ATL with Strategy Contexts: Expressiveness and Model Checking

Arnaud Da Costa, François Laroussinie, Nicolas Markey, Marc Herbstritt
2010 Foundations of Software Technology and Theoretical Computer Science  
We study the alternating-time temporal logics ATL and ATL extended with strategy contexts: these make agents commit to their strategies during the evaluation of formulas, contrary to plain ATL and ATL where strategy quantifiers reset previously selected strategies. We illustrate the important expressive power of strategy contexts by proving that they make the extended logics, namely ATL sc and ATL sc , equally expressive: any formula in ATL sc can be translated into an equivalent, linear-size
more » ... L sc formula. Despite the high expressiveness of these logics, we prove that their model-checking problems remain decidable by designing a treeautomata-based algorithm for model-checking ATL sc on the full class of n-player concurrent game structures. Digital Object Identifier 10.4230/LIPIcs.FSTTCS.2010.120 Introduction Temporal logics and model checking. Thirty years ago, temporal logics (LTL, CTL) have been proposed for specifying properties of reactive systems, with the aim of automatically checking that those properties hold for these systems [18, 10, 19]. This model-checking approach to formal verification has been widely studied, with powerful algorithms and implementations, and successfully applied in many situations. Alternating-time temporal logic (ATL). In the last ten years, temporal logics have been extended with the ability of specifying controllability properties of multi-agent systems: the evolution of a multi-agent system depends on the concurrent actions of several agents, and ATL extends CTL with strategy quantifiers [4]: it can express properties such as agent A has a strategy to keep the system in a set of safe states, whatever the other agents do. q B Figure 1 Example of a two-player turnbased game Nesting strategy quantifiers. Assume that, in the formula above, "safe states" are those from which agent B has a strategy to reach her goal state q B infinitely often, and consider the system depicted on Fig. 1 , where the circled states are controlled by player A (meaning that Player A selects the transition to be fired from those state) and the square state is controlled by player B. It is easily seen that this game contains no "safe state": after each visit to q B , Player A can decide to take the system to the rightmost state, from which q B is not reachable. It follows that Player A has no strategy to keep the system in safe states. Now, assume that Player A commits to always select the transition to the left, when the system is in the initial (double-circled) state. Then under this strategy, it suffices for 121 Player B to always go to q B when the system is in the square state in order to achieve her goal of visiting q B infinitely often. The difference with the previous case is that here, Player B takes advantage of Player A's strategy in order to achieve her goal. Both interpretations of our original property can make sense, depending on the context. However, the original semantics of ATL cannot capture the second interpretation: strategy quantifications in ATL "reset" previous strategies. While this is very convenient algorithmically (and makes ATL model-checking polynomial-time for some game models), it prevents ATL from expressing many interesting properties of games (especially non-zero-sum games). In [7], we introduced an alternative semantics for ATL, where strategy quantifiers store strategies in a context. Those strategies then apply for evaluating the whole subformula, until they are explicitly removed from the context or replaced with a new strategy. We demonstrated the high expressiveness of this new semantics by showing that it can express important requirements, e.g. existence of equilibria or dominating strategies. Our contribution. This work is a continuation of [7] . Our contribution in this paper is twofold: on the one hand, we prove that ATL sc is not more expressive than ATL sc : this is a theoretical argument witnessing the expressive power of strategy contexts; it complements the more practical arguments presented in [7] . On the other hand, we develop an algorithm for ATL sc model-checking, based on alternating tree automata. Our algorithm uses a novel encoding of strategies into the execution tree of the underlying concurrent game structures. This way, it is valid for the whole class of concurrent game structures and without restrictions on strategies, contrary to previously existing algorithms on related extensions of ATL. Related work. In the last three years, several approaches have been proposed to increase the expressiveness of ATL and ATL . Strategy logic [8, 9] extends LTL with first-order quantification over strategies. This allows for very expressive constructs: for instance, the property above would be written as This logic was only studied on two-player turn-based games in [8, 9] , where a nonelementary algorithm is given. The algorithm we propose in this paper could be adapted to handle strategy logic in multi-player concurrent games. QDµ [17] is a second-order extension of the propositional µ-calculus augmented with decision modalities. In terms of expressiveness, fixpoints allow for richer constructs than CTLor LTL-based approaches. Again, model-checking has been proved to be decidable, but only over the class of alternating transition systems (as defined in [3] ). Stochastic game logic [6] is an extension of ATL similar to ours, but in the stochastic case. It is proved undecidable in the general case, and decidable when strategy quantification is restricted to memoryless (randomized or deterministic) strategies. several other semantics of ATL, related to ours, are discussed in [1, 2] . A ∆ P 2 -algorithm is proposed there for a subclass of our logic (where strategies stored in the context are irrevocable and cannot be overwritten), but no proof of correctness is given. In [20], an NP algorithm is proposed for the same subclass, but where strategy quantification is restricted to memoryless strategies. By lack of space, some proofs are omitted in this paper, but they are detailed in [11] . F S T T C S 2 0 1 0 122 ATL with Strategy Contexts: Expressiveness and Model Checking 2 ATL with strategy contexts 2.1 Concurrent game structures. Concurrent game structures [4] are a multi-player extension of classical Kripke structures. Their definition is as follows: Definition 1. A Concurrent Game Structure (CGS for short) C is an 7-tuple Loc, Lab, δ, Agt, M, Mov, Edg where: Loc, Lab, δ is a finite Kripke structure, where Loc is the set of locations, Lab : Loc → 2 AP is a labelling function, and δ ⊆ Loc × Loc is the set of transitions; Agt = {A 1 , ..., A p } is a finite set of agents (or players); M is a finite, non-empty set of moves; Mov : Loc × Agt → P(M) {∅} defines the (finite) set of possible moves of each agent in each location. Edg : Loc × M Agt → δ is a transition table; with each location and each set of moves of the agents, it associates the resulting transition, which is required to depart from . The size |C| of a CGS C is |Loc| + |Edg|, where |Edg| is the size of the transition table 1 .
doi:10.4230/lipics.fsttcs.2010.120 dblp:conf/fsttcs/LopesLM10 fatcat:44u7cpu6ajhe7ftv6xqrqbavie