Algorithms for Modal µ-calculus Interpretation

Transcription

1 Algorithms for Modal µ-calculus Interpretation Avital Steinitz May 19, 2008 Abstract Modal µ-calculus is a logic that uses min and max fixed point operators (µ, ν). It is very applicable for use in model checking, a promising domain for development, both theoretically and practically. In this essay modal µ-calculus will be defined and several interpretation algorithms will be presented. Some of the algorithms are more or less intuitive, while others involve automata theory and are more sophisticated. The algorithms, as well as the definitions, will be presented and illustrated using examples and a sketch of the proof of their correctness. 1 Introduction Modal µ-calculus has one leg in theoretical computer science and the other in industrial applications. A major implication of modal µ-calculus is in the field of Model Checking. A standard practice in Model Checking is representing a system using a finite state automata and associating each of its states certain properties. Such a construction, known as a transition system or a Kripke structure, allows a developer to formally verify certain properties of the system. Since computer systems become more and more acute and at the same time complex, the need for such a formality that would ensure their good behavior is evident. Modal µ-calculus, being a well suited logic to describe properties of transition systems, naturally raises a lot of interest. Model Checking and its relation to modal µ-calculus is thoroughly presented in [2]. Furthermore, modal µ-calculus is a logic on its own right that introduces some inevitable questions concerning its decidability and the complexity of interpreting its formulas. The answers to these questions is not so trivial. As a matter of fact, the complexity analysis of interpretation of modal µ-calculus formulas is not complete, and though the problem is not likely to be NP-complete the best algorithm known to solve it (according to [3], chapter 7. As far as I know no significantly better algorithm was found since) is exponential in half the alternation depth of the formula (to be defined later). A good introduction to the theoretical and complexity related aspects of modal µ-calculus is [3]. In section 2 modal µ-calculus syntax and semantics will be introduced using a detailed example. Afterwards two recursive algorithms for interpreting modal µ-calculus formulas will be discussed. In section 6 parity games and alternating 1

2 tree automata will be introduced, and a translation of a modal µ-calculus formula into an alternating tree automata will be presented. Using Jordinǹsky s algorithm to find winning regions in parity games this will yield the best known algorithm for interpretating a modal µ-calculus formula. Definitions will be usually presented by an illustrating example. Algorithms will be presented in pseudo-code accompanied by worked-out examples. Complexity and correctness of the algorithms and reductions will be stated and their proofs will be roughly sketched. This will allow a rather wide perspective of the subject, and the interested reader can find illuminating proofs in the literature on which this essay is based. This is a good place to point that the definitions and the game diagrams on pages 2 and 15 are quoted (with few minor modifications) from [3] and that the algorithms in sections 4 and 5 are quoted (again, with few minor modifications) from [2]. 2 The Propositional µ-calculus - Introductory Examples A modal µ-calculus formula is interpreted as a set of states in a transition system (or a Kripke structure). A transition system is essentially a finite states automata whose states are labeled with some properties. Technically this is done by labeling each state with a set of variables that hold true in it. The following diagram is an example of a transition system: {p} {p,r} {q,r} s 5 s 0 s 1 {q} {r} s 4 s 3 s 2 Let us now examine some simple modal µ-calculus formulas in the context of the transition system just presented: The formula p is interpreted as the set of all states where p holds true, in this case {s 0, s 5 }. The formula r q is interpreted as the set of all states where r or q hold true, in this case {s 0, s 1, s 2, s 4 }. We shall warm up by introducing two operators which are also used in temporal logics and express logical conditions that relate to advancements in the path: 2

