Bounded game-theoretic semantics for modal mu-calculus
Lauri Hella, Antti Kuusisto, Raine R\"onnholm

TL;DR
This paper introduces a bounded game-theoretic semantics for the modal mu-calculus that replaces parity games with finite-path evaluation games, simplifying analysis for infinite systems and enabling new applications.
Contribution
It presents a novel bounded GTS for the mu-calculus, avoiding infinite paths, and demonstrates its usefulness in model checking and formula size games.
Findings
Finite-path evaluation games replace parity games.
Application to model checking reduces complexity.
New variants of mu-calculus with PTime model checking.
Abstract
We introduce a new game-theoretic semantics (GTS) for the modal mu-calculus. Our so-called bounded GTS replaces parity games with alternative evaluation games where only finite paths arise; infinite paths are not needed even when the considered transition system is infinite. The novel games offer alternative approaches to various constructions in the framework of the mu-calculus. For example, they have already been successfully used as a basis for an approach leading to a natural formula size game for the logic. While our main focus is introducing the new GTS, we also consider some applications to demonstrate its uses. For example, we consider a natural model transformation procedure that reduces model checking games to checking a single, fixed formula in the constructed models, and we also use the GTS to identify new alternative variants of the mu-calculus with PTime model checking.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Bounded game-theoretic semantics for modal mu-calculus
Lauri Hella
Tampere University, Finland
Antti Kuusisto
University of Helsinki and Tampere University, Finland
Raine Rönnholm
Université Paris-Saclay, France
Abstract
We introduce a new game-theoretic semantics (GTS) for the modal mu-calculus. Our so-called bounded GTS replaces parity games with alternative evaluation games where only finite paths arise; infinite paths are not needed even when the considered transition system is infinite. The novel games offer alternative approaches to various constructions in the framework of the mu-calculus. For example, they have already been successfully used as a basis for an approach leading to a natural formula size game for the logic. While our main focus is introducing the new GTS, we also consider some applications to demonstrate its uses. For example, we consider a natural model transformation procedure that reduces model checking games to checking a single, fixed formula in the constructed models, and we also use the GTS to identify new alternative variants of the mu-calculus with PTime model checking.
1 Introduction
The modal -calculus [12] is a well-known formalism that plays a central role in, e.g., program verification. The standard semantics of the -calculus is based on fixed points, but the system has also a well-known game theoretic semantics () that makes use of parity games. The related games generally involve infinite plays, and the parity condition is used for determining the winner (see, e.g., [3] for further details and a general introduction to the -calclus).
The agenda and contributions of this article.
In this article we present an alternative game-theoretic semantics for the modal -calculus. Our so-called bounded is based on games that resemble the standard semantic games for the -calculus, but there is an extra feature that ensures that the plays within the novel framework always end after a finite number of rounds. Thereby only finite paths arise in related evaluation games even when investigating infinite transition systems. Thus there is no need to keep track of the parity condition, so in that sense the games we present in this article simplify the standard framework. Furthermore, they offer an alternative perspective on the -calculus, as we show that our semantics is equivalent to the standard one.
In the novel games, the evaluation of a fixed point formula begins by one of the players declaring an ordinal number; the verifying player declares ordinals for -formulae and the falsifying player for -formulae. The declared ordinal is then lowered as the game proceeds, and since ordinals are well-founded, the game will indeed end in finite time, i.e., after a finite number of game steps. In general, infinite ordinals are needed in the games, but finite ordinals suffice in finite models.
While the bounded provides a new perspective on the standard modal -calculus, our approach also leads naturally to a range of alternative semantic systems that are not equivalent to the standard semantics. Indeed, we divide the framework of bounded semantics into subsystems dubbed -bounded semantics for different ordinals . Here provides a strict upper limit for the ordinals that can be used during the game play. For each -bounded semantics, we define also a compositional semantics and prove the game-theoretic and compositional versions equivalent.
If only finite ordinals are allowed, meaning , we obtain the finitely bounded , which is an interesting system itself. While this semantics is equivalent to the standard case in finite models, the general expressive powers differ. Indeed, we will show that the -calculus under finitely bounded does not have the finite model property. As another interesting property, we observe that the set of validities of the -calculus under finitely bounded semantics is strictly contained in the set of standard validities.
We then introduce yet another class of variants of the bounded consisting of the systems of -bounded semantics. In the -bounded semantics, each and -formula is associated with an ordinal of its own, while in the -bounded semantics this scheme is relaxed and only two ordinals are used, one for all -formulae and another one for all -formulae. The particular ordinals fixed in the beginning of the game depend on the particular variant of -bounded semantics. We prove PTime-completeness of the model checking problem of a range of simple yet expressive systems of -semantics. The result concerns both data and combined complexity. In addition to semantic studies, we use to identify a canonical reduction of -calculus model checking instances to checking a single, uniform formula in the model obtained by the reduction.
Further motivation of the study.
