Games in LTL Fragments Salvatore La Torre Dipartimento di Informatica ed Applicazioni Università degli Studi di Salerno Linear-time Temporal Logic (LTL) qCorrectness requirements for reactive systems “Every request is eventually granted” (r g) qMost studied decision problem: u model checking (closed systems) Is M a model of j ? LTL specs in open systems The system is a module interacting with the other modules (environment) q Controller synthesis q Realizabilty of specifications q Verification of open systems q Modular verification (module-checking) LTL Games ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Play LTL Games ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Play LTL Games ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Play LTL Games ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Play LTL Games ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Play LTL Games ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Decision Problem qStrategy: function from play ending at a system state s to a successor of s qStrategy is winning : All plays constructed according to it satisfy specification Is there a winnng strategy of the protagonist? Example: Strategy ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Example: Strategy ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Example: Strategy ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Example: Strategy ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Example: Strategy ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Example: Strategy ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Example: Strategy ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Example: Strategy ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Computational Complexity of LTL Games qDeciding LTL games is 2Exptime-complete [Pnueli-Rosner POPL’89] qComplexity of games in LTL fragments: u Deterministic generators and games for LTL fragments [Alur - La Torre LICS‘01] u Games for positive LTL fragments [Marcinkowski -Truderung CSL‘02] u Games in fragments without “next” and “unitl” [Alur - La Torre – Madhusudan CONCUR’03] Other References Realizability [Abadi-Lamport-Wolper ICALP’89] Module checking [Kupferman-Vardi CAV‘96 & ‘97] Alternating Temporal Logic [Alur-Henzinger-Kupferman JACM‘02] Talk Outline ü Overview ÜNotation and general solution to LTL games qUpper bounds: deteministic generators qLower bounds qEncoding TMs without “next” and “until” qExpspace-hardness of B(L , , (P)) q2Exptime-hardness of L , , , (P) qConclusions LTL qSyntax j := p | j j | j j | j | j | j | j U j qSemantics - p: p LTL qSyntax j := p | j j | j j | j | j | j | j U j qSemantics - p: p p p p p LTL qSyntax j := p | j j | j j | j | j | j | j U j qSemantics - p p: U q:p p p p p p pp pq Some Notation q B(G) denotes: u Boolean combinations of formulas from G q Lop1,…,opk (G) denotes: u formulas from G using only operators in the list op1,…,opk qFor example: L , , (P) denotes the LTL fragment j := p | j j|j j| j, pÎP More LTL fragments q L , , , (P) : (usually LTL( , ) ) j:= p | j j | j j | j | j q B(L , (P)) : bool. combinations of j:= p | j j | j q B(L , , (P)) : bool. combinations of j:= p | j j | j | j q B(L , , , (P)) : bool. combinations of j:= p | j j | j j | j | j LTL Games q Winning condition is an LTL formula q Deciding LTL games is 2Exptime-complete [Pnueli-Rosner’89] uConstruct Buchi generator (size n=2O(j) ) [Vardi-Wolper’94] uDeterminize it = Rabin automaton with 2O(n) states and n pairs [Safra ’88] uEmptiness of Rabin tree automata