Beyond Language Equivalence on Visibly Pushdown Automata

We study (bi)simulation-like preorder/equivalence checking on the class of visibly pushdown automata and its natural subclasses visibly BPA (Basic Process Algebra) and visibly one-counter automata. We describe generic methods for proving complexity upper and lower bounds for a number of studied preorders and equivalences like simulation, completed simulation, ready simulation, 2-nested simulation preorders/equivalences and bisimulation equivalence. Our main results are that all the mentioned equivalences and preorders are EXPTIME-complete on visibly pushdown automata, PSPACE-complete on visibly one-counter automata and P-complete on visibly BPA. Our PSPACE lower bound for visibly one-counter automata improves also the previously known DP-hardness results for ordinary one-counter automata and one-counter nets. Finally, we study regularity checking problems for visibly pushdown automata and show that they can be decided in polynomial time.


Introduction
Visibly pushdown languages were introduced by Alur and Madhusudan in [AM04] as a subclass of context-free languages suitable for formal program analysis, yet tractable and with nice closure properties like the class of regular languages.Visibly pushdown languages are recognized by visibly pushdown automata whose stack behaviour is determined by the input symbol.If the symbol belongs to the category of call actions then the automaton must push, if it belongs to return actions then the automaton must pop, otherwise (for the internal actions) it may not change the stack height.In [AM04] it is shown that the class of visibly pushdown languages is closed under intersection, union, complementation, renaming, concatenation and Kleene star.A number of decision problems like universality, language equivalence and language inclusion, which are undecidable for context-free languages, become EXPTIME-complete for visibly pushdown languages.
Recently, visibly pushdown languages have been intensively studied and applied to e.g. program analysis [AEM04], XML processing [Pit05] and the language theory of this class has been further investigated in [AKMV05,BLS06].Researches also studied visibly pushdown games [LMS04].Some recent results show, for example, the application of a variant of visibly pushdown automata for proving decidability of contextual equivalence (and other problems) for the third-order fragment of Idealized Algol [MW05].Several strict extensions of visibly pushdown automata, which still preserve some of their pleasing language properties, have been introduced in [Cau06, FP01,NS07].Note that the extension introduced in [FP01] does not use the terminology of visibly pushdown automata, while it still employs similar ideas.
In this article we study visibly pushdown automata from a different perspective.Rather than as language acceptors, we consider visibly pushdown automata as devices that generate infinite state labelled graphs and we study the questions of decidability of behavioral equivalences and preorders on this class.Such questions were previously intensively studied on different classes of infinite state systems, motivated by the equivalence checking approach where a given implementation and specification of a system are compared with respect to a suitable notion of behavioural equivalence or preorder.For example, in the class of transition systems generated by ordinary pushdown automata, strong bisimilarity is known to be decidable [Sén98] (see also [Sén01,Sén02,Sti01]), but no reasonable complexity upper bound is presently known and e.g. the simulation preorder/equivalence on the same class is already undecidable [GH94].Our main motivation was to investigate whether the picture changes if we restrict the studied class of systems to visibly pushdown automata, which are still interesting from the modelling point of view but might provide more satisfactory decidability/complexity results.Indeed, our findings confirm the decidability and more reasonable complexity bounds for a number of verification problems on visibly pushdown automata and their natural subclasses.
We prove EXPTIME-containment of equivalence checking on visibly pushdown automata (vPDA) for practically all preorders and equivalences between simulation preorder and bisimulation equivalence that have been studied in the literature (our focus includes simulation, completed simulation, ready simulation, 2-nested simulation and bisimulation).We then study two natural (and incomparable) subclasses of visibly pushdown automata: visibly basic process algebra (vBPA) and visibly one-counter automata (v1CA).In case of v1CA we demonstrate PSPACE-containment of the preorder/equivalence checking problems and in case of vBPA even P-containment.For vBPA we provide also a direct reduction of the studied problems to equivalence checking on finite state systems, hence the fast algorithms already developed for systems with finitely many reachable states can be directly reused.All the mentioned upper bounds are matched by the corresponding lower bounds.The PSPACE-hardness proof for v1CA moreover improves the currently known DP lower bounds [JKMS04] for equivalence checking problems on ordinary one-counter automata and one-counter nets and some other problems (see Remark 3.8).Finally, we consider the regularity checking problem for visibly pushdown automata and show its P-completeness for vPDA and vBPA, and NL-completeness for v1CA w.r.t.all equivalences between trace equivalence and bisimilarity.
Related work.The main reason why many problems for visibly pushdown languages become tractable is, as observed in [AM04], that a pair of visibly pushdown automata can be synchronized in a similar fashion as finite state automata.We use this idea to construct, for a given pair of vPDA processes, a single pushdown automaton where we in a particular way encode the behaviour of both input processes so that they can alternate in performing their moves.This is done in such a way that the question of equality of the input processes w.r.t. a given equivalence/preorder can be tested by asking about the validity of particular modal µ-calculus formulae on the single pushdown process.A similar result of reducing weak simulation between a pushdown process and a finite state process (and vice versa) to the model checking problem appeared in [KM02a].We generalize these ideas to cover equivalences/preorders between two visibly pushdown processes and provide a generic proof for all the equivalence checking problems.The technical details of our construction are different from [KM02a] and, in particular, our construction works immediately also for vBPA (as the necessary bookkeeping is stored in the stack alphabet).As a result we thus show how to handle essentially any so far studied equivalence/preorder between simulation and bisimulation in a uniform way for vPDA, vBPA as well as for v1CA.
