PreprintPDF Available
Preprints and early-stage research may not have been peer reviewed yet.


Two distinct semantics have been considered for knowledge in the context of strategic reasoning, depending on whether players know each other's strategy or not. The problem of distributed synthesis for epistemic temporal specifications is known to be undecidable for the latter semantics, already on systems with hierarchical information. However, for the other, uninformed semantics, the problem is decidable on such systems. In this work we generalise this result by introducing an epistemic extension of Strategy Logic with imperfect information. The semantics of knowledge operators is uninformed, and captures agents that can change observation power when they change strategies. We solve the model-checking problem on a class of "hierarchical instances", which provides a solution to a vast class of strategic problems with epistemic temporal specifications on hierarchical systems, such as distributed synthesis or rational synthesis.
Reasoning about Knowledge and Strategies under Hierarchical Information
Bastien Maubert and Aniello Murano
a degli Studi di Napoli “Federico II”
Two distinct semantics have been considered for knowledge
in the context of strategic reasoning, depending on whether
players know each other’s strategy or not. In the former
case, that we call the informed semantics, distributed syn-
thesis for epistemic temporal specifications is undecidable,
already on systems with hierarchical information. However,
for the other, uninformed semantics, the problem is decid-
able on such systems. In this work we generalise this re-
sult by introducing an epistemic extension of Strategy Logic
with imperfect information. The semantics of knowledge op-
erators is uninformed, and captures agents that can change
observation power when they change strategies. We solve
the model-checking problem on a class of “hierarchical in-
stances”, which provides a solution to a vast class of strategic
problems with epistemic temporal specifications, such as dis-
tributed or rational synthesis, on hierarchical systems.
Logics of programs, many of which are based on classic
temporal logics such as LTL or CTL, are meant to specify
desirable properties of algorithms. When considering dis-
tributed systems, an important aspect is that each processor
has a partial, local view of the whole system, and can only
base its actions on the available information. Many authors
have argued that this imperfect information calls for logical
formalisms that would allow the modelling and reasoning
about what different processes know of the system, and of
other processes’ state of knowledge. For instance, Halpern
and Moses wrote in (Halpern and Moses 1990):
“[. . . ] explicitly reasoning about the states of knowledge
of the components of a distributed system provides a more
general and uniform setting that offers insight into the basic
structure and limitations of protocols in a given system.”
To reason about knowledge and time, temporal logics
have been extended with the knowledge operator Kafrom
epistemic logic, giving rise to a family of temporal epistemic
logics (Fagin et al. 1995), which have been applied to, e.g.,
information flow and cryptographic protocols (van der Mey-
den and Su 2004; Halpern and O’Neill 2005), coordination
problems in distributed systems (Neiger and Bazzi 1992)
and motion planning in robotics (Brafman et al. 1997).
Copyright c
2018, Association for the Advancement of Artificial
Intelligence ( All rights reserved.
Distributed systems are often open systems, i.e., they in-
teract with an environment and must react appropriately to
actions taken by this environment. As a result, if we take
the analogy where processors are players of a game, and
processes are strategies for the processors, the task of syn-
thesising distributed protocols can be seen as synthesising
winning strategies in multi-player games with imperfect in-
formation. This analogy between the two settings is well
known, and Ladner and Reif already wrote in (Ladner and
Reif 1986) that “Distributed protocols are equivalent to (i.e.,
can be formally modelled as) games”.
To reason about a certain type of game-related proper-
ties in distributed systems, Alternating-time Temporal Logic
(ATL) was introduced (Alur, Henzinger, and Kupferman
2002). It can express the existence of strategies for coalitions
of players in multi-player games, but cannot express some
important game-theoretic concepts, such as the existence of
Nash equilibria. To remedy this, Strategy Logic (SL) (Chat-
terjee, Henzinger, and Piterman 2010; Mogavero et al. 2014)
was defined. Treating strategies as explicit first-order objects
makes it very expressive, and it can for instance talk about
Nash equilibria in a very natural way. These logics have been
studied both for perfect and imperfect information, and in
the latter case either with the assumption that agents have
no memory, or that they remember everything they observe.
This last assumption, called perfect recall, is the one usually
considered in distributed synthesis (Pnueli and Rosner 1990)
and games with imperfect information (Reif 1984), and it is
also central in logics of knowledge and time (Fagin et al.
1995). It is the one we consider in this work.
In order to reason about knowledge and strategic abilities
in distributed systems, epistemic temporal logics and strate-
gic logics have been combined. In particular, both ATL and
SL have been extended with knowledge operators (van der
Hoek and Wooldridge 2003; Jamroga and van der Hoek
2004; Belardinelli 2015; Dima, Enea, and Guelev 2010;
Belardinelli et al. 2017a; Belardinelli et al. 2017b). How-
ever, few decidable cases are known for the model check-
ing of these logics with imperfect information and perfect
recall. This is not surprising since strategic logics typically
can express the existence of distributed strategies, a prob-
lem known to be undecidable for perfect recall, already
for purely temporal specifications (Peterson and Reif 1979;
Pnueli and Rosner 1990).
arXiv:1806.00028v2 [cs.LO] 3 Sep 2018
Semantics of knowledge with strategies. Mixing knowl-
edge and strategies raises intricate questions of semantics.
As a matter of fact, we find in the litterature two distinct
semantics for epistemic operators in strategic contexts, one
in works on distributed synthesis from epistemic temporal
specifications, and another one in epistemic strategic logics.
To explain in what they differ, let us first recall the seman-
tics of the knowledge operator in epistemic temporal logics:
a formula Kaϕholds in a history h(finite sequence of states)
of a system if ϕholds in all histories h0that agent acannot
distinguish from h. In other words, agent aknows that ϕ
holds if it holds in all histories that may be the current one
according to what she observed. Now consider that the sys-
tem is a multi-player game, and fix a strategy σbfor some
player b. Two semantics are possible for Ka: one could say
that Kaϕholds if ϕholds in all possible histories that are in-
distinguishable to the current one, as in epistemic temporal
logics, or one could restrict attention to those in which player
bfollows σb, discarding indistinguishable histories that are
not consistent with σb. In the latter case, one may say that
player a’s knowledge is refined by the knowledge of σb, i.e.,
she knows that player bis using strategy σb, and she has the
ability to refine her knowledge with this information, elim-
inating inconsistent possible histories. In the following this
is what we will be referring to when saying that an agent
knows some other agent’s strategy. We shall also refer to the
semantics where aknows σbas the informed semantics, and
that in which she ignores it as the uninformed semantics.
The two semantics are relevant as they model different
reasonable scenarios. For instance if players collaborate and
have the ability to communicate, they may share their strate-
gies with each other. But in many cases, components of a
distributed system each receive only their own strategy, and
thus are ignorant of other components’ strategies.
All epistemic extensions of ATL and SL we know of
consider the uninformed semantics. In contrast, works on
distributed synthesis from epistemic temporal specifications
use the informed semantics (van der Meyden and Vardi
1998; van der Meyden and Wilke 2005), even though it is not
so obvious that they do. Indeed these works consider speci-
fications in classic epistemic temporal logic, without strate-
gic operators. But they ask for the existence of distributed
strategies so that such specifications hold in the system re-
stricted to the outcomes of these strategies. This corresponds
to what we call the informed semantics, as the semantics of
knowledge operators is, in effect, restricted to outcomes of
the strategies that are being synthesised.
We only know of two works that discuss these two se-
mantics. In (Bozzelli, Maubert, and Pinchinat 2015) two
knowledge-like operators are studied, one for each seman-
tics, but distributed synthesis is not considered. More inter-
estingly, Puchala already observes in (Puchala 2010) that the
distributed synthesis problem studied in (van der Meyden
and Vardi 1998; van der Meyden and Wilke 2005) consid-
ers the informed semantics. While the problem is undecid-
able for this semantics even on hierarchical systems (van der
Meyden and Wilke 2005), Puchala sketches a proof that the
problem becomes decidable on the class of hierarchical sys-
tems when the uninformed semantics is used.
