slides

Games in LTL Fragments
Salvatore La Torre
Dipartimento di Informatica ed Applicazioni
Università degli Studi di Salerno
Linear-time Temporal Logic (LTL)
qCorrectness requirements for
reactive systems
“Every request is eventually granted”
(r
g)
qMost studied decision problem:
u model checking (closed systems)
Is M a model of j ?
LTL specs in open systems
The system is a module interacting with
the other modules (environment)
q Controller synthesis
q Realizabilty of specifications
q Verification of open systems
q Modular verification (module-checking)
LTL Games
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Play
LTL Games
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Play
LTL Games
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Play
LTL Games
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Play
LTL Games
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Play
LTL Games
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Decision Problem
qStrategy: function
from play ending at a system state s
to a successor of s
qStrategy is winning :
All plays constructed according to it
satisfy specification
Is there a winnng strategy of the
protagonist?
Example: Strategy
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Example: Strategy
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Example: Strategy
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Example: Strategy
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Example: Strategy
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Example: Strategy
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Example: Strategy
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Example: Strategy
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Computational Complexity of LTL
Games
qDeciding LTL games is 2Exptime-complete
[Pnueli-Rosner POPL’89]
qComplexity of games in LTL fragments:
u Deterministic generators and games for LTL
fragments
[Alur - La Torre LICS‘01]
u Games for positive LTL fragments
[Marcinkowski -Truderung CSL‘02]
u Games in fragments without “next” and “unitl”
[Alur - La Torre – Madhusudan CONCUR’03]
Other References
Realizability
[Abadi-Lamport-Wolper ICALP’89]
Module checking
[Kupferman-Vardi CAV‘96 & ‘97]
Alternating Temporal Logic
[Alur-Henzinger-Kupferman JACM‘02]
Talk Outline
ü Overview
ÜNotation and general solution to LTL games
qUpper bounds: deteministic generators
qLower bounds
qEncoding TMs without “next” and “until”
qExpspace-hardness of B(L , , (P))
q2Exptime-hardness of L , , , (P)
qConclusions
LTL
qSyntax
j := p | j j | j j | j | j | j | j U j
qSemantics
-
p:
p
LTL
qSyntax
j := p | j j | j j | j | j | j | j U j
qSemantics
-
p:
p
p
p
p
p
LTL
qSyntax
j := p | j j | j j | j | j | j | j U j
qSemantics
- p p:
U q:p p p p p p
pp pq
Some Notation
q B(G) denotes:
u Boolean combinations of formulas from G
q Lop1,…,opk (G) denotes:
u formulas from G using only
operators in the list op1,…,opk
qFor example:
L , , (P) denotes the LTL fragment
j := p | j
j|j
j|
j,
pÎP
More LTL fragments
q L , , , (P) : (usually LTL( , ) )
j:= p | j j | j j | j | j
q B(L , (P)) : bool. combinations of
j:= p | j j | j
q B(L , , (P)) : bool. combinations of
j:= p | j j | j | j
q B(L , , , (P)) : bool. combinations of
j:= p | j j | j j | j | j
LTL Games
q Winning condition is an LTL formula
q Deciding LTL games is 2Exptime-complete
[Pnueli-Rosner’89]
uConstruct Buchi generator (size n=2O(j) )
[Vardi-Wolper’94]
uDeterminize it = Rabin automaton with 2O(n) states
and n pairs [Safra ’88]
uEmptiness of Rabin tree automata with n states
and m pairs: O( (n·m) c·m ) [Pnueli-Rosner’89]
Buchi Games
qWinning condition:
uSome accepting state must repeat
infinitely often
qDecision algorithm:
u O(d log m) space
(d=longest simple distance,
m=number of states)
Talk Outline
ü Overview
ü Notation and general solution to LTL games
ÜUpper bounds: deteministic generators
qLower bounds
qEncoding TMs without “next” and “until”
qExpspace-hardness of B(L , , (P))
q2Exptime-hardness of L , , , (P)
qConclusions
LTL Deterministic Generators
qLTL formulas may not have
Buchi deterministic generators
qStandard approach:
uConstruct nondeterministic generator
uDeterminize it
qLTL formulas have deterministic generators
of size and longest distance £ 2Exp
(matching lower bounds [KV’98])
Generators for B(L , (P))
qThere exists DBA of Exp size and
linear longest distance
qConstruction is optimal:
u Ex.
