Conference PaperPDF Available


Two distinct semantics have been considered for knowledge in the context of strategic reasoning, depending on whether players know each other's strategy or not. In the former case, that we call the informed semantics, distributed synthesis for epistemic temporal specifications is undecidable, already on systems with hierarchical information. However, for the other, uninformed semantics, the problem is decid-able on such systems. In this work we generalise this result by introducing an epistemic extension of Strategy Logic with imperfect information. The semantics of knowledge operators is uninformed, and captures agents that can change observation power when they change strategies. We solve the model-checking problem on a class of "hierarchical in-stances", which provides a solution to a vast class of strategic problems with epistemic temporal specifications, such as distributed or rational synthesis, on hierarchical systems.
Reasoning about Knowledge and Strategies under Hierarchical Information
Bastien Maubert and Aniello Murano
a degli Studi di Napoli “Federico II”
Two distinct semantics have been considered for knowledge
in the context of strategic reasoning, depending on whether
players know each other’s strategy or not. In the former
case, that we call the informed semantics, distributed syn-
thesis for epistemic temporal specifications is undecidable,
already on systems with hierarchical information. However,
for the other, uninformed semantics, the problem is decid-
able on such systems. In this work we generalise this re-
sult by introducing an epistemic extension of Strategy Logic
with imperfect information. The semantics of knowledge op-
erators is uninformed, and captures agents that can change
observation power when they change strategies. We solve
the model-checking problem on a class of “hierarchical in-
stances”, which provides a solution to a vast class of strategic
problems with epistemic temporal specifications, such as dis-
tributed or rational synthesis, on hierarchical systems.
Logics of programs, many of which are based on classic
temporal logics such as LTL or CTL, are meant to specify
desirable properties of algorithms. When considering dis-
tributed systems, an important aspect is that each processor
has a partial, local view of the whole system, and can only
base its actions on the available information. Many authors
have argued that this imperfect information calls for logical
formalisms that would allow the modelling and reasoning
about what different processes know of the system, and of
other processes’ state of knowledge. For instance, Halpern
and Moses wrote in (Halpern and Moses 1990):
“[. . . ] explicitly reasoning about the states of knowledge
of the components of a distributed system provides a more
general and uniform setting that offers insight into the basic
structure and limitations of protocols in a given system.”
To reason about knowledge and time, temporal logics
have been extended with the knowledge operator Kafrom
epistemic logic, giving rise to a family of temporal epistemic
logics (Fagin et al. 1995), which have been applied to, e.g.,
information flow and cryptographic protocols (van der Mey-
den and Su 2004; Halpern and O’Neill 2005), coordination
problems in distributed systems (Neiger and Bazzi 1992)
and motion planning in robotics (Brafman et al. 1997).
Copyright c
2018, Association for the Advancement of Artificial
Intelligence ( All rights reserved.
Distributed systems are often open systems, i.e., they in-
teract with an environment and must react appropriately to
actions taken by this environment. As a result, if we take
the analogy where processors are players of a game, and
processes are strategies for the processors, the task of syn-
thesising distributed protocols can be seen as synthesising
winning strategies in multi-player games with imperfect in-
formation. This analogy between the two settings is well
known, and Ladner and Reif already wrote in (Ladner and
Reif 1986) that “Distributed protocols are equivalent to (i.e.,
can be formally modelled as) games”.
To reason about a certain type of game-related proper-
ties in distributed systems, Alternating-time Temporal Logic
(ATL) was introduced (Alur, Henzinger, and Kupferman
2002). It can express the existence of strategies for coalitions
of players in multi-player games, but cannot express some
important game-theoretic concepts, such as the existence of
Nash equilibria. To remedy this, Strategy Logic (SL) (Chat-
terjee, Henzinger, and Piterman 2010; Mogavero et al. 2014)
was defined. Treating strategies as explicit first-order objects
makes it very expressive, and it can for instance talk about
Nash equilibria in a very natural way. These logics have been
studied both for players with perfect information and play-
ers with imperfect information, and in the latter case either
with the assumption that agents have no memory, or that
they remember everything they observe. This last assump-
tion, called perfect recall, is the one usually considered in
distributed synthesis (Pnueli and Rosner 1990) and games
with imperfect information (Reif 1984), and it is also cen-
tral in logics of knowledge and time (Fagin et al. 1995). It is
the one we consider in this work.
In order to reason about knowledge and strategic abilities
in distributed systems, epistemic temporal logics and strate-
gic logics have been combined. In particular, both ATL and
SL have been extended with knowledge operators (van der
Hoek and Wooldridge 2003; Jamroga and van der Hoek
2004; Belardinelli 2015; Dima, Enea, and Guelev 2010;
Belardinelli et al. 2017a; 2017b). However, few decidable
cases are known for the model checking of these logics with
imperfect information and perfect recall. This is not surpris-
ing since strategic logics typically can express the existence
of distributed strategies, a problem known to be undecid-
able for perfect recall, already for purely temporal specifica-
tions (Peterson and Reif 1979; Pnueli and Rosner 1990).
Semantics of knowledge with strategies. Mixing knowl-
edge and strategies raises intricate questions of semantics.
As a matter of fact, we find in the litterature two distinct
semantics for epistemic operators in strategic contexts, one
in works on distributed synthesis from epistemic temporal
specifications, and another one in epistemic strategic logics.
To explain in what they differ, let us first recall the seman-
tics of the knowledge operator in epistemic temporal logics:
a formula Kaϕholds in a history h(finite sequence of states)
of a system if ϕholds in all histories h0that agent acannot
distinguish from h. In other words, agent aknows that ϕ
holds if it holds in all histories that may be the current one
according to what she observed. Now consider that the sys-
tem is a multi-player game, and fix a strategy σbfor some
player b. Two semantics are possible for Ka: one could say
that Kaϕholds if ϕholds in all possible histories that are in-
distinguishable to the current one, as in epistemic temporal
logics, or one could restrict attention to those in which player
bfollows σb, discarding indistinguishable histories that are
not consistent with σb. In the latter case, one may say that
player a’s knowledge is refined by the knowledge of σb, i.e.,
she knows that player bis using strategy σb, and she has the
ability to refine her knowledge with this information, elim-
inating inconsistent possible histories. In the following this
is what we will be referring to when saying that an agent
knows some other agent’s strategy. We shall also refer to the
semantics where aknows σbas the informed semantics, and
that in which she ignores it as the uninformed semantics.
The two semantics are relevant as they model different
reasonable scenarios. For instance if players collaborate and
have the ability to communicate, they may share their strate-
gies with each other. But in many cases, components of a
distributed system each receive only their own strategy, and
thus are ignorant of other components’ strategies.
All epistemic extensions of ATL and SL we know of
consider the uninformed semantics. In contrast, works on
distributed synthesis from epistemic temporal specifications
use the informed semantics (van der Meyden and Vardi
1998; van der Meyden and Wilke 2005), even though it is not
so obvious that they do. Indeed these works consider speci-
fications in classic epistemic temporal logic, without strate-
gic operators. But they ask for the existence of distributed
strategies so that such specifications hold in the system re-
stricted to the outcomes of these strategies. This corresponds
to what we call the informed semantics, as the semantics of
knowledge operators is, in effect, restricted to outcomes of
the strategies that are being synthesised.
We only know of two works that discuss these two se-
mantics. In (Bozzelli, Maubert, and Pinchinat 2015) two
knowledge-like operators are studied, one for each seman-
tics, but distributed synthesis is not considered. More inter-
estingly, Puchala already observes in (Puchala 2010) that the
distributed synthesis problem studied in (van der Meyden
and Vardi 1998; van der Meyden and Wilke 2005) consid-
ers the informed semantics. While the problem is undecid-
able for this semantics even on hierarchical systems (van der
Meyden and Wilke 2005), Puchala sketches a proof that the
problem becomes decidable on the class of hierarchical sys-
tems when the uninformed semantics is used.
Contributions. We introduce a logic for reasoning about
knowledge and strategies. Our Epistemic Strategy Logic
(ESL) is based on Strategy Logic, and besides boolean and
temporal operators, it contains the imperfect-information
strategy quantifier hhxiiofrom SLii (Berthon et al. 2017),
which reads as “there exists a strategy xwith observation
o”, and epistemic operators Kafor each agent a. Our logic
allows reasoning about agents whose means of observing
the system changes over time, as agents may successively
use strategies associated with different observations. This
can model, for instance, an agent that is granted higher se-
curity clearance, giving her access to previously hidden in-
formation. The semantics of our epistemic operators takes
into account agents’ changes of observational power. ESL
also contains the outcome quantifier Afrom Branching-time
Strategy Logic (BSL) (Knight and Maubert 2015), which
quantifies on outcomes of strategies currently used by the
agents, and the unbinding operator (a, ?), which frees an
agent from her current strategy. The latter was introduced
in (Laroussinie and Markey 2015) for ATL with strategy
context and is also present in BSL. The outcome quanti-
fier together with the unbinding operator allow us to express
branching-time temporal properties without resorting to ar-
tificial strategy quantifications which may either affect the
semantics of agents’ knowledge or break hierarchicality.
We solve the model-checking problem for hierarchical in-
stances of ESL. As in SLii, hierarchical instances are for-
mula/model pairs such that, as one goes down the syntactic
tree of the formula, observations annotating strategy quan-
tifiers hhxiiocan only become finer. In addition, in ESL we
require that knowledge operators do not refer to (outcomes
of) strategies quantified higher in the formula.
