A Hennessy-Milner Theorem for ATL with Imperfect Information
Francesco Belardinelli, Catalin Dima, Vadim Malvone, Ferucio Tiplea
aa r X i v : . [ c s . L O ] J un A Hennessy-Milner Theorem for ATLwith Imperfect Information
Francesco Belardinelli , , Catalin Dima , Vadim Malvone , and Ferucio Tiplea Imperial College London, UK Universit´e d’´Evry, France Universit´e Paris-Est Cr´eteil, France Universitatea Al. I. Cuza, Ia¸si, Romania
Abstract.
We show that a history-based variant of alternating bisim-ulation with imperfect information allows it to be related to a variantof Alternating-time Temporal Logic (ATL) with imperfect informationby a full Hennessy-Milner theorem. The variant of ATL we consider hasa common knowledge semantics, which requires that the uniform strat-egy available for a coalition to accomplish some goal must be commonknowledge inside the coalition, while other semantic variants of ATL withimperfect information do not accomodate a Hennessy-Milner theorem.We also show that the existence of a history-based alternating bisimu-lation between two finite Concurrent Game Structures with imperfectinformation (iCGS) is undecidable.
Alternating-time Temporal Logic (ATL) [3] is a powerful logic for specifyingstrategic abilities of individual agents and coalitions in multi-agent game struc-tures. Crucially, ATL has been extended to games of imperfect information [17]with various flavors related to the agents’ knowledge of the existence of strate-gies for accomplishing the coalition’s goals [2, 8, 9]. In this contribution, we focuson the common knowledge ( ck ) interpretation of ATL under imperfect informa-tion, which was first put forward in [17], along with its objective and subjective interpretations. However, differently from the latter, to the best of our knowl-edge, the ck interpretation has nowhere else been considered in the literature.Nonetheless, the ck interpretation allows us to prove a Hennessy-Milner theoremfor ATL under imperfect information for the memoryful notion of bisimulationwe introduce in this paper. This result is in marked contrast with the situationfor the other interpretations, which do not enjoy the Hennessy-Milner property[16].The literature on bisimulations for modal logics is extensive, an in-depthsurvey of model equivalences for various temporal logics appears in [15]. Thelandscape for logics of strategic abilities, including ATL, is comparatively moresparse. A proof of the Hennessy-Milner property for ATL ∗ with perfect infor-mation was already given in the paper introducing alternating bisimulations[4]. Since then, there have been numerous attempts to extend bisimulations toore expressive languages (including Strategy Logic recently [7]), as well as tocontexts of imperfect information [1, 10, 5]. In [10, 18] non-local model equiv-alences for ATL with imperfect information have been put forward. However,these works do not deal with the imperfect information/perfect recall settinghere considered, nor do they provide a local account of bisimulations. Further,in [5] the authors consider a memoryless notion of bisimulation for ATL, un-der imperfect information. Unfortunately, their definition does not allow for theHennessy-Milner property. We also note the results from [11] which show thatATL with imperfect information is incompatible in expressive power when com-pared with the modal-epistemic µ -calculus, contrary to what is known for theperfect information case. The present contribution extends the notion of alter-nating bisimulation to the setting of imperfect information and perfect recall sothat it satisfies the Hennessy-Milner property: two game structures are bisimilariff they satisfy the same formulas in ATL.The classic proof for Hennessy-Milner type properties typically uses bisim-ulation games played between Spoiler and
Duplicator . These bisimulationgames are turn-based, perfect information, safety games (in regards of
Duplica-tor ’s objective) played on a tree whose nodes are labeled with pairs of states (orhistories, in case of a memoryful semantics) of the two game structures checkedfor bisimulation. Hence, such games are determined, and determinacy plays acrucial role since, when there is no bisimulation between the two structures, thebisimulation game cannot be won by
Duplicator , and hence
Spoiler has awinning strategy, which is then used for exhibiting a formula that is satisfied inone structure but not in the other.The extension of this proof technique to ATL with imperfect informationhas to cope with the fact that any notion of bisimulation has to account for thefact that coalitions have to choose action profiles in indistinguishable states in a“uniform” way: agents that do not distinguish between two states must choosethe same actions in both. Uniformity entails a slightly more involved notion ofbisimulation which utilizes strategy simulators [5]. Then, any bisimulation gamehas to encode these strategy simulators, in the sense that
Duplicator is giventhe choice of a uniform strategy in some common-knowledge neighbourhood inone of the game structures and the
Spoiler has to reply with a uniform strategyin the related common-knowledge neighbourhood of the other game structure.The problem raised by this generalization is that positions in a bisimulationgame are normally labeled with histories, not common-knowledge neighbour-hoods, as bisimulations relate the former, not the latter. So, we need both a
Spoiler and a
Duplicator who have imperfect information at each positionof the bisimulation game. On the other hand, as it is the case with bisimula-tions for the perfect information case, for each choice of strategies in the twostructures, the outcomes of one strategy have to be related with the outcomesof the other strategy. But this requires both
Spoiler and
Duplicator to be perfectly-informed !The solution we propose is a 4-player bisimulation game played betweenthe
Spoiler coalition { I-Spoil , P-Spoil } and the Duplicator coalition { I-upl , P-Dupl } , where both I -players have imperfect information, while both P -players have perfect information. We show that such a game can be won bythe Duplicator coalition if and only if there exists a bisimulation between thetwo game structures.Further, we provide a Gale-Stewart type determinacy theorem [14] for thebisimulation game, showing that exactly one of the two coalitions has a winningjoint strategy. The key point is that, when
Duplicator does not have a winningstrategy, the strategic choices for
I-Spoil can be defined in a uniform way thatis only based on
I-Spoil ’s observations. To the best of our knowledge, this isthe first example of a class of multi-player, imperfect information, zero-sum(reachability) games played over infinite trees that are determined. Note that,for technical reasons, our Hennessy-Milner theorem only holds for ATL with the“yesterday” modality Y .Moreover, we analyse the problem of checking the existence of a bisimulationbetween two given game structures. We show that this problem is undecidablein general by building on the undecidability of the model-checking problem forATL with imperfect information and perfect recall. More specifically, given aTuring machine M , we build a game structure in which a two-agent coalitionhas a strategy for avoiding an error state if and only if M halts when startingwith an empty tape. We then build a second, unrelated, simple game structurein which the same coalition always has an avoiding strategy. Finally, we provethat the two structures are bisimilar if and only if M halts. Scheme of the paper.
In Sec. 2 we recall the syntax and semantics ofATL according to various flavors of imperfect information (and perfect recall).Sec. 3 extends the bisimulation in [5] to the case of perfect recall, and shows thatbisimilar game structures satisfy the same formulas in ATL. Then, in Sec. 4 weintroduce our variant of bisimulation games, for which we prove that the
Dupli-cator coalition has a winning strategy if and only if there exists a bisimulationbetween the two given game structures. In Sec. 5 we prove the Gale-Stewartdeterminacy theorem for our bisimulation games, which allows us to prove theHennessy-Milner theorem. Finally, in Sec. 6 we show that checking the existenceof a bisimulation between two given game structures is undecidable in general.
In this section we present the syntax and semantics of the Alternating-timeTemporal Logic ATL ∗ [3]. In the rest of the paper we assume a set AP of atomicpropositions (or atoms) and a set Ag of agents. Definition 1 (ATL ∗ ). History formulas φ and path formulas ψ in ATL ∗ aredefined by the following BNF, where p ∈ AP and A ⊆ Ag : φ ∶∶= p ∣ ¬ φ ∣ φ → φ ∣ ⟨⟨ A ⟩⟩ ψψ ∶∶= φ ∣ ¬ ψ ∣ ψ → ψ ∣ Xψ ∣ Y ψ ∣ ψU ψ The formulas in ATL ∗ are all and only the history formulas. he ATL ∗ operator ⟨⟨ A ⟩⟩ intuitively means that ‘the agents in coalition A have a (collective) strategy to achieve . . . ’, where the goals are LTL formulasbuilt by using operators ‘next’ X and ‘until’ U . We define A -formulas as theformulas in ATL ∗ in which A is the only coalition appearing in ATL ∗ modalities.Notice that we talk about history formulas, rather than state formulas ascustomary, as such formulas will be interpreted on histories rather than statesas per perfect recall.We provide ATL ∗ with both the objective and subjective variants [17] of thehistory-based semantics with imperfect information and perfect recall, as well asa novel interpretation based on common knowledge [13]. Definition 2 (iCGS).
Given sets AP of atoms and Ag of agents, a concurrentgame structure with imperfect information , or iCGS, is a tuple G = ⟨ Ag, S, s , Act, { ∼ i } i ∈ Ag , d, → , π ⟩ where – S is a non-empty set of states and s ∈ S is the initial state of G . – Act is a finite non-empty set of actions . A tuple ⃗ a = ( a i ) i ∈ Ag ∈ Act Ag is calleda joint action . – For every agent i ∈ Ag , ∼ i is an equivalence relation on S , called the indis-tinguishability relation for agent i . – d ∶ Ag × S → ( Act ∖ {∅}) is the protocol function , satisfying the propertythat, for all states s, s ′ ∈ S and any agent i , s ∼ i s ′ implies d ( i, s ) = d ( i, s ′ ) .That is, the same (non-empty) set of actions is available to agent i in indis-tinguishable states. – → ⊆ S × Act Ag × S is the transition relation such that, for every state s ∈ S and joint action ⃗ a ∈ Act Ag , ( s, ⃗ a, s ′ ) ∈ → for some state s ′ ∈ S iff a i ∈ d ( i, s ) for every agent i ∈ Ag . We normally write s ⃗ a Ð→ r for ( s, ⃗ a, r ) ∈ → . – π ∶ S → AP is the state-labeling function .Runs. Given an iCGS G , a run is a finite or infinite sequence ρ = s ⃗ a s . . . in (( S ⋅ Act Ag ) ∗ ⋅ S ) ∪ ( S ⋅ Act Ag ) ω such that for every j ≥ s j ⃗ a j Ð→ s j + . Given arun ρ = s ⃗ a s . . . and j ≥ ρ [ j ] denotes the j + s j in the sequenceand ρ [ j, k ] denotes the sequence of states from the j + k + ρ ≥ j (or ρ [ ≥ j ] ) denotes run s j ⃗ a j s j + . . . starting from ρ [ j ] , and ρ ≤ j (or ρ [ ≤ j ] ) denotes run s ⃗ a s . . . ⃗ a j − s j . Further, with act i ( h, m ) we denote the m -th action of agent i in history h .We call finite runs histories , denote them as h ∈ H , their length as ∣ h ∣ ∈ N ,and their last element h ∣ h ∣− as last ( h ) ; whereas infinite runs are called paths and denoted as λ, λ ′ ∈ P . We denote the set of all histories (resp. paths) in aniCGS G as Hist ( G ) (resp. P ath ( G ) ). Notice that states are instances of historiesof length 1. Accordingly, several notions defined below for histories can also byapplied to states. Finally, we write h ⪯ ρ to say that h is the prefix of ρ , that is h = ρ [ ≤ ∣ h ∣] .For a coalition A ⊆ Ag of agents, a joint A -action denotes a tuple ⃗ a A = ( a i ) i ∈ A ∈ Act A of actions, one for each agent in A . For coalitions A ⊆ B ⊆ Ag ofagents, a joint A -action ⃗ a A is extended by a joint B -action ⃗ b B , denoted ⃗ a A ⊑ ⃗ b B ,f for every i ∈ A , a i = b i . Also, a joint A -action ⃗ a A is enabled at state s ∈ S if forevery agent i ∈ A , a i ∈ d ( i, s ) . Epistemic neighbourhoods.
