Model checking for resource bounded ATL with production and consumption of resources

(1)

Contents lists available atScienceDirect

Journal

of

Computer

and

System

Sciences

www.elsevier.com/locate/jcss

Model-checking

for

Resource-Bounded

ATL

with

production

and

consumption

of

resources

✩

Natasha Alechina

a,

∗

,

Brian Logan

a

, Hoang Nga Nguyen

b

, Franco Raimondi

c

a_School_of_Computer_Science,_The_University_of_Nottingham,_UK b_Centre_for_Mobility_and_Transport,_Coventry_University,_UK c_Department_of_Computer_Science,_Middlesex_University,_UK

a

r

t

i

c

l

e

i

n

f

o

a

b

s

t

r

a

c

t

Articlehistory:

Received 19 August 2016 Accepted 19 August 2016 Available online xxxx

Keywords: Model-checking Resources Coalitional ability

Veriﬁcation of multi-agent systems

Severallogicsforexpressingcoalitionalabilityunderresourceboundshavebeenproposed and studied in the literature. Previous work has shown that if only consumption of resources is considered or the total amount of resources produced or consumed on any path in the system is bounded, then the model-checking problem for several standardlogics,suchasResource-BoundedCoalitionLogic(RB-CL)andResource-Bounded Alternating-Time Temporal Logic (RB-ATL) is decidable. However, for coalition logics withunboundedresource productionand consumption,onlysomeundecidabilityresults are known.In this paper, we show that the model-checking problem for RB-ATLwith unboundedproductionandconsumptionofresourcesisdecidablebutEXPSPACE-hard.We alsoinvestigatesometractablecasesandprovideadetailedcomparisontoavariantofthe resourcelogicRAL,togetherwithnewcomplexityresults.

1. Introduction

Alternating-TimeTemporalLogic(ATL)[1]iswidelyusedinveriﬁcationofmulti-agentsystems.ATLcan express prop-ertiesrelatedtocoalitionalability,forexample,one canstatethatagroupofagents A hasastrategy(achoiceofactions) suchthatwhatevertheactionsbytheagentsoutsidethecoalition,anycomputationofthesystemgeneratedbythestrategy satisﬁessometemporalproperty.A numberofvariationsonthesemanticsofATLexist:agentsmayhaveperfectrecallorbe memoryless,andtheymayhavefullorpartialobservability.Inthecaseoffullyobservablemodelsandmemorylessagents, the model-checkingproblemfor ATLis polynomialin thesize ofthe modelandtheformula, while itis undecidablefor partiallyobservable models whereagentshaveperfectrecall[2].Additionally, eveninthe simplecaseoffullyobservable models andmemorylessagents, thecomplexity increasessubstantially ifthe model-checking problemtakesinto account modelswithcompact(implicit)representations[2].

Inthispaper, weconsider an extensionof perfectrecall,fullyobservable ATL whereagentsproduceandconsume re-sources. The properties we are interested in are related to coalitional ability under resource bounds. Instead of asking whetheragroup ofagentshasastrategy toenforcea certaintemporalproperty, we areinterested inwhetherthegroup hasastrategythatcanbeexecutedunderacertainresourcebound(e.g.,iftheagentshaveatmostb1 unitsofresourcer1

✩ _{This work was supported by the Engineering and Physical Sciences Research Council [grants EP/K033905/1 and EP/K033921/1].}

*

Corresponding author.

E-mailaddresses:[email protected](N. Alechina), [email protected](B. Logan), [email protected](H.N. Nguyen), [email protected]

(F. Raimondi).

http://dx.doi.org/10.1016/j.jcss.2017.03.008

(2)

andb2 unitsofresourcer2).Clearly,some actionsmaynolongerbe usedaspartofthestrategyiftheircostexceeds the bound. Thereareseveralwaysinwhichtheprecisenotionofthecost ofa strategycanbe defined.Forexample,onecan define itasthemaximalcostofanypath(computationofthesystem)generatedbythestrategy, wherethecostofapath isthesumofresourcesproducedandconsumedbyactions onthepath.Wehavechosen adifferentdefinitionwhichsays thatastrategyhasacostatmostbifforeverypathgeneratedbythestrategy, everyprefixofthepathhascostatmostb. Thismeans thatastrategy cannot,forexample,startwithexecuting anactionthatconsumesmorethan b resources,and then‘makeup’forthisbyexecutingactionsthatproduceenoughresourcestobringthetotalcostofthepathunderb.Itis howeverpossibletofirstproduceenoughresources,andthenexecuteanactionthatcostsmorethanb,solongasthecost ofthepathislessthanb.

There arealsomanychoicesfortheprecisesyntax ofthelogicandthetruthdeﬁnitionsoftheformulas.Forexample, in [3]several versions are given, intuitively corresponding to considering resource bounds both on the coalition A and the restoftheagentsinthesystem, considering aﬁxed resourceendowment of A in theinitialstate whichaffectstheir endowment afterexecuting some actions, etc. Inthis paperwe give a precise comparisonof ourlogic withthe variants of

L

RAL introduced in[3],andintheprocess solveanopen problemstatedin[3].In[4,5] differentsyntax andsemantics

are considered,inwhichtheresourceendowment ofthewholesystemistakenintoaccountwhenevaluatingastatement concerning a group of agents A. As observed in [3], subtle differences in truth conditions for resource logics result in thedifferencebetweendecidabilityandundecidabilityofthemodel-checkingproblem.In[3],theundecidabilityofseveral versions of thelogics isproved. Recently, even more undecidability resultswere shown in[6].The only decidable cases considered in [3] are an extension of Computation Tree Logic (CTL) [7] with resources (essentially one-agent ATL) and the versionwhereonevery pathonlya fixedfiniteamountofresources canbeproduced. Similarly,[4]givesadecidable logic, PRB-ATL(PricedResource-Bounded ATL),wherethetotalamountofresources inthesystemhasa fixedbound.The model-checkingalgorithmforPRB-ATLrunsintimepolynomialinthesizes ofthemodelandtheformula,andexponential inthenumberofresourcesandthesizeoftherepresentation(ifinbinary)oftheresourcebounds.In[5]anEXPTIMElower boundinthenumberresourcesandinthesizeoftherepresentation(ifinbinary)oftheresourceboundsisshown.

