On the semantics of Strategy Logic Nicolas Markey IRISA CNRS & - - PowerPoint PPT Presentation

On the semantics of Strategy Logic

Nicolas Markey

IRISA – CNRS & Univ. Rennes 1

(based on joint works with Patricia Bouyer, Patrick Gardy, and François Laroussinie)

Dagstuhl, March 17, 2017

Computation-Tree Logic (CTL)

atomic propositions: , , ...

Computation-Tree Logic (CTL)

atomic propositions: , , ... boolean combinators: ¬ ϕ, ϕ ∨ ψ, ϕ ∧ ψ, ...

Computation-Tree Logic (CTL)

atomic propositions: , , ... boolean combinators: ¬ ϕ, ϕ ∨ ψ, ϕ ∧ ψ, ... temporal modalities: X ϕ

ϕ

“next ϕ” ϕ U ψ

ϕ ϕ ψ

“ϕ until ψ”

Computation-Tree Logic (CTL)

atomic propositions: , , ... boolean combinators: ¬ ϕ, ϕ ∨ ψ, ϕ ∧ ψ, ... temporal modalities: X ϕ

ϕ

“next ϕ” ϕ U ψ

ϕ ϕ ψ

“ϕ until ψ”

ϕ

“eventually ϕ” true U ϕ ≡ F ϕ ¬ F ¬ ϕ ≡ G ϕ

ϕ ϕ ϕ ϕ ϕ

“always ϕ”

Computation-Tree Logic (CTL)

atomic propositions: , , ... boolean combinators: ¬ ϕ, ϕ ∨ ψ, ϕ ∧ ψ, ... temporal modalities: X ϕ

ϕ

“next ϕ” ϕ U ψ

ϕ ϕ ψ

“ϕ until ψ”

ϕ

“eventually ϕ” true U ϕ ≡ F ϕ ¬ F ¬ ϕ ≡ G ϕ

ϕ ϕ ϕ ϕ ϕ

“always ϕ” path quantifiers: Eϕ ϕ Aϕ ϕ ϕ ϕ ϕ ϕ ϕ

Quantified CTL

[ES84,Kup95,Fre01]

QCTL extends CTL with propositional quantifiers

∃p. ϕ means that there exists a labelling of the model with p under which ϕ holds.

[ES84] Emerson and Sistla. Deciding Full Branching Time Logic. Information & Control, 1984. [Kup95] Kupferman. Augmenting Branching Temporal Logics with Existential... CAV, 1995. [Fre01] French. Decidability of Quantifed Propositional Branching Time Logics. AJCAI, 2001.

Quantified CTL

[ES84,Kup95,Fre01]

QCTL extends CTL with propositional quantifiers

∃p. ϕ means that there exists a labelling of the model with p under which ϕ holds. E F ∧ ∀p.

• E F(p ∧

) ⇒ A G( ⇒ p)

• [ES84] Emerson and Sistla. Deciding Full Branching Time Logic. Information & Control, 1984.

[Kup95] Kupferman. Augmenting Branching Temporal Logics with Existential... CAV, 1995. [Fre01] French. Decidability of Quantifed Propositional Branching Time Logics. AJCAI, 2001.

Quantified CTL

[ES84,Kup95,Fre01]

QCTL extends CTL with propositional quantifiers

∃p. ϕ means that there exists a labelling of the model with p under which ϕ holds. E F ∧ ∀p.

• E F(p ∧

) ⇒ A G( ⇒ p)

• ≡ uniq(

)

[ES84] Emerson and Sistla. Deciding Full Branching Time Logic. Information & Control, 1984. [Kup95] Kupferman. Augmenting Branching Temporal Logics with Existential... CAV, 1995. [Fre01] French. Decidability of Quantifed Propositional Branching Time Logics. AJCAI, 2001.

Quantified CTL

[ES84,Kup95,Fre01]

QCTL extends CTL with propositional quantifiers

∃p. ϕ means that there exists a labelling of the model with p under which ϕ holds. E F ∧ ∀p.

• E F(p ∧

) ⇒ A G( ⇒ p)

• ≡ uniq(

) true if we label the Kripke structure; false if we label the computation tree;

[ES84] Emerson and Sistla. Deciding Full Branching Time Logic. Information & Control, 1984. [Kup95] Kupferman. Augmenting Branching Temporal Logics with Existential... CAV, 1995. [Fre01] French. Decidability of Quantifed Propositional Branching Time Logics. AJCAI, 2001.

