# Orna Kupferman's research while affiliated with Hebrew University of Jerusalem and other places

**What is this page?**

This page lists the scientific contributions of an author, who either does not have a ResearchGate profile, or has not yet added these contributions to their profile.

It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.

If you're a ResearchGate member, you can follow this page to keep up with this author's work.

If you are this author, and you don't want us to display this page anymore, please let us know.

It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.

If you're a ResearchGate member, you can follow this page to keep up with this author's work.

If you are this author, and you don't want us to display this page anymore, please let us know.

## Publications (258)

While the minimization problem for deterministic Büchi word automata is known to be NP-complete, several fundamental problems around it are still open. This includes the complexity of minimzation for transition-based automata, where acceptance is defined with respect to the set of transitions that a run traverses infinitely often, and minimization...

We study three levels in a hierarchy of nondeterminism: A nondeterministic automaton $\cal A$ is determinizable by pruning (DBP) if we can obtain a deterministic automaton equivalent to $\cal A$ by removing some of its transitions. Then, $\cal A$ is good-for-games (GFG) if its nondeterministic choices can be resolved in a way that only depends on t...

While many applications of automata in formal methods can use
nondeterministic automata, some applications, most notably synthesis, need
deterministic or good-for-games (GFG) automata. The latter are nondeterministic
automata that can resolve their nondeterministic choices in a way that only
depends on the past. The minimization problem for determi...

The automation of decision procedures makes certification essential. We suggest to use determinacy of turn-based two-player games with regular winning conditions in order to generate certificates for the number of states that a deterministic finite automaton (DFA) needs in order to recognize a given language. Given a language L and a bound k, recog...

In rational synthesis , we automatically construct a reactive system that satisfies its specification in all rational environments, namely environments that have objectives and act to fulfill them. We complete the study of the complexity of LTL rational synthesis. Our contribution is threefold. First, we tighten the known upper bounds for settings...

A complexity measure for regular languages based on the sensing required to recognize them was recently introduced by Almagor, Kuperberg, and Kupferman. Intuitively, the sensing cost quantifies the detail in which a random input word has to be read in order to decide its membership in the language, when the input letters composing the word are trut...

The automation of decision procedures makes certification essential. We suggest to use determinacy of turn-based two-player games with regular winning conditions in order to generate certificates for the number of states that a deterministic finite automaton (DFA) needs in order to recognize a given language. Given a language L and a bound k, recog...

In the classical synthesis problem, we are given an LTL formula \psi over sets of input and output signals, and we synthesize a system T that realizes \psi: with every input sequences x, the system associates an output sequence T(x) such that the generated computation x \otimes T(x) satisfies \psi. In practice, the requirement to satisfy the specif...

The automation of decision procedures makes certification essential. We suggest to use determinacy of turn-based two-player games with regular winning conditions in order to generate certificates for the number of states that a deterministic finite automaton (DFA) needs in order to recognize a given language. Given a language $L$ and a bound $k$, r...

While many applications of automata in formal methods can use nondeterministic automata, some applications, most notably synthesis, need deterministic or good-for-games(GFG) automata. The latter are nondeterministic automata that can resolve their nondeterministic choices in a way that only depends on the past. The minimization problem for determin...

Different classes of automata on infinite words have different expressive power. Deciding whether a given language $$L \subseteq \varSigma ^\omega $$ L ⊆ Σ ω can be expressed by an automaton of a desired class can be reduced to deciding a game between Prover and Refuter: in each turn of the game, Refuter provides a letter in $$\varSigma $$ Σ , and...

Different classes of automata on infinite words have different expressive power. Deciding whether a given language $L \subseteq \Sigma^\omega$ can be expressed by an automaton of a desired class can be reduced to deciding a game between Prover and Refuter: in each turn of the game, Refuter provides a letter in $\Sigma$, and Prover responds with an...

We study capacitated automata (CAs) [10], where transitions correspond to resources and have capacities, bounding the number of times they may be traversed. We follow the utilization semantics of CAs and view them as recognizers of multi-languages – sets of multisets of words, where a multiset S of words is in the multi-language of a CA A if all th...

Weighted automata map input words to values, and have numerous applications in computer science. A result by Krob from the 90s implies that the universality problem is decidable for weighted automata over the tropical semiring with weights in N∪{∞} and is undecidable when the weights are in Z∪{∞}.
We continue the study of the borders of decidabilit...

