Skip to main content
Log in

Basic problems in multi-view modeling

  • Theme Section Paper
  • Published:
Software & Systems Modeling Aims and scope Submit manuscript

Abstract

Modeling all aspects of a complex system within a single model is a difficult, if not impossible, task. Multi-view modeling is a methodology where different aspects of the system are captured by different models, or views. A key question then is consistency: if different views of a system have some degree of overlap, how can we guarantee that they are consistent, i.e., that they do not contradict each other? In this paper we formulate this and other basic problems in multi-view modeling within an abstract formal framework. We then instantiate this framework onto several discrete system settings: languages and automata over finite and infinite words, and symbolic transition systems; and study how checking view consistency and other problems can be solved in these settings.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Notes

  1. In that sense, our usage of the term “view” is similar to the usage of the same term in databases, where a view of say, a table, corresponds to a subtable where some rows or columns have been removed. Also, our usage of the term “abstraction functions” is consistent with the use of abstraction in verification frameworks such as abstract interpretation [11].

  2. Note that when \(\sqsupseteq \) is a set-theoretic relation such as \(\subseteq \) or \(\supseteq \), this obviously holds and \(\sqcap \) is \(\bigcup \) or \(\bigcap \). When \(\sqsupseteq \) is \(=\), then \((2^{{\mathcal {D}}}, =)\) is not a lattice, and the definition of view reduction given below does not apply. This is not a problem, as in that case we require views to be complete.

  3. In subsequent Sect. 4, we will use a different type of projection. In order to avoid confusion, we will use the term “hiding” instead of “projection” in the current section.

  4. \(M^\sharp \) is a DFA because \(M_1\) and \(M_2\) are DFAs and DFA finite inverse projection preserves determinism.

References

  1. Alur, R., Dill, D.: A theory of timed automata. Theor. Comput. Sci. 126, 183–235 (1994)

    Article  MathSciNet  MATH  Google Scholar 

  2. Amaral, V., Hardebolle, C., Karsai, G., Lengyel, L., Levendovszky, T.: Recent advances in multi-paradigm modeling. In: MODELS, pp. 220–224. Springer, Berlin (2010)

  3. Amaral, V., Hardebolle, C., Vangheluwe, H., Lengyel, L., Bunus, P.: Recent advances in multi-paradigm modeling. Electron. Commun. EASST. 50, 10 (2011)

  4. Benveniste, A., Caillaud, B., Ferrari, A., Mangeruca, L., Passerone, R., Sofronis, C.: Multiple viewpoint contract-based specification and design. In: FMCO, pp. 200–225. Springer, Berlin (2008)

  5. Bhave, A., Krogh, B.H., Garlan, D., Schmerl, B.: View consistency in architectures for cyber-physical systems. In: ICCPS 2011, pp. 151–160 (2011)

  6. Blanc, X., Mounier, I., Mougenot, A., Mens, T.: Detecting model inconsistency through operation-based model construction. In: ICSE, pp. 511–520 (2008)

  7. Broman, D., Lee, E.A., Tripakis, S., Törngren, M.: Viewpoints, formalisms, languages, and tools for cyber-physical systems. In: MPM (2012)

  8. Broy, M.: Multi-view modeling of software systems. In: Formal Methods at the Crossroads, Volume 2757 of LNCS, pp. 207–225. Springer, Berlin (2003)

  9. Broy, M.: A theory of system interaction: components, interfaces, and services. In: Goldin, Dina, Smolka, Scott A, Wegner, Peter (eds.) Interactive Computation, pp. 41–96. Springer, Berlin (2006)

    Chapter  Google Scholar 

  10. Broy, M.: Software and system modeling: structured multi-view modeling, specification, design and implementation. In: Hinchey, M., Coyle, L. (eds.) Conquering Complexity, pp. 309–372 (2012)

  11. Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: POPL, pp. 269–282. ACM, New York (1979)

  12. Diethers, K., Huhn, M.: Vooduu: verification of object-oriented designs using UPPAAL. In: Jensen, K., Podelski, A. (eds.) TACAS, Volume 2988 of LNCS, pp. 139–143. Springer, Berlin (2004)

  13. Dijkman, R.M.: Consistency in Multi-Viewpoint Architectural Design. Ph.D. thesis, University of Twente (2006)

  14. Doyen, L., Henzinger, T., Jobstmann, B., Petrov, T.: Interface theories with component reuse. In: EMSOFT, pp. 79–88 (2008)

  15. Easterbrook, S., Chechik, M.: A framework for multi-valued reasoning over inconsistent viewpoints. In: Proceedings of the 23rd International Conference on Software Engineering, ICSE ’01, pp. 411–420, IEEE Computer Society, Washington, DC (2001)

  16. Egyed, A., Letier, E., Finkelstein, A.: Generating and evaluating choices for fixing inconsistencies in UML design models. In: 23rd IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 99–108 (2008)

  17. Finkelstein, A., Gabbay, D., Hunter, A., Kramer, J., Nuseibeh, B.: Inconsistency handling in multiperspective specifications. IEEE TSE 20(8), 569–578 (1994)

    Google Scholar 

  18. Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness. W. H. Freeman, New York (1979)

    MATH  Google Scholar 

  19. Getir, S., Grunske, L., Bernasko, C. K., Käfer, V., Sanwald, T., Tichy, M.: CoWolf—a generic framework for multi-view co-evolution and evaluation of models. In: 8th International Conference on Theory and Practice of Model Transformations, ICMT, pp. 34–40 (2015)

  20. Granger, P.: Improving the results of static analyses of programs by local decreasing iterations. In: Shyamasundar, R. (eds.) Foundations of software technology and theoretical computer science. FSTTCS 1992. Lecture notes in computer science, vol. 652, pp 68–79. Springer, Berlin, Heidelberg (1992)

  21. Grundy, J., Hosking, J., Mugridge, W.B.: Inconsistency management for multiple-view software development environments. IEEE Trans. Softw. Eng. 24(11), 960–981 (1998)

    Article  Google Scholar 

  22. Henzinger, T.A., Nickovic, D.: Independent implementability of viewpoints. In: Monterey Workshop, Volume 7539 of LNCS, pp. 380–395. Springer, Berlin (2012)

  23. Herzig, S.J.I., Qamar, A., Paredis, C.J.J.: An approach to identifying inconsistencies in model-based systems engineering. Proc. Comput. Sci. 28, 354–362 (2014)

    Article  Google Scholar 

  24. Holzmann, G.: The Spin Model Checker. Addison-Wesley, Reading (2003)

    Google Scholar 

  25. ISO/IEC/IEEE 42010:2011. Systems and software engineering—Architecture description, the latest edition of the original IEEE Std 1471:2000, Recommended Practice for Architectural Description of Software-intensive Systems. IEEE and ISO (2011)

  26. Jackson, D.: Structuring Z Specifications with Views. Technical Report CMU-CS-94-126. CMU (1994)

  27. Jackson, E.K., Levendovszky, T., Balasubramanian, D.: Automatically reasoning about metamodeling. Softw. Syst. Model. 14(1), 271–285 (2015)

    Article  Google Scholar 

  28. Jackson, E.K., Sztipanovits, J.: Formalizing the structural semantics of domain-specific modeling languages. Softw. Syst. Model. 8(4), 451–478 (2009)

    Article  Google Scholar 

  29. Jackson, M., Zave, P.: Distributed feature composition: a virtual architecture for telecommunications services. IEEE Trans. Softw. Eng. 24(10), 831–847 (1998)

    Article  Google Scholar 

  30. Kao, J.-Y., Rampersad, N., Shallit, J.: On NFAs where all states are final, initial, or both. Theor. Comput. Sci. 410(4749), 5010–5021 (2009)

    Article  MathSciNet  MATH  Google Scholar 

  31. Lucas, F.J., Molina, F., Toval, A.: A systematic review of UML model consistency management. Inf. Softw. Technol. 51(12), 1631–1645 (2009)

    Article  Google Scholar 

  32. Maoz, S., Ringert, J.O., Rumpe, B.: Semantically configurable consistency analysis for class and object diagrams. In: Whittle, J., Clark, T., Kühne, T. (eds.) Model driven engineering languages and systems. MODELS 2011. Lecture notes in computer science, vol. 6981, pp. 153–167. Springer, Berlin, Heidelberg (2011)

  33. Maoz, S., Ringert, J.O., Rumpe, B.: Verifying component and connector models against crosscutting structural views. In: ICSE, pp. 95–105. ACM, New York (2014)

  34. Nejati, S., Sabetzadeh, M., Chechik, M., Easterbrook, S., Zave, P.: Matching and merging of statecharts specifications. In: 29th International Conference on Software Engineering (ICSE’07), pp. 54–64, May 2007

  35. Persson, M., Törngren, M., Qamar, A., Westman, J., Biehl, M., Tripakis, S., Vangheluwe, H., Denil, J.: A characterization of integrated multi-view modeling for embedded systems. In: Proceedings of the 13th ACM & IEEE International Conference on Embedded Software (EMSOFT’13) (2013)

  36. Pittou, M., Tripakis, S.: Checking multi-view consistency of discrete systems with respect to periodic sampling abstractions. In: The 13th International Conference Formal Aspects of Component Software (FACS 2016) (2016)

  37. Pittou, M., Tripakis, S.: Multi-view consistency for infinitary regular languages. In: International Conference on Embedded Computer Systems: Architectures, Modeling and Simulation—SAMOS XVI (2016)

  38. Rajhans, A., Krogh, B.H.: Heterogeneous verification of cyber-physical systems using behavior relations. In: HSCC ’12, pp. 35–44. ACM, New York (2012)

  39. Rajhans, A., Krogh, B.H.: Compositional heterogeneous abstraction. In: HSCC ’13, pp. 253–262. ACM, New York (2013)

  40. Rasch, H., Wehrheim, H.: Checking consistency in UML diagrams: classes and state machines. In: Proceedings of 6th IFIP WG 6.1 International Conference Formal Methods for Open Object-Based Distributed Systems, FMOODS 2003, Paris, France, November 19–21, 2003, pp. 229–243 (2003)

  41. Reineke, J., Tripakis, S.: Basic problems in multi-view modeling. In: Tools and Algorithms for the Construction and Analysis of Systems—TACAS 2014 (2014)

  42. Sabetzadeh, M., Nejati, S., Easterbrook, S., Chechik, M.: A relationship-driven framework for model merging. In: Proceedings of the International Workshop on Modeling in Software Engineering, MISE ’07, p. 2. IEEE Computer Society, Washington, DC (2007)

  43. Sistla, A.P., Vardi, M.Y., Wolper, P., Wolper, P.: The complementation problem for Büchi automata with applications to temporal logic. Theor. Comput. Sci. 49, 217–237 (1987)

    Article  MATH  Google Scholar 

  44. Spanoudakis, G., Finkelstein, A.: Reconciling requirements: a method for managing interference, inconsistency and conflict. Ann. Softw. Eng. Spec. Issue Softw. Requir. Eng. 3, 433–457 (1996)

    Google Scholar 

  45. Tripakis, S.: Compositionality in the science of system design. Proc. IEEE 104(5), 960–972 (2016)

    Article  Google Scholar 

  46. Tripakis, S., Lickly, B., Henzinger, T.A., Lee, E.A.: A theory of synchronous relational interfaces. ACM Trans. Progr. Lang. Syst. (TOPLAS) 33(4), 14:1–14:41 (2011)

  47. von Hanxleden, R., Lee, E.A., Motika, C., Fuhrmann, H.: Multi-view modeling and pragmatics in 2020. In: 17th International Monterey Workshop, LNCS (2012)

  48. Zave, P.: Feature interactions and formal specifications in telecommunications. Computer 26(8), 20–28 (1993)

    Article  Google Scholar 

  49. Zave, P., Jackson, M.: Conjunction as composition. ACM Trans. Softw. Eng. Methodol. 2(4), 379–411 (1993)

    Article  Google Scholar 

  50. Zhao, X., Long, Q., Qiu, Z.: Model checking dynamic UML consistency. In: Liu, Z., He, J. (eds.) Formal Methods and Software Engineering, Volume 4260 of LNCS, pp. 440–459. Springer, Berlin (2006)

    Google Scholar 

Download references

Acknowledgements

We thank Kartik Nagar for pointing out an error in the proof of Theorem 4.7 in an earlier version of this paper and for suggesting how to fix the problem. We also thank Maria Pittou for discovering a bug in an earlier version of this paper and for pointing us to several related papers. Finally, we thank the anonymous reviewers for their feedback and suggestions, which in particular led to the addition of Sect. 1.2.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Stavros Tripakis.

Additional information

Communicated by Professors J. Sztipanovits, M. Broy, and H. Daembkes.

Christos Stergiou is currently employed by Google.