3 The formula (r) is the set of states from which all (single) transitions lead to states where r holds true, in this case {s 1, s 2, s 5 } (for s 5 the condition is emptily fulfilled). The formula (p) is the set of states from which it is possible to make a (single) transition to a state where p holds true, in this case {s 0, s 2, s 3 }. The two operators in the core of modal µ-calculus, µ and ν, have slightly more sophisticated definitions: For any Q S the formula Q is interpreted as the set of states from which it is possible to make a (single) transition to a state in Q. Denoting Q by ϕ, one may emphasize the dependence of ϕ in Q by writing ϕ(q). Furthermore, it is possible to define a function τ : P(S) P(S), τ(w ) = W. The formulas µq. Q and νq. Q (also denoted µq.ϕ(q) and νq.ϕ(q), µq.ϕ and νq.ϕ or µqϕ and νqϕ) are interpreted as the least and greatest fixed points of this function, which are in this case and {s 0, s 1, s 2 }, respectively. Let us see some more examples of modal formulas: µq.q and νq.q are interpreted as the least and greatest fixed points of the function τ(w ) = W, which are and S, respectively. µq.p and µq.p are the least and greatest fixed points of the function τ(w ) = p, which are both simply the interpretation of the formula p. To demonstrate the expressional power of modal operators we shall translate a couple of temporal logic formulas to equivalent modal µ-calculus formulas. Trying not to get too much carried away, we shall try and discuss these examples in the most intuitive way: The formula µq.(p Q) is the least fixed point of the function τ(w ) = p W and is interpreted as the set of all the states from which it is possible to reach (in any finite number of transitions) a state where p holds true (denoted in the CTL temporal logic by EF(p)). Another CTL formula, EG(r), is true at a state s iff there Exists a path π originating from it that satisfies the following Global condition: r hold true in every state in π (letting a transition system model a web server and r represent the property sensitive data is unreachable for unauthorized users, the formula EG(r) may be a property that a developer of the server would be highly interested in verifying). Now, the set of states where EG(r) holds true is exactly the interpretation of the modal µ-calculus formula νq.(r Q) (the mutual inclusion of the two sets of states is rather simple to prove). It is actually true that any CTL formula can be translated to an equivalent modal µ-calculus formula (a proof can be found at [2]). Remark 2.1. The choice of an uppercase letter for denoting a quantified variable only comes to visually distinguish them from variables that are not quantified. Since, essentially there is no difference between those two sets of variables, in some literature, as in [3], all variables (quantified and not quantified) are denoted using regular lowercase letters. Furthermore, the dot (.) is omitted from the syntax of a modal formula (making most formulas look something like µpϕ). 3

4 3 The Propositional µ-calculus - Formal Definition 3.1 Transition System We fix a set of propositional variables P. A transition system is a triplet S = (S, R, λ) where S is a set called states, R S S is a relation and λ : P P(S) is a mapping that assigns a set of states to every propositional variable (also called evaluation or environment). Transition systems are also known as Kripke structures. If we consider the inverse mapping γ 1 : S P(P ), then we can regard transition systems as labeled directed graphs. For every variable p P and state s λ(p), we say that p is true in s, and for s λ(p), we say that p is false in s. For every s S, we denote sr = {s S (s, s ) R} Rs = {s S (s, s) R} A pointed transition system (S, s I ) is a transition system S = (S, R, λ) together with an initial state s I S. We call a transition system S = (S, R, λ) (resp. (S, s I )) finite iff S is finite and λ(p) for just finitely many p P (in this essay we shall only discuss finite transition systems). Let S = (S, R, λ) be a transition system, S S and p P. S[p S ] is defined as S = (S, R, λ[p S ]) whereas the evaluation λ[p S ] is defined by { λ[p S λ(p) p p ](p) = S p = p 3.2 Modal µ-calculus - Syntax The set L µ of formulas of modal µ-calculus is inductively defined as follows: -, L µ. - For every propositional variable p P : p, p L µ. - If ϕ, ψ L µ then ϕ ψ, ϕ ψ L µ. - If ϕ L µ then ϕ, ϕ L µ. - If p P, ϕ L µ and p occures in ϕ only positively then µpϕ, νpϕ L µ. 4

5 Note that this recursive definition gives rise to a very long and precise definition of a subformula (a subformula of a subformula is a subfolmula(!), the formula p has no subformulas, p has the unique subformula p, the formula ϕ ψ has the two subformulas ϕ and ψ, etc.), writing ψ ϕ when ψ is a subformula of ϕ. Remark 3.1. Note that in the definition of L µ negations can only be applied to propositional variables. However, we will see that negation of arbitrary formulas can easily be expressed using de Morgan laws and the following equivalences: ψ 1 ψ 2 ( ψ 1 ψ 2 ), ψ ψ, µpψ νp ψ[p/ p] where ψ[p/ p] means that in ψ every occurrence of p is replaced by p and vice versa. We defined L µ in this way because the translation of of formulas into automata is simpler for formulas of this form. 3.3 Modal µ-calculus - Semantics Let S = (S, R, λ) be a transition system. For a formula ϕ L µ the set ϕ S S is inductively defined as follows: - S =, S = S, - p S = λ(p), p S = S\λ(p) for p P, - ϕ ψ S = ϕ S ψ S, ϕ ψ S = ϕ S ψ S, - ϕ S = {s S sr ϕ S }, - ϕ S = {s S sr ϕ S }, - µpψ S = {S S ψ S[p S ] S }, - νpψ S = {S S ψ S[p S ] S }. Note that µpψ S and νpψ S are the least and greatest fixed points, resp., of the following function: g : P(S) : P(S), S ψ S[p S ] (see section 4.1 for more details). For a pointed transition system (S, s) and a formula ϕ L µ we will write (S, s) = ϕ for s ϕ S. 4 A First Algorithm 4.1 Set Theoretic Remarks In this sub-section we shall briefly state some monotonicity properties. First, all logical connectives but negation are monotonic: (f f ) ((f g) (f g)), ((f g) (f g)), (( f) ( f )), (( f) ( f )) 5

