1 Logics of Programs. 2 The Mu-calculus. 3 Automata on Infinite Objects. 4 Games. 5 Membership and Emptiness Problems for NDPT Automata

Transcription

1 Logic, Automata, and Games Sophie Pinchinat IRISA, university of Rennes 1, France M2RI Logics of Programs Introductory Example Kripke Structures Behavioral Properties 2 Fundamental Questions 3 Automata on Infinite Ojects Generalities Non-deterministic Parity Tree (NDPT) Automata 4 Games Generalities Parity Games Memoryless Determinacy of Parity Games Solving Parity Games 5 Memership and Emptiness Prolems for NDPT Automata 6 Concluding remarks Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Logics of Programs Introductory Example The Model-Checking Prolem The Model-checking Prolem: A system Sys and a specification Spec, decide whether Sys satisfies Spec, or not. Example: Mutual exclusion protocol Process : repeat : non-critical section 1 1: wait unless turn = 1: critical section 1 11: turn := 1 Process 1: repeat : non-critical section 2 1: wait unless turn = 1 1: critical section 2 11: turn := A state is a it vector of the form (line no. of process 1,line no. of process 2, value of turn) The initial state is (). Spec = some state of the form (11x) is never reached, and always when a state of the form (1xyz) is reached, then later a state of the form (1x y z ) is reached (and similarly for Process 2, i.e. states (xy1z) and (x y 1z )) A classic Sophie Pinchinat formal (IRISA) approach: Logic, Automata, and Games M2RI / 75 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Logics of Programs Kripke Structures Kripke Structures Assume given Prop = {p 1,...,p n } a set of atomic propositions. Definition A Kripke structure over Prop is S =(S, R,λ) S is a set of states R S S is a transition relation λ : S 2 Prop associates those p i which are assumed true in s. A rooted Kripke structure is a pair (S, s) where s is a distinguished initial state Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75

2 Logics of Programs Kripke Structures Logics of Programs Kripke Structures Mutual Exclusion Protocol Example A Toy System Over Prop = {p 1, p 2 }. Let us use Use p 1 and p 2 for eing in wait instruction efore critical section for Process and Process 1 respectively {p 1 } s 1 s 3 Use p 3 and p 4 for eing in critical section for Process and Process 1 respectively The lael function looks like λ(111) = {p 1, p 4 }; rememer states are (line no. of process 1,line no. of process 2, value of turn) {p 1, p 2 } s EXERCISE: Define the KS corresponding to the Mutual Exclusion Protocol s 2 {p 2 } λ(s 2 )={p 2 } Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Logics of Programs Kripke Structures Paths and Words Let S =(S, R,λ) e a Kripke structure over Prop = {p 1, p 2,...,p n }. A path through (S, s) is a sequence s, s 1, s 2,... where s = s and (s i, s i+1 ) R for i Its corresponding word ( (2 Prop ) ω )isλ(s ),λ(s 1 ),λ(s 2 ),... For example, {p1} s1 s3 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Logics of Programs Behavioral Properties Linear Time Logic for Properties of Words [Eme9] We use modalities The syntax of the logic LTL is: G denotes Always F denotes Eventually X denotes Next U denotes Until α = {p 1, p 2 }{p 1 }{p 2 }{p 1 }... {p1, p2} s ϕ 1,ϕ 2 ( LTL) ::= a ϕ 1 ϕ 2 ϕ 1 X ϕ 1 ϕ 1 U ϕ 2 If α = α()α(1)... (2 Prop ) ω, write α i for α(i)α(i +1)... So α = α. s2 {p2} where a Σ. LTL formulas are interpreted over words α Σ ω. Note that the words may arise from a Kripke structure (S, s) overprop so that Σ = 2 Prop. Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75