Any problem which can be expressed as hierarchical in-
stances of our logic is thus decidable, and since ESL is very
expressive such problems are many. A first corollary is an
alternative proof that distributed synthesis from epistemic
temporal specifications with uninformed semantics is decid-
able on hierarchical systems. Puchala announced this result
in (Puchala 2010), but we provide a stronger result by going
from linear-time to branching-time epistemic specifications.
We also allow for nesting of strategic operators in epistemic
ones, as long as hierarchicality is preserved and epistemic
formulas do not refer to previously quantified strategies. An-
other corollary is that rational synthesis (Kupferman, Perelli,
and Vardi 2016; Condurache et al. 2016) with imperfect in-
formation is decidable on hierarchical systems for epistemic
temporal objectives with uninformed semantics.
Our approach to solve the model-checking problem for
our logic extends that followed in (Laroussinie and Markey
2015; Berthon et al. 2017), which consists in “compiling”
the strategic logic under study into an opportune variant
of Quantified CTL, or QCTLfor short (Laroussinie and
Markey 2014). This is an extension of CTLwith second-
order quantification on propositions which serves as an in-
termediary, low-level logic between strategic logics and tree
automata. In (Laroussinie and Markey 2015), model check-
ing ATLwith strategy context is proved decidable by reduc-
tion to QCTL. In (Berthon et al. 2017), model checking
SLii is proved decidable for a class of hierarchical instances
by reduction to the hierarchical fragment of an imperfect in-
formation extension of QCTL, called QCTL
ii. In this work
we define EQCTL
ii, which extends further QCTL
ii with
epistemic operators and an operator of observation change
introduced recently in (Barri`
ere et al. 2018) in the context of
epistemic temporal logics. We define the hierarchical frag-
ment of EQCTL
ii, which strictly contains that of QCTL
and solve its model-checking problem for this fragment.
Related work. We know of five other logics called Epis-
temic Strategy Logic. In (Huang and Van Der Meyden
2014), epistemic temporal logic is extended with a first-
order quantification xon points in runs of the system and
an operator ei(x)that compares local state iat xand at the
current point. When interpreted on systems where strategies
are encoded in local states, this logic can express existence
of strategies and what agents know about it. However it only
concerns memoryless strategies. Strategy Logic is extended
with epistemic operators in (Cerm´
ak et al. 2014), but they
also consider memoryless agents. (Belardinelli 2015) ex-
tends a fragment of SL with epistemic operators, and consid-
ers perfect-recall strategies, but model checking is not stud-
ied. The latter logic is extended in (Belardinelli et al. 2017a),
in which its model-checking problem is solved on the class
of broadcast systems. In (Knight and Maubert 2015) SL is
also extended with epistemic operators and perfect-recall
agents. Their logic does not require strategies to be uniform,
but this requirement can be expressed in the language. How-
ever no decidability result is provided. The result we present
here is the first for an epistemic strategic logic with perfect
recall on hierarchical systems. In addition, ours is the first
epistemic strategic logic to allow for changes of observa-
tional power.
Plan. We first define ESL and hierarchical instances, and
announce our main result. Next we introduce EQCTL
ii and
solve the model-checking problem for its hierarchical frag-
ment. We then establish our main result by reducing model
checking hierarchical instances of ESL to model checking
hierarchical EQCTL
ii. We finally present two corollaries,
exemplifying what our logic can express, and we finish with
a discussion on the semantics of knowledge and strategies.
Let Σbe an alphabet. A finite (resp. infinite)word over Σ
is an element of Σ(resp. Σω). The length of a finite word
w=w0w1. . . wnis |w|:= n+ 1, last(w) := wnis its
last letter, and we note for the empty word. Given a finite
(resp. infinite) word wand 0i≤ |w|(resp. iN), we
let wibe the letter at position iin w,wiis the prefix of w
that ends at position iand wiis the suffix of wthat starts
at position i. We write w4w0if wis a prefix of w0, and w4
is the set of finite prefixes of word w. Finally, the domain
of a mapping fis written dom(f), and for nNwe let
[n] := {iN: 1 in}.
We fix for the rest of the paper a number of parameters for
our logics and models: AP is a finite set of atomic proposi-
tions, Ag is a finite set of agents or players, Var is a finite set
of variables and Obs is a finite set of observation symbols.
These data are implicitly part of the input for the model-
checking problems we consider.
Epistemic Strategy Logic
In this section we introduce our epistemic extension of Strat-
egy Logic with imperfect information.
The models of ESL are essentially the same as those of
SLii, i.e., concurrent game structures extended by an obser-
vation interpretation O, that maps each observation symbol
oObs to an equivalence relation O(o)over positions of
the game structure. However models in ESL contain, in ad-
dition, an initial observation for each player. This initial ob-
servation may change if the player receives a strategy corre-
sponding to a different observation.
Definition 1 (CGSii).Aconcurrent game structure with
imperfect information (or CGSii for short) is a structure
G= (Ac, V, E , `, O, vι,oι)where
Ac is a finite non-empty set of actions,
Vis a finite non-empty set of positions,
E:V×AcAg Vis a transition function,
`:V2AP is a labelling function,
O :Obs V×Vis an observation interpretation, and
for each oObs,O(o)is an equivalence relation,
vιVis an initial position, and
oιObsAg is a tuple of initial observations.
Two positions being equivalent for relation O(o)means
that a player using a strategy with observation ocannot dis-
tinguish them. In the following we may write ofor O(o)
and v∈ G for vV.
Joint actions. When in a position vV, each player a
chooses an action caAc and the game proceeds to po-
sition E(v, c), where cAcAg stands for the joint action
(ca)aAg. If c= (ca)aAg , we let cadenote cafor aAg.
Plays and strategies. Afinite (resp. infinite)play is a finite
(resp. infinite) word ρ=v0. . . vn(resp. π=v0v1. . .) such
that v0=vιand for all iwith 0i < |ρ| − 1(resp. i0),
there exists a joint action csuch that E(vi,c) = vi+1. We
let Plays be the set of finite plays. A strategy is a function
σ:Plays Ac, and we let Str be the set of all strategies.
Assignments. An assignment χ:AgVar *Str is a partial
function assigning to each player and variable in its domain
a strategy. For an assignment χ, a player aand a strategy
σ,χ[a7→ σ]is the assignment of domain dom(χ)∪ {a}
that maps ato σand is equal to χon the rest of its domain,
and χ[x7→ σ]is defined similarly, where xis a variable;
also, χ[a7→?] is the assignment of domain dom(χ)\{a}, on
which it is equal to χ.
Outcomes. For an assignment χand a finite play ρ, we let
out(χ, ρ)be the set of infinite plays that start with ρand
are then extended by letting players follow the strategies as-
signed by χ. Formally, out(χ, ρ)is the set of infinite plays
of the form ρ·v1v2. . . such that for all i0, there exists c
such that for all adom(χ)Ag, caχ(a)(ρ·v1. . . vi)
and vi+1 =E(vi,c), with v0=last(ρ).
Synchronous perfect recall. Players with perfect recall re-
member the whole history of a play. Each observation rela-
tion is thus extended to finite plays as follows: ρoρ0if
|ρ|=|ρ0|and ρioρ0
ifor every i∈ {0,...,|ρ| − 1}.
Uniform strategies. For oObs, an o-strategy is a strategy
σ:V+Ac such that σ(ρ) = σ(ρ0)whenever ρoρ0.
For oObs we let Strobe the set of all o-strategies.
ESL extends SLii with knowledge operators Kafor each
agent aAg, and the outcome quantifier from Branching-
time Strategy Logic, introduced in (Knight and Maubert
2015), which quantifies on outcomes of the currently fixed
strategies. While in SL temporal operators could only be
evaluated in contexts where all agents were assigned to a
strategy, this outcome quantifier allows for evaluation of
(branching-time) temporal properties on partial assignments
of strategies to agents. This outcome quantifier can be sim-
ulated in usual, linear-time variants of Strategy Logic, by
quantifying on strategies for agents who do not currently
have one. But in the context of imperfect information, where
strategy quantifiers are parameterised by an observation, this
may cause to either break the hierarchy or artificially modify
an agent’s observation, which affects his knowledge.
Definition 2 (ESL Syntax).The syntax of ESL is defined by
the following grammar:
ϕ:p| ¬ϕ|ϕϕ| hhxiioϕ|(a, x)ϕ|(a, ?)ϕ|Kaϕ|Aψ
ψ:ϕ| ¬ψ|ψψ|Xψ|ψUψ,
where pAP,xVar,oObs and aAg.
Formulas of type ϕare called history formulas, those of
type ψare path formulas. We may use usual abbreviations
>:= p∨ ¬p,:= ¬>,ϕϕ0:= ¬ϕϕ0,Fϕ:= >Uϕ,
Gϕ:= ¬F¬ϕ,[[x]]oϕ:= ¬hhxiio¬ϕand Eψ:= ¬A¬ψ.
A variable xappears free in a formula ϕif it appears out
of the scope of a strategy quantifier. We let free(ϕ)be the
set of variables that appear free in ϕ. An assignment χis
variable-complete for a formula ϕif its domain contains all
free variables in ϕ. Finally, a sentence is a history formula ϕ
such that free(ϕ) = .
Remark 1. Without loss of generality we can assume that
each strategy variable xis quantified at most once in an ESL
formula. Thus, each variable xthat appears in a sentence is
uniquely associated to a strategy quantification hhxiio, and
we let ox=o.
