1. Introduction
Bisimulation equivalence plays a central role among the many notions of semantic equivalence studied in verification and concurrency theory [11]. Indeed, two bisimilar processes always satisfy exactly the same specifications written in modal logics [2] or in the modal calculus [14], allowing one to replace for instance a naive implementation with a highly optimised one without breaking the conformance. As a toy example, the two recursive Erlang functions below implement the same stateful message relaying service, that either receives {upd, M1} and updates its internal message from M to M1, or receives {rel,C} and sends the message M to the client C.
The two programs are weakly bisimilar if we only observe the input (receive) and output (C!M) actions, but the one on the left is not tailrecursive and might perform poorly compared to the one on the right.
In a landmark 1998 paper, Sénizergues [32, 34] proved the decidability of bisimulation equivalence for rooted equational graphs of finite outdegree. The proof extends his previous seminal result [31, 33], which is the decidability of language equivalence for deterministic pushdown automata (DPDA), and entails that weak bisimilarity of pushdown processes where silent actions are deterministic is decidable; a silent action (also called an step) is deterministic if it has no alternative when enabled. Because the control flow of a firstorder recursive program is readily modelled by a pushdown process, one can view this result as showing that the equivalence of recursive programs (like the two Erlang functions above) is decidable as far as their observable behaviours are concerned, provided silent moves are deterministic. Regarding decidability, Sénizergues’ result is optimal in the sense that bisimilarity becomes undecidable if we consider either nondeterministic (popping) steps [21], or secondorder pushdown processes with no steps [4]. Note that the decidability border was also refined in [39] by considering branching bisimilarity, a stronger version of weak bisimilarity.
Computational Complexity
While this delineates the decidability border for equivalences of pushdown processes, the computational complexity of the bisimilarity problem is open. Sénizergues’ algorithm consists in two semidecision procedures, with no clear means of bounding its complexity, and subsequent works like [17] have so far not proven easier to analyse. We know however that this complexity must be considerable, as the problem is TOWERhard in the realtime case (i.e., without silent actions, hence for strong bisimilarity) [1] and ACKERMANNhard in the general case (with deterministic silent actions) [18]—we are employing here the ‘fastgrowing’ complexity classes defined in [29], where is the lowest non elementary class and the lowest non primitiverecursive one.
In fact, the precise complexity of deciding equivalences for pushdown automata and their restrictions is often not known—as is commonplace with infinitestate processes [35]. For instance, language equivalence of deterministic pushdown automata is ¶hard and was shown to be in TOWER by Stirling [37] (see [18] for an explicit upper bound), and bisimilarity of BPAs (i.e., realtime pushdown processes with a single state) is EXPTIMEhard [22] and in 2EXPTIME [5] (see [16] for an explicit proof). There are also a few known completeness results in restricted cases: bisimilarity of normed BPAs is ¶complete [13] (see [10] for the best known upper bound), bisimilarity of realtime onecounter processes (i.e., of pushdown processes with a singleton stack alphabet) is complete [3], and bisimilarity of visibly pushdown processes is EXPTIMEcomplete [36].
Contributions
In this paper, we prove that the bisimilarity problem for pushdown processes is in , even the weak bisimilarity problem when silent actions are deterministic. Combined with the already mentioned lower bound from [18], this shows the problem to be ACKERMANNcomplete. This is the first instance of a complexity completeness result in the line of research originating from Sénizergues’ work [31, 32, 33, 34]; see Tab. 1.
Problem  Lower bound  Upper bound 

DPDA lang. equ.  ¶  TOWER [37, 18] 
strong bisim.  TOWER [1]  ACKERMANN [this paper] 
weak bisim.^{a}  ACKERMANN [18]  ACKERMANN [this paper] 

