Tableau-based decision procedures for logics of strategic ability in multi-agent systems

T ableau-based decision pro cedures for logics of strategic abilit y in m ultiagen t sys tems V alen tin Gorank o ∗ and Dmitry S hk ato v † No v em ber 4, 2018 Abstract W e dev elop an incremental tablea u-based decision pro cedures for the Alternating- time tempo ral logic A TL and some of its v ariants. While running within the theoretically established complexit y upper b ound, w e claim that our tableau is practically mor e efficient in th e a verage case than other decision pro cedures for A TL known so fa r . Besides, the ease of its adaptatio n to v arian ts of A TL demonstrates the flexibility of the prop osed pro cedure. Keyw ords: logics for m ultiagen t systems, alternating-time temp oral logic, decision pro ce- dure, tableaux. 1 In tro duction Multiagen t systems ([10], [31], [33], [26]) are an increasingly imp ortant and activ e area of in terdisciplinary resea rc h o n the b ord er of computer science, artifi cial in tellig ence, and game theory , as they mo del a wid e v ariet y of phenomena in these fields, including op en and in- teractiv e sy s tems, distributed compu tat ions, securit y p rotocols, kn o wledge and information exc hange, c oalitional abilities in games, etc. Not surprisin gly , a n u m b er of log ical formalisms ha ve b een prop osed for sp ecification, v erification, and r easo ning ab out m u ltia gen t systems. These form alisms, broadly sp eaking, fall into t wo categories: those for rea soning ab out know l- e dge of agents and those for r easo ning ab out abilities of agents . In the p resen t pap er, w e deal with the latter v ariet y of logics, the most influential among them b eing the so-called Alternating-time temp oral logic ( A TL ), intro d uced in [3] and furth er devel op ed in [4] and [5]. A TL and its mo difications can b e applied to multia gen t systems in a similar wa y as temp oral lo gics, such as L T L and CTL , are applied t o reactiv e systems. First, since A TL - mo dels can b e viewed as abstractions of multiag en t systems, A TL can b e used to v erify and sp ecify prop erties o f suc h systems. Giv en a mo del M and an A TL -formula ϕ , the ta sk of v erifyin g M with resp ect to the prop erty expressed b y ϕ is, in logical terms, the m o del c h ecking problem for A T L , extensively discussed in [5]; a mo del-c hec k er for A T L has also b een develo p ed, see [6]. S eco nd, A TL c an b e u sed to design m ultiagen t systems conforming to a giv en sp ecification; then, A TL -form ulae are viewed a s sp ecificat ions to b e realized rather ∗ School of Mathematics , Universit y of the Wit w atersrand, South Africa , goranko@maths .wits.ac.za † School of Co mputer Science, Universit y of the Witw atersrand, S outh A frica, dmitry@cs.wits .ac.za 1 than verified. In logical terms, this is the c onstructive sa tisfiability p r oblem for A TL : giv en a form ula ϕ , c hec k if it is sa tisfiable and , if so, constru ct a model of ϕ . In the temp oral log ic tradition, in whic h A TL is rooted, t wo approac hes to c onstructiv e satisfiabilit y are predomin an t: table au-b ase d and automata-b ase d . The relationship b et w een the t wo is not, in our view, su fficien tly we ll und er s too d despite b eing widely ac kno w ledge d. The automata-based a pproac h to A TL -satisfiabilit y w as dev elop ed in [29] and [17]. The aim of the present pap er is to deve lop pr ac tically useful “incremen tal” (also called “goal- driven”) tableau-based d eci sion pro cedures (in the st yle of [32]) for the constructiv e satisfiabilit y p roblem f or the “standard” A TL and some of its m o difications. Incremen tal tableaux f orm one of the t wo most p opular t yp es of tableau-based decision pr ocedur es f or mo dal and temp oral logics with fixp oin t-defined op erators (the m ost widely kno wn examples b eing L TL and CTL ). I t should b e n ote d that, while tableaux for logics with such op erators emplo y all common features of the “t raditional” tableaux for modal logi cs, comprehensively co ve red in [11], [18], and [12], they d iffer substan tially fr om the latter, b ecause they inv olv e a lo op-detec ting (or equiv alent ) p rocedur e that c hecks for the sa tisfaction of form ulas con taining fixp oin t op erators. As a lready men tioned, the al ternativ e to the in cr emental ta bleaux for log ics with fixp oin t- definable op erato rs are the “t op-do wn” tableaux, dev elop ed, for the case o f CT L and some closely related logic s, in [9] (see also [8]) and essenti ally applied to A TL in [30]. A ma jor practical dra wb ac k of the top-do wn tableaux is that, wh ile they run within the same w orst- case complexit y b ound as th e corresp onding incremen tal tablea ux, their p erf orm ance matc hes the worst-case up p er b oun d for eve ry form ula to b e tested for satisfiabilit y . The r eason for this “practical inefficiency” of the top-do wn tableaux is that they inv ariably inv olv e the construction of all maximally consistent subsets of the so-called “extended closure” of the form ula to b e tested, wh ic h in itself requires the num b er of steps of the o rder of the theoretical upp er b ound 1 . Some authors consider it to b e so great a disadv anta ge of the top-do w n tableaux that they prop ose n on-optimal complexit y tableaux for suc h logics, which they claim to p erform b etter in practic e (see [1]) . W e b eliev e that the incrementa l tableaux dev elop ed in the pr esen t pap er are intuitiv ely more app ealing, practical ly more efficien t, and therefore more suitable b oth for man ual and for computerized execution th an the top-do wn tableaux, not least b ecause chec king satisfiabilit y of a formula u s ing incremental tableaux tak es, on a v erage, muc h less time than pr edicted b y the worst-c ase complexit y upp er-b ound. F urthermore, incremen tal tableaux are q u ite flexible and amenable to mo difications and extensions co vering n ot only v arian ts of A TL considered in this pap er, but also a num b er of other logic s for m ultiagen t systems, such as m ultiagen t epistemic logics (see [1 0]), for wh ic h analogous tableau-based decision pr o cedures ha ve recen tly b een dev elop ed in [16] and [15]. Lastly , it should b e noted, that our tableau metho d n aturally r educes (in th e one-agen t case) to incremen tal tableaux for C T L , which is practically more efficien t (again, on a verage ) than Emerson and Halp er n ’s to p-do wn tableaux from [9]. W e should also men tion that yet another t y p e of tableau-based decision p rocedur e for A TL , the so- called “ta bleau games”, has b een co nsidered in [19]. Even though neither sound - ness nor completeness of the tableau games f or th e full A TL has b een established in [19], 1 It should b e stressed th at the t op-do wn tableaux for A T L presented in [30] were not meant to serve as a practically efficien t method of chec king A T L -satisfiabili ty , bu t rather were used as a to ol for establishing the ExpTime upp er b ound for A TL , in particular, for the case when the number of agents is not fixed, as assumed in [29] and [17], but tak en as a parameter. 2 sound and complete tableau games f or th e “Next-time fragmen t of A TL ”, namely , the Coali- tion Logic CL , in tro duced in [22 ] (see also [23] an d [24]), ha v e b een p resen ted in [19]. The structur e of the p r esen t p aper is as follo w s: after in tro ducing the syntacti c and se- man tic b asics of A TL in section 2, we in tro duce, in section 3, concurrent game Hintikk a structures and show that they pr o vide semant ics for A TL th at is, satisfiabilit y-wise, equiv- alen t to the one based on concurrent game mo dels describ ed in section 2. In section 4, we dev elop the tableau p rocedur e for A TL and analyze its complexit y , wh ile in section 5 w e pro v e its soun dness and completeness using concurr ent game Hint ikk a structures introduced in section 3. In section 6, we briefly discuss adaptations of our tableau metho d for some mo difications of A TL . 2 Preliminaries: the mult iagen t logic A TL A TL w as introd uced in [3], and fu rther d ev elop ed in [4] and [5], as a logic al formalism to r easo n ab out op en systems ([20]), bu t it n aturally applies to the m ore general case of m ultiagen t systems. T ec hnically , A TL is an extension of th e multiage nt coalitio n logics CL and ECL stu d ied in [22], [23], and [24] (for a comparison of th e logics, see [13 ] and [14]). 2.1 A TL syn tax A TL is a multimodal logic w ith CTL -styl e mo dalities ind exed b y subsets, commonly called c o alitions , of the finite, n on -emp t y set of (names of ) agents , or play ers, that can b e referred to in the language. Th u s, formulae of A TL are d efined with resp ect to a fi nite, n on-empt y set Σ of agen ts, usually d enoted b y the natural num b er s 1 through | Σ | (the cardinalit y of Σ), and a finite or counta bly infinite set AP of atomic p rop ositi ons. Definition 2.1 A TL -formulae ar e define d by the fol lo wing gr ammar: ϕ := p | ¬ ϕ | ( ϕ 1 → ϕ 2 ) | h h A i i ❣ ϕ | h h A i i ✷ ϕ | h h A i i ϕ 1 U ϕ 2 , wher e p r anges over AP and A r anges over P (Σ) , the p ower-set of Σ . Notice that we allo w (coun tably) infi nitely m an y prop ositional parameters, bu t in lin e with traditional presen tations of A TL (see, f or examp le, [5]), only fin itely man y names of agen ts. W e w ill sho w , ho w ev er, after introdu cing A TL -seman tics, th at this latter restriction is not essential (see Remark 2.16 b elo w) and thus do es n ot r esu lt in a loss of generalit y . The other b oolean connectiv es and th e prop ositional constan t ⊤ (“truth”) can b e defined in the u sual wa y . Also, h h A i i ✸ ϕ can b e defined as h h A i i⊤ U ϕ . As will b ecome intuitiv ely clear from the semantic s of A TL , h h A i i ✸ ϕ and h h A i i ✷ ϕ are not interdefinable 2 . The expression h h A i i , where A ⊆ Σ, is a c o alition quantifier (also referred to as “path quan tifier” in the literature), while ❣ (“next”), ✷ (“alw a ys”), and U (“unt il”) are temp or al op er ato rs . Like in C T L , where ev ery temp oral op erator has to b e preceded by a path quan- tifier, in A TL ev er y temp oral op erator has to b e p receded b y a coalition quan tifier. Th u s , mo dal op er ators of A TL are p airs made up of a coaliti on quantifier and a temp oral op erator. 2 A formal proof of this claim w ould require a suitable seman tic argument, e. g., one inv olving bisim ulations b et ween mo dels for A TL . As such an argument would take up quite a lot of space and is not immediately relev ant to the con tents of the present pap er, w e do not p ursue it in this paper. 3 W e adopt th e usual con ven tion that un ary connectiv es h a v e a s tronger bind ing p o wer than binary ones; w hen this con v en tion helps disambiguat e a form ula, we usu all y omit the paren theses asso ciated with binary connectiv es. F orm ulae of the form h h A i i ϕ U ψ and ¬h h A i i ✷ ϕ are called e v entualities , for the reason ex- plained later on. 2.2 A TL seman tics While the syntax of A TL remained unc h anged fr om [3 ] to [5], the seman tics, originally based on “alt ernating transition systems”, was revised in [5], where the notion of “c oncurrent game stru ctures” w as in tro duced. The latter are essentia lly equiv alen t to “m ulti-pla yer game mo dels” ([22], [24]) and are more general th an, y et yielding the same set of v alidities as, alternating transition systems—see [13],[14 ]. In the present pap er, w e use the term “concurrent game mo dels” to refer to the “concur- ren t game str uctures” from [5] and , in k eeping with the long-established tradition in mo dal logic, the term “concurren t game f rames” to refer to the structures resulting f rom those by abstracting aw a y from the m ea ning of atomic p rop ositio ns. 2.2.1 Concurren t game frames Concurrent game frames are to A TL what Kripke fr ames are to standard mo dal logics. Definition 2.2 A concurrent game frame (for short, CGF) is a tuple F = (Σ , S, d, δ ) , wher e • Σ is a finite, non-empty set of agen ts , r eferr e d to by the numb ers 1 thr ough | Σ | ; subsets of Σ ar e c al le d coalitions ; • S 6 = ∅ is a set of states ; • d is a function assigning to eve ry agent a ∈ Σ and every state s ∈ S a natur al numb er d a ( s ) ≥ 1 of mo v es , or actions, available to agent a at sta te s ; these moves ar e identifie d with the numb ers 0 thr ough d a ( s ) − 1 . F or every state s ∈ S , a m o v e v ector is a k -tuple ( σ 1 , . . . , σ k ) , wher e k = | Σ | , such that 0 ≤ σ a < d a ( s ) for every 1 ≤ a ≤ k (thus, σ a denotes an arbitr ary action of agent a ∈ Σ ). Given a state s ∈ S , we denote by D a ( s ) the set { 0 , . . . , d a ( s ) − 1 } of al l moves available to agent a at s , and by D ( s ) the set Q a ∈ Σ D a ( s ) of al l move ve ctors at s ; with σ we denote an arbitr ary memb er of D ( s ) . • δ is a transition function assigning to every s ∈ S and σ ∈ D ( s ) a state δ ( s, σ ) ∈ S that r esults f r om s if every agent a ∈ Σ plays move σ a . All defin itio ns in the r emainder of this section refer to an arbitrarily fixed C GF. Definition 2.3 F or two states s, s ′ ∈ S , we say that s ′ is a su ccessor of s (or, for br evity, an s -suc c essor) if s ′ = δ ( s, σ ) f or some σ ∈ D ( s ) . Definition 2.4 A r un in F is an infinite se quenc e λ = s 0 , s 1 , . . . of elements of S such that, for al l i ≥ 0 , the state s i +1 is a suc c essor of the state s i . Elements of the domain of λ ar e c al le d p ositions . F or a run λ and p ositions i, j ≥ 0 , we use λ [ i ] and λ [ j, i ] to denote the i th state of λ and the finite se gment s j , s j +1 . . . , s i of λ , r esp e ctively. A run with λ [0] = s is r eferr e d to as an s -run . 4 Giv en a tu ple τ , w e in terchangea bly use τ n and τ ( n ) to refer to the n th elemen t of τ . W e use the sym b ol ♯ as a placeholder f or an arbitrarily fixed mov e of a give n agen t. Definition 2.5 L e t s ∈ S and let A ⊆ Σ b e a c o alition of agents, wher e | Σ | = k . An A -mo v e σ A at state s is a k -tuple σ A such that σ A ( a ) ∈ D a ( s ) for every a ∈ A and σ A ( a ′ ) = ♯ for every a ′ / ∈ A . W e denote b y D A ( s ) the set of al l A -moves at state s . Alternativ ely , A -mo ves at s can b e d efined as equiv alence classes on the set of all mo v e v ectors at s , w here eac h equiv alence class is d etermined by the c hoices of mo v es of agen ts in A . Definition 2.6 We say that a mov e vec tor σ extends an A -mo ve σ A and write σ A ⊑ σ , or σ ⊒ σ A , if σ ( a ) = σ A ( a ) for eve ry a ∈ A . Giv en a coalitio n A ⊆ Σ, an A -mo ve σ A ∈ D A ( s ), an d a (Σ \ A )-mo v e σ Σ \ A ∈ D Σ \ A ( s ), we denote by σ A ⊔ σ Σ \ A the un ique σ ∈ D ( s ) suc h that b oth σ A ⊑ σ and σ Σ \ A ⊑ σ . Definition 2.7 L e t σ A ∈ D A ( s ) . The outcome of σ A at s , denote d by out ( s, σ A ) , is the set of al l states s ′ for which ther e exists a move ve ctor σ ∈ D ( s ) such that σ A ⊑ σ and δ ( s, σ ) = s ′ . Concurrent game f rames are m ea nt to mod el coalitions of agents b eha ving strategically in pursu it of their goals. Give n a coalition A , a strategy for A is, intuiti v ely , a rule determining at a give n state what A -mo v e the agen ts in A sh ould play . Giv en a state as a comp onen t of a run , the strategy for agen ts in A at that s tat e ma y dep end on some part of the history of the ru n 3 , the length of this “remem b ered” history b eing a parameter formally represen ted by an ordinal γ ≤ ω . In tuitiv ely , pla yers using a γ -recall s tr ate gy can “remember” any num b er n < γ of the previous c onse cutive states of the ru n. If γ is a natural n umber, th en γ can b e th ough t of as a num b er of the consecutiv e states, in cluding the curr en t state, on w h ic h an agen t is basing its decision of what mo ve to play . If, ho w ev er , γ = ω , th en an agent can remem b er an y num b er of the p revious consecutiv e states of the ru n. Giv en a natural n umb er n , b y S n w e denote th e set of sequen ces of elemen ts of S of length n ; the length of a sequence κ is den ote d by | κ | and the last element of κ by l ( κ ). Definition 2.8 L e t A ⊆ Σ b e a c o alition and γ an or dinal such that 1 ≤ γ ≤ ω . A γ -recall strategy for A (or, a γ -recall A -strategy ) i s a mapping F A [ γ ] : S 1 ≤ n< 1+ γ S n 7→ S { D A ( s ) | s ∈ S } su ch that F A [ γ ]( κ ) ∈ D A ( l ( κ )) for eve ry κ ∈ S 1 ≤ n< 1+ γ S n . Remark 2.9 Given that 1 + ω = ω , the c ondition of Definition 2.8 for the c ase of ω -r e c al l str ate gies c an b e r ephr ase d in a simpler f orm as fol lows: F A [ ω ] : S 1 ≤ n<ω S n 7→ S { D A ( s ) | s ∈ S } su ch that F A [ ω ]( κ ) ∈ D A ( l ( κ )) for eve ry κ ∈ S 1 ≤ n<ω S n . Definition 2.10 L et F A [ γ ] b e a γ - r e c al l A - str ate gy. If γ = ω , then F A [ γ ] is r eferr e d to as a p erfect-reca ll A -strategy ; otherwise, F A [ γ ] is r efe rr e d to as a b ound ed-recal l A -strategy . F urthermor e, if γ = 1 , then F A [ γ ] is r efe rr e d to as a p ositional A -strategy . 3 In general, we might consider the case when an agen t can remember any part of the history of the run; it suffices, ho wev er, for our purp oses in this p aper to consider only those parts that are made u p of consecutive states of a run. 5 Th us, agen ts using a p erfect-recall strategy ha v e p otentia lly un limite d memory; those using p ositional strategies ha v e none ( γ = 1 means that an agent bases its decisions on one state only , i.e., the cu r ren t one); in b etw een, agent s usin g n -reca ll strategies, for 1 < n < ω , can base th eir decisions on the n − 1 previous consecutiv e states of the run as w ell as the current state. W e u sually write F A instead of F A [ γ ] when γ is understo o d fr om th e con text. Remark 2.11 Even though the c onc ept of n -r e c al l str ate gies, for 1 < n < ω is of some inter est in itself, in the pr esent p ap er it is intr o duc e d for pur ely te chnic al r e asons, to b e use d in the pr o of of the satisfiability-wise e quivalenc e (se e The or em 3.9 b e low) of the semantics of A TL b ase d on c oncurr ent game mo dels and the one b ase d on c oncurr ent game Hintikka structur es as wel l as i n the c ompleteness pr o of for our table au pr o c e dur e. We note, however, that a mor e r e alistic notion of finite-memory str ate gy is the one al low- ing a str ate g y to b e c ompute d by a finite automaton r e ading a se quenc e of states in the history of a run and pr o ducing a move to b e playe d, as pr op ose d in [28]. Definition 2.12 L et F A [ γ ] b e an A -str ate gy. The outcome of F A [ γ ] at state s , denote d by out ( s, F A [ γ ]) , is the set of al l s -runs λ such that ( γ ) λ [ i + 1] ∈ out ( λ [ i ] , F A [ γ ]( λ [ j, i ])) holds for al l i ≥ 0 , wher e j = max( i − γ + 1 , 0) . Note that for p ositional strategies cond ition ( γ ) reduces to ( P ) λ [ i + 1] ∈ out ( λ [ i ] , F A ( λ [ i ])) , f or all i ≥ 0 , whereas for p erfect-recall strategies it reduces to ( PR ) λ [ i + 1] ∈ out ( λ [ i ] , F A ( λ [0 , i ])) , for all i ≥ 0 . 