Fabio Mogavero

Reasoning About Strategies

In open systems verification, to formally check for reliability, one needs an appropriate formalism to model the interaction between open entities and express that the system is correct no matter how the environment behaves. An important contribution in this context is given by the modal logics for strategic ability, in the setting of multi-agent games, such as Atl, Atl \(^{*}\), and the like. Recently, Chatterjee, Henzinger, and Piterman introduced Strategy Logic, which we denote here by CHP-Sl, with the aim of getting a powerful framework for reasoning explicitly about strategies. CHP-Sl is obtained by using first-order quantifications over strategies and it has been investigated in the specific setting of two-agents turned-based game structures where a non-elementary model-checking algorithm has been provided. While CHP-Sl is a very expressive logic, we claim that it does not fully capture the strategic aspects of multi-agent systems. In this work, we introduce and study a more general strategy logic, denoted Sl, for reasoning about strategies in multi-agent concurrent systems. We prove that Sl strictly includes CHP-Sl, while maintaining a decidable model-checking problem. Indeed, we show that it is 2ExpTime-complete under a reasonable semantics, thus not harder than that for Atl \(^{*}\) and a remarkable improvement of the same problem for CHP-Sl. We also consider the satisfiability problem and show that it is undecidable already for the sub-logic CHP-Sl under the concurrent game semantics.

Reasoning About Strategies: On the Model-Checking Problem

In open systems verification, to formally check for reliability, one needs an appropriate formalism to model the interaction between agents and express the correctness of the system no matter how the environment behaves. An important contribution in this context is given by modal logics for strategic ability, in the setting of multiagent games, such as A<scp>tl</scp>, A<scp>tl</scp>*, and the like. Recently, Chatterjee, Henzinger, and Piterman introduced <i>Strategy Logic</i>, which we denote here by CHP-S<scp>l</scp>, with the aim of getting a powerful framework for reasoning explicitly about strategies. CHP-S<scp>l</scp> is obtained by using first-order quantifications over strategies and has been investigated in the very specific setting of two-agents turned-based games, where a nonelementary model-checking algorithm has been provided. While CHP-S<scp>l</scp> is a very expressive logic, we claim that it does not fully capture the strategic aspects of multiagent systems. In this article, we introduce and study a more general strategy logic, denoted S<scp>l</scp>, for reasoning about strategies in multiagent concurrent games. As a key aspect, strategies in S<scp>l</scp> are not intrinsically glued to a specific agent, but an explicit binding operator allows an agent to bind to a strategy variable. This allows agents to share strategies or reuse one previously adopted. We prove that S<scp>l</scp> strictly includes CHP-S<scp>l</scp>, while maintaining a decidable model-checking problem. In particular, the algorithm we propose is computationally not harder than the best one known for CHP-S<scp>l</scp>. Moreover, we prove that such a problem for S<scp>l</scp> is N<scp>on</scp>E<scp>lementary</scp>. This negative result has spurred us to investigate syntactic fragments of S<scp>l</scp>, strictly subsuming A<scp>tl</scp>*, with the hope of obtaining an elementary model-checking problem. Among others, we introduce and study the sublogics S<scp>l</scp>[<scp>ng</scp>], S<scp>l</scp>[<scp>bg</scp>], and S<scp>l</scp>[1<scp>g</scp>]. They encompass formulas in a special prenex normal form having, respectively, nested temporal goals, Boolean combinations of goals, and, a single goal at a time. Intuitively, for a goal, we mean a sequence of bindings, one for each agent, followed by an L<scp>tl</scp> formula. We prove that the model-checking problem for S<scp>l</scp>[1<scp>g</scp>] is 2E<scp>xp</scp>T<scp>ime</scp>-<scp>complete</scp>, thus not harder than the one for A<scp>tl</scp>*. In contrast, S<scp>l</scp>[<scp>ng</scp>] turns out to be N<scp>on</scp>E<scp>lementary</scp>-hard, strengthening the corresponding result for S<scp>l</scp>. Regarding S<scp>l</scp>[<scp>bg</scp>], we show that it includes CHP-S<scp>l</scp> and its model-checking is decidable with a 2E<scp>xp</scp>T<scp>ime</scp>lower-bound. It is worth enlightening that to achieve the positive results about S<scp>l</scp>[1<scp>g</scp>], we introduce a fundamental property of the semantics of this logic, called <i>behavioral</i>, which allows to strongly simplify the reasoning about strategies. Indeed, in a nonbehavioral logic such as S<scp>l</scp>[<scp>bg</scp>] and the subsuming ones, to satisfy a formula, one has to take into account that a move of an agent, at a given moment of a play, may depend on the moves taken by any agent in another counterfactual play.

What makes ATL* decidable? a decidable fragment of strategy logic

Strategy Logic (Sl, for short) has been recently introduced by Mogavero, Murano, and Vardi as a formalism for reasoning explicitly about strategies, as first-order objects, in multi-agent concurrent games. This logic turns out to be very powerful, strictly subsuming all major previously studied modal logics for strategic reasoning, including Atl, Atl*, and the like. The price that one has to pay for the expressiveness of Sl is the lack of important model-theoretic properties and an increased complexity of decision problems. In particular, Sl does not have the bounded-tree model property and the related satisfiability problem is highly undecidable while for Atl* it is 2ExpTime-complete. An obvious question that arises is then what makes Atl* decidable. Understanding this should enable us to identify decidable fragments of Sl. We focus, in this work, on the limitation of Atl* to allow only one temporal goal for each strategic assertion and study the fragment of Sl with the same restriction. Specifically, we introduce and study the syntactic fragment One-Goal Strategy Logic (Sl[1g], for short), which consists of formulas in prenex normal form having a single temporal goal at a time for every strategy quantification of agents. We show that Sl[1g] is strictly more expressive than Atl*. Our main result is that Sl[1g] has the bounded tree-model property and its satisfiability problem is 2ExpTime-complete, as it is for Atl*.