silent actions must be deterministic
Rather than working with rooted equational graphs of finite outdegree or with pushdown processes with deterministic silent actions, our proof is cast in the formalism of firstorder grammars (see Sec. 2), which are term rewriting systems with a head rewriting semantics, and are known to generate the same class of graphs [7].
Our proof heavily relies on the main novelty from [17]: the bisimilarity of two arbitrary terms according to a firstorder grammar essentially hinges on a finite basis of pairs of nonequivalent terms, which can be constructed from the grammar independently of the terms provided as input. The basis provides a number that allows us to compute a bound on the ‘equivalencelevel’ of two nonequivalent terms; this is the substance of the decision procedure (see Sec. 3). Both in [17] and in its reworked version in [20], such a basis is obtained through a brute force argument, which yields no complexity statement. In Sec. 4 we exhibit a concrete algorithm computing the basis, and we analyse its complexity in the framework of [28, 29, 30] in Sec. 5, yielding the ACKERMANN upper bound.
Finally, although our results do not match the TOWER lower bound of Benedikt et al. [1] in the case of realtime pushdown processes, we nevertheless show in Sec. 6 that bisimilarity becomes primitiverecursive in that case if additionally the number of control states of the pushdown processes is fixed.
2. FirstOrder Grammars
Firstorder grammars are labelled term rewriting systems with a head rewriting semantics. They are a natural model of firstorder functional programs with a callbyname semantics, and were shown to generate the class of rooted equational graphs of finite outdegree by Caucal [6, 7], where they are called term contextfree grammars. Here we shall use the terminology and notations from [20].
2.1. Regular Terms
Let be a finite ranked alphabet, i.e., where each symbol in comes with an arity in , and a countable set of variables, all with arity zero. We work with possibly infinite regular terms over and Var, i.e., terms with finitely many distinct subterms. Let denote the set of all regular terms over and Var. We further use for nonterminals, and for terms, possibly primed and/or with subscripts.
Representations
Such terms can be represented by finite directed graphs as shown in Fig. 1, where each node has a label in and a number of ordered outgoing arcs equal to its arity. The unfolding of the graph representation is the desired term, and there is a bijection between the nodes of the least graph representation of a term and the set of subterms of .
Size and Height
We define the size of a term as its number of distinct subterms. For instance, , , and in Fig. 1. For two terms and , we also denote by the number of distinct subterms of and ; note that can be smaller than , as they might share some subterms. For instance, in Fig. 1. We let denote the number of distinct subterms of with root labels in ; e.g., in Fig. 1. A term is thus finite if and only if its graph representation is acyclic, in which case it has a height , which is the maximal length of a path from the root to a leaf; for instance in Fig. 1. Finally, we let denote the set of variables occurring in , and let ; e.g., in Fig. 1.
2.2. Substitutions
A substitution is a map whose support is finite. This map is lifted to act over terms by
for all in Var, in , and in . For instance, in Fig. 1, if and .
2.3. Grammars
A firstorder grammar is a tuple where is a finite ranked alphabet of nonterminals, a finite alphabet of actions, and a finite set of labelled term rewriting rules of the form where , , and is a finite term in with .
Head Rewriting Semantics
A firstorder grammar defines an infinite labelled transition system
over as set of states, as set of actions, and with a transition relation for each , where each rule of induces a transition
for every substitution . This means that rewriting steps can only occur at the root of a term, rather than inside a context. For instance, the rules and give rise on the terms of Fig. 1 to the transitions and . The transition relations are extended to for words in the standard way.
Note that variables are ‘dead’, in that no transitions can be fired from a variable. In fact, in Sec. 3.1 we discuss that for technical reasons we could formally assume that each variable has its unique action and a transition .
Grammatical Constants
Let us fix a firstorder grammar . We define its size as
(1)  
Let rhs be the set of terms appearing on the righthand sides of (which are finite terms by definition). We let  
(2)  
hinc  (3)  
sinc  (4) 
bound respectively the maximal arity of its nonterminals, its maximal height increase in one transition step, and its maximal size increase in one transition step.
If in for some in and in , then we call an sink word. Observe that , hence with in and , where either and or ‘sinks’ to when applying . Thus, for each and we can compute some shortest sink word by dynamic programming; in the cases where no sink word exist, we can formally put . In turn, this entails that the maximal length of shortest sink words satisfies
(5) 
here and in later instances, we let .
Finally, the following grammatical constant from [20] is important for us:
(6) 
note that is at most doubly exponential in the size of . This was chosen in [20] so that each can be written as where and , and it is guaranteed that each path where can be presented as where . Put simply: bounds the number of depth subterms for each term .
3. Bisimulation Equivalence
Bisimulation equivalence has been introduced independently in the study of modal logics [2] and in that of concurrent processes [25, 26]. We recall here the basic notions surrounding bisimilarity before we introduce the key notion of candidate bases as defined in [20].
3.1. Equivalence Levels
Consider a labelled transition system
like the one defined by a firstorder grammar, with set of states , set of actions , and a transition relation for each in . We work in this paper with imagefinite labelled transition systems, where is finite for every in and in . In this setting, the coarsest (strong) bisimulation can be defined through a chain
of equivalence relations over : let and for each in , let if and

