Automata for epistemic temporal logic with synchronous ...

Noname manuscript No.(will be inserted by the editor)

Automata for epistemic temporal logic with synchronouscommunication

Swarup Mohalik · R. Ramanujam

Received: date / Accepted: date

Abstract We suggest that developing automata theoretic foundations is relevant for

knowledge theory, so that we study not only what is known by agents, but also the

mechanisms by which such knowledge is arrived at. We define a class of epistemic

automata, in which agents’ local states are annotated with abstract knowledge asser-

tions about others. These are finite state agents who communicate synchronously with

each other and information exchange is ‘perfect’. We show that the class of recogniz-

able languages has good closure properties, leading to a Kleene-type theorem using

what we call regular knowledge expressions. These automata model distributed causal

knowledge in the following way: each agent in the system has a partial knowledge of the

temporal evolution of the system, and every time agents synchronize, they update each

other’s knowledge, resulting in a more up-to-date view of the system state. Hence we

show that these automata can be used to solve the satisfiability problem for a natural

epistemic temporal logic for local properties. Finally, we characterize the class of lan-

guages recognized by epistemic automata as the regular consistent languages studied

in concurrency theory.

Keywords Epistemic logic, Automata theory, Decidability, Knowledge expressions

1 Background

1.1 Knowledge and memory

We often hear someone exclaim, I used to know it very well, but now have trouble

remembering it, give me some time to recall it. The speaker knows that she knew it

S. MohalikIndia Science Lab, General MotorsBangalore, IndiaE-mail: [email protected]

RamanujamInstitute of Mathematical SciencesChennai, IndiaE-mail: [email protected]

2

earlier, but not now, and yet she has not lost the knowledge either. Indeed, she cannot

be said to have forgotten it either, since she can recall or reconstruct the knowledge.

This could be even an instance of propositional knowledge, where the speaker holds a

true belief that is asserted immediately whereas its justification requires the effort of

recall.

Formal theories of knowledge, especially logical studies following Hintikka, discuss

agents’ propositional knowledge. The theory addresses the questions of when an agent

can be said to know that a proposition is true, what are the properties of such knowl-

edge, how such knowledge changes due to interactions with other agents, how such

knowledge informs the agents’ actions, and so on. Relatively less is said about the

mechanisms by which agents acquire knowledge, store it and recall it when needed. In

studies of how knowledge and communication interdetermine each other, such mecha-

nisms may play a critical role, since the meaning of a message may depend not only

on message content, but also the mode of communication.

It is clear that knowledge is closely linked to memory, but understanding how

memory limitations impact knowledge requires study. It is common to speak of perfect

recall in epistemic logic and game theory. Typically, perfect recall is carefully defined,

and imperfect recall is merely its negation. However, there is structure to forgetting as

well.

Theory of computation provides models for memory structures of reasoning agents,

of which finite state automata provide the most elegant and robust class of machines.

From such a perspective, an agent has only bounded memory, and all knowledge that

the agent has (about the world, about other agents’ knowledge, about other agents’

knowledge about others, and so on) needs to be explicitly represented in memory.

Background or common knowledge may be “programmed” into the transition structure

of the automaton.

Such a view of a knower may seem severely limiting, and it is indeed unclear whether

complex notions of knowledge storage and recall can be studied in automata theoretic

terms. However, when we consider the dynamics of how knowledge changes due to in-

teraction between agents, explicit modelling of knowledge mechanisms is advantageous,

since we can then precisely delineate how knowledge is updated.

Specifically, consider the central question studied in epistemic logics: when an event

e occurs, how does its occurrence affect the epistemic attitudes of a participating agent

i ? When the agent is finite state, this raises the supplementary question: how is the

agent’s memory structured to accommodate information regarding e ?

1.2 Global and local views

In Hintikka-style logics of knowledge, the knowledge of a reasoning agent is given by

an indistinguishability relation on system states. An agent is said to know α at a

state s if α holds at every state s′ such that s and s′ are indistinguishable to the

agent. Reasoning about knowledge in multi-agent systems has proved to be extremely

interesting, especially from the viewpoint of computational agents. Fagin et al. [11]

provide an extensive treatment of such logics of knowledge.