This research has been partially supported by the Academy of Finland and the National Science Foundation via projects COSMOI: Compositional System Modeling with Interfaces and ExCAPE: Expeditions in Computer Augmented Program Engineering; the Deutsche Forschungsgemeinschaft as part of the Transregional Collaborative Research Centre SFB/TR 14 AVACS; and the iCyPhy (Industrial Cyber-Physical Systems) Research Center at UC Berkeley, sponsored by IBM and United Technologies.

A Proofs

A Proofs

1.1 Proof of Lemma 3.4

Consider \(S_1' = (X, Z_1 \cup Z_2, \theta _1, \phi _1)\) and \(S_2' = (X, Z_1 \cup Z_2, \theta _2, \phi _2)\). Clearly, \(\llbracket S_1' \rrbracket _o = \llbracket S_1 \rrbracket _o\) and \(\llbracket S_2' \rrbracket _o = \llbracket S_2 \rrbracket _o\). Also, we know from Lemma 3.3 that \(\llbracket S_\cap \rrbracket = \llbracket S_1' \rrbracket \cap \llbracket S_2' \rrbracket \). The observable behavior of \(S_\cap \) is thus \(\llbracket S_\cap \rrbracket _o = h_X(\llbracket S_\cap \rrbracket ) = h_X(\llbracket S_1' \rrbracket \cap \llbracket S_2' \rrbracket ) \overset{Z_1 \cap Z_2 = \emptyset }{=} h_X(\llbracket S_1' \rrbracket ) \cap h_X(\llbracket S_2' \rrbracket ) = \llbracket S_1' \rrbracket _o \cap \llbracket S_2' \rrbracket _o = \llbracket S_1 \rrbracket _o \cap \llbracket S_2 \rrbracket _o\).

To show that \(\llbracket S_\cup \rrbracket _o \subseteq \llbracket S_1 \rrbracket _o\cup \llbracket S_2 \rrbracket _o\), consider an observable behavior \(\sigma _o\) of \(S_\cup \). Then, there must be a behavior \(\sigma =s_0 \ldots s_n\) of \(S_\cup \) with \(\sigma _o = h_X(\sigma )\). By construction, either, \(s_0(z) = \ldots = s_n(z) = true \), or \(s_0(z) = \ldots = s_n(z) = false \). In the former case, \(h_{X \cup Z_1}(\sigma )\) is a behavior of \(S_1\), and thus \(h_X(h_{X \cup Z_1}(\sigma )) = h_X(\sigma ) = \sigma _o\) is an observable behavior of \(S_1\). In the latter case, \(h_X(h_{X \cup Z_2}(\sigma )) = h_X(\sigma ) = \sigma _o\) is an observable behavior of \(S_2\).

To show that \(\llbracket S_\cup \rrbracket _o \supseteq \llbracket S_1 \rrbracket _o\cup \llbracket S_2 \rrbracket _o\), consider an observable behavior \(\sigma _{o,1}\) of \(S_1\). Then, there must be a behavior \(\sigma _1=s_1 \ldots s_n\) of \(S_1\) with \(h_X(\sigma _1) = \sigma _{o,1}\). Extending all of the states of \(\sigma _1\) with the mapping \(z \mapsto true \) yields a behavior \(\sigma \) of \(S_\cup \). Clearly, \(h_X(\sigma ) = \sigma _{o,1}\), so \(\sigma _{o,1}\) is an observable behavior of \(S_\cup \). A similar argument applies to observable behaviors of \(S_2\).

Clearly, the behaviors of \(S_1\) and \(S_h\) are equal. Consider a behavior \(\sigma _o\) in \(h_Y(\llbracket S_1 \rrbracket _o)\). There must be a behavior \(\sigma \) of \(S_1\) with \(\sigma _o = h_Y(h_X(\sigma ))\). As \(\sigma \) is also a behavior of \(S_h\), \(\sigma _o = h_Y(h_X(\sigma )) = h_Y(\sigma )\) is also an observable behavior of \(S_h\). Consider a behavior \(\sigma _o\) in \(\llbracket S_1 \rrbracket _o\). There must be a behavior \(\sigma \) of \(S_h\) with \(\sigma _o = h_Y(\sigma )\). As \(\sigma \) is also a behavior of \(S_1\), \(\sigma _o = h_Y(\sigma ) = h_Y(h_X(\sigma ))\) is also in \(h_Y(\llbracket S_1 \rrbracket _o)\).

1.2 Proof of Theorem 3.1

To see that lv(SY) is a view of S for partial order \(\supseteq \), consider an arbitrary behavior \(\sigma = s_1 \ldots s_n\) of S. Then, \(\theta (s_1)\) and for all \(i=1, \ldots , n-1\), we have \(\psi _S(s_i)\) and \(\phi (s_i, s_{i+1})\). We need to show that \(h_{Y}(\sigma ) = h_{Y}(s_1) \ldots h_{Y}(s_n)\) is a behavior of lv(SY). \(\theta (s_1)\) implies \(\theta _Y(h_Y(s_1))\), and so \(h_Y(s_1)\) is an initial state of lv(SY). Similarly, \(\psi _S(s_i) \wedge \phi (s_i, s_{i+1})\) implies \(\phi _Y(h_Y(s_i), h_Y(s_{i+1}))\), and so \(h_{Y}(s_1) \ldots h_{Y}(s_n)\) is a behavior of lv(SY), and lv(SY) is a view of S for partial order \(\supseteq \).

It remains to show that lv(SY) is the least view of S. Assume V with \(\llbracket V \rrbracket \not \supseteq \llbracket lv(S,Y) \rrbracket \) is another view of S. Then, there is a behavior \(\sigma = t_1 \ldots t_n\) of lv(SY) that is not a behavior of V. Let \(t_1 \ldots t_i\) be the shortest prefix of \(\sigma \) that is in lv(SY) but not in V. Then, \((t_{i-1}, t_i)\) is not a transition of V. As \((t_{i-1}, t_i)\) is a transition of lv(SY), there must be a reachable state \(s_{i-1}\) of S with \(h_Y(s_{i-1}) = t_{i-1}\) and a state \(s_i\) of S with \(\phi (s_{i-1}, s_i)\) and \(h_Y(s_i) = t_i\). As \(s_{i-1}\) is reachable, there must be a sequence ending in \(s_{i-1}, s_i\) in S. The hiding of this sequence cannot be in V, as \((h_Y(s_{i-1}), h_Y(s_i))\) is not a transition in V, and thus V is not a view of S.

1.3 Proof of Theorem 3.5

First, notice that if \(Y \subseteq X\), then \(V=(Y,\theta _V, \phi _V)\) is a view of \(S=(X,Z,\theta , \phi )\) if and only if it is a view of the fully observable system \(S' = (X \cup Z, \theta , \phi )\). This is because \(h_Y(S) = h_Y(S')\). Thus, in the following, we will assume S to be a FOS with \(S = (X, \theta , \phi )\).

Let \(\psi _S\) denote the reachable states of S. \(\psi _S\) can, e.g., be computed incrementally using BDDs. Let \(Z := X {\setminus } Y\) and \(Z' := X' {\setminus } Y'\). Then, \(V \supseteq _{h_Y} S\), if and only if the following two conditions hold, which can be effectively checked:

  1. 1.

    \(\forall Y,Z: \theta (Y,Z) \rightarrow \theta _V(Y) \equiv \forall s: \theta (s) \rightarrow \theta _V(h_Y(s))\), and

  2. 2.

    \(\forall Y,Z,Y',Z': \psi _S(Y,Z) \rightarrow (\phi ((Y,Z), (Y',Z')) \rightarrow \phi _V(Y,Y')) \equiv \forall s, s': \psi _S(s) \rightarrow (\phi (s,s') \rightarrow \phi _V(h_Y(s),h_Y(s')))\).

We need to show that Conditions 1 and 2 from above hold, if and only if \(V \supseteq _{h_Y} S\).

Let us first show that Conditions 1 and 2 imply \(V \supseteq _{h_Y} S\):

We show this by induction over the length n of behaviors \(\sigma \) of S.

Base case: let \(\sigma = s_0 \in \llbracket S \rrbracket \) be any behavior of length 1 of S. Then \(\theta (s_0)\) must hold, which, by Condition 1, implies \(\theta _V(h(s_0))\), which implies that \(h(s_0) \in \llbracket V \rrbracket \).

Induction step: let \(\sigma = s_0 s_1 \cdots s_{n-1} s_n \in \llbracket S \rrbracket \) be a sequence of length \(n+1\). As S is by definition prefix-closed, \(s_0 s_1 \cdots s_{n-1}\) is also in S. By the induction hypothesis, we know that \(h(s_0) h(s_1) \cdots h(s_{n-1})\) is in \(\llbracket V \rrbracket \). As \(\sigma \in S\), \(s_{n-1}\) is reachable, thus \(\psi _S(s_{n-1})\) holds. Thus, we can apply Condition 2, and deduce from the fact that \(\phi (s_{n-1}, s_n)\) that \(\phi _V(h(s_{n-1}), h(s_n))\). This in turn implies that \(h(s_0) h(s_1) \cdots h(s_{n-1}) h(s_n)\) is a behavior of V.

Now, let us show the opposite direction, i.e., that \(V \supseteq _{h_Y} S\) implies Conditions 1 and 2. We show this by contraposition. Assume Condition 1 does not hold. Then, there is a valuation vY of Y and a valuation vZ of Z, such that \(\theta (vYvZ)\) holds (where vYvZ is the valuation that agrees with vY on Y and with vZ on Z), but \(\theta _V(vY)\) does not. Clearly, \(h(vYvZ) = vY\). So, \(vYvZ \in \llbracket S \rrbracket \), but \(h(vYvZ) \not \in \llbracket V \rrbracket \), which implies that \(V \supseteq _{h_Y} S\) does not hold. Now assume that Condition 2 does not hold. This implies that there are valuations vYvZ, and \(vY',vZ'\), such that \(\psi _S(vYvZ)\) and \(\phi (vYvZ, vY'vZ')\) hold, but \(\phi _V(vY, vY')\) does not. As vYvZ is thus reachable, there must be a behavior \(s_0 \cdots (vYvZ) \in \llbracket S \rrbracket \). By \(\phi (vYvZ, vY'vZ')\), we also have that \(s_0 \cdots (vYvZ) (vY'vZ') \in \llbracket S \rrbracket \). Yet, because \(\phi _V(vY, vY')\) does not hold, \(h(s_0) \cdots h(vYvZ) h(vY'vZ') \not \in \llbracket V \rrbracket \), which concludes the proof.

1.4 Proof of Theorem 3.6

In [30], it is shown that checking the universality of non-deterministic finite automata (NFA), having the property that all states are final, is PSPACE-hard for alphabets of size at least 2.

We reduce this problem in polynomial time to Problem 3.1 for \(|Y| \ge 1\), V being fully observable, and partial orders \(=\) and \(\subseteq \). NFAs considered in [30] are quintuples \(M = (Q, \Sigma , \delta , I, F)\), where Q is a finite set of states; \(\Sigma \) is a finite alphabet; \(\delta : Q \times \Sigma \rightarrow 2^Q\) is the transition function; \(\delta \) is naturally extended to sets of states and words; \(I \subseteq Q\) is the set of initial states; and F is the set of final states, in this case \(F=Q\). A word \(w \in \Sigma ^*\) is accepted by NFA M, if \(\delta (I,w) \cap F \ne \emptyset \). The universality problem is to check whether every word \(w \in \Sigma ^*\) is accepted by a given NFA M, or not.

For a given NFA \(M = (Q, \Sigma , \delta , I, F)\), we construct a discrete system \(S_M\), such that \(w=t_1 \ldots t_n \in \Sigma ^+\) is accepted by M if and only if there exists a behavior \(\sigma = s_1 \ldots s_n\) of \(S_M\) with \(h_Y(\sigma ) = h_Y(s_1) \ldots h_Y(s_n) = e_\Sigma (t_1) \ldots e_\Sigma (t_n) = e_\Sigma (w)\), where \(e_\Sigma \) is a function encoding the alphabet of M using the Boolean variables \(Y_M\) of \(S_M\). Then, M is universal if and only if \(h_Y(S) = e_\Sigma (\Sigma )^+\), where \(e_\Sigma (\Sigma )\) is the image of \(e_\Sigma \), i.e., all valuations of Y that encode a letter in \(\Sigma \). Note that \(\epsilon \) is trivially accepted by M if the set of initial states I is non-empty, as all states, including the initial states, are by definition final.