6 Second, let us state some set theoretic lemmas which will prove to be useful later on (taken from [2], p.62): Let S be a finite set and τ : P (S) P (S) a monotone function. Lemma 4.1. P 1 P 2... implies τ( i P i ) = i τ(p i ) ( -continuous) and P 1 P 2... implies τ( i P i ) = i τ(p i ) ( -continuous). Lemma 4.2. τ i ( ) τ i+1 ( ) and τ i (S) τ i+1 (S). Lemma 4.3. There are integers i 0, j 0 such that for every i > i 0, j > j 0 τ i ( ) = τ i0 ( ) and τ i (S) = τ i0 (S). Lemma 4.4. There are integers i 0, j 0 such that µq.τ(q) = τ i0 ( ) and νq.τ(q) = τ j0 (S). 4.2 A Naive Algorithm The remarks made in the last subsection give rise to the classical recursive algorithm Naive(S, f) that returns the interpretation of the formula ϕ in the transition system S. Coming to analyze the complexity of the algorithm we see that lines (and 22-24) may be executed S times, and denoting by T (n) the Time required to process the interpretation of a formula of length n we can see that the cost of line 17 (and 23) is T (n 3). These observations lead to the equation T (n) = O( S ) T (n 3) which yields T (n) = O( S n ). 5 A Second Algorithm 5.1 Formulas - Normal Form and Alternating Depth A formula ϕ L µ is in normal form if every propositional variable p in ϕ is quantified at most once, and in that case all its occurrences are within the scope of its quantification. Clearly, for every modal µ-calculus formula one can build an equivalent formula in normal form just by renaming bound variables, if necessary. For a formula ϕ L µ in normal form its alternating depth, denoted α(ϕ) (or d(ϕ)) is defined inductively as follows: - α( ) = α( ) = α(p) = α( p) = 0 - α(ψ 1 ψ 2 ) = α(ψ 1 ψ 2 ) = max{α(ψ 1 ), α(ψ 2 )} - α( ψ) = α( ψ) = α(ψ) - α(µpψ) = max({1, α(ψ)} {α(νp ψ ) + 1 νp ψ ψ, p free(νp ψ )}) - α(νpψ) = max({1, α(ψ)} {α(µp ψ ) + 1 µp ψ ψ, p free(µp ψ )}) 6

7 Algorithm 1 Naive(S, ϕ) 1: if ϕ = p then 2: Q val λ(p) 3: else if ϕ = ψ 1 ψ 2 then 4: Q val Naive(S, ψ 1 ) Naive(S, ψ 2 ) 5: else if ϕ = ψ 1 ψ 2 then 6: Q val Naive(S, ψ 1 ) Naive(S, ψ 2 ) 7: else if ϕ = ψ then 8: Q val {s sr Naive(S, ψ) } 9: else if ϕ = ψ then 10: Q val {s sr Naive(S, ψ)} 11: else if ϕ = µq.ψ(q) then 12: Q val 13: repeat 14: Q old Q val 15: Q val Naive(S[Q Q val ], ψ) 16: until Q old = Q val 17: else if ϕ = νq.ψ(q) then 18: Q val S 19: repeat 20: Q old Q val 21: Q val Naive(S[Q Q val ], ψ) 22: until Q old = Q val 23: end if 24: return Q val 7

