## No full-text available

To read the full-text of this research,

you can request a copy directly from the authors.

We introduce an extension of Strategy logic for the imperfect-information setting, called SL ii , and study its model-checking problem. As this logic naturally captures multi-player games with imperfect information, the problem turns out to be undecidable. We introduce a syntactical class of " hierarchical instances " for which, intuitively, as one goes down the syntactic tree of the formula, strategy quantifications are concerned with finer observations of the model. We prove that model-checking SL ii restricted to hierarchical instances is decidable. This result, because it allows for complex patterns of existential and universal quantification on strategies, greatly generalises previous ones, such as decidability of multi-player games with imperfect information and hierarchical observations, and decidability of distributed synthesis for hierarchical systems. To establish the decidability result, we introduce and study QCTL * ii , an extension of QCTL (itself an extension of CTL with second-order quantification over atomic propositions) by parameterising its quantifiers with observations. The simple syntax of QCTL * ii allows us to provide a conceptually neat reduction of SL ii to QCTL * ii that separates concerns, allowing one to forget about strategies and players and focus solely on second-order quantification. While the model-checking problem of QCTL * ii is, in general, undecidable, we identify a syntactic fragment of hierarchical formulas and prove, using an automata-theoretic approach, that it is decidable. The decidability result for SL ii follows since the reduction maps hierarchical instances of SL ii to hierarchical formulas of QCTL * ii .

To read the full-text of this research,

you can request a copy directly from the authors.

... We introduce a logic for reasoning about knowledge and strategies. Our Epistemic Strategy Logic (ESL) is based on Strategy Logic, and besides boolean and temporal operators, it contains the imperfect-information strategy quantifier x o from (Berthon et al. 2017), which reads as "there exists a strategy x with observation o", and epistemic operators K a for each agent a. Our logic allows reasoning about agents whose means of observing the system changes over time, as agents may successively use strategies associated with different observations. ...

... Our approach to solve the model-checking problem for our logic extends that followed in (Laroussinie and Markey 2015;Berthon et al. 2017), which consists in "compiling" the strategic logic under study into an opportune variant of Quantified CTL * , or QCTL * for short (Laroussinie and Markey 2014). This is an extension of CTL * with secondorder quantification on propositions which serves as an intermediary, low-level logic between strategic logics and tree automata. ...

... In (Laroussinie and Markey 2015), model checking ATL * with strategy context is proved decidable by reduction to QCTL * . In (Berthon et al. 2017), model checking SL ii is proved decidable for a class of hierarchical instances by reduction to the hierarchical fragment of an imperfect information extension of QCTL * , called QCTL * ii . In this work we define EQCTL * ii , which extends further QCTL * ii with epistemic operators and an operator of observation change introduced recently in ( Barrière et al. 2018) in the context of epistemic temporal logics. ...

Two distinct semantics have been considered for knowledge in the context of strategic reasoning, depending on whether players know each other’s strategy or not. The problem of distributed synthesis for epistemic temporal specifications is known to be undecidable for the latter semantics, already on systems with hierarchical information. However, for the other, uninformed semantics, the problem is decidable on such systems. In this work we generalise this result by introducing an epistemic extension of Strategy Logic with imperfect information. The semantics of knowledge operators is uninformed, and captures agents that can change observation power when they change strategies. We solve the model-checking problem on a class of "hierarchical instances", which provides a solution to a vast class of strategic problems with epistemic temporal specifications on hierarchical systems, such as distributed synthesis or rational synthesis.

... We introduce a logic for reasoning about knowledge and strategies. Our Epistemic Strategy Logic (ESL) is based on Strategy Logic, and besides boolean and temporal operators, it contains the imperfect-information strategy quantifier x o from SL ii ( Berthon et al. 2017), which reads as "there exists a strategy x with observation o", and epistemic operators K a for each agent a. Our logic allows reasoning about agents whose means of observing the system changes over time, as agents may successively use strategies associated with different observations. ...

... Our approach to solve the model-checking problem for our logic extends that followed in (Laroussinie and Markey 2015;Berthon et al. 2017), which consists in "compiling" the strategic logic under study into an opportune variant of Quantified CTL * , or QCTL * for short (Laroussinie and Markey 2014). This is an extension of CTL * with second- order quantification on propositions which serves as an in- termediary, low-level logic between strategic logics and tree automata. ...

... In (Laroussinie and Markey 2015), model check- ing ATL * with strategy context is proved decidable by reduc- tion to QCTL * . In ( Berthon et al. 2017), model checking SL ii is proved decidable for a class of hierarchical instances by reduction to the hierarchical fragment of an imperfect in- formation extension of QCTL * , called QCTL * ii . In this work we define EQCTL * ii , which extends further QCTL * ii with epistemic operators and an operator of observation change introduced recently in Barrì ere et al. 2018) in the context of epistemic temporal logics. ...

Two distinct semantics have been considered for knowledge in the context of strategic reasoning, depending on whether players know each other's strategy or not. The problem of distributed synthesis for epistemic temporal specifications is known to be undecidable for the latter semantics, already on systems with hierarchical information. However, for the other, uninformed semantics, the problem is decidable on such systems. In this work we generalise this result by introducing an epistemic extension of Strategy Logic with imperfect information. The semantics of knowledge operators is uninformed, and captures agents that can change observation power when they change strategies. We solve the model-checking problem on a class of "hierarchical instances", which provides a solution to a vast class of strategic problems with epistemic temporal specifications on hierarchical systems, such as distributed synthesis or rational synthesis.

... Recently imperfect information has also been introduced in the setting of multi-agent temporal logics [20,21,2,3], and the main decidability results assume hierarchical information. However, while those logics allow to express rich interactions, it can somehow only consider qualitative properties. ...

... will not be able to know whether h or h has been played. We also define the 3 We extend all the above notions to infinite sequences in a straightforward way and to the notion of full play. ...

... Otherwise they are said invisible. Private and public visibility of payoffs, while not always assumed (see for instance [19,3]) are reasonable assumptions: using only her knowledge, a player knows her payoff. Public visibility is more restrictive, but will be required for some of the results. ...

We study Nash equilibria in games on graphs with an imperfect monitoring based on a public signal. In such games, deviations and players responsible for those deviations can be hard to detect and track. We propose a generic epistemic game abstraction, which conveniently allows to represent the knowledge of the players about these deviations, and give a characterization of Nash equilibria in terms of winning strategies in the abstraction. We then use the abstraction to develop algorithms for some payoff functions.

... We introduce a logic for reasoning about knowledge and strategies. Our Epistemic Strategy Logic (ESL) is based on Strategy Logic, and besides boolean and temporal operators, it contains the imperfect-information strategy quantifier x o from SL ii (Berthon et al. 2017), which reads as "there exists a strategy x with observation o", and epistemic operators K a for each agent a. Our logic allows reasoning about agents whose means of observing the system changes over time, as agents may successively use strategies associated with different observations. ...

... Our approach to solve the model-checking problem for our logic extends that followed in (Laroussinie and Markey 2015;Berthon et al. 2017), which consists in "compiling" the strategic logic under study into an opportune variant of Quantified CTL * , or QCTL * for short (Laroussinie and Markey 2014). This is an extension of CTL * with secondorder quantification on propositions which serves as an intermediary, low-level logic between strategic logics and tree automata. ...

... In (Laroussinie and Markey 2015), model checking ATL * with strategy context is proved decidable by reduction to QCTL * . In (Berthon et al. 2017), model checking SL ii is proved decidable for a class of hierarchical instances by reduction to the hierarchical fragment of an imperfect information extension of QCTL * , called QCTL * ii . In this work we define EQCTL * ii , which extends further QCTL * ii with epistemic operators and an operator of observation change introduced recently in ( Barrière et al. 2018) in the context of epistemic temporal logics. ...

Two distinct semantics have been considered for knowledge in the context of strategic reasoning, depending on whether players know each other's strategy or not. In the former case, that we call the informed semantics, distributed synthesis for epistemic temporal specifications is undecidable, already on systems with hierarchical information. However, for the other, uninformed semantics, the problem is decid-able on such systems. In this work we generalise this result by introducing an epistemic extension of Strategy Logic with imperfect information. The semantics of knowledge operators is uninformed, and captures agents that can change observation power when they change strategies. We solve the model-checking problem on a class of "hierarchical in-stances", which provides a solution to a vast class of strategic problems with epistemic temporal specifications, such as distributed or rational synthesis, on hierarchical systems.

... In this section we solve the model-checking problem for both Prompt-SL and BOSL with a uniform approach which, in fact, works also for the combination of the two logics. As done in [32] for ATL with strategy context, in [6] for an extension of it with imperfect information and in [7] for Strategy Logic with imperfect information, we go through an adequate extension of QCTL * , which itself extends CTL * with second-order quantification. This approach makes automata constructions and their proof of correctness easier and clearer. ...

