSigma ^*)\) labels an internal node with an experiment and a terminal node with a state, and \(L_e: N \times D\rightarrow N\) maps a parent node and a label to its corresponding child node, where the set of labels D will be specified below.

During the learning procedure, we maintain a leading tree \(\mathcal {T}\) for the leading automaton \(M\), and for every state u in \(M\), we keep a progress tree \(\mathcal {T}_u\) for the progress automaton \(A^u\). For every classification tree, we define a tree experiment function \(\mathbf {TE}: \varSigma ^*\times (\varSigma ^*\cup (\varSigma ^*\times \varSigma ^*)) \rightarrow D\). Intuitively, \(\mathbf {TE}(x, e)\) computes the entry value at row (state) x and column (experiment) e of an observation table in table-based learning algorithms. The labels of nodes in the classification tree \(\mathcal {T}\) satisfy the follow invariants: Let \(t\in T\) be a terminal node labeled with a state \(x=L_n(t)\). Let \(t'\in I\) be an ancestor node of t labeled with an experiment \(e=L_n(t')\). Then the child of \(t'\) following the label \(\mathbf {TE}(x,e)\), i.e., \(L_e(t', \mathbf {TE}(x,e))\), is either the node t or an ancestor node of t.

Leading Tree \(\mathcal {T}\): The leading tree \(\mathcal {T}\) for \(M\) is a binary tree with labels \(D=\{ \mathrm {F}, \mathrm {T}\}\). The tree experiment function \(\mathbf {TE}(u, (x, y)) = \mathrm {T}\) iff \(uxy^\omega \in L\) (recall the definition of \(\backsim _{L}\) in Sect. 2) where \(u,x,y \in \varSigma ^*\). Intuitively, each internal node n in \(\mathcal {T}\) is labeled by an experiment \(xy^\omega \) represented as (xy). For any word \(u \in \varSigma ^*\), \(uxy^\omega \in L\) (or \(uxy^\omega \notin L\)) implies that the equivalence class of u lies in the \(\mathrm {T}\)-subtree (or \(\mathrm {F}\)-subtree) of n.

Progress Tree \(\mathcal {T}_u\) : The progress trees \(\mathcal {T}_{u}\) and the corresponding function \(\mathbf {TE}(x, e)\) are defined based on the right congruences \(\approx ^{u}_{P}\), \(\approx ^{u}_{S}\), and \(\approx ^{u}_{R}\) of canonical \(\textsc {FDFA}\)s in Definition 2.

The progress tree for periodic \(\textsc {FDFA}\) is also a binary tree labeled with \(D=\{ \mathrm {F}, \mathrm {T}\}\). The experiment function \(\mathbf {TE}(x, e) = \mathrm {T}\) iff \(u(xe)^\omega \in L\) where \(x,e\in \varSigma ^*\).

The progress tree for syntactic \(\textsc {FDFA}\) is a K-ary tree with labels \(D=Q\times \{\mathrm {A}, \mathrm {B}, \mathrm {C}\}\) where \(Q\) is the set of states in the leading automaton \(M\). For all \(x,e \in \varSigma ^*\), the experiment function \(\mathbf {TE}(x, e)= (M(ux),t)\), where \(t=\mathrm {A}\) iff \(u = M(uxe) \wedge u(xe)^\omega \in L\), \(t=\mathrm {B}\) iff \(u = M(uxe) \wedge u(xe)^\omega \not \in L\), and \(t=\mathrm {C}\) iff \(u \ne M(uxe)\).

For example, assuming that \(M\) is constructed from the right congruence \(\backsim _{L}\), for any two states x and y such that \(\mathbf {TE}(x, e)= \mathbf {TE}(y, e)=(z,A)\), it must be the case that \(ux\backsim _{L} uy\) because \(M(ux)=z=M(uy)\). Moreover, the experiment e cannot distinguish x and y because \({uxe}\backsim _{L}{u}\backsim _{L}{uye}\) and both \(u(xe)^\omega ,u(ye)^\omega \in L\).

The progress tree for recurrent \(\textsc {FDFA}\) is a binary tree labeled with \(D=\{ \mathrm {F}, \mathrm {T}\}\). The function \(\mathbf {TE}(x, e) = \mathrm {T}\) iff \(u(xe)^\omega \in L\wedge u = M(uxe)\) where \(x,e\in \varSigma ^*\).

5.2 Tree-Based Learning Algorithm

The tree-based learning algorithm first initializes the leading tree \(\mathcal {T}\) and the progress tree \(\mathcal {T}_{\epsilon }\) as a tree with only one terminal node r labeled by \(\epsilon \).