Discussion on the syntax. In SLii as well as in ESL, the ob-
servation used by a strategy is specified at the level of strat-
egy quantification: hhxiioϕreads as “there exists a strategy
xwith observation osuch that ϕholds”. When a strategy
with observation ois assigned to some agent avia a bind-
ing (a, x), it seems natural to consider that agent astarts
observing the system with observation o. As a result agents
can change observation when they change strategy, and thus
they can observe the game with different observation powers
along a same play. This contrasts with most of the literature
on epistemic temporal logics, where each agent’s observa-
tion power is usually fixed in the model.
Epistemic relations with changing observations
Dynamic observation change has been studied recently in
the context of epistemic temporal logics in (Barri`
ere et al.
2018), from which come the following definitions.
First, dealing with the possibility to dynamically change
observation requires to remember which observation each
agent had at each point in time.
Observation records. An observation record rafor agent
aAg is a finite word over N×Obs, i.e., ra(N×Obs).
If at time n, an agent awith current observation record ra
receives a strategy with observation o, her new observation
record is ra·(o, n). The observation record ra[n]is the pro-
jection of raon {n} × Obs, and represents the sequence of
observation changes that occurred at time n.
Given an observation record for each agent r= (ra)aAg,
we note rafor ra. We say that an observation record rstops
at time nif ra[m]is empty for all m > n, and rstops at
a finite play ρif it stops at time |ρ| − 1. If rstops at time
n, we let r·(n, o)abe the observation record rwhere rais
replaced with ra·(n, o).
At each step of a play, each agent observes the new po-
sition with her current observation power. Then, if an agent
changes strategy, she observes the same position with the ob-
servation of the new strategy, which may be different from
the previous one. Also, due to the syntax of ESL, an agent
may change observation several times before the next step.
Therefore, the observation sequence osa(r, n)with which
agent aobserves the game at time nconsists of the observa-
tion she had when the n-th move is taken, plus those corre-
sponding to strategy changes that occur before the next step.
It is defined by induction on n:
osa(r,0) = o1·. . . ·ok,
if ra[0] = (0, o1)·. . . ·(0, ok),and
osa(r, n + 1) = last(osa(r, n)) ·o1·. . . ·ok,
if ra[n+ 1] = (n+ 1, o1)·. . . ·(n+ 1, ok).
If at time nagent adoes not receive a new strategy,
osa(r, n)contains only one observation, which will be ei-
ther that of the last strategy taken by the agent or the agent’s
initial observation, given by the CGSii.
The indistinguishability relation for synchronous perfect-
recall with observation change is defined as follows.
Definition 3. For ρand ρ0two finite plays and ran ob-
servation record, ρand ρ0are observationally equivalent
to agent a, written ρr
aρ0, if |ρ|=|ρ0|and, for every
i∈ {0,...,|ρ| − 1}, for every oosa(r, i),ρioρ0
Remark 2. Observe that, at a given point in time, the order
in which an agent observes the game with different observa-
tion does not matter. Intuitively, all that matters is the total
information gathered before the next step. Also, in the case
of an empty observation record, the above definition corre-
sponds to blind agents, for which all finite plays of same
length are indistinguishable. However in the following ob-
servation records will never be empty, but will always be
initialised with the initial observations given by the model.
We now define the semantics of ESL.
Definition 4 (ESL Semantics).The semantics of a history
formula is defined on a game G(omitted below), an assign-
ment χvariable-complete for ϕ, and a finite play ρ. For a
path formula ψ, the finite play is replaced with an infinite
play πand an index iN. The definition is as follows:
χ, r, ρ |=pif p`(last(ρ))
χ, r, ρ |=¬ϕif χ, r, ρ 6|=ϕ
χ, r, ρ |=ϕϕ0if χ, r, ρ |=ϕor χ, r, ρ |=ϕ0
χ, r, ρ |=hhxiioϕif σStro. χ[x7→ σ],r, ρ |=ϕ
χ, r, ρ |= (a, x)ϕif χ[a7→ χ(x)],r, ρ |=ϕ
χ, r, ρ |= (a, ?)ϕif χ[a7→?],r, ρ |=ϕ
χ, r, ρ |=Kaϕif ρ0Plays s.t. ρ0r
χ, r, ρ0|=ϕ
χ, r, ρ |=Aψif πout(χ, ρ),
χ, r, π, |ρ| − 1|=ψ
χ, r, π, i |=ϕif χ, r, πi|=ϕ
χ, r, π, i |=¬ψif χ, r, π, i 6|=ψ
χ, r, π, i |=ψψ0if χ, r, π, i |=ψor χ, r, π, i |=ψ0
χ, r, π, i |=Xψif χ, r, π, i + 1 |=ψ
χ, r, π, i |=ψUψ0if jis.t. χ, r, π, j |=ψ0and
k[i, j[, χ, r, π, k |=ψ
The satisfaction of a sentence is independent of the as-
signment; for an ESL sentence ϕwe thus let G,r, ρ |=ϕif
G, χ, r, ρ |=ϕfor some assignment χ. We also write G |=ϕ
if G,rι, vι|=ϕ, where rι= (0,oι
Discussion on the semantics. First, the semantics of the
knowledge operator corresponds, as announced, to what we
called uninformed semantics in the introduction. Indeed it is
not restricted to outcomes of strategies followed by the play-
ers: Kaϕholds in a finite play ρif ϕholds in all finite plays
in the game that are indistinguishable to ρfor agent a.
Also, note that the relation for perfect recall with obser-
vation change, and thus also observation records, are only
used in the semantics of the knowledge operators. As usual,
a strategy with observation ohas to be uniform with regards
to the classic perfect-recall relation ofor static observa-
tions, even if it is assigned to an agent who previously had a
different observation. The reasons to do so are twofold.
First, we do not see any other natural definition. One may
think of parameterising strategy quantifiers with observation
records instead of mere observations, but this would require
to know at the level of quantification at which points in time
the strategy will be given to an agent, and what previous ob-
servations this agent would have had, which is not realistic.
More importantly, when one asks for the existence of a
uniform strategy after some finite play ρ, it only matters how
the strategy is defined on suffixes of ρ, and thus the unifor-
mity constraint also is relevant only on such plays. But for
such plays, the “fixed observation” indistinguishability re-
lation is the same as the “dynamic observation” one. More
precisely, if agent areceives observation oat the end of ρ,
i.e., last(ra) = (|ρ|− 1, o), then for all finite plays ρ0, ρ00 that
are suffixes of ρ, we have ρ0oρ00 if, and only if, ρ0r
Indeed, since we use the S5 semantics of knowledge, i.e.,
indistinguishability relations are equivalence relations, the
prefix ρis always related to itself, be it for r
aor o, and
after ρboth relations only consider observation o.
Model checking and hierarchical instances
We now introduce the decision problem studied in this paper,
i.e., the model-checking problem for ESL.
Model checking. An instance is a pair ,G)where Φis
a sentence of ESL and Gis a CGSii. The model-checking
problem for ESL is the decision problem that, given an in-
stance ,G), returns ‘yes’ if G |= Φ, and ‘no’ otherwise.
SLii can be translated into ESL, by adding outcome quan-
tifiers before temporal operators. Since model checking SLii
is undecidable (Berthon et al. 2017), we get the following
Theorem 1. Model checking ESL is undecidable.
Hierarchical instances. We now isolate a sub-problem ob-
tained by restricting attention to hierarchical instances. In-
tuitively, an ESL-instance ,G)is hierarchical if, as one
goes down a path in the syntactic tree of Φ, the observa-
tions parameterising strategy quantifiers become finer. In ad-
dition, epistemic formulas must not talk about currently de-
fined strategies.
Given an ESL sentence Φand a syntactic subformula ϕ
of Φ, by parsing Φ’s syntactic tree one can define the set
Ag(ϕ)of agents who are bound to a strategy at the level of
ϕ, as well as where in Φthese strategies are quantified upon.
Definition 5. Let Φbe an ESL sentence. A subformula Kaϕ
is free if for every subformula Aψof ϕ, the current strategy
of each agent in Ag(Aψ)is quantified within ϕ.
In other words, an epistemic subformula Kaϕis free if it
does not talk about strategies that are quantified before it.
Example 1. If Φ = hhxiio(a, x)KaAXp, then KaAXpis
not free in Φ, because at the level of Aagent ais bound to
strategy xwhich is quantified “outside” of KaAXp. But if
Φ = hhxiio(a, x)Ka(a, ?)AXp, then Ka(a, ?)AXpis free
in Φ, because at the level of Ano agent is bound to a
strategy. Also if Φ = hhxiio(a, x)Kahhyiio0(a, y)AXp, then
Kahhyiio0(a, y)AXpis free in Φ, because at the level of A
the only agent bound to a strategy is a, and her strategy is
quantified upon after the knowledge operator.
We can now define the hierarchical fragment for which
we establish decidability of the model-checking problem.
Definition 6 (Hierarchical instances).An ESL-instance
,G)is hierarchical if all epistemic subformulas of Φare
free in Φand, for all subformulas of the form ϕ1=hhxiio1ϕ0
and ϕ2=hhxiio2ϕ0
2where ϕ2is a subformula of ϕ0
1, it holds
that O(o2)⊆ O(o1).
In other words, an instance is hierarchical if innermost
strategy quantifiers observe at least as much as outermost
ones, and epistemic formulas do not talk about current
strategies. Here is the main contribution of this work:
Theorem 2. The model-checking problem for ESL re-
stricted to the class of hierarchical instances is decidable.