Thestructureofthispaperisasfollows.Insections2,3,and4,weintroduceResource-BoundedATLwithproductionand consumptionofresources,amodel-checkingalgorithmforit,andprovethatthemodel-checkingproblemisEXPSPACE-hard. Thispartofthepaperextends[8].Insection5wediscusstwospecialcaseswithfeasiblemodel-checking,oneofthembeing ageneralisationofthemodel-checkingalgorithmfor(production-free)RB-ATLintroducedin[9]tounboundedresources.In section6wegiveadetailedcomparisonwiththelogicsin[3]andshowthatforoneofthemthemodel-checkingproblem isdecidable,solvinganopenproblemstatedin[3].1

2. SyntaxandsemanticsofRB

±

ATL

The logicRB-ATLwasintroduced in[9].Here wegeneralisethedeﬁnitionsfrom[9]toallowforproductionaswellas consumption ofresources.Toavoidconfusionwiththeconsumption-onlyversionofthelogicfrom[9],werefertoRB-ATL withproductionandconsumptionofresourcesasRB

±

ATL.

LetAgt

= {

a1

,

. . . ,

an

}

be asetofnagents,Res

= {

res1

,

. . . ,

resr

}

bea setofr resources,

beasetofpropositionsand B

=

N

r

∞beasetofresourceboundswhere

N

∞

=

N

∪ {∞}

. FormulasofRB

±

ATLaredeﬁnedbythefollowingsyntax

φ, ψ

::=

p

| ¬

φ

|

φ

∨

ψ

|

Ab

φ

|

Ab

2 φ

|

Ab

φ

U

ψ

where p

∈

isaproposition, A

⊆

Agt,andb

∈

Bisaresourcebound.Here,

Ab

φ

meansthatacoalition A canensure thatthenextstatesatisﬁes

φ

underresourceboundb.

Ab

₂

_φ

_means_that _A _has_a_strategy_to_make_sure_that

_φ

_is_always

true, and the cost of this strategy is at most b. Similarly,

Ab

_φ

_U

_ψ

_means _that _A _has _a _strategy _to _enforce

_ψ

_while

maintainingthetruthof

φ

,andthecostofthisstrategyisatmostb.

Weextendthedeﬁnitionofaconcurrentgamestructurewithresourceconsumptionandproduction.

Deﬁnition1.Aresource-boundedconcurrentgamestructure(RB-CGS)isatupleM

=

(

Agt

,

Res

,

S

,

π

,

Act

,

d

,

c

,

δ)

where:

•

Agtisanon-emptysetofnagents,Resisanon-emptysetofrresourcesandS isanon-emptysetofstates;

•

isaﬁnitesetofpropositionalvariablesand

π

:

→

℘ (

S

)

isatruth assignmentwhichassociateseachproposition in

withasubsetofstateswhereitistrue;

(3)

•

Actisanon-emptysetofactionswhichincludesidle,andd

:

S

×

Agt

→

℘ (

Act

)

\ {∅}

isafunctionwhichassignstoeach

s

∈

S anon-emptyset ofactions availabletoeach agenta

∈

Agt.Forevery s

∈

S anda

∈

Agt,idle

∈

d

(

s

,

a

)

.We denote jointactionsbyallagentsinAgtavailableatsby D

(

s

)

=

d

(

s

,

a1

)

× · · · ×

d

(

s

,

an

)

;

•

c

:

S

×

Agt

×

Act

→

Z

r isa partialfunction whichmapsa state s,an agent a andan action

α

∈

d

(

s

,

a

)

toa vector of integers,where theintegerin positioni indicates consumptionorproduction ofresourceresi by theaction (positive

value forconsumption andnegative value forproduction). Westipulate thatc

(

s

,

a

,

idle

)

= ¯

0 for all s

∈

S anda

∈

Agt, where0

¯

=

0r;

• δ

:

S

×

Act|Agt|

→

S is a partial function that maps every s

∈

S and joint action

σ

∈

D

(

s

)

to a state resulting from executing

σ

ins.

Givena RB-CGS M, we denotetheset ofall infinitesequences of states(infinite computations)by Sω and theset of non-empty finitesequences(finitecomputation)ofstatesby S+.Foracomputation

λ

=

s0s1

. . .

∈

Sω we usethenotation

λ

[

i

]

=

si and

λ

[

i

,

j

]

=

si

. . .

sj.

GivenaRB-CGS Mandastate s

∈

S,ajointactionbyacoalition A

⊆

Agt isatuple

σ

=

(

σa

)

a∈A (where

σa

istheaction

thatagentaexecutesaspartof

σ

,theathcomponentof

σ

)suchthat

σa

∈

d

(

s

,

a

)

.ThesetofalljointactionsforA atstate

sisdenotedby DA

(

s

)

.Givenajointactionbythegrandcoalition

σ

∈

D

(

s

)

,

σA

(aprojectionof

σ

on A)denotesthejoint

actionexecutedby Aaspartof

σ

:

σA

=

(

σa

)

a∈A.Thesetofallpossibleoutcomesofajointaction

σ

∈

DA

(

s

)

atstatesis:

out(s,σ

)

= {

s

∈

S

| ∃

σ

∈

D(s)

:

σ

=

σ

_A

∧

s

=

δ(s,σ

)

}

In the sequel, we use the usual point-wise notation for vector comparison andaddition. In particular,

(

b1

,

. . . ,

br

)

≤

(

d1

,

. . . ,

dr

)

iffbi

≤

di

∀

i

∈ {

1

,

. . . ,

r

}

,

(

b1

,

. . . ,

br

)

=

(

d1

,

. . . ,

dr

)

iffbi

=

di

∀

i

∈ {

1

,

. . . ,

r

}

,and

(

b1

,

. . . ,

br

)

+

(

d1

,

. . . ,

dr

)

=

(

b1

+

d1

,

. . . ,

br

+

dr

)

. However, for convenience we deﬁne

(

b1

,

. . . ,

br

)

< (

d1

,

. . . ,

dr

)

as

(

b1

,

. . . ,

br

)

≤

(

d1

,

. . . ,

dr

)

and

(

b1

,

. . . ,

br

)

=

(

d1

,

. . . ,

dr

)

.Weassumethatforanyb

∈

N

,b

≤ ∞

,b

+ ∞

= ∞

and

∞

−

b

= ∞

.Givenafunction f returning

avector,wealsodenoteby fi thefunctionthatreturnsthei-thcomponentofthevectorreturnedby f.