In the context of distributed systems of agents, agents’ knowledge of temporal

properties is of special interest. Each agent evolves with time, and an agent has only a

limited visibility of what is happening to other agents. Communication between agents

leads to updating of their knowledge, and indeed the purpose of communication is

3

(often) to cause such updating ([25]). Starting with [24], [6], [12] and [13] there have

been many discussions of logical interaction between knowledge and time. [14] provide

axiomatizations of Epistemic Temporal Logics (ETL) interpreted over many interesting

classes of distributed systems. [23] discuss how the architecture of communications may

impact on reasoning in ETL.

The semantics of these logics are presented using temporal evolutions (histories),

and indistinguishability relations are imposed on time points, possibly from different

system trajectories. Knowledge update corresponds to how the partitions defined by

the indistinguishability relations change. We can define conditions that correspond

to whether agents have perfect recall of past event occurrences, or not. Note that

mechanisms for acquiring and storing knowledge as well as using the knowledge for

acting appropriately, are implicit in the logical description, as well as in the models.

In contrast to this temporal picture, we can conceive of the model as a transition

system where every event occurrence causes a change in information partitions. Such

structures are studied in Dynamic Epistemic Logics (DEL) ([9], [1], [2]) and Update

Logics ([32]). We can derive temporal behaviour by unfolding such systems.

There is a close relationship between these approaches, and [5] provide an illu-

minating discussion. [3], [4] provide a formal relationship between DEL models and

ETL models: they not only embed the former into the latter, but also characterize the

subclass of ETL models from which DEL models may be extracted. Indeed, there is

a duality between transition system based presentations and those based on temporal

evolutions: associated with every transition system is a domain of computations (of its

unfoldings) which is a temporal picture, and associated with classes of partial orders

representing temporal trajectories, there is a natural transition system on its config-

urations. In the context of knowledge in distributed message passing systems, such a

duality is shown to be a categorical adjunction in [15].

One aspect that is common to both DEL models as well as ETL models is the global

nature of specification, in the sense that these are knowledge structures perceived by

observers ‘hovering above’ the system, ascribing knowledge to agents in the system.

The indistinguishability relations are externally specified in the sense that they are not

built structurally from system characteristics. These relations describe agents’ knowl-

edge, without reference to mechanisms for acquiring knowledge. Thus global system

behaviour (and knowledge of global properties) is non-compositional.

A natural question then is to ask whether we can have a compositional presentation

of knowledge: in this picture, properties are local and associated with agents. We only

describe agents, and the mechanisms by which they acquire information about local

properties relating to other agents. Global properties are compositionally derived from

local properties. In terms of systems, we obtain global behaviour by taking products of

local behaviours. In the local / product presentation, knowledge mechanisms have to

be brought into states and transitions.

We suggest that automata theory provides a natural formalism for such local /

product presentations. To some extent, this was initiated in [15] and [28], but the

structure of such systems and their behaviour was not studied there. This is the ques-

tion we take up in this paper.

4

1.3 Epistemic automata

Automata theory has played an important role in the study of temporal logics. The

seminal work of Buchi related definability in monadic second order logics with recogniz-

ability by automata ([30]). [31] showed that we can associate a finite state automaton

with every linear time temporal logic formula such that the models of the formula give

the language of the associated automaton. The satisfiability problem from the logic

can then be reduced to emptiness checking of the automaton. Since then, extensive re-

search on such topics has led to important advances in practical verification of temporal

properties of systems. Thus seeking a similar automata theoretic treatment of epistemic

temporal logics is reasonable, a priori. In this paper, we attempt such an account for a

special subclass of epistemic agents. We can then hope to develop an automata theory

of knowledge change, exploring issues like complementation and minimization. This is

also required to develop an algebraic theory of knowledge composition.

Before we can describe epistemic automata, an observation on epistemic temporal

logics is relevant. In these logics, knowledge modalities quantify over the uncertainties

that an agent has about the “world”. Temporal modalities describe past and future.