We prove this result by reducing it to the model-checking
problem for the hierarchical fragment of an extension of
QCTLwith imperfect information, knowledge and obser-
vation change, which we now introduce and study in order
to use it as an intermediate, “low-level” logic between tree
automata and ESL.
ii with knowledge and observation
QCTLextends CTLwith second order quantification on
atomic propositions (Emerson and Sistla 1984; Kupferman
1995; Kupferman et al. 2000; French 2001; Laroussinie
and Markey 2014). It was recently extended to model
imperfect-information aspects, resulting in the logic called
ii (Berthon et al. 2017). In this section we first de-
fine an epistemic extension of QCTL
ii with operators for
knowledge and dynamic observation change, that we call
ii. Then we define the syntactic class of hierarchical
formulas and prove that model checking this class of formu-
las is decidable.
The models of EQCTL
ii, as those of QCTL
ii, are structures
in which states are tuples of local states. Fix nN.
Local states. Let {Li}i[n]denote ndisjoint finite sets of
local states. For I[n], we let LI:= QiILiif I6=,
and L:= {0}where 0is a special symbol.
Concrete observations. A set o [n]is a concrete obser-
vation (to distinguish from observation symbols oof ESL).
Fix o [n]and I[n]. Two tuples x, x0LIare o-
indistinguishable, written xox0, if for each iIo,
i. Two words u=u0. . . uiand u0=u0
0. . . u0
alphabet LIare o-indistinguishable, written uou0, if i=
jand for all k∈ {0, . . . , i}we have ukou0
Compound Kripke structures. These are like Kripke struc-
tures except that the states are elements of L[n]. A com-
pound Kripke structure, or CKS, over AP, is a tuple S=
(S, R, `, sι,oι)where SL[n]is a set of states,RS×S
is a left-total1transition relation,`:S2AP is a labelling
function,sιSis an initial state, and oι= (oι
a)aAg is an
initial concrete observation for each agent.
Apath in Sis an infinite sequence of states π=s0s1. . .
such that for all iN,(si, si+1)R, and a finite path
ρ=s0s1. . . snis a finite prefix of a path. For sS, we let
Pathsω(s)be the set of all paths that start in s, and Paths(s)
is the set of finite paths that start in s.
Syntax of EQCTL
The syntax of EQCTL
ii extends that of QCTL
ii with epis-
temic operators Kaand observation-change operators o
which were recently introduced and studied in (Barri`
ere et
al. 2018) in an epistemic temporal logic without second-
order quantification.
1i.e., for all sS, there exists s0such that (s, s0)R.
Definition 7 (EQCTL
ii Syntax).The syntax of EQCTL
ii is
defined by the following grammar:
ϕ:= p| ¬ϕ|ϕϕ|Aψ| ∃op. ϕ |Kaϕ|o
ψ:= ϕ| ¬ψ|ψψ|Xψ|ψUψ
where pAP,aAg and o[n].
Formulas of type ϕare called state formulas, those of
type ψare called path formulas, and EQCTL
ii consists
of all the state formulas. Ais the classic path quantifier
from branching-time temporal logics. ois the second-order
quantifier with imperfect information from QCTL
ii (Berthon
et al. 2017). op. ϕ holds in a tree if there is way to choose
a labelling for psuch that ϕholds, with the constraint that
o-equivalent nodes of the tree must be labelled identically.
Kaϕmeans “agent aknows that ϕholds”, where the knowl-
edge depends on the sequence of observations agent ahas
had; finally, o
aϕmeans that after agent aswitches to obser-
vation o, ϕholds.
Given an EQCTL
ii formula ϕ, we define the set of quan-
tified propositions AP(ϕ)AP as the set of atomic propo-
sitions psuch that ϕhas a subformula of the form op. ϕ.
We also define the set of free propositions APf(ϕ)AP as
the set of atomic propositions pthat appear out of the scope
of any quantifier of the form op.
Semantics of EQCTL
Before defining the semantics of the logic we first recall
some definitions for trees.
Trees. Let Xbe a finite set (typically a set of states). An
X-tree τis a nonempty set of words τX+such that:
there exists xιX, called the root of τ, such that each
uτstarts with xι(i.e., xι4u);
if u·xτand u6=, then uτ, and
if uτthen there exists xXsuch that u·xτ.
The elements of a tree τare called nodes. If u·xτ,
we say that u·xis a child of u. A path in τis an infinite
sequence of nodes λ=u0u1. . . such that for all iN,
ui+1 is a child of ui, and Pathsω(u)is the set of paths that
start in node u. An AP-labelled X-tree, or (AP, X)-tree for
short, is a pair t= (τ, `), where τis an X-tree called the
domain of tand `:τ2AP is a labelling. For a labelled
tree t= (τ, `)and an atomic proposition pAP, we define
the p-projection of tas the labelled tree tp:= (τ, ` p),
where for each uτ,`p(u) := `(u)\ {p}. Two labelled
trees t= (τ, `)and t0= (τ0, `0)are equivalent modulo p,
written tpt0, if tp=t0p(in particular, τ=τ0).
Quantification and uniformity. In EQCTL
ii, as in QCTL
op. ϕ holds in a tree tif there is some o-uniform p-labelling
of tsuch that twith this p-labelling satisfies ϕ. A p-labelling
of a tree is o-uniform if every two nodes that are indistin-
guishable for observation o agree on their p-labelling.
Definition 8 (o-uniformity).A labelled tree t= (τ, `)is o-
uniform in pif for every pair of nodes u, u0τsuch that
uou0, we have p`(u)iff p`(u0).
Changing observations. To capture how the observation-
change operator affects the semantics of the knowledge op-
erator, we use again observation records rand the asso-
ciated notion of observation sequence osa(r, n). They are
defined as for ESL except that observation symbols oare
replaced with concrete observations o. For u=u0. . . ui
and u0=u0
0. . . u0
jover alphabet LI, and an observation
record r, we say that uand u0are observationally equiva-
lent to agent a, written ur
au0, if i=jand, for every
k∈ {0, . . . , i}and every o osa(r, k),ukou0
Finally, we inductively define the satisfaction relation |=.
Let t= (τ, `)be a 2AP -labelled LI-tree, ua node and ran
observation record that stops at u:
t, r, u |=pif p`(u)
t, r, u |=¬ϕif t, r, u 6|=ϕ
t, r, u |=ϕϕ0if t, r, u |=ϕor t, r, u |=ϕ0
t, r, u |=Eψif λPathsω(u)s.t. t, r, λ |=ψ
t, r, u |=op. ϕ if t0pts.t. t0is o-uniform in p
and t0,r, u |=ϕ
t, r, u |=Kaϕif u0ts.t. ur
t, r, u0|=ϕ
And if λis a path in τand rstops at λ0:
t, r, λ |=ϕif t, r, λ0|=ϕ
t, r, λ |=¬ψif t, r, λ 6|=ψ
t, r, λ |=ψψ0if t, r, λ |=ψor t, r, λ |=ψ0
t, r, λ |=Xψif t, r, λ1|=ψ
t, r, λ |=ψUψ0if i0s.t. t, r, λi|=ψ0and
js.t. 0j < i, t, r, λj|=ψ
We let t, r|=ϕdenote t, r, xι|=ϕ, where xιis t’s root.
Tree unfoldings tS.Let S= (S, R, `, sι,oι)be a com-
pound Kripke structure over AP. The tree-unfolding of S
is the (AP, S)-tree tS:= (τ , `0), where τis the set of all
finite paths that start in sι, and for every uτ,`0(u) :=
`(last(u)). Given a CKS Sand an EQCTL
ii formula ϕ, we
write S |=ϕif tS,rι|=ϕ, where rι= (0,oι
Model-checking problem for EQCTL
ii.The model-
checking problem for EQCTL
ii is the following: given an
instance (S, ϕ)where Sis a CKS and ϕis an EQCTL
ii for-
mula, return ‘Yes’ if S |=ϕand ‘No’ otherwise.
Clearly, EQCTL
ii subsumes QCTL
ii. Since the latter has
an undecidable model-checking problem (Berthon et al.
2017), the following is immediate:
Theorem 3. Model checking EQCTL
ii is undecidable.
We now present the syntactic fragment for which we
prove that model checking is decidable. First we adapt the
notion of free epistemic formula to the context of EQCTL
Intuitively, an epistemic subformula ϕof a formula Φis free
if it does not contain a free occurrence of a proposition quan-
tified in Φ. To see the connection with the corresponding
notion for ESL, consider that quantification on propositions
will be used to capture quantification on strategies.
Definition 9. Let ΦEQCTL
ii, and recall that we assume
AP(Φ)APf(Φ) = . An epistemic subformula ϕ=Kaϕ0
of Φis free in Φif AP(Φ) APf(ϕ) = .
For instance, if Φ = op. (Kap)Kaq, then subformula
Kaqis free in Φ, but subformula Kapis not because pis
quantified in Φand appears free in Kap.
Definition 10 (Hierarchical formulas).An EQCTL
ii for-
mula Φis hierarchical if all its epistemic subformulas are
free in Φ, and for all subformulas ϕ1, ϕ2of the form ϕ1=
o1p1. ϕ0
1and ϕ2=o2p2. ϕ0
2where ϕ2is a subformula of
1, we have o1o2.
In other words, a formula is hierarchical if epistemic
subformulas are free, and innermost propositional quanti-
fiers observe at least as much as outermost ones. Note that
this is very close to hierarchical formulas of ESL. We let
ii,be the set of hierarchical EQCTL
ii formulas.
Theorem 4. The model-checking problem for EQCTL
non-elementary decidable.
Proof sketch. We build upon the tree automata construction
for QCTL
ii presented in (Berthon et al. 2017), which we
extend to take into account knowledge operators and obser-
vation change. To do so we resort to the k-trees machinery
developed in (van der Meyden 1998; van der Meyden and
Shilov 1999), and extended in (Barri`
ere et al. 2018) to the
case of dynamic observation change. One also needs to ob-
serve that free epistemic subformulas can be evaluated in-
differently in any node of the input tree.