[]
 (zig):

if for some , then there exists such that and , and
 (zag):

if for some , then there exists such that and .
We put ; hence .
For each pair of states in , we may then define its equivalence level in as
(7) 
Here we should add that—to be consistent with [20]—we stipulate that when ; in particular when . This would automatically hold if we equipped each with a special transition in , as we already mentioned. This stipulation guarantees that .
Two states are (strongly) bisimilar if , which is if and only if . We will later show an algorithm computing the equivalence level of two given terms in the labelled transition system defined by a given firstorder grammar. The main decision problem in which we are interested is the following.
Problem (Bisimulation).

[]
 input:

A firstorder grammar and two terms in .
 question:

Is in the labelled transition system ?
3.2. Bisimulation Game
Observe that the following variant of the bisimulation problem is decidable.
Problem (Bounded Equivalence Level).

[]
 input:

A firstorder grammar , two terms in , and in .
 question:

Is in the labelled transition system ?
Indeed, as is wellknown, the zigzag condition can be recast as a bisimulation game between two players called Spoiler and Duplicator. A position of the game is a pair . Spoiler wants to prove that the two states are not bisimilar, while Duplicator wants to prove that they are bisimilar. The game proceeds in rounds; in each round,

Spoiler chooses and a transition (if no such transition exists, Spoiler loses), then

Duplicator chooses a transition with the same label (if no such transition exists, Duplicator loses);
the game then proceeds to the next round from position . Then if and only if Spoiler has a strategy to win in the th round at the latest when starting the game from . Note that this game is determined and memoryless strategies suffice.
Thus, the bounded equivalence level problem can be solved by an alternating Turing machine that first writes the representation of
and on its tape, and then plays at most rounds of the bisimulation game, where each round requires at most a polynomial number of computational steps in the size of the grammar (assuming a somewhat reasonable tape encoding of the terms).Fact 1.
The bounded equivalence level problem is in .
3.3. Candidate Bases
Consider some fixed firstorder grammar . Given three numbers , , and in —which will depend on —, an candidate basis for nonequivalence is a set of pairs of terms associated with two sequences of numbers and such that