p1
……
pn
States store fulfilled predicates
Transition (non self-loop) required when new
predicate is fulfilled
Partially-ordered Buchi Automata
qTransition graph is a DAG with selfloops
qConstruction for intersection and union
keeps linear longest distance (d1+d2)
qComplement is trivial
qEfficient construction for
from POBD for j
(p
j)
PODB Composition
pk
p1
s’0
i
pi
A
PODB Composition
pk
p
p
s0
p
p1
pk
p1
p
(
i
pi )
s’0
i
pi
A
Generators for B(L , , (P))
qThere exists DBA of Exp size and
Exp longest distance
qConstruction is optimal:
u Ex.
(p
n q)
States store sequence of last n input
Exp-long path where the last n input are
always different for each prefix
Automaton Construction
q Push inside next operators (O(n2))
qInteresting case:
(p
kq
j)
uUse k copies of A’ (det. gen. for
j)
uAt h release copy started at h-k
kq is not true at h-k, and
if p
release all the others , otherwise
(no more copies are started in this last case)
Generators for B(L , , (P)) and
B(L , , , (P))
qThere exists DBA of 2Exp size and
Exp longest distance
qConstruction is optimal:
u Ex.
n
i=1 (pi
qi)
States store sets of q’s :
if P then check if
qi for pi Ï P
Sequence of different sets of p’s
qPush outside disjunctions
Generator for L , , , (P)
q L , , , (P) formulas may require det.
generator of size and longest distance
2Exp
uEx.
(
n
i=1 (ai
bi)
n
i=1 (ci
(States store for each set of b’s
a list of sets of d’s)
di))
Generators Complexity
Nondet. Gen.
B(L , (P))
B(L , , (P))
Det. Generators
Size
L. Dist.
Size
L. Dist.
Q(Exp)
Q(Linear)
Q(Exp)
Q(Linear)
Q(Exp)
Q(Exp)
Q(Exp)
Q(Exp)
B(L , , (P)) Q(Exp) Q(Linear) Q(2Exp)
B(L , , , (P)) Q(Exp) Q(Exp) Q(2Exp)
Q(Exp)
Q(Exp)
L , , , (P)
Q(Exp)
Q(Linear)
Q(2Exp)
Q(2Exp)
LTL
Q(Exp)
Q(Exp)
Q(2Exp)
Q(2Exp)
Solving LTL Games
q G= game graph, j = LTL formula
uConstruct deterministic generator A of j models
uSolve the Buchi game (G x A, W)
(W is the acceptance condition of A on G x A)
q Complexity Buchi games: O(d log m) space
(d=longest simple distance, m=number of states)
Upper bounds
Games
Det. Generators
Size
L. Dist.
PSPACE
Q(Exp)
Q(Linear)
EXPTIME
Q(Exp)
Q(Exp)
EXPSPACE
Q(2Exp)
Q(Exp)
EXPSPACE
Q(2Exp)
Q(Exp)
L , , , (P)
2EXPTIME
Q(2Exp)
Q(2Exp)
LTL
2EXPTIME
Q(2Exp)
Q(2Exp)
B(L , (P))
B(L , , (P))
B(L , , (P))
B(L , , , (P))
Talk Outline
ü Overview
ü Notation and general solution to LTL games
ü Upper bounds: deteministic generators
ÜLower bounds
qEncoding TMs without “next” and “until”
qExpspace-hardness of B(L , , (P))
q2Exptime-hardness of L , , , (P)
qConclusions
B(L , (P)) : Pspace-hardness
QBF formula: A1x1. … Anxn.
