Date post: | 30-Jun-2015 |
Category: |
Technology |
Upload: | focas-initiative |
View: | 151 times |
Download: | 1 times |
Temporal logics for multi-agent systems
Nicolas MarkeyLSV – ENS Cachan
(based on joint works with Thomas Brihaye,Arnaud Da Costa-Lopes, François Laroussinie)
« Formalisation des Activités Concurrentes »
Toulouse, 16 April 2014
Model checking and synthesis
system:
[http://www.embedded.com]
3
propriété
a!b?
a?b!
AG(¬ B.overfull∧ ¬ B.dried_up)
model-checkingalgorithm
yes/no
a?b!
Model checking and synthesis
system:
[http://www.embedded.com]
3
propriété
a!b?
a?b! ? AG(¬ B.overfull
∧ ¬ B.dried_up)synthesisalgorithm
yes/no
a?b!
Outline of the presentation
1 Introduction
2 Basics of CTL and ATLexpressing properties of reactive systemsefficient verification algorithms
3 Temporal logics for multi-agent systemsspecifying properties of complex interacting systemsexpressive power of ATLsctranslation into Quantified CTL (QCTL)algorithms for ATLsc
4 Conclusions and future works
Outline of the presentation
1 Introduction
2 Basics of CTL and ATLexpressing properties of reactive systemsefficient verification algorithms
3 Temporal logics for multi-agent systemsspecifying properties of complex interacting systemsexpressive power of ATLsctranslation into Quantified CTL (QCTL)algorithms for ATLsc
4 Conclusions and future works
Computation-Tree Logic (CTL)atomic propositions: , , ...
boolean combinators: ¬ϕ, ϕ ∨ ψ, ϕ ∧ ψ, ...
temporal modalities:
X ϕ ϕ “next ϕ”
ϕ U ψ ϕ ϕ ψ “ϕ until ψ”
ϕ “eventually ϕ”true U ϕ ≡ F ϕ
¬ F ¬ϕ ≡ G ϕ ϕ ϕ ϕ ϕ ϕ “always ϕ”
path quantifiers:
Eϕϕ
Aϕ
ϕϕϕϕϕϕ
Computation-Tree Logic (CTL)atomic propositions: , , ...
boolean combinators: ¬ϕ, ϕ ∨ ψ, ϕ ∧ ψ, ...
temporal modalities:
X ϕ ϕ “next ϕ”
ϕ U ψ ϕ ϕ ψ “ϕ until ψ”
ϕ “eventually ϕ”true U ϕ ≡ F ϕ
¬ F ¬ϕ ≡ G ϕ ϕ ϕ ϕ ϕ ϕ “always ϕ”
path quantifiers:
Eϕϕ
Aϕ
ϕϕϕϕϕϕ
Computation-Tree Logic (CTL)atomic propositions: , , ...
boolean combinators: ¬ϕ, ϕ ∨ ψ, ϕ ∧ ψ, ...
temporal modalities:
X ϕ ϕ “next ϕ”
ϕ U ψ ϕ ϕ ψ “ϕ until ψ”
ϕ “eventually ϕ”true U ϕ ≡ F ϕ
¬ F ¬ϕ ≡ G ϕ ϕ ϕ ϕ ϕ ϕ “always ϕ”
path quantifiers:
Eϕϕ
Aϕ
ϕϕϕϕϕϕ
Computation-Tree Logic (CTL)atomic propositions: , , ...
boolean combinators: ¬ϕ, ϕ ∨ ψ, ϕ ∧ ψ, ...
temporal modalities:
X ϕ ϕ “next ϕ”
ϕ U ψ ϕ ϕ ψ “ϕ until ψ”
ϕ “eventually ϕ”true U ϕ ≡ F ϕ
¬ F ¬ϕ ≡ G ϕ ϕ ϕ ϕ ϕ ϕ “always ϕ”
path quantifiers:
Eϕϕ
Aϕ
ϕϕϕϕϕϕ
Computation-Tree Logic (CTL)atomic propositions: , , ...
boolean combinators: ¬ϕ, ϕ ∨ ψ, ϕ ∧ ψ, ...
temporal modalities:
X ϕ ϕ “next ϕ”
ϕ U ψ ϕ ϕ ψ “ϕ until ψ”
ϕ “eventually ϕ”true U ϕ ≡ F ϕ
¬ F ¬ϕ ≡ G ϕ ϕ ϕ ϕ ϕ ϕ “always ϕ”
path quantifiers:
Eϕϕ
Aϕ
ϕϕϕϕϕϕ
Examples of CTL and CTL∗ formulas
In CTL, each temporal modality is in the immediate scope of apath quantifier.
p p
p
Examples of CTL and CTL∗ formulas
In CTL, each temporal modality is in the immediate scope of apath quantifier.
EF is reachable
p p
p
Examples of CTL and CTL∗ formulas
In CTL, each temporal modality is in the immediate scope of apath quantifier.
EF is reachable
3
p
3
p
3
p
Examples of CTL and CTL∗ formulas
In CTL, each temporal modality is in the immediate scope of apath quantifier.
EG(¬ ∧ EF ) there is a path along which is alwaysreachable, but never reached
p p
p
Examples of CTL and CTL∗ formulas
In CTL, each temporal modality is in the immediate scope of apath quantifier.
