Model Checking Games for the Quantitative mu-Calculus

Symposium on Theoretical Aspects of Computer Science 2008 (Bordeaux), pp. 301-312 www .stacs-conf .org MODEL CHECKI N G GAMES F OR THE QUANTIT A TIVE µ -CALCULUS DIANA FISCHER 1 , ERICH GR ¨ ADEL 1 , AND LUKA SZ KAISER 1 1 Mathematisc he Grundlagen der Informatik, R WTH Aachen E-mail addr ess : {fischer,graedel, kaiser}@logic.rwth- aachen.de Abstra ct. W e inv estigate quan titative extensions of mo dal logic and the mo dal µ -calculus, and study the question whether the tigh t connection b etw een logic and g ames c an b e lifted from the qualitativ e logics to their quantitativ e counterparts. It turns out that, if the quantitativ e µ -calculus is defined in an app ropriate wa y respectin g th e dualit y prop erties b etw een the logica l op erators, then its model c hecking problem can i nd eed be c haracterised by a qu antitati ve v ariant of p arit y games. Ho wev er, these qu antitati ve games hav e quite different properties th an their classical counterparts, in particular t hey are, in general, not p ositionally determined. The corresp ondence b etw een t he logic and the games goes b oth w ays: the v alue of a for mula on a quan titative transition system coincides with the v alue of the associated quantitativ e game, and conversel y , t he v alues of quantitative parity games are d efinable in th e qu antitativ e µ -calculus. 1. In tro duction There ha v e b een a num b er of r ecen t prop osals to extend the common qu alitativ e, i.e. t wo -v alued, logical formalisms for sp ecifying the b eh aviour of concurren t systems, suc h as prop ositional mo d al logic ML, the temp oral logics L TL and CTL , and the mo dal µ -calculus L µ , to quan titativ e formalisms. In qu an titativ e logics, the form ulae can ta ke, at a given st ate of a system, not just the v alues true and false , but qu an titativ e v alues, for instance from the (non-negativ e) real num b er s . There are sev eral scenarios and applications where it is desirable to replace purely qualitativ e statemen ts by quan titativ e ones, which can b e of v ery differen t nature: we m a y b e intereste d in the probabilit y of an even t, the v alue that we assign to an ev ent ma y d ep end on ho w late it o ccurs, w e can ask for the num b er of o ccurr ences of an even t in a pla y , and so on. W e can consid er transition str u ctures, wh ere already the atomic prop ositions take numeric v alues, or w e can ask ab out the ‘degree of satisfaction’ of a pr op ert y . There are sev eral pap ers that deal w ith either of these topics, resulting in differen t sp ec ification form alisms and in d ifferen t n otions of transition structur es. In particular, due to the prominence and im p ortance of the mo d al µ -calculus in ve r ifi cation, there ha ve b een sev eral attempts to defin e a quan titativ e µ -calculus. In some of these, the term quan titativ e refers to probabilit y , i.e. the logic is in terpreted o ver probabilistic transition systems [11], or used to describ e win ning conditions in sto c h astic games [5, 1, 8]. Other v ariants in tro d uce quan tities by allo wing discount in g in the r esp ectiv e v ersion of Key wor ds and phr ases: games, logic, m odel chec king, qu antita tive logics. c  D . Fischer, E. Gr ¨ adel, and Ł. Kaise r CC  C reative Commons Attribution- NoDeriv s License 302 D. FISCHER, E. GR ¨ ADEL, AND L. KAISER a “next”-operator for qualitativ e transition systems [1], Marko v decision pro cesses and Mark o v c hains [2], and for sto c hastic games [4]. While there certainly is ample motiv ation to extend qu alitativ e sp ecificati on formalisms to quan titativ e ones, there also are problems. As has b een observed in many areas of m athe- matics, engineering and computer science w here logical formalisms are applied, quant itativ e formalisms in general lac k the clean and clear mathematical theory of their qualitativ e coun- terparts, and many of the desirable m athematical and algorithmic prop er ties tend to get lost. Also, the defin itions of quan titativ e f ormalisms are often ad ho c and do not alw a ys resp ect the prop er ties that are r equired for logical metho d ologies. In this p ap er we h a v e a closer lo ok at quant itativ e mo d al logic and the quan titativ e µ -calculus in terms of their description by appr opriate seman tic games. The close connection to games is a fu ndamen- tal asp ect of logics. The ev aluation of logical formulae can b e describ ed by mo del c hec king games, pla y ed b y t wo pla yers on an arena which is f ormed as the pr o duct of a structure K and a form u la ψ . O n e pla ye r (V erifier) attempts to prov e that ψ is satisfied in K wh ile the other (F alsifier) tries to refute this. F or the mo dal µ -calculus L µ , mo del c hec king is describ ed by p arity games , and th is connection is of crucial imp ortance f or the mo d el theory , the algorithmic ev aluation and the applications of the µ -calculus. Indeed, most comp etitiv e m o del c hecki n g algorithms for L µ are based on algorithms to solve the