Semantics of QCTL

structure semantics: | =s ∃p.ϕ ⇔

p

| = ϕ

Semantics of QCTL

structure semantics: | =s ∃p.ϕ ⇔

p

| = ϕ tree semantics: | =t ∃p.ϕ ⇔

p p p p

| = ϕ

Expressiveness of QCTL

QCTL can “count”: E X1 ϕ ≡ E X ϕ ∧ ∀p. [E X(p ∧ ϕ) ⇒ A X(ϕ ⇒ p)] E X2 ϕ ≡ ∃q. [E X1(ϕ ∧ q) ∧ E X1(ϕ ∧ ¬ q)]

Expressiveness of QCTL

QCTL can “count”: E X1 ϕ ≡ E X ϕ ∧ ∀p. [E X(p ∧ ϕ) ⇒ A X(ϕ ⇒ p)] E X2 ϕ ≡ ∃q. [E X1(ϕ ∧ q) ∧ E X1(ϕ ∧ ¬ q)] QCTL can express (least or greatest) fixpoints: µT.ϕ(T) ≡ ∃t. [A G(t ⇐ ⇒ ϕ(t)) ∧ (∀t.′(A G(t′ ⇐ ⇒ ϕ(t′)) ⇒ A G(t ⇒ t′)))]

Expressiveness of QCTL

QCTL can “count”: E X1 ϕ ≡ E X ϕ ∧ ∀p. [E X(p ∧ ϕ) ⇒ A X(ϕ ⇒ p)] E X2 ϕ ≡ ∃q. [E X1(ϕ ∧ q) ∧ E X1(ϕ ∧ ¬ q)] QCTL can express (least or greatest) fixpoints: µT.ϕ(T) ≡ ∃t. [A G(t ⇐ ⇒ ϕ(t)) ∧ (∀t.′(A G(t′ ⇐ ⇒ ϕ(t′)) ⇒ A G(t ⇒ t′)))]

Theorem

QCTL and MSO are equally expressive (under both semantics).

Decision problems for QCTL

Theorem

Under the structure semantics: model checking is PSPACE-complete; satisfiability is undecidable.

Decision problems for QCTL

Theorem

Under the structure semantics: model checking is PSPACE-complete; satisfiability is undecidable. Under the tree semantics: model checking is k-EXPTIME-complete (for k nested quantifiers); satisfiability is (k+1)-EXPTIME-complete (for k nested quantifiers).

Games on graphs

Games on graphs

Concurrent games

A concurrent game is made of a transition system; q0 q1 q2

Games on graphs

Concurrent games

A concurrent game is made of a transition system; a set of agents (or players); q0 q1 q2

Games on graphs

Concurrent games

A concurrent game is made of a transition system; a set of agents (or players); a table indicating the transition to be taken given the actions

• f the players.

q0 q1 q2 q0 q2 q1 q1 q0 q2 q2 q1 q0 player 1 player 2

Games on graphs

Concurrent games

A concurrent game is made of a transition system; a set of agents (or players); a table indicating the transition to be taken given the actions

• f the players.

Turn-based games

A turn-based game is a game where only one agent plays at a time.

Reasoning about open systems

Strategies

A (pure) strategy for a given player is a function telling which action to play depending on what has happened previously.

Reasoning about open systems

Strategies

A (pure) strategy for a given player is a function telling which action to play depending on what has happened previously.

Example

Reasoning about open systems

Strategies

A (pure) strategy for a given player is a function telling which action to play depending on what has happened previously.

Example Strategy for player

Reasoning about open systems

Strategies

A (pure) strategy for a given player is a function telling which action to play depending on what has happened previously.

Example Strategy for player

alternately go to and (starting with ).

Reasoning about open systems

Strategies

A (pure) strategy for a given player is a function telling which action to play depending on what has happened previously.

Example Strategy for player

alternately go to and (starting with ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Reasoning about open systems

Strategies

A (pure) strategy for a given player is a function telling which action to play depending on what has happened previously.

Example Strategy for player

alternately go to and (starting with ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Reasoning about open systems

Strategies

A (pure) strategy for a given player is a function telling which action to play depending on what has happened previously.

Example Strategy for player

alternately go to and (starting with ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Reasoning about open systems

Strategies

A (pure) strategy for a given player is a function telling which action to play depending on what has happened previously.