The construction of \(S_M=(X_M, \theta _M, \phi _M)\) is akin to the transformation of a Mealy machine into a Moore machine: a state of \(S_M\) corresponds to a state of M and a letter in \(\Sigma \) consumed in the previous transition of M. The set of variables \(X_M\) of S is the disjoint union of a set of variables \(Y_M\) that encodes the outputs \(\Sigma \) of M and a set of variables \(Z_M\) that encodes the states Q of M. Due to the binary encoding, we have \(|Y_M| = \lceil \log _2 |\Sigma | \rceil \ge 1\) and \(|Z_M| = \lceil \log _2 |Q|\rceil \). Let \(e_Q : Q \rightarrow (Z_M \rightarrow \mathbb {B})\) and \(e_\Sigma : \Sigma \rightarrow (Y_M \rightarrow \mathbb {B})\) denote the encoding functions, and \(e_Q^{-1}\) and \(e_\Sigma ^{-1}\) their inverses.

Then, the transition relation \(\phi _M\) and the initial states \(\theta _M\) of \(S_M\) are defined as follows:

$$\begin{aligned} \phi _M(s, s')&:= e_Q^{-1}(s'[Z]) \in \delta (e_Q^{-1}(s[Z]), e_\Sigma ^{-1}(s'[Y])),\\ \theta _M(s')&:= \exists q \in I: e_Q^{-1}(s'[Z]) \in \delta (q, e_\Sigma ^{-1}(s'[Y])), \end{aligned}$$

for all \(s, s'\) for which \(e_Q^{-1}(s[Z]), e_Q^{-1}(s'[Z]), e_\Sigma ^{-1}(s[Y])\), and \(e_\Sigma ^{-1}(s'[Y])\) are defined. Expressions for \(\phi _M\) and \(\theta _M\) can be generated in \(O(|\Sigma |\cdot |\delta |)\) by traversing all transitions of M and adding appropriate disjuncts. The factor of \(|\Sigma |\) stems from the fact that each state of M is duplicated up to \(\Sigma \) times to account for the label of an incoming transition.

Assume \(w = t_1 \ldots t_n\) is accepted by M. Then, there exist \(q_1 \ldots q_n q_{n+1} \in Q\) with \(q_1 \in I\) and \(q_{i+1} \in \delta (q_i, t_i)\) for all \(i = 1, \ldots , n\). By construction, \(e_Q(q_2)e_\Sigma (t_1) \ldots e_Q(q_{n+1})e_\Sigma (t_n) \in \llbracket S \rrbracket \) and thus \(e_\Sigma (t_1) \ldots e_\Sigma (t_n) \in h_Y(S)\). Similarly, if \(e_\Sigma (t_1) \ldots e_\Sigma (t_n) \in h_Y(S)\), then \(t_1 \ldots t_n\) is accepted by M.

To check whether \(S_M\) is “universal,” we can construct a fully observable view \(V = (Y, \theta _V, \phi _V)\) with \(\theta _V(s) := \exists t \in \Sigma : e_\Sigma (t) = s\) and \(\phi _V(s, s') = \exists t: e_\Sigma (t) = s \wedge \exists t' \in \Sigma : e_\Sigma (t') = s'\). Clearly, \(\llbracket V \rrbracket = e_\Sigma (\Sigma )^+\). Then, \(V =_{h_Y} S_M\) if and only if \(\llbracket V \rrbracket = e_\Sigma (\Sigma )^+ = h_Y(S_M)\), which is the case if and only if M is universal. The same holds for \(V \subseteq _{h_Y} S_M\), as \(h_Y(S_M)\) cannot be strictly larger than \(\llbracket V \rrbracket \) by construction, and so \(V \subseteq _{h_Y} S_M\) if and only if \(V =_{h_Y} S_M\). This concludes the proof of the first part of the claim.

It remains to show that it is also PSPACE-hard to check whether \(V \supseteq _{h_Y} S\) if V is not restricted to be fully observable. To see this, we exchange the roles of the view and the system from above, and construct, for a given NFA M, a view \(V_M\) and a “universal” system S, such that \(V_M \supseteq _{h_Y} S\) if and only if M is universal. Let \(V_M=(Y_M, Z_M, \theta _M, \phi _M)\), where all of its components are defined as in the proof of the first part of the claim, above. Also, let \(S=(Y_M, \theta \equiv \exists t \in \Sigma : e_\Sigma (t) = s, \phi _V \equiv \exists t: e_\Sigma (t) = s \wedge \exists t' \in \Sigma : e_\Sigma (t') = s')\). Then, the observable behaviors \(\llbracket S \rrbracket _o\) of S correspond to all non-empty words \(\Sigma ^+\), and the observable behaviors of \(V_M\) correspond to all words accepted by M. Thus \(V_M \supseteq _{h_Y} S\) if and only if M is universal.

1.5 Proof of Lemma 4.1

Proof of Lemma 4.1, Part 1: follows directly from the definitions of projection and inverse projection as functions lifted from words to sets of words.

Proof of Lemma 4.1, Part 2: let \(w'\in \Pi _{\Sigma \rightarrow \Sigma '}(L_1\cup L_2)\). Then there exists \(w\in L_1\cup L_2\) such that \(w'=\Pi _{\Sigma \rightarrow \Sigma '}(w)\). If \(w\in L_i\), then \(w'\in \Pi _{\Sigma \rightarrow \Sigma '}(L_i)\), for \(i=1,2\). This proves \(\Pi _{\Sigma \rightarrow \Sigma '}(L_1\cup L_2) \subseteq \Pi _{\Sigma \rightarrow \Sigma '}(L_1) \cup \Pi _{\Sigma \rightarrow \Sigma '}(L_2)\). Now let \(w' \in \Pi _{\Sigma \rightarrow \Sigma '}(L_i)\), for some \(i=1,2\). Then there exists \(w\in L_i\) such that \(w'=\Pi _{\Sigma \rightarrow \Sigma '}(w)\). Since \(w\in L_1\cup L_2\), we can conclude \(w' \in \Pi _{\Sigma \rightarrow \Sigma '}(L_1\cup L_2)\). This proves \(\Pi _{\Sigma \rightarrow \Sigma '}(L_1) \cup \Pi _{\Sigma \rightarrow \Sigma '}(L_2) \subseteq \Pi _{\Sigma \rightarrow \Sigma '}(L_1\cup L_2)\).

Proof of Lemma 4.1, Part 3: let \(w'\in \Pi _{\Sigma \rightarrow \Sigma '}(L_1\cap L_2)\). Then there exists \(w\in L_1\cap L_2\) such that \(w'=\Pi _{\Sigma \rightarrow \Sigma '}(w)\). From \(w\in L_1\) and \(w'=\Pi _{\Sigma \rightarrow \Sigma '}(w)\), we get \(w'\in \Pi _{\Sigma \rightarrow \Sigma '}(L_1)\). Similarly, we get \(w'\in \Pi _{\Sigma \rightarrow \Sigma '}(L_2)\), and the result follows. To see why the inclusion is strict, let \(L_1=\{aab\}\) and \(L_2=\{aba\}\). Then the intersection of \(L_1\) and \(L_2\) is empty, but their projection onto alphabet \(\{a\}\) yields the same word, aa.

Proof of Lemma 4.1, Part 4: let \(w'\in \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L_1\cup L_2)\). Then \(w\in L_1\cup L_2\), where \(w=\Pi _{\Sigma \rightarrow \Sigma '}(w')\). If \(w\in L_i\), for some \(i=1,2\), then \(w'\in \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L_i)\). This proves \(\Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L_1\cup L_2) \subseteq \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L_1) \cup \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L_2)\). Now let \(w' \in \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L_i)\), for some \(i=1,2\). Then \(w\in L_i\), where \(w=\Pi _{\Sigma \rightarrow \Sigma '}(w')\). Since \(w\in L_1\cup L_2\), we can conclude \(w' \in \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L_1\cup L_2)\). This proves \(\Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L_1) \cup \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L_2) \subseteq \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L_1\cup L_2)\).

Proof of Lemma 4.1, Part 5: let \(w'\in \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L_1\cap L_2)\). Then \(w\in L_1\cap L_2\), where \(w=\Pi _{\Sigma \rightarrow \Sigma '}(w')\). Therefore, \(w'\in \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L_i)\), for \(i=1,2\). This proves \(\Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L_1\cap L_2) \subseteq \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L_1) \cap \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L_2)\). Now let \(w' \in \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L_i)\), for both \(i=1,2\). Then \(w\in L_1\cap L_2\), where \(w=\Pi _{\Sigma \rightarrow \Sigma '}(w')\). Therefore, \(w' \in \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L_1\cap L_2)\). This proves \(\Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L_1) \cap \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L_2) \subseteq \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L_1\cap L_2)\).

Proof of Lemma 4.1, Part 6:

$$\begin{aligned} \begin{array}{rl} &{}\Pi _{\Sigma ' \rightarrow \Sigma }(\Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L))\\ &{}\quad = \Pi _{\Sigma ' \rightarrow \Sigma }(\bigcup \{L'\text { language on }\Sigma ' ~|~ \Pi _{\Sigma ' \rightarrow \Sigma }(L') = L\})\\ &{}\quad = \bigcup \{\Pi _{\Sigma ' \rightarrow \Sigma }(L') ~|~ L'\text { language on }\Sigma '\text { and }\\ &{}\qquad \Pi _{\Sigma ' \rightarrow \Sigma }(L') = L\}\\ &{}\quad = \bigcup \{L ~|~ L'\text { language on }\Sigma '\text { and } \Pi _{\Sigma ' \rightarrow \Sigma }(L') = L\}\\ &{}\quad = L \end{array} \end{aligned}$$

Note that the set \(\{L' \text{ language } \text{ on } \Sigma ' ~|~ \Pi _{\Sigma ' \rightarrow \Sigma }(L') = L\}\) contains at least L.

Proof of Lemma 4.1, Part 7: by definition of \(\Pi ^{-1}_{\Sigma \leftarrow \Sigma '}\), \(\Pi ^{-1}_{\Sigma \leftarrow \Sigma '}(\Pi _{\Sigma \rightarrow \Sigma '}(L)) = \bigcup \{L' \text{ language } \text{ on } \Sigma ~|~ \Pi _{\Sigma \rightarrow \Sigma '}(L') = \Pi _{\Sigma \rightarrow \Sigma '}(L)\}\). A language on \(\Sigma '\) is also a language on \(\Sigma \); hence, L satisfies the constraints above on \(L'\) and \(L \subseteq \Pi ^{-1}_{\Sigma \leftarrow \Sigma '}(\Pi _{\Sigma \rightarrow \Sigma '}(L))\).

Proof of Lemma 4.1, Part 8: let \(w\in \Sigma _1^\infty \). To obtain \(\Pi _{\Sigma _1 \rightarrow \Sigma _3}(w)\) from w we remove all letters in \(\Sigma _1{\setminus }\Sigma _3\) (which also includes all letters in \(\Sigma _2{\setminus }\Sigma _3\), since \(\Sigma _2\subseteq \Sigma _1\)). To obtain \(\Pi _{\Sigma _2 \rightarrow \Sigma _3}(\Pi _{\Sigma _1 \rightarrow \Sigma _2}(w))\), we first remove all letters in \(\Sigma _1{\setminus }\Sigma _2\), and then we remove all letters in \(\Sigma _2{\setminus }\Sigma _3\). Clearly the latter procedure results in the same final word as the former. This proves \(\Pi _{\Sigma _2 \rightarrow \Sigma _3}(\Pi _{\Sigma _1 \rightarrow \Sigma _2}(w))=\Pi _{\Sigma _1 \rightarrow \Sigma _3}(w)\). Now, let \(L\subseteq \Sigma _3^\infty \). Then, \(\Pi ^{-1}_{\Sigma _1 \leftarrow \Sigma _2}(\Pi ^{-1}_{\Sigma _2 \leftarrow \Sigma _3}(L))= \{w\mid \Pi _{\Sigma _1 \rightarrow \Sigma _2}(w)\in \Pi ^{-1}_{\Sigma _2 \leftarrow \Sigma _3}(L)\}= \{w\mid \Pi _{\Sigma _1 \rightarrow \Sigma _2}(w)\in \{w'\mid \Pi _{\Sigma _2 \rightarrow \Sigma _3}(w')\in L)\}\}= \{w\mid \Pi _{\Sigma _2 \rightarrow \Sigma _3}(\Pi _{\Sigma _1 \rightarrow \Sigma _2}(w))\in L)\} \overset{\text{ first } \text{ segment } \text{ of } \text{ this } \text{ proof }}{=} \{w \mid \Pi _{\Sigma _1 \rightarrow \Sigma _3}(w)\in L\}= \Pi ^{-1}_{\Sigma _1 \leftarrow \Sigma _3}(L)\).