We extend the indistinguishability relations ∼ i , for i ∈ Ag , to histories in a synchronous, point-wise manner: h ∼ i h ′ iff ∣ h ∣ = ∣ h ′ ∣ andfor all m ≤ ∣ h ∣ , h m ∼ i h ′ m and act i ( h, m ) = act i ( h ′ , m ) .Given a coalition A ⊆ Ag of agents, the collective knowledge relation ∼ EA isdefined as ⋃ i ∈ A ∼ i , while the common knowledge relation ∼ CA is the transitiveclosure ( ⋃ i ∈ A ∼ i ) + of ∼ EA . Then, C G A ( h ) = { h ′ ∈ H ∣ h ′ ∼ CA h } is the commonknowledge neighbourhood (CKN) of history h for coalition A in the iCGS G . Wewill omit the superscript G whenever it is clear from the context. Uniform strategies.
We introduce a notion of strategy for the interpretation of ⟨⟨ A ⟩⟩ modalities. Definition 3 (Strategy). A (uniform, memoryfull) strategy for an agent i ∈ Ag is a function σ ∶ H → Act that is compatible with d and ∼ i , that is, for allhistories h, h ′ ∈ H , σ ( h ) ∈ d ( i, last ( h )) and h ∼ i h ′ implies σ ( h ) = σ ( h ′ ) . We denote by Σ R the set of all memoryfull uniform strategies.A strategy for a coalition A of agents is a set σ A = { σ a ∣ a ∈ A } of strategies,one for each agent in A . Given coalitions A ⊆ B ⊆ Ag , a strategy σ A for coalition A , a state s ∈ S , and a joint B -action ⃗ b B ∈ Act B that is enabled at s , we say that ⃗ b B is compatible with σ A ( in s ) whenever σ A ( s ) ⊑ ⃗ b B . For states s, s ′ ∈ S andstrategy σ A , we write s σ A ( s ) ÐÐÐ→ r if s ⃗ a Ð→ r for some joint action ⃗ a ∈ Act Ag that iscompatible with σ A .We define three notions of outcome of strategy σ A at history h , correspondingto the objective , subjective , and common knowledge interpretation of alternating-time operators. Fix a history h and a strategy σ A for coalition A .1. The set of objective outcomes of σ A at h is defined as out obj ( h, σ A ) = { λ ∈ P ∣ λ ≤∣ h ∣ = h and for all j ≥ ∣ h ∣ , λ [ j ] σ A ( λ ≤ j ) ÐÐÐÐ→ λ [ j + ]} .2. The set of subjective outcomes of σ A at h is defined as out subj ( h, σ A ) = ⋃ i ∈ A,h ′ ∼ i h out obj ( h ′ , σ A ) .3. The set of common knowledge (ck) outcomes of σ A at h is defined as out ck ( h,σ A ) = ⋃ h ′ ∈ C A ( h ) out obj ( h ′ , σ A ) .Intuitively, objective outcomes are paths beginning with the current his-tory h and consistent with the current joint strategy σ A ; whereas subjective(resp. common knowledge) outcomes are paths beginning with some history h ′ indistinguishable from h according to collective (resp. common) knowledge (aswell as consistent with σ A ). Again, notions of outcomes from states can be ob-tained from the definitions above, as states are a particular type of histories. Definition 4.
Given an iCGS G , a history formula φ , path formula ψ , and m ∈ N , the subjective (resp. objective , common knowledge ) satisfaction of φ at history h and of ψ in path λ , denoted ( G , h ) ⊧ x φ and ( G , λ, m ) ⊧ x ψ for ∈ { subj, obj, ck } , is defined recursively as follows (clauses for Boolean operatorsare immediate and thus omitted): (G , h ) ⊧ x p iff p ∈ π ( last ( h ))(G , h ) ⊧ x ⟨⟨ A ⟩⟩ ψ iff for some σ A ∈ Σ R , for all λ ∈ out x ( h, σ A ) , (G , λ, ∣ h ∣) ⊧ x ψ (G , λ, m ) ⊧ x φ iff (G , λ ≤ m ) ⊧ x φ (G , λ, m ) ⊧ x Xψ iff (G , λ, m + ) ⊧ x ψ (G , λ, m ) ⊧ x Y ψ iff m ≥ and (G , λ, m − ) ⊧ x ψ (G , λ, m ) ⊧ x ψUψ ′ iff for some j ≥ m, (G , λ, j ) ⊧ x ψ ′ , andfor all k, m ≤ k < j implies (G , λ, k ) ⊧ x ψ Remark 1.
The individual and common knowledge operators K i and C A of epis-temic logic [13] can be added to the syntax of ATL ∗ with the following (memo-ryful) interpretation: ( G , h ) ⊧ x K i φ iff for all h ′ ∼ i h, ( G , h ′ ) ⊧ x φ ( G , h ) ⊧ x C A φ iff for all h ′ ∈ C A ( h ) , ( G , h ′ ) ⊧ x φ Withnin the subjective or the common knowledge interpretation of ATL ∗ , theindividual knowledge operator becomes a derived operator, as we have ( G , h ) ⊧ x K i φ iff ( G , h ) ⊧ x ⟨⟨ i ⟩⟩ φU φ for both x ∈ { subj, ck } . It is known that there existsno such definition for the knowledge operators in ATL ∗ within the objectiveinterpretation. Furthermore, and only for the case of the common knowledgeinterpretation, we may similarly derive the common knowledge operator as well: ( G , h ) ⊧ ck C A φ iff ( G , h ) ⊧ ck ⟨⟨ A ⟩⟩ φU φ . Example 1.
We describe a coordination scenario comprising of two agents, 1 and2, who have to agree on a meeting. But 1 does not know where she is, in Parisor London, and therefore which is the time zone, while 2 does not know if it iswinter time or summer time. Agent 1 can choose either go to the meeting ( g )or wait one hour ( w ) whereas 2 can choose either to go at 3pm (3) or at 4pm(4), local time. Now suppose it is 3pm GMT. In London, in the winter ( s ) 1and 2 coordinate if 1 goes to the meeting and 2 goes at 3pm local time. Theyalso meet if 1 waits one hour and 2 goes at 4pm. All other combined actions areunsuccessful. Analogously for Paris in the winter ( s ), and London in the summer( s ). The iCGS G depicted in Fig. 1 shows the described scenario. Since 1 and 2have partial observability, 1 (resp. 2) cannot distinguish between states s and s (resp. s ). After the initial choice, 1 and 2 stay indefinitely in either s or s .Finally, we use two atoms, to denote success ( s ) and failure ( f ), respectively.As an example of specification in ATL ∗ , consider formula ϕ = ⟨⟨{ , }⟩⟩ Xs .This formula can be read as: 1 and 2 have a joint strategy to meet. Note that ϕ istrue in both s and s when considering the subjective interpretation. However,is the truth of ϕ in s and s justified from point of view of the rational be-haviour of 1 and 2? Specifically, since ϕ is true in s according to the subjectiveinterpretation, both 1 and 2 know that they have a successful strategy, which s s f s s s g ∣ w g g ∣ w ∣ w g ∣ w g g ∣ w ∣ w Fig. 1.
The meeting scenario in Example 1. consists in playing action g for 1 and action 4 for 2. But for this strategy tobe successful (i.e., satisfying Xs for all outcomes) it assumes that 2 is playingaction 3 in s : is such an assumption rationally justified? Notice that in s , 2considers state s epistemically possible, and in s the joint action ( g, ) leads tofailure. Hence, it does not appear to be rational for 2 to play 3 in s . Ever moreso that, by playing 4 in s and s , 2 can coordinate with 1 to achieve success.This example shows a scenario where, even though both agents know that theirstrategies are successful in principle, they do not necessarily coordinate, as theydo not know that the other agent knows her strategy to be successful. Indeed, wehave that in both s and s formula ϕ is false according to the common knowl-edge interpretation. So, it is not the case that they have common knowledge oftheir strategies being successful. In this section we introduce a notion of bisimulation suitable for concurrent gamestructures with imperfect information. In particular, we show that it preservesthe satisfaction of formulas in ATL ∗ , when interpreted under imperfect informa-tion and perfect recall. Firstly, we present several auxiliary notions. Hereafter G = ⟨ Ag, S, s , Act, { ∼ i } i ∈ Ag , d, → , π ⟩ and G ′ = ⟨ Ag, S ′ , s ′ , Act ′ , { ∼ ′ i } i ∈ Ag , d ′ , → ′ , π ′ ⟩ are two iCGS defined on the same set Ag of agents, with histories h ∈ Hist ( G ) and h ′ ∈ Hist ( G ′ ) . Partial strategies. A partial (uniform, memoryful) strategy for agent i ∈ Ag is apartial function σ ∶ H ⇀ Act such that for each h, h ′ ∈ H , σ ( h ) ∈ d ( i, last ( h )) ,and h ∼ i h ′ implies σ ( h ) = σ ( h ′ ) . We denote the domain of partial strategy σ as dom ( σ ) . Given a coalition A ⊆ Ag , a partial strategy for A is a tuple ( σ i ) i ∈ A of partial strategies, one for each agent i ∈ A . The set of partial strategies for A is denoted as P Str A . Given a set Q ⊆ H of histories and coalition A ⊆ Ag , wedenote by P Str A ( Q ) the set of partial strategies whose domain is Q : P Str A ( Q ) = {( σ i ) i ∈ A ∈ P Str A ∣ dom ( σ i ) = Q for all i ∈ A } dditionally, given a (total or partial) strategy σ A and a history h ∈ dom ( σ A ) ,define the set of successors of h by σ as succ ( h, σ A ) = { hαs ∣ α ∈ Act Ag with σ A ( h ) ⊑ α and h α Ð→ s } Further, we set succ ( σ A ) = ⋃ h ∈ dom ( σ A ) succ ( h, σ A ) . Definition 5 (Strategy simulators).