MCMAS-SLK: A Model Checker for the Verification of Strategy Logic Specifications

Model checking has come of age. A number of techniques are increasingly used in industrial setting to verify hardware and software systems, both against models and concrete implementations. While it is generally accepted that obstacles still remain, notably handling infinite state systems efficiently, much of current work involves refining and improving existing techniques such as predicate abstraction.

Graded computation tree logic

In modal logics, graded (world) modalities have been deeply investigated as a useful framework for generalizing standard existential and universal modalities in such a way that they can express statements about a given number of immediately accessible worlds. These modalities have been recently investigated with respect to the mu-calculus, which have provided succinctness, without affecting the satisfiability of the extended logic, i.e., it remains solvable in ExpTime. A natural question that arises is how logics that allow reasoning about paths could be affected by considering graded path modalities. In this paper, we investigate this question in the case of the branching-time temporal logic CTL (GCTL, for short). We prove that, although GCTL is more expressive than CTL, the satisfiability problem for GCTL remains solvable in ExpTime. This result is obtained by exploiting an automata-theoretic approach. In particular, we introduce the class of partitioning alternating Büchi tree automata and show that the emptiness problem for them is ExpTime-Complete. The satisfiability result turns even more interesting as we show that GCTL is exponentially more succinct than graded mu-calculus.

On the Boundary of Behavioral Strategies

In the setting of multi-agent games, considerable effort has been devoted to the definition of modal logics for strategic reasoning. In this area, a recent contribution is given by the introduction of Strategy Logic (SL, for short) by Mogavero, Murano, and Vardi. This logic allows to reason explicitly about strategies as first order objects and express in a very natural and elegant way several solution concepts like Nash, resilient, and secure equilibria, dominant strategies, etc. The price that one has to pay for the high expressiveness of SL semantics is that agents strategies it admits may be not behavioral, i.e., a choice of an agent, at a given moment of a play, may depend on the choices another agent can make in another counterfactual play. As the latter moves are unpredictable, this kind of strategies cannot be synthesized in practice. In this paper, we investigate two syntactical fragments of SL, namely the conjunctive-goal and disjunctive-goal, called SL[CG] and SL[DG] for short, and prove that their semantics admit behavioral strategies only. These logics are obtained by forcing SL formulas to be only of the form of conjunctions or disjunctions of goals, which are temporal assertions associated with a binding of agents with strategies. As SL formulas with any Boolean combination of goals turn out to be non behavioral, we have that SL[CG] and SL[DG] represent the maximal fragments of SL describing agent behaviors that are synthesizable. As a consequence of the above results, the model-checking problem for both SL[CG] and SL[DG] is shown to be solvable in 2EXPTIME, as it is for the subsumed logic ATL*.

Graded Computation Tree Logic

In modal logics, graded (world) modalities have been deeply investigated as a useful framework for generalizing standard existential and universal modalities in such a way that they can express statements about a given number of immediately accessible worlds. These modalities have been recently investigated with respect to the mu-calculus, which have provided succinctness, without affecting the satisfiability of the extended logic, i.e., it remains solvable in ExpTime. A natural question that arises is how logics that allow reasoning about paths could be affected by considering graded path modalities. In this paper, we investigate this question in the case of the branching-time temporal logic CTL (GCTL, for short). We prove that, although GCTL is more expressive than CTL, the satisfiability problem for GCTL remains solvable in ExpTime. This result is obtained by exploiting an automata-theoretic approach. In particular, we introduce the class of partitioning alternating Buchi tree automata and show that the emptiness problem for them is ExpTime-Complete. The satisfiability result turns even more interesting as we show that GCTL is exponentially more succinct than graded mu-calculus.

On Promptness in Parity Games

Parity games are a powerful formalism for the automatic synthesis and verification of reactive systems. They are closely related to alternating ω-automata and emerge as a natural method for the solution of the μ-calculus model checking problem. Due to these strict connections, parity games are a well-established environment to describe liveness properties such as “every request that occurs infinitely often is eventually responded”. Unfortunately, the classical form of such a condition suffers from the strong drawback that there is no bound on the effective time that separates a request from its response, i.e., responses are not promptly provided. Recently, to overcome this limitation, several parity game variants have been proposed, in which quantitative requirements are added to the classic qualitative ones.

A Behavioral Hierarchy of Strategy Logic

Starting from the seminal work introducing Alternating Temporal Logic, formalisms for strategic reasoning have assumed a prominent role in multi-agent systems verification. Among the others, Strategy Logic (SL) allows to represent sophisticated solution concepts, by treating agent strategies as first-order objects.

Comparing Rule-Based Policies

Policy comparison is useful for a variety of applications, including policy validation and policy-aware service selection. While policy comparison is somewhat natural for policy languages based on description logics, it becomes rather difficult for rule-based policies. When policies have recursive rules, the problem is in general undecidable. Still most policies require some form of recursion to model - say - subject and object hierarchies, and certificate chains. In this paper, we show how policies with recursion can be compared by adapting query optimization techniques developed for the relational algebra. We prove soundness and completeness of our method, discuss the compatibility of the restrictive assumptions we need w.r.t. our reference application scenarios, and report the results of a preliminary set of experiments to prove the practical applicability of our approach.