EG(¬ ∧ EF︸ ︷︷ ︸p
) there is a path along which is alwaysreachable, but never reached
p p
p
Examples of CTL and CTL∗ formulas
In CTL, each temporal modality is in the immediate scope of apath quantifier.
EG(¬ ∧ EF︸ ︷︷ ︸p
) there is a path along which is alwaysreachable, but never reached
3p
3p
p
Examples of CTL and CTL∗ formulas
In CTL, each temporal modality is in the immediate scope of apath quantifier.
Theorem ([CE81,QS82])CTL model checking is PTIME-complete.
[CE81] Clarke, Emerson. Design and Synthesis of Synchronization Skeletons usingBranching-Time Temporal Logic. LOP’81.[QS82] Queille, Sifakis. Specification and verification of concurrent systems in CESAR.SOP’82.
[KVW94] Kupferman, Vardi, Wolper. An automata-theoretic approach to branching-timemodel checking. CAV’94.
Examples of CTL and CTL∗ formulas
In CTL, each temporal modality is in the immediate scope of apath quantifier.
Theorem ([CE81,QS82])CTL model checking is PTIME-complete.
Theorem ([KVW94])
CTL model checking on product structures isPSPACE-complete.
[CE81] Clarke, Emerson. Design and Synthesis of Synchronization Skeletons usingBranching-Time Temporal Logic. LOP’81.[QS82] Queille, Sifakis. Specification and verification of concurrent systems in CESAR.SOP’82.[KVW94] Kupferman, Vardi, Wolper. An automata-theoretic approach to branching-timemodel checking. CAV’94.
Examples of CTL and CTL∗ formulas
In CTL∗, we have no restriction on modalities and quantifiers.
p p
p
Examples of CTL and CTL∗ formulas
In CTL∗, we have no restriction on modalities and quantifiers.
EG F there is a path visiting infinitely many times
3
p
3
p
3
p
Examples of CTL and CTL∗ formulas
In CTL∗, we have no restriction on modalities and quantifiers.
A(G F ⇒ G(¬ )) any path that visits infinitely many times,never visits
p p
p
Examples of CTL and CTL∗ formulas
In CTL∗, we have no restriction on modalities and quantifiers.
A(G F ⇒ G(¬ )) any path that visits infinitely many times,never visits
3
p
3
p
3
p
3
Examples of CTL and CTL∗ formulas
In CTL∗, we have no restriction on modalities and quantifiers.
Theorem ([EH86,KVW94])CTL∗ model checking is PSPACE-complete.
Theorem ([KVW94])CTL∗ model checking on product structures is PSPACE-complete.
[EH86] Emerson, Halpern. "Sometimes" and "Not Never" Revisited: On Branching versusLinear Time Temporal Logic. J.ACM, 1986.[KVW94] Kupferman, Vardi, Wolper. An automata-theoretic approach to branching-timemodel checking. CAV’94.
Reasoning about open systems
Concurrent gamesA concurrent game is made of
a transition system;
a set of agents (or players);a table indicating the transition to be taken given the actionsof the players.
q0
q1
q2
q0 q2 q1
q1 q0 q2
q2 q1 q0
player 1
player
2
Reasoning about open systems
Concurrent gamesA concurrent game is made of
a transition system;
a set of agents (or players);a table indicating the transition to be taken given the actionsof the players.
q0
q1
q2
q0 q2 q1
q1 q0 q2
q2 q1 q0
player 1
player
2
Reasoning about open systems
Concurrent gamesA concurrent game is made of
a transition system;a set of agents (or players);
a table indicating the transition to be taken given the actionsof the players.
q0
q1
q2
q0 q2 q1
q1 q0 q2
q2 q1 q0
player 1
player
2
Reasoning about open systems
Concurrent gamesA concurrent game is made of
a transition system;a set of agents (or players);a table indicating the transition to be taken given the actionsof the players.
q0
q1
q2
q0 q2 q1
q1 q0 q2
q2 q1 q0
player 1
player
2
Reasoning about open systems
Concurrent gamesA concurrent game is made of
a transition system;a set of agents (or players);a table indicating the transition to be taken given the actionsof the players.
Turn-based gamesA turn-based game is a gamewhere only one agent plays ata time.
Reasoning about open systems
StrategiesA strategy for a given player is a function telling what to playdepending on what has happened previously.
Example
Strategy for player :alternately go to and .
...
...
......
Reasoning about open systems
StrategiesA strategy for a given player is a function telling what to playdepending on what has happened previously.
Example
Strategy for player :alternately go to and .
...
...
......
Reasoning about open systems
StrategiesA strategy for a given player is a function telling what to playdepending on what has happened previously.
Example
Strategy for player :alternately go to and .
...
...
......
Temporal logics for games: ATL
ATL extends CTL with strategy quantifiers〈〈A〉〉ϕ expresses that A has a strategy to enforce ϕ.
Theorem ([AHK02])Model checking ATL is PTIME-complete.Model checking ATL∗ is 2-EXPTIME-complete.
[AHK02] Alur, Henzinger, Kupferman. Alternating-time Temporal Logic. J. ACM, 2002.