From a classification tree \(\mathcal {T}= (N, r, L_n, L_e)\), the learner constructs a candidate of a leading automaton \(M=(\varSigma , Q, \epsilon , \delta )\) or a progress automaton \(A^{u}=(\varSigma , Q, \epsilon , \delta ,F)\) as follow. The set of states is \(Q= \{ L_n(t) \mid t \in T\}\). Given \(s\in Q\) and \(a\in \varSigma \), the transition function \(\delta (s, a)\) is constructed by the following procedure. Initially the current node \(n:=r\). If n is a terminal node, it returns \(\delta (s, a)=L_n(n)\). Otherwise, it picks a unique child \(n'\) of n with \(L_e(n, \mathbf {TE}(sa, L_n(n))) = n'\), updates the current node to \(n'\), and repeats the procedureFootnote 1. By Definition 2, the set of accepting states \(F\) of a progress automaton can be identified from the structure of \(M\) with the help of membership queries. For periodic \(\textsc {FDFA}\), \(F= \{v \mid uv^\omega \in L, v\in Q\}\) and for syntactic and recurrent \(\textsc {FDFA}\), \(F= \{v \mid uv\backsim _{M} u, uv^\omega \in L, v\in Q\}\).

Whenever the learner has constructed an \(\textsc {FDFA}\) \(\mathcal {F}= (M, \{A^u\})\), it will pose an equivalence query for \(\mathcal {F}\). If the teacher returns “no” and a counterexample (uv), the learner has to refine the classification tree and propose another candidate of \(\textsc {FDFA}\).

Definition 3

(Counterexample for FDFA Learner). Given the conjectured \(\textsc {FDFA}\) \(\mathcal {F}\) and the target language \(L\), we say that the counterexample

  • (uv) is positive if \(uv\backsim _{M} u\), \(uv^\omega \in \text {UP}(L)\), and (uv) is not accepted by \(\mathcal {F}\),

  • (uv) is negative if \(uv\backsim _{M} u\), \(uv^\omega \not \in \text {UP}(L)\), and (uv) is accepted by \(\mathcal {F}\).

We remark that in our case all counterexamples (uv) from the \(\textsc {FDFA}\) teacher satisfy the constraint \(uv\backsim _{M} u\), which corresponds to the normalized factorization form in [10].

Counterexample Guided Refinement of \(\mathcal {F}\) : Below we show how to refine the classification trees based on a negative counterexample (uv). The case of a positive counterexample is symmetric. By definition, we have \(uv\sim _M u\), \(uv^\omega \notin \text {UP}(L)\) and (uv) is accepted by \(\mathcal {F}\). Let \(\tilde{u} = M(u)\), if \(\tilde{u}v^\omega \in \text {UP}(L)\), the refinement of the leading tree is performed, otherwise \(\tilde{u}v^\omega \notin \text {UP}(L)\), the refinement of the progress tree is performed.

Refinement for the Leading Tree: In the leading automaton \(M\) of the conjectured \(\textsc {FDFA}\), if a state p has a transition to a state q via a letter a, i.e., \(q = M(p a)\), then pa has been assigned to the terminal node labeled by q during the construction of \(M\). If one also finds an experiment e such that \(\mathbf {TE}(q,e)\ne \mathbf {TE}(pa,e)\), then we know that q and pa should not belong to the same state in a leading automaton. W.l.o.g., we assume \(\mathbf {TE}(q,e)=\mathrm {F}\). In such a case, the leading tree can be refined by replacing the terminal node labeled with q by a tree such that (i) its root is labeled by e, (ii) its left child is a terminal node labeled by q, and (iii) its right child is a terminal node labeled by pa.

Below we discuss how to extract the required states pq and experiment e. Let \(|u| = n\) and \(s_0 s_1 \cdots s_n\) be the run of \(M\) over u. Note that \(s_0 = M(\epsilon )=\epsilon \) and \(s_n = M(u) =\tilde{u}\). From the facts that (uv) is a negative counterexample and \(\tilde{u}v^\omega \in \text {UP}(L)\) (the condition to refine the leading tree), we have \(\mathbf {TE}(s_0, (u[1\cdots n], v))= \mathrm {F}\ne \mathrm {T}=\mathbf {TE}(s_n, (\epsilon , v))= \mathbf {TE}(s_n, (u[n+1 \cdots n], v))\) because \(uv^\omega \notin \text {UP}(L)\) and \(\tilde{u}v^\omega \in \text {UP}(L)\). Recall that we have \(w[j\cdots k] =\epsilon \) when \(j>k\). Therefore, there must exist a smallest \(j\in [1\cdots n]\) such that \(\mathbf {TE}(s_{j-1}, (u[j\cdots n], v)) \ne \mathbf {TE}(s_{j}, (u[j+1\cdots n], v))\). It follows that we can use the experiment \(e=(u[j+1\cdots n], v)\) to distinguish \(q=s_{j}\) and \(pa=s_{j-1}u[j]\).