Model-checking hierarchical ESL
In this section we prove that model checking hierarchical
instances of ESL is decidable (Theorem 2), by reduction to
the model-checking problem for QCTL
Let ,G)be a hierarchical instance of the ESL model-
checking problem. The construction of the CKS is the same
as in (Berthon et al. 2017), except that in addition we have
to deal with initial observations.
Constructing the CKS SG.Let G= (Ac, V, E , `, O, vι,oι)
and Obs ={o1, . . . , on}. For i[n], define the local states
Li:= {[v]oi|vV}where [v]ois the equivalence class
of vfor relation o. We also let Ln+1 := V. Finally, let
APv:= {pv|vV}be a set of fresh atomic propositions,
disjoint from AP.
Define the CKS SG:= (S, R, `0, sι,oι)where
S:= {sv|vV},
where sv:= ([v]o1,...,[v]on, v)Qi[n+1] Li.
R:= {(sv, sv0)| ∃cAcAg s.t. E(v, c) = v0} ⊆ S2,
`0(sv) := `(v)∪ {pv} ⊆ AP APv,
sι:= svι,
oιis such that oι
a={i}if oι
For every ρ=v0. . . vk, we let uρ:= sv0. . . svk. The
mapping ρ7→ uρis a bijection between finite plays in G
and nodes in tSG. For i[n]we let oi={i}, and for an
observation record rin Gwe let r0be the observation record
in SGwhere each oiis replaced with oi.
Constructing the EQCTL
ii,formulas (ϕ)f.Suppose that
Ac ={c1, . . . , cl}; let APc:= {px
c|cAc and xVar}
be a set of propositions disjoint from AP APv. For every
partial function f:Ag *Var we define (ϕ)fby induction
on ϕ. All cases for boolean, temporal and knowledge opera-
tors are obtained by simply distributing over the operators of
the logic; for instance, (p)f=pand (Kaϕ)f=Ka(ϕ)f.
We now describe the translation for the remaining cases.
c1. . .
cl. ϕstr(x)(ϕ)f
where eoi={j| O(oi)⊆ O(oj)}, and
ϕstr(x) = AG _
Note that oi={i} ⊆ eoi. The definition of eoiis tailored to
obtain a hierarchical EQCTL
ii formula. It is correct because
for each additional component in eoi(i.e., each j6=i), we
have O(oi)⊆ O(oj), meaning that each such component
jbrings less information than component i. A strategy thus
has no more information with eoithan it would with oi.
For the binding operator, agent as observation becomes
the one associated with strategy variable x(see Remark 1):
((a, x)ϕ)f:= ∆oi
a(ϕ)f[a7→x]if ox=oi.
For the outcome quantifier, we let
(Aψ)f:= A(ψout(f)(ψ)f),where
ψout(f) = G^
The formula ψout(f)selects paths in which agents who
are assigned to a strategy follow it.
Proposition 5. Suppose that free(ϕ)Ag dom(f), that
for all adom(f),f(a) = xiff χ(a) = χ(x), and that r
stops at ρ. Then
G, χ, r, ρ |=ϕif and only if tSG,r0, uρ|= (ϕ)f.
Applying this to sentence Φ, any assignment χ,f=,
ρ=vιand initial observation records, we get that
G |= Φ if and only if tSG|= (Φ) .
Preserving hierarchy. To complete the proof of Theorem 2
we show that (Φ) is a hierarchical EQCTL
ii formula.
First, observe that if Kaϕis a free epistemic formula in Φ,
then its translation is also a free epistemic formula in (Φ) .
Indeed, the only atomic propositions that are quantified in
(Φ) are of the form px
c. They code for strategies, and ap-
pear only in translations of strategy quantifiers, where they
are quantified upon, and outcome quantifiers. Thus they can
only appear free in the translation of an epistemic formula
Kaϕif ϕcontains an outcome quantifier where some agent
uses a strategy that is not quantified within ϕ. Concerning
the hierarchy on observations of quantifiers, simply observe
that Φis hierarchical in G, and for every two observations oi
and ojin Obs such that O(oi)⊆ O(oj), by definition of eok
we have that eoieoj.
ESL being very expressive, many strategic problems with
epistemic temporal specifications can be cast as model-
checking problems for ESL. Our main result thus provides
a decision procedure for such problems on systems with hi-
erarchical information. We present two such applications.
Distributed synthesis
We consider the problem of distributed synthesis from epis-
temic temporal specifications studied in (van der Meyden
and Vardi 1998; van der Meyden and Wilke 2005) and we
give a precise definition to its variant with uninformed se-
mantics of knowledge, discussed in (Puchala 2010).
Assume that Ag ={a1, . . . , an, e}, where eis a spe-
cial player called the environment. Assume also that to each
player aiis assigned an observation symbol oi. The above-
mentioned works consider specifications from linear-time
epistemic temporal logic LTLK, which extends LTL with
knowledge operators. The semantics of knowledge opera-
tors contains an implicit universal quantification on contin-
uations of indistinguishable finite plays. In (van der Meyden
and Vardi 1998; van der Meyden and Wilke 2005), which
considers the informed semantics of knowledge, i.e., where
all players know each other’s strategy, this quantification
is restricted to continuations that follow these strategies;
in (Puchala 2010), which considers the uninformed seman-
tics, it quantifies over all possible continuations in the game.
We now prove a stronger result than the one announced
in (Puchala 2010), by allowing the use of either existential
or universal quantification on possible continuations after a
knowledge operator. For an ESL path formula ψ, we define
Φsyn(ψ) := hhx1iio1. . . hhxniion(a1, x1). . . (an, xn)Aψ.
Note that the outcome quantifier Aquantifies on all pos-
sible behaviours of the environment.
Definition 11. The epistemic distributed synthesis problem
with uninformed semantics is the following: given a CGSii G
and an ESL path formula ψ, decide whether G |= Φsyn(ψ).
Let LTLK (CTLK) the set of path formulas obtained
by allowing in LTL subformulas of the form Kaϕ, with
ϕCTLK. The path quantifier from CTLKquantifies
on all possible futures, and is simulated in ESL by an un-
binding for all players followed by an outcome quantifier.
Therefore with specifications ψin LTLK (CTLK), all epis-
temic subformulas are free. It follows that if the system Gis
hierarchical, and we assume without loss of generality that
O(oi)⊇ O(oi+1), then (G,Φsyn(ψ)) is a hierarchical in-
stance of ESL.
Theorem 6. The epistemic distributed synthesis problem
from specifications in LTLK (CTLK) with uninformed se-
mantics is decidable on hierarchical systems.
In fact we can deal with even richer specifications: as long
as hierarchy is not broken and epistemic subformulas remain
free, it is possible to re-quantify on agents’ strategies inside
an epistemic formula. Take for instance formula
ψ=FKan(a1,?) . . . (an,?)hhxiion(an, x)AGKanp
It says that eventually, agent anknows that she can change
strategy so that in all outcomes of this strategy, she will al-
ways know that pholds. If Gis hierarchical, then Φsyn(ψ)
forms a hierarchical instance with G. Consider now formula
ψ=FKai(a1,?) . . . (an,?)[[x]]o(aj, x)EG¬Kajp
which means that eventually agent aiknows that for any
strategy with observation othat agent ajmay take, there is
an outcome in which ajnever knows that pholds. If ois
finer than on(and thus all other oi), for instance if orep-
resents perfect information, then hierarchy is preserved and
we can solve distributed synthesis for this specification. In
addition, the semantics of our knowledge operator takes into
account the fact that agent ajchanges observation power.
Rational synthesis
Consider Ag ={a1, . . . , an}, each player aihaving obser-
vation symbol oi. Given a global objective ψgand individual
objectives ψifor each player ai, define
Φrat := hhx1iio1. . . hhxniion(a1, x1). . . (an, xn)Aψg
[[xi]]oi((ai, xi)Aψi)Aψi.
It is easy to see that Φrat expresses the existence of a solu-
tion to the cooperative rational synthesis problem (Kupfer-
man, Perelli, and Vardi 2016; Condurache et al. 2016).
However this formula does not form hierarchical instances,
even with hierarchical systems. But the same argument used
in (Berthon et al. 2017) for Nash equilibria shows that Φrat
is equivalent to Φ0
rat, obtained from Φrat by replacing each
[[xi]]oiwith [[xi]]op, where oprepresents perfect observation.
Theorem 7. Rational synthesis from LTL (CTLK) specifi-
cations is decidable on hierarchical systems.
As in the case of distributed synthesis discussed before,
we can in fact handle more complex specifications, nesting
knowledge and strategy quantification.
In the uninformed semantics, players ignore each other’s
strategy, but they also ignore their own one, in the sense
that they consider possible finite plays in which they act
differently from what their strategy prescribes. This is the
usual semantics in epistemic strategic logics (van der Hoek
and Wooldridge 2003; Jamroga and van der Hoek 2004;
Belardinelli 2015; Dima, Enea, and Guelev 2010; Belar-
dinelli et al. 2017a; 2017b), and in some situations it may be
what one wants to model. For instance, an agent may exe-
cute her strategy step by step without having access to what
her strategy would have prescribed in alternative plays. In
this case, it is not possible for the agent to know whether a
possible play follows her strategy or not, and thus the unin-
formed semantics of knowledge is the right one.
On the other hand it seems natural, especially formu-
lated in these terms, to assume that an agent knows her own
strategy. We describe how, in the case where agents do not
change strategies or observation along time, this semantics
can be retrieved within the uninformed semantics.
