Nikolay Shilov. CSEDays 3

Update and Abstraction in Model Checking of

Knowledge and Branching Time

N.V.Shilov, N.O.Garanina

IntroductionCombinations of traditional

program logics with logics of knowledge for reasoning about multiagent systems.

The model checking problem in perfect recall trace-based environments for pairwise fusion of the logics:

Introduction

Program logics Elementary Propositional Dynamic Logic (EPDL) Computation Tree Logic with actions (Act-CTL) The propositional µ-Calculus (µC)with epistemic logics Propositional Logic of Knowledge (PLK) Propositional Logic of Common Knowledge (PLC)

Introduction

This model checking problem is PSPACE-complete for EPDL-C, is non-elementary decidable for Act-CTL-K, is undecidable for Act-CTL-C,

µPLK and µPLC.

IntroductionUpdate+abstraction algorithm for model checking Act-CTL-K in perfect recall synchronous settings.

Parameters of algorithm complexity: number of agents, number of states, knowledge depth, formula size.

IntroductionWe define: the knowledge depth for formulas of

Act-CTL-Kn, sublogics Act-CTL-Kk

n with a bounded knowledge depth k ≥ 0,

k-trees, knowledge update function Gk

a on k-trees for every action a.

Introduction

We suggest: an algorithm that transforms

Act-CTL-Kkn into Act+n-CTL,

k-trees + update functions → finite Kripke structure ↔ original perfect recall environment,

the resulting model checking algorithm solves Act+n-CTL on k-trees.

Background Logics

Syntax: true, false — Boolean constants, Prp — propositional variables, Rlt — relational symbols, ¬, ∧, ∨ and some modalities.

Background Logics

Kripke structure is a triple (DM,IM,VM), where

the domain DM — a nonempty set of possible worlds,

the interpretation IM: Rlt 2DM×DM, the valuation VM: Prp DM.

Background LogicsSemantics: w=Mtrue and w=Mfalse, w=M p iff w∈VM(p) for p∈Prop, w=M ¬ϕ iff w=M ϕ, w=M ϕ ∧ ψ iff w=M ϕ and w=M ψ, w=M ϕ ∨ ψ iff w=M ϕ or w=M ψ, definition of modalities is specific.

Background LogicsPropositional Logic of Knowledge PLK: Alphabet of relational symbols — [1..n]. Syntax:

Ki ϕ and Si ϕ, i ∈[1..n] and ϕ — a formula. Interpretation IM(i) is an equivalence. (DM, ∼,… ∼, VM) with IM(i) = ∼.

1 n i

Background LogicsSemantics: w=MSi ϕ iff

for some w’: w ∼ w’ and w’=M ϕ, w=MKi ϕ iff

for every w’: w ∼ w’ implies w’=M ϕ.

i

i

Background LogicsComputational Tree Logic with Actions Act-CTL: Alphabet of relational symbols —

action symbols Act. Syntax: AXaϕ, EXaϕ, AGaϕ, AFaϕ, EGaϕ, EFaϕ,

AϕUaψ, and EϕUaψ. a-trace — (w1 ... wj wj+1 ...)

with (wj,wj+1)∈IM(a) for every j. a-run — a maximal a-trace.

Background LogicsSemantics: w=M AXaϕ iff ws2=Mϕ for every a-run

ws ∈DM* with ws1=w, w=MAGa ϕ iff wsj=M ϕ for every a-run

ws ∈DM* with ws1=w and every 1≤j≤|ws|, w=MAFa ϕ iff wsj=M ϕ for every a-run

ws ∈DM* with ws1=w and some 1≤j≤|ws|,

Background LogicsSemantics: w=MA(ϕ Ua ψ) iff wsj=M ϕ and wsk=M ψ

for every a-run ws ∈DM* with ws1=w, for some 1≤k≤|ws| and every 1≤j<k.

Combining Knowledge and Branching Time

Computational Tree Logic with Actions and Knowledge Act-CTL-Kn:

[1..n] — set of agents (n > 0), Act — action symbols. Syntax:

— true (false), Prp, ¬, ∧, ∨, — knowledge modalities Ki and Si for i ∈ [1..n], — branching-time constructs for a ∈Act

AXa, EXa, AGa, AFa, EGa, EFa, AUa, EUa.

Combining Knowledge and Branching Time An environment is a tuple

E =(D, ∼, … ∼, I, V) with(D, ∼, … ∼, V) — a model for PLKn and(D, I, V) — a model for Act-CTL.

E (ϕ) = { w | w= ϕ}.

