Journal of Computer and System Sciences 91 (2018) 82103

Contents lists available at ScienceDirect

Journal of Computer and System Sciences

www.elsevier.com/locate/jcss

A generic framework for checking semantic equivalences

between pushdown automata and nite-state automata
Antonn Kucera a, , Richard Mayr b
a
Faculty of Informatics, Masaryk University, Botanick 68a, CZ-60200 Brno, Czech Republic
b
University of Edinburgh, School of Informatics, LFCS, 10 Crichton Street, Edinburgh EH8 9AB, UK

a r t i c l e i n f o a b s t r a c t

Article history: For a given process equivalence, we say that a process g is fully equivalent to a process
Received 19 January 2017 f of a transition system T if g is equivalent to f and every reachable state of g
Received in revised form 5 September 2017 is equivalent to some state of T . We propose a generic method for deciding full
Accepted 7 September 2017
equivalence between pushdown processes and nite-state processes applicable to every
Available online 19 September 2017
process equivalence satisfying certain abstract conditions. Then, we show that these
Keywords: conditions are satised by bisimulation-like equivalences (including weak and branching
Pushdown automata bisimilarity), weak simulation equivalence, and weak trace equivalence, which are the main
Semantic equivalences conceptual representatives of the linear/branching time spectrum. The list of particular
Bisimulation results obtained by applying our method includes items which are rst of their kind, and
the associated upper complexity bounds are essentially optimal.
2017 Elsevier Inc. All rights reserved.

1. Introduction

One of the main paradigms in formal verication is equivalence-checking, where the correctness of a given implemen-
tation is demonstrated by proving semantic equivalence with its intended behavior called the specication. Formally, the
implementation and the specication are understood as processes, i.e., states in labeled transition systems, and the semantic
equivalence is some equivalence over the class of all processes. Equivalence proofs are often long and tedious, especially
when the implementation uses unbounded data structures such as counters, stacks, or queues making the state space in-
nite. A natural question is whether such proofs can be produced automatically, i.e., whether a given process equivalence is
decidable in a given class of processes, and what is the associated complexity. The equivalence-checking problem has been
considered for various process equivalences and various classes of innite-state processes in the last decades; we refer to,
e.g., [49,18,37,9,43,11,53] for surveys of some subelds.
A special variant of the equivalence-checking problem is regular equivalence-checking, where the specication is a nite-
state process. Hence, an instance of the regular equivalence-checking problem is a process g of a (possibly innite-state)
transition system U , and a process f of a nite-state transition system T . The question is whether g and f are equivalent
for some xed process equivalence. In general, the process g may reach states that are not equivalent to any state of T , i.e.,
the system T does not necessarily characterize the state space of g up to the chosen equivalence. This motivates the problem
of full regular equivalence-checking, where we require that g and f are fully equivalent, i.e., they are equivalent and each state
reachable from g is equivalent to some state of T . The concept of full equivalence was introduced in [40] and studied in

* Corresponding author.
E-mail address: [email protected] (A. Kucera).

http://dx.doi.org/10.1016/j.jcss.2017.09.004
0022-0000/ 2017 Elsevier Inc. All rights reserved.
 A. Kucera, R. Mayr / Journal of Computer and System Sciences 91 (2018) 82103 83

[47], where it was shown that, for a large class of process equivalences, the problem of full regular equivalence-checking is
reducible to the model-checking problem with a slightly extended version of the branching-time logic EF.
In this paper, we restrict our attention to implementations denable by pushdown automata (PDA), a widely accepted
model1 for sequential programs with recursive procedure calls (see, e.g., [2,3,20,22,21]). The operational behavior of a given
PDA  is formally dened by the associated transition system T , where the states are the congurations of  and the
transitions are determined by the rules of  in the natural way (see Section 2). Hence, T has innitely many states. We
use PDAk to denote the subclass of PDA processes where the underlying pushdown automaton has at most k control states.
Due to historical reasons, we also refer to PDA1 processes as BPA processes.2

1.1. Our contribution

We give a generic algorithm for the full regular equivalence-checking problem where the implementation (i.e., the pro-
cess g) is a PDA process. The algorithm is applicable to every process equivalence satisfying certain abstract criteria, and
we show that these criteria are met by bisimulation-like equivalences (incl. weak, early, delay, and branching bisimilarity),
weak simulation equivalence, and weak trace equivalence. These equivalences are the main conceptual representatives of
the linear/branching time spectrum [57,58], and the applicability of the presented algorithm extends to many (if not all)
equivalences in this spectrum by modifying the techniques used for the aforementioned representatives. For PDAk processes,
where k 1 is a xed constant, the obtained algorithms are essentially optimal.
More specically, we show that, given a PDA  and a nite-state system T , the full equivalence between the processes
of  and T is representable by a nite relation B called base. All pairs of fully equivalent processes can be generated
from B by applying simple substitution rules assuming that the chosen process equivalence is a right PDA congruence (see
Denition 5). Then, we show how to compute the base B as the greatest xed-point of a certain monotonic function.
This monotonic function depends on another function called expansion which must be tailored specically for each process
equivalence so that the criteria of Denition 12 are satised. Finally, we show how to design an appropriate expansion for
the concrete process equivalences mentioned above. The list of particular results obtained in this way includes the following:
(a) Branching bisimilarity [59] between PDAk and nite-state processes is decidable in polynomial time. To the best of
our knowledge, this is the rst result about computational tractability of branching bisimilarity for systems with innitely
many states (the same actually applies to early and delay bisimilarity). Branching bisimilarity plays a distinguished role in
the semantics of systems with silent moves [56], similarly as strong bisimilarity [50] for processes without silent moves.
(b) For weak simulation equivalence, we prove that full equivalence between PDAk and nite-state processes is decid-
able in polynomial time. Since checking (non-full) weak simulation equivalence between PDAk and nite-state processes is
EXPTIME-complete even for BPA [46], this result shows that full regular equivalence-checking can be more tractable than
ordinary regular equivalence-checking.
(c) For weak trace equivalence, we show that full equivalence between PDAk and nite-state processes is decidable in
polynomial space, and the problem is PSPACE-hard even for BPA. Since checking (weak) trace equivalence between BPA
and nite-state processes is undecidable, we see that full regular equivalence-checking can be even more decidable than
regular equivalence-checking.
Another generic outcome of our method is an algorithm deciding whether a given nite-state process is the -quotient
of a given PDA process for a given semantic equivalence . Here we need to assume that is preserved under quotients (see
Denition 18) which is not really restrictive because most of the existing process equivalences satisfy this property [40,42].

1.2. Related work

Language equivalence is undecidable for general nondeterministic PDA and BPA [30]. However, for the deterministic
subclass (dPDA), language equivalence is decidable [51] (see also [55,34]). The computational complexity of this prob-
lem is open and no nontrivial lower bound is known. For the subclass of deterministic one-counter automata, language
equivalence-checking is NL-complete [8].
Checking bisimulation equivalence is decidable for PDA processes [52]. A nonelementary lower bound has been shown in
[6] (see also [35]), improving the previous EXPTIME lower bound of [46]; the exact complexity is still open. However, bisim-
ilarity is known to be PSPACE-complete for the subclass of one-counter automata [7]. In the context of bisimilarity-checking,
a special attention has been devoted BPA which are strictly less expressive than PDA w.r.t. bisimulation-like equivalences.
The rst positive result is due to Baeten, Bergstra, and Klop [4] who proved the decidability of strong bisimilarity for normed
BPA (a PDA is normed if the stack can be emptied from every reachable conguration). Simpler proofs were given later in
[14,26,32], and there is even a polynomial-time algorithm [28]. The decidability result was extended to all (not necessarily

1
From the language-theoretic point of view, the denition of PDA adopted in this paper corresponds to the subclass of real-time PDA. The concept of
-transitions is replaced by silent transitions with a distinguished label which may (but do not have to) be treated in a special way by a given semantic
equivalence.
2
The BPA acronym stands for Basic Process Algebra, a natural fragment of ACP [5]. BPA algebra is expressively equivalent (up to strong bisimilarity) to
PDA processes with one control state.
84 A. Kucera, R. Mayr / Journal of Computer and System Sciences 91 (2018) 82103

normed) BPA in [16], and a 2-EXPTIME upper complexity bound is due to [12,33]. An EXPTIME lower complexity bound for
BPA bisimilarity was shown in [39].
In the presence of silent -moves, the equivalence-checking problems become harder. Weak bisimilarity is undecidable
for PDA [54], and in fact even for a very modest subclass of PDA known as one-counter nets3 [48]. The decidability of
weak bisimilarity for BPA is open. However, it is known that branching bisimilarity is decidable for normed BPA [24],
which extends the previous results about totally normed BPA [31,15]. The best known upper complexity bound for checking
branching bisimilarity for normed BPA processes is EXPTIME [27] (a NEXPTIME upper bound is due to [17]). It is open
whether the decidability result can be extended to all BPA processes, but it is already clear that such extensions cannot go
much beyond the BPA class [60].
For simulation-like and trace-like equivalences, the equivalence-checking problem is undecidable even for (normed) BPA;
this follows directly from Friedmans result about the undecidability of language inclusion for simple grammars [23]. Simu-
lation equivalence is decidable for one-counter nets [1] (see also [38,29]), and the relationship between strong bisimilarity
and simulation equivalence over one-counter nets was studied in [36].
Regular equivalence-checking for PDA processes is computationally easier. Strong and weak bisimilarity between PDA
and nite-state processes is PSPACE-complete [46]. The complexity is lower for the subclass of one-counter automata;
strong bisimilarity between processes of one-counter automata and nite-state processes is decidable in polynomial time
[41], while checking weak bisimilarity is PNP -complete [25]. Strong and weak bisimilarity between BPA and nite-state
processes is decidable in polynomial time [45]. Checking strong and weak simulation equivalence between BPA and nite-
state processes is EXPTIME-complete, and the same holds for general PDA [46,44]. Trace-like equivalences between BPA
and nite-state processes are undecidable (this is a direct consequence of the undecidability of the universality problem for
context-free languages [30]).
Our results subsume and generalize the method used in [45] to decide weak bisimilarity between BPA and nite-state
processes in polynomial time. The presence of control states in PDA makes the (de)composition technique more intricate,
which is overcome by utilizing partial functions associating processes to control states (see Denitions 7 and 8). Further,
the technique is no longer limited to weak bisimilarity, but applicable to an arbitrary right PDA congruence satisfying the
abstract conditions formulated in Denition 12. This is achieved by abstracting the equivalence-specic part into the notion
of expansion, and inventing new techniques applicable to simulation-like and trace-like equivalences.
Both [45] and the work presented in this paper build on the idea of nite bisimulation bases pioneered by Caucal [14].
Finite bisimulation bases exist for processes of BPA and BPP systems. For the normed subclasses of BPA and BPP, bisimulation
bases are even computable in polynomial time. We refer to [11] for a detailed exposition of these results. Bisimulation
bases use simple congruence rules to generate new pairs of bisimilar processes, and they are usually computed iteratively
by cleaning a suciently large relation subsuming the base. The same principle is used in [45] and the presented work,
although the base and the way of generating new pairs of processes are technically different. Since the scope of our work
includes equivalences with silent -moves, we have to deal with innite sets of congurations reachable by sequences of
silent moves of unbounded length, which complicates the cleaning phase. This diculty is overcome by representing the
relevant innite sets of congurations by eciently constructible nite-state automata. New insights are also required to
handle the restrictions on intermediate states visited by silent moves imposed by early, delay, and branching bisimilarity.
Simulation-like and trace-like equivalences need specic treatment which has no direct counterpart in previous works.
The paper is organized as follows. In Section 2, we recall transition systems, process equivalences, PDA systems, and the
concept of full regular equivalence [40,47]. In Section 3, we introduce a nite semantic base representing full equivalence
between processes of a given PDA system and a given nite-state system. Finally, in Section 4 we show how to compute the
base B .