Contributions. We introduce a logic for reasoning about
knowledge and strategies. Our Epistemic Strategy Logic
(ESL) is based on Strategy Logic, and besides boolean and
temporal operators, it contains the imperfect-information
strategy quantifier hhxiiofrom SLii (Berthon et al. 2017),
which reads as “there exists a strategy xwith observation
o”, and epistemic operators Kafor each agent a. Our logic
allows reasoning about agents whose means of observing
the system changes over time, as agents may successively
use strategies associated with different observations. This
can model, for instance, an agent that is granted higher se-
curity clearance, giving her access to previously hidden in-
formation. The semantics of our epistemic operators takes
into account agents’ changes of observational power. ESL
also contains the outcome quantifier Afrom Branching-time
Strategy Logic (BSL) (Knight and Maubert 2015), which
quantifies on outcomes of strategies currently used by the
agents, and the unbinding operator (a, ?), which frees an
agent from her current strategy. The latter was introduced
in (Laroussinie and Markey 2015) for ATL with strategy
context and is also present in BSL. The outcome quanti-
fier together with the unbinding operator allow us to express
branching-time temporal properties without resorting to ar-
tificial strategy quantifications which may either affect the
semantics of agents’ knowledge or break hierarchicality.
We solve the model-checking problem for hierarchical in-
stances of ESL. As in SLii, hierarchical instances are for-
mula/model pairs such that, as one goes down the syntactic
tree of the formula, observations annotating strategy quan-
tifiers hhxiiocan only become finer. In addition, in ESL we
require that knowledge operators do not refer to (outcomes
of) strategies quantified higher in the formula.
Any problem which can be expressed as hierarchical in-
stances of our logic is thus decidable, and since ESL is very
expressive such problems are many. A first corollary is an
alternative proof that distributed synthesis from epistemic
temporal specifications with uninformed semantics is decid-
able on hierarchical systems. Puchala announced this result
in (Puchala 2010), but we provide a stronger result by going
from linear-time to branching-time epistemic specifications.
We also allow for nesting of strategic operators in epistemic
ones, as long as hierarchicality is preserved and epistemic
formulas do not refer to previously quantified strategies. An-
other corollary is that rational synthesis (Kupferman, Perelli,
and Vardi 2016; Condurache et al. 2016) with imperfect in-
formation is decidable on hierarchical systems for epistemic
temporal objectives with uninformed semantics.
Our approach to solve the model-checking problem for
our logic extends that followed in (Laroussinie and Markey
2015; Berthon et al. 2017), which consists in “compiling”
the strategic logic under study into an opportune variant
of Quantified CTL, or QCTLfor short (Laroussinie and
Markey 2014). This is an extension of CTLwith second-
order quantification on propositions which serves as an in-
termediary, low-level logic between strategic logics and tree
automata. In (Laroussinie and Markey 2015), model check-
ing ATLwith strategy context is proved decidable by reduc-
tion to QCTL. In (Berthon et al. 2017), model checking
SLii is proved decidable for a class of hierarchical instances
by reduction to the hierarchical fragment of an imperfect in-
formation extension of QCTL, called QCTL
ii. In this work
we define EQCTL
ii, which extends further QCTL
ii with
epistemic operators and an operator of observation change
introduced recently in (Barri`
ere et al. 2018) in the context of
epistemic temporal logics. We define the hierarchical frag-
ment of EQCTL
ii, which strictly contains that of QCTL
and solve its model-checking problem for this fragment.
Related work. We know of five other logics called Epis-
temic Strategy Logic. In (Huang and Van Der Meyden
2014), epistemic temporal logic is extended with a first-
order quantification xon points in runs of the system and
an operator ei(x)that compares local state iat xand at the
current point. When interpreted on systems where strategies
are encoded in local states, this logic can express existence
of strategies and what agents know about it. However it only
concerns memoryless strategies. Strategy Logic is extended
with epistemic operators in (Cerm´
ak et al. 2014), but they
also consider memoryless agents. (Belardinelli 2015) ex-
tends a fragment of SL with epistemic operators, and consid-
ers perfect-recall strategies, but model checking is not stud-
ied. The latter logic is extended in (Belardinelli et al. 2017a),
in which its model-checking problem is solved on the class
of broadcast systems. In (Knight and Maubert 2015) SL is
also extended with epistemic operators and perfect-recall
agents. Their logic does not require strategies to be uniform,
but this requirement can be expressed in the language. How-
ever no decidability result is provided. The result we present
here is the first for an epistemic strategic logic with perfect
recall on hierarchical systems. In addition, ours is the first
epistemic strategic logic to allow for changes of observa-
tional power.
Plan. We first define ESL and hierarchical instances, and
announce our main result. Next we introduce EQCTL
ii and
solve the model-checking problem for its hierarchical frag-
ment. We then establish our main result by reducing model
checking hierarchical instances of ESL to model checking
hierarchical EQCTL
ii. We finally present two corollaries,
exemplifying what our logic can express, and we finish with
a discussion on the semantics of knowledge and strategies.
Let Σbe an alphabet. A finite (resp. infinite)word over Σ
is an element of Σ(resp. Σω). The length of a finite word
w=w0w1. . . wnis |w|:= n+ 1, last(w) := wnis its
last letter, and we note for the empty word. Given a finite
(resp. infinite) word wand 0i≤ |w|(resp. iN), we
let wibe the letter at position iin w,wiis the prefix of w
that ends at position iand wiis the suffix of wthat starts
at position i. We write w4w0if wis a prefix of w0, and w4
is the set of finite prefixes of word w. Finally, the domain
of a mapping fis written dom(f), and for nNwe let
[n] := {iN: 1 in}.
We fix for the rest of the paper a number of parameters for
our logics and models: AP is a finite set of atomic proposi-
tions, Ag is a finite set of agents or players, Var is a finite set
of variables and Obs is a finite set of observation symbols.
These data are implicitly part of the input for the model-
checking problems we consider.
Epistemic Strategy Logic
In this section we introduce our epistemic extension of Strat-
egy Logic with imperfect information.
The models of ESL are essentially the same as those of
SLii, i.e., concurrent game structures extended by an obser-
vation interpretation O, that maps each observation symbol
oObs to an equivalence relation O(o)over positions of
the game structure. However models in ESL contain, in ad-
dition, an initial observation for each player. This initial ob-
servation may change if the player receives a strategy corre-
sponding to a different observation.
Definition 1 (CGSii).Aconcurrent game structure with
imperfect information (or CGSii for short) is a structure
G= (Ac, V, E , `, O, vι,oι)where
Ac is a finite non-empty set of actions,
Vis a finite non-empty set of positions,
E:V×AcAg Vis a transition function,
`:V2AP is a labelling function,
O :Obs V×Vis an observation interpretation, and
for each oObs,O(o)is an equivalence relation,
vιVis an initial position, and
oιObsAg is a tuple of initial observations.
Two positions being equivalent for relation O(o)means
that a player using a strategy with observation ocannot dis-
tinguish them. In the following we may write ofor O(o)
and v∈ G for vV.
Joint actions. When in a position vV, each player a
chooses an action caAc and the game proceeds to po-
sition E(v, c), where cAcAg stands for the joint action
(ca)aAg. If c= (ca)aAg , we let cadenote cafor aAg.
Plays and strategies. Afinite (resp. infinite)play is a finite
(resp. infinite) word ρ=v0. . . vn(resp. π=v0v1. . .) such
that v0=vιand for all iwith 0i < |ρ| − 1(resp. i0),
there exists a joint action csuch that E(vi,c) = vi+1. We
let Plays be the set of finite plays. A strategy is a function
σ:Plays Ac, and we let Str be the set of all strategies.
Assignments. An assignment χ:AgVar *Str is a partial
function assigning to each player and variable in its domain
a strategy. For an assignment χ, a player aand a strategy
σ,χ[a7→ σ]is the assignment of domain dom(χ)∪ {a}
that maps ato σand is equal to χon the rest of its domain,
and χ[x7→ σ]is defined similarly, where xis a variable;
also, χ[a7→?] is the assignment of domain dom(χ)\{a}, on
which it is equal to χ.