Proof of Lemma 4.1, Part 9: by Part 8 of this lemma, we know that \(\Pi _{\Sigma \rightarrow \Sigma \cap \mathrm {T}}(\Pi _{\Sigma \cup \mathrm {T} \rightarrow \Sigma }(u)) = \Pi _{\Sigma \cup \mathrm {T} \rightarrow \Sigma \cap \mathrm {T}}(u)\) and \(\Pi _{\mathrm {T} \rightarrow \Sigma \cap \mathrm {T}}(\Pi _{\Sigma \cup \mathrm {T} \rightarrow \mathrm {T}}(u)) = \Pi _{\Sigma \cup \mathrm {T} \rightarrow \Sigma \cap \mathrm {T}}(u)\) and so \(\Pi _{\Sigma \rightarrow \Sigma \cap \mathrm {T}}(\Pi _{\Sigma \cup \mathrm {T} \rightarrow \Sigma }(u)) = \Pi _{\mathrm {T} \rightarrow \Sigma \cap \mathrm {T}}(\Pi _{\Sigma \cup \mathrm {T} \rightarrow \mathrm {T}}(u))\).

Proof of Lemma 4.1, Part 10: we prove this part of the lemma constructively by defining a function \( merge {}\) such that \(\Pi _{\Sigma _1 \cup \Sigma _2 \cup \Sigma _3 \rightarrow \Sigma _1 \cup \Sigma _2}(s) = w\) and \(\Pi _{\Sigma _1 \cup \Sigma _2 \cup \Sigma _3 \rightarrow \Sigma _2 \cup \Sigma _3}(s) = w'\) for \(s = merge {}(w, w', 0)\).

Let \( merge {}\) be a function from \((\Sigma _1 \cup \Sigma _2)^\infty \times (\Sigma _2 \cup \Sigma _3)^\infty \times \{0, 1\}\) to \((\Sigma _1 \cup \Sigma _2 \cup \Sigma _3)^\infty \) defined as follows:

$$\begin{aligned}&merge {}(w, w', i) = {\left\{ \begin{array}{ll} a \cdot merge {}(w_p, w', 1) &{} \text{ if } w = a \cdot w_p \text{ and } a \in \Sigma _1 \text{ and } i = 0 \\ c \cdot merge {}(w, w'_p, 0) &{} \text{ if } w' = c \cdot w'_p \text{ and } c \in \Sigma _3 \text{ and } i = 1 \\ b \cdot merge {}(w_p, w'_p, i) &{} \text{ if } w = b \cdot w_p \text{ and } w' = b \cdot w'_p \text{ and } b \in \Sigma _2\\ \epsilon &{} \text{ if } w = w' = \epsilon \\ merge {}(w, w', (i+1) \% 2) &{} \text{ otherwise } \end{array}\right. } \end{aligned}$$

First, it is easy to see that the conditions for the first four cases are mutually exclusive. Under the assumption that \(\Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _2}(w) = \Pi _{\Sigma _2\cup \Sigma _3 \rightarrow \Sigma _2}(w')\), if the fifth case applies to \( merge {}(w, w', i)\), then either the first or the second case will apply to \( merge {}(w, w', (i+1)\% 2)\) and thus \( merge {}\) is well defined for such inputs.

The latter implies that for every \(0< i < | merge {}(w,w',0)|\), there are unique \(x, w_p, w_p'\) such that \(|x| = i\) and \( merge {}(w, w', 0) = x \cdot merge {}(w_p, w'_p, 0)\) or \( merge {}(w, w', 0) = x \cdot merge {}(w_p, w'_p, 1)\). It is easy to show by induction over i that the following are true about \(w, w', x, w_p, w_p'\): \(w = \Pi _{\Sigma _1 \cup \Sigma _2 \cup \Sigma _3 \rightarrow \Sigma _1 \cup \Sigma _2}(x) \cdot w_p\) and \(w' = \Pi _{\Sigma _1 \cup \Sigma _2 \cup \Sigma _3 \rightarrow \Sigma _2 \cup \Sigma _3}(x) \cdot w_p'\).

Hence, all finite prefixes of w and \(\Pi _{\Sigma _1\cup \Sigma _2\cup \Sigma _3 \rightarrow \Sigma _1\cup \Sigma _2}( merge {}(w, w', 0))\) are equal, and so the corresponding words are equal. By the same argument \(w' = \Pi _{\Sigma _1\cup \Sigma _2\cup \Sigma _3 \rightarrow \Sigma _2\cup \Sigma _3}( merge {}(w, w', 0))\).

Proof of Lemma 4.1, Part 11:

\(\subseteq \) direction: consider \(w \in \Pi _{\Sigma \cup \mathrm {T} \rightarrow \mathrm {T}}(\Pi ^{-1}_{\Sigma \cup \mathrm {T} \leftarrow \Sigma }(L))\). Then there is a \(u \in \Pi ^{-1}_{\Sigma \cup \mathrm {T} \leftarrow \Sigma }(L)\), such that \(\Pi _{\Sigma \cup \mathrm {T} \rightarrow \mathrm {T}}(u) = w\) and \(\Pi _{\Sigma \cup \mathrm {T} \rightarrow \Sigma }(u) = v \in L\). Hence, \(\Pi _{\Sigma \rightarrow \Sigma \cap \mathrm {T}}(v) = \Pi _{\Sigma \rightarrow \Sigma \cap \mathrm {T}}(\Pi _{\Sigma \cup \mathrm {T} \rightarrow \Sigma }(u)) \overset{\text {Lemma}~4.1, \text { Part~9}}{=} \Pi _{\mathrm {T} \rightarrow \Sigma \cap \mathrm {T}}(\Pi _{\Sigma \cup \mathrm {T} \rightarrow \mathrm {T}}(u)) = \Pi _{\mathrm {T} \rightarrow \Sigma \cap \mathrm {T}}(w)\). Thus, \(\Pi _{\mathrm {T} \rightarrow \Sigma \cap \mathrm {T}}(w) \in \Pi _{\Sigma \rightarrow \Sigma \cap \mathrm {T}}(L)\), and so \(w \in \Pi ^{-1}_{\mathrm {T} \leftarrow \Sigma \cap \mathrm {T}}(\Pi _{\Sigma \rightarrow \Sigma \cap \mathrm {T}}(L))\).

\(\supseteq \) direction: let \(\Sigma _2 = \Sigma \cap \mathrm {T}, \Sigma _1 = \Sigma {\setminus } \Sigma _2, \Sigma _3 = \mathrm {T}{\setminus } \Sigma _2\). Note that \(\Sigma _1, \Sigma _2,\) and \(\Sigma _3\) are mutually disjoint, and that \(\Sigma _1 \cup \Sigma _2=\Sigma \), \(\Sigma _2 \cup \Sigma _3=\mathrm {T}\), and \(\Sigma _1 \cup \Sigma _2 \cup \Sigma _3=\Sigma \cup \mathrm {T}\). Consider \(w \in \Pi ^{-1}_{\mathrm {T} \leftarrow \Sigma \cap \mathrm {T}}(\Pi _{\Sigma \rightarrow \Sigma \cap \mathrm {T}}(L))\). Then there is a \(v \in L\), such that \(\Pi _{\mathrm {T} \rightarrow \Sigma _2}(w) = \Pi _{\mathrm {T} \rightarrow \Sigma \cap \mathrm {T}}(w) = \Pi _{\Sigma \rightarrow \Sigma \cap \mathrm {T}}(v) = \Pi _{\Sigma \rightarrow \Sigma _2}(v)\). By Part 10 of Lemma 4.1, there exists \(s \in (\Sigma _1 \cup \Sigma _2 \cup \Sigma _3)^\infty \), such that \(\Pi _{\Sigma _1 \cup \Sigma _2 \cup \Sigma _3 \rightarrow \Sigma }(s) = v\) and \(\Pi _{\Sigma _1 \cup \Sigma _2 \cup \Sigma _3 \rightarrow \mathrm {T}}(s) = w\). \(\Pi _{\Sigma _1 \cup \Sigma _2 \cup \Sigma _3 \rightarrow \Sigma }(s) = v\) implies that \(s \in \Pi ^{-1}_{\Sigma \cup \mathrm {T} \leftarrow \Sigma }(L)\). This and the fact \(\Pi _{\Sigma _1 \cup \Sigma _2 \cup \Sigma _3 \rightarrow \mathrm {T}}(s) = w\) imply \(w \in \Pi _{\Sigma \cup \mathrm {T} \rightarrow \mathrm {T}}(\Pi ^{-1}_{\Sigma \cup \mathrm {T} \leftarrow \Sigma }(L))\).

1.6 Proof of Theorem 4.2

We first prove two lemmas:

Lemma A.1

Let \(M = (Q, \Sigma , \delta , q_0, F)\) be a DFA, \(\Sigma ' \subseteq \Sigma \), and \(M' = \Pi _{\Sigma \rightarrow \Sigma '}(M) = (Q, \Sigma ', \Delta , \{q_0\}, F)\). For every \(s \in \Sigma ^*\), \((q_0, \Pi _{\Sigma \rightarrow \Sigma '}(s), \delta ^*(q_0, s)) \in \Delta ^*\).

Proof

By induction on the size of s:

if there is \(a \in \Sigma \) such that \(s = a\), then there are two cases:

  1. 1.

    if \(a \in \Sigma '\), then by definition of \(\Delta \), \((q_0, a, \delta (q_0, a)) \in \Delta \); \(\delta (q_0, a) = \delta ^*(q_0, a)\); hence, \((q_0, s, \delta ^*(q_0, s)) \in \Delta ^*\);

  2. 2.

    if \(a \notin \Sigma '\), then by definition of \(\Delta \), \((q_0, \epsilon , \delta (q_0, a)) \in \Delta \); \(\delta (q_0, a) = \delta ^*(q_0, a)\); \(\Pi _{\Sigma \rightarrow \Sigma '}(a) = \epsilon \); hence, \((q_0, \Pi _{\Sigma \rightarrow \Sigma '}(a), \delta ^*(q_0, s)) \in \Delta ^*\).

Let \(x \in \Sigma ^*\) and \(a \in \Sigma \) such that \(s = x \; a\). By inductive hypothesis, \((q_0, \Pi _{\Sigma \rightarrow \Sigma '}(x), \delta ^*(q_0, x)) \in \Delta ^*\).

There are two cases about a:

  1. 1.

    if \(a \in \Sigma '\) then by definition of \(\Delta \), \((\delta ^*(q_0, x), a, \delta (\delta ^*(q_0, x), a)) \in \Delta \) or \((\delta ^*(q_0, x), a, \delta ^*(q_0, x \; a)) \in \Delta \); \((q_0, \Pi _{\Sigma \rightarrow \Sigma '}(x), \delta ^*(q_0, x)) \in \Delta ^*\); \(\Pi _{\Sigma \rightarrow \Sigma '}(x) \; a = \Pi _{\Sigma \rightarrow \Sigma '}(x \; a)\); hence, \((q_0, \Pi _{\Sigma \rightarrow \Sigma '}(x) \; a, \delta ^*(q_0, x \; a)) \in \Delta ^*\) or \((q_0, \Pi _{\Sigma \rightarrow \Sigma '}(x \; a), \delta ^*(q_0, x \; a)) \in \Delta ^*\);

  2. 2.

    if \(a \notin \Sigma '\), then by definition of \(\Delta \), \((\delta ^*(q_0, x), \epsilon , \delta (\delta ^*(q_0, x), a)) \in \Delta \) or \((\delta ^*(q_0, x), \epsilon , \delta ^*(q_0, x \, a)) \in \Delta \); by inductive hypothesis \((q_0, \Pi _{\Sigma \rightarrow \Sigma '}(x), \delta ^*(q_0, x)) \in \Delta ^*\); hence, \((q_0, \Pi _{\Sigma \rightarrow \Sigma '}(x), \delta ^*(q_0, x \, a)) \in \Delta ^*\), because \(\Pi _{\Sigma \rightarrow \Sigma '}(x) = \Pi _{\Sigma \rightarrow \Sigma '}(x \, a)\), \((q_0, \Pi _{\Sigma \rightarrow \Sigma '}(x \, a), \delta ^*(q_0, x \, a)) \in \Delta ^*\).

\(\square \)

Lemma A.2

Let \(M = (Q, \Sigma , \delta , q_0, F)\) be a DFA, \(\Sigma ' \subseteq \Sigma \), and \(M' = \Pi _{\Sigma \rightarrow \Sigma '}(M) = (Q, \Sigma ', \Delta , \{q_0\}, F)\). For every \(s \in \Sigma '^*\), if \((q_0, s, q) \in \Delta ^*\), then there is \(s' \in \Sigma ^*\) such that \(\Pi _{\Sigma \rightarrow \Sigma '}(s') = s\) and \(\delta ^*(q_0, s') = q\).

Proof

The fact that \((q_0, s, q) \in \Delta ^*\) implies that there is a run: \((q_0, a_1, q_1), (q_1, a_2, q_2), \ldots , (q_{n-1}, a_n, q_n)\) such that \(q_n = q\) and \(a_1\, a_2\, \cdots \, a_n = s\).

We prove the statement by induction on the length of the run n.

If \(n = 0\), then \(q = q_0\) and \(s = \epsilon \). The statement holds for \(s' = \epsilon \) since \(\Pi _{\Sigma \rightarrow \Sigma '}(\epsilon ) = \epsilon \) and \(\delta ^*(q_0, \epsilon ) = q\).