1 n1 n

Combining Knowledge and Branching TimeA trace-based Perfect Recall Synchronous

environmentPRS(E) = (DPRS, ∼, … ∼, IPRS,VPRS): DPRS is the set of all pairs (ws, as), where

ws ∈D+, as ∈Act*, |ws| = |as|+1, and (wsj, wsj+1) ∈I(asj) for every j∈[1..|as|];

for every p ∈Prp and (ws,as) ∈DPRS, (ws,as) ∈VPRS (p) iff ws|ws|∈VE (p);

n1prsprs

Combining Knowledge and Branching Time for every i ∈ [1..n] and

for all (ws',as'), (ws",as")∈DPRS, (ws',as') ∼ (ws",as") iff

as'=as" and ws‘j ∼ws"j for every j∈[1..|ws'|];

w’1 → w’2 → … → w’m-1 → w’mi prs

w”1 → w”2 → … → w”m-1 → w”m

prsi

i

a1 a2 am-2 am-1

a1 a2 am-2 am-1




w’1 → w’2 → … → w’m-1 → w’m i

w”1 → w”2 → … → w”m-1 → w”m

prsi

i

a1 a2 am-2 am-1

a1 a2 am-2 am-1




w’1 → w’2 → … → w’m-1 → w’m i

w”1 → w”2 → … → w”m-1 → w”m

prsi

i

a1 a2 am-2 am-1

a1 a2 am-2 am-1




w’1 → w’2 → … → w’m-1 → w’m i

w”1 → w”2 → … → w”m-1 → w”m

prsi

i

a1 a2 am-2 am-1

a1 a2 am-2 am-1




w’1 → w’2 → … → w’m-1 → w’m i

w”1 → w”2 → … → w”m-1 → w”m

prsi

i

a1 a2 am-2 am-1

a1 a2 am-2 am-1

Combining Knowledge and Branching Time for every a ∈Act and

for all (ws',as'), (ws",as")∈DPRS, ((ws',as'), (ws",as")) ∈ IPRS(a) iff as'°a =as", ws" = ws'°w", and (w', w")∈IE(a), where w'=ws’|ws’|;

w’1 → w’2 → … → w’m-1 → w’m a↓ w’1 → w’2 → … → w’m-1 → w’m → w”

a1 a2 am-2 am-1

a1a2 am-2 am-1 a

Combining Knowledge and Branching Time for every a ∈Act and

for all (ws',as'), (ws",as")∈DPRS, ((ws',as'), (ws",as")) ∈ IPRS(a) iff as'°a =as", ws" = ws'°w", and (w', w")∈IE(a), where w'=ws’|ws’|.


Example.Guess Numbers Puzzle GNP(N,M) (N,M ≥ 0): Orbiter — referee,

Eloise and Abelard — two players. Abelard selects a hidden number h∈[1..N]; Abelard never reports the hidden value to

Eloise.

Combining Knowledge and Branching Time Eloise selects an initial value s∈[1..N]

for a personal counter; Eloise can increase or decrease

counter value by 10, 5 or 1 while in the range [1..N];

Eloise never reports the counter values to Alelard.


Orbiter reports to both players whether the new value of the personal counter s is less, equal, or greater then the hidden number h.

Can Eloise and Abelard simultaneously learn the hidden value h and the initial value s respectively after M arithmetic steps?


Two agents in the puzzle — E (Eloise) and A (Abelard).

Space D=[0..N]×[1..N]×{<, >, =, out, ini}×[1..N]:

[0..N] — an auxiliary counter c, [1..N] — values of the personal counter s, {<, >, =, out, ini } — results of comparisons, [1..N] — the hidden value h. Actions — (σn), for σ ∈{+,-} and n ∈{1,5,10}.


Knowledge Acquisition.


Agent E can get knowledge about the hidden value from a sequence of states that finishes with a state with equality sign.

Agent A can get knowledge about the initial value from a sequence of operations that generates these sequence of states.


next = ∪(σn), σ∈{+,-}, n ∈{1,5,10}EFnext((c ≤M) ∧

∨h ∈[1..N]KE (hidden value is h) ∧

∨s ∈ [1..N]KA (initial value is s))

Bounded Knowledge Update The model checking problem for

Act-CTL-Kn in perfect recall synchronous environments is decidability and complexity of the setCHECK(Act-CTL-Kn) ≡{(E, (ws,as), ϕ) | E — a finite environment, (ws,as) ∈ DPRS,

ϕ — a formula of Act-CTL-Kn,(ws,as)=PRS ϕ }.

Bounded Knowledge UpdateComplexity parameters: E = (D, ∼,... ∼, I, V) — a finite environment, d — the number of worlds in D; r — the number of edges in E; m = (d +r); l (ws,as)=|ws|; fϕ — the size of ϕ ∈Act-CTL-Kn. Overall complexity — t =(m +l (ws,as) +fϕ).

1 n

Bounded Knowledge Update Proposition 1

For all n >1 and Act ≠Ø CHECK(Act-CTL-Kn) is decidable with lower bound

22…2}O(t),

where t is the overall complexity of the input.

Bounded Knowledge Update The knowledge depth of a formula is

the maximal nesting of knowledge operators in that formula.

Act-CTL-Kkn — logics with a bounded

knowledge depth k ≥0. Act-CTL-Kn = ∪k ≥0 Act-CTL-Kk

n.

Bounded Knowledge Update Tk — k-trees over E, Fk — forests of k-trees over E (k ≥0). T0 ={(w, ∅,... ∅) | w∈D,

the number of copies of emptyset — n}, Fk=2Tk, Tk+1={(w,U1,...Un) | w∈D and Ui ∈Fk, i ∈[1..n]}, T = ∪k ≥0Tk .