B(L , (P)) formula:
n
i=1
i=1
ci
ci
x1
A1
n
xn
An
x1
xn
B(L , , (P)) : Exptime-hardness
qEncoding from ALT-Pspace TM
qSystem wins on plays either
encoding an accepting computation or
not encoding a computation
qEncoding:
a1a2…ai-1 q ai…an
a1a2… q’ ai-1 a’i…an
(a1,1) (a2,2)…(ai-1,i-1) (ai,i) …(an ,n) (q,ai,i) (q’,a’i,L)
Talk Outline
ü Overview
ü Notation and general solution to LTL games
ü Upper bounds: deteministic generators
ÜLower bounds
ÜEncoding TMs without “next” and “until”
qExpspace-hardness of B(L , , (P))
q2Exptime-hardness of L , , , (P)
qConclusions
Proving lower bounds
qEncode acceptance problem for Turing
Machines
qCrucial point:
Cj
Cj+1
i-1 i i+1
i
qProblems:
uZoom to a cell content
uCompare cells of consecutive configurations
With “until” and “next”
qZoom to cell i = n(bn…b1):
ubn…b1 a to encode “cell bn…b1 contains a”
u¯¡(bn ¡(… ¡(b1 ¡ a) …)) to check it
qCompare across configurations:
uModulo-2 counter to distinguish among
consecutive configurations
uConstructs of type 0 U (1 j1)
New encoding of computations
New encoding of computations
q¯ only checks for subsequences
Es. ¯(bn ¯(… ¯(b1 ¯ a) …)),
(“bn…b1 a” may not be consecutive)
q <a0>0 <a1>1… <ai>i …<a2n-1>2n-1 (proper sequence)
New encoding of computations
q¯ only checks for subsequences
Es. ¯(bn ¯(… ¯(b1 ¯ a) …)),
(“bn…b1 a” may not be consecutive)
q <a0>0 <a1>1… <ai>i …<a2n-1>2n-1 (proper sequence)
pn…p1 ai q1…qn
New encoding of computations
q¯ only checks for subsequences
Es. ¯(bn ¯(… ¯(b1 ¯ a) …)),
(“bn…b1 a” may not be consecutive)
q <a0>0 <a1>1… <ai>i …<a2n-1>2n-1 (proper sequence)
pn…p1 ai q1…qn
pn…p1 : binary encoding for i
qn…q1 : binary encoding for 2n-1-i
New encoding of computations
q¯ only checks for subsequences
Es. ¯(bn ¯(… ¯(b1 ¯ a) …)),
(“bn…b1 a” may not be consecutive)
q <a0>0 <a1>1… <ai>i …<a2n-1>2n-1 (proper sequence)
pn…p1 ai q1…qn
pn…p1 : binary encoding for i
qn…q1 : binary encoding for 2n-1-i
(pjÎ{pj0,pj1}, qjÎ{qj0,qj1})
Property of proper sequences
Property of proper sequences
qFor <ai>i = u ai v
(u-address, v-address):
u <a0>0 ………<ai-1>i-1 u is the shortest prefix
containing u as a subsequence
u v <ai+1>i+1………<a2n-1>2n-1 is the shortest suffix
containing v as a subsequence
qTherefore:
u u a v is a subseq of <a0>0 <a1>1…<a2n-1>2n-1 iff a=ai
Example: proper sequences
q3-bits encoding of aababbab:
000a111 001a011 010b101 011a001
100b110 101b010 110a100 111b000
qFor u=011, v=001 :
u=011
000a111 001a011 010b101 011
v=001
01 100b110 101b010 110a100 111b000
Example: proper sequences
q3-bits encoding of aababbab:
000a111 001a011 010b101 011a001
100b110 101b010 110a100 111b000
qFor u=011, v=001 :
u=011
000a111 001a011 010b101 011
v=001
01 100b110 101b010 110a100 111b000
Example: proper sequences
q3-bits encoding of aababbab:
000a111 001a011 010b101 011a001
100b110 101b010 110a100 111b000
qFor u=011, v=001 :
u=011