Assume that player ais assigned some observation sym-
bol oa. As pointed out in (Puchala 2010, p.16), in the set-
ting of synchronous perfect recall, letting a player know
her strategy is equivalent to letting her remember her own
actions. To see this, assume that finite plays also contain
each joint action between two positions, and let 0
such that vιc1v1. . . cnvn0
oavιc1v1. . . cnvnif for all
i∈ {1, . . . , n},ca=c0
aand vioav0
i. Then, for a strategy
σof player aand two finite plays ρ, ρ0such that ρ0
oaρ0, it
holds that ρis consistent with aplaying σiff ρ0is consistent
with aplaying σ. This is because for every i<nwe have
i(perfect recall), the next action taken by player
ais the same after ρ0
iand ρ0
i(definition of 0
oa), and σ
being an oa-strategy it is defined similarly on both prefixes.
In our setting, moves are not part of finite plays. To sim-
ulate the relation 0
oain which agent aremembers her own
actions, one can put inside the positions of game structures
the information of the last joint move played, possibly du-
plicating some positions. One then refines each observation
oato only consider two positions equivalent if they contain
the same move for player a. We then get a semantics where
each agent remembers her own actions which, if agents do
not change strategy or observation through time, is equiva-
lent to knowing her own strategy. Note that doing so, a sys-
tem can only be hierarchical if more informed players also
observe all actions of less informed ones.
In the general case, where players can change strategies
and observations, we do not know to what extent we can deal
with the variant of the uninformed semantics where players
know there own strategies. We leave this for future work.
In this paper we have discussed two possible semantics of
knowledge when combined with strategies, the informed
and uninformed one. Focusing on the latter, we introduced
ESL, a very expressive logic to reason about knowledge and
strategies in distributed systems which can handle sophisti-
cated epistemic variants of game-theoretic notions such as
Nash equilibria. In addition, it is the first logic of knowledge
and strategies that permits reasoning about agents whose
observation power may change. This is a very natural phe-
nomenon: one may think of a program that receives access
to previously hidden variables, or a robot that loses a sensor.
We solved the model-checking problem of our logic for
hierarchical instances. To do so, we introduced an extension
of QCTLwith epistemic operators and operators of obser-
vation change, and we developed an automata construction
based on tree automata and k-trees. This is the first decid-
ability result for a logic of strategies, knowledge and time
with perfect recall on systems with hierarchical information.
Besides, it is also the first result for epistemic strategic logics
that takes into account dynamic changes of observation.
Our result implies that distributed synthesis and rational
synthesis for epistemic temporal specifications and the un-
informed semantics of knowledge are decidable on hierar-
chical systems. Similar results for other solution concepts,
such as subgame-perfect equilibria or admissible strate-
gies (Brenguier et al. 2017), could be obtained similarly.
This project has received funding from the European
Union’s Horizon 2020 research and innovation programme
under the Marie Sklodowska-Curie grant agreement No
Alur, R.; Henzinger, T. A.; and Kupferman, O. 2002.
Alternating-time temporal logic. JACM 49(5):672–713.
ere, A.; Maubert, B.; Murano, A.; and Rubin, S. 2018.
Changing observations in epistemic temporal logic. arXiv.
Belardinelli, F.; Lomuscio, A.; Murano, A.; and Rubin, S.
2017a. Verification of broadcasting multi-agent systems
against an epistemic strategy logic. In IJCAI’17, 91–97.
Belardinelli, F.; Lomuscio, A.; Murano, A.; and Rubin, S.
2017b. Verification of multi-agent systems with imperfect
information and public actions. In AAMAS’17, 1268–1276.
Belardinelli, F. 2015. A logic of knowledge and strategies
with imperfect information. In LAMAS’15, 1–15.
Berthon, R.; Maubert, B.; Murano, A.; Rubin, S.; and Vardi,
M. Y. 2017. Strategy Logic with imperfect information. In
Bozzelli, L.; Maubert, B.; and Pinchinat, S. 2015. Uni-
form strategies, rational relations and jumping automata. Inf.
Comput. 242:80–107.
Brafman, R. I.; Latombe, J.-C.; Moses, Y.; and Shoham,
Y. 1997. Applications of a logic of knowledge to motion
planning under uncertainty. Journal of the ACM (JACM)
Brenguier, R.; Pauly, A.; Raskin, J.; and Sankur, O. 2017.
Admissibility in games with imperfect information (invited
talk). In CONCUR’17, 2:1–2:23.
ak, P.; Lomuscio, A.; Mogavero, F.; and Murano, A.
2014. MCMAS-SLK: A model checker for the verification
of strategy logic specifications. In CAV’14, 525–532.
Chatterjee, K.; Henzinger, T. A.; and Piterman, N. 2010.
Strategy Logic. Inf. Comput. 208(6):677–693.
Condurache, R.; Filiot, E.; Gentilini, R.; and Raskin, J.
2016. The complexity of rational synthesis. In ICALP’16,
Dima, C.; Enea, C.; and Guelev, D. P. 2010. Model-checking
an Alternating-time Temporal Logic with knowledge, im-
perfect information, perfect recall and communicating coali-
tions. EPTCS 25.
Emerson, E. A., and Sistla, A. P. 1984. Deciding branching
time logic. In STOC’84, 14–24.
Fagin, R.; Halpern, J. Y.; Moses, Y.; and Vardi, M. Y. 1995.
Reasoning about knowledge. MIT press Cambridge.
French, T. 2001. Decidability of quantifed propositional
branching time logics. In AJCAI’01, 165–176.
Halpern, J. Y., and Moses, Y. 1990. Knowledge and common
knowledge in a distributed environment. Journal of the ACM
(JACM) 37(3):549–587.
Halpern, J. Y., and O’Neill, K. R. 2005. Anonymity and
information hiding in multiagent systems. Journal of Com-
puter Security 13(3):483–512.
Huang, X., and Van Der Meyden, R. 2014. A temporal logic
of strategic knowledge. In KR.
Jamroga, W., and van der Hoek, W. 2004. Agents that know
how to play. Fundam. Inform. 63(2-3):185–219.
Knight, S., and Maubert, B. 2015. Dealing with imperfect
information in strategy logic. In SR.
Kupferman, O.; Madhusudan, P.; Thiagarajan, P. S.; and
Vardi, M. Y. 2000. Open systems in reactive environments:
Control and synthesis. In CONCUR’00, 92–107.
Kupferman, O.; Perelli, G.; and Vardi, M. Y. 2016. Syn-
thesis with rational environments. Ann. Math. Artif. Intell.
Kupferman, O. 1995. Augmenting branching temporal log-
ics with existential quantification over atomic propositions.
In CAV’95, 325–338.
Ladner, R. E., and Reif, J. H. 1986. The Logic of Distributed
Protocols. In TARK’86, 207–222.
Laroussinie, F., and Markey, N. 2014. Quantified CTL: ex-
pressiveness and complexity. LMCS 10(4).
Laroussinie, F., and Markey, N. 2015. Augmenting ATL
with strategy contexts. IC 245:98–123.
Mogavero, F.; Murano, A.; Perelli, G.; and Vardi, M. Y.
2014. Reasoning about strategies: On the model-checking
problem. TOCL 15(4):34:1–34:47.
Neiger, G., and Bazzi, R. 1992. Using knowledge to
optimally achieve coordination in distributed systems. In
TARK’92, 43–59.
Peterson, G. L., and Reif, J. H. 1979. Multiple-person alter-
nation. In SFCS’79, 348–363.
Pnueli, A., and Rosner, R. 1990. Distributed reactive sys-
tems are hard to synthesize. In FOCS’90, 746–757.
Puchala, B. 2010. Asynchronous omega-regular games with
partial information. In MFCS’10, 592–603.
Reif, J. H. 1984. The complexity of two-player games of
incomplete information. JCSS 29(2):274–301.
van der Hoek, W., and Wooldridge, M. 2003. Cooperation,
knowledge and time: Alternating-time Temporal Epistemic
Logic and its applications. Studia Logica 75(1):125–157.
van der Meyden, R., and Shilov, N. V. 1999. Model checking
knowledge and time in systems with perfect recall (extended
abstract). In FSTTCS, 432–445.
van der Meyden, R., and Su, K. 2004. Symbolic model
checking the knowledge of the dining cryptographers. In
CSFW’17, 280–291.
van der Meyden, R., and Vardi, M. Y. 1998. Synthesis from
knowledge-based specifications. In CONCUR’98. 34–49.
van der Meyden, R., and Wilke, T. 2005. Synthesis of dis-
tributed systems from knowledge-based specifications. In
CONCUR’05, 562–576.
van der Meyden, R. 1998. Common knowledge and update
in finite environments. Inf. Comput. 140(2):115–157.
... This enables the representation of game-theoretic concepts, such as Nash equilibria, that cannot be rendered by formalisms such as ATL, but are of high importance in MAS. Like ATL, SL has also been combined with epistemic concepts [12,13,14,15]. ...
... We remark that the operator K i defines a notion of knowledge based on truth in indistinguishable histories, a mainstream notion in knowledge representation and multiagent systems [38]. On the other hand, the epistemic and strategic dimensions of multiagent systems can be combined in many different ways (see [59,15] for some examples). Such an analysis is beyond the scope of the current contribution. ...
... Also, epistemic operators are important for describing how agent knowledge changes in rational distributed computing and rational verification scenarios like rational secret sharing. Although we can express agent knowledge using the derived epistemic operator K a (see Remark 2), in our framework an agent is not informed of its own strategy, i.e., what an agent can know is not constrained by any agent strategies; see [15] for a discussion about the relevance of informed semantics. That said, we view our framework as the first step towards even richer frameworks which include features such as probabilities and informedness. ...