strategy problem in parity games [10]. F u rther- more, parit y games enjoy nice prop erties lik e p ositional determinacy and can b e in tuitive ly understo o d: often, the b est wa y to mak e sense of a µ -calculus formula is to lo ok at the asso ciated game. In the other direction, winning regions of parit y games (for any fixed n umb er of priorities) are d efinable in the mo dal µ -calculus. In this pap er, w e explore the question to what exten t the relationship b etw een th e µ -calculus and parity games can b e extended to a quan titativ e µ -calculus and appropr iate quan titativ e mo del c hec king games. T h e extension is n ot straigh tforward, and requires that one defines the quantita tive µ -calculus in the ‘right’ wa y , so as to ens u re that it has appro- priate closure and dualit y pr op erties (su c h as closure und er negation, De Morgan equalities, quan tifier and fixed p oin t du alities) to m ak e it amenable to a game-based approac h. On ce this is d one, we can indeed construct a quan titativ e v arian t of p arit y games, and pro ve that they are the appropriate mod el chec king games for the quan titativ e µ -calculus. As in the classical setting the corresp ondence go es b oth w a ys: the v alue of a form ula in a stru cture coincides with the v alue of the asso ciated mo d el c hecking game, and conv ersely , the v alues of qu an titativ e parity games (with a fi xed n u m b er of priorities) are defin ab le in the quan- titativ e µ -calculus. Ho wev er, the mathematical prop erties of qu an titativ e parit y games are differen t f rom their qualitativ e counte r p arts. In particular, they are, in general, n ot p osi- tionally determined, n ot ev en up to approximati on. The pro of that the quant itativ e mo del c hec king games correctly d escrib e the v alue of the formulae is considerably more d ifficult than for the classical case. As in the classical case, mod el c hecking games lead to a b etter un derstanding of the seman tics and expressiv e p o w er of the qu an titativ e µ -calculus. F u rther, the game-based approac h also sheds light on the consequ en ces of d ifferen t c hoices in the d esign of the quan titativ e formalism, wh ic h are far less ob vious than for classical logics. MODEL CH ECKING GAM ES FOR THE QUANTIT A TIVE µ -CALCULUS 303 2. Quan titativ e µ -calculus In [3], de Alfaro, F aella, and Sto elinga introdu ce a quan titativ e µ -calculus, that is in terpreted o v er metric transition systems, wher e p redicates can tak e v alues in arbitrary metric s p aces. F urth ermore, their µ -calculus allo ws discount ing in mo dalities and is studied in connection with quantita tive versions of basic s ystem relations such as bisimulatio n . W e base our calculus on the one pr op osed in [3] but mo dify it in the follo wing wa ys. (1) W e decouple discoun ts fr om the m o dal op erato rs . (2) W e allo w discount factors to b e greater than one. (3) In the definition of tr ansition systems we allo w additional discounts on the edges. These c hanges make the logic more robust and more general, and, as we will sho w in the next section, will p ermit us to in tro du ce a n egatio n op erator with the desired dualit y prop erties that are fu ndamenta l to a game-based analysis. Quant itativ e transition systems, s im ilar to the ones introdu ced in [3] are directed graphs equipp ed with quan tities at states and discoun ts on edges. In the s equ el, R + is the set of non-negativ e real n u mb ers, and R + ∞ := R + ∪ {∞} . Definition 2.1. A quantitative tr ansition system (QTS) is a tuple K = ( V , E , δ, { P i } i ∈ I ) , consisting of a directed graph ( V , E ), a d iscoun t fun ction δ : E → R + \ { 0 } and fu nctions P i : V → R + ∞ , th at assign to eac h state the v alues of th e predicates at th at state. A transition sys tem is qualitative if all fu n ctions P i assign only the v alues 0 or ∞ , i.e. P i : V → { 0 , ∞} , where 0 stands for false and ∞ for true, and it is non-disc ounte d if δ ( e ) = 1 for all e ∈ E . W e n ow in tro d uce a quan titativ e ve r s ion of the mo dal µ -calculus to describ e prop erties of qu an titativ e transition systems. Definition 2.2. Giv en a set V of v ariables X , p redicate fun ctions { P i } i ∈ I , d iscoun t f actors d ∈ R + and constan ts c ∈ R + , the formulae of quantitative µ -c alculus (Q µ ) can b e b uilt in the f ollo wing w a y: (1) | P i − c | is a Q µ -formula, (2) X is a Q µ -form ula, (3) if ϕ, ψ are Q µ -form ulae, then so are ( ϕ ∧ ψ ) and ( ϕ ∨ ψ ), (4) if ϕ is a Q µ -formula, then so are  ϕ and ♦ ϕ , (5) if ϕ is a Q µ -formula, then so is d · ϕ , (6) if ϕ is a formula of Q µ , then µX .ϕ and ν X .