Regularity problems for deterministic pushdown automata were studied in [Ste67] and [Val75] where a double-exponential algorithm for deciding regularity w.r.t.language equivalence is given.This decidability result holds also for our class of visibly pushdown automata (because it is determinizable) but in our particular case we improve the result in two ways: (i) we provide a general algorithm for regularity checking w.r.t any equivalence between trace equivalence and bisimilarity, and (ii) our algorithm is running in polynomial time (and does not require determinization, which is an expensive operation).
In [BLS06] the authors consider language regularity problems for visibly pushdown automata.In particular, they study the question whether a visibly pushdown automaton is language equivalent to a visibly counter automaton with a given threshold.In our work we study the regularity problems in the context of the standard definitions from the concurrency theory, i.e., whether for a given vPDA process there is a behaviorally equivalent finite state system, and we consider a wide range of behavioural equivalences, not only the language equivalence.
The plan of the article is as follows.We introduce the class of visibly pushdown automata, a range of behavioral equivalences, and equivalence checking problems in Section 2. The decidability and complexity of equivalence checking of visibly pushdown automata and their subclasses is studied in Section 3. Regularity checking problems for the considered classes are introduced and proved decidable in polynomial time in Section 4. A summary of the results and a further discussion is presented in Section 5.

Definitions
A labelled transition system (LTS) is a triple (S, Act, −→) where S is the set of states (or processes), Act is the set of labels (or actions), and −→⊆ S × Act × S is the transition relation; for each a ∈ Act, we view a −→ as a binary relation on S where s a −→ s ′ iff (s, a, s ′ ) ∈−→.The notation can be naturally extended to s w −→ s ′ for finite sequences of actions w ∈ Act * .For a process s ∈ S we define the set of its initial actions by We shall now define the studied equivalences/preorders which are between simulation and bisimilarity.A complete picture of Glabbeek's linear/branching time hierarchy (spectrum) of behavioral equivalences is available in [vG90a, vG90b].Given (S, Act, −→), a binary relation R ⊆ S × S is a • simulation iff for each (s, t) ∈ R, a ∈ Act, and s ′ such that s • ready simulation iff R is a simulation and moreover for each (s, t) ∈ R it holds that I(s) = I(t), • 2-nested simulation iff R is a simulation and there is some simulation relation R ′ such that R −1 ⊆ R ′ , and • bisimulation iff R is a simulation and moreover R −1 = R.
We write s ⊑ s t if there is a simulation R such that (s, t) ∈ R, s ⊑ cs t if there is a completed simulation R such that (s, t) ∈ R, s ⊑ rs t if there is a ready simulation R such that (s, t) ∈ R, s ⊑ 2s t if there is a 2-nested simulation R such that (s, t) ∈ R, s ∼ t if there is a bisimulation R such that (s, t) ∈ R. The relations are called the corresponding preorders (except for bisimilarity, which is already an equivalence).For a preorder ⊑ ∈ {⊑ s , ⊑ cs , ⊑ rs , ⊑ 2s } we define the corresponding equivalence by s = t iff s ⊑ t and t ⊑ s.We remind the reader of the fact that ∼ ⊆ ⊑ 2s ⊆ ⊑ rs ⊆ ⊑ cs ⊆ ⊑ s and ∼ ⊆ = 2s ⊆ = rs ⊆ = cs ⊆ = s and all inclusions are strict.The hierarchy is depicted in Figure 1.
We shall use a standard game-theoretic characterization of (bi)similarity [Tho93,Sti95].A bisimulation game on a pair of processes (s 1 , t 1 ) is a two-player game between Attacker and Defender.The game is played in rounds on pairs of states from S × S. In each round the players change the current pair of states (s, t) (initially s = s 1 and t = t 1 ) according to the following rule: (1) Attacker chooses either s or t, a ∈ Act and performs a move (2) Defender responds by choosing the opposite process (either t or s) and performs a move t a −→ t ′ or s a −→ s ′ under the same action a.
(3) The pair (s ′ , t ′ ) becomes the (new) current pair of states.A play (of the bisimulation game) is a sequence of pairs of processes formed by the players according to the rules mentioned above.A play is finite iff one of the players gets stuck (cannot make a move); the player who got stuck lost the play and the other player is the winner.If the play is infinite then Defender is the winner.
We use the following standard fact.
Proposition 2.1.It holds that s ∼ t iff Defender has a winning strategy in the bisimulation game starting with the pair (s, t), and s ∼ t iff Attacker has a winning strategy in the corresponding game.
The rules of the bisimulation game can be easily modified in order to capture the other equivalences/preorders.• In the simulation preorder game, Attacker is restricted to attack only from the (left-hand side) process s.In the simulation equivalence game, Attacker can first choose a side (either s or t) but after that he is not allowed to change the side any more.• Completed/ready simulation game has the same rules as the simulation game but Defender is moreover losing in any configuration which breaks the extra condition imposed by the definition (i.e.s and t should have the same set of initial actions in case of ready simulation, and their sets of initial actions should be both empty at the same time in case of completed simulation).• In the 2-nested simulation preorder game, Attacker starts playing from the left-hand side process s and at most once during the play he is allowed to switch sides (the soundness follows from the characterization provided in [AFI01]).In the 2-nested simulation equivalence game, Attacker can initially choose any side but he is still restricted that he can change sides at most once during the play.