Given a coalition A ⊆ Ag , an A -strategysimulator (or simply strategy simulator , when A is understood from the context)is a family ST = ( ST C A ( h ) ,C A ( h ′ ) ) h ∈ Hist (G) ,h ′ ∈ Hist (G ′ ) of mappings ST C A ( h ) ,C A ( h ′ ) ∶ P Str A ( C A ( h )) → P Str A ( C A ( h ′ )) such that for all histories h, k ∈ Hist ( G ) and h ′ , k ′ ∈ Hist ( G ′ ) ,if C A ( h ) = C A ( k ) and C ′ A ( h ′ ) = C ′ A ( k ′ ) then ST C A ( h ) ,C ′ A ( h ′ ) = ST C A ( k ) ,C ′ A ( k ′ ) (1)Hereafter, we simplify the notation by writing ST ( σ ) instead of the cumber-some ST C A ( h ) ,C A ( h ′ ) ( σ ) , whenever h and h ′ are clear from the context and σ ∈ P Str ( C A ( h )) .We can now introduce the notion of (bi)simulation for iCGS. Definition 6 (Memoryful Simulation).
Let A ⊆ Ag be a coalition of agents.A relation ⇛ A ⊆ Hist ( G ) × Hist ( G ′ ) is a simulation for A iff there exists a strategysimulator ST such that for any two histories h ∈ Hist ( G ) , h ′ ∈ Hist ( G ′ ) , h ⇛ A h ′ implies the following:1. π ( last ( h )) = π ′ ( last ( h ′ )) ;2. For every i ∈ A and k ′ ∈ Hist ( G ′ ) , if h ′ ∼ ′ i k ′ then for some k ∈ Hist ( G ) , h ∼ i k and k ⇛ A k ′ .3. For every pair of histories k ∈ C A ( h ) and k ′ ∈ C ′ A ( h ′ ) with k ⇛ A k ′ , for everypartial strategy σ A ∈ P Str A ( C A ( h )) and every history l ′ ∈ succ ( k ′ , ST ( σ A )) ,there exist a history l ∈ succ ( k, σ A ) such that l ⇛ A l ′ .A relation ⇚⇛ A is a bisimulation iff both ⇚⇛ A and its converse ⇚⇛ − A = {( h ′ , h ) ∣ h ⇚⇛ A h ′ } are simulations. We also extend (bi)-simulation to paths λ ∈ P ath ( G ) , λ ′ ∈ P ath ( G ′ ) , bydenoting λ ⇛ A λ ′ iff for all j ≥ λ ≤ j ⇛ A λ ′≤ j .The main result of this section, Theorem 1, shows that bisimilar iCGS satisfythe same formulas in ATL ∗ under imperfect information and perfect recall. Toprove this result, we need the following auxiliary lemma: Lemma 1. If h ⇛ A h ′ then for every strategy σ A , there exists a strategy σ ′ A such that( ∗ ) for every path λ ′ ∈ out x ( h ′ , σ ′ A ) , for x ∈ { subj, obj, ck } , there exists a path λ ∈ out x ( h, σ A ) such that λ ⇛ A λ ′ .Proof. First, notice that point 3 in Def. 6 can be rewritten as:3. For all histories k ∈ C A ( h ) and k ′ ∈ C ′ A ( h ′ ) such that k ⇛ A k ′ , for allpartial strategies σ A ∈ P Str A ( C A ( h )) , there exists a mapping ρ σ A ,k,k ′ ∶ succ ( k ′ , ST ( σ A )) → succ ( k, σ A ) such that for all histories l ′ ∈ succ ( k ′ , ST ( σ A )) , ρ σ A ,k,k ′ ( l ′ ) ⇛ A l ′ .in which the mapping ρ σ A ,k,k ′ represents the skolemization , in the original point3, of the existential quantifier over l ∈ succ ( k, σ A ) , seen as a unary functionon l ′ ∈ succ ( k ′ , ST ( σ A )) indexed by σ A ∈ P Str A ( C A ( h )) , k ∈ C A ( h ) and k ′ ∈ C ′ A ( h ′ ) .We now define the sequence ( dom n ( σ A )) n ∈ N , of sets of histories in G such that k ∈ dom n ( σ A ) iff k can be reached in at most n steps from C A ( h ) by applyingactions compatible with strategy σ A . Formally, dom ( σ A ) = C A ( h ) and dom n + ( σ A ) = dom n ( σ A ) ∪ ⋃ k ∈ dom n ( σ A ) { C A ( l ) ∣ l ∈ succ ( k, σ A )} Also, we denote by σ nA the partial strategy resulting from restricting σ A to dom n ( σ A ) .We then define inductively a sequence ( σ nA ) n ∈ N of partial strategies in G ′ suchthat dom ( σ nA ) ⊆ dom ( σ n + A ) for every n ∈ N , and, at the same time, a sequenceof mappings θ nA ∶ dom ( σ nA ) → dom n ( σ A ) , satisfying the following property: θ n + A ( k ′ ) ∈ succ ( θ nA ( k ′≤∣ k ′ ∣− ) , σ A ) (2)The sequences ( σ nA ) n ∈ N and ( θ nA ) n ∈ N are defined as follows:1. dom ( σ A ) = C ′ A ( h ′ ) ; dom ( σ n + A ) = dom ( σ nA ) ∪ ⋃ { succ ( k ′ , σ nA ) ∣ k ′ ∈ dom ( σ nA )} .
2. For all k ′ ∈ dom ( σ A ) , σ A ( k ′ ) = ST ( σ A )( k ′ ) .3. For all k ′ ∈ C ′ A ( h ′ ) , we fix a unique k ∈ C A ( h ) such that k ⇛ A k ′ (whichexists by point 2 in Def. 6), and define θ A ( k ′ ) = k .4. For all k ′ ∈ dom ( σ n + A ) , let l ′ = k ′≤∣ k ′ ∣− . Then, we set θ n + A ( k ′ ) = ρ σ A ,θ nA ( l ′ ) ,l ′ ( k ′ ) .5. For all k ′ ∈ dom ( σ n + A ) , σ n + A ( k ′ ) = ( ST C A ( θ nA ( k ′ )) ,C ′ A ( k ′ ) )( σ A C A ( θ nA ( k ′ )) )( k ′ ) .We prove property (2) above, as well as the following: for every k ′ ∈ dom ( σ nA ) , θ nA ( k ′ ) ⇛ A k ′ ( ∗ ) θ nA ( k ′ ) ∈ dom n ( σ A ) ( ∗∗ ) Property ( ∗ ) holds by definition, since ρ σ A ,θ nA ( l ′ ) ,l ′ ( k ′ ) ⇛ A k ′ . Property (2)and ( ∗∗ ) can be proved by induction on n = ∣ k ′ ∣ − ∣ h ′ ∣ , by observing that ( ∗∗ ) holds for n =
0; if (2) holds for n + ( ∗∗ ) holds for n + θ nA , property ( ∗∗ ) Def. 6. Notethat property ( ∗∗ ) ensures that indeed θ nA ∶ dom ( σ nA ) → dom n ( σ A ) as desired.The ”limit” of the sequence of strategies ( σ nA ) n ∈ N is still a partial strategyand the domain of each σ nA might not be closed under the common knowledgeindistinguishability relation ∼ CA . So, we extend first the domain of each σ nA to onewhich is closed under ∼ CA in G ′ , by constructing the sequence of partial strategies ( ˆ σ nA ) n ∈ N and the sequence of mappings ˆ θ nA ∶ dom ( ˆ σ nA ) → dom n ( σ A ) , as follows:. dom ( ˆ σ A ) = dom ( σ A ) = C ′ A ( h ′ ) ; dom ( ˆ σ n + A ) = dom ( σ nA ) ∪ ⋃ { C ′ A ( l ′ ) ∣ ∃ k ′ ∈ dom ( ˆ σ nA ) with l ∈ succ ( k ′ , σ nA ) ∩ C ′ A ( k ′ )} .2. For all k ′ ∈ dom ( ˆ σ A ) , ˆ σ A ( k ′ ) = ST ( σ A )( k ′ ) .3. For all k ′ ∈ C ′ A ( h ′ ) , ˆ θ A ( k ′ ) = θ A ( k ′ ) .4. For all k ′ ∈ dom ( ˆ σ n + A ) , let l ′ = k ′≤∣ k ′ ∣− . Then, we set ˆ θ n + A ( k ′ ) = ρ σ A ,θ nA ( l ′ ) ,l ′ ( k ′ ) .5. For all k ′ ∈ dom ( ˆ σ n + A ) ,ˆ σ n + A ( k ′ ) = ( ST C A ( θ nA ( k ′ )) ,C ′ A ( k ′ ) )( σ A C A ( θ nA ( k ′ )) )( k ′ ) .We observe that properties ( ∗ ) and ( ∗∗ ) still hold for ˆ σ nA and ˆ θ nA , thoughproperty (2) does not in general. In this way we get that dom ( ˆ σ nA ) ⊇ dom ( σ nA ) and for every k ′ ∈ dom ( σ nA ) , n ∈ N , ˆ σ nA ( k ′ ) = σ nA ( k ′ ) . As a result, the “limit”partial strategy ˆ σ A = ⋃ n ∈ N ˆ σ nA defined as ˆ σ A ( k ′ ) = ˆ σ ∣ k ′ ∣−∣ h ′ ∣ A ( k ′ ) is also uniform andits domain dom ( ˆ σ A ) is closed under ∼ CA . We then transform it into a (total) uni-form strategy σ ′ A by imposing a fixed action a ∈ Act wherever ˆ σ nA is undefined,that is, σ ′ A ( k ′ ) = ˆ σ A ( k ′ ) for k ′ ∈ dom ( ˆ σ A ) and σ ′ A ( k ′ ) = a otherwise.Finally, to prove property ( ∗ ) for the common knowledge semantics, considera path λ ′ ∈ out G ′ ck ( h ′ , σ ′ A ) and the sequence ( θ nA ( λ ′≤∣ h ′ ∣+ n )) n ∈ N of histories in G .By construction, θ n + A ( λ ′≤∣ h ′ ∣+ n + ) ∈ succ ( θ nA ( λ ′≤∣ h ′ ∣+ n ) , σ A ) and θ nA ( λ ′≤∣ h ′ ∣+ n ) ⇛ A λ ′≤∣ h ′ ∣+ n , which means that this sequence of histories is in fact a path λ in G which is compatible with σ A and satisfies λ ⇛ A λ ′ , which ends the proof.By using Lemma 1 we are finally able to prove the main preservation resultof this paper. Theorem 1.
Let h ∈ Hist ( G ) and h ′ ∈ Hist ( G ′ ) be histories such that h ⇚⇛ A h ′ ,and λ ∈ P ath ( G ) and λ ′ ∈ P ath ( G ′ ) be paths such that λ ⇚⇛ A λ ′ . Then, for everyhistory A -formula φ , path A -formula ψ , m ∈ N , and x ∈ { subj, obj, ck } , ( G , h ) ⊧ x φ iff ( G ′ , h ′ ) ⊧ x φ ( G , λ, m ) ⊧ x ψ iff ( G ′ , λ ′ , m ) ⊧ x ψ Proof.
