Proof Systems for the Modal \(\mu \)-Calculus Obtained by Determinizing Automata

Abstract

Automata operating on infinite objects feature prominently in the theory of the modal \(\mu \)-calculus. One such application concerns the tableau games introduced by Niwiński & Walukiewicz, of which the winning condition for infinite plays can be naturally checked by a nondeterministic parity stream automaton. Inspired by work of Jungteerapanich and Stirling we show how determinization constructions of this automaton may be used to directly obtain proof systems for the \(\mu \)-calculus. More concretely, we introduce a binary tree construction for determinizing nondeterministic parity stream automata. Using this construction we define the annotated cyclic proof system \(\textsf{BT}\), where formulas are annotated by tuples of binary strings. Soundness and Completeness of this system follow almost immediately from the correctness of the determinization method.

1 Introduction

The Modal \(\mu \)-calculus. The modal \(\mu \)-calculus is a natural extension of basic modal logic with explicit least and greatest fixpoint operators. Allowing the formulation of various recursive phenomena, this extension raises the expressive power of the language (at least when it comes to bisimulation-invariant properties of transition systems) to that of monadic second-order logic [12]. The \(\mu \)-calculus is generally regarded as a universal specification language, since it embeds most other logics that are used for this purpose, such as LTL, CTL, CTL\(^*\) and PDL. Despite its expressive power the \(\mu \)-calculus has still reasonable computational properties; its model checking problem is in quasi-polynomial time [4] and its satisfiability problem is exptime-complete [7]. Another interesting feature of the theory of the modal \(\mu \)-calculus lies in its connections with other fields, in particular the theory of finite automata operating on infinite objects, and that of infinite games.

Derivation Systems. Given the importance of the modal \(\mu \)-calculus, there is a natural interest in the development and study of derivation systems for its validities. And indeed, already in [15] Kozen proposed an axiomatization. Despite the naturality of this axiom system, he only established a partial completeness result, and it took a substantial amount of time before Walukiewicz [25] managed to prove soundness and completeness for the full language.

Kozen’s axiomatization amounts to a Hilbert-style derivation system, making it less attractive for proof search. If one is interested in a cut-free system, a good starting point is the two-player tableau-style game introduced by Niwiński & Walukiewicz [19]. Here we will present their system in the shape of a derivation system \(\textsf{NW} \) (this change of perspective can be justified by identifying winning strategies for one of the players in the game with \(\textsf{NW} \)-proofs). \(\textsf{NW} \) is a one-sided sequent system which allows for infinite proofs: although its proof rules are completely standard (and finitary), due to the unfolding rules for the fixpoint operators, derivations may have infinite branches. A crucial aspect of the \(\textsf{NW} \)-system is that one has to keep track of the traces of individual formulas along the infinite branches. A derivation will only count as a proper proof if each of its infinite branches is successful, in the sense that it carries a so-called \(\nu \)-trace: a trace which is dominated by a greatest fixpoint operator.

This condition is easy to formulate but not so nice to work with. One could describe the subsequent developments in the proof theory for the modal \(\mu \)-calculus as a series of modifications of the system \(\textsf{NW} \) which aim to get a grip on the complexities and intricacies of the above-mentioned traces, and in particular, to use the resulting “trace management” for the introduction of finitary, cyclic proof systems. Landmark results were obtained by Jungteerapanich [13] and Stirling [23], who introduced cyclic proof systems for the \(\mu \)-calculus, two calculi that we will identify here under the name \(\textsf{JS} \).

Automata and Derivation Systems. Applications of automata theory are ubiquitous in the theory of the modal \(\mu \)-calculus, and the area of proof theory is no exception. In particular, Niwiński & Walukiewicz [19] observed that infinite matches of their game, corresponding to infinite branches in an \(\textsf{NW} \)-derivation, can be seen as infinite words or streams over some finite alphabet. It follows that stream automata (automata operating on infinite words) can be used to determine whether such a match/branch carries a \(\nu \)-trace. Niwiński & Walukiewicz used this perspective to link their results to the exponential-time complexity of the satisfiability problem for the \(\mu \)-calculus.

A key contribution of Jungteerapanich and Stirling [13, 23] was to bring automata inside the proof system. The basic idea would be to decorate each sequent in a derivation with a state of the stream automaton which recognizes whether an infinite branch is successful or not; starting from the root, the successive states decorating the sequents on a given branch simply correspond to a run of the automaton on this branch. For this idea to work one needs the stream automaton to be deterministic. To see this, observe that two successful but distinct branches in a derivation would generally require two distinct runs, and in the case of a nondeterministic automaton, these two runs might already diverge before the two branches split.

Interestingly, there is a natural stream automaton recognizing the successful branches of an \(\textsf{NW} \)-derivation: One may simply take the states of such an automaton to be the formulas in the (Fischer-Ladner) closure of the root sequent. But given the nondeterministic format of this automaton, before it can be used in a proof system, we need to transform it into an equivalent deterministic one. This explains the relevance of constructions for determinizing stream automata to the proof theory of the modal \(\mu \)-calculus.

Determinization of Stream Automata. Using the ideas we just sketched, one may obtain sound and complete derivation systems for the modal \(\mu \)-calculus in an easy way. For any deterministic automaton \(\mathbb {A}\) that recognizes the successful branches in \(\textsf{NW} \)-derivations, one could simply introduce new-style sequents consisting of an \(\textsf{NW} \)-sequent decorated with a state of \(\mathbb {A}\), and adapt the proof rules of \(\textsf{NW} \) incorporating the transition map of \(\mathbb {A}\). This could be done in such a way that the stream of decorations of an infinite branch corresponds to the run of \(\mathbb {A}\) on the stream of sequents of the same branch. The trace condition of \(\textsf{NW} \)-derivations could then be replaced by the acceptance condition of \(\mathbb {A}\) (which is generally much simpler, since it does not refer to traces).

More interesting is to use specific determinization constructions, in order to design more attractive proof systems or to prove results about the derivation system (and thus, potentially, about the \(\mu \)-calculus). In particular, some determinization constructions are based on a power construction, meaning that the states of the deterministic automaton consist of macrostates (subsets of the nondeterministic original) with some additional structure. Such constructions allow for proof calculi where this additional structure is incorporated into the sequents. For instance, the derivation system \(\textsf{JS} \) is based on the well-known Safra construction [20], in which the states of the deterministic automaton consist of macrostates of the original automaton that are organised by means of so-called Safra trees. Concretely, the (augmented) sequents in \(\textsf{JS} \) consist of a set of annotated formulas, with the annotations indicating the position of the formula in the Safra tree and a so-called control which provides additional information on the Safra tree.

Our Contribution. Our overall goal is to explicitize the role of automata theory in the design of derivation systems for the modal \(\mu \)-calculus (and other fixpoint logics). Our point is that distinct determinization constructions lead to distinct sequent system, and that we may look for alternatives to the Safra construction. Concretely the contribution of this paper is threefold:

1. 1.

   We provide a new determinization construction for both Büchi and parity stream automata which is based on binary trees. Our construction is similar to constructions related to so-called profile trees [8, 16].

2. 2.

   We apply our construction to obtain a new derivation system \(\textsf{BT} \) for the modal \(\mu \)-calculus. While our system is similar in spirit to the system \(\textsf{JS} \), a key difference is that our sequents consist of annotated formulas, and nothing else.

3. 3.

   We establish the soundness and completeness of \(\textsf{BT} \). A distinguishing feature of our approach is that (up to some optimizations) this result is a direct consequence of the soundness and completeness of \(\textsf{NW} \) and the adequacy of our determinization construction.