We shall now define the model of pushdown automata.Let Act be a finite set of actions, let Γ be a finite set of stack symbols and let Q be a finite set of control states.We assume that the sets Act, Γ and Q are pairwise disjoint.A pushdown automaton (PDA) over the set of actions Act, stack alphabet Γ and control states Q is a finite set ∆ of rules of the form pX a −→ qα where p, q ∈ Q, a ∈ Act, X ∈ Γ and α ∈ Γ * .A PDA ∆ determines a labelled transition system T (∆) = (S, Act, −→) where the states are configurations of the form state×stack (i.e. S = Q × Γ * and configurations like (p, α) are usually written as pα where the top of the stack α is by agreement on the left) and the transition relation is determined by the following prefix rewriting rule.
In what follows we shall often call the configurations pX as (pushdown) processes and omit the reference to the corresponding pushdown automaton and its underlying labelled transition system whenever it is clear from the context.
A pushdown automaton is called single-state if the set of its control states is a singleton set (|Q| = 1).In this case we usually omit the control state from the rules and configurations and we call such automata as BPA for Basic Process Algebra, which is another standard terminology.
A pushdown automaton is called 1CA for one-counter automaton if the stack alphabet consists of two symbols only, Γ = {I, Z}, and every rule is of the form pI a −→ qα or pZ a −→ qαZ, where α ∈ {I} * .This means that every configuration reachable from pZ is of the form pI n Z where I n stands for a sequence of n symbols I and Z corresponds to the bottom of the stack (the value zero).We shall simply denote such a configuration by p(n) and say that it represents the counter value n.
Assume that Act = Act c ∪ Act r ∪ Act i is partitioned into a disjoint union of finite sets of call, return and internal actions, respectively.A visibly pushdown automaton (vPDA) J. SRBA is a PDA which satisfies additional three requirements for any rule pX a −→ qα (where |α| stands for the length of α): • if a ∈ Act r then |α| = 0 (return), and Hence in vPDA the type of the input action determines the change in the height of the stack (call by +1, return by −1, internal by 0).
Remark 2.2.For internal actions we allow to modify also the top of the stack.This model (for vPDA) can be easily seen to be equivalent to the standard one (as introduced in [AM04]) where the top of the stack does not change under internal actions.However, when we consider the subclass vBPA, the possibility of changing the top of the stack under internal actions increases the descriptive power of the formalism.Unlike in [AM04], we do not allow to perform return actions on the empty stack.This mild restriction is essential for our results on regularity checking in Section 4 but the results about equivalence checking in Section 3 are valid even without this restriction.
The vPDA process pX (which is in fact also a vBPA process) generates an infinite state transition system, which is not trace equivalent (and hence also not bisimilar) to any finite state system.Hence the class of visibly pushdown processes and visibly BPA processes strictly contains all finite state processes.
The question we are interested in is: given a vPDA and two of its initial processes pX and qY , can we algorithmically decide whether pX and qY are related with respect to a given preorder/equivalence and if yes, what is the complexity?Similar questions can be asked for vBPA and v1CA.
Remark 2.4.Note that the problem of equivalence checking of two processes belonging to different visibly pushdown automata (under the same partitioning of actions) is also covered by the definition of the problem above.We can always consider only a single vPDA by making a disjoint union of the respective pushdown automata.

Decidability of Preorder/Equivalence Checking
3.1.Visibly Pushdown Automata.We shall now study preorder/equivalence checking problems on visibly pushdown automata.We prove their decidability by reducing the problems to model checking of an ordinary pushdown system against a µ-calculus formula.
Let ∆ be a vPDA over the set of actions Act = Act c ∪ Act r ∪ Act i , stack alphabet Γ and control states Q.We shall construct a PDA ∆ ′ over the actions where For notational convenience, elements (X, a) ∈ Γ × Act will be written simply as X a .
The idea is that for a given pair of vPDA processes we shall construct a single PDA process which simulates the behaviour of both vPDA processes by repeatedly performing a move in one of the processes, immediately followed by a move under the same action in the other process.The actions ℓ and r make it visible, whether the move is performed on the left-hand side or right-hand side.The assumption that the given processes are vPDA ensures that their stacks are kept synchronized.
We shall define a partial mapping [ ., .] : The mapping provides the possibility to merge stacks.
Assume a given pair of vPDA processes pX and qY .Our aim is to effectively construct a new PDA system ∆ ′ such that for every ⊲⊳ ∈ {⊑ s , = s , ⊑ cs , = cs , ⊑ rs , = rs , ⊑ 2s , = 2s , ∼} it is the case that pX ⊲⊳ qY in ∆ if and only if (p, q)(X, Y ) |= φ ⊲⊳ in ∆ ′ for a fixed µ-calculus formula φ ⊲⊳ .We refer the reader to [Koz83] for the introduction to the modal µ-calculus.