8 Since the definition of the set of free variable of a formula is natural I did not include it here. The sets F µ and F ν of µ- and ν- formulas, respectively, are defined as follows: F µ = {µpψ ψ L µ }, F ν = {νpψ ψ L µ }. A top level µ-subformula (ν-subformula) is a maximal F µ (F ν ) subformula (with respect to subformula relation). Later on we shall need also the following definition: For a bound variable p occurring in a formula ϕ in normal form, the unique subformula ηpψ (η {µ, ν}) of ϕ will be denoted by ϕ p. 5.2 A Less Naive Algorithm The second algorithm interprets some modal sub-formulas in parallel using a concept similar to dynamic programing. Denoting by Q 1, Q 2,.., Q N the bounded variables that appear in ϕ, the algorithm uses an array A[1...N] to store approximations of the fixed points values. A couple of simple lemmas give a sketch of the proof of its correctness: Lemma 5.1. For any W i τ i ( ) we have i τ i (W ) = i τ i ( ), and similarly for any W i τ i (S) we have i τ i (W ) = i τ i (S). In other words, to compute a least (greatest) fixed point is enough to start iterating with any approximation that is known to be below (above) the least (greatest) fixed point. Lemma 5.2. Monotonicity of formulas with respect to bound variables ensures that for every bound variable Q j of a µ subformula µq j.τ(q j ) the following invariant inclusion relation is kept: A[j] i τ i ( ) Similarly, for every bound variable Q j of a ν subformula νq j.τ(q j ) we have A[j] i τ i (S) As an illustration to the algorithms different operations we look at an example: Given the transition system: v 0 v 1 v 2... v n {p} The ( first algorithm would interpret the formula µq 1. µq 2. ( ( Q 2 p) ( Q 1 p) )) by doing the following: It would assign 8

9 Q 1 and then interpret the subformula µq 2. ( ( Q 2 p) ( Q 1 p) ). It would then update Q 1 and repeat the process, until the fixed point S would be found. The i th iteration would take time O(i), what yields a total time complexity of O(n 2 ). The second algorithm would follow the same stages only it would not reinitialize the variable Q 2 after each interpretation of the subformula. Thus, each interpretation of the subformula will be done in time O(1), what yields a total time complexity of O(n). To summarize, since the quantified variables are reinitialized only if they are top-level quantified variables, the time complexity of the whole run of the algorithm is exponential in the number of such variables, or in other words, in the alternating depth of the formula. Algorithm 2 LessNaive(S, ϕ) 1: if ϕ = p then 2: Q val λ(p) 3: else if ϕ = ψ 1 ψ 2 then 4: Q val LessNaive(S, ψ 1 ) LessNaive(S, ψ 2 ) 5: else if ϕ = ψ 1 ψ 2 then 6: Q val LessNaive(S, ψ 1 ) LessNaive(S, ψ 2 ) 7: else if ϕ = ψ then 8: Q val {s sr LessNaive(S, ψ) } 9: else if ϕ = ψ then 10: Q val {s sr LessNaive(S, ψ)} 11: else if ϕ = µq i.ψ(q i ) then 12: for all top-level greatest fixed point subformulas νq j.ψ (Q j ) of ψ do 13: A[j] S 14: end for 15: repeat 16: Q old A[i] 17: A[i] LessNaive(S[Q Q val ], ψ) 18: until Q old = A[i] 19: else if ϕ = νq.ψ(q) then 20: for all top-level least fixed point subformulas µq j.ψ (Q j ) of ψ do 21: A[j] 22: end for 23: repeat 24: Q old A[i] 25: A[i] LessNaive(S[Q Q val ], ψ) 26: until Q old = A[i] 27: end if 28: return A[i] 9