Related Work. There is an extensive literature on applications of automata theory in the theory of the modal \(\mu \)-calculus, among others [6, 11, 12, 26]. Jungteerapanich and Stirling [13, 23] were the first to obtain an annotated proof system inspired by the determinization of automata. The proof system \(\textsf{Focus}\) for the alternation-free \(\mu \)-calculus designed by Marti & Venema [18] originates with a rather simple determinization construction for so-called weak automata. In [17], Leigh & Wehr also take a rather general approach towards the use of determinization constructions in the design of derivation systems, but they confine attention to the Safra construction.

Overview of Paper. In the next section we provide the necessary background material on binary trees, on \(\omega \)-automata, on the modal \(\mu \)-calculus and the proof system \(\textsf{NW}\); doing so we fix our notation. In Sect. 3 we introduce a new determinization method for nondeterministic Büchi and parity automata. We will use this construction to prove the soundness and completeness of the proof system \(\textsf{BT}\), which we introduce in Sect. 4. All missing proofs can be found in the extended version of this paper [5].

2 Preliminaries

Binary Trees. We let \(2^*\) denote the set of binary strings; we write < for the lexicographical order of \(2^{*}\), and \(\sqsubseteq \) for the (initial) substring relation given by \(s \sqsubseteq t\) if \(sr = t\) for some r. Substitution for binary strings is defined in the following way: Let \(s,t,\tilde{s},r \in 2^*\) be such that \(s = t \tilde{s}\), then \(s[t \backslash r ]\) denotes the binary string \(r \tilde{s}\). A binary tree is a finite set of binary strings \(T \subseteq 2^*\) such that \(s0 \in T \Rightarrow s \in T\) and \(s0 \in T \Leftrightarrow s1 \in T\). Here we let \(\textrm{leaves}(T) = \{s \in T ~|~s0 \notin T\}\) denote its set of leaves, and \(\textrm{minL}(T)\) its minimal leaf of T, i.e. the unique leaf of the form \(0\cdots 0\). A set of binary strings L is a set of leaves of a binary trees if for all \(s\ne t \in L\) we have \(s \not \sqsubseteq t\) and \(\textrm{tree}(L) = \{s \in 2^* ~|~ \exists t \in L: s \sqsubseteq t \}\) is a binary tree.

Stream Automata. A non-deterministic automaton over a finite alphabet \(\varSigma \) is a quadruple \(\mathbb {A}= \langle A, \varDelta , a_I,\textrm{Acc}\rangle \), where A is a finite set, \(\varDelta : A \times \varSigma \rightarrow \mathcal {P}(A)\) is the transition function of \(\mathbb {A}\), \(a_I \in A\) its initial state and \(\textrm{Acc} \subseteq A^{\omega }\) its acceptance condition. An automaton is called deterministic if \(|\varDelta (a,y)| = 1\) for all pairs \((a,y) \in A \times \varSigma \). A run of an automaton \(\mathbb {A}\) on a stream \(w=y_0y_1y_2... \in \varSigma ^{\omega }\) is a stream \(a_0a_1a_2... \in A^{\omega }\) such that \(a_0 = a_I\) and \(a_{i+1} \in \varDelta (a_i,y_i)\) for all \(i \in \omega \). A stream w is accepted by \(\mathbb {A}\) if there is a run of \(\mathbb {A}\) on w, which is in \(\textrm{Acc}\); we define \(\mathcal {L}(\mathbb {A})\) to be the set of all accepting streams of \(\mathbb {A}\).

The acceptance condition can be given in different ways: A Büchi condition is given as a subset \(F \subseteq A\). The corresponding acceptance condition is the set of runs, which contain infinitely many states in F. A parity condition is given as a map \(\varOmega : A \rightarrow \omega \). The corresponding acceptance condition is the set of runs \(\alpha \) such that \(\min \{\varOmega (a) ~|~ a \text { occurs infinitely often in } \alpha \}\) is even. A Rabin condition is given as a set \(R = ((G_i,B_i))_{i \in I}\) of pairs of subsets of A. The corresponding acceptance condition is the set of runs \(\alpha \) for which there exists \(i \in I\) such that \(\alpha \) contains infinitely many states in \(G_i\) and finitely many in \(B_i\). Automata with these acceptance conditions are called Büchi, parity and Rabin automata, respectively.

Modal \(\mu \)-calculus: Syntax. The set \(\mathcal {L}_{\mu }\) of formulas of the modal \(\mu \)-calculus is generated by the grammar

$$ \varphi \;::=\;p \;\mid \;\overline{p} \;\mid \;\bot \;\mid \;\top \;\mid \;(\varphi \vee \varphi ) \;\mid \;(\varphi \wedge \varphi ) \;\mid \;\Diamond \varphi \;\mid \;\Box \varphi \;\mid \;\mu x . \varphi \;\mid \;\nu x . \varphi , $$

where p and x are taken from a fixed set \(\textsf{Prop}\) of propositional variables and in formulas of the form \(\mu x. \varphi \) and \(\nu x. \varphi \) there are no occurrences of \(\overline{x}\) in \(\varphi \).

Formulas of the form \(\mu x . \varphi \) (\(\nu x . \varphi \)) are called \(\mu \)-formulas (\(\nu \)-formulas, respectively); formulas of either kind are called fixpoint formulas. We write \(\eta , \lambda \in \{\mu ,\nu \}\) to denote an arbitrary fixpoint operator. We use standard terminology and notation for the binding of variables by the fixpoint operators and for substitutions, and make sure only to apply substitution in situations where no variable capture will occur. An important use of the substitution operation concerns the unfolding \(\chi [\xi /x]\) of a fixpoint formula \(\xi = \eta x . \chi \).

Given two formulas \(\varphi ,\psi \in \mathcal {L}_{\mu }\) we write \(\varphi \rightarrow _{C}\psi \) if \(\psi \) is either a direct boolean or modal subformula of \(\varphi \), or else \(\varphi \) is a fixpoint formula and \(\psi \) is its unfolding. The closure \(\textsf{Clos}(\varPhi ) \subseteq \mathcal {L}_{\mu }\) of \(\varPhi \subseteq \mathcal {L}_{\mu }\) is the least superset of \(\varPhi \) that is closed under this relation. It is well known that \(\textsf{Clos}(\varPhi )\) is finite iff \(\varPhi \) is finite. A trace is a sequence \((\varphi _{n})_{n<\kappa }\), with \(\kappa \le \omega \), such that \(\varphi _{n} \rightarrow _{C}\varphi _{n+1}\), for all \(n + 1 < \kappa \).

We define a dependence order on the fixpoint formulas occurring in \(\varPhi \), written \(\textsf{Fix}(\varPhi )\), by setting \(\eta x. \varphi <_{\varPhi } \lambda y. \psi \) (where smaller in \(<_{\varPhi }\) means being of higher priority) if \(\textsf{Clos}(\eta x.\varphi ) = \textsf{Clos}(\lambda y.\psi )\) and \(\eta x.\varphi \) is a subformula of \(\lambda y.\psi \). One may define a parity function \(\varOmega : \textsf{Fix}(\varPhi ) \rightarrow \omega \), which respects this order (i.e., \(\varOmega (\eta x. \varphi )<\varOmega (\lambda y. \psi )\) if \(\eta x. \varphi <_{\varPhi } \lambda y \psi \)) and satisfies \(\varOmega (\eta x. \varphi )\) is even iff \(\eta = \nu \). Let \(\max _\varOmega (\varPhi ) = \max \{\varOmega (\nu x. \varphi )~|~\nu x. \varphi \in \textsf{Fix}(\varPhi )\}\).

It is well known that any infinite trace \(\tau = (\varphi _{n})_{n<\kappa }\) features a unique formula \(\varphi \) that occurs infinitely often on \(\tau \) and is a subformula of \(\varphi _{n}\) for cofinitely many n. This formula is always a fixpoint formula, and where it is of the form \(\eta x.\psi \) we call \(\tau \) an \(\eta \)-trace.