2. Basic denitions

In this paper, processes are understood as states in transition systems.

Denition 1. A transition system is a triple T = ( S , A, ) where S is a nite or countably innite set of states, A is a nite
set of actions, and S A S is a transition relation. A process is a pair (T , s), where T is a transition system and s is a
state of T .

a
When T is clearly determined by the context, we write just s instead of (T , s). Further, we write s t instead of
(s, a, t ) , and we extend this notation to the elements of A in the standard way. We say that a state t is reachable from
w
a state s, written s t, if there is w A such that s t. A state space of a process (T , s) is the set of all states reachable
from s in T . Two processes s, t are isomorphic if there is a one-to-one correspondence h between their state spaces such
a a
that h(s) = t and for all states u , u  reachable from s we have that u u  iff h(u ) h(u  ).

3
One-counter nets are a subclass of one-counter automata where the counter cannot be tested for zero explicitly; one-counter nets are expressively
equivalent to Petri nets with at most one unbounded place.
 A. Kucera, R. Mayr / Journal of Computer and System Sciences 91 (2018) 82103 85

We assume that A always contains a special silent action denoted by . Intuitively, -labeled transitions model internal

computational steps that are not directly visible to an external observer. For all s, t S, a move from s to t is a
a
sequence of transitions s=u 0 u i =t where i 0, and a move from s to t, where a
= , is a sequence of
a a
transitions s=u 0 u i v 0 v j =t where i , j 0. A move from s to t, where a A, is usually denoted
a a a
by s t. Note that there may exist innitely many moves from s to t, and if we needed to consider two different
a
moves from s to t at the same time, our notation would be insucient (we could not denote both of these moves by s t).
a
Fortunately, there is no such need in this paper. When no confusion arises, we slightly abuse our notation and write s t
a
to indicate the existence of a move from s to t.
A process equivalence is an equivalence over the class4 of all processes. In general, a process equivalence does not fully
characterize the state space of a given process up to . That is, even if s t, a state reachable from s is not necessarily
-equivalent to any state reachable from t. This motivates the following denition.

Denition 2. Let be a process equivalence and (T1 , s1 ), (T2 , s2 ) processes. We say that (T1 , s1 ) is fully equivalent to
(T2 , s2 ), denoted by (T1 , s1 )  (T2 , s2 ), if s1 s2 and for every s1 reachable from s1 there is a state s2 of T2 (not necessarily
reachable from s2 ) such that s1 s2 .

Remark 3. Observe that if (T1 , s1 )  (T2 , s2 ) and s1 s1 , then for every state s2 of T2 such that s1 s2 we also have that
s1  s2 .

In this paper, we are interested in the problem of checking full equivalence with a nite-state process, formalized as
follows:

Problem: Full regular equivalence-checking.

Instance: A process (U , g ) and a nite-state process (T , f ).
Question: Do we have g  f ?

Here, we assume some nite encoding of (U , g ). In our setting, (U , g ) will always be a pushdown process.
The concept of full regular equivalence was introduced and studied in [47]. For bisimulation-like equivalences, g f
implies g  f , because bisimilar processes have the same state space up to bisimilarity. However, for simulation-like and
trace-like equivalences, this implication does not hold. As a simple example illustrating the difference, consider a nite-state
a
system T with just one state f where f f . Further, let be the trace equivalence5 . Then,

g f iff g can perform an arbitrarily long nite sequence of as and no other action;
g  f iff every state reachable from g can perform an arbitrarily long nite sequence of as and no other action.

Obviously, the second condition is stronger and, in this particular case, encodes the same property as strong bisimilarity
to f . If we extend T by another state f  which does not have any ingoing/outgoing transitions, then full trace equivalence
to f means that each reachable state can either perform an arbitrarily long nite sequence of as (and no other action) or it
is terminated. This property cannot be encoded as bisimulation/simulation/trace equivalence with any nite-state process.
An important advantage of full regular equivalence is its computational tractability. As we shall see in Section 4, full
regular equivalence-checking tends to be more tractable and more decidable than ordinary regular equivalence-checking
(i.e., the question whether g f ).
One can argue that full regular equivalence is asymmetric in the sense that the state space of g must be included
in the set of states of T , but not vice versa. In fact, a symmetric variant of full regular equivalence, where we require
that g f and the state spaces of g and f are the same up to , is equally tractable as the asymmetric version, at least
for processes generated by pushdown automata (see Remark 17). The main reasons for considering the asymmetric version
are its simplicity and conveniencewe usually aim at specifying some kind of safety property by describing the set of all
admissible behaviors up to (by constructing the system T ), and then it is not so important whether g can exhibit all or
just some of these behaviors.
Now we formally introduce pushdown automata and the corresponding class of innite-state processes.

Denition 4. A pushdown automaton (PDA) is a tuple  = ( Q , , A, ) where Q

= is a nite set of control states, 
=
is a nite stack alphabet, A
= is a nite input alphabet, and ( Q ) A ( Q  2 ) is a set of rules where  2 =
{ }  (). A PDAk , where k 1, is a PDA with at most k control states.

4
In our setting, we can safely assume that the class of all processes is actually a set; formally, this is achieved by xing two sets States and Actions such
that every transition system T = ( S , A, ) satises S States and A Actions.
w
5
A word w Act is a trace of a process s if s t for some t. Processes s, s are trace equivalent if they have the same set of traces.
86 A. Kucera, R. Mayr / Journal of Computer and System Sciences 91 (2018) 82103

A conguration of  is a pair p Q  . To  we associate the transition system T where the states are the
congurations of , A is the set of actions, and the transition relation, denoted by , is the least relation  satisfying
the following condition: If ( p X , a, q) , then ( p X , a, q )  for all  . For every p Q  , we use M p to
denote the set of all r Q such that p r .
In the rest of this paper, the elements of Q and  are denoted by lower case and upper case Latin letters such as p , q, . . .
and X , Y , . . ., respectively. The elements of  are denoted by Greek letters , , . . ., where denotes the empty word with
the standard conventions (in particular, = = for every  ).

3. A nite semantic base for PDA

For the rest of this section, we x a pushdown automaton  = ( Q , , A, ), and a nite state system T = ( F , A, ).
The symbol F denotes the set F {}, where / F is formally understood as a process without any outgoing transitions.
Our aim is to show that the relation  between the processes of T and T can be represented by a nite set B called
base such that for all p Q  and f F we have that p  f iff the pair ( p , f ) can be generated from B by applying
simple substitution rules.
To get some intuition, let us rst consider the case when  has only one control state p. For simplicity, we write just
instead of p . For every  and a process s, we use s to denote the process which behaves like until reaches ;
from this point on, s behaves like s. Now, let us x some X 1 X 2 X
 and f F such that X 1 X 2 X
 f . There are
two possibilities.

X 1 . Then X 1 X 2 X
X 2 . . . X k , and hence there exists g F such that X 2 X
g. By substituting X 2 . . . X

with g in X 1 X 2 X
, we obtain the process X 1 g. We intuitively expect X 1 X
X 1 g, but this does not hold in
general; we need to assume that is a right congruence w.r.t. sequential composition, i.e., if s t for some processes
s, t, then s t for all  . Under this assumption, which is satised by most of the standard process equivalences,
we easily obtain X 1 g  f .
Thus, X 1 X 2 X
 f is decomposed into X 1 g  f and X 2 X
g. We remember the pair ( X 1 g , f ) and continue
by decomposing X 2 X
 g (see Remark 3). If
= 1, i.e., X 2 X
= , we stop and remember the pair ( , g ).
X 1  . Then, we have that X 1 s  f for an arbitrary process s, assuming that does not distinguish between isomor-
phic processes. For technical reason claried below, we remember the pairs ( X , f ), ( , ), together with all pairs of
the form (Y g , ) where Y  and g F .

Our base B consists of all pairs we need to remember when applying the decomposition procedure above. That is,

B = {( X g , f ) | X g  f , where X , X , and g , f F }
{( , f ) |  f , where f F }
{( X , f ) | X  f , where X , X  , and f F }
{(Y g , ) | Y , g F }
{( , )}
Note that B is nite and its size is O (|| | F |2 ). Also observe that by reversing the above decomposition principle, the
original pairs ( , f ) such that  f can be generated from B . Formally, let Cl(B ) be the least set L subsuming B such
that whenever ( h, f ) L and B contains a pair of the form ( w , h), where h F , then ( w , f ) L. Now it is easy to see
that for all  and f F we have that  f iff ( , f ) Cl(B ). The direction follows by a simple induction on the
length of ; in the inductive step, we argue by distinguishing the two possible ways of decomposing  f (see above).
Note that if X  f where X  , then ( X , f ) Cl(B ) for every  . This explains the role of the auxiliary pairs
(Y g , ) and ( , ); recall that g ranges over F , including . For the direction, we just check that the above closure
rule is safe.
Now we extend the above construction to general PDA with arbitrarily many control states. We start by generalizing the
notion of right congruence w.r.t. sequential composition, and then show how to adapt the base.

3.1. Right PDA congruence

Recall that a process equivalence is a right congruence w.r.t. the standard sequential composition if for all processes
s, t , u we have that t u implies s t s u. A process p of  can be seen as a sequential composition of recursive
procedure calls stored in the stack. The process p terminates by emptying its stack, i.e., by reaching a conguration r .
Let P be the set of all processes6 , and let : Q P be a function assigning (some) process to every control state of Q .

6
Since the set of states of every transition system T = ( S , A, ) is nite or countably innite, we may safely assume S S for some xed set S .
Similarly, we may assume that A is a subset of some xed set. Then, the class of all processes P is also a set.
 A. Kucera, R. Mayr / Journal of Computer and System Sciences 91 (2018) 82103 87

Now we can naturally dene the sequential composition of p and , denoted by p , behaving like p until a terminated
conguration r is reached, where the process switches to (r ). Formally, the behaviour of p is dened by the following
rules:
a a
p q ( p) s
a a
p q p p [s/ p ]

Here, [s/ p ] : Q P is a function which returns the same result as for every argument except for p where [s/ p ]( p ) = s.
In principle, we could simplify the second rule into

a
( p) s
a
p s

which makes a clear sense if the operational behavior of s is known. For our purposes, the previous more complicated
variant is more advantageous, because it simplies the structure of the base B dened in Section 3.2.
Clearly, the processes p and ( p ) are isomorphic. Also observe that if (r ) = (r ) for all r M p , then the processes
p and p are isomorphic. Now we formally dene the notion of right PDA congruence.

Denition 5. We say that a process equivalence is a right PDA congruence if the following conditions are satised:

For every conguration p of  and all , : Q P such that (q) (q) for all q M p , it holds that p p .
Isomorphic processes are -equivalent.

Intuitively, the rst item of Denition 5 says that if the computation of p is prolonged by -equivalent processes, then
all such extensions are -equivalent. It is easy to check that bisimulation-like, simulation-like, and trace-like equivalences
(even in their weak forms) are right PDA congruences.

3.2. The base B

Intuitively, the base B is obtained by generalizing the relation B introduced for BPA and strong bisimilarity at the
beginning of Section 3. The only difference is that the elements of F appearing in the pairs of B are replaced by the
elements of ( F ) Q , i.e., by functions from Q to F , which are consistently denoted by symbols such as F , G , H, . . . in the
rest of this paper.
The operational semantics of a process p F is dened by the rules given in Section 3.1 (recall that is formally
understood as a process without any outgoing transitions). Still, the role of is somewhat special, which is reected in our
next denition.