2.2.2 T rut h of A TL-form ula e W e are n o w ready to define the truth of A TL -form ulae in terms of concurr en t game mo dels and p erfect-recall strategies. Definition 2.13 A concurrent game m odel (for short, CGM ) is a tuple M = ( F , A P , L ) , wher e • F i s a c oncurr ent game fr ame; • AP is a set of atomic pr op ositions; • L is a lab eling function L : S → P ( AP ) . Intuitively, the set L ( s ) c ontains the atomic pr op ositions that ar e true at state s . Definition 2.14 L et M = (Σ , S , d, δ , AP , L ) b e a c oncurr ent game mo del. The satisfaction r elation  is inductively define d for al l s ∈ S and al l A TL -formulae as fol lows: • M , s  p iff p ∈ L ( s ) , for al l p ∈ AP ; • M , s  ¬ ϕ iff M , s 1 ϕ ; 6 • M , s  ϕ → ψ iff M , s  ϕ implies M , s  ψ ; • M , s  h h A i i ❣ ϕ iff ther e exists an A -move σ A ∈ D A ( s ) such that M , s ′  ϕ for al l s ′ ∈ out ( s, σ A ) ; • M , s  h h A i i ✷ ϕ iff ther e exists a p erfe ct-r e c al l A -str ate gy F A such that M , λ [ i ]  ϕ holds for al l λ ∈ out ( s, F A ) and al l p ositions i ≥ 0 ; • M , s  h h A i i ϕ U ψ iff ther e exi sts a p erfe ct-r e c al l A -str ate gy F A such that, for al l λ ∈ out ( s, F A ) , ther e e xi sts a p osition i ≥ 0 with M , λ [ i ]  ψ and M , λ [ j ]  ϕ holds for al l p ositions 0 ≤ j < i . Definition 2.15 L et θ b e an A TL -formula and Γ b e a set of A TL -formulae. • θ is true at a state s of a CGM M if M , s  θ ; Γ is true at s , denote d M , s  Γ , if M , s  ϕ holds for every ϕ ∈ Γ ; • θ is satisfiable in a CGM M if M , s  θ holds for some s ∈ M ; Γ is satisfiable in M if M , s  Γ holds for some s ∈ M ; • θ is true in a CGM M if M , s  θ holds for ev e ry s ∈ M . As the clauses for th e modal op erators h h A i i ✷ and h h A i i U in Definition 2.14 in volv e strate- gies, these will henceforth b e r eferred to as str ate gic op er ators . Remark 2.16 As in the pr esent p ap er we ar e only c onc erne d with satisfia bility of single formulae (or, e quivalently, finite sets of formulae), and a formula c an only c ontain finitely many atomic pr op ositions, the size of AP is of no r e al signific anc e for our purp oses her e. The issue of the c ar dinality of the set of agents Σ is mor e inv olve d, however, as infinite c o alitions c an b e named within a single formula, which would imply c ertain te chnic al c omplic ations. Nevertheless, when i nter este d in satisfiability of single formula e, the finiteness of Σ do es not r esult in a loss of gener ality. Inde e d, as every formula ϕ mentions only fin itel y man y coaliti ons , we c an definite an e quiv alenc e r elation of finite index on the set of agents that is natur al ly induc e d by ϕ ; to wit, two agents ar e c onsider e d “e quivalent” if they always o c cur (or not) to gether in al l the c o alitions mentione d in ϕ (i.e. a ∼ = ϕ b if a ∈ A i ff b ∈ A holds for every c o alition A mentione d in ϕ ). Then, ϕ c an b e r ewritten into a formula ϕ ′ in which e quivalenc e classes with r esp e ct to ∼ = ϕ ar e tr e ate d as si ng le agents. It is not har d to show that ϕ ′ is satisfiable iff ϕ is, and thus the satisfiability of the latter c an b e r e duc e d to the satisfiablity of the f orm er. 2.3 Fixp oint characterization of strategic operat or s In the tableau pro cedure describ ed later on in the pap er and in the pro ofs of a num b er of results concerning A T L , we will mak e use of the fact th at the strategic op erators h h A i i ✷ an d h h A i i U can b e give n neat fixp oin t c haracterizatio ns, as sh o wn in [17 ]. In this r esp ect, A T L turns out to b e not muc h differen t from L TL and CTL , wh ose “long-term” mo dalities are w ell-kno wn to ha v e similar fix p oint characte rizations. The follo wing definitions in tro duce set theoretic op erators c orresp onding to the seman tics of the r esp ectiv e coalitional mo dalities in a sense mad e precise in Th eorem 2.19. 7 Definition 2.17 L et (Σ , S, d, δ ) b e a CGF and let X ⊆ S . Then, [ h h A i i ❣ ] is an op e r ator P ( S ) 7→ P ( S ) define d by the f ol lowing c ondition: s ∈ [ h h A i i ❣ ]( X ) iff ther e e xists σ A ∈ D A ( s ) such that out ( s, σ A ) ⊆ X . Definition 2.18 L et (Σ , S, d, δ ) b e a CGF and let X , Y ⊆ S . Then, we define op er ators [ Y ∩ h h A i i ❣ ] and [ Y ∪ h h A i i ❣ ] fr om P ( S ) to P ( S ) as exp e cte d: • [ Y ∩ h h A i i ❣ ]( X ) = Y ∩ [ h h A i i ❣ ]( X ) ; • [ Y ∪ h h A i i ❣ ]( X ) = Y ∪ [ h h A i i ❣ ]( X ) . Giv en a formula ϕ and a mo del M , we denote b y k ϕ k M the set { s | M , s  ϕ } ; w e simply write k ϕ k when M is clear f r om the con text. Giv en a monotone op erator [Ω] : P ( S ) 7→ P ( S ), we denote by µX. [Ω]( X ) and ν X . [Ω]( X ) the least and greatest fi xp oin ts of [Ω], resp ectiv ely . Theorem 2.19 (Gorank o, v an Drimmelen [17]) L et (Σ , S, d, δ, AP , L ) b e a CGM. Then, for any formulae ϕ, ψ : • kh h A i i ❣ ϕ k = [ h h A i i ❣ ]( k ϕ k ) • kh h A i i ✷ ϕ k = ν X. [ k ϕ k ∩ h h A i i ❣ ]( X ) ; • kh h A i i ϕ U ψ k = µX. [ k ψ k ∪ [ k ϕ k ∩ h h A i i ❣ ]]( X ) . Corollary 2.20 The fol lowing e quivalenc es hold at eve ry state of every CGM with A ⊆ Σ : • h h A i i ✷ ϕ ↔ ϕ ∧ h h A i i ❣ h h A i i ✷ ϕ ; • h h A i i ϕ U ψ ↔ ψ ∨ ( ϕ ∧ h h A i i ❣ h h A i i ϕ U ψ ) ; 2.4 Tigh t , general, and lo ose A TL-satisfiabilit y Unlik e the case of standard mo dal logics, it is natur al to th ink of sev eral app aren tly d ifferen t notions of A T L -satisfiabilit y . Th e differences lie along t wo dimensions: the t yp es of strate gies used in the d efinition of the satisfaction rela tion and the relationship b et w een the set of agen ts men tioned in a form ula and the set of agen ts referred to in the language. W e consider these issues in tu r n. The notion of strategy , as introd uced ab o v e, is d ep end en t on the amount of memory used to p rescrib e it. A t one end of the sp ectrum are p ositional (or memoryless ) s tr ate gies, which only tak e int o consideration the cu r ren t state of, bu t not an y p art of the h istory of, the run; and at the other— p erfe ct r e c al l strategies, which tak e in to account the en tire history of the run. It turn s out, how ev er, that th ese b oth “extreme” types of s tr ate gy—and, hence, all those in b et ween—yield equiv alen t s eman tics in th e ca se of A TL (they , how ev er, differ in the case of the m ore expr essiv e logic A TL *, considered in [5]). Therefore, the ab o v e d efinition of truth of A TL -form ulae (Defin ition 2.14) could hav e b een couc h ed in terms of p ositional, rather th an p erfect-recall, str at egies without an y changes in what formulae are satisfiable at whic h states. Th is equiv alence, fi rst mentio ned in [5], can b e pro v ed using a mo del-theoretic argumen t; indep enden tly , it fol lo w s as a corollary of the soun d ness and co mpleteness theo rems for the tableau pro cedure presented b elow (see Corollary 5.38 ). 8 No w, assuming the t yp e of s trate gies b eing fixed, one can consider thr ee different, at least on the face of it, notions of satisfiabilit y and v alidit y for A TL , dep endin g on the relationship b et ween the set of agen ts m en tioned in a form u la and the set of age nts referred to in the language, as in tro duced in [30]. F or ev ery A TL -formula θ , w e denote by Σ θ the s et of agen ts occurr in g in θ . When considering an A T L -form ula θ in isolation, we ma y assum e, without a loss of generalit y , that the names of the agen ts o ccurring in θ are the num b ers 1 through | Σ θ | ; hence, the follo wing definitions. Definition 2.21 An A TL -formula θ is Σ-satisfiable , for some Σ ⊇ Σ θ , if θ is satisfiable in a CGM M = (Σ , S, d, δ, AP , L ) ; θ is Σ-v alid if θ i s true in every such CGM. Definition 2.22 An A TL -formula θ is tigh tly satisfiable if θ is satisfiable i n a CGM M = (Σ θ , S, d, δ, AP , L ) ; θ is tigh tly v alid if θ is true in every such CGM. Clearly , θ is tigh tly satisfiable iff it is Σ θ -satisfiable. Definition 2.23 An A TL -formula θ is generally s atisfiable if θ is satisfiable in a CGM M = (Σ ′ , S, d, δ, AP , L ) for some Σ ′ with Σ θ ⊆ Σ ′ ; θ is generall y v alid if θ is true in eve ry such CGM. T o see that tigh t satisfiabilit y (v alidit y ) is different fr om general satisfiabilit y (v alidit y), consider the form ula ¬h h 1 i i ❣ p ∧ ¬h h 1 i i ❣ ¬ p ; it is easy to see that this form ula is generally , b ut not tigh tly sat isfiable (acc ordingly , its negatio n is tigh tly , b ut not generally , v alid). O b viously , tigh t satisfiability implies general sat isfiabilit y , and it is not hard to notice th at it also implies Σ-satisfiabilit y (in a mo del where any agent a ′ ∈ Σ \ Σ θ pla ys a dummy role b y ha vin g exactly one action av ailable at ev ery state). W e n ow sh o w that testing for b oth Σ-satisfiabilit y and general satisfiabilit y for θ can b e redu ced to testing f or tight s ati sfiabilit y and a s p ecial case of Σ-satisfiability where Σ = Σ θ ∪ { a ′ } for some a ′ / ∈ Σ θ (more p recisely , a ′ = | Σ θ | + 1)—in other w ord s, only one new agen t suffices to w itness satisfiabilit y of θ o v er CGFs in v olving agen ts not in Σ θ . Th is result, pro v ed b elo w, w as fir st state d, with a pro of sk etch, for satisfiabilit y in the more restricted (but equiv alen t with r espect to satisfiability , see [13]) semant ics based on “alternating transition systems”, in [30]. Theorem 2.24 L et θ b e an A TL -formula, Σ θ ( Σ , and a ′ / ∈ Σ θ . Then, θ is Σ -satisfiable iff θ is (Σ θ ∪ { a ′ } ) -satisfiable. Pro of. Supp ose, fir st, that θ is Σ-sati sfiable. Let M = (Σ , S, d, δ, AP , L ) be a CGM and s ∈ S b e a state such that M , s  θ . T o obtain a (Σ θ ∪ { a ′ } )-mod el M ′ for θ , first, let, f or eve ry s ∈ S : • d ′ a ( s ) = d a ( s ) for ev ery a ∈ Σ θ ; • d ′ a ′ ( s ) = | Q b ∈ (Σ − Σ θ ) d b ( s ) | ; then, d efine δ ′ in the follo wing wa y: δ ′ ( σ Σ θ ⊔ σ a ′ ) = δ ( σ Σ θ ⊔ σ Σ − Σ θ ), w here σ a ′ is the place of σ Σ − Σ θ in the lexicog raphic ordering o f D Σ − Σ θ ( s ). Finally , p ut M ′ = (Σ θ ∪ { a ′ } , S, d ′ , δ ′ , AP , L ). 9 Notice that the ab o v e definition immediately implies that out ( s, σ A ) is th e same set in b oth M and M ′ for every s ∈ S and ev ery σ A ∈ D A ( s ) with A ⊆ Σ θ , and therefore, in b oth mo dels, [ h h A i i ❣ ]( X ) is the same set for ev ery X ⊆ S and ev ery A ⊆ Σ θ . It can then b e sho wn, b y a routin e induction on the stru ctur e of s u bform ulae χ of θ , using Theorem 2.19 , that M , s  χ iff M ′ , s  χ for eve ry s ∈ S . Supp ose, n ext, that θ is (Σ θ ∪ { a ′ } )-satisfiable. Let M b e the mo del witnessing the satisfaction and let b b e an arbitrary agen t in Σ − Σ θ . T o obtain a Σ-mo del M ′ for θ , first, let, for ev ery s ∈ S : • d ′ a ( s ) = d a ( s ) for ev ery a ∈ Σ θ ; • d ′ b ( s ) = d a ′ ( s ); • d ′ b ′ ( s ) = 1 for any b ′ ∈ Σ \ ( { b } ∪ Σ θ ); then, define δ ′ in the follo wing wa y: δ ′ ( σ Σ θ ⊔ σ Σ − Σ θ ) = δ ( σ Σ θ ⊔ σ a ′ ), where σ a ′ = σ b . Finally , put M ′ = (Σ , S, d ′ , δ ′ , AP , L ). The rest of the argumen t is iden tical to the one for the opp osite direction. ✷ Corollary 2.25 L et θ b e an A TL -formula. Then, θ is gener al ly satisfiable iff θ i s either tightly satisfiable or (Σ θ ∪ { a ′ } ) -satisfiable for any a ′ / ∈ Σ θ . Pro of. Straigh tforw ard. ✷ Theorem 2.24 and Corollary 2.25 essential ly mean that it su ffices to consider t wo distinct notions of satisfiabilit y for A TL -formulae: tight satisfiabilit y and satisfiabilit y in CGMs with one fresh agent , which we will h enceforth refer to as lo ose satisfiability . 2.5 Alternativ e seman tic c haracterization of negated mo dal op erators Under Definition 2. 14, truth conditions for n ega ted mo dal o p erators, suc h as ¬h h A i i U , inv olv e claims ab out the n on-existe nce of m ov es or strategies. In [17], an alternativ e semantic c har- acterizat ion of s uc h formulae has b een prop osed; this alternativ e charac terization in v olv es claims ab out the existence of so-called in [17] c o-moves and c o-str ate gies . Definition 2.26 L et s ∈ S and A ⊆ Σ . A co- A -mo v e at state s is a function σ c A : D A ( s ) 7→ D ( s ) such that σ A ⊑ σ c A ( σ A ) for every σ A ∈ D A ( s ) . We denote the set of al l c o- A -moves at s by D c A ( s ) . In tuitiv ely , given an A -mo ve σ A ∈ D A ( s ), whic h represents a collectiv e action of agen ts in A , a co- A -mo v e assigns to σ A a “coun termo v e” σ Σ \ A of the complement coalitio n Σ \ A ; tak en together, these t wo mov es p r odu ce a u n ique mo ve v ector σ A ⊔ σ Σ \ A ∈ D ( s ). Definition 2.27 L et σ c A ∈ D c A ( s ) . The outc ome of σ c A at s , denote d b y out ( s, σ c A ) , is the set S { δ ( s, σ c A ( σ A )) | σ A ∈ D A ( s ) } . (Thus, out ( s, σ c A ) is the r ange of σ c A ). W e next defi n e co-strateg ies, whic h are related to co-mo ves in the same wa y as strategies are related to mo v es. 10 Definition 2.28 L et A ⊆ Σ b e a c o alition and γ an or dinal such that 1 ≤ γ ≤ ω . A γ - recall co- A -strateg y is a mapping F c A [ γ ] : S 1 ≤ n< 1+ γ S n 7→ S { D c A ( s ) | s ∈ S } such that F c A [ γ ]( κ ) ∈ D c A ( l ( κ )) for eve ry κ ∈ S 1 ≤ n< 1+ γ S n . Note that the coalition f ollo wing a co- A -strategy is Σ \ A . Remark 2.29 Given that 1 + ω = ω , the c ondition of the Definition 2.28 for the c ase of ω -r e c al l str ate gies c an b e r ephr ase d in a simpler form as fol lows: F c A [ ω ] : S 1 ≤ n<ω S n 7→ S { D c A ( s ) | s ∈ S } such that F c A [ ω ]( κ ) ∈ D c A ( l ( κ )) for eve ry κ ∈ S 1 ≤ n<ω S n . Remark 2.30 A γ -r e c al l c o-str ate gy c an b e define d e quivalently as a mapping fr om p airs ( κ ∈ S n ; γ - r e c al l str ate gy F A [ γ ] ) to the set of outc ome states out ( l ( κ ) , F A [ γ ]( κ )) . W e w ill wr ite F c A instead of F c A [ γ ] when γ is un derstoo d from the con text. Definition 2.31 L et F c A [ γ ] b e a γ -r e c al l c o- A -str ate gy. If γ = ω , then F c A [ γ ] is r eferr e d to as a p erfect-recal l co- A -strategy ; oth erwise, F A [ γ ] is r eferr e d to as a b ou n ded-recall co- A - strategy . F urthermor e, if γ = 1 , then F c A [ γ ] is r efe rr e d to as a p ositional co- A -strate gy . Definition 2.32 L et F c A [ γ ] b e a c o- A -str ate gy. The outcome of F c A [ γ ] at state s , denote d by out ( s, F c A [ γ ]) , is the set of al l s -runs λ such that ( γ c ) λ [ i + 1] ∈ out ( λ [ i ] , F c A ( λ [ j, i ])) holds for al l i ≥ 0 , wher e j = max( i − γ + 1 , 0) . F or p ositional co-strategies, condition ( γ c ) redu ces to ( CP ) λ [ i + 1] ∈ out ( λ [ i ] , F c A ( λ [ i ])) , f or all i ≥ 0 , whereas for p erfect-recall co-strateg ies, it redu ces to ( CPR ) λ [ i + 1] ∈ out ( λ [ i ] , F c A ( λ [0 , i ])) , for all i ≥ 0 . No w, we can giv e alternativ e tru th conditions for negated mo dalities, couched in terms of co-mo v es and co-strategies. Theorem 2.33 (Gorank o, Drimmelen [17]) L et M b e a CGM and s ∈ M . Then, 1. M , s  ¬h h A i i ❣ ϕ iff ther e exists a c o- A - move σ c A ∈ D c A ( s ) such that M , s ′  ¬ ϕ for every s ′ ∈ out ( s, σ c A ) ; 2. M , s  ¬h h A i i ✷ ϕ iff ther e exists a p erfe ct r e c al l c o- A -str ate g y F c A such that, for every λ ∈ out ( s, F c A ) , ther e exists p osition i ≥ 0 with M , λ [ i ]  ¬ ϕ ; 3. M , s  ¬h h A i i ϕ U ψ i ff ther e exists a p erfe ct r e c al l c o- A -str ate gy F c A such that, for eve ry λ ∈ out ( s, F c A ) and every p osition i ≥ 0 with M , λ [ i ]  ψ , ther e e xi sts a p osition 0 ≤ j < i with M , λ [ j ]  ¬ ϕ . Remark 2.34 Sinc e b oth typ es of str ate g ies yield the same semantics for A TL , in the last two clauses of The or em 2.33, “p erfe ct r e c al l” c an b e r eplac e d with “p ositional”. 11 3 Hin tikk a structures for A TL When proving completeness of the tableau pro cedure describ ed in th e n ext section, we will mak e use of a new kind of semanti c stru ctures for A TL —n amely , Hintikk a structures. T he basic d ifference b etw een mo dels and Hintikk a stru ctures is that while mo dels sp ecify the truth or otherwise of ev ery formula of th e language at ev er y state, Hintikk a structures only pro vide truth v alues of the formulae relev an t to the ev aluation of a fixed formula θ . Before defining Hin tikk a s tructures f or A TL , which we, for the sak e of terminological consistency , call c oncurr ent game H intikka structur es , we in tro duce, with a view to simp lifying the su b sequen t present ation, α - and β -notation for A TL -form ulae. 3.1 α - and β -notation for A TL W e d ivide all A TL -formulae in to primitiv e and non-prim itive ones. Definition 3.1 L e t ϕ b e an A TL -formula. Then, ϕ i s p rimitiv e i f it is one of the fol lowing: • ⊤ ; • p ∈ AP ; • ¬ p for some p ∈ A P ; • h h A i i ❣ ψ for some f ormula ψ ; • ¬h h A i i ❣ ψ for some formula ψ and A 6 = Σ . Otherwise, ϕ i s non-primitiv e . In tuitiv ely , ϕ is primitiv e if the truth of ϕ at a state s of a CGM cannot b e r educed to the truth of any “seman tically simpler” formula e at s ; otherwise, ϕ is non-primitive. Note, in particular, that ¬ p is not considered “seman tically simpler” then p , as the truth of the form er can not b e r ed uced to the truth, as opp osed to the falseho o d , of the latter. F ollo wing [27], w e classify all n on-primitiv e form ulae in to α -ones and β -ones. Intuitiv ely , α -form ulae are “conjunctiv e” form ulae: an α -formula is true at a state s iff t wo other for- m ulae, “conjun cts” of α , d enote d b y α 1 and α 2 , are true at s . By con trast, β -formulae are “disjunctiv e” form ulae, tru e at a state s iff either of their “disjuncts”, denoted by β 1 and β 2 , is tru e at s . F or neatness of classification, if the truth of a n on-primitiv e form ula ψ at s can b e reduced to the tru th of only one simp ler f orm ula at s , then ψ is treated as an α -form ula; for su c h form ulae, α 1 = α 2 . The follo win g tables list α - and β -form ulae together with their resp ectiv e “conjuncts” and “disjuncts”. α α 1 α 2 ¬¬ ϕ ϕ ϕ ¬ ( ϕ → ψ ) ϕ ¬ ψ ¬h h Σ i i ❣ ϕ h h∅i i ❣ ¬ ϕ h h∅i i ❣ ¬ ϕ h h A i i ✷ ϕ ϕ h h A i i ❣ h h A i i ✷ ϕ 12 β β 1 β 2 ϕ → ψ ¬ ϕ ψ h h A i i ( ϕ U ψ ) ψ ϕ ∧ h h A i i ❣ h h A i i ( ϕ U ψ ) ¬h h A i i ( ϕ U ψ ) ¬ ψ ∧ ¬ ϕ ¬ ψ ∧ ¬ h h A i i ❣ h h A i i ( ϕ U ψ ) ¬h h A i i ✷ ϕ ¬ ϕ ¬h h A i i ❣ h h A i i ✷ ϕ The entrie s for the non-mo dal connectiv es in the ab o ve tables are motiv ated by the wel l- kno wn classical v alidities. The en tries for the strategic op erators are m oti v ated by Corol- lary 2.20. Lastly , it can b e easily chec k ed that M , s  ¬h h Σ i i ❣ ϕ iff M , s  h h∅i i ❣ ¬ ϕ for ev ery CGM M and s ∈ M . 