Example 1

Consider a conjectured \(\textsc {FDFA}\) \(\mathcal {F}\) in Fig. 1 produced during the process of learning \(L= a^\omega + b^\omega \). The corresponding leading tree \(\mathcal {T}\) and the progress tree \(\mathcal {T}_\epsilon \) are depicted on the left of Fig. 3. The dashed line is for the \(\mathrm {F}\) label and the solid one is for the \(\mathrm {T}\) label. Suppose the \(\textsc {FDFA}\) teacher returns a negative counterexample (abb). The leading tree has to be refined since \(M(ab)b^\omega =b^\omega \in L\). We find an experiment (bb) to differentiate \(\epsilon \) and a using the procedure above and update the leading tree \(\mathcal {T}\) to \(\mathcal {T}'\). The leading automaton \(M\) constructed from \(\mathcal {T}'\) is depicted on the right of Fig. 3.

Fig. 3.
figure 3

Refinement of the leading tree and the corresponding leading automaton

Full size image

Refinement for the Progress Tree: Here we explain the case of periodic \(\textsc {FDFA}\)s. The other cases are similar and we leave the details in [32]. Recall that \(\tilde{u}v^\omega \notin \text {UP}(L)\) and thus the algorithm refines the progress tree \(\mathcal {T}_{\tilde{u}}\). Let \(|v| = n\) and \(h = s_0 s_1 \cdots s_n\) be the corresponding run of \(A^{\tilde{u}}\) over v. Note that \(s_0 = A^{\tilde{u}}(\epsilon )=\epsilon \) and \(s_n = A^{\tilde{u}}(v)= \tilde{v} \). We have \(\tilde{u}(\tilde{v})^\omega \in \text {UP}(L)\) because \(\tilde{v}\) is an accepting state. From the facts that \(\tilde{u}v^\omega \notin \text {UP}(L)\) and \(\tilde{u}(\tilde{v})^\omega \in \text {UP}(L)\), we have \(\mathbf {TE}(s_0, v[1\cdots n])=\mathrm {F}\ne \mathrm {T}=\mathbf {TE}(s_n, \epsilon )=\mathbf {TE}(s_n, v[n+1\cdots n])\). Therefore, there must exist a smallest \(j\in [1\cdots n]\) such that \(\mathbf {TE}(s_{j-1}, v[j\cdots n]) \ne \mathbf {TE}(s_{j}, v[j+1\cdots n])\). It follows that we can use the experiment \(e=v[j+1\cdots n]\) to distinguish \(q=s_{j}\), \(pa=s_{j-1}v[j]\) and refine the progress tree \(\mathcal {T}_{\tilde{u}}\).

Optimization: Example 1 also illustrates the fact that the counterexample (abb) may not be eliminated right away after the refinement. In this case, it is still a valid counterexample (assuming that the progress tree \(\mathcal {T}_\epsilon \) remains unchanged). Thus as an optimization in our tool, one can repeatedly use the counterexample until it is eliminated.

6 From \(\textsc {FDFA}\) to Büchi Automata

Since the FDFA teacher exploits the BA teacher for answering equivalence queries, it needs first to convert the given FDFA into a BA. Unfortunately, with the following example, we show that in general, it is impossible to construct a precise BA B for an \(\textsc {FDFA}\) \(\mathcal {F}\) such that \(\text {UP}(L(B)) = \text {UP}(\mathcal {F})\).

Fig. 4.
figure 4

An \(\textsc {FDFA}\) \(\mathcal {F}\) such that \(\text {UP}(\mathcal {F})\) does not characterize an \(\omega \)-regular language

Full size image

Example 2

Consider a non-canonical \(\textsc {FDFA}\) \(\mathcal {F}\) in Fig. 4, we have \(\text {UP}(\mathcal {F}) = \bigcup _{n=0}^{\infty } \{a,b\}^* \cdot (ab^n)^\omega \). We assume that \(\text {UP}(\mathcal {F})\) characterizes an \(\omega \)-regular language \(L\). It is known that the periodic \(\textsc {FDFA}\) recognizes exactly the \(\omega \)-regular language and the index of each right congruence is finite [10]. However, we can show that the right congruence \(\approx ^{\epsilon }_P\) of a periodic \(\textsc {FDFA}\) of \(L\) is of infinite index. Observe that \(ab^k\not \approx ^{\epsilon }_P ab^j\) for any \(k, j\ge 1\) and \(k \ne j\), because \(\epsilon \cdot (ab^k \cdot ab^k)^\omega \in \text {UP}(\mathcal {F})\) and \(\epsilon \cdot (ab^j \cdot ab^k)^\omega \notin \text {UP}(\mathcal {F})\). It follows that \(\approx ^{\epsilon }_P\) is of infinite index. We conclude that \(\text {UP}(\mathcal {F})\) cannot characterize an \(\omega \)-regular language.