Denition 6. A function F : Q F is compatible with p iff for every q M p we have that F (q)
= . The class of all
functions compatible with p is denoted by C ( p ).

Note that if F C ( p ) and p q , then F C (q).

For the rest of this section, we x a right PDA congruence . For all  and F , G : Q F , we write

 F if p  F ( p ) for all p Q where F ( p )

= ;
G  F if G C ( p ) and p G  F ( p ) for all p Q where F ( p )
= .

In particular, note that if F ( p ) = for all p Q , then  F and G  F for all  and G : Q F .
In the rest of this paper, the set of all processes of the form p and p F , where p Q ,  , and F C ( p ), is
denoted by P (, F ), and we use p w , qv , ru , . . . to range over P (, F ). When we write p w = p or p w = p F , we mean
that p w takes the respective form.
Now we are ready to dene the base B . For technical reasons, we rst introduce a more general notion of well-formed
sets. As we shall see in Section 4, the base B is computable by cleaning the greatest well-formed set.

Denition 7. A well-formed set is a set K consisting of

all pairs of the form ( , F ) such that  F ;

all pairs of the form (G , F ) such that G  F ;
some (possibly none) pairs of the form ( X G , F ) such that F ( p )
= implies G C ( p X ).
88 A. Kucera, R. Mayr / Journal of Computer and System Sciences 91 (2018) 82103

Further, we require7 that if ( X G , F ) K and F  H, then ( X G , H) K . The base B is a well-formed set dened by
B = {( , F ) |  F } {(G , F ) | G  F } {( X G , F ) | X G  F } .

Note that if is decidable for nite-state processes, then the greatest well-formed set G is effectively constructible. The
only possible difference between G and B are some extra pairs of the form ( X G , F ) which are cleaned by the algorithm
presented in Section 4.
Our next denition says how to generate new pairs of the form ( , F ) and ( G , F ) from a given well-formed set K .

Denition 8. Let K be a well-formed set. The closure of K , denoted by Cl( K ), is the least set L satisfying the following
conditions:

(1) K L;
(2) if ( G , F ) L where
= and (, G ) K , then ( , F ) L;
(3) if ( G , F ) L where
= and ( X H, G ) K , then ( X H, F ) L.
 i
Clearly, Cl( K ) = i =0 Cl ( K ) where

Cl0 ( K ) = K ;
Cli +1 ( K ) consists of exactly those pairs which are either in Cli ( K ) or can be derived from K and Cli ( K ) by applying one
of the rules (2) and (3) of Denition 8.

We intuitively expect that B generates precisely the pairs ( , F ) and ( G , F ) such that  F and G  F . The next
theorem says that this is indeed the case.

Theorem 9. For all  and F , G : Q F we have the following:

(A) G  F iff ( G , F ) Cl(B);

(B)  F iff ( , F ) Cl(B).

Proof. For the direction of (A) and (B), it suces to show that the rules (2) and (3) of Denition 8 preserve the
relation . Since the arguments are similar, we give an explicit proof just for the rule (3). Suppose G  F and X H  G .
We need to show that X H  F , i.e., for every p Q such that F ( p )
= we have that

(a) H C ( p X ),
(b) p X H  F ( p ).

Let us x some p Q such that F ( p )
= . We start by proving (a). Clearly, C ( p X ) = r M p C (r X ), and hence it suces
to prove H C (r X ) for an arbitrary xed r M p . Since G  F and F ( p )
= , we obtain G C ( p ), which implies
G (r )
= because r M p . Since X H  G and G (r )
= , we obtain H C (r X ) as needed. Now we prove (b). Recall that for
every r M p we have that G (r )
= , which implies r X H  G (r ) because X H  G . For every r M p , we put (r ) = r X H
and (r ) = G (r ). Since is a right PDA congruence, for every q such that p q we obtain q q . We prove
that

(1) p X H F ( p ),
(2) for every t w such that p X H t w there is g F such that t w g.

(1) follows immediately, because p p , and the processes p and p are isomorphic to p X H and p G , respec-
tively. Hence, p X H p p p G . Further, p G F ( p ) because G  F and F ( p )
= . Thus, p X H F ( p ). It
remains to prove (2). Let p X H t w. We distinguish two cases:

t w = q X H where p q . Then p G q G . Since G  F and F ( p )

= , there is g F such that q G g.
Further, q q , where q and q are isomorphic to q X H and q G , respectively. Thus, we obtain q X H g.
p X H r X H t w where p r . Then r M p , which implies G (r )
= (see above). Since X H  G and
G (r )
= , we obtain r X H  G (r ). As r X H t w, there exists g F such that t w g.

The direction of (A) is proven by induction on the length of . If = , we are done immediately because if G  F ,
then (G , F ) B by Denition 7. Now assume = Y where Y G  F . We prove that ( Y G , F ) Cl(B ). Let M F , be

7
This condition is needed in Lemma 11(c).
 A. Kucera, R. Mayr / Journal of Computer and System Sciences 91 (2018) 82103 89

the union of all M p such that F ( p )

= . Since Y G  F , for every r M F , we can x f r F such that rY G f r . Let
H : Q F be a function dened by H(r ) = f r for all r M F , , and H(r ) = for all r Q  M F , . We show that

(i) Y G  H,
(ii) H  F .

Using (i) and (ii), the proof can be completed as follows. If = , we have that Y G  H and H  F . This implies Y G  F ,
hence (Y G , F ) B by Denition 7. If
= , we have that (Y G , H) B by Denition 7, ( H, F ) Cl(B ) by induction
hypothesis, and ( Y G , F ) Cl(B ) by applying the rule (3) of Denition 8.
So, it remains to prove (i) and (ii). Observe that (i) follows directly from the denition of H (see also Remark 3). Let
(r ) = rY G and (r ) = f r for all r M F , . To prove (ii), let us x some p Q such that F ( p )
= . Clearly, H C ( p ). We
show that p H  F ( p ). Since is a right PDA congruence, we obtain p p , where p and p are isomorphic to
p Y G and p H, respectively. Hence, p Y G p H, and since p Y G F ( p ), we obtain p H F ( p ). It remains to show
that every process reachable from p H is -equivalent to some process of F . Let p H t w. We distinguish two cases:

t w = q H where p q . Then p Y G q Y G . Since Y G  F , there is g F such that q Y G g. Further,

q q , where q and q are isomorphic to q Y G and q H, respectively. Hence, q H g.
p H r H t w where p r . Note that then t = r and w = J for some J : Q F , and the process t w is
isomorphic to J (r ). Hence, t w J (r ).

The direction of (B) follows easily now. Let  F . If = , we have that  F , hence ( , F ) B by Denition 7.
Now let
= , and let M F , be the union of all M p such that F ( p )
= . Since  F , for every r M F , we can
x f r F such that r f r . Let H : Q F be a function dened by H(r ) = f r for all r M F , , and H(r ) = for all
r Q  M F , . Similarly as above, we obtain  H and H  F . Hence, ( , H) B by Denition 7, and ( H, F ) Cl(B )
due to (A) which has already been proven. By applying the rule (2) of Denition 8, we obtain ( , F ) Cl(B ). 2

4. Computing the base

In this section, we present algorithms for computing the base B for various process equivalences. We start by describing
the generic part of the method together with some auxiliary technical results. The applicability of the method to concrete
process equivalences is demonstrated in the subsequent subsections.
For the rest of this section, we x

a pushdown automaton  = ( Q , , A, ) of size n;

a nite-state system T = ( F , A, ) of size m;
a process equivalence such that
is a right PDA congruence;
is decidable for nite-state processes.

Note that we can safely assume that the input alphabet of  and the set of actions of T are the same. In our complexity
estimations we also use the parameter z = | F || Q | .

Denition 10. Let K be a well-formed set. For every i N0 , we dene the set Geni ( K ) P (, F ) F as follows:

Geni ( K ) = {( p , f ) | there is F such that F ( p ) = f and ( , F ) Cli ( K )}

{( p G , f ) | there is F such that F ( p ) = f and ( G , F ) Cli ( K )}

Further, we put Gen( K ) = i =0 Gen
i
( K ).

Some useful properties of Gen are given in the next lemma (all items follow immediately from Denitions 7 and 8).

Lemma 11. Let K be a well-formed set. Then we have the following:

(a) ( p G , f ) Gen( K ) iff G ( p )

= and p G  f .
(b) ( p , f ) Gen( K ) iff p  f .
(c) If ( p w , f ) Gen( K ) and f g, then ( p w , g ) Gen( K ).

The base B is computed by taking the greatest well-formed set G as the initial over-approximation of B , and then
applying one or more cleaning steps until reaching a xed-point. In each cleaning step, all pairs of the form ( X G , F )
contained in a current approximation K of the base are examined, and it is checked whether every ( p X G , F ( p )), where
90 A. Kucera, R. Mayr / Journal of Computer and System Sciences 91 (2018) 82103

Input: A PDA , a nite-state system T

Output: The base B
1: K := the greatest well-formed set G
2: repeat
3: U := K
4: for each ( X G , F ) U do
5: if ( X G , F ) is not contained in Exp(Gen(U ))
6: then K := K  {( X G , H) | H  F }
7: until K = U
8: return K

Fig. 1. An algorithm for computing the base B

F ( p )
= , expands in Gen( K ). Intuitively, the expansion condition is designed so that it implies p X G  F ( p ) if all pairs of
Gen( K ) are correct, i.e., Gen( K ) . For example, in the case of strong bisimilarity, ( p X G , F ( p )) expands in Gen( K ) if for
a a
every move of one process there is a matching move of the other process such that the resulting pair of processes
belongs to Gen( K ). If ( p X G , F ( p )) does not expand in Gen( K ) for some p Q such that F ( p )
= , the pair ( X G , F ) is
deleted from K , together with all ( X G , H) such that H  F (hence, the resulting relation is again well-formed). Formally,
an expansion is a function which to a given relation R P (, F ) F assigns a subset R  R of all pairs ( p w , f ) R that
expand in R. The desired properties of expansion are formulated in the next denition.

Denition 12. We say that a pair of the form ( X G , F ) is contained in a relation R P (, F ) F if ( p X G , F ( p )) R for all
p Q such that F ( p )
= .
An expansion for is a function Exp which to every relation R P (, F ) F assigns a set Exp( R ) R so that the
following conditions are satised (where  is interpreted as a subset of P (, F ) F consisting of all ( p w , f ) such that
p w  f ):

(1) Exp is monotonic.

(2) Exp() = .
(3) For every R P (, F ) F , if Exp( R ) = R then R .
(4) For every well-formed set K , we have that if every ( X G , F ) K is contained in Exp(Gen( K )), then Exp(Gen( K )) =
Gen( K ).
(5) Given a well-formed set K and a pair ( X G , F ) K , it is decidable whether ( X G , F ) is contained in Exp(Gen( K )).

The next theorem says that if Exp is an expansion for , then the base B is computable in the way indicated above, i.e.,
by applying the algorithm of Fig. 1.

Theorem 13. If Exp is an expansion for , then the algorithm of Fig. 1 computes the base B .