Inductive hypothesis: for every \(s \in \Sigma '^*\) and q such that there is a run of length n from \(q_0\) to q on s, there is \(s' \in \Sigma ^*\) such that \(\Pi _{\Sigma \rightarrow \Sigma '}(s') = s\) and \(\delta ^*(q_0, s') = q\).

Let \(s \in \Sigma '^*\) such that there is a run of length \(n + 1\) from \(q_0\) to q: \((q_0, a_1, q_1), (q_1, a_2, q_2), \ldots , (q_{n-1}, a_n, q_n), (q_n, a_{n+1}, q)\), where \(s = a_1\, a_2\, \cdots \, a_n\, a_{n + 1}\) and \(a_i \in \Sigma ' \cup \{\epsilon \}\).

The run from \(q_0\) to \(q_n\) on \(s_{IH} = a_1\, a_2\, \cdots \, a_n\) is of length n; hence, by inductive hypothesis, there is \(s'_{IH}\) such that \(\Pi _{\Sigma \rightarrow \Sigma '}(s'_{IH}) = s_{IH}\) and \(\delta ^*(q_0, s'_{IH}) = q_n\).

There are two cases about \(a_{n + 1}\):

  1. 1.

    if \(a_{n + 1} = \epsilon \), since \((q_n, a_{n+1}, q) \in \Delta \), by definition of \(\Delta \), there is \(a'_{n + 1} \in \Sigma {\setminus } \Sigma '\) such that \(\delta (q_n, a'_{n + 1}) = q\); hence, by inductive hypothesis, \(\delta ^*(q_0, s'_{IH} \, a'_{n + 1}) = q\);

  2. 2.

    if \(a_{n + 1} \in \Sigma '\), since \((q_n, a_{n+1}, q) \in \Delta \), by definition of \(\Delta \), it is true that \(\delta (q_n, a_{n + 1}) = q\); hence, by inductive hypothesis, \(\delta ^*(q_0, s'_{IH} \, a_{n + 1}) = q\).

\(\square \)

Now we can prove Theorem 4.2: let \(M = (Q, \Sigma , \delta , q_0, F)\) and let \(M' = \Pi _{\Sigma \rightarrow \Sigma '}(M)= (Q, \Sigma ', \Delta ,\{q_0\}, F)\). Then:

  • \(\Pi _{\Sigma \rightarrow \Sigma '}(L(M)) \subseteq L(M')\).

    Since \(\Pi _{\Sigma \rightarrow \Sigma '}(L(M)) = \{\Pi _{\Sigma \rightarrow \Sigma '}(w) ~|~ w \in L(M)\}\), it suffices to show that if \(w \in L(M)\) then \(\Pi _{\Sigma \rightarrow \Sigma '}(w) \in L(M')\).

    Let \(w \in L(M)\). There is \(q \in F\), such that \(\delta ^*(q_0, w) = q\). By Lemma A.1, \((q_0, \Pi _{\Sigma \rightarrow \Sigma '}(w), q) \in \Delta ^*\), hence, \(\Pi _{\Sigma \rightarrow \Sigma '}(w) \in L(M')\).

  • \(L(M') \subseteq \Pi _{\Sigma \rightarrow \Sigma '}(L(M))\).

    Since \(\Pi _{\Sigma \rightarrow \Sigma '}(L(M)) = \{\Pi _{\Sigma \rightarrow \Sigma '}(w) ~|~ w \in L(M)\}\), it suffices to show that for every \(w \in L(M')\), there is \(w' \in L(M)\) such that \(w = \Pi _{\Sigma \rightarrow \Sigma '}(w')\).

    Let \(w \in L(M')\). There is \(q \in F\), such that \((q_0, w, q) \in \Delta ^*\). By Lemma A.2, there is \(w' \in \Sigma ^*\) such that \(\Pi _{\Sigma \rightarrow \Sigma '}(w') = w\) and \(\delta ^*(q_0, w') = q\), or \(\delta ^*(q_0, w') \in F\). Hence \(w' \in L(M)\).

1.7 Proof of Theorem 4.3

We first prove a lemma:

Lemma A.3

If M is a DFA, \(\Sigma ' \supseteq \Sigma \), \(M' = \Pi ^{-1,*}_{\Sigma ' \leftarrow \Sigma }(M)\), and \(w \in \Sigma '^*\), then \(\delta _{M'}^*(q_0, w) = \delta _{M}^*(q_0, \Pi _{\Sigma ' \rightarrow \Sigma }(w))\), where \(q_0\) is the initial state of both M and \(M'\), and \(\delta _M^*\) (resp. \(\delta _{M'}^*\)) is the reflexive and transitive closure of the transition function of M (resp. \(M'\)).

Proof

By induction on the length of w.

If \(|w| = 1\) and \(w \in \Sigma \), then \(\Pi _{\Sigma ' \rightarrow \Sigma }(w) = w\) therefore the property holds.

If \(|w| = 1\) and \(w \in \Sigma ' {\setminus } \Sigma \), then

  • by definition of \(M'\), \(\delta _{M'}(q_0, w) = \delta _{M'}^*(q_0, w) = q_0\),

  • \(\Pi _{\Sigma ' \rightarrow \Sigma }(w) = \epsilon \) and by definition of reflexive closure \(\delta _{M}^*(q_0, \Pi _{\Sigma ' \rightarrow \Sigma }(w)) = q_0\).

So, \(\delta _{M'}^*(q_0, w) = \delta _{M}^*(q_0, \Pi _{\Sigma ' \rightarrow \Sigma }(w)) = q_0\).

Assume that \(\delta _{M'}^*(q_0, w) = \delta _{M}^*(q_0, \Pi _{\Sigma ' \rightarrow \Sigma }(w))\) for all w with \(w \le |n|\).

Let \(w_{n+1}\) be a word with length \(n+1\) such that \(w_{n+1} = w_n \cdot \sigma \).

Then

$$\begin{aligned} \begin{array}{rl} \delta _{M'}^*(q_0, w_{n+1}) &{}= \delta _{M'}(\delta _{M'}^*(q_0, w_n), \sigma )\\ &{}=\delta _{M'}(\delta _{M}^*(q_0, \Pi _{\Sigma ' \rightarrow \Sigma }(w_n)), \sigma ) \quad \text {(By IH)}. \end{array} \end{aligned}$$

If \(\sigma \in \Sigma \) then \(\Pi _{\Sigma ' \rightarrow \Sigma }(w_{n+1}) = \Pi _{\Sigma ' \rightarrow \Sigma }(w_n) \cdot \Pi _{\Sigma ' \rightarrow \Sigma }(\sigma ) = \Pi _{\Sigma ' \rightarrow \Sigma }(w_n) \cdot \sigma \) and by definition of \(M'\), \(\delta _{M'}(\delta _{M}^*(q_0, \Pi _{\Sigma ' \rightarrow \Sigma }(w_n)), \sigma ) = \delta _{M}(\delta _{M}^*(q_0, \Pi _{\Sigma ' \rightarrow \Sigma }(w_n)), \sigma ) = \delta _{M}^*(q_0, \Pi _{\Sigma ' \rightarrow \Sigma }(w_n) \cdot \sigma ) = \delta _{M}^*(q_0, \Pi _{\Sigma ' \rightarrow \Sigma }(w_{n+1}))\).

If \(\sigma \in \Sigma ' {\setminus } \Sigma \), then \(\Pi _{\Sigma ' \rightarrow \Sigma }(w_{n+1}) = \Pi _{\Sigma ' \rightarrow \Sigma }(w_n)\) and, by definition of \(M'\), \(\delta _{M'}(\delta _{M}^*(q_0, \Pi _{\Sigma ' \rightarrow \Sigma }(w_n)), \sigma ) = \delta _{M}^*(q_0, \Pi _{\Sigma ' \rightarrow \Sigma }(w_n)) = \delta _{M}^*(q_0, \Pi _{\Sigma ' \rightarrow \Sigma }(w_{n+1}))\).

Hence, in both cases, \(\delta _{M'}(\delta _{M}^*(q_0, \Pi _{\Sigma ' \rightarrow \Sigma }(w_n)), \sigma ) = \delta _{M}^*(q_0, \Pi _{\Sigma ' \rightarrow \Sigma }(w_{n+1}))\), and so \(\delta _{M'}^*(q_0, w_{n+1}) = \delta _{M}^*(q_0, \Pi _{\Sigma ' \rightarrow \Sigma }(w_{n+1}))\). \(\square \)

We now prove the first result: \(L(\Pi ^{-1,*}_{\Sigma ' \leftarrow \Sigma }(M)) = \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L(M))\cap \Sigma '^*\). Let \(M = (Q, \Sigma , \delta _M, q_0, F)\) and \(M' = \Pi ^{-1,*}_{\Sigma ' \leftarrow \Sigma }(M) = (Q, \Sigma ', \delta _{M'}, q_0, F)\).

Let \(w \in L(M')\). Then \(\delta _{M'}^*(q_0, w) \in F\). By Lemma A.3, \(\delta _M^*(q_0, \Pi _{\Sigma ' \rightarrow \Sigma }(w))=\delta _{M'}^*(q_0, w)\in F\); hence, \(\Pi _{\Sigma ' \rightarrow \Sigma }(w) \in L(M)\). \(\Pi _{\Sigma ' \rightarrow \Sigma }(w) \in L(M)\) implies, by definition, \(w \in \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L(M))\). Moreover, w is finite, therefore \(w \in \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L(M))\cap \Sigma '^*\).

It remains to show that \(\Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L(M))\cap \Sigma '^* \subseteq L(M')\). Let \(w \in \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L(M)) \cap \Sigma '^*\). By the fact that \(w \in \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L(M))\), we deduce that \(\Pi _{\Sigma ' \rightarrow \Sigma }(w) \in L(M)\). Therefore, \(\delta ^*_M(q_0, \Pi _{\Sigma ' \rightarrow \Sigma }(w)) \in F\). By Lemma A.3, and the fact that \(w\in \Sigma '^*\), \(\delta _{M'}^*(q_0, w) = \delta _M^*(q_0, \Pi _{\Sigma ' \rightarrow \Sigma }(w)) \in F\). Hence, \(w \in L(M')\).

This completes the proof of the first result, \(L(\Pi ^{-1,*}_{\Sigma ' \leftarrow \Sigma }(M)) = \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L(M))\cap \Sigma '^*\).

We now prove the second result: \(L(\Pi ^{-1,\omega }_{\Sigma ' \leftarrow \Sigma }(M)) = \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L(M))\cap \Sigma '^\omega \). Let \(M = (Q, \Sigma , \delta _M, q_0, F)\) and \(N = \Pi ^{-1,\omega }_{\Sigma ' \leftarrow \Sigma }(M) = (Q\cup \{q_\omega \}, \Sigma ', \Delta , \{q_0\}, \{q_\omega \})\). We need to prove \(L(N) = \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L(M))\cap \Sigma '^\omega \).

First we prove \(L(N) \subseteq \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L(M))\cap \Sigma '^\omega \). Let \(w\in L(N)\). Observe that N has a single accepting state, \(q_\omega \), with a self-loop for every letter in \(\Sigma '{\setminus }\Sigma \). Therefore, in order for w to be accepted by N, N must have a run which reaches \(q_\omega \) and remains there forever. This means that w is of the form \(w = u\cdot v\), where

  • \(u\in \Sigma '^*\) is a finite prefix for which N has a run reaching a state \(q\in F\), and

  • \(v\in (\Sigma '{\setminus }\Sigma )^\omega \) is an infinite suffix containing only letters in \(\Sigma '{\setminus }\Sigma \), so that starting from q, N can move to \(q_\omega \) and remain there forever reading v.

By definition, \(\Pi _{\Sigma ' \rightarrow \Sigma }(w) = \Pi _{\Sigma ' \rightarrow \Sigma }(u)\cdot \Pi _{\Sigma ' \rightarrow \Sigma }(v)\). But \(\Pi _{\Sigma ' \rightarrow \Sigma }(v)\) is the empty word, since v contains no letter from \(\Sigma \). Therefore, \(\Pi _{\Sigma ' \rightarrow \Sigma }(w) = \Pi _{\Sigma ' \rightarrow \Sigma }(u)\). By construction of N, and the fact that it has a run on u reaching \(q\in F\), we can conclude that M has a run on \(\Pi _{\Sigma ' \rightarrow \Sigma }(u)\) reaching \(q\in F\). Therefore, \(\Pi _{\Sigma ' \rightarrow \Sigma }(u)\) is accepted by M, i.e., \(\Pi _{\Sigma ' \rightarrow \Sigma }(u)\in L(M)\). Thus, since \(\Pi _{\Sigma ' \rightarrow \Sigma }(w) = \Pi _{\Sigma ' \rightarrow \Sigma }(u)\), \(\Pi _{\Sigma ' \rightarrow \Sigma }(w)\in L(M)\), which implies \(w\in \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L(M))\). The result \(w \in \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L(M))\cap \Sigma '^\omega \) follows by the fact that w is an infinite word.

