ArticlePublisher preview available

Hierarchical information and the synthesis of distributed strategies

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract and Figures

Infinite games with imperfect information are known to be undecidable unless the information flow is severely restricted. One fundamental decidable case occurs when there is a total ordering among players, such that each player has access to all the information that the following ones receive. In this paper we consider variations of this hierarchy principle for synchronous games with perfect recall, and identify new decidable classes for which the distributed synthesis problem is solvable with finite-state strategies. In particular, we show that decidability is maintained when the information hierarchy may change along the play, or when transient phases without hierarchical information are allowed. Finally, we interpret our result in terms of distributed system architectures.
This content is subject to copyright. Terms and conditions apply.
Acta Informatica (2018) 55:669–701
https://doi.org/10.1007/s00236-017-0306-5
ORIGINAL ARTICLE
Hierarchical information and the synthesis of distributed
strategies
Dietmar Berwanger1·Anup Basil Mathew1,2·
Marie van den Bogaard1
Received: 16 July 2016 / Accepted: 4 October 2017 / Published online: 17 October 2017
© Springer-Verlag GmbH Germany 2017
Abstract Infinite games with imperfect information are known to be undecidable unless the
information flow is severely restricted. One fundamental decidable case occurs when there
is a total ordering among players, such that each player has access to all the information that
the following ones receive. In this paper we consider variations of this hierarchy principle
for synchronous games with perfect recall, and identify new decidable classes for which the
distributed synthesis problem is solvable with finite-state strategies. In particular, we show
that decidability is maintained when the information hierarchy may change along the play,
or when transient phases without hierarchical information are allowed. Finally, we interpret
our result in terms of distributed system architectures.
Keywords Infinite games ·Imperfect information ·Coordination ·Distributed systems ·
Automated synthesis
Mathematics Subject Classification 91A06 ·68M14 ·93B50
1 Introduction
To realise systems that are correct by design is a persistent ambition in computing science.
The stake is particularly high for systems that interact with an unpredictable environment
over indeterminate time. Pioneering results in the area of synthesis, due to Büchi and Landwe-
ber [7], and Rabin [25], show that the task can be automatised for the case of monolithic
designs with correctness conditions specified by automata over infinite objects—words or
trees representing computations. A most natural framework for representing and solving the
problem is in terms of infinite games with perfect information over finite graphs, as described
by Pnueli and Rosner [23]orbyThomas[28].
BDietmar Berwanger
dwb@lsv.fr
1CNRS, ENS Paris-Saclay, LSV, Université Paris-Saclay, Paris, France
2The Institute of Mathematical Sciences, Chennai, India
123
Content courtesy of Springer Nature, terms of use apply. Rights reserved.
... Like in the single-process scenario, synthesis in distributed systems can be modeled as a game, which, in this context, are partial information games played between a cooperating set of processes against the environment [17,18,19,20]. With the exception of Berwanger et al. [20], all the above approaches assume static, reliable networks. ...
... Like in the single-process scenario, synthesis in distributed systems can be modeled as a game, which, in this context, are partial information games played between a cooperating set of processes against the environment [17,18,19,20]. With the exception of Berwanger et al. [20], all the above approaches assume static, reliable networks. In [20], Berwanger et al. study games in which information that players have about histories is hierarchically ordered, and this order may change dynamically during a play. ...
... With the exception of Berwanger et al. [20], all the above approaches assume static, reliable networks. In [20], Berwanger et al. study games in which information that players have about histories is hierarchically ordered, and this order may change dynamically during a play. The main difference to our work is that we consider a memory model where messages carry the complete causal history allowing for unbounded communication messages, while [20] is based on local observations so that, at every round, a bounded amount of information is transmitted between players. ...