Temporal logics for games: ATL
ATL extends CTL with strategy quantifiers〈〈A〉〉ϕ expresses that A has a strategy to enforce ϕ.
p
p
〈〈 〉〉 F
〈〈 〉〉 F
〈〈 〉〉 G( 〈〈 〉〉 F )
p
Theorem ([AHK02])Model checking ATL is PTIME-complete.Model checking ATL∗ is 2-EXPTIME-complete.
[AHK02] Alur, Henzinger, Kupferman. Alternating-time Temporal Logic. J. ACM, 2002.
Temporal logics for games: ATL
ATL extends CTL with strategy quantifiers〈〈A〉〉ϕ expresses that A has a strategy to enforce ϕ.
33
p
33
p
〈〈 〉〉 F
〈〈 〉〉 F
〈〈 〉〉 G( 〈〈 〉〉 F )
p
Theorem ([AHK02])Model checking ATL is PTIME-complete.Model checking ATL∗ is 2-EXPTIME-complete.
[AHK02] Alur, Henzinger, Kupferman. Alternating-time Temporal Logic. J. ACM, 2002.
Temporal logics for games: ATL
ATL extends CTL with strategy quantifiers〈〈A〉〉ϕ expresses that A has a strategy to enforce ϕ.
p
p
〈〈 〉〉 F
〈〈 〉〉 F
〈〈 〉〉 G( 〈〈 〉〉 F )
p
Theorem ([AHK02])Model checking ATL is PTIME-complete.Model checking ATL∗ is 2-EXPTIME-complete.
[AHK02] Alur, Henzinger, Kupferman. Alternating-time Temporal Logic. J. ACM, 2002.
Temporal logics for games: ATL
ATL extends CTL with strategy quantifiers〈〈A〉〉ϕ expresses that A has a strategy to enforce ϕ.
3
p
3
p
〈〈 〉〉 F
〈〈 〉〉 F
〈〈 〉〉 G( 〈〈 〉〉 F )
p
Theorem ([AHK02])Model checking ATL is PTIME-complete.Model checking ATL∗ is 2-EXPTIME-complete.
[AHK02] Alur, Henzinger, Kupferman. Alternating-time Temporal Logic. J. ACM, 2002.
Temporal logics for games: ATL
ATL extends CTL with strategy quantifiers〈〈A〉〉ϕ expresses that A has a strategy to enforce ϕ.
p
p
〈〈 〉〉 F
〈〈 〉〉 F
〈〈 〉〉 G( 〈〈 〉〉 F )
p
Theorem ([AHK02])Model checking ATL is PTIME-complete.Model checking ATL∗ is 2-EXPTIME-complete.
[AHK02] Alur, Henzinger, Kupferman. Alternating-time Temporal Logic. J. ACM, 2002.
Temporal logics for games: ATL
ATL extends CTL with strategy quantifiers〈〈A〉〉ϕ expresses that A has a strategy to enforce ϕ.
p
p
〈〈 〉〉 F
〈〈 〉〉 F
〈〈 〉〉 G( 〈〈 〉〉 F ) ≡ 〈〈 〉〉 G pp
Theorem ([AHK02])Model checking ATL is PTIME-complete.Model checking ATL∗ is 2-EXPTIME-complete.
[AHK02] Alur, Henzinger, Kupferman. Alternating-time Temporal Logic. J. ACM, 2002.
Temporal logics for games: ATL
ATL extends CTL with strategy quantifiers〈〈A〉〉ϕ expresses that A has a strategy to enforce ϕ.
p
p
〈〈 〉〉 F
〈〈 〉〉 F
〈〈 〉〉 G( 〈〈 〉〉 F ) ≡ 〈〈 〉〉 G pp
Theorem ([AHK02])Model checking ATL is PTIME-complete.Model checking ATL∗ is 2-EXPTIME-complete.
[AHK02] Alur, Henzinger, Kupferman. Alternating-time Temporal Logic. J. ACM, 2002.
Outline of the presentation
1 Introduction
2 Basics of CTL and ATLexpressing properties of reactive systemsefficient verification algorithms
3 Temporal logics for multi-agent systemsspecifying properties of complex interacting systemsexpressive power of ATLsctranslation into Quantified CTL (QCTL)algorithms for ATLsc
4 Conclusions and future works
ATL with strategy contexts [BDLM09]
〈〈 〉〉 G( 〈〈 〉〉 F )
consider the following strategyof Player : “always go to ”;in the remaining tree, Playercan always enforce a visit to .
[BDLM09] Brihaye, Da Costa, Laroussinie, M. ATL with strategy contexts. LFCS, 2009.
ATL with strategy contexts [BDLM09]
〈〈 〉〉 G( 〈〈 〉〉 F )
consider the following strategyof Player : “always go to ”;
in the remaining tree, Playercan always enforce a visit to .
[BDLM09] Brihaye, Da Costa, Laroussinie, M. ATL with strategy contexts. LFCS, 2009.
ATL with strategy contexts [BDLM09]
〈〈 〉〉 G( 〈〈 〉〉 F )
consider the following strategyof Player : “always go to ”;
in the remaining tree, Playercan always enforce a visit to .
[BDLM09] Brihaye, Da Costa, Laroussinie, M. ATL with strategy contexts. LFCS, 2009.
ATL with strategy contexts [BDLM09]
〈〈 〉〉 G( 〈〈 〉〉 F )
consider the following strategyof Player : “always go to ”;in the remaining tree, Playercan always enforce a visit to .
