Abstraction

The following definition formalises the relation between two Extended AC-MAS models and enables us to reason about preservation of epistemic µ-calculus formulas [GJ02].

Definition 13 (Simulation). Let _{P = hS, I, Act, τ}mτM, Λi and P0 = hS0,I0, Act0τm0 τ 0 M, Λ

0

i be Extended AC-MAS over the same set _{A of agents and sets AP}0 _{⊆ AP of propositions. A} simulation relation between _{P and P}0 is a relation _{'⊆ S × S}0 such that:

1. s0 _{∈ I}0 iff there exists s_{∈ I, such that s ' s}0; and whenever s_{' s}0 then:

2. if s_{−→ t then there exists s}may 0 _{∈ S}0, such that s0 _−→may 0 t0 and t_{' t}0; 3. if s0 must

−→0 t0 then there exists t_{∈ S, such that s} must

−→ t and t ' t0_;

4. if smay_∼i t then there exists s0 ∈ S0, such that s0

may ∼i 0 t0 and t_{' t}0; 5. if s0 must ∼i 0

t0 then there exists t_{∈ S, such that s} must

∼i t and t' t0;

4.1 3-valued abstraction for ac-mas| 51

If there is a simulation relation between _{P and P}0, we say that _P0 simulates _{P, or P  P}0. The logic we consider here is the epistemic µ-calculus [BDE13]. Recall from Section 2.2.4 that the modal µ-calculus is a powerful formalism for expressing properties of transition systems using fix-point operators. Let AP be a finite set of atomic propositions and _{V a set of propositional} variables. We define the syntax of epistemic µ-calculus language_{L in BNF notation as follows:}

ϕ ::=_{> | p | Z | ¬ϕ | ϕ ∧ ϕ | 2ϕ | K}iϕ| µZ.ϕ | νZ.ϕ

where p _{∈ AP and Z ∈ V. The syntactic combinations µZ and νZ are called the least} and greatest fix-point operators respectively. An environment ρ : _{V → 2}S _{interprets the free}

propositional variable Z as a set of states. Any occurrence of Z in ϕ falls within an even number of negations in order for the formulas µZ.ϕ and νZ.ϕ to be monotonic in Z. Furthermore, we assume that formulas are closed and well-named, i.e., all propositional variables are bound exactly once in any formula. In addition to satisfaction (tt) and refutation (ff), we write _⊥ to express that the truth value is unknown. We define the 3-valued semantics for _{L in line} with [SG08] and extend it by the epistemic operator Ki as follows:

Definition 14 (3-Valued Semantics). Let _{P be Extended AC-MAS. The 3-valued semantics of} ϕ_{∈ L in P for an environment ρ, denoted JϕK}M,ρ₃ , is defined by a mapping S _{→ {tt,ff, ⊥} such} that: JϕK P,ρ 3 (s) =      tt, if s_∈JϕKP,ρ_tt ff, if s_∈JϕKP,ρ_ff ⊥, otherwise

The tt-set _JϕKP,ρ_{tt ⊆ S for ϕ ∈ L over Extended AC-MAS P = hS, I, Act, τ}mτM, Λi is defined

as follows (the ff-set _JϕKP,ρ_ff is defined dually):