,

for each there is such that and ,

, and the remaining numbers are defined inductively by
(8)  
(9) 
Note that the numbers and are entirely determined by and , , and . An candidate basis yields a bound defined by
(10) 
Full Bases
For , let
(11) 
An candidate basis is full below some equivalence level if, for all and all such that we have . We say that is full if it is full below . In other words and because , is full if and only if, for all , .
Proposition 2 ([20, Prop. 9]).
For any , there is a unique full candidate basis, denoted by .
Proof.
The full candidate basis is constructed by induction over . Let and consider the finite set ; has a maximal equivalence level . If , we define . Otherwise, we let as in (9); by induction hypothesis there is a unique full candidate basis and we set . ∎
The main result from [20] can now be stated.
Theorem 3 ([20, Thm. 7]).
Let be a firstorder grammar. Then one can compute a grammatical constant exponential in and grammatical constants , , and doubly exponential in such that, for all terms in with ,
Theorem 3 therefore shows that the bisimulation problem can be reduced to the bounded equivalence level problem, provided one can compute the full candidate basis for suitable , , and —see Tab. 2 in the appendix for details on how the grammatical constants , , , and are defined in [20]. Our goal in Sec. 4 will thus be to exhibit a concrete algorithm computing the full candidate basis , in order to derive an upper bound on .
The proof of [20, Thm. 7] relies on the following insight, which we will also need in order to prove the correctness of our algorithm.
4. Computing Candidate Bases
Theorem 3 shows that, in order to solve the bisimulation problem, it suffices to compute and and then solve the bounded equivalence problem, for which Fact 1 provides a complexity upper bound. In this section, we show how to compute for an input firstorder grammar . Note that this grammatical constant was shown computable in [17, 20] through a bruteforce argument, but here we want a concrete algorithm, whose complexity will be analysed in Sec. 5. We proceed in two steps, by first considering a non effective version in Sec. 4.1, whose correctness is straightforward, and then the actual algorithm in Sec. 4.2.
4.1. Non Effective Version
Throughout this section, we consider as a fixed parameter. We first assume that we have an oracle at our disposal, that returns the equivalence level in ; the parameters will be used in the effective version in Sec. 4.2. The following procedure then constructs full candidate basis and its associated bound , by progressively adding pairs from the sets until the candidate basis is full. In order not to clutter the presentation too much, we assume implicitly that the equivalence level of each pair added to on line 14 is implicitly stored, thus it does not need to be recomputed on line 19.
Invariant
The procedure maintains as an invariant of its main loop on lines 11–21 that is an candidate basis associated with the numbers and , and that is its associated bound. This holds indeed after the initialisation phase on lines 2–8, and is then enforced in the main loop by the update instructions on lines 15–21.
Correctness
Let us check that, if it terminates, this non effective version does indeed return the bound associated with the unique full candidate basis . By the previous invariant, it suffices to show that is full when the procedure terminates. Consider for this some index and a pair with for some . By definition of the sets on lines 9–10 and their updates on lines 13 and 20 in the main loop, the pair must have been added to some for . Then the pair must have been selected by the condition of the main loop on line 11, and added to .
Termination
Although we are still considering a non effective version of the algorithm, the proof that it always terminates is the same as the one for the effective version in Sec. 4.2. We exhibit a ranking function on the main loop, thereby showing that it must stop eventually. More precisely, each time we enter the main loop on line 11, we associate to the current state of the procedure the ordinal rank below defined by^{1}^{1}1 Note that this is equivalent to defining the rank as the tuple in , ordered lexicographically, but ordinal notations are more convenient for our analysis in Sec. 5.
(12) 
This defines a descending sequence of ordinals
(13) 
of ordinals, where is the rank after iterations of the main loop. Indeed, each time we enter the loop, the cardinal of the set under consideration strictly decreases on line 13, and is not modified by the updates on line 20, which only touch the sets for . Hence terminates.
4.2. Effective Version
In order to render effective, we provide an implementation of EqLevel that does not require an oracle for the bisimulation problem, but relies instead on Lem. 4 and the bounded equivalence level problem, which as we saw in Sec. 3.2 is decidable.
We establish the correctness of this effective variant in the following theorem, which uses the same reasoning as the proof of [20, Thm. 7].
Theorem 5.
The effective version of procedure terminates and, provided , , , and are defined as in Thm. 3, returns the bound .
Proof.
Termination is guaranteed by the ranking function defined by (12). Regarding correctness, assume the provided , , , and are defined as in Thm. 3, and let us define a (reflexive and symmetric) relation on by if and only if . Clearly, for all in . We say that an candidate basis is complete if, for all , . We call complete if it is complete. By the reasoning we used for showing the correctness of the non effective version, when the effective version of terminates, is complete.
It remains to show that is complete if and only if it is full. First observe that, if is full, then it is complete: indeed, being full entails that, for all in , is in , hence .
Conversely, assume that is complete, and let us show that it is full; it suffices to show that, in that case, . By contradiction, consider a pair with ; without loss of generality, can be assumed minimal among all such pairs. Then is full below : indeed, if and , since was taken minimal, and therefore belongs to since is complete. Thus Lem. 4 applies and shows that , a contradiction. ∎
5. Complexity Upper Bounds
In this section, we analyse the procedure to derive an upper bound on the computed . In turn, by theorems 3 and 1, this bound will allow us to bound the complexity of the bisimulation problem. The idea is to analyse the ranking function defined by (12) in order to bound how many times the main loop of can be executed. We rely for this on a socalled ‘length function theorem’ from [28] to bound the length of descending sequences of ordinals like (13
). Finally, we classify the final upper bound using the ‘fastgrowing’ complexity classes defined in
[29]. A general introduction to these techniques can be found in [30]. Throughout this section, we assume that the values of , , , and are the ones needed for Thm. 3 to hold.5.1. Controlled Descending Sequences
Though all descending sequences of ordinals are finite, we cannot bound their lengths in general; e.g., and are descending sequences of length for all in . Nevertheless, the sequence (13) produced by is not arbitrary, because the successive ranks are either determined by the input and the initialisation phase, or the result of some computation, hence one cannot use an arbitrary as in these examples.
This intuition is captured by the notion of controlled sequences. For an ordinal (like the ranks defined by (12)), let us write in Cantor normal form as
with and in , and define its size as
(14) 
Let be a natural number in and a monotone inflationary function, i.e., implies , and . A sequence of ordinals below is controlled if, for all in ,
(15) 
i.e., the size of the th ordinal
Comments
There are no comments yet.