Full-text available
Model checking multi-agent systems, in which agents are distributed and thus may have different observations of the world, against strategic behaviours is known to be a complex problem in a number of settings. There are traditionally two ways of ameliorating this complexity: imposing a hierarchy on the observations of the agents, or restricting agent actions so that they are observable by all agents. We study systems of the latter kind, since they are more suitable for modelling rational agents. In particular, we define multi-agent systems in which all actions are public and study the model checking problem of such systems against Strategy Logic with equality, a very rich strategic logic that can express relevant concepts such as Nash equilibria, Pareto optimality, and due to the novel addition of equality, also evolutionary stable strategies. The main result is that the corresponding model checking problem is decidable.
... However our results relate to the many aforementioned results for distributed synthesis in explicit game structures with either public actions or hierarchical information. Those dealing with epistemic temporal logic are the closest to ours and can be found in [34,25] for hierarchical information, and [39,40,6,4] for public actions. ...
... This semantics models situations in which agents do not know the strategies of agents Agt ∃ , and it is the one also used in [26] and in DEL epistemic planning [10,1,11,12], where the agents do not know which plan is being executed. This semantics is called uninformed semantics in [25], contrary to the informed one. See also [34,24] for more discussions on the matter. ...
... ◮ Remark 16. The results in [34,25] are established for games with a unique initial position, i.e. when V I is a singleton {v I }. However it is easy to see that distributed synthesis with multiple initial positions V I can be reduced to the case of a unique initial position: one only needs to add a fresh position v I that is used as initial position, from which one can attain all positions in V I , and only these. ...
Full-text available
Dynamic Epistemic Logic (DEL) is a logical framework in which one can describe in great detail how actions are perceived by the agents, and how they affect the world. DEL games were recently introduced as a way to define classes of games with imperfect information where the actions available to the players are described very precisely. This framework makes it possible to define easily, for instance, classes of games where players can only use public actions or public announcements. These games have been studied for reachability objectives, where the aim is to reach a situation satisfying some epistemic property expressed in epistemic logic; several (un)decidability results have been established. In this work we show that the decidability results obtained for reachability objectives extend to a much more general class of winning conditions, namely those expressible in the epistemic temporal logic LTLK. To do so we establish that the infinite game structures generated by DEL public actions are regular, and we describe how to obtain finite representations on which we rely to solve them.
... Our controller synthesis problem can be expressed in this logic, but not in the fragment that they solve, which cannot express reachability. On the other hand, several decidability results for logics for strategic and epistemic reasoning have been established recently [5,27], but they do not offer the fine modelling of actions possible in DEL. For instance they cannot easily model public announcements, which we show yield better complexity than those obtained in their settings. ...
... We now turn to decidable cases: games with imperfect information and epistemic objectives are known to be decidable either when actions are public [6], or when information is hierarchical [27]. We establish similar results in our setting. ...
Full-text available
We define reachability games based on Dynamic Epistemic Logic (DEL), where the players' actions are finely described as DEL action models. We first consider the setting where an external controller with perfect information interacts with an environment and aims at reaching some epistemic goal state regarding the passive agents of the system. We study the problem of strategy existence for the controller, which generalises the classic epistemic planning problem, and we solve it for several types of actions such as public announcements and public actions. We then consider a yet richer setting where agents themselves are players, whose strategies must be based on their observations. We establish several (un)decidability results for the problem of existence of a distributed strategy, depending on the type of actions the players can use, and relate them to results from the literature on multiplayer games with imperfect information.
... The first one [2] studies an imperfect-information extension of Strategy Logic [18] in which agents can change observation power when changing strategies, but the logic does not allow reasoning about knowledge. The second [17] extends the latter with knowledge operators, and solves the model-checking problem for a fragment related to the notion of hierarchical information [14,20,21]. In these two works, the focus is on strategic aspects. ...
... We showed that it can express natural properties that are not expressible without this operator, and provided some examples of applications of our logic. While in [17], changes of observation are bound to quantification on strategies, and the model-checking problem is undecidable, we showed that in the purely temporal epistemic setting, model checking is decidable, and known techniques can be extended to deal with observation change with no additional cost in complexity. ...
Conference Paper
Full-text available
We study dynamic changes of agents’ observational power in logics of knowledge and time. We consider CTLK*, the extension of CTL* with knowledge operators, and enrich it with a new operator that models a change in an agent’s way of observing the system. We extend the classic semantics of knowledge for agents with perfect recall to account for changes of observational power, and we show that this new operator increases the expressivity of CTLK*. We reduce the model-checking problem for our logic to that for CTLK*, which is known to be decidable. This provides a solution to the model-checking problem for our logic, but it is not optimal, and we provide a direct model-checking procedure with better complexity.
... Strategy Logic (SL) (Chatterjee, Henzinger, and Piterman 2010;Mogavero et al. 2014) was then proposed which, by treating strategies as first-order variables, can express complex game-theoretic concepts. SL has been extended to handle imperfect information and knowledge operators (Berthon et al. 2021;Belardinelli et al. 2020;Maubert and Murano 2018), but none of these logics can account for quantitative aspects. Recently, SL[F ] (Bouyer et al. 2019a) was introduced as a quantitative extension of SL. ...
Conference Paper
Full-text available
Mechanism Design aims at defining mechanisms that satisfy a predefined set of properties, and Auction Mechanisms are of foremost importance. Core properties of mechanisms, such as strategy-proofness or budget-balance, involve: (i) complex strategic concepts such as Nash equilibria, (ii) quantitative aspects such as utilities, and often (iii) imperfect information,with agents’ private valuations. We demonstrate that Strategy Logic provides a formal framework fit to model mechanisms, express such properties, and verify them. To do so, we consider a quantitative and epistemic variant of Strategy Logic. We first show how to express the implementation of social choice functions. Second, we show how fundamental mechanism properties can be expressed as logical formulas,and thus evaluated by model checking. Finally, we prove that model checking for this particular variant of Strategy Logic can be done in polynomial space.
... We use a variant of the reductions presented in (Laroussinie and Markey 2015;Fijalkow et al. 2018;Berthon et al. 2017;Maubert and Murano 2018;Bouyer et al. 2019), which transform instances of the model-checking problem for various strategic logics to (extensions of) QCTL * . ...
Conference Paper
Nondeterministic strategies are strategies (or protocols, or plans) that, given a history in a game, assign a set of possible actions, all of which are winning. An important problem is that of refining such strategies. For instance, given a nondeterministic strategy that allows only safe executions, refine it to, additionally, eventually reach a desired state of affairs. We show that strategic problems involving strategy refinement can be solved elegantly in the framework of Strategy Logic (SL), a very expressive logic to reason about strategic abilities. Specifically, we introduce an extension of SL with nondeterministic strategies and an operator expressing strategy refinement. We show that model checking this logic can be done at no additional computational cost with respect to standard SL, and can be used to solve a variety of problems such as synthesis of maximally permissive strategies or refinement of Nash equilibria.
... Finally, it is often interesting in presence of imperfect information to introduce epistemic operators to reason explicitely about what agents know. We already generalised the main result of this work to an extension of SL ii with such operators [59]; we would like to see if this can be used to reason about subgame-perfect equilibria in games with imperfect information, which do not seem to be easy to characterise in SL ii , as mentioned in Section 7.2.1. Indeed, in games with imperfect information, the notion of subgame specifies that the initial situation should be known to all players [76], a property that epistemic logics are meant to be able to express. ...
Full-text available
We introduce an extension of Strategy Logic for the imperfect-information setting, called SLii, and study its model-checking problem. As this logic naturally captures multi-player games with imperfect information, this problem is undecidable; but we introduce a syntactical class of "hierarchical instances" for which, intuitively, as one goes down the syntactic tree of the formula, strategy quantifications are concerned with finer observations of the model, and we prove that model-checking SLii restricted to hierarchical instances is decidable. To establish this result we go through QCTL, an intermediary, "low-level" logic much more adapted to automata techniques. QCTL is an extension of CTL with second-order quantification over atomic propositions. We extend it to the imperfect information setting by parameterising second-order quantifiers with observations. While the model-checking problem of QCTLii is, in general, undecidable, we identify a syntactic fragment of hierarchical formulas and prove, using an automata-theoretic approach, that it is decidable. We apply our result to solve complex strategic problems in the imperfect-information setting. We first show that the existence of Nash equilibria for deterministic strategies is decidable in games with hierarchical information. We also introduce distributed rational synthesis, a generalisation of rational synthesis to the imperfect-information setting. Because it can easily be expressed in our logic, our main result provides solution to this problem in the case of hierarchical information.
We introduce an extension of Strategy Logic for the imperfect-information setting, called SL ii and study its model-checking problem. As this logic naturally captures multi-player games with imperfect information, this problem is undecidable; but we introduce a syntactical class of “hierarchical instances” for which, intuitively, as one goes down the syntactic tree of the formula, strategy quantifications are concerned with finer observations of the model, and we prove that model-checking SL ii restricted to hierarchical instances is decidable. This result, because it allows for complex patterns of existential and universal quantification on strategies, greatly generalises the decidability of distributed synthesis for systems with hierarchical information. It allows us to easily derive new decidability results concerning strategic problems under imperfect information such as the existence of Nash equilibria or rational synthesis. To establish this result, we go through an intermediary, “low-level” logic much more adapted to automata techniques. QCTL * is an extension of CTL * with second-order quantification over atomic propositions that has been used to study strategic logics with perfect information. We extend it to the imperfect information setting by parameterising second-order quantifiers with observations. The simple syntax of the resulting logic, QCTL * ii , allows us to provide a conceptually neat reduction of SL ii to QCTL * ii that separates concerns, allowing one to forget about strategies and players and focus solely on second-order quantification. While the model-checking problem of QCTL * ii is, in general, undecidable, we identify a syntactic fragment of hierarchical formulas and prove, using an automata-theoretic approach, that it is decidable.