10 6 A Better Algorithm A better algorithm is known to solve the problem, with complexity time that is exponential in half the alternating depth of the formula. Even though the improvement is not drastic, it is much more sophisticated and its description takes a detour though parity games and strategies. 6.1 Parity Games - Introductory Example Let us start with an example which will serve as an appetizer for many definitions to come (taken from [3]): v 0 v 1 v v v v 6 v 5 v 4 A play is a series of vertices which constitute a (finite or infinite) path. A play can therefore be π = v 0, v 1, v 2, v 3, v 4, v 5, v 6, v 7, v 8, v 9, v 0, v 1, v 2,... or π = v 0, v 1, v 0, v 1,..., but not π = v 1, v 2, v 1,... The numbers inside the vertices are their priorities. Given a play π = uvw... one can look at the series of the priorities of the vertices in that play, denoted χ(π) = χ(u)χ(v)χ(w)... (when χ is the function that assigns to each vertex its priority). The circled vertices and the squared vertices belong to player 0 and to player 1, respectively. Now, the successor of a vertex in the path is chosen by its owner, or in other words, the successor of a vertex v is chosen by player 0 iff v is circled. In a min parity game (max parity game) player 0 wins an infinite play iff the minimal (maximal) priority that occurs in it infinitely often is even. It wins a finite play iff the play ends with a vertex that belongs to player Parity Games - Formal Definition An arena is a triple A = (V 0, V 1, E) where V 0 is the set os 0-vertices, V 1 is the set of 1-vertices, disjoint from V 0, and E (V 0 V 1 ) (V 0 V 1 ) is the edge relation, and is sometimes also called the set of moves. The union of V 0 and V 1 is denoted V. The set of successors of v V is defined by ve = {v V (v, v ) E}. We define a play in the arena A as above as being either 10

11 an infinite path π = v 0 v 1 V ω with v i+1 v i E for all i ω (infinite play) or a finite path π = v 0 v 1 v l V + with v i+1 v i E for all i < l and v l E = (finite play). Let A be as above and assume χ : V C is some function mapping the vertices of the arena to a finite set C of so-colled colors (or priorities), such a function will be called a coloring function (or a priority function). The coloring function is extended to plays in the straightforward way. When π = v 0 v 1 is a play, than its coloring, χ(π), is given by χ(π) = χ(v 0 )χ(v 1 )χ(v 2 ) Inf(χ(π)) denotes the set of colors (or priorities) occurring infinitely often in χ(π). A play π in the min (max) parity game G = (A, χ) is said to be won by player-0 iff min(inf(χ(π))) (max(inf(χ(π)))) is even. 6.3 Example - Continue, Adding Strategies Let us see how should each player make his moves, assuming we are in the case of the max parity game. If the play reaches the vertices v 5 or v 6 than player 0 has the game as it can force it to be π = (12) ω. Thus, player 0 will also win if the play reaches vertex v 4, and therefore player 1 must never move from v 3 to v 4, but rather to v 0. As a matter of fact, if the play reaches v 0 than it is won by player 1, because wherever player 0 shall move from there it will always complete a circle in the graph that consists of the priorities 0 and 1, or in other words, in that case the play will be of the form π = (1 + 0) ω. Two profound observations are first, that the set of vertices V is separated to two winning regions, and second, that the best strategy a player may choose need not depend on the history of the play. A game satisfying the first property is said to be fully determined, and a game satisfying the second one is said to let both players win memoryless. An important result to be mentioned again later is that parity games always enjoy both these properties. Its importance lies in that it simplifies significantly the search for strategies. Explicitly, the set of possible strategies diminishes from the set of partial functions f σ : V V σ V (σ {0, 1}) to the much smaller set of functions f σ : V σ V. 6.4 Strategy - Formal Definition Let A be an arena, σ {0, 1}, and f σ : V V σ V a partial function. A prefix of a play π = v 0, v 1,..., v l is said to be conform with f σ if for every 0 i < l and v i V σ the function f σ is defined at v 0, v 1,..., v i and f σ (v 0, v 1,..., v i ) = v i+1. A play is said to be conform with f σ if each of its prefixes is conform with it. Such a f σ is a strategy for player σ on U V if it is defined for every prefix of a play which is conform with it, starts in a vertex from U and does not end in a dead end of player σ. A strategy f σ is said to be a winning strategy for player σ on U if all plays which are conform with it and start in a vertex from U are wins for player σ. 11