Article
The problem of distributed synthesis is to automatically generate a distributed algorithm, given a target communication network and a specification of the algorithm's correct behavior. Previous work has focused on static networks with an a priori fixed message size. This approach has two shortcomings: Recent work in distributed computing is shifting towards dynamically changing communication networks rather than static ones, and an important class of distributed algorithms are so-called full-information protocols, where nodes piggy-pack previously received messages onto current messages. In this work, we consider the synthesis problem for a system of two nodes communicating in rounds over a dynamic link whose message size is not bounded. Given a network model, i.e., a set of link directions, in each round of the execution, the adversary choses an arbitrary link from the network model, restricted only by the specification, and delivers messages according to the current link's directions. Motivated by communication buses with direct acknowledge mechanisms, we further assume that nodes are aware of which messages have been delivered. We show that the synthesis problem is decidable for a network model if and only if the network model does not contain the empty link that dismisses both nodes' messages. We then extend the characterization to sequences of communication links that may contain empty links. We show that the synthesis problem is decidable in this case if and only if the number of consecutive empty links in all possible sequences is uniformly bounded from above.
... Like in the single-process scenario, synthesis in distributed systems can be modeled as a game, which, in this context, are partial information games played between a cooperating set of processes against the environment [9,30,32,33]. With the exception of [9], all the above approaches assume static, reliable networks. ...
... Like in the single-process scenario, synthesis in distributed systems can be modeled as a game, which, in this context, are partial information games played between a cooperating set of processes against the environment [9,30,32,33]. With the exception of [9], all the above approaches assume static, reliable networks. In [9], Berwanger et al. study games in which information that players have about histories is hierarchically ordered, and this order may change dynamically during a play. ...
... With the exception of [9], all the above approaches assume static, reliable networks. In [9], Berwanger et al. study games in which information that players have about histories is hierarchically ordered, and this order may change dynamically during a play. The main difference to our work is that we consider a memory model where messages carry the complete causal history allowing for unbounded communication messages, while [9] is based on local observations so that, at every round, a bounded amount of information is transmitted between players. ...
... In the case of multiple players/components/agents, which interests us here, the situation is even worse: the existence of distributed winning strategies is undecidable already for two players with incomparable observation trying to enforce some reachability objective in the presence of an adversarial third player [65], and a similar result was also proved in the framework of distributed synthesis [69]. Since then, the formal-methods community has spent much effort finding restrictions and variations that ensure decidability [8,31,35,50,64,66,69,74]. The common thread in these approaches is hierarchical information: players can be totally ordered according to how well they observe the game. ...
... The literature on imperfect information in formal methods and artificial intelligence is very vast. Imperfect information has been considered in two-player games [7,26,73], module checking [43,52], distributed synthesis of reactive systems [31,50,69] and strategies in multiplayer games [8,64,65], Nash equilibria [11,13,72], rational synthesis [30,38], doomsday equilibria [19], admissible strategies [14], quantitative objectives [24,62], and more, some of which we detail below. ...
... But when synthesising programs for instance, it may be enough that their behaviours enforce the desired properties, without them having the knowledge that it is enforced. Such non-observable winning conditions have been studied in, e.g., [8,16,24]. ...
Preprint
Full-text available
We introduce an extension of Strategy Logic for the imperfect-information setting, called SLii, and study its model-checking problem. As this logic naturally captures multi-player games with imperfect information, this problem is undecidable; but we introduce a syntactical class of "hierarchical instances" for which, intuitively, as one goes down the syntactic tree of the formula, strategy quantifications are concerned with finer observations of the model, and we prove that model-checking SLii restricted to hierarchical instances is decidable. To establish this result we go through QCTL, an intermediary, "low-level" logic much more adapted to automata techniques. QCTL is an extension of CTL with second-order quantification over atomic propositions. We extend it to the imperfect information setting by parameterising second-order quantifiers with observations. While the model-checking problem of QCTLii is, in general, undecidable, we identify a syntactic fragment of hierarchical formulas and prove, using an automata-theoretic approach, that it is decidable. We apply our result to solve complex strategic problems in the imperfect-information setting. We first show that the existence of Nash equilibria for deterministic strategies is decidable in games with hierarchical information. We also introduce distributed rational synthesis, a generalisation of rational synthesis to the imperfect-information setting. Because it can easily be expressed in our logic, our main result provides solution to this problem in the case of hierarchical information.