ϕ are form ulae of Q µ . F ormulae of Q µ are interpreted ov er quant itativ e transition systems. Let F b e th e set of fun ctions f : V → R + ∞ , with f 1 ≤ f 2 if f 1 ( v ) ≤ f 2 ( v ) for all v . Then ( F , ≤ ) forms a complete lattice with the constan t fun ctions f = ∞ as top elemen t and f = 0 as b ottom elemen t. Giv en an interpretation ε : V → F , a v ariable X ∈ V , and a function f ∈ F , we den ote b y ε [ X ← f ] the interpretation ε ′ , such that ε ′ ( X ) = f and ε ′ ( Y ) = ε ( Y ) for all Y 6 = X . Definition 2.3. Giv en a QTS K = ( V , E , δ, { P i } i ∈ I ) and an in terpr etation ε , a Q µ -formula yields a v aluation f u nction J ϕ K K ε : V → R + ∞ defined as follo ws: (1) J | P i − c | K K ε ( v ) = | P i ( v ) − c | , (2) J ϕ 1 ∧ ϕ 2 K K ε = min { J ϕ 1 K K ε , J ϕ 2 K K ε } and J ϕ 1 ∨ ϕ 2 K K ε = max { J ϕ 1 K K ε , J ϕ 2 K K } , 304 D. FISCHER, E. GR ¨ ADEL, AND L. KAISER (3) J ♦ ϕ K K ε ( v ) = sup v ′ ∈ vE δ ( v , v ′ ) · J ϕ K K ε ( v ′ ) and J  ϕ K K ε ( v ) = in f v ′ ∈ vE 1 δ ( v ,v ′ ) J ϕ K K ε ( v ′ ), (4) J d · ϕ K K ε ( v ) = d · J ϕ K K ε ( v ), (5) J X K K ε = ε ( X ), (6) J µX.ϕ K K ε = in f { f ∈ F : f = J ϕ K K ε [ X ← f ] } , (7) J ν X.ϕ K K ε = su p { f ∈ F : f = J ϕ K K ε [ X ← f ] } . F or f orm ulae without free v ariables, w e can simply write J ϕ K K rather than J ϕ K K ε . W e call the fragmen t of Q µ consisting of formulae without fixed-p oint op erators q uanti- tative mo dal lo gic QML. If Q µ is in terpreted ov er qualitativ e transition systems, it coincides with the classical µ -calculus and we sa y that K , v is a mo del of ϕ , K , v | = ϕ if J ϕ K K ( v ) = ∞ . Ov er non-discounte d quantita tive transition systems, the definition ab o v e coincides with the one in [3 ]. F or discounte d systems w e tak e the natur al defi n ition for ♦ and u se the dual one for  , thus the 1 δ factor. As we will show, this is th e only definition for whic h there is a well-behav ed negation op erato r and with a close relation to mo del c hec king games. W e alw a ys assum e the formulae to b e wel l-name d , i.e. eac h fixed-p oin t v ariable is b ound only once and n o v ariable app ears b ot h free and b ound and we use the notions of alternation level and alternation depth in th e u sual w ay , as defin ed in e.g. [9]. Note that all op erato rs in Q µ are monotone, thus guarante eing th e existence of the least and greatest fi xed p oints, and their inductive definition according to the Knaster- T arski Th eorem stated b elo w. Prop osition 2.4. The le ast and gr e atest fixe d p oints exist and c an b e c ompute d inductively: J µX .ϕ K K ε = g γ with g 0 ( v ) = 0 (and J ν X.ϕ K K ε = g γ with g 0 ( v ) = ∞ ) for al l v ∈ V wher e g α =  J ϕ K ε [ X ← g α − 1 ] for α suc c essor or dinal, lim β <α J ϕ K ε [ X ← g β ] for α limit or dinal, and γ is such that g γ = g γ +1 . 3. Negation and Duality So far, the qu an titativ e logic s Q µ and QML lac k a negation op erator and the asso ciated dualities b etw een ∧ and ∨ , ♦ and  , and b et ween least and greatest fixed p oin ts. Let us clarify in the follo wing defin ition wh at we exp ect from such an op erator. Definition 3.1. A ne gation op er ator f ¬ for Q µ is a f unction R + ∞ → R + ∞ , suc h that when w e defin e J ¬ ϕ K = f ¬ ( J ϕ K ), the follo wing equiv alences hold for eve r y ϕ ∈ Q µ : (1) ¬ ¬ ϕ ≡ ϕ (2) ¬ ( ϕ ∧ ψ ) ≡ ¬ ϕ ∨ ¬ ψ and ¬ ( ϕ ∨ ψ ) ≡ ¬ ϕ ∧ ¬ ψ (3) ¬  ϕ ≡ ♦ ¬ ϕ and ¬ ♦ ϕ ≡  ¬ ϕ (4) ¬ d · ϕ ≡ β ( d ) · ¬ ϕ f or some β indep end en t of ϕ (5) ¬ µX .ϕ ≡ ν X. ¬ ϕ [ X/ ¬ X ] and ¬ ν X .ϕ ≡ µX . ¬ ϕ [ X/ ¬ X ] A s tr aigh tforw ard calculation shows that th e fu nction f 1 x : R + ∞ → R + ∞ : x 7→    1 /x for x 6 = 0 , x 6 = ∞ , ∞ for x = 0 , 0 for x = ∞ , is a negat ion op erator f or Q µ . Hence, we can safely includ e n egation into the defin ition of Q µ . If we do so, w e of cours e hav e to demand that the fixed-p oint v ariables in th e MODEL CH ECKING GAM ES FOR THE QUANTIT A TIVE µ -CALCULUS 305 definition of least and greatest fixed p oin t formulae, see Definition 2.2, only o ccur under an ev en num b er of negations, so as to preserve monotonicit y . Moreo v er, we show that f 1 x is the only negation op erator with the r equired prop erties. Y ou should note that this is the case ev en f or non-discount ed tran s ition systems, and th us it motiv ate s our definition of the seman tics of Q µ , in particular of the mo d al op erators, on quan titativ e transition systems. Theorem 3.2. f 1 x is the only ne gation op er ator for Q µ , even for non-disc ounte d systems. 4. Quan titativ e P arit y Games Quant itativ e parit y games are an extension of classical p arit y games. The tw o main differences are the p ossibilit y to assign r eal v alues in fin al p ositions to den ote the pa yo ff for Pla y er 0 and the p ossibilit y to discount pa y off v alues on ed ges. Definition 4.1. A quantitative p arity game is a tuple G = ( V , V 0 , V 1 , E , δ, λ, Ω) where V is a disjoin t union of V 0 and V 1 , i.e. p ositions b elong to either Pla yer 0 or 1. The transition relation E ⊆ V × V describ es p ossible mo ves in the game and δ : V × V → R + maps ev ery mo ve to a p ositiv e real v alue representing the discount factor. The pa y off fu nction λ : { v ∈ V : v E = ∅} → R + ∞ assigns v alues to all terminal p ositions and th e priorit y fun ction Ω : V → { 0 , . . . , n } assigns a p riorit y to ev ery p osition. Ho w to play . E very pla y starts at some v ertex v ∈ V . F or ev ery v