[BDLM09] Brihaye, Da Costa, Laroussinie, M. ATL with strategy contexts. LFCS, 2009.
ATL with strategy contexts
DefinitionATLsc has two new strategy quantifiers: 〈·A·〉ϕ and 〈-A-〉ϕ.
〈·A·〉 is similar to 〈〈A〉〉 but assigns the corresponding strategyto A for evaluating ϕ;
〈-A-〉 drops the assigned strategies for A.
[·A·] is dual to 〈·A·〉 :
[·A·]ϕ ≡ ¬ 〈·A·〉 ¬ϕ
[·A·]ϕ which states that any strategy for A has an outcomealong which ϕ holds.
ATL with strategy contexts
DefinitionATLsc has two new strategy quantifiers: 〈·A·〉ϕ and 〈-A-〉ϕ.
〈·A·〉 is similar to 〈〈A〉〉 but assigns the corresponding strategyto A for evaluating ϕ;
〈-A-〉 drops the assigned strategies for A.
[·A·] is dual to 〈·A·〉 :
[·A·]ϕ ≡ ¬ 〈·A·〉 ¬ϕ
[·A·]ϕ which states that any strategy for A has an outcomealong which ϕ holds.
ATL with strategy contexts
DefinitionATLsc has two new strategy quantifiers: 〈·A·〉ϕ and 〈-A-〉ϕ.
〈·A·〉 is similar to 〈〈A〉〉 but assigns the corresponding strategyto A for evaluating ϕ;
〈-A-〉 drops the assigned strategies for A.
[·A·] is dual to 〈·A·〉 :
[·A·]ϕ ≡ ¬ 〈·A·〉 ¬ϕ
[·A·]ϕ which states that any strategy for A has an outcomealong which ϕ holds.
What ATLsc can expressClient-server interactions for accessing a shared resource:
〈·Server·〉 G
∧
c∈Clients
〈·c ·〉 F accessc
∧¬∧
c 6=c ′accessc ∧ accessc ′
What ATLsc can expressClient-server interactions for accessing a shared resource:
〈·Server·〉 G
∧
c∈Clients
〈·c ·〉 F accessc
∧¬∧
c 6=c ′accessc ∧ accessc ′
Existence of Nash equilibria:
〈·A1, ...,An·〉∧i
( 〈·Ai ·〉ϕAi ⇒ ϕAi )
Existence of dominating strategy:
〈·A·〉 [·B·] (¬ϕ ⇒ [·A·] ¬ϕ)
What ATLsc can expressClient-server interactions for accessing a shared resource:
〈·Server·〉 G
∧
c∈Clients
〈·c ·〉 F accessc
∧¬∧
c 6=c ′accessc ∧ accessc ′
Existence of Nash equilibria:
〈·A1, ...,An·〉∧i
( 〈·Ai ·〉ϕAi ⇒ ϕAi )
Existence of dominating strategy:
〈·A·〉 [·B·] (¬ϕ ⇒ [·A·] ¬ϕ)
More expressiveness results
TheoremATLsc is strictly more expressive than ATL,The operator 〈-A-〉 does not add expressive power,ATLsc is as expressive as ATL∗sc .
More expressiveness results
TheoremATLsc is strictly more expressive than ATL,The operator 〈-A-〉 does not add expressive power,ATLsc is as expressive as ATL∗sc .
Proof
〈〈A〉〉ϕ ≡ 〈-Agt-〉 〈·A·〉 ϕ̂
But ATL cannot distinguish between these two games.
s
a b
s ′
a b
〈1.1〉,〈2.2〉 〈1.1〉,〈2.2〉,〈3.3〉
〈1.2〉 〈1.2〉,〈1.3〉,〈3.2〉〈2.1〉 〈2.1〉,〈2.3〉,〈3.1〉
More expressiveness results
TheoremATLsc is strictly more expressive than ATL,The operator 〈-A-〉 does not add expressive power,ATLsc is as expressive as ATL∗sc .
Proof
〈·1·〉 ( 〈·2·〉 X a ∧ 〈·2·〉 X b) is only true in the second game.But ATL cannot distinguish between these two games.
s
a b
s ′
a b
〈1.1〉,〈2.2〉 〈1.1〉,〈2.2〉,〈3.3〉
〈1.2〉 〈1.2〉,〈1.3〉,〈3.2〉〈2.1〉 〈2.1〉,〈2.3〉,〈3.1〉
More expressiveness results
TheoremATLsc is strictly more expressive than ATL,The operator 〈-A-〉 does not add expressive power,ATLsc is as expressive as ATL∗sc .
ProofReplace implicit quantification with explicit one:
〈·1·〉ϕ ≡ 〈·1·〉 [·Agt \ {1}·] 〈·∅·〉 ϕ̂
; we can always assume that the context is full.
〈-A-〉ϕ is then equivalent to [·A·] 〈·∅·〉ϕ;〈·∅·〉 can be inserted between two temporal modalities.
More expressiveness results
TheoremATLsc is strictly more expressive than ATL,The operator 〈-A-〉 does not add expressive power,ATLsc is as expressive as ATL∗sc .
ProofReplace implicit quantification with explicit one:
〈·1·〉ϕ ≡ 〈·1·〉 [·Agt \ {1}·] 〈·∅·〉 ϕ̂
; we can always assume that the context is full.