We circumvent the above problem by proposing two BAs \(\underline{B}, \overline{B}\), which under- and over-approximate the ultimately periodic words of an \(\textsc {FDFA}\). Given an \(\textsc {FDFA}\) \(\mathcal {F}= (M, \{A^u\})\) with \(M=(\varSigma , Q, q_0, \delta )\) and \(A^u=(\varSigma , Q_u, s_u, \delta _u, F_u)\) for all \(u\in Q\), we define \(M^s_v=(\varSigma , Q, s, \delta , \{v\})\) and \((A^{u})^s_{v}=(\varSigma , Q_u, s, \delta _u, \{v\})\), i.e., the DFA obtained from \(M\) and \(A^{u}\) by setting their initial and accepting states as s and \(\{v\}\), respectively. Define \(N_{(u,v)}=\{v^\omega \mid uv\backsim _{M} u \wedge v\in L((A^{u})^{s_u}_{v})\}\). Then \(\text {UP}(\mathcal {F}) = \bigcup _{u\in Q, v\in F_u} L(M^{q_0}_u)\cdot N_{(u,v)}\).

We construct \(\overline{B}\) and \(\underline{B}\) by approximating the set \(N_{(u,v)}\). For \(\overline{B}\), we first define an FA \(\overline{P}_{(u,v)}=( \varSigma , Q_{u,v}, s_{u,v}, \{f_{u,v}\}, \delta _{u,v})=M^u_u \times (A^{u})^{s_u}_{v}\) and let \(\overline{N}_{(u,v)}=L(\overline{P}_{(u,v)})^\omega \). Then one can construct a BA \(( \varSigma , Q_{u,v}\cup \{f\}, s_{u,v}, \{f\}, \delta _{u,v}\cup \delta _f)\) recognizing \(\overline{N}_{(u,v)}\) where f is a “fresh” state and \(\delta _f=\{(f, \epsilon , s_{u,v}), (f_{u, v}, \epsilon , f)\}\). For \(\underline{B}\), we define an FA \(\underline{P}_{(u,v)}=M^u_u\times (A^{u})^{s_u}_{v}\times (A^{u})^v_{v}\) and let \(\underline{N}_{(u,v)}=L(\underline{P}_{(u,v)})^\omega \). One can construct a BA recognizing \(\underline{N}_{(u,v)}\) using a similar construction to the case of \(\overline{N}_{(u,v)}\). In Definition 4 we show how to construct BAs \(\overline{B}\) and \(\underline{B}\) s.t. \(\text {UP}(L(\overline{B})) = \bigcup _{u\in Q, v\in F_u} L(M^{q_0}_u)\cdot \overline{N}_{(u,v)}\) and \(\text {UP}(L(\underline{B})) = \bigcup _{u\in Q, v\in F_u} L(M^{q_0}_u)\cdot \underline{N}_{(u,v)}\).

Definition 4

Let \(\mathcal {F}=(M, \{A^u\})\) be an \(\textsc {FDFA}\) where \(M= ( \varSigma , Q, q_0, \delta )\) and \(A^{u} = ( \varSigma , Q_{u}, s_{u}, F_u, \delta _{u})\) for every \(u \in Q\). Let \(( \varSigma , Q_{u,v}, s_{u,v}, \{f_{u,v}\}, \delta _{u,v})\) be a BA recognizing \(\underline{N}_{(u,v)}\) (respectively \(\overline{N}_{(u,v)}\)). Then the BA \(\underline{B}\) (respectively \(\overline{B}\)) is defined as the tuple

$$\left( \varSigma , Q\cup \bigcup \limits _{u\in Q, v\in F_u} Q_{u,v}, q_0, \bigcup \limits _{u\in Q, v\in F_u} \{f_{u, v} \}, \delta \cup \bigcup \limits _{u\in Q, v\in F_u} \delta _{u,v}\cup \bigcup \limits _{u\in Q, v\in F_u} \{(u, \epsilon , s_{u,v})\}\right) .$$

Lemma 3

(Sizes and Languages of \(\underline{B}\) and \(\overline{B}\) ). Let \(\mathcal {F}\) be an FDFA and \(\underline{B}\), \(\overline{B}\) be the BAs constructed from \(\mathcal {F}\) by Definition 4. Let n and k be the numbers of states in the leading automaton and the largest progress automaton of \(\mathcal {F}\). The number of states of \(\underline{B}\) and \(\overline{B}\) are in \(\mathcal {O}(n^2k^3)\) and \(\mathcal {O}(n^2k^2)\), respectively. Moreover, \(\text {UP}(L(\underline{B}))\subseteq \text {UP}(\mathcal {F})\subseteq \text {UP}(L(\overline{B}))\) and we have \(\text {UP}(L(\underline{B})) = \text {UP}(\mathcal {F})\) when \(\mathcal {F}\) is a canonical \(\textsc {FDFA}\).