Outcomes. For an assignment χand a finite play ρ, we let
out(χ, ρ)be the set of infinite plays that start with ρand
are then extended by letting players follow the strategies as-
signed by χ. Formally, out(χ, ρ)is the set of infinite plays
of the form ρ·v1v2. . . such that for all i0, there exists c
such that for all adom(χ)Ag, caχ(a)(ρ·v1. . . vi)
and vi+1 =E(vi,c), with v0=last(ρ).
Synchronous perfect recall. Players with perfect recall re-
member the whole history of a play. Each observation rela-
tion is thus extended to finite plays as follows: ρoρ0if
|ρ|=|ρ0|and ρioρ0
ifor every i∈ {0,...,|ρ| − 1}.
Uniform strategies. For oObs, an o-strategy is a strategy
σ:V+Ac such that σ(ρ) = σ(ρ0)whenever ρoρ0.
For oObs we let Strobe the set of all o-strategies.
ESL extends SLii with knowledge operators Kafor each
agent aAg, and the outcome quantifier from Branching-
time Strategy Logic, introduced in (Knight and Maubert
2015), which quantifies on outcomes of the currently fixed
strategies. While in SL temporal operators could only be
evaluated in contexts where all agents were assigned to a
strategy, this outcome quantifier allows for evaluation of
(branching-time) temporal properties on partial assignments
of strategies to agents. This outcome quantifier can be sim-
ulated in usual, linear-time variants of Strategy Logic, by
quantifying on strategies for agents who do not currently
have one. But in the context of imperfect information, where
strategy quantifiers are parameterised by an observation, this
may cause to either break the hierarchy or artificially modify
an agent’s observation, which affects his knowledge.
Definition 2 (ESL Syntax).The syntax of ESL is defined by
the following grammar:
ϕ:p| ¬ϕ|ϕϕ| hhxiioϕ|(a, x)ϕ|(a, ?)ϕ|Kaϕ|Aψ
ψ:ϕ| ¬ψ|ψψ|Xψ|ψUψ,
where pAP,xVar,oObs and aAg.
Formulas of type ϕare called history formulas, those of
type ψare path formulas. We may use usual abbreviations
>:= p∨ ¬p,:= ¬>,ϕϕ0:= ¬ϕϕ0,Fϕ:= >Uϕ,
Gϕ:= ¬F¬ϕ,[[x]]oϕ:= ¬hhxiio¬ϕand Eψ:= ¬A¬ψ.
A variable xappears free in a formula ϕif it appears out
of the scope of a strategy quantifier. We let free(ϕ)be the
set of variables that appear free in ϕ. An assignment χis
variable-complete for a formula ϕif its domain contains all
free variables in ϕ. Finally, a sentence is a history formula ϕ
such that free(ϕ) = .
Remark 1. Without loss of generality we can assume that
each strategy variable xis quantified at most once in an ESL
formula. Thus, each variable xthat appears in a sentence is
uniquely associated to a strategy quantification hhxiio, and
we let ox=o.
Discussion on the syntax. In SLii as well as in ESL, the ob-
servation used by a strategy is specified at the level of strat-
egy quantification: hhxiioϕreads as “there exists a strategy
xwith observation osuch that ϕholds”. When a strategy
with observation ois assigned to some agent avia a bind-
ing (a, x), it seems natural to consider that agent astarts
observing the system with observation o. As a result agents
can change observation when they change strategy, and thus
they can observe the game with different observation powers
along a same play. This contrasts with most of the literature
on epistemic temporal logics, where each agent’s observa-
tion power is usually fixed in the model.
Epistemic relations with changing observations
Dynamic observation change has been studied recently in
the context of epistemic temporal logics in (Barri`
ere et al.
2018), from which come the following definitions.
First, dealing with the possibility to dynamically change
observation requires to remember which observation each
agent had at each point in time.
Observation records. An observation record rafor agent
aAg is a finite word over N×Obs, i.e., ra(N×Obs).
If at time n, an agent awith current observation record ra
receives a strategy with observation o, her new observation
record is ra·(o, n). The observation record ra[n]is the pro-
jection of raon {n} × Obs, and represents the sequence of
observation changes that occurred at time n.
Given an observation record for each agent r= (ra)aAg,
we note rafor ra. We say that an observation record rstops
at time nif ra[m]is empty for all m > n, and rstops at
a finite play ρif it stops at time |ρ| − 1. If rstops at time
n, we let r·(n, o)abe the observation record rwhere rais
replaced with ra·(n, o).
At each step of a play, each agent observes the new po-
sition with her current observation power. Then, if an agent
changes strategy, she observes the same position with the ob-
servation of the new strategy, which may be different from
the previous one. Also, due to the syntax of ESL, an agent
may change observation several times before the next step.
Therefore, the observation sequence osa(r, n)with which
agent aobserves the game at time nconsists of the observa-
tion she had when the n-th move is taken, plus those corre-
sponding to strategy changes that occur before the next step.
It is defined by induction on n:
osa(r,0) = o1·. . . ·ok,
if ra[0] = (0, o1)·. . . ·(0, ok),and
osa(r, n + 1) = last(osa(r, n)) ·o1·. . . ·ok,
if ra[n+ 1] = (n+ 1, o1)·. . . ·(n+ 1, ok).
If at time nagent adoes not receive a new strategy,
osa(r, n)contains only one observation, which will be ei-
ther that of the last strategy taken by the agent or the agent’s
initial observation, given by the CGSii.
The indistinguishability relation for synchronous perfect-
recall with observation change is defined as follows.
Definition 3. For ρand ρ0two finite plays and ran ob-
servation record, ρand ρ0are observationally equivalent
to agent a, written ρr
aρ0, if |ρ|=|ρ0|and, for every
i∈ {0,...,|ρ| − 1}, for every oosa(r, i),ρioρ0
Remark 2. Observe that, at a given point in time, the order
in which an agent observes the game with different observa-
tion does not matter. Intuitively, all that matters is the total
information gathered before the next step. Also, in the case
of an empty observation record, the above definition corre-
sponds to blind agents, for which all finite plays of same
length are indistinguishable. However in the following ob-
servation records will never be empty, but will always be
initialised with the initial observations given by the model.
We now define the semantics of ESL.
Definition 4 (ESL Semantics).The semantics of a history
formula is defined on a game G(omitted below), an assign-
ment χvariable-complete for ϕ, and a finite play ρ. For a
path formula ψ, the finite play is replaced with an infinite
play πand an index iN. The definition is as follows:
χ, r, ρ |=pif p`(last(ρ))
χ, r, ρ |=¬ϕif χ, r, ρ 6|=ϕ
χ, r, ρ |=ϕϕ0if χ, r, ρ |=ϕor χ, r, ρ |=ϕ0
χ, r, ρ |=hhxiioϕif σStro. χ[x7→ σ],r, ρ |=ϕ
χ, r, ρ |= (a, x)ϕif χ[a7→ χ(x)],r, ρ |=ϕ
χ, r, ρ |= (a, ?)ϕif χ[a7→?],r, ρ |=ϕ
χ, r, ρ |=Kaϕif ρ0Plays s.t. ρ0r
χ, r, ρ0|=ϕ
χ, r, ρ |=Aψif πout(χ, ρ),
χ, r, π, |ρ| − 1|=ψ
χ, r, π, i |=ϕif χ, r, πi|=ϕ
χ, r, π, i |=¬ψif χ, r, π, i 6|=ψ
χ, r, π, i |=ψψ0if χ, r, π, i |=ψor χ, r, π, i |=ψ0
χ, r, π, i |=Xψif χ, r, π, i + 1 |=ψ
χ, r, π, i |=ψUψ0if jis.t. χ, r, π, j |=ψ0and
k[i, j[, χ, r, π, k |=ψ
The satisfaction of a sentence is independent of the as-
signment; for an ESL sentence ϕwe thus let G,r, ρ |=ϕif
G, χ, r, ρ |=ϕfor some assignment χ. We also write G |=ϕ
if G,rι, vι|=ϕ, where rι= (0,oι
Discussion on the semantics. First, the semantics of the
knowledge operator corresponds, as announced, to what we
called uninformed semantics in the introduction. Indeed it is
not restricted to outcomes of strategies followed by the play-
ers: Kaϕholds in a finite play ρif ϕholds in all finite plays
in the game that are indistinguishable to ρfor agent a.