〈-A-〉ϕ is then equivalent to [·A·] 〈·∅·〉ϕ;〈·∅·〉 can be inserted between two temporal modalities.
Outline of the presentation
1 Introduction
2 Basics of CTL and ATLexpressing properties of reactive systemsefficient verification algorithms
3 Temporal logics for multi-agent systemsspecifying properties of complex interacting systemsexpressive power of ATLsctranslation into Quantified CTL (QCTL)algorithms for ATLsc
4 Conclusions and future works
Quantified CTL [ES84,Kup95,Fre01]
QCTL extends CTL with propositional quantifiers∃p. ϕ means that there exists a labelling of the model
with p under which ϕ holds.
EF ∧ ∀p.[EF(p ∧ ) ⇒ AG( ⇒ p)
]
≡ uniq( )
; true if we label the Kripke structure;; false if we label the computation tree;
[ES84] Emerson and Sistla. Deciding Full Branching Time Logic. Information & Control, 1984.[Kup95] Kupferman. Augmenting Branching Temporal Logics with Existential Quantificationover Atomic Propositions. CAV, 1995.[Fre01] French. Decidability of Quantifed Propositional Branching Time Logics. AJCAI, 2001.
Quantified CTL [ES84,Kup95,Fre01]
QCTL extends CTL with propositional quantifiers∃p. ϕ means that there exists a labelling of the model
with p under which ϕ holds.
EF ∧ ∀p.[EF(p ∧ ) ⇒ AG( ⇒ p)
]
≡ uniq( )
; true if we label the Kripke structure;; false if we label the computation tree;
[ES84] Emerson and Sistla. Deciding Full Branching Time Logic. Information & Control, 1984.[Kup95] Kupferman. Augmenting Branching Temporal Logics with Existential Quantificationover Atomic Propositions. CAV, 1995.[Fre01] French. Decidability of Quantifed Propositional Branching Time Logics. AJCAI, 2001.
Quantified CTL [ES84,Kup95,Fre01]
QCTL extends CTL with propositional quantifiers∃p. ϕ means that there exists a labelling of the model
with p under which ϕ holds.
EF ∧ ∀p.[EF(p ∧ ) ⇒ AG( ⇒ p)
]≡ uniq( )
; true if we label the Kripke structure;; false if we label the computation tree;
[ES84] Emerson and Sistla. Deciding Full Branching Time Logic. Information & Control, 1984.[Kup95] Kupferman. Augmenting Branching Temporal Logics with Existential Quantificationover Atomic Propositions. CAV, 1995.[Fre01] French. Decidability of Quantifed Propositional Branching Time Logics. AJCAI, 2001.
Quantified CTL [ES84,Kup95,Fre01]
QCTL extends CTL with propositional quantifiers∃p. ϕ means that there exists a labelling of the model
with p under which ϕ holds.
EF ∧ ∀p.[EF(p ∧ ) ⇒ AG( ⇒ p)
]≡ uniq( )
; true if we label the Kripke structure;; false if we label the computation tree;
[ES84] Emerson and Sistla. Deciding Full Branching Time Logic. Information & Control, 1984.[Kup95] Kupferman. Augmenting Branching Temporal Logics with Existential Quantificationover Atomic Propositions. CAV, 1995.[Fre01] French. Decidability of Quantifed Propositional Branching Time Logics. AJCAI, 2001.
Semantics of QCTLstructure semantics:
|=s ∃p.ϕ ⇔p
|= ϕ
tree semantics:
|=t ∃p.ϕ ⇔ p
p p
p
|= ϕ
Semantics of QCTLstructure semantics:
|=s ∃p.ϕ ⇔p
|= ϕ
tree semantics:
|=t ∃p.ϕ ⇔ p
p p
p
|= ϕ
Expressiveness of QCTLQCTL can “count”:
EX1 ϕ ≡ EX ϕ ∧ ∀p. [EX(p ∧ ϕ) ⇒ AX(ϕ ⇒ p)]EX2 ϕ ≡ ∃q. [EX1(ϕ ∧ q) ∧ EX1(ϕ ∧ ¬ q)]
QCTL can express (least or greatest) fixpoints:
µT .ϕ(T ) ≡ ∃t. [AG(t ⇐⇒ ϕ(t))∧(∀t.′(AG(t ′ ⇐⇒ ϕ(t ′)) ⇒ AG(t ⇒ t ′)))]
TheoremQCTL, QCTL∗ and MSO are equally expressive (under bothsemantics).
[DLM12] Da Costa, Laroussinie, M. Quantified CTL: expressiveness and model checking.CONCUR, 2012.
Expressiveness of QCTLQCTL can “count”:
EX1 ϕ ≡ EX ϕ ∧ ∀p. [EX(p ∧ ϕ) ⇒ AX(ϕ ⇒ p)]EX2 ϕ ≡ ∃q. [EX1(ϕ ∧ q) ∧ EX1(ϕ ∧ ¬ q)]
QCTL can express (least or greatest) fixpoints:
µT .ϕ(T ) ≡ ∃t. [AG(t ⇐⇒ ϕ(t))∧(∀t.′(AG(t ′ ⇐⇒ ϕ(t ′)) ⇒ AG(t ⇒ t ′)))]
TheoremQCTL, QCTL∗ and MSO are equally expressive (under bothsemantics).