000a111 001a011 010b101 011
v=001
01 100b110 101b010 110a100 111b000
Example: proper sequences
q3-bits encoding of aababbab:
000a111 001a011 010b101 011a001
100b110 101b010 110a100 111b000
qFor u=011, v=001 :
u=011
000a111 001a011 010b101 011
v=001
01 100b110 101b010 110a100 111b000
Example: proper sequences
q3-bits encoding of aababbab:
000a111 001a011 010b101 011a001
100b110 101b010 110a100 111b000
qFor u=011, v=001 :
u=011
000a111 001a011 010b101 011
v=001
01 100b110 101b010 110a100 111b000
Example: proper sequences
q3-bits encoding of aababbab:
000a111 001a011 010b101 011a001
100b110 101b010 110a100 111b000
qFor u=011, v=001 :
u=011
000a111 001a011 010b101 011
v=001
0 01 100b110 101b010 110a100 111b000
Example: proper sequences
q3-bits encoding of aababbab:
000a111 001a011 010b101 011a001
100b110 101b010 110a100 111b000
qFor u=011, v=001 :
u=011
000a111 001a011 010b101 011
v=001
0 01 100b110 101b010 110a100 111b000
Talk Outline
ü Overview
ü Notation and general solution to LTL games
ü Upper bounds: deteministic generators
ÜLower bounds
üEncoding TMs without “next” and “until” U
ÜExpspace-hardness of B(L , , (P))
Ü2Exptime-hardness of L , , , (P)
qConclusions
Results
qTh 1.
Deciding L , , , (P) games is 2Exptime-hard
(reduction from Alt. Expspace)
qTh 2.
Deciding B(L , , (P)) games is Expspace-hard
(reduction from Alt. Exptime)
Schema of our reductions
qProtagonist (system)
ugenerates configurations
upicks transitions when TM in $-states
qAdversary (environment)
upicks transitions when TM in "-states
uraises objections to check if the
sequence of configurations is proper and
conforms the behaviour of TM
Expspace-hardness
Expspace-hardness
qProtagonist generates sequences of
positions <a>i
(i refers to configuration # and cell #)
qPlays:
Expspace-hardness
qProtagonist generates sequences of
positions <a>i
(i refers to configuration # and cell #)
qPlays:
u0a0v0
Expspace-hardness
qProtagonist generates sequences of
positions <a>i
(i refers to configuration # and cell #)
qPlays:
u0a0v0 ok
Expspace-hardness
qProtagonist generates sequences of
positions <a>i
(i refers to configuration # and cell #)
qPlays:
obj1
u0a0v0 ok
Expspace-hardness
qProtagonist generates sequences of
positions <a>i
(i refers to configuration # and cell #)
qPlays:
obj1
obj1
u0a0v0 ok …… uyayvy ok…… u’0a’0v’0 ………ufafvf
Expspace-hardness
qProtagonist generates sequences of
positions <a>i
(i refers to configuration # and cell #)
qPlays:
obj1
obj1
u0a0v0 ok …… uyayvy ok…… u’0a’0v’0 ………ufafvf ok ok ……
Expspace-hardness
qProtagonist generates sequences of
positions <a>i
(i refers to configuration # and cell #)
qPlays:
obj1
obj1
obj1
u0a0v0 ok …… uyayvy ok…… u’0a’0v’0 ………ufafvf ok ok ……
Expspace-hardness
qProtagonist generates sequences of
positions <a>i
(i refers to configuration # and cell #)
qPlays:
obj1
obj1
obj1