ertex in V i , Pla y er i chooses a successor v ertex, and the pla y pro ceeds from that ve r tex. If the play reac hes a terminal v ertex, it ends. W e denote b y π = v 0 v 1 . . . the (p ossibly infinite) play through v ertices v 0 v 1 . . . , giv en that ( v n , v n +1 ) ∈ E for every n . T he outcome p ( π ) of a finite pla y π = v 0 . . . v k can b e computed by multiplying all discount factors seen throughout the pla y with the v alue of the final no de, p ( v 0 v 1 . . . v k ) = δ ( v 0 , v 1 ) · δ ( v 1 , v 2 ) · . . . · δ ( v k − 1 , v k ) · λ ( v k ) . The outcome of an infi nite pla y d ep ends only on the lo west priorit y seen infinitely often. W e will assign the v alue 0 to ev ery infinite p la y , w h ere th e lo west priority seen infinitely often is o dd , and ∞ to those, where it is ev en. Goals. The t wo pla ye r s hav e opp osing ob jectiv es r egarding the outcome of the pla y . Pla y er 0 wa nts to maximise the outcome, while Pla yer 1 w ants to m in imise it. Strategies. A strategy for pla yer i ∈ 0 , 1 is a function s : V ∗ V i → V with ( v , s ( v )) ∈ E . A pla y π = v 0 v 1 . . . is c onsistent with a str ate g y s for play er i , if v n +1 = s ( v 0 . . . v n ) for ev ery n su ch that v n ∈ V i . F or strategies σ, ρ for th e t w o play ers, w e d enote by π σ ,ρ ( v ) the un ique pla y starting at n o de v wh ic h is consistent with b oth σ and ρ . Determinacy . A game is determine d if, for eac h p osition v , the highest outcome Pla y er 0 can assu re from this p osition and the lo west outcome Pla y er 1 can assure con ve rge, sup σ ∈ Γ 0 inf ρ ∈ Γ 1 p ( π σ ,ρ ( v )) = inf ρ ∈ Γ 1 sup σ ∈ Γ 0 p ( π σ ,ρ ( v )) =: v al G ( v ) , where Γ 0 , Γ 1 are the sets of all p ossible strategies for Play er 0, Pla yer 1 and the ac hiev ed outcome is called the v alue of G at v . Classical parity games can b e seen as a sp ecial case of quantitat ive parit y games wh en w e map winning to pay off ∞ and losing to pay off 0. F ormally , we sa y that a quan titativ e parit y game G = ( V , V 0 , V 1 , E , δ, λ, Ω) is qualitative w hen λ ( v ) = 0 or λ ( v ) = ∞ f or all v ∈ V 306 D. FISCHER, E. GR ¨ ADEL, AND L. KAISER with v E = ∅ . In qualitativ e games, w e denote b y W i ∈ V the winnin g region of pla yer i , i.e. W 0 is the region w h ere pla ye r 0 has a strategy to guarant ee pay off ∞ and W 1 is the region where pla y er 1 can guaran tee pay off 0. Note that there is no n eed for the discount function δ in the qualitativ e case as the p a y off can n ot b e c hanged by discoun ting. Qualitativ e parity games ha v e b een extensivel y studied in the past. One of their funda- men tal pr op erties is p ositional determinacy . In eve r y parit y game, the set of p ositions can b e partitioned into the winn ing regions W 0 and W 1 for the tw o play ers, and eac h play er has a p ositional winn ing strategy on her winnin g region (whic h means th at the mov es s elected b y the strategy only dep end on the curr en t p osition, not on the history of th e pla y). Unfortunately , this result do es not generalise to quantita tive parit y games. Example 4.2 shows th at there are simple quantitat ive games where no play er has a p ositional w inning strategy . I n the d epicted game there is n o optimal strategy for Play er 0, and ev en if one fixes an appro ximation of the game v alue, Play er 0 needs infi nite memory to reac h this appro ximation, b ecause sh e n eeds to lo op in the second p ositio n as long as Play er 1 lo op ed in the fir s t one to mak e u p for the discounts. (By con ven tion, we d epict p ositions of Pla yer 0 with a circle and of Pla ye r 1 with a squ are and the num b er inside is the pr iorit y for non- terminal p ositions and th e p a y off in terminal ones.) Example 4.2. 0 1 1 1 2 2 4.1. Mo de l Chec king Games for Q µ A game ( G , v ) is a mo del chec k in g game for a form ula ϕ and a structure K , v ′ , if the v alue of the game starting f r om v is exactly the v alue of the formula ev aluated on K at v ′ . In th e qualitativ e case, that means, that ϕ holds in K , v ′ if Pla yer 0 win s in G from v . Definition 4.3. F or a quan titativ e transition system K = ( S, T , δ S , P i ) and a Q µ -form ula ϕ in negation n ormal f orm , th e quantit ativ e parity game MC[ K , ϕ ] = ( V , V 0 , V 1 , E , δ, λ, Ω), whic h we call the mo del che cking game f or K and ϕ , is constructed in the follo wing w a y . P ositions. The p ositions of the game are the pairs ( ψ, s ), where ψ is a sub form u la of ϕ , and s ∈ S is a state of the QTS K , and the tw o sp ec ial p ositions (0) and ( ∞ ). P ositions ( ψ , s ) where the top op erator of ψ is  , ∧ , or ν b elo ng to Pla y er 1 and all other p ositions b elong to Play er 0. Mo v es. P ositions of the form ( | P i − c | , s ) , (0) , and ( ∞ ) are terminal p ositions. F rom p ositions of the form ( ψ ∧ θ , s ), resp. ( ψ ∨ θ , s ), one can mo v e to ( ψ , s ) or to ( θ , s ). Positio n s of the form ( ♦ ψ , s ) ha ve either a single successor (0), in case s is a terminal state in K , or one successor ( ψ , s ′ ) for ev ery s ′ ∈ s T . Analogously , p ositions of the form (  ψ , s ) hav e a single successor ( ∞ ), if sT = ∅ , or one successor ( ψ , s ′ ) for every s ′ ∈ sT otherwise. P ositions of the form ( d · ψ , s ) hav e a un ique successor ( ψ , s ′ ). Fixed-p oint p ositions ( µX .