Since the semantics of the modal \(\mu \)-calculus only plays an indirect role in our paper, we refrain from giving the definition.

Non-wellfounded Proofs. A sequent \(\varGamma \) is a finite set of \(\mu \)-calculus formulas, possibly with additional structure such as annotations. Rules have the following form, possibly with additional side conditions:

A rule R, where \(n=0\), is called an axiom. The rules \(\textsf{D}^{\textsf{x}}\) are called discharge rules. Each discharge rule is marked by a unique discharge token taken from a fixed infinite set \(\mathcal {D}= \{\textsf{x},\textsf{y},...\}\).

Definition 1

A derivation system \(\mathcal {P}\) is a set of rules. A \(\mathcal {P}\) derivation \(\pi = (T,P,\textsf{S},\textsf{R}, \textsf{f})\) is a quintuple such that (T, P) is a, possibly infinite, tree with nodes T and parent relation P; \(\textsf{S}\) is a function that maps every node \(u \in T\) to a non-empty sequent \(\varSigma _u\); \(\textsf{R}\) is a function that maps every node \(u \in T\) to its label \(\textsf{R}(u)\), which is either (i) the name of a rule in \(\mathcal {P}\) or (ii) a discharge token; and \(\textsf{f}\) is a partial function that maps some nodes \(u \in T\) to its principal formula \(\textsf{f}(u) \in \textsf{S}(u)\). If a specific formula \(\varphi \) in the conclusion of a rule is designated, then \(\textsf{f}(u) = \varphi \) and otherwise \(\textsf{f}(u)\) is undefined. To qualify as a derivation, such a quintuple is required to satisfy the following conditions:

1. 1.

   If a node is labeled with the name of a rule then it has as many children as the rule has premises, and the annotated sequents at the node and its children match the specification of the rules.

2. 2.

   If a node is labeled with a discharge token then it is a leaf. For every leaf l that is labeled with a discharge token \(\textsf{x}\in \mathcal {D}\) there is exactly one node \(u \in T\) that is labeled with \(\textsf{D}^{\textsf{x}}\). This node u and its child are proper ancestors of l. In this situation we call l a discharged leaf, and u its companion; we write c for the function that maps a discharged leaf l to its companion c(l) and write p(l) for the path in T from c(l) to l.

A derivation \(\pi ' = (T',P',\textsf{S}',\textsf{R}', \textsf{f}')\) is a subderivation of \(\pi = (T,P,\textsf{S},\textsf{R}, \textsf{f})\) if \((T',P')\) is a subtree of (T, P) and \(\textsf{S}',\textsf{R}', \textsf{f}'\) and \(\textsf{S},\textsf{R}, \textsf{f}\) are equal on \((T',P')\). A derivation \(\pi \) is called regular if it has finitely many distinct subderivations.

Definition 2

Let \(\pi = (T,P,\textsf{S},\textsf{R}, \textsf{f})\) be a derivation. We define two graphs we are interested in: (i) The usual proof tree \(\mathcal {T}_\pi = (T,P)\) and (ii) the proof tree with back edges \(\mathcal {T}_\pi ^C = (T,P^C)\), where \(P^C = P \cup \{(l,c(l))\mid l \text { is a discharged leaf}\}\) is the parent relation plus back-edges for every discharged leaf.

A strongly connected subgraph in \(\mathcal {T}_\pi ^C\) is a set S of nodes, such that for every \(u,v \in S\) there is a \(P^{C}\)-path from u to v.

The \(\textsf{NW}\) Proof System. The rules of the derivation system \(\textsf{NW}\), which is directly based on the tableau games introduced by Niwiński & Walukiewicz [19], are given in Fig. 1.

Fig. 1.

Rules of \(\textsf{NW}\)

In order to decide whether an \(\textsf{NW}\) derivation qualifies as a proper proof, one has to keep track of the development of individual formulas along infinite branches of the proofs.

Definition 3

Let \(\varGamma ,\varGamma '\) be sequents, \(\xi \) be a formula such that \(\varGamma \) is the conclusion and \(\varGamma '\) is a premise of a rule in Fig. 1 with principal formula \(\xi \). We define the active and passive trail relation \(\textsf{A}_{\varGamma ,\xi ,\varGamma '}, \textsf{P}_{\varGamma ,\xi ,\varGamma '} \subseteq \varGamma \times \varGamma '\). Both relations are defined via a case distinction on \(\xi \):

Case \(\xi = \Box \varphi \): Then \(\varGamma = \Box \varphi , \Diamond \varLambda , \varDelta \) and \(\varGamma ' = \varphi , \varLambda \). We define \(\textsf{A}_{\varGamma ,\xi ,\varGamma '}, = \{(\Box \varphi ,\varphi )\} \cup \{(\Diamond \chi , \chi ) \mid \chi \in \varLambda \}\) and \(\textsf{P}_{\varGamma ,\xi ,\varGamma '} = \varnothing \).

Case \(\xi = \varphi \vee \psi \): Then \(\varGamma = \varphi \vee \psi , \varLambda \) and \(\varGamma ' = \varphi ,\psi , \varLambda \). We define \(\textsf{A}_{\varGamma ,\xi ,\varGamma '} = \{(\varphi \vee \psi ,\varphi ),(\varphi \vee \psi ,\psi )\}\) and \(\textsf{P}_{\varGamma ,\xi ,\varGamma '} = \{(\chi ,\chi ) \mid \chi \in \varLambda \}\).

The relations for the remaining rules are defined analogously.

The trail relation \(\textsf{T}_{\varGamma ,\xi ,\varGamma '}\subseteq \varGamma \times \varGamma '\) is defined as \(\textsf{A}_{\varGamma ,\xi ,\varGamma '} \cup \textsf{P}_{\varGamma ,\xi ,\varGamma '}\). Finally, for nodes u, v in an \(\textsf{NW}\) proof \(\pi \), such that P(u, v), we define \(\textsf{T}_{u,v} = \textsf{T}_{\textsf{S}(u),\textsf{f}(u),\textsf{S}(v)}\)

Note that for any two nodes u, v with P(u, v) and \((\varphi ,\psi ) \in \textsf{T}_{u,v}\), we have either \((\varphi ,\psi ) \in \textsf{A}_{{u,v}}\) and \(\varphi \rightarrow _{C}\psi \), or else \((\varphi ,\psi ) \in \textsf{P}_{{u,v}}\) and \(\varphi = \psi \). The idea is that \(\textsf{A}\) connects the active formulas in the premise and conclusion, whereas \(\textsf{P}\) connects the side formulas.

Definition 4

Let \(\pi = (T,P,\textsf{S},\textsf{R}, \textsf{f})\) be an \(\textsf{NW}\) derivation. A branch of \(\pi \) is simply a (finite or infinite) branch of the underlying tree (T, P) of \(\pi \). A trail on a branch \(\alpha = (v_{n})_{n<\kappa }\) is a sequence \(\tau = (\varphi _{n})_{n<\kappa }\) of formulas such that \((\varphi _{i},\varphi _{i+1}) \in \textsf{T}_{v_i,v_{i+1}}\), whenever \(i+1 < \kappa \). We obtain the tightening \(\widehat{\tau }\) of such a \(\tau \) by erasing all \(\varphi _{i+1}\) from \(\tau \) for which \((\varphi _{i},\varphi _{i+1})\) belongs to the passive trail relation \(\textsf{P}_{v_{i},v_{i+1}}\). We call \(\tau \) a \(\nu \)-trail if its tightening \(\widehat{\tau }\) is a \(\nu \)-trace (and so, in particular, it is infinite).