Design and control of multi-agent systems correspond to the synthesis of winning strategies in games that model the interaction between the agents. In games with full observability, the strategies of players depend on the full history of the play. In games with partial observability, strategies depend only on observable components of the history. W...

Good-For-Games (GFG) automata are nondeterministic automata that can resolve their nondeterministic choices based on the past. The fact that the synthesis problem can be reduced to solving a game on top of a GFG automaton for the specification (that is, no determinization is needed) has made them the subject of extensive research in the last years....

Minimization of deterministic automata on finite words results in a {\em canonical\/} automaton. For deterministic automata on infinite words, no canonical minimal automaton exists, and a language may have different minimal deterministic B\"uchi (DBW) or co-B\"uchi (DCW) automata. In recent years, researchers have studied {\em good-for-games\/} (GF...

We introduce and study good-enough synthesis (ge-synthesis) – a variant of synthesis in which the system is required to satisfy a given specification \(\psi \) only when it interacts with an environments for which a satisfying interaction exists. Formally, an input sequence x is hopeful if there exists some output sequence y such that the induced c...

Variable automata with arithmetic enable the specification of reactive systems with variables over an infinite domain of numeric values and whose operation involves arithmetic manipulation of these values [9]. We study the synthesis problem for such specifications. While the problem is in general undecidable, we define a fragment, namely semantical...

In the traditional maximum-flow problem, the goal is to transfer maximum flow in a network by directing, in each vertex in the network, incoming flow to outgoing edges. The problem corresponds to settings in which a central authority has control on all vertices of the network. Today’s computing environment, however, involves systems with no central...

The size of deterministic automata required for recognizing regular and [Formula: see text]-regular languages is a well-studied measure for the complexity of languages. We introduce and study a new complexity measure, based on the sensing required for recognizing the language. Intuitively, the sensing cost quantifies the detail in which a random in...

Hierarchical graphs are used in order to describe systems with a sequential composition of sub-systems. A hierarchical graph consists of a vector of subgraphs. Vertices in a subgraph may “call” other subgraphs. The reuse of subgraphs, possibly in a nested way, causes hierarchical graphs to be exponentially more succinct than equivalent flat graphs....

We introduce and study SL[F], a quantitative extension of SL (Strategy Logic), one of the most natural and expressive logics describing strategic behaviours. The satisfaction value of an SL[F] formula is a real value in [0,1], reflecting ``how much'' or ``how well'' the strategic on-going objectives of the underlying agents are satisfied. We demons...

Capacitated automata (CAs), introduced by Kupferman and Tamir at 2014, are a variant of finite-state automata in which each transition is associated with a (possibly infinite) capacity that bounds the number of times the transition may be traversed in a single run. We continue the study of the theoretical properties of CA and solve problems that we...

In resource allocation games, selfish players share resources that are needed in order to fulfill their objectives. The cost of using a resource depends on the load on it. In the traditional setting, the players make their choices concurrently and in one-shot. That is, a strategy for a player is a subset of the resources. We introduce and study dyn...

Temporal logics are extensively used for the specification of on-going behaviours of reactive systems. Two significant developments in this area are the extension of traditional temporal logics with modalities that enable the specification of on-going strategic behaviours in multi-agent systems, and the transition of temporal logics to a quantitati...

Of special interest in formal verification are safety specifications, which assert that the system stays within some allowed region, in which nothing “bad” happens. Equivalently, a computation violates a safety specification if it has a “bad prefix”—a prefix all whose extensions violate the specification. The theoretical properties of safety specif...

Network games are widely used as a model for selfish resource-allocation problems. In the classical model, each player selects a path connecting her source and target vertices. The cost of traversing an edge depends on the {\em load}; namely, number of players that traverse it. Thus, it abstracts the fact that different users may use a resource at...

Vacuity is a leading sanity check in model-checking, applied when the system is found to satisfy the specification. The check detects situations where the specification passes in a trivial way, say when a specification that requires every request to be followed by a grant is satisfied in a system with no requests. Such situations typically reveal p...