While the formal results listed above are an important part of our study, the focus of our article is mainly on the conceptual development of the theory of the -calculus and related systems, not so much the more technical directions. While some of the technical results we obtain have straighforward and obvious implicit similarities to existing notions, such as finite approximants of fixed points, we believe the systematic, formal and conceptual study initiated in this article is justified.
Indeed, we believe the bounded in general can be a fruitful framework for various further developments. The setting provides an alternative perspective to parity games, replacing infinite plays with games based on finitely many rounds only, thereby leading to a conceptually interesting territory to be explored further. The fragments with PTime-model checking we identify serve as an example of the various possibilities. Furthermore, it is worth noting here, e.g., that the difference between the standard and bounded for the -calculus is analogous to the relationship between while-loops and for-loops; while-loops are iterated possibly infinitely long, whereas for-loops run for rounds, where can generally be an input to the loop. Finally, we argue that the new semantics can quite often make formulae easier to read.
Notes on related work.
There already exist several works where simple variants of the bounded semantics have been considered in the context of temporal logics with a significantly simpler recursion mechanisms than that of the -calculus. The papers [6], [9] consider a bounded semantics for the Alternating-time temporal logic , and [8], [5] extend the related study to the extension of . See also [7], [10]. Part of the original motivation behind the studies in [6], [9], [8], [5] (as well as the current article) relates to work with the direct aim of understanding variants and fragments of the general, expressively Turing-complete logic presented in [14]. It is also worth mentioning that the work in the present article has already been made essential use of in constructing a canonical formula size game for the -calculus in [11].
There is a whole range of earlier but closely related logical studies that make use of notions with similar intuitions to the ones behind the bounded semantics of this paper. Indeed, for logics with time bounds, see, e.g., the paper [1] on finitary fairness and the article [13] relating to promptness in Linear temporal logic . We also mention here the work related to bounded model checking, see, e.g., [2], [16] and [17]. Finally, the article [4] is one example of an early work that uses explicit ‘clocking’ of fixed point formulae in (a variant of) the -calculus, thereby involving some ideas that bear a similarity to some features used also in the present paper.
2 Preliminaries
2.1 Syntax
Let be a set of proposition symbols and a set of label symbols. Formulae of the modal -calculus are generated by the following grammar:
[TABLE]
where and .
Let be a formula of the -calculus. The set of nodes in the syntax tree of is denoted by . All of these nodes correspond to some subformula of , but the same subformula may have several occurrences in the syntax tree of , as for example in the case of . We always distinguish between different occurrences of the same subformula, and thus we always assume that the position in the syntax tree of is known for any given subformula of . We also use the following notation:
[TABLE]
2.2 Standard compositional semantics
A Kripke model is a tuple , where is a nonempty set, a binary relation over and a valuation for proposition symbols in . An assignment for maps labels to subsets of .
Definition 2.1**.**
Let be a Kripke model, . Let be a formula of the -calculus. Truth of in and under assignment , denoted by , is defined as in standard modal logic for , , , , , . The truth condition for label symbols is defined with respect to the assignment :
- •
iff .
To deal with and , we define an operator such that , where is the assignment that sends to and treats other label symbols the same way as . The operators are always monotone and thereby have least and greatest fixed points. The semantics for the operators and is as follows:
- •
iff is in the least fixed point of the operator .
- •
iff is in the greatest fixed point of the operator .
A label symbol is said to occur free in a formula if it occurs in but is not a subformula of any subformula of of the form or . A formula is called a sentence if it does not contain any free label symbols. Truth of a sentence is independent of assignments , so we may simply write instead of .
2.3 Alternating reachability
games
The alternating reachability game problem is defined as follows. The input to the problem is a finite pointed model , i.e., is Kripke model and a state in it. We assume the vocabulary of contains the proposition symbols and . The game is played by two players, and , starting from the state . In each round, one of the players moves (if possible) to some state that can be directly reached in one step from the current state via the accessibility relation; if holds in the current state, then moves, and otherwise moves. If the players reach a state where holds, then the game ends and wins. If a player cannot make the required move in some state (meaning the state is a dead end), then the game ends and that player loses and the other player wins. If the game does not end in a finite number of moves, then wins. The alternating reachability game problem yields the answer yes on the input iff has a winning strategy in the game.
It is clear the game can be played also on infinite models. We let denote the class of all positive instances of the alternating reachability game problem, including infinite models. The corresponding class of finite instances is . The following observation is well known.
Proposition 2.2**.**
Let be a Kripke model with one accessibility relation and propositional vocabulary . Let be a state in . Then we have iff where \chi:=\mu X\bigl{(}p_{B}\vee(q_{B}\wedge\Diamond X)\vee(\neg q_{B}\wedge\Box X)\bigr{)}.
3 Bounded game-theoretic semantics
Recall that the general idea of game-theoretic semantics () is that truth of a formula is checked in a model via playing a game where a proponent player (Eloise) attempts to show that holds in while an opponent player (Abelard) tries to establish the opposite—that is false. In this section we define a bounded game-theoretic semantics for the -calculus, or bounded . The semantics shares some features with a similar for the Alternating-time temporal logic () defined in [6] (see also [8]).