Proof. First, realize that the greatest well-formed set G used at line 1 is computable because the set {( , F ) | 
F } {(G , F ) | G  F } is computable (recall that is decidable for nite-state processes), and the set of all pairs of the
form ( X G , F ), where F ( p )
= implies G C ( p X ), is computable in time polynomial in m, n, z, because the set M p X is
computable in time polynomial in n (see, e.g., [30]). Further, the condition in the if statement at line 5 is effective due to
Denition 12(5). The correctness of the algorithm is implied by the following observations:

If K is a well-formed set such that B K and ( X G , F ) K is not contained in Exp(Gen( K )), then ( X G , F ) / B (and
hence ( X G , H) / B for all H  F ). To see this, realize that  = Exp() = Exp(Gen(B )) (here we use Denition 12(2)
and Theorem 9), hence every ( X G , F ) B is contained in Exp(Gen(B )). Further, Exp(Gen(B )) Exp(Gen( K )) because Exp
is monotonic (Denition 12(1)). Thus, every ( X G , F ) B is contained also in Exp(Gen( K )).
Consider the well-formed set K returned by the algorithm at line 8. The previous observation implies B K . Further,
every ( X G , F ) K is contained in Exp(Gen( K )). This means Exp(Gen( K )) = Gen( K ) by Denition 12(4), hence Gen( K )
 by applying Denition 12(3). Hence, for each ( X F , G ) K we have that X F  G, which implies K B . 2

As we shall see, an appropriate expansion can be designed for almost every process equivalence of the linear/branching
time spectrum [57,58].

4.1. Finite multi-automata

a
A general problem related to equivalences with silent -moves is that the set of states reachable in one move can be
innite. For example, in the case of weak bisimilarity, it is natural to stipulate that ( p X G , F ( p )) expands in Gen( K ) if for
a a
every move of one process there is a matching move of the other process such that the resulting pair of processes
belongs to Gen( K ) (cf. the paragraph preceding Denition 12). It is not hard to verify that the associated Exp indeed satises
 A. Kucera, R. Mayr / Journal of Computer and System Sciences 91 (2018) 82103 91

the conditions (1)(4) of Denition 12. Now consider the condition (5). Given a well-formed set K , a pair ( X G , F ) K , and
p Q such that F ( p )
= , we need to decide whether ( p X G , F ( p )) expands in Gen( K ). In particular, this means to check
a a
whether for every F ( p ) f there exists a matching move p X G qw such that (qw , f ) Gen( K ). Since there may exist
innitely many candidates for qw, we cannot try all of them one by one. Instead, we construct

a
a nite-state automaton recognizing all words qw such that p X G qw;
a nite-state automaton recognizing all words qw such that (qw , f ) Gen( K ).

Then, we just check whether the languages recognized by the two nite-state automata have a non-empty intersection.
Interestingly, this is achievable in time polynomial in m, n, z.
Now we develop these tools formally. The next denition is borrowed from [10].

Denition 14. A multi-automaton is a tuple M = ( S , , , Acc) where

S is a nite set of states such that Q S (i.e., the control states of  are among the states of M);
 =  {F | F : Q F } is the input alphabet (i.e., the alphabet has a special symbol for each F : Q F );
S  S is a transition relation, which is extended to the elements of S  S in the natural way;
Acc S is a set of accepting states.

Every multi-automaton M determines a unique set

L(M) = { p w | p Q , w  , ( p , w ) Acc
= } .
A set P P (, F ) is recognized by a multi-automaton M if P = L(M).

Now we show that the set of all congurations reachable from a set of congurations represented by a given multi-
automaton is also representable by an eciently constructible multi-automaton. For every set of processes P and every
action a, we dene the sets

a
Posta (P ) = {t | there is s P such that s t },
Post (P ) = {t | there is s P such that s t },

Post (P ) = {t | there is s P such that s t } .

Note that if P P (, F ), then Posta (P ), Post (P ), and Post (P ) are also subsets of P (, F ). A proof of the following
lemma is obtained by applying the standard saturation technique for pushdown automata (see, e.g., [13] for an overview of
recent results). An explicit proof can be found in [19].

Lemma 15. Let P P (, F ) be a set of processes recognized by a multi-automaton M. Then one can compute multi-automata
recognizing the sets Posta (P ), Post (P ), and Post (P ) in time which is polynomial in m, n, z and the size of M.

In the next lemma we prove that for every well-formed set K and every f F , one can eciently construct a multi-
automaton recognizing all p w such that ( p w , f ) Gen( K ). Here we utilize the simplicity of Cl( K ), see Denition 8.

Lemma 16. Let K be a well-formed set and f F . There is a multi-automaton M K , f constructible in time polynomial in the size of K
recognizing the set Gen f ( K ) = { p w | ( p w , f ) Gen( K )}.

Proof. The multi-automaton M K , f is constructed as follows:

the set of states is Q {n} {F | F : Q F };

the transition relation is the least satisfying the following conditions:
for all ( X G , F ) K and p Q such that F ( p ) = f we have that ( p , X , G ) ;
for all (G , F ) K and p Q such that F ( p ) = f we have that ( p , G , n) ;
if ( X G , F ) K , then (F , X , G ) ;
if ( y , X , G ) and ( , G ) K , then ( y , X , n) ;
(F , F , n) for every F : Q F ;
the set of accepting states is
{n} { p Q | there is ( , F ) K such that F ( p ) = f } .

One can easily verify that L(M K , f ) = Gen f ( K ). 2

92 A. Kucera, R. Mayr / Journal of Computer and System Sciences 91 (2018) 82103

Input: A process p of a PDA  = ( Q , , A, ),

a process f of a nite-state transition system T = ( F , AT , ).
Output: YES if f is the -quotient of p , NO otherwise.
1: if AT
= {a A | there exist (q X , a, r ) and  such that p q X } then return NO
2: if there are f  , f  F such that f 
= f  and f  f  then return NO
3: compute the base B
4: if p
/ Gen f (B) then return NO
5: for all f  , f  F , a A do
6: if f  f  and Posta (Post ({ p }) Gen f  (B )) Gen f  (B ) = then return NO
a

7: if (not f  f  ) and Posta (Post ({ p }) Gen f  (B )) Gen f  (B )

= then return NO
a

8: od
9: return YES

Fig. 2. An algorithm deciding whether f is the -quotient of p .

Remark 17. Lemma 15 and Lemma 16 can also be used to decide the symmetric variant of full regular equivalence
discussed in Section 2 where we require that g f and the sets of states reachable from g and f are the same up
to . Given a PDA process p and a process f of a nite-state transition system T , we rst restrict the set of states
of T to the subset of states reachable from f , then compute the base B , and nally check whether p Gen f (B ) and
Post ({ p }) Gen f  (B )
= for every f  such that f f  .

It is worth noting that the base B together with Lemma 15 and Lemma 16 can also be used to decide whether a given
nite-state process f is the -quotient of a given PDA process p , under the condition that is preserved under quotients.

Denition 18. Let s be a process with state space S and a process equivalence. The -quotient of s is the process [s]
a a
of the transition system ( S /, A, ), where A consists of all actions a such that t u for some t , u S, and [t ]  [u ]
a
iff t  u  for some t  , u  S such that t t  and u u  . We say that is preserved under quotients iff s [s] for every
process s.

It has been shown in [40] (see also [42]) that all reasonable process equivalences are preserved under quotients.
An algorithm deciding whether f is isomorphic to the -quotient of p (where is preserved under quotients) is given
in Fig. 2. First, it is veried that the set of actions AT of T is equal to the set of actions executable in the congurations
reachable from p (line 1). Note that the set

{a A | there exist (q X , a, r ) and  such that p q X }

is computable in time polynomial in the size of p and  (see Lemma 15). At line 2, it is veried that the states of F are
pairwise non-equivalent. Then, it is checked whether the state space of p is included in F up to (lines 3 and 4). Note
that T may still contain some extra states and transitions which are not present in the -quotient of p . At line 6, it is
a a
checked that for each transition f  f  of T there exists a transition q r such that q  f  , r  f  , and p q .
Similarly, at line 7 it is checked that no transition of the -quotient of p is missing in T . Observe that the if statements
at lines 6 and 7 can be implemented by computing a multi-automaton M recognizing the set

Posta (Post ({ p }) Gen f  (B )) Gen f  (B )

and checking whether L(M) = (note that M is effectively constructible due to Lemma 15 and Lemma 16). Moreover, if
the base B is computable in time polynomial in m, n, z, then the algorithm of Fig. 2 also terminates in time polynomial in
m, n, z.

4.2. Bisimulation equivalences with silent moves

In this subsection, we show how to compute the base B for bisimulation-like equivalences with silent moves. We ex-
plicitly consider the four main representatives which are weak, early, delay, and branching bisimilarity. We prove that for all
of these equivalences, the base B is computable in time polynomial in m, n, z.

Denition 19. Let T1 = ( S 1 , , A) and T2 = ( S 2 , , A) be transition systems8 such that S 1 S 2 = . Further, let R S 1 S 2
a
and (s, a, s ) S 1 A S 1 (note that (s, a, s ) is not necessarily a transition of T1 ). We say that a move t t  is R-consistent
with (s, a, s ) in a weak, early, delay, or branching style, if (s, t ), (s , t  ) R and one of the following conditions holds:

a = and t = t  ;

8
Although we use the same symbol to denote the transition relations of T1 and T2 , no confusion arises because the sets S 1 and S 2 are disjoint.
 A. Kucera, R. Mayr / Journal of Computer and System Sciences 91 (2018) 82103 93

a a
the move t t  takes the form t =u 0 u i v 0 v j =t  where i , j 0, and
(i) if the style is early or branching, then (s, u i ) R;
(ii) if the style is delay or branching, then (s , v 0 ) R.

a
Further, we say that a move t t  is tightly R-consistent with (s, a, s ) (in a given style) if stronger variants of the above
conditions are satised, where (i) requires (s, uk ) R for all k i, and (ii) requires (s , v k ) R for all k j.
A pair (s, t ) R b-expands in R if

a a a
for every s s there is a move t t  which is R-consistent with s s ;
a a a
for every t t  there is a move s s which is R 1 -consistent with t t  .

Let BExp be a function which to every R S 1 S 2 assigns the set of all (s, t ) R that b-expand in R. A tight b-expansion
and a function TBExp are dened analogously using tight R-consistency instead of R-consistency.
We say that R is a weak, early, delay, or branching bisimulation if R BExp( R ), where the function BExp is parameterized
by the respective style. Processes s, t are weakly, early, delay, or branching bisimilar if they are related by some weak, early,
delay, or branching bisimulation, respectively.

Since our constructions are to a large extent independent of the chosen style of bisimilarity, from now on we refer just
to bisimilarity which is denoted by in the rest of this subsection. As bisimilar processes have the same state space up
to , we do not distinguish between the relations and .
The next lemma recalls the standard property of bisimilarity used in the proof of Lemma 23.

Lemma 20. Let T1 = ( S 1 , , A) and T2 = ( S 2 , , A) be transition systems where S 1 S 2 = , and let be the relation of bisimi-
larity over S 1 S 2 . Then TBExp() = .

Proof. Let R S 1 S 2 be a relation dened by (s, t ) R if one of the following conditions holds:

There are u , u  S 1 and moves u s, s u  such that u t, and u  t.

There are v , v  S 2 and moves v t, t v  such that s v, and s v  .

It is easy to verify that R is a bisimulation, and hence R . From this we immediately obtain TBExp(), hence
TBExp() = . 2

For technical reasons that become clear in the proof of Lemma 23, we need to assume that the transition relation of T
is complete in the following sense:

Denition 21. Let F be the relation of bisimilarity over F F . We say that T is complete if, for all f , f  F and a A,
a a
the existence of a move f f  F -consistent with ( f , a, f  ) implies f f  .