Also, note that the relation for perfect recall with obser-
vation change, and thus also observation records, are only
used in the semantics of the knowledge operators. As usual,
a strategy with observation ohas to be uniform with regards
to the classic perfect-recall relation ofor static observa-
tions, even if it is assigned to an agent who previously had a
different observation. The reasons to do so are twofold.
First, we do not see any other natural definition. One may
think of parameterising strategy quantifiers with observation
records instead of mere observations, but this would require
to know at the level of quantification at which points in time
the strategy will be given to an agent, and what previous ob-
servations this agent would have had, which is not realistic.
More importantly, when one asks for the existence of a
uniform strategy after some finite play ρ, it only matters how
the strategy is defined on suffixes of ρ, and thus the unifor-
mity constraint also is relevant only on such plays. But for
such plays, the “fixed observation” indistinguishability re-
lation is the same as the “dynamic observation” one. More
precisely, if agent areceives observation oat the end of ρ,
i.e., last(ra) = (|ρ|− 1, o), then for all finite plays ρ0, ρ00 that
are suffixes of ρ, we have ρ0oρ00 if, and only if, ρ0r
Indeed, since we use the S5 semantics of knowledge, i.e.,
indistinguishability relations are equivalence relations, the
prefix ρis always related to itself, be it for r
aor o, and
after ρboth relations only consider observation o.
Model checking and hierarchical instances
We now introduce the decision problem studied in this paper,
i.e., the model-checking problem for ESL.
Model checking. An instance is a pair ,G)where Φis
a sentence of ESL and Gis a CGSii. The model-checking
problem for ESL is the decision problem that, given an in-
stance ,G), returns ‘yes’ if G |= Φ, and ‘no’ otherwise.
SLii can be translated into ESL, by adding outcome quan-
tifiers before temporal operators. Since model checking SLii
is undecidable (Berthon et al. 2017), we get the following
Theorem 1. Model checking ESL is undecidable.
Hierarchical instances. We now isolate a sub-problem ob-
tained by restricting attention to hierarchical instances. In-
tuitively, an ESL-instance ,G)is hierarchical if, as one
goes down a path in the syntactic tree of Φ, the observa-
tions parameterising strategy quantifiers become finer. In ad-
dition, epistemic formulas must not talk about currently de-
fined strategies.
Given an ESL sentence Φand a syntactic subformula ϕ
of Φ, by parsing Φ’s syntactic tree one can define the set
Ag(ϕ)of agents who are bound to a strategy at the level of
ϕ, as well as where in Φthese strategies are quantified upon.
Definition 5. Let Φbe an ESL sentence. A subformula Kaϕ
is free if for every subformula Aψof ϕ, the current strategy
of each agent in Ag(Aψ)is quantified within ϕ.
In other words, an epistemic subformula Kaϕis free if it
does not talk about strategies that are quantified before it.
Example 1. If Φ = hhxiio(a, x)KaAXp, then KaAXpis
not free in Φ, because at the level of Aagent ais bound to
strategy xwhich is quantified “outside” of KaAXp. But if
Φ = hhxiio(a, x)Ka(a, ?)AXp, then Ka(a, ?)AXpis free
in Φ, because at the level of Ano agent is bound to a
strategy. Also if Φ = hhxiio(a, x)Kahhyiio0(a, y)AXp, then
Kahhyiio0(a, y)AXpis free in Φ, because at the level of A
the only agent bound to a strategy is a, and her strategy is
quantified upon after the knowledge operator.
We can now define the hierarchical fragment for which
we establish decidability of the model-checking problem.
Definition 6 (Hierarchical instances).An ESL-instance
,G)is hierarchical if all epistemic subformulas of Φare
free in Φand, for all subformulas of the form ϕ1=hhxiio1ϕ0
and ϕ2=hhxiio2ϕ0
2where ϕ2is a subformula of ϕ0
1, it holds
that O(o2)⊆ O(o1).
In other words, an instance is hierarchical if innermost
strategy quantifiers observe at least as much as outermost
ones, and epistemic formulas do not talk about current
strategies. Here is the main contribution of this work:
Theorem 2. The model-checking problem for ESL re-
stricted to the class of hierarchical instances is decidable.
We prove this result by reducing it to the model-checking
problem for the hierarchical fragment of an extension of
QCTLwith imperfect information, knowledge and obser-
vation change, which we now introduce and study in order
to use it as an intermediate, “low-level” logic between tree
automata and ESL.
ii with knowledge and observation
QCTLextends CTLwith second order quantification on
atomic propositions (Emerson and Sistla 1984; Kupferman
1995; Kupferman et al. 2000; French 2001; Laroussinie
and Markey 2014). It was recently extended to model
imperfect-information aspects, resulting in the logic called
ii (Berthon et al. 2017). In this section we first de-
fine an epistemic extension of QCTL
ii with operators for
knowledge and dynamic observation change, that we call
ii. Then we define the syntactic class of hierarchical
formulas and prove that model checking this class of formu-
las is decidable.
The models of EQCTL
ii, as those of QCTL
ii, are structures
in which states are tuples of local states. Fix nN.
Local states. Let {Li}i[n]denote ndisjoint finite sets of
local states. For I[n], we let LI:= QiILiif I6=,
and L:= {0}where 0is a special symbol.
Concrete observations. A set o [n]is a concrete obser-
vation (to distinguish from observation symbols oof ESL).
Fix o [n]and I[n]. Two tuples x, x0LIare o-
indistinguishable, written xox0, if for each iIo,
i. Two words u=u0. . . uiand u0=u0
0. . . u0
alphabet LIare o-indistinguishable, written uou0, if i=
jand for all k∈ {0, . . . , i}we have ukou0
Compound Kripke structures. These are like Kripke struc-
tures except that the states are elements of L[n]. A com-
pound Kripke structure, or CKS, over AP, is a tuple S=
(S, R, `, sι,oι)where SL[n]is a set of states,RS×S
is a left-total1transition relation,`:S2AP is a labelling
function,sιSis an initial state, and oι= (oι
a)aAg is an
initial concrete observation for each agent.
Apath in Sis an infinite sequence of states π=s0s1. . .
such that for all iN,(si, si+1)R, and a finite path
ρ=s0s1. . . snis a finite prefix of a path. For sS, we let
Pathsω(s)be the set of all paths that start in s, and Paths(s)
is the set of finite paths that start in s.
Syntax of EQCTL
The syntax of EQCTL
ii extends that of QCTL
ii with epis-
temic operators Kaand observation-change operators o
which were recently introduced and studied in (Barri`
ere et
al. 2018) in an epistemic temporal logic without second-
order quantification.
1i.e., for all sS, there exists s0such that (s, s0)R.
Definition 7 (EQCTL
ii Syntax).The syntax of EQCTL
ii is
defined by the following grammar:
ϕ:= p| ¬ϕ|ϕϕ|Aψ| ∃op. ϕ |Kaϕ|o
ψ:= ϕ| ¬ψ|ψψ|Xψ|ψUψ
where pAP,aAg and o[n].
Formulas of type ϕare called state formulas, those of
type ψare called path formulas, and EQCTL
ii consists
of all the state formulas. Ais the classic path quantifier
from branching-time temporal logics. ois the second-order
quantifier with imperfect information from QCTL
ii (Berthon
et al. 2017). op. ϕ holds in a tree if there is way to choose
a labelling for psuch that ϕholds, with the constraint that
o-equivalent nodes of the tree must be labelled identically.
Kaϕmeans “agent aknows that ϕholds”, where the knowl-
edge depends on the sequence of observations agent ahas
had; finally, o
aϕmeans that after agent aswitches to obser-
vation o, ϕholds.
Given an EQCTL
ii formula ϕ, we define the set of quan-
tified propositions AP(ϕ)AP as the set of atomic propo-
sitions psuch that ϕhas a subformula of the form op. ϕ.
We also define the set of free propositions APf(ϕ)AP as
the set of atomic propositions pthat appear out of the scope
of any quantifier of the form op.
Semantics of EQCTL
Before defining the semantics of the logic we first recall
some definitions for trees.