In Rational Synthesis, we consider a multi-agent system in which some of the agents are controllable and some are not. All agents have objectives, and the goal is to synthesize strategies for the controllable agents so that their objectives are satisfied, assuming rationality of the uncontrollable agents. Previous work on rational synthesis conside...

Network games (NGs) are played on directed graphs and are extensively used in network design and analysis. Search problems for NGs include finding special strategy profiles such as a Nash equilibrium and a globally-optimal solution. The networks modeled by NGs may be huge. In formal verification, abstraction has proven to be an extremely effective...

Flow networks have attracted a lot of research in computer science. Indeed, many questions in numerous application areas can be reduced to questions about flow networks. Many of these applications would benefit from a framework in which one can formally reason about properties of flow networks that go beyond their maximal flow. We introduce {\em Fl...

We study automata on infinite words and their applications in system specification and verification. We first introduce Büchi automata and survey their closure properties, expressive power, and determinization. We then introduce additional acceptance conditions and the model of alternating automata. We compare the different classes of automata in t...

A counterexample to the satisfaction of a linear property ψ in a system S is an infinite computation of S that violates ψ. When ψ is a safety property, a counterexample to its satisfaction need not be infinite. Rather, it is a bad-prefix for ψ: a finite word all whose extensions violate ψ. The existence of finite counterexamples is very helpful in...

Synthesis is the automated construction of a system from its specification. In real life, hardware and software systems are rarely constructed from scratch. Rather, a system is typically constructed from a library of components. Lustig and Vardi formalized this intuition and studied LTL synthesis from component libraries. In real life, designers se...

In GFG automata, it is possible to resolve nondeterminism in a way that only depends on the past and still accepts all the words in the language. The motivation for GFG automata comes from their adequacy for games and synthesis, wherein general nondeterminism is inappropriate. We continue the ongoing effort of studying the power of nondeterminism i...

In the classical synthesis problem, we are given a specification ψ over sets of input and output signals, and we synthesize a finite-state transducer that realizes ψ: with every sequence of input signals, the transducer associates a sequence of output signals so that the generated computation satisfies ψ. In recent years, researchers consider exten...

Network games (NGs) are played on directed graphs and are extensively used in network design and analysis. Search problems for NGs include finding special strategy profiles such as a Nash equilibrium and a globally optimal solution. The networks modeled by NGs may be huge. In formal verification, abstraction has proven to be an extremely effective...

In assume-guarantee synthesis, we are given a specification \(\langle A,G \rangle \), describing an assumption on the environment and a guarantee for the system, and we construct a system that interacts with an environment and is guaranteed to satisfy G whenever the environment satisfies A. While assume-guarantee synthesis is 2EXPTIME-complete for...

The talk surveys a series of works that lift the rich semantics and structure of graphs, and the experience of the formal-verification community in reasoning about them, to classical graph-theoretical problems.

Hierarchical graphs are used in order to describe systems with a sequential composition of sub-systems. A hierarchical graph consists of a vector of subgraphs. Vertices in a subgraph may “call” other subgraphs. The reuse of subgraphs, possibly in a nested way, causes hierarchical graphs to be exponentially more succinct than equivalent flat graphs....

The size of deterministic automata required for recognizing regular and \(\omega \)-regular languages is a well-studied measure for the complexity of languages. We introduce and study a new complexity measure, based on the sensing required for recognizing the language. Intuitively, the sensing cost quantifies the detail in which a random input word...

Classical network-formation games (NFGs) are played on directed graphs, and are used in network design and analysis. Edges in the network are associated with costs and players have reachability objectives, which they try to fulfill at a minimal cost. When several players use the same edge, they share its cost. The theoretical and practical aspects...

In resource allocation games, selfish players share resources that are needed in order to fulfill their objectives. The cost of using a resource depends on the load on it. In the traditional setting, the players make their choices concurrently and in one-shot. That is, a strategy for a player is a subset of the resources. We introduce and study dyn...

Synthesis is the automated construction of a system from its specification. The system has to satisfy its specification in all possible environments. The environment often consists of agents that have objectives of their own. Thus, it makes sense to soften the universal quantification on the behavior of the environment and take the objectives of it...

In the classical synthesis problem, we are given an LTL formula psi over sets of input and output signals, and we synthesize a transducer that realizes psi. One weakness of automated synthesis in practice is that it pays no attention to the quality of the synthesized system. Indeed, the classical setting is Boolean: a computation satisfies a specif...