J>K P,ρ tt = S J>K P,ρ ff =∅ JpK P,ρ tt ={s ∈ S : p ∈ Λ(s)} JpK P,ρ ff ={s ∈ S : ¬p ∈ Λ(s)} JZ K P,ρ tt = ρ(Z) JZ K P,ρ ff = ρ(Z) J¬ϕK P,ρ tt =JϕK P,ρ ff J¬ϕK P,ρ ff =JϕK P,ρ tt Jϕ1∧ ϕ2K P,ρ tt =Jϕ1K P,ρ tt ∩Jϕ2K P,ρ tt Jϕ1∧ ϕ2K P,ρ ff =Jϕ1K P,ρ ff ∪Jϕ2K P,ρ ff J2ϕK P,ρ tt = ax(JϕK P,ρ tt ) J2ϕK P,ρ ff = ex(JϕK P,ρ ff ) JµZ.ϕK P,ρ tt = lfp(λg.JϕK P,ρ[Z7→g] tt ) JµZ.ϕK P,ρ ff = gfp(λg.JϕK P,ρ[Z7→g] ff ) Jν Z.ϕK P,ρ tt = gfp(λg.JϕK P,ρ[Z7→g] tt ) Jν Z.ϕK P,ρ ff = lfp(λg.JϕK P,ρ[Z7→g] ff ) JKiϕK P,ρ tt = axi(JϕK P,ρ tt ) JKiϕK P,ρ ff = exi(JϕK P,ρ ff )∪JϕK P,ρ ff

where for X _{⊆ S: ax(X) = {s | ∀s}0 : s _{−→ s}may 0 _{⇒ X(s}0)_{}, ex(X) = {s | ∃s}0 : s _{−→ s}must 0 _{∧ X(s}0)_}, axi(X) = {s | ∀s0 : s

may

∼i s0 ⇒ X(s0)}, and exi(X) = {s | ∃s0 : s

must

ax returns states whose may successors are all in X, which means that more may successors (over-approximation) lead to a smaller tt set. In contrast, ex computes all states for which at

least one must transition exists, which means that less must successors (under-approximation) lead to a smaller ff set. axi and exi are the corresponding operators for the epistemic relations.

Note that we can add states _JϕKP,ρ_ff without the loss of soundness since agent i does definitely not know ϕ in states where ϕ is false.

The model _{P satisfies formula ϕ, or [P |}= ϕ] = tt, if all its initial states are in3 _JϕKP,ρ_tt . The model _{P refutes ϕ, or [P |}= ϕ] = ff, if at least one initial state is in3 _JϕKP,ρ_ff . Otherwise we say [_{P |}= ϕ] =3 _⊥.

The following lemma guarantees the preservation of truth and falsity of _{L formulas from the} simulating system _P0 to the system _{P being simulated:}

Lemma 1. Assume _{P  P}0. Then for every ϕ _{∈ L if [P}0 _|= ϕ] = tt then [3 _{P |}= ϕ] = tt and if3 [_P0 _|= ϕ] = ff then [3 _{P |}= ϕ] = ff.3

Proof. Assume _{P  P}0. We show that

if s_{' s}0, s0 _∈JϕKttP0,ρ then s _∈JϕKP,ρ_tt ; (4.1) if s_{' s}0, s0 _∈JϕKffP0,ρ then s _∈JϕKP,ρ_ff (4.2) by induction over ϕ. The base step, ϕ is p_{∈ AP}0, follows from the simulation requirement 6. The induction step for the µ-calculus operators follows from the simulation requirement 2. for tt and 3. for ff. The induction step for the epistemic modality follows from the simulation requirement 4. for tt and 5. for ff. The Lemma follows from (4.1), (4.2), and the simulation requirement 1., where the biconditional guarantees to preserve both tt and ff.

Definition 15 (Abstraction). Let _{P = hS, I, Act, τ}mτM, Λi and P0 = hS0,I0, Act0τm0 τ 0 M, Λ

0

i be Extended AC-MAS over the same set_{A of agents and sets AP}0 _{⊆ AP of propositions. We say} that _P0 is an abstraction of _{P if:}

1. s0 _{∈ I}0 iff there exists s_{∈ I, such that s ∈ γ(s}0);

2. s0 _−→may0 t0 iff there exist s_{∈ γ(s}0) and t_{∈ γ(t}0), such that s_{−→ t;}may 3. s0 must