[DLM12] Da Costa, Laroussinie, M. Quantified CTL: expressiveness and model checking.CONCUR, 2012.
Expressiveness of QCTLQCTL can “count”:
EX1 ϕ ≡ EX ϕ ∧ ∀p. [EX(p ∧ ϕ) ⇒ AX(ϕ ⇒ p)]EX2 ϕ ≡ ∃q. [EX1(ϕ ∧ q) ∧ EX1(ϕ ∧ ¬ q)]
QCTL can express (least or greatest) fixpoints:
µT .ϕ(T ) ≡ ∃t. [AG(t ⇐⇒ ϕ(t))∧(∀t.′(AG(t ′ ⇐⇒ ϕ(t ′)) ⇒ AG(t ⇒ t ′)))]
TheoremQCTL, QCTL∗ and MSO are equally expressive (under bothsemantics).
[DLM12] Da Costa, Laroussinie, M. Quantified CTL: expressiveness and model checking.CONCUR, 2012.
QCTL with structure semantics
TheoremModel checking QCTL for the structure semantics isPSPACE-complete.
TheoremQCTL satisfiability for the structure semantics is undecidable.
[DLM12] Da Costa, Laroussinie, M. Quantified CTL: expressiveness and model checking.CONCUR, 2012.
QCTL with structure semantics
TheoremModel checking QCTL for the structure semantics isPSPACE-complete.
ProofMembership:
Iteratively(nondeterministically) pick a labelling,check the subformula.
Hardness:QBF is a special case (without even using temporal modalities).
TheoremQCTL satisfiability for the structure semantics is undecidable.
[DLM12] Da Costa, Laroussinie, M. Quantified CTL: expressiveness and model checking.CONCUR, 2012.
QCTL with structure semantics
TheoremModel checking QCTL for the structure semantics isPSPACE-complete.
ProofMembership:
Iteratively(nondeterministically) pick a labelling,check the subformula.
Hardness:QBF is a special case (without even using temporal modalities).
TheoremQCTL satisfiability for the structure semantics is undecidable.
[DLM12] Da Costa, Laroussinie, M. Quantified CTL: expressiveness and model checking.CONCUR, 2012.
QCTL with tree semantics
TheoremModel checking QCTL with k quantifiers in the tree semanticsis k-EXPTIME-complete.Satisfiability of QCTL with k quantifiers in the tree semanticsis (k+1)-EXPTIME-complete.
[DLM12] Da Costa, Laroussinie, M. Quantified CTL: expressiveness and model checking.CONCUR, 2012.[LM13a] Laroussinie, M. Quantified CTL: expressiveness and complexity. Submitted, 2013.
QCTL with tree semantics
TheoremModel checking QCTL with k quantifiers in the tree semanticsis k-EXPTIME-complete.Satisfiability of QCTL with k quantifiers in the tree semanticsis (k+1)-EXPTIME-complete.
ProofUsing (alternating) parity tree automata:
q0
q1q0
q1 q0 q1 q1
q1 q1 q1 q1q1 q1 q1 q1
This automaton corresponds to E U
δ(q0, ) = (q0, q1) ∨ (q1, q0)
δ(q0, ) = (q1, q1)
δ(q0, ) = (q2, q2)
δ(q1, ? ) = (q1, q1)
δ(q2, ? ) = (q2, q2)
QCTL with tree semantics
TheoremModel checking QCTL with k quantifiers in the tree semanticsis k-EXPTIME-complete.Satisfiability of QCTL with k quantifiers in the tree semanticsis (k+1)-EXPTIME-complete.
ProofUsing (alternating) parity tree automata:
q0
q1q0
q1 q0 q1 q1
q1 q1 q1 q1q1 q1 q1 q1
This automaton corresponds to E U
δ(q0, ) = (q0, q1) ∨ (q1, q0)
δ(q0, ) = (q1, q1)
δ(q0, ) = (q2, q2)
δ(q1, ? ) = (q1, q1)
δ(q2, ? ) = (q2, q2)
QCTL with tree semantics
TheoremModel checking QCTL with k quantifiers in the tree semanticsis k-EXPTIME-complete.Satisfiability of QCTL with k quantifiers in the tree semanticsis (k+1)-EXPTIME-complete.
ProofUsing (alternating) parity tree automata:
q0
q1q0
q1 q0 q1 q1
q1 q1 q1 q1q1 q1 q1 q1
This automaton corresponds to E U
δ(q0, ) = (q0, q1) ∨ (q1, q0)
δ(q0, ) = (q1, q1)
δ(q0, ) = (q2, q2)
δ(q1, ? ) = (q1, q1)
δ(q2, ? ) = (q2, q2)
QCTL with tree semantics
TheoremModel checking QCTL with k quantifiers in the tree semanticsis k-EXPTIME-complete.Satisfiability of QCTL with k quantifiers in the tree semanticsis (k+1)-EXPTIME-complete.
ProofUsing (alternating) parity tree automata:
q0
q1q0
q1 q0 q1 q1
q1 q1 q1 q1q1 q1 q1 q1
This automaton corresponds to E U
δ(q0, ) = (q0, q1) ∨ (q1, q0)
δ(q0, ) = (q1, q1)
δ(q0, ) = (q2, q2)
δ(q1, ? ) = (q1, q1)
δ(q2, ? ) = (q2, q2)
QCTL with tree semantics
TheoremModel checking QCTL with k quantifiers in the tree semanticsis k-EXPTIME-complete.Satisfiability of QCTL with k quantifiers in the tree semanticsis (k+1)-EXPTIME-complete.