u0a0v0 ok …… uyayvy ok…… u’0a’0v’0 ………ufafvf ok ok ……
obj2
Objection 1
Objection 1
qGeneration of proper sequences:
u verify n(uj+1)=n(uj)+1 and n(vj)=2n-1- n(uj)
… pn…p1 aj q1…qn ……obj1 rn…r1 sn…s1
Objection 1
qGeneration of proper sequences:
u verify n(uj+1)=n(uj)+1 and n(vj)=2n-1- n(uj)
same
… pn…p1 aj q1…qn ……obj1 rn…r1 sn…s1
Objection 1
qGeneration of proper sequences:
u verify n(uj+1)=n(uj)+1 and n(vj)=2n-1- n(uj)
same
same
… pn…p1 aj q1…qn ……obj1 rn…r1 sn…s1
Objection 1
qGeneration of proper sequences:
u verify n(uj+1)=n(uj)+1 and n(vj)=2n-1- n(uj)
same
same
… pn…p1 aj q1…qn ……obj1 rn…r1 sn…s1
(pj0 ¯rj0) (pj1
¯rj1)
Objection 1
qGeneration of proper sequences:
u verify n(uj+1)=n(uj)+1 and n(vj)=2n-1- n(uj)
same
diff
same
diff
… pn…p1 aj q1…qn ……obj1 rn…r1 sn…s1
(qj0 ¯rj1) (qj1
¯rj0)
Formula for proper sequences
¯obj1
(
[ (succ(r,s)
)
j1)
(j’1
j2]
j’2)
Formula for proper sequences
¯obj1
(
[ (succ(r,s)
)
j1)
(j’1
j2]
j’2)
j1 = “p is same as r”
j2 = “p is same as r followed by p is same as s”
Formula for proper sequences
¯obj1
(
[ (succ(r,s)
)
j1)
(j’1
j2]
j’2)
j’1 = “p is same as r”
j’2 = “p is same as r followed by q diff from r”
Formula for proper sequences
¯obj1
(
[ (succ(r,s)
)
j1)
(j’1
j2]
j’2)
j’1 = “p is same as r”
j’2 = “p is same as r followed by q diff from r”
ØNeed only formulas in B(L , , (P))
Objection 2
qVerify that sequences are TM outcomes
qAdversary picks i-1, i, i+1, and j, and checks if
cell i of Cj+1 can “follow” cells i-1, i, i+1 of Cj
q“Small” formulas from B(L , , (P)) do the job
(property of proper sequences is crucial to match cell
contents using only nested ¯)
qTM computes in exptime:
uat the end of a computation we can zoom to each
position generating polynomially many bits
Results
qTh 1.
Deciding L , , , (P) games is 2Exptime-hard
(reduction from Alt. Expspace)
qTh 2.
Deciding B(L , , (P)) games is Expspace-hard
(reduction from Alt. Exptime)
2Exptime-hardness
2Exptime-hardness
qWe cannot encode configuration #
qWe can still use proper sequences to
zoom to cells within a configuration
qFocus on 2 consecutive configurations
at a time
(modulo-3 counter incremented every time
a new configuration is entered)
Objections
qObjection 1 similar to previous case
qObjection 2 is allowed at the end of
every configuration
qTo check j from the penultimate
configuration use obj2 along with:
Ø
jÎ{0,1,2}
(¯(j
j
¯(j+1)
¬¯(j+2)))
Objections
qObjection 1 similar to previous case
qObjection 2 is allowed at the end of
every configuration
qTo check j from the penultimate
configuration use obj2 along with:
Ø
jÎ{0,1,2}
(¯(j
j
¯(j+1)
¬¯(j+2)))
Objections
qObjection 1 similar to previous case
qObjection 2 is allowed at the end of
every configuration
qTo check j from the penultimate
configuration use obj2 along with:
Ø
jÎ{0,1,2}
(¯(j
j
¯(j+1)
¬¯(j+2)))
(This is in L , , , (P) )
Complexity
Games
B(L , (P))
B(L , , (P))