Classical network-formation games are played on a directed graph. Players have reachability objectives: each player has to select a path from his source to target vertices. Each edge has a cost, shared evenly by the players using it. We introduce and study network-formation games with regular objectives. In our setting, the edges are labeled by alp...

In recent years, there has been a growing need and interest in formally reasoning about the quality of software and hardware systems. As opposed to traditional verification, in which one considers the question of whether a system satisfies a given specification or not, reasoning about quality addresses the question of how well the system satisfies...

In the synthesis problem, we are given a specification \(\psi \) over input and output signals, and we synthesize a system that realizes \(\psi \): with every sequence of input signals, the system associates a sequence of output signals so that the generated computation satisfies \(\psi \). The above classical formulation of the problem is Boolean....

In Boolean synthesis, we are given an LTL specification, and the goal is to construct a transducer that realizes it against an adversarial environment. Often, a specification contains both Boolean requirements that should be satisfied against an adversarial environment, and multi-valued components that refer to the quality of the satisfaction and w...

Capacitated automata (CAs) have been recently introduced in [8] as a variant of finite-state automata in which each transition is associated with a (possibly infinite) capacity. The capacity bounds the number of times the transition may be traversed in a single run. The study in [8] includes preliminary results about the expressive power of CAs, th...

Of special interest in formal verification are safety specifications, which assert that the system stays within some allowed region, in which nothing “bad” happens. Equivalently, a computation violates a safety specification if it has a “bad prefix” – a prefix all whose extensions violate the specification. The theoretical properties of safety spec...

Vacuity checking is traditionally performed after model checking has terminated successfully. It ensures that all the elements of the specification have played a role in its satisfaction by the system. The need to check the quality of specifications is even more acute in property-based design, where the specification is the only input, serving as a...

Nondeterministic weighted finite automata (WFAs) map input words to real numbers. Each transition of a WFA is labeled by both a letter from some alphabet and a weight. The weight of a run is the sum of the weights on the transitions it traverses, and the weight of a word is the minimal weight of a run on it. In probabilistic weighted automata (PWFA...

Synthesis is the automated construction of a system from its specification. The system has to satisfy its specification in all possible environments. The environment often consists of agents that have objectives of their own. Thus, it makes sense to soften the universal quantification on the behavior of the environment and take the objectives of it...

We study capacitated automata (CAs), where transitions correspond to resources and may have bounded capacities. Each transition in a CA is associated with a (possibly infinite) bound on the number of times it may be traversed. We study CAs from two points of view. The first is that of traditional automata theory, where we view CAs as recognizers of...

This work focuses on data-parameterized abstract systems that extend standard modelling by allowing atomic propositions to be parameterized by variables that range over some infinite domain. These variables may range over process ids, message numbers, etc. Thus, abstract systems enable simple modelling of infinite-state systems whose source of infi...

We say that a deterministic finite automaton (DFA) AA is composite if there are DFAs A1,…,AtA1,…,At such that L(A)=⋂i=1tL(Ai) and the index of every AiAi is strictly smaller than the index of AA. Otherwise, AA is prime.
We study the problem of deciding whether a given DFA is composite, the number of DFAs required in a decomposition, decompositions...

Synthesis is the automated construction of a system from its specification. In real life, hardware and software systems are rarely constructed from scratch. Rather, a system is typically constructed from a library of components. Lustig and Vardi formalized this intuition and studied LTL synthesis from component libraries. In real life, designers se...

Multi-agents cost-sharing games are commonly used for modeling settings in which different entities share resources. For example, the setting in which entities need to route messages in a network is modeled by a network-formation game: the network is modeled by a graph, and each agent has to select a path satisfying his reachability objective. In p...

In recent years, there is growing need and interest in formalizing and
reasoning about the quality of software and hardware systems. As opposed to
traditional verification, where one handles the question of whether a system
satisfies, or not, a given specification, reasoning about quality addresses the
question of \emph{how well} the system satisfi...

Classical network-formation games are played on a directed graph. Players have reachability objectives, and each player has to select a path satisfying his objective. Edges are associated with costs, and when several players use the same edge, they evenly share its cost. The theoretical and practical aspects of network-formation games have been ext...