3 Logics of Programs Behavioral Properties Logics of Programs Behavioral Properties Semantics of LTL Examples of formulas Let α Σ ω.defineα i = ϕ y induction over ϕ. Let α i = a iff α(i) =a α i = ϕ 1 ϕ 2 iff... α i = ϕ 1 iff α i = X ϕ 1 iff α i+1 = ϕ 1 α i = ϕ 1 U ϕ 2 iff for some j i, α j = ϕ 2,and for all k = i,...,j 1, α k = ϕ 1 Fϕ def = true U ϕ, hence α i = Fϕ iff α j = ϕ for some j i. Gϕ def = F ϕ, hence α i = Gϕ 1 iff α j = ϕ 1 for every j i. 1 α = GFa iff in α, a occurs infinitely often. 2 α = XX( Fc) iff Ifα(2) =, then α(j) =c for some j 2. 3 α = F(a X ( U a)) iff... (EXERCISE) Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Logics of Programs Behavioral Properties Augmenting LTL: the logic CTL We want to specify that every word of (S, s) satisfies an LTL specification ϕ, or that there exists a word in the Kripke structure such that something holds. We use CTL [EH83] which extends LTL with quantfications over words: Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Logics of Programs Behavioral Properties Interpretation over Trees We unravel S =(S, R,λ) from s as a tree Paths of S are retrieved in the tree as ranches. s S ψ 1,ψ 2 ( CTL ) ::= E ψ a ψ 1 ψ 2 ψ 1 X ψ 1 ψ 1 U ψ 2 Semantics: for a word α, a position i, and a rooted Kripke structure (S, s): α i = (S,s) E ψ iff α i = (S,s) ψ for some α in (S, s) st. α[,...,i] =α [,...,i] s s 1 s s 1 s 1 s s 1 s 2 s s 2 s s 1 s 2 Let A ψ def = E ψ CTL is more expressive than LTL: A [Glife GEX death] s s 1 s 1 s 1 s s 1 s 1 s 2 s s 1 s 2 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75

4 Logics of Programs Behavioral Properties Logics of Programs Behavioral Properties Interpretation over Trees In the tree, we keep only the information aout propositions in the current state along the path. λ(s ) S Interpretation over Trees We keep from the unraveling information aout propositions We assume that states have exactly two successors (ordered) S λ(s 1 ) λ(s 2 ) s s 1 EXERCISE draw the corresponding tree s s 1 λ(s 1 ) λ(s 2 ) s 2 We make a huge simplification: s 2 λ(s 1 ) λ(s 2 ) we consider only Kripke structures which unravel as full inary trees ut the theory generalizes to aritray structures. λ(s 2 ) Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Logics of Programs Behavioral Properties Σ-Laeled Full Binary Trees Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Logics of Programs Behavioral Properties The full inary tree and a {a, }-laeled tree ɛ t a The full inary tree is the set {, 1} of finite words over a two element alphaet. The root is the empty word ɛ. 1 a A node is some w {, 1}. Every w {, 1} has two children: a left son w and a right son w1. Definition A Σ-laeled (full inary) tree is a function t : {, 1} Σ. Trees(Σ) is the set of Σ-laeled full inary trees a a Oviously, we will take Σ = 2 Prop. In the example, Prop = {p}, and say a = {p}, =. Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75

5 The (propositional) Mu-calculus invented y Dana Scott and Jaco de Bakker, and further developed y Dexter Kozen D. Kozen. Results on the propositional μ-calculus. Theoretical Computer Science, 27(3): , A. Arnold and D. Niwinski. Rudiments of mu-calculus. North-Holland, 21. E. A. Emerson and C. S. Jutla. Tree automata, mu-calculus and determinacy. In Proceedings 32nd Annual IEEE Symp. on Foundations of Computer Science, FOCS 91, San Jose, Puerto Rico, 1-4 Oct 1991, pages IEEE Computer Society Press, Los Alamitos, California, Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Smooth Introduction Fundamental importance for several reasons, all related to its expressiveness: Uniform logical framework with great raw expressive power. It susumes most modal and temporal logic of programs (e.g. LTL, CTL, CTL ). the Mu-calculus over inary trees coincide in expressive power with alternating tree automata. the semantic of the Mu-calculus is anchored in the Tarski-Knaster theorem, giving a means to do iteration-ased model-checking in an efficient manner. Consider the CTL formula EFP (where P is some proposition): note that EFP P EX E FP so that EFP is a fixed-point. In fact, EFP is the least fixed-point, e.g. the least such that Z P EFZ. Not all modalities of e.g. CTL are needed as a asis BYO modalities with fixed-point definitions Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75