3.2 Concurren t game H intikk a struct ures W e are now ready to defin e concurrent game Hin tikk a stru ctures (CGHSs, for sh ort). Lik e concurrent game mo dels, CGHSs are based on concurren t game fr ames, where differen t kinds of strategies ma y b e used, ranging from positional to p erfect-recall. As it will b ecome eviden t from the forthcoming completeness pro of, in the case of basic A TL , which we p rimarily focus on in this p ap er , it suffi ces to consider only p ositional Hintikk a structures. Nev ertheless, we consider, in this section, the most general case of CGHS s , based on p erfe ct-r e c al l str ategies 4 . Definition 3.2 A (p erfe ct-r e c al l) concur ren t game Hin tikk a structure (for short, CGHS) is a tuple H = (Σ , S, d, δ , H ) , wher e • (Σ , S , d, δ ) is a c oncurr ent game fr ame; • H is a lab eling of the elements of S with sets of A TL -formula e that satisfy the fol lowing c onstr aints: H1 If ¬ ϕ ∈ H ( s ) , then ϕ / ∈ H ( s ) ; H2 if α ∈ H ( s ) , then α 1 ∈ H ( s ) and α 2 ∈ H ( s ) ; H3 if β ∈ H ( s ) , then β 1 ∈ H ( s ) or β 2 ∈ H ( s ) ; H4 if h h A i i ❣ ϕ ∈ H ( s ) , then ther e e xists an A - move σ A ∈ D A ( s ) such that ϕ ∈ H ( s ′ ) for al l s ′ ∈ out ( s, σ A ) ; H5 if ¬h h A i i ❣ ϕ ∈ H ( s ) , then ther e exists a c o- A -move σ c A ∈ D c A ( s ) such that ¬ ϕ ∈ H ( s ′ ) for al l s ′ ∈ out ( s, σ c A ) ; H6 if h h A i i ϕ U ψ ∈ H ( s ) , then ther e exists a p erfe ct-r e c al l A -str ate gy F A such that, for al l λ ∈ out ( s, F A ) , ther e exists a p osition i ≥ 0 such that ψ ∈ H ( λ [ i ] ) and ϕ ∈ H ( λ [ j ]) holds for al l p ositions 0 ≤ j < i ; H7 if ¬h h A i i ✷ ϕ ∈ H ( s ) , then ther e exists a p erfe ct-r e c al l c o- A -str ate gy F c A such that, for every λ ∈ out ( s, F c A ) , ther e exists p osition i ≥ 0 with ¬ ϕ ∈ H ( λ [ i ]) . Remark 3.3 T o obtain the definition of p ositional CGHS, al l one has to do is r eplac e “p erfe ct-r e c al l” with “p ositional” in clauses (H6) and (H7) of Definition 3.2. 4 Our reason for doing so is that we intend t o consider, in a follow -up work, ad ap t ations of the tableau proced ure describ ed herein to some imp ortant v ariations and ex tensions of A TL , such as A TL with incomplete information, A TL ∗ , and Game Logic ([5]), where p ositional strategies only d o not suffice; then, the results in this section will b e put to full use. 13 Definition 3.4 L e t θ b e an A TL -formula and H = (Σ , S, d, δ, H ) b e a CGHS. We say that H is a concurrent game Hint ikk a stru cture for θ if θ ∈ H ( s ) for some s ∈ S . Hin tikk a structures can b e though t of a s representi ng a class of mo dels on the set of state s S that, for ev ery s ∈ S , agree on the formulae in H ( s ) (that is, mak e exactly the same form ulae in H ( s ) tru e). Mo dels themselv es can b e thought of as maximal Hintikk a structur es, whose states are lab eled w ith maximally consistent sets of form ulae. More p recisely , giv en a CGM M = (Σ , S, d, δ, AP , L ), w e can defin e th e extended lab eling fu nction L + M b y L + M ( s ) = { ϕ | M , s  ϕ } , w h ere ϕ ranges o ver all A TL -form ulae, an d the resulting structure (Σ , S, d, δ, L + M ) will b e a Hintikk a stru cture. This immediately giv es rise to the follo wing theorem. Theorem 3.5 L e t θ b e an A TL -formula. Every CGM M = (Σ , S, d, δ, AP , L ) satisfying θ induc es a CGH S H = (Σ , S, d, δ, L + M ) for θ , wher e L + M is the extende d lab eling function on M . Pro of. Straigh tforw ard, using Th eorem 2.33 for (H5) and (H7). ✷ Con v ersely , ev ery Hin tikk a structure for a formula θ can b e expanded to a maximal one— that is, a mo del—b y declaring, for ev ery s ∈ S , all atomic p rop ositi ons outside H ( s ) to b e false at s . T o prov e this claim, how ev er, w e n eed a few auxiliary definitions. Definition 3.6 L e t H = (Σ , S, d, δ, H ) b e a CGHS. A run of length m , wher e 1 ≤ m < ω , in H is a se quenc e λ = s 0 , . . . , s m − 1 of elements of S such that, for al l 0 ≤ i < m − 1 , the state s i +1 is a suc c essor of the state s i . Numb ers 0 thr ough m − 1 ar e c al le d p ositions of λ . The length of λ , define d as the numb er of p ositions in λ , is denote d by | λ | . F or e ach p osition 0 ≤ i < m , we denote by λ [ i ] the i th state of λ . A fin ite run in H is a run of length m for some m with 1 ≤ m < ω . A finite run with λ [0] = s i s a fin ite s -run . Definition 3.7 L e t H b e a CGHS, λ b e a finite s -run in H , and F c A [ m ] b e an m -r e c al l c o- A -str ate gy on the f r ame of H , wher e 1 ≤ m < ω . We say that λ is compliant w ith F c A [ m ] if • | λ | = m + 1 ; • λ [ i + 1] ∈ out ( λ [ i ] , F c A [ m ]( λ [0 , i ])) holds for al l 0 ≤ i < m . Definition 3.8 L e t H b e a CGHS, let λ b e an (infinite) s -run in H and let F c A b e a p erfe ct- r e c al l c o- A -str ate gy on the fr ame of H . We say tha t λ is compliant with F c A if λ ∈ out ( s, F c A ) . Theorem 3.9 L e t θ b e an A TL -formula. Every CGHS H = (Σ , S, d, δ, H ) for θ c an b e exp ande d to a CGM satisfying θ . Pro of. Let H = (Σ , S, d, δ, H ) b e a CGHS for θ . T o obtain a CGM M = (Σ , S, d, δ , AP , L ), w e defin e the lab eling function L as follo ws: L ( s ) = H ( s ) ∩ AP , for eve ry s ∈ S . T o establish the statemen t of the theorem, we pro v e, by in duction on the structur e of form ula χ that, for every s ∈ S and every χ , the follo wing claim holds: χ ∈ H ( s ) implies M , s  χ and ¬ χ ∈ H ( s ) implies M , s  ¬ χ. 14 Let χ b e some p ∈ AP . Then, p ∈ H ( s ) implies p ∈ L ( s ) and , th us, M , s  p ; if, on the other hand, ¬ p ∈ H ( s ), then due to (H1), p / ∈ H ( s ) and thus p / ∈ L ( s ); hence, M , s  ¬ p . Assume that the claim holds for all subformulae o f χ ; then, w e hav e to pro ve that it holds for χ , as w ell. Supp ose that χ is ¬ ϕ . If ¬ ϕ ∈ H ( s ), then the ind uctiv e hypothesis imm ediate ly giv es us M , s  ¬ ϕ ; if, on the other h and, ¬ ¬ ϕ ∈ H ( s ), then b y virtue of (H2), ϕ ∈ H ( s ) and h en ce, b y indu ctiv e hyp othesis, M , s  ϕ and th u s M , s  ¬¬ ϕ . The cases of χ = ϕ → ψ and χ = h h A i i ❣ ψ and are straigh tforward, usin g (H2)–(H5). Supp ose that χ = h h A i i ϕ U ψ . If h h A i i ϕ U ψ ∈ H ( s ), then the desired conclusion immediately follo ws from (H6) and the inductive h yp othesis. Assume now that ¬h h A i i ϕ U ψ ∈ H ( s ). In view of the inductiv e hyp othesis and T h eo- rem 2.33, it suffices to sh o w that there exists a p erfect-recall co- A - strategy F c A suc h that λ ∈ out ( s, F c A ) implies that, if there exists i ≥ 0 with ψ ∈ H ( λ [ i ]), then there exists 0 ≤ j < i with ¬ ϕ ∈ H ( λ [ j ]). W e define the required F c A b y indu cti on on the length of sequ ences in its domain. This amoun ts to defining finite prefixes of F c A for ev ery 1 ≤ n < ω —the restrictions of F c A to sequences of states of length ≤ n . Clearly , the fi nite prefi x of F c A of length n is an n -r eca ll co- A -strate gy . W e only exp licitly define the v alue of F c A [ n ]( λ ), where | λ | = n , if λ is a finite s -run complian t with F c A [ n − 1] (recall Definition 3.7), where F c A [ n − 1] is a strategy d efined at the previous step of the in duction. The v alues of F c A [ n ]( λ ) for any other sequences of length n are immaterial. Th e only other constraint that w e ha ve to tak e into accoun t when defining F c A [ n ] is th at, if F c A [ n ] extends F c A [ m ], then th e v alues of F c A [ m ] and F c A [ n ] should agree on all the sequences of length m . Alongside defining F c A [ n ] for ev ery 1 ≤ n < ω , we pr o v e that the follo wing inv arian t pr operty holds: If λ ∈ out ( s, F c A [ n ]), then ( i ) Either there exists a p osition 0 ≤ i ≤ n, su c h that ( † ) ¬ ϕ ∈ H ( λ [ i ]) and ¬ ψ ∈ H ( λ [ j ]) for all 0 ≤ j ≤ i, ( ii ) or ¬ ψ , ¬h h A i i ❣ h h A i i ϕ U ψ ∈ H ( λ [ i ]) for all 0 ≤ i ≤ n. Clearly , if ev ery fi nite p refix of F c A satisfies ( † ), F c A is the r equired co- A -strategy . W e start by definin g F c A [1]. There is only one s -run of length 1, namely ( s ). As ¬h h A i i ϕ U ψ ∈ H ( s ), in view of (H3) and (H2), either ¬ ψ, ¬ ϕ ∈ H ( s ) or ¬ ψ, ¬h h A i i ❣ h h A i i ϕ U ψ ∈ H ( s ). In the former case any co- A -mo ve will pro duce a co- A -strateg y F c A [1] suc h that, if λ ∈ out ( s, F c A [1]), then λ satisfies ( † ) (i). In the latter case, (H5) guaran tees that there exists a co- A -mo v e σ c A ∈ D c A ( s ) su ch that ¬ h h A i i ϕ U ψ ∈ H ( s ′ ) for all s ′ ∈ out ( s, σ c A ). This, together with (H3) and (H2) guaran tees that ¬ ψ , ¬ h h A i i ❣ h h A i i ϕ U ψ ∈ H ( s ′ ) for ev ery s ′ ∈ out ( s , σ c A ), whic h, as ¬ ψ ∈ H ( s ), ens u res that ( † ) (ii) holds for an y λ ∈ out ( s, F c A [1]). Thus, in either case, ( † ) h olds for ev ery λ ∈ out ( s, F c A [1]). Next, inductive ly assume that, if λ is an s -run complian t with F c A [ n ], then ( † ) holds for λ . W e n eed to sho w ho w to extend F c A [ n ] to F c A [ n + 1] ⊃ F c A [ n ] in the ( † )-preserving w a y . If ( † ) (i) holds for every λ satisfying the condition of the indu ctive hyp othesis, then obviously , any co- A -mo v e will do. Otherwise, ( † ) (ii) holds for every suc h λ ; then , F c A [ n + 1] can be obtained from F c A [ n ] as in th e second part of th e “basis case” argument. F or all other sequ ences κ of length n + 1 (i.e., those that do not start with s or are not complian t with F c A [ n ]), the v alue F c A [ n ]( κ ) can b e d efined arbitrarily . F or all sequ ences κ of length ≤ n , w e stipulate F c A [ n + 1]( κ ) = F c A [ n ]( κ ). This completes the definition of F c A [ n + 1]. As we ha v e seen, if λ is an s -run complian t with F c A [ n + 1 ], then ( † ) h olds for λ . 15 The case of ¬h h A i i ✷ ϕ ∈ H ( s ) is straightforw ard using (H7), while the case of h h A i i ✷ ϕ ∈ H ( s ) can b e p ro ve d in a wa y analogous to the case of ¬h h A i i ϕ U ψ , usin g s uitable d efinitions of compliancy of (finite and infin ite) ru n s with strategies. ✷ Theorems 3.5 and 3.9 take n together mean that, from the p oin t of view of a single A TL - form ula, satisfiabilit y in a (p erfect-recall) mo del and in a (p erfect-recall) Hin tikk a s tructure are equiv alen t. 4 T erminating tableaux for tigh t A TL-satisfiabilit y In the curr en t section, w e present a tableau metho d for testing A TL -form ulae for tight sat- isfiabilit y . T raditionally , tableau tec h niques w ork by decomp osing the form u la whose satisfiabilit y is b eing tested int o “semant ically simp ler” f orm ulae. In th e classical prop ositional case ([27]), “seman tically simpler” implies “smaller”, which b y itself guarantee s termination of the pr o- cedure in a finite num b er of steps. Another feature of the tableau metho d for the classical prop ositional logic is that this decomp osition into seman tically simp ler form ulae results in a tree repr esenting an exh austiv e search for a mo del—or, to b e more p recise, a Hin tikk a set (the classical analogue of Hin tikk a str uctures)—for the inp ut formula. If at least one br anc h of the tree pr o du ces a Hintikk a set for the inp ut formula, the searc h has su cce eded and the form ula is pronounced satisfiable 5 . These tw o defining features o f the classica l tableau metho d do not emerge unscathed when the metho d is applied to logics con taining fixp oin t op erators, such as A T L (in this resp ect, the case of A T L is similar to th ose of L TL and CT L ). Firstly , decomp osition of A TL -formulae into “semant ically simp ler” ones, which, jus t as in the classica l case, is carried out by breaking up α - and β -form ulae in to their resp ectiv e “conjuncts” and “disjuncts,” do es n ot alwa ys pro duce smaller formulae, as can b e seen from the tables giv en in section 3.1. Therefore, we will ha v e to tak e sp ecial precautions to ensur e that the pr o cedure terminates (in ou r case, as in [32], this will inv olv e the use of the so-called pr estates ). Secondly , in the classical case the only reason why it might turn ou t to b e imp ossible to pro duce a Hint ikk a set for the input form ula is that ev ery attempt to bu ild such a set results in a collection of form ulae conta ining a patent inconsistency (fr om h ere on, b y p atent inc onsistency w e mean a pair of form ulas of the form ϕ , ¬ ϕ ) 6 . In the case of A TL , there are t wo other reasons f or a tableau not to corresp ond to an y Hintikk a structure f or the input formula. First, applying decomp osition rules to ev entuali ties—form ulae wh ose truth conditions requir e that some formula ( ψ in the case of the ev en tualit y h h A i i ϕ U ψ , and ¬ ϕ in the c ase o f the eve ntual it y ¬h h A i i ✷ ϕ ) “ev entually” b eco mes tru e; the tableau analo g of this w e will refer to as r e alization of an eventuality ,—one can ind efi nitely p ostp one their realization b y alwa ys c ho osing the “disjun ct” (notic e that b oth eve nt ualities are β -formulas) “promising” that th e realization will happ en fu rther d o wn the line, this “promise” never b eing f ulfilled. 5 Even th ough this tree is usually built step-by-step by decomp osing one formula at a time (see [27] and [32]), it can b e compressed into a simple tree—i.e., a tree with a single interio r no de—whose ro ot is the set conta ining only the input formula and whose lea ves are all m in imal down w ard-saturated extensions (to b e defined later on; see Definitions 4.1 and 4.2) of t he root. W e will use this, more compact, approach in our tableaux. 6 Notice that this condition implies but is n ot, in general, equiv alen t to prop ositional inconsistency . 16 Therefore, in addition to not conta ining paten t inconsistencies, “go od” A TL tableaux should not con tain sets with u nrealize d ev entualit ies. Y et another reason for the r esultan t tableau not to represent a Hintikk a structure is that some sets d o not ha ve all the successors they w ould b e requir ed to hav e in a corresp onding Hint ikk a structure. Coming bac k to the realization of ev entuali ties, it should b e noted that, in a Hin tikk a structure for th e inpu t form ula, all the ev entualiti es b elonging to th e lab els of its s tat es ha v e to b e realized, and different ev en tualities can p lac e different demands on the lab els of states of a Hint ikk a structure. F ortunately , in the case of A TL (just lik e in those of L TL and CTL and unlike, for example, those of Parikh’s game logic [25] and pr op ositional µ -calculus [7]), ev entualiti es can b e “take n on” one at a time: w e can ensure, and this lies at the heart of our completeness pro of, that ha ving realized ev entualitie s one b y one, we ca n then assem ble a Hin tikk a structure out of the “bu ilding blo c ks” realizing sin gle ev entualitie s. This tec h nique resem bles the mosaic metho d used to p ro ve decidabilit y of a v ariety of mo dal and temp oral logics (see, for example, [21]). 4.1 Brief description of the tableau pro cedure In essen ce, the tableau procedu re for test ing an A TL -formula θ f or satisfiabilit y is an a ttempt to constru ct a n on -emp t y graph T θ , called a table au , repr esen ting all p ossible concurren t game Hinti kk a structur es for θ . If the attempt is successful, θ is pronoun ced s ati sfiable; otherwise, it is declared unsatisfiable. (As this whole section is exclusiv ely concerned with tigh t satisfiabilit y , wh enev er we use the w ord “satisfiable” or an y deriv ativ e th er eof, we mean the tigh t v ariet y; another r easo n to keep the language generic is that—as we shall see later on—the basic id eas transfer smo othly o ver to other sp ecies of satisfiability) . The tableau pro cedure consists of three ma jor phases: c onstruction phase , pr estate elimi- nation phase , and state elimination phase . Accordingly , w e ha ve th r ee t yp es of tableau rules: construction ru les, a prestate elimination rule, and state elimination ru les. The pro cedure itself essen tially sp ecifies—apart from the starting p oint of the w hole pro cess—in w hat order and un der wh at circums tances these r ules should b e applied. During the construction p hase, the construction ru les are used to pro duce a directed graph P θ —referred to as th e pr etable au for θ —whose set of no des prop erly conta ins the set of no des of the tableau T θ that we are ultimately buildin g. No des of P θ are sets of A T L -form ulae, some of whic h—referr ed to as states 7 — are mean t to represent states (w h ence the name) of a Hintikk a structur e, while others—referred to as pr estates —fu lfill a pu rely tec hn ica l role of helping to k eep P θ finite. During the p r estat e elimination phase, we create a smaller g raph T θ 0 out of P θ —referred to as the initial table au for θ —by eliminating all the prestates of P θ (and t weaking with its edges) since prestates ha ve already f u lfilled their f unction: as we are not going to add any more no des to the graph b u ilt so far, the p ossibilit y of pro ducing an infinite structure is no longer a concern. Lastly , during the state elimination ph ase, we r emo v e from T θ 0 all the states, if any , that cannot b e satisfied in any CGHS, f or one of the follo wing three reasons: either th ey are inconsisten t, or con tain un realiz able even tualities, or do not hav e all the successors needed for their satisfaction. This resu lts in a (p ossibly emp t y) su bgraph T θ of T θ 0 , called the final table au for θ . Then, if we h a v e some s tat e ∆ in T θ con taining θ , we 7 F rom here on, the term “state” is used in t wo different meanin gs: as “s tate” of the (p re)tableaux—whic h is a set of A T L -form ulas satisfying certain conditions, to b e stated shortly , —and as a “state” of a seman tic structure (frame, mo del, or Hintikk a structure). U sually , th e context will determine exp lici tly which of these w e mean; when th e context lea ves room for ambig uity , we will explicitly men tion what kind of states w e mean. 17 pronounce θ satisfiable; otherw ise, w e declare θ unsatisfiable. 