In the classical synthesis problem, we are given a linear temporal logic (LTL) formula ψ over sets of input and output signals, and we synthesize a finite-state transducer that realizes ψ: with every sequence of input signals, the transducer associates a sequence of output signals so that the generated computation satisfies ψ. In recent years, rese...

Of special interest in formal verification are safety properties, which assert that the system always stays within some allowed region, in which nothing “bad” happens. Equivalently, a property is a safety property if every violation of it occurs after a finite execution of the system. Thus, a computation violates the property if it has a “bad prefi...

Over the last decade, extensive research has been conducted on coverage metrics for model checking. The most common coverage metrics are based on mutations, where one examines the effect of small modifications of the system on the satisfaction of the specification. While it is commonly accepted that mutation-based coverage provides adequate means f...

Abstraction is a leading technique for coping with large state spaces. Abstraction over-approximates the transitions of the original system or the automaton that models it and may introduce nondeterminism. In applications where determinism is essential, we say that an abstraction function is helpful if, after determining and minimizing the abstract...

We introduce generalized register automata (GRAs) and study their properties and applications in reasoning about systems and specifications over infinite domains. We show that GRAs can capture both VLTL – a logic that extends LTL with variables over infinite domains, and abstract systems – finite state systems whose atomic propositions are paramete...

Safety properties, which assert that the system always stays within some allowed region, have been extensively studied and used. In the last years, we see more and more research on quantitative formal methods, where systems and specifications are weighted. We introduce and study safety in the weighted setting. For a value v ∈ ℚ , we say that a weig...

Vacuity detection is a method for finding errors in the model-checking process when the specification is found to hold in the model. Most vacuity algorithms are based on checking the effect of applying mutations on the specification. It has been recognized that vacuity results differ in their significance. While in many cases such results are value...

The determinization of Buchi automata is a celebrated problem, with
applications in synthesis, probabilistic verification, and multi-agent systems.
Since the 1960s, there has been a steady progress of constructions: by
McNaughton, Safra, Piterman, Schewe, and others. Despite the proliferation of
solutions, they are all essentially ad-hoc constructi...

The logic \({\ensuremath{\rm LTL}} ^{\triangledown } \) extends \({\ensuremath{\rm LTL}} \) by quality operators. The satisfaction value of an \({\ensuremath{\rm LTL}} ^{\triangledown } \) formula in a computation refines the 0/1 value of \({\ensuremath{\rm LTL}} \) formulas to a real value in [0,1]. The higher the value is, the better is the quali...

Traditional formal methods are based on a Boolean satisfaction notion: a reactive system satisfies, or not, a given specification. We generalize formal methods to also address the quality of systems. As an adequate specification formalism we introduce the linear temporal logic LTL[\({\cal F}\)]. The satisfaction value of an LTL[\({\cal F}\)] formul...

Choices made by nondeterministic word automata depend on both the past (the prefix of the word read so far) and the future (the suffix yet to be read). In several applications, most notably synthesis, the future is diverse or unknown, leading to algorithms that are based on deterministic automata. Hoping to retain some of the advantages of nondeter...

Partially-specified systems and specifications are used in formal methods such as stepwise design and query checking. Existing methods consider a setting in which the systems and their correctness are Boolean. In recent years there has been growing interest and need for quantitative formal methods, where systems may be weighted and specifications m...

Complementation of B\"uchi automata, required for checking automata
containment, is of major theoretical and practical interest in formal
verification. We consider two recent approaches to complementation. The first
is the rank-based approach of Kupferman and Vardi, which operates over a DAG
that embodies all runs of the automaton. This approach is...

Of special interest in verification are safety properties, which assert that the system always stays within some allowed region. For closed systems, the theoretical properties of safety properties as well as their practical advantages with respect to general properties are well understood. For open (a.k.a. reactive) systems, whose behavior depends...

Traditional automata accept or reject their input, and are therefore Boolean. Lattice automata generalize the traditional setting and map words to values taken from a lattice. In particular, in a fully-ordered lattice, the elements are 0,1,…,n − 1, ordered by the standard ≤ order. Lattice automata, and in particular lattice automata defined with re...

In classical LTL model checking, both the system and the specification are over a finite set of atomic propositions. We present a natural extension of this model, in which the atomic propositions are parameterized by variables ranging over some (possibly infinite) domain. For example, by parameterizing the atomic propositions send and receive by a...