... As for ATL * with strategy context [32] and Strategy Logic with imperfect information [7], the model-checking problems for both Prompt-SL and BOSL (as well as their combination) can be easily reduced to that of Bound-QCTL * (see Appendix A.6). As a consequence of these reductions and of Theorem 25, we get: ...

... One can prove the following lemma, where ϕ is either a Prompt-SL or a BOSL formula. The translation is essentially the same as in [32] and [7], and the cases for the new operators should be clear from their semantics. ...

Program synthesis constructs programs from specifications in an automated way. Strategy Logic (SL) is a powerful and versatile specification language whose goal is to give theoretical foundations for program synthesis in a multi-agent setting. One limitation of Strategy Logic is that it is purely qualitative. For instance it cannot specify quantitative properties of executions such as "every request is quickly granted", or quantitative properties of trees such as "most executions of the system terminate". In this work, we extend Strategy Logic to include quantitative aspects in a way that can express bounds on "how quickly" and "how many". We define Prompt Strategy Logic, which encompasses Prompt LTL (itself an extension of LTL with a prompt eventuality temporal operator), and we define Bounded-Outcome Strategy Logic which has a bounded quantifier on paths. We supply a general technique, based on the study of automata with counters, that solves the model-checking problems for both these logics.

... Simple Reactive Modules [36] is a model specification language that is based on Reactive Modules [1] and has been used to describe multi-player games with LTL goals [19,18]. Reactive Modules games (RMG) are an extension of iBGs in which one can specify constraints on the power that a player has over the variables that such a player controls 5 . In addition, one can specify multi-player games directly in a highlevel description language (which one can then use as the input of a verification tool -Reactive Modules are used, e.g., in MOCHA [2] and PRISM [26]), which is more convenient from a user point of view for modelling purposes. ...

... However, as the expressive power of LDL F is incomparable with the one of LTL, it is not clear whether the undecidability proof (which strongly relies on the expressiveness of LTL) can be retained in this case. Moreover, it has been shown that for specific cases of imperfect information in games with LTL objectives, the problem might be decidable [4,5]. For this reason, we plan to address this question in future work. ...

Linear Dynamic Logic on finite traces LDLf is a powerful logic for reasoning about the behaviour of concurrent and multi-agent systems. In this paper, we investigate techniques for both the characterisation and verification of equilibria in multi-player games with goals/objectives expressed using logics based on LDLf. This study builds upon a generalisation of Boolean games, a logic-based game model of multi-agent systems where players have goals succinctly represented in a logical way. Because LDLf goals are considered, in the settings we study -- Reactive Modules games and iterated Boolean games with goals over finite traces -- players' goals can be defined to be regular properties while achieved in a finite, but arbitrarily large, trace. In particular, using alternating automata, the paper investigates automata-theoretic approaches to the characterisation and verification of (pure strategy Nash) equilibria, shows that the set of Nash equilibria in multi-player games with LDLf objectives is regular, and provides complexity results for the associated automata constructions.

... The notion of admissible strategy was studied for observationbased strategies in [6], and Doomsday equilibria, that are an extension of secure equilibria to the k player case [12], are also considered for imperfect information. In [1], Berthon et al. study an extension of strategy logic [16,25] in which quantification over strategies can be restricted to observation-based strategies. This opens the possibility to reason on strategies in games with imperfect information. ...

... A strategy σ i for Player i is winning 1 for objective O if out (σ i )⊆O. 1 Here we implicitly consider a two-player zero-sum game in which Player i has objective O and plays against all the other players in Ω \ {i } who have objective O. ...

In this paper, we study the rational synthesis problem for turn-based multiplayer non zero-sum games played on finite graphs for omega-regular objectives. Rationality is formalized by the concept of Nash equilibrium (NE). Contrary to previous works, we consider here the more general and more practically relevant case where players are imperfectly informed. In sharp contrast with the perfect information case, NE are not guaranteed to exist in this more general setting. This motivates the study of the NE existence problem. We show that this problem is ExpTime-C for parity objectives in the two-player case (even if both players are imperfectly informed) and undecidable for more than 2 players. We then study the rational synthesis problem and show that the problem is also ExpTime-C for two imperfectly informed players and undecidable for more than 3 players. As the rational synthesis problem considers a system (Player 0) playing against a rational environment (composed of k players), we also consider the natural case where only Player 0 is imperfectly informed about the state of the environment (and the environment is considered as perfectly informed). In this case, we show that the ExpTime-C result holds when k is arbitrary but fixed. We also analyse the complexity when k is part of the input.

... In the context of incomplete knowledge, the behaviors of the agents only depend on their observations, similarly to imperfect information games as done by Berthon et al. [16]. The strategies, as defined above, do not necessarily take observations of the agents into account. ...

... 16. CMAPF UND , CMACP-init UND and CMACP UND are PSPACE-hard on planar graphs. ...

Path planning is the task of devising a sequence steps for a mobile entity to follow. This task is required at the center of numerous real-world problems. The study of autonomous planning can allow one to reduce congestion, pollution, accidents, costs and more. In some applications, it is important to consider the connectivity of the agents. Although some settings guarantee a permanent connectivity among entities, this is not always true in applications with open environments. Another aspect that can be found in many applications is the lack of complete knowledge of the area in which the entities move. For instance, in exploration missions, the agents are not provided any information of the environment and must discover it by themselves. An important problem, called Multi-Agent Path Finding, is to find a sequence of steps for a group of agents to reach specified targets while avoiding collisions. First, we present a framework to study and model connectivity-based multi-agent path planning problems. We provide a detailed initial work on the complexity of this framework and an optimal algorithm to solve it. Second, we extend our connectivity framework to the incomplete knowledge setting and show the complexity of the connected and decentralized computation of plans under partially known environments.

... For example, formula ∃s K a (a, s) X φ means that agent a knows a strategy that she can use to achieve φ on the next step. The literature on the strategy logic covers model checking [10,13], synthesis [16], decidability [29,39], and bisimulation [9]. Aminof et al. proposed a probabilistic strategy logic [6]. ...

... At the same time, [40] is missing knowledge modality and ability to refer to the past, which are present in our logic. Decidability and model checking problems for ATL-like systems has also been widely studied [7,12,13]. An alternative approach to expressing the power to achieve a goal in a temporal setting is the STIT logic [11,26,27,34,42]. ...

The article proposes a trimodal logical system that can express the strategic ability of coalitions to learn from their experience. The main technical result is the completeness of the proposed system.

... As future work, we plan to build upon the techniques developed here to investigate epistemic extensions of strategic logics with imperfect information. Several such logics have been defined and studied recently [2,5,6,3,4], and [6] in particular already presents the feature of dynamic observation change via change of strategy. We believe that the present work will help to establish new results on the model checking of such logics. ...

... As future work, we plan to build upon the techniques developed here to investigate epistemic extensions of strategic logics with imperfect information. Several such logics have been defined and studied recently [2,5,6,3,4], and [6] in particular already presents the feature of dynamic observation change via change of strategy. We believe that the present work will help to establish new results on the model checking of such logics. ...

We study dynamic changes of agents' observational power in logics of knowledge and time. We consider CTL*K, the extension of CTL* with knowledge operators, and enrich it with a new operator that models a change in an agent's way of observing the system. We extend the classic semantics of knowledge for perfect-recall agents to account for changes of observation, and we show that this new operator strictly increases the expressivity of CTL*K. We reduce the model-checking problem for our logic to that for CTL*K, which is known to be decidable. This provides a solution to the model-checking problem for our logic, but its complexity is not optimal. Indeed we provide a direct decision procedure with better complexity.

... Recently imperfect information has also been introduced in the setting of multi-agent temporal logics [2,3,20,21], and the main decidability results assume hierarchical information. However, while those logics allow to express rich interactions, it can somehow only consider qualitative properties. ...

... Private visibility of payoffs, while not always assumed (see for instance [3,19]), are reasonable assumptions: using only her knowledge, a player knows her payoff. Public visibility is more restrictive, but will be required for some of the results. ...

We study pure Nash equilibria in games on graphs with an imperfect monitoring based on a public signal. In such games, deviations and players responsible for those deviations can be hard to detect and track. We propose a generic epistemic game abstraction, which conveniently allows to represent the knowledge of the players about these deviations, and give a characterization of Nash equilibria in terms of winning strategies in the abstraction. We then use the abstraction to develop algorithms for some payoff functions.

... In one line, a translation of ATL formulas with imperfect information and imperfect recall strategies that provide a lower and upper bounds for their truth values is presented in [6]. In another line, restrictions are made on how information is shared amongst the agents, so as to retain decidability [7]. In a related line, interactions amongst agents are limited to public actions only [8,9]. ...