4.2 Construction phase As already mentio ned, at the construction ph ase, w e build the pretableau P θ — a directed graph whose n odes are s ets of A T L -form ulae, coming in t wo v arieties: states and pr estates . In tuitiv ely , states are m ea nt to represen t stat es of C GHS s , w h ile prestates are “em b ry o states”, whic h will in the course of the construction b e “unw ound” into states. T ec hnically , states are do w n ward saturated, while p restate s do n ot h a v e to b e so. Definition 4.1 L e t ∆ b e a set of A TL -formulae. We say that ∆ is down wa rd saturated if the fol lowing c onditions ar e satisfie d: • if α ∈ ∆ , then α 1 ∈ ∆ and α 2 ∈ ∆ ; • if β ∈ ∆ , then β 1 ∈ ∆ or β 2 ∈ ∆ . Moreo ve r, P θ will con tain tw o t yp es of edge. As has already b een mentio ned, tableau tec hniqu es u sually w ork b y sett ing in motion an exhaustiv e searc h for a Hintikk a stru cture for the input formula; one t yp e of edge, depicted b y u nmark ed double arro ws = ⇒ , will represent this exhaustiv e searc h dimen sion of our tableaux. Exh austiv e searc h lo oks for all p ossible alternativ es, and in our tableaux the alternativ es will arise when w e unwind pr esta tes into states; th us , when w e d r a w an unmark ed arrow from a pr estat e Γ to sta tes ∆ and ∆ ′ (depicted as Γ = ⇒ ∆ and Γ = ⇒ ∆ ′ , resp ectiv ely), this in tuitiv ely means that, in any C GHS, a state satisfying Γ h as to satisfy at least one of ∆ and ∆ ′ . Another type of ed ge represent s tr ansitio ns in CGHSs effected by mo ve ve ctors. Ac- cordingly , this t yp e of ed ge will b e represented in pretableaux by single arr ows marked with | Σ θ | -tuples σ of num b ers, eac h num b er int uitiv ely representing an a -mo v e for some a ∈ Σ θ . In tuitiv ely , we think of these | Σ θ | -tuples as mo ve v ectors. Thus, if w e draw an arro w marked b y σ from a state ∆ to a prestate Γ (depicted as ∆ σ − → Γ ), this in tu itiv ely means that, in an y CGHS represen ted by the tableau we are b uilding, from a sta te satisfying ∆ w e can mo v e along σ to a state satisfying Γ . It should b e noted that, in the pretableau, w e n ever create in one go full-fledged successors for states, whic h is to sa y we neve r d ra w a marke d arr o w from state to state; suc h arrows alw ays go from states to p restate s. On the other h and, u nmark ed arrows connect p restate s to states. Th us, the wh ole constru ction of the pretableau alternates b et ween going from prestates to states along edges repr esented b y double unmark ed arro w s and going from states to prestates along the ed ges r epresen ted by single arrows marked by “mo ve v ectors”. Th is cycle has, h o w ev er, to start somewhere. The tableau p rocedur e for testing satisfiabilit y of θ starts off with th e creation of a single prestate { θ } . Th ereafte r, a pair of construction rules are app lied t o the part of the pretableau created th u s far: one of the ru les, (SR) , sp ecifies how to u n win d p restate s into states; the other, (Next ) ,—ho w to obtain “successor” prestates from states. T o state (SR) , we n eed the follo wing d efinition. Definition 4.2 L e t Γ and ∆ b e sets of A TL -formulae. We say that ∆ is a min imal do wn- w ard saturated extension of Γ if the fol lowing holds: • Γ ⊆ ∆ ; 18 • ∆ is downwar d satur ate d; • ther e is no downwar d satur ate d set ∆ ′ such that Γ ⊆ ∆ ′ ⊂ ∆ . Note that Γ can b e a minimal d o wnw ard saturated extension of itself. W e n o w state the first construction ru le. (SR) Giv en a prestate Γ, do the follo w ing: 1. add to the pretableau all the minimal do wnw ard saturated extensions ∆ of Γ as states ; 2. for eac h of the so obtained states ∆, if ∆ d o es not con tain an y form ulae of the form h h A i i ❣ ϕ or ¬h h A i i ❣ ϕ , add the form ula h h Σ θ i i ❣ ⊤ to ∆; 3. for eac h state ∆ obtained at steps 1 and 2, p ut Γ = ⇒ ∆; 4. if, h ow ev er, the pr etableau already con tains a state ∆ ′ that coincides with ∆, do not create another cop y of ∆ ′ , bu t only put Γ = ⇒ ∆ ′ . W e d enote the fin ite set of states that hav e outgoi ng edges from a prestate Γ b y states (Γ) . These include gen uinely “new” states created by applying of (SR) to Γ as w ell as the states that had already b een in the pretableau and got iden tified with a state that w ould otherwise ha ve b een created b y applying (SR) to Γ. Example 1 As a running e xample il lustr ating our table au pr o c e dur e, we wil l b e c onstructing a table au for the formula θ 1 = ¬h h 1 i i ✷ p ∧ h h 1 , 2 i i ❣ p ∧ ¬h h 2 i i ❣ ¬ p . The c onstruction of the table au for this formula starts off with the cr e ation of a pr estate Γ 1 = {¬h h 1 i i ✷ p ∧ h h 1 , 2 i i ❣ p ∧ ¬h h 2 i i ❣ ¬ p } . Next, (SR) is applie d to Γ 1 , which pr o duc es two states, which we c al l, for futur e r efer enc e, ∆ 1 and ∆ 2 (in the diagr am b elow, as wel l as in the f ol lowing examples, we omit the customary set- the or etic curly br ackets ar ound states and pr estates of the (pr e)table aux): (Γ 1 ) ¬h h 1 i i ✷ p ∧ h h 1 , 2 i i ❢ p ∧ ¬h h 2 i i ❢ ¬ p = θ 1   ✠ ❅ ❅ ❘ (∆ 1 ) θ 1 , ¬h h 1 i i ✷ p , h h 1 , 2 i i ❢ p, ¬h h 2 i i ❢ ¬ p, ¬h h 1 i i ❢ h h 1 i i ✷ p (∆ 2 ) θ 1 , ¬h h 1 i i ✷ p , h h 1 , 2 i i ❢ p, ¬h h 2 i i ❢ ¬ p, ¬ p In general, if at least one s ubform ula of a non-primitiv e member of a p r estat e Γ is a β - form ula, Γ will ha v e m ore than one min imal d own ward satur ate d extension; hence, for s u c h a Γ, the set states (Γ) will con tain more than one state. The only exception to this general rule ma y o ccur when we come across β -formulae for whic h β 1 = β 2 , such as ( ϕ → ¬ ϕ ). W e no w turn to our sec ond construction rule, (Next) , whic h creat es “successor” pr esta tes from states. The rule has to ensu re that a su ffi cie nt su p ply of successor prestates is created to enforce the truth of all “next-time form ulae” (see b elo w) at the current state. Unlike th e case of logics wh ose mo dels are sets of s tat es connected by edges of binary relations, s uc h as L TL and CTL , in A T L successor prestates cannot b e created by simply remo ving the “next-time” mo dalit y from a f orm ula and creating an edge asso ciated with that formula. On the c on trary , in A TL , transitions are effected b y mo ve v ectors, with whic h w e, then, asso ciate form ulae made true b y actions of agen ts making u p that particular mo ve v ector. Thus, the rule ( Next) needs to provi de eac h agen t menti oned in the inpu t f orm ula with a sufficien t 19 n umber of actions av ailable at the current state, and then “p opulate” prestates asso ciated eac h r esultan t m ov e vect or σ with appropriate formulae. Before formally in tro ducing the rule, w e pro vid e some in tuition b ehind it. The rule is applicable to a state, say ∆ ; more precisely , it is applicable to the f orm ulae of the form h h A i i ❣ ϕ —whic h we refer to as p ositive next-time formulae — an d ¬h h A i i ❣ ψ , where A 6 = Σ— whic h we refer to as pr op e r ne gative next-time formulae —b elonging to ∆. P ositiv e and prop er negativ e next-time form ulae are referred to collecti v ely as next-time formulae . These form ulae are arranged in a list L and , th us, n umber ed ; all the p ositiv e formulae in L precede all the negativ e ones; otherwise, the orderin g is immaterial. The agen ts men tioned in the inp ut form ula θ can b e though t of as ha ving to decide whic h form u lae fr om ∆ app earing un d er the “next-time” coaliti on mo d aliti es h h . . . i i ❣ and ¬ h h . . . i i ❣ should b e included in to a successor prestate asso ciated with eac h mov e vec tor σ (inclusion into a prestate in tuitiv ely corr esp ond s to satisfiabilit y in the successor states of a Hin tikk a structur e, as p restate s ev entually get unw ound into tableau states). Therefore, the num b er of “actions” eac h agen t mentio ned in θ is giv en at ∆ equals the n u m b er of the next-time form ulae in ∆ (= length of L ). Th ese actions are com bined into “mo v e v ectors” σ leading to successor p restate s. The inclusion of form ulae into the p restate Γ σ created as a successor of ∆ by an arrow lab eled with σ is th en decided as f oll o ws. A form ula ϕ for w hic h h h A i i ❣ ϕ ∈ L is included into Γ σ , if ev ery agen t in A “vot es” in σ for this f ormula (i.e. ev ery i th slot in σ with i ∈ A con tains the num b er represent ing th e p osition of h h A i i ❣ ϕ in L ). O n the other han d , ¬ ψ f or whic h ¬h h A i i ❣ ψ ∈ L is included in to Γ σ (for tec hnical r easo ns, at most one such formula can b e included in to an y prestate) if ev ery agen t not in A vot es, in the sense explained ab o ve for the p ositiv e case, for a negativ e f orm ula from L (not n ecessa rily ¬h h A i i ❣ ψ ) and, moreo ver, ¬h h A i i ❣ ψ is the formula decided on by the c ol le ctive (negativ e) vo te of agent s in Σ \ A . T ec hn ically , this collec tiv e v ote is r epresen ted by the num b er neg ( σ ), wh ic h is computed usin g all negativ e v otes of σ , whic h allo w s it to repr esen t a tru ly collec tiv e d ecisio n. W e now tur n to the tec hn ica l presen tation of (Next) . The rule d oes not apply to the states con taining paten t inconsistencies sin ce suc h states, ob viously , cannot b e part of an y CGHS (so, we are not wasting time creating “junk ” th at will ha ve to b e r emo v ed anyw ay) . (Next) Giv en a state ∆ such th at for no χ w e h a v e χ, ¬ χ ∈ ∆, do the follo win g: 1. Ord er linearly all p ositive and pr oper negativ e next-time form ulae of ∆ in such a wa y that all the positive next-time form ulae precede all the negativ e ones; su pp ose the resu lt is the list L = h h A 0 i i ❣ ϕ 0 , . . . , h h A m − 1 i i ❣ ϕ m − 1 , ¬h h A ′ 0 i i ❣ ψ ′ 0 , . . . , ¬h h A ′ l − 1 i i ❣ ψ l − 1 . (Note that, du e to step 2 of (SR) , L is alw a ys n on -emp t y .) Let r ∆ = m + l ; denote b y D (∆) the set { 0 , . . . , r ∆ − 1 } | Σ θ | ; lastly , for every σ ∈ D (∆), d enote b y N ( σ ) the set { i | σ i ≥ m } , where σ i stands for th e i th comp onen t of the tup le σ , and by neg ( σ ) the n umber [ P i ∈ N ( σ ) ( σ i − m )] mo d l . 2. Consider the elemen ts of D (∆) in the lexicographic order and for eac h σ ∈ D (∆) d o the follo wing: (a) Create a prestate Γ σ = { ϕ p | h h A p i i ❣ ϕ p ∈ ∆ and σ a = p for all a ∈ A p } ∪ { ¬ ψ q | ¬h h A ′ q i i ❣ ψ q ∈ ∆ , neg ( σ ) = q , and Σ θ − A ′ q ⊆ N ( σ ) } ; 20 put Γ σ := {⊤} if the sets on b oth sides of the u nion sign ab o ve are empty . (b) Connect ∆ to Γ σ with σ − → ; If, ho wev er, Γ σ = Γ for some prestate Γ that has already b een added to the p retableau, only connect ∆ to Γ with σ − → . W e denote the finite set of prestates { Γ | ∆ σ − → Γ for some σ ∈ D (∆) } b y prestat es (∆). Note that a state ∆ m ay get connected to some Γ ∈ prestat e s (∆) b y arro w s lab eled b y distinct σ , σ ′ ∈ D (∆). In such cases, we “glue together” arro ws lab eled by σ and σ ′ , in effect creating an arro w mark ed by a set of lab els rather than a lab el (in examples b elo w, in such cases, we attac h several lab els to a s in gle arro w). Example 1 (con tinued) L et us app ly the (Next) rule to the state ∆ 1 = { θ 1 , ¬h h 1 i i ✷ p, h h 1 , 2 i i ❣ p, ¬h h 2 i i ❣ ¬ p, ¬h h 1 i i ❣ h h 1 i i ✷ p } fr om our running example. W e arr ange al l the p ositive and pr op er ne gative next-time formulae of this state in the list L = h h 1 , 2 i i ❣ p, ¬h h 2 i i ❣ ¬ p, ¬h h 1 i i ❣ h h 1 i i ✷ p . Then, at ∆ 1 , e ach of the two agents fr om θ 1 is going to have 3 actions, denote d by numb ers 0, 1, and 2. T o de cide what formulae ar e to b e include d in the pr e states r esulting fr om tuples of those actions, we also ne e d to sep ar ately numb er al l the ne gative next-time f orm ulae fr om L : ¬h h 2 i i ❣ ¬ p wil l b e numb er e d 0 , while ¬h h 1 i i ❣ h h 1 i i ✷ p wil l b e nu mb er e d 1 ( neg ( σ ) in the table b elow wil l r efer to these nu mb e rs). The f ol lowing table il lustr ates which formulae ar e include d into pr estates asso ciate d with what move ve ctors at ∆ : σ neg ( σ ) formulae 0 , 0 0 p 0 , 1 0 ⊤ 0 , 2 1 ¬h h 1 i i ✷ p 1 , 0 0 ¬¬ p 1 , 1 0 ¬¬ p 1 , 2 1 ¬h h 1 i i ✷ p 2 , 0 1 ⊤ 2 , 1 1 ¬h h 1 i i ✷ p 2 , 2 0 ¬¬ p In the table ab ove, it so happ ens that only one formula is include d into e ach pr estate; in gener al, however, this do es not have to b e the c ase. Base d on the ab ove table, b y applying (Next) to ∆ 1 , we pr o duc e the fol lowing set of its pr estate suc c essors: (∆ 1 ) ¬h h 1 i i ✷ p, h h 1 , 2 i i ❢ p, ¬h h 2 i i ❢ ¬ p, ¬h h 1 i i ❢ h h 1 i i ✷ p 0 , 2 1 , 2 2 , 1 ¬h h 1 i i ✷ p 0 , 0 p 1 , 0 1 , 1 2 , 2    ✠    ✠ ❅ ❅ ❅ ❘ ❅ ❅ ❅ ❘ 0 , 1 2 , 0 ¬¬ p ⊤ Remark 4.3 T e chnic al ly, (Next) ensur es that every Γ σ ∈ prestates (∆) satisfies the fol low- ing pr op erties: • if {h h A i i i ❣ ϕ i , h h A j i i ❣ ϕ j } ⊆ ∆ and { ϕ i , ϕ j } ⊆ Γ σ , then A i ∩ A j = ∅ ; • Γ σ c ontains at most one formula of the form ¬ ψ such that ¬h h A i i ❣ ψ ∈ ∆ , sinc e the numb er neg ( σ ) is uniquely determine d for every σ ∈ D (∆) ; • if {h h A i i i ❣ ϕ i , ¬h h A ′ i i ❣ ψ } ⊆ ∆ and { ϕ i , ¬ ψ } ⊆ Γ σ , then A i ⊆ A ′ . 21 Note that there is a connection b etw een the ab o v e prop erties and the b asic p r oper ties of “next-time” coalition mo dalities, such as monotonicit y and sup eradditivit y (see [22], [24], [17]). The construction p hase, starting with a single p restate { θ } , consists of alternately applying the rule (SR) to the prestates created as a result of th e last application of (N ext) (or, if we are at the b eginning of the whole constru ctio n, to { θ } ) and applying (Next) to the states created as a result of the last application of (SR) . This cycle con tin ues until any application of (Next) do es n ot pro duce any new pr esta tes; after adding the relev an t arrows, if an y , th e construction stage is ov er. As we s h o w in th e n ext su bsection, th is is b ound to h app en in a finite n umber of steps—more precisely , in the n u m b er of steps exp onen tial in the length of θ . Example 1 (con tinued) Her e is a c omplete pr etable au for the formula θ 1 = ¬h h 1 i i ✷ p ∧ h h 1 , 2 i i ❣ p ∧ ¬h h 2 i i ❣ ¬ p : ¬h h 1 i i ✷ p ∧ h h 1 , 2 i i ❢ p ∧ ¬h h 2 i i ❢ ¬ p = θ 1   ✠ ❅ ❅ ❘ θ 1 , ¬h h 1 i i ✷ p , h h 1 , 2 i i ❢ p, ¬h h 2 i i ❢ ¬ p, ¬h h 1 i i ❢ h h 1 i i ✷ p θ 1 , ¬h h 1 i i ✷ p , h h 1 , 2 i i ❢ p, ¬h h 2 i i ❢ ¬ p, ¬ p ❄ 0 , 2 1 , 2 2 , 1 ¬h h 1 i i ✷ p ✲ 0 , 0 p ✲ 1 , 0 1 , 1 2 , 2 ✲ 0 , 1 2 , 0    ✠ 0 , 0    ✠ 1 , 0 1 , 1 ¬¬ p ⊤ ❅ ❅ ❅ ❘ 0 , 1   ✠ ¬h h 1 i i ✷ p, ¬h h 1 i i ❢ h h 1 i i ✷ p ❅ ❅ ❘ ¬h h 1 i i ✷ p, ¬ p, h h 1 , 2 i i ❢ ⊤ ❄ p, h h 1 , 2 i i ❢ ⊤ ❄ ¬¬ p, p, h h 1 , 2 i i ❢ ⊤ ❄ ⊤ , h h 1 , 2 i i ❢ ⊤ ✛ 0 , 0 ✲ 0 , 0 ✒ 0 , 0 ✒ 0 , 0 ✲ 0 , 0 Example 2 F or yet another demonstr ation of our pr o c e dur e, let us build a pr etable au f or the formula θ 2 = h h 1 i i ✷ ¬ q ∧ h h 2 i i p U q : h h 1 i i ✷ ¬ q ∧ h h 2 i i p U q = θ 2   ✠ ❅ ❅ ❘ ❘ 0 , 0 θ 2 , h h 1 i i ✷ ¬ q , h h 2 i i p U q , ¬ q , h h 1 i i ❢ h h 1 i i ✷ ¬ q , p, h h 2 i i ❢ h h 2 i i p U q θ 2 , h h 1 i i ✷ ¬ q , h h 2 i i p U q , ¬ q , h h 1 i i ❢ h h 1 i i ✷ ¬ q , q   ✠ 0 , 0 h h 1 i i ✷ ¬ q ❄ h h 1 i i ✷ ¬ q , ¬ q, h h 1 i i ❢ h h 1 i i ✷ ¬ q ✒ 0 , 0 ❅ ❅ ❘ 1 , 1 h h 2 i i p U q    ✠ h h 2 i i p U q , p, h h 2 i i ❢ h h 2 i i p U q ✒ 0 , 0 ❅ ❅ ❘ 0 , 1 ❅ ❅ ❅ ❘ h h 2 i i p U q , q , h h 1 , 2 i i ❢ ⊤ ✲ 0 , 0 h h 1 i i ✷ ¬ q , h h 2 i i p U q    ✠ h h 1 i i ✷ ¬ q , ¬ q, h h 1 i i ❢ h h 1 i i ✷ ¬ q , h h 2 i i p U q , q ❅ ❅ ❅ ❘ h h 1 i i ✷ ¬ q , ¬ q, h h 1 i i ❢ h h 1 i i ✷ ¬ q , h h 2 i i p U q , p, h h 2 i i ❢ h h 2 i i p U q ✛ 1 , 1 ✛ 0 , 1 ✒ 1 , 0 ✻ 0 , 0 ⊤ ❄ ⊤ , h h 1 , 2 i i ❢ ⊤ ✛ 0 , 0 4.3 T ermination and complexity of the constr uct ion phase T o pr o v e that the construction p hase eve nt ually terminates and to estimate its complexit y , w e use the concept of the extended closure of an A TL -formula. Definition 4.4 L e t θ b e an A TL -formula . The closure of θ , denote d by cl ( θ ) , is the le ast set of formulae such that • θ ∈ cl ( θ ) ; 22 • cl ( θ ) is close d under subformulae; • if h h A i i ( ϕ U ψ ) ∈ cl ( θ ) , then ϕ ∧ h h A i i ❣ h h A i i ( ϕ U ψ ) ∈ cl ( θ ) ; • if ¬h h A i i ( ϕ U ψ ) ∈ cl ( θ ) , then ¬ ψ ∧ ¬ ϕ, ¬ ψ ∧ ¬h h A i i ❣ h h A i i ( ϕ U ψ ) ∈ cl ( θ ) ; • if h h A i i ✷ ϕ ∈ cl ( θ ) , then ϕ ∧ h h A i i ❣ h h A i i ✷ ϕ ∈ cl ( θ ) . Definition 4.5 L e t θ b e an A TL -formula. The extended closure of θ , denote d by ecl ( θ ) , is the le ast set of formulae such that • if ϕ ∈ cl ( θ ) , then ϕ, ¬ ϕ ∈ ecl ( θ ) ; • if ¬h h Σ θ i i ❣ ϕ ∈ cl ( θ ) , then h h∅i i ❣ ¬ ϕ ∈ ecl ( θ ) ; • ⊤ ∈ ecl ( θ ) ; • h h Σ i i ❣ ⊤ ∈ ecl ( θ ) . W e denote th e cardinalit y of ecl ( θ ) by | ecl ( θ ) | and the length of a form u la θ by | θ | . When calculating the length of a formula, we assume that ev ery agen t’s name count s as one sym b ol and that a p air of coalition braces is “lump ed together” as one sym b ol w ith the temp oral op erator that follo ws it; thus, |h h 1 , 2 i i ❣ p | = 4. Lemma 4.6 L et θ b e a A TL -formula. Then, ecl ( θ ) is finite; mor e pr e cisely, | ecl ( θ ) | ∈ O ( | θ | ) , i.e, | ecl ( θ ) | ≤ c · | θ | for some c ≥ 1 . Pro of. Straigh tforw ard. ✷ T o simplify nota tion, let us denote | θ | b y n and | Σ θ | by k ; let also c b e the constan t from the statemen t of the p r ece ding lemma. While b uilding the pretableau P θ , w e create O (2 cn ) state s and O (2 cn ) prestates. T o create a state, we need no more than O ( cn ) steps, th u s the creat ion of all the states tak es not more than O ( cn × 2 cn ) s teps. F or a given state ∆, to create all th e prestates in prestates (∆), w e fi rst pr odu ce a Γ σ asso cia ted with a giv en σ ∈ D (∆), whic h costs O ( cn ) steps, and then c h ec k wh ether it is id entical to a prestate created earlier, which tak es O (( cn ) 2 × 2 cn ) steps. As there are, all in all, O (( cn ) k ) mo ve v ectors in D (∆), the wh ole pro cedure of creat ing p restate s f r om a give n state costs O (( cn ) k × ( cn + ( cn ) 2 × 2 cn )). Applying this pro cedure to all O (2 cn ) states, i.e, creating all p restate s can th us b e done in O (2 cn × ( cn ) k × ( cn + ( cn ) 2 × 2 cn ) = O (2 ( k +1) log( cn )+ cn + 2 ( k +2) log( cn )+2 cn ) = O (2 ( k +2) log( cn )+2 cn ). As this clearly d ominates the complexit y of creating states, the cost of the construction phase as a whole is O (2 ( k +2) log( cn )+2 cn ). 4.4 Prestate elimination phase A t the second phase of th e tableau p rocedu re, we remo v e f r om P θ all the prestates and all the un mark ed arrows, b y applying the follo w ing ru le: (PR) F or ev ery p restate Γ in P θ , do th e follo wing: 1. remov e Γ from P θ ; 23 2. for all states ∆ in P θ with ∆ σ − → Γ and all ∆ ′ ∈ states (Γ), put ∆ σ − → ∆ ′ . W e call the graph obtained by applying (PR) to P θ the initial table au , which w e denote b y T θ 0 . Note that if in P θ w e ha v e ∆ σ − → Γ and states (Γ) con tains m ore than one sta te, then in T θ 0 there is going to b e m ore than one edge lab eled with σ going out of ∆. Example 1 (con tinued) Her e is the initial table au T θ 1 0 for the formula θ 1 = ¬h h 1 i i ✷ p ∧ h h 1 , 2 i i ❣ p ∧ ¬h h 2 i i ❣ ¬ p (as b e for e, some states ar e name d f or futur e r efer enc e): (∆ 1 ) θ 1 , ¬h h 1 i i ✷ p , h h 1 , 2 i i ❢ p, ¬h h 2 i i ❢ ¬ p, ¬h h 1 i i ❢ h h 1 i i ✷ p (∆ 2 ) θ 1 , ¬h h 1 i i ✷ p , h h 1 , 2 i i ❢ p, ¬h h 2 i i ❢ ¬ p, ¬ p    ✠ 0 , 2 1 , 2 2 , 1 ❅ ❅ ❅ ❘ 0 , 2 1 , 2 2 , 1 ❄ 0 , 0 ✒ 0 , 0 ✲ 0 , 0 p, h h 1 , 2 i i ❢ ⊤ ✲ 1 , 0 1 , 1 2 , 2 ✲ 0 , 1 2 , 0    ✠ 0 , 0    ✠ 1 , 0 1 , 1 ¬¬ p, p, h h 1 , 2 i i ❢ ⊤ ⊤ , h h 1 , 2 i i ❢ ⊤ ❅ ❅ ❅ ❘ 0 , 1 (∆ 3 ) ¬h h 1 i i ✷ p ¬h h 1 i i ❢ h h 1 i i ✷ p (∆ 4 ) ¬h h 1 i i ✷ p ¬ p, h h 1 , 2 i i ❢ ⊤ p, h h 1 , 2 i i ❢ ⊤ ❄ 0 , 0 ✲ 0 , 0 ✲ 0 , 0 ✒ 0 , 0 Thus, our pr o c e dur e for the formula ¬h h 1 i i ✷ p ∧ h h 1 , 2 i i ❣ p ∧ ¬h h 2 i i ❣ ¬ p cr e ates 7 states. F or the sake of c omp arison with the top-down table au pr o c e dur e fr om [30], we estimate how many states would b e cr e ate d using that pr o c e dur e. As the running time of b oth pr o c e dur es is r oughly pr op ortional to the numb er of states cr e ate d, this should give us an i de a as to how the two pr o c e dur es c omp ar e in pr actic e. While we use the c onc ept of extende d closur e of a formula for metathe or etic al purp oses (to pr ove termination and estimate c omplexity, se e Se ction 4.3), the top-do wn table aux-like de cision pr o c e dur e fr om [30] uses it essential ly. T e chnic al ly sp e aking, the pr o c e dur e fr om [30] cr e ates not states, but “typ es”—maximal, pr op ositional ly c onsistent, satur ate d su bsets of the extende d closur e of the input formula. So, we estimate how many typ es the table au pr o c e dur e fr om [30] would cr e ate for the formula ¬h h 1 i i ✷ p ∧ h h 1 , 2 i i ❣ p ∧ ¬h h 2 i i ❣ ¬ p . T o that end, we fist enumer ate p ositive formulas of the extende d closur e for this formula: (1) ¬h h 1 i i ✷ p ∧ h h 1 , 2 i i ❣ p ∧ ¬h h 2 i i ❣ p , (2) ¬h h 1 i i ✷ p ∧ h h 1 , 2 i i ❣ p , (3) h h 2 i i ❣ ¬ p , (4) h h 1 i i ✷ p , (5) h h 1 i i ❣ h h 1 i i ✷ p , (6) h h 1 , 2 i i ❣ p , (7) p . F or every f ormula fr om the ab ove list, e ach typ e c ontains either that formula or its ne ga- tion. However, not ev ery su ch c ombination is al lowe d, as ther e ar e dep e ndencies b etwe en formulae as to their pr esenc e in a typ e. First, if (1) is in a typ e , then that typ e must c ontain (2), ¬ (3) , ¬ (4) and (6) ; so, ther e ar e 2 2 distinct typ es c ontaining f orm ula (1). Se c ond, if ¬ (1) and ¬ (2) ar e in a typ e, then we have two c ases: if the typ e c ontains (4), then i t c ontains (5), gener ating 2 3 typ es; and if the typ e ¬ (6) , then it c ontains ¬ (4) , gener ating 2 3 mor e typ es. L astly, if ¬ (1) and (2) ar e in a typ e, then (3) , ¬ (4) , and (6) ar e also in the typ e, gener ating 2 2 typ es. Thus, al l in al l, the top-down table au pr o c e dur e fr om [30] cr e ates 24 typ es, as opp ose d to 7 states cr e ate d by incr emental table aux. 24 Example 2 (con tinued) Her e is the initial table au T θ 2 0 for the formula θ 2 = h h 1 i i ✷ ¬ q ∧ h h 2 i i p U q (as in the pr evious example, some states ar e name d f or futur e r efer enc e): ❘ 1 , 0 (∆ ′ 1 ) θ 2 , h h 1 i i ✷ ¬ q , h h 2 i i p U q , ¬ q , h h 1 i i ❢ h h 1 i i ✷ ¬ q , p, h h 2 i i ❢ h h 2 i i p U q (∆ ′ 2 ) θ 2 , h h 1 i i ✷ ¬ q , h h 2 i i p U q , ¬ q , h h 1 i i ❢ h h 1 i i ✷ ¬ q , q   ✠ 0 , 0   ✠ 1 , 1 ❅ ❅ ❘ 1 , 1 h h 1 i i ✷ ¬ q , ¬ q, h h 1 i i ❢ h h 1 i i ✷ ¬ q ❄ 0 , 0 h h 2 i i p U q , p, h h 2 i i ❢ h h 2 i i p U q ❄ 0 , 0 h h 2 i i p U q , q , h h 1 , 2 i i ❢ ⊤ ❘ 0 , 0   ✠ 0 , 1 (∆ ′ 3 ) h h 1 i i ✷ ¬ q , ¬ q, h h 1 i i ❢ h h 1 i i ✷ ¬ q , h h 2 i i p U q , q ❅ ❅ ❘ 0 , 1 (∆ ′ 4 ) h h 1 i i ✷ ¬ q , ¬ q, h h 1 i i ❢ h h 1 i i ✷ ¬ q , h h 2 i i p U q , p, h h 2 i i ❢ h h 2 i i p U q ✻ 1 , 0 ✛ 0 , 1 ✛ 0 , 1 ■ 1 , 1 ■ 1 , 1 ■ 0 , 0 ✒ 0 , 0 ⊤ , h h 1 , 2 i i ❢ ⊤ ❄ 0 , 0 A gain, for the sake of c omp arison with table aux f orm [30], we estimate the numb er of typ es cr e ate d by those table aux; a c alculation similar to the one fr om the pr e vious example shows that 36 typ es ar e cr e ate d by the top-dow n table au-lik e pr o c e dur e, as opp ose d to 8 states cr e ate d by the incr emental table au pr o c e dur e. W e b riefly remark on th e time required for this second phase. On ce again, to simplify notation, let us denote | θ | by n . Reca ll that | ecl ( θ ) | ∈ O ( | θ | ), i.e, | ecl ( θ ) | = c · | θ | for some c ≥ 1. T o remov e a single prestate, we need to delete from th e m emory its O ( cn ) form ulae and r edirect at most O (2 cn × 2 cn ) ed ge s—having identified set-theoretical ly equal states as part of the app lica tion of (Next) a nd ha ving “glued to gether” arro w s ha ving the same source and target, we do not ha v e, at this stage, to deal with O ( cn k ) outgoing edges for eac h state. Hence, the remov al of a single p restate can b e done in O (2 2 cn ) steps. As there are at most O (2 cn ) pr esta tes, the whole pr o cedure takes O (2 3 cn ) steps. 