The set of PDA rules ∆ ′ is defined as follows.Whenever (pX a −→ qα) ∈ ∆ then the following rules belong to ∆ ′ : From a configuration (p, q)[α, β] the rules of the form 1. and 2. select either the lefthand or right-hand side and perform some transition in the selected process.The next possible transition (by rules 3. and 4.) is only from the opposite side of the configuration than in the previous step.Symbols of the form X a where X ∈ Γ and a ∈ Act are used to make sure that the transitions in these two steps are due to pushdown rules under the same label a.Note that in the rules 3. and 4. it is thus guaranteed that |α| = |β|.Finally, the rules 5. and 6. introduce a number of self-loops in order to make visible the initial actions of the processes.Actions currently available in the left-hand side process are visible as the actions from the set Act, while the actions in the right-hand side process are made visible as the actions from the set Act.
Note that the configuration (p, r)(X b , ǫ) is stuck because there is no b-labelled transition from the state pX.
Lemma 3.2.Let ∆ be a vPDA system over the set of actions Act and pX, qY two of its processes.Let (p, q)(X, Y ) be a process in the system ∆ ′ constructed above.Let Proof.We shall argue only for the case of bisimulation.Proofs for the other cases are similar.The formula φ ∼ requires that for every action ℓ or r there must follow at least one of the actions ℓ or r such that the same property holds again.Note that (due to the construction of ∆ ′ ), if the first action was ℓ then necessarily the second one must be r and vice versa.Finally, φ ∼ is chosen as the greatest fixed point.The reason is that it should satisfy also infinite runs (which have the above mentioned property) as they are winning for Defender.In what follows we describe formally the above mentioned intuition.A reader familiar with recursive formulae of µ-calculus may skip the rest of the proof.
"⇒": We show that pα ∼ qβ implies that (p, q)[α, β] |= νZ.[ℓ, r] ℓ, r Z.We prove that the set is a fixed point of the function corresponding to our formula.This amounts to checking (without loss of generality as the other case is symmetric) that for every (p, q)[α, β] ∈ F and for every ℓ-move (p, q)[α, β] ℓ −→ c for some configuration c of ∆ ′ , there is an r-move c As νZ.[ℓ, r] ℓ, r Z is the greatest fixed point, this will establish our claim.We remind the reader of the fact that there are no ℓ-transitions enabled from the configuration c.
Let (p, q)[α, β] ∈ F and let (p, q)[α, β] Hence α = Xγ and α ′ = α ′′ γ for some γ ∈ Γ * .We aim to show that also where β = Y β ′ .As (p, q)[α, β] satisfies the formula νZ.[ℓ, r] ℓ, r Z (and due to the unfolding law also the formula no r-action is enabled on the left-hand side and there is no ℓ-action available, so this is indeed the only possibility.This, however, means that (p Theorem 3.3.Simulation, completed simulation, ready simulation and 2-nested simulation preorders and equivalences, as well as bisimulation equivalence are decidable on vPDA and all these problems are EXPTIME-complete. Proof.EXPTIME-hardness (for all relations between simulation preorder and bisimulation equivalence) follows from Theorem 6 in [KM02a].There the authors give a reduction from the acceptance problem of alternating linear bounded automaton (LBA) to bisimilarity checking on pushdown automata.For a given alternating LBA they construct two PDA processes that have identical stack contents (and hence also their heights) during any bisimulation game played on them.These processes are bisimilar if and only if the given LBA does not accept the input string.The processes are constructed in such a way that Attacker can nondeterministically push configurations of the LBA, symbol by symbol, onto the stack of the first process.Defender has no other choice than to mimic this behaviour in the second process.If the current control state of the LBA is existential, then it is Attacker who selects the next control state.On the other hand, if the current control state is universal, Defender is selecting the next control state.This part of the construction uses the so-called Defender's Forcing Technique [JS08], an instance of which is also explained in the proof of Lemma 3.7.Attacker wins the game iff a configuration containing an accept control state is ever pushed onto the stacks.
Of course, Attacker can also decide to "cheat" and push symbols that do not in fact represent a valid computation of the LBA.To prevent this, a checking phase is added to the constructed processes.Defender can at any point decide to enter this phase and what will happen is that the players will pop exactly n + 4 symbols (a control state is a part of the configuration) from the stack of both processes, where n is the length of the input.During this phase it is verified whether the three top-most symbols on the stack match (according to the LBA computation step) with the corresponding three symbols in the previous configuration.If not, Defender wins the game, otherwise Attacker is the winner.This means that Defender cannot gain anything by entering the checking phase as long as Attacker follows a valid computation of the LBA, but also that Attacker cannot gain anything by "cheating" as this can be immediately punished by Defender.
Though conceptually elegant, the technical details of the reduction are rather tedious.A full construction can be found in [KM02b] (Theorem 3.3), however, already from the presented proof idea it is easy to see that the pushdown processes in the proof can be constructed as visibly pushdown processes because the heights of their stacks are synchronized.Note also that, even though Theorem 3.3 in [KM02b] is formulated only for bisimulation, Attacker's winning strategy is given by playing only in the left-hand side process and hence the EXPTIME-hardness holds for any relation between simulation preorder and bisimulation equivalence.