The proof is by mutual induction on the structure of φ and ψ .The case for propositional atoms is immediate as for x ∈ { subj, obj, ck } , ( G , h ) ⊧ x p iff p ∈ π ( last ( h )) , iff p ∈ π ′ ( last ( h ′ )) by item 1 in Def. 6, iff ( G ′ , h ′ ) ⊧ x p .The inductive cases for propositional connectives are also immediate.For ψ = φ , suppose that ( G , λ, m ) ⊧ x ψ , that is, ( G , λ ≤ m ) ⊧ x φ . By assump-tion, λ ≤ m ⇚⇛ A λ ′≤ m as well, and by induction hypothesis ( G ′ , λ ′≤ m ) ⊧ x φ . Thus, ( G ′ , λ ′ , m ) ⊧ x ψ .For ψ = Xψ ′ , suppose that ( G , λ, m + ) ⊧ x ψ ′ . By the induction hypothesis, ( G ′ , λ ′ , m + ) ⊧ x ψ ′ . Thus, ( G ′ , λ ′ , m ) ⊧ x ψ . The inductive cases for ψ = Y ψ ′ and ψ = ψ ′ U ψ ′′ is similar.Finally, for φ = ⟨⟨ A ⟩⟩ ψ , ( G , h ) ⊧ x φ iff for some strategy σ A , for all λ ∈ out G x ( h, σ A ) , ( G , λ, ∣ h ∣) ⊧ x ψ . By Lemma. 1, there exists stategy σ ′ A s.t. for all ′ ∈ out G ′ x ( h ′ , σ ′ A ) , there exists λ ∈ out G x ( h, σ A ) s.t. λ ⇚⇛ A λ ′ . Since ∣ h ∣ = ∣ h ′ ∣ , bythe induction hypothesis ( G , λ, ∣ h ∣) ⊧ x ψ iff ( G ′ , λ ′ , ∣ h ′ ∣) ⊧ x ψ . Hence, ( G ′ , h ′ ) ⊧ x φ . In this section we introduce bisimulation games played on two iCGS and weprove that the existence of a winning strategy for the
Duplicator coalition isequivalent to the existence of a bisimulation between the iCGS.
Definition 7 (Bisimulation Game).
Given iCGSs G and G ′ , defined on thesame sets Ag of agents and AP of atoms, a relation R ⊆ Hist ( G ) × Hist ( G ′ ) ,and a pair ( h , h ′ ) ∈ Hist ( G ) × Hist ( G ′ ) of histories, we define the bisimulationgame B ( G , G ′ , R, h , h ′ ) as a turn-based game of imperfect information between four players: P-Dupl , P-Spoil , called P-players, and
I-Dupl , I-Spoil , calledI-players, organized in two coalitions: the
Duplicator coalition { P-Dupl , I-Dupl } and the Spoiler coaltion { P-Spoil , I-Spoil } , with both P-players hav-ing perfect information while both I-players have the same imperfect informa-tion.At a higher-level, the bisimulation game is a turn-based game in which the I-players are in charge of defining the strategy simulators, in the sense that I-Spoil chooses a partial strategy for A over some common knowledge neighbourhood inone of the game structures, and I-Dupl responds with an appropriate partialstrategy for A in the other game structure. Then the perfectly-informed playerscome into play, by appropriately defining mappings between histories compatiblewith the chosen strategies, which represent ”skolemizations” of conditions ( ) and ( ) in Def. 6.The necessity for I-Spoil and
I-Dupl to only have imperfect informationcomes from the fact that the same strategy profile has to be chosen by both playersat positions which belong to the same common knowledge neighborhood in bothgame structures, since perfect information might be used by each player to trickthe other player by choosing a strategy which is not uniform for some agent incoalition A .More formally, the game proceeds as follows:0. The positions of the game form a labeled tree , denoted T ( B ) , with the rootposition labeled ( h , h ′ ) . The rest of positions and their labels are given below.1. Each position ( h, h ′ ) where π ( h ) ≠ π ′ ( h ′ ) or ( h, h ′ ) / ∈ R is winning for the Spoiler coalition.2. Each position labeled ( h, h ′ ) ∈ Hist ( G ) × Hist ( G ′ ) belongs to I-Spoil , andboth I-players receive observation C A ( h ) × C ′ A ( h ′ ) . In each such position I-Spoil may choose between two types of transitions:(a) For each σ A ∈ P Str ( C A ( h )) , a transition to a successor (of the currentposition in the tree) labeled ( h, h ′ , σ A , L ) .(b) For each σ ′ A ∈ P Str ( C ′ A ( h ′ )) a transition to a successor labeled ( h, h ′ , σ ′ A ,R ) .. Each position ( h, h ′ , σ A , L ) belongs to I-Dupl and both I-players observe σ A . I-Dupl may choose, for each σ ′ A ∈ P Str ( C ′ A ( h ′ )) , a transition to a successorlabeled ( h, h ′ ,σ A , σ ′ A , L ) .4. Each position ( h, h ′ , σ ′ A , R ) belongs to I-Dupl and both I-players observe σ ′ A . I-Dupl may choose, for each σ A ∈ P Str ( C A ( h )) , a transition to a successorlabeled ( h, h ′ ,σ A , σ ′ A , R ) .5. Each position ( h, h ′ , σ A , σ ′ A , L ) belongs to P-Spoil and
P-Spoil may choose,for each k ′ ∈ C ′ A ( h ′ ) , a transition to a successor labeled ( h, h ′ , σ A , σ ′ A , k ′ , L ) .In all positions at points 5-12, both I-players observe C A ( h ) × C ′ A ( h ′ )
6. Each position ( h, h ′ , σ A , σ ′ A , R ) belongs to P-Spoil , and
P-Spoil may choose,for each k ∈ C A ( h ) , a transition to a successor labeled ( h, h ′ , σ A , σ ′ A , k, R ) .7. Each position ( h, h ′ , σ A , σ ′ A , k ′ , L ) belongs to P-Dupl , and
P-Dupl maychoose, for each k ∈ C A ( h ) , a transition to a successor labeled ( h, h ′ , σ A , σ ′ A ,k, k ′ , L ) .8. Each position ( h, h ′ , σ A , σ ′ A , k, R ) belongs to P-Dupl , and
P-Dupl maychoose, for each k ′ ∈ C ′ A ( h ′ ) , a transition to a successor labeled ( h, h ′ , σ A , σ ′ A ,k, k ′ , R ) .9. Each position ( h, h ′ , σ A , σ ′ A , k, k ′ , L ) belongs to P-Spoil , This position is winning for the
Spoiler coalition if π ( k ) ≠ π ′ ( k ′ ) or ( k, k ′ ) / ∈ R . In thisposition P-Spoil may choose, for each l ′ ∈ succ ( k ′ , σ ′ A ) , a transition to asuccessor labeled ( h, h ′ , σ A , σ ′ A , k, k ′ , l ′ , L ) .10. Each position ( h, h ′ , σ A , σ ′ A , k, k ′ , R ) belongs to P-Spoil , This position is winning for the
Spoiler coalition if π ( k ) ≠ π ′ ( k ′ ) or ( k, k ′ ) / ∈ R . In thisposition P-Spoil may choose, for each l ∈ succ ( k, σ A ) , a transition to asuccessor labeled ( h, h ′ , σ A , σ ′ A , k, k ′ , l, R ) .11. Each position ( h, h ′ , σ A , σ ′ A , k, k ′ , l ′ , L ) belongs to P-Dupl , and
P-Dupl maychoose, for each l ∈ succ ( k, σ A ) , a transition to a successor labeled ( l, l ′ ) fromwhere Rule 1 above applies.12. Each position ( h, h ′ , σ A , σ ′ A , k, k ′ , l, R ) belongs to P-Dupl , and
P-Dupl maychoose, for each l ′ ∈ succ ( k ′ , σ ′ A ) , a transition to a successor labeled ( l, l ′ ) from where Rule 1 above applies. In the sequel, given a position p ∈ T ( B ) , we denote Obs ( p ) the set of posi-tions which give the same observation as p to any of the I-players. Also, the setof strategies for the Duplicator (resp.
Spoiler ) coalition is denoted Σ Dupl (resp. Σ Spoil ). Further, the set of positions which are compatible with a strategy σ ∈ Σ Dupl ∪ Σ Spoil is denoted
Comp ( σ ) . Finally, for each position p we denote lab ( p ) its label, as per Def. 7 of bisimulation game.Next, we prove that bisimulation relations and bisimulation games are equiv-alent characterisations of iCGS. To this end, given a history h ∈ Hist ( G ) , wedefine the pointed iCGS G ( h ) in which the initial state is h and the transitionsare modified accordingly. Theorem 2.