ψ , s ), resp. ( ν X.ψ , s ) ha ve a single successor ( ψ , s ). Whenev er one encoun ters a p osition where the fixed- p oint v ariable stands alone, i.e. ( X , s ′ ), the play go es bac k to the corresp onding definition, namely ( ψ , s ′ ). Discoun ts. The discount of an edge is d for transitions from p ositions ( d · ψ , s ), it is δ S ( s, s ′ ) for transitions from ( ♦ ψ , s ) to ( ψ , s ′ ), it is 1 /δ S ( s, s ′ ) for transitions from (  ψ , s ) to ( ψ , s ′ ), and 1 for all outgoing transitions from other p ositions. MODEL CH ECKING GAM ES FOR THE QUANTIT A TIVE µ -CALCULUS 307 P a yoffs. Th e pa yoff function λ assigns | J P i K ( s ) − c | to all p ositions ( | P i − c | , s ), ∞ to p osition ( ∞ ), and 0 to p ositio n (0). Priorities. The priority fu nction Ω is d efi ned as in the classical case using the alternation lev el of the fixed -p oint v ariables, see e.g. [9]. P ositions ( X, s ) get a low er pr iorit y than p ositions ( X ′ , s ′ ) if X has a lo w er alternation leve l than X ′ . The p riorities are then adjusted to ha ve the right parit y , so that an ev en v alue is assigned to all p ositions ( X , s ) where X is a ν -v ariable and an o d d v alue to those wh ere X is a µ -v ariable. Th e m aximum p riorit y , equal to the alternation d epth of the formula, is assigned to all other p ositio n s . It is well -known that qualitativ e parity games are mo del c hec king games for th e classical µ -calculus, see e.g. [6] or [12]. A pro of that u ses th e unfolding tec hn ique can b e found in [9]. W e generalise this connection to the qu an titativ e s etting as follo ws. Theorem 4.4. F or every formula ϕ in Q µ , a quantitative tr ansition system K , and v ∈ K , the game MC[ K , ϕ ] is determine d and v alMC[ K , ϕ ] ( ϕ, v ) = J ϕ K K ( v ) . 4.2. Unfolding Quantitativ e P arity Games T o pro v e the mo d el c hec king theorem in th e q u an titativ e case, we start with games with one priorit y , kno wn as reac h abilit y an d safet y games. The construction of ε -optimal strategies is obtained b y a generalisatio n of backw ards ind uction. A t fir st, w e fix the n otation and sh o w a few basic prop erties. Definition 4.5. A n umb er k ∈ R + ∞ is called ε -close to p ∈ R + ∞ , when either p is finite and | k − p | ≤ ε or p = ∞ and k ≥ 1 ε . A str ategy σ in a determined game G is ε -optimal from v if it assures a pay off ε -close to v al G ( v ). F urthermore, we say that k is ε -ab ove p (or ε -b elow ), if k ≥ p ′ (or k ≤ p ′ ) f or some p ′ that is ε -close to p . W e slightly abuse the w ord “clo se” as ε -closeness is not symmetric, since 1 ε is ε -close to ∞ , b ut ∞ is not ε -close to any num b er r ∈ R + . Still, the follo wing lemmas sh ould con vince y ou that our definition su its our considerations w ell. Definition 4.6. F or eve r y h istory h = v 0 . . . v ℓ of a pla y , let ∆( h ) = Π i<ℓ δ ( v i , v i +1 ) b e the pro du ct of all discount f actors seen in h , and let D ( h ) = max(∆( h ) , 1 ∆( h ) ) . Note that for ev ery pla y π = v 0 v 1 . . . and ev ery k , p ( π ) = ∆( v 0 . . . v k ) · p ( v k v k +1 . . . ) . Lemma 4.7. L et x, y ∈ R + ∞ , ε ∈ (0 , 1) , ∆ ∈ R + \ { 0 } , and D = max { ∆ , 1 ∆ } . (1) If x is ε/D -close to y , then ∆ · x is ε -close to ∆ · y . This holds in p articular when ∆ = ∆( h ) and D = D ( h ) f or a history h . (2) If x is ε/ 2 -close to y and y is ε/ 2 - c lose to z , then x is ε - close to z . This lemma remains v alid if we replace the close-relati on by the ab o ve- or b elo w-relation. Prop osition 4.8. R e achability and Safety games ar e determine d, f or every p osition v ther e exist str ate gi es σ ε and ρ ε that gu ar ante e p ayoffs ε -ab ove (or r esp e ctively ε -b elow) v al G ( v ) . The next step is to p ro ve th e d eterminacy of quan titativ e parity games. F or this purp ose, we presen t a metho d to unfold a qu antitat ive parity game in to a sequence of games with a smaller n umber of priorities. This tec hnique is insp ir ed b y the pr o of of correctness 308 D. FISCHER, E. GR ¨ ADEL, AND L. KAISER of the mo del c hec king games f or L µ in [9]. W e can extend this metho d to pro v e Theorem 4.4 by sh o wing th at, as in the classical case, the unfolding of MC[ K , ϕ ] is closely r elated to the in ductiv e ev aluation of fixed p oints in ϕ on K . F r om now on, w e assume that th e minimal p riorit y in G is eve n and call it m . This is no restriction, since, if the minimal p riorit y is o dd , we can alw ays consider the dual game, where the roles of the play ers are sw itc hed and all priorities are decreased b y one. Definition 4.9. W e defin e the trunc ate d game G − = ( V , E − , λ, Ω − ) for a quantita tive parit y game G = ( V , E , λ, Ω). W e assume without loss of ge n eralit y that all n o des with minimal p riorit y in G ha ve un ique