Due to the interplay between the two, we have a presentation of what each agent is

(un)certain about in the past, present and future. Thus we arrive at the question:

what can an agent confidently assert about, say, the past ? A short answer: whatever

causally implies the present; alternatively, whatever the present is causally dependent

on. Reflectively, this means that what an agent knows about its future is whatever

causality entails from the present. However, such causal dependency is not absolute

but local to the system (or world) in which the agent reasons: clearly, if in all possible

system evolutions, event occurrence e2 follows that of e1, then this property is common

knowledge to all agents in the system and hence an agent who sees e2 knows for certain

that e1 has occurred in the past, and thus e2 is causally dependent on e1 vis a vis agents’

knowledge.

Indeed, there is more: if every agent has only a limited capability to remember,

such “forgetting” is common knowledge as well, and agents can be certain about the

uncertainties other agents have about the past or future. Thus the computational

capabilities of epistemic agents play a significant role in epistemic temporal reasoning.

Specifically, when all agents are finite state, this has crucial implications for the way

each agent’s knowledge is structured.

In this paper, we present an automata theoretic account of finite state epistemic

agents, but in the special restricted context of co-operative agents who exchange infor-

mation in the synchronous mode. That is, while local activity of agents is asynchronous,

whenever a group of agents are to communicate, they wait until they are together, share

information and proceed thence asynchronously. This simplifies the study considerably

since unbounded buffers associated with asynchronous message passing can easily lead

to infinite state behaviours. (Note that systems with bounded buffers are easily mod-

elled as synchronizing systems anyway.) Clearly, the study of knowledge in message

passing systems in which agents may have conflicting goals is more important and in-

teresting, but this paper is intended more as an argument for an epsitemic automata

theory, rather than as proposing any definitive such theory.

In the automaton model we propose here, each agent is finite state, and the local

state of an agent is annotated with what the agent knows about the rest of the system

at that state. Clearly, this depends on what the agent can observe about the system,

and since such observations have to be recorded held in the agent’s memory, they must

5

be finite as well. Since the global state of a synchronously communicating system is

given as a tuple of agents’ local states, each agent’s knowledge (at any state) can also

be tuples of observables (which can be seen as abstract projections of states).

Thus the description of epistemic agents constrains global system behaviour: the

possible evolutions of the system must unfold in such a manner that agents do observe

(and thus know) in their local histories what the annotations assert. Therefore, the

global system is not a simple product of automata but an epistemic product that satis-

fies natural conditions: when an event occurs, the state (and knowledge) of those not

participating in it remains unchanged, and among those who do participate, informa-

tion exchange is perfect and maximal. We can see this as causality information being

transferred between agents during a synchronization event.

Having defined epistemic automata and epistemic products, we are in a position to

develop automata theoretic foundations for the class of behaviours, termed recognizable

languages:

– We show that the class of recognizable languages enjoys several important prop-

erties: closure under boolean operations and homomorphisms, decidability of algo-

ritheoremic questions like checking non-emptiness.

– We prove a Kleene-type theorem showing that epistemic automata can be equiva-

lently described by a class of ‘knowledge regular expressions’.

– We employ these automata to decide the satisfiability of a naturally specified epis-

temic temporal logic.

– We show that the behaviour of epistemic products corresponds to a class that

is well studied in concurrency theory, that of regular trace languages([18]). Thus,

in this special case of synchronously communicating agents, epistemic automata

correspond to Zielonka automata ([33]).

What do such automata theoretic results signify ? As an example, consider the

Kleene-type theorem mentioned above. It can be seen as a result in the spirit of [4],

merging the DEL and ETL frameworks, in the following sense. ‘Knowledge regular

expressions’, where knowledge assertions are mixed inside regular expressions are akin

to DEL formulas, whereas computations of epistemic transition systems correspond to

ETL models. The Kleene theorem provides a formal relationship between these two in

the restricted case of finite state agents with synchronous interaction. Admittedly, this

is only an analogy, but motivates the need for relating frameworks in the context of

finite state agents.

While a mere transference of results is not interesting in itself, we merely remark

that notions like epistemic homomorphisms can lead to new insights into the structure

of agents’ knowledge. We hope that developing an algebraic theory of (finite state

agents’) knowledge will further lead to insights on compositional theories of knowledge.