Det. Generators
Size
L. Dist.
Pspace-complete
Q(Exp)
Q(Linear)
Exptime-complete
Q(Exp)
Q(Exp)
B(L , , (P))
B(L , , , (P))
Expspace-complete
Q(2Exp)
Q(Exp)
Expspace-complete
Q(2Exp)
Q(Exp)
L , , , (P)
2Exptime-complete
Q(2Exp)
Q(2Exp)
LTL
2Exptime-complete
Q(2Exp)
Q(2Exp)
Talk Outline
ü Overview
ü Notation and general solution to LTL games
ü Upper bounds: deteministic generators
ü Lower bounds
üEncoding TMs without “next” and “until” U
üExpspace-hardness of B(L , , (P))
ü2Exptime-hardness of L , , , (P)
ÜConclusions
Fair safety-reachability games
qGames with fairness:
u“(adv plays fair)
u“(prot plays fair)
(prot plays fair
(adv plays fair
wins)
wins)
q B(L (P) U L , (P)) :
( B(L , (P))F )
fair safety-reachability games
q B(L , (P))F games are Pspace-complete
Fair safety-reachability games
qGames with fairness:
u“(adv plays fair)
u“(prot plays fair)
(prot plays fair
(adv plays fair
wins)
wins)
q B(L (P) U L , (P)) :
( B(L , (P))F )
fair safety-reachability games
q B(L , (P))F games are Pspace-complete
Decision algorithm uses Zielonka solution to Muller
games along with det. generators for L , (P)
Fair safety-reachability games
qGames with fairness:
u“(adv plays fair)
u“(prot plays fair)
(prot plays fair
(adv plays fair
wins)
wins)
q B(L (P) U L , (P)) :
( B(L , (P))F )
fair safety-reachability games
q B(L , (P))F games are Pspace-complete
Hardness: games with “Streett Rabin” winning
conditions are Pspace-hard (from QBF)
More in PSPACE
q Persistent strategy:
On a play, the player picks always the
same move visiting the same location
(weaker than memoryless)
More in PSPACE
q Persistent strategy:
On a play, the player picks always the
same move visiting the same location
(weaker than memoryless)
a
b
a
a
b
c
More in PSPACE
q Persistent strategy:
On a play, the player picks always the
same move visiting the same location
(weaker than memoryless)
a
b
a
a
b
c
persistent
not memoryless
Complexity of L , , (P)
q Theorem:
[Marcinkowski -Truderung CSL‘02]
For specs in L , , (P) ,
protagonist has a winning strategy iff
can win against an adversary that uses
only persistent strategies
q L , , (P) games are in PSPACE
LTL fragments
L , (P)
L , , (P)
B(L , , (P))
B(L , (P))F
B(L , , (P))
B(L , , , (P))
L , , , (P)
LTL
2Ex
co
e
ptim
te
e
l
mp
Complexity:
Model-checking
LTL fragments
NP-complete
L , (P)
L , , (P)
B(L , , (P))
B(L , (P))F
B(L , , (P))
B(L , , , (P))
L , , , (P)
Pspace-complete
LTL
2Ex
co
e
ptim
te
e
l
mp
Complexity:
Games
LTL fragments
L , (P)
L , , (P)
B(L , , (P))
B(L , (P))F
B(L , , (P))
B(L , , , (P))
L , , , (P)
LTL
2Ex
co
e
ptim
te
e
l
mp
Complexity:
Games
LTL fragments
Pspace-complete
L , (P)
L , , (P)
B(L , , (P))
B(L , (P))F
B(L , , (P))
B(L , , , (P))
L , , , (P)
LTL
2Ex
co
e
ptim
te
e
l
mp
Complexity:
Games
LTL fragments
Pspace-complete
Exptime-complete
L , (P)
L , , (P)
B(L , , (P))
B(L , (P))F
B(L , , (P))
B(L , , , (P))
L , , , (P)
LTL
2Ex
co
e
ptim
te
e
l
mp
Complexity:
Games
LTL fragments
Pspace-complete
Exptime-complete
L , (P)
L , , (P)
B(L , , (P))
B(L , (P))F
B(L , , (P))
B(L , , , (P))
L , , , (P)
Expspace-complete
LTL