successors with a discount of 1. In G − w e remo ve the outgoing edge from eac h of these no des. Since these no des are terminal p ositions in G − , their priorit y do es not matter an y more for the outcome of a play and Ω − assigns th em a higher p riorit y , e.g. m + 1. F orm ally , E − = E \ { ( v , v ′ ) : Ω( v ) = m } Ω − ( v ) =  Ω( v ) if Ω( v ) 6 = m, m + 1 if Ω( v ) = m. The unfolding of G is a sequence of games G − α , for ordinals α , whic h all coincide with G − , except for the v aluation fu nctions λ α . Belo w we giv e the construction of the λ α ′ s . F or all terminal no d es v of the original game G we ha ve λ α ( v ) = λ ( v ) for all α . F or the new terminal no d es, i.e. all v ∈ V , suc h that v E − = ∅ and v E = { w } , the v aluatio n is giv en by: λ α ( v ) =    ∞ for α = 0 , v al G − α − 1 ( w ) for α successor ordinal, lim β <α v al G − β ( w ) for α limit ordinal. The intuitio n b ehind the defi n ition of λ α is to giv e an in cen tiv e f or Pla yer 0 to reac h the new terminal n o des by first giving them the b est p ossible v aluation, and later by up dating them to v alues of their successor in a pr evious game G − β , β < α . T o determine the v alue of the original game G , we inductiv ely compute the v alues for eac h ga me in G α , un til they d o n ot c hange an y more. Let γ b e an ord in al for whic h v al G − γ = v al G − γ +1 . Suc h an ordinal exists, since the v alues of the games in the unfoldin g are monotonically decreasing (whic h follo ws from determinacy of these games and definition). W e s et g ( v ) = g γ ( v ) = v al G − γ ( v ) and show that g is the v alue function of the original game G . T o pro v e this, we need to introdu ce strategie s for Pla yer 1 and Pla y er 0, which are inductiv ely constructed from the strategies in the unfolding. T o give an in tuition for the construction, we view a play in G as a pla y in the u nfolding of G . Let us lo ok more closely at the situation of eac h pla yer. The Strate gy of Pla y er 0 Pla y er 0 wan ts to ac h ieve the v alue g γ ( v 0 ) or to come ε -close. T o reac h this goal, s he imagines to pla y in G − γ and uses her ε -optimal strategi es σ ε γ for that game. Bet ween ev ery t wo o ccur rences of no des of min imal priority throughout the play , she pla ys a strategy σ ε i γ . MODEL CH ECKING GAM ES FOR THE QUANTIT A TIVE µ -CALCULUS 309 Pla y er 0’s strategy after ha ving seen i no des of pr iority m . m v k i v k i +1 in G m v k ( i +1) σ ε i γ G − γ Initially , ε i will b e ε 2 , ε b eing the approximati on v alue she w an ts to attain in the end. Then she c ho oses a lo wer ε i +1 ev ery time sh e passes an edge outside of G − . She will adjust the appr oximati on v alue not only b y cutting it in half every time she changes the strategy , but also according to the discount factors s een so far, sin ce they also can dramatically alter the v alue of the appr o ximation. F or a history h or a full pla y π , let L ( h ) (resp. L ( π )) b e the num b er of nod es w ith minimal priorit y m o ccur ring in h (or π ). Definition 4.10. The strategy σ ε for Play er 0 in the game G , after history h = v 0 . . . v ℓ is giv en as follo ws. In the case that L ( h ) = 0 (i.e., no p osition of min imal priorit y has b een seen), let ε ′ := ε/ 2, and σ ε ( h ) := σ ε ′ γ ( h ). Otherwise, let v k b e the last no de of priorit y m in the h istory h = v 0 . . . v ℓ , ε ′ := ε 2 L ( h )+1 D ( v 0 . . . v k ) . and σ ε ( h ) := σ ε ′ γ ( v k +1 . . . v ℓ ) . No w let us consider a pla y π = v 0 . . . v k v k +1 . . . , consisten t w ith a strategy σ ε , wh ere v k is the first n o de with minimal p riorit y . The f ollo wing p rop erty ab out v alues g γ ( v 0 ) and g γ ( v k +1 ) in suc h case (and an analogous, but more tedious one for Pla ye r 1) is the main tec hnical p oi nt in provi n g ε -optimalit y . Lemma 4.11. ∆ ( v 0 . . . v k ) · g γ ( v k +1 ) is ε 2 -ab ove g γ ( v 0 ) . With the ab ov e lemma we pro ve the ε -optimalit y of th e str ategies σ ε , as stated in the prop osition b elo w. Prop osition 4.12. The str ate gy σ ε is ε -optimal, i.e. for every v ∈ V and every str ate gy ρ for Player 1 , p ( π σ ε ,ρ ( v )) is ε -ab ove g ( v ) . The Strate gy of Pla y er 1 No w we lo ok at the situation of Pla y er 1. T h e problem of P lay er 1 is that h e cannot just com bine his strategies for G − γ . If he d id so, he would risk going infi nitely often through no des with minim al priorit y wh ic h is his wo rs t case scenario. In tuitive ly sp eaking, he needs a w a y to coun t down, so that will b e able to come close enough to his d esired v alue, b ut will stop going through the no des with minimal priorit y after a fin ite num b er of times. T o ac hieve that, he utilises the strategy in dex as a count er. Like Pla yer 0, he starts with a strategy for G − γ , but with ev ery strategy c hange at the no d es of minimal priorit y h e not only adjusts the appro ximation v alue according to the previous one and the discount factors seen so far, but also low ers the strategy index in the follo wing w a y . If