Definition 5

An \(\textsf{NW}\) proof \(\pi \) is an \(\textsf{NW}\) derivation such that on every infinite branch of \(\pi \) there is a \(\nu \)-trail. We write \(\textsf{NW} \vdash \varGamma \) if there is an \(\textsf{NW}\) proof of \(\varGamma \), i.e., an \(\textsf{NW}\) proof, where \(\varGamma \) is the sequent at the root of the proof.

Soundness and Completeness of \(\textsf{NW}\) for guarded formulas, (i.e., where in every subformula \(\eta x . \psi \) all free occurrences of x in \(\psi \) are in the scope of a modality) follows from the results by Niwiński & Walukiewicz [19]. As pointed out in [2], it follows from [24] and [10] that the result in fact holds for arbitrary formulas. By Theorem 6.3 in [19], \(\textsf{NW}\)-proofs can be assumed to be regular, and this observation applies to unguarded formulas as well.

Theorem 1 (Soundness & Completeness)

Let \(\varGamma \) be a sequent, then \(\bigvee \varGamma \) is valid iff \(\textsf{NW} \vdash \varGamma \) iff \(\varGamma \) has a regular \(\textsf{NW}\)-proof.

3 Determinization of Automata with Binary Trees

3.1 Büchi automata

Let \(\varSigma \) be an alphabet and \(\mathbb {B}= \langle B, {\varDelta }, b_I, F \rangle \) a nondeterministic Büchi automaton over \(\varSigma \). We want to present an equivalent deterministic Rabin automaton.

The run tree of \(\mathbb {B}\) on a word \(w = (w_i)_{i \in \omega }\) is a pair \(\textsf{R}= (R,l)\), where R is the full infinite binary tree and l labels every node s with \(B_s \subseteq B\), such that \(l(\epsilon ) = \{b_I\}\) and for \(|s| = i\): \(l(s1) = \varDelta (B_s,w_i) \cap F\) and \(l(s0) = \varDelta (B_s,w_i) \cap \overline{F}\), where we define \(\varDelta (B_s,y) = \bigcup _{b\in B_s} \varDelta (b,y)\). It describes all possible runs of \(\mathbb {B}\) on w, using the 1 s to keep track of visited states in F.

The profile tree, introduced in [9], is a pruned version of the run tree, where 1) at each level all but the (lexicographically) greatest occurrence of a state b are removed and 2) nodes labelled by the empty set are deleted. This results in a tree of bounded width, where every node has 0,1 or 2 children. It can be proved that \(\mathbb {B}\) accepts a stream w iff the corresponding profile tree has a branch with infinitely many 1 s.

In [8] a determinization method was defined, where macrostates encode levels of the profile tree. In our approach macrostates encode a compressed version of the whole profile tree up to some level: Nodes u, v are identified (iteratively), if v is the unique child of u. This results in finite binary trees, where leaves are labelled by subsets of B. In every step of the transition function we add one level of the run tree and then prune and compress the tree to obtain a binary tree again. Whenever a 1 is compressed (in the sense of a node being identified with its right child) we know that a state in F has been visited and mark the node green. A run of the deterministic automaton is accepted if there is a node, which never gets removed and is marked green infinitely often. Figure 2 contains an example of this determinization construction.

Fig. 2.

A nondeterministic Büchi automaton \(\mathbb {B}\) on the left and its determinization \(\mathbb {B}^D\) on the right. The diagram in the middle shows the internal structure of the macrostates \(m_0\), \(m_1\), \(m_2\) and \(m_3\) of \(\mathbb {B}^D\). Binary trees are represented in the obvious way (i.e., the root is the string \(\epsilon \), and for every node the left child appends 0 and the right child appends 1). The transitions of \(\mathbb {B}^D\) are split in two parts: In the first part one level of the run tree is added, corresponding to the steps 1 and 2 in the definition of the transition function. In the second part (the dashed arrows) the tree is pruned and compressed, corresponding to the steps 3 and 4. The acceptance condition of \(\mathbb {B}^D\) is such that the word \(a^\omega \) is accepted by \(\mathbb {B}^D\) because the string \(\epsilon \) is always in play, marked green infinitely often and never red.

Formally we define the deterministic Rabin automaton \(\mathbb {B}^D = \langle B^D, \delta , b'_I, R \rangle \) as follows: An element S in the carrier \(B^D\) of \(\mathbb {B}^D\) is called a macrostate and consists of

• a subset \(B_S\) of B,

• a map \(f: B_S \rightarrow 2^*\), such that¹ \(\textrm{ran}(f)\) is a set of leaves of a binary tree and

• a colouring map \(c: \textrm{tree}(\textrm{ran}(f)) \rightarrow \{\textrm{green}, \textrm{red}, \textrm{white} \}\).

We define \(T^S\) to be the binary tree \(\textrm{tree}(\textrm{ran}(f))\), that has \(\textrm{ran}(f)\) as its leaves and say that a binary string s is in play if \(s \in T^S\). If it is clear from the context we occasionally abbreviate \(T^S\) by T. We will sometimes denote a macrostate by a set of pairs (b, s), usually written as \(b^s\), where \(b \in B_S\) and \(s = f(b)\) and deal with the colouring c implicitly.

The initial macrostate \(b'_I\) consists of the singleton \(\{b_I^{\epsilon }\}\), where \(c(\epsilon ) = \textrm{white} \). To define the transition function \(\delta \) let S be in \(B^D\) and \(y \in \varSigma \). We define \(\delta (S,y)= S'\), where starting from the empty set we build up \(S'\) in the following steps:

1. 1.

   Move: For every \(a^{s} \in S\) and \(b \in \varDelta (a,y)\), add \(b^{s}\) to \(S'\).

2. 2.

   Append: For every \(a^s \in S'\), where \(a \notin F\), change \(a^s\) to \(a^{s0}\). For every \(a^s \in S'\), where \(a \in F\), change \(a^s\) to \(a^{s1}\).

3. 3.

   Resolve: If \(a^{s}\) and \(a^{t}\) are in \(S'\), where \(s<t\), delete \(a^{s}\).

4. 4.

   Compress/Colour: Let \(c(t) = \textrm{white} \) for every \(t \in T^{S'}\). Now we compress and colour T in the following way, until there exists no witness \(t \in T\), such that (a) or (b) is applicable:²

   1. (a)

      For any \(t \in T\), such that \(t0 \in T\) and \(t1 \notin T\), change every \(a^s \in S'\), where \(t0 \sqsubseteq s\), to \(a^{s[t0 \backslash t ]}\). For any \(s \in T\), where \(t \sqsubset s\), let \(c(s) = \textrm{red} \).

   2. (b)

      For any \(t \in T\), such that \(t0 \notin T\) and \(t1 \in T\), change every \(a^s \in S'\), where \(t1 \sqsubseteq s\), to \(a^{s[t1 \backslash t ]}\). For any \(s \in T\) such that \(t = s0\cdots 0\), let \(c(s) = \textrm{green} \), if \(c(s) \ne \textrm{red} \). In particular let \(c(t) = \textrm{green} \) if \(c(t) \ne \textrm{red} \). For any \(s \in T\), where \(t \sqsubset s\), let \(c(s) = \textrm{red} \).

We define \(B^{D}\) as the set of macrostates that can be reached from \(b'_{I}\) in this way.

A run of \(\mathbb {B}^D\) is accepting if there is a binary string s, which is in play cofinitely often such that c(s) is \(\textrm{green} \) infinitely often and \(\textrm{red} \) only finitely often.

Theorem 2

\(\mathbb {B}\) accepts a word w iff \(\mathbb {B}^D\) accepts w.

Remark 1

For a Büchi automaton of n states, our construction yields a deterministic automaton \(\mathbb {B}^D\) with \(n^{\mathcal {O}(n)}\) states and a Rabin condition of \(\mathcal {O}(2^n)\) pairs, see Lemma 5 of [5]. With some adaptations we could also match the optimal Rabin condition, which is known to be linear-size [20].