2 Automata

Before we present automata whose runs act as models for the logic, some preliminaries

setting up the notation are in order.

6

2.1 Transition systems and automata

Let Σ be a finite and nonempty alphabet. Σ∗ is the set of all finite strings over Σ. We

use a, b, c, ... for the letters of Σ and x, y, z, ... for strings. The empty string is denoted

as ε. Concatenation of strings x and y is denoted either by x · y or just xy. Any subset

L ⊆ Σ∗ is called a language over Σ.

A transition system (TS) over Σ is a tuple M = (Q,−→, I), where Q is a finite set

of states, −→ ⊆ (Q × Σ × Q) is the transition relation and I ⊆ Q is the set of initial

states. We use letters p, q etc. for the states of a TS. When (q, a, q′) ∈ −→, we write it

as qa−→q′.

The one step transition on letters is extended to transitions on strings over Σ∗ and

the extended transition relation is denoted by =⇒ : Q×Σ∗ ×Q. When px

=⇒q, we say

that there is a run of M from p to q on x.

We call a TS deterministic (DTS) if −→ is a function on (Q × Σ) and I is a

singleton, namely {q0}. This entails that whenever pa−→q and p

a−→q′ we have q = q′.Notice that if M is a DTS, the extended transition relation is a function, and given

any p ∈ Q and x ∈ Σ∗, there is a unique q such that px

=⇒q. In this case, we denote by

(x)M the state q such that q0x

=⇒q.A finite state automaton (FA) is a tuple A = (M,F ), where M is is a TS and

F ⊆ Q, is the set of its final states. When qx

=⇒qk for some q ∈ I and qk ∈ F , we say

that the string x is accepted by A. The set of all strings accepted by A (also called the

language of A) is denoted as L(A) or L(M,F ).

Definition 21 Given Σ, the class of languages accepted by FA’s over Σ is defined as:

L(FAΣ)def= {L⊆Σ∗ | there is an FA (M,F ) such that L=L(M,F )}.

We call this class of languages recognizable and denote it as RecΣ .

An FA (M,F ) is called deterministic (DFA) if M is a DTS. We denote the class of

languages accepted by DFA over Σ as L(DFAΣ). It is easy to show that L(DFAΣ) =

L(FAΣ) = RecΣ . RecΣ has many nice properties: it is closed under boolean opera-

tions, concatenation and finite iteration (the Kleene star “*”).

2.2 Distributed alphabets

Since we will be considering agents as finite state automata, we will associate agents’

views with strings over finite alphabets that automata take as inputs. For systems of

autonomous agents, we have distributed alphabets.

We consider systems of n agents, for a fixed n, and the finite set of agents is called

Loc = {1, · · · , n}, n > 0. We model the distribution of actions among the agents (also

referred to as processes) by a distributed alphabet eΣ. It is a tuple (Σ1, · · · , Σn), where

each Σi is a finite nonempty set of actions and is called an agent alphabet. These

alphabets are not required to be disjoint. In fact, when a ∈ Σi ∩Σj , i 6= j, we think of

it as a potential synchronization action between i and j.

Given a distributed alphabet eΣ, we call the setΣdef= Σ1 ∪ ... ∪ Σn as the alphabet

of the system since the overall behaviour of the system is expressed by strings from

Σ∗. For any action in Σ, we have the notion of agents participating in this action. Let

loc : Σ → 2{1,...,n} be defined by loc(a)def= {i | a ∈ Σi}. So loc(a)(called “locations

7

of a”) gives the set of agents that participate (or, synchronize) in the action a. By

definition, for all a ∈ Σ, loc(a) 6= ∅. The notion of locations (or, participating processes)

is easily extended to strings over Σ∗. If x ∈ Σ∗, alph(x)def= {a ∈ Σ | a occurs in x }.

Then, loc(x)def=

[a∈alph(x)

loc(a).

From the definition of locations, we can derive an irreflexive and symmetric relation

I on Σ. We call this an independence relation. The independence relation is defined to

be I def= {(a, b) ∈ Σ×Σ | loc(a)∩ loc(b) = ∅}. Informally, (a, b) ∈ I if the participants

in the actions a and b are disjoint. Since processes are spatially distributed, it entails

that the participants of b remain unaffected by the execution of a and vice versa.