4.5 State elimination phase During th e state elimination phase, w e remo v e those no des of T θ 0 that cannot b e satisfied in an y CGHS. As already m en tioned, th ere are th r ee reasons wh y a state ∆ of T θ 0 can turn out to b e unsatisfiable in an y CGHS. First, ∆ ma y con tain a paten t in consistency 8 . Secondly , satisfiabilit y of ∆ may requir e th at at lea st one stat e from a set of tableau stat es X is satisfiable as a s uccessor of the state s ∆ of a CGHS presumably satisfying ∆, w hile all states of X turn out to b e unsatisfiable sets. T hirdly , ∆ m ay con tain an ev en tualit y that is not r ea lized in the tableau; that this implies u nsatisfiabilit y of ∆ is muc h less obvi ous than in the preceding t wo cases—in f ac t, a ma jor task within the soundness pro of for our pro cedure is to establish that this is indeed so. Accordingly , we ha ve three elimination rules, (E 1) – (E3) , eac h taking care of eliminating states of T θ 0 on one of the ab o v e-men tioned counts. T ec h nically , the elimination ph ase is divided int o stages; at stage n + 1, w e remo v e from the tableau T θ n obtained at the p revious stage exactly one state, b y applying one of th e elimination rules, thus obtaining the tableau T θ n +1 . W e now state the rules go verning the pro cess. The set of states of tableau T θ m is den ote d by S θ m . The rationale for the first rule is ob vious. (E1) If { ϕ, ¬ ϕ } ⊆ ∆ ∈ S θ n , then obtain T θ n +1 b y eliminating ∆ from T θ n . 8 As states are d o wnw ard- saturated, t h is is tantamount to sa y ing that ∆ contains a p ropositional inconsis- tency , even though in general these t w o concepts are not identical, as noted earlier. 25 The rationale b ehind the sec ond rule is also in tuitive ly clear: if ∆ is to b e sat isfiable, then for eac h σ ∈ D (∆) there should exists a satisfiable ∆ ′ with ∆ σ − → ∆ ′ . If all su c h ∆ ′ s ha ve b een eliminated b ecause they are un satisfiable, then ∆ is itself un satisfiable. (E2) If, f or some σ ∈ D (∆), all states ∆ ′ with ∆ σ − → ∆ ′ ha ve b een eliminated at earlier stages, then ob tain T θ n +1 b y eliminating ∆ from T θ n . T o form ulate (E3) , we need the concepts of realization of an ev en tualit y in a tableau. T o define th at concept, w e need some au x iliary notatio n. Let ∆ ∈ S θ 0 , and let h h A i i ❣ ϕ b e the p -th form ula in the linear ordering of the next-time formulae of ∆ indu ced as part of application of (Next) to ∆ ; let, finally , ¬h h A ′ i i ❣ ψ b e the q -th form ula in the same ord ering. Then, we u se the follo win g n ota tion: D (∆ , h h A i i ❣ ϕ ) := { σ ∈ D (∆) | σ a = p for ev ery a ∈ A } ; D (∆ , ¬h h A ′ i i ❣ ψ ) := { σ ∈ D (∆) | neg ( σ ) = q and Σ θ \ A ′ ⊆ N ( σ ) } . In tuitiv ely , D (∆ , χ ) corresp onds to an A -mov e (if χ = h h A i i ❣ ϕ ) or a co- A -mo v e (if χ = ¬h h A ′ i i ❣ ψ ) witnessing the “satisfaction” of χ at state ∆ (reca ll that A -mo v es and co- A -mo ves can b e iden tified with equiv alence classes on th e set of mov e v ectors). W e n o w recursively d efi ne what it means f or an ev entualit y of the f orm h h A i i ϕ U ψ to b e realized at a state ∆ of tableau T θ n . Definition 4.7 (Realization of ev en tualit y h h A i i ϕ U ψ ) 1. If { ψ , h h A i i ϕ U ψ } ⊆ ∆ ∈ S θ n , then h h A i i ϕ U ψ is r eal ized at ∆ in T θ n ; 2. If { ϕ, h h A i i ❣ h h A i i ϕ U ψ , h h A i i ϕ U ψ } ⊆ ∆ and f or every σ ∈ D (∆ , h h A i i ❣ h h A i i ϕ U ψ ) , ther e exists ∆ ′ ∈ S θ n such that • ∆ σ − → ∆ ′ and • h h A i i ϕ U ψ is r e alize d at ∆ ′ in T θ n , then h h A i i ϕ U ψ is realized at ∆ in T θ n . The defin itio n of realization for even tualities of the form ¬h h A i i ✷ ϕ is analogous: Definition 4.8 (Realization of ev en tualit y ¬h h A i i ✷ ϕ ) 1. If {¬ ϕ, ¬h h A i i ✷ ϕ } ⊆ ∆ ∈ S θ n , then ¬h h A i i ✷ ϕ is realized at ∆ in T θ n ; 2. If {¬h h A i i ❣ h h A i i ✷ ϕ, ¬h h A i i ✷ ϕ } ⊆ ∆ and, for every σ ∈ D (∆ , ¬h h A i i ❣ h h A i i ✷ ϕ ) ther e exists ∆ ′ ∈ S θ n such that • ∆ σ − → ∆ ′ and • ¬h h A i i ✷ ϕ is r e alize d at ∆ ′ in T θ n , then ¬h h A i i ✷ ϕ is realized at ∆ in T θ n . 26 W e can no w state our third elimination r ule. (E3) If ∆ ∈ S θ n con tains an ev en tualit y that is not realized at ∆ in T θ n , then obtain T θ n +1 b y remo ving ∆ f r om T θ n . While implementa tion of the r ules (E 1) and (E2) is straigh tforwa rd, imp lementati on of (E3) is less so. It can b e done b y computing th e set of states realizing a giv en ev entuali t y ξ in tableau T θ n , say , by m arking those states that realize ξ in T θ n . T o formally d escrib e th e pro cedure, w e need s ome extra n ota tion. First, giv en ∆ ∈ S θ n and σ ∈ D (∆), w e denote b y succ σ (∆) the set { ∆ ′ ∈ S θ n | ∆ σ − → ∆ ′ } . Secondly , give n a formula χ , w e write, abu s ing s et- theoretic notation, χ ∈ T θ n to mean that χ ∈ ∆ f or s ome ∆ ∈ S θ n . W e now d escribe the marking p rocedur e f or T θ n with resp ect to ev entualit y ξ . W e first do so for ev entualitie s of the form h h A i i ϕ U ψ . Initially , we mark ∆ if ψ ∈ ∆. Afterwa rds, we rep eat the follo wing computation f or ev er y ∆ ∈ S θ n that is still u nmark ed: mark ∆ if, for ev ery σ ∈ D (∆ , h h A i i ❣ h h A i i ϕ U ψ ), there exists at least one ∆ ′ suc h that ∆ ′ ∈ succ σ (∆) and ∆ ′ is marked. The pro cedure is ov er when n o m ore states can get marked. The pro cedure for computing ev en tualities of the form ¬h h A i i ✷ ϕ is similar. In itial ly , we mark ∆ if ¬ ϕ ∈ ∆. Afterwa rds, we rep eat the f ollo wing computation f or eve ry ∆ ∈ S θ n that is still u nmark ed : mark ∆ if, for ev ery σ ∈ D (∆ , ¬h h A i i ❣ h h A i i ✷ ϕ } , ther e exists at least one ∆ ′ suc h that ∆ ′ ∈ succ σ (∆) and ∆ ′ is marked. The pro cedure is ov er when no more states can get marked. Lemma 4.9 L et ∆ ∈ S θ n and ξ ∈ T θ n b e an eventuality. Then, ξ is r e alize d at ∆ in T θ n iff ∆ is marke d in T θ n with r esp e ct to ξ . Pro of. Straigh tforw ard. ✷ Th us, the application of (E3) in tableau T θ n with r esp ect to ev entualit y ξ consists of carrying out the marking pro cedure with resp ect to ξ and then r emo ving all the states that con tain ξ , but h a v e not b een marked w ith resp ect to ξ . W e ha v e th us far describ ed individual rules and h ow they ca n b e implemen ted. T o describ e the state eliminatio n phase as a whole, it is crucial to s p ecify the order of applicatio n of those rules. First, w e apply (E1) to all the states of T θ 0 ; it is clear that, once it is done, w e do not need to go bac k to (E1) again. The cases of (E2) and (E 3) are sligh tly more inv olv ed. Ha ving applied (E3) to the states of th e tableau, we could hav e r emo v ed, for some ∆, all the states accessible from it along the arr o ws marked b y s ome σ ∈ D (∆); hence, we need to reapply (E2) to the resultan t tableau to get rid of su c h ∆’s. Con v ersely , ha ving applied (E2) , w e could h a v e remo v ed some states th at w ere instrum en tal in realizing certain eve nt ualities; hence, h a ving applied (E2) , we need to r eapply ( E 3) . F urthermore, we cannot stop the pro cedure unless w e hav e c h ec k ed that al l ev entualit ies are realized. Thus, what we need is to apply (E3) and (E2) in a dov etailed sequence that cycles through all the ev entuali ties. More precisely , w e arrange all the ev en tualities o ccurring in the tableau obtained from T θ 0 b y havi ng applied ( E1) to T θ 0 in th e list ξ 1 , . . . , ξ m . Then, we pr oceed in cycles. Eac h cycle consists of alternatingly applyin g (E 3) to the p endin g ev en tualit y , and then applying (E2) to the tableau resulting from that application, unt il al l the ev en tualities hav e b een dealt with; 27 once we r eac h ξ m , we loop back to ξ 1 . The cycles are rep eated unt il, having gone through the whole cycle, w e ha v e not h ad to remo v e any states. Once that happ ens, the state elimination phase is o ver. The r esultan t graph we call the final table au for θ an d d enote b y T θ . Definition 4.10 The final table au T θ is op en if θ ∈ ∆ for some ∆ ∈ S θ ; otherwise, T θ is closed . The tableau pro cedure return s “no” if the final tableau is closed; otherwise, it returns “y es” and, moreo v er, pro vides sufficient information for pro ducing a finite mod el sat isfying θ ; that construction is describ ed in section 5.2. Example 1 (con tinued) Consider the initial table au for our formula θ 1 . First, no states of that table au c ontain p atent inc onsistencies. Mor e over, al l four states c ontaining the eventual- ity ¬h h 1 i i ✷ p (which is the only eventuality in the table au) ge t marke d with r esp e ct to ¬ h h 1 i i ✷ p . Inde e d, ∆ 2 and ∆ 4 get marke d sinc e they c ontain ¬ p ; ∆ 1 get marke d sinc e al l the r elevant move v e c tors (i.e, those for which neg ( σ ) = 1 and agent 2 votes ne gatively; ther e ar e 3 suc h move v e ctors: (0 , 2) , (1 , 2) , (2 , 1) ) le ad to a state ∆ 4 that i s marke d; final ly ∆ 3 is marke d as the only move ve ctor g oing out of that state le ads to a marke d state, ∆ 4 . L astly, al l the states have al l the r e quir e d suc c essors. Ther efor e , no state of the initial table au gets eliminate d, henc e, the final table au T θ 1 c oincides with the initial table au T θ 1 0 . Thus, T θ 1 is op en (it c on- tains two states, ∆ 1 and ∆ 2 , c ontaining θ 1 ); ther efor e, θ 1 = ¬h h 1 i i ✷ p ∧ h h 1 , 2 i i ❣ p ∧ ¬h h 2 i i ❣ ¬ p is satisfiable. Example 2 (con tinued) Consider the initial table au for the formula θ 2 . We have to elim- inate state ∆ ′ 2 due to (E1) , as it c ontains a p atent inc onsistency. F or the same r e ason, we have to eliminate ∆ ′ 3 . F urthermor e, state ∆ ′ 4 gets eliminate d due to (E 3) sinc e it c ontains an eventuality h h 2 i i p U q , but do es not get marke d with r esp e ct to it, as the only c onsistent state r e achable fr om ∆ ′ 4 along the “r elevant” move ve ctor (0 , 1) , which is ∆ ′ 4 itself, do es not c ontain q . Then, ∆ ′ 1 has to b e eliminate d, as b oth states r e achable form it along the move ve ctor (0 , 1) have b e en eliminate d. Thus, al l the states c ontaining the input formula, namely ∆ ′ 1 and ∆ ′ 2 , ar e eliminate d f r om the table au. Ther efor e, the final table au for θ 2 is close d and, henc e, θ 2 = h h 1 i i ✷ ¬ q ∧ h h 2 i i p U q i s unsatisfiable. 4.6 Incremen t al tableaux for CTL The b ranc hing-time logic CTL can b e regarded as the one-agen t v ersion of A TL , w h ere h h∅i i is the univ ersal path quan tifier and h h 1 i i is the existen tial path quantifier. Th us, after d u e simplifications (notably , of the rule ( Next) ), our tableau metho d p rod uces an incremen tal tableau pro cedure for C TL , whic h is p racti cally more efficien t (in the av erage case) than Emerson and Halp ern’s top-do wn tableau from [9]. 4.7 Complexit y of the pro cedure W e n o w estimate the complexit y of the tableau p rocedu re describ ed ab ov e. As b efore, let n = | θ | , k = | Σ θ | , and let c b e the constan t fr om the equation | ecl ( θ ) | = c · | θ | (recall Lemma 4.6). 28 As w e hav e seen, the costs of the construction p hase and of the prestate elimination phase are, resp ectiv ely , O (2 ( k +2) log( cn )+2 cn ) and O (2 3 cn ) steps. It, thus, remains to estimate the time required for the state elimination phase. During that phase, we first apply (E1) to ev ery state of the in itial tablea u. T o do that, we n eed to go through O (2 cn ) states, and for eac h formula ϕ of eac h state ∆ chec k whether ¬ ϕ ∈ ∆; this can b e done in time O (2 cn × ( cn ) 2 ) = O (2 2 log( cn )+ cn ). Next, we em bark on the sequ ence of do vetai led applications of (E3) and (E2) . W e do it in cycles, wh ose n umber is b ounded b y O (2 cn ), ea c h cycle inv olving going through all the ev entuali ties, wh ose num b er is b ounded b y O ( cn ). F or eac h even tualit y ξ , w e h a v e to, first, ru n th e mark in g pro cedure w ith resp ect to ξ and then remov e, as pr escrib ed by (E3) , all the relev an t un mark ed states; then, w e app ly the pro cedure implemen ting (E 2) . The latter pr ocedure can b e carried out in O (2 cn × ( cn k + cn )) = O (2 k log( cn )+ n + 2 log( cn )+ cn ) = O (2 k log( cn )+ n ) steps, as w e should go thr ou gh O (2 cn ) states, doing the c hec k for O (( cn ) k ) mo ves marking outgoi ng arro w s, and p ossibly deleting O ( cn ) formulas of the state. Since k ≤ n , the cost of applying (E2) is b oun ded by O (2 n l og ( cn )+ n ) = O (2 n (log( cn )+1) ) steps. As for the f ormer, we need to compute the s et of states realizing ξ in T θ n , whic h can b e don e in O (2 k log( cn )+3 cn ) steps, as we do at m ost O (2 cn ) “global” status u p dates, eac h time up d ating the status f or at most O (2 cn ) states, eac h of these u p dates requiring lo oking at O (( cn ) k ) p ossible mo v es, w h ic h as several outgoing arrows can b e mark ed with the same mov e, can b e rep eated at most O (2 cn ) times. (F or sim p licit y , we d isregard the cost of applyin g deleting states with u nrealized ev entualit ies, as its complexit y , O (2 cn × cn ), is clearly dominated by the complexit y of the marking p r ocedur e.) Th us, the w h ole sequence of do v etailed applications of (E2) and (E3) requires O ((2 cn × cn ) × (2 k log( cn )+ n + 2 k log( cn )+3 cn )) = O (2 ( k +1) log( cn )+4 cn ). Th us, the o v erall complexit y of our tableau pro cedure is O (2 ( k +2) log( cn )+2 cn ) + O (2 3 cn ) + O (2 ( k +1) log( cn )+4 cn ). As k ≤ n +1, this expression is b oun ded by O (2 n log n +5 cn ) = O (2 2 n log n ) = O (2 2 | θ | log | θ | ). This upp er b ound app ears to b e b etter than the o ne claimed in [30] for the top- do w n tableaux dev elop ed therein (namely , O (2 n 2 )); a more careful analysis r ev eals, how ev er, that the upp er b ound for tableaux from [30] is within O (2 2 n log n ), to o. 5 Soundness and completeness W e no w pro ve that the tableau pro cedure describ ed ab o v e is sound and complete with resp ect to A TL semanti cs as defined in section 2.2; in algorithmic terminology , we sh o w that the pro cedure is correct. 5.1 Soundness T ec h nically , sou n dness of a tableau p rocedu r e amounts to claiming th at if the inp ut form ula θ is satisfiable, then th e final tableau T θ is op en. Before going into the tec hnical d etails, w e giv e an informal outline of the p roof. Th e tableau pro cedure for the input form ula θ starts off with creat ing a single prestate { θ } . Then, w e unwind { θ } int o states, eac h of whic h con tains θ . T o establish soundn ess, it suffices to sho w th at at least one these states survive s to th e end of the pro cedure and is, thus, part of a fin al tableau. W e start out b y sho wing (Lemma 5.1) that if a pr esta te Γ is s atisfiable, then at least one state created from Γ u sing (SR) is also satisfiable. In p articular, it ensures that if θ is 29 satisfiable, th en so is at least one state obtained by ( SR) form { θ } . T o ensure sound ness, it is enough to show th at this state never gets eliminated fr om the tableau. T o that end , we first sh o w (Lemma 5.2 ) that, giv en a satisfiable state ∆, all the pr estat es created from ∆ by (Next) — eac h of whic h is asso ciate d with a mo v e vecto r, sa y σ —are satisfiable; according to Lemma 5.1, eac h of th ese prestates will giv e rise to at least one satisfiable state. It follo w s that, if a tableau state ∆ is satisfiable, then for ev ery mo ve ve ctor σ at ∆, in the in itia l tableau, ∆ w ill ha v e at least one satisfiable successor r eac hable by an arro w m arked with σ ; hence, if ∆ is satisfiable, it will n ot b e eliminated on account of (E 2) . Lastly , w e sh o w that no satisfiable states contai n un realiz ed ev entualiti es (in the sense of Definitions 4.7 and 4.8), and thus cann ot b e r emov ed from th e tableau on accoun t of (E3) . Th us, we sho w that a satisfiable state of th e pretableau cann ot b e remov ed on account of an y of the state elimination r ules and, therefore, surv ives to the end of the p rocedu re. In particular, this means that at least one state obtained fr om the initial prestate θ , and thus con taining θ , survives to th e end of the pro cedure—hence, the final tableau for θ is op en, as desired. W e start w ith the lemma that essen tially asserts that the “state-creation” comp onen t of our tableaux p reserv es satisfiability . Lemma 5.1 L et Γ b e a pr e stat e of P θ and let M , s  Γ for some CGM M and some s ∈ M . Then, M , s  ∆ holds for at le ast one ∆ ∈ states (Γ) . Pro of. Straigh tforw ard (see a r emark at the end of section 3.1, though). ✷ The next lemma s h o ws that (Next) creates from satisfiable states satisfiable pr estates (to see this, compare th e condition of the lemma with Remark 4.3). Lemma 5.2 L et Φ = {h h A 1 i i ❣ ϕ 1 , . . . , h h A m i i ❣ ϕ m , ¬h h A ′ i i ❣ ψ } b e a set of formulae such that A i ∩ A j = ∅ for every 1 ≤ i, j ≤ m and A i ⊆ A ′ for every 1 ≤ i ≤ m . L et M , s  Φ for some CGM M and s ∈ M . L et, furthermor e, σ A i ∈ D A i ( s ) b e an A i -move witnessing the truth of h h A i i i ❣ ϕ i at s , for e ach 1 ≤ i ≤ m , and let, final ly, σ c A ′ ∈ D c A ′ ( s ) b e a c o- A ′ -move witnessing the truth o f ¬h h A ′ i i ❣ ψ at s . Then, ther e exists s ′ ∈ out ( s, σ A 1 ) ∩ . . . ∩ out ( s, σ A m ) ∩ out ( s, σ c A ′ ) such that M , s ′  { ϕ 1 , . . . , ϕ m , ¬ ψ } . Pro of. As A i ∩ A j = ∅ for ev ery 1 ≤ i, j ≤ m and A i ⊆ A ′ for ev ery 1 ≤ i ≤ m , a ll the mo ves σ A i , wh er e 1 ≤ i ≤ m , can b e “fused” int o a mo v e σ A 1 ∪ ... ∪ A m . Then, the application of th e co-mo v e σ c A ′ to an y extension of σ A 1 ∪ .. . ∪ A m to a mov e of the coalit ion Σ θ \ A ′ ⊇ A 1 ∪ ... ∪ A m pro duces a m ov e v ector σ s uc h that s ′ = δ ( s, σ ) satisfies b oth pr operties fr om the statemen t of the lemma. ✷ The p receding tw o lemmas sho w that fr om satisfiable (pre)states w e pr odu ce satisfiable (pre)states. Th is, in p artic ular, implies t wo th in gs: fi rst, at least one of the states con taining the inp u t formula θ is satisfiable an d , second, satisfiable states never get eliminated d ue to (E2) . It is also clear that a s at isfiable state can not con tain a prop ositional in consistency and thus b e remo ved due to (E1) . Therefore, all that remains to show is that (E3) do es not eliminate from tableaux satisfi- able states. T o that end, w e will need some extra definitions and p iece s of notations dra wing analogies b et ween what happ ens in C GMs and tableaux (Definition 5.3 th rough Notational con ven tion 5.5). 