Example Memoryless strategy for player

Reasoning about open systems

Strategies

A (pure) strategy for a given player is a function telling which action to play depending on what has happened previously.

Example Memoryless strategy for player

always go to .

Reasoning about open systems

Strategies

A (pure) strategy for a given player is a function telling which action to play depending on what has happened previously.

Example Memoryless strategy for player

always go to .

Reasoning about open systems

Strategies

A (pure) strategy for a given player is a function telling which action to play depending on what has happened previously.

Example Memoryless strategy for player

always go to . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Reasoning about open systems

Strategies

A (pure) strategy for a given player is a function telling which action to play depending on what has happened previously.

Example Memoryless strategy for player

always go to . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Strategy Logic [CHP07,MMV10]

Strategy logic

Explicit quantification over strategies + strategy assignement: ∃σ1. ∀σ2. assign(A → σ1, B → σ2). ϕ

[CHP07] Chatterjee, Henzinger, Piterman. Strategy Logic. CONCUR, 2007. [MMV10] Mogavero, Murano, Vardi. Reasoning about strategies. FSTTCS, 2010.

Strategy Logic [CHP07,MMV10]

Strategy logic

Explicit quantification over strategies + strategy assignement: ∃σ1. ∀σ2. assign(A → σ1, B → σ2). ϕ Quantification

• ver strategies

Assignment of strategies to players Temporal-logic property

[CHP07] Chatterjee, Henzinger, Piterman. Strategy Logic. CONCUR, 2007. [MMV10] Mogavero, Murano, Vardi. Reasoning about strategies. FSTTCS, 2010.

Strategy Logic [CHP07,MMV10]

Strategy logic

Explicit quantification over strategies + strategy assignement: ∃σ1. ∀σ2. assign(A → σ1, B → σ2). ϕ

Example

existence of a pure Nash equilibrium: ∃σ1 . . . ∃σn. assign(A1 → σ1, . . . An → σn).

• i

((∃σ′

i.assign(Ai → σ′ i). ϕi) ⇒ ϕi.)

• [CHP07] Chatterjee, Henzinger, Piterman. Strategy Logic. CONCUR, 2007.

[MMV10] Mogavero, Murano, Vardi. Reasoning about strategies. FSTTCS, 2010.

Strategy Logic [CHP07,MMV10]

Strategy logic

Explicit quantification over strategies + strategy assignement: ∃σ1. ∀σ2. assign(A → σ1, B → σ2). ϕ

Example

existence of a pure Nash equilibrium: existence of dominant strategy for Player 1: ∃σ1. ∀σ2 . . . ∀σn.assign(A1 → σ1, . . . An → σn).

• (∃σ′
• 1. assign(A1 → σ′

1). ϕ) ⇒ ϕ

• [CHP07] Chatterjee, Henzinger, Piterman. Strategy Logic. CONCUR, 2007.

[MMV10] Mogavero, Murano, Vardi. Reasoning about strategies. FSTTCS, 2010.

Strategy Logic [CHP07,MMV10]

Strategy logic

Explicit quantification over strategies + strategy assignement: ∃σ1. ∀σ2. assign(A → σ1, B → σ2). ϕ

Example

existence of a pure Nash equilibrium: existence of dominant strategy for Player 1: client-server interactions: ∃σS. ∃σc. assign(S → σS). (A G mutual exclusion ∧ A G

• C

assign(C → σc). A F accessC)

[CHP07] Chatterjee, Henzinger, Piterman. Strategy Logic. CONCUR, 2007. [MMV10] Mogavero, Murano, Vardi. Reasoning about strategies. FSTTCS, 2010.

Strategy Logic

Strategy logic model-checking ≡ QCTL model checking.

Strategy Logic

Strategy logic model-checking ≡ QCTL model checking. strategies = labelling of execution tree with actions such that A G

• a

ma ∧

• b=a

mb

Strategy Logic

Strategy logic model-checking ≡ QCTL model checking. strategies = labelling of execution tree with actions such that A G

• a

ma ∧

• b=a

mb

• utcomes of active strategies can be labelled with pout;

Strategy Logic

Strategy logic model-checking ≡ QCTL model checking. strategies = labelling of execution tree with actions such that A G

• a

ma ∧

• b=a

mb

• utcomes of active strategies can be labelled with pout;

then check that all outcomes satisfy ϕ: A(G pout ⇒ ϕ).