The cost ofa jointaction

σ

∈

DA

(

s

)

is deﬁnedascostA

(

s

,

σ

)

=

a∈Ac

(

s

,

a

,

σa

)

andthesubscript A is omittedwhen A

=

Agt.

GivenaRB-CGSM,astrategyforacoalition A

⊆

Agtisamapping FA

:

S+

→

Act|A|suchthat,forevery

λ

s

∈

S+,FA

(λ

s

)

∈

DA

(

s

)

.Acomputation

λ

∈

Sω isconsistentwithastrategy FAiff,foralli

≥

0,

λ

[

i

+

1

]

∈

out

(λ

[

i

]

,

FA

(λ

[

0

,

i

]

))

.Wedenoteby out

(

s

,

FA

)

thesetofallcomputations

λ

startingfromsthatareconsistentwithFA.

Givenaboundb

∈

B,acomputation

λ

∈

out

(

s

,

FA

)

isb-consistentwithFA iff,foreveryi

≥

0,

i

j=0

costA(λ

[

j

]

,

FA(λ

[

0

,

j

]

))

≤

b

Notethatthisdeﬁnitionimpliesthatthecostofeverypreﬁxofthecomputationisbelowb.

The set of all computations starting from state s that are b-consistent with FA is denoted by out

(

s

,

FA

,

b

)

. FA is a b-strategyiffout

(

s

,

FA

)

=

out

(

s

,

FA

,

b

)

foranystates.

GivenaRB-CGS Mandastate sofM,thetruthofaRB

±

ATLformula

φ

withrespecttoM andsisdeﬁnedinductively onthestructureof

φ

asfollows:

•

M

,

s

|=

piffs

∈

π

(

p

)

;

•

M

,

s

|= ¬

φ

iffM

,

s

|=

φ

;

•

M

,

s

|=

φ

∨

ψ

iffM

,

s

|=

φ

orM

,

s

|=

ψ

;

•

M

,

s

|=

Ab

_φ

_iff

_∃

_b_-strategy _F

Asuchthatforall

λ

∈

out

(

s

,

FA

)

:M

,

λ

[

1

]

|=

φ

;

•

M

,

s

|=

Ab

₂

_φ

_iff

_∃

_b_-strategy _F

Asuchthatforall

λ

∈

out

(

s

,

FA

)

andi

≥

0: M

,

λ

[

i

]

|=

φ

;and

•

M

,

s

|=

Ab

φ

U

ψ

iff

∃

b-strategy FA such that for all

λ

∈

out

(

s

,

FA

)

,

∃

i

≥

0: M

,

λ

[

i

]

|=

ψ

and M

,

λ

[

j

]

|=

φ

for all j

∈ {

0

,

. . . ,

i

−

1

}

.

Since the inﬁnite resource bound version of RB

±

ATL modalities correspond to the standard ATL modalities, we will write

A∞¯

φ

,

A∞¯

φ

U

ψ

,

A∞¯

2 φ

as

A

φ

,

A

φ

U

ψ

,

A

2 φ

,respectively.Whenthecontextisclear,wewill sometimeswrites

|=

φ

insteadofM

,

s

|=

φ

.

Note that although we onlyconsider inﬁnite paths, thecondition that the idle action isalways available andcosts 0

¯

makes themodel-checking problemeasier(weonly needto finda strategywitha finiteprefix underbound b to satisfy

formulasoftheform

Ab

φ

and

Ab

φ

U

ψ

,andthenthestrategycanmaketheidlechoiceforever).

As an example ofthe expressivity ofthe logic, consider themodel inFig. 1 withtwo agents a1 and a2 andtwo re-sourcesr1 andr2.Letusassumethat c

(

sI

,

a1

,

α

)

= −

2

,

1

(action

α

produces2unitsofr1 andconsumesoneunitofr2),

c

(

s

,

a2

,

β)

=

1

,

−

1

andc

(

s

,

a1

,

γ

)

=

5

,

0

.Then agenta1 onits ownhasastrategy toenforcea statesatisfying p under resourceboundof3 unitsofr1 and1 unitofr2 (M

,

sI

|=

{

a1

}

3,1

U

p):a1 hastoselectaction

α

insI whichrequires

(4)

[image:4.561.109.440.55.152.2]

Fig. 1.An example with consumption and production of resources.

p holds.Afterthis,a1 hastoselectidle forever,whichdoesnotrequireanyresources.Any smallerresourceboundisnot suﬃcient.However, bothagentshaveastrategytoenforcethesameoutcome undera smallerresource boundofjustone unitofr2(M

,

sI

|=

{

a1

,

a2

}

0,1

U

p):agenta2 needstoselect

β

anda1 idleinsuntiltheagentshavegonethroughthe loopbetweensI andsfourtimesandaccumulatedenoughofresourcer1 toenableagenta1 toperform

γ

ins.

3. ModelcheckingRB

±

ATL

The model-checkingproblemforRB

±

ATListhequestion whether,foragivenRB-CGS structure M,a states in Mand anRB

±

ATLformula

φ

0,M

,

s

|=

φ

0.Inthissectionweprovethefollowingtheorem:

Theorem1.Themodel-checkingproblemforRB

±

ATLisdecidable.