30 In what foll o ws, w e treat lab els of the arrows of the tableaux as mo ve v ectors; the concepts of A -mov e, and all the conco mitan t definitions and notation are then used in exact ly the same w a y as for C GFs (see section 2.2.1); analogously for co- A -mo v es (see section 2.5). W e only explicitly men tion wh at notion (i.e., the one r ela ting to the sema nti cs of A TL or to tablea ux) is referred to if the con text lea ves ro om for am biguit y . The only n oti on that differs b et ween A TL -semantics and the A TL -tableaux is that of “o utcome” of (CGF vs. tableau) mo ves and co-mo v es. Unlik e the former, the latter are generally not unique, as there m ight b e sev eral outgoing arro ws from a state ∆ lab eled with the same “mov e v ector” σ . W e, ho w ev er , define an outcome set of a tableau A -mo v e σ A to con tain exactly one state obtained from ∆ by follo wing a giv en σ ⊒ σ A to mak e them resemble outcomes of A -mov es in CGFs. Definition 5.3 L e t ∆ ∈ S θ n and σ A ∈ D A (∆) . An outcome set of σ A at ∆ is a minimal set of states X ⊆ S θ n such that, for every σ ⊒ σ A , ther e exists exactly one ∆ ′ ∈ X such that ∆ σ − → ∆ ′ . Outcome sets for tableau co-mo v es are defined analogously: Definition 5.4 L e t ∆ ∈ S θ n and σ c A ∈ D c A (∆) . An outcome set of σ c A at ∆ is a minimal set of states X ⊆ S θ n such that, for every σ A ∈ D A (∆) , ther e exists exactly one ∆ ′ ∈ X such that ∆ σ c A ( σ A ) − → ∆ ′ . Notational con v e ntion 5.5 1. Whenever we write h h A p i i ❣ ϕ p ∈ ∆ ∈ S θ n , we me an that h h A p i i ❣ ϕ p is the p -th formula in the line ar or dering of the next-time formulae of ∆ induc e d as p art of apply ing the (Next) rule to ∆ . We use the notation ¬h h A ′ q i i ❣ ψ q ∈ ∆ ∈ S θ n in an analo gous way. 2. Given h h A p i i ❣ ϕ p ∈ ∆ ∈ S θ n , by σ A p [ h h A p i i ❣ ϕ p ] we denote (the unique) table au A p -move σ A p ∈ D A p (∆) such that σ A p ( a ) = p f or every a ∈ A p . 3. Given a pr op er ¬h h A ′ q i i ❣ ψ q ∈ ∆ ∈ S θ n , by σ c A ′ q [ ¬h h A ′ q i i ❣ ψ q ] we denote (the uniqu e) table au c o- A ′ q -move satisfying the fol lowing c ondition: neg ( σ c A ′ q ( σ A ′ q )) = q and Σ θ − A ′ q ⊆ N ( σ c A ′ q ( σ A ′ q )) for every σ A ′ q ∈ D A ′ q (∆) . W e no w get do wn to pro ving that (E3) do es not eliminate any satisfiable states. W e n eed to sho w that if a tableau T θ n con tains a state ∆ that is satisfiable and con tains an ev entualit y ξ , then ξ is realized at ∆. This w ill b e accomplished by sho wing that T θ n “con tains” a s tr ucture (more p recisely , a tree) that, in a sen se to b e made precise, “witnesses” the realization of ξ at ∆ in T θ n . Th is tree will, in a sen s e to b e made precise, em ulate a tree of run s effected by a s trate gy or co-strategy th at “realizes” an ev entualit y in a mo del. This simulati on is going to b e carried out step-b y-step, eac h step, i.e. A -mo ve (in the case of h h A i i ϕ U ψ ) or co- A -mo v e (in the case of ¬h h A i i ✷ ϕ ) will b e simulat ed by a tableau mov e or co-mo v e associated with a resp ectiv e ev en tualit y . Th at this step-b y-step simulatio n can b e don e is pr o v ed in the n ext t wo lemmas (together with their corollaries). Lemma 5.6 L et h h A p i i ❣ ϕ p ∈ ∆ ∈ S θ n and let M , s  ∆ for some CGM M and state s ∈ M . L et, fu rthermor e, σ A p ∈ D A p ( s ) b e an A p -move witnessing the truth of h h A p i i ❣ ϕ p at s . Then, ther e exists in T θ n an outc ome set X of σ A p [ h h A p i i ❣ ϕ p ] such that f or e ach ∆ ′ ∈ X ther e exists s ′ ∈ out ( s, σ A p ) such that M , s ′  ∆ ′ . 31 Pro of. Consider the set of prestates Y = { Γ ∈ prestates (∆) | ∆ σ − → Γ for some σ ⊒ σ A p [ h h A p i i ❣ ϕ p ] } . T ake an arbitrary Γ ∈ Y . It follo ws immediately from th e ( Next) rule (see Remark 4.3) that Γ (which m ust conta in ϕ p ) is either of the form { ϕ 1 , . . . , ϕ m , ¬ ψ } , where {h h A 1 i i ❣ ϕ 1 , . . . , h h A m i i ❣ ϕ m , ¬h h A ′ i i ❣ ψ } ⊆ ∆ satisfies the condition of Lemma 5.2, or of the form { ϕ 1 , . . . , ϕ m } , where {h h A 1 i i ❣ ϕ 1 , . . . , h h A m i i ❣ ϕ m } ⊆ ∆ and A i ∩ A j = ∅ for ev ery 1 ≤ i, j ≤ m . As M , s  ∆ , in the form er case, b y Lemma 5.2, there exists s ′ ∈ out ( s, σ A p ) w ith M , s ′  Γ. T hen Γ can b e extended to a down wa rd saturated set ∆ ′ con taining at least one next-time formula ( h h Σ θ i i ❣ ⊤ if nothing else) s u c h that M , s ′  ∆ ′ . This is done by c ho osing, for ev ery β -formula to b e dealt with, the “disjunct” that is actually true in M at s ′ (if b oth “disjuncts” happ en to b e true at s ′ , the choic e is arbitrary). In the latter case, the s ame conclusion follo ws fr om Lemma 5.2 again, by adding to ∆ the v alid formula ¬ h h Σ θ i i ❣ ⊥ . T o complete the p roof of the lemma, tak e X to b e the set of all tableau states ∆ ′ obtain- able from th e p restate s in Y in the wa y describ ed ab o ve. ✷ Corollary 5.7 L e t h h A p i i ❣ ϕ p ∈ ∆ ∈ S θ n and let M , s  ∆ for some CGM M and state s ∈ M . L et, fu rth ermor e, σ A p ∈ D A p ( s ) b e an A p -move witnessing the truth of h h A p i i ❣ ϕ p at s and let χ ∈ ecl ( θ ) b e a β - formula , whose β i -asso ciate ( i ∈ { 1 , 2 } ) is χ i . Then, ther e exists in T θ n an outc ome set X χ i of σ A p [ h h A p i i ❣ ϕ p ] such that for every ∆ ′ ∈ X χ i ther e exists s ′ ∈ out ( s, σ A p ) such that M , s ′  ∆ ′ , and mor e over, if M , s ′  χ i , then χ i ∈ ∆ ′ . Pro of. Constru ct X χ i in a w ay X wa s constructed in the pro of of the preceding lemma, with a sin gle mo dification: when dealing w ith the formula χ , in stea d of c ho osing arbitrarily b et ween χ 1 and χ 2 , c h oose χ i whenev er it is tru e at s ′ . ✷ Lemma 5.8 L et ¬h h A ′ q i i ❣ ψ q ∈ ∆ ∈ S θ n and let M , s  ∆ for some CGM M and state s ∈ M . L et, furthermor e, σ c A ′ q ∈ D c A ′ q ( s ) b e a c o- A ′ q -move witnessing the truth of ¬ h h A ′ q i i ❣ ψ q at s . Then, ther e exists in T θ n an outc ome set X of σ c A ′ q [ ¬h h A ′ q i i ❣ ψ q ] such that for e ach ∆ ′ ∈ X ther e exi sts s ′ ∈ out ( s, σ c A ′ q ) such that M , s ′  ∆ ′ . Pro of. Consider the set of prestate s Y = { Γ ∈ prestat e s (∆) | ∆ σ − → Γ , σ = σ c A ′ q [ ¬h h A ′ q i i ❣ ψ q ]( σ A ′ q ) for some σ A ′ q ∈ D A ′ q (∆) } . T ake an arb itrary Γ ∈ Y . It follo ws immediately from the ( Next) rule (see Re mark 4.3) that Γ (which m ust con tain ¬ ψ q ) is e ither of the form { ϕ 1 , . . . , ϕ m , ¬ ψ q } , where {h h A 1 i i ❣ ϕ 1 , . . . , h h A m i i ❣ ϕ m , ¬h h A ′ q i i ❣ ψ q } ⊆ ∆ satisfies the condition of Lemma 5.2, or of the form {¬ ψ q } . As M , s  ∆, in the former case, b y Lemma 5.2, there exist s s ′ ∈ out ( s, σ c A ′ q ) with M , s ′  Γ. T hen Γ can b e extended to a down wa rd saturated set ∆ ′ con taining at least one next-time formula ( h h Σ θ i i ❣ ⊤ if nothing else) s u c h that M , s ′  ∆ ′ . This is done by c ho osing, 32 for ev ery β -formula to b e dealt with, the “disjunct” that is actually true in M at s ′ (if b oth “disjuncts” are true, c ho ose arb itrarily). In the latter case, the s ame conclusion follo ws fr om Lemma 5.2 again, by adding to ∆ the v alid formula h h∅i i ❣ ⊤ . T o complete the p roof of the lemma, tak e X to b e the set of all tableau states ∆ ′ obtain- able from th e p restate s in Y in the wa y describ ed ab o ve. ✷ Corollary 5.9 L e t ¬h h A ′ q i i ❣ ψ q ∈ ∆ ∈ S θ n and let M , s  ∆ for some CGM M and state s ∈ M . L et, furthermor e, σ c A ′ q ∈ D c A ′ q ( s ) b e a c o- A ′ q -move witnessing the truth of ¬ h h A ′ q i i ❣ ψ q at s and let χ ∈ ecl ( θ ) b e a β - formula , whose β i -asso ciate ( i ∈ { 1 , 2 } ) is χ i . Then, ther e exists in T θ n an outc ome set X χ i of σ c A ′ q [ ¬h h A ′ q i i ❣ ψ q ] such that for ev ery ∆ ′ ∈ X χ i ther e exists s ′ ∈ out ( s, σ c A ′ q ) such that M , s ′  ∆ ′ , and mor e over, if M , s ′  χ i , then χ i ∈ ∆ ′ . Pro of. Analogous to the pro of of Corollary 5.7. ✷ W e no w sho w that the tableau mo ves (for ev entualit ies of the form h h A i i ϕ U ψ ) and co-mo v es (for ev entualitie s of the form ¬ h h A i i ✷ ϕ ) whose existence w as established in the preceding t wo lemmas can b e stitc hed together into what we call ev en tualit y realization witness trees 9 . Theses trees, as already men tioned, simulate tree s of runs effected in mo dels b y (co-)strate gies. It will th en follo w that the existence of suc h a tree for a state ∆ means that it cannot b e remo ved from a tableau du e to (E3) . Definition 5.10 L et R = ( R, → ) b e a tr e e and X b e a non-empty set. An X -coloring of R is a mapping c : R 7→ X . When such mapping is fixe d, we say that R is X -colored . Definition 5.11 A realization w itness tree for the even tualit y h h A i i ϕ U ψ at state ∆ ∈ S θ n is a finite S θ n -c olor e d tr e e R = ( R, → ) such that 1. the r o ot of R is c olor e d with ∆ ; 2. if an interior no de of R is c olor e d with ∆ ′ , then { ϕ, h h A i i ❣ h h A i i ϕ U ψ , h h A i i ϕ U ψ } ⊆ ∆ ′ ; 3. for every interior no de w of R c olor e d with ∆ ′ , the childr en of w ar e c olor e d bije ctively with the states fr om an outc ome set of σ A [ h h A i i ❣ h h A i i ϕ U ψ ] ∈ D A (∆ ′ ) ; 4. if a le af of R is c olor e d with ∆ ′ , then { ψ , h h A i i ϕ U ψ } ⊆ ∆ ′ . Definition 5.12 A realizatio n witness tree for the ev en tualit y ¬h h A i i ✷ ϕ at state ∆ ∈ S θ n is a finite S θ n -c olor e d tr e e R = ( R, → ) such that 1. the r o ot of R is c olor e d with ∆ ; 2. if an interior no de of R is c olor e d with ∆ ′ , then {¬h h A i i ❣ h h A i i ✷ ϕ, ¬h h A i i ✷ ϕ } ⊆ ∆ ′ ; 3. for every interior no de w of R c olor e d with ∆ ′ , the childr en of w ar e c olor e d bije ctively with the states fr om an outc ome set of σ c A [ ¬h h A i i ❣ h h A i i ✷ ϕ ] ; 9 In the con text of this pap er, by a tree we mean an y directed, conn ected , and acyclic gr aph, eac h nod e of whic h, except one, th e ro ot, has ex actly one incoming edge. 33 4. if a le af of R is c olor e d with ∆ ′ , then {¬ ϕ, ¬h h A i i ✷ ϕ } ⊆ ∆ ′ . Lemma 5.13 L et R = ( R , → ) b e a r e alization witness tr e e for an eventuality ξ at ∆ ∈ S θ n . Then, ξ is r e alize d in T θ n at ev e ry ∆ ′ c oloring a no de of R —in p articular, at ∆ in T θ n . Pro of. Straightfo rward induction on the length of the longest path from a no de colored b y ∆ ′ to a leaf of R (recall that realiz ation of eve nt ualities w as d efined in Defin itions 4.7 and 4.8). ✷ W e no w pr o v e the existance of r eal ization witness trees for satisfiable states of tableaux con taining even tualities. Lemma 5.14 L et ξ ∈ ∆ b e an eventuality formula and ∆ ∈ S θ 0 b e satisfiable. Then ther e exists a r e alization witness tr e e R = ( R, → ) for ξ at ∆ ∈ S θ 0 . M or e over, every ∆ ′ c oloring a no de of R i s satisfiable. Pro of. W e only supply the full pro of for ev entualitie s of the form h h A i i ϕ U ψ ; w e then indicate ho w to obtain the p roof for ev en tualities of the form ¬h h A i i ✷ ϕ . If ψ ∈ ∆, then w e are done straig ht o ff—the realization witness tree is made up of a single no de, th e ro ot, colored with ∆. Hence, we only need to consider the case w h en ψ / ∈ ∆. As ∆ is do wnw ard satur ated, then { ϕ, h h A i i ❣ h h A i i ϕ U ψ } ⊆ ∆. So, supp ose that M , s  ∆; in particular, M , s  ϕ and M , s  h h A i i ❣ h h A i i ϕ U ψ . The latter means that there exists σ A ∈ D A ( s ) such that s ′ ∈ out ( s, σ A ) implies M , s ′  h h A i i ϕ U ψ . No w, h h A i i ❣ h h A i i ϕ U ψ is a p ositiv e next-time formula. Since ∆ is satisfiable, it do es not con tain a paten t inconsistency; hence, the ( Next) rule has b een applied to it. As part of that application, h h A i i ❣ h h A i i ϕ U ψ has b een assigned a place, sa y p , in the linear ordering of the next-time formulae of ∆. F u r thermore, h h A i i ϕ U ψ is a β -formula whose β 2 is ψ . Therefore, Corollary 5.7 is applicable to ∆, χ = h h A i i ϕ U ψ , χ 1 = h h A i i ❣ h h A i i ϕ U ψ , and χ 2 = ψ . According to that corollary , there exists an outcome set X ψ of σ A [ h h A i i ❣ h h A i i ϕ U ψ ] at ∆ such that, f or ev ery ∆ ′ ∈ X ψ , there exists s ′ ∈ out ( s, σ A ) s uc h that M , s ′  ∆ ′ and, moreo ver, if M , s ′  ψ , then ψ ∈ ∆ ′ . W e start b uilding the witness tree R b y constru cting a simple tree (i.e., one with a single in terior no de, th e ro ot) whose ro ot r is colored with ∆ and whose lea v es are colored, in the wa y prescrib ed b y Definition 5.11, by the states fr om X ψ . Next, since M , s ′  h h A i i ϕ U ψ for ev ery s ′ ∈ out ( s, σ A ), it follo ws that for ev ery su c h s ′ there exists a (p erfect-recall) A -strategy F s ′ A suc h that for ev ery λ ∈ out ( s ′ , F s ′ A ) there exists i ≥ 0 w ith M , λ [ i ]  ψ and M , λ [ j ]  ϕ holds f or all 0 ≤ j < i . Then, pla ying σ A follo wed b y p la ying F s ′ A for the s ′ ∈ out ( s , σ A ) “c hosen” by the counter-co alition Σ θ \ A constitutes a (p erfect-recal l) strategy F A witnessing th e truth of h h A i i ϕ U ψ at s . W e, then, cont in ue the construction of R as follo ws. F or eve ry s ′ ∈ out ( s, σ A ) (eac h suc h s ′ has b een matc hed by a no de of R at the in itia l stage of the construction of R ), we follo w the (perfect-recall) strategy F s ′ A , matc hing ev ery state s ′′ app earing as part of a run complian t with F s ′ A and satisfying the requ ir emen t that M , s ′′ 1 ψ w ith a no de w ′′ of R and matc h ing ev ery A -mo v e of F s ′ A at s ′′ with th e A -mo ve in the tableau σ A [ h h A i i ❣ h h A i i ϕ U ψ ] ∈ D A (∆ ′′ ) for the s tat e ∆ ′′ coloring the no de w ′′ . In this wa y , we follo w eac h F s ′ A along eac h run, up to the p oin t wh en we reac h a s tate t where ψ is true; at that p oin t we reac h the leaf of the resp ectiv e br an ch of th e tree we are building, as by construction, the no de asso ciate d with t will b e colored with a s tate con taining b oth ψ and h h A i i ϕ U ψ . In the mann er outlined ab o v e, we are guaran teed to build a tree satisfying all conditions of Definition 5.11. Indeed, the v ery wa y th e tree is b uilt guarantee s that conditions (1-4) of 34 that defin ition hold. As for fi n iteness, assuming that the resultant tree is infinite implies that it con tains an infi n ite b r anc h colored with s ets not cont aining ψ , which in turn imp lie s the existence of λ ∈ out ( s, F A ) s uc h that for ev ery i ≥ 0 we hav e M , λ [ i ]  ¬ ψ , whic h contradicts the fact th at F A is a strategy witnessing the truth of h h A i i ϕ U ψ at s . Th us, we ha ve obtained a realizatio n witness tree R for h h A i i ϕ U ψ at ∆ in T θ n . Moreo v er, it is clear f rom the wa y this tree has b een built that every state coloring a n ode of R is satisfiable (in M ). The p roof for even tualities of the form ¬ h h A i i ✷ ϕ is completely analogous, w ith reference to C orollary 5.9 rather th an Corollary 5.7, using the f ac t that ¬h h A i i ✷ ϕ is a β -formula, with β 1 = ¬ ϕ an d β 2 = ¬h h A i i ❣ h h A i i ✷ ϕ . ✷ Theorem 5.15 (Soundness) If θ is satisfiable, then T θ is op en. Pro of. W e w ill p r o v e that no satisfiable states are eliminated in the state elimination ph ase of the construction of the tableau. The statemen t of the lemma will then follo w immediately from Lemm a 5.1, which implies that if th e initial prestate { θ } is satisfiable, then at least one state of T θ con taining θ is also satisfiable. As the elimination pro cess pr oceeds in stages, w e will prov e b y in duction on the num b er n of stages that, for ev ery ∆ ∈ S θ 0 , if ∆ is satisfiable, then ∆ will not b e eliminated at s tag e n . The b ase case is trivial: when n = 0, no eliminations ha v e yet b een done, hence no satisfiable ∆ h as b een eliminated. No w indu ctiv ely assume th at, if ∆ ′ ∈ S θ 0 is satisfiable, it has n ot b een eliminated durin g the pr evio us n stages of the elimination p hase, and thus ∆ ′ ∈ S θ n . Consider stage n + 1 and a satisfiable ∆ ∈ S θ 0 . By in ductiv e hyp othesis, ∆ ∈ S θ n . W e will now show that n o elimination rule allo ws elimination of ∆ from T θ n ; hence, ∆ will remain in T θ n +1 . (E1) As ∆ is satisfiable, it clearly cannot con tain b oth ϕ and ¬ ϕ ; ther efore, it cannot b e eliminated from T θ n due to ( E1) . (E2) Due to th e form of th e (Next) -r ule (see Remark 4.3), it imm ediate ly follo ws from Lemma 5.2 th at if ∆ is satisfiable, then all the pr esta tes in prestates (∆) are satisfiable, to o. By virtue of Lemma 5.1, T θ 0 con tains for every σ ∈ D (∆) at least one satisfiable ∆ ′ with ∆ σ − → ∆ ′ . By the in d uctiv e hypothesis, all suc h ∆ ′ b elong to T θ n ; th u s, ∆ can n ot b e eliminated from T θ n due to ( E2) . (E3) W e need to show that if ∆ is satisfiable and con tains an ev entualit y ξ , then ξ is realized at ∆ in T θ n . According to Lemma 5.14 , th ere exists a realization witness tree R = ( R, → ) for ξ at ∆ in T θ 0 and every ∆ ′ coloring a no de of R is satisfiable. Therefore, b y inductiv e h yp othesis, eac h suc h ∆ ′ b elongs to S θ n . T hen, it is clear from the constru ctio n of R in the pr oof of Lemma 5.14, that R will still b e a r ealization witness tree for ∆ in T θ n . Th en, by virtue of Lemma 5.13, ξ is realized at ∆ in T θ n , hence cannot b e eliminated d ue to (E3) . ✷ 5.2 Completeness Completeness of a tableau pr ocedure means that if the final tableau for the input formula θ is op en, than θ is satisfiable. The completeness pro of presente d in this s ection b oils down 35 to b uilding a Hint ikk a stru ctur e H θ for th e in put formula θ out of the op en tableau T θ . Theorem 3.9 then guarante es th e existence of a mo del for θ . Our construction of a Hintikk a structure H θ for θ out of T θ is going to resemble b uilding a house, when bric ks are assem bled in to pr efab bloc ks that are then assem b led in to walls that are fin ally assem bled in to a complete str ucture. W e will use analogues of all of those in our pro ducing a Hin tikk a structure for θ . Larger and larger comp onen ts of our construction will satisfy more and more conditions requir ed b y Definition 3.2, so that by the end, w e are going to get a fully-fledged Hin tikk a structur e. The “bric ks” of H θ are going to b e the states of T θ . Being do wnw ard-saturated sets con taining no patent inconsistencies (otherwise, they would hav e b een eliminated due to (E1) ), they satisfy conditions (H1)–(H3) of Defin itio n 3.2. The “prefab b loc ks” are going to b e lo c al ly c onsistent simple T θ -tr e es , whic h it is our next task to d efi ne. Intuitiv ely , th ese trees are one-step comp onen ts of the Hintikk a stru cture we are bu ilding. Definition 5.16 L et W = ( W , ❀ ) b e a tr e e and Y b e a non-empty set. A Y - lab eling of W is a mapping l fr om the set of e dges of W to the se t of non-empty su b sets of Y . When such mapping is fixe d, we say that W is lab eled by Y . Definition 5.17 A tr e e W = ( W , ❀ ) is a T θ -tree if the fol lowing c onditions hold: • W is S θ -c olor e d (r e c al l Definition 5.10 ), by some c oloring mapping c ; • W is lab ele d by ∪ ∆ ∈ S θ D (∆) , by some lab eling mapping l ; • l ( w ❀ w ′ ) ⊆ D (∆) for every w ∈ W with c ( w ) = ∆ . Definition 5.18 A T θ -tr e e W = ( W , ❀ ) is lo cally consistent if th e fol lowing c ondition holds: F or every interior no de w ∈ W with c ( w ) = ∆ and every ∆ -suc c e ssor ∆ ′ ∈ S θ , ther e exi sts exactly one w ′ ∈ W such that l ( w ❀ w ′ ) = { σ | ∆ σ − → ∆ ′ } . That is, a lo cally consistent tree can n ot h av e tw o distinct successors w ′ = c (∆ ′ ) and w ′′ = c (∆ ′′ ) of an in terior no de w = c (∆) su c h that { σ | ∆ σ − → ∆ ′ } = { σ | ∆ σ − → ∆ ′′ } . Note that w e lab el edges of T θ -trees with sets of mo ve ve ctors as eac h edge in a tableau can b e mark ed by m ore than one m ov e v ector. Definition 5.19 A tr e e W = ( W , ❀ ) is simple if it has no interior no des other than the r o ot. Lo cally consisten t simple T θ -trees w ill b e our building blo c k s for the construction of a Hin tikk a str ucture from an op en tableau T θ . Essen tially , w e are extracting from tableaux one-step structur es that resemble C GMs in that eve ry in terior n ode of these stru ctures has exactly one outcome state asso ciated with a giv en mo ve v ector. In other w ords, while an op en tableau enco des all p ossible Hint ikk a structures f or the inp ut form u la, w e are extracting only one of them, by c ho osing th e outcome states asso ciated with mo v e ve ctors at eac h state out of p ossibly sev eral suc h outcomes. W e n o w pro v e the existence of lo cally consistent simple T θ -trees asso ciated with eac h state ∆. 