−→0 t0 iff for each s_{∈ γ(s}0) there exists t_{∈ γ(t}0), such that s must

−→ t; 4. s0 may_∼i

0

t0 iff there exist s _{∈ γ(s}0), t _{∈ γ(t}0) such that s may_∼i t or there exists u0 such that

s0 may_∼i u0 and u0

may

∼i t0 (this recursively defines a chain of any length);

5. s0 must

∼i 0

t0 iff for each s_{∈ γ(s}0) there exists t _{∈ γ(t}0), such that smust

∼i t, and for each t∈ γ(t0)

there exists s_{∈ γ(s}0), such that tmust

∼i s;

4.1 3-valued abstraction for ac-mas| 53

where γ : S0 _{7→ 2}S _{is the concretisation function that maps each abstract state s}0

∈ S0 _{to the}

non-empty set of concrete states Ss0 ⊆ S it represents; may

−→0 and _{−→ are the may transition}may relations in _P0 and _{P respectively;} must

−→0 and must

−→ are the must transition relations; may∼i 0

and may_∼i

are the may epistemic possibility relations; and must_∼i 0

and must_∼i are the must epistemic possibility

relations.

May transition relations in the abstract model _P0 over-approximate may transition relations in the concrete model _{P; they represent every concrete may transition relation between two} states in _{P. Conversely, must transition relations in the abstract model P}0 under-approximate must transition relations in the concrete model _{P; they correspond to concrete transition} relations that are common to all of the states of _{P represented by the source abstract state.}

We define may and must epistemic possibility relations in the abstract system similarly to the temporal case; however, there are additional constraints due to the nature of the relations. Specifically, we require both to be equivalence relations. This is achieved by building the transitive closure formay_∼i, while relations in

must

∼i that are not symmetric are removed. By insisting

on equivalence relations, we ensure that the usual KT45 axioms for knowledge are satisfied in the abstract model.

Note that if the abstract may epistemic possibility relation were defined analogously to abstract may transition relations, it would not necessarily be transitive. Therefore, we define the abstract may epistemic possibility relation as the transitive closure of this relation. Similarly, if the abstract must epistemic possibility relation were defined analogously to abstract must transition relations, it would not be necessarily symmetric. Therefore, we remove the abstract must epistemic possibility relations that are not symmetric.

The labelling of an abstract state is defined so that it is consistent with the labelling of all the concrete states it represents. The biconditional ensures that the abstract labelling function is exact. Note that all Extended AC-MAS models _{P abstracted in such a way are consistent,} i.e., _JϕKtt∩JϕKff =∅ for any ϕ ∈ L, since

must

−→⊆may

−→ and must

∼i⊆

may

∼i. Therefore the set JϕK

P,ρ ⊥ can

be computed as S_\(JϕKP,ρ_{tt ∪JϕK}P,ρ_ff ).

Lemma 2. If _P0 is an abstraction of Extended AC-MAS _{P then P  P}0.

Proof. We show that if _P0 is abstraction of_{P then {(s, s}0)_{| s ∈ γ(s}0)_{} is the simulation relation} '. The simulation requirement 1. follows from the requirement 1. in Definition 15. The simulation requirement 2. follows from the if direction of the requirement 2. in Definition 15. The simulation requirement 3. follows from the only if direction of the requirement 3. in Definition 15. The simulation requirement 4. follows from the if direction of the requirement 4. in Definition 15 for n = 1. The simulation requirement 5. follows from the only if direction of the requirement 5. in Definition 15. The simulation requirement 6. follows from the only if direction of the requirement 6. in Definition 15 for all p_{∈ AP}0.

Theorem 2 (Preservation). Let _P0 be an abstraction of Extended AC-MAS _{P. Then for every} ϕ_{∈ L, if [P}0 _|= ϕ]3 _{6= ⊥ then [P |}= ϕ] = [3 _P0 _|= ϕ].3

Proof. Theorem follows from Lemma 1 and Lemma 2, where for _{P we have τ}M = τm = τ and

may

∼i=

must

∼i=∼i