with n states and m pairs: O( (n·m) c·m ) [Pnueli-Rosner’89] Buchi Games qWinning condition: uSome accepting state must repeat infinitely often qDecision algorithm: u O(d log m) space (d=longest simple distance, m=number of states) Talk Outline ü Overview ü Notation and general solution to LTL games ÜUpper bounds: deteministic generators qLower bounds qEncoding TMs without “next” and “until” qExpspace-hardness of B(L , , (P)) q2Exptime-hardness of L , , , (P) qConclusions LTL Deterministic Generators qLTL formulas may not have Buchi deterministic generators qStandard approach: uConstruct nondeterministic generator uDeterminize it qLTL formulas have deterministic generators of size and longest distance £ 2Exp (matching lower bounds [KV’98]) Generators for B(L , (P)) qThere exists DBA of Exp size and linear longest distance qConstruction is optimal: u Ex. p1 …… pn States store fulfilled predicates Transition (non self-loop) required when new predicate is fulfilled Partially-ordered Buchi Automata qTransition graph is a DAG with selfloops qConstruction for intersection and union keeps linear longest distance (d1+d2) qComplement is trivial qEfficient construction for from POBD for j (p j) PODB Composition pk p1 s’0 i pi A PODB Composition pk p p s0 p p1 pk p1 p ( i pi ) s’0 i pi A Generators for B(L , , (P)) qThere exists DBA of Exp size and Exp longest distance qConstruction is optimal: u Ex. (p n q) States store sequence of last n input Exp-long path where the last n input are always different for each prefix Automaton Construction q Push inside next operators (O(n2)) qInteresting case: (p kq j) uUse k copies of A’ (det. gen. for j) uAt h release copy started at h-k kq is not true at h-k, and if p release all the others , otherwise (no more copies are started in this last case) Generators for B(L , , (P)) and B(L , , , (P)) qThere exists DBA of 2Exp size and Exp longest distance qConstruction is optimal: u Ex. n i=1 (pi qi) States store sets of q’s : if P then check if qi for pi Ï P Sequence of different sets of p’s qPush outside disjunctions Generator for L , , , (P) q L , , , (P) formulas may require det. generator of size and longest distance 2Exp uEx. ( n i=1 (ai bi) n i=1 (ci (States store for each set of b’s a list of sets of d’s) di)) Generators Complexity Nondet. Gen. B(L , (P)) B(L , , (P)) Det. Generators Size L. Dist. Size L. Dist. Q(Exp) Q(Linear) Q(Exp) Q(Linear) Q(Exp) Q(Exp) Q(Exp) Q(Exp) B(L , , (P)) Q(Exp) Q(Linear) Q(2Exp) B(L , , , (P)) Q(Exp) Q(Exp) Q(2Exp) Q(Exp) Q(Exp) L , , , (P) Q(Exp) Q(Linear) Q(2Exp) Q(2Exp) LTL Q(Exp) Q(Exp) Q(2Exp) Q(2Exp) Solving LTL Games q G= game graph, j = LTL formula uConstruct deterministic generator A of j models uSolve the Buchi game (G x A, W) (W is the acceptance condition of A on G x A) q Complexity Buchi games: O(d log m) space (d=longest simple distance, m=number of states) Upper bounds Games Det. Generators Size L. Dist. PSPACE Q(Exp) Q(Linear) EXPTIME Q(Exp) Q(Exp) EXPSPACE Q(2Exp) Q(Exp) EXPSPACE Q(2Exp) Q(Exp) L , , , (P) 2EXPTIME Q(2Exp) Q(2Exp) LTL 2EXPTIME Q(2Exp) Q(2Exp) B(L , (P)) B(L , , (P)) B(L , , (P)) B(L , , , (P)) Talk Outline ü Overview ü Notation and general solution to LTL games ü Upper bounds: deteministic generators ÜLower bounds qEncoding TMs without “next” and “until” qExpspace-hardness of B(L , , (P)) q2Exptime-hardness of L , , , (P) qConclusions B(L , (P)) : Pspace-hardness QBF formula: A1x1. … Anxn. B(L , (P)) formula: n i=1 i=1 ci ci x1 A1 n xn An x1 xn B(L , , (P)) : Exptime-hardness qEncoding from