Hence in the system, independent actions may proceed asynchronously. We call this

the asynchrony property of the systems. Extending the same idea to strings over Σ∗,we say two strings x and y are independent, i.e., (x, y) ∈ I iff loc(x) ∩ loc(y) = ∅.Two independent strings can be thought of as independent execution sequences of two

disjoint sets of processes.

Lastly, we say that the distributed alphabet eΣ is non-trivial iff the independence

relation on Σ is non-empty. For example, the distributed alphabet (Σ1 = {a, b}, Σ2 =

{b, c}) is non-trivial because (a, c) ∈ I. On the other hand, the distributed alphabeteΣ = (Σ1 = {a, b}, Σ2 = {b, c}, Σ3 = {c, a}) is trivial because loc(a) ∩ loc(b) = {1} 6=∅ and so on for every pair of letters and hence I is empty. Since trivial alphabets

constrain systems so that agents cannot proceed asynchronously, knowledge properties

are essentially the same as in the case of one reasoning agent. Hence in this paper we

consider only systems over non-trivial distributed alphabets.

2.3 Epistemic Transition Systems

In the definition of epistemic automata attempted below, we seek an alternative to

global indistinguishability relations; this can be achieved by enriching local states with

structure.

If Qi is the states of agent i, q ∈ Qi can be thought of as a tuple (q[1], . . . , q[n]),

where q[j] is the knowledge agent i has about agent j. But then the question arises:

what about what i knows about what j knows about k ? Should q[j] be another tuple

? But this is infinite regress.

Automata theory offers a standard technique for this problem: use an alphabet of

observations, which we call an epistemic alphabet.

Fix a distributed alphabet eΣ=(Σ1, · · · , Σn). Additionally consider an epistemic

alphabet eC = ((C1,�1), · · · , (Cn,�n)).

where each Ci is a nonempty set and for all i 6= j, Ci ∩ Cj = {⊥}. �i is a (reflexive

and transitive) pre-ordering on Ci with the least element ⊥. The element ⊥ stands for

trivial knowledge, or null information. We call C = C1 ∪ . . . ∪ Cn the knowledge set.

Since we work with finite state systems, it suffices to consider finite Ci. An alternate

presentation of C is given by the knowledge map:

Φdef= {φ : Loc 7→ C | ∀i ∈ Loc, φ(i) ∈ Ci}.

8

It may be convenient to view elements of C as formulas of some logic of knowl-

edge and implication as the ordering. In general, the modelling above corresponds to

observations of each agent’s state being recorded in a separate vocabulary.

Note that the entire hierarchy of i-propositions (what is true about i, what i knows

about j, what i knows about what j knows about k etc) is collapsed into (ci,�i). This

may be reminiscent of Harsanyi type spaces.

Definition 22 Let i ∈ {1, 2, . . . , n}. An epistemic agent (EA) over (Σi, eC) is a

tuple (M i, fi) where M i = (Qi,−→i, q0i ) is a TS over Σi and fi : Qi → Φ is called a

knowledge map.

At a state p ∈ Qi, if fi(p) = φ then φ(j) is what M i knows about Mj at p;

strictly speaking, φ(j) is irrelevant in the theory presented here when j = i, but it is

notationally simpler to have a uniform map.

Definition 23 An epistemic transition system(ETS) over the alphabet ( eΣ, eC) is

given by a tuple fM = (M1, · · · ,Mn, 〈f1, f2, · · · , fn〉, F ),

where for each i ∈ Loc, (M i = (Qi,−→i, q0i ), fi) is an EA over (Σi, eC), and F ⊆

(Q1 × . . .×Qn).

The global behaviour of fM is given below as that of the product automaton cMassociated with the system. The product automaton is not over the whole global state

space but over global states where knowledge assertions at local states are mutually

compatible.

Definition 24 Let fM = (M1, · · · ,Mn, 〈f1, · · · , fn〉, F ) be an ETS and let Q = (Q1 ×. . .×