3.1 Bounded evaluation games
Let be a sentence of the -calculus and . The reference formula of , denoted , is the unique subformula of that binds . That is, is of the form or and there is no other operator or in the syntax tree on the path from to . Since is a sentence, every label symbol has a reference formula (and the reference formula is by definition unique for each label symbol).
Example 3.1**.**
Consider the sentence \varphi^{*}:=\nu X\Box\mu Y\bigl{(}\Diamond Y\vee(p\wedge X)\bigr{)}. Here we have and .
Definition 3.2**.**
Let be a model, , a sentence and an ordinal. We define the -bounded evaluation game as follows. The game has two players, Abelard and Eloise. The positions of the game are of the form , where , and is a clock mapping. We call the value the clock value of (for ).
The game begins from the initial position , where for every . The game is then played according to the following rules:
- •
In a position for some , Eloise wins the game if . Otherwise Abelard wins the game.
- •
In a position for some , Eloise wins the game if . Otherwise Abelard wins the game.
- •
In a position , Eloise selects whether the next position of the game is or .
- •
In a position , Abelard selects whether the next position of the game is or .
- •
In a position , Eloise selects some s.t. and the next position is . If there is no such , then Abelard wins the game.
- •
In a position , Abelard selects some s.t. and the next position is . If there is no such , then Eloise wins the game.
- •
In a position , Eloise chooses an ordinal . Then the game continues from the position . Here is the clock mapping that sends to and treats other formulae as .
- •
In a position , Abelard chooses an ordinal . Then the game continues from the position .
- •
Suppose that the game is in a position . Let .
Suppose that for some .
- –
If , then Abelard wins the game.
- –
Else, Eloise must select some , and the game continues from the position , where
,
- *
for all s.t. ,
- *
for all other . 2. 2.
Suppose that for some .
- –
If , then Eloise wins the game.
- –
Else, Abelard must select some , and the game continues from the position , where
,
- *
for all s.t. ,
- *
for all other .
The positions where one of the players wins the game are called ending positions. The execution of the rules related to a position of the game constitutes one round of the game. The number of rounds in a play of the game is called the length of the play. We call the ordinals clock values and the ordinal the clock value bound. (We note that only rounds with formulae of type , and affect clock values.)
Now, we observe that in , we have no need for assignments . A label symbol in is simply a marker that points to a node (that node being the formula ) in the syntax tree of the sentence . Hence label symbols are conceptually quite different in and compositional semantics. Indeed, the operators (respectively ) can be given a natural reading relating to self-reference. In the formula , the operator is naming the formula with the name . The atoms inside are, in turn, claiming that holds, i.e., referring back to the formula . The difference between and is that relates to verifying the formula while is associated with preventing the falsification of , i.e., defending . Therefore, if denotes a natural language reading of , then the natural language reading of states that “we can verify the claim named which asserts that ”. An analogous reading can be given to . This scheme of reading recursive formulae via self-reference is from [14], [15].
Example 3.3**.**
Consider the Kripke model , where we have , and .
:p$$p$$p$$p$$p……w_{0}$$w_{1}$$w_{2}$$w_{3}$$w_{4}
Recall the sentence from Example 3.1 and consider the evaluation game . In , Abelard first announces a clock value for and then makes a jump from the intial state (with a -move). Next Eloise announces some clock value for . Then she can, by repeated -moves, jump in the model (making a -move) and loop back to the formula ; each time she loops back, she needs to lower the value of . If Eloise at some point chooses the right disjunct, Abelard can either check if true in the current state or loop back to . In the latter case, the value of is lowered, but the value of is reset back to (allowing Eloise to choose a fresh value next time).
The game eventually ends when (1) the clock value of goes to zero, whence Abelard loses; when (2) the clock value of goes to zero, whence Eloise loses; or when (3) Abelard chooses the left conjunct, whence Eloise wins iff is true at the current state. We will return to this game in Example 3.7.
Proposition 3.4**.**
Let be a bounded evaluation game. Every play of ends in a finite number of rounds.
Proof.
For each positive integer , let denote the “canonical lexicographic order” of -tuples of ordinals. That is, iff there exists some such that and for all .
Consider a branch in the syntax tree of . Let be the -formulae occurring on this branch in this order (starting from the root). In each round of the game, each such sequence is associated with the -tuple of clock values (that are ordinals less or equal to ). It is easy to see that if and are clock mappings such that occurs later than in the game, then we have . Also, every time a transition from some label to the reference formula is made, there is at least one branch where the -tuple (for the relevant ) of clock values becomes strictly lowered (in relation to ). As ordinals are well-founded, it is clear that the game must end after finitely many rounds. ∎
Each evaluation game can naturally be associated with a game tree , where is the set of positions of and is the successor position relation. is formed by beginning from the initial position and adding transitions to all possible successor positions. This procedure is then repeated from the successor positions until an ending position is reached. In the game tree, the initial position is of course the root and ending positions are leafs. Complete branches correspond to possible plays of the game. Due to Proposition 3.4, the game tree of any bounded evaluation game is well-founded, i.e., it does not contain infinite branches. However, if the clock value bound is infinite, then the out-degree of some of the nodes of the game tree can be infinite.