For the containment in EXPTIME observe that all our equivalence checking problems were reduced in polynomial time to model checking of a pushdown automaton against a formula of modal µ-calculus with alternation depth 1.The complexity of the model checking problem for a pushdown automaton with m states and k stack symbols and a formula of the size n 1 and of the alternation depth n 2 is O((k2 cmn 1 n 2 ) n 2 )) for some constant c [Wal01].In our case for a given vPDA system with m states and k stack symbols we construct a PDA system with O(m 2 ) states and with O(k 3 • |Act|) stack symbols (used in the transition rules).The size of the µ-calculus formula is O(|Act|) (for some equivalences even O(1)) and the alternation depth is 1.Hence the overall time complexity of checking whether two vPDA processes pX and qY are equivalent is (k 3.2.Visibly Basic Process Algebra.We shall now focus on the complexity of preorder/equivalence checking on vBPA, a strict subclass of vPDA.
Theorem 3.4.Simulation, completed simulation, ready simulation and 2-nested simulation preorders and equivalences, as well as bisimulation equivalence are P-complete on vBPA.
Proof.We can w.l.o.g.assume that the vBPA processes tested for a given equivalence have only three actions.This is due to Theorem 4 in [Srb01] where a polynomial time reduction from bisimulation checking of two BPA processes to bisimulation checking of two BPA processes over a singleton action set is given.In order to make the resulting processes visibly BPA, we modify in a straightforward way the reduction in [Srb01] by using three actions so that we can distinguish between push, pop and internal actions.Now by using the arguments from the proof of Theorem 3.3, the complexity of equivalence checking on vBPA with |Act| = 3 is therefore O(k 3 ) where k is the cardinality of the stack alphabet (of the reduced processes according to [Srb01]) and where m = 1.P-hardness of the equivalence checking problems was proved in [SJ05] even for finite state systems.
In fact, for vBPA we can introduce even tighter complexity upper bounds by reducing it to preorder/equivalence checking on finite state systems.These results are due to the following decomposition property.Lemma 3.5.Let ∆ be a vBPA system.We have Xα ∼ X ′ α ′ in ∆ (where X, X ′ ∈ Γ and α, α ′ ∈ Γ * ) if and only if (i) X ∼ X ′ in ∆, and Proof.The validity of this claim can be easily seen by using the game characterization.
Obviously, in any play of the game starting from Xα and X ′ α ′ , if the players ever reach either the process α or α ′ , then it happens simultaneously in one round of the game and the players continue from the pair α and α ′ .This means that conditions (i) and (ii) imply that Xα ∼ X ′ α ′ .On the other hand, if (i) does not hold then Attacker can win by playing only from X and X ′ , never touching α and α ′ during the game.If (ii) does not hold (i.e., X or X ′ can be removed from the stack and α ∼ α ′ ), then Attacker wins first by playing a sequence w from X or X ′ such that X w −→ ǫ or X ′ w −→ ǫ.If Defender could follow this sequence in the other process then the players reach the pair α and α ′ and Attacker wins because α ∼ α ′ .Theorem 3.6.Simulation, completed simulation, ready simulation and 2-nested simulation preorders and equivalences, as well as bisimulation equivalence on vBPA are reducible to checking the same preorder/equivalence on finite state systems.For any vBPA process ∆ (with the natural requirement that every stack symbol appears at least in one rule from ∆), the reduction is computable in time O(|∆|) and outputs a finite state system with O(|∆|) states and O(|∆|) transitions.
Proof.Let Act = Act c ∪ Act r ∪ Act i be the set of actions and let Γ be the stack alphabet of a given vBPA system ∆ (we shall omit writing the control states as this is a singleton set).
for some X ∈ Γ and a ∈ Act c }.We construct a finite state transition system T = (Γ ∪ {ǫ} ∪ S, Act ∪ {1, 2}, =⇒) with new fresh actions 1 and 2 as follows.For every vBPA rule (X a −→ α) ∈ ∆, we add the transitions: See Figure 2 for an example of the transformation.The intuition is that all transitions in ∆ that do not push any extra symbols on the stack are directly mimicked in T .For the push transitions we know, thanks to Lemma 3.5, that if Attacker has a winning strategy, then it is either by attacking only from the top-most symbols pushed on the stacks, or from the rest of the stacks (if the top-most symbols can be eventually popped).Hence Attacker has the possibility to choose one of these options by playing the actions 1 or 2 and the transition system T remains so finite state.
Figure 2: Transformation of a vBPA into a finite state system Because of the decomposition property proved in Lemma 3.5, for any X, Y ∈ Γ we have that X ∼ Y in ∆ iff X ∼ Y in T .It is easy to check that the fact above holds also for any other preorder/equivalence as stated by the theorem.This means that for preorder/equivalence checking on vBPA we can use the efficient algorithms already developed for finite state systems.For example, for finite state transition systems with k states and t transitions, bisimilarity can be decided in time O(t log k) [PT87].Hence bisimilarity on a vBPA system ∆ is decidable in time O(|∆| • log |∆|).

3.3.
Visibly One-Counter Automata.We will now continue studying preorder/equivalence checking problems on v1CA, a strict subclass of vPDA and an incomparable class with vBPA (w.r.t.bisimilarity).We start by showing PSPACE-hardness of the problems.The proof is by reduction from a PSPACE-complete problem of emptiness of one-way alternating finite automata over a one-letter alphabet [Hol96].
A one-way alternating finite automaton over a one-letter alphabet is a 5-tuple A = (Q ∃ , Q ∀ , q 0 , δ, F ) where Q ∃ and Q ∀ are finite and disjoint sets of existential, resp.universal control states, is the transition function.We assume without loss of generality that |δ(q)| > 0 for all q ∈ Q ∃ ∪ Q ∀ .