6 Aout lattices and fixed-points See Introduction to Lattices and Order, y B. A. Davey and H. A. Priestley. Camridge 22. A lattice (L, ) consists of a set L and a partial order such that any pair of elements has a greatest lower ound, the meet, and a least upper ound, the join, with the following properties: (associative law) (x y) z = x (y z) (commutative law) x y = y x (idempotency law) x x = x (asorption law) x (x y) =x And similarly for. Monotonic Functions f : L L is monotonic (order preserving) if x is a fixed-point of f if f (x) =x x, y L, x y f (x) f (y) Define f is the identity function, and f n+1 = f n f. Note that f monotonic implies that f n is monotonic. The identity function is monotonic and composing two monotonic functions gives a monotonic function. For example, given a set S, the powerset of S, (P(S), ), is a lattice. Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Tarski-Knaster fixed-point Theorem A lattice (L,, ) iscomplete if for all A L, A and A are defined; then there exist a minimum element = L and a maximum element = L. This is the case for (P(S), ): given a set A P(S) of susets, A = S A S and A = S A S. EXERCISE What are and? Theorem [Tar55] Let f e a monotonic function on (L,,, ) a complete lattice. Let A = {y f (y) y}, thenx= A istheleast fixed-point of f. (1) f (x) x: y A, x y, therefore f (x) f (y) y. So f (x) A = x. (2) x f (x): y monotonicity applied to (1), f 2 (x) f (x) sof (x) A, and x f (x). x is then a fixed-point, and ecause all fixed-points elong to A, x is the least. And similarly for the greatest fixed-point (with A = {y f (y) y}). Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Another Characterization of fixed-points (3) μz.f (z), the least fixed-point of f, is equal to i f i ( ), where i ranges over all ordinals of cardinality at most the state space L; when L is finite, μz.f (z) is the union of the following ascending chain f ( ) f 2 ( )... (4) νz.f (z) = i f i ( ), where i ranges over all ordinals of cardinality at most the state space L; when L is finite, νz.f (z) is the intersection of the following descending chain f ( ) f 2 ( )... EXERCISE Show it. Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75

7 Syntax of the Mu-calculus An alphaet Σ, and the associate set of propositions Prop = {P a } a Σ. A infinite set of variales Var = {Z, Z, Y,...}. Formulas β,β L μ ::= P a Z β β β β 1 β μz.β where P a Prop, Z Var. Write β for β 1 β, and[]β for β 1 β. β is a sentence if every occurrence of a variale in β are ounded y a μ operator. Write β β when β is a suformula of β. As μz.β is aout a least fixed-point (see later for its semantics), we need to ensure its existence, hence the notion of well-formed formulas. well-formed formulas For every suformula μz.β, Z appears only under the scope of an even numer of symols in β. Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 The meaning of μz.β Recall Semantics of well-formed formulas Fix a tree t Trees(Σ) Let val : Var 2 {,1} e a valuation of the variales. For every N {, 1}, we write val[n/z ] for val defined as val except that val (Z )=N Given a tree t : {, 1} Σ, [[ β ]] t val {, 1} denotes a set of nodes. [[ Z ]] t val = val(z ) [[ P a ]] t val = t 1 (a) [[ β ]] t val = {, 1} \ [[ β ]] t val [[ β β ]] t val = [[β ]] t val [[ β ]] t val [[ β ]] t val = {w {, 1} w [[ β ]] t val } [[ 1 β ]] t val = {w {, 1} w1 [[ β ]] t val } [[ μz.β ]] t val = {N P({, 1} ) [[ β ]] t val[n/z] N} Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Examples of formulas [[ μz.β ]] t val = {N P({, 1} ) [[ β ]] t val[n/z] N} μz.β denotes the least fixed-point of f :2 {,1} 2 {,1} f (N) =[[β ]] t val[n/z] where f is monotonic, since β is well-formed. By [Tar55] (for the lattice (2 {,1},, {, 1}, )), f has a least fixed-point (and a greatest fixed-point) and this is precisely the value of [[ μz.β ]] t. Let νz.β def = μz. β[ Z /Z ]. It is a greatest fixed-point. Notice that if β is sentence, then [[ μz.β ]] t val =[[μz.β ]] t val,forany val, val ; we write it [[ μz.β ]] t. Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 We assume we have true and false in the syntax, with [[ true ]] t val = {, 1} and [[ false ]] t val =. μz.z false νz.z true μz.p νz.p P Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75

8 Examples of formulas: aout CTL What is μz.p a Z? It is equivalent to EFa, whereas νz.p a Z true μz.p a Z P a (μz.p a Z ) P a (P a (μz.p a Z )) P a (P a (P a (μz.p a Z )))... Anodew [[ μz.p a Z ]] t if either it is in [[ P a ]] t or it has a child who is either in [[ P a ]] t or who has a child who is in [[ P a ]] t or who has a child who... The least set of nodes with this property is the set of nodes having a path eventually hitting a descendant node laeled y a. Hence the formula EF a. A a U μz.p P a []Z,since μz.p P a []Z P P a [](P P a [](P P a [](...))) whereas νz.p P a []Z A a W, theweak until. AG a νy.p a []Y,since νy.p a []Y P a [](P a [](P a [](...))) whereas μz.p a []Y false AG EF a νy.(μz.p a Z ) []Y EGF νy.μz. ( Y Z ) Intuitively, μ (resp. ν) refers to finite (resp. infinite) prefixes of computations. νz.p a [][]Z is not expressile in CTL [MP71, Wol83]. Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Positive normal form Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Alternation Depth (±1 in the literature) We push negation innermost in the formulas formulas in positive normal form Notice that d β = d β, ford {, 1}. EXERCISE What if we do not assume states always have successors? (that is ranches in the tree might e finite) Let β L μ e in positive normal form. We define ad(β), thealternation depth of β inductively y: ad(p a )=ad( P a )=ad(z )= ad(β β )=ad(β β )=max{ad(β), ad(β )} ad( d β) =ad(β), for d {, 1} ad(μz.β) =max({1, ad(β)} {ad(νz.β )+1 νz.β β,z free(νz.β )}) ad(νz.β) =max({1, ad(β)} {ad(μz.β )+1 μz.β β,z free(μz.β )}) Example: ad(νy.(μz.p a Z []Y )) = 2 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75