For any A -bisimulation relation R between G ( h ) and G ′ ( h ) the Duplicator coalition has a strategy to win the bisimulation game B ( G , G ′ , R, h ,h ′ ) .onversely, if the Duplicator coalition has a joint strategy σ D to win thegame B ( G , G ′ , R, h , h ′ ) , then there exists an A -bisimulation ⇚⇛ A with ⇚⇛ A ⊆ R ∩ {( h, h ′ ) ∣ ( h, h ′ ) ∈ out ( p h ,h ′ , σ D )} , where p h ,h ′ is the initial position of thebisimulation game B ( G , G ′ , R, h , h ′ ) .Proof. We prove this theorem by double inclusion. ⇒ Suppose that ⇚⇛ A is an A -bisimulation. For convenience, we utilize, asin the proof of Lemma 1, the restated variant (ˆ3) of point (3) in Def. 6 of A -simulations, which assumes a mapping ρ σ A ,k,k ′ ∶ succ ( k ′ , ST ( σ A )) → succ ( k, σ A ) that ensures that for any l ′ ∈ succ ( k ′ , ST ( σ A )) , we have ρ σ A ,k,k ′ ( l ′ ) ⇚⇛ A l ′ .Since ⇚⇛ A is also a reverse simulation, we symmetrically consider ρ ′ σ ′ A ,k,k ′ ∶ succ ( k, ST ′ ( σ ′ A )) → succ ( k ′ , σ ′ A ) s.t. ρ ′ σ ′ A ,k,k ′ ( l ′ ) ⇚⇛ A l for any l ∈ succ ( k, ST ′ ( σ ′ A )) .Similarly, we restate point (2) in Def. 6 in functional terms:ˆ2 For for each σ A ∈ P Str ( C A ( h )) there exists a mapping θ ← σ A ∶ C ′ A ( h ′ ) → C A ( h ) such that for any i ∈ A , if k ′ ∼ ′ i k ′ then θ ← σ A ( k ′ ) ∼ i θ ← σ A ( k ′ ) .To see that this formulation is equivalent to item (2) in Def. 6, note first that thispoint restates as the first-order formula ϕ = ∀ k ′ ∈ Hist ( G ′ ) ∃ k ∈ Hist ( G )( h ′ ∼ ′ i k ′ → h ∼ i k ∧ k ⇛ A k ′ ) . This formula is equivalent to ∀ σ A . ( ϕ ∧ σ A ∈ P Str ( C A ( h ))) by the Universal Generalization Rule since σ A is not free in ϕ . Then θ ← σ A ∶ C ′ A ( h ′ ) → C A ( h ) corresponds to the skolemization of ∃ k ∈ Hist ( G ) (seen as aunary function indexed by σ A ).By symmetry, for each σ ′ A ∈ P Str ( C ′ A ( h ′ )) we denote θ → σ ′ A ∶ C A ( h ) → C ′ A ( h ′ ) the reverse mapping, which exists since ⇚⇛ A is also a (reverse) simulation be-tween G ′ and G .Then, we define the strategy profile ( σ ID , σ P D ) for the Duplicator coalitionas follows: for any position p ,1. If lab ( p ) = ( h, h ′ , σ A , L ) then σ ID ( p ) = ST ( σ A ) , and if lab ( p ) = ( h, h ′ , σ ′ A , R ) then σ ID ( p ) = ST ′ ( σ ′ A ) .2. If lab ( p ) = ( h, h ′ , σ A , σ ′ A , k ′ , L ) then σ P D ( p ) = θ ← σ A ( k ′ ) , and if lab ( p ) = ( h, h ′ ,σ A , σ ′ A , k, R ) then σ P D ( p ) = θ → σ ′ A ( k ) .3. If lab ( p ) = ( h, h ′ , σ A , σ ′ A , k, k ′ , l ′ , L ) then σ P D ( p ) = ρ σ A ,k,k ′ ( l ′ ) and if lab ( p ) = ( h, h ′ , σ A , σ ′ A , k, k ′ , l, R ) then σ P D ( p ) = ρ ′ σ ′ A ,k,k ′ ( l ) .Since ⇚⇛ A is an A -bisimulation and ST , ST ′ are strategy simulators thatdo not depend on h or h ′ , strategy σ ID is uniform, that is, for all positions p, p ′ belonging to I-Dupl and this player receives the same sequence of observationsalong the history that leads to p and the history that leads to p ′ , we must have σ ID ( p ) = σ ID ( p ′ ) . Then, all the runs that are compatible with the strategyprofile σ D never reach a position ( h, h ′ ) where Spoiler wins:a. For lab ( p ) = ( h, h ′ , σ A , σ ′ A , k ′ , L ) , lab ( succ ( p, σ D )) = ( h, h ′ , σ A , σ ′ A , θ ← σ A ( k ′ ) , k ′ ,L ) . But θ ← σ A ( k ′ ) ⇛ A k by point (ˆ2) for Def. 6, which implies that succ ( p, σ D ) s not winning for Spoiler . A similar argument holds for lab ( p ) = ( h, h ′ , σ A ,σ ′ A , k, R ) .b. For lab ( p ) = ( h, h ′ , σ A , σ ′ A , k, k ′ , l ′ , L ) , lab ( succ ( p, σ D )) = ( h, h ′ , σ A , σ ′ A , k, k ′ , ρ σ A ,k,k ′ ( l ′ ) , l ′ , L ) . But ρ σ A ,k,k ′ ( l ′ ) ⇛ A l ′ by point (ˆ3) for Def. 6, which implies that succ ( p,σ D ) is not winning for Spoiler . A similar argument holds for lab ( p ) = ( h, h ′ , σ A , σ ′ A , k, k ′ , l, R ) . ⇐ Suppose now that we have a winning joint strategy σ D = ( σ ID , σ P D ) forthe Duplicator coalition. Then, for each position p that is consistent with σ D ,with label lab ( p ) = ( h, h ′ ) ∈ Hist ( G ) × Hist ( G ′ ) , we set h ⇚⇛ σ D A h ′ .The strategy simulators are then defined as follows: for each h ⇚⇛ σ D A h ′ with ( h, h ′ ) = lab ( p ) for some position p in the bisimulation game, and each σ A ∈ P Str ( C A ( h )) , note first that we have a I-Spoil transition to a position p σ A labeled ( h, h ′ , σ A , L ) and then a I-Dupl transition to a position p σ A labeled ( h, h ′ , σ A , σ ID ( p σ A ) , L ) . Then, we set ST C A ( h ) ,C ′ A ( h ′ ) ( σ A ) = σ ID ( p σ A ) . Note thatthis definition is independent of the choice of p since, by construction, all po-sitions p with lab ( p ) = lab ( p ) are indistinguishable for I-Dupl , as he observesonly C A ( h ) × C ′ A ( h ′ ) and σ A . Hence, σ ID ( p σ A ) = σ ID ( p σ A ) , where p σ A is theposition resulting by I-Spoil choosing σ A in position p . This ensures that ST isindeed a strategy simulator according to Equation (1).Furthermore, the mappings θ ← σ A are defined as follows: given position p with lab ( p ) = ( h, h ′ ) as above, then for each σ A ∈ P Str ( C A ( h )) , denote first p σ A the position resulting from I-Spoil executing transition σ A ; further denote p σ A the position which belongs to P-Spoil after
P-Dupl executes action σ D ( p σ A ) .Note then that, in position p σ A , for each k ′ ∈ C ′ A ( h ′ ) , P-Spoil has a move toa position p σ A ,k ′ which is labeled ( h, h ′ , σ A , σ ID ( p σ A ) , k ′ , L ) which belongs to P-Dupl . Then we define θ ← σ A ( k ′ ) = σ P D ( p σ A ,k ′ ) .This definition is dependent on the choice of the starting position p , but thisis not an issue for our definition of ⇚⇛ σ D A since there is no requirement for build-ing the maximal bisimulation associated with a bisimulation game. Note furtherthat this definition, together with the fact that σ D is winning and hence posi-tion p σ A ,k ′ = succ ( p σ A ,k ′ , σ P D ( p σ A ,k ′ )) is not winning for the Spoiler coalition,implies that π ( θ ← σ A ( k ′ )) = π ′ ( k ′ ) and further ensures that θ ← σ A ( k ′ ) satisfies therestated point (ˆ2) for Def. 6.Finally, by proceeding from position p σ A ,k ′ , which again belongs to P-Spoil ,for each
P-Spoil ’s choice of some history l ′ ∈ succ ( k ′ , σ ID ( p σ A )) , the gameproceeds to a position p σ A ,k ′ ,l ′ that belongs to P-Dupl and is labeled with lab ( p σ A ,k ′ ,l ′ ) = ( h, h ′ , σ A , σ ID ( p σ A ) , σ P D ( p σ A ,k ′ ) , k ′ , l ′ , L ) . We then define ρ σ A ,θ ← σA ( k ′ ) ,k ′ ( l ′ ) = σ P D ( p σ A ,k ′ ,l ′ ) . Also note that this definition is dependent on the choice ofthe initial position p with no loss of generality, and the fact that σ D is winningensures that the position resulting from p σ A ,k ′ ,l ′ by P-Dupl ’s choice and labeled ( σ P D ( p σ A ,k ′ ,l ′ , l ′ ) , is not winning for Spoiler . In particular, π ( p σ A ,k ′ ,l ′ ) = π ′ ( l ′ ) and ρ σ A ,θ ← σA ( k ′ ) ,k ′ satisfies the restated point (ˆ3) for Def. 6. G q q q q q ⊺ pq – ( a,x )( b,y ) ( a,x )( b,y ) ( a,x )( b,y ) ( a,x )( b,y ) q ′ q ′ q ′ q ′ q ′⊺ pq ′– ( a,x ) ( a,x )( b,y ) ( a,x )( b,y ) ( b,y ) Fig. 2.
Counterexample for the Hennessy-Milner property for the subjective and ob-jective semantics.
Similar considerations give us the definitions for θ → σ ′ A and ρ ′ σ ′ A ,k,k ′ for each σ ′ A ∈ P Str ( C ′ A ( h ′ )) , k ′ ∈ C ′ A ( h ′ ) and k ∈ C A ( h ) with k ⇚⇛ A k ′ . This completesthe proof of Theorem 2.We conclude this section with some immediate properties about our bisimu-lation games and bisimulation relations. Proposition 1.
1. The set of bisimulations associated with the same strategysimulator forms a complete lattice w.r.t. set inclusion.2. If two iCGS G and G ′ are bisimilar, then the Duplicator coalition hasa winning strategy in the bisimulation game B ( G , G ′ , T ot ) where T ot is thetotal relation
Hist ( G ) × Hist ( G ′ ) . The second claim follows by observing that if the
Duplicator coalitionhas a strategy to win a bisimulation game B ( R ) = B ( G , G ′ , h , h ′ , R ) for some R , then they also have a strategy to win the bisimulation game B ( T ot ) = B ( G , G ′ , h , h ′ , T ot ) , and the construction in Theorem 2 can be used to showthat the bisimulation associated with B ( R ) is included in the bisimulation as-sociated with B ( T ot ) . Hence, this latter is maximal w.r.t. all bisimulations thatshare the strategy simulator constructed as in Theorem 2. We now show that the notion of bisimulation introduced in Sec. 3 enjoys theHennessy-Milner property. To this end, we need to define A -equivalence betweeniCGS. Specifically, given iCGS G and G ′ with histories h ∈ Hist ( G ) and h ′ ∈ Hist ( G ′ ) , we say that the pointed iCGS G ( h ) and G ′ ( h ′ ) , having h and h ′ asrespective initial histories, are A -equivalent iff for every A -formula φ , ( G , h ) ⊧ x φ iff ( G ′ , h ′ ) ⊧ x φ . Theorem 3.
The notion of bisimulation in Def. 6 enjoys the Hennessy-Milnerproperty, that is, the pointed iCGS G ( h ) and G ′ ( h ′ ) are A -equivalent for thecommon knowledge semantics if and only if they are A -bisimilar. Before proving Theorem 3, as a counterexample for the subjective and ob-jective semantics, we recall the example used in [6] depicted in Figure 2. In eachtate agent 1 can execute actions { a, b, c } while agent 2 can execute { x, y, z } .The transitions shown lead to q ⊺ and q ′⊺ , while the omitted transitions lead to q – and q ′– , respectively. We can check that states q i and q ′ j , with i, j ∈ { , , , } ,are { , } -equivalent, and it holds the same also for states q – (resp., q ⊺ ) and q ′– (resp., q ′⊺ ). Therefore, G and G are { , } -equivalent, i.e., they satisfy thesame { , } -formulas in ATL ∗ . However, there is no { , } -bisimulation betweenthe two iCGS. In particular, for any i, j ∈ { , , , } , state q i cannot be { , } -bisimilar with any state q ′ j .The lack of a bisimulation between the two structures in Fig. 2 follows byobserving that the Spoiler coalition wins the appropriate bisimulation game,since in the initial position ( q , q ′ ) , I-Spoil may choose strategy σ which pro-duces action tuple ( a, x ) in each state in C { , } ( q ) = { q , q , q , q } . If I-Dupl responds with strategy σ ′ ( q ′ ) = σ ′ ( q ′ ) = σ ′ ( q ′ ) = σ ′ ( q ) = ( a, x ) , then P-Spoil will choose state q ′ , and P-Dupl has no good choice of some state in G whosesuccessor by σ is labeled ¬ p , which is the label of the successor of q ′ by σ ′ .Similar situations occur for all the other choices by I-Dupl .To prove Theorem 3, we actually prove the following Gale-Stewart-type the-orem for the bisimulation games introduced in Def. 7:
Theorem 4 (Gale-Stewart theorem for bisimulation games).
