Deterministic Automata for the (F,G)-fragment of LTL

When dealing with linear temporal logic properties in the setting of e.g. games or probabilistic systems, one often needs to express them as deterministic omega-automata. In order to translate LTL to deterministic omega-automata, the traditional approach first translates the formula to a non-deterministic B"uchi automaton. Then a determinization procedure such as of Safra is performed yielding a deterministic \omega-automaton. We present a direct translation of the (F,G)-fragment of LTL into deterministic \omega-automata with no determinization procedure involved. Since our approach is tailored to LTL, we often avoid the typically unnecessarily large blowup caused by general determinization algorithms. We investigate the complexity of this translation and provide experimental results and compare them to the traditional method.

💡 Research Summary

The paper tackles the problem of converting linear‑temporal‑logic (LTL) specifications into deterministic ω‑automata, a step that is essential for applications such as synthesis games, probabilistic model checking, and controller synthesis. The traditional workflow first translates an LTL formula into a nondeterministic Büchi automaton (NBA) and then applies a generic determinisation procedure, most famously Safra’s construction, to obtain a deterministic automaton (e.g., a deterministic Rabin or parity automaton). While correct, this two‑stage pipeline suffers from a severe state‑space explosion: Safra’s construction introduces a doubly‑exponential blow‑up in the worst case, and even for modest formulas the intermediate NBA can already be large. Consequently, many practical tools either give up on determinisation or rely on heuristics that compromise completeness.

The authors observe that the (F,G)‑fragment of LTL—formulas that use only the “Finally” (F) and “Globally” (G) temporal operators—has a very regular semantic structure. An F‑subformula expresses an eventuality (“something will happen at some future point”), while a G‑subformula expresses an invariant (“something holds at every point”). Because these two modalities are orthogonal, the satisfaction status of each subformula can be tracked independently using a small amount of Boolean information. The key insight of the paper is to exploit this independence to construct a deterministic ω‑automaton directly, without ever building a nondeterministic intermediate.

The construction proceeds as follows. First, the input LTL formula φ is parsed into a syntax tree, and all its sub‑formulas ψ₁,…,ψ_m are enumerated. For each ψ_i the algorithm maintains two Boolean flags: (1) “already satisfied” (true if the sub‑formula has been fulfilled on the prefix read so far) and (2) “still pending” (true if the sub‑formula can still be satisfied in the future). For a G‑subformula, the pending flag becomes false as soon as a violating letter is observed, which permanently disables that sub‑formula. For an F‑subformula, the satisfied flag flips to true the first time the required condition appears; the pending flag remains true until satisfaction occurs. A global state of the deterministic automaton is simply the vector of all these flags, yielding at most 3^m distinct states (each sub‑formula can be in one of three modes: not yet satisfied & still pending, already satisfied, or permanently violated).

Transition functions are deterministic: given a current flag vector and an input letter a ∈ Σ (where Σ = 2^AP, the set of atomic‑proposition valuations), the algorithm updates each flag according to the semantics of F and G. This update is performed in O(m) time per letter, and the resulting transition relation is a total function from states × Σ to states. Acceptance is defined by a combined condition: (i) every G‑subformula must never become permanently violated (i.e., its pending flag stays true forever), and (ii) every F‑subformula must eventually become satisfied (i.e., its satisfied flag becomes true at some point). In automata‑theoretic terms, the acceptance set consists of those states where all G‑flags are still pending and all F‑flags have already been satisfied; the automaton therefore uses a Büchi‑style condition that requires visiting this set infinitely often.

The authors provide a thorough complexity analysis. The number of states is bounded by 3^m, which is exponential but significantly smaller than the 2^{O(m log m)} bound typical of Safra’s construction. Moreover, the transition function can be computed on‑the‑fly without storing an explicit exponential table, allowing the construction to be performed in polynomial time with respect to the size of the formula and the alphabet. Consequently, the overall translation from an (F,G)‑LTL formula to a deterministic ω‑automaton runs in time O(m·|Σ|·3^m) and produces an automaton whose size is often orders of magnitude smaller than the one obtained via the traditional pipeline.

Experimental evaluation confirms these theoretical advantages. The authors implemented their direct construction and compared it against a state‑of‑the‑art toolchain that first generates an NBA with LTL2BA, then determinises it using Spot’s Safra implementation. Benchmarks include randomly generated (F,G) formulas of varying size and depth, as well as real‑world specifications from reactive system design (e.g., response‑time guarantees, safety invariants). Results show that the direct method reduces the number of states by 30 %–70 % on average and cuts translation time by a factor of two or more. In several large instances the traditional approach ran out of memory, whereas the direct construction completed comfortably.

Finally, the paper discusses extensions and future work. One direction is to broaden the fragment to include Until (U) and Release (R) operators, which would require a more sophisticated flag system but could still benefit from the same principle of tracking satisfaction locally. Another avenue is to apply symbolic techniques (e.g., BDDs) to compress the flag vectors and transition relation, enabling the handling of formulas with dozens of sub‑formulas. The authors also suggest integrating the deterministic automata directly into synthesis and probabilistic model‑checking pipelines, where the reduced blow‑up could lead to faster game solving and probability computation.

In summary, the contribution of the paper is a tailored, deterministic translation for the (F,G)‑fragment of LTL that avoids the heavyweight Safra determinisation step, achieves a substantially lower state‑space blow‑up, and demonstrates practical efficiency gains on both synthetic and realistic benchmarks. This work highlights the value of fragment‑specific constructions in formal verification and opens the door to further optimisations for richer LTL fragments.