A computation tree for an input word of the form I n (where n is a natural number and I is the only letter in the input alphabet) is a tree where every branch has exactly n + 1 nodes labelled by control states from Q ∃ ∪ Q ∀ such that the root is labelled with q 0 and every non-leaf node that is already labelled by some q ∈ Q ∃ ∪ Q ∀ such that δ(q) = {q 1 , . . ., q k } has either • one child labelled by q i for some i, A computation tree is accepting if the labels of all its leaves are final (i.e.belong to F ).
The language of A is defined by L(A) def = {I n | I n has some accepting computation tree }.
The emptiness problem for one-way alternating finite automata over a one-letter alphabet (denoted as Empty) is to decide whether L(A) = ∅ for a given automaton A. The problem Empty is known to be PSPACE-complete due to Holzer [Hol96] and it is proved by a series of reductions (see also a direct proof by Jančar and Sawa [JS07]).
In what follows we shall demonstrate a polynomial time reduction from Empty to equivalence/preorder checking on visibly one-counter automata.We shall moreover show the reduction for any (arbitrary) relation between simulation preorder and bisimulation equivalence.This in particular covers all preorders/equivalences introduced in this article.
Lemma 3.7.All relations between simulation preorder and bisimulation equivalence are PSPACE-hard on v1CA.
Proof.Let A = (Q ∃ , Q ∀ , q 0 , δ, F ) be a given instance of Empty.We shall construct a visibly one-counter automaton ∆ over the set of actions Act Defender has a winning strategy from pZ and p ′ Z in the bisimulation game (i.e.pZ ∼ p ′ Z), and • if L(A) = ∅ then Attacker has a winning strategy from pZ and p ′ Z in the simulation preorder game (i.e.pZ ⊑ s p ′ Z).The intuition is that Attacker generates some counter value n in both of the processes pZ and p ′ Z and then switches into a checking phase by changing the configurations to q 0 (n) and q ′ 0 (n).Now the players decrease the counter and change the control states according to the function δ.Attacker selects the successor in any existential configuration, while Defender makes the choice of the successor in every universal configuration.Attacker wins if the players reach a pair of configurations q(0) and q ′ (0) where q ∈ F .
We shall now define the set of rules ∆.The initial rules allow Attacker (by performing repeatedly the action i) to set the counter into an arbitrary number, i.e., Attacker generates a candidate word from L(A).
Observe that Attacker is at some point forced to perform the action a (an infinite play is winning for Defender) and switch to the checking phase starting from q 0 (n) and q ′ 0 (n).Now for every existential state q ∈ Q ∃ with δ(q) = {q 1 , . . ., q k } and for every i ∈ {1, . . ., k} we add the following rules.
This means that Attacker can decide on the successor q i of q and the players in one round move from the pair q(n) and q ′ (n) into q i (n − 1) and q ′ i (n − 1).Next for every universal state q ∈ Q ∀ with δ(q) = {q 1 , . . ., q k } and for every i ∈ {1, . . ., k} we add the rules Figure 3: Defender's Choice: q ∈ Q ∀ and δ(q) = {q 1 , . . ., q k } These rules are more complex and they correspond to a particular implementation of the so-called Defender's Forcing Technique (for further examples see e.g.[JS08]).We shall explain the idea by using Figure 3. Assume that q ∈ Q ∀ and δ(q) = {q 1 , . . ., q k }.In the first round of the bisimulation game starting from q(n) and q ′ (n) where n > 0, Attacker is forced to take the move q(n) a −→ t(n).On any other move Defender answers by immediately reaching a pair of syntactically equal processes (and thus wins the game).Defender's answer on Attacker's move q(n) a −→ t(n) is to perform q ′ (n) a −→ t q i (n) for some i ∈ {1, . . ., k}.The second round thus starts from the pair t(n) and t q i (n).Should Attacker choose to play the action d r for some state r such that r = q i (on either side), Defender can again reach a syntactic equality and win.Hence Attacker is forced to play the action d q i on which Defender answers by the same action in the opposite process and the players reach the pair q i (n − 1) and q ′ i (n − 1).Note that it was Defender who selected the new control state q i .Finally, for every q ∈ F we add the rule qZ e −→ qZ .
It is easy to see that ∆ is a visibly one-counter automaton and we shall now argue for the correctness of the reduction.
Assume that L(A) = ∅.We shall argue that Defender has a winning strategy in the bisimulation game starting from pZ and p ′ Z.In the first phase Attacker can generate an arbitrary number of the symbols I on the stacks.At some point he has to perform the action a and switch to q 0 (n) and q ′ 0 (n) for some n.The players now remove the symbols I one by one and change the control states according to the function δ.As L(A) = ∅, we know that no computation tree can be accepting.This means that whatever choices Attacker makes in existential states, Defender can still select suitable successors of universal states such that when the players empty the whole counter and arrive to the pair qZ and q ′ Z, Defender guarantees that q ∈ F .Therefore qZ and q ′ Z are stuck and thus Defender has a winning strategy in the bisimulation game.