Toprovedecidability,wegiveanalgorithmwhich,givenastructureM

=

(

Agt

,

Res

,

S

,

π

,

Act

,

d

,

c

,

δ)

andaformula

φ

0, returnsthesetofstates

[

φ

0

]

M satisfying

φ

0:

[

φ

0

]

M

= {

s

|

M

,

s

|=

φ

0

}

(seeAlgorithm 1).

Algorithm1Labelling

φ

0. functionrb±atl-label(M,φ0)

forφ∈Sub(φ0)do

caseφ=p,¬φ,φ∧ψ, Aφ, AφUψ, A2φ standard, see [1]

caseφ= Ab_φ

[φ]M←Pre(A,[φ]M,b)

caseφ= Ab φUψ

[φ]M← {s|s∈S∧

until-strategy(node0(s,b),Ab_φ_U_ψ)_}

caseφ= Ab₂_φ

[φ]M← {s|s∈S∧box-strategy(node0(s,b),Ab₂_φ)_}

return[φ0]M

Given

φ

0,weproduceasetofsubformulasSub

(φ

0

)

of

φ

0intheusualway,however,inaddition,if

Ab

γ

∈

Sub

(φ

0

)

,its inﬁniteresource version

A

γ

isaddedto Sub

(φ

0

)

.Sub

(φ

0

)

isorderedinincreasing orderofcomplexity,andtheinﬁnite resource version of each modalformula comes beforethe bounded version. Notethat ifa state s is not annotatedwith

A

γ

thenscannotsatisfytheboundedresourceversion

Ab

_γ

_.

Wethenproceedbycases.ForallformulasinSub

(φ

0

)

apartfrom

Ab

φ

,

Ab

φ

U

ψ

and

Ab

2 φ

weessentiallyrun thestandardATLmodel-checkingalgorithm[1].

Labellingstateswith

Ab

_φ

_makes_use_of_a_function_Pre

₍

_A

_,

_ρ

_,

_b

₎

_which,_given_a_coalition_A_,_a_set

_ρ

_⊆

_S_and_a_bound_b_,

returnsasetofstatessinwhich Ahasajointaction

σA

withcost

(

s

,

σA

)

≤

b suchthatout

(

s

,

σA

)

⊆

ρ

.Labellingstateswith

Ab

_φ

_U

_ψ

_and

_Ab

₂

_φ

_is_more_complex,_and_in_the_interests_of_readability_we_provide_separate_functions:_{until-strategy}

for

Ab

φ

U

ψ

formulasisshowninAlgorithm 2,andbox-strategyfor

Ab

2 φ

formulasisshowninAlgorithm 3.

Both algorithms proceed by depth-ﬁrstand–or searchof M.We record informationaboutthestate ofthesearch in a search treeofnodes.Anodeisastructurewhichconsistsofastate ofM,theresources availableto theagents A inthat state (ifany), anda ﬁnite pathof nodesleading to this node fromthe rootnode. Edgesin the treecorrespond to joint actions by all agents.Note thatthe resources availableto theagentsina state s ona pathconstrain theedges fromthe correspondingnodetobethoseactions

σA

wherecost

(

s

,

σA

)

islessthanorequaltotheavailableresources.Foreachnode

n inthetree,we haveafunction s

(

n

)

whichreturns itsstate, p

(

n

)

whichreturns thenodesonthepath ande

(

n

)

which returns thevector ofresourceavailabilitiesin s

(

n

)

asaresultoffollowing p

(

n

)

.The functionnode0

(

s

,

b

)

returnstheroot node,i.e.,anoden0 suchthats

(

n0

)

=

s,p

(

n0

)

= [

]

andei

(

n0

)

=

bi forallresourcesi.Thefunctionnode

(

n

,

σ

,

s

)

returnsa

nodenwheres

(

n

)

=

s,p

(

n

)

= [

p

(

n

)

·

n

]

andforallresourcesi,ei

(

n

)

=

ei

(

n

)

−

costi

(

s

(

n

),

σ

)

.

Both until-strategyandbox-strategytakeasearchtreenodenandaformula

_φ

∈

Sub

_(φ

₀

₎

asinput,andhavesimilar

(5)

is falsein the state representedby node n, s

(

n

)

.(Note that the state representedby n hasalready beenlabelledby the resource bounded subformulas

φ

and

ψ

.) If so, they return false immediately,terminating search of the currentbranch of the search tree (lines 2–3 ofAlgorithms 2 and 3). until-strategy also returns true ifthe second argument

ψ

of

φ

is truein s

(

n

)

(lines 8–9 ofAlgorithm 2). Both until-strategy andbox-strategy check whetherthestate s

(

n

)

has been

encounteredbeforeonp

(

n

)

,i.e.,p

(

n

)

endsinaloop.Inthecaseofuntil-strategy_,_if_the_loop_is_unproductive_(i.e.,_resource

availability has not increased since the previous occurrence of s

(

n

)

on the path), then the loop is not necessary for a successfulstrategy,andsearchonthisbranchisterminatedreturningfalse(lines4–5).Ifontheotherhandtheloopstrictly increasestheavailability ofatleastone resourcei anddoesnot decreasetheavailability ofotherresources, thenei

(

n

)

is

replacedwith

∞

,asashorthand denotingthat anyﬁniteamount ofi can beproduced byrepeating theloopsuﬃciently manytimes(lines 6–7ofAlgorithm 2).Ifallresourcevalueshavebeenreplacedby

∞

,until-strategyreturnstrue(lines

10–11),sincethebranchsatisﬁestheinﬁniteresourceversion

A

φ

U

ψ

of

φ

,andanarbitraryamountofanyresourcecan be accumulatedalong thepath.Forbox-strategytheloop checkisslightlydifferent. Ifthe loopdecreasesthe amountof

atleastoneresourcewithoutincreasing theavailabilityofanyotherresource,itcannotformpartofasuccessfulstrategy, andthesearchterminatesreturningfalse(lines 4–5ofAlgorithm 3).Ifanon-decreasingloop isfound,thenitispossible to maintain the invariant formula

φ

forever without expending anyresources, and the search terminates returningtrue (lines 6–7).