Each bisim-ulation game is determined : either the
Duplicator coalition or the
Spoiler coalition wins the game.Proof.
We follow the pattern of Gale-Stewart games by proving first that, atpositions where one coalition does not have a winning strategy, the other one hasa “defensive” strategy, and then showing that any defensive strategy is winning.Formally, a defensive strategy for the
Spoiler coalition in the bisimulationgame is a joint strategy σ S = ( σ IS , σ P S ) such that, for any position p of the gamewhich is compatible with σ D , Duplicator does not have a winning strategy starting from the set of positions that have the same observability as p and arecompatible with σ S . Defensive strategies for Duplicator are defined similarly.We then have:
Lemma 2. If Duplicator coalition does not have a winning strategy, then
Spoiler coalition has a defensive strategy.
The proof of this claim works similarly to the classical case [14], by buildingthe defensive strategy by induction on the level of the position in the tree ofpositions of the bisimulation game, such that, at each position belonging to
P-Spoil or I-Spoil , we identify one “defensive” action for these agent. Thedifficulty is to build a uniform strategy for
I-Spoil , i.e., at two positions withidentical observations for
I-Spoil , her actions are identical.The argument is similar for the base case and the inductive cases, and startsby assuming the following: for some position p with lab ( p ) = ( h, h ′ ) , the Spoiler coalition does not have a defensive strategy from
Obs ( p ) , but neither Dupli-cator has a winning strategy from
Obs ( p ) . Therefore the following property,hich formalizes the lack of a defensive strategy w.r.t. L-transitions (i.e. steps2.a, 3, 5, 7, 9 and 11) in the bisimulation game, holds: ∀ p ∈ Obs ( p ) ∀ σ ∈ P Str ( C A ( lab ( p ))) ∃ σ ′ σ,p ∈ P Str ( C ′ A ( lab ( p ))) ∀ k ′ ∈ C ′ A ( lab ( p )) ∃ k σ,p ,k ′ , ∈ C A ( lab ( p )) ∀ l ′ ∈ succ ( k ′ , σ ′ σ,p ) ∃ l σ,p ,k ′ ,l ′ ∈ succ ( k σ,p ,k ′ , σ ) ∃ σ D = ( σ ID , σ P D ) ∈ Σ Dupl with σ D winning from position ( l σ,p ,k ′ ,l ′ , l ′ ) (3)Note that a similar property holds w.r.t. R-transitions.Notice that, by default, nothing excludes having some p , p ∈ Obs ( p ) suchthat, for some, σ ∈ P Str ( C A ( lab ( p ))) , σ ′ σ,p ≠ σ ′ σ,p . But I-Dupl can choose thesame σ ′ σ,p and P-Dupl can then choose l σ,p,k ′ ,l ′ at all positions p ∈ Obs ( p ) ,because choices of k ′ for P-Dupl in Formula 3 are quantified over the whole C ′ A ( lab ( p )) = C ′ A ( lab ( p )) . In other words, because I-Dupl ’s choice of σ ′ σ,p combined with P-Dupl choice of l σ,p,k ′ ,l ′ are ”defensive” at position p , they are”defensive” at any other position p ∈ Obs ( p ) . This way, I-Dupl ’s choice can bemade uniform w.r.t. her observations, which gives a winning strategy for the
Duplicator coalition at p , fact which contradicts the initial assumption.Formally, from any position p ∈ Obs ( p ) , the following strategy for Dupli-cator coalition is winning: – Denote p σ the successor of p after I-Spoil chooses σ . Then I-Dupl chooses σ ′ σ,p at p σ . – Denote the resulting position p σ,σ ′ σ,p . Denote further by p σ,σ ′ σ,p ,k ′ the suc-cessor of p σ,σ ′ σ,p after P-Spoil has chosen k ′ ∈ C ′ A ( lab ( p )) . Then P-Dupl chooses k σ,p,k ′ ∈ C A ( lab ( p )) at p σ,σ ′ σ,p ,k ′ . – Denote the resulting position p σ,σ ′ σ,p ,k σ,p,k ′ . Also denote p σ,σ ′ σ,p ,k ′ ,k σ,p,k ′ ,l ′ thesuccessor of p σ,σ ′ σ,p ,k σ,p,k ′ after P-Spoil chooses l ′ ∈ succ ( k ′ , σ ′ σ,p ) . Then P-Dupl chooses l σ,p,k ′ ,l ′ ∈ succ ( k σ,p,k ′ , σ ) at p σ,σ ′ σ,p ,k ′ ,k σ,p,k ′ ,l ′ .Formula 3 implies that from the resulting position, which is labeled ( l σ,p,k ′ ,l ′ ,l ′ ) , the Duplicator coalition has a winning strategy. Hence, we have a winningstrategy for the
Duplicator coalition from
Obs ( p ) , which contradicts the initialassumption.As a result, the Spoiler coalition must have a defensive strategy from
Obs ( p ) , which can be built by negating Formula 3, after which the constructioncontinues by induction on the observation class of the resulting positions labeled ( l σ,p,k ′ ,l ′ , l ′ ) . A similar argument shows that, when Spoiler coalition does nothave a winning strategy,
Duplicator coalition has a defensive strategy.It remains to show that a defensive strategy for
Duplicator is winning.This follows by observing that any infinite path in T ( B ) which is compatiblewith a defensive strategy for Duplicator must not pass through a positionwhich is winning for
Spoiler , hence is an infinite path which is winning for
Duplicator , which ends the proof.e can now proceed with the proof of Theorem 3.
Proof.
Theorem 3
Assume that there exists no bisimulation between G and G ′ which, by Proposition 1, means that in the bisimulation game B ( G , G ′ , s , s ′ , T ot ) the Duplicator coalition has no winning strategy. By the determinacy theo-rem, the
Spoiler coalition has a winning strategy σ S = ( σ IS , σ P S ) . Since eachposition in the bisimulation game has a finite number of successors, as a con-sequence of K¨onig’s Lemma, there exists a finite set P σ S of winning positionsfor Spoiler such that all runs compatible with σ S pass through one position of P σ S .Pick then a position p labeled ( h, h ′ ) such that, on all runs starting from p and compatible with σ S , the first position labeled with some ( l, l ′ ) occurringon the run after p is a winning position for Spoiler . Note that the followingproperty, formalizing the fact that σ S is winning, holds: ∃ σ ∈ P Str ( C A ( h )) ∀ σ ′ ∈ P Str ( C ′ A ( h ′ )) ∃ k ′ σ ′ ∈ C ′ A ( h ′ ) ∀ k ∈ C A ( h )( π ( k ) = π ′ ( k ′ σ ′ ) → ∃ l ′ σ ′ ,k ′ σ ′ ,k ∈ succ ( k ′ , σ ′ ) ∀ l ∈ succ ( k, σ ) π ( l ) ≠ π ( l ′ σ ′ ,k ′ σ ′ ,k )) (4)where σ = σ IS ( p ) , k ′ σ ′ = σ P S ( p ) , p is the successor of p after I-Spoil chooses σ and P-Dupl answers with σ ′ , and l ′ σ ′ ,k ′ σ ′ ,k = σ P S ( p ) where p is the successorof p after P-Spoil chooses k ′ and P-Dupl answers with k . Note that theimplication with premise π ( k ) = π ′ ( k ′ σ ′ ) is needed since P-Dupl ’s choices with π ( k ) ≠ π ′ ( k ′ σ ′ ) are immediately winning for Spoiler , and then there is no needto proceed with steps 11-12 corresponding with the successors of k and k ′ .So, if we define the formula ϕ ( P σ S ) = ⟨⟨ A ⟩⟩ X ( ⋀ σ ′ ∈ P Str ( C ′ A ( h ′ )) ( Y π ′ ( k ′ σ ′ ) → ⋁ k ∈ C A ( h ) ¬ π ′ ( l ′ σ ′ ,k ′ σ ′ ,k ))) (5)then Formula 4 implies that ( G , h ) ⊧ ck ϕ ( P σ S ) but, on the other hand, ( G ′ , h ′ ) / ⊧ ck ϕ ( P σ S ) .To see this, note that, in ϕ ( P σ S ) the coalition operator ⟨⟨ A ⟩⟩ encodes ∃ σ ∈ P Str ( C A ( h )) in 4. Further, the conjunction indexed by σ ′ in 5 corresponds tothe universal quantifier on σ ′ in 4. The k ′ σ ′ in 5 represents the skolemization ofthe existential quantification over k ′ σ ′ in 4. The last disjunction in 5 correspondswith the existential quantification over k in 4. The existential quantification over l ′ σ ′ ,k ′ σ ′ ,k in 4 is encoded in 5 by its skolemization, denoted l ′ σ ′ ,k ′ σ ′ ,k too. Finally,the universal quantifier over l ∈ succ ( k, σ ) in 4 and the last property connecting l to l ′ σ ′ ,k ′ σ ′ ,k is encoded in 5 by ¬ π ′ ( l ′ σ ′ ,k ′ σ ′ ,k ) .The yesterday operator Y is needed because we must encode the part of 4referring to π ( k ) , which refers to the current position. Unfortunately, a formulalike ⟨⟨ A ⟩⟩( π ( k ) → Xψ ) which would simulate more easily the implication π ( k ) = π ′ ( k ′ σ ′ ) → ∃ l ′ σ ′ ,k ′ σ ′ ,k ∈ succ ( k ′ , σ ′ ) . . . from 4 would not be ATL but rather ATL ∗ .But, in order to correctly simulate quantifier order from 4, in 5 π ( k ) must lieithin the scope of ⟨⟨ A ⟩⟩ X , which refers to the positions one time step after thecurrent position. Hence, in the scope of ⟨⟨ A ⟩⟩ X we need to recover the value of π ( k ) at the previous position, hence we utilize Y . We believe Y might not beneeded for the full AT L ∗ , a topic for further research.The proof can then be completed by induction as follows: we modify thebisimulation game by appending a new winning condition for Spoiler : all posi-tions in
Obs ( p ) are labeled as winning, with the formula ϕ witnessing this. Theset of atomic propositions for both iCGS is augmented with p ϕ and, for each ( h, h ′ ) labeling a position p ∈ Obs ( p ) , we augment π ( h ) with p ϕ while π ′ ( h ′ ) isleft unchanged. This provides us with a new bisimulation game in which (the ap-propriately updated) strategy profile σ S is still a winning strategy for Spoiler ,there is a strictly smaller set of positions P ′ σ S which are winning for Spoiler ,and all runs compatible with σ S pass through one position of P ′ σ S .The argument ends when we obtain some P mσ S for which Obs ( P mσ S ) is a sin-gleton, which means that ( h , h ′ ) ∈ P mσ S . Then the formula ϕ ( P mσ S ) built as inEquation 5 is the witness that ( G , h ) is not A -equivalent with ( G ′ , h ′ ) . In this section we show that deciding the existence of bisimulations betweeniCGS is undecidable in general. We state immediately the main result of thissection.