3.2 Game-theoretic semantics
Definition 3.5**.**
Let be an evaluation game. A strategy for Eloise in is a partial mapping on the set of those positions of the game where Eloise needs to make a move such that: , , , and where is of the form . We say that Eloise plays according to if she makes all her choices according to and that is a winning strategy if Eloise always wins when playing according to .
Definition 3.6**.**
Let be a model, , a sentence and an ordinal. We define truth of in and according to -bounded game theoretic semantics, , as follows:
[TABLE]
Example 3.7**.**
Recall the game from Example 3.3. We define a strategy for Eloise as follows. After Abelard has made a transition to some state , Eloise chooses for the clock value of and jumps in the model until reaching again . She chooses the right disjunct at , whence she either wins (since ) or Abelard needs to lower the clock value of and the clock value of gets reset back to . Clearly this is a winning strategy Eloise and thus .
From the structure of the evaluation games for we find an interpretation for the meaning of : “we can infinitely repeat the process where first (1) an arbitrary transition is made, and then (2) we can reach a state where is true and the process can be continued from (1)”. Hence the clock value chosen for is intuitively a “commitment” on how many rounds at most it will take to reach a state where holds. The clock value for , on the other hand, is a “challenge” on how many times must be reached. Indeed, in models where can be reached only finitely many—say —times from the initial state, Abelard can win by choosing as the initial clock value for .
4 Bounded compositional semantics
In this section we define a compositinal semantics based on ordinal approximants of fixed point operators. Let be a Kripke model, an operator and an ordinal. We define the sets and recursively as follows:
[TABLE]
Definition 4.1**.**
Consider a model with a state and a related assignment . We obtain -bounded compositional semantics for the -calculus by defining truth of , , , , , and recursively as in the standard compositional semantics and treating the and -operators as follows:
- •
iff ,
- •
iff ,
where the operator is defined such that
[TABLE]
The semantics of the and -operators can be equivalently given as follows:
- •
iff there exists some s.t. .
- •
iff for every .
If is a limit ordinal, we can replace the superscripts above by .
We say that a formula is in normal form if each label symbol in occurs in the formula at most once in the --operators (but may occur several times on the atomic level). We let denote a normal form variant of obtained simply by renaming label symbols where appropriate. It is easy to show that is equivalent to with respect to both -bounded compositional semantics () and -bounded (). Therefore, when proving the equivalence of these two semantics, it suffices that we consider sentences that are in normal form. Indeed, henceforth we assume that all formulae are in this normal form.
Theorem 4.2**.**
Let be an ordinal, a Kripke model, and a sentence of the -calculus. Now we have
[TABLE]
Proof.
(Sketch.) We present here a proof sketch highlighting the main ideas. For a fully detailed proof, see the appendix. The key in both directions of the proof is the following condition which is a property satisfied/unsatisfied by positions in the evaluation game :
- ()
There is an assignment such that , and for each :
if and , 2. 2.
if and .
Note that this condition essentially relates the clock values of bounded to -approximants in the bounded compositional semantics.
Proving the left to right implication, we first note that holds in the initial position of by the assumption . Then we show that whenever holds for the current position, Eloise either wins the game in the current position or she can maintain to the next position. By maintaining , we obtain a winning strategy since ends in a finite number of rounds.
For the other direction of the equivalence, we suppose that Eloise has a winning strategy in . Since the game tree of is well-founded, we can use well-founded (backwards) induction on the positions in the tree to prove that: if a in can be reached with , then () holds for . Hence, in particular, holds in the initial position of and thus . ∎
Let be a model. It is well-known that over , each operator related to a formula of the -calculus reaches a fixed point in at most iterations, where is the successor cardinal of . Thus it is easy to see that the standard compositional semantics and -bounded compositional semantics are equivalent in . Hence obtain the following corollary:
Corollary 4.3**.**
-bounded is equivalent with the standard compositional semantics of the -calculus when .
Also note that, in the special case of finite models, it suffices to use finite clock values that are at most the cardinality of the model.
5 Finitely bounded semantics
As stated in Corollary 4.3, the bounded semantics becomes equivalent with the standard (unbounded) semantics if we set a sufficiently large clock value bound . However, using smaller values of , we obtain different semantic systems typically nonequivalent to the standard semantics. We can either set some fixed bound for or use a value that is determined by some parameters—such as the size of the given model and the given formula. In this section we consider the former case; systems relating to the latter case is examined in Section 6.
A particularly interesting case with a fixed value of is the so-called finitely bounded semantics where we set for all evaluation games. In the corresponding , the players can only announce finite clock values.111Note that the correspondence to for-loops is particularly natural with finitely bounded semantics: iterations can be done up to any finite bound that has to be declared in advance. Finitely bounded semantics will be denoted by which refers to both game-theoretic and compositional semantics with . In finite models, is equivalent to the standard semantics, but this equivalence breaks over infinite models; see Example 5.1 below.