9 Fundamental Questions Some important results Model-checking and Satisfiaility Write L k μ = {β L μ ad(β) k}. CTL L 1 μ, and this is strict (recall νz.p a [][]Z is not expressile in CTL ) ad(νy.μz.( Y P a Z )) = 2, then EGFa is in L 2 μ. Theorem [Arn99, Bra96, Len96] The alternation hierarchy L μ, L 1 μ, L 2 μ... is strict. Theorem [BGL7] The variale hierarchy of the μ-calculus is strict. Write t = β whenever ɛ [[ β ]] t val. Let L(β) def = {t Trees(Σ) t = β} The Model-checking Prolem (Program Verification): Given regular tree t and a sentence β L μ, is it the case that t = β? The Satisfiaility Prolem (Program Synthesis): Does there exist a tree t such that t = β? Does there exist a regular tree? (The finite model property) Definition (informal) A tree is regular if it is otained y unraveling a (finite) Kripke structure. Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Fundamental Questions Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Automata on Infinite Ojects What next? Tree Automata to recognize certain trees: β L μ A β such that L(A β )={t Trees(Σ) t = β} The Model-checking Prolem The Memership Prolem Automata on Infinite Ojects The Satisfiaility Prolem The Emptiness Prolem Games (two-player zero-sum) provide very powerful tools. Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75

10 Automata on Infinite Ojects Generalities Automata on Infinite Ojects Non-deterministic Parity Tree (NDPT) Automata Automata on Infinite Ojects Automata with inputs like infinite words and infinite trees (and graphs). Automata on Infinite Trees [Ra69], [GH82, Mul84, EJ91], [GTW2, Chap. 8 and 9] Acceptance conditions: Büchi, Muller, Rain and Streett, Parity on every ranch of the run of the automaton on its input. Runs are trees, and accepting runs fulfill the acceptance condition. We consider parity acceptance condition. Also ω-automata are automata on infinite words [Büc62, McN66], [Tho9], [GTW2, Chap. 1] Acceptance conditions: Büchi, Muller, Rain and Streett, Parity Runs are paths, accepting runs fulfill the accepting condition. All coincide with ω-regular languages (L = i K iri ω ) deterministic Büchi are weaker. Connection with Logic LTL: LTL corresponds to FOL as well as star-free ω-regular languages. Non-deterministic Parity Tree Automata A (Σ-laeled full inary) tree t is input of an automaton. In a current node in the tree, the automaton has to decide which state to assume in each of the two child nodes. Definition A non-deterministic parity tree (NDPT) automaton is a structure A =(Q, Σ, q,δ,c) where Q( q ) is a finite set of states (q the initial state) δ Q Σ Q Q is the transition relation c : Q {,...,k}, k IN is the coloring function which assigns the index values (colors) to each states of A Runs Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Automata on Infinite Ojects Non-deterministic Parity Tree (NDPT) Automata Definition A run of A =(Q, Σ, q,δ,c) on an input tree t Trees(Σ) is a tree ρ Trees(Q) satisfying ρ(ɛ) =q,and for every node w {, 1} of t (and its sons w andw1), we have (ρ(w),ρ(w1)) δ(ρ(w), t(w)) Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Automata on Infinite Ojects Non-deterministic Parity Tree (NDPT) Automata Example Consider the automaton with states q a (initial) and, and the following transitions: a a a a q a q a q a q a q a q a q a q a q a q a q a δ(q a, a) = {(, )} δ(q a, ) = {(q a, q a )} δ(, a) = {(, )} δ(, ) = {(, )} with c(q a )=1andc( ) =. Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75