... model checking. The main loop (lines[3][4][5][6][7][8][9][10][11][12] works until all the sub-formulas of ϕ are treated. By starting from the first formula of the list, the loop in lines 5-11 proceeds for each state, and checks the current sub-formula against the currently selected submodels M n and M p . ...

In logics for the strategic reasoning the main challenge is represented by their verification in contexts of imperfect information and perfect recall. In this work, we show a technique to approximate the verification of Alternating-time Temporal Logic (ATL*) under imperfect information and perfect recall, which is known to be undecidable. Given a model M and a formula $\varphi$, we propose a verification procedure that generates sub-models of M in which each sub-model M' satisfies a sub-formula $\varphi'$ of $\varphi$ and the verification of $\varphi'$ in M' is decidable. Then, we use CTL* model checking to provide a verification result of $\varphi$ on M. We prove that our procedure is in the same class of complexity of ATL* model checking under perfect information and perfect recall, we present a tool that implements our procedure, and provide experimental results.

... Goranko and van Drimmelen [32] gave a complete axiomatization of ATL. Additionally, decidability and model checking problems for ATL-like systems has also been studied in recent works [8,13,14]. Another approach to express "power to achieve" in a temporal setting is STIT logic [11,33,35,36,45]. Broersen, Herzig, and Troquard have shown that coalition logic can be embedded into a variation of STIT logic with the temporal modality "next-step" [17]. ...

A coalition of agents, or a single agent, has an ethical dilemma between several statements if each joint action of the coalition forces at least one specific statement among them to be true. For example, any action in the trolley dilemma forces one specific group of people to die. In many cases, agents face ethical dilemmas because they are restricted in the amount of the resources they are ready to sacrifice to overcome the dilemma. The paper presents a sound and complete modal logical system that describes properties of dilemmas for a given limit on a sacrifice.

... Among the others, we mention checking the uniqueness of Nash Equilibrium under imperfect information for reachability targets. This field has received much attention recently and some results can be found in top venues such as [29,30]. However, all the approaches used in the mentioned papers lead to a nonelementary complexity, as they are shaped for very reach strategic formalisms to represent the solution concepts, and thus far beyond the tight complexity we achieve instead in this work. ...

In game theory, deciding whether a designed player wins a game amounts to check whether he has a winning strategy. However, there are several game settings in which knowing whether he has more than a winning strategy is also important. For example, this is crucial in deciding whether a game admits a unique Nash Equilibrium, or in planning a rescue as this would provide a backup plan. In this paper we study the problem of checking whether, in a two-player reachability game, a designed player has more than a winning strategy. We investigate this question both under perfect and imperfect information about the moves performed by the players. We provide an automata-based solution that results, in the perfect information setting, in a linear-time procedure; in the imperfect information setting, instead, it shows an exponential-time upper bound. In both cases, the results are tight.

... We expect that these notions of bisimulation, together with the appropriate Hennessy-Milner properties, help identifying fragments in which the existence of a Nash Equilibrium cannot be expressed. Further, we plan to study the bisimulation for SL in the context of imperfect information, in both cases of perfect and imperfect recall Berthon et al. 2017;Cermák et al. 2018). Finally, we aim at developing abstraction and refinement techniques for application to system verification. ...

In this paper we advance the state of the art on the subject of bisimulations for logics of strategies. Bisimulations are a key notion to study the expressive power of a modal language, as well as for applications to system verification. In this contribution we present novel notions of bisimulation for several significant fragments of Strategy Logic (SL), and prove that they preserve the interpretation of formulas in the corresponding fragments. In selected cases we are able to prove that such bisimulations enjoy the Hennessy-Milner property. Finally, we make use of bisimulations to study the expressive-ness of the various fragment of SL, including the complexity of their model checking problems.

... Two recent works involve dynamic changes of observation power. The first one [2] studies an imperfect-information extension of Strategy Logic [18] in which agents can change observation power when changing strategies, but the logic does not allow reasoning about knowledge. The second [17] extends the latter with knowledge operators, and solves the model-checking problem for a fragment related to the notion of hierarchical information [14,20,21]. ...

We study dynamic changes of agents’ observational power in logics of knowledge and time. We consider CTLK*, the extension of CTL* with knowledge operators, and enrich it with a new operator that models a change in an agent’s way of observing the system. We extend the classic semantics of knowledge for agents with perfect recall to account for changes of observational power, and we show that this new operator increases the expressivity of CTLK*. We reduce the model-checking problem for our logic to that for CTLK*, which is known to be decidable. This provides a solution to the model-checking problem for our logic, but it is not optimal, and we provide a direct model-checking procedure with better complexity.

... This reduction is a rather straightforward adaptation of the usual one for qualitative variants of SL (see e.g. [53,11,40]). We essentially observe that it can be lifted to the quantitative setting. ...

Temporal logics are extensively used for the specification of on-going behaviours of reactive systems. Two significant developments in this area are the extension of traditional temporal logics with modalities that enable the specification of on-going strategic behaviours in multi-agent systems, and the transition of temporal logics to a quantitative setting, where different satisfaction values enable the specifier to formalise concepts such as certainty or quality. We introduce and study FSL---a quantitative extension of SL (Strategy Logic), one of the most natural and expressive logics describing strategic behaviours. The satisfaction value of an FSL formula is a real value in [0,1], reflecting `how much' or `how well' the strategic on-going objectives of the underlying agents are satisfied. We demonstrate the applications of FSL in quantitative reasoning about multi-agent systems, by showing how it can express concepts of stability in multi-agent systems, and how it generalises some fuzzy temporal logics. We also provide a model-checking algorithm for our logic, based on a quantitative extension of Quantified CTL*.

... Several approaches for the verification of specifications in AT L and AT L * under imperfect information and perfect recall have been recently put forward. In one line, restrictions are made on how information is shared amongst the agents, so as to retain decidability (Berthon et al. 2017). In a related line, interactions amongst agents are limited to public actions only (Belardinelli et al. 2017b;2017a). ...

We investigate the verification of Multi-agent Systems against strategic properties expressed in Alternating-time Temporal Logic under the assumptions of imperfect information and perfect recall. To this end, we develop a three-valued semantics for concurrent game structures upon which we define an abstraction method. We prove that concurrent game structures with imperfect information admit perfect information abstractions that preserve three-valued satisfaction. Further, we present a refinement procedure to deal with cases where the value of a specification is undefined. We illustrate the overall procedure in a variant of the Train Gate Controller scenario under imperfect information and perfect recall.

... We have compared these approaches to ours in the beginning of Section 4. More generally, other restrictions on iCGS have been investigated recently, notably the hierarchical systems in [11,12], which are nonetheless orthogonal to the present setting. In particular, notice that no hierachy is assumed on the observations of agents in vCGS, nor anything similar appears in standard TF attacks. ...

We introduce a subclass of concurrent game structures (CGS) with imperfect information in which agents are endowed with private data-sharing capabilities. Importantly, our CGSs are such that it is still decidable to model-check these CGSs against a relevant fragment of ATL. These systems can be thought as a generalisation of architectures allowing information forks, in the sense that, in the initial states of the system, we allow information forks from agents outside a given set A to agents inside this A. For this reason, together with the fact that the communication in our models underpins a specialised form of broadcast, we call our formalism A-cast systems. To underline, the fragment of ATL for which we show the model-checking problem to be decidable over A-cast is a large and significant one; it expresses coalitions over agents in any subset of the set A. Indeed, as we show, our systems and this ATL fragments can encode security problems that are notoriously hard to express faithfully: terrorist-fraud attacks in identity schemes.

... Different types of strategies, based on sequences of actions, states or atomic propositions, are also considered in [22], with a focus on bisimulation invariance. When considering partial-observation strategies, model checking is undecidable (as is already the case for ATL [15]); a decidable fragment of SL is identified in [4], with a hierarchical restriction on nested strategy quantifiers. This study of imperfect-information games has been extended with epistemic variants of SL, which allows to reason about the knowledge of agents. ...

Strategy Logic (SL) is a very expressive logic for specifying and verifying properties of multi-agent systems: in SL, one can quantify over strategies, assign them to agents, and express properties of the resulting plays. Such a powerful framework has two drawbacks: first, model checking SL has non-elementary complexity; second, the exact semantics of SL is rather intricate, and may not correspond to what is expected. In this paper, we focus on strategy dependences in SL, by tracking how existentially-quantified strategies in a formula may (or may not) depend on other strategies selected in the formula. We study different kinds of dependences, refining the approach of [Mogavero et al., Reasoning about strategies: On the model-checking problem, 2014], and prove that they give rise to different satisfaction relations. In the setting where strategies may only depend on what they have observed, we identify a large fragment of SL for which we prove model checking can be performed in 2EXPTIME.

... In the conference version of this work[6] we made a mistake here: we wrote that I φ = I φ i , which is not the case in general.As a consequence we do need to narrow down automata, unlike what was written in the conference version.ACM Trans. Comput. ...