ProofUsing (alternating) parity tree automata:
q0
q1q0
q1 q0 q1 q1
q1 q1 q1 q1q1 q1 q1 q1
This automaton corresponds to E U
δ(q0, ) = (q0, q1) ∨ (q1, q0)
δ(q0, ) = (q1, q1)
δ(q0, ) = (q2, q2)
δ(q1, ? ) = (q1, q1)
δ(q2, ? ) = (q2, q2)
QCTL with tree semantics
TheoremModel checking QCTL with k quantifiers in the tree semanticsis k-EXPTIME-complete.Satisfiability of QCTL with k quantifiers in the tree semanticsis (k+1)-EXPTIME-complete.
ProofUsing (alternating) parity tree automata:
q0
q1q0
q1 q0
q1 q1
q1 q1 q1 q1q1 q1 q1 q1
This automaton corresponds to E U
δ(q0, ) = (q0, q1) ∨ (q1, q0)
δ(q0, ) = (q1, q1)
δ(q0, ) = (q2, q2)
δ(q1, ? ) = (q1, q1)
δ(q2, ? ) = (q2, q2)
QCTL with tree semantics
TheoremModel checking QCTL with k quantifiers in the tree semanticsis k-EXPTIME-complete.Satisfiability of QCTL with k quantifiers in the tree semanticsis (k+1)-EXPTIME-complete.
ProofUsing (alternating) parity tree automata:
q0
q1q0
q1 q0 q1 q1
q1 q1 q1 q1q1 q1 q1 q1
This automaton corresponds to E U
δ(q0, ) = (q0, q1) ∨ (q1, q0)
δ(q0, ) = (q1, q1)
δ(q0, ) = (q2, q2)
δ(q1, ? ) = (q1, q1)
δ(q2, ? ) = (q2, q2)
QCTL with tree semantics
TheoremModel checking QCTL with k quantifiers in the tree semanticsis k-EXPTIME-complete.Satisfiability of QCTL with k quantifiers in the tree semanticsis (k+1)-EXPTIME-complete.
ProofUsing (alternating) parity tree automata:
q0
q1q0
q1 q0 q1 q1
q1 q1 q1 q1
q1 q1 q1 q1
This automaton corresponds to E U
δ(q0, ) = (q0, q1) ∨ (q1, q0)
δ(q0, ) = (q1, q1)
δ(q0, ) = (q2, q2)
δ(q1, ? ) = (q1, q1)
δ(q2, ? ) = (q2, q2)
QCTL with tree semantics
TheoremModel checking QCTL with k quantifiers in the tree semanticsis k-EXPTIME-complete.Satisfiability of QCTL with k quantifiers in the tree semanticsis (k+1)-EXPTIME-complete.
ProofUsing (alternating) parity tree automata:
q0
q1q0
q1 q0 q1 q1
q1 q1 q1 q1q1 q1
q1 q1
This automaton corresponds to E U
δ(q0, ) = (q0, q1) ∨ (q1, q0)
δ(q0, ) = (q1, q1)
δ(q0, ) = (q2, q2)
δ(q1, ? ) = (q1, q1)
δ(q2, ? ) = (q2, q2)
QCTL with tree semantics
TheoremModel checking QCTL with k quantifiers in the tree semanticsis k-EXPTIME-complete.Satisfiability of QCTL with k quantifiers in the tree semanticsis (k+1)-EXPTIME-complete.
ProofUsing (alternating) parity tree automata:
q0
q1q0
q1 q0 q1 q1
q1 q1 q1 q1q1 q1 q1 q1
This automaton corresponds to E U
δ(q0, ) = (q0, q1) ∨ (q1, q0)
δ(q0, ) = (q1, q1)
δ(q0, ) = (q2, q2)
δ(q1, ? ) = (q1, q1)
δ(q2, ? ) = (q2, q2)
QCTL with tree semantics
TheoremModel checking QCTL with k quantifiers in the tree semanticsis k-EXPTIME-complete.Satisfiability of QCTL with k quantifiers in the tree semanticsis (k+1)-EXPTIME-complete.
ProofUsing (alternating) parity tree automata:
q0
q1q0
q1 q0 q1 q1
q1 q1 q1 q1q1 q1 q1 q1
This automaton corresponds to E U
δ(q0, ) = (q0, q1) ∨ (q1, q0)
δ(q0, ) = (q1, q1)
δ(q0, ) = (q2, q2)
δ(q1, ? ) = (q1, q1)
δ(q2, ? ) = (q2, q2)
QCTL with tree semantics
TheoremModel checking QCTL with k quantifiers in the tree semanticsis k-EXPTIME-complete.Satisfiability of QCTL with k quantifiers in the tree semanticsis (k+1)-EXPTIME-complete.
Proofpolynomial-size automata for CTL;quantification is handled by projection, which first requiresremoving alternation (exponential blowup);
an automaton equivalent to a QCTL formula can be builtinductively;
emptiness of an alternating parity tree automaton can bedecided in exponential time.
Translating ATLsc into QCTL
player A has moves mA1 , ..., m
An ;
from the transition table, we can compute theset Next( ,A,mA
i ) of states that can bereached from when player A plays mA
i .