The completeness assumption is not restrictive because if we add the missing transitions to T (which can be done in
a
time polynomial in m), each state f of T stays bisimilar to itself. Note that this would not be true if we added a f f 
a
transition for every move f f  (consider, e.g., branching bisimilarity).
Our aim is to design a suitable function Exp satisfying the conditions (1)(5) of Denition 12. A natural idea is to
employ the function BExp introduced in Denition 19. Obviously, BExp is monotonic, BExp() = , and if BExp( R ) = R,
then R . Now let K be a well-formed set such that every ( X G , F ) K is contained in BExp(Gen( K )). We need to show
Gen( K ) BExp(Gen( K )), which can be achieved by proving Geni ( K ) BExp(Gen( K )) for every i 0 (by induction on i).
However, there are some diculties in the induction step. To see this, consider a pair ( p X G , f ) Geni +1 ( K ) such that
( p F , f ) Geni ( K ) and ( X G , F ) K . Then

(a) ( p F , f ) b-expands in Gen( K ) by induction hypothesis,

(b) for every q Q such that F (q)
= we have that (q X G , F (q)) b-expands in Gen( K ) (because ( X G , F ) is contained in
BExp(Gen( K ))).

a
We need to show that ( p X G , f ) b-expands in Gen( K ). In particular, this means to prove that for every f g, where
a a a
a
= , there is a move of p X G which is Gen( K )1 -consistent with f g. Due to (a), we know that such a move
exists for p F . One of the problematic cases is when the style is branching and this move takes the form
a
pF rF rJ rH
94 A. Kucera, R. Mayr / Journal of Computer and System Sciences 91 (2018) 82103

a
where p r and (r H, g ) Gen( K ). Here, we would like to conclude that there exists a move F (r ) H(r ) F -consistent
a a
with (F (r ), a, H(r )) (see Denition 21), hence F (r ) H(r ), and due to (b) there is a move r X G t w which is
a
Gen( K )1 -consistent with F (r ) H(r ). Further, the sequence
a
p X G r X G t w
a a
should form a move which is Gen( K )1 -consistent with f g. Unfortunately, there is no clear justication for the
a
existence of a move F (r ) H(r ) F -consistent with (F (r ), a, H(r )). If we used TBExp instead of BExp, the above argument
would work, because then (r F , f ) Gen( K ), hence r F f by Lemma 11(a), and F (r ) f because r F F (r ). However,
deciding whether a given ( X G , F ) K is contained in TBExp(Gen( K )) (cf. condition (5) of Denition 12) is complicated
a
because of the constraints that must be satised by all of the intermediate congurations visited along the move p X G t w.
So, TBExp is not an ideal choice either. After considering possible ways of resolving these problems, it turned out that a
simple solution is to modify the function BExp as follows:

Denition 22. Let R P (, F ) F . We say that a pair ( p w , f ) R quasi-expands in R if the following conditions hold:

a a
for every p w qv, there is f g such that (qv , g ) R;
a
for every f g, one of the following conditions hold:
a = and ( p w , g ) R;
a a
there is a move of p w which is R 1 -consistent with f g. Further, this move contains at most one transition
x
of the form r G r H (which can appear only at the end of the whole move).

A function which to every R P (, F ) F assigns the set of all ( p w , f ) R which quasi-expand in R is denoted by QExp.

We immediately obtain that QExp is monotonic, and if QExp( R ) = R, then R . It remains to check the conditions (2),
(4), and (5) of Denition 12.

Lemma 23. Let be the relation of bisimilarity over P (, F ) F . Then QExp() = .

Proof. Let ( p w , f ) P (, F ) F be a bisimilar pair of processes. We need to show that ( p w , f ) quasi-expands in . Let
a
p w qv. Since ( p w , f ) tightly b-expands in (see Lemma 20), there are two possibilities.

(a) a = and qv f . Since the sequence consisting only of f is a f f move F -consistent with ( f , , f ), we obtain

f f due to the completeness of T .
a a a
(b) There is a move f g tightly -consistent with p w qv (see Lemma 20). Then, the move f g is F -consistent
a
with ( f , a, g ), and due to the completeness of T we obtain f g.

a
Now let f g. Since ( p w , f ) tightly b-expands in (see Lemma 20), we either have that a = and p w g (and we are
a a
done), or there is a move p w qv which is tightly 1 -consistent with f g. The only problematic case not admitted
a
by Denition 22 is when the move p w qv takes the form
x1 xn y1 ym
p G qG = qG0 qGm = qv
y1 ym x
where m 2. However, the sequence G0 (q) Gm (q) is then a move F -consistent with (G0 (q), x, Gm (q)),
a a
where x = a or x = . Observe that here we need the tight 1 -consistency of p w qv with f g. Thus, we obtain
x
G0 (q) Gm (q) because T is complete. Now it is easy to check that
x1 xn x
p G qG = qG0 qGm = qv
a a
is a move 1 -consistent with f g. 2

Lemma 24. Let K be a well-formed set such that every ( X G , F ) K is contained in QExp(Gen( K )). Then QExp(Gen( K )) = Gen( K ).

Proof. By induction on i, we show that Geni ( K ) QExp(Gen( K )) for all i 0. In the base case (when i = 0), we need to
consider pairs of the form

(A) ( p , F ( p )) where ( , F ) K and F ( p )

= ;
(B) ( p G , F ( p )) where (G , F ) K and F ( p )
= ;
(C) ( p X G , F ( p )) where ( X G , F ) K and F ( p )
= .
 A. Kucera, R. Mayr / Journal of Computer and System Sciences 91 (2018) 82103 95

a a
We start with (A). Observe that there is no transition of the form p q . Now let F ( p ) g. As p F ( p ), there is a
a a
move of p which leads to a conguration bisimilar to g. Since the only move of p is p p , we obtain a =
and p g. Then ( p , g ) Gen( K ) by Lemma 11(b), and we are done. Case (B) is also simple (we use Lemma 11(a)), and
case (C) follows by applying the assumption of our lemma.
Now assume ( p w , f ) Geni +1 ( K ). If ( p w , f ) Geni ( K ), we apply induction hypothesis. Otherwise, there are two possi-
bilities (cf. the rules (2) and (3) of Denition 8):

(a) p w = p where
= , and there is F such that ( p F , f ) Geni ( K ) and ( , F ) K .
(b) p w = p X G where
= , and there is F such that ( p F , f ) Geni ( K ) and ( X G , F ) K .

We show that ( p w , f ) quasi-expands in Gen( K ). Consider Case (a). Here we need to show that if ( p F , f ) quasi-expands
in Gen( K ) and ( , F ) K , then ( p , f ) quasi-expands in Gen( K ).

a a a
Let p r . Since ( p F , f ) quasi-expands in Gen( K ) and p F r F , there is f g such that (r F , g ) Gen( K ).
Since ( , F ) K , we have that (r , g ) Gen( K ) as needed.
a a
Let f g. Since ( p F , f ) quasi-expands in Gen( K ), there is a move p F r w which is Gen( K )1 -consistent with
a
f g. We distinguish two cases.
a
The move p F r w takes the form
x1 x2 xn
p F = p 0 0 F p 1 1 F pn n F = r w
1 2 n x x x a
where n 0 and j
= for all j < n. Then p 0 0 p 1 1 pn n is a move of p which is
a
Gen( K ) -consistent with f g because ( , F ) K .
1
a
Otherwise, the move p F r w takes the form
x1 xn1 xn x
p F = p 0 0 F pn1 n1 F qF qH = r w
where n 1, j
= for all j < n, and (qH, g ) Gen( K ). First, we show that x = and qF qH q g. Since
x
( , F ) K , F C ( p ), and q M p , we have that (q , F (q)) quasi-expands in Gen( K ). As F (q) H(q), there is
x x
a move of q which is Gen( K )1 -consistent with F (q) H(q). The only candidate for this move is q q ,
which means that x = and (q , H(q)) Gen( K ). Hence, q H(q) qH, and since (qH, g ) Gen( K ), we further
obtain qH H(q) g (see Lemma 11).
Since q g, we have that (q , g ) Gen( K ) due to Lemma 11(b). Now consider the sequence
x1 x2 xn
p = p 0 0 p 1 1 q
a a
If this sequence forms a move which is Gen( K )1 -consistent with f g, we are done. Otherwise, the style is
early or branching, xi = for all 1 i n (hence a = ), and (qF , f ) Gen( K ). But then f g, and as ( p , f )
Gen( K ) (this is because ( p F , f ) Gen( K ) and ( , F ) K ), we also obtain ( p , g ) Gen( K ) by Lemma 11(c). So, the
condition of quasi-expansion is satised.

Now consider Case (b). We need to show that if ( p F , f ) quasi-expands in Gen( K ) and ( X G , F ) K , then ( p X G , f )
a a a
quasi-expands in Gen( K ). If p X G q X G , then p F q F (recall
= ) and hence there is f g such that
a a
(q F , g ) Gen( K ). Then also (q X G , g ) Gen( K ) because ( X G , F ) K . Now let f g. Then there is a move p F r w
a
which is Gen( K )1 -consistent with f g. Similarly as in Case (b), we distinguish two cases.

a
The move p F r w takes the form
x1 x2 xn
p F = p 0 0 F p 1 1 F pn n F = r w
x x a
where n 0 and j
= for all j < n. Then p 0 0 X G
1
pn n X G is a move of p X G which is
n

a
Gen( K )1 -consistent with f g because ( X G , F ) K .
a
The move p F r w takes the form
x1 xn x
p F = p 0 0 F qF qH = r w
where n 1, j
= for all j < n, and (qH, g ) Gen( K ). Since (q X G , F (q)) quasi-expands in Gen( K ), there is a move
x x
q X G sv which is Gen( K )1 -consistent with F (q) H(q). Now it is easy to check that the sequence of transition
x1 xn x a
obtained by concatenating p X G = p 0 0 X G q X G with the move q X G sv forms a move which is
a
Gen( K )1 -consistent with f g. 2
96 A. Kucera, R. Mayr / Journal of Computer and System Sciences 91 (2018) 82103

Lemma 25. The problem whether ( X G , F ) is contained in QExp(Gen( K )) for a given well-formed set K and a given pair ( X G , F ) K
is decidable in time polynomial in m, n, z.

Proof. Let us x some p Q such that F ( p ) = f

= . To decide whether ( p X G , f ) quasi-expands in Gen( K ), we need to
verify the following conditions:

a a a
For each p X G q G there is some f g such that (q G , g ) Gen( K ). However, it suces check whether f g for
some g F such that q G L(M K , g ), where M K , g is the multi-automaton of Lemma 16. Obviously, this is achievable
in time polynomial in m, n, z.
a
For each f g, one of the following conditions is satised:
(A) a = and ( p X G , g ) Gen( K );
a
(B) there is a sequence p X q r s such that (s G , g ) Gen( K ) and
* if the style is early or branching, then (q G , f ) Gen( K );
* if the style is delay or branching, then (r G , g ) Gen( K );
a
(C) there exist a sequence p X q r s and H such that sG sH, (sH, g ) Gen( K ), and
* if the style is early or branching, then (q G , f ) Gen( K );
* if the style is delay or branching, then (r G , g ) Gen( K );
a
(D) there exist a move p X s and H such that sG sH, (sH, g ) Gen( K ), and if the style is early or branching,
then also (sG , f ) Gen( K ).
Condition (A) can be decided by checking whether p X G L(M K , g ). Now consider Condition (B). Clearly, for every
h F there is a multi-automaton MG K ,h
constructible in time polynomial in m, n, z recognizing the set

GenhG ( K ) = { p | ( p G , h) Gen( K )} .