11 Automata on Infinite Ojects Non-deterministic Parity Tree (NDPT) Automata Automata on Infinite Ojects Non-deterministic Parity Tree (NDPT) Automata The parity acceptance condition Example 1 Given a run ρ, for a ranch γ in ρ write Inf c (γ) def = {j {,...,k} c(γ(i)) = j for infinitely many i} A run ρ is accepting (successful) iff for every ranch γ {, 1} ω of the tree ρ the parity acceptance condition is satisfied: min Inf c (γ) iseven Let L e the set of trees the ranches of which all contain an a. This may e expressed in L μ as μz.p a []Z in L μ. L may e characterized y the following tree automaton δ(q a, a) = {(, )} δ(q a, ) = {(q a, q a )} δ(, a) = {(, )} δ(, ) = {(, )} with q a initial, c(q a )=1,andc( ) =. Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Automata on Infinite Ojects Non-deterministic Parity Tree (NDPT) Automata Example 2 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Automata on Infinite Ojects Non-deterministic Parity Tree (NDPT) Automata Example 2 (Cont.) Tree automata are nondeterministic, and cannot e determinized in general. Let L a Trees({a, }) e the set of trees having a ranch with infinitely many a s. Consider the automaton with states q a, q, and transitions ( stands for either a or ). δ(q, a) = {(q a, ), (, q a )} δ(q, ) = {(q, ), (, q )} δ(, ) = {(, )} and coloring c(q )=1andc(q a )=c( ) = (only and 1 colors, this a Büchi condition) δ(q, a) = {(q a, ), (, q a )} δ(q, ) = {(q, ), (, q )} δ(, ) = {(, )} with c(q )=1andc(q a )=c( ) = From state, A accepts any tree. Any run from q a consists in a tree with of a single ranch laeled with states q a, q, whereas the rest of the run tree is laeled with. There are infinitely many states q a on this ranch iff there are infinitely many nodes laeled y a. Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75

12 Automata on Infinite Ojects Non-deterministic Parity Tree (NDPT) Automata Automata on Infinite Ojects Non-deterministic Parity Tree (NDPT) Automata Acceptance Other Acceptance Conditions Büchi is specified y a set F Q Acc = {γ Inf (γ) F } A tree t is accepted y A iff there exists an accepting run of A on t. The tree language recognized y A is L(A) def = {t t is accepted y A} Muller is specified y a set F P(Q), Acc = {γ Inf (γ) F} Rain is specified y a set {(R 1, G 1 ),...,(R k, G k )} where R i, G j Q, Acc = {γ i, Inf (γ) R i = and Inf (γ) G i } Streett is specified y a set {(R 1, G 1 ),...,(R k, G k )} where R i, G j Q, Acc = {γ i, Inf (γ) R i = or Inf (γ) G i } Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Automata on Infinite Ojects Non-deterministic Parity Tree (NDPT) Automata Other Acceptance Conditions Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Automata on Infinite Ojects Non-deterministic Parity Tree (NDPT) Automata Regular Tree Languages and Properties For the relationship etween these conditions see [GTW2]. Büchi is specified y a set F Q and this acceptace condition for runs is: Acc = {γ Inf (γ) F } Büchi tree automata are less expressive than the other acceptance conditions (which are equivalent) [Ra7]: for example, the complement of L a, that is finitely many a s on each ranch, cannot e characterized y any Büchi tree automaton. A tree language L Trees(Σ) is regular iff there exists a parity tree automaton which recognizes L. Tree automata are closed under sum, projection, and complementation. Tree automata cannot e determinized: L a Trees({a, }), the language of trees having one node laeled y a, is not recognizale y a deterministic tree automata (with any of the considered acceptance conditions). The proof for complementation uses the determinization result for word automata. Difficult proof [GTW2, Chap. 8], [Ra7] We will solve the Memership Prolem and the Emptiness Prolem for (nondeterministic) automata y using Parity Games. Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75

13 Games Generalities Games Generalities (Parity) Games (Parity) Games Two-person games on directed graphs. How are they played? What is a strategy? What does it mean to say that a player wins the game? Determinacy, forgetful strategies, memoryless strategies Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Games Generalities Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Games Generalities Arena An arena (or a game graph) is G =(V, V 1, E) V = Player positions, and V 1 = Player 1 positions (partition of V ) E V V is the edged-relation write σ {, 1} to designate a player, and σ =1 σ Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75

14 Games Generalities Games Generalities Plays Formally, a play in the arena G is either an infinite path π = v v 1 v 2... V ω with v i+1 v i E for all i ω, or a finite path π = v v 1 v 2...v l V + with v i+1 v i E for all i < l, ut v l E =. color and the rest is colored 1 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Games Generalities Games and Winning sets Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Games Parity Games Parity Winning Conditions Informally, an infinite play is winning if the minimal color that occurs infinitely often even. Let e G an arena and Win V ω e the winning condition Player is declared the winner of a play π in the game G if π is finite and last(π) V1 and last(π)e =, or π is infinite and π Win. Formally We color vertices of the arena y χ : V C where C is a finite set of so-called colors; it extends to plays χ(π) =χ(v )χ(v 1 )χ(v 2 )... C is a finite set of integers called priorities Let Inf χ (π) e the set of colors that occurs infinitely often in χ(π). Win is the set of infinite paths π such that min(inf C (π)) is even. Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75