This can be achieved by adding an labelling function as follows: Let \(L = \{1,\dots ,2n-1\}\) be the set of potential labels. Macrostates are defined as before, where an additional injective function \(l: T^S \rightarrow L\) is added. For the initial state we let \(l(\epsilon )=1\). The steps 1–4 in the transition function remain the same, where we add a final step 5 in which we define the new labeling function \(l'\): We let \(l'(s) = l(s)\) for all s that already occurred in \(T^{S}\) and for all \(s \in T^{S'}\setminus T^S\) we let \(c(s) = \textrm{red} \) and choose new, distinct labels in L, i.e. ones which do not occur in \(\textrm{ran}(l)\). The binary tree \(T^{S'}\) has at most n leaves, hence it has at most \(2n -1\) many nodes and this is always possible.

The new acceptance condition has the following form: A run of the automaton is accepting if there is a label \(k \in L\), such that \(c(l^{-1}(k))\) is \(\textrm{green} \) infinitely often and \(\textrm{red} \) only finitely often. Here \(c(l^{-1}(k))\) is defined to be \(\textrm{red} \) if \(k \notin \textrm{ran}(l)\). This is a Rabin condition with \(\mathcal {O}(n)\) pairs. Notably we still have \(n^{\mathcal {O}(n)}\) macrostates, thus the determination method is optimal.

3.2 Parity Automata

We now extend the approach to parity automata. Let \(\varSigma \) be an alphabet and \(\mathbb {A}= \langle A, \varDelta _A, a_I, \varOmega \rangle \) be a nondeterministic parity automaton.

In order to present the intuitive idea behind the construction we first transform \(\mathbb {A}\) into an equivalent nondeterministic Büchi automaton \(\mathbb {B}\). Let m be the maximal even priority of \(\varOmega \). For even \(k = 0,2,...m\) we define \(\mathbb {A}_0,\mathbb {A}_2,...,\mathbb {A}_n\) as copies of \(\mathbb {A}\) without the states of priority smaller than k, i.e. \(\mathbb {A}_k = \langle A_k, \varDelta _k, F_k \rangle \) with \(A_k = \{a_k ~|~ a \in A \wedge \varOmega (a) \ge k\}\), \(\varDelta _k = \varDelta _A|_{A_k}\) and \(F_k = \{a_k \in A_k ~|~ \varOmega (a) = k\}\). Now we define the nondeterministic Büchi automaton \(\mathbb {B}= \langle B, {\varDelta _B}, b_I, F \rangle \):³

$$\begin{aligned} B =&A \cup \bigcup _{\begin{array}{c} k=0\\ k~ \text {even} \end{array}}^m A_k, \quad \quad \quad \quad \quad b_I = a_I, \quad \quad \quad \quad \quad F = \bigcup _{\begin{array}{c} k=0\\ k~ \text {even} \end{array}}^m F_k,\\ {\varDelta _B} =&\varDelta _A \cup \bigcup _{\begin{array}{c} k=0\\ k~ \text {even} \end{array}}^m \varDelta _k \cup \{(a,y,b_k) \in A \times \varSigma \times A_k ~|~ b \in \varDelta _A(a,y), k = 0,2,...,m\}. \end{aligned}$$

Although \(\mathbb {A}_k\) is not an automaton, as it does not have an initial state, we can define the Büchi automaton \(\mathbb {A}\cup \mathbb {A}_k = \langle A\cup A_k, \varDelta _B|_{ A\cup A_k}, a_I, F_k \rangle \) for \(k = 0,...,m\).

The intuition behind the determinization of the parity automaton \(\mathbb {A}\) is the following: We apply the binary tree construction to every automaton \(\mathbb {A}\cup \mathbb {A}_k\) for \(k=0,2,...,m\), which is possible as there are no paths from \(A_k\) to \(A_j\) if \(k \ne j\) and none of the accepting states of \(\mathbb {B}\) are in the set A. The annotation of a state \(a \in \mathbb {A}\) will then be the tuple \((s_0,s_2,...,s_m)\), where \(s_k\) is the annotation at the state \(a_k \in \mathbb {A}\cup \mathbb {A}_k\). Note that the automaton \(\mathbb {A}^D\) will be different from the automaton obtained from the binary tree construction on the whole \(\mathbb {B}\).

To make that formal we need some definitions. A treetop L is a set of leaves of a binary tree, where potentially the minimal leaf is missing, i.e. L is a finite set of binary strings such that for all \(s\ne t \in L\) it holds \(s \not \sqsubseteq t\) and \(\textrm{tree}(L) = \{s \in 2^* ~|~ \exists t \in L: s \sqsubseteq t \} \cup \{s0 ~|~ s = 0\cdots 0 \text { and } s1 \in L\}\) is a binary tree.

For even m let \(\textrm{TSeq}(m) = \{(s_0,s_{2},...,s_m) ~|~ s_0,s_{2},...,s_m \in 2^*\}\) be the set of sequences of length \(\frac{m}{2}+1\), where \(s_0,...,s_m\) are binary strings. Let \(\pi _k\) be the projection function, which maps \(\sigma = (s_0,...,s_m)\) to \(s_k\) for \(k = 0,2,...,m\). We define a partial order < on \(\textrm{TSeq}(m)\): Let \((s_0,...,s_m) < (t_0,...,t_m)\) if there exists \(l \in \{0,...,m\}\) such that \(s_l < t_l\) and \(s_j = t_j\) for \(j= 0,...,l-2\).

We now define the deterministic Rabin automaton \(\mathbb {A}^D = \langle A^D, \delta _A, a'_I, R_A \rangle \). Let m be the maximal even priority of \(\varOmega \) in \(\mathbb {A}\). An element S in the carrier \(A^D\) of \(\mathbb {A}^D\) consists of a tuple \((A_S,f, c_0,...,c_m)\), where

• \(A_S\) is a subset of A,

• \(f: A_S \rightarrow \textrm{TSeq}(m)\), such that \(\textrm{ran}(\pi _k \circ f)\) is a treetop for \(k = 0,...,m\) and

• \(c_k\) is a colouring map from \(\textrm{tree}(\textrm{ran}(\pi _k \circ f)) \rightarrow \{\textrm{green}, \textrm{red}, \textrm{white} \}\) for \(k=0,2,...,m\).

We define \(T^S_k\) to be the binary tree \(\textrm{tree}(\textrm{ran}(\pi _k \circ f))\) for \(k=0,2,...,m\) and say a binary string s is in play at position k if \(s \in T^S_k\). If the context is clear we will abbreviate \(T^S_k\) with \(T_k\). Again we sometimes denote a macrostate by a set of pairs \((a,\sigma )\), usually written as \(a^{\sigma }\), where \(a \in A_S\) and \(\sigma = f(a)\) and deal with the colourings \(c_k\) implicitly.

The initial macrostate \(a'_I\) consists of the singleton \(\{a_I^{(\epsilon ,...,\epsilon )}\}\). To define the transition function \(\delta _A\) let S be in \(A^D\) and \(y \in \varSigma \). We define \(\delta _A(S,y)= S'\), where \(S'\) is constructed in the following steps:

1. 1.
   1. (a)

      Move: For every \(a^{\sigma } \in S\) and \(b \in \varDelta _A(a,y)\), add \(b^{\sigma }\) to \(S'\).

   2. (b)

      Reduce: For every \(a^{\sigma } \in S'\), change \(a^{\sigma }\) to \(a^{\sigma '}\), where \(\sigma '\) is obtained from \(\sigma = (s_0,...,s_m)\) by replacing every \(s_j\) with \(j > \varOmega (a)\) by \(\textrm{minL}(T_j)\).