The properties below will be used later in analyzing counterexamples.

Lemma 4

Given an \(\textsc {FDFA}\) \(\mathcal {F}= (M, \{A^u\})\), and \(\underline{B}\) the BA constructed from \(\mathcal {F}\) by Definition 4. If \((u, v^k)\) is accepted by \(\mathcal {F}\) for every \(k\ge 1\), then \(uv^\omega \in \text {UP}(L(\underline{B}))\).

Lemma 5

Given an \(\omega \)-word \(w \in \text {UP}(L(\overline{B}))\), there exists a decomposition (uv) of w and \(n\ge 1\) such that \(v = v_1\cdot v_2\cdots v_n\) and for all \(i \in [1\cdots n]\), \(v_i\in L(A^{M(u)})\) and \(uv_i\backsim _{M} u\).

Figure 5 depicts the BAs \(\overline{B}\) and \(\underline{B}\) constructed from the \(\textsc {FDFA}\) \(\mathcal {F}\) in Fig. 1. In the example, we can see that the \(b^\omega \in \text {UP}(\mathcal {F})\) while \(b^\omega \notin \text {UP}(L(\underline{B}))\).

Fig. 5.
figure 5

NBA \(\overline{B}\) and \(\underline{B}\) for \(\mathcal {F}\) in Fig. 1

Full size image

7 Counterexample Analysis for FDFA Teacher

During the learning procedure, if we failed the equivalence query for the BA B, the BA teacher will return a counterexample \(uv^\omega \) to the FDFA teacher.

Definition 5

(Counterexample for the FDFA Teacher). Given the conjectured BA \(B\in \{\underline{B},\overline{B}\}\), the target language \(L\), we say that

  • \(uv^\omega \) is a positive counterexample if \(uv^\omega \in \text {UP}(L)\) and \(uv^\omega \not \in \text {UP}(L(B))\),

  • \(uv^\omega \) is a negative counterexample if \(uv^\omega \not \in \text {UP}(L)\) and \(uv^\omega \in \text {UP}(L(B))\).

Obviously, the above is different to the counterexample for the FDFA learner in Definition 3. Below we illustrate the necessity of the counterexample analysis by an example.

Example 3

Again, consider the conjectured \(\textsc {FDFA}\) \(\mathcal {F}\) depicted in Fig. 1 for \(L= a^\omega + b^\omega \). Suppose the BA teacher returns a negative counterexample \((ba)^\omega \). In order to remove \((ba)^\omega \in \text {UP}(\mathcal {F})\), one has to find a decomposition of \((ba)^\omega \) that \(\mathcal {F}\) accepts, which is the goal of the counterexample analysis. Not all decompositions of \((ba)^\omega \) are accepted by \(\mathcal {F}\). For instance, (baba) is accepted while (babab) is not.

A positive (respectively negative) counterexample \(uv^\omega \) for the \(\textsc {FDFA}\) teacher is spurious if \(uv^\omega \in \text {UP}(\mathcal {F})\) (respectively \(uv^\omega \not \in \text {UP}(\mathcal {F})\)). Suppose we use the under-approximation method to construct the BA \(\underline{B}\) from \(\mathcal {F}\) depicted in Fig. 5. The BA teacher returns a spurious positive counterexample \(b^\omega \), which is in \(\text {UP}(\mathcal {F})\) but not in \(\text {UP}(L(\underline{B}))\). We show later that in such a case, one can always find a decomposition, in this example (bbb), as the counterexample for the \(\textsc {FDFA}\) learner.

Fig. 6.
figure 6

The Case for Counterexample Analysis

Full size image

Given \(\textsc {FDFA}\) \(\mathcal {F}= (M, \{A^u\})\), in order to analyze the counterexample \(uv^\omega \), we define:

  • an FA \(\mathcal {D}_{u\$v}\) with \(L(\mathcal {D}_{u\$v}) = \{u'\$v' \mid u'\in \varSigma ^*, v'\in \varSigma ^+, uv^\omega = u'v'^\omega \}\),

  • an FA \(\mathcal {D}_1\) with \(L(\mathcal {D}_1) = \{ u \$ v \mid u\in \varSigma ^*, v\in \varSigma ^*, uv\backsim _{M} u, v\in L(A^{M(u)})\}\), and

  • an FA \(\mathcal {D}_2\) with \(L(\mathcal {D}_2) = \{ u \$ v \mid u\in \varSigma ^*, v\in \varSigma ^*, uv\backsim _{M} u, v\notin L(A^{M(u)})\}\).