On the other hand, if L(A) = ∅, we will demonstrate Attacker's winning strategy in the simulation preorder game starting from pZ and p ′ Z. Attacker first forces (by repeatedly performing the action i followed by one action a) to reach a pair of states q 0 (n) and q ′ 0 (n) such that I n ∈ L(A).In the checking phase, there is an accepting computation tree for the word I n and hence Attacker can make existential choices such that whatever universal choices Defender makes, the players arrive to the situation qZ and q ′ Z for some q ∈ F .Now Attacker wins by playing qZ e −→ qZ to which Defender has no answer.Notice that during the whole game (and particularly during the part where Defender chooses a successor of a universal state) Attacker can make his moves only on the left-hand side.Therefore pZ ⊑ s p ′ Z as required.
Remark 3.8.The reduction above works also for a strict subclass of one-counter automata called one-counter nets (where it is not allowed to test for zero, see e.g.[JKMS04]).It is enough to replace the final rule qZ e −→ qZ with two new rules q e −→ q and q ′ I e −→ q ′ I for every q ∈ F .Moreover, a slight modification of the system allows to show PSPACEhardness of simulation preorder checking between one-counter automata and finite state systems and vice versa.Hence the previously known DP lower bounds [JKMS04] for all relations between simulation preorder and bisimulation equivalence on one-counter nets (and one-counter automata) as well as of simulation preorder/equivalence between onecounter automata and finite state systems, and between finite state systems and one-counter automata are raised to PSPACE-hardness.
We are now ready to state the precise complexity of (bi)simulation-like preorders/equivalences on visibly one-counter automata.
Theorem 3.9.Simulation, completed simulation, ready simulation and 2-nested simulation preorders and equivalences, as well as bisimulation equivalence are PSPACE-complete on v1CA.
Proof.PSPACE-hardness follows from Lemma 3.7.Containment in PSPACE is due to Lemma 3.2 and due to [Ser06] where it was very recently showed that model checking modal µ-calculus on one-counter automata is decidable in PSPACE.The only slight complication is that the system used in Lemma 3.2 is not necessarily a one-counter automaton.All stack symbols are of the form (I, I) or (Z, Z) which is fine, except for the very top of the stack where more different stack symbols are used.Nevertheless, by standard techniques, the top of the stack can be remembered in the control states in order to apply the result from [Ser06].

Decidability of Regularity Checking
In this section we ask the question whether a given vPDA process is equivalent to some finite state system.Should this be the case, we call the process regular (w.r.t. the considered equivalence).Definition 4.1.A vPDA process pX is regular w.r.t. a given equivalence ≡ iff there is a finite state process F such that pX ≡ F .
We shall now show that unbounded popping property is decidable in polynomial time and we also take a closer look at the exact complexity of regularity checking problems on vPDA, vBPA and v1CA.The results are presented in the following three lemmas.
Lemma 4.6.Regularity checking of vPDA w.r.t.any equivalence between trace equivalence and bisimilarity is decidable in deterministic polynomial time.
Proof.We can check, for every q ∈ Q and Y ∈ Γ, whether the regular set post * (qY ) ∩ pre * ({rǫ | r ∈ Q}) is infinite.A nondeterministic finite automaton recognizing this language can be constructed in polynomial time because pre * and post * preserve regularity and are polynomial time computable (see e.g.[BEM97, EHRS00]), and the check whether the resulting automaton has an infinite language amounts to searching (in polynomial time) for a reachable cycle from which there is a path to some accept state.Observe now that if the above mentioned regular language is infinite, then qY has infinitely many different successors with higher and higher stacks such that all of them can be completely emptied.To see whether a given vPDA process pX provides unbounded popping (and hence it is nonregular due to Theorem 4.5), it is now enough to test whether pX ∈ pre * (qY Γ * ) for some qY satisfying the condition above.The test can be again done in polynomial time [BEM97,EHRS00].
Lemma 4.7.Regularity checking of vBPA w.r.t.any equivalence between trace equivalence and bisimilarity is P-hard.
Proof.In order to argue that regularity for vBPA is P-hard we first consider the following problem.Let ∆ be a BPA system over the set of actions Act and a stack alphabet Γ.Let X ∈ Γ.The language of X recognized by the empty stack is defined as L(X) = {w ∈ Act * | X w −→ ǫ}.It is known that the problem whether L(X) = ∅ (which we shall call BPA-EMPTY) is P-hard, even under the assumption that there are only finitely many configurations reachable from the process X, and that every rule Y a −→ α in ∆ satisfies that |α| ≤ 2. P-hardness of BPA-EMPTY follows from a simple logarithmic space reduction from the Monotone Circuit Value problem (see [GHR95,p. 177] for details).We shall reduce BPA-EMPTY to regularity checking on vBPA.Let ∆ together with a stack symbol X ∈ Γ, which has finitely many reachable states, be a given instance of BPA-EMPTY.We construct (in logarithmic space) a vBPA system ∆ ′ over the partitioned action alphabet Act c = {c}, Act r = {r}, Act i = {i, e} and the stack alphabet Γ ′ = Γ ∪ {X ′ , B, C, D}, where X ′ , B, C and D are fresh stack symbols, such that • if L(X) = ∅ in ∆ then X ′ is a regular process in ∆ ′ w.r.t.bisimilarity, and • if L(X) = ∅ in ∆ then X ′ is not a regular process in ∆ ′ w.r.t.trace equivalence.We build ∆ ′ from ∆ as follows: • for every (Y then it is easy to see that X ′ is regular if and only if L(X) = ∅.Obviously, ∆ ′ is still visibly BPA.Hence regularity checking on vBPA is P-hard for any equivalence between trace equivalence and bisimilarity.