12 Remark 6.1. Note that the assertion it is defined for every prefix of a play which is conform with it is not redundant(!): the which refers to the prefix, meaning that this assertion actually assures that whenever a prefix of a play conforms with f σ and its terminating vertex belongs to player σ the partial function f σ is defined on it. In view of the upcoming fact we are actually free from that finesse of a definition: Memoryless Strategies are strategies that depend only on the last vertex in their input, in other words they are partial functions V σ V. Fact 6.1. (Memoryless Determinacy of Parity Games) In every parity game, both players win memoryless. This observation is a crucial step in making the search for a winning strategy in a parity game more efficient. As mentioned before, it actually makes the set of candidate strategies a finite one. 6.5 Finding an Optimal Strategy - Jurdińsky s Algorithm We shall now present the best know algorithm today for finding a winning strategy for a parity game, specifically - a min parity game with no dead ends (it is rather easy to ensure these properties efficiently, right?). The algorithm finds a certain function that is a witness for the existence of a specific winning strategy for player 0. The key property of that function is that it decreases over edges originating from vertices with odd priority, thus, roughly speaking, if such a function exists than player 0 can avoid any odd circle in the graph (a circle on which the lowest priority is odd), thus win the game. Given a parity game G denote by V i the set of vertices with priority i, and by MG the set {[1] [ V 1 + 1] [1] [ V 3 + 1]... [ V d + 1]} { } (denoting [i] = {0, 1,..., i 1} and assuming without loss of generality that d is odd). We shall use the notation > to denote the lexicographical order on MG, and > i to denote the restriction of the lexicographical order to the first i coordinates (0- indexing the coordinates). is a maximal element with respect to any ordering. For every element m MG \{ } denote by m i its restriction to the first i coordinates (assigning 0 to the other coordinates), i.e. (0, 1, 0, 3, 0, 5, 0, 7) 3 = (0, 1, 0, 3, 0, 0, 0, 0), and by m + i its successor with respect to the ordering > i, i.e. (0, 1, 0, 3, 0, 5, 0, 7) + 3 = (0, 1, 0, 4, 0, 0, 0, 0). For m = denote m i = m + i =. We shall assign each vertex in the arena with a m MG, denoting the value assigned to vertex v by ρ(v). We define a function Lift : V MG : min w ve {ρ(w) χ(v) } v V 0 and χ(v) is even min w ve {ρ(w) + χ(v) Lift(v) = } v V 0 and χ(v) is odd max w ve {ρ(w) χ(v) } v V 1 and χ(v) is even max w ve {ρ(w) + χ(v) } v V 1 and χ(v) is odd We now have all the ingredients for the deceivingly simple algorithm that for a given min parity game G calculates a min parity game progress measure, from which we will later deduce the winning region of player 0: 12

13 Algorithm 3 Jurdinsky(G) Require: A min parity game G 1: for all v V do 2: ρ(v) 0 3: end for 4: while v V Lift(v) > ρ(v) do 5: ρ(v) Lift(v) 6: end while 7: return ρ Now, surprising as it may sound, the set ρ = {v V ρ(v) } is the winning region of player 0 and his winning strategy there is derived from the rule minimize the ρ of the successor. Coming to analyze the complexity of the algorithm, we note that at the worst case each vertex is lifted MG times, what turns out to be the major factor of the complexity of the runtime of the algorithm. Trying to maximize n its value we get ( d/2 ) d/2, denoting by n the number of vertices and by d the number of priorities. Thus, the algorithm is exponential in half the number of priorities. We shall later see that when interpreting a modal µ-calculus formula to a parity game the number of priorities in the translation game is the alternating depth of the formula(!), what will yield an improvement in the efficiency of the interpretation process. The example presented in section shows that for some families of arenas many vertices are actually lifted MG times, regardless of the order in which the vertices are lifted. This shows that the above complexity estimation is tight. A detailed proof of the correctness of the algorithm is found in [3] Example Let us take the equivalent min parity game to the max parity game discussed earlier (see diagram in the next page). First, figuring out the winning regions assures that as expected, the winning region of player 0 is {v 4, v 5, v 6 }. Second, we have MG = ([1] [5] [1]) { }. Third, assigning all vertices with (0, 0, 0) and lifting them sequentially according to their indices (from v 0 to v 7 and so on) yields the assignments marked in the diagram (bottom up direction). As hoped, when no vertex can be lifted anymore we have all vertices but {v 4, v 5, v 6 } assigned with the value. 13

14 (0,4,0) (0,3,0) (0,2,0) (0,2,0) (0,4,0) (0,4,0) (0,3,0) (0,4,0) (0,3,0) (0,3,0) (0,2,0) (0,2,0) v 0 1 v 1 1 v 2 2 (0,4,0) (0,3,0) (0,2,0) (0,2,0) v v 3 (0,4,0) (0,3,0) (0,3,0) (0,2,0) v 6 v 5 v And Another One This time we have MG = ([1] [4] [1] [4] [1] [4] [1]) { } (diagram on the next page). It seems like in this example it would be rewarding to find a less arbitrary order for lifting the vertices, but actually this is a false impression(!). This example shows that for some arenas the worst case complexity is inevitable - some vertices (namely the vertices with priority 5) must be lifted 4 3 (which is the size of MG = ([1] [4] [1] [4] [1] [4] [1]) { }), right? 14