15 Games Parity Games Games Parity Games Example of a parity game Strategies and winning region A strategy for Player σ is a function f σ : V V σ V A prefix play π = v v 1 v 2...v l is conform with f σ if for every i with i < l and v i V σ the function f σ is defined and we have v i+1 = f σ (v...v i ). Aplayisconform with f σ if each of its prefix is conform with f σ. The winning region for Player σ is the set W σ (G) V of all vertices such that Player σ wins (G, v) (to e defined rigorously) color and the rest is colored 1 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Games Parity Games Example of Winning Regions Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Games Memoryless Determinacy of Parity Games Determinacy of Parity Games AgameG =((V, E), Win) isdetermined when the sets W σ (G) andw σ (G) form a partition of V. Theorem Every parity game is determined. A strategy f σ is a positional (or memoryless) strategy whenever f σ (πv) =f σ (π v), v V σ W Theorem [EJ91, Mos91] In every parity game, oth players win memoryless. W 1 color and the rest is colored 1 See [GTW2, Chaps. 6 and 7] Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75

16 Games Solving Parity Games Memership and Emptiness Prolems for NDPT Automata Complexity Results Back to Decision Prolems for ND Tree Automata Theorem Wins = {(G, v) G a finite parity game and v a winning position of Player } is in NP co-np 1 Guess a memoryless strategy f of Player 2 Check whether f is memoryless winning strategy [BJW2] proposed a reduction from parity games to safety games, that leads to an algorithm in O(n(n/k) k/2 )(k + 1 colors). EXERCISE How would you solve a safety game? The Memership Prolem: A G A,t 1 Given a tree t andanndptautomatona, we uild a parity game (G A,t, v I )s.t.v I is in W (G A,t )ifft L(A). Moreover, if t is regular (i.e. represented y a finite KS (S, s)), we can uild a finite game. The Emptiness Prolem: A A G A 1 For each parity automaton A, we uild an Input Free automaton A such that L(A) iff A admits a successful run. 2 From A we uild a parity game G A such that (winning) strategies of Player and (successful) runs of A correspond. Both prolem reduce to solving parity games! Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Memership and Emptiness Prolems for NDPT Automata Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Memership and Emptiness Prolems for NDPT Automata The Memership Prolem: The Game Graph G A,t -positions are of the form (w, t(w), q). Moves from (w, t(w), ), with δ(q, t(w)) = {(q 1, q 1), (q 2, q 2),...(q m, q m )} are: (w, t(w), (q, t(w), q 1, q 1)) The Game Graph G A,t 1-positions are of the form (w, t(w), (q, t(w), q, q )). 2 possile moves from (w, t(w), (q, t(w), q, q )): (w, t(w), q ) (w, t(w), q) (w, t(w), (q, t(w), q 2, q 2)). (w,t(w),(q,t(w),q,q )) (w1, t(w1), q ) (w, t(w), (q, t(w), q m, q m)) Player chooses the transition (q, t(w), q, q ) from q for input t(w) Player 1 chooses the ranch in the run (left q,orrightq ) Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75

17 Memership and Emptiness Prolems for NDPT Automata Memership and Emptiness Prolems for NDPT Automata The Game Graph G A,t The Game Graph G A,t A =(Q, Σ, q,δ,c) V = set of triples (w, t(w), q) {, 1} Σ Q V 1 = set of triples (w, t(w),τ) {, 1} Σ δ Moves... Initial position in (ɛ, t(ɛ), q ) V Priorities: χ((w, t(w), q)) = c(q) χ((w, t(w), (q, t(w), q, q ))) = c(q) V :(w, t(w), state q) V 1 :(w, t(w), transition (q, t(w), q, q )) Moves from V :from(w, t(w), q), Player can move to (w, t(w), (q, t(w), q, q )), for every (q, t(w), q, q ) δ Moves from V :from(w, t(w), (q, t(w), q, q )), Player 1 can moves to (w, t(w), q )orto(w1, t(w1), q ). Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Memership and Emptiness Prolems for NDPT Automata Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Memership and Emptiness Prolems for NDPT Automata The Finite Game with a Regular Tree s 1 s Example of G A,t priorities 1 s 1 s 2 a s 1 s,, q a a, 1 With the automaton: s s,, (q a,, q, ) 1 s,, (q a,,, q ) s 1, a, 1 s 1, a, q s 2,, s 2,, q δ(q, a) ={(q a, ), (, q a )} δ(q, ) ={(q, ), (, q )} δ(, ) ={(, )} c(q a )=c( ) = c(q )=1 a a s 1 s s 1 1 s 1, a, (q, a, q a, ) s 2,, (,, ) s 1, a, (, a,, q a) s 1, a, (, a,, ) 1 1 s 2,, (q,, q, ) s 2,, (q,,, q ) 1 s 2,, q, s 2,, q a Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75