36 Definition 5.20 L et ∆ ∈ S θ . A T θ -tr e e W is ro oted at ∆ if the r o ot of W i s c olor e d with ∆ , i.e., c ( r ) = ∆ , wher e r is the r o ot of W . Lemma 5.21 L et ∆ ∈ S θ . Then, ther e exists a lo c al ly c onsistent simple T θ -tr e e r o ote d at ∆ . Pro of. Suc h a tree can b e bu ilt as follo w s : consider all successor states ∆ ′ of ∆ in T θ . With eac h of them is asso ciated a non-empty set of “mo v e v ectors” { σ | ∆ σ − → ∆ ′ } . The T θ -tree will then consist of a ro ot r colored with ∆ and a leaf asso ciated with eac h such s et of mo ve v ectors, colored with an y of the successor states ∆ ′ with which this particular set of mo ves is asso ciate d (note that, in general, a tableau can cont ain more than one such ∆ ′ ); the edge b et ween the ro ot r and a leaf t is then lab eled b y the set of mo ves { σ | ∆ σ − → c ( t ) } . Note that, by construction of the tableau, d ifferent successor states ∆ ′ of ∆ are reac hable fr om ∆ b y pairwise disjoint sets of m ov es. ✷ The next lemma essen tially asserts that, in addition to conditions (H1)–(H3), lo cally consisten t simple T θ -trees also satisfy conditions (H4)– (H5) of Definition 3.2, w h ere outcomes of A -mo ves and co- A -mo v es are defined for su ch trees as f or CGFs; r eca ll that edges of these trees are lab eled with sets of mo v e vec tors. Thus, lo cally consisten t simple T θ -trees are closely appro ximating Hintikk a stru ctures, b ut so far only lo c al ly . Lemma 5.22 L et S b e a lo c al ly c onsistent simple T θ -tr e e r o ote d at ∆ . Then, the fol lowing hold: 1. If h h A i i ❣ ϕ ∈ ∆ = c ( w ) , then ther e exists an A -move σ A ∈ D A ( w ) such that ϕ ∈ ∆ ′ for al l ∆ ′ = c ( w ′ ) ∈ out (∆ , σ A ) . 2. If ¬ h h A i i ❣ ϕ ∈ ∆ = c ( w ) , then ther e exists a c o- A -move σ c A ∈ D c A ( w ) such that ¬ ϕ ∈ ∆ ′ for al l ∆ ′ = c ( w ′ ) ∈ out (∆ , σ c A ) . Pro of. Note that ev ery ∆ ∈ S θ is not p atently inconsisten t. Therefore, we can assu me throughout the pr oof that all n ext-ti me formulae of ∆ hav e b een linearly ordered as p art of applying the (Next) rule to ∆. (1) Su pp ose that h h A i i ❣ ϕ ∈ ∆. Then the required A -mo ve is σ A [ h h A i i ❣ ϕ ] (recall Nota- tional con ven tion 5.5). Indeed, it immediately follo ws from the ru le (Next) that for eve ry σ ⊒ σ A [ h h A i i ❣ ϕ ] in the pretableau P θ , if ∆ σ − → Γ then ϕ ∈ Γ. No w, in T θ w e hav e ∆ σ − → ∆ ′ only if in P θ w e had ∆ σ − → Γ for some Γ ⊆ ∆ ′ . Th erefore, ϕ ∈ ∆ ′ for ev ery ∆ ′ in an y outcome set of σ A [ h h A i i ❣ ϕ ] at ∆, and the statemen t of the lemma follo ws. (2) Su pp ose that ¬h h A i i ❣ ϕ ∈ ∆. W e ha v e t w o cases to consider. Case 1: A 6 = Σ θ . Th erefore, there exists b ∈ Σ θ \ A and, f urthermore, ¬ h h A i i ❣ ϕ o ccupies some place, sa y q , in the linear o rdering of the next- time form ulae of ∆. Cons ider an arbitrary σ A ∈ D A (∆). W e claim that σ A can b e extended to σ ′ ⊒ σ A suc h that ∆ σ ′ − → ∆ ′ and ¬ ϕ ∈ ∆ ′ for some ∆ ′ . T o show that, denote b y N ( σ A ) the set { i | σ A ( i ) ≥ m } , where m is the num b er of p ositiv e n ext-t ime formulae in ∆ ′ , and by ne g ( σ A ) th e num b er  P i ∈ N ( σ A ) ( σ A ( i ) − m ))  mo d l , w h ere l is the num b er of n ega tiv e next-time formulae in ∆. No w, consider σ ′ ⊒ σ A defined as follo w s: σ ′ b = (( q − neg ( σ A )) mo d l ) + m and σ ′ a ′ = m for an y a ′ ∈ Σ θ \ ( A ∪ { b } ). It is easy to see that Σ θ \ A ⊆ N ( σ ′ ), and moreo v er, that neg ( σ ′ ) = ( neg ( σ A ) + ( q − neg ( σ A ))) mo d l = q . W e conclude that in the pr eta bleau P θ , if ∆ σ ′ − → Γ, then ¬ ϕ ∈ Γ. But, S con tains 37 at least one leaf colored with such ∆ ′ that ∆ σ ′ − → ∆ ′ , and this ∆ ′ w as obtained by extending a Γ with ∆ σ ′ − → Γ; hence, ¬ ϕ ∈ ∆ ′ , and the statemen t of the lemma follo ws . Case 2: A = Σ θ . Then, by virtue of (H2), h h∅i i ❣ ¬ ϕ ∈ ∆ and thus, by the ru le ( Next) , ¬ ϕ ∈ Γ for eve ry Γ ∈ prestates (∆). Th en, ¬ ϕ ∈ ∆ ′ for ev ery ∆ ′ that is a su ccessor of ∆ in T θ and hence in the coloring set of eve ry leaf of S . Then , the (uniqu e) co-Σ θ -mo ve, which is an ident it y function, has the requ ired prop erties. ✷ No w, w e come to the “walls” of our b uilding—the co mp onent s of the future Hin tikk a stru c- ture that take care of single ev entualitie s. F ollo wing [17], w e call them final tr e e c omp onents . Eac h final tree comp on ent is bu ilt around a realizat ion witness tree for the corresp onding ev entualit y (recall Definitions 5.11 and 5.12), the existence of w hic h is pr o v ed in the forth- coming lemma. Lemma 5.23 L et ξ b e an ev entuality r e alize d at ∆ in T θ n . Then, ther e exists a r e alization witness tr e e R for ξ at ∆ in T θ n . Pro of. T o b uild R , w e use the concept of the realization rank of ∆ in T θ n with r esp ect to an eve nt ualit y ξ , which we defin e as the shortest path from ∆ to a state witnessing the realizatio n of ξ at ∆ (if ξ = h h A i i ϕ U ψ , suc h a state conta ins ψ ; if ξ = ¬h h A i i ✷ ϕ , then suc h a state con tains ¬ ϕ ) and denoted b y rank (∆ , ξ , T θ n ). If suc h a path d oes not exists, then rank (∆ , ξ , T θ n ) = ∞ . Clearly , if ξ is realized at ∆ in T θ n , then rank (∆ , ξ , T θ n ) is fi nite. Supp ose, first, that ξ is of the form h h A i i ϕ U ψ . W e start b uilding R b y taking a ro ot no de and coloring it with ∆. Afterw ards, for ev ery w ′ ∈ R colored with ∆ ′ , w e do the follo wing: for ev ery σ ⊒ σ A [ h h A i i ❣ h h A i i ϕ U ψ ] ∈ D (∆ ′ ), we pic k the ∆ ′′ ∈ succ σ (∆ ′ ) with th e least rank (∆ ′′ , h h A i i ϕ U ψ , T θ n ) and add to R a c h ild w ′′ of w ′ colored with ∆ ′′ . As h h A i i ϕ U ψ is realized at ∆ , it follo ws that rank (∆ , h h A i i ϕ U ψ , T θ n ) is fi n ite. By construction of R and definition of the r ank, eac h c hild of ev ery no de of the so constru cted tree has a smaller realizatio n rank than the parent . Ther efore, along eac h b ranc h of the tree we are b ound to reac h in a finite n umber of steps a no de colored with a state whose realizatio n rank with resp ect to h h A i i ϕ U ψ is 0; su c h no des are tak en to b e the lea v es of R . As ev ery no de of R has finitely man y c h ildren, d ue to K¨ onig’s lemma, R is finite. Therefore, so constructed R is indeed a realizatio n witness tree for h h A i i ϕ U ψ at ∆ in T θ n . Supp ose, next, th at ξ is of the form ¬h h A i i ✷ ϕ . Again, w e b egin by taking a ro ot no de and coloring it with ∆. Afterw ards, for ev ery w ′ ∈ R colored with ∆ ′ , we d o th e follo w ing: for ev ery σ = σ c A [ ¬h h A i i ❣ h h A i i ✷ ϕ ]( σ A ) ∈ D (∆ ′ ), we pic k the ∆ ′′ ∈ succ σ (∆ ′ ) w ith the least rank (∆ ′′ , ¬h h A i i ✷ ϕ, T θ n ) and add to R a c h ild w ′′ of w ′ colored with ∆ ′′ . T he r est of the argumen t is an alogous to th e one for the other eve ntual it y . ✷ No w, w e are going to use realization w itness trees to bu ild T θ -trees d oing the same job for ev en tualities as r ea lization witness trees d o, i.e., “realizing” them in a certain sen s e. Th e problem with realizatio n witn ess trees is that their no des migh t lac k successors along some “mo ve v ectors”; the next definition and lemma sho w that this shortcoming can b e easily remedied, by giving eac h interio r no de ∆ of a realization w itn ess tree a successor asso ciated with ev ery mo ve ve ctor σ ∈ ∆. 38 Definition 5.24 L et W = ( W, ❀ ) b e a lo c al ly c onsistent T θ -tr e e r o ote d at ∆ and ξ ∈ ∆ b e an eventuality formula. We say that W r ealizes ξ if ther e exists a subtr e e 10 R ξ of W r o ote d at ∆ such that R ξ is a r e alization witness tr e e for ξ at ∆ in T θ . Lemma 5.25 L et ξ ∈ ∆ ∈ S θ b e an eventuality formula. Then, ther e exist a finite lo c al ly c onsistent T θ -tr e e W ξ r o ote d at ∆ r e alizing ξ . Pro of. T ak e the realization witness tree R ξ for ξ at ∆ in T θ , wh ich exists by Lemma 5.23 . The only reason why R ξ ma y turn out not to b e a lo cally consisten t T θ -tree is that some of its in terior no des do n ot ha v e a successor no de alo ng every mo ve ve ctor σ (r eca ll that, in real- ization witness trees, every interio r no de has just enough successors to witness realization of the corresp onding ev entual it y , and no more). Th er efore, to build a lo cally consisten t T θ -tree out of R ξ , w e simply ad d to its inte rior no des just enough “colored” successors so th at (1) for every interior no de w ′ of W ξ and every σ ∈ D ( w ′ ), the tree W ξ con tains a w ′′ suc h that c ( w ′′ ) = ∆ ′′ for some ∆ ′′ ∈ succ σ (∆ ′ ) (where ∆ ′ = c ( w ′ )) and (2) W ξ satisfies the condition of Definition 5.18. It is then obvious that W ξ is a lo cally consistent T θ -tree, by definition realizing ξ . Moreo ver, as according to L emma 5.23, R ξ is fin ite, W ξ is finite, to o. ✷ W e wa nt to b u ild Hintikk a structur es our of lo cally consistent T θ -trees. Hint ikk a stru c- tures are b ased on CGFs; therefore, we need to b e able to “em b ed” suc h tr ees into C GFs. The follo w ing defin itio n form all y defines such an em b edding. Definition 5.26 L et W = ( W , ❀ ) b e a lo c al ly c onsistent T θ -tr e e and F = (Σ θ , S, d, δ ) b e a CGF. We say that W is con tained in F , denote d W ≪ F , if the fol lowing c onditions hold: • W ⊆ S ; • if σ ∈ l ( w ❀ w ′ ) , then w ′ = δ ( w , σ ) . Lo cally consisten t T θ -trees r eal izing an ev en tualit y ξ are m eant to represent run tr ees in CGMs effected by (co-)strateg ies. W e no w show that if we em b ed the f orm er v ariet y of tree in to a CGM then, as exp ected, this give s rise to a p ositional (co-) strategy witnessin g th e truth of ξ un der an “appr opriate v aluation”. (In tuitiv ely , this (co-)strateg y is extracted out of a lo cally consistent T θ -tree when it is embedd ed in to a CGF and can, thus, b e view ed as a run tree). Th e follo w ing tw o lemmas pr o v e this for t w o t yp es of ev en tualities we ha ve in the language. Lemma 5.27 L et, h h A i i ϕ U ψ ∈ ∆ ∈ S θ and let W = ( W , ❀ ) b e a lo c al ly c onsistent T θ -tr e e r o ote d at ∆ and r e alizing h h A i i ϕ U ψ . L et, furthermor e, F = (Σ θ , S, d, δ ) b e a CGF such that W ≪ F . Then, ther e exists a p ositional A -str ate gy F A in F such that, if λ ∈ out ( w, F A ) , wher e c ( w ) = ∆ , then ther e exists i ≥ 0 such that ψ ∈ λ [ i ] ∈ W and ϕ ∈ λ [ j ] ∈ W holds for al l 0 ≤ j < i . Pro of. A t eve ry no de w ′ of the realization witness tree for h h A i i ϕ U ψ , which is con tained in W , tak e the A -mo ve σ A [ h h A i i ❣ h h A i i ϕ U ψ ] ∈ D A ( w ′ ). A t any other no de, f or defin iteness’ sak e, tak e the lexicographically first A -mo ve. T his strategy is clearly p ositional and h as the required p rop ert y . ✷ 10 By a subtree, w e mean a graph obtained from a tree by remo ving some of its nodes together with all the nod es reachable fro m them. 39 Lemma 5.28 L et, ¬h h A i i ✷ ϕ ∈ ∆ ∈ S θ and let W = ( W , ❀ ) b e a lo c al ly c onsistent T θ -tr e e r o ote d at ∆ and r e alizing ¬ h h A i i ✷ ϕ . L et, furthermor e, F = (Σ θ , S, d, δ ) b e a CGF such that W ≪ F . Then, ther e exists a p ositional c o- A - str ate gy F c A in F such that, if λ ∈ out ( w , F c A ) , wher e c ( w ) = ∆ , then ¬ ϕ ∈ λ [ i ] ∈ W for every i ≥ 0 . Pro of. A t every no de w ′ of the realization w itn ess tree for ¬h h A i i ✷ , whic h is conta ined in W , tak e the co- A -mo ve σ c A [ ¬h h A i i ❣ h h A i i ✷ ϕ ] ∈ D A ( w ′ ). A t an y other no de, for d efiniteness’ sak e, tak e the lexicographically first co- A -mo ve. This co- A -strategy is clearly p ositional and has the requ ir ed pr operty . ✷ Our next big step in the completeness p roof is to assemble lo cally consisten t T θ -trees realizing ev entualitie s as w ell as lo cally consisten t simple T θ -trees into a Hintikk a stru cture for θ . T o do that, we need th e co ncept of partial concurrent g ame frame that generalizes that of CGF. P artial CGFs are different from CGFs in that they ha ve “deadlo c ked” states, i.e., states for which the transition function δ is not defin ed (the analog in Kripke frames w ould b e “dead ends”—the no des that cannot “see” an y other no de); how ev er, eac h deadlo c k ed state of a partial C GF is an image of a transition fun cti on δ for some (ordinary) state. W e need p artial C GFs as we will b e building a Hintikk a stru cture for θ step-by-ste p, all but th e final step pro ducing partial CGFs h aving d eadloc k ed states that will b e giv en successors at the next stage of the construction. Put another wa y , the m oti v ation for introd ucing partial CGFs is that lo cally consisten t T θ -trees are p artia l C GFs, and w e wan t to b uild a Hintikk a structure for θ out of such trees. Definition 5.29 A partial concur ren t game frame (p artial CGF, for short) is a tuple S = (Σ , S, Q, d, δ ) , wher e • Σ i s a finite, non-empty set of agen ts ; • S 6 = ∅ is a set of states ; • Q ⊆ S is a set of deadlock states ; • d is a function assigning to every a ∈ Σ and every s ∈ S \ Q a natur al numb er d a ( s ) ≥ 1 of mo ves available to agent a at state s ; notation D a ( s ) and D ( s ) has the same me aning as in the c ase of CGFs (se e Definition 2.2); • δ is a tr ansitio n function satisfying the fol lowing r e quir ements: – δ ( s, σ ) ∈ S for every s ∈ S \ Q and every σ ∈ D ( s ) ; – for every q ∈ Q , ther e exist s ∈ S \ Q and σ ∈ D ( s ) such that q = δ ( s, σ ) . The concept of A -mo ve is defin ed for p artial CGFs in a w a y analogous to the w a y it is defined for CGFs; the only d ifference is that, in the former case, A -mov es are only defined for states in S \ Q . The set of all A -mo ve s at state s ∈ S \ Q is denoted b y D A ( s ). Ou tco mes of A -mo v es are defined exactly as f or CGFs. An alogously for co- A -mo v es. Definition 5.30 L et S = (Σ , S, Q, d, δ ) b e a p artial CGF and A ⊆ Σ . A p ositional A - strategy in S is a mapping F A : S 7→ S { D A ( s ) | s ∈ S \ Q } suc h that F A ( s ) ∈ D A ( s ) for al l s ∈ S \ Q . 