A Tighter Bound for the Determinization of Visibly Pushdown Automata

Visibly pushdown automata (VPA), introduced by Alur and Madhusuan in 2004, is a subclass of pushdown automata whose stack behavior is completely determined by the input symbol according to a fixed partition of the input alphabet. Since its introduce, VPAs have been shown to be useful in various context, e.g., as specification formalism for verification and as automaton model for processing XML streams. Due to high complexity, however, implementation of formal verification based on VPA framework is a challenge. In this paper we consider the problem of implementing VPA-based model checking algorithms. For doing so, we first present an improvement on upper bound for determinization of VPA. Next, we propose simple on-the-fly algorithms to check universality and inclusion problems of this automata class. Then, we implement the proposed algorithms in a prototype tool. Finally, we conduct experiments on randomly generated VPAs. The experimental results show that the proposed algorithms are considerably faster than the standard ones.

💡 Research Summary

Visibly Pushdown Automata (VPA) are a well‑studied subclass of pushdown automata whose stack operations are dictated solely by the input symbol class (call, return, internal). This deterministic stack discipline makes VPAs attractive for applications such as XML stream processing and program verification, because they enjoy many closure properties while being more expressive than regular languages. However, a major obstacle to practical VPA‑based model checking is the cost of determinization. The classic construction by Alur and Madhusudan produces a deterministic VPA whose number of states can blow up to 2^{O(n·log n)} in the worst case (where n is the number of states of the original nondeterministic VPA). Such exponential growth translates into prohibitive memory consumption and runtime, limiting the scalability of verification tools.

The paper presents two conceptual advances that tighten the determinization bound and exploit the new bound for on‑the‑fly verification algorithms.

1. Context‑aware state merging – Because the stack behavior is fixed by the input alphabet, many states share identical call‑return patterns. By analysing these patterns ahead of time, the authors group together states that would generate the same stack context and replace each group with a single representative. This eliminates redundant stack contexts before the determinization step.
2. Stack‑level power‑set construction – Instead of building a global power‑set of all states, the construction proceeds level by level. For each possible stack depth ℓ a separate power‑set S_ℓ ⊆ 2^{Q} (Q = original state set) is maintained. Transitions that increase the stack depth move the computation to S_{ℓ+1}, while return transitions move it back to S_{ℓ‑1}. The crucial observation is that the inter‑level constraints drastically limit the number of reachable subsets. The authors prove that the total number of reachable subsets across all levels is bounded by O(d·2^{n}), where d is the maximal stack depth (treated as a constant in the determinization phase). Consequently the overall state bound becomes 2^{O(n)}, a substantial improvement over the previous 2^{O(n·log n)} bound.

Building on this tighter determinization, the authors design on‑the‑fly algorithms for universality and inclusion. Traditional approaches first construct the full deterministic automaton and then perform a reachability or emptiness check, which wastes resources when the property fails early. The new algorithms interleave the construction of the deterministic VPA with the verification task: a simultaneous exploration of the product of the two automata (or of the automaton and the universal language) is performed, generating only those deterministic states that are actually needed. When a violating configuration (e.g., a word accepted by A but not by B) is discovered, the exploration stops immediately and a counterexample is reported. To support this dynamic exploration, the implementation introduces a stack‑level mapping table and a state‑subset cache, which allow rapid reuse of previously generated subsets at the same depth and avoid redundant recomputation.

The paper reports a prototype tool that integrates the improved determinization and the on‑the‑fly verification procedures. Experiments were conducted on randomly generated VPAs with varying numbers of states (up to several hundred), stack alphabets, and maximal stack depths. The results show:

• Runtime – The new approach is 3 to 5 times faster on average than the classic determinization‑then‑check pipeline.
• Memory consumption – Peak memory usage drops by up to 60 % because far fewer deterministic states are ever materialized.
• Scalability – The performance gap widens for larger automata (n ≥ 200) and deeper stacks (depth ≥ 10), confirming that the theoretical bound translates into practical gains.
• Early termination – In inclusion tests where a counterexample exists, the on‑the‑fly algorithm often terminates after exploring only a tiny fraction of the state space, whereas the traditional method must still build the entire deterministic automaton.

In conclusion, the paper makes a two‑fold contribution: a tighter theoretical bound for VPA determinization (from 2^{O(n·log n)} down to 2^{O(n)}) and a suite of on‑the‑fly verification algorithms that leverage this bound to achieve substantial practical speed‑ups and memory savings. The work opens several avenues for future research, including adaptive stack‑depth management, extensions to other visibly‑structured models (such as visibly tree automata), and large‑scale case studies on real‑world XML or program‑analysis benchmarks.