In the example and proofs that follow, we will consider the sentence
[TABLE]
which intuitively means that on every path, can be reached eventually. Note that corresponds to the sentence of Computation tree logic .
Example 5.1**.**
Recall the model from Example 3.3. Let be the model that is otherwise identical to , but . Since the state is eventually reached on every path starting from , it is easy to see that . However, since from there is no finite upper bound on how many transitions are needed to reach . Indeed, Abelard has a winning strategy in since he can win by choosing a transition to for any clock value for —chosen by Eloise.
It is worth noting that since if Eloise can choose as the initial clock value for and then lower it to after Abelard has made a transition to a state . Moreover, we also have since Eloise will know how many transitions it takes to reach as Abelard has to make the first transition before Eloise must announce a clock value.
In the proofs that follow, we will use negations and implications of -calculus formulae. Such formulae are in general not included in our official syntax (in the current paper), but it is straightforward to show that they can be translated to equivalent formulae in negation normal form.
It is well known that, with standard semantics, the -calculus has the finite model property, i.e., every satisfiable sentence is satisfied in some finite model (see, e.g., [3]). However, with this property is lost.
Proposition 5.2**.**
Modal -calculus with finitely bounded semantics does not have the finite model property.
Proof.
It is easy to see that is valid with the standard semantics (this follows from the “fixpoint property” of ). Therefore is not satisfiable with the standard semantics. As the standard semantics is equivalent to in finite models, cannot be satisfied under in any finite model. However, is satisfiable with in an infinite model—as demonstrated in Example 5.1. ∎
Moreover, has the following interesting connection to the standard semantics in relation to valid sentences.
Proposition 5.3**.**
The set of validities of the -calculus with finitely bounded semantics is strictly included in the set of validities with the standard semantics.
Proof.
For proving the inclusion, let be a sentence valid under . Then, in particular, cannot be satisfied under in any finite model. Since the standard semantics and are equivalent in finite models, it follows that is not satisfied by the standard semantics in any finite model. Due to the finite model property of the standard semantics, is not satisfied by any model and thus is valid. The inclusion is strict as is valid with the standard semantics but not with (cf. proof of Proposition 5.2). ∎
We showed in [7], [10] that the claims of Propositions 5.2, 5.3 hold also for the defined for and . There we also developed a tableau method for showing that the validity problem of and with is decidable and has the same complexity (ExpTime) as with the standard semantics.
6 Variants with PTime model checking
The bounded leads naturally to semantic variants of the -calculus that can quite directly be shown to have PTime complete model checking. The main point is to make use of the intimate relationship between alternating Turing machines and semantic games. The novel systems of semantics we consider resemble the -bounded semantics but utilize a simplified way to control how many times and -formulae can be repeated in semantic games.
To present the alternative semantic systems in detail, let be a map that takes as input a model , a point in the domain of and a sentence , outputting an ordinal. We assume that if is an isomorphism from to , then .222We note that is too large to be a set, but this is unproblematic to our study. The function gives rise to the simple -bounded defined as follows.
Definition 6.1**.**
Let be a Kripke-model, and a sentence of the -calculus. The simple -bounded evaluation game is played the same way as the -bounded evaluation game , but with the following differences on the way the number of remaining rounds is determined:
- •
Eloise is controlling an ordinal and Abelard an ordinal . In the beginning of the game, these ordinals are set to be equal to .
- •
Every time a transition is made from some label symbol to the reference formula , Eloise must lower the current value of . Similarly, when a transition is made from to the reference formula , then Abelard must lower . (Note that the values of and are never increased.)
If and we enter a position where Eloise should lower , then Eloise loses the game, and similarly, if and we enter a position where Abelard should lower , Abelard loses. In positions and where is a proposition symbol, winning and losing is defined in the same way as in -bounded games. We define truth of in at according to the simple -bounded semantics such that iff Eloise has a winning strategy in the game of the simple -bounded semantics.
Henceforth we mostly talk about -bounded semantics instead of simple -bounded semantics to keep the presentation simpler.
The naturalness and the general properties of -bounded semantics of course depend heavily on the choice of . One of the simpler choices is to define f\bigl{(}\mathcal{M},w,\varphi\bigr{)}=\mathsf{card}(\mathcal{M})\cdot|\varphi| where is the length of , i.e., the number of symbol occurrences.333Each proposition symbol and label counts as one despite the possible subindices used. This semantics has the natural property that in the finite, if the players always lower their ordinal by the minimum amount , then, if the game ends due or being zero, then some state-subformula pair must have been repeated. Furthermore, we can now prove the following result.
Proposition 6.2**.**
The -calculus model checking problem is PTime-complete under simple -bounded semantics with .
Proof.
To establish the upper bound, we define a Turing machine running in alternating logarithmic space that directly simulates the model checking game (i.e., the semantic evaluation game) with any input . The game positions where Eloise makes a move correspond to existential machine states while Abelard’s positions correspond to universal states. We need some kind of a pointer indicating the current world of the Kripke structure and another pointer for the current subformula (i.e., node in the syntax tree). Furthermore, we keep binary representations of and in the memory. These binary strings are necessarily logarithmic in the input due to the choice of . Thus it is easy to see how the required alternating Turing machine is constructed.