... where the players can be totally ordered according to how well they observe the system. This restriction has been used to establish results on multiplayer games [PRA02,BMvdB18] and distributed synthesis [PR90,KV01,FS05], and more recently on the model-checking problem for SL iR , an extension of Strategy Logic to the imperfect-information setting [BMM + 17]. This result states that the model-checking problem for SL iR is decidable as long as strategies quantified deeper in the formula observe the system better than those higher up in the syntactic tree. ...
Preprint
Full-text available
Strategy Logic with imperfect information (SLiR) is a very expressive logic designed to express complex properties of strategic abilities in distributed systems. Previous work on SLiR focused on finite systems, and showed that the model-checking problem is decidable when information on the control states of the system is hierarchical among the players or components of the system, meaning that the players or components can be totally ordered according to their respective knowledge of the state. We show that moving from finite to infinite systems generated by collapsible (higher-order) pushdown systems preserves decidability, under the natural restriction that the stack content is visible. The proof follows the same lines as in the case of finite systems, but requires to use (collapsible) alternating pushdown tree automata. Such automata are undecidable, but semi-alternating pushdown tree automata were introduced and proved decidable, to study a strategic problem on pushdown systems with two players. In order to tackle multiple players with hierarchical information, we refine further these automata: we define direction-guided (collapsible) pushdown tree automata, and show that they are stable under projection, nondeterminisation and narrowing. For the latter operation, used to deal with imperfect information, stability holds under some assumption that is satisfied when used for systems with visible stack. We then use these automata to prove our main result.
... Like in the single-process scenario, synthesis in distributed systems can be modeled as a game, which, in this context, are partial information games played between a cooperating set of processes against the environment [8, 29, 30, 39]. With the exception of Berwanger et al. ...
Preprint
The problem of distributed synthesis is to automatically generate a distributed algorithm, given a target communication network and a specification of the algorithm's correct behavior. Previous work has focused on static networks with an apriori fixed message size. This approach has two shortcomings: Recent work in distributed computing is shifting towards dynamically changing communication networks rather than static ones, and an important class of distributed algorithms are so-called full-information protocols, where nodes piggy-pack previously received messages onto current messages. In this work we consider the synthesis problem for a system of two nodes communicating in rounds over a dynamic link whose message size is not bounded. Given a network model, i.e., a set of link directions, in each round of the execution, the adversary choses a link from the network model, restricted only by the specification, and delivers messages according to the current link's directions. Motivated by communication buses with direct acknowledge mechanisms we further assume that nodes are aware of which messages have been delivered. We show that the synthesis problem is decidable for a network model if and only if it does not contain the empty link that dismisses both nodes' messages.
... We consider multiplayer game arenas with imperfect information in the spirit of, e.g., [38,21,9]. Since the DEL games we define in the next section are turn-based, i.e., the agents play in turns and not concurrently, we define turn-based arenas instead of the more general concurrent ones usually considered in the aforementioned works. ...
Preprint
Full-text available
Dynamic Epistemic Logic (DEL) is a logical framework in which one can describe in great detail how actions are perceived by the agents, and how they affect the world. DEL games were recently introduced as a way to define classes of games with imperfect information where the actions available to the players are described very precisely. This framework makes it possible to define easily, for instance, classes of games where players can only use public actions or public announcements. These games have been studied for reachability objectives, where the aim is to reach a situation satisfying some epistemic property expressed in epistemic logic; several (un)decidability results have been established. In this work we show that the decidability results obtained for reachability objectives extend to a much more general class of winning conditions, namely those expressible in the epistemic temporal logic LTLK. To do so we establish that the infinite game structures generated by DEL public actions are regular, and we describe how to obtain finite representations on which we rely to solve them.