Note that MG K ,h
can be obtained by a trivial modication of M K ,h . Depending on whether the style is weak, early,
delay, or branching, Condition (B) can be reformulated as follows:
Post (Posta (Post ({ p X }))) GenG
g ( K )
= ;
Post (Posta (Post ({ p X }) GenGf ( K ))) GenG
g ( K )
= ;

Post (Posta (Post ({ p X })) GenG G

g ( K )) Gen g ( K )
= ;
Post (Posta (Post ({ p X }) GenGf ( K )) GenG G
g ( K )) Gen g ( K )
= .
Due to Lemma 16 and Lemma 15, each of these four conditions can be checked in a purely symbolic way by per-
forming the required operations directly on the underlying multi-automata. Obviously, the whole procedure can be
implemented in time polynomial in m, n, z. Also observe that the last two lines can actually be simplied into
Posta (Post ({ p X })) GenG g ( K )
= ;
Posta (Post ({ p X }) GenGf ( K )) GenG
g ( K )
= .

Condition (C) is handled similarly. Let T gG ( K ) be the set of all s such that sG sH for some H satisfying (sH, g )
Gen( K ). Clearly, the set T gG ( K ) is constructible in time polynomial in m, n, z. Depending on whether the style is weak,
early, delay, or branching, Condition (C) can now be stated as follows:
Post (Posta (Post ({ p X }))) T gG ( K )
= ;
Post (Posta (Post ({ p X }) GenGf ( K ))) T gG ( K )
= ;
G
Post (Posta (Post ({ p X })) GenG
g ( K )) T g ( K )
= ;
Post (Posta (Post ({ p X }) GenGf ( K )) GenG G
g ( K )) T g ( K )
= .
Again, these conditions can be checked symbolically it time polynomial in m, n, z. Condition (D) can be reformulated
and veried similarly. 2

As a direct corollary to Lemmata 23, 24, and 25, we obtain the following theorem:

Theorem 26. The problems of weak, early, delay, and branching bisimilarity between PDA processes and nite-state processes are
decidable in time polynomial in m, n, z. For PDAk processes, where k 1 is a xed constant, the problems are decidable in time
polynomial in m, n.

According to Theorem 26, bisimulation-like equivalences between PDAk processes and nite-state processes are decidable
in polynomial time. In particular, this holds for BPA (i.e., PDA1 ) processes. Thus, we obtain a substantial generalization of
the polynomial-time algorithm for deciding weak bisimilarity between BPA and nite-state processes presented in [45].
 A. Kucera, R. Mayr / Journal of Computer and System Sciences 91 (2018) 82103 97

Fig. 3. An expansion for weak simulation equivalence.

4.3. Simulation-like equivalences

In this section we show how to design an appropriate expansion for simulation-like equivalences. We have chosen weak
simulation equivalence as a representative example.

Denition 27. Let T1 = ( S 1 , , A) and T2 = ( S 2 , , A) be transition systems such that S 1 S 2 = , and let R S 1 S 2 .
a a
We say that R is a weak simulation if for all (s, t ) R and s s there is a move t t  such that (s , t  ) R.
We say that t weakly simulates s, written s  t, if there is a weak simulation R such that (s, t ) R. Further, s, t are weakly
simulation equivalent, written s t, if they weakly simulate each other.

Similarly as in Section 4.2, we need to assume that T is complete in the following sense: For all f , g F and a A we
a a
have that if f g, then also f g. Again, this assumption is not restrictive because the missing transitions can be added
in polynomial time and each state of F stays weakly simulation equivalent to itself.
Note that if p w  f , then p w  f , f  p w, and for every qv reachable from p w there is g F such that qv  g.
Observe the following:

a a a
If p w qv, there is a matching f g (and hence also f g) such that qv  g. Further, there is g F such that
qv  g, hence g  g. This is illustrated in Fig. 3 (left).
a a
If f g, there is a matching p w qv such that g  qv. Further, there is g F such that qv  g, hence g  g. This is
illustrated in Fig. 3 (right).

The above properties are directly reected in the expansion condition for simulation equivalence.

Denition 28. Let R P (, F ) F be a relation. We say that a pair ( p w , f ) R sim-expands in R if the following conditions
are satised:
a a
for all a A and p w qv, there are g F and f g such that (qv , g ) R and g  g;
a a
for all a A and f g, there are g F and a move p w qv such that (qv , g ) R and g  g.

A function which to every R P (, F ) F assigns the set of all ( p w , f ) R which sim-expand in R is denoted by SExp( R ).

The function SExp is clearly monotonic. Further, it is easy to check that SExp() = . It remains to verify the condi-
tions (3), (4), and (5) of Denition 12.

Lemma 29. Let R P (, F ) F such that SExp( R ) = R. Then R .

Proof. Let us x some R P (, F ) F such that SExp( R ) = R. It suces to show R , because for every ( p w , f ) R
and every qv reachable from p w there clearly exists g F such that (qv , g ) R (cf. the rst item of Denition 28). Let

R  = {( p w , f ) | there is f F such that ( p w , f ) R and f  f };

R  = {( p w , f ) | there is f F such that ( p w , f ) R and f  f }.

Clearly, the relations R  and R  subsume R, and it is straightforward to check that both R  and R 1
 are weak simulations,
which implies R . 2

Lemma 30. Let K be a well-formed set such that every ( X G , F ) K is contained in SExp(Gen( K )). Then SExp(Gen( K )) = Gen( K ).

Proof. By induction on i, we show that Geni ( K ) SExp(Gen( K )) for all i 0. The base case (when i = 0) is similar as in
the proof of Lemma 24. Now assume ( p w , f ) Geni +1 ( K ). If ( p w , f ) Geni ( K ), we apply induction hypothesis. Otherwise,
there are two possibilities (cf. the rules (2) and (3) of Denition 8):

(a) p w = p where
= , and there is F such that ( p F , f ) Geni ( K ) and ( , F ) K .
(b) p w = p X G where
= , and there is F such that ( p F , f ) Geni ( K ) and ( X G , F ) K .
98 A. Kucera, R. Mayr / Journal of Computer and System Sciences 91 (2018) 82103

We show that ( p w , f ) sim-expands in Gen( K ). In Case (a), we need to show that if ( p F , f ) sim-expands in Gen( K ) and
( , F ) K , then ( p , f ) sim-expands in Gen( K ).
a a a
Let p r . Since ( p F , f ) sim-expands in Gen( K ) and p F r F , there are g F and f g such that (r F , g )
Gen( K ) and g  g. Since ( , F ) K , we have that (r , g ) Gen( K ) as needed.
a a
Let f g. Since ( p F , f ) sim-expands in Gen( K ), there are g F and a move p F r w such that (r w , g ) Gen( K )
and g  g. We distinguish two cases.
a a a
The move p F r w is of the form p F r F where p r . Since (r F , g ) Gen( K ) and ( , F ) K , we
obtain (r , g ) Gen( K ) as needed.
a x y x
Otherwise, the move p F r w takes the form p F r F r H where p r . Now it suces to show that x = a
and r g, because then also r  g and hence (r , g ) Gen( K ) by Lemma 11(b). Since ( , F ) K and F (r )
=
(this is because F C ( p ) and r M p ), we obtain r F (r ) r F . This implies that every process reachable from
r F can execute only -labeled transitions, and hence it is weakly simulation equivalent to r . In particular, y =
(hence x = a) and r r H g as needed.

Now consider Case (b). We need to show that if ( p F , f ) sim-expands in Gen( K ) and ( X G , F ) K , then ( p X G , f )
a a a
sim-expands in Gen( K ). If p X G q X G , then p F q F (recall
= ) and hence there are g F and f g such
a
that (q F , g ) Gen( K ) and g  g. Since ( X G , F ) K , we have that (q X G , g ) Gen( K ) as needed. Now let f g. Since
a
( p F , f ) sim-expands in Gen( K ), there are g F and a move p F r w such that (r w , g ) Gen( K ) and g  g. There are
two possibilities.

a a a a
The move p F r w is of the form p F r F where p r . Then p X G r X G , and since (r F , g ) Gen( K )
and ( X G , F ) K , we obtain (r X G , g ) Gen( K ) as needed.
a x y x
The move p F r w takes the form p F r F r H where p X G r X G and (r H, g ) Gen( K ). Due to
y y
Lemma 11(a), we have that r H g, hence g  g  r H  H(r ). Since r F r H, we also have F (r ) H(r ), hence
y
F (r ) H(r ) because T is complete. Since ( X F , F ) is contained in SExp(Gen( K )), the pair (r X G , F (r )) sim-expands
y
in Gen( K ), and therefore there exist h F and a move r X G qv such that (qv , h) Gen( K ) and H(r )  h. Hence,
x y
p X G r X G qv, where (qv , h) Gen( K ) and g  H(r )  h. 2

Given a well-formed set K and a pair ( X G , F ) K , the problem whether ( X G , F ) is contained in SExp(Gen( K )) can
be decided in time polynomial in m, n, z by using the same technique as in Lemma 25. That is, we use Lemma 16 and
Lemma 15 to check the required conditions symbolically. Thus, we obtain the following:

Theorem 31. The problem of full weak simulation equivalence between PDA and nite-state processes is decidable in time polynomial
in m, n, z. For PDAk processes, where k 1 is a xed constant, the problem is decidable in time polynomial in m, n.

Let us note that the problem of checking weak (and also strong) simulation equivalence between PDA and nite-state
processes is EXPTIME-complete, and the EXPTIME-hardness holds even for BPA (i.e., PDA1 ) processes [46].

4.4. Trace-like equivalences

In this section we consider trace-like equivalences. We show how to design an appropriate expansion for weak trace
equivalence.

Denition 32. Let T = ( S , A, ) be a transition system. For all s, t S and all nite words x = a1 . . . ak A (where k 0),
x ai
we write s t if there are s0 , . . . , sk S such that s = s0 , t = sk , and si 1 = si for all 1 i k. A trace of s S is a word
x
x A such that s t for some t S. The set of all traces of s is denoted by Tr (s). Processes s, t are weakly trace equivalent,
written s t, if Tr(s) = Tr(t ).

To get some intuition behind the next denition, realize that if p w  f , the following conditions are satised:

a a
If p w qv, there is g F such that qv  g. Further, each trace of qv is a trace of some g F such that f g. Hence,

Tr(qv ) = Tr( g ) Tr( g ) .
a
f g

See Fig. 4 (left).

 A. Kucera, R. Mayr / Journal of Computer and System Sciences 91 (2018) 82103 99

Fig. 4. An expansion for weak trace equivalence.

a  a
If f g, then Tr( g ) a
p w qv
Tr(qv ). Further, for every qv such that p w qv, the set E [qv ] = { g F | qv  g } is
non-empty. We have that
  
Tr( g ) Tr(qv ) = Tr( g ) .
p w qv g E [qv ]
a a
p w qv

See Fig. 4 (right). Note that all g E [qv ] have the same set of traces, so the above inclusion holds even if we used
 one representative of each E [qv ]. For our purposes (see Denition 33), it is more convenient to consider the union
just
g E [qv ] Tr ( g ).

Denition 33. Let R P (, F ) F be a relation. For every p w P (, F ), we dene the set R [ p w ] = { g F | ( p w , g ) R }.
We say that a pair ( p w , f ) R trace-expands in R if the following two conditions are satised:

a 
for all a A and p w qv there is g R [qv ] such that Tr( g ) f a
g
Tr( g ).
a  
for all a A and f g we have that Tr( g ) p w a
qv g R [qv ] Tr ( g ).

A function which to every R P (, F ) F assigns the set of all ( p w , f ) R which trace-expand in R is denoted by
TExp( R ).