We introduce an extension of Strategy Logic for the imperfect-information setting, called SLii, and study its model-checking problem. As this logic naturally captures multi-player games with imperfect information, this problem is undecidable; but we introduce a syntactical class of "hierarchical instances" for which, intuitively, as one goes down the syntactic tree of the formula, strategy quantifications are concerned with finer observations of the model, and we prove that model-checking SLii restricted to hierarchical instances is decidable. To establish this result we go through QCTL, an intermediary, "low-level" logic much more adapted to automata techniques. QCTL is an extension of CTL with second-order quantification over atomic propositions. We extend it to the imperfect information setting by parameterising second-order quantifiers with observations. While the model-checking problem of QCTLii is, in general, undecidable, we identify a syntactic fragment of hierarchical formulas and prove, using an automata-theoretic approach, that it is decidable. We apply our result to solve complex strategic problems in the imperfect-information setting. We first show that the existence of Nash equilibria for deterministic strategies is decidable in games with hierarchical information. We also introduce distributed rational synthesis, a generalisation of rational synthesis to the imperfect-information setting. Because it can easily be expressed in our logic, our main result provides solution to this problem in the case of hierarchical information.

... We use a variant of the reductions presented in (Laroussinie and Markey 2015;Fijalkow et al. 2018;Berthon et al. 2017;Maubert and Murano 2018;Bouyer et al. 2019), which transform instances of the model-checking problem for various strategic logics to (extensions of) QCTL * . ...

Nondeterministic strategies are strategies (or protocols, or plans) that, given a history in a game, assign a set of possible actions, all of which are winning. An important problem is that of refining such strategies. For instance, given a nondeterministic strategy that allows only safe executions, refine it to, additionally, eventually reach a desired state of affairs. We show that strategic problems involving strategy refinement can be solved elegantly in the framework of Strategy Logic (SL), a very expressive logic to reason about strategic abilities. Specifically, we introduce an extension of SL with nondeterministic strategies and an operator expressing strategy refinement. We show that model checking this logic can be done at no additional computational cost with respect to standard SL, and can be used to solve a variety of problems such as synthesis of maximally permissive strategies or refinement of Nash equilibria.

... Finally, we want to target the distributed synthesis problem [28]. Several fragments of the problem have been proven to be decidable, e.g., when the information of agents is arranged hierarchically [19], the number of agents is limited [34], or the actions are made public [15]. We conjecture that the ability to disseminate information and reason about it might prove useful in this setting. ...

We propose a formalism to model and reason about reconfigurable multi-agent systems. In our formalism, agents interact and communicate in different modes so that they can pursue joint tasks; agents may dynamically synchronize, exchange data, adapt their behaviour, and reconfigure their communication interfaces. Inspired by existing multi-robot systems, we represent a system as a set of agents (each with local state), executing independently and only influence each other by means of message exchange. Agents are able to sense their local states and partially their surroundings. We extend ltl to be able to reason explicitly about the intentions of agents in the interaction and their communication protocols. We also study the complexity of satisfiability and model-checking of this extension.

... Finally, we want to target the distributed synthesis problem [18]. Several fragments of the problem have been proven to be decidable, e.g., when the information of agents is arranged hierarchically [12], the number of agents is limited [23], or the actions are made public [11]. We conjecture that the ability to disseminate information and reason about it might prove useful in this setting. ...

We propose a formalism to model and reason about multi-agent systems. We allow agents to interact and communicate in different modes so that they can pursue joint tasks; agents may dynamically synchronize, exchange data, adapt their behaviour, and reconfig-ure their communication interfaces. The formalism defines a local behaviour based on shared variables and a global one based on message passing. We extend ltl to be able to reason explicitly about the intentions of the different agents and their interaction protocols. We also study the complexity of satisfiability and model-checking of this extension.

... I am not aware of results similar to my sufficient condition for universal existence, but there is an extensive literature, starting around [18], that studies related decision problems of existence: in some class of games, is the existence of a uniform winning strategy decidable and how quickly? Some classes of games come from strategy logic, introduced in [4] and connected to information imperfectness, e.g., in [2]. Some other classes come from dynamic epistemic logic, introduced in [8] and connected to games, e.g., in [20] and to decision procedures, e.g., in [14]. ...

Two-player win/lose games of infinite duration are involved in several disciplines including computer science and logic. If such a game has deterministic winning strategies, one may ask how simple such strategies can get. The answer may help with actual implementation, or to win despite imperfect information, or to conceal sensitive information especially if the game is repeated.

... The literature on the strategy logic covers model checking (Berthon, Maubert, Murano, Rubin, & Vardi, 2017), synthesis (Čermák, Lomuscio, & Murano, 2015), decidability (Mogavero, Murano, Perelli, & Vardi, 2012, 2017, and bisimulation (Belardinelli, Dima, & Murano, 2018). We are not aware of any completeness results for a strategy logic with quantifiers over strategies. ...

If an agent, or a coalition of agents, has a strategy, knows that she has a strategy, and knows what the strategy is, then she has a know-how strategy. Several modal logics of coalition power for know-how strategies have been studied before.
The contribution of the article is three-fold. First, it proposes a new class of know-how strategies that depend on the intelligence information about the opponents’ actions. Second, it shows that the coalition power modality for the proposed new class of strategies cannot be expressed through the standard know-how modality. Third, it gives a sound and complete logical system that describes the interplay between the coalition power modality with intelligence and the distributed knowledge modality in games with imperfect information.<br/

... In the context of imperfect information, the behaviors of the agents only depend on their observations, as in imperfect information games as in [33]. The strategies, as defined above, do not necessarily take observations of the agents into account. ...

... Several semantical subclasses of MAS has been identified for which model checking for SL is decidable. The efficient verification algorithms have been developed for: One-Goal SL (Cermák, Lomuscio, and Murano 2015); SL with Simple Goals, where goals are restricted to simple LTL formulae (Belardinelli et al. 2019b); SL with Knowledge for memoryless MAS with incomplete information (Cermák et al. 2018); SL for MAS with imperfect in-formation and public actions, i.e., systems where all actions are visible to all agents (Belardinelli et al. 2017); imperfectinformation SL, where the restriction is to a syntactical class of "hierarchical instances" (Berthon et al. 2017). We plan to extend our tool to deal also with the above formalisms. ...

Synthesis of models and strategies is a very important task in software engineering. The main problem here consists in checking the satisfiability of formulae expressing the specification of a system to be implemented. This paper puts forward a novel method for deciding the satisfiability of formulae of Alternating-time Temporal Logic (ATL) under perfect and imperfect information. The synthesised models of strategic games are often minimal. The method expands the one for CTL exploiting SAT Modulo Monotonic Theories (SMMT) solvers. Our tool MsATL combines SMMT solvers with two existing ATL model checkers: MCMAS and STV. This is the first ever tool for checking the satisfiability of imperfect information ATL. The experimental results show that, similarly to the CTL case, our approach appears to be very efficient and can quickly check the satisfiability of large ATL formulae that have been out of reach of the existing approaches.

... Further points of interest can be motivated from a game-theory lens, such as introducing imperfect information. Earlier work has already introduced imperfect information to problems in synthesis and verification -see [3,8,27]. Finally, the work can be extended to both the general CGS formalism (as opposed to iBGs) and to querying other properties/equilibrium concepts outside of the Nash equilibria. ...

The problem of finding pure strategy Nash equilibria in multiagent concurrent games with finite-horizon temporal goals has received some recent attention. Earlier work solved this problem through the use of Rabin automata. In this work, we take advantage of the finite-horizon nature of the agents' goals and show that checking for and finding pure strategy Nash equilibria can be done using a combination of safety games and lasso testing in B\"uchi automata. To separate strategic reasoning from temporal reasoning, we model agents' goals by deterministic finite-word automata (DFAs), since finite-horizon logics such as LTL\textsubscript{f} and LDL\textsubscript{f} are reasoned about through conversion to equivalent DFAs. This allow us characterize the complexity of the problem as PSPACE complete.

Reactive Modules is a high-level modelling language for concurrent, distributed, and multi-agent systems, which is used in a number of practical model checking tools. Reactive Modules Games are a game-theoretic extension of Reactive Modules, in which system components are assumed to act strategically in an attempt to satisfy a temporal logic formula representing their individual goal. Reactive Modules Games with perfect information have been extensively studied, and the complexity of game theoretic decision problems relating to such games (such as the existence of Nash equilibria) have been comprehensively classified. In this article, we study Reactive Modules Games in which agents have only partial visibility of their environment.