... Games with imperfect information are computationally hard, and even undecidable for multiple players [29]. One way to tame this complexity is to make assumptions on how the knowledge of the different players compare: if all players that cooperate can be ordered in a hierarchy where one knows more than the next, a situation called hierarchical information, then the existence of distributed strategies can be decided [28,7]. Another natural approach is to consider fragments based on classes of action types, as done for instance in [32,6,11] where different kinds of public actions are considered. ...
Preprint
Full-text available
We define reachability games based on Dynamic Epistemic Logic (DEL), where the players' actions are finely described as DEL action models. We first consider the setting where an external controller with perfect information interacts with an environment and aims at reaching some epistemic goal state regarding the passive agents of the system. We study the problem of strategy existence for the controller, which generalises the classic epistemic planning problem, and we solve it for several types of actions such as public announcements and public actions. We then consider a yet richer setting where agents themselves are players, whose strategies must be based on their observations. We establish several (un)decidability results for the problem of existence of a distributed strategy, depending on the type of actions the players can use, and relate them to results from the literature on multiplayer games with imperfect information.
... The most general decidability results in the concurrent game setting are under the This work has been supported by ERC project EQualIS (FP7-308087). assumption of hierarchical observation [6,36] (information received by the players is ordered) or more recently under recurring common knowledge [5]. ...
Chapter
Full-text available
We study pure Nash equilibria in games on graphs with an imperfect monitoring based on a public signal. In such games, deviations and players responsible for those deviations can be hard to detect and track. We propose a generic epistemic game abstraction, which conveniently allows to represent the knowledge of the players about these deviations, and give a characterization of Nash equilibria in terms of winning strategies in the abstraction. We then use the abstraction to develop algorithms for some payoff functions.
Article
We introduce an extension of Strategy Logic for the imperfect-information setting, called SL ii and study its model-checking problem. As this logic naturally captures multi-player games with imperfect information, this problem is undecidable; but we introduce a syntactical class of “hierarchical instances” for which, intuitively, as one goes down the syntactic tree of the formula, strategy quantifications are concerned with finer observations of the model, and we prove that model-checking SL ii restricted to hierarchical instances is decidable. This result, because it allows for complex patterns of existential and universal quantification on strategies, greatly generalises the decidability of distributed synthesis for systems with hierarchical information. It allows us to easily derive new decidability results concerning strategic problems under imperfect information such as the existence of Nash equilibria or rational synthesis. To establish this result, we go through an intermediary, “low-level” logic much more adapted to automata techniques. QCTL * is an extension of CTL * with second-order quantification over atomic propositions that has been used to study strategic logics with perfect information. We extend it to the imperfect information setting by parameterising second-order quantifiers with observations. The simple syntax of the resulting logic, QCTL * ii , allows us to provide a conceptually neat reduction of SL ii to QCTL * ii that separates concerns, allowing one to forget about strategies and players and focus solely on second-order quantification. While the model-checking problem of QCTL * ii is, in general, undecidable, we identify a syntactic fragment of hierarchical formulas and prove, using an automata-theoretic approach, that it is decidable.
Chapter
Equivalence-checking and simulations are well-known methods used to reduce the size of a system in order to verify it more efficiently. While Alur et al. proposed a notion of simulation sound and complete for ATL as early as 1998, there have been very few works on equivalence-checking performed on extensions of ATL* with probabilities, imperfect information, counters etc. In the case of multi-agent systems (MASs) with imperfect information, the lack of sound and complete algorithm mostly follows from the undecidability of ATL model-checking. However, while ATL is undecidable overall, there exist sub-classes of MASs for which ATL becomes decidable. In this paper, we propose a notion of simulation sound for ATL/ATL* on any MASs and complete on naive MASs. Using our simulations we design an equivalence-checking algorithm sound and complete for MASs with public actions.