Theorem 5.
The problem of checking whether two CGS G and G defined onthe same set Ag of agents are A -bisimilar, for some set A ⊆ Ag of agents, isundecidable. The proof of Theorem 5 can be outlined as follows: given any deterministicTuring Machine, by building on [12] we construct a 3-agent iCGS which has theproperty that two agents (call them 1 and 2) have a winning strategy to avoidan error state if and only if the TM never stops when starting with an emptytape. We note that this strategy, when it exists, is unique. Then, we construct asecond 3-agent “simple” iCGS in which there exists a unique strategy for agents1 and 2 (without memory) for avoiding an error state. Finally, we prove thatthese two iCGS are bisimilar if and only if the TM never stops when startingwith an empty tape, which is sufficient to derive the undecidability of the formerproblem.We start with the construction of the second iCGS, which is depicted inFigure 3. Note that the transitions only represent the actions of agents 1 and 2,agent 3’s role is to ”solve nondeterminism” in states s init , s gen and s tr . First ofall, we prove the following lemma. Lemma 3.
In the iCGS depicted in Figure 3 there exists a unique strategy foragents and to avoid state s err .Proof. Note that, in all the states except s amb and s amb , coalition { , } mustplay ( ok, ok ) to avoid s err . To further understand why 1 and 2 need to playhe same action in the remaining two states, consider history h = s init ok,ok ÐÐÐ→ s gen ok,ok ÐÐÐ→ s tr ok,ok ÐÐÐ→ s amb . Note that if we have h ∼ h ′ (and h ≠ h ′ ), then h ′ = s init ok,ok ÐÐÐ→ s gen ok,ok ÐÐÐ→ s amb a ,a ÐÐÐ→ s namb . So, for any joint strategy σ = ( σ , σ ) for 1 and 2, ensuring s err ∉ succ ( h ′ , σ ( h ′ )) requires that σ ( h ′ ) = ok , which alsoimplies that σ ( h ) = ok by 1-uniformity of σ . A similar argument shows that h ∼ h ′′ (and h ≠ h ′′ ) implies that h ′′ = s init ok,ok ÐÐÐ→ s gen ok,ok ÐÐÐ→ s tr ok,ok ÐÐÐ→ s gen , andsince the only way to ensure s err ∉ succ ( h ′′ , σ ( h ′′ )) is by choosing σ ( h ′′ ) = ok ,we must also have σ ( h ) = ok . s gen s amb s init s ′ init s lb s ′ lb s tr s amb s namb s namb s err ok, ok ∗ ok, ok ∗ ok, okok, ok ∗ ok, ok ∗ ok, ok ∗ ok, ok ok, ok ∗ ok, ok ∗ ok, ok ∗ ok, ok Fig. 3.
The iCGS G S , where ∗ = ¬ ok, ok ∣ ok, ¬ ok ∣ ¬ ok, ¬ ok and = ¬ ok, ok ∣ ok, ¬ ok ∣¬ ok, ¬ ok ∣ ok, ok . The indistinguishability relation for player 1 has three classes: s gen , s err , and s set , where s set = S ∖ { s gen , s err } . The indistinguishability relation for player2 has three classes: s tr , s err , and s ′ set , where s ′ set = S ∖ { s tr , s err } . By generalizing these observations, a strategy that avoids the error state forall outcomes can only be constructed if in every history h ending in s amb thejoint action is ( ok, ok ) . This is because:1. if h ∼ h ′ and last ( h ′ ) = s namb , then in s namb the only “good” transition foragent 1 is ok , and2. if h ∼ h ′′ and last ( h ′′ ) ∈ { s gen , s namb } , then in both these states the only“good” transition for agent 2 is ok too.A similar remark holds for histories ending in the other “ambiguous” state, s amb .So there is only one joint uniform strategy for { , } that avoids s err , which ischoosing ( ok, ok ) at every history.We now turn to the construction of the first iCGS, which is adapted from[12]. We give the construction for a simple deterministic T M M = ⟨ Q , Γ, δ ⟩ withstates Q = { q , q , q } and tape symbols Γ = { B, a } , whose transition function δ is in Table 1. B aq ( q , a, R ) ( q , B, R ) q ( q , a, R ) ( q , B, L ) q ( q , B, L ) ( q , a, R ) Table 1.
Transitions of the
T M M . The purpose of this construction is that the given TM never halts on anempty tape if and only if coalition { , } has a strategy which simulates therun of the TM on the levels of the tree of runs compatible with the strategy.The simulation of the Turing machine, depicted in Fig. 5, satisfies the followingproperties: s gen s B s q B s q B s q B s init s ′ init s lb s ′ lb s tr s tr s q q R s q q L s q q R s tr s q q L s q q R s B s a s a s q a s q a s q a s – s – s – s – i,iany i,ianyi,ii,ii,ii,ii,ii,q i,i i,i ( q q R ) ,ii, ( q q L )( q q R ) ,i ( q q R ) ,ii, ( q q L )+ i, ( q q R )( q q L ) ,ii, ( q q R ) i, ( q q R )( q q L ) ,ii,i i,ii,i ∗ i, ( q q R ) +( q q R ) ,i ( q q R ) ,i i, ( q q L ) i,i i,i ( q ,q ,L ) ,i ( q ,q ,L ) ,ii, ( q ,q ,R ) i, ( q q R ) i, ( q q R ) + i, ( q ,q ,R )( q ,q ,R ) ,ii, ( q ,q ,L ) i,i i,i Fig. 4.
The iCGS G M , where ∗ = i, q ∣ ( q , q , L ) , i ∣ ( q , q , L ) , i , = i, ( q , q , R ) ∣ i, ( q , q , R ) , + represents all the possible combination of actions less the tuples al-ready displayed, and any represents all the possible combinations of actions. Notethat, all the missing transitions go to the error state. The indistinguishability relationfor player 1 has three classes: s gen , s err , and s set , where s set = S ∖ { s gen , s err } . Theindistinguishability relation for player 2 has three classes: s tr , s err , and s ′ set , where s ′ set = S ∖ { s tr , s err } .
1. Every run ρ starting with s init ( i,i Ð→ s gen i,i Ð→ s tr ) n i,i Ð→ s gen i,i Ð→ s B , simulatesthe evolution of the contents of the n -th cell on the tape. We call such runsas ( , n ) -runs and denote them ρ ( ,n ) . Formally, for each k ≥ n , dependingon the k -th configuration of the TM:(a) If the R/W head points to cell n that holds symbol x , the TM is in state q , and the transition table gives δ ( q, x ) = ( r, y, R ) (i.e. an R-move of thehead), then ρ ( ,n ) [ k + , k + ] = s q,x ( q,r,R ) ,i ÐÐÐÐÐ→ s y i,i Ð→ s y ( ,n + ) [ k + , k + ] = s z i,i Ð→ s z i, ( q,r,R ) ÐÐÐÐÐ→ s r,z , for some z ∈ Γ representingthe contents of tape cell ( n + ) in configuration k .(b) On the other hand, if the transition table gives δ ( q, x ) = ( r, y, L ) (i.e. an L-move of the head), then ρ ( ,n ) [ k + , k + ] = s q,x i, ( q,r,L ) ÐÐÐÐ→ s y i,i Ð→ s y ρ ( ,n − ) [ k + , k + ] = s z i,i Ð→ s z ( q,r,L ) ,i ÐÐÐÐ→ s r,z , for some z ∈ Γ .(c) Otherwise (i.e., the R/W head is not pointing cells n − n + ρ ( ,n ) [ k, k + ] = s z i,i Ð→ s z i,i Ð→ s z where z is the contents of cell n in configuration k .Note that two steps are needed along each run to encode the transition ofthe R/W head from cell n to cell ( n + ) for an R-move, or to cell ( n − ) fora L-move.2. Every run ρ starting with s init ( i,i Ð→ s gen i,i Ð→ s tr ) n i,i Ð→ s tr , simulates a moveof the R/W head between the ( n − ) -th and the n -th cell, (which we call inthe sequel the n -th frontier ), for n ≥
1. We call such runs as ( , n ) -runs anddenote them ρ ( ,n ) . Formally, for every k ≥ n , depending on the transitionbetween the k -th and the ( k + ) -th configuration of the TM:(a) If the R/W head moves from the n -th cell to the ( n − ) -th by executing δ ( q, x ) = ( r, y, L ) , then ρ ( ,n ) [ k + , k + ] = s tr i, ( q,r,L ) ÐÐÐÐ→ s q,r,L ( q,r,L ) ,i ÐÐÐÐ→ s tr .(b) If the R/W head moves from the ( n − ) -th cell to the n -th by execut-ing transition δ ( q, x ) = ( r, y, R ) , then ρ ( ,n ) [ k + , k + ] = s tr ( q,r,R ) ,i ÐÐÐÐÐ→ s q,r,R i, ( q,r,R ) ÐÐÐÐÐ→ s tr .(c) Otherwise, ρ ( ,n ) [ k + , k + ] = s tr i,i Ð→ s tr i,i Ð→ s tr .Finally, run ρ = s init i,i Ð→ s ′ init i,i Ð→ s lb i, ( q ) ÐÐÐ→ s ′ lb ( i,i Ð→ s ′ lb ) ω simulates the “leftbound” of the tape and the start of the TM with the R/W head on the initialstate q . Let GR denote the set { ρ } ∪ { ρ ( ,n ) , ρ ( ,n ) ∣ n ∈ N } of “good” runs ,and σ win the unique strategy for agents 1 and 2 that simulates the infinite runof the TM, when it exists.In what follows, we group states of G M in five sets:1. S namb = { s init , s ′ init , s lb , s ′ lb } .2. S namb = { s q,z ∣ q ∈ Q and z ∈ Γ } ∪ { s – , s B , s a } .3. S amb = { s a , s B , s – } .4. S namb = { s tr , s – } .5. S amb = { s q,r,x ∣ q, r ∈ Q, x ∈ { R, L }} ∪ { s – , s tr } .We also call states in S amb = S amb ∪ S amb as “ambiguous” and in S namb = S ∖ S amb “nonambiguous”. Note that, in each nonambiguous state, all outgoing transitionswhich avoir s err are labeled with a unique tuple of actions, while all ambiguousstates do not have transitions leading to s err . init s ′ init s lb s ′ lb s ′ lb s ′ lb s ′ lb s ′ lb s ′ lb s ′ lb ( i,i )( i,i )( i,i )( i,i )( i,i )( i,i )( i, ( q ))( i,i ) ( i,i ) s gen s B s q ,B s a s a s a s a s a s a ( i,i )( i,i )( i,i )( i,i )( i,i )(( q ,q ,R ) ,i )( i, ( q )) ( i,i ) s tr s tr s q ,q ,R s tr s tr s tr s tr s tr ( i,i )( i,i )( i,i )( i,i )( i, ( q ,q ,R ))(( q ,q ,R ) ,i ) ( i,i ) s gen s B s q ,B s a s a s a s q ,a (( q ,q ,L ) ,i )( i,i )( i,i )(( q ,q ,R ) ,i )( i, ( q ,q ,R )) ( i,i ) s tr s tr s q ,q ,R s tr s q ,q ,L s tr (( q ,q ,L ) ,i )( i, ( q ,q ,L ))( i, ( q ,q ,R ))(( q ,q ,R ) ,i ) ( i,i ) s gen s B s q ,B s B s B ( i,i )( i, ( q ,q ,L ))( i, ( q ,q ,R ))( i,i )( i,i )( i,i )( i,i )( i,i )( i,i ) Fig. 5.
