Alternating Time Temporal Logics*

Transcription

1 Alternating Time Temporal Logics* Sophie Pinchinat Visiting Research Fellow at RSISE Marie Curie Outgoing International Fellowship title={alternating-time Temporal Logic}, author={alur, R. and Henzinger, T.A. and Kupferman, O.}, journal={journal of the ACM}, volume={49}, number={5}, pages={ }, year={2002} } S. Pinchinat 1

2 Outline Introduction Concurrent Games Structures The Logics ATL and ATL Model-Checking Complete Axiomatization of ATL and Satisfiability [GvD2006] S. Pinchinat 2

3 Main Ideas Set of agents (players, system components) taking actions simultaneously or in turns on a common set of states Thus effecting transitions between those states Agent pursue certain goals - can form coalitions Develop logic-based formalisms For reasoning about coalitions Abilities of agents to achive specified outcomes S. Pinchinat 3

4 Logics for reasoning about Actions Linear-time Temporal Logic (LTL) [Pnueli 77] Reasoning about computations ϕ ϕ is true somtime in the future Branching-time Temporal Logic (CTL, CTL ) [Clarke-Emerson 81, Emerson-Halpern 86] Allow quantification over paths E ϕ There is a path along which ϕ is eventuallty true Alternating-time Temporal Logic (ATL, ATL ) [Alur-Henzinger-Kupferman 97] Selective quantification over paths A ϕ The coalition A has a joint strategy to ensure ϕ is true at the next moment S. Pinchinat 4

5 Logics for reasoning about Actions Propositional Dynamic Logic (PDL) [Pratt 76] Reason about programs explicitly α ϕ After executing program α, ϕ is true Game Logic (GL) [Parikh 85] Reasoning about games γ ϕ Agent I has a strategy to bring about ϕ in game γ Coalition Logic (CL,ECL) [Pauly 00] Reasoning about group power [C]ϕ Coalition C has a joint strategy to bring about ϕ S. Pinchinat 5

6 Computational models vs. Behavioural models Kripke Structures vs. Computation Trees Quantification over paths in the tree One process a and a boolean variable x: x = x x = x x s x ss x ss x s x s x x x x x x sss sss x ss x s ss x s x S. Pinchinat 6 x but x

7 Alternating Transition Systems/Concurrent Game Structures Kripke Structures One single agent that controls the transition system Quantifications over Paths and What if there is more than one agent? 2 processes, a and b 2 boolean variables x and y S. Pinchinat 7

8 A First Example First a and b are made independent Agent a: { x x = x x = x (2 possible moves) q x x = x (1 possible move) { Agent b: x y y = y (mv 1) y = y (2 possible moves) q x q y y y y = y (1 possible move) d a (q) = d a (q y ) = 2 d a (q x ) = d a (q xy ) = 1 d b (q) = d b (q x ) = 2 d b (q y ) = d b (q xy ) = 1 q xy x, y S. Pinchinat 8

9 A First Example First a and b are made independent { Agent a: x x = x x = x (2 possible moves) x x = x (1 possible move) { Agent b: y y = y y = y (2 possible moves) y y = y (1 possible move) d a (q) = d a (q y ) = 2 d a (q x ) = d a (q xy ) = 1 d b (q) = d b (q x ) = 2 d b (q y ) = d b (q xy ) = 1 x q x q q xy x, y q y y S. Pinchinat 9

10 A First Example The Transition Function δ(q, i, j ) with i (resp. j) a possible move for player a (resp. b) in q i,j 1, 1 1, 2 2, 1 2, 2 δ(q, i,j ) q q x q y q xy i,j 1, 1 1, 2 q δ(q x, i,j ) q x q xy i,j 1, 1 2, 1 δ(q y, i,j ) q y q xy i,j 1, 1 δ(q xy, i,j ) q xy [q, q,q x,q x,q ω xy], [q,q y,q y,q ω xy], and [q,q ω xy] x q x q xy x, y q y y S. Pinchinat 10