Ab

φ

U

ψ

.

1:functionuntil-strategy(n,Ab_φ_U_ψ₎ 2: ifs(n)|= A∞¯φUψthen 3: returnfalse

4: if∃n∈p(n):s(n)=s(n)∧(∀j:ej(n)≥ej(n))then 5: returnfalse

6: fori∈ {i∈Res| ∃n∈p(n):s(n)=s(n)∧(∀j:ej(n)≤ej(n))∧ ei(n)<ei(n)} do

7: ei(n)← ∞ 8: ifs(n)|=ψthen 9: returntrue 10: ife(n)= ¯∞then 11: returntrue

12: ActA← {σ∈DA(s(n))|cost(s(n),σ)≤e(n)}

13: forσ∈ActAdo 14: O←out(s(n),σ) 15: strat←true 16: fors∈Odo 17: strat←strat∧

18: until-strategy(node(n,σ,s),Ab_φ_U_ψ) 19: ifstratthen

20: returntrue 21: returnfalse

If none of the if statements evaluates to true, then, in both until-strategy and box-strategy, search continues by

considering eachaction available ats

(

n

)

in turn.Foreach action

σ

∈

ActA,thealgorithm checkswhethera recursivecall ofthealgorithmreturns trueinall outcomestatesof

σ

(i.e.,

σ

ispartofa successfulstrategy). Ifsucha

σ

isfound,the algorithm returnstrue.Otherwisethe algorithmreturns false.Notethat the argument

φ

is passedthrough therecursive callsunchanged:informationabouttheresourcesavailabletotheagentsins

(

n

)

asaresultoffollowing p

(

n

)

isencodedin thesearchnodes.

Lemma1.Algorithm 1terminates.

Proof. AllthecasesinAlgorithm 1apartfrom

Ab

_φ

_U

_ψ

_and

_Ab

₂

_φ

_can_be_computed_in_time _polynomial_in

_|

_M

_|

_and

|

φ

|

.Thecasesfor

Ab

φ

U

ψ

and

Ab

2 φ

involvecallingtheuntil-strategy_andbox-strategy_procedures,_{respectively,}_for

everystateinS.Inordertoprovethattheseproceduresterminate,wearegoingtoshowthatthereisnoinﬁnitesequence ofcallstountil-strategyorbox-strategy.

Assumetothecontrarythatn1

,

n2

,

. . .

isaninfinitesequenceofnodesinaninfinitesequenceofrecursivecallsto until-strategyor box-strategy.Then, since the setof statesisfinite, thereis an infinitesubsequence n_i1

,

n_i2

,

. . .

of n₁

,

n₂

,

. . .

such thatforall j,s

(

nij

)

=

sforsomestate s (thestate isthesameforallthenodesinthesubsequence).Weshow that

then thereis aninﬁnite subsequencen₁

,

n₂

,

. . .

ofni1

,

ni2

,

. . .

such that fork

<

j,e

(

n_k

)

≤

e

(

n_j

)

. Theproof is verysimilar

to theproof ofLemma f in[10, p. 70]andproceedsby inductionon thenumberof resourcesr.Forr

=

1,since e

(

n

)

is alwayspositive,theclaimisimmediate.Assumethelemmaholdsforrandletusshowitforr

+

1.Thenthereisaninﬁnite subsequencem₁

,

m₂

,

. . .

ofni1

,

ni2

,

. . .

whereforallresourcesi

∈ {

1

,

. . . ,

r

}

ei

(

m_k

)

≤

ei

(

m_j

)

fork

<

j.Clearlytherearetwo

(6)

Ab

₂

_φ

_.

1:functionbox-strategy(n, Ab₂_φ₎ 2: ifs(n)|= A∞¯2φthen 3: returnfalse

4: if∃n∈p(n):s(n)=s(n)∧(∀j:ej(n)≥ej(n))∧ (∃j:ej(n)>ej(n)) then 5: returnfalse

6: if∃n∈p(n):s(n)=s(n)∧(∀j:ej(n)≤ej(n))then 7: returntrue

8: ActA← {σ∈DA(s(n))|cost(s(n),σ)≤e(n)} 9: forσ∈ActAdo

10: O←out(s(n),σ) 11: strat←true 12: fors∈Odo 13: strat←strat∧

14: box-strategy(node(n,σ,s),Ab₂_φ) 15: ifstratthen

16: returntrue 17: returnfalse

whicharesmallerthaner+1

(

m1

)

).Hencee

(

mj1

)

≤

e

(

mj2

)

.Thesameargumentcanberepeatedtoshowthatthereisanode m_j

3 inthesequence such that e

(

m

j2

)

≤

e

(

m

j3

)

,etc. Hence,if thereis aninﬁnite sequenceof nodescorresponding toan

infinite sequenceof recursive calls,then there isan infinite subsequence ofthat sequence ofnodes,where thenodes in thesubsequencehavethesamestateandthesameorgrowingresourceavailability.Theexistenceofthelattersubsequence wouldconstituteacontradiction,becausecomparableresourceavailabilityvectorsfornodeswiththesamestatewillleadto terminationafterfinitelymanysteps(sotherecannotbeaninfinitesequenceofrecursivecalls).Toseewhythisisso, con-siderthesimplercaseofbox-strategy_first._In_{Algorithm 3}_,_when_in_a_node_n_we_discover_that_previously_we_encountered

anodensuchthats

(

n

)

=

s

(

n

)

ande

(

n

)

≤

e

(

n

)

,wereturntrue.Sothebox-strategywillterminateafterencounteringjust

one pairof nodeswiththesamestate wherethesecond node hasthesame orhigherresourceavailability.Hence, there cannot be an inﬁnitesequence ofcalls to the box-strategy. Consider until-strategy.Given asubsequence n₁

_,

n₂

_,

_{. . . ,}

n_r

(where r is thenumber ofresourcetypes) ofnodes withthesame state such thate

(

ni

)

≤

e

(

ni+1

)

,either e

(

ni

)

=

e

(

ni+1

)

(and Algorithm 2 returnsfalse)or e

(

ni

)

≤

e

(

ni+1

)

withej

(

ni

)

<

ej

(

nj+1

)

for some j andone ormore resourcetypes are resetto

∞

.Whenall resourcetypesareresetto

∞

,Algorithm 2returnstrue.Ineithercase,theexistenceofsucha sub-sequence impliesterminationafterﬁnitelymanysteps,whichcontradictsouroriginal assumptionthatthereisan inﬁnite sequenceofrecursivecalls.Hence,Algorithm 1terminates.