Here \(\$\) is a letter not in \(\varSigma \). Intuitively, \(\mathcal {D}_{u\$v}\) accepts every possible decomposition \((u', v')\) of \(uv^\omega \), \(\mathcal {D}_1\) recognizes every decomposition \((u', v')\) which is accepted by \(\mathcal {F}\) and \(\mathcal {D}_2\) accepts every decomposition \((u', v')\) which is not accepted by \(\mathcal {F}\) yet \(u'v'\backsim _{M} u'\).

Given a BA \(\underline{B}\) constructed by the under-approximation method to construct a BA \(\underline{B}\) from \(\mathcal {F}\), we have that \(\text {UP}(L(\underline{B})) \subseteq \text {UP}(\mathcal {F})\). Figure 6(a) depicts all possible cases of \(uv^\omega \in \text {UP}(L(\underline{B}))\oplus \text {UP}(L)\).

  • U1: \(uv^\omega \in \text {UP}(L)\wedge uv^\omega \notin \text {UP}(\mathcal {F})\) (square). The word \(uv^\omega \) is a positive counterexample, one has to find a decomposition \((u', v')\) such that \(u'v'\backsim _{M} u'\) and \(u'v'^\omega = uv^\omega \). This can be easily done by taking a word \(u'\$v' \in L(\mathcal {D}_{u\$v})\cap L(\mathcal {D}_2)\).

  • U2: \(uv^\omega \notin \text {UP}(L)\wedge uv^\omega \in \text {UP}(\mathcal {F})\) (circle). The word \(uv^\omega \) is a negative counterexample, one needs to find a decomposition \((u', v')\) of \(uv^\omega \) that is accepted by \(\mathcal {F}\). This can be done by taking a word \(u'\$v' \in L(\mathcal {D}_{u\$v})\cap L(\mathcal {D}_1)\).

  • U3: \(uv^\omega \in \text {UP}(L)\wedge uv^\omega \in \text {UP}(\mathcal {F})\) (triangle). The word \(uv^\omega \) is a spurious positive counterexample. Suppose the decomposition (uv) of \(uv^\omega \) is accepted by \(\mathcal {F}\), according to Lemma 4, there must exist some \(k\ge 1\) such that \((u, v^k)\) is not accepted by \(\mathcal {F}\). Thus, we can also use the same method in U1 to get a counterexample \((u', v')\).

We can also use the over-approximation construction to get a BA \(\overline{B}\) from \(\mathcal {F}\) such that \(\text {UP}(\mathcal {F})\subseteq \text {UP}(L(\overline{B}))\), and all possible cases for a counterexample \(uv^\omega \in \text {UP}(L(\overline{B}))\oplus \text {UP}(L)\) is depicted in Fig. 6(b).

  • O1: \(uv^\omega \in \text {UP}(L)\wedge uv^\omega \notin \text {UP}(\mathcal {F})\) (square). The word \(uv^\omega \) is a positive counterexample that can be dealt with the same method for case U1.

  • O2: \(uv^\omega \notin \text {UP}(L)\wedge uv^\omega \in \text {UP}(\mathcal {F})\) (circle). The word \(uv^\omega \) is a negative counterexample that can be dealt with the same method for case U2.

  • O3: \(uv^\omega \notin \text {UP}(L)\wedge uv^\omega \notin \text {UP}(\mathcal {F})\) (triangle). In this case, \(uv^\omega \) is a spurious negative counterexample. In such a case it is possible that we cannot find a valid decomposition of \(uv^\omega \) to refine \(\mathcal {F}\). By Lemma 5, we can find a decomposition \((u', v')\) of \(uv^\omega \) such that \(v' = v_1v_2\cdots v_n\), \(u'v_i\backsim _{M} u'\), and \(v_i\in L(A^{M(u')})\) for some \(n\ge 1\). It follows that \((u',v_i)\) is accepted by \(\mathcal {F}\). If we find some \(i\in [1\cdots n]\) such that \(u'v_i^\omega \notin \text {UP}(L)\), then we return \((u',v_i)\), otherwise, the algorithm aborts with an error.