The article compares two different approaches of incorporating probability into coalition logics. One is based on the semantics of games with stochastic transitions, and the other on games with the stochastic failures. The work gives an example of a non-trivial property of coalition power for the first approach and a complete axiomatization for the second approach. It turns out that the logical properties of the coalition power modality under the second approach depend on whether the modal language allows the empty coalition. The main technical results for the games with stochastic failures are a strong completeness theorem for the logical system without the empty coalition and an incompleteness theorem which shows that there is no strongly complete logical system in the language with the empty coalition.

This paper proposes a logical framework for representing and reasoning about imperfect information games. We first extend Game Description Language (GDL) with the standard epistemic operators and provide it with a semantics based on the epistemic state transition model. We then demonstrate how to use the language to represent the rules of an imperfect information game and formalize common game properties as well as epistemic properties. We also show how to use the framework to reason about players' own and each others' knowledge during game playing. Furthermore, we prove that the model-checking problem of the framework is in Δ2p, even though its lower bound is Θ2p. These results indicate that the framework makes a good balance between expressive power and computational efficiency. Finally we provide a sound and complete axiomatic system for this logic. With action, temporal and epistemic operators, the completeness proof requires a novel combination of techniques used for completeness of dynamic logic and epistemic temporal logics. The proof theory provides a feasible tool to analyze properties of a family of games.

We introduce an extension of Strategy Logic for the imperfect-information setting, called SL ii and study its model-checking problem. As this logic naturally captures multi-player games with imperfect information, this problem is undecidable; but we introduce a syntactical class of “hierarchical instances” for which, intuitively, as one goes down the syntactic tree of the formula, strategy quantifications are concerned with finer observations of the model, and we prove that model-checking SL ii restricted to hierarchical instances is decidable. This result, because it allows for complex patterns of existential and universal quantification on strategies, greatly generalises the decidability of distributed synthesis for systems with hierarchical information. It allows us to easily derive new decidability results concerning strategic problems under imperfect information such as the existence of Nash equilibria or rational synthesis.
To establish this result, we go through an intermediary, “low-level” logic much more adapted to automata techniques. QCTL * is an extension of CTL * with second-order quantification over atomic propositions that has been used to study strategic logics with perfect information. We extend it to the imperfect information setting by parameterising second-order quantifiers with observations. The simple syntax of the resulting logic, QCTL * ii , allows us to provide a conceptually neat reduction of SL ii to QCTL * ii that separates concerns, allowing one to forget about strategies and players and focus solely on second-order quantification. While the model-checking problem of QCTL * ii is, in general, undecidable, we identify a syntactic fragment of hierarchical formulas and prove, using an automata-theoretic approach, that it is decidable.

Strategy Logic (SL) is a logical formalism for strategic reasoning in multi-agent systems. Its main feature is that it has variables for strategies that are associated to specific agents using a binding operator. In this paper we introduce Graded Strategy Logic (GradedSL), an extension of SL by graded quantifiers over tuples of strategy variables, i.e., “there exist at least g different tuples of strategies” where g is a cardinal. We prove that the model-checking problem of GradedSL is decidable. We then turn to the complexity of fragments of GradedSL. When the g's are restricted to finite cardinals, written GradedNSL, the complexity of model-checking is no harder than for SL, i.e., it is non-elementary in the quantifier-block rank. We illustrate our formalism by showing how to count the number of different strategy profiles that are Nash equilibria (NE). By analysing the structure of the specific formulas involved, we conclude that the important problem of checking for the existence of a unique NE can be solved in 2ExpTime, which is not harder than merely checking for the existence of such an equilibrium.

The article studies the ability of agents with bounded memory to execute con- secutive composition of plans. It gives an upper limit on the amount of memory required to execute the composed plans and shows that the limit cannot be im- proved. Furthermore, the article shows that there are, essentially, no other univer- sal properties of plans for bounded-recall agents expressible through the relation “there is a plan for an agent with a given memory size to navigate from one given set of states to another”.

We investigate the succinctness gap between two known equally-expressive and different linear-past extensions of standard ATL⁎. We establish by formal non-trivial arguments that the ‘memoryful’ linear-past extension (the history leading to the current state is taken into account) can be exponentially more succinct than the standard ‘local’ linear-past extension (the history leading to the current state is forgotten). As a second contribution, we consider the ATL-like fragment, denoted ATLlp, of the known ‘memoryful’ linear-past extension of ATL⁎. We show that ATLlp is strictly more expressive than ATL, and interestingly, it can be exponentially more succinct than the more expressive logic ATL⁎. Moreover, we prove that both satisfiability and model-checking for the logic ATLlp are Exptime -complete.

In this article we present theoretical results for an epistemic strategy logic with past operators, \(\text {PKSL}\). In \(\text {PKSL}\), agents are able to choose their strategies depending on past moves of other agents. This strictly extends the expressive power of some well-known epistemic strategy logics, which we illustrate by modelling forward induction: a rationality criterion, called admissibility, may be defined over agent’s strategies. Admissibility specifies coherence conditions between past and future actions, inducing new conditions for the availability of optimal strategies. We also give a resolution algorithm for \(\text {PKSL}\) model-checking. It runs in exponential time, while the satisfiability problem is undecidable, as is the case for similar logics for strategies such as Strategy Logic.

In alternating-time temporal logic ATL*, agents with perfect recall assign choices to sequences of states, i.e., to possible finite histories of the game. However, when a nested strategic modality is interpreted, the new strategy does not take into account the previous sequence of events. It is as if agents collect their observations in the nested game again from scratch, thus, effectively forgetting what they observed before. Intuitively, it does not fit the assumption of agents having perfect recall of the past. In this article, we investigate the alternative semantics for ATL* where the past is not forgotten in nested games. We show that the standard semantics of ATL* coincides with the “truly perfect recall” semantics for agents with perfect information and in case of so-called “objective” abilities under uncertainty. On the other hand, the two semantics differ significantly for the most popular (“subjective”) notion of ability under imperfect information. The same applies to the standard vs. “truly perfect recall” semantics of ATL* with persistent strategies. We compare the relevant variants of ATL* by looking at their expressive power, sets of validities, and tractability of model checking.

A major challenge for logics for strategies is represented by their verification in contexts of imperfect information. In this contribution we advance the state of the art by approximating the verification of Alternating-time Temporal Logic (ATL) under imperfect information by using perfect information and a three-valued semantics. In particular, we develop novel automata-theoretic techniques for the linear-time logic LTL, then apply these to finding “failure” states, where the ATL specification to be model checked is undefined. Such failure states can then be fed into a refinement procedure, thus providing a sound, albeit incomplete, verification procedure.

Two-player win/lose games of infinite duration are involved in several disciplines including computer science and logic. If such a game has deterministic winning strategies, one may ask how simple such strategies can get. The answer may help with actual implementation, or to win despite imperfect information, or to conceal sensitive information especially if the game is repeated. Given a game, this article considers equivalence relations over histories of played actions. A classical restriction used here is that equivalent histories have equal length, hence \emph{time awareness}. A sufficient condition is given such that if a player has winning strategies, she has one that prescribes the same action at equivalent histories, hence \emph{uniformization}. The proof is fairly constructive and preserves finiteness of strategy memory, and counterexamples show tightness of the result. Three corollaries follow for games with states and colors. They hold regardless of the winning condition.

Alternating-time temporal logics (ATL/ATL*) represent a family of modal and temporal logics for reasoning about strategic abilities of agents in multiagent systems. These logics are usually interpreted over concurrent game structures (CGSs), and their interpretations may vary depending on the abilities of agents, such as perfect versus imperfect information, perfect versus imperfect recall. These different abilities lead to a variety of variants that have been studied extensively in literature. However, all of these variants are defined at the semantic level, which may restrict modeling flexibility, or even give counter-intuitive interpretations. For example, an agent may have different abilities when achieving two different goals on the same CGS. To mitigate these issues, in this paper we propose to extend CGSs with agents’ abilities, resulting in Abilities Augmented CGSs where concrete abilities can be defined at the syntactic level. We study ATL/ATL* over this new model. We give formal definitions of the new semantics and present modelchecking algorithms for ATL/ATL*. We also identify the computational complexity of ATL/ATL* model checking problem, i.e., △P3 -/2EXPTIME-complete. The model-checking algorithms are implemented in a prototype tool. Experimental results show the practical feasibility and effectiveness of our approach.

In game theory, as well as in the semantics of game logics, a strategy can be represented by any function from states of the game to the agent's actions. That makes sense from the mathematical point of view, but not necessarily in the context of human behavior. This is because humans are quite bad at executing complex plans, and rather unlikely to come up with such plans in the first place. A similar concern applies to artificial agents with limited memory and/or computational power. In this paper, we adopt the view of bounded rationality, and look at “simple” strategies in specification of agents' abilities. We formally define what “simple” means, and propose a variant of alternating-time temporal logic that takes only such strategies into account. We also study the model checking problem for the resulting semantics of ability.
After that, we turn to the broader issue of natural strategic abilities in concurrent games with LTL-definable winning conditions, and study a number of decision problems based on surely winning and Nash equilibrium. We show that, by adopting the view of bounded rationality based on natural strategies, we significantly decrease the complexity of rational verification for multi-agent systems.