Bounded Knowledge Updatek-tree for GN(100,4)

Bounded Knowledge Update k-tree — finite tree of height k,

• vertices — worlds of the environment,• edges — agents;

In a tuple (w, U1, ... Un)• world w — actual state of the universe,• the set Ui — knowledge of the agent i;

0-tree: (w, ∅,... ∅) — world w; 1-tree: Ui — knowledge about the universe; k-tree: Ui — knowledge about the universe

and knowledge of the other agents.


Let k ≥ 0 be an integer and E be a finite environment for n agents with d states. Then

the number CK of k-trees over E CK ≤ exp(n ×d,k)/n;

if n <d, then the number NK of nodes in every k+1-tree over E

NK < (CK)2.

Bounded Knowledge Update Knowledge available in world (ws,as)∈PRS(E): tree0(ws,as) ... treek(ws,as)... tree0(ws,as)=(ws|ws|, ∅, ..., ∅), treek+1(ws,as)=(ws|ws|, {treek(ws’,as’) | (ws’,as’) ∼ (ws,as)},

... {treek(ws’,as’) | (ws’,as’) ∼ (ws,as)}).

1

nprs

prs

Bounded Knowledge UpdateKnowledge update functions.

E, k ≥ 0, a ∈Act, i ∈[1..n]. Gk

a : Tk ×D Tk; Hk,i

a : Fk ×D Fk; G0

a(tr,w)=(w, ∅, … ∅) iff (root(tr),w)∈I(a); Hk,i

a(U,w)={Gka(tr,w’) | tr ∈U and w’ ∼ w};

Gk+1a((w,U1, …,Un), w’)=

( w’, H1,ia(U1,w’), …, Hn,i

a(Un,w’)) iff (w,w’) ∈ I(a).

i

Bounded Knowledge Update Knowledge acquisition in GN(100,4)


For every k ≥ 0, every a ∈Act, every finite environment E, every (ws,as)∈DPRS, and every w∈D, the following incremental knowledge update property holds:

treek((ws,as)°(w,a))=Gka(treek(ws,a), w).

Bounded Knowledge Abstraction

Translation TL: Act-CTL-Kn Act+n-CTL. T(Act+n) = Act ∪ [1..n]; T(Ki)=AXi, T(Si)=EXi ; T(ϕ)=ϕ+n, ϕ ∈Act-CTL-Kn.Translation TE : E E+n. TE((D, ∼, ... ∼, I, V))=(D, I+n, V), whereI+n(a)=I(a) for a ∈Act, I+n(i)=∼ for i ∈[1..n].

1 ni


Proposition 4For every environment E and every

formula ϕ of Act-CTL-Kn:E(ϕ) = E+n(ϕ+n)

In particular, PRS(E)(ϕ) = (PRS(E))+n(ϕ+n).


Associated model based on k-trees for Act+n-CTL TRk(E)=(Dk, Ik, Vk):

Dk — the set of all 0-,..., k-trees over E; for a ∈Act: Ik(a) = { (tr', tr")∈Dk×Dk |

tr" = Gja(tr',w) for some j ∈[0..k] and w∈D};

for i ∈[1..n]: Ik(i) = { (tr', tr")∈Dk×Dk |tr" ∈Ui, tr' = (w, U1,...Un) for some w∈D};

Vk(p) = {tr | root(tr) ∈V(p) } for every p∈Prp.


Treek(P)={ treek(ws, as) | (ws, as) ∈ P}; Trace(Pk)={ (ws, as) | treek(ws, as) ∈ Pk}. Proposition 5

For every n ≥1 and k ≥0, for every formula ϕ ∈Act-CTL-Kn with the knowledge depth k at most, and for every finite environment E, the following holds:

Treek(PRS(E)(ϕ)) =TRk(E)(ϕ+n),PRS(E)(ϕ) = Trace(TRk(E)(ϕ+n)).


Action transition in TRk(E)


Knoweledge transition in TRk(E)


Proposition 6For every n ≥1 and k ≥0 and every environment E, the model TRk(E) is an abstraction of the model PRS(E)+n with respect to formulas of Act+n -CTL which correspond to formulas of Act-CTL-Kn with the knowledge depth k at most.The corresponding abstraction function maps every trace to the k-tree of this trace.


Proposition 7For every integer n ≥1 and k ≥0, synchronous environment with perfect recall PRS(E), every formula ϕ of Act-CTL-Kn with the knowledge depth k at most, the model checking problem is decidable with the upper bound

f is the size of the formula, d is the number of states in D.


Model checking algorithm: Input a formula ϕ of Act-CTL-Kn and

count its knowledge depth k. Convert ϕ into the corresponding formula

ϕ+n of Act+n -CTL. Input a finite environment E and

construct finite model TRk(E). Input a trace (ws, as) and build the

corresponding k-tree tr. Model check ϕ+n on tr in TRk(E).


Model-checker has been implemented in C#. Data structures — vector-affine trees. Experiments with the Guess Numbers

Puzzle for various N (the maximal N =15). |E|=120000, 2|E| ≈ 4×1036123.

Documents

Nikolay Shilov. CSEDays 3