2Ex
co
e
ptim
te
e
l
mp
Complexity:
Games
LTL fragments
Pspace-complete
Exptime-complete
L , (P)
L , , (P)
B(L , , (P))
B(L , (P))F
B(L , , (P))
B(L , , , (P))
L , , , (P)
Expspace-complete
LTL
2Ex
co
e
ptim
te
e
l
mp
Computational Complexity
L ,
B(L
L ,
B(L
(P)
, (P))F
, (P)
, , (P))
Games
Model-checking
Pspace-complete
NP-complete
Pspace-complete
NP-complete
Pspace-complete
NP-complete
Exptime-complete
Pspace-complete
B(L , , (P)) Expspace-complete NP-complete
B(L , , , (P)) Expspace-complete Pspace-complete
L , , , (P)
LTL
2Exptime-complete
NP-complete
2Exptime-complete Pspace-complete
Box and Diamond
q ¯j (eventually j):
j
q ¨j (always j):
j
j
j
j
j
“ - ” fragments
q L , , , (P) :
full “¨ - ¯” LTL fragment
q B(L , , (P)) : boolean combinations of
j := p | j
j|j
j|
j,
pÎP
(no ¨ in the scope of ¯ and vice-versa)
LTL Games
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Decision problem: Is there a winnng
Games
strategyLTL
of the
protagonist?
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Decision problem: Is there a winnng
Games
strategyLTL
of the
protagonist?
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Decision problem: Is there a winnng
Games
strategyLTL
of the
protagonist?
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Decision problem: Is there a winnng
Games
strategyLTL
of the
protagonist?
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Decision problem: Is there a winnng
Games
strategyLTL
of the
protagonist?
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Decision problem: Is there a winnng
Games
strategyLTL
of the
protagonist?
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Decision problem: Is there a winnng
Games
strategyLTL
of the
protagonist?
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Decision problem: Is there a winnng
Games
strategyLTL
of the
protagonist?
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Decision problem: Is there a winnng
Games
strategyLTL
of the
protagonist?
ØGame graph:
3
a
c
4
1
5
2
b
ØSpecification:
(a
b)
a
b
Computational Complexity of LTL
Games
Computational Complexity of LTL
Games
qDeciding LTL games is
2Exptime-complete [PR’89]
qWhat about games in LTL fragments?
qPrevious research [AL’01] & [MT’02]
qFocus on fragments using only
“always” (¨) and “eventually” (¯)
(no “until” or “next” are allowed)
Our results
Our results
qFull “¨ - ¯” LTL fragment
j := p | j j | j j | j | j
qGames are 2Exptime-hard as for LTL
qNot allowing ¨ in the scope of ¯ and vice-versa
games become Expspace-complete
uExpspace membership from [AL’01]
uUsing only either ¨ or ¯ games are in Pspace [MT’02]
qGames with safety and reachability specs
augmented with fairness conditions are
Pspace-complete
LTL Games
q Winning condition is LTL formula
q G= game graph, j = LTL formula
uConstruct det. generator A of j models
uSolve the game (G x A, W)
(W is the acceptance condition of A on G x A)
q 2Exptime-complete [PR’89]
Motivation
qGame complexity is lower for Buchi,
Rabin, and Streett games
qModel-checking is also easier in some
LTL fragments
qWhat about games in LTL fragments?