Linear Dynamic Logic on finite traces (LDLF) is a powerful logic for reasoning about the behaviour of concurrent and multi-agent systems. In this paper, we investigate techniques for both the characterisation and verification of equilibria in multi-player games with goals/objectives expressed using logics based on LDLF. This study builds upon a generalisation of Boolean games, a logic-based game model of multi-agent systems where players have goals succinctly represented in a logical way. Because LDLF goals are considered, in the settings we study—Reactive Modules games and iterated Boolean games with goals over finite traces—players' goals can be defined to be regular properties while achieved in a finite, but arbitrarily large, trace. In particular, using alternating automata, the paper investigates automata-theoretic approaches to the characterisation and verification of (pure strategy Nash) equilibria, shows that the set of Nash equilibria in multi-player games with LDLF objectives is regular, and provides complexity results for the associated automata constructions.

Equivalence-checking and simulations are well-known methods used to reduce the size of a system in order to verify it more efficiently. While Alur et al. proposed a notion of simulation sound and complete for ATL as early as 1998, there have been very few works on equivalence-checking performed on extensions of ATL* with probabilities, imperfect information, counters etc. In the case of multi-agent systems (MASs) with imperfect information, the lack of sound and complete algorithm mostly follows from the undecidability of ATL model-checking. However, while ATL is undecidable overall, there exist sub-classes of MASs for which ATL becomes decidable. In this paper, we propose a notion of simulation sound for ATL/ATL* on any MASs and complete on naive MASs. Using our simulations we design an equivalence-checking algorithm sound and complete for MASs with public actions.

We analyse the verification problem for synchronous, perfect recall multi-agent systems with imperfect information against a specification language that includes strategic as well as epistemic operators. While the general problem is known to be undecidable we show that if the agents' actions are public then verification is decidable, and we establish that the computational complexity is 2EexpTime-complete. To illustrate the formal framework we consider two well-known epistemic and strategic puzzles with imperfect information and public
actions: the muddy children puzzle and the classic game of battleships.

We introduce MCMAS-SLK, a BDD-based model checker for the verification of
systems against specifications expressed in a novel, epistemic variant of
strategy logic. We give syntax and semantics of the specification language and
a introduce a labelling algorithm for epistemic and strategy logic modalities.
We provide details of the checker which can also be used for synthesizing
agents strategies so that a specification is satisfied by the system. We
evaluate the efficiency of the implementation by discussing the results
obtained for a scheduling system and the dining cryptographers protocol.

Strategy Logic (Sl, for short) has been recently introduced by Mogavero, Murano, and Vardi as a formalism for reasoning explicitly about strategies, as first-order objects, in multi-agent concurrent games. This logic turns out to be very powerful, strictly subsuming all major previously studied modal logics for strategic reasoning, including Atl, Atl*, and the like. The price that one has to pay for the expressiveness of Sl is the lack of important model-theoretic properties and an increased complexity of decision problems. In particular, Sl does not have the bounded-tree model property and the related satisfiability problem is highly undecidable while for Atl* it is 2ExpTime-complete. An obvious question that arises is then what makes Atl* decidable. Understanding this should enable us to identify decidable fragments of Sl. We focus, in this work, on the limitation of Atl* to allow only one temporal goal for each strategic assertion and study the fragment of Sl with the same restriction. Specifically, we introduce and study the syntactic fragment One-Goal Strategy Logic (Sl[1g], for short), which consists of formulas in prenex normal form having a single temporal goal at a time for every strategy quantification of agents. We show that Sl[1g] is strictly more expressive than Atl*. Our main result is that Sl[1g] has the bounded tree-model property and its satisfiability problem is 2ExpTime-complete, as it is for Atl*.

Translating linear temporal logic formulas to automata has proven to be an effective approach for implementing linear-time model-checking, and for obtaining many extensions and improvements to this verification method. On the other hand, for branching temporal logic, automata-theoretic techniques have long been thought to introduce an exponential penalty, making them essentially useless for model-checking. Recently, Bernholtz and Grumberg [1993] have shown that this exponential penalty can be avoided, though they did not match the linear complexity of non-automata-theoretic algorithms. In this paper, we show that alternating tree automata are the key to a comprehensive automata-theoretic framework for branching temporal logics. Not only can they be used to obtain optimal decision procedures, as was shown by Muller et al., but, as we show here, they also make it possible to derive optimal model-checking algorithms. Moreover, the simple combinatorial structure that emerges from the automata-theoretic approach opens up new possibilities for the implementation of branching-time model checking and has enabled us to derive improved space complexity bounds for this long-standing problem.

We investigate extensions of temporal logic by connectives defined by finite automata on infinite words. We consider three different logics, corresponding to three different types of acceptance conditions (finite, looping, and repeating) for the automata. It turns out, however that these logics all have the same expressive power and that their decision problems are all PSPACE-complete. We also investigate connectives defined by alternating automata and show that they do not increase the expressive power of the logic or the complexity of the decision problem.

We propose a formal proof of the undecidability of the model checking problem
for alternating- time temporal logic under imperfect information and perfect
recall semantics. This problem was announced to be undecidable according to a
personal communication on multi-player games with imperfect information, but no
formal proof was ever published. Our proof is based on a direct reduction from
the non-halting problem for Turing machines.

We study the synthesis problem for external linear or branching specifications and distributed, synchronous architectures with arbitrary delays on processes. External means that the specification only relates input and output variables. We introduce the subclass of uniformly well-connected (UWC) architectures for which there exists a routing allowing each output process to get the values of all inputs it is connected to, as soon as possible. We prove that the distributed synthesis problem is decidable on UWC architectures if and only if the output variables are totally ordered by their knowledge of input variables. We also show that if we extend this class by letting the routing depend on the output process, then the previous decidability result fails. Finally, we provide a natural restriction on specifications under which the whole class of UWC architectures is decidable.

Reasoning about knowledge—particularly the knowledge of agents who reason about the world and each other's knowledge—was once the exclusive province of philosophers and puzzle solvers. More recently, this type of reasoning has been shown to play a key role in a surprising number of contexts, from understanding conversations to the analysis of distributed computer algorithms. Reasoning About Knowledge is the first book to provide a general discussion of approaches to reasoning about knowledge and its applications to distributed systems, artificial intelligence, and game theory. It brings eight years of work by the authors into a cohesive framework for understanding and analyzing reasoning about knowledge that is intuitive, mathematically well founded, useful in practice, and widely applicable. The book is almost completely self-contained and should be accessible to readers in a variety of disciplines, including computer science, artificial intelligence, linguistics, philosophy, cognitive science, and game theory. Each chapter includes exercises and bibliographic notes.

The problem of synthesizing a finite-state distributed reactive system is considered. Given a distributed architecture A , which comprises several processors P <sub>1</sub>, . . ., P <sub>k</sub> and their interconnection scheme, and a propositional temporal specification φ, a solution to the synthesis problem consists of finite-state programs Π<sub>1</sub>, . . ., Π<sub>k </sub> (one for each processor), whose joint (synchronous) behavior maintains φ against all possible inputs from the environment. Such a solution is referred to as the realization of the specification φ over the architecture A . Specifically, it is shown that the problem of realizing a given propositional specification over a given architecture is undecidable, and it is nonelementarily decidable for the very restricted class of hierarchical architectures. An extensive characterization of architecture classes for which the realizability problem is elementarily decidable and of classes for which it is undecidable is given

We study the problems of synthesizing open systems as well as controllers for them. The key aspect of our model is that it caters to reactive environments, which can disable different sets of responses when reacting with the system. We deal with specifications given as formulas in CTL* and its sub-logic CTL. We show that both these problems, with specifications in CTL (CTL*), are 2EXPTIME-complete (resp. 3EXPTIME-complete). Thus, in a sense, reactive environments constitute a provably harder setting for the synthesis of open systems and controllers for them.

Infinite games with imperfect information are deemed to be undecidable unless the information flow is severely restricted. One fundamental decidable case occurs when there is a total ordering among players, such that each player has access to all the information that the following ones receive. In this paper we consider variations of this hierarchy principle for synchronous games with perfect recall, and identify new decidable classes for which the distributed synthesis problem is solvable with finite-state strategies. In particular, we show that decidability is maintained when the information hierarchy may change along the play, or when transient phases without hierarchical information are allowed.