the cur rent game ind ex is a su ccessor ordinal, h e just c hanges the ind ex to its predecessor and adjusts the approximat ion v alue in the same wa y Pla y er 0 d o es. If the cur ren t game ind ex is a limit v alue, he uses the fact, that there is a game index b elongi n g to a game which h as an outcome close en ou gh to still 310 D. FISCHER, E. GR ¨ ADEL, AND L. KAISER reac h h is d esired outcome. In the situation depicted b elo w he w ould c h o ose an α such that v al G − α ( v k 1 +1 ) is ε 4 -b elo w λ γ ( v k 1 ) . Pla y er 1’s strategy at the b eginning of the play for a limit ordinal γ . v 0 m v k 1 ρ ε 4 γ G − γ v k 1 +1 in G m v k 2 ρ ε 16 D α G − α Finally , after a fin ite num b er of c han ges, as the ordinals are well-founded, he w ill b e pla ying some v ersion of ρ ε l 0 and k eep on p laying this str ategy for the rest of the pla y . No w we f ormally describ e Pla ye r 1’s strategy . Let us fir st fix some notation considering game indices. F or a limit ordinal α , a no de v ∈ V of priority m , and for ε ∈ (0 , 1), we denote b y α ↾ ε, v the index for wh ic h the v alue v al G − α ( v ) is ε -b elo w λ α ( w ) , where { w } = v E . Definition 4.13. F or a giv en app ro ximation v alue ε ′ , a starting ordinal ζ , and a history h = v 0 . . . v l , w e d efine game indices α ζ ( h, ε ′ ), approximat ion v alues ε ( h, ε ′ ), and a s trategy ρ ε ′ for Pla y er 1 in the follo wing wa y . If L ( h ) = 0, we fix α ζ ( h, ε ′ ) = ζ and ε ( h, ε ′ ) = ε ′ . F or h = v 0 . . . v k v k +1 . . . v l , where v k is the last no de w ith minimal priorit y in h , let h ′ = v 0 . . . v k − 1 and p ut α ζ ( h, ε ′ ) =      α ζ ( h ′ , ε ′ ) − 1 for α ζ ( h ′ , ε ′ ) su ccessor ordinal , α ζ ( h ′ , ε ′ ) ↾ ( ε ′ 4 L ( h ′ )+1 D ( h ′ ) , v k ) for α ζ ( h ′ , ε ′ ) limit ordin al , 0 for α ζ ( h ′ , ε ′ ) = 0 , and ε ( h, ε ′ ) = ε ′ 4 L ( h ) D ( v 0 ...v k ) . The ε ′ -optimal strategy for Pla y er 1 is giv en by: ρ ε ′ ζ ( v 0 . . . v l ) = ρ ε ( v 0 ...v l ,ε ′ ) 4 α ζ ( v 0 ...v l ,ε ′ ) . Prop osition 4.14. The str ate gy ρ ε ζ is ε -optimal, i. e . for every ε ∈ (0 , 1) , for al l v ∈ V , and str ate gi es σ of Player 0 : p ( π σ ,ρ ε ζ ( v )) is ε -b elow g ζ ( v ) . Ha ving defin ed the ε -optimal strategies σ ε and ρ ε γ , we can f ormulate the conclusion. Prop osition 4.15. F or a QPG G = ( V , E , λ, Ω) , for al l v ∈ V , sup σ ∈ Γ 0 inf ρ ∈ Γ 1 p ( π σ ,ρ ( v )) = inf ρ ∈ Γ 1 sup σ ∈ Γ 0 p ( π σ ,ρ ( v )) = v al G ( v ) = g ( v ) . 4.3. Quan titat iv e µ -calculus and Games After establishing d eterminacy for qu an titativ e parit y games w e are ready to pr o v e Theorem 4.4. In th e pro of, we fir st use structur al indu ction to show that MC[ K , ϕ ] is a mo del c hec kin g game for QML form ulae. F urther, we only need to ind uctiv ely consider form ulae of the form ϕ = ν X.ψ . MODEL CH ECKING GAM ES FOR THE QUANTIT A TIVE µ -CALCULUS 311 Note that in th e game MC[ Q , ϕ ], the p ositio n s with minimal priorit y are of the form ( X, v ) eac h with a uniqu e successor ( ϕ, v ). O ur indu ction hyp othesis states that for ev ery in terpretation g of th e fi xed-p oint v ariable X , it holds that: J ϕ K Q [ X ← g ] = v alMC[ Q , ψ [ X/g ]] . (4.1) By Th eorem 2.4, w e kno w th at we can compu te ν X .ψ indu ctiv ely in the f ollo wing w a y: J ν X .ψ K K ε = g γ with g 0 ( v ) = ∞ for all v ∈ V and g α =  J ψ K ε [ X ← g α − 1 ] for α successor ordinal, lim β <α J ψ K ε [ X ← g β ] for α limit ordinal, and w h ere g γ = g γ +1 . No w w e w ant to pro v e that the games MC[ Q , ψ [ X/g α ]] coincide with th e u nfolding of MC[ Q , ϕ ] . W e sa y that t wo games coincide if th e game graph is essen tially the same, except for some additional mov es where neither play er has an actual c h oice and there is n o discount that could c han ge the outcome. In our case these are the mov es from ϕ = ν X.ψ to ψ , w hic h allo ws us to show the f ollo wing lemma. Lemma 4.16. The games MC[ Q , ψ [ X/ g α ]] and MC[ Q , ϕ ] − α c oincide for al l α. F r om the ab o v e and Prop osition 4.15, w e conclude that the v alue of the game MC[ Q , ϕ ] is the limit of the v alues MC[ Q , ϕ ] − α , w hose v alue functions coincide with th e stages of the fixed-p oint ev aluation g α for all α , and thus v alMC[ Q , ϕ ] = v alMC[ Q , ϕ ] − γ = g γ = J ϕ K Q . 5. Describing Game V alues in Q µ Ha ving mod el c hec king games for th e quantita tive µ -calculus is just one d irection in the relation b et ween games and logi c. The other direction concerns the d efinabilit y of the winning r egions in a game by form ulae in the corresp onding logic. F or th e classical µ - calculus su c h form ulae h a v e b een constructed b y W alukiewicz and it has b een sho wn that for any parit y game of fixed priorit y they define th e win ning region for Pla y er 0, see e.g. [9]. W e extend this theorem to the quan titativ e case in the follo wing wa y . W e represent quan titativ e parit y games ( V , V 0 , V 1 , E , δ G , λ G , Ω G ) with pr iorities Ω ( V ) ∈ { 0 , . . . d − 1 } b y a quanti tativ e transition sys tem Q G = ( V , E , δ, V 0 , V 1 , Λ , Ω), where V i ( v ) = ∞ when v ∈ V i and V i ( v ) = 0 otherwise, Ω( v ) = Ω G ( v ) when v E 6 = ∅ and Ω( v ) = d otherwise, δ ( v , w ) =  δ G ( v , w ) when v ∈ V 0 , 1 δ G ( v,w ) when v ∈ V 1 , and p a y off pred icate Λ( v ) = λ G ( v ) wh en v E = ∅ and Λ( v ) = 0 otherwise. W e then build the form ula Win d and formulate the theorem Win d = ν X 0 .