We obtain the lower bound via the alternating reachability game. Recall Proposition 2.2 and the formula there. We will show that, as in standard semantics, defines the winning set of the alternating reachability game also under our -bounded semantics, i.e., is true in at under our semantics iff the player has a winning strategy in the corresponding alternating reachability game. Indeed, it is easy to show that when has a winning strategy in an alternating reachability game, she can ensure a win so that no state of the game is visited more than once. Thus our choice of for the -bounded semantics guarantees Eloise has a winning strategy in the corresponding the semantic game. And if Eloise has a winning strategy in a semantic game , then clearly wins the corresponding alternating reachability game. Thus, already with the fixed input formula , model checking is PTime-hard. ∎
It is worth noting here that in fact all the systems with (for different positive integers ) have PTime-complete model checking: the proof of Proposition 6.2 goes through with trivial modifications.
The -bounded semantics with is obviously very different in spirit from the standard semantics, and the -bounded semantics itself changes as we modify . Also, several further variants of the semantics immediately suggest themselves, for example the possibility of setting different limits for Eloise and Abelard, including the possibility of no limit at all. Also, letting different occurrences of and -formulae be associated with different clocks similarly to the standard semantics, but without resetting the clocks, is one of many possible interesting scenarios.
Concerning the case where we do not set clocks at all but allow the players to play indefinitely long, winning occurs only when an atomic position with a literal (e.g., or ) is reached. Thus the games are not determined, i.e., it is possible that neither player has a winning strategy (consider, e.g., the formula ). This free semantics for modal logic results in a system that is essentially directly a fragment of the general, Turing-complete logic of [14]. On the other hand, the different ‘clocking scenarios’ described above (and further variants thereof) can be naturally imposed on , and it would indeed make sense to study related phenomena in that framework.
7 Reducing model checking to
alternating
reachability
In this section we study model checking of the -calculus for fixed sentences.444The complexities of the related problems are commonly referred to as data complexity as opposed to the combined complexity of the standard problem where the sentence is not fixed. We investigate model checking separately with respect to the standard semantics and with respect to -bounded semantics, and furthermore, we do not in general limit to finite models only. Given a sentence of the -calculus, we use the following notation for the corresponding model checking problems:
- •
, and
- •
.
Furthermore, we denote the restrictions of these classes to finite Kripke models by and , respectively. Recalling the relevant notations from Section 2.3, including the formula , we note, in particular, that and .
We will now define natural and easily computable model transformations and such that for any Kripke model , state and ordinal we have
- (1)
, and
- (2)
.
Now, the same equivalences also hold for the finite restrictions , and of the classes, since and preserve finiteness. Thus, checking the truth of an arbitrary sentence of the -calculus can be reduced via to checking the truth of the simple alternation free sentence , and this holds both in the general and in the finite case. This result is similar to the “Measured Collapse Theorem” in [4], which also states that checking the truth of any sentence of the -calculus can be reduced to checking the truth of an alternation free sentence . However, the result of [4] is not a reduction to for a fixed sentence ; the sentence is actually a translation of to a different logic, called -calculus, whose semantics is based on an additional domain of tuples that can be related to our clock values.
Recall that the game tree of an evaluation game is the tree , where is the set of positions of , and is the successor position relation. We consider the following Kripke model that is obtained from by adding proposition symbols encoding winning end positions of Eloise and positions in which it is Eloise’s turn to move: , where is the valuation
- •
,
- •
V_{\mathcal{G}}(q_{B})=\{(v,\psi,c)\in P_{\mathcal{G}}\mid\psi\text{ is of the form }\theta\lor\eta,\,\Diamond\theta,\,\mu X\theta,\text{ or X with} \operatorname{Rf}(\psi)=\mu X\theta,\text{ or \psi is a literal and }\mathcal{M},v\nvDash\psi\}.
Let be the initial position of . Observe now that, letting Eloise play in the role of and Abelard in the role of , the alternating reachability game on the Kripke-model with starting state is essentially identical with the game : the positions and the rules for moves are the same, and the winning conditions are equivalent.555For example, in a position with a literal such that , loses the alternating reachability game since does not have any -successors. Thus, defining , and using Theorem 4.2, we obtain the first equivalence (1).
The other transformation can now be defined as follows: we let . Denote below. By Corollary 4.3 and (1) we have
[TABLE]
whence (2) holds. Furthermore, since is finite whenever the Kripke model in is finite, and are also reductions from and to of very low complexity.666In fact, assuming that is given as an ordered structure, a bisimilar copy of is definable in the input structure by quantifier free first-order formulas.
It should be noted that the existence of LogSpace-computable reductions from these model checking problems to follows directly from the well-known fact that alternating reachability is a PTime-complete problem. However, the main point here is that our reductions and arise in a natural and straightforward way from the bounded evaluation game, and moreover, they work on infinite Kripke models as well as on finite ones.