Trees. Let Xbe a finite set (typically a set of states). An
X-tree τis a nonempty set of words τX+such that:
there exists xιX, called the root of τ, such that each
uτstarts with xι(i.e., xι4u);
if u·xτand u6=, then uτ, and
if uτthen there exists xXsuch that u·xτ.
The elements of a tree τare called nodes. If u·xτ,
we say that u·xis a child of u. A path in τis an infinite
sequence of nodes λ=u0u1. . . such that for all iN,
ui+1 is a child of ui, and Pathsω(u)is the set of paths that
start in node u. An AP-labelled X-tree, or (AP, X)-tree for
short, is a pair t= (τ, `), where τis an X-tree called the
domain of tand `:τ2AP is a labelling. For a labelled
tree t= (τ, `)and an atomic proposition pAP, we define
the p-projection of tas the labelled tree tp:= (τ, ` p),
where for each uτ,`p(u) := `(u)\ {p}. Two labelled
trees t= (τ, `)and t0= (τ0, `0)are equivalent modulo p,
written tpt0, if tp=t0p(in particular, τ=τ0).
Quantification and uniformity. In EQCTL
ii, as in QCTL
op. ϕ holds in a tree tif there is some o-uniform p-labelling
of tsuch that twith this p-labelling satisfies ϕ. A p-labelling
of a tree is o-uniform if every two nodes that are indistin-
guishable for observation o agree on their p-labelling.
Definition 8 (o-uniformity).A labelled tree t= (τ, `)is o-
uniform in pif for every pair of nodes u, u0τsuch that
uou0, we have p`(u)iff p`(u0).
Changing observations. To capture how the observation-
change operator affects the semantics of the knowledge op-
erator, we use again observation records rand the asso-
ciated notion of observation sequence osa(r, n). They are
defined as for ESL except that observation symbols oare
replaced with concrete observations o. For u=u0. . . ui
and u0=u0
0. . . u0
jover alphabet LI, and an observation
record r, we say that uand u0are observationally equiva-
lent to agent a, written ur
au0, if i=jand, for every
k∈ {0, . . . , i}and every o osa(r, k),ukou0
Finally, we inductively define the satisfaction relation |=.
Let t= (τ, `)be a 2AP -labelled LI-tree, ua node and ran
observation record that stops at u:
t, r, u |=pif p`(u)
t, r, u |=¬ϕif t, r, u 6|=ϕ
t, r, u |=ϕϕ0if t, r, u |=ϕor t, r, u |=ϕ0
t, r, u |=Eψif λPathsω(u)s.t. t, r, λ |=ψ
t, r, u |=op. ϕ if t0pts.t. t0is o-uniform in p
and t0,r, u |=ϕ
t, r, u |=Kaϕif u0ts.t. ur
t, r, u0|=ϕ
And if λis a path in τand rstops at λ0:
t, r, λ |=ϕif t, r, λ0|=ϕ
t, r, λ |=¬ψif t, r, λ 6|=ψ
t, r, λ |=ψψ0if t, r, λ |=ψor t, r, λ |=ψ0
t, r, λ |=Xψif t, r, λ1|=ψ
t, r, λ |=ψUψ0if i0s.t. t, r, λi|=ψ0and
js.t. 0j < i, t, r, λj|=ψ
We let t, r|=ϕdenote t, r, xι|=ϕ, where xιis t’s root.
Tree unfoldings tS.Let S= (S, R, `, sι,oι)be a com-
pound Kripke structure over AP. The tree-unfolding of S
is the (AP, S)-tree tS:= (τ , `0), where τis the set of all
finite paths that start in sι, and for every uτ,`0(u) :=
`(last(u)). Given a CKS Sand an EQCTL
ii formula ϕ, we
write S |=ϕif tS,rι|=ϕ, where rι= (0,oι
Model-checking problem for EQCTL
ii.The model-
checking problem for EQCTL
ii is the following: given an
instance (S, ϕ)where Sis a CKS and ϕis an EQCTL
ii for-
mula, return ‘Yes’ if S |=ϕand ‘No’ otherwise.
Clearly, EQCTL
ii subsumes QCTL
ii. Since the latter has
an undecidable model-checking problem (Berthon et al.
2017), the following is immediate:
Theorem 3. Model checking EQCTL
ii is undecidable.
We now present the syntactic fragment for which we
prove that model checking is decidable. First we adapt the
notion of free epistemic formula to the context of EQCTL
Intuitively, an epistemic subformula ϕof a formula Φis free
if it does not contain a free occurrence of a proposition quan-
tified in Φ. To see the connection with the corresponding
notion for ESL, consider that quantification on propositions
will be used to capture quantification on strategies.
Definition 9. Let ΦEQCTL
ii, and recall that we assume
AP(Φ)APf(Φ) = . An epistemic subformula ϕ=Kaϕ0
of Φis free in Φif AP(Φ) APf(ϕ) = .
For instance, if Φ = op. (Kap)Kaq, then subformula
Kaqis free in Φ, but subformula Kapis not because pis
quantified in Φand appears free in Kap.
Definition 10 (Hierarchical formulas).An EQCTL
ii for-
mula Φis hierarchical if all its epistemic subformulas are
free in Φ, and for all subformulas ϕ1, ϕ2of the form ϕ1=
o1p1. ϕ0
1and ϕ2=o2p2. ϕ0
2where ϕ2is a subformula of
1, we have o1o2.
In other words, a formula is hierarchical if epistemic
subformulas are free, and innermost propositional quanti-
fiers observe at least as much as outermost ones. Note that
this is very close to hierarchical formulas of ESL. We let
ii,be the set of hierarchical EQCTL
ii formulas.
Theorem 4. The model-checking problem for EQCTL
non-elementary decidable.
Proof sketch. We build upon the tree automata construction
for QCTL
ii presented in (Berthon et al. 2017), which we
extend to take into account knowledge operators and obser-
vation change. To do so we resort to the k-trees machinery
developed in (van der Meyden 1998; van der Meyden and
Shilov 1999), and extended in (Barri`
ere et al. 2018) to the
case of dynamic observation change. One also needs to ob-
serve that free epistemic subformulas can be evaluated in-
differently in any node of the input tree.
Model-checking hierarchical ESL
In this section we prove that model checking hierarchical
instances of ESL is decidable (Theorem 2), by reduction to
the model-checking problem for QCTL
Let ,G)be a hierarchical instance of the ESL model-
checking problem. The construction of the CKS is the same
as in (Berthon et al. 2017), except that in addition we have
to deal with initial observations.
Constructing the CKS SG.Let G= (Ac, V, E , `, O, vι,oι)
and Obs ={o1, . . . , on}. For i[n], define the local states
Li:= {[v]oi|vV}where [v]ois the equivalence class
of vfor relation o. We also let Ln+1 := V. Finally, let
APv:= {pv|vV}be a set of fresh atomic propositions,
disjoint from AP.
Define the CKS SG:= (S, R, `0, sι,oι)where
S:= {sv|vV},
where sv:= ([v]o1,...,[v]on, v)Qi[n+1] Li.
R:= {(sv, sv0)| ∃cAcAg s.t. E(v, c) = v0} ⊆ S2,
`0(sv) := `(v)∪ {pv} ⊆ AP APv,
sι:= svι,
oιis such that oι
a={i}if oι
For every ρ=v0. . . vk, we let uρ:= sv0. . . svk. The
mapping ρ7→ uρis a bijection between finite plays in G
and nodes in tSG. For i[n]we let oi={i}, and for an
observation record rin Gwe let r0be the observation record
in SGwhere each oiis replaced with oi.
Constructing the EQCTL
ii,formulas (ϕ)f.Suppose that
Ac ={c1, . . . , cl}; let APc:= {px
c|cAc and xVar}
be a set of propositions disjoint from AP APv. For every
partial function f:Ag *Var we define (ϕ)fby induction
on ϕ. All cases for boolean, temporal and knowledge opera-
tors are obtained by simply distributing over the operators of
the logic; for instance, (p)f=pand (Kaϕ)f=Ka(ϕ)f.