It remains to prove \(\Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L(M))\cap \Sigma '^\omega \subseteq L(N)\). Let \(w\in \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L(M))\cap \Sigma '^\omega \). Then w is an infinite word such that \(\Pi _{\Sigma ' \rightarrow \Sigma }(w)\in L(M)\). Since L(M) only contains finite words, \(\Pi _{\Sigma ' \rightarrow \Sigma }(w)\) must be some finite word over \(\Sigma \), call it \(x\in \Sigma ^*\). Then, \(x=\Pi _{\Sigma ' \rightarrow \Sigma }(w)\) is accepted by M. In addition, since w is infinite and its projection on \(\Sigma \) is finite, w must be of the form \(w = u\cdot v\), where

  • \(u\in \Sigma '^*\) is a finite prefix such that \(\Pi _{\Sigma ' \rightarrow \Sigma }(w) = \Pi _{\Sigma ' \rightarrow \Sigma }(u)=x\), and

  • \(v\in (\Sigma '{\setminus }\Sigma )^\omega \) is an infinite suffix containing only letters in \(\Sigma '{\setminus }\Sigma \), so that \(\Pi _{\Sigma ' \rightarrow \Sigma }(v)\) is the empty word.

In order for M to accept x, M must have a run on x reaching an accepting state \(q\in F\). Then, by construction of N, N has a run on u reaching the same state q. Since v only has letters in \(\Sigma '{\setminus }\Sigma \), N can continue the above run by reading v, moving to \(q_\omega \), and remaining there forever. This constitutes an accepting run for N; therefore, N accepts \(u\cdot v\), i.e., it accepts w. This proves \(w\in L(N)\) and concludes the proof of the theorem.

1.8 Proof of Theorem 4.4

We first prove the first result: \(L(\Pi _{\Sigma \rightarrow \Sigma '}^*(M))=\Pi _{\Sigma \rightarrow \Sigma '}(L(M)) \cap \Sigma '^*\). Let \(M=(Q, \Sigma , \Delta , Q_0, F)\). Let \(\Pi _{\Sigma \rightarrow \Sigma '}^*(M) = M' = (Q, \Sigma ', \Delta ', Q_0, F')\). Then:

  • We first prove \(\Pi _{\Sigma \rightarrow \Sigma '}(L(M)) \cap \Sigma '^* \subseteq L(M')\).

    Let \(w \in \Pi _{\Sigma \rightarrow \Sigma '}(L(M)) \cap \Sigma '^*\).

    There is \(w' \in L(M)\) such that \(\Pi _{\Sigma \rightarrow \Sigma '}(w') = w\).

    Since w is finite, and \(w'\) is infinite, there is k such that if \(w''\) is the suffix of \(w'\) after its k-th element, then \(\Pi _{\Sigma \rightarrow \Sigma '}(w'') = \epsilon \).

    If R is any accepting run of M on \(w'\), then after the k-th step, only transitions in \(\{(q, a, q') \in \Delta ~|~ a\in \Sigma {\setminus } \Sigma '\}\) are taken.

    Let f be an accepting state that is visited infinitely often in R after the k-th step.

    Then from the existence of R, there is \(s \in (\Sigma {\setminus } \Sigma ')^*\) such that \((f, s, f) \in \Delta ^+\) and \(f \in F'\).

    It is easy to construct an accepting run of \(\Pi _{\Sigma \rightarrow \Sigma '}^*(M)\) from R that ends in f, and accepts w.

  • We next prove that \(L(M') \subseteq \Pi _{\Sigma \rightarrow \Sigma '}(L(M)) \cap \Sigma '^*\).

    Let \(w \in L(M')\).

    There is an accepting run R of \(M'\) on w that ends in a final state \(f \in F'\).

    From R, there is \(w' \in \Sigma ^*\) such that \(w = \Pi _{\Sigma \rightarrow \Sigma '}(w')\) and a finite run of M on \(w'\), \(R'\), that ends in f exists.

    By definition of \(F'\), there is \(w'' \in \Sigma {\setminus } \Sigma '\), \((f, w'', f) \in \Delta ^+\).

    Hence, \(w' \cdot (w'')^\omega \in L(M)\) and \(\Pi _{\Sigma \rightarrow \Sigma '}(w' \cdot (w'')^\omega ) = \Pi _{\Sigma \rightarrow \Sigma '}(w') \cdot \Pi _{\Sigma \rightarrow \Sigma '}((w'')^\omega ) = w\cdot \epsilon = w\).

This concludes the proof of the first result.

To prove the second result, we first prove a lemma:

Lemma A.4

Let M be an NBA \((Q, \Sigma , \Delta , Q_0, F)\), \(\Sigma ' \subseteq \Sigma \), and \(M' = \Pi ^{\omega }_{\Sigma \rightarrow \Sigma '}(M) = (Q, \Sigma ', \Delta ', Q_0, F)\). If \(w \in \Sigma ^*\), \((q, w, q') \in \Delta ^*\), and \(\Pi _{\Sigma \rightarrow \Sigma '}(w) \ne \epsilon \) then \((q, \Pi _{\Sigma \rightarrow \Sigma '}(w), q') \in \Delta '^*\).

Proof

We use induction on the length of the run from q to \(q'\) in M on w.

If the run from q to \(q'\) in M on w is of length one, then there is a such that \(w = a\), \(a \in \Sigma '\), and \((q, a, q') \in \Delta \). By definition \((q, a, q') \in \Delta '\), hence \((q, \Pi _{\Sigma \rightarrow \Sigma '}(w), q') \in \Delta '^*\).

Assume that the run from q to \(q'\) in M on w is of length \(n+1\), i.e., there is a sequence of transitions: \((q_1, a_1, q_2), (q_2, a_2, q_3), \ldots , (q_{n-1}, a_{n-1}, q_n), (q_n, a_n, q_{n+1})\), such that \(q_1 = q\), \(q_{n+1} = q'\), and \(w = a_1 \cdots a_n\).

Let k be the largest index in the sequence for which \(a_k \in \Sigma '\). Then \(a_{k+1}, \ldots , a_n \in \Sigma {\setminus } \Sigma '\).

There are two cases for the word \(w' = a_1 \, a_2 \cdots a_{k-1}\).

If \(\Pi _{\Sigma \rightarrow \Sigma '}(w') \ne \epsilon \), then by induction on the run from \(q_1\) to \(q_k\) on \(w'\), \((q_1, \Pi _{\Sigma \rightarrow \Sigma '}(w'), q_k) \in \Delta '^*\). Let \(w'' = a_k \cdots a_n\). By definition of k, \(\Pi _{\Sigma \rightarrow \Sigma '}(w'') = a_k\), hence, by definition of \(\Delta '\)\((q_k, a_k, q_n) \in \Delta '\). Since \(w = w' \, w''\), it is true that \((q_1, \Pi _{\Sigma \rightarrow \Sigma '}(w), q_n) \in \Delta '^*\).

If \(\Pi _{\Sigma \rightarrow \Sigma '}(w') = \epsilon \), then by definition of k, \(\Pi _{\Sigma \rightarrow \Sigma '}(w) = a_k\), and by definition of \(\Delta '\), \((q_1, \Pi _{\Sigma \rightarrow \Sigma '}(w), q_n) \in \Delta '\). \(\square \)

We now prove the second result: \(L(\Pi ^{\omega }_{\Sigma \rightarrow \Sigma '}(M))=\Pi _{\Sigma \rightarrow \Sigma '}(L(M)) \cap \Sigma '^\omega \).

Recall that \(\Pi _{\Sigma \rightarrow \Sigma '}(L(M)) = \{\Pi _{\Sigma \rightarrow \Sigma '}(w) ~|~ w \in L(M)\}\).

  • We first prove that \(\Pi _{\Sigma \rightarrow \Sigma '}(L(M)) \cap \Sigma '^\omega \subseteq L(\Pi ^{\omega }_{\Sigma \rightarrow \Sigma '}(M))\).

    It suffices to show that for every \(w \in L(M)\), if \(\Pi _{\Sigma \rightarrow \Sigma '}(w) \in \Sigma '^\omega \) then \(\Pi _{\Sigma \rightarrow \Sigma '}(w) \in L(\Pi ^{\omega }_{\Sigma \rightarrow \Sigma '}(M))\).

    Note that, since \(\Pi _{\Sigma \rightarrow \Sigma '}(w) \in \Sigma '^\omega \), w contains an infinite number of letters from \(\Sigma '\).

    Given an accepting run of M on w we describe how to construct an accepting run of \(\Pi ^{\omega }_{\Sigma \rightarrow \Sigma '}(M)\) on \(\Pi _{\Sigma \rightarrow \Sigma '}(w)\).

    Let \(R = q_0 \xrightarrow {a_0} q_1 \xrightarrow {a_1} \cdots \) be an accepting run of M on w and let \(q^F \in F\) be an accepting state visited infinitely often in the run R. Let \(i_1\) the first index such that \(q_{i_1} = q^F\) and \(\Pi _{\Sigma \rightarrow \Sigma '}(a_0 \cdots a_{i_1 - 1}) \ne \epsilon \). Since \((q_0, a_0 \cdots a_{i_1 - 1}, q_{i_1}) \in \Delta ^*\), by Lemma A.4, \((q_0, \Pi _{\Sigma \rightarrow \Sigma '}(a_0 \cdots a_{i_1 - 1}), q_{i_1}) \in \Delta '^*\). Hence there is a run \(R'\) of \(M'\) on \(\Pi _{\Sigma \rightarrow \Sigma '}(a_0 \cdots a_{i_1 - 1})\) that ends in \(q^F\). Because there is an infinite number of occurrences of the accepting state \(q^F\) and transitions on symbols from \(\Sigma '\) in R, we can continue this process and extend \(R'\) to an infinite run of \(\Pi ^{\omega }_{\Sigma \rightarrow \Sigma '}(M)\) that visits \(q^F\) infinitely often.

  • We next prove that \(L(\Pi ^{\omega }_{\Sigma \rightarrow \Sigma '}(M)) \subseteq \Pi _{\Sigma \rightarrow \Sigma '}(L(M)) \cap \Sigma '^\omega \).

    Let \(w' \in L(\Pi ^{\omega }_{\Sigma \rightarrow \Sigma '}(M))\). There is an infinite accepting run of \(\Pi ^{\omega }_{\Sigma \rightarrow \Sigma '}(M)\) on \(w'\): \(R=q_0 \xrightarrow {a_0} q_1 \xrightarrow {a_1} q_2 \xrightarrow {a_2} \cdots \). Let \(\Delta \) and \(\Delta '\) be the transition relations of M and \(\Pi ^{\omega }_{\Sigma \rightarrow \Sigma '}(M)\), respectively. For every i, \((q_i, a_i, q_{i + 1}) \in \Delta '\). By construction of \(\Delta '\), there is \(w_i \in \Sigma ^*\) such that \(\Pi _{\Sigma \rightarrow \Sigma '}(w_i) = a_i\) and \((q_i, w_i, q_{i + 1}) \in \Delta ^*\). Hence, we can construct a run of M on \(w_0 \, w_1 \cdots \) that visits the same states as R and thus is accepting.

This concludes the proof of the second result and the proof of the theorem.

1.9 Proof of Theorem 4.5

We first prove a sequence of lemmas.

Lemma A.5

If M is an NBA on alphabet \(\Sigma \) and \(\Sigma ' \supseteq \Sigma \), then \(\Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L(M)) \subseteq L(\Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(M))\).

Proof

Let \(L'\) be an \(\omega \)-regular language such that \(\Pi _{\Sigma ' \rightarrow \Sigma }(L') = L(M)\).

We show that for every \(w \in L'\), \(w \in L(\Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(M))\).

Let w be a word in \(L'\). Since \(\Pi _{\Sigma ' \rightarrow \Sigma }(L') = L(M)\), also \(\Pi _{\Sigma ' \rightarrow \Sigma }(w) \in L(M)\).

Assume that \(\Pi _{\Sigma ' \rightarrow \Sigma }(w) = a_0 \; a_1 \; \cdots \).

Note that since \(\Pi _{\Sigma ' \rightarrow \Sigma }(w) \in L(M)\), \(w \in \Sigma '^\omega \).

Hence, assume that \(w = b_{0,0}\; b_{0, 1} \; \cdots b_{0,n_0} \; \mathbf {a_0} \; b_{1,0}\; b_{1, 1} \cdots b_{1,n_1} \; \mathbf {a_1} \; \cdots \).

Let \(R = q_0 \xrightarrow {a_0} q_1 \xrightarrow {a_1} \cdots \) be an infinite accepting run of M on \(\Pi _{\Sigma ' \rightarrow \Sigma }(w)\).