2

Beforeweprovecorrectnessofuntil-strategyandbox-strategy,weneedsomeauxiliarynotions.Letnbeanodewhere

oneoftheproceduresreturnstrue.Wewillrefertotree

(

n

)

asthetreerepresentingthesuccessfulcalltotheprocedure.In particular,iftheprocedurereturnstruebeforeanyrecursivecallismade,thentree

(

n

)

=

n.Otherwisetheprocedurereturns truebecausethereisanaction

α

∈

ActA suchthatforalls

∈

out

(

s

(

n

),

α

)

theprocedurereturnstrueinn

=

node

(

n

,

α

,

s

)

.

Inthiscase,tree

(

n

)

hasnasitsrootandtreestree

(

n

)

arethechildrenofn.Werefertotheaction

α

asnact (theactionthat

generatesthechildrenofn).Forthesakeofuniformity,iftree

(

n

)

=

nthenwesetnact tobeidle.Suchatreecorrespondsto

astrategy F whereforeachpathn

· · ·

mfromtherootntoanodemintree

(

n

)

,F

(

s

(

n

)

· · ·

s

(

m

))

=

mact.

Astrategy Fforsatisfying

Ab

_φ

_U

_ψ

_is

_U

_-economical_for_a_node_n_if,_intuitively,_no_path_generated_by_it_contains_a_loop

thatdoesnotincreaseanyresource.Astrategyis

2

-economicalforanodenif,intuitively,nopathgeneratedbyitcontains aloopthatdecreasessomeresourcesanddoesnotincreaseanyotherresources.Formally,astrategy F is

U

-economicalfor

nif

•

F satisﬁes

Ae(n)

φ

U

ψ

at s

(

n

)

, i.e., F isa e

(

n

)

-strategyand

∀

λ

∈

out

(

s

(

n

),

F

)

,

∃

i

≥

0

:

λ

[

i

]

|=

ψ

and

λ

[

j

]

|=

φ

for all

j

∈ {

0

,

. . . ,

i

}

;

•

Thepath p

(

n

)

·

nisalready

U

-economical,i.e.,

∀

n

∈

p

(

n

)

·

n

,

n

∈

p

(

n

)

:

s

(

n

)

=

s

(

n

)

⇒

e

(

n

)

e

(

n

)

;

•

Every state is reached by F

U

-economically, i.e., for each computation s0s1

. . .

sk

. . .

∈

out

(

s

(

n

),

F

)

and each j

<

k

≤

i where i is the smaller index such that si satisﬁes

ψ

, sj

=

sk

⇒

cost

(

sj

. . .

sk

)

0 with

¯

cost

(

sj

. . .

sk

)

=

l=j,...,k−1cost

(λ

[

l

]

,

F

(λ

[

0

,

l

]

))

;and

•

Every state isreachedby F

U

-economicallywithrespectto thepath p

(

n

)

,i.e., forevery computation s0s1

. . .

sk

. . .

∈

out

(

s

(

n

),

F

)

,

∀

n

∈

p

(

n

)

:

s

(

n

)

=

sk

⇒

e

(

n

)

e

(

n

)

−

cost

(

s0

. . .

sk

)

.

Astrategy F is

2

-economicalif:

•

F satisﬁes

Ae(n)

₂

_φ

_at_s

₍

_n

₎

_,_i.e., _F _is_a_e

₍

_n

₎

_-strategy_and

_∀

_λ

_∈

_out

₍

_s

₍

_n

_),

_F

₎

_,

_∀

_i

_≥

₀

_:

_λ

_[

_i

_]

_|=

_φ

_;

(7)

[image:7.561.199.345.56.182.2]

Fig. 2.TreeT andT=prune(T,m).

•

Every state is reached by F

2

-economically, i.e., foreach computation s0s1

. . .

sk

. . .

∈

out

(

s

(

n

),

F

)

∀

j

<

k

:

sj

=

sk

⇒

cost

(

sj

. . .

sk

)

≯

0;

¯

•

Everystate is reachedby F

2

-economicallywithrespect tothe path p

(

n

)

, i.e., forevery computation s0s1

. . .

sk

. . .

∈

out

(

s

(

n

),

F

)

,

∀

n

∈

p

(

n

)

:

s

(

n

)

=

sk

⇒

e

(

n

)

≯

e

(

n

)

−

cost

(

s0

. . .

sk

)

.

Notethatanystrategy F satisfying

Ae(n)

_φ

_U

_ψ

₍

_Ae(n)

₂

_φ

₎_at_s

₍

_n

₎

_can_be_converted_to_an_economical_one_by

elimi-natingunproductiveloops,asstatedbythefollowingproposition.

Proposition 1. There is a strategy to satisfy

Ae(n)

_φ

_U

_ψ

_(resp.,

_Ae(n)

₂

_φ

₎ _at _s

₍

_n

₎

_iff _there _is _an

_U

_-economical _(resp.,

2

-economical)strategytosatisfy

Ae(n)

_φ

_U

_ψ

_(resp.,

_Ae(n)

₂

_φ

₎_at_s

₍

_n

₎

_.