We now describe the translation for the remaining cases.
c1. . .
cl. ϕstr(x)(ϕ)f
where eoi={j| O(oi)⊆ O(oj)}, and
ϕstr(x) = AG _
Note that oi={i} ⊆ eoi. The definition of eoiis tailored to
obtain a hierarchical EQCTL
ii formula. It is correct because
for each additional component in eoi(i.e., each j6=i), we
have O(oi)⊆ O(oj), meaning that each such component
jbrings less information than component i. A strategy thus
has no more information with eoithan it would with oi.
For the binding operator, agent as observation becomes
the one associated with strategy variable x(see Remark 1):
((a, x)ϕ)f:= ∆oi
a(ϕ)f[a7→x]if ox=oi.
For the outcome quantifier, we let
(Aψ)f:= A(ψout(f)(ψ)f),where
ψout(f) = G^
The formula ψout(f)selects paths in which agents who
are assigned to a strategy follow it.
Proposition 5. Suppose that free(ϕ)Ag dom(f), that
for all adom(f),f(a) = xiff χ(a) = χ(x), and that r
stops at ρ. Then
G, χ, r, ρ |=ϕif and only if tSG,r0, uρ|= (ϕ)f.
Applying this to sentence Φ, any assignment χ,f=,
ρ=vιand initial observation records, we get that
G |= Φ if and only if tSG|= (Φ) .
Preserving hierarchy. To complete the proof of Theorem 2
we show that (Φ) is a hierarchical EQCTL
ii formula.
First, observe that if Kaϕis a free epistemic formula in Φ,
then its translation is also a free epistemic formula in (Φ) .
Indeed, the only atomic propositions that are quantified in
(Φ) are of the form px
c. They code for strategies, and ap-
pear only in translations of strategy quantifiers, where they
are quantified upon, and outcome quantifiers. Thus they can
only appear free in the translation of an epistemic formula
Kaϕif ϕcontains an outcome quantifier where some agent
uses a strategy that is not quantified within ϕ. Concerning
the hierarchy on observations of quantifiers, simply observe
that Φis hierarchical in G, and for every two observations oi
and ojin Obs such that O(oi)⊆ O(oj), by definition of eok
we have that eoieoj.
ESL being very expressive, many strategic problems with
epistemic temporal specifications can be cast as model-
checking problems for ESL. Our main result thus provides
a decision procedure for such problems on systems with hi-
erarchical information. We present two such applications.
Distributed synthesis
We consider the problem of distributed synthesis from epis-
temic temporal specifications studied in (van der Meyden
and Vardi 1998; van der Meyden and Wilke 2005) and we
give a precise definition to its variant with uninformed se-
mantics of knowledge, discussed in (Puchala 2010).
Assume that Ag ={a1, . . . , an, e}, where eis a spe-
cial player called the environment. Assume also that to each
player aiis assigned an observation symbol oi. The above-
mentioned works consider specifications from linear-time
epistemic temporal logic LTLK, which extends LTL with
knowledge operators. The semantics of knowledge opera-
tors contains an implicit universal quantification on contin-
uations of indistinguishable finite plays. In (van der Meyden
and Vardi 1998; van der Meyden and Wilke 2005), which
considers the informed semantics of knowledge, i.e., where
all players know each other’s strategy, this quantification
is restricted to continuations that follow these strategies;
in (Puchala 2010), which considers the uninformed seman-
tics, it quantifies over all possible continuations in the game.
We now prove a stronger result than the one announced
in (Puchala 2010), by allowing the use of either existential
or universal quantification on possible continuations after a
knowledge operator. For an ESL path formula ψ, we define
Φsyn(ψ) := hhx1iio1. . . hhxniion(a1, x1). . . (an, xn)Aψ.
Note that the outcome quantifier Aquantifies on all pos-
sible behaviours of the environment.
Definition 11. The epistemic distributed synthesis problem
with uninformed semantics is the following: given a CGSii G
and an ESL path formula ψ, decide whether G |= Φsyn(ψ).
Let LTLK (CTLK) the set of path formulas obtained
by allowing in LTL subformulas of the form Kaϕ, with
ϕCTLK. The path quantifier from CTLKquantifies
on all possible futures, and is simulated in ESL by an un-
binding for all players followed by an outcome quantifier.
Therefore with specifications ψin LTLK (CTLK), all epis-
temic subformulas are free. It follows that if the system Gis
hierarchical, and we assume without loss of generality that
O(oi)⊇ O(oi+1), then (G,Φsyn(ψ)) is a hierarchical in-
stance of ESL.
Theorem 6. The epistemic distributed synthesis problem
from specifications in LTLK (CTLK) with uninformed se-
mantics is decidable on hierarchical systems.
In fact we can deal with even richer specifications: as long
as hierarchy is not broken and epistemic subformulas remain
free, it is possible to re-quantify on agents’ strategies inside
an epistemic formula. Take for instance formula
ψ=FKan(a1,?) . . . (an,?)hhxiion(an, x)AGKanp
It says that eventually, agent anknows that she can change
strategy so that in all outcomes of this strategy, she will al-
ways know that pholds. If Gis hierarchical, then Φsyn(ψ)
forms a hierarchical instance with G. Consider now formula
ψ=FKai(a1,?) . . . (an,?)[[x]]o(aj, x)EG¬Kajp
which means that eventually agent aiknows that for any
strategy with observation othat agent ajmay take, there is
an outcome in which ajnever knows that pholds. If ois
finer than on(and thus all other oi), for instance if orep-
resents perfect information, then hierarchy is preserved and
we can solve distributed synthesis for this specification. In
addition, the semantics of our knowledge operator takes into
account the fact that agent ajchanges observation power.
Rational synthesis
Consider Ag ={a1, . . . , an}, each player aihaving obser-
vation symbol oi. Given a global objective ψgand individual
objectives ψifor each player ai, define
Φrat := hhx1iio1. . . hhxniion(a1, x1). . . (an, xn)Aψg
[[xi]]oi((ai, xi)Aψi)Aψi.
It is easy to see that Φrat expresses the existence of a solu-
tion to the cooperative rational synthesis problem (Kupfer-
man, Perelli, and Vardi 2016; Condurache et al. 2016).
However this formula does not form hierarchical instances,
even with hierarchical systems. But the same argument used
in (Berthon et al. 2017) for Nash equilibria shows that Φrat
is equivalent to Φ0
rat, obtained from Φrat by replacing each
[[xi]]oiwith [[xi]]op, where oprepresents perfect observation.
Theorem 7. Rational synthesis from LTL (CTLK) specifi-
cations is decidable on hierarchical systems.
As in the case of distributed synthesis discussed before,
we can in fact handle more complex specifications, nesting
knowledge and strategy quantification.
In the uninformed semantics, players ignore each other’s
strategy, but they also ignore their own, in the sense that
they consider possible finite plays in which they act dif-
ferently from what their strategy prescribes. This is the
usual semantics in epistemic strategic logics (van der Hoek
and Wooldridge 2003; Jamroga and van der Hoek 2004;
Belardinelli 2015; Dima, Enea, and Guelev 2010; Belar-
dinelli et al. 2017a; Belardinelli et al. 2017b), and in some
situations it may be what one wants to model. For instance,
an agent may execute her strategy step by step without hav-
ing access to what her strategy would have prescribed in al-
ternative plays. In this case, where the agent cannot know
whether a possible play follows her strategy or not, the un-
informed semantics of knowledge is the right one.
On the other hand it seems natural, especially formu-
lated in these terms, to assume that an agent knows her own
strategy. We describe how, in the case where agents do not
change strategies or observation along time, this semantics
can be retrieved within the uninformed semantics.
Assume that player ais assigned some observation sym-
bol oa. As pointed out in (Puchala 2010, p.16), in the set-
ting of synchronous perfect recall, letting a player know
her strategy is equivalent to letting her remember her own
actions. To see this, assume that finite plays also contain
each joint action between two positions, and let 0
such that vιc1v1. . . cnvn0
oavιc1v1. . . cnvnif for all
i∈ {1, . . . , n},ca=c0
aand vioav0
i. Then, for a strategy
σof player aand two finite plays ρ, ρ0such that ρ0
oaρ0, it
holds that ρis consistent with aplaying σiff ρ0is consistent
with aplaying σ. This is because for every i<nwe have
i(perfect recall), the next action taken by player
ais the same after ρ0
iand ρ0
i(definition of 0
oa), and σ
being an oa-strategy it is defined similarly on both prefixes.