Full-text available
Alternating-time temporal logics (ATL/ATL*) represent a family of modal and temporal logics for reasoning about strategic abilities of agents in multiagent systems. These logics are usually interpreted over concurrent game structures (CGSs), and their interpretations may vary depending on the abilities of agents, such as perfect versus imperfect information, perfect versus imperfect recall. These different abilities lead to a variety of variants that have been studied extensively in literature. However, all of these variants are defined at the semantic level, which may restrict modeling flexibility, or even give counter-intuitive interpretations. For example, an agent may have different abilities when achieving two different goals on the same CGS. To mitigate these issues, in this paper we propose to extend CGSs with agents’ abilities, resulting in Abilities Augmented CGSs where concrete abilities can be defined at the syntactic level. We study ATL/ATL* over this new model. We give formal definitions of the new semantics and present modelchecking algorithms for ATL/ATL*. We also identify the computational complexity of ATL/ATL* model checking problem, i.e., △P3 -/2EXPTIME-complete. The model-checking algorithms are implemented in a prototype tool. Experimental results show the practical feasibility and effectiveness of our approach.
Conference Paper
Full-text available
We study a class of synchronous, perfect-recall multi-agent systemswith imperfect information and broadcasting (i.e., fully observableactions). We define an epistemic extension of strategy logic withincomplete information and the assumption of uniform and coherentstrategies. In this setting, we prove that the model checking problem,and thus rational synthesis, is decidable with non-elementarycomplexity. We exemplify the applicability of the framework on arational secret-sharing scenario.
Conference Paper
Full-text available
We analyse the verification problem for synchronous, perfect recall multi-agent systems with imperfect information against a specification language that includes strategic as well as epistemic operators. While the general problem is known to be undecidable we show that if the agents' actions are public then verification is decidable, and we establish that the computational complexity is 2EexpTime-complete. To illustrate the formal framework we consider two well-known epistemic and strategic puzzles with imperfect information and public actions: the muddy children puzzle and the classic game of battleships.
Full-text available
Synthesis is the automated construction of a system from its specification. The system has to satisfy its specification in all possible environments. The environment often consists of agents that have objectives of their own. Thus, it makes sense to soften the universal quantification on the behavior of the environment and take the objectives of its underlying agents into an account. Fisman et al. introduced rational synthesis: the problem of synthesis in the context of rational agents. The input to the problem consists of temporal logic formulas specifying the objectives of the system and the agents that constitute the environment, and a solution concept (e.g., Nash equilibrium). The output is a profile of strategies, for the system and the agents, such that the objective of the system is satisfied in the computation that is the outcome of the strategies, and the profile is stable according to the solution concept; that is, the agents that constitute the environment have no incentive to deviate from the strategies suggested to them. In this paper we continue to study rational synthesis. First, we suggest an alternative definition to rational synthesis, in which the agents are rational but not cooperative. We call such problem strong rational synthesis. In the strong rational synthesis setting, one cannot assume that the agents that constitute the environment take into account the strategies suggested to them. Accordingly, the output is a strategy for the system only, and the objective of the system has to be satisfied in all the compositions that are the outcome of a stable profile in which the system follows this strategy. We show that strong rational synthesis is 2ExpTime-complete, thus it is not more complex than traditional synthesis or rational synthesis. Second, we study a richer specification formalism, where the objectives of the system and the agents are not Boolean but quantitative. In this setting, the objective of the system and the agents is to maximize their outcome. The quantitative setting significantly extends the scope of rational synthesis, making the game-theoretic approach much more relevant. Finally, we enrich the setting to one that allows coalitions of agents that constitute the system or the environment.
Full-text available
A general concept of uniform strategies has recently been proposed as a relevant notion in game theory for computer science, which subsumes various notions from the literature. It relies on properties involving sets of plays in two-player turn-based arenas equipped with arbitrary binary relations between plays; these properties are expressed in a language based on with a quantifier over related plays. There are two semantics for our quantifier, a strict one and a full one, that we study separately. Regarding the strict semantics, the existence of a uniform strategy is undecidable for rational binary relations, but introducing jumping tree automata and restricting attention to recognizable relations allows us to establish a 2-Exptime-complete complexity – and still capture a class of two-player imperfect-information games with epistemic temporal objectives. Regarding the full semantics, relying on information set automata we establish that the existence of a uniform strategy is decidable for rational relations and we provide a nonelementary synthesis procedure. We also exhibit an essentially optimal subclass of rational relations for which the problem becomes 2-Exptime-complete. Considering rich classes of relations makes the theory of uniform strategies powerful: it directly entails various results in logics of knowledge and time, some of them already known, and others new.
Conference Paper
We introduce an extension of Strategy logic for the imperfect-information setting, called SL ii , and study its model-checking problem. As this logic naturally captures multi-player games with imperfect information, the problem turns out to be undecidable. We introduce a syntactical class of " hierarchical instances " for which, intuitively, as one goes down the syntactic tree of the formula, strategy quantifications are concerned with finer observations of the model. We prove that model-checking SL ii restricted to hierarchical instances is decidable. This result, because it allows for complex patterns of existential and universal quantification on strategies, greatly generalises previous ones, such as decidability of multi-player games with imperfect information and hierarchical observations, and decidability of distributed synthesis for hierarchical systems. To establish the decidability result, we introduce and study QCTL * ii , an extension of QCTL (itself an extension of CTL with second-order quantification over atomic propositions) by parameterising its quantifiers with observations. The simple syntax of QCTL * ii allows us to provide a conceptually neat reduction of SL ii to QCTL * ii that separates concerns, allowing one to forget about strategies and players and focus solely on second-order quantification. While the model-checking problem of QCTL * ii is, in general, undecidable, we identify a syntactic fragment of hierarchical formulas and prove, using an automata-theoretic approach, that it is decidable. The decidability result for SL ii follows since the reduction maps hierarchical instances of SL ii to hierarchical formulas of QCTL * ii .
Temporal logic comes in two varieties: linear-time temporal logic assumes implicit universal quantification over all paths that are generated by system moves; branching-time temporal logic allows explicit existential and universal quantification over all paths. We introduce a third, more general variety of temporal logic: alternating-time temporal logic offers selective quantification over those paths that are possible outcomes of games, such as the game in which the system and the environment alternate moves. While linear-time and branching-time logics are natural specification languages for closed systems, alternative-time logics are natural specification languages for open systems. For example, by preceding the temporal operator "eventually" with a selective path quantifier, we can specify that in the game between the system and the environment, the system has a strategy to reach a certain state. Also, the problems of receptiveness, realizability, and controllability can be formulated as model-checking problems for alternating-time formulas. Depending on whether we admit arbitrary nesting of selective path quantifiers and temporal operators, we obtain the two alternating-time temporal logics ATL and ATL*. We interpret the formulas of ATL and ATL* over alternating transition systems. While in ordinary transitory systems, each transition corresponds to a possible step of the system, in alternating transition systems, each transition corresponds to a possible move in the game between the system and the environment. Fair alternating transition systems can capture both synchronous and asynchronous compositions f open systems. For synchronous systems, the expressive power of ATL beyond CTL comes at no cost: the model-checking complexity of synchronous ATL is linear in the size of the system and the length of the formula. The symbolic model-checking algorithm for CTL extends with few modifications to synchronous ATL, and with some work, also to asynchronous to ATL, whose model-checking complexity is quadratic. This makes ATL an obvious candidate for the automatic verification of open systems. In the case of ATL*, the model-checking problem is closely related to the synthesis problem for linear-time formulas, and requires doubly exponential time for both synchronous and asynchronous systems.
We study the extension of the alternating-time temporal logic (ATL) with strategy contexts: contrary to the original semantics, in this semantics the strategy quantifiers do not reset the previously selected strategies.We show that our extension ATLsc is very expressive, but that its decision problems are quite hard: model checking is k-EXPTIME-complete when the formula has k nested strategy quantifiers; satisfiability is undecidable, but we prove that it is decidable when restricting to turn-based games. Our algorithms are obtained through a very convenient translation to QCTL (the computation-tree logic CTL extended with atomic quantification), which we show also applies to Strategy Logic, as well as when strategy quantification ranges over memoryless strategies.
While it was defined long ago, the extension of CTL with quantification over atomic propositions has never been studied extensively. Considering two different semantics (depending whether propositional quantification refers to the Kripke structure or to its unwinding tree), we study its expressiveness (showing in particular that QCTL coincides with Monadic Second-Order Logic for both semantics) and characterise the complexity of its model-checking and satisfiability problems, depending on the number of nested propositional quantifiers (showing that the structure semantics populates the polynomial hierarchy while the tree semantics populates the exponential hierarchy).
Conference Paper
A propositional logic of distributed protocols is introduced which includes both the logic of knowledge and temporal logic. Phenomena in distributed computing systems such as asynchronous time, incomplete knowledge by the computing agents in the system, and game-like behavior among the computing agents are all modeled in the logic. Two versions of the logic, the linear logic of protocols (LLP) and the tree logic of protocols (TLP) are investigated. The main result is that the set of valid formulas in LLP is undecidable.