Nextweprovecorrectnessofuntil-strategy.Thenextlemmaessentiallyshowsthatreplacingaresourcevaluewith

∞

inAlgorithm 2isharmless.Fortheinductivestepoftheproof,weneedthefollowingnotion.Givenatreetree

(

n

)

,wecall itspruning,denotedasprune

(

tree

(

n

),

m1

,

. . . ,

mk

)

,thetreeobtainedbyremovingallchildrenofsomenodesm1

,

. . . ,

mkthat

haveonlyleavesaschildrenintree

(

n

)

.

Lemma2.Letn

=

node0

(

s

,

b

)

beanodewhereuntil-strategyreturnstrue.Letf beafunctionthatforeachleafnoftree

(

n

)

returns f

(

n

)

∈

N

rsuchthatfi

(

n

)

=

ei

(

n

)

ifei

(

n

)

= ∞

( fi

(

n

)

canbeanynaturalnumberifei

(

n

)

= ∞

).Then,thereisastrategyF such thatforeveryleafnofthetreeinducedbyF ,e

(

n

)

≥

f

(

n

)

holds.

Proof. Byinductiononthestructureoftree

(

n

)

.

Base Case: Lettree

(

n

)

containonlyitsroot.Theproofisobviousforanystrategy.

Inductive Step: Letusconsider a pruning T oftree

(

n

)

.By theinduction hypothesis, anytree T that has alesscomplex structurethan T hasastrategytogenerateatleast f

(

n

)

∈

N

r

≤

e

(

n

)

forallleavesnofT.

Inthefollowing,givennodesn

,

n1

,

. . . ,

nk,wedenoteby n

(

n1

,

. . . ,

nk

)

thedepth-1treewhichhasnasitsrootand n1

,

. . . ,

nkastheimmediateleavesofn.

Letm

(

m1

,

. . . ,

mk

)

be an arbitrarydepth-1sub-treeof T (see Fig. 2).By removingm1

,

. . . ,

mk from T,we obtaina

pruningTofT.

Letn

· · ·

m

·

mibeapathinT fromtherootntooneoftheleavesmi.Foreachresourcertheavailabilityofwhichturns

to

∞

atmi,theremustbeanode,denotedby wr

(

mi

)

,inthepathn

· · ·

m

·

mi whichisusedtoturntheavailabilityof rto

∞

atmi,thatis,wr

(

mi

)

issuchthats

(

wr

(

mi

))

=

s

(

mi

)

,ei

(

wr

(

mi

))

≤

ei

(

mi

)

foreachi,ander

(

wr

(

mi

))

<

er

(

mi

)

.

Wemayrepeatthepathfromwr

(

mi

)

tomi severaltimestogenerateenoughresourceavailabilityforr.Wecallthe

pathfrom wr

(

mi

)

tomi togetherwithalltheimmediatechildnodesofthosealongthepaththecolumngraphfrom wr

(

mi

)

tomi.Eachtime,anamountofgr

=

er

(

m

)

−

costr

(

mact

)

−

er

(

wr

(

mi

))

isgenerated.Then,theminimalnumber

oftimestorepeatthepathfromwr

(

mi

)

tomi ishr

(

mi

)

=

fr(mi)−(er(mgr)−costr(mact))

.

Notethatweneedtorepeatateachmiforeachresourcerthepathfromwr

(

mi

)

tomi hr

(

mi

)

times.Torecordthe

numberoftimesthepathhasbeenrepeated, weattach toeachmi acounter h

ˆ

r

(

mi

)

foreachr andwrite thenew

nodeofmi asmh_iˆ(mi).

Initially,h

ˆ

r

(

mi

)

=

0 forallrandforallnodesmi.Astep(seeFig. 3)oftherepetitionisdoneasfollows:letmh_iˆ(mi)be

somenodesuch thath

ˆ

r

(

mi

)

<

hr

(

mi

)

.Letm

ˆ

h(mj)

j bethesiblingofm

ˆ

h(mi)

i (j

=

i).Weextendfromm

ˆ

h(mi)

i thecolumn

graphfromwr

(

mi

)

tomi;eachnewmj(j

=

i)isannotatedwithh

ˆ

(

mj

)

(sameasbefore)andthenewmi isannotated

withh

ˆ

(

mi

)

exceptthath

ˆ

r

(

mi

)

isincreasedby 1.Werepeat theabove stepuntilh

ˆ

r

(

mi

)

=

hr

(

mi

)

(it mustterminate

(8)

[image:8.561.221.324.56.158.2]

Fig. 3.Repeating steps to generate resources.

Fig. 4.w(m)ofmintree(n).

At theend, weobtain atreewhereall leavesmh_iˆ(mi) haveh

ˆ

r

(

mi

)

=

hr

(

mi

)

forall r,hencethe availabilityofr isat

least fr.LetE

(

m

)

betheextendedtreefromm.

Let FT be the strategy generated by T. We extend FT with E

(

m

)

for every occurrence of m in FT such that s

(

m

)

=

s

(

m

)

,anddenotethisextendedstrategy F_TE.Forallleavesmin E

(

m

)

other thanmi,letsub

(

T

,

m

)

besome

sub-tree of T starting from a node m such that s

(

m

)

=

s

(

m

)

. Then, we extend F_TE with sub

(

T

,

m

)

for every

occurrence of m in F_TE. We ﬁnally obtain a tree FT which satisﬁes the condition that all leavesl have resource

availabilityofatleast f

(

l

)

.

2

Corollary1.Ifuntil-strategy

(

node₀

(

s

,

b

),

Ab

φ

U

ψ)

returnstruethens

|=

Ab

φ

U

ψ

.

Lemma3.Ifuntil-strategy

₍

_n

_,

_Ab

_φ

U

_ψ)

_returns_false,_then_them_there_is_no_strategy_satisfying

_Ae(n)

_φ

U

_ψ

_from_s

₍

_n

₎

_that_is

U

-economicalfor n.

Proof. Weprovethelemmabyinductionontheheightintherecursiontreeofuntil-strategycalls.