Strategy Logic

Strategy logic model-checking ≡ QCTL model checking. strategies = labelling of execution tree with actions such that A G

• a

ma ∧

• b=a

mb

• utcomes of active strategies can be labelled with pout;

then check that all outcomes satisfy ϕ: A(G pout ⇒ ϕ).

Theorem

Strategy-logic model-checking is decidable. Strategy-logic satisfiability is decidable when restricted to turn-based games.

What is the exact semantics?

∃σ. A G(assign(A → σ). ϕ)

What is the exact semantics?

∃σ. A G(assign(A → σ). ϕ) Two possible semantics:

What is the exact semantics?

∃σ. A G(assign(A → σ). ϕ) Two possible semantics: a b b a a a a

What is the exact semantics?

∃σ. A G(assign(A → σ). ϕ) Two possible semantics: a b b a a a a ϕ must hold from any node, but the labelling is fixed.

What is the exact semantics?

∃σ. A G(assign(A → σ). ϕ) Two possible semantics: a b b a a a a ϕ must hold from any node, but the labelling is fixed.

What is the exact semantics?

∃σ. A G(assign(A → σ). ϕ) Two possible semantics: a b b a a a a ϕ must hold from any node, but the labelling is fixed. a b b a a a a ϕ must hold from any node, but the labelling is translated.

What is the exact semantics?

∃σ. A G(assign(A → σ). ϕ) Two possible semantics: a b b a a a a ϕ must hold from any node, but the labelling is fixed. a b b ϕ must hold from any node, but the labelling is translated.

What is the exact semantics?

∃σ. A G(assign(A → σ). ϕ) Two possible semantics: a b b a a a a ϕ must hold from any node, but the labelling is fixed.

This is the semantics

• f Strategy Logic

a b b ϕ must hold from any node, but the labelling is translated.

What is the exact semantics?

∃σ. A G(assign(A → σ). ϕ) Two possible semantics: a b b a a a a ϕ must hold from any node, but the labelling is fixed.

This is the semantics

• f Strategy Logic

a b b ϕ must hold from any node, but the labelling is translated.

This makes SL model checking undecidable

Encoding of a 2-counter machine

a a ⊥

Encoding of a 2-counter machine

a a ⊥ Strategy σ encodes counter value k if it plays k times to a before playing to ⊥ (similarly for σ ).

Encoding of a 2-counter machine

a a ⊥ Strategy σ encodes counter value k if it plays k times to a before playing to ⊥ (similarly for σ ).

Lemma

Two strategies σ and σ encode the same counter value iff, when entering the game above and applying these strategies, it holds G( a ⇒ X a ) ∧ F

• ( a ∧ X ⊥ ) ∧ [

· · ] X X ⊥

• (ϕ=)

Encoding of a 2-counter machine

s s s′ s′ s′′ s′′ main states a a ⊥ counter(a) b b ⊥ counter(b) A strategy for encodes a run of the 2-counter machine; At each step, Player can check correct values of counters.

Ongoing work: strategy dependencies [MMPV11]

p q r s ∀σ . ∃σ . (assign( → σ )E F p) ⇔ (assign( → σ )E F s)

[MMPV11] Mogavero, Murano, Perelli, Vardi. Reasonning about strategies: ... J. ACM, 2011.

Ongoing work: strategy dependencies [MMPV11]

p q r s ∀σ . ∃σ . (assign( → σ )E F p) ⇔ (assign( → σ )E F s)

Elementary semantics

∀σ1 ∃σ2 σ2 in node may only depend on the value of σ1 in nodes and .

[MMPV11] Mogavero, Murano, Perelli, Vardi. Reasonning about strategies: ... J. ACM, 2011.

Ongoing work: strategy dependencies

Refined elementary semantics

∀σ1 ∃σ2 ∀σ3

Different kinds of dependencies

q | = ∀σ1∃σ2∀σ3. ϕ if there exists a map computing σ2(π) based on σ1 (and possibly σ3) along π (and possibly along other histories).

Ongoing work: strategy dependencies

Refined elementary semantics

∀σ1 ∃σ2 ∀σ3

Different kinds of dependencies

q | = ∀σ1∃σ2∀σ3. ϕ if there exists a map computing σ2(π) based on σ1 (and possibly σ3) along π (and possibly along other histories). Impact on expressiveness? both a formula and its (syntactic) negation may be true Impact on algorithms? fragment of SL with 2EXPTIME model checking.