15 (0,3,0,0,0,0,0) (0,3,0,0,0,0,0) (0,2,0,0,0,0,0) (0,1,0,0,0,0,0) (0,0,0,3,0,0,0) 3 (0,2,0,...) (0,2,0,...) (0,0,0,2,0,0,0) (0,1,0,...) (0,1,0,...) 1 (0,...,0) (0,...,0) 2 2 (0,0,0,1,0,0,0) (0,0,0,3,0,0,0) 3 (...,2,...) (...,2,...) (...,1,...) (...,1,...) 4 4 (0,...,0) (0,...,0) Alternating Tree Automata - Formal Definition An Alternating Tree Automata is the intermediate structure between modal µ- calculus formulas and parity games. An ATA takes as input pointed transition systems (S, s I ), and accepts it iff there exists a winning strategy for player 0 in a specific initialized max parity game. To define alternating tree automata we need the notion of transition conditions. Recall that P is a set of propositional variables, and let Q be a set of symbols (note that this Q has nothing to do with the Q s we worked with before, which were variables representing subsets of S). The transition conditions, T C Q over Q, are defined as follows: The symbols 0 and 1 are in T C Q. For every p P, p and p are in T C Q. For every q Q, q, q and q are in T C Q. For every q 1, q 2 Q, q 1 q 2 and q 1 q 2 are in T C Q. An Alternating Tree Automata is tuple A = (Q, q I, δ, Ω) where Q is a finite set of states of the automaton, q I Q is a state called the initial state, δ : Q T C Q is called a transition function, and Ω : Q ω is called a priority function. 15

16 Let (S, s I ) be a pointed transition system and A = (Q, q I, δ, Ω) be an ATA. Let V Q S, E V V be the smallest graph with (q I, s I ) V such that for every (q, s) V we have: if δ(q) = q than (q, s) V, ((q, s), (q, s)) E. if δ(q) = q 1 q 2 or δ(q) = q 1 q 2 than (q 1, s), (q 2, s) V, ((q, s), (q 1, s)), ((q, s), (q 2, s)) E. if δ(q) = q or δ(q) = q than s sr, (q, s ) V, ((q, s), (q, s )) E. To define an arena from V and E we split V into V 0 and V 1 as follows: (q, s) V belongs to V 0 iff one of the following holds: δ(q) = 0. δ(q) = p s λ(p). δ(q) = p s λ(p). δ(q) = q. δ(q) = q 1 q 2. δ(q) = q. We simply use Ω as a priority function (Ω((q, s)) := Ω(q)) and the initial location (q I, s I ) and we have a max parity game G = ((V, E), Ω, (q I, s I )). The ATA A accepts (S, s I ) iff player 0 has a winning strategy for the initialized max parity game G Alternating Tree Automata - Example Let A = (Q, q I, δ, Ω) be an ATA, where: Q := {q 0, q 1, q 2 }, q I := q 0, δ(q 0 ) = q 1, δ(q 1 ) = q 2, δ(q 2 ) = q 0, Ω(q 0 ) = 1, Ω(q 1 ) = Ω(q 2 ) = 0. Will A accept the transition system illustrated on page 2? To unswear this 16

17 question we generate and examine the following initialized max parity game: 1 (q 0, s 0 ) 0 (q 2, s 1 ) 0 0 (q 1, s 0 ) (q 2, s 3 ) 1 (q 0, s 1 ) 1 (q 0, s 3 ) 0 (q 1, s 1 ) 0 (q 1, s 3 ) 0 (q 2, s 2 ) 1 (q 0, s 2 ) 0 (q 2, s 5 ) 1 (q 0, s 5 ) 0 (q 1, s 5 ) 0 (q 1, s 2 ) 0 (q 2, s 0 ) All vertices belong to player 0, thus any finite play is a loss for player 0. Furthermore, the only vertices with priority 0 (namely 1) are of the form (q 0, s), and the only infinite play, namely the one loop in the arena, consists of both the priorities 0 and 1. Thus, since this is a max parity game, such a play would yield a win for player Translating a Modal µ-calculus Formula to an ATA Recall the definitions in section 3. We now give a translation which for every L µ formula ϕ constructs an ATA A(ϕ) such that the following is true: where (S, s) L(A(ϕ)) (S, s) = ϕ Let ϕ be a L µ formula in normal form. We define the ATA A(ϕ) as follows: A(ϕ) = (Q, q I, δ, Ω) Q := { ψ ψ ϕ} (the set of all subformulas of ϕ), q I = ϕ, δ : Q T C Q is defined by: δ( ) = 0, { δ( ) = 1, p p free(ϕ), δ( p ) = ϕ p p free(ϕ), δ( p) = p, 17