Finally, we note that determining whether \(uv^\omega \in \text {UP}(L)\) can be done by posing a membership query \(\mathsf {Mem^{BA}}(uv^\omega )\), and checking whether \(uv^\omega \in \text {UP}(\mathcal {F})\) boils down to checking the emptiness of \(L(\mathcal {D}_{u\$v})\cap L(\mathcal {D}_1)\). The construction for \(\mathcal {D}_{u\$v}\), \(\mathcal {D}_1\), and \(\mathcal {D}_2\), and the correctness proof of counterexample analysis are given in [32].

8 Complexity

We discuss the complexity of tree-based \(\textsc {FDFA}\) learning algorithms in Sect. 5. Let \(\mathcal {F}= (M, \{A^u\})\) be the corresponding periodic \(\textsc {FDFA}\) of the \(\omega \)-regular language \(L\), and let n be the number of states in the leading automaton \(M\) and k be the number of states in the largest progress automaton \(A^u\). We remark that \(\mathcal {F}\) is uniquely defined for \(L\) and the table-based algorithm needs the same amount of equivalence queries as the tree-based one in the worst case. Given a counterexample (uv) returned from the \(\textsc {FDFA}\) teacher, we define its length as \(|u|+|v|\).

Theorem 2

(Query Complexity). Let (uv) be the longest counterexample returned from the \(\textsc {FDFA}\) teacher. The number of equivalence queries needed for the tree-based \(\textsc {FDFA}\) learning algorithm to learn the periodic \(\textsc {FDFA}\) of \(L\) is in \(\mathcal {O}(n + nk)\), while the number of membership queries is in \(\mathcal {O}((n + nk)\cdot (|u| + |v| + (n+k)\cdot |\varSigma |))\).

For the syntactic and recurrent \(\textsc {FDFA}\)s, the number of equivalence queries needed for the tree-based \(\textsc {FDFA}\) learning algorithm is in \(\mathcal {O}(n + n^3k)\), while the number of membership queries is in \(\mathcal {O}((n + n^3k)\cdot (|u| + |v| + (n+nk)\cdot |\varSigma |))\).

The learning of syntactic and recurrent \(\textsc {FDFA}\)s requires more queries since once their leading automata have been modified, they need to redo the learning of all progress automata from scratch.

Theorem 3

(Space Complexity). For all tree-based algorithms, the space required to learn the leading automaton is in \(\mathcal {O}(n)\). For learning periodic \(\textsc {FDFA}\), the space required for each progress automaton is in \(\mathcal {O}(k)\), while for syntactic and recurrent \(\textsc {FDFA}\)s, the space required is in \(\mathcal {O}(nk)\). For all table-based algorithms, the space required to learn the leading automaton is in \(\mathcal {O}((n+n \cdot \ |\varSigma |) \cdot n)\). For learning periodic \(\textsc {FDFA}\), the space required for each progress automaton is in \(\mathcal {O}((k+k \cdot \ |\varSigma |) \cdot k)\), while for syntactic and recurrent \(\textsc {FDFA}\)s, the space required is in \(\mathcal {O}((nk+nk \cdot \ |\varSigma |) \cdot nk)\).

Theorem 4

(Correctness and Termination). The BA learning algorithm based on the under-approximation method always terminates and returns a BA recognizing the unknown \(\omega \)-regular language \(L\) in polynomial time. If the BA learning algorithm based on the over-approximation method terminates without reporting an error, it returns a BA recognizing \(L\).

Given a canonical \(\textsc {FDFA}\) \(\mathcal {F}\), the under-approximation method produces a BA \(\underline{B}\) such that \(\text {UP}(\mathcal {F}) = \text {UP}(L(\underline{B}))\), thus in the worst case, \(\textsc {FDFA}\) learner learns a canonical \(\textsc {FDFA}\) and terminates. In practice, the algorithm very often finds a BA recognizing \(L\) before converging to a canonical \(\textsc {FDFA}\).

9 Experimental Results

The \(\textsf {ROLL}\) library (http://iscasmc.ios.ac.cn/roll) is implemented in JAVA. The DFA operations in \(\textsf {ROLL}\) are delegated to the dk.brics.automaton package, and we use the RABIT tool [2, 3] to check the equivalence of two BAs. We evaluate the performance of \(\textsf {ROLL}\) using the smallest BAs corresponding to all the 295 LTL specifications available in BüchiStore [38], where the numbers of states in the BAs range over 1 to 17 and transitions range over 0 to 123. The machine we used for the experiments is a 2.5 GHz Intel Core i7-6500 with 4 GB RAM. We set the timeout period to 30 min.