      1. 2.

         Append: For every \(a^{\sigma } \in S'\) and \(\sigma = (s_0,...,s_m)\), change \(a^{\sigma }\) to \(a^{\sigma '}\), where \(\sigma ' = (s_00,...,s_{k-2}0,s_k1, s_{k+2}0,...,s_m0)\) if \(\varOmega (a) = k\) is even, and \(\sigma ' = (s_00,...,s_{m}0)\) if \(\varOmega (a) = k\) is odd.

      2. 3.

         Resolve: If \(a^{\sigma }\) and \(a^{\tau }\) are in \(S'\) and \(\sigma < \tau \), delete \(a^{\sigma }\).

      3. 4.

         Compress/Colour: Do for every \(k = 0,2,...,m\): Let \(c_k(t) = \textrm{white} \) for any \(t \in T_k\). Now we compress and colour \(T_k\) inductively in the following way, until there exists no witness \(t \in T_k\), such that (a) or (b) is applicable:

         1. (a)

            For any \(t \in T_k\), such that \(t0 \in T_k\) and \(t1 \notin T_k\), change every \(a^{\sigma } \in S'\), where \(\sigma = (s_0,...,s_m)\), and \(t0 \sqsubseteq s_k\), to \(a^{\sigma '}\), where \(\sigma ' = (s_0,...,s_k[t0 \backslash t ],...,s_m)\). For any \(s \in T_k\), where \(t \sqsubset s\), let \(c_k(s) = \textrm{red} \).

         2. (b)

            For any \(t \in T_k\), such that \(t0 \notin T_k\), \(t1 \in T_k\) and \(t \ne 0\cdots 0\), change every \(a^{\sigma } \in S'\), where \(\sigma = (s_0,...s_m)\), and \(t1 \sqsubseteq s_k\), to \(a^{\sigma '}\), where \(\sigma ' = (s_0,...,s_k[t1 \backslash t ],...,s_m)\). For any \(s \in T_k\) such that \(t = s0\cdots 0\), let \(c_k(s) = \textrm{green} \), if \(c_k(s) \ne \textrm{red} \). In particular let \(c_k(t) = \textrm{green} \) if \(c_k(t) \ne \textrm{red} \). For any \(s \in T_k\), where \(t \sqsubset s\), let \(c_k(s) = \textrm{red} \).

A run of \(\mathbb {A}^D\) is accepting if there is \(k \in \{0,2,...,m\}\) and a binary string s, which is in play at position k cofinitely often such that \(c_k(s)\) is \(\textrm{green} \) infinitely often and \(\textrm{red} \) only finitely often.

Theorem 3

Let \(\mathbb {A}\) be a parity automaton and \({\mathbb {A}}^D\) the deterministic Rabin automaton defined from \(\mathbb {A}\). Then \(L(\mathbb {A}) = L({\mathbb {A}}^D)\).

Remark 2

For a parity automaton \(\mathbb {A}\) of size n with highest even priority m, our construction produces a deterministic Rabin automaton with \(n^{\mathcal {O}(m\cdot n)}\) macrostates and \(\mathcal {O}(m\cdot 2^n)\) Rabin pairs, see Lemma 6 of [5].

4 \(\textsf{BT}\) Proofs

4.1 Proof Systems

We present two non-wellfounded proof systems for the modal \(\mu \)-calculus, namely \(\textsf{BT}\) and \(\textsf{BT}^{\infty }\). The idea is that annotated sequents in the \(\textsf{BT}\) system correspond to macrostates of \(\mathbb {A}^D\), where \(\mathbb {A}\) is a nondeterministic parity automaton checking the trace condition in an \(\textsf{NW}\) proof. The rules of \(\textsf{BT}\) resemble the transition function of \(\mathbb {A}^D\).

Let \(\varPhi \) be a set of formulas, the sequent we want to prove, and let \(m= \max _\varOmega (\varPhi )\) be the maximal even priority of \(\varOmega \). Annotated sequents are sets of pairs \((\varphi ,\sigma )\), usually written as \(\varphi ^{\sigma }\), where \(\varphi \in \textsf{Clos}(\varPhi )\) and \(\sigma \in \textrm{TSeq}(m)\). For an annotated sequent \(\varGamma \) we let \(\varGamma ^N\) be the set of annotations occurring in \(\varGamma \), i.e. \(\varGamma ^N = \{\sigma \in \textrm{TSeq}(m) ~|~ \exists \varphi \text { s.t. } \varphi ^{\sigma } \in \varGamma \}\). We let \(\varGamma _k^N\) be the set of binary strings occurring at the k-th position of the annotations in \(\varGamma \), i.e., \(\varGamma _k^N = \pi _k[\varGamma ^N]\). We say that a string s occurs in \(\varGamma _k^N\) if there exists \(t \in \varGamma _k^N\) such that \(s \sqsubseteq t\).

For \(\sigma = (s_0,...,s_m)\in \textrm{TSeq}(m)\) we define \(\sigma \cdot 1_k = (s_0,...,s_k1,...,s_m)\) and \(\sigma \cdot 0_k = (s_0,...,s_k0,...,s_m)\). For an annotated sequent \(\varGamma \) we let \(\varGamma ^{\cdot 0_k}\) denote the annotated sequent \(\{\varphi ^{\sigma \cdot 0_k} ~|~ \varphi ^{\sigma } \in \varGamma \}\).

Let \(\varGamma \) be an annotated sequent and \(\varphi ^{\sigma } \in \varGamma \). We define \(\sigma \upharpoonright k^{\varGamma }\) to be the tuple of binary strings obtained from \(\sigma = (s_0,...,s_m)\) by replacing every \(s_j\) with \(j > k\) by \(\textrm{minL}(\textrm{tree}(\varGamma _j^N)\). If the context \(\varGamma \) is clear we write \(\sigma \upharpoonright k\) instead of \(\sigma \upharpoonright k^{\varGamma }\).

Fig. 3.

Rules of \(\textsf{BT}\)

The rules \(\textsf{Compress}_{k}^{s0}\) and \(\textsf{Compress}_{k}^{s1}\) are schemata for \(k = 0,2,...,m\) and \(s \in 2^*\). In these rules the notation \(\varphi _i^{(\dots ,s t_i,\dots )}\) is to be read such that \(s t_i\) is the binary string in the k-th position of the annotation. We will write \(\textsf{Compress}\) for any of those rules and write \(\textsf{Compress}_{k}^{s}\) for either \(\textsf{Compress}_{k}^{s0}\) or \(\textsf{Compress}_{k}^{s1}\).

Note that, if one ignores the annotations, the rules \(\textsf{Ax1}\), \(\textsf{Ax2}\), \(\textsf{R}_{\vee }\), \(\textsf{R}_{\wedge }\), \(\textsf{R}_{\mu }\), \(\textsf{R}_{\nu }\) and \(\mathsf {\textsf{R}_{\Box }}\) in Fig. 3 are the same as the rules of \(\textsf{NW}\). As mentioned above annotated sequents in the \(\textsf{BT}\) system correspond to macrostates of \(\mathbb {A}^D\), where \(\mathbb {A}\) is a nondeterministic parity automaton checking the trace condition in an \(\textsf{NW}\) proof. The rules of \(\textsf{BT}\) correspond to the transition function \(\delta _A\) of \(\mathbb {A}^D\), where the transformations of \(\delta _A\) are distributed over multiple rules: Step 1(a) of \(\delta _A\) is carried out in every rule and step 1(b) and step 2 correspond to the modification of the annotations in the rules R\(_\mu \) and R\(_\nu \). Notably, we do not add zeros to the annotations if the zeros would get deleted anyway in step 4 of the transition function. The rules \(\textsf{Resolve}\) and \(\textsf{Compress}\) are additional and correspond to steps 3 and 4 of \(\delta _A\).