We construct an accepting run \(R'\) of \(\Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(M)\) on w.

The initial state of \(R'\) is the same as the initial state of R: \(q_0\).

Assume that after reading symbol \(a_i\), run \(R'\) is at state \(q_{i + 1}\).

We will show that we can extend \(R'\) in such a way that after reading symbol \(a_{i+1}\) it will be at state \(q_{i + 2}\).

Let \(\Delta \) and \(\Delta '\) be the transition relations of M and \(\Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(M)\), respectively.

State \(q_{i + 1}\) is either accepting or not. We examine the two cases separately.

  • In the first case, since \(b_{i + 1, 0} \in \Sigma ' {\setminus } \Sigma \) and \(\{(q, a, \hat{q}) ~|~ q \in F, a \in \Sigma ' {\setminus } \Sigma \} \subseteq \Delta '\), \(R'\) can be extended with \(\xrightarrow {b_{i + 1, 0}} \widehat{q_{i + 1}}\).

    Furthermore, since \(\{(\hat{q}, a, \hat{q}) ~|~ q \in F, a \in \Sigma ' {\setminus } \Sigma \} \subseteq \Delta '\), \(R'\) can be further extended with: \(\xrightarrow {b_{i + 1, 1}} \widehat{q_{i + 1}} \xrightarrow {b_{i + 1, 2}} \widehat{q_{i+1}} \cdots \xrightarrow {b_{i + 1, n_{i + 1}}} \widehat{q_{i + 1}}\).

    Last, since \(\{(\hat{q}, a, q') ~|~ q \in F, (q, a, q') \in \Delta \} \subseteq \Delta '\) and \((q_{i + 1}, a_{i + 1}, q_{i+2}) \in \Delta \), \((\widehat{q_{i + 1}}, a_{i + 1}, q_{i + 2}) \in \Delta '\) and \(R'\) can be extended with: \(\xrightarrow {a_{i + 1}} q_{i + 2}\).

  • In the second case, because by construction \(\{(q, a, q) ~|~ q \in Q {\setminus } F, a \in \Sigma ' {\setminus } \Sigma \}\), \(R'\) can be extended with \(\xrightarrow {b_{i + 1, 0}} q_{i + 1} \xrightarrow {b_{i + 1, 1}} q_{i + 1} \cdots \xrightarrow {b_{i + 1, n_{i + 1}}} q_{i + 1}\).

    Since \((q_{i + 1}, a_{i + 1}, q_{i + 2}) \in \Delta \) and \(\Delta \subseteq \Delta '\), \(R'\) can be further extended with \(\xrightarrow {a_{i + 1}} q_{i + 2}\).

    Hence, in this case too, \(R'\) can be extended in a way that after reading \(a_{i + 1}\) it is at state \(q_{i + 2}\).

Therefore \(R'\) visits the same states as R and is accepting, or \(w \in L(\Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(M))\). \(\square \)

Lemma A.6

Let \(M = (Q, \Sigma , \Delta , Q_0, F)\) be an NBA, and \(M' = (Q', \Sigma ', \Delta ', Q_0, F)\) be \(\Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(M)\). Let \(R = q_0 \xrightarrow {a_0} q_1 \xrightarrow {a_1} \cdots \) be a run of \(M'\). Let ij be two indices such that: \(i < j\), \(a_i, a_j \in \Sigma \), and for every k such that \(i< k < j\), \(a_k \notin \Sigma \). Then \((q_{i + 1}, a_j, q_{j + 1}) \in \Delta \).

Proof

If \(q_{i + 1} \notin F\), then for every k such that \(i< k < j\), the only transition from \(q_{i + 1}\) on \(a_k\) is to \(q_{i + 1}\). Therefore, \(q_j = q_{i + 1}\) and the claim holds.

If \(q_{i + 1} \in F\), then \(q_{i + 2} = \widehat{q_{i + 1}}\) and for every k such that \(i + 1< k < j\), the only transition from \(q_{i + 2}\) on \(a_k\) is to \(q_{i + 2}\). Therefore, \(q_j = q_{i + 2} = \widehat{q_{i + 1}}\). By construction of \(\Delta '\), for every \(q \in F\) and \(a \in \Sigma \), if \((\hat{q}, a, q') \in \Delta '\) then \((q, a, q') \in \Delta \). Therefore, \((q_{i + 1}, a_j, q_{j + 1}) \in \Delta \). \(\square \)

Lemma A.7

If M is an NBA on alphabet \(\Sigma \) and \(\Sigma ' \supseteq \Sigma \), then \(L(\Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(M)) \subseteq \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L(M))\).

Proof

Let w be a word in \(L(\Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(M))\).

There is an infinite run R of \(\Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(M)\), \(R = q_0 \xrightarrow {a_0} q_1 \xrightarrow {a_1} \cdots \), such that \(a_0 \; a_1 \; \cdots = w\) and there are infinitely many i such that \(q_i \in F\).

We construct an accepting run \(R'\) of M based on R.

Let \(R'_i\) be the run constructed based on the first i transitions of R: \(q_0 \xrightarrow {a_0} q_1 \xrightarrow {a_1} \cdots \xrightarrow {a_{i-1}} q_{i}\)

We define \(R'_0\) to be \(q_0\) and

$$\begin{aligned} R'_{i+1} = {\left\{ \begin{array}{ll} R'_{i} \xrightarrow {a_i} q_{i+1} &{} \text {if }a_i \in \Sigma ,\\ R'_{i} &{} \text {otherwise.} \end{array}\right. } \end{aligned}$$

Let \(M = (Q, \Sigma , \Delta , Q_0, F)\) and \(\Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(M) = (Q', \Sigma ', \Delta ', Q_0, F)\).

We show that \(R'\) is an accepting run of M.

\(R_0' = q_0 \in Q_0\) is a partial run of M.

Assuming that \(R'_i\) is a partial run of M, we show that \(R'_{i + 1}\) is a partial run of M.

Let \(R_{i + 1} = R_i \xrightarrow {a} q_{i+1}\).

  • If \(a_i \notin \Sigma \) then \(R'_{i + 1} = R'_i\) and \(R'_{i + 1}\) remains a partial run of M.

  • If \(a_i \in \Sigma \) then \(R'_{i + 1} = R'_i \xrightarrow {a} q_{i + 1}\).

    Let j be the largest index smaller than i such that \(a_j \in \Sigma \).

    Hence, the last state in \(R'_i\) is \(q_{j + 1}\) and by Lemma A.6 there is a transition from \(q_{j + 1}\) to \(q_{i + 1}\) on \(a_i\).

What remains is to show that \(R'\) is an accepting run of M. Because R is an accepting run of \(\Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(M)\), there is an infinite number of i’s such that \(q_i \in F\). By definition of \(\Delta '\), if \((q, a, q') \in \Delta '\) and \(q' \in F\), then \(a \in \Sigma \). By definition of \(R'\), whenever \(q_i \in F\), \(R'_{i}\) also ends with \(q_i\). Hence, \(R'\) is an accepting run of \(\Pi _{\Sigma ' \rightarrow \Sigma }(w)\) and \(\Pi _{\Sigma ' \rightarrow \Sigma }(w) \in L(M)\).

Let \(L' = L(M) \cup \{w\}\). Then \(\Pi _{\Sigma ' \rightarrow \Sigma }(L') = L(M)\), therefore, \(L' \subseteq \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L(M))\) and \(w \in \Pi ^{-1}_{\Sigma ' \leftarrow \Sigma }(L(M))\). \(\square \)

The proof of Theorem 4.5 follows from Lemma A.5 and Lemma A.7.

1.10 Proof of Theorem 4.6

Proof of Theorem 4.6, Part 1: the if direction is trivial.

Only if: assume that \(L_1\) and \(L_2\) are consistent, that is, there exists language L on some alphabet \(\Sigma \supseteq \Sigma _1 \cup \Sigma _2\), such that \(\Pi _{\Sigma \rightarrow \Sigma _1}(L) = L_1\) and \(\Pi _{\Sigma \rightarrow \Sigma _2}(L) = L_2\).

Let \(L' = \Pi _{\Sigma \rightarrow \Sigma _1 \cup \Sigma _2}(L)\). We will show that \(L'\) is also a valid witness, that is, we will show that \(\Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _1}(L') = L_1\) and \(\Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _2}(L') = L_2\).

\(\Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _1}(L') = \Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _1}(\Pi _{\Sigma \rightarrow \Sigma _1 \cup \Sigma _2}(L))\). We will show that \(\Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _1}(\Pi _{\Sigma \rightarrow \Sigma _1 \cup \Sigma _2}(L)) = \Pi _{\Sigma \rightarrow \Sigma _1}(L)\):

$$\begin{aligned} \begin{array}{rcl} \Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _1}(\Pi _{\Sigma \rightarrow \Sigma _1 \cup \Sigma _2}(L)) &{} = &{} \{\Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _1}(w) ~|~ w \in \{\Pi _{\Sigma \rightarrow \Sigma _1 \cup \Sigma _2}(w') ~|~ w' \in L\} \}\\ &{} = &{} \{\Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _1}(\Pi _{\Sigma \rightarrow \Sigma _1 \cup \Sigma _2}(w')) ~|~ w' \in L\} \\ &{} \overset{\text {by Part 8 of Lemma}~4.1}{=} &{} \{\Pi _{\Sigma \rightarrow \Sigma _1}(w') ~|~ w' \in L\} \\ &{} = &{} \Pi _{\Sigma \rightarrow \Sigma _1}(L). \end{array} \end{aligned}$$

Hence, \(\Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _1}(L') = \Pi _{\Sigma \rightarrow \Sigma _1}(L)\) and similarly, \(\Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _2}(L') = \Pi _{\Sigma \rightarrow \Sigma _2}(L)\).

Proof of Theorem 4.6, Part 2:

  • For Part 2a, assume L is not a \(*\)-language, i.e., there is a word \(w \in L \cap \Sigma ^\omega \). Then, there is at least one letter \(a \in \Sigma \) that occurs infinitely often in w. As \(\Sigma = \Sigma _1 \cup \Sigma _2\), a is either in \(\Sigma _1\) or \(\Sigma _2\), and so at least one of the words \(\Pi _{\Sigma \rightarrow \Sigma _1}(w),\Pi _{\Sigma \rightarrow \Sigma _2}(w)\) is infinite. This contradicts the assumption that L is a witness to the consistency of \(L_1\) and \(L_2\) w.r.t. \(=\), which would imply that \(\Pi _{\Sigma \rightarrow \Sigma _1}(w) \in L_1 \subseteq \Sigma _1^*\) and \(\Pi _{\Sigma \rightarrow \Sigma _2}(w) \in L_2 \subseteq \Sigma _2^*\).

  • For Part 2b, it suffices to note that in order for the projection of L to be an \(\omega \)-language, L must itself contain only infinite words (since the projection of a finite word is a finite word).

Proof of Theorem 4.6, Part 3:

If: we will show that \(L^\sharp \) is a valid witness to the consistency of \(L_1,L_2\). For this, it suffices to show that \(\Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _i}(L^\sharp ) = L_i\), for \(i=1,2\). We already have \(\Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _i}(L^\sharp ) \supseteq L_i\), from the hypothesis. Thus, it suffices to show \(\Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _i}(L^\sharp ) \subseteq L_i\). Notice that, by definition of \(L^\sharp \), \(L^\sharp \subseteq \Pi ^{-1}_{\Sigma _1 \cup \Sigma _2 \leftarrow \Sigma _i}(L_i)\), for \(i=1,2\). Then, by monotonicity of projection (Lemma 4.1, Part 1), \(\Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _i}(L^\sharp ) \subseteq \Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _i}(\Pi ^{-1}_{\Sigma _1 \cup \Sigma _2 \leftarrow \Sigma _i}(L_i))\). By Lemma 4.1, Part 6, \(\Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _i}(\Pi ^{-1}_{\Sigma _1 \cup \Sigma _2 \leftarrow \Sigma _i}(L_i))=L_i\), and the result follows.

Only if: suppose that \(L_1\) and \(L_2\) are consistent. We need to show that \(\Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _i}(L^\sharp ) \supseteq L_i\), for \(i=1,2\).

By the assumption that \(L_1\) and \(L_2\) are consistent, and by Part 1 of this theorem, there must exist a language L over \(\Sigma _1 \cup \Sigma _2\) such that \(\Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _1}(L) = L_1\) and \(\Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _2}(L) = L_2\). Then, it suffices to show \(L\subseteq L^\sharp \), and the desired \(L_i\subseteq \Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _i}(L^\sharp )\) follows by monotonicity of projection. Notice that \(L\subseteq L^\sharp \) also shows that \(L^\sharp \) is the greatest witness (in the set-theoretic sense).