8 Conclusion and future directions
Our study has focused on conceptual developments relating to the -calculus, the main result being the new and its variants. There are many relevant future research directions; we mention only a few due to lack of space. Firstly, it would be interesting to understand new clocking patterns in general, in addition to the finitely bounded, the -bounded and the free semantics discussed above. These investigations could naturally be pushed to involve more general logics beyond modal logic, possibly containing, e.g., operators that modify the underlying models, and thereby directly linking to the research on the general logical framework of [14] and the research program of [14] and [15].
More concretely, pinpointing the complexity of the satisfiability problem of the -calculus under finitely bounded remains to be done. Also, it would be interesting to investigate whether the scheme of using tuples of ordinals for defining our bounded can be modified to work with single ordinals in a natural way. Finally, using ordinals to reduce arbitrary game arenas to well-founded trees is in general an interesting research direction. Relating to this and the work in Section 7, it would be particularly interesting to better understand reductions of general games to (well-founded) alternating reachability games.
Appendix
Proof.
(Theorem 4.2) Suppose first that . We shall formulate such a strategy for Eloise in the evaluation game that the following condition—called condition () below—holds in every position of the game:
- ()
There is an assignment such that , and for each :
if and , 2. 2.
if and .
Note that since we assumed to be in normal form, all different occurrences of a label symbol in have the same reference formula. Therefore, in the condition (), the values of each are uniquely defined. The values of label symbols may be arbitrary.
We then show how Eloise can maintain the condition () working inductively from the initial position of the game towards ending positions. We first observe that the condition () holds trivially in the initial position since and is a sentence. We then establish that in every position of the game: if () holds for , then Eloise either wins the game or she can maintain this condition to the next position of the game.
Suppose the game is in a position or . If the position is , then by the inductive hypothesis, there is some such that and thus . Hence Eloise wins the game. The case for the position is analogous.
Suppose the game is in . By the inductive hypothesis, there is some assignment such that , i.e., or . If the former holds, then Eloise can choose the next position to be , and if the latter holds, Eloise can choose the next position to be . In both cases () holds in the next position of the game.
Suppose that the game is in . By the inductive hypothesis, there is some such that , i.e., and . Thus () holds in both positions and . Hence () holds in the next position of the game regardless of the choice of Abelard.
Suppose that the game is in . By the inductive hypothesis, there is some such that , i.e., there exists some s.t. and . Now Eloise can choose the next position to be , and the condition () holds there.
Suppose that the game is in . By the inductive hypothesis, there is some such that , i.e., for every such that . If there is no such that , then Eloise wins the game. Else () holds in every possible next position regardless of the choice of Abelard.
Suppose that the game is in . By the inductive hypothesis, there is some such that . Therefore there exists some ordinal such that . Let , whence we have , i.e., . Let , whence and for all . Now Eloise can choose as the clock value of , and therefore the condition () holds in the next position of the game.
Suppose that the game is in . By the inductive hypothesis, there is some such that . Therefore for every . Let be the clock value of chosen by Abelard, and let . Now , i.e., . Let , whence and for all . Hence () holds in the next position .
Suppose that the game is in . We consider two cases, (i) and (ii).
(i) Suppose first that and . By the inductive hypothesis, there is some such that and . Hence , and thus the clock value cannot be [math]. Suppose first that is a successor ordinal. Let , whence we have , i.e., . Let , whence and for all . Now Eloise can lower the clock value of from to , whence () holds in the next position . Suppose then that is a limit ordinal. Now , and thus there is some s.t. . Let , whence . Thus Eloise can lower the clock value of from to , and then () holds in the next position of the game by the same reasoning as above.
(ii) Suppose then that and . By the inductive hypothesis, there is some such that and , and therefore . If , then Eloise wins the evaluation game. Suppose then that and let be the time limit chosen by Abelard. Suppose first that the time limit is a successor ordinal. Since and is monotone, we have . Let , whence , and thus . Let , whence , and thus () holds in the next position of the game. Suppose then that is a limit ordinal, whence . Now , and thus, in particular, . Let , whence , and thus () holds in the next position by the same reasoning as above.
We have shown that Eloise can maintain the condition () at every position until reaching a position where she wins the game. By Proposition 3.4 the game in guaranteed to end in a finite number of rounds, and thus Eloise will eventually win the game by maintaining the condition (). Hence Eloise has a winning strategy in , i.e. .
We then consider the converse implication of the theorem. Suppose that , i.e., Eloise has a winning strategy in . We next prove by well-founded induction777Note that, by Proposition 3.4, the game tree of is well-founded. on the game tree of that the following claim holds for every position in :
[TABLE]
It will then follow, in particular, that () holds in the initial position of the game and thus we have .
We make the inductive hypothesis that the implication above holds for every position that can occur after the position in the evaluation game (that is, there is a path from the node to the node in ). Then we prove the implication above for the position .
Suppose that a position or can be reached with . Suppose first that can be reached with . Since is a winning strategy, we must have . Now for any assignment and thus the condition () holds for . The case for the position is analogous.
Suppose that can be reached with . Let , where , be the next position which is chosen according to . By the inductive hypothesis, there is such that . Therefore and thus () holds for .