ALT-Pspace TM qSystem wins on plays either encoding an accepting computation or not encoding a computation qEncoding: a1a2…ai-1 q ai…an a1a2… q’ ai-1 a’i…an (a1,1) (a2,2)…(ai-1,i-1) (ai,i) …(an ,n) (q,ai,i) (q’,a’i,L) Talk Outline ü Overview ü Notation and general solution to LTL games ü Upper bounds: deteministic generators ÜLower bounds ÜEncoding TMs without “next” and “until” qExpspace-hardness of B(L , , (P)) q2Exptime-hardness of L , , , (P) qConclusions Proving lower bounds qEncode acceptance problem for Turing Machines qCrucial point: Cj Cj+1 i-1 i i+1 i qProblems: uZoom to a cell content uCompare cells of consecutive configurations With “until” and “next” qZoom to cell i = n(bn…b1): ubn…b1 a to encode “cell bn…b1 contains a” u¯¡(bn ¡(… ¡(b1 ¡ a) …)) to check it qCompare across configurations: uModulo-2 counter to distinguish among consecutive configurations uConstructs of type 0 U (1 j1) New encoding of computations New encoding of computations q¯ only checks for subsequences Es. ¯(bn ¯(… ¯(b1 ¯ a) …)), (“bn…b1 a” may not be consecutive) q <a0>0 <a1>1… <ai>i …<a2n-1>2n-1 (proper sequence) New encoding of computations q¯ only checks for subsequences Es. ¯(bn ¯(… ¯(b1 ¯ a) …)), (“bn…b1 a” may not be consecutive) q <a0>0 <a1>1… <ai>i …<a2n-1>2n-1 (proper sequence) pn…p1 ai q1…qn New encoding of computations q¯ only checks for subsequences Es. ¯(bn ¯(… ¯(b1 ¯ a) …)), (“bn…b1 a” may not be consecutive) q <a0>0 <a1>1… <ai>i …<a2n-1>2n-1 (proper sequence) pn…p1 ai q1…qn pn…p1 : binary encoding for i qn…q1 : binary encoding for 2n-1-i New encoding of computations q¯ only checks for subsequences Es. ¯(bn ¯(… ¯(b1 ¯ a) …)), (“bn…b1 a” may not be consecutive) q <a0>0 <a1>1… <ai>i …<a2n-1>2n-1 (proper sequence) pn…p1 ai q1…qn pn…p1 : binary encoding for i qn…q1 : binary encoding for 2n-1-i (pjÎ{pj0,pj1}, qjÎ{qj0,qj1}) Property of proper sequences Property of proper sequences qFor <ai>i = u ai v (u-address, v-address): u <a0>0 ………<ai-1>i-1 u is the shortest prefix containing u as a subsequence u v <ai+1>i+1………<a2n-1>2n-1 is the shortest suffix containing v as a subsequence qTherefore: u u a v is a subseq of <a0>0 <a1>1…<a2n-1>2n-1 iff a=ai Example: proper sequences q3-bits encoding of aababbab: 000a111 001a011 010b101 011a001 100b110 101b010 110a100 111b000 qFor u=011, v=001 : u=011 000a111 001a011 010b101 011 v=001 01 100b110 101b010 110a100 111b000 Example: proper sequences q3-bits encoding of aababbab: 000a111 001a011 010b101 011a001 100b110 101b010 110a100 111b000 qFor u=011, v=001 : u=011 000a111 001a011 010b101 011 v=001 01 100b110 101b010 110a100 111b000 Example: proper sequences q3-bits encoding of aababbab: 000a111 001a011 010b101 011a001 100b110 101b010 110a100 111b000 qFor u=011, v=001 : u=011 000a111 001a011 010b101 011 v=001 01 100b110 101b010 110a100 111b000 Example: proper sequences q3-bits encoding of aababbab: 000a111 001a011 010b101 011a001 100b110 101b010 110a100 111b000 qFor u=011, v=001 : u=011 000a111 001a011 010b101 011 v=001 01 100b110 101b010 110a100 111b000 Example: proper sequences q3-bits encoding of aababbab: 000a111 001a011 010b101 011a001 100b110 101b010 110a100 111b000 qFor u=011, v=001 : u=011 000a111 001a011 010b101 011 v=001 01 100b110 101b010 110a100 111b000 Example: proper sequences q3-bits encoding of aababbab: 000a111 001a011 010b101 011a001 100b110 101b010 110a100 111b000 qFor u=011, v=001 : u=011 000a111 001a011 010b101 011 v=001 0 01 100b110 101b010 110a100 111b000 Example: proper sequences q3-bits encoding of aababbab: 000a111 001a011 010b101 011a001 100b110 