Temporal logic comes in two varieties: linear-time temporal logic assumes implicit universal quantification over all paths that are generated by system moves; branching-time temporal logic allows explicit existential and universal quantification over all paths. We introduce a third, more general variety of temporal logic: alternating-time temporal logic offers selective quantification over those paths that are possible outcomes of games, such as the game in which the system and the environment alternate moves. While linear-time and branching-time logics are natural specification languages for closed systems, alternative-time logics are natural specification languages for open systems. For example, by preceding the temporal operator "eventually" with a selective path quantifier, we can specify that in the game between the system and the environment, the system has a strategy to reach a certain state. Also, the problems of receptiveness, realizability, and controllability can be formulated as model-checking problems for alternating-time formulas.
Depending on whether we admit arbitrary nesting of selective path quantifiers and temporal operators, we obtain the two alternating-time temporal logics ATL and ATL*. We interpret the formulas of ATL and ATL* over alternating transition systems. While in ordinary transitory systems, each transition corresponds to a possible step of the system, in alternating transition systems, each transition corresponds to a possible move in the game between the system and the environment. Fair alternating transition systems can capture both synchronous and asynchronous compositions f open systems. For synchronous systems, the expressive power of ATL beyond CTL comes at no cost: the model-checking complexity of synchronous ATL is linear in the size of the system and the length of the formula. The symbolic model-checking algorithm for CTL extends with few modifications to synchronous ATL, and with some work, also to asynchronous to ATL, whose model-checking complexity is quadratic. This makes ATL an obvious candidate for the automatic verification of open systems. In the case of ATL*, the model-checking problem is closely related to the synthesis problem for linear-time formulas, and requires doubly exponential time for both synchronous and asynchronous systems.

We study the extension of the alternating-time temporal logic (ATL) with strategy contexts: contrary to the original semantics, in this semantics the strategy quantifiers do not reset the previously selected strategies.We show that our extension ATLsc is very expressive, but that its decision problems are quite hard: model checking is k-EXPTIME-complete when the formula has k nested strategy quantifiers; satisfiability is undecidable, but we prove that it is decidable when restricting to turn-based games. Our algorithms are obtained through a very convenient translation to QCTL (the computation-tree logic CTL extended with atomic quantification), which we show also applies to Strategy Logic, as well as when strategy quantification ranges over memoryless strategies.

Alternating-time temporal logic with strategy contexts (ATLsc) is a powerful
formalism for expressing properties of multi-agent systems: it extends CTL with
strategy quantifiers, offering a convenient way of expressing both
collaboration and antagonism between several agents. Incomplete observation of
the state space is a desirable feature in such a framework, but it quickly
leads to undecidable verification problems. In this paper, we prove that
uniform incomplete observation (where all players have the same observation)
preserves decidability of the model-checking problem, even for very expressive
logics such as ATLsc.

While it was defined long ago, the extension of CTL with quantification over
atomic propositions has never been studied extensively. Considering two
different semantics (depending whether propositional quantification refers to
the Kripke structure or to its unwinding tree), we study its expressiveness
(showing in particular that QCTL coincides with Monadic Second-Order Logic for
both semantics) and characterise the complexity of its model-checking and
satisfiability problems, depending on the number of nested propositional
quantifiers (showing that the structure semantics populates the polynomial
hierarchy while the tree semantics populates the exponential hierarchy).

We consider multi-player graph games with partial-observation and parity
objective. While the decision problem for three-player games with a coalition
of the first and second players against the third player is undecidable, we
present a decidability result for partial-observation games where the first and
third player are in a coalition against the second player, thus where the
second player is adversarial but weaker due to partial-observation. We
establish tight complexity bounds in the case where player 1 is less informed
than player 2, namely 2-EXPTIME-completeness for parity objectives. The
symmetric case of player 1 more informed than player 2 is much more
complicated, and we show that already in the case where player 1 has perfect
observation, memory of size non-elementary is necessary in general for
reachability objectives, and the problem is decidable for safety and
reachability objectives. Our results have tight connections with
partial-observation stochastic games for which we derive new complexity
results.

Alternating-time temporal logic (ATL) is a modal logic that allows to reason about agents’ abilities in game-like scenarios. Semantic variants of ATL are usually built upon different assumptions about the kind of game that is played, including capabilities of agents (perfect vs. imperfect information, perfect vs. imperfect memory, etc.). ATL has been studied extensively in previous years; however, most of the research focused on model checking. Studies of other decision problems (e.g., satisfiability) and formal meta-properties of the logic (like axiomatization or expressivity) have been relatively scarce, and mostly limited to the basic variant of ATL where agents possess perfect information and perfect memory. In particular, a comparison between different semantic variants of the logic is largely left untouched. In this paper, we show that different semantics of ability in ATL give rise to different validity sets. The issue is important for several reasons. First, many logicians identify a logic with its set of true sentences. As a consequence, we prove that different notions of ability induce different strategic logics. Secondly, we show that different concepts of ability induce different general properties of games. Thirdly, the study can be seen as the first systematic step towards satisfiability-checking algorithms for ATL with imperfect information. We introduce sophisticated unfoldings of models and prove invariance results that are an important technical contribution to formal analysis of strategic logics.

Extending the complexity results of Reif [1,2] for two player games of incomplete information, this paper (see also [3]) presents algorithms for deciding the outcome for various classes of multiplayer games of incomplete information, i.e., deciding whether or not a team has a winning strategy for a particular game. Our companion paper, [4] shows that these algorithms are indeed asymptotically optimal by providing matching lower bounds. The classes of games to which our algorithms are applicable include games which were not previously known to be decidable. We apply our algorithms to provide alternative upper bounds, and new time-space trade-offs on the complexity of multiperson alternating Turing machines [3]. We analyze the algorithms to characterize the space complexity of multiplayer games in terms of the complexity of deterministic computation on Turing machines.In hierarchical multiplayer games, each additional clique (subset of players with the same information) increases the complexity of the outcome problem by a further exponential. We show that an S(n) space bounded k-player game of incomplete information has a deterministic time upper bound of k + 1 repeated exponentials of S(n). Furthermore, S(n) space bounded k-player blindfold games have a deterministic space upper bound of k repeated exponentials of S(n). This paper proves that this exponential blow-up can occur.We also show that time bounded games do not exhibit such hierarchy. A T(n) time bounded blindfold multiplayer game, as well as a T(n) time bounded multiplayer game of incomplete information, has a deterministic space bound of T(n).

This paper (see also [1]) extends the alternating Turing machine (A-TM) of Chandra, Kozen and Stockmeyer [2], the private and the blind alternating machines of Reif [3,4] to model multiplayer games of incomplete information. We use these machines to provide matching lower bounds for our decision algorithms described in our companion paper [5]. We also apply multiple person alternation to other machine types.We show that multiplayer games of incomplete information can be undecidable general. However, one form of incomplete information games that is decidable we term as hierarchical games (defined later in this paper). In hierarchical multiplayer games, each additional clique (subset of players with same information) increases the complexity of the outcome problem by a further exponential. Consequently, if a multiplayer game of incomplete information with k cliques has a space bound of S(n), then its outcome can be k repeated exponentials harder than games of complete information with the same space bound S(n). This paper proves that this exponential blow-up must occur in the worst case.We define TEAM-PRIVATE-PEEK and TEAM-BLIND-PEEK, extending the previous models of PEEK. These new games can be shown to be complete for their respective classes. We use these games to establish lower bounds on complexity of multiplayer games of incomplete information and blindfold multiplayer games.We analyze the time bounded alternating machines, and conclude that time is not a very critical resource for multiplayer alternation. We also show DQBF (a variant of QBF) to be complete in NEXPTIME.

We examine a class of infinite two-person games on finitely coloured graphs. The main aim is to construct finite memory winning strategies for both players. This problem is motivated by applications to finite automata on infinite trees. A special attention is given to the exact amount of memory needed by the players for their winning strategies. Based on a previous work of Gurevich and Harrington and on subsequent improvements of McNaughton we propose a unique framework that allows to reestablish and to improve various results concerning memoryless strategies due to Emerson and Jutla, Mostowski, Klarlund.

We study the propositional model logic of knowledge and time for distributed systems. We consider a number of logics (ninety-six in all!), which vary according to the choice of language and the assumptions made on the underlying system. The major parameters in the language are whether there is a common knowledge operator, whether we reason about the knowledge of one or more than one processor, and whether our temporal operators are branching or linear. The assumptions on distributed systems that we consider are: whether or not processors forget, whether or not processors learn, whether or not time is synchronous, and whether or not there is a unique initial state in the system. We completely characterize the complexity of the validity problem for all the logics we consider. This paper focuses on lower bounds; a sequel will deal with the corresponding upper bounds. Typical results include a ∏-completeness result for the language with common knowledge with respect to systems where processors do not forget, and a corresponding non-elementary-time result for the language without common knowledge. It is shown that, in general, the assumption that processors do not forget or do not learn greatly increases the complexity of reasoning about knowledge and time.