18 δ( ψ χ ) = ψ χ, δ( ψ χ ) = ψ χ, δ( ψ ) = ψ, δ( ψ ) = ψ δ(µpψ) = δ(νpψ) = ψ. The priority fuction Ω : Q ω is defined as follows: the smallest odd number greater or equal to α(ψ) 1 ψ F µ Ω( ψ ) = the smallest even number greater or equal to α(ψ) 1 ψ F ν and 0 otherwise As will be roughly illustrated in the following example, this translation procedure turns a modal µ-calculus formula into a game where a dead end would mean either the affirmation of a µ formula or the disaffirmation of a ν formula (at a specific vertex). If no such vertex is reached it must be that the play has entered some infinite loop, as a result of the inability of one of the players to force a dead end on its opponent. The top priority in that circle would be even if the modal operator is µ and odd otherwise. 6.8 Concluding Example Let us see how the modal µ-calculus formula we interpreted at the beginning, µq. Q is translated to an ATA A(ϕ) = (Q, q I, δ, Ω): Q := {q 0 = µq. Q, q 1 = Q, q 2 = Q }, q I = q 0 δ(q 0 ) = q 1, δ(q 1 ) = q 2, δ(q 2 ) = q 0 Ω(q 0 ) = 1, Ω(q 1 ) = Ω(q 2 ) = 0 This is exactly the ATA we used as an example before. Therefore we have: s 0 f S (s 0 belongs to the interpretation of f in the transition system illustrated on page 2) iff (S, s 0 ) L(A(ϕ)) (the ATA accepts the pointed transition system (S, s 0 )) iff there exists a winning strategy for player 0 on the previously constructed max parity game. As we said before, such a strategy does not exist, thus as we have s 0 f S, as expected. We can exhaust this example by transforming the parity game to a canonical equivalent min parity game with no dead ends: To do this we simply modify Ω to be Ω(q 0 ) = 1, Ω(q 1 ) = Ω(q 2 ) = 2 (right?), and add a state reachable only from (q 1, q 5 ) with one self edge and priority 1 (right?). We now apply Jordińsky s algorithm, see that it terminates only after all vertices are assigned, from which we deduce (again) that there is no winning strategy for player 0 on any vertex in the game. Note that applying Jordińsky s algorithm yields a game whose range of priorities is the alternating depth of the formula (plus minus 1). 7 Concluding Remarks & Acknowledgements Surprisingly enough the problem of finding a strategy in a parity game, and thus of interpreting a modal µ-calculus formula, lies in a complexity class that 18

19 is believed to be not to high above polynomial, namely UP co-up: A problem is in the class UP if there is a polynomial time nondeterministic Turing machine, such that for each input that is accepted exactly one computation accepts. I did not manage to find other problems in that complexity class, but looking for such problems I found [1] that discusses efficient implementations of strategy finding algorithms. The search for a better classification of the problem or for a better algorithm is proceeding. A mile stone is the Strategy Improvement algorithm whose complexity analysis is not yet clear. Classification modal µ-calculus formulas has also more than presented here. Interesting properties of modal µ-calculus that were studies are its equivalence to a certain family of alternating tree automatas and the relation between expressive power and the number of alternations that may be used in a formula. More about both these topics may be found in [3]. Finally, I would like to thank Prof. Dirk Vermeir, Yoad Lustig, Ben Hizak, Elad Eban, Ezra Hoch and Dan Steinitz. Without their guidance, tips and remarks this essay would not be half as good, if any. References [1] Adam Antonik, Nathaniel Charlton, and Michael Huth. Polynomialtime under-approximation of winning regions in parity games. mrh/talks/darmstadt07.ppt, May 15th, [2] Edmund M. Clarke, Orna Grumberg, and Doron A. Peled. Model Checking. The MIT Press, [3] Erich Grädel, Wolfgang Thomas, and Thomas Wilke, editors. Automata, Logics, and Infinite Games. A guide to Current Research. Springer,