Table 1. Overall experimental results. We show the results of 285 cases where all algorithms can finish the BA learning within the timeout period and list the number of cases cannot be solved (#Unsolved). The mark \(n^*/m\) denotes that there are n cases terminate with an error (in the over-approximation method) and it ran out of time for \(m-n\) cases. The rows #St., #Tr., #MQ, and #EQ, are the numbers of states, transitions, membership queries, and equivalence queries. \(\text {Time}_{eq}\) is the time spent in answering equivalence queries and \(\text {Time}_{total}\) is the total execution time.
Full size table

The overall experimental results are given in Table 1. In this section, we use \(L^\$\) to denote the \(\omega \)-regular learning algorithm in [20], and \(L^{\textsf {Periodic}}\), \(L^{\textsf {Syntactic}}\), and \(L^{\textsf {Recurrent}}\) to represent the periodic, syntactic, and recurrent \(\textsc {FDFA}\) learning algorithm introduced in Sects. 4 and 5. From the table, we can find the following facts: (1) The BAs learned from \(L^\$\) have more states but fewer transitions than their \(\textsc {FDFA}\) based counterpart. (2) \(L^{\textsf {Periodic}}\) uses fewer membership queries comparing to \(L^{\textsf {Syntactic}}\) and \(L^{\textsf {Recurrent}}\). The reason is that \(L^{\textsf {Syntactic}}\) and \(L^{\textsf {Recurrent}}\) need to restart the learning of all progress automata from scratch when the leading automaton has been modified. (3) Tree-based algorithms always solve more learning tasks than their table-based counterpart. In particular, the tree-based \(L^{\textsf {Syntactic}}\) with the under-approximation method solves all 295 learning tasks.

Fig. 7.
figure 7

Growth of state counts in BA.

Full size image

In the experiment, we observe that table-based \(L^\$\) has 4 cases cannot be finished within the timeout period, which is the largest number amount all learning algorithmsFootnote 2. We found that for these 4 cases, the average time required for \(L^\$\) to get an equivalence query result is much longer than the \(\textsc {FDFA}\) algorithms. Under scrutiny, we found that the growth rate of the size (number of states) of the conjectured BAs generated by table-based \(L^\$\) is much faster than that of table-based \(\textsc {FDFA}\) learning algorithms. In Fig. 7, we illustrate the growth rate of the size (number of states) of the BAs generated by each table-based learning algorithm using one learning task that cannot be solved by \(L^\$\) within the timeout period. The figures of the other three learning tasks show the same trend and hence are omitted. Another interesting observation is that the sizes of BAs generated by \(L^{\textsf {Syntactic}}\) can decrease in some iteration because the leading automaton is refined and thus the algorithms have to redo the learning of all progress automata from scratch.

It is a bit surprise to us that, in our experiment, the size of BAs \(\overline{B}\) produced by the over-approximation method is not much smaller than the BAs \(\underline{B}\) produced by the under-approximation method. Recall that the progress automata of \(\overline{B}\) comes from the product of three DFAs \(M^u_u\times (A^{u})^{s_u}_{v}\times (A^{u})^v_{v}\) while those for \(\underline{B}\) comes from the product of only two DFAs \(M^u_u\times (A^{u})^{s_u}_{v}\) (Sect. 6). We found the reason is that very often the language of the product of three DFAs is equivalent to the language of the product of two DFAs, thus we get the same DFA after applying DFA minimizations. Nevertheless, the over-approximation method is still helpful for \(L^{\textsf {Periodic}}\) and \(L^{\textsf {Recurrent}}\). For \(L^{\textsf {Periodic}}\), the over-approximation method solved more learning tasks than the under-approximation method. For \(L^{\textsf {Recurrent}}\), the over-approximation method solved one tough learning task that is not solved by the under-approximation method.

As we mentioned at the end of Sect. 5.2, a possible optimization is to reuse the counterexample and to avoid equivalence query as much as possible. The optimization helps the learning algorithms to solve nine more cases that were not solved before.

10 Discussion and Future Works

Regarding our experiments, the BAs from LTL specifications are in general simple; the average sizes of the learned BAs are around 10 states. From our experience of applying DFA learning algorithms, the performance of tree-based algorithm is significantly better than the table-based one when the number of states of the learned DFA is large, say more than 1000. We believe this will also apply to the case of BA learning. Nevertheless, in our current experiments, most of the time is spent in answering equivalence queries. One possible direction to improve the scale of the experiment is to use a PAC (probably approximately correct) BA teacher [8] instead of an exact one, so the equivalence queries can be answered faster because the BA equivalence testing will be replaced with a bunch of BA membership testings.

There are several avenues for future works. We believe the algorithm and library of learning BAs should be an interesting tool for the community because it enables the possibility of many applications. For the next step, we will investigate the possibility of applying BA learning to the problem of reactive system synthesis, which is known to be a very difficult problem and learning-based approach has not been tried yet.