On the Construction of Fine Automata for Safety Properties

Of special interest in formal verification are safety properties, which assert that the system always stays within some allowed region. Each safety property ψ can be associated with a set of bad prefixes: a set of finite computations such that an infinite computation violates ψ iff it has a prefix in the set. By translating a safety property to an automaton for its set of bad prefixes, verification can be reduced to reasoning about finite words: a system is correct if none of its computations has a bad prefix. Checking the latter circumvents the need to reason about cycles and simplifies significantly methods like symbolic fixed-point based verification, bounded model checking, and more. A drawback of the translation lies in the size of the automata: while the translation of a safety LTL formula ψ to a nondeterministic Büchi automaton is exponential, its translation to a tight bad-prefix automaton — one that accepts all the bad prefixes of ψ, is doubly exponential. Kupferman and Vardi showed that for the purpose of verification, one can replace the tight automaton by a fine automaton — one that accepts at least one bad prefix of each infinite computation that violates ψ. They also showed that for many safety LTL formulas, a fine automaton has the same structure as the Büchi automaton for the formula. The problem of constructing fine automata for general safety LTL formulas was left open. In this paper we solve this problem and show that while a fine automaton cannot, in general, have the same structure as the Büchi automaton for the formula, the size of a fine automaton is still only exponential in the length of the formula.