Base Case: Iffalseisreturnedbytheﬁrstif-statement,thens

(

n

)

|=

A

φ

U

ψ

;thisalsomeansthereisnostrategysatisfying

Ae(n)

_φ

_U

_ψ

_from_s

₍

_n

₎

_.

Iffalseisreturnedbythesecondif-statement,thenanystrategysatisfying

Ae(n)

_φ

_U

_ψ

_from_s

₍

_n

₎

_is_not_economical. Inductive Step: If false is not returned by the ﬁrst two if-statements, then, for all actions

σ

∈

ActA, there exists s

∈

out

(

s

(

n

),

σ

)

such that until-strategy

₍

_n

_,

_Ab

_φ

U

_ψ)

_(where_n

=

_node

₍

_n

_,

σ

_,

_s

₎

₎_returns _false._By_induction

hypoth-esis, there is no strategy satisfying

Ae(n)

φ

U

ψ

from s

(

n

)

that is

U

-economical forn. Assume to the contrary thatthereisastrategysatisfying

Ae(n)

_φ

_U

_ψ

_from_s

₍

_n

₎

_that_is

_U

_-economical_for_n_._Let

_σ

₌

_F

₍

_s

₍

_n

₎₎

_,_then

_σ

_∈

_ActA_.

Obviously,foralls

∈

out

(

s

(

n

),

σ

)

, F

(λ)

=

F

(

s

(

n

)λ)

isaneconomicalstrategyfromn

=

node

(

n

,

σ

,

s

)

.Thisisa con-tradiction;hence,thereisnostrategysatisfying

Ae(n)

_φ

_U

_ψ

_from_s

₍

_n

₎

_that_is

_U

_-economical_for_n_.

₂

Corollary2.Ifuntil-strategy

₍

_node₀

₍

_s

_,

_b

_),

_Ab

_φ

U

_ψ)

_returns_false_then_s

|=

_Ab

_φ

U

_ψ

_.

NowweturntoAlgorithm 3forlabellingstateswith

Ab

₂

_φ

_._First_we_show_its_soundness.

Lemma4.Letn

=

node0

(

s

,

b

)

.Ifbox-strategy

₍

_n

_,

_Ab

2 _φ)

_returns_true_then_s

₍

_n

₎

|=

_Ab

2 _φ

_.

[image:8.561.203.345.194.285.2]

(9)

[image:9.561.138.384.55.210.2]

Fig. 5.One step in constructing the strategy.

Letusexpandtree

(

n

)

asfollows:

•

T0_is_tree

₍

_n

₎

_;

•

Ti+1isTiwhereallitsleavesmarereplacedbysub

(

tree

(

n

),

w

(

m

))

(seeFig. 5).

LetT

=

limi→∞Ti_,_then_T _is_a_strategy_for

_Ab

₂

_φ

_.

₂

Lemma5.Ifbox-strategy

₍

_n

_,

_Ab

2 _φ)

_returns_false,_then_there_is_no_strategy_satisfying

_Ae(n)

2 _φ

_from_s

₍

_n

₎

_that_is

2

_-economical forn.

Proof. Weprovethelemmabyinductionontheheightintherecursiontreeofbox-strategycalls.

Base Case: Iffalseisreturnedbytheﬁrstif-statement,thens

(

n

)

|=

A

2 φ

;thisalsomeansthereisnostrategysatisfying

Ae(n)

₂

_φ

_at_s

₍

_n

₎

_.

Iffalseisreturnedbythesecondif-statement,thenanystrategysatisfying

Ae(n)

2 φ

ats

(

n

)

isnot

2

-economical.

Inductive Step: Iffalseisnot returnedby theﬁrsttwoif-statements,forallactions

σ

∈

ActA,thereexists s

∈

out

(

s

(

n

),

σ

)

suchthatbox-strategy

(

n

,

Ab

2 φ)

(wheren

=

node

(

n

,

σ

,

s

)

)returnsfalse.Assumetothecontrarythat thereisa

strategy F satisfying

Ae(n)

2 φ

froms

(

n

)

thatis

2

-economicalforn.Let

σ

=

F

(

s

(

n

))

,then

σ

∈

ActA.Obviously,for alls

∈

out

(

s

(

n

),

σ

)

, F

(λ)

=

F

(

s

(

n

)λ)

isastrategy

2

-economicalforn

=

node

(

n

,

σ

,

s

)

.Thisisacontradiction;hence, thereisnostrategysatisfying

Ae(n)

₂

_φ

_from_s

₍

_n

₎

_that_is

₂

_-economical_for_n_.

₂

Then,wehavethefollowingresultdirectly:

Corollary3.Ifbox-strategy

(

node₀

(

s

,

b

),

Ab

2 φ)

returnsfalsethens

|=

Ab

2 φ

.

4. Lowerbound

Inthissectionweshow thatthelowerboundcomplexityforthemodel-checkingproblemforRB

±

ATLisEXPSPACE,by reducing fromthereachability problemofPetriNets. Notethat theexact complexity ofthereachability problemofPetri Netsis still an open question (although it isknown to be decidable andEXPSPACE-hard, [10]). The exact complexity of theRB

±

ATLmodel-checkingproblemisalsounknown.NotethatanupperboundfortheRB

±

ATLmodel-checkingproblem wouldalsobeanupperboundforthereachabilityproblemofPetriNetsduetothereductionbelow.EvenanAckermannian upperbound forthis problemisstill open [11].This suggeststhat determiningan upper bound fortheRB

±

ATL model-checkingproblemisalsoahardproblem.

APetrinetisatupleN

=

(

P

,

T

,

W

,

M

)

where:

•

P isaﬁnitesetofplaces;

•

T isaﬁnitesetoftransitions;

•

W

:

P

×

T

∪

T

×

P

→

N

isaweightingfunction;and

•

M

:

P

→

N

isaninitialmarking.

A transition t

∈

T is M-enabled iff W

(

r

,

t

)

≤

M

(

r

)

for all r

∈

P. The resultof performing t is a marking M where