101b010 110a100 111b000 qFor u=011, v=001 : u=011 000a111 001a011 010b101 011 v=001 0 01 100b110 101b010 110a100 111b000 Talk Outline ü Overview ü Notation and general solution to LTL games ü Upper bounds: deteministic generators ÜLower bounds üEncoding TMs without “next” and “until” U ÜExpspace-hardness of B(L , , (P)) Ü2Exptime-hardness of L , , , (P) qConclusions Results qTh 1. Deciding L , , , (P) games is 2Exptime-hard (reduction from Alt. Expspace) qTh 2. Deciding B(L , , (P)) games is Expspace-hard (reduction from Alt. Exptime) Schema of our reductions qProtagonist (system) ugenerates configurations upicks transitions when TM in $-states qAdversary (environment) upicks transitions when TM in "-states uraises objections to check if the sequence of configurations is proper and conforms the behaviour of TM Expspace-hardness Expspace-hardness qProtagonist generates sequences of positions <a>i (i refers to configuration # and cell #) qPlays: Expspace-hardness qProtagonist generates sequences of positions <a>i (i refers to configuration # and cell #) qPlays: u0a0v0 Expspace-hardness qProtagonist generates sequences of positions <a>i (i refers to configuration # and cell #) qPlays: u0a0v0 ok Expspace-hardness qProtagonist generates sequences of positions <a>i (i refers to configuration # and cell #) qPlays: obj1 u0a0v0 ok Expspace-hardness qProtagonist generates sequences of positions <a>i (i refers to configuration # and cell #) qPlays: obj1 obj1 u0a0v0 ok …… uyayvy ok…… u’0a’0v’0 ………ufafvf Expspace-hardness qProtagonist generates sequences of positions <a>i (i refers to configuration # and cell #) qPlays: obj1 obj1 u0a0v0 ok …… uyayvy ok…… u’0a’0v’0 ………ufafvf ok ok …… Expspace-hardness qProtagonist generates sequences of positions <a>i (i refers to configuration # and cell #) qPlays: obj1 obj1 obj1 u0a0v0 ok …… uyayvy ok…… u’0a’0v’0 ………ufafvf ok ok …… Expspace-hardness qProtagonist generates sequences of positions <a>i (i refers to configuration # and cell #) qPlays: obj1 obj1 obj1 u0a0v0 ok …… uyayvy ok…… u’0a’0v’0 ………ufafvf ok ok …… obj2 Objection 1 Objection 1 qGeneration of proper sequences: u verify n(uj+1)=n(uj)+1 and n(vj)=2n-1- n(uj) … pn…p1 aj q1…qn ……obj1 rn…r1 sn…s1 Objection 1 qGeneration of proper sequences: u verify n(uj+1)=n(uj)+1 and n(vj)=2n-1- n(uj) same … pn…p1 aj q1…qn ……obj1 rn…r1 sn…s1 Objection 1 qGeneration of proper sequences: u verify n(uj+1)=n(uj)+1 and n(vj)=2n-1- n(uj) same same … pn…p1 aj q1…qn ……obj1 rn…r1 sn…s1 Objection 1 qGeneration of proper sequences: u verify n(uj+1)=n(uj)+1 and n(vj)=2n-1- n(uj) same same … pn…p1 aj q1…qn ……obj1 rn…r1 sn…s1 (pj0 ¯rj0) (pj1 ¯rj1) Objection 1 qGeneration of proper sequences: u verify n(uj+1)=n(uj)+1 and n(vj)=2n-1- n(uj) same diff same diff … pn…p1 aj q1…qn ……obj1 rn…r1 sn…s1 (qj0 ¯rj1) (qj1 ¯rj0) Formula for proper sequences ¯obj1 ( [ (succ(r,s) ) j1) (j’1 j2] j’2) Formula for proper sequences ¯obj1 ( [ (succ(r,s) ) j1) (j’1 j2] j’2) j1 = “p is same as r” j2 = “p is same as r followed by p is same as s” Formula for proper sequences ¯obj1 ( [ (succ(r,s) ) j1) (j’1 j2] j’2) j’1 = “p is same as r” j’2 = “p is same as r followed by q diff from r” Formula for proper sequences ¯obj1 ( [ (succ(r,s) ) j1) (j’1 j2] j’2) j’1 = “p is same as r” j’2 = “p is same as r followed by q diff from r” ØNeed only formulas in B(L , , (P)) Objection 2 qVerify that sequences are TM outcomes qAdversary picks i-1, i, i+1, and j, and checks if cell i of Cj+1 can “follow” cells i-1, i, i+1 of Cj q“Small” formulas from B(L , , (P)) do the job (property of proper sequences is crucial to match cell contents using only nested ¯) qTM computes in exptime: uat the end of a computation we can zoom to each position generating polynomially many bits Results qTh 1. Deciding L , , , (P) games is 2Exptime-hard (reduction from Alt. Expspace) qTh 2. Deciding B(L , , (P)) games is Expspace-hard (reduction from Alt. Exptime) 2Exptime-hardness 2Exptime-hardness qWe cannot encode configuration # qWe can still use proper sequences to zoom to cells within a configuration qFocus on 2 consecutive configurations at a time (modulo-3 counter incremented every time a new configuration is entered) Objections qObjection 1 similar to previous case qObjection 2 is allowed at the end of every configuration qTo check j from the penultimate configuration use obj2 along with: Ø jÎ{0,1,2} (¯(j j ¯(j+1) ¬¯(j+2))) Objections qObjection 1 similar to previous case qObjection 2 is allowed at the end of every configuration qTo check j from the penultimate configuration use obj2 along with: Ø jÎ{0,1,2} (¯(j j ¯(j+1) ¬¯(j+2))) Objections qObjection 1 similar to previous case qObjection 2 is allowed at the end of every configuration qTo check j from the penultimate configuration use obj2 along with: Ø jÎ{0,1,2} (¯(j j ¯(j+1) ¬¯(j+2))) (This is in L , , , (P) ) Complexity Games B(L , (P)) B(L , , (P)) Det. Generators Size L. Dist. Pspace-complete Q(Exp) Q(Linear) Exptime-complete Q(Exp) Q(Exp) B(L , , (P)) B(L , , , (P)) Expspace-complete Q(2Exp) Q(Exp) Expspace-complete Q(2Exp) Q(Exp) L , , , (P) 2Exptime-complete Q(2Exp) Q(2Exp) LTL 2Exptime-complete Q(2Exp) Q(2Exp) Talk Outline ü Overview ü Notation and general solution to LTL games ü Upper bounds: deteministic generators ü Lower bounds üEncoding TMs without “next” and “until” U üExpspace-hardness of B(L , , (P)) ü2Exptime-hardness of L , , , (P) ÜConclusions Fair safety-reachability games qGames with fairness: u“(adv plays fair) u“(prot plays fair) (prot plays fair (adv plays fair wins) wins) q B(L (P) U L , (P)) : ( B(L , (P))F ) fair safety-reachability games q B(L , (P))F games are Pspace-complete Fair safety-reachability games qGames with fairness: u“(adv plays fair) u“(prot plays fair) (prot plays fair (adv plays fair wins) wins) q B(L (P) U L , (P)) : ( B(L , (P))F ) fair safety-reachability games q B(L , (P))F games are Pspace-complete Decision algorithm uses Zielonka solution to Muller games along with det. generators for L , (P) Fair safety-reachability games qGames with fairness: u“(adv plays fair) u“(prot plays fair) (prot plays fair (adv plays fair wins) wins) q B(L (P) U L , (P)) : ( B(L , (P))F ) fair safety-reachability games q B(L , (P))F games are Pspace-complete Hardness: games with “Streett Rabin” winning conditions are Pspace-hard (from QBF) More in PSPACE q Persistent strategy: On a play, the player picks always the same move visiting the same location (weaker than memoryless) More in PSPACE q Persistent strategy: On a play, the player picks always the same move visiting the same location (weaker than memoryless) a b a a b c More in PSPACE q Persistent strategy: On a play, the player picks always the same move visiting the same location (weaker than memoryless) a b a a b c persistent not memoryless Complexity of L , , (P) q Theorem: [Marcinkowski -Truderung CSL‘02] For specs in L , , (P) , protagonist has a winning strategy iff can win against an adversary that uses only persistent strategies q L , , (P) games are in PSPACE LTL fragments L , (P) L , , (P) B(L , , (P)) B(L , (P))F B(L , , (P)) B(L , , , (P)) L , , , (P) LTL 2Ex co e ptim te e l mp Complexity: Model-checking LTL fragments NP-complete L , (P) L , , (P) B(L , , (P)) B(L , (P))F B(L , , (P)) B(L , , , (P)) L , , , (P) Pspace-complete LTL 2Ex co e ptim te e l mp Complexity: Games LTL fragments L , (P) L , , (P) B(L , , (P)) B(L , (P))F B(L , , (P)) B(L , , , (P)) L , , , (P) LTL 2Ex co e ptim te e l mp Complexity: Games LTL fragments Pspace-complete L , (P) L , , (P) B(L , , (P)) B(L , (P))F B(L , , (P)) B(L , , , (P)) L , , , (P) LTL 2Ex co e ptim te e l mp Complexity: Games LTL fragments Pspace-complete Exptime-complete L , (P) L , , (P) B(L , , (P)) B(L , (P))F B(L , , (P)) B(L , , , (P)) L , , , (P) LTL 2Ex co e ptim te e l mp Complexity: Games LTL fragments Pspace-complete Exptime-complete L , (P) L , , (P) B(L , , (P)) B(L , (P))F B(L , , (P)) B(L , , , (P)) L , , , (P) Expspace-complete LTL 2Ex co e ptim te e l mp Complexity: Games LTL fragments Pspace-complete Exptime-complete L , (P) L , , (P) B(L , , (P)) B(L , (P))F B(L , , (P)) B(L , , , (P)) L , , , (P) Expspace-complete LTL 2Ex co e ptim te e l mp Computational Complexity L , B(L L , B(L (P) , (P))F , (P) , , (P)) Games Model-checking Pspace-complete NP-complete Pspace-complete NP-complete Pspace-complete NP-complete Exptime-complete Pspace-complete B(L , , (P)) Expspace-complete NP-complete B(L , , , (P)) Expspace-complete Pspace-complete L , , , (P) LTL 2Exptime-complete NP-complete 2Exptime-complete Pspace-complete Box and Diamond q ¯j (eventually j): j q ¨j (always j): j j j j j “ - ” fragments q L , , , (P) : full “¨ - ¯” LTL fragment q B(L , , (P)) : boolean combinations of j := p | j j|j j| j, pÎP (no ¨ in the scope of ¯ and vice-versa) LTL Games ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Decision problem: Is there a winnng Games strategyLTL of the protagonist? ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Decision problem: Is there a winnng Games strategyLTL of the protagonist? ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Decision problem: Is there a winnng Games strategyLTL of the protagonist? ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Decision problem: Is there a winnng Games strategyLTL of the protagonist? ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Decision problem: Is there a winnng Games strategyLTL of the protagonist? ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Decision problem: Is there a winnng Games strategyLTL of the protagonist? ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Decision problem: Is there a winnng Games strategyLTL of the protagonist? ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Decision problem: Is there a winnng Games strategyLTL of the protagonist? ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Decision problem: Is there a winnng Games strategyLTL of the protagonist? ØGame graph: 3 a c 4 1 5 2 b ØSpecification: (a b) a b Computational Complexity of LTL Games Computational Complexity of LTL Games qDeciding LTL games is 2Exptime-complete [PR’89] qWhat about games in LTL fragments? qPrevious research [AL’01] & [MT’02] qFocus on fragments using only “always” (¨) and “eventually” (¯) (no “until” or “next” are allowed) Our results Our results qFull “¨ - ¯” LTL fragment j := p | j j | j j | j | j qGames are 2Exptime-hard as for LTL qNot allowing ¨ in the scope of ¯ and vice-versa games become Expspace-complete uExpspace membership from [AL’01] uUsing only either ¨ or ¯ games are in Pspace [MT’02] qGames with safety and reachability specs augmented with fairness