To show \(L\subseteq L^\sharp \), we need to prove \(L\subseteq \Pi ^{-1}_{\Sigma _1 \cup \Sigma _2 \leftarrow \Sigma _1}(L_1)\) and \(L\subseteq \Pi ^{-1}_{\Sigma _1 \cup \Sigma _2 \leftarrow \Sigma _2}(L_2)\), and the result follows by definition of \(L^\sharp \). We have:

$$\begin{aligned} \begin{array}{rcl} \Pi ^{-1}_{\Sigma _1 \cup \Sigma _2 \leftarrow \Sigma _1}(L_1) &{} \overset{\text {by assumption that }L\text { is witness}}{=} &{} \Pi ^{-1}_{\Sigma _1 \cup \Sigma _2 \leftarrow \Sigma _1}(\Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _1}(L)) \\ &{} \overset{\text {Lemma}~4.1, \text { Part~7}}{\supseteq } &{} L . \end{array} \end{aligned}$$

The case \(L\subseteq \Pi ^{-1}_{\Sigma _1 \cup \Sigma _2 \leftarrow \Sigma _2}(L_2)\) is symmetric.

Proof of Theorem 4.6, Part 4: the fact that \(L^\sharp \) is a valid witness to the consistency of \(L_1,L_2\) is proven above, in the proof of the if direction of Part 3. The fact that \(L^\sharp \) is the greatest witness is also proven above, in the proof of the only if direction of Part 3.

1.11 Proof of Theorem 4.7

We first consider the only if direction. Let L be a witness to the consistency of \(L_1\) and \(L_2\), so that \(\Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _1}(L) = L_1\) and \(\Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _2}(L) = L_2\). Then \(\Pi _{\Sigma _1 \rightarrow \Sigma _1\cap \Sigma _2}(L_1) = \Pi _{\Sigma _1 \rightarrow \Sigma _1\cap \Sigma _2}(\Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _1}(L)) \overset{\text {Lemma}~4.1, \text { Part~8}}{=} \Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _1 \cap \Sigma _2}(L)\). Similarly, \(\Pi _{\Sigma _2 \rightarrow \Sigma _1\cap \Sigma _2}(L_2) = \Pi _{\Sigma _2 \rightarrow \Sigma _1\cap \Sigma _2}(\Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _2}(L)) = \Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _1 \cap \Sigma _2}(L)\). So \(\Pi _{\Sigma _1 \rightarrow \Sigma _1\cap \Sigma _2}(L_1) = \Pi _{\Sigma _2 \rightarrow \Sigma _1\cap \Sigma _2}(L_2) = \Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _1 \cap \Sigma _2}(L)\).

For the if direction, suppose \(\Pi _{\Sigma _1 \rightarrow \Sigma _1 \cap \Sigma _2}(L_1) = \Pi _{\Sigma _2 \rightarrow \Sigma _1 \cap \Sigma _2}(L_2)\). We show that \(L := \Pi ^{-1}_{\Sigma _1 \cup \Sigma _2 \leftarrow \Sigma _1}(L_1) \cap \Pi ^{-1}_{\Sigma _1 \cup \Sigma _2 \leftarrow \Sigma _2}(L_2)\) is a witness to the consistency of \(L_1\) and \(L_2\). So we need to prove that \(\Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _1}(L) = L_1\) and \(\Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _2}(L) = L_2\). As the two cases are symmetric it suffices to prove only the former.

First, we show that \(\Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _1}(L) = L_1 \cap \Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _1}(\Pi ^{-1}_{\Sigma _1\cup \Sigma _2 \leftarrow \Sigma _2}(L_2))\):

  1. 1.

    \(\subseteq \) direction:

    $$\begin{aligned} \begin{array}{rcl} \Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _1}(L) &{} \overset{\text {definition of} L}{=} &{} \Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _1}\\ \big (\Pi ^{-1}_{\Sigma _1\cup \Sigma _2 \leftarrow \Sigma _1}(L_1)\cap \Pi ^{-1}_{\Sigma _1\cup \Sigma _2 \leftarrow \Sigma _2}(L_2)\big ) \\ &{} \overset{\text {Lemma}~4.1, \text { Part 3}}{\subseteq } &{} \Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _1}(\Pi ^{-1}_{\Sigma _1\cup \Sigma _2 \leftarrow \Sigma _1}(L_1)) \cap \Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _1}(\Pi ^{-1}_{\Sigma _1\cup \Sigma _2 \leftarrow \Sigma _2}(L_2))\\ &{} \overset{\text {Lemma}~4.1, \text { Part 6}}{=} &{} L_1 \cap \Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _1}(\Pi ^{-1}_{\Sigma _1\cup \Sigma _2 \leftarrow \Sigma _2}(L_2)) \end{array} \end{aligned}$$
  2. 2.

    \(\supseteq \) direction: consider \(w \in L_1\cap \Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _1}(\Pi ^{-1}_{\Sigma _1\cup \Sigma _2 \leftarrow \Sigma _2}(L_2))\). Then, \(w \in L_1\) and there exists some \(u \in \Pi ^{-1}_{\Sigma _1\cup \Sigma _2 \leftarrow \Sigma _2}(L_2)\) such that \(\Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _1}(u) = w\). From \(\Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _1}(u) = w\) and \(w\in L_1\), we get \(u \in \Pi ^{-1}_{\Sigma _1\cup \Sigma _2 \leftarrow \Sigma _1}(L_1)\). This, together with \(u \in \Pi ^{-1}_{\Sigma _1\cup \Sigma _2 \leftarrow \Sigma _2}(L_2)\), means that \(u\in L\). Therefore, \(w \in \Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _1}(L)\).

Now we are ready to prove \(\Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _1}(L) = L_1\):

$$\begin{aligned} \begin{array}{rcl} \Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _1}(L) &{} \overset{\text {Argument above}}{=} &{}~ L_1 \cap \Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _1}(\Pi ^{-1}_{\Sigma _1 \cup \Sigma _2 \leftarrow \Sigma _2}(L_2))\\ &{} \overset{\text {Lemma}~4.1,\text { Part 11}}{=} &{}~ L_1 \cap \Pi ^{-1}_{\Sigma _1 \leftarrow \Sigma _1 \cap \Sigma _2}(\Pi _{\Sigma _2 \rightarrow \Sigma _1 \cap \Sigma _2}(L_2))\\ &{} \overset{\text {Assumption}}{=} &{}~ L_1 \cap \Pi ^{-1}_{\Sigma _1 \leftarrow \Sigma _1 \cap \Sigma _2}(\Pi _{\Sigma _1 \rightarrow \Sigma _1 \cap \Sigma _2}(L_1))\\ &{} \overset{\text {Lemma}~4.1,\text { Part 7}}{=} &{}~ L_1 \end{array} \end{aligned}$$

1.12 Proof of Theorem 4.8

Proof

Proof of Theorem 4.8, Part 1:

The conformance relations are \({\models }_1 = \;\supseteq _{a_1}\) and \({\models }_2 = \;\supseteq _{a_2}\).

According to Lemma 2.2 and because \({\models }= \;\supseteq \), if \(\mathcal S\) is a set of languages on \(\Sigma \), then \(a_{{\models }_i}({\mathcal S}) = \bigcup \{\Pi _{\Sigma \rightarrow \Sigma _i}(L) ~|~ L \in {\mathcal S}\} = \Pi _{\Sigma \rightarrow \Sigma _i}(\bigcup {\mathcal S})\).

Also, if \(L_i\) is a language on \(\Sigma _i\), then by definition \(c_{{\models }_i}(L_i) = \{L \text{ language } \text{ on } \Sigma ~|~ L_i \supseteq \Pi _{\Sigma \rightarrow \Sigma _i}(L)\}\).

Note that \(\bigcup \{L \text{ language } \text{ on } \Sigma ~|~ L_i \supseteq \Pi _{\Sigma \rightarrow \Sigma _i}(L)\} = \{w \text{ over } \Sigma ~|~ \Pi _{\Sigma \rightarrow \Sigma _i}(w) \in L_i\} = \Pi ^{-1}_{\Sigma \leftarrow \Sigma _i}(L_i)\).

$$\begin{aligned} \begin{array}{rcl} \textit{reduce}_1(L_1, L_2) &{}\overset{\text {By definition}}{=}&{} a_{{\models }_1}\big ( c_{{\models }_1}(L_{1}) \cap c_{{\models }_2}(L_{2})\big ) \\ &{}=&{}a_{{\models }_1} \big ( \{L \text{ language } \text{ on } \Sigma ~|~ L_1 \supseteq \Pi _{\Sigma \rightarrow \Sigma _1}(L)\} \\ &{}&{}\quad \cap {}\{L \text{ language } \text{ on } \Sigma ~|~ L_2 \supseteq \Pi _{\Sigma \rightarrow \Sigma _2}(L)\} \big ) \\ &{}=&{} \Pi _{\Sigma \rightarrow \Sigma _1} \Big (\bigcup \big ( \{L \text{ language } \text{ on } \Sigma ~|~ L_1 \supseteq \Pi _{\Sigma \rightarrow \Sigma _1}(L)\} \\ &{}&{}\quad \cap {}\{L \text{ language } \text{ on } \Sigma ~|~ L_2 \supseteq \Pi _{\Sigma \rightarrow \Sigma _2}(L)\} \big )\Big )\\ &{}=&{}\Pi _{\Sigma \rightarrow \Sigma _1} \Big (\big (\bigcup \{L \text{ language } \text{ on } \Sigma ~|~ L_1 \supseteq \Pi _{\Sigma \rightarrow \Sigma _1}(L)\}\big ) \\ &{}&{}\quad \cap {}\big (\bigcup \{L \text{ language } \text{ on } \Sigma ~|~ L_2 \supseteq \Pi _{\Sigma \rightarrow \Sigma _2}(L)\} \big )\Big )\\ &{}=&{} \Pi _{\Sigma \rightarrow \Sigma _1}(\Pi ^{-1}_{\Sigma \leftarrow \Sigma _1}(L_1) \cap \Pi ^{-1}_{\Sigma \leftarrow \Sigma _2}(L_2))\\ &{}\overset{\text {See proof of Theorem}~4.7}{=}&{}L_1 \cap \Pi _{\Sigma \rightarrow \Sigma _1}(\Pi ^{-1}_{\Sigma \leftarrow \Sigma _2}(L_2)) \end{array} \end{aligned}$$

The fact that \(\textit{reduce}_2(L_1, L_2) = L_2 \cap \Pi _{\Sigma \rightarrow \Sigma _2}(\Pi ^{-1}_{\Sigma \leftarrow \Sigma _1}(L_1))\) can be shown analogously.

Proof of Theorem 4.8, Part 2:

By Part 1 of this theorem, \(\textit{reduce}_{1}(L_1, L_2) = L_1 \cap \Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _1}(\Pi ^{-1}_{\Sigma _1 \cup \Sigma _2 \leftarrow \Sigma _2}(L_2))\) and \(\textit{reduce}_2(L_1, L_2) = L_2 \cap \Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _2}(\Pi ^{-1}_{\Sigma _1 \cup \Sigma _2 \leftarrow \Sigma _1}(L_1))\). Therefore, \(L_1\) and \(L_2\) are mutually irreducible w.r.t. \(\supseteq _{\Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _1}}\) and \(\supseteq _{\Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _2}}\), i.e., \(\textit{reduce}_1(L_1, L_2) = L_1\) and \(\textit{reduce}_2(L_1, L_2) = L_2\), if and only if \(L_1 \subseteq \Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _1}(\Pi ^{-1}_{\Sigma _1 \cup \Sigma _2 \leftarrow \Sigma _2}(L_2))\) and \(L_2 \subseteq \Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _2}(\Pi ^{-1}_{\Sigma _1 \cup \Sigma _2 \leftarrow \Sigma _1}(L_1))\).

By Lemma 2.4, irreducibility is equivalent to consistency; hence, \(L_1\) and \(L_2\) are consistent if and only if \(L_1 \subseteq \Pi _{\Sigma _1\cup \Sigma _2 \rightarrow \Sigma _1}(\Pi ^{-1}_{\Sigma _1 \cup \Sigma _2 \leftarrow \Sigma _2}(L_2))\) and \(L_2 \subseteq \Pi _{\Sigma _1 \cup \Sigma _2 \rightarrow \Sigma _2}(\Pi ^{-1}_{\Sigma _1 \cup \Sigma _2 \leftarrow \Sigma _1}(L_1))\).

Note that by Part 1 of Theorem 4.6, consistency when \({\mathcal {U}}\) is words over \(\Sigma \supseteq \Sigma _1 \cup \Sigma _2\) is equivalent to consistency when \({\mathcal {U}}\) is words over \(\Sigma _1 \cup \Sigma _2\). \(\square \)

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Reineke, J., Stergiou, C. & Tripakis, S. Basic problems in multi-view modeling. Softw Syst Model 18, 1577–1611 (2019). https://doi.org/10.1007/s10270-017-0638-1

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10270-017-0638-1

Keywords

Navigation