11 Variant of the Structure S xy In S xy, b can change y from false to true only when x is already true. In state q, only one move for player b: leave y unchanged d a(q) = d a(q y ) = 2 d a(q x ) = d a(q xy ) = 1 d b (q) = 1, d b (q x) = 2 d b (q y) = d b (q xy) = 1 [q, q y, q y, q ω xy] and [q, q ω xy] are no more computations In S xy, b can change y from false to true either when x is already true, or when simultaneously x is set to true. In q, move 2 for player b has other meaning: change y if player a simultaneously changes x, otherwise leave y unchanged i,j 1, 1 1, 2 2, 1 2, 2 δ(q, i,j ) q q q y q xy [q, q ω xy] is now allowed S. Pinchinat 11

12 Concurrent Games Structures S = (k,s, Π, π,d, δ) k 1, set of players [k] = 1,...,k. A finite set S of states A finite set Π of propositions - π : S P(Π) is the labelling function Moves d p (s) 1 (p [k], s S) Move Function D(s) = [d 1 (s)]... [d k (s)] set of move vectors. Moves Vectors in s j 1, j 2,...,j k j p [d p (s)] (p [k]). Transition Function δ(s, j 1, j 2,...,j k ) S S. Pinchinat 12

13 Size of the structure S Number of States n = S as usual Number of Transitions m = Σ s S d 1 (s) d k (s) For a fixed set Π the size of S is O(m) NOT BOUNDED BY S 2 S. Pinchinat 13

14 Particular Concurrent Game Structures Turn-based synchonous game structures: In each step, only one player has a choice of moves, and she is determined by the current state for each s S, there is a s [k] s.t. d b (s) = 1 for b a s Kripke Structures and m = O(n 2 ) Moore synchonous game structures: The state is partitioned according to to the players, and in each step, every player updates its own component of the state independently of the other players S = S 1 S 2... S k and δ(s, j 1,...,j k ) = (δ 1 (s, j 1 ),...,δ k (s, j k )) Equational data flow languages (Signal, Lustre) Symbolic Models Turn-based asynchonous game structures (number of players 2): In each step, only one player has a choice of moves, and that player is chosen by a fair scheduler S. Pinchinat 14

15 Computations and Strategies s-computation (s S) An infinite sequence λ = (s =)s 0 s 1... with s i+1 = δ(s i,j 1,...j k ) for some move vector (j 1,...,j k ) D(s) Standard notations λ[i], λ[0, i], and λ[i, ] Strategy for p [k] A function f p : S + [d p (s)] f p (λ) is the move of player p after history λ S. Pinchinat 15

16 Strategies A-move in s (s S and A [k]) is σ A = (σ a ) a A (1 σ a d a (s)) D A (s) set of A-moves in s. s is consistent with σ A D A (s) whenever s = δ(s, j 1,...,j k ) and j a = σ a (for all a A) out(σ A ) set of states consistent with σ A A-strategies (A [k]) is F A : S + {D A (s) s S} for all λ S and for all s S, F A (Λ.s) D A (s) λ out(s, F A ) s-computation λ is consistent with F A s i+1 out(f A (λ[0, i])) S. Pinchinat 16

17 Alternating-time Temporal Logics Syntax of ATL (ATL syntactic restriction like CTL CTL ) p Π, φ, φ 1 φ 2, A φ, A φ, A φ 1 U φ 2 are formulas where A [k] and φ, φ 1, φ 2 are formulas. Semantics s = A φ iff there exists a A-strategy F A s.t. for all λ out(s, F A ), λ[1] = φ s = A φ iff there exists a A-strategy F A s.t. for all λ out(s, F A ), for all i 0, we have λ[i] = φ s = A φ 1 U φ 2 iff there exists a A-strategy F A s.t. for all λ out(s, F A ), i 0, λ[i] = φ 2, and 0 j < i, λ[j] = φ 1. S. Pinchinat 17