In our setting, moves are not part of finite plays. To sim-
ulate the relation 0
oain which agent aremembers her own
actions, one can put inside the positions of game structures
the information of the last joint move played, possibly du-
plicating some positions. One then refines each observation
oato only consider two positions equivalent if they contain
the same move for player a. We then get a semantics where
each agent remembers her own actions which, if agents do
not change strategy or observation through time, is equiva-
lent to knowing her own strategy. Note that doing so, a sys-
tem can only be hierarchical if more informed players also
observe all actions of less informed ones.
In the general case, where players can change strategies
and observations, we do not know to what extent we can deal
with the variant of the uninformed semantics where players
know there own strategies. We leave this for future work.
In this paper we have discussed two possible semantics of
knowledge when combined with strategies, the informed
and uninformed one. Focusing on the latter, we introduced
ESL, a very expressive logic to reason about knowledge and
strategies in distributed systems which can handle sophisti-
cated epistemic variants of game-theoretic notions such as
Nash equilibria. In addition, it is the first logic of knowledge
and strategies that permits reasoning about agents whose
observation power may change. This is a very natural phe-
nomenon: one may think of a program that receives access
to previously hidden variables, or a robot that loses a sensor.
We solved the model-checking problem of our logic for
hierarchical instances. To do so, we introduced an extension
of QCTLwith epistemic operators and operators of obser-
vation change, and we developed an automata construction
based on tree automata and k-trees. This is the first decid-
ability result for a logic of strategies, knowledge and time
with perfect recall on systems with hierarchical information.
Besides, it is also the first result for epistemic strategic logics
that takes into account dynamic changes of observation.
Our result implies that distributed synthesis and rational
synthesis for epistemic temporal specifications and the un-
informed semantics of knowledge are decidable on hierar-
chical systems. Similar results for other solution concepts,
such as subgame-perfect equilibria or admissible strate-
gies (Brenguier et al. 2017), could be obtained similarly.
This project has received funding from the European
Union’s Horizon 2020 research and innovation programme
under the Marie Sklodowska-Curie grant agreement No
[Alur, Henzinger, and Kupferman 2002] Alur, R.; Hen-
zinger, T. A.; and Kupferman, O. 2002. Alternating-time
temporal logic. JACM 49(5):672–713.
ere et al. 2018] Barri`
ere, A.; Maubert, B.; Murano, A.;
and Rubin, S. 2018. Changing observations in epistemic
temporal logic. arXiv.
[Belardinelli et al. 2017a] Belardinelli, F.; Lomuscio, A.;
Murano, A.; and Rubin, S. 2017a. Verification of broadcast-
ing multi-agent systems against an epistemic strategy logic.
In IJCAI’17, 91–97.
[Belardinelli et al. 2017b] Belardinelli, F.; Lomuscio, A.;
Murano, A.; and Rubin, S. 2017b. Verification of multi-
agent systems with imperfect information and public ac-
tions. In AAMAS’17, 1268–1276.
[Belardinelli 2015] Belardinelli, F. 2015. A logic of
knowledge and strategies with imperfect information. In
LAMAS’15, 1–15.
[Berthon et al. 2017] Berthon, R.; Maubert, B.; Murano, A.;
Rubin, S.; and Vardi, M. Y. 2017. Strategy Logic with im-
perfect information. In LICS’17.
[Bozzelli, Maubert, and Pinchinat 2015] Bozzelli, L.;
Maubert, B.; and Pinchinat, S. 2015. Uniform strategies,
rational relations and jumping automata. Inf. Comput.
[Brafman et al. 1997] Brafman, R. I.; Latombe, J.-C.; Moses,
Y.; and Shoham, Y. 1997. Applications of a logic of knowl-
edge to motion planning under uncertainty. Journal of the
ACM (JACM) 44(5):633–668.
[Brenguier et al. 2017] Brenguier, R.; Pauly, A.; Raskin, J.;
and Sankur, O. 2017. Admissibility in games with imperfect
information (invited talk). In CONCUR’17, 2:1–2:23.
ak et al. 2014] Cerm´
ak, P.; Lomuscio, A.; Mogavero,
F.; and Murano, A. 2014. MCMAS-SLK: A model checker
for the verification of strategy logic specifications. In
CAV’14, 525–532.
[Chatterjee, Henzinger, and Piterman 2010] Chatterjee, K.;
Henzinger, T. A.; and Piterman, N. 2010. Strategy Logic.
Inf. Comput. 208(6):677–693.
[Condurache et al. 2016] Condurache, R.; Filiot, E.; Gen-
tilini, R.; and Raskin, J. 2016. The complexity of rational
synthesis. In ICALP’16, 121:1–121:15.
[Dima, Enea, and Guelev 2010] Dima, C.; Enea, C.; and
Guelev, D. P. 2010. Model-checking an Alternating-time
Temporal Logic with knowledge, imperfect information,
perfect recall and communicating coalitions. EPTCS 25.
[Emerson and Sistla 1984] Emerson, E. A., and Sistla, A. P.
1984. Deciding branching time logic. In STOC’84, 14–24.
[Fagin et al. 1995] Fagin, R.; Halpern, J. Y.; Moses, Y.; and
Vardi, M. Y. 1995. Reasoning about knowledge. MIT press
[French 2001] French, T. 2001. Decidability of quantifed
propositional branching time logics. In AJCAI’01, 165–176.
[Halpern and Moses 1990] Halpern, J. Y., and Moses, Y.
1990. Knowledge and common knowledge in a distributed
environment. Journal of the ACM (JACM) 37(3):549–587.
[Halpern and O’Neill 2005] Halpern, J. Y., and O’Neill,
K. R. 2005. Anonymity and information hiding in multia-
gent systems. Journal of Computer Security 13(3):483–512.
[Huang and Van Der Meyden 2014] Huang, X., and Van
Der Meyden, R. 2014. A temporal logic of strategic knowl-
edge. In KR.
[Jamroga and van der Hoek 2004] Jamroga, W., and van der
Hoek, W. 2004. Agents that know how to play. Fundam.
Inform. 63(2-3):185–219.
[Knight and Maubert 2015] Knight, S., and Maubert, B.
2015. Dealing with imperfect information in strategy logic.
In SR.
[Kupferman et al. 2000] Kupferman, O.; Madhusudan, P.;
Thiagarajan, P. S.; and Vardi, M. Y. 2000. Open systems
in reactive environments: Control and synthesis. In CON-
CUR’00, 92–107.
[Kupferman, Perelli, and Vardi 2016] Kupferman, O.;
Perelli, G.; and Vardi, M. Y. 2016. Synthesis with rational
environments. Ann. Math. Artif. Intell. 78(1):3–20.
[Kupferman 1995] Kupferman, O. 1995. Augmenting
branching temporal logics with existential quantification
over atomic propositions. In CAV’95, 325–338.
[Ladner and Reif 1986] Ladner, R. E., and Reif, J. H. 1986.
The Logic of Distributed Protocols. In TARK’86, 207–222.
[Laroussinie and Markey 2014] Laroussinie, F., and Markey,
N. 2014. Quantified CTL: expressiveness and complexity.
LMCS 10(4).
[Laroussinie and Markey 2015] Laroussinie, F., and Markey,
N. 2015. Augmenting ATL with strategy contexts. IC
[Mogavero et al. 2014] Mogavero, F.; Murano, A.; Perelli,
G.; and Vardi, M. Y. 2014. Reasoning about strategies: On
the model-checking problem. TOCL 15(4):34:1–34:47.
[Neiger and Bazzi 1992] Neiger, G., and Bazzi, R. 1992.
Using knowledge to optimally achieve coordination in dis-
tributed systems. In TARK’92, 43–59.
[Peterson and Reif 1979] Peterson, G. L., and Reif, J. H.
1979. Multiple-person alternation. In SFCS’79, 348–363.
[Pnueli and Rosner 1990] Pnueli, A., and Rosner, R. 1990.
Distributed reactive systems are hard to synthesize. In
FOCS’90, 746–757.