18 Memership and Emptiness Prolems for NDPT Automata Memership and Emptiness Prolems for NDPT Automata The Emptiness Prolem of NDTA We need the notion of input-free automata. Lemma An input-free (IF) automaton is A =(Q,δ,q I, Acc) where δ Q Q Q. For each parity automaton A there exists an IF automaton A such that L(A) iff A admits a successful run. A =(Q, Σ, q,δ,c) and define A =(Q Σ, {q I } Σ,δ, c ). A will guess non-deterministically the second component of its states, i.e. the laeling of a model. Formally, for each (q, a, q, q ) δ, we generate ((q, a), (q, x), (q, y)) δ,if (q, x, p, p ), (q, y, r, r ) δ for some p, p, q, q Q c (q, a) =c(q) Example IF Automaton A B (q a, a, q a, ), (q a, a,, q a ) ((q a, a), (q a, a), (, a)), ((q a, a), (, a), (q a, a)) ((q a, a), (q a, ), (, a)), ((q a, a), (, ), (q a, a)) ((q a, a), (q a, a), (, )), ((q a, a), (, a), (q a, )) ((q a, a), (q a, ), (, )), ((q a, a), (, ), (q a, )) (q a,, q, ), (q a,,, q ) ((q a, ), (q, a), (, a)), ((q a, a), (, a), (q, a)) ((q a, ), (q, ), (, a)), ((q a, a), (, ), (q, a)) ((q a, ), (q, a), (, )), ((q a, a), (, a), (q, )) ((q a, ), (q, ), (, )), ((q a, a), (, ), (q, )) (q, a, q a, ), (q, a,, q a )... (q,, q, ), (q,,, q )... (, a,, ) ((, a), (, a), (, a)) ((, a), (, ), (, a)) ((, a), (, a), (, )) ((, a), (, ), (, )) (,,, )... c ((q a, )) = c(q a )=, c ((, )) = c( ) =, c ((q, )) = c(q )=1 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Memership and Emptiness Prolems for NDPT Automata From IF Automata to Parity Games A an IF automaton a parity game G A Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Memership and Emptiness Prolems for NDPT Automata Example of G A q a, a Positions V = Q and V 1 = δ Moves for all (q, q, q ) δ (q, (q, q, q )) E ((q, q, q ), q ), ((q, q, q ), q ) E Priorities χ(q) =c(q) =χ((q, q, q )) q a, a q a, a, a, a q a, a q a,, a q a, a q a,, Lemma (Winning) Strategies of Player and (successful) runs of A correspond. Notice that G A has a finite numer of positions., a, a, a, a,, a, a,, Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75

19 Memership and Emptiness Prolems for NDPT Automata Memership and Emptiness Prolems for NDPT Automata Decidaility of Emptiness for NDPT Automata Finite Model Property Corollary If L(A) then L(A) contains a regular tree. Theorem For parity tree automata it is decidale whether their recognized language is empty or not. A A G A, and comined previous results. Use the memoryless winning strategy in G A. Formally, take A and its corresponding IF automatan A. Assume a successful run of A and a memoryless strategy f for Player in G A from some position (q I, a). The sugraph G A f induces a deteministic IF automaton A (without acc): extract the transitions out of G Af from positions in V 1. A isa suautomaton of A. A generates a regular tree t in the second component of its states. Now, t L(A) ecause A ehaves like A. Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Memership and Emptiness Prolems for NDPT Automata Complexity Issues Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Concluding remarks What we have seen Corollary The Emptiness Prolem for NDPT automata is in NP co-np. Notice that the size of G A is polynomial in the size of A (see [GTW2, p. 15, Chap. 8]). Remark The universality prolem is EXPTIME-complete (already for finite trees). Binary trees as a simplified setting to represent system s executions. Propositional μ-calculus that susumes all ranching-time temporal logics (LTL, CTL, CTL,PDL,...). Non-determinsitic tree automata (NDTA) to recognize regular tree languages. (Parity) games as astract mathematical tools to, e.g. check emptiness and memership prolems for NDTA. The emptiness prolem for NDTA is in NP co-np. Memoryless strategies deliver regular ojects. In particular, NDTA have the finite model property. Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75