18 An Example Two agents a and b must choose between two outcomes p and q, but with a mechanism with the following restriction 1. An outcome must result: (p q) 2. The agents are able to collectively choose an outcome: {a,b} p {a, b} q 3. The agents can bring about both outcomes simultaneously: {a,b} (p q) 4. The agents have equal power: for each x {a,b} x p x q S. Pinchinat 18

19 Expressiveness CTL ATL and CTL ATL [k] and Coalition Logic ATL [C]ϕ C ϕ Can define AMC, a mu-calculus with the modalities A ATL < ATL < AMC AMC and Game Logic are incomparable Parikh, R.: 1985, The Logic of Games and its Applications, Annals of Discrete Math. 24, S. Pinchinat 19

20 AT L Symbolic Model-Checking Same as for CTL: (Fixed Point-based) Computation of Sat(ϕ) S according to Sat(φ 1 φ 2 ) = Sat(φ 1 ) Sat(φ 2 ) Sat( A φ) = Pre(A,Sat(φ)) Sat( A φ 1 U φ 2 ) = Intuition with Boolean Symbolic Systems A system T( X, X ), and for each A [k], X = X A X Ā Given a predicate P( X) Pre(A, P)( X) ( X A X Ā [T( X, X ) P( X )])[ X / X ] S. Pinchinat 20

21 AT L Model-Checking Complexity The model-checking problem for AT L is PTIME-complete, and can be solved in time O(m.l) for a game structure with m transitions and an ATL formula of length l. The problem is PTIME-hard even for a fixed formula, and even in the special case of turned based synchronous games structures. Structure Complexity is PTIME-hard, as we can express AND-OR graph reachability [Imm81] in a turn-based game structure. More difficult than CTL, only NLOGSPACE [KVW00] as graph reachability S. Pinchinat 21

22 ATL Model-Checking The model-checking problem for ATL is 2EXPTIME-complete, even in the special case of turn-based synchronous game structures. For ATL formulas of bounded size, the model-checking problem is PTIME-complete. Double exponential price to pay, CTL 2EXPTIME-hard from the realizability problem for LTL by [Pnueli-Rosner89] S. Pinchinat 22

23 s = A ϕ? with ϕ LTL is in 2EXPTIME 1. Build A ϕ that accepts the trees satisfying ϕ CTL 2. Build A S,s,A a tree automaton that accepts the out(s, F A ) for some A-strategy F A seen as a tree. 3. Compute A ϕ A S,s,A accepts trees that outcome from some A- strategy and which satisfy ϕ. if nonempty then s = A ϕ A ϕ is Rabin with (2 2O(l) ) states and 2 O(l) pairs [Emerson-Sistla84] A S,s,A has the same size as S and is Büchi (all states of S) A ϕ A S,s,A is Rabin with (m.2 2O(l), 2 O(l) ) NonEmpPb Rabin automaton in time O(n.r) 3r [Emerson-Jutla84]. S. Pinchinat 23

24 Complete Axiomatization of ATL [Goranko-vanDrimmelen06] (Write Σ for the full set of agents) Axioms: (TAUT) ( ) A false ( ) A true ([k]) φ Σ φ (S) A 1 φ 1 A 2 φ 2 A 1 A 2 (φ 1 φ 2 ) for disjoint A 1 and A 2 (FP ) A φ φ A A φ (GFP ) (θ (φ A θ)) (θ A φ) (FP U )... (LFP U )... S. Pinchinat 24

25 Complete Axiomatization of ATL [Goranko-vanDrimmelen06] Rules of Inference: (ModusPonens) ( A M onotonicity) ( Necessitation) φ 1,φ 1 φ 2 φ 2 φ 1 φ 2 A φ 1 A φ 2 φ φ S. Pinchinat 25

26 Proof for Complete Axiomatization of ATL 3 steps based on infinite trees Local constructions Eventuality Realization Final Model Construction Finite Model Theorem Any satisfiable formula ϕ is true in a regular tree of branching degree ( ϕ + 1) Σ. a tree automata-theoretic decision procedure Corollary The decision problem for ATL is EXPTIME-complete S. Pinchinat 26