Simulating three computation steps of the Turing machine in Table 1.
Before defining the actual bisimulation between G M and G S , note that runsthat “deviate” from runs in GR (and therefore associated with a “wrong” strat-egy that cannot avoid s err ) contain either a transition from a nonambiguousstate to s err , or a transition from an ambiguous state which is not consistentwith the TM computation, as explain below.The line of reasoning guaranteeing that every strategy σ consistent with arun which “deviates” from a run in GR will not be able to avoid s err is similar tothe proof of Lemma 3 above. Assume that there exists a single partial strategy,defined on Hist ≤ i ( G M ) , which avoids s err and all histories compatible with thisstrategy are prefixes of length ≤ n of runs in GR . Note first that each such historyending in states in S namb can only be completed with a transition that simulatescorrectly the unique run up to level i + h = ρ ( ,n ) [ ≤ i ] a ,a ÐÐÐ→ s with h [ i ] / ∈ S namb . Note then that if h ∼ h ′ then h ′ [ ≤ i ] ⪯ ρ ( ,n ) and h ′ [ i ] ∈ S namb is a nonambiguous state. Therefore, there exists aunique h ′ [ i ] a ,b ÐÐÐ→ s ′ , and, moreover, this transition has to correctly simulate the n -th frontier at level i +
1. It then follows that a is the “good” decision agent 1has to make to correctly simulate the TM run on h . A similar argument holdsfor h ′′ ∼ h by noting that h ′′ [ ≤ i ] ⪯ ρ ( ,n − ) . Also similar arguments hold if westart with h ⪯ ρ ( ,n ) .Finally, the bisimulation relation between G M and G S is guided by the intu-ition that histories ending in nonambiguous states S namb resp. S namb , ”behavesimilarly” with histories ending in s namb , resp. s namb , while histories ending inambiguous states S amb , resp. S namb behave similarly with histories ending in s amb , resp. s amb .Specifically, for every h ∈ Hist ( G M ) with h ≺ ρ ( ,n ) and h / ≺ ρ ( ,n ) , we set h ⇚⇛ , χ for χ defined as follows:1. χ [ i ] = h [ i ] if h [ i ] ∈ S namb ∪ { s err } .2. χ [ i ] = s amb if h [ i ] ∈ S amb .3. χ [ i ] = s namb if h [ i ] ∈ S namb .4. For y ∈ { , } , act y ( χ, i ) = ok if and only if act y ( h, i ) is the “correct” actionexecuted by agent y for simulating the contents of the n -th cell at level i along ρ ( ,n ) .Similarly, for every h ∈ Hist ( G M ) with h ≺ ρ ( ,n ) and h / ≺ ρ ( ,n + ) , we set h ⇚⇛ , χ for χ defined as follows:1. χ [ i ] = s amb if h [ i ] ∈ S amb .2. χ [ i ] = s namb if h [ i ] ∈ S namb .3. For y ∈ { , } , act y ( χ, i ) = ok if and only if act y ( h, i ) is the “correct” actionexecuted by agent y for simulating the n -th frontier at level i along ρ ( ,n ) .Note that ⇚⇛ , is in fact functional.The strategy simulator ST can be constructed using the functional rela-tion ⇚⇛ , as follows: for any joint strategy σ and any history h ∈ Hist ( G M ) compatible with σ , take the unique χ h ∈ Hist ( G S ) with h ⇚⇛ , χ h and de-fine the partial strategy τ σ with τ σ ( χ h [ < ∣ χ h ∣]) = act ( χ h , ∣ < χ h ∣) . Then notethat, whenever we have two different joint strategies σ and σ which sharesome compatible histories, then for any h compatible with both we have that τ σ ( χ h [ < ∣ χ h ∣]) = τ σ ( χ h [∣ < χ h ∣]) . This means that the following definition cor-rectly constructs a strategy simulator: for each h ∈ Hist ( G M ) , each partial strat-egy σ ∈ P Str ( C A ( h )) , h ′ ∈ C A ( h ) and for each joint strategy σ with σ C A ( h ) = σ , ST ( σ )( h ) = τ σ ( χ h [ < ∣ χ h ∣]) because, as noted above, different τ σ agree on the same χ h , so the choice of σ isnot important as long as it is compatible with h .The inverse strategy simulator can be chosen as any inverse function of ST ,i.e. any function ST ′ with ST ○ ST ′ being the identity function.ence ⇚⇛ , is indeed an { , } -bisimulation with ST and ST ′ strategy sim-ulators, if and only if M never stops when starting with an empty tape, whichends the proof of the undecidability theorem. In this paper we advanced the state of the art in the model theory of logics forstrategic reasoning in multi-agent systems. Specifically, in Sec. 2 we consideredthe common knowledge interpretation of the Alternating-time Temporal LogicATL under the assumption of imperfect information (and perfect recall), whichhas so far received little attention in the literature. For this context of imperfectinformation, we introduced a novel notion of alternating bisimulation in Sec. 3and were able to prove the preservation of ATL formulas in bisimilar iCGS (The-orem 1). Further, in order to show that the common knowledge interpretationenjoys the Hennessy-Milner property, in Sec. 4 we introduced an imperfect infor-mation variant bisimulation games and showed that the
Duplicator coalitionhas a winning strategy if and only if there exists a bisimulation between the twogiven iCGS (Theorem 2). Finally, in Sec. 5 we proved the Gale-Stewart deter-minacy Theorem 4, which allows us to prove the Hennessy-Milner Theorem 3.We also provided counterexamples to the Hennessy-Milner property for the ob-jective and subjective interpretation of ATL. To conclude, in Sec. 6 we showedthat checking the existence of an alternating bisimulation between two iCGS isundecidable in general (Theorem 5).We note that our Hennessy-Milner theorem utilizes the ”yesterday” modalityfor technical reasons. As noted in the proof of Theorem 3, Formula 4 might beencoded with an ATL ∗ formula which does not utilize Y . The translation of thistheorem to the full ATL ∗ is left for future research.As another direction for future research, we plan to investigate under whichconditions our Gale-Stewart-type theorem can be generalized to a full determi-nacy theorem for multi-agent games. References
1. T. ˚Agotnes, V. Goranko, and W. Jamroga. Alternating-time temporal logics withirrevocable strategies. In
Proceedings of TARK XI , pages 15–24, 2007.2. T. ˚Agotnes, V. Goranko, W. Jamroga, and M. Wooldridge. Knowledge and ability.In
Handbook of Logics for Knowledge and Belief . College Publications, 2015.3. R. Alur, T. A. Henzinger, and O. Kupferman. Alternating-time temporal logic.
Journal of the ACM , 49(5):672–713, 2002.4. R. Alur, T. A. Henzinger, O. Kupferman, and M. Y. Vardi. Alternating refinementrelations. In
In Proceedings of the Ninth International Conference on ConcurrencyTheory (CONCUR’98), volume 1466 of LNCS , pages 163–178. Springer-Verlag,1998.5. F. Belardinelli, R. Condurache, C. Dima, W. Jamroga, and A. V. Jones. Bisimula-tions for verifying strategic abilities with an application to threeballot. In
Proc. ofthe 16th International Conference on Autonomous Agents and Multiagent Systems(AAMAS17) , 2017.. F. Belardinelli, R. Condurache, C. Dima, W. Jamroga, and M. Knapik. Bisimula-tions for verifying strategic abilities with an application to the threeballot votingprotocol.
Information & Computation , 2020 (to appear).7. F. Belardinelli, C. Dima, and A. Murano. Bisimulations for logics of strategies: Astudy in expressiveness and verification. In M. Thielscher, F. Toni, and F. Wolter,editors,
Principles of Knowledge Representation and Reasoning: Proceedings of theSixteenth International Conference, KR 2018, Tempe, Arizona, 30 October - 2November 2018. , pages 425–434. AAAI Press, 2018.8. N. Bulling, J. Dix, and W. Jamroga. Model checking logics of strategic ability:Complexity. In
Specification and Verification of Multi-agent Systems , pages 125–159. Springer, 2010.9. N. Bulling and W. Jamroga. Comparing variants of strategic ability: how uncer-tainty and memory influence general properties of games.
Autonomous Agents andMulti-Agent Systems , 28(3):474–518, 2014.10. M. Dastani and W. Jamroga. Reasoning about strategies of multi-agent programs.In
Proceedings of AAMAS2010 , pages 625–632, 2010.11. C. Dima, B. Maubert, and S. Pinchinat. Relating paths in transition systems: Thefall of the modal mu-calculus.
ACM Trans. Comput. Log. , 19(3):23:1–23:33, 2018.12. C. Dima and F. Tiplea. Model-checking ATL under imperfect information andperfect recall semantics is undecidable.
CoRR , abs/1102.4225, 2011.13. R. Fagin, J. Y. Halpern, Y. Moses, and M. Y. Vardi.
Reasoning about Knowledge .MIT Press, Cambridge, 1995.14. D. Gale and F. M. Stewart. Infinite games with perfect information. In
Contribu-tions to the theory of games, vol. 2 , Annals of Mathematics Studies, no. 28, pages245–266. Princeton University Press, Princeton, N. J., 1953.15. U. Goltz, R. Kuiper, and W. Penczek. Propositional temporal logics and equiva-lences. In
Proceedings of CONCUR ’92 , pages 222–236, 1992.16. M. Hennessy and R. Milner. On observing nondeterminism and concurrency. InJ. de Bakker and J. van Leeuwen, editors,
Automata, Languages and Programming ,pages 299–309, Berlin, Heidelberg, 1980. Springer Berlin Heidelberg.17. W. Jamroga and W. van der Hoek. Agents that know how to play.
FundamentaInformaticae , 62:1–35, 2004.18. M. Melissen.