Definition 6

A \(\textsf{BT}\) derivation \(\pi \) is a derivation defined from the rules in Fig. 3, such that the rules are applied with the following priority: first \(\textsf{Resolve}\), then \(\textsf{Compress}\), and then all other rules.

Just as annotated sequents correspond to macrostates of the deterministic automaton \(\mathbb {A}^D\), the soundness condition of \(\textsf{BT}^{\infty }\) and \(\textsf{BT}\) correspond to the acceptance condition of \(\mathbb {A}^D\): We say that a pair (k, s) is preserved at a node, if s is in play at position k at the corresponding macrostate and not marked red; and progresses if it is marked green.

Definition 7

Let \(\pi \) be a \(\textsf{BT}\) derivation of \(\varPhi \), \(m = \max _\varOmega (\varPhi )\) and S be a set of nodes in \(\pi \). Let \(k \in \{0,2,...,m\}\) and \(s \in 2^*\). We say that the pair (k, s)

• is preserved on S if

  • s occurs in \(\textsf{S}(v)_k^N\) for every v in S and

  • if \(\textsf{R}(v) = \textsf{Compress}_{k}^{t} \) for a node v in S, then ,

• progresses (infinitely often) on S if there is \(s'= s0\cdots 0\) such that \(\textsf{R}(v) = \textsf{Compress}_{k}^{s'1} \) for some v in S (for infinitely many \(v \in S\)).

Definition 8

Let \(\pi \) be a \(\textsf{BT}\) derivation. An infinite branch \(\alpha = (u_i)_{i\in \omega }\) in \(\pi \) is successful if there are N and (k, s) such that (k, s) is preserved and progresses infinitely often on \(\{u_i ~|~ i \ge N\}\). A \(\textsf{BT}^{\infty } \) proof is a \(\textsf{BT}\) derivation without occurrences of \(\textsf{D}^{\textsf{x}}\) and such that all infinite branches are successful. A \(\textsf{BT} \) proof is a finite \(\textsf{BT}\) derivation such that for each strongly connected subgraph S in \(\mathcal {T}_\pi ^C\) there exists (k, s) that is preserved and progresses on S.

We write \(\textsf{BT} \vdash \varGamma \) (\(\textsf{BT}^{\infty } \vdash \varGamma \)) if there is a \(\textsf{BT}\) (\(\textsf{BT}^{\infty }\)) proof of \(\varGamma \), i.e., a proof, where \(\varGamma \) is the sequent at the root of the proof.

Remark 3

In the proof system \(\textsf{JS}\) introduced by Jungteerapanich and Stirling [13, 23] annotated sequents are of the form \(\theta \vdash \varphi _1^{a_1},...,\varphi _n^{a_n}\), where \(a_1,...,a_n\) are sequences of names and the so-called control \(\theta \) is a linear order on all names occurring in the sequent. In contrast to \(\textsf{JS}\) our sequents consist of formulas with annotations and nothing else, that is, no control. On the other hand the soundness condition of \(\textsf{BT}\) is less local: It speaks about strongly connected subgraphs, whereas in \(\textsf{JS}\) only paths between leafs and its companions have to be checked. We see that the control in \(\textsf{JS}\) gives information on the structure of the cyclic proof tree. Interestingly, we could also add a control to our sequents and obtain a soundness condition that talks about paths, if desired. Similarly, in [1] a control was added to a cyclic system for the first-order \(\mu \)-calculus introduced by [22] to obtain a path-based system.

4.2 Soundness and Completeness

The intuitive idea behind the \(\textsf{BT}^{\infty }\) proof system is the following: Starting with an \(\textsf{NW}\) proof, we can define a nondeterministic parity automaton \(\mathbb {A}\), that checks if an infinite branch carries a \(\nu \)-trail. Using the determinization method from Sect. 3 we simulate macrostates of \(\mathbb {A}^D\) by annotated formulas in the proof system. Thus an infinite branch in \(\textsf{BT}^{\infty }\) resembles an infinite run of \(\mathbb {A}^D\). This will be formalised in the Soundness and Completeness proofs.

Tracking Automaton. Let \(\varPhi \) be a sequent of formulas, \(\eta x_1. \psi _1,...,\eta x_n. \psi _n\) the fixpoint formulas in \(\textsf{Fix}(\varPhi )\) and \(\varOmega \) the parity function on \(\textsf{Fix}(\varPhi )\).

We define a nondeterministic parity automaton that checks if there is a \(\nu \)-trail on an infinite branch of some \(\textsf{NW}\) proof of \(\varPhi \). The alphabet \(\varSigma \) consists of all triples \((\varGamma ,\xi ,\varGamma ')\), where \(\varGamma \subseteq \textsf{Clos}(\varPhi )\) is the conclusion and \(\varGamma ' \subseteq \textsf{Clos}(\varPhi )\) is the premise of a rule in Fig. 1 with principal formula \(\xi \). We define the following nondeterministic parity automaton \(\mathbb {A} = (A,\varDelta , a_I,\varOmega _A)\):

• \(A = a_I \cup \textsf{Clos}(\varPhi ) \cup \{\eta x. \psi ^* ~|~ \eta x. \psi \in \textsf{Clos}(\varPhi )\}\),

• For each \(\gamma \in A \) and \((\varGamma ,\xi ,\varGamma ') \in \varSigma \):

  1. 1.

     if \(\gamma = a_I\), then \(\varDelta (\gamma ,(\varGamma ,\xi ,\varGamma ')) = \varPhi \),

  2. 2.

     if \(\gamma = \xi = \eta x.\psi \) then \(\varDelta (\gamma ,(\varGamma ,\xi ,\varGamma ')) = \{\eta x. \psi ^*\}\),

  3. 3.

     if \(\gamma = \eta x. \psi ^*\), then \(\varDelta (\gamma ,(\varGamma ,\xi ,\varGamma ')) = \{\gamma ' ~|~ (\psi [x \backslash \eta x. \psi ],\gamma ') \in \textsf{T}_{\varGamma ,\xi ,\varGamma '} \}\) and

  4. 4.

     else \(\varDelta (\gamma ,(\varGamma ,\xi ,\varGamma ')) = \{\gamma ' ~|~ (\gamma ,\gamma ') \in \textsf{T}_{\varGamma ,\xi ,\varGamma '}\}\).

• For all states \(\eta x. \psi ^*\) let \(\varOmega _A(\eta x. \psi ^*) = \varOmega (\eta x. \psi )\). For all other states a let \(\varOmega _A(a)= \max _\varOmega (\varPhi )\) if \(\max _\varOmega (\varPhi )\) is odd and \(\varOmega _A(a)= \max _\varOmega (\varPhi ) +1\) else.

Let \(\alpha = (v_n)_{n\in \omega }\) be an infinite branch in an \(\textsf{NW}\)-proof \(\pi \). We define \(w(\alpha ) \in \varSigma ^{\omega }\) to be the infinite word \((\textsf{S}(v_0),\textsf{f}(v_0),\textsf{S}(v_0))(\textsf{S}(v_0),\textsf{f}(v_0),\textsf{S}(v_1))(\textsf{S}(v_1),\textsf{f}(v_1),\textsf{S}(v_2))...\).

Lemma 1

Let \(\alpha \) be an infinite branch in an \(\textsf{NW}\) proof. Then \(\alpha \) carries a \(\nu \)-trail iff \(w(\alpha ) \in \mathcal {L}(\mathbb {A})\).

Combining Lemma 1 and Theorem 3 from Sect. 3 we get

Lemma 2

Let \(\pi \) be an \(\textsf{NW}\) derivation. Then \(\pi \) is an \(\textsf{NW}\) proof iff for every infinite branch \(\alpha \) in \(\pi \) it holds \(w(\alpha ) \in \mathcal {L}(\mathbb {A}^D)\).