Suppose that can be reached with . Now Abelard can choose the next position of the game to be either or . Since both of these positions can be reached with , by the inductive hypothesis, there is such that and there is such that . By the condition (), must have the same values as for all label symbols occurring in , and thus . Hence and thus () holds for .
Suppose that can be reached with Eloise’s strategy. Let , where s.t. , be the next position that is chosen according to . By the inductive hypothesis, there is some such that . Therefore , and thus () holds for .
Suppose that can be reached with . If there is no such that , then for any any assignment and thus the condition () holds for . Suppose then that there is some such that . Now Abelard can choose the next position of the game to be for any s.t. . Since all of these positions can be reached with , we observe by the inductive hypothesis that for every s.t. , there is some such that . Define . Since all the assignments have the same values for the label symbols of occurring in , we have for all such that . Therefore and thus () holds for .
Suppose that can be reached with . Let the clock value that is chosen by , whence the next position of the game is . By the inductive hypothesis, there is some such that and . Hence it holds that , and thus . The assignment satisfies the requirements of () for the position . Thus the condition () holds for .
Suppose that can be reached with . Since Abelard may choose any as the clock value, the next position of the game can be for any . All of these positions can be reached with . Hence, by the inductive hypothesis, for every , there is some such that and . Note that all the assignments (for different values ) agree on all other label symbols in except . Define and let . Now . Since this holds for any , we have . The assignment satisfies the requirements of () and thus the condition () holds for .
Suppose that can be reached with .
(i) Suppose first that and . Since is a winning strategy for Eloise, we must have . Let be the clock value chosen according to , whence the next position of the game is where . Therefore we observe by the inductive hypothesis that there is a suitable such that and . Suppose first that the time limit is a successor ordinal. Let , whence . Since , we have . As , we have . Thus . Let , whence and thus . Now and for all . Therefore () holds for . Suppose then that is a limit ordinal. Let , whence we have . Since and is a limit ordinal, . As , we have and thus . Let now , whence () holds for by similar reasoning as above.
(ii) Suppose then that and . Suppose first that , and let be an assignment whose values satisfy the requirements of () with respect to the values of . Now, in particular, and thus trivially . Hence the condition () holds for . Suppose then that . Abelard may now choose any , whence the next position of the game is , where . All such positions can be reached with . Hence, by the inductive hypothesis, for every , there is a suitable such that and . Suppose first that is a successor ordinal. Let , whence and . Let . As , we have . Let , whence and thus . Now and for all . Therefore () holds for . Suppose then that is a limit ordinal. Let be the assignment corresponding to Abelard’s choice . Let , whence . For the sake of proving that , let . Now there is some suitable such that and . Note that and agree on all other label symbols occurring in except . As , it holds that . Since this holds for every , we have . Let now , whence () holds for by similar reasoning as above. ∎
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] Rajeev Alur and Thomas A. Henzinger. Finitary fairness. ACM Trans. Program. Lang. Syst. , 20(6):1171–1194, 1998.
- 2[2] Armin Biere, Alessandro Cimatti, Edmund M. Clarke, and Yunshan Zhu. Symbolic model checking without BD Ds. In Rance Cleaveland, editor, Tools and Algorithms for Construction and Analysis of Systems, 5th International Conference, TACAS ’99, Proceedings , volume 1579 of Lecture Notes in Computer Science , pages 193–207. Springer, 1999.
- 3[3] Julian Bradfield and Colin Stirling. Modal mu-calculi , pages 721–756. Elsevier, 2007.
- 4[4] Doron Bustan, Orna Kupferman, and Moshe Y. Vardi. A measured collapse of the modal μ 𝜇 \mathrm{\mu} -calculus alternation hierarchy. In Volker Diekert and Michel Habib, editors, STACS 2004, 21st Annual Symposium on Theoretical Aspects of Computer Science, Proceedings , volume 2996 of Lecture Notes in Computer Science , pages 522–533. Springer, 2004.
- 5[5] Valentin Goranko, Antti Kuusisto, and Raine Rönnholm. Game-theoretic semantics for ATL+ with applications to model checking. to appear in Information and Computation .
- 6[6] Valentin Goranko, Antti Kuusisto, and Raine Rönnholm. Game-theoretic semantics for alternating-time temporal logic. In Proceedings of the 2016 International Conference on Autonomous Agents & Multiagent Systems, AAMAS , pages 671–679, 2016.
- 7[7] Valentin Goranko, Antti Kuusisto, and Raine Rönnholm. CTL with finitely bounded semantics. In Sven Schewe, Thomas Schneider, and Jef Wijsen, editors, 24th International Symposium on Temporal Representation and Reasoning, TIME , volume 90 of LIP Ics , pages 14:1–14:19. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2017.
- 8[8] Valentin Goranko, Antti Kuusisto, and Raine Rönnholm. Game-theoretic semantics for ATL+ with applications to model checking. In Proceedings of the 16th Conference on Autonomous Agents and Multi Agent Systems, AAMAS , pages 1277–1285, 2017.