The monotonicity of TExp and the equality TExp() =  are easy to verify. We prove the remaining properties of Deni-
tion 12.

Lemma 34. Let R P (, F ) F such that TExp( R ) = R. Then R .

Proof. Let R P (, F ) F such that TExp( R ) = R. It suces to show R (then also R  due to the rst item of
Denition 33). By induction on the length of x A , we show that for all ( p w , f ) R we have that x Tr( p w ) iff x Tr( f ).
The base case when x = is immediate, because is a trace of every process. Now let x = ay where a A, and let
( p w , f ) R.

a y
If ay Tr( p w ), there are qv and ru such that p w qv ru. Since the pair ( p w , f ) trace-expands in R, there is g F
such that (qv , g ) R (hence, y Tr( g ) by induction hypothesis) and Tr ( g ) a Tr( g ). This implies y Tr( g ) for
f g
a
some g F such that f g, which means ay Tr( f ).
a y
If ay Tr( f ), there are g , h F such that f g h. Since the pair ( p w , f ) trace-expands in R, we have that y
  a
a
p w qv g R [qv ] Tr ( g ). Hence, there exist qv and g such that p w qv, (qv , g ) R, and y Tr ( g ). By induction
hypothesis, we obtain y Tr(qv ), hence ay Tr( p w ). 2

Lemma 35. Let K be a well-formed set such that every ( X G , F ) K is contained in TExp(Gen( K )). Then TExp(Gen( K )) = Gen( K ).

Proof. By induction on i, we show that Geni ( K ) TExp(Gen( K )) for all i 0. The base case (when i = 0) is similar as in
the proof of Lemma 24. Now assume ( p w , f ) Geni +1 ( K ). If ( p w , f ) Geni ( K ), we apply induction hypothesis. Otherwise,
there are two possibilities (cf. the rules (2) and (3) of Denition 8):

(a) p w = p where
= , and there is F such that ( p F , f ) Geni ( K ) and ( , F ) K .
(b) p w = p X G where
= , and there is F such that ( p F , f ) Geni ( K ) and ( X G , F ) K .
100 A. Kucera, R. Mayr / Journal of Computer and System Sciences 91 (2018) 82103

We show that ( p w , f ) trace-expands in Gen( K ). In Case (a), we need to show that if ( p F , f ) trace-expands in Gen( K )
and ( , F ) K , then ( p , f ) trace-expands in Gen( K ).

a a
Let p q . Since ( p F , f ) trace-expands in Gen( K ) and p F q F , there is g Gen( K )[q F ] such that Tr ( g )

a Tr( g ). Since ( , F ) K , we have that g Gen( K )[q] as needed.
f g
a  
Let f g. Since ( p F , f ) trace-expands in Gen( K ), we have that Tr( g ) p F
a
qv g Gen( K )[qv ] Tr ( g ). Now it suces
a a
to show that for every move p F qv there is a move p qu such that, for every g F , (qv , g ) Gen( K ) implies
a
(qu , g ) Gen( K ). So, let us x a move p F qv. We distinguish two cases.
a a a
The move p F qv takes the form p F q F , where p q . Since (q F , g ) Gen( K ) implies (q, g )
Gen( K ) (because ( , F ) K ), we are done.
a x y x
The move p F r w takes the form p F qF qH where p q and x, y { , a}. It suces to show that
x = a, and if (qH, g ) Gen( K ), then also (q , g ) Gen( K ). Since ( , F ) K and F (q)
= , we obtain q F (q) qF .
This implies that every process reachable from qF can execute only -labeled transitions, and hence it is weakly
trace equivalent to q . In particular, y = (hence x = a), and q qH. Now suppose (qH, g ) Gen( K ). Then qH  g
(see Lemma 11(a)), hence q  g, and (q , g ) Gen( K ) by Lemma 11(b).

In Case (b), we need to show that if ( p F , f ) trace-expands in Gen( K ) and ( X G , F ) K , then ( p X G , f ) trace-expands in
a
Gen( K ). Let p X G qv. There are two possibilities.

a a a a
The move p X G qv takes the  form p X G q X G where p q . Then p F q F and hence there is g
Gen( K )[q F ] such that Tr( g ) a Tr( g ). Since ( X G , F ) K , we have that g Gen( K )[q X G ] as needed.
f g
a x y x x
The move p X G qv takes the form p X G r X G qv, where p r and  x, y { , a}. Then p F r F and since

( p F , f ) trace-expands in Gen( K ), there is
Gen( K )[r F ] such that Tr(
) x
f

Tr(
). By Lemma 11(a), we have
y
r F
. Further, since (r X G , F (r )) trace-expands 
that F (r )  in Gen( K ) and r X G qv, there is h Gen( K )[qv ] such
that Tr(h) y Tr(h). Hence, it suces to show Tr(h) a Tr( g ). However, by applying the above inclusions
F (r ) h f g
we immediately obtain
    
Tr(h) Tr(h) = Tr(h) Tr(h) Tr( g ) .
y y x y a
F (r ) h
h f

h f g

a
Now let f g. As ( p F , f ) trace-expands in Gen( K ), we obtain
 
Tr( g ) Tr( g ) .
p F qv g Gen( K )[qv ]
a

a
Hence, it suces to show that for every p F qv and every g Gen( K )[qv ],
 
Tr( g ) Tr(h) .
a
p X G ru hGen( K )[ru ]

a
So, let us x some p F qv and g Gen( K )[qv ]. There are two possibilities.

a a a a
The move p F qv is of the form p F q F where p q . Then p X G q X G , and since (q F , g ) Gen( K )
implies (q X G , g ) Gen( K ) (because ( X G , F ) K ), we are done.
a x y x y
The move p F qv takes the form p F qF qH where p X G q X G , F (q) H(q), and x, y { , a}. Since
a
(qH, g ) Gen( K ), we have H(q) qH g by Lemma 11(a). As F (q) H(q) and (q X G , F (q)) trace-expands in Gen( K ),
we obtain
 
Tr(H(q)) Tr(h) .
y
q X G ru hGen( K )[ru ]

Thus,
   
Tr( g ) = Tr(H(q)) Tr(h) Tr(h) . 2
y a
q X G ru hGen( K )[ru ] p X G ru hGen( K )[ru ]
 A. Kucera, R. Mayr / Journal of Computer and System Sciences 91 (2018) 82103 101

Since the trace equivalence problem for T is PSPACE-complete9 , the problem of checking full weak trace equivalence
between PDA and nite-state processes is PSPACE-hard even for BPA (i.e., PDA1 ) processes. We prove the following:

Lemma 36. The problem whether ( X G , F ) is contained in TExp(Gen( K )) for a given well-formed set K and a given pair ( X G , F ) K
is decidable in space polynomial in m, n, z.

Proof. Let K be a well-formed set, ( X G , F ) K , and p F such that F ( p )

= . To decide whether ( p X G , F ( p )) trace-
expands in TExp( K ), we need to check the following conditions:

a 
For all a A and p X G qv, there is g Gen( K )[qv ] such that Tr( g ) a
f g
Tr( g ). For a given a A, this con-

dition can be veried as follows. First, we compute the set G F of all g such that Tr ( g ) a Tr( g ). This is
f g
achievable in space polynomial in m. Then, for each g G, we compute a multi-automaton M[ g ] recognizing the set
a a
{qv | p X G qv and (qv , g ) Gen( K )}. We also compute a multi-automaton M[a] recognizing the set {qv | p X G qv }.
Clearly, these multi-automata are constructible
 in time polynomial in m, n, z, and their size is polynomial in m, n, z.
Now we check whether L(M[a]) g G L(M[ g ]), which is achievable in space polynomial in m, n, z.
a  
For all a A and f g we have that Tr( g ) a
p X G qv g Gen( K )[qv ] Tr ( g ). Here we use Lemma 16 and Lemma 15 to
construct the set

a
G = { g F | (qv , g ) Gen( K ) for some qv such that p X G qv }

and then check whether Tr ( g ) g G Tr( g ). Obviously, this is achievable in space polynomial in m, n, z. 2

Theorem 37. The problem of full weak trace equivalence between PDA and nite-state processes is decidable in space polynomial in
m, n, z. For PDAk processes, where k 1 is a xed constant, the problem is decidable in space polynomial in m, n. Moreover, the problem
is PSPACE-hard even for BPA processes.

Note that checking trace-like equivalences between BPA and nite-state systems is undecidable (this follows easily from
the undecidability of the universality problem for context-free grammars, i.e., the question whether L (G ) =  for a given
CFG; see, e.g., [30]).

Remark 38. It is worth noting that the problem of full language equivalence between PDA and nite-state processes is
easily reducible to the problem of full weak trace equivalence. Let  = ( Q , , A, ) be a PDA (where the -labeled rules
correspond to the -moves, cf. [30]) which accepts by empty stack, i.e., the language accepted by a given conguration p
w
consists of all w A such that p q for some q Q . Further, let T = ( F , A, ) be a nite-state system which accepts
by entering a nal state g F . We construct another PDA  and a nite-state system T  as follows:

 = ( Q { p u },  { Z }, A {#},  ), where p u , Z , # are fresh symbols, and  contains all rules of together with
a
p X p u X for all p Q , X  { Z }, and a A;
a
p u X p u X for all X  { Z } and a A;
#
p Z p for all p Q .
The stack symbol Z is used as the bottom-of-the-stack marker, and the action # marks the end of an accepted word. It
is easy to check that for every conguration p of  and every w A we have that p accepts w iff the conguration
p Z of  has a trace w#. Further, observe that every v A is a trace of p Z .
T  = ( F { f # , f u }, A {#}, ) where f # , f u are fresh states, and  contains all transitions of together with
#
g  f#;
a
f  f u for all f F and a A;
a
f u  f u for all a A.

Now it is easy to check that for every conguration p of  and every state f of T we have that p is fully language
equivalent to f iff the conguration p Z of  is fully weak trace equivalent to the state f of T  .

9
Trace equivalence is dened similarly as weak trace equivalence. The only difference is that is treated as an ordinary action; a trace of a given
w
process s is a sequence w A such that s t for some t. The PSPACE-hardness of trace equivalence for nite-state processes follows immediately from
PSPACE-completeness of language inclusion/equivalence problem for non-deterministic nite automata; see, e.g., [30].
102 A. Kucera, R. Mayr / Journal of Computer and System Sciences 91 (2018) 82103

5. Conclusions

We have shown that the problem of checking full regular equivalence with PDA processes is decidable for selected
conceptual representatives of the linear/branching time spectrum. For bisimulation and simulation-like equivalences, our
algorithm is polynomial if the number of control states in PDA is bounded by some xed constant. Since we aimed mainly
at demonstrating the versatility and eciency of the designed method, we have not paid much attention to the implemen-
tation details and performed only a rough complexity analysis. Nevertheless, this is sucient for separating the problems
solvable in polynomial time from the computationally hard ones.
A crucial parameter inuencing the complexity of our algorithm is the number of control states of  (recall z = | F || Q | ). A
closer look reveals that we can actually rene z into | F |Ret , where Ret = max{| M p X | | p X Q }. Intuitively, Ret represents
the maximal amount of information returned by a procedure call in the recursive program represented by . We can easily
modify  so that for every p X Q  we have that M p X { f 1 , . . . , f Ret }, where f 1 , . . . , f Ret are some xed control states
(the modication may increase the size of  , but only polynomially). Then, we can safely restrict the range of the functions
F , G , H, . . . into { f 1 , . . . , f Ret }. Hence, the presented complexity bounds remain valid even if we put z = | F |Ret and dene
PDAk as the class of all PDA where Ret k.