Problem 2: consecutive configs
Problem 2: consecutive configs
qIf “until” (U) is allowed then:
uModulo-2 counter to distinguish among
consecutive configurations
uConstructs of type (0 j0) U (1 j1)
qWithout “next” and “until”?
uIf # of configurations is O(2n), then number
configurations (same as for cells)
uOtherwise, we need more …
Linear Temporal Logic (LTL)
qCorrectness requirements for
reactive systems
qGame-based interpretation:
u
u
u
u
controller synthesis
compositionality requirements
verification of open systems
modular verification (module-checking)
Zoom to the last two configs
qConfigurations are counted with a modulo-3
counter
uuse 3 new atomic propositions
uthe same propositions hold true on all cells of a
configuration
qTo check j from the penultimate
configuration use:
u
jÎ{0,1,2}
(¯(j
j
¯(j+1)
¬¯(j+2)))
Zoom to the last two configs
qConfigurations are counted with a modulo-3
counter
uuse 3 new atomic propositions
uthe same propositions hold true on all cells of a
configuration
qTo check j from the penultimate
configuration use:
u
jÎ{0,1,2}
(¯(j
j
¯(j+1)
¬¯(j+2)))
Zoom to the last two configs
qConfigurations are counted with a modulo-3
counter
uuse 3 new atomic propositions
uthe same propositions hold true on all cells of a
configuration
qTo check j from the penultimate
configuration use:
u
jÎ{0,1,2}
(
(¯(j
j
¯(j+1)
)
¬¯(j+2)))
Expspace-hardness
qObjection 1:
uadversary selects 2 consecutive positions
uprotagonist loses if these positions witness
that the sequence is not proper
qObjection 2:
uadversary selects 4 positions to check that a
position can derive from the positions of the
previous configuration
uprotagonist loses if these positions do not
conform to TM behaviour
q formulas similar to Match(a,i)
Match(a,i)
q Seq(bm,…,b1) = ¯(bm ¯(… ¯b1)…)
q Same(pj,bj) = (pj0 ¬bj) (pj1 bj)
q Diff(qj,bj) = (qj0 bj) (qj1 ¬ bj)
q Match(a,i) = Seq(Same(pn,bn) ,…,
Same(p1,b1), a, Diff(q1,b1),…, Diff(qn,bn))
(bn…b1 binary encoding of i)
LTL fragments
L , (P)
L , , (P)
B(L , , (P))
B(L , (P))F
B(L , , (P))
B(L , , , (P))
L , , , (P)
LTL
2Ex
co
e
ptim
te
e
l
mp
Complexity:
Model-checking
LTL fragments
NP-complete
L , (P)
L , , (P)
B(L , , (P))
B(L , (P))F
B(L , , (P))
B(L , , , (P))
L , , , (P)
Pspace-complete
LTL
2Ex
co
e
ptim
te
e
l
mp
Complexity:
Games
LTL fragments
L , (P)
L , , (P)
B(L , , (P))
B(L , (P))F
B(L , , (P))
B(L , , , (P))
L , , , (P)
LTL
2Ex
co
e
ptim
te
e
l
mp
Complexity:
Games
LTL fragments
Pspace-complete
L , (P)
L , , (P)
B(L , , (P))
B(L , (P))F
B(L , , (P))
B(L , , , (P))
L , , , (P)
LTL
2Ex
co
e
ptim
te
e
l
mp
Complexity:
Games
LTL fragments
Pspace-complete
Exptime-complete
L , (P)
L , , (P)
B(L , , (P))
B(L , (P))F
B(L , , (P))
B(L , , , (P))
L , , , (P)
LTL
2Ex
co
e
ptim
te
e
l
mp
Complexity:
Games
LTL fragments
Pspace-complete
Exptime-complete
L , (P)
L , , (P)
B(L , , (P))
B(L , (P))F
B(L , , (P))
B(L , , , (P))
L , , , (P)
Expspace-complete
LTL
2Ex
co
e
ptim
te
e
l
mp
Complexity:
Games
LTL fragments
Pspace-complete
Exptime-complete
L , (P)
L , , (P)
B(L , , (P))
B(L , (P))F
B(L , , (P))
B(L , , , (P))
L , , , (P)
Expspace-complete
LTL
2Ex
co
e
ptim
te
e
l
mp