µX 1 .ν X 2 . . . . λX d − 1 d − 1 _ j =0 (( V 0 ∧ P j ∧ ♦ X j ) ∨ ( V 1 ∧ P j ∧  X j )) ∨ Λ , where λ = ν if d is o dd, and λ = µ otherwise, and P i := ¬ ( µX . (2 · X ∨ | Ω − i | )) . Theorem 5.1. F or every d ∈ N , the value of any quantitative p arity game G with priorities in { 0 , . . . d − 1 } c oincides with the value of Win d on the asso ciate d tr ansition system Q G . 312 D. FISCHER, E. GR ¨ ADEL, AND L. KAISER 6. Conclusions and F uture W ork In this work, we sho wed ho w the close conn ection b et w een the mo d al µ -calculus and parit y games can b e lifted to the qu antitat ive s etting, pro vided th at the quantita tive exten- sions of th e logic and the games are defin ed in an appropriate manner. Th is is ju st a first step in a systematic inv estigati on of w hat connections b et we en logic and games survive in the quant itativ e setting. These inv estiga tions should as w ell b e extended to quantit ative v arian ts of other logics, in particular L TL, CTL, CT L ∗ , and PDL. F ollo win g [3 ] w e w ork w ith games where discounts are multiplied along edges and v alues range ov er the non-negativ e reals with infinity . Another natural p ossib ilit y is to use addition instead of multiplic ation and let the v alues range o ve r the reals with −∞ and + ∞ . Crash games, recen tly in tro duced in [7], are defined in such a wa y , bu t with v alues r estricted to in tegers. Gawlitz a an d Seidl present an algorithm for crash games o ver finite graphs whic h is based on strateg y improv emen t [7] . It is p ossible to translate b ac k and forth b et ween quan titativ e parit y games and crash games with r eal v alues by taking logarithms of the discoun t v alues on edges as pa y offs for mo v es in the crash game. The exp onen t of the v alue of suc h a crash game is then equal to the v alue of the original quant itativ e parit y game. This suggests that the metho ds from [7] can b e applied to qu an titativ e p arit y games as w ell. This could lead to efficien t mo d el-c hec king algorithms for Q µ and wo uld thus further justify th e game-based appr oac h to mo d el c hecking mo d al logics. References [1] Luca de Alfaro. Qu antitati ve verificati on and control via th e m u- calculus. In R ob erto M. Amadio an d Denis Lugiez, editors, CO NCUR , volume 2761 of LNCS , pages 102–126. Springer, 2003. [2] Luca de Alfaro, Marco F aella, Thomas A. Hen zinger, Rupak Ma jumd ar, and Mari ¨ elle St oelinga. Mo del chec king d iscoun ted temp oral prop erties. The or etic al Computer Scienc e , 345(1):139–1 70, 2005. [3] Luca de Alfaro, Marco F aella, and Mari ¨ elle Sto elinga. Linear and branching system metrics. T echnical Rep ort u csc-crl-05-01, School of Engineering, U niversit y of California, Santa Cruz, 2005. [4] Luca de Alfaro, Thomas A. Henzinger, a nd Rup ak M a jumdar. Discounting the future in systems theory . In Jos C. M. Baeten, Jan Karel Lenstra, Joac him Parro w, and Gerhard J. W o eginger, editors, I CALP , vol u me 2719 of L e ctur e Notes in Computer Scienc e , pages 1022–1037. Springer, 2003. [5] Luca de Alfaro and R upak Ma jumdar. Quantitativ e solution of omega-regular games. J. Comput. Syst. Sci. , 68(2):374–397, 2004. [6] E. Allen Emerson, Charanjit S. Jutla, and A. Prasad Sistla. On mo del-chec king for fragments of µ - calculus. I n CA V 93 , volume 697 of L e ctur e Notes in Com puter Sci enc e , pages 385–396. Springer, 1993. [7] Thomas Gawlitza and Helmut Seidl. Computin g game v alues for crash games. In Kedar S. Namjoshi et al. , ed s, A TV A , L e ct. Notes in Comp. Scienc e 4762, p p. 177-191. Sp ringer, 2007. [8] Hugo Gimbert and Wieslaw Zielonk a. P erfect information stochastic p riorit y games. In Lars Arge et al. , ed s, I CALP , L e ct. Notes in Comp. Scienc e 4596, p p. 850-861. S pringer, 2007. [9] Eric h Gr¨ adel. Finite mo del theory and descriptive complexity . I n Finite Mo del The ory and Its Applic a- tions , pages 125–230. Springer-V erlag, 2007. [10] Marcin Jurdzi´ nski. Small prog ress measures fo r solving parit y games. In Horst Reichel and Sophie T ison, editors, ST ACS , volume 1770 of L e ctur e Notes in Computer Scienc e , pages 290–301. Springer, 2000. [11] A nnab elle McIver and Carroll Morgan. R esults on the quantitative µ -calculus qM µ . ACM T r ans. Com- put. L o g. , 8(1), 2007. [12] Colin Stirling. Games an d mo dal m u-calculus. In Tiziana Margaria and Bernhard Steffen, editors, T ACAS , volume 1055 of L e ctur e Notes in Computer Scienc e , pages 298–312. Springer, 1996. This wor k is licensed un der th e Creative Co mmons Attr ibution-NoDer ivs License. T o view a copy of this license, visit http: //creativ eco mmons.org/licenses/by- n d/3.0/ .