Acknowledgments

We thank the reviewers for their many useful comments and suggestions. Antonn Kucera is supported by the Czech
Science Foundation, grant No. P202/12/G061.

References

[1] P.A. Abdulla, K. Cerans, Simulation is decidable for one-counter nets, in: Proceedings of CONCUR98, in: Lecture Notes in Computer Science, vol. 1466,
Springer, 1998, pp. 253268.
[2] R. Alur, K. Etessami, P. Madhusudan, A temporal logic of nested calls and returns, in: Proceedings of TACAS 2004, in: Lecture Notes in Computer
Science, vol. 2988, Springer, 2004, pp. 467481.
[3] R. Alur, K. Etessami, M. Yannakakis, Analysis of recursive state machines, in: Proceedings of CAV 2001, in: Lecture Notes in Computer Science, vol. 2102,
Springer, 2001, pp. 207220.
[4] J.C.M. Baeten, J.A. Bergstra, J.W. Klop, Decidability of bisimulation equivalence for processes generating context-free languages, J. Assoc. Comput. Mach.
40 (3) (1993) 653682.
[5] J.C.M. Baeten, W.P. Weijland, Process Algebra, Cambridge Tracts in Theoretical Computer Science, vol. 18, Cambridge University Press, 1990.
[6] M. Benedikt, S. Gller, S. Kiefer, A. Murawski, Bisimilarity of pushdown automata is nonelementary, in: Proceedings of LICS 2013, IEEE Computer Society
Press, 2013, pp. 488498.
[7] S. Bhm, S. Gller, P. Jancar, Bisimilarity of one-counter processes is PSPACE-complete, in: Proceedings of CONCUR 2010, in: Lecture Notes in Computer
Science, vol. 6269, Springer, 2010, pp. 177191.
[8] S. Bhm, S. Gller, P. Jancar, Equivalence of deterministic one-counter automata is NL-complete, in: Proceedings of STOC 2013, ACM Press, 2013,
pp. 131140.
[9] A. Bouajjani, Languages, rewriting systems, and verication of innite-state systems, in: Proceedings of ICALP2001, in: Lecture Notes in Computer
Science, vol. 2076, Springer, 2001, pp. 2439.
[10] A. Bouajjani, J. Esparza, O. Maler, Reachability analysis of pushdown automata: application to model checking, in: Proceedings of CONCUR97, in: Lecture
Notes in Computer Science, vol. 1243, Springer, 1997, pp. 135150.
[11] O. Burkart, D. Caucal, F. Moller, B. Steffen, Verication on innite structures, in: Handbook of Process Algebra, 2001, pp. 545623.
[12] O. Burkart, D. Caucal, B. Steffen, An elementary decision procedure for arbitrary context-free processes, in: Proceedings of MFCS95, in: Lecture Notes
in Computer Science, vol. 969, Springer, 1995, pp. 423433.
[13] A. Carayol, M. Hague, Saturation algorithms for model-checking pushdown systems, Electron. Proc. Theor. Comput. Sci. 151 (2014) 124.
[14] D. Caucal, Graphes canoniques des graphes algbriques, RAIRO Theor. Inform. Appl. 24 (4) (1990) 339352.
p
[15] D. Caucal, D.T. Huynh, L. Tian, Deciding branching bisimilarity of normed context-free processes in 2 , Inf. Comput. 118 (2) (1995) 306315.
[16] S. Christensen, H. Httel, C. Stirling, Bisimulation equivalence is decidable for all context-free processes, Inf. Comput. 121 (1995) 143148.
[17] W. Czerwinski, P. Jancar, Branching bisimilarity of normed BPA processes is in NEXPTIME, in: Proceedings of LICS 2015, 2015, pp. 168179.
[18] J. Esparza, Decidability of model checking for innite-state concurrent systems, Acta Inform. 34 (1997) 85107.
[19] J. Esparza, D. Hansel, P. Rossmanith, S. Schwoon, Ecient algorithms for model checking pushdown systems, in: Proceedings of CAV 2000, in: Lecture
Notes in Computer Science, vol. 1855, Springer, 2000, pp. 232247.
[20] J. Esparza, J. Knoop, An automata-theoretic approach to interprocedural data-ow analysis, in: Proceedings of FoSSaCS99, in: Lecture Notes in Computer
Science, vol. 1578, Springer, 1999, pp. 1430.
[21] J. Esparza, A. Kucera, S. Schwoon, Model-checking LTL with regular valuations for pushdown systems, Inf. Comput. 186 (2) (2003) 355376.
[22] J. Esparza, S. Schwoon, A BDD-based model checker for recursive programs, in: Proceedings of CAV 2001, in: Lecture Notes in Computer Science,
vol. 2102, Springer, 2001, pp. 324336.
[23] E.P. Friedman, The inclusion problem for simple languages, Theor. Comput. Sci. 1 (4) (1976) 297316.
[24] Y. Fu, Checking equality and regularity for normed BPA with silent moves, in: Proceedings of ICALP 2013, Part II, in: Lecture Notes in Computer Science,
vol. 7966, Springer, 2013, pp. 238249.
[25] S. Gller, R. Mayr, A.W. To, On the computational complexity of verifying one-counter processes, in: Proceedings of LICS 2009, IEEE Computer Society
Press, 2009, pp. 235244.
[26] J.F. Groote, A short proof of the decidability of bisimulation for normed BPA processes, Inf. Process. Lett. 42 (1992) 167171.
[27] C. He, M. Huang, Branching bisimilarity on normed BPA is EXPTIME-complete, in: Proceedings of LICS 2015, 2015, pp. 180191.
[28] Y. Hirshfeld, M. Jerrum, F. Moller, A polynomial algorithm for deciding bisimilarity of normed context-free processes, Theor. Comput. Sci. 158 (12)
(1996) 143159.
[29] P. Hofman, S. Lasota, R. Mayr, P. Totzke, Simulation problems over one-counter nets, Log. Methods Comput. Sci. 1 (2016) 6.
[30] J.E. Hopcroft, J.D. Ullman, Introduction to Automata Theory, Languages, and Computation, AddisonWesley, 1979.
 A. Kucera, R. Mayr / Journal of Computer and System Sciences 91 (2018) 82103 103

[31] H. Httel, Silence is golden: branching bisimilarity is decidable for context-free processes, in: Proceedings of CAV91, in: Lecture Notes in Computer
Science, vol. 575, Springer, 1992, pp. 212.
[32] H. Httel, C. Stirling, Actions speak louder than words: proving bisimilarity for context-free processes, J. Log. Comput. 8 (4) (1998) 485509.
[33] P. Jancar, Bisimilarity on basic process algebra is in 2-ExpTime (an explicit proof), Log. Methods Comput. Sci. 9 (1) (2012).
[34] P. Jancar, Bisimulation equivalence of rst-order grammars, in: Proceedings of ICALP 2014, Part II, in: Lecture Notes in Computer Science, vol. 8573,
Springer, 2014, pp. 232243.
[35] P. Jancar, Equivalences of pushdown systems are hard, in: Proceedings of FoSSaCS 2014, in: Lecture Notes in Computer Science, vol. 8412, Springer,
2014, pp. 128.
[36] P. Jancar, A. Kucera, F. Moller, Simulation and bisimulation over one-counter processes, in: Proceedings of STACS 2000, in: Lecture Notes in Computer
Science, vol. 1770, Springer, 2000, pp. 334345.
[37] P. Jancar, F. Moller, Techniques for decidability and undecidability of bisimilarity, in: Proceedings of CONCUR99, in: Lecture Notes in Computer Science,
vol. 1664, Springer, 1999, pp. 3045.
[38] P. Jancar, F. Moller, Z. Sawa, Simulation problems for one-counter machines, in: Proceedings of SOFSEM99, in: Lecture Notes in Computer Science,
vol. 1725, Springer, 1999, pp. 404413.
[39] S. Kiefer, BPA bisimilarity is EXPTIME-hard, Inf. Process. Lett. 113 (4) (2013) 101106.
[40] A. Kucera, On nite representations of innite-state behaviours, Inf. Process. Lett. 70 (1) (1999) 2330.
[41] A. Kucera, The complexity of bisimilarity-checking for one-counter processes, Theor. Comput. Sci. 304 (13) (2003) 157183.
[42] A. Kucera, J. Esparza, A logical viewpoint on process-algebraic quotients, J. Log. Comput. 13 (6) (2003) 863880.
[43] A. Kucera, P. Jancar, Equivalence-checking on innite-state systems: techniques and results, Theory Pract. Log. Program. 6 (3) (2006) 226264.
[44] A. Kucera, R. Mayr, Simulation preorder over simple process algebras, Inf. Comput. 173 (2) (2002) 184198.
[45] A. Kucera, R. Mayr, Weak bisimilarity between nite-state systems and BPA or normed BPP is decidable in polynomial time, Theor. Comput. Sci.
270 (12) (2002) 677700.
[46] A. Kucera, R. Mayr, On the complexity of checking semantic equivalences between pushdown processes and nite-state processes, Inf. Comput. 208 (7)
(2010) 772796.
[47] A. Kucera, Ph. Schnoebelen, A general approach to comparing innite-state systems with their nite-state specications, Theor. Comput. Sci. 358 (23)
(2006) 315333.
[48] R. Mayr, Undecidability of weak bisimulation equivalence for 1-counter processes, in: Proceedings of ICALP 2003, in: Lecture Notes in Computer Science,
vol. 2719, Springer, 2003, pp. 570583.
[49] F. Moller, Innite results, in: Proceedings of CONCUR96, in: Lecture Notes in Computer Science, vol. 1119, Springer, 1996, pp. 195216.
[50] D.M.R. Park, Concurrency and automata on innite sequences, in: Proceedings 5th GI Conference, in: Lecture Notes in Computer Science, vol. 104,
Springer, 1981, pp. 167183.
[51] G. Snizergues, L(A)=L(B)? Decidability results from complete formal systems, Theor. Comput. Sci. 251 (12) (2001) 1166.
[52] G. Snizergues, The bisimulation problem for equational graphs of nite out-degree, SIAM J. Comput. 34 (5) (2005) 10251106.
[53] J. Srba, Roadmap of innite results, Bull. Eur. Assoc. Theor. Comput. Sci. 78 (2002) 163175.
[54] J. Srba, Undecidability of weak bisimilarity for pushdown processes, in: Proceedings of CONCUR 2002, in: Lecture Notes in Computer Science, vol. 2421,
Springer, 2002, pp. 579593.
[55] C. Stirling, Decidability of DPDA equivalence, Theor. Comput. Sci. 255 (2001) 131.
[56] R. van Glabbeek, What is branching time semantics and why to use it?, Bull. Eur. Assoc. Theor. Comput. Sci. (53) (1994) 191198.
[57] R. van Glabbeek, The linear timebranching time spectrum, in: Handbook of Process Algebra, 2001, pp. 399.
[58] R.J. van Glabbeek, The linear timebranching time spectrum II: the semantics of sequential systems with silent moves, in: Proceedings of CONCUR93,
in: Lecture Notes in Computer Science, vol. 715, Springer, 1993, pp. 6681.
[59] R.J. van Glabbeek, W.P. Weijland, Branching time and abstraction in bisimulation semantics, J. Assoc. Comput. Mach. 43 (3) (1996) 555600.
[60] Q. Yin, Y. Fu, C. He, M. Huang, X. Tao, Branching bisimilarity checking for PRS, in: Proceedings of ICALP 2014, Part II, in: Lecture Notes in Computer
Science, vol. 8573, Springer, 2014, pp. 363374.