[Puchala 2010] Puchala, B. 2010. Asynchronous omega-
regular games with partial information. In MFCS’10, 592–
[Reif 1984] Reif, J. H. 1984. The complexity of two-player
games of incomplete information. JCSS 29(2):274–301.
[van der Hoek and Wooldridge 2003] van der Hoek, W., and
Wooldridge, M. 2003. Cooperation, knowledge and time:
Alternating-time Temporal Epistemic Logic and its applica-
tions. Studia Logica 75(1):125–157.
[van der Meyden and Shilov 1999] van der Meyden, R., and
Shilov, N. V. 1999. Model checking knowledge and time in
systems with perfect recall (extended abstract). In FSTTCS,
[van der Meyden and Su 2004] van der Meyden, R., and Su,
K. 2004. Symbolic model checking the knowledge of the
dining cryptographers. In CSFW’17, 280–291.
[van der Meyden and Vardi 1998] van der Meyden, R., and
Vardi, M. Y. 1998. Synthesis from knowledge-based speci-
fications. In CONCUR’98. 34–49.
[van der Meyden and Wilke 2005] van der Meyden, R., and
Wilke, T. 2005. Synthesis of distributed systems from
knowledge-based specifications. In CONCUR’05, 562–576.
[van der Meyden 1998] van der Meyden, R. 1998. Common
knowledge and update in finite environments. Inf. Comput.
ResearchGate has not been able to resolve any citations for this publication.
Conference Paper
Full-text available
We study a class of synchronous, perfect-recall multi-agent systemswith imperfect information and broadcasting (i.e., fully observableactions). We define an epistemic extension of strategy logic withincomplete information and the assumption of uniform and coherentstrategies. In this setting, we prove that the model checking problem,and thus rational synthesis, is decidable with non-elementarycomplexity. We exemplify the applicability of the framework on arational secret-sharing scenario.
Conference Paper
Full-text available
We analyse the verification problem for synchronous, perfect recall multi-agent systems with imperfect information against a specification language that includes strategic as well as epistemic operators. While the general problem is known to be undecidable we show that if the agents' actions are public then verification is decidable, and we establish that the computational complexity is 2EexpTime-complete. To illustrate the formal framework we consider two well-known epistemic and strategic puzzles with imperfect information and public actions: the muddy children puzzle and the classic game of battleships.
Full-text available
A general concept of uniform strategies has recently been proposed as a relevant notion in game theory for computer science, which subsumes various notions from the literature. It relies on properties involving sets of plays in two-player turn-based arenas equipped with arbitrary binary relations between plays; these properties are expressed in a language based on with a quantifier over related plays. There are two semantics for our quantifier, a strict one and a full one, that we study separately. Regarding the strict semantics, the existence of a uniform strategy is undecidable for rational binary relations, but introducing jumping tree automata and restricting attention to recognizable relations allows us to establish a 2-Exptime-complete complexity – and still capture a class of two-player imperfect-information games with epistemic temporal objectives. Regarding the full semantics, relying on information set automata we establish that the existence of a uniform strategy is decidable for rational relations and we provide a nonelementary synthesis procedure. We also exhibit an essentially optimal subclass of rational relations for which the problem becomes 2-Exptime-complete. Considering rich classes of relations makes the theory of uniform strategies powerful: it directly entails various results in logics of knowledge and time, some of them already known, and others new.
Full-text available
A propositional logic of distributed protocols is introduced which includes both the logic of knowledge and temporal logic. Phenomena in distributed computing systems such as asynchronous time, incomplete knowledge by the computing agents in the system, and game-like behavior among the computing agents are all modeled in the logic. Two versions of the logic, the linear logic of protocols (LLP) and the tree logic of protocols (TLP) are investigated. The main result is that the set of valid formulas in LLP is undecidable.
Full-text available
In program synthesis, we transform a specification into a program that is guaranteed to satisfy the specification. In synthesis of reactive systems, the environment in which the program operates may behave nondeterministically, e.g., by generating different sequences of inputs in different runs of the system. To satisfy the specification, the program needs to act so that the specification holds in every computation generated by its interaction with the environment. Often, the program cannot observe all attributes of its environment. In this case, we should transform a specification into a program whose behavior depends only on the observable history of the computation. This is called synthesis with incomplete information. In such a setting, it is desirable to have a knowledge-based specification, which can refer to the uncertainty the program has about the environment's behavior. In this work we solve the problem of synthesis with incomplete information with respect to specifications in the logic of knowledge and time. We show that the problem has the same worst-case complexity as synthesis with complete information.
Conference Paper
Full-text available
We present a variant of ATL with distributed knowledge operators based on a synchronous and perfect recall semantics. The coalition modalities in this logic are based on partial observation of the full history, and incorporate a form of cooperation between members of the coalition in which agents issue their actions based on the distributed knowledge, for that coalition, of the system history. We show that model-checking is decidable for this logic. The technique utilizes two variants of games with imperfect information and partially observable objectives, as well as a subset construction for identifying states whose histories are indistinguishable to the considered coalition.
In this paper, we investigate the rational synthesis problem for concurrent game structure for a variety of objectives ranging from reachability to Muller condition. We propose a new algorithm that establishes the decidability of the non cooperative rational synthesis problem that relies solely on game theoretic technique as opposed to previous approaches that are logic based. Thanks to this approach, we construct a zero-sum turn-based game that can be adapted to each one of the afore mentioned objectives thus obtain new complexity results. In particular, we show that reachability, safety, B\"uchi, and co-B\"uchi conditions are PSpace-complete, Parity, Muller, Street, and Rabin are PSpace-hard and in ExpTime.
Conference Paper
We introduce an extension of Strategy logic for the imperfect-information setting, called SL ii , and study its model-checking problem. As this logic naturally captures multi-player games with imperfect information, the problem turns out to be undecidable. We introduce a syntactical class of " hierarchical instances " for which, intuitively, as one goes down the syntactic tree of the formula, strategy quantifications are concerned with finer observations of the model. We prove that model-checking SL ii restricted to hierarchical instances is decidable. This result, because it allows for complex patterns of existential and universal quantification on strategies, greatly generalises previous ones, such as decidability of multi-player games with imperfect information and hierarchical observations, and decidability of distributed synthesis for hierarchical systems. To establish the decidability result, we introduce and study QCTL * ii , an extension of QCTL (itself an extension of CTL with second-order quantification over atomic propositions) by parameterising its quantifiers with observations. The simple syntax of QCTL * ii allows us to provide a conceptually neat reduction of SL ii to QCTL * ii that separates concerns, allowing one to forget about strategies and players and focus solely on second-order quantification. While the model-checking problem of QCTL * ii is, in general, undecidable, we identify a syntactic fragment of hierarchical formulas and prove, using an automata-theoretic approach, that it is decidable. The decidability result for SL ii follows since the reduction maps hierarchical instances of SL ii to hierarchical formulas of QCTL * ii .
We study the extension of the alternating-time temporal logic (ATL) with strategy contexts: contrary to the original semantics, in this semantics the strategy quantifiers do not reset the previously selected strategies.We show that our extension ATLsc is very expressive, but that its decision problems are quite hard: model checking is k-EXPTIME-complete when the formula has k nested strategy quantifiers; satisfiability is undecidable, but we prove that it is decidable when restricting to turn-based games. Our algorithms are obtained through a very convenient translation to QCTL (the computation-tree logic CTL extended with atomic quantification), which we show also applies to Strategy Logic, as well as when strategy quantification ranges over memoryless strategies.
Conference Paper
We address the strategy problem for ω-regular two-player games with partial information, played on finite game graphs. We consider two different kinds of observability on a general model, a standard synchronous and an asynchronous one. In the asynchronous setting, moves which have no visible effect for a player are hidden completely from that player. We generalize the usual powerset construction for eliminating partial information to arbitrary, not necessarily observation based, winning conditions, both in the synchronous and in the asynchronous case, and we show that this generalized construction effectively preserves ω-regular winning conditions. From this we infer decidability of the strategy problem for arbitrary ω-regular winning conditions, in both cases. We also show that our ω-regular framework is sufficient for reasoning about synchronous and asynchronous knowledge by proving that any formula of the epistemic temporal specification formalism ETL can be effectively translated into an S1S-formula defining the same specification.