In this paper the full branching time logic (CTL*) is studied. It has basic modalities consisting of a path quantifier, either A (“for all paths”) of E (“for some path”), followed by an arbitrary linear time assertion composed of unrestricted combinations of the usual linear temporal operators F (“sometime”), G (“always”), X (“nexttime”), and U (“until”). It is shown that the problem of determining if a CTL* formula is satisfiable in a structure generated by a binary relation is decidable in triple exponential time. The decision procedure exploits the special structure of the finite state ω-automata for linear temporal formulae which allows them to be determinized with only a single exponential blowup in size. Also the expressive power of tree automata is compared with that of CTL* augmented by quantified auxillary propositions.

We introduce Coordination Logic (CL), a new temporal logic that reasons about the interplay between behavior and informedness
in distributed systems. CL provides a logical representation for the distributed realizability problem and extends the game-based
temporal logics, including the alternating-time temporal logics, strategy logic, and game logic, with quantification over
strategies under incomplete information. We show that the structure in CL that results from the nesting of the quantifiers
is sufficient to guarantee the decidability of the logic and at the same time general enough to subsume and extend all previously
known decidable cases of the distributed realizability problem.

In temporal-logic model checking, we verify the correctness of a program with respect to a desired behaviour by checking whether a structure that models the program satisfies a temporal logic formula that specifies this behaviour. One of the ways to overcome the expressiveness limitation of temporal logics is to augment them with quantification over atomic propositions. In this paper we consider the extension of branching temporal logics with existential quantification over atomic propositions. Once we add existential quantification to a branching temporal logic, it becomes sensitive to unwinding. That is, unwinding a structure into an infinite tree does not preserve the set of formulas it satisfies. Accordingly, we distinguish between two semantics, two practices as specification languages, and two versions of the model-checking problem for such a logic. One semantics refers to the structure that models the program, and the second semantics refers to the infinite computation tree that the program induces. We examine the complexity of the model-checking problem in the two semantics for the logics CTL and CTL* augmented with existential quantification over atomic propositions. Following the cheerless results that we get, we examine also the program complexity of model checking; i.e. the complexity of this problem in terms of the program, assuming the formula is fixed. We show that while fixing the formula dramatically reduces model-checking complexity in the tree semantics, its influence on the structure semantics is poor.

We generalize the distributed synthesis problem to the set- ting of alternating-time temporal logics. Alternating-time logics spec- ify the game-like interaction between processes in a distributed system, which may cooperate on some objectives and compete on others. Our synthesis algorithm works for hierarchical architectures (in any two pro- cesses there is one that can see all inputs of the other process) and specifications in the temporal logics ATL, ATL*, and the alternating- time µ-calculus. Given an architecture and a specification, the algorithm constructs a distributed system that is guaranteed to satisfy the speci- fication. We show that the synthesis problem for non-hierarchical archi- tectures is undecidable, even for CTL specifications. Our algorithm is therefore a comprehensive solution for the entire range of specification languages from CTL to the alternating-time µ-calculus.

We extend the branching temporal logics CTL and CTL* with quantified propositions and consider various semantic interpretations
for the quantification. The use of quantificiation greatly increases the expressive power of the logics allowing us to represent,
for example, tree-automata. We also show that some interpretations of quantification allow us to represent non-propositional
properties of Kripke frames, such as the branching degree of trees. However this expressive power may also make the satisfiability
problem for the logic undecidable. We give a proof of one such case, and also examine decidability in the less expressive
semantics.

We give a proof that alternating tree automata can be simulated by nondeterministic tree automata which yields new complexity results and a unified proof of the theorems of Rabin, McNaughton and Safra. We also give a simple axiomatic framework for uniformizing strategies.

We study sets of infinite trees that are equipped with a valuation which codes a tuple of paths. Via the identification of paths with -words, such tree sets correspond to relations over -words ("-relations"). Call an -relation "Rabin definable" if its associated tree set is recognized by a Rabin tree automaton. We characterize these relations by a restricted second-order logic over trees, "weak chain logic", thus answering a question of Rabin. We also characterize the strictly larger class of "Büchi definable" -relations (defined in terms of Büchi automata) by an extension of chain logic, where the "equal level predicate" over trees is adjoined. The theory of the k-ary tree in this logic is shown to be decidable; it covers tree properties which are not expressible in the monadic second-order logic SkS. We give an application of this decidability result to the verification of finite-state programs.

Combinatorial property testing, initiated formally by Goldreich, Goldwasser, and Ron (1998) and inspired by Rubinfeld and Sudan (1996), deals with the relaxation of decision problems. Given a property P the aim is to decide whether a given input satisfies ...

Let S2S [WS2S] espectively be the storn [weak] monadic second order theory of the binary tree $T$ in the language of two successor functions. An S2S-formula whose free variables are just individual variables defines a relation on $T$ (rather than on the power set of $T$). We show that S2S and WS2S define the same relations on $T$, and we give a simple characterization of these relations.

We study certain first and second order theories which are semantically defined as the sets of all sentences true in certain given structures. Let be a structure where A is a non-empty set, λ is an ordinal, and P α is an n ( α )-ary relation or function ⁴ on A . With we associate a language L appropriate for which may be a first or higher order calculus. L has an n ( α )-place predicate or function constant P for each α < λ. We shall study three types of languages: (1) first-order calculi with equality; (2) second-order monadic calculi which contain monadic predicate (set) variables ranging over subsets of A ; (3) restricted (weak) second-order calculi which contain monadic predicate variables ranging over finite subsets of A .

In program synthesis, we transform a specification into a system that is guaranteed to satisfy the specification. When the system is open, then at each moment it reads input signals and writes output signals, which depend on the input signals and the history of the computation so far. The specification considers all possible input sequences. Thus, if the specification is linear, it should hold in every computation generated by the interaction, and if the specification is branching, it should hold in the tree that embodies all possible input sequences.
Often, the system cannot read all the input signals generated by its environment. For example, in a distributed setting, it might be that each process can read input signals of only part of the underlying processes. Then, we should transform a specification into a system whose output depends only on the readable parts of the input signals and the history of the computation. This is called synthesis with incomplete information . In this work we solve the problem of synthesis with incomplete information in its full generality. We consider linear and branching settings with complete and incomplete information. We claim that alternation is a suitable and helpful mechanism for coping with incomplete information. Using alternating tree automata , we show that incomplete information does not make the synthesis problem more complex, in both the linear and the branching paradigm. In particular, we prove that independently of the presence of incomplete information, the synthesis problems for CTL and CTL*. are complete for EXPTIME and 2EXPTIME, respectively.

Thesis (Ph. D.)--Harvard University. Includes bibliographical references (p. 145-148).

We generalize the alternation machines of Chandra, Kozen and Stockmeyer [1] and the private alternation machines of Reif [14] to model multiple person (team) games of incomplete information. The resulting classes of machines are "multiple person alternation machines". The characterization of certain time and space bounded versions of these machines demonstrate interesting relationships between ordinary time and space hierarchies (Table 1). Our results are applied to relative succintness and power questions of finite state machines and to complexity questions of parallel finite state machines. Other machine variants, including private alternating pushdown store automata and Markovian alternation machines, are discussed.

We provide a uniform solution to the problem of synthesizing a finite-state distributed system. An instance of the synthesis problem consists of a system architecture and a temporal specification. The architecture is given as a directed graph, where the nodes represent processes (including the environment as a special process) that communicate synchronously through shared variables attached to the edges. The same variable may occur on multiple outgoing edges of a single node, allowing for the broadcast of data. A solution to the synthesis problem is a collection of finite-state programs for the processes in the architecture, such that the joint behavior of the programs satisfies the specification in an unrestricted environment. We define information forks, a comprehensive criterion that characterizes all architectures with an undecidable synthesis problem. The criterion is effective: for a given architecture with n processes and v variables, it can be determined in O(n<sup>2</sup>·v) time whether the synthesis problem is decidable. We give a uniform synthesis algorithm for all decidable cases. Our algorithm works for all ω-regular tree specification languages, including the μ-calculus. The undecidability proof, on the other hand, uses only LTL or, alternatively, CTL as the specification language. Our results therefore hold for the entire range of specification languages from LTL/CTL to the μ-calculus.

In system synthesis, we transform a specification into a system
that is guaranteed to satisfy the specification. When the system is
distributed, the goal is to construct the system's underlying processes.
Results on multi-player games imply that the synthesis problem for
linear specifications is undecidable for general architectures, and is
nonelementary decidable for hierarchical architectures, where the
processes are linearly ordered and information among them flows in one
direction. In this paper, we present a significant extension of this
result. We handle both linear and branching specifications, and we show
that a sufficient condition for decidability of the synthesis problem is
a linear or cyclic order among the processes, in which information flows
in either one or both directions. We also allow the processes to have
internal hidden variables, and we consider communications with and
without delay. Many practical applications fall into this class