conditions are Pspace-complete LTL Games q Winning condition is LTL formula q G= game graph, j = LTL formula uConstruct det. generator A of j models uSolve the game (G x A, W) (W is the acceptance condition of A on G x A) q 2Exptime-complete [PR’89] Motivation qGame complexity is lower for Buchi, Rabin, and Streett games qModel-checking is also easier in some LTL fragments qWhat about games in LTL fragments? Problem 2: consecutive configs Problem 2: consecutive configs qIf “until” (U) is allowed then: uModulo-2 counter to distinguish among consecutive configurations uConstructs of type (0 j0) U (1 j1) qWithout “next” and “until”? uIf # of configurations is O(2n), then number configurations (same as for cells) uOtherwise, we need more … Linear Temporal Logic (LTL) qCorrectness requirements for reactive systems qGame-based interpretation: u u u u controller synthesis compositionality requirements verification of open systems modular verification (module-checking) Zoom to the last two configs qConfigurations are counted with a modulo-3 counter uuse 3 new atomic propositions uthe same propositions hold true on all cells of a configuration qTo check j from the penultimate configuration use: u jÎ{0,1,2} (¯(j j ¯(j+1) ¬¯(j+2))) Zoom to the last two configs qConfigurations are counted with a modulo-3 counter uuse 3 new atomic propositions uthe same propositions hold true on all cells of a configuration qTo check j from the penultimate configuration use: u jÎ{0,1,2} (¯(j j ¯(j+1) ¬¯(j+2))) Zoom to the last two configs qConfigurations are counted with a modulo-3 counter uuse 3 new atomic propositions uthe same propositions hold true on all cells of a configuration qTo check j from the penultimate configuration use: u jÎ{0,1,2} ( (¯(j j ¯(j+1) ) ¬¯(j+2))) Expspace-hardness qObjection 1: uadversary selects 2 consecutive positions uprotagonist loses if these positions witness that the sequence is not proper qObjection 2: uadversary selects 4 positions to check that a position can derive from the positions of the previous configuration uprotagonist loses if these positions do not conform to TM behaviour q formulas similar to Match(a,i) Match(a,i) q Seq(bm,…,b1) = ¯(bm ¯(… ¯b1)…) q Same(pj,bj) = (pj0 ¬bj) (pj1 bj) q Diff(qj,bj) = (qj0 bj) (qj1 ¬ bj) q Match(a,i) = Seq(Same(pn,bn) ,…, Same(p1,b1), a, Diff(q1,b1),…, Diff(qn,bn)) (bn…b1 binary encoding of i) LTL fragments L , (P) L , , (P) B(L , , (P)) B(L , (P))F B(L , , (P)) B(L , , , (P)) L , , , (P) LTL 2Ex co e ptim te e l mp Complexity: Model-checking LTL fragments NP-complete L , (P) L , , (P) B(L , , (P)) B(L , (P))F B(L , , (P)) B(L , , , (P)) L , , , (P) Pspace-complete LTL 2Ex co e ptim te e l mp Complexity: Games LTL fragments L , (P) L , , (P) B(L , , (P)) B(L , (P))F B(L , , (P)) B(L , , , (P)) L , , , (P) LTL 2Ex co e ptim te e l mp Complexity: Games LTL fragments Pspace-complete L , (P) L , , (P) B(L , , (P)) B(L , (P))F B(L , , (P)) B(L , , , (P)) L , , , (P) LTL 2Ex co e ptim te e l mp Complexity: Games LTL fragments Pspace-complete Exptime-complete L , (P) L , , (P) B(L , , (P)) B(L , (P))F B(L , , (P)) B(L , , , (P)) L , , , (P) LTL 2Ex co e ptim te e l mp Complexity: Games LTL fragments Pspace-complete Exptime-complete L , (P) L , , (P) B(L , , (P)) B(L , (P))F B(L , , (P)) B(L , , , (P)) L , , , (P) Expspace-complete LTL 2Ex co e ptim te e l mp Complexity: Games LTL fragments Pspace-complete Exptime-complete L , (P) L , , (P) B(L , , (P)) B(L , (P))F B(L , , (P)) B(L , , , (P)) L , , , (P) Expspace-complete LTL 2Ex co e ptim te e l mp