We solve the longstanding open problems of the blow-up involved in the translations, when possible, of a nondeterministic Büchi word automaton (NBW) to a nondeterministic co-Büchi word automaton (NCW) and to a deterministic co-Büchi word automaton (DCW). For the NBW to NCW translation, the currently known upper bound is 2O(n log n) and the lower bo...

Weighted automata map input words to real numbers and are useful in reasoning about quantitative systems and specifications. The containment problem for weighted automata asks, given two weighted automata \(\mathcal{A}\) and \(\mathcal{B}\), whether for all words w, the value that \(\mathcal{A}\) assigns to w is less than or equal to the value \(\m...

In automated synthesis, we transform a specification into a system that is guaranteed to satisfy the specification against all environments. While model-checking theory has led to industrial development and use of formal-verification tools, the integration of synthesis in the industry is slow. This has to do with theoretical limitations, like the c...

We consider the problem of automatically synthesizing, from a linear temporal logic (LTL) specification, a system that is guaranteed to satisfy the specification with respect to all environments. Algorithms for solving the synthesis problem reduce it to the solution of a game played between the system and its environment, in which the system and en...

In the traditional Boolean setting of formal verification, alternating automata are the key to many algorithms and tools. In this setting, the correspondence between disjunctions/conjunctions in the specification and nondeterministic/universal transitions in the automaton for the specification is straightforward. A recent exciting research directio...

In [2], we showed how viewing online algorithms as reactive systems enables the application of ideas from formal verification to the competitive analysis of online algorithms. Our approach is based on weighted automata, which assign to each input word a cost in \({\rm I\!R}^{\geq 0}\). By relating the “unbounded look ahead” of optimal offline algor...

Weighted automata map input words to numerical values. Applications of weighted automata include formal verification of quantitative properties, as well as text, speech, and image processing.
In the 90’s, Krob studied the decidability of problems on rational series, which strongly relate to weighted automata. In particular, it follows from Krob’s r...

Trigger querying is the problem of finding, given a system M and an LTL formula ϕ, the set of scenarios that trigger ϕ in M; that is, the language L of finite computations of M such that all infinite computations that have a prefix in L continue with a suffix that satisfies ϕ. For example, the trigger query M ⊧ ? ↦Ferr asks for the set of scenarios...

A nondeterministic weighted finite automaton (WFA) maps an input word to a numerical value. Applications of weighted automata include formal verification of quantitative properties, as well as text, speech, and image processing. Many of these applications require the WFAs to be deterministic, or work substantially better when the WFAs are determini...

There is recently a significant effort to add quantitative objectives to formal verification and synthesis. We introduce and investigate the extension of temporal logics with quantitative atomic assertions, aiming for a general and flexible framework for quantitative-oriented specifications. In the heart of quantitative objectives lies the accumula...

The translation of LTL formulas to nondeterministic automata involves an exponential blow-up, and so does the translation
of nondeterministic automata to deterministic ones. This yields a 22O(n)2^{2^{O(n)}} upper bound for the translation of LTL to deterministic automata. A lower bound for the translation was studied in [KV05a],
which describes a 2...

Traditional automata accept or reject their input, and are therefore Boolean. In contrast, weighted automata map each word to a value from a semiring over a large domain. The special case of lattice automata, in which the semiring is a finite lattice, has interesting theoretical properties as well as applications in formal methods. A minimal determ...

We solve the open problems of translating, when possible, all common classes of nondeterministic word automata to deterministic and nondeterministic co-Büchi word automata. The handled classes include Büchi, parity, Rabin, Streett and Muller automata. The translations follow a unified approach and are all asymptotically tight.
The problem of transl...

Temporal synthesis is the automated construction of a system from its temporal specification. It is by now realized that requiring the synthesized system to satisfy the specifications against all possible environments may be too demanding, and, dually, allowing all systems may be not demanding enough. In this work we study bounded temporal synthesi...

Weighted automata map input words to numerical values. Applications of weighted automata include formal verification of quantitative properties, as well as text, speech, and image processing. A weighted automaton is defined with respect to a semiring. For the tropical semiring, the weight of a run is the sum of the weights of the transitions taken...