20 Concluding remarks Concluding remarks What we have not seen A generalization of NDTA as Alternating Tree Automata (ATA) and the Simulation Theorem [MS95] that states an exponential time procedure to convert ATA into NDTA. ATA have the finite model property. Checking emptiness of ATA is in EXPTIME(in fact, complete). BUT checking memership for ATA is in NP co-np. The two-way translation μ-calculus formulas ATA. The μ-calculus has the finite model property. Satisfiaility of μ-calculus formulas is in EXPTIME. Model-checking μ-calculus formulas is in NP co-np. A. Arnold. The mu-calculus alternation-depth hierarchy is strict on inary trees. Research Report , LaBRI, Université Bordeaux I, Dietmar Berwanger, Erich Grädel, and Giacomo Lenzi. The variale hierarchy of the μ-calculus is strict. Theory Comput. Syst., 4(4): , 27. J. Bernet, D. Janin, and I. Walukiewicz. Permissive strategies: from parity games to safety games. Theoretical informatics and applications, 36: , 22. J. C. Bradfield. The modal mu-calculus alternation hierarchy is strict. In Proc. Concurrency Theory, 7th International Conference, CONCUR 96, Pisa, Italy, LNCS1119, pages , J. R. Büchi. On a decision method in restricted second order arithmetic. Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Concluding remarks In Proc. 196 Int. Congr. Logic, Methodology and Philosophy of Science, London, pages Stanford Univ. Press, E. A. Emerson and J. Y. Halpern. Sometimes and Not Never revisited: On ranching versus linear time. In Proc. 1th ACM Symp. Principles of Programming Languages, Austin, Texas, pages , January E. A. Emerson and C. S. Jutla. Tree automata, mu-calculus and determinacy. In Proceedings 32nd Annual IEEE Symp. on Foundations of Computer Science, FOCS 91, San Jose, Puerto Rico, 1 4 Oct 1991, pages IEEE Computer Society Press, Los Alamitos, California, E. A. Emerson. Temporal and modal logic. In J. van Leeuwen, editor, Handook of Theoretical Computer Science, vol. B, chapter 16, pages Elsevier Science Pulishers, 199. Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Concluding remarks Y. Gurevich and L. Harrington. Trees, automata, and games. In Proceedings of the Fourteenth Annual ACM Symposium on Theory of Computing, pages 6 65, San Francisco, California, May E. Grädel, W. Thomas, and T. Wilke, editors. Automata, Logics, and Infinite Games: A Guide to Current Research [outcome of a Dagstuhl seminar, Feruary 21], volume 25 of Lecture Notes in Computer Science. Springer, 22. Giacomo Lenzi. A hierarchy theorem for the μ-calculus. In F. Meyer auf der Heide and B. Monien, editors, Proceedings 23rd Int. Coll. on Automata, Languages and Programming, ICALP 96, Paderorn, Germany, 8 12 July 1996, volume 199 of Lecture Notes in Computer Science, pages Springer-Verlag, Berlin, R. McNaughton. Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75

21 Concluding remarks Testing and generating infinite sequences y a finite automaton. Information and Control, 9:521 53, Concluding remarks In Automata on Infinite Words, Le Mont Doré, LNCS 192, pages Springer-Verlag, May A. W. Mostowski. Games with foridden positions. Research Report 78, Univ. of Gdansk, R. McNaughton and S. Papert. Counter-Free Automata. MIT Press, Camridge, MA, David E. Muller and Paul E. Schupp. Simulating alternating tree automata y nondeterministic automata: New results and new proofs of the theorems of Rain, McNaughton and Safra. Theoretical Computer Science, 141(1 2):69 17, 17 April D. Muller. Alternating automata on infinite ojects, determinacy and Rain s theorem. M. O. Rain. Decidaility of second-order theories and automata on infinite trees. Trans. Amer. Math. Soc., 141:1 35, M. O. Rain. Weakly definale relations and special automata. In Symp. Math. Logic and Foundations of Set Theory, pages 1 23, 197. A. Tarski. A lattice-theoretical fixpoint theorem and its applications. Pacific J. Math., 5:285 39, W. Thomas. Automata on infinite ojects. In J. van Leeuwen, editor, Handook of Theoretical Computer Science, vol. B, chapter 4, pages Elsevier Science Pulishers, 199. Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 Concluding remarks Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75 P. Wolper. Temporal logic can e more expressive. Information and Control, 56:72 99, Sophie Pinchinat (IRISA) Logic, Automata, and Games M2RI / 75