Lemma 3

Let \(\varGamma \) be a sequent. Then \(\textsf{NW} \vdash \varGamma \) iff \(\textsf{BT} \vdash \varGamma ^{\epsilon }\).

Proof (Sketch)

Let \(\pi \) be an \(\textsf{NW}\) proof of a sequent \(\varGamma \). Inductively we translate every node v in \(\pi \) to a node \(v'\) plus some additional nodes, such that \(v'\) is labeled by the same sequent as v plus annotations. This can be achieved by replacing every rule in \(\textsf{NW}\) by its corresponding rule in \(\textsf{BT}\) and adding the rules \(\textsf{Resolve}\) and \(\textsf{Compress}\) whenever applicable. This yields a \(\textsf{BT}\) derivation \(\rho \). It remains to show that every infinite branch \(\alpha = (v_i)_{i\in \omega }\) in \(\rho \) is successful. Let \(\hat{\alpha }\) be the corresponding infinite branch in \(\pi \). Due to Lemma 2 it holds that \(\hat{\alpha } \in \mathcal {L}(\mathbb {A}^D)\). Thus there is (k, s) such that s is in play at position k cofinitely often and \(c_k(s)\) is \(\textrm{green}\) infinitely often and \(\textrm{red}\) only finitely often. As the annotations in \(\alpha \) resemble the annotations in the run of \(\mathbb {A}^D\) on \(\hat{\alpha }\) it follows that there is some \(N\in \omega \) such that (k, s) is preserved and progresses infinitely often on \(\{v_i~|~ i\ge N\}\).

Conversely let \(\rho \) be a \(\textsf{BT}\) proof of \(\varGamma ^{\epsilon }\). We let \(\pi \) be the \(\textsf{NW}\) derivation defined from \(\rho \) by omitting the rules \(\textsf{Resolve}\) and \(\textsf{Compress}\) and reducing the other rules to the corresponding \(\textsf{NW}\) rules. We have to show that every infinite branch \(\alpha \) in \(\pi \) is successful. Let \(\alpha '= (v_i)_{i\in \omega }\) be the corresponding infinite branch in \(\rho \). Because \(\rho \) is a \(\textsf{BT}\) proof there is N,(k, s) such that (k, s) is preserved and progresses infinitely often on \(\{v_i~|~ i\ge N\}\). Again the annotations in \(\alpha '\) resemble the annotations in the run of \(\mathbb {A}^D\) on \(\alpha \), thus (k, s) witnesses the acceptance of the run of \(\mathcal {L}(\mathbb {A}^D)\) on \(\alpha \) and Lemma 2 concludes the proof.

Theorem 4 (Soundness and Completeness)

Let \(\varGamma \) be a sequent. Then there is a \(\textsf{BT}^{\infty } \)-proof of \(\varGamma ^{\epsilon }\) iff \(\bigvee \varGamma \) is valid.

Proof

This follows from Lemma 3 and Theorem 1.

4.3 Cyclic \(\textsf{BT}\) Proofs

As \(\textsf{NW}\) proofs can be assumed to be regular and annotations are added deterministically we can also assume \(\textsf{BT}^{\infty }\) proofs to be regular. A standard argument then transforms regular \(\textsf{BT}^{\infty }\) proofs into \(\textsf{BT}\) proofs and vice versa.

Lemma 4

An annotated sequent is provable in \(\textsf{BT} \) iff it is provable in \(\textsf{BT}^{\infty } \).

Theorem 5 (Soundness and Completeness)

Let \(\varGamma \) be a sequent. Then there is a \(\textsf{BT} \)-proof of \(\varGamma ^{\epsilon }\) iff \(\bigvee \varGamma \) is valid..

Remark 4

The number of distinct subtrees in a regular \(\textsf{BT}^{\infty }\) proof can be bounded by the number of distinct annotated sequents. This follows because the same statement holds for \(\textsf{NW}\) proofs [19] and because in the proof of Lemma 3 annotations and extra rules are added deterministically to sequents in \(\textsf{NW}\) proofs.

Let \(\varPhi \) be a sequent, \(n = |\textsf{Clos}(\varPhi )|\) and \(m = \max _\varOmega (\varPhi )\). There are at most \(n^{\mathcal {O}(m\cdot n)}\) many distinct annotated sequents occurring in a proof of \(\varPhi \), because annotated sequents resemble macrostates in \(\mathbb {A}^D\) and as seen in Remark 2 there are at most \(n^{\mathcal {O}(m\cdot n)}\) distinct macrostates in \(\mathbb {A}^D\).

Combining these two observations with the proof of Lemma 4 yields that the height of a \(\textsf{BT}\) proof of a sequent \(\varPhi \) can be bound by \(n^{\mathcal {O}(m\cdot n)}\). This is the same complexity as in \(\textsf{JS}\) [13].

Remark 5

Given a \(\textsf{BT}\) derivation \(\pi \), we can check if \(\pi \) is a \(\textsf{BT}\) proof in \(\textrm{coNP}\). We can give the following algorithm in \(\textrm{NP}\), that checks if \(\pi \) is not a \(\textsf{BT}\) proof: Choose non-deterministically a strongly connected subgraph S and check if there exists (k, s) that is preserved and progresses on S, the latter can be done in polynomial time. The complexity of proof checking can be compared to linear time in \(\textsf{JS}\) and \(\textrm{PSPACE}\) in \(\textsf{NW}\). Note that, if we add a control to the \(\textsf{BT}\) proof system, the soundness condition boils down to checking paths between leafs and its companions. In that case proof checking could also be done in linear time.

5 Conclusions and Future Work

We hope that this paper contributes to the theory of non-wellfounded and cyclic proof systems by discussing applications of automata theory in the field. We have argued for the relevance of the notion of determinizing stream automata in the design of proof systems for the modal \(\mu \)-calculus. More concretely, we have introduced a determinization construction based on binary trees and used this to obtain a new derivation system \(\textsf{BT}\) which is cyclic, cutfree, and sound and complete for the collection of valid \(\mathcal {L}_{\mu }\)-formulas. In the remainder of this concluding section we point out some directions for future research.

First of all, our approach is not restricted to the modal \(\mu \)-calculus, but will apply to non-wellfounded and cyclic derivation systems for many other logics as well. For instance, in the proof systems \(\textrm{LKID}^\omega \) [3] for first-order logic with inductive definitions, cyclic arithmetic \(\textrm{CA}\) [21] and similar systems the trace condition is of the form that on every infinite branch there is a term/variable which progresses infinitely often. This condition can be checked by a nondeterministic Büchi automaton and thus our method would yield an annotated proof system, where the annotations are binary strings, which label the terms/variables.

Second, in Remark 3 we discussed some relative advantages and disadvantages of the systems \(\textsf{JS}\) and \(\textsf{BT}\). It would be interesting to either design a system that combines the advantages of both systems (i.e. sequents consisting of annotated formulas only as in \(\textsf{BT}\), and a local condition for proof checking as in \(\textsf{JS}\)), or prove that such a system cannot exist.

Finally, it would be interesting (and in fact, it was one of the original aims of our work), to connect annotation-based sequent calculi such as \(\textsf{JS}\) and \(\textsf{BT}\) to Kozen’s Hilbert-style proof system and to see whether a more structured automata-theoretic approach would yield an alternative proof of Walukiewicz’ completeness result. Note that this was also the goal of Afshari & Leigh [2]; unfortunately, it was recently shown by the second author [14] that the system \(\textsf{Clo}\), a key system in Afshari & Leigh’s approach linking \(\textsf{JS}\) to Kozen’s axiomatization, is in fact incomplete.