〈·A·〉ϕ can be encoded as follows:
∃mA1 . ∃mA
2 . . . ∃mAn .
this corresponds to a strategy: AG(mAi ⇔
∧¬mA
j );the outcomes all satisfy ϕ:
A[G(q ∧ mA
i ⇒ X Next(q,A,mAi )) ⇒ ϕ
].
[DLM12] Da Costa, Laroussinie, M. Quantified CTL: expressiveness and model checking.CONCUR, 2012.
Translating ATLsc into QCTL
player A has moves mA1 , ..., m
An ;
from the transition table, we can compute theset Next( ,A,mA
i ) of states that can bereached from when player A plays mA
i .
〈·A·〉ϕ can be encoded as follows:
∃mA1 . ∃mA
2 . . . ∃mAn .
this corresponds to a strategy: AG(mAi ⇔
∧¬mA
j );the outcomes all satisfy ϕ:
A[G(q ∧ mA
i ⇒ X Next(q,A,mAi )) ⇒ ϕ
].
[DLM12] Da Costa, Laroussinie, M. Quantified CTL: expressiveness and model checking.CONCUR, 2012.
Translating ATLsc into QCTL
player A has moves mA1 , ..., m
An ;
from the transition table, we can compute theset Next( ,A,mA
i ) of states that can bereached from when player A plays mA
i .
CorollaryATLsc model checking is decidable, with non-elementary complexity(TOWER-complete).
Corollary
ATL0sc (quantification restricted to memoryless strategies) model
checking is PSPACE-complete.
[DLM12] Da Costa, Laroussinie, M. Quantified CTL: expressiveness and model checking.CONCUR, 2012.
What about satisfiability?
TheoremQCTL satisfiability is decidable (for the tree semantics).
But
Theorem ([TW12])ATLsc satisfiability is undecidable.
Why?
The translation from ATLsc to QCTL assumesthat the game structure is given!
[TW12] Troquard, Walther. On Satisfiability in ATL with Strategy Contexts. JELIA, 2012.
What about satisfiability?
TheoremQCTL satisfiability is decidable (for the tree semantics).
But
Theorem ([TW12])ATLsc satisfiability is undecidable.
Why?
The translation from ATLsc to QCTL assumesthat the game structure is given!
[TW12] Troquard, Walther. On Satisfiability in ATL with Strategy Contexts. JELIA, 2012.
What about satisfiability?
TheoremQCTL satisfiability is decidable (for the tree semantics).
But
Theorem ([TW12])ATLsc satisfiability is undecidable.
Why?
The translation from ATLsc to QCTL assumesthat the game structure is given!
[TW12] Troquard, Walther. On Satisfiability in ATL with Strategy Contexts. JELIA, 2012.
Satisfiability for turn-based games
Theorem (LM13b)When restricted to turn-based games, ATLsc satisfiability isdecidable.
player has moves , and .a strategy can be encoded by marking some ofthe nodes of the tree with proposition movA.
〈·A·〉ϕ can be encoded as follows:∃movA.
it corresponds to a strategy: AG(turnA ⇒ EX1 movA);the outcomes all satisfy ϕ: A
[G(turnA ∧ XmovA) ⇒ ϕ
].
[LM13b] Laroussinie, M. Satisfiability of ATL with strategy contexts. Gandalf, 2013.
Satisfiability for turn-based games
Theorem (LM13b)When restricted to turn-based games, ATLsc satisfiability isdecidable.
player has moves , and .a strategy can be encoded by marking some ofthe nodes of the tree with proposition movA.
〈·A·〉ϕ can be encoded as follows:∃movA.
it corresponds to a strategy: AG(turnA ⇒ EX1 movA);the outcomes all satisfy ϕ: A
[G(turnA ∧ XmovA) ⇒ ϕ
].
[LM13b] Laroussinie, M. Satisfiability of ATL with strategy contexts. Gandalf, 2013.
What about Strategy Logic? [CHP07,MMV10]
Strategy logicExplicit quantification over strategies + strategy assignement
Example〈·A·〉ϕ ≡ ∃σ1.assign(σ1,A).ϕ
Strategy logic can also be translated into QCTL.
TheoremStrategy-logic model-checking is decidable.Strategy-logic satisfiability is decidable when restricted toturn-based games.
[CHP07] Chatterjee, Henzinger, Piterman. Strategy Logic. CONCUR, 2007.[MMV10] Mogavero, Murano, Vardi. Reasoning about strategies. FSTTCS, 2010.
Conclusions and future works
ConclusionsQCTL is a powerful extension of CTL;it is equivalent to MSO over finite graphs and regular trees;
it is a nice tool to understand temporal logics for games (ATLwith strategy contexts, Strategy Logic, ...);
Future directionsDefining interesting (expressive yet tractable) fragments ofthose logics;Obtaining practicable algorithms.
Considering randomised strategies.
Conclusions and future works
ConclusionsQCTL is a powerful extension of CTL;it is equivalent to MSO over finite graphs and regular trees;
it is a nice tool to understand temporal logics for games (ATLwith strategy contexts, Strategy Logic, ...);
Future directionsDefining interesting (expressive yet tractable) fragments ofthose logics;Obtaining practicable algorithms.
Considering randomised strategies.