J. SRBA Lemma 4.8.Regularity checking of v1CA w.r.t.any equivalence between trace equivalence and bisimilarity is NL-complete.
Proof.NL-hardness follows immediately from the fact that the regularity checking problem naturally contains the reachability problem on finite state systems (by a similar construction as in Lemma 4.7).The containment in nondeterministic logarithmic space is by the observation that a given visibly one-counter process q 0 (0) in ∆, where ∆ has n control states, provides unbounded popping if and only if there exist two control states p and p ′ such that (1) q 0 (0) ) for some w 1 and n 1 such that n 1 ≥ n and h(w ′ ) ≤ n 2 + 2n for every prefix w ′ of w 1 , (2) p(n) Note that due to the restrictions on the lengths of the action sequences in points 2., 3. and 4., no transition is performed from any configuration where the counter value is zero.Hence the same computations are possible also for any higher initial counter value.
The idea is that the process q 0 (0) provides unbounded popping iff there is a possibility to arbitrarily increase the counter value (by means of the cycle from the control state p in condition 2.) and then reach a control state p ′ (condition 3.) in which the counter value can be arbitrarily decreased (condition 4.).Initially, condition 1. guarantees that the state p can be reached with a sufficiently large counter value.The extra requirement h(w ′ ) ≤ n 2 + 2n for any prefix w ′ of w 1 in condition 1. is harmless because if the state p(n 1 ) is reachable then it is not necessary that the counter value during the computation grows to more than n 2 + 2n.To show that, we first observe that we can require that the counter value n 1 satisfies n ≤ n 1 ≤ 2n.For the sake of contradiction, let the control state p be reachable from the initial configuration such that the minimal counter value n 1 is greater than 2n.We will show that we can then reach p with a counter value strictly smaller (while still at least n).Let us consider the suffix of this computation where all configurations have the counter values greater or equal to n.Now, in the region of configurations with the counter values between n and 2n, there are necessarily two configurations r(n ′ ) and r(n ′′ ) for some control state r such that n ≤ n ′ < n ′′ ≤ 2n and r(n ′ ) precedes r(n ′′ ).By removing the part of the computation between r(n ′ ) and r(n ′′ ) we achieve a computation that reaches the control state p with a strictly smaller counter value.
We can hence assume that p(n 1 ) is reachable such that n ≤ n 1 ≤ 2n.Should the counter grow to more than n 2 + 2n during this computation then there would necessarily appear two configurations with the same counter value (greater than 2n) and the same control state and hence we could find a shorter sequence of actions to reach p(n 1 ).
We shall now argue that the extra restrictions in conditions 2., 3. and 4. are harmless too.In condition 2., for the sake of contradiction, assume that from the control state p we can reach p with a higher counter value (and never test for zero during the computation) such that the shortest sequence of actions to achieve this is strictly longer than n.On such a sequence, there are necessarily two configurations r(n ′ ) and r(n ′′ ) with the same control state r such that r(n ′ ) precedes r(n ′′ ).If n ′ ≥ n ′′ than we can simply remove the part of the computation between these two configurations and reach the control state p with a possibly even higher counter value than before.If n ′ < n ′′ then we could have initially selected the control state r instead of p, because there is a loop on the control state r which increases the counter value.Similarly, we can show that the restrictions in points 3. and 4. are harmless too.
Finally, we note that the control states p and p ′ above can be nondeterministically guessed and the conditions 1.-4.verified in nondeterministic logarithmic space.Hence the regularity checking problem for visibly one-counter automata is in NL.
We finish by a theorem summarizing the complexity results proved in Lemma 4.6, Lemma 4.7 and Lemma 4.8.
Theorem 4.9.The regularity checking problem w.r.t.any equivalence between trace equivalence and bisimilarity (in particular also w.r.t.any equivalence considered in this article) is P-complete for vPDA and vBPA and NL-complete for v1CA.

Conclusion
In the following table we provide a comparison of bisimulation, simulation and regularity (w.r.t.bisimilarity) checking on PDA, 1CA, BPA and their subclasses vPDA, v1CA, vBPA.Results achieved in this article are in bold.

Example 2. 3 .
Consider the vPDA rules pX a −→ pXY , pX b −→ pǫ, pY c −→ pǫ where a ∈ Act c and b, c ∈ Act r .The transition system generated by the root pX looks as follows.
Example 3.1.Consider the vPDA rules: pX a −→ qXY , rY a −→ sY Y , rY b −→ r where a ∈ Act c and b ∈ Act r .The transition system generated (in ∆ ′ ) by the root (p, r)(X, Y ) looks as follows.

a−
→ α) ∈ ∆ where |α| = 2 we add to ∆ ′ the rule Y c −→ α, • for every (Y a −→ α) ∈ ∆ where |α| = 0 we add to ∆ ′ the rule Y r −→ α, and • for every (Y a −→ α) ∈ ∆ where |α| = 1 we add to ∆ ′ the rule Y i −→ α.This does not change the answer to the emptiness problem and the system ∆ ′ becomes visibly BPA.If we now add the following rules to ∆ ′