40 Definition 5.31 L et S = (Σ , S, Q , d, δ ) b e a p artial CGF and A ⊆ Σ . A p ositional co- A - strategy in S is a mapping F c A : S 7→ S { D c A ( s ) | s ∈ S \ Q } su ch that F c A ( s ) ∈ D c A ( s ) for al l s ∈ S \ Q . W e now establish a fact that will b e crucial to our abilit y to stitc h partial CGFs that are lo cal ly consisten t T θ -trees together. Intuitiv ely , giv en suc h a partial CGF S and a state w of S colored with a set ∆ ′′ con taining an ev entualit y h h A i i ϕ U ψ , coalit ion A has a strategy suc h that every (finite) run complian t with that s trate gy either realizes h h A i i ϕ U ψ or p ostp ones its realizatio n unti l a d eadloc k ed state (Lemma 5.33). Analogously for ev en tualities of the form ¬h h A i i ✷ ϕ an d co- A -strategie s (Lemma 5.34). First, a tec h nical d efi nition. Definition 5.32 L et S = (Σ , S, Q, d, δ ) b e a p artial CGF and let s ∈ S . An s - fu llpath in S is a finite se quenc e ρ = s 0 , . . . , s n of elements of S such that • s 0 = s ; • for e very 0 ≤ i < n , ther e exists σ ∈ D ( s i ) such that s i +1 = δ ( s i , σ ) ; • s n ∈ Q . The f ul lp ath ρ = s 0 , . . . , s n is c ompliant with the str ate gy F A , denote d ρ ∈ out ( F A ) , if s i +1 ∈ out ( F A ( s i )) for al l 0 ≤ i < n . Analo gously for c o-str ate gies. The length of ρ (define d as the numb er of p ositions in ρ ) i s denote d by | ρ | . Lemma 5.33 L et S = (Σ θ , S, Q, d, δ ) b e a p artial CGF such that 1. S ⊆ S θ ; 2. for every w ∈ S , the set { w } ∪ { w ′ | w ′ = δ ( w, σ ) , for some σ ∈ D ( w ) } is a set of no des of a lo c al ly c onsistent simple T θ -tr e e; 3. h h A i i ϕ U ψ ∈ ∆ ′′ , wher e ∆ ′′ = c ( w ′′ ) for some w ′′ ∈ S ; Then, ther e exists a p ositional A -str ate g y F A in S such that, for every w ′′ -ful lp ath ρ ∈ out ( F A ) , either of the fol lowing holds: • ther e exists 0 ≤ i < | ρ | such that ψ ∈ c ( ρ [ i ]) and ϕ ∈ c ( ρ [ j ]) for every 0 ≤ j < i ; • ϕ ∈ c ( ρ [ i ]) for every 0 ≤ i < | ρ | . Pro of. Straigh tforw ard. ✷ Lemma 5.34 L et S = (Σ θ , S, Q, d, δ ) b e a p artial CGF such that 1. S ⊆ S θ ; 2. for every w ∈ S , the set { w } ∪ { w ′ | w ′ = δ ( w, σ ) , for some σ ∈ D ( w ) } is a set of no des of a lo c al ly c onsistent simple T θ -tr e e; 3. ¬h h A i i ✷ ϕ ∈ ∆ ′′ , wher e ∆ ′′ = c ( w ′′ ) for some w ′′ ∈ S ; 41 Then, ther e exists a p ositional c o- A -str ate gy F c A in S such that ¬ ϕ ∈ c ( ρ [ i ]) f or every ∆ ′′ - ful lp ath ρ ∈ out ( F c A ) and every i ≥ 0 . Pro of. Straigh tforw ard. ✷ No w, we defin e the building blo c ks, referred to as final tr e e c omp onents , from whic h a Hin tikk a str u cture for θ will b e built; the construction is essen tially tak en from [17]. Definition 5.35 L et ∆ ∈ S θ and ξ ∈ T θ b e an eventuality formula. Then, the final tree comp onen t for ξ and ∆ , denote d F ( ξ , ∆) , is define d as fol lows: • if ξ ∈ ∆ , then F ( ξ , ∆) is a finite lo c al ly c onsistent T θ -tr e e W ξ r o ote d at ∆ r e alizing ξ ; the existenc e of suc h a tr e e b eing g u ar ante e d by L emma 5.25; • if ξ / ∈ ∆ , then F ( ξ , ∆) is a lo c al ly c onsistent simple T θ -tr e e r o ote d at ∆ ; the existenc e of such a tr e e b eing guar ante e d by L emma 5.21. W e are now ready to defin e what we will pro v e to b e a (p ositional) Hintikk a structur e for the input formula θ , which w e den ote by H θ . W e start by defining the CGF F underlying H θ . T o that end, w e fir st arrange all states of T θ in a list ∆ 0 , . . . , ∆ n − 1 and all even tualities o ccurring in the states of T θ in a list ξ 0 , . . . , ξ m − 1 . W e then think of all the final tree comp onen ts (see Definition 5.35) as arr anged in an m -b y- n grid w hose rows are mark ed with the corresp ondingly num b ered even tualities of T θ and w hose columns are m ark ed with the corresp ondingly num b ered states of T θ . The final tree comp onent found at the int ersection of the i th r ow and the j th column will b e denoted b y F ( i,j ) . The bu ilding bloc ks for F will all come from the grid, and w e build F incremental ly , at eac h state of the construction pro ducing a partial CGF realizing more and more ev en tualities. The crucial fact h ere is that if an ev entualit y ξ is not realized within a p artia l CGF u sed in the construction, then ξ is “passed do w n” to b e realized later, in accordance with Lemmas 5.33 and 5.34 . W e start off with a final tree comp onent that is uniquely d ete rmined b y θ , in the follo wing w a y . If θ is an ev entualit y , i.e., θ = ξ p for some 0 ≤ p < m , th en w e start off with the comp onen t F ( p,q ) where, for defi niteness, q is the least num b er < n suc h that θ ∈ ∆ q ; as T θ is op en, su c h a q exists. I f, on the other h an d , θ is not an even tualit y , then we start off w ith F (0 ,q ) , wh ere q is as describ ed ab o ve. Let us denote this initial p artia l CGF by S 0 . Henceforth, we pr oceed as follo ws. Informally , w e thin k of the ab o v e list of even tualities as a q u eue of customers wait ing to b e serv ed. Unlike the usu al queues, we do not necessarily start serving the qu eue from the fi rst cus tomer (if θ is an ev entualit y , then it gets serv ed first; otherwise w e start from the b eginning of th e qu eue), bu t then we follo w the queue order, curving bac k to the b eginning of th e qu eue after ha ving served its last ev entualit y if w e started in the midd le. S erving an ev en tualit y ξ amounts to app ending to deadlo c ked states of the p artia l C GF constru cted so far fi nal tree comp onen ts realizing ξ . Thus, we k eep trac k of wh at ev entualit ies h a v e already b een “serv ed ” (i.e., r eali zed), tak e note of the one th at w as served the last, sa y ξ i , and replace ev ery deadlo c ked state w suc h that c ( w ) = ∆ j of the partial CGF so far constructed with th e fi nal tree comp onent F (( i +1) m od m,j )) . Th e pro cess con tinues un til all the ev entualit ies ha ve b een s er ved, at wh ic h p oint we ha v e gone the full cycle throu gh the queue. After that, the cycle is rep eated, but with a crucial mo dification that will guarantee that the CGHS we are building is going to b e fin ite: whenever the comp onen t we are ab out to 42 attac h, sa y F ( i,j ) , is already contai ned in the partial C GF we h a v e constru cted th u s far, instead of r ep lac ing the deadlo c ked state w (su c h that c ( w ) = ∆ j ) with th at comp onen t, we connect ev ery “predecessor” v of w to the r o ot of F ( i,j ) b y an arro w ❀ marked with the set l ( v ❀ w ). This mo dified ve rsion of th e cycle is rep eated until we come to a p oin t when no more comp onent s get add ed . This result in a finite CGF F . No w, to define H θ , w e simp ly put H ( w ) = c ( w ), for eve ry w ∈ F . Theorem 5.36 The ab ove define d H θ is a (p ositional) Hi ntik k a structur e for θ . Pro of. The “for θ ” part immediate ly follo ws the construction of H θ (recall the v ery first step of the constru ctio n). It, thus, remains to argue that H θ is indeed a Hin tikk a structure. Conditions (H1)–(H3) of Defin itio n 3.2 h old since states of H θ are consisten t d own ward saturated sets. Conditions (H4) and (H5) essential ly f oll o w f rom Lemma 5.22. Condition (H6) follo ws from the wa y H θ is constructed together with lemmas 5.27 and 5.33. Lastly , condition (H7) follo ws from the w ay H θ is constructed together with lemmas 5.28 and 5.34. Lastly , H θ is p ositional by construction. In deed, it is built from final tree comp onen ts, whic h are lo cally consisten t simp le T θ -trees; as we hav e seen in Lemmas 5.27 and 5.28, when em b edd ed into CGFs, these trees giv e rise to p ositional strategies. ✷ The p ositionalit y of H θ giv es us the follo w ing, stronger, ve rsion of the completeness the- orem for our tableau p rocedu re: Theorem 5.37 (P ositional completeness) L e t θ b e an A TL formula and let T θ b e op en. Then, θ is satisfiable i n a CGM b ase d on a fr ame with p ositional str ate gies. Corollary 5.38 If an A TL -formula θ is tightly satisfiable, then it is tightly satisfiable in a p ositional CGM. Pro of. Supp ose that θ is tigh tly satisfiable in a CGM based on a CGF with p erfect recall strategies. Then, by Theorem 5.15, the tableau T θ for θ is op en. It then f ollo ws form Th eo- rem 5.37 that θ is satisfiable in a p ositional CGM. ✷ 6 Some v ariations of the metho d In the presen t section, w e sk etc h some immediate adaptati ons of the tableau metho d describ ed ab o ve for testing other strains of satisfiabilit y , suc h as lo ose A T L -sati sfiabilit y and A TL - satisfiabilit y o v er some sp ecial classes of frames. Other, less straigh tforward, adaptations will b e dev elop ed in follo w-up w ork. 6.1 Lo ose satisfiabilit y for A TL The pro cedure d escrib ed ab o v e is easily adaptable to testing A TL -formulae for lo ose satis- fiabilit y , whic h the r ea der will r eca ll, is satisfiabilit y o v er fr ames with exactly one agen t n ot featuring in the form u la. All that is necessary to adapt the ab o ve-described p rocedu r e to 43 testing for this strain of satisfiabilit y is the mo dification of the (Next ) rule in suc h a wa y that it accommo dates | Σ θ | + 1 agen t rather th an | Σ θ | . As suc h a mo dification is en tirely straigh tforward, we omit the d eta ils. The complexit y of the pro cedure is not affected. 6.2 A TL o ver sp ecial classes of frames Some classes of concurrent game f rames are of particular inte rest (for motiv ation and exam- ples, see [5]). 6.2.1 T urn- ba sed sync hronous frames In turn-based sync hronous frames, at ev ery state, exactly one agent has “rea l c hoices”. Thus, agen ts tak e it in turns to act. Definition 6.1 A c oncurr ent game fr ame F = (Σ , S, d, δ ) is tu rn-based syn chronous if, for every s ∈ S , ther e exists agent a s ∈ Σ , r eferr e d to as the o wn er of s , such that d a ( s ) = 1 for al l a ∈ Σ \ { a s } . T o tests formulae for satisfiabilit y o ve r turn-based sync hronous frames, we need to make the follo wing adju stmen ts to the ab o ve t ableau pro cedure (w e are assumin g that w e are testing for tigh t s atisfiability; loose sat isfiabilit y is then straigh tforw ard). All the s tates of the tableau are now going to b e “o wned” b y individ ual agent s. Intuitiv ely , if ∆ is “o w ned” by a ∈ Σ θ , it is agen t’s a tur n to act at ∆; w e ind icate ownership by affixing th e n ame of th e o wner as a subscript of the state. T he rule (SR) now lo oks as follo ws: (SR) Giv en a prestate Γ, do the follo w ing: 1. for ev ery a ∈ Σ θ , add to th e pr etableau all the minimal d o wnw ard saturated extensions of Γ, marked with a (all thus created sets ∆ a are a -states ); 2. for eac h of the so obtained states ∆ a , if ∆ a do es not con tain an y formulae of the form h h A i i ❣ ϕ or ¬h h A i i ❣ ϕ , add the form ula h h Σ θ i i ❣ ⊤ to ∆ a ; 3. for eac h state ∆ a obtained at steps 1 and 2, p ut Γ = ⇒ ∆ a ; 4. if, how ev er, the p retablea u already conta ins a state ∆ ′ a that coincides with ∆ a , do not create another cop y of ∆ ′ a , but only pu t Γ = ⇒ ∆ ′ a . Moreo ve r, when creating prestates from a -states, all agen ts except a get exactly one v ote, while a can still vote for any next-time form ula in the curr en t state. Th e rule (Ne xt ) , therefore, now lo oks as follo ws: (Next) Giv en a state ∆ a suc h that for no χ w e hav e χ, ¬ χ ∈ ∆ a , do th e follo wing: 1. order linearly all p ositive and prop er negativ e next-time formula e of ∆ a in such a w a y that all the positive next-time form ulae precede all the negativ e ones; su pp ose the resu lt is the list L = h h A 0 i i ❣ ϕ 0 , . . . , h h A m − 1 i i ❣ ϕ m − 1 , ¬h h A ′ 0 i i ❣ ψ ′ 0 , . . . , ¬h h A ′ l − 1 i i ❣ ψ l − 1 . (Due to step 2 of ( SR) , L is non-empty .) Let r ∆ = m + l ; den ot e b y D (∆ a ) th e set { σ ∈ N | Σ θ | | 0 ≤ σ a < r ∆ and σ b = 0 , for all b 6 = a } ; 44 2. consider the elements of D (∆ a ) in the lexicographic order and for eac h σ ∈ D (∆ a ) do the follo wing: (a) create a prestate Γ σ = { ϕ p | h h A p i i ❣ ϕ p ∈ ∆ a and a ∈ A p and σ a = p } ∪ { ϕ p | h h A p i i ❣ ϕ p ∈ ∆ a and a / ∈ A p } ∪ { ¬ ψ q | ¬h h A ′ q i i ❣ ψ q ∈ ∆ a and a ∈ A ′ q } ∪ { ¬ ψ q | ¬h h A ′ q i i ❣ ψ q ∈ ∆ a and a / ∈ A ′ q and σ a = q } put Γ σ = {⊤} if all f ou r s ets ab o v e ab o ve are empty . (b) connect ∆ a to Γ σ with σ − → ; If, ho wev er, Γ σ = Γ for some prestate Γ that has already b een added to the p retableau, only connect ∆ to Γ with σ − → . Otherwise, tableaux testing for satisfiabilit y o ve r tur n-based syn c hronous frames are no differen t fr om th ose for satisfiabilit y ov er all f r ames. 6.2.2 Mo ore sync hronous frames In Mo ore sync hronous frames o v er the set of agen ts Σ, th e set of states S can b e repr e- sen ted as a Cartesian p rod uct of sets of lo cal states S a ∈ Σ , one for eac h agen t. The actions of agen ts are determined by the curr en t “global” state s ∈ S ; eac h action σ a of agen t a at state s ∈ S , ho w ev er , results in a lo cal s tat e determined by a function δ a mapping pairs h global state, a -mov e i in to S a . Then , giv en a mo ve v ector σ ∈ D ( s ), representing s imul- taneous actions of all age nts at s , the σ -successor of s is determined by the lo cal states of agen ts pro duced by their actions—namely , it is a k -tuple (wh ere k = | Σ | ) of resp ectiv e lo cal states ( δ 1 ( s, σ 1 ) , . . . , δ k ( s, σ k )), one for eac h agen t. This in tuition can b e formalized as follo ws (see [5]): Definition 6.2 A CGF F = (Σ , S, d, δ ) is Mo ore sync h ronous if the fol lowing two c onditions ar e satisfie d, wher e k = | Σ | : • S = S 1 × · · · × S k ; • for e ach state s ∈ S , move ve ctor σ , and agent a ∈ Σ , ther e exists a lo c al state δ a ( s, σ a ) such that δ ( s, σ ) = ( δ 1 ( s, σ 1 ) , . . . , δ k ( s, σ k )) . Definition 6.3 A CGF F = (Σ , S, d, δ ) is bijectiv e , if δ ( s, σ ) 6 = δ ( s, σ ′ ) for ev e ry s ∈ S and every σ and σ ′ such that σ 6 = σ ′ . It is easy to see th at every bijectiv e f rame is isomorphic to a Mo ore sync hronous one. Therefore, if—for wh at ev er reason—u s ing our tableau pr ocedure, we w ant to pro duce a Mo ore sync hronous mo del for the input formula, we simply never iden tify the s tates created in the course of applying the (Next ) rule. This clearly pro duces a bijectiv e, and hence Moore sync hronous, mo del. By insp ecting the tableau pro cedure, it can b e noted that iden tification or otherwise of the states n ever affects the output of the pr o cedure. Therefore, an analysis of our tableau p rocedu re leads to the follo wing claim: Theorem 6.4 ([13]) L et θ b e an A TL -formula. Then, θ is satisfiable in the class of al l CGFs iff it is satisfiable in the class of Mo or e synchr onous CGFs. 45 7 Concluding remarks W e ha v e dev elop ed a complexit y-efficient te rminating in cremen tal-tableau-based decisio n pro- cedure for A TL and some of its v ariations. Th is st yle of tableaux for A TL , wh ile ha ving the same wo rst-case upp er b ound as the other kno wn decisio n pro cedures, includin g the top-do wn tableaux-lik e p rocedu re pr esen ted in [30], is exp ected to p erform b etter in p ractic e b ecause, as it has b een sho wn in the examples, it creates muc h fewer tableau states. W e b eliev e that the tableau metho d dev elop ed h erein is not only of m ore immediate practical use, but also is more flexible and adaptable than an y of the decision p rocedur es dev elop ed earlier in [29 ], [17], and [30]. In particular, this metho d can b e su ita bly adapted to v ariations of A T L with committed strategies [2] and with in co mplete in f ormatio n, whic h is the su b ject of a follo w-up work. 8 Ac kn o wledgmen ts This researc h w as supp orted b y a researc h grant of the National Researc h F ound atio n of South Africa and w as done during the second author’s p ost-do cto ral fello w ship at the Univ ersity of the W it w atersrand, funded by t he Claude Harris Leon F oun dation. W e grate fully ac kno wledge the financial supp ort fr om these institutions. W e also grate fully ac knowledge the detailed and useful referees’ comments, wh ic h ha ve help ed u s impro ve significan tly the present ation of the pap er. References [1] Pietro Abate, Ra jeev Gor` e, and Florian Widmann. One-pass tableaux for Computation Tree Logic. In L e ctur e Notes in Computer Scienc e , pages 32–46 . Spr inger-V erlag, 2007. Pro c. LP AR 2007. [2] T homas ˚ Agotnes, V alenti n Goranko, and W o jciec h Jamroga. Alternating-time temp oral logics with irrev o cable strategi es. In D. Samet, editor, Pr o c e e dings of the 11th Inter- national Confer enc e on The or etic al Asp e cts of R ationality and Know le dge (T ARK XI) , pages 15–24, Un iv. S ain t-Louis, Bru ssels, 2007. Presses Universitaires de Louv ain. [3] Ra jeev Alu r, Thomas A. Henzinger, and Orna Kup erman. Alternating-time temp oral logic. In Pr o c e e dings of the 38th IEEE Symp osium on F oundations of Computer Scienc e , pages 100–109 , Octob er 1997. [4] Ra jeev Alu r, Thomas A. Henzinger, and Orna Kup erman. Alternating-time temp oral logic. In L e ctur e Notes in Computer Scienc e , v olume 1536, pages 2 3–60. Springer-V erlag, 1998. [5] Ra jeev Alu r, Thomas A. Henzinger, and Orna Kup erman. Alternating-time temp oral logic. Journal of the ACM , 49(5):672 –713, 2002. [6] Ra jeev Alur, T homas A. Henzinger, F. Y. C. Mang, Shaz Qadeer, Sriram K. Ra jamani, and S erdar T asiran. Moc ha: Mo dularit y in mod el-c hec king. In L e ctur e Notes in Computer Scienc e , vo lume 1427, p ages 521–52 5. Sp ringer-V erlag, 1998. 46 [7] J ulian Bradfield and Colin Stirling. Mo dal µ -calculi. I n Pa tric k Blac kbu rn et al., editor, Handb o ok of Mo dal L o gic , pages 721–756. Elsevier, 2007. [8] E. Allen Emerson. T emp oral and mo dal logics. In J . v an Leeu w en, editor, H and b o ok of The or etic al Computer Scienc e , v olume B, pages 995–107 2. MIT Press, 1990. [9] E. Allen Em er s on and J oseph Halp ern. Decision pro cedures and expressiv eness in the temp oral logic of branching time. Journal of Computat ion and System Sci enc e s , 30(1):1– 24, 1985. [10] Ron F agin, Joseph Halp ern, Y oram Moses, and Moshe V ardi. R e asoning ab out Know l- e dge . MIT Press: Cambridge, MA, 1995. [11] Melvin Fitting. P r o of Metho ds for Mo dal and Intuitionistic L o gics . D. Reidel, 1983. [12] Melvin Fitting. Mo dal pro of theory . In P . Blac kburn et al., editor, Handb o ok of M o dal L o gic , pages 85–138 . Elsevier, 2007. [13] V alen tin Goranko . Coalition games and alternating temp oral logics. In Johan v an Ben- them, editor, Pr o c e e dings of the 8th c onfer enc e on The or etic al Asp e cts of R ationality and Know le dge (T ARK VIII) , pages 259–272. Morgan Kaufman n , 2001. [14] V alen tin Gorank o an d W o jciec h Jamr oga. C omp aring s eman tics of logics for m ulti-agen t systems. Synthese , 139(2) :241–28 0, 2004 . [15] V alen tin Goranko and Dmitry Sh k ato v. Deciding satisfiabilit y in the full coalitio nal m ultiagen t epistemic logic w ith a tableau-based pr ocedur e. Submitted, 2008. [16] V alen tin Goranko and Dmitry Sh k ato v. T ableau-based decision pro cedure for the m u lti- agen t epistemic logic with op erators of common and distributed kno wledge. In A. Cerone and S. Gruner, editors, Pr o c. of the Sixth IEEE c onfer enc e on Softwar e Engine ering and F ormal Metho ds (SE FM 2008) . IEEE Computer S ociet y Pr ess, 2008, to app ear. [17] V alen tin Gorank o and Go v er t v an Drimm ele n. Complete axiomatizat ion and d eci dablit y of Alternating-time temp oral logic. The or etic al Computer Scienc e , 353:93–11 7, 2006. [18] Ra jeev Gore. T ableau metho ds for mo dal and temp oral logics. In M. D’Agostino et al., editor, Handb o ok of T able au Metho ds . Kluw er, 1998. [19] Helle Hvid Hansen. T ableau games for C oalition Logic and Alternating-time Temp oral Logic. Master’s th esis, Univ er s it y of Amsterdam, 2004. [20] Carl Hewitt . The c hallenge of op en systems. In Derek Partridge and Y oric k Wilks, editors, The F oundation s of Artificial Intel ligenc e – a Sour c eb o ok , pages 383–395. Cam b ridge Univ ersit y Press, 1990. [21] Maarten Marx, Szab olcs Mikul´ as, and Mark Reynolds. Th e mosaic m ethod for temp oral logics. In L e ctur e Notes in Computer Scienc e , vo lume 1847, pages 324 –340. Sprin ger- V erlag, 2000. [22] Marc P auly . L o gic f or So cial Softwar e . PhD thesis, Universit y of Amsterdam, 2001. ILLC Dissertation S eries 2001- 10. 47 [23] Marc P auly . A logical fr amew ork for coalitional effectivit y in d ynamic pro cedures. Bul- letin of Ec onomic R ese ar ch , 53(4):305– 324, Octob er 2001. [24] Marc Pa uly . A mo dal logic for coalitional p o wer in games. Journal of L o gic and Com- putation , 12(1):149 –166, F ebruary 2002. [25] Marc P auly and Rohit Pa rikh. Game logic—an ov erview. Studia L o gic a , 75(2):165–1 82, 2003. [26] Y oa v Shoham and Kevin Leyton-Bro wn. M u lti-agent systems: Algorithmic, Game- The or etic, and L o gic al F oundations . CUP , 2008. [27] Raymond M. Smully an. First-or der L o gic . S p ringer-V erlag, 1968. [28] W olfgang Th omas. On th e sy nthesis of strategies in infinite games. In E.W. Ma yr and C. Pu ec h, ed itors, Pr o c e e dings of the 12th Annual Symp osium on The or etic al Asp e cts of Computer Scienc e, ST ACS ’95 , v olume LNCS 900, pages 1–13. Sp ringer, 1995. [29] Go v ert v an Drimmelen. Satisfiabilit y in alternating-time temp oral logic. In Pr o c e e dings of 18th IE EE Symp osium on L o gic in Computer Scie nc e (LICS) , p ages 208–21 7, 2003. [30] Dirk W alther, Carsten Lutz, F rank W olter, and Mic h ael W o oldridge. ATL satisfiabilit y is indeed Exp Time-complete . Journal of L o gic and Computation , 16(6):765 –787, 2006. [31] G ¨ un ter W eiss, editor. Multiagent Systems . MIT Press, 1999. [32] Pierre W olp er. Th e tableau metho d for temp oral log ic: an o v er v iew. L o gique et Analyse , 28(11 0–111):1 19–136, 1985. [33] Mic hael W o oldridge. A n Intr o duction to M ultiagent Systems . John Willey and Sons, 2002. 48