A central aim and ever-lasting dream of computer science is to put the development of hardware and software systems on a mathematical basis which is both firm and practical. Such a scientific foundation is needed especially for the construction of reactive programs, like communication protocols or control systems. For the construction and analysis of reactive systems an elegant and powerful theory has been developed based on automata theory, logical systems for the specification of nonterminating behavior, and infinite two-person games. The 19 chapters presented in this multi-author monograph give a consolidated overview of the research results achieved in the theory of automata, logics, and infinite games during the past 10 years. Special emphasis is placed on coherent style, complete coverage of all relevant topics, motivation, examples, justification of constructions, and exercises.
Conference Paper
Infinite games with imperfect information are deemed to be undecidable unless the information flow is severely restricted. One fundamental decidable case occurs when there is a total ordering among players, such that each player has access to all the information that the following ones receive. In this paper we consider variations of this hierarchy principle for synchronous games with perfect recall, and identify new decidable classes for which the distributed synthesis problem is solvable with finite-state strategies. In particular, we show that decidability is maintained when the information hierarchy may change along the play, or when transient phases without hierarchical information are allowed.
Article
The Knowledge of Preconditions principle (KoP) is proposed as a widely applicable connection between knowledge and action in multi-agent systems. Roughly speaking, it asserts that if some condition is a necessary condition for performing a given action A, then knowing that this condition holds is also a necessary condition for performing A. Since the specifications of tasks often involve necessary conditions for actions, the KoP principle shows that such specifications induce knowledge preconditions for the actions. Distributed protocols or multi-agent plans that satisfy the specifications must ensure that this knowledge be attained, and that it is detected by the agents as a condition for action. The knowledge of preconditions principle is formalised in the runs and systems framework, and is proven to hold in a wide class of settings. Well-known connections between knowledge and coordinated action are extended and shown to derive directly from the KoP principle: a "common knowledge of preconditions" principle is established showing that common knowledge is a necessary condition for performing simultaneous actions, and a "nested knowledge of preconditions" principle is proven, showing that coordinating actions to be performed in linear temporal order requires a corresponding form of nested knowledge.
Article
Infinite games with imperfect information tend to be undecidable unless the information flow is severely restricted. One fundamental decidable case occurs when there is a total ordering among players, such that each player has access to all the information that the following ones receive. In this paper we consider variations of this hierarchy principle for synchronous games with perfect recall, and identify new decidable classes for which the distributed synthesis problem is solvable with finite-state strategies. In particular, we show that decidability is maintained when the information hierarchy may change along the play, or when transient phases without hierarchical information are allowed.
Article
Synthesising distributed systems from specifications is an attractive objective, since distributed systems are notoriously difficult to get right. Unfortunately, there are very few known decidable frameworks for distributed synthesis. We present one such framework that is based on communication by rendez-vous and causal memory. This means that the specification can talk about when a communication takes place, but it cannot limit information that is transmitted during communication. This choice is both realistic and avoids some pathological reasons for undecidability. We show decidability of the synthesis problem under the restriction that the communication graph of the system is acyclic. Our result covers all $\omega$-regular local specifications and uncontrollable rendez-vous actions. The former can be used to have e.g. fairness constraints, the latter allows to encode shared variable communication primitives.
Article
Our main purpose is to present an algorithm which decides whether or not a condition 𝕮(X, Y) stated in sequential calculus admits a finite automata solution, and produces one if it exists. This solves a problem stated in [4] and contains, as a very special case, the answer to Case 4 left open in [6]. In an equally appealing form the result can be restated in the terminology of [7], [10], [15]: Every ω-game definable in sequential calculus is determined. Moreover the player who has a winning strategy, in fact, has a winning finite-state strategy, that is one which can effectively be played in a strong sense. The main proof, that of the central Theorem 1, will be presented at the end. We begin with a discussion of its consequences.
Conference Paper
We described here a construction on transducers that give a new conceptual proof for two classical decidability results on transducers: it is decidable whether a finite transducer realizes a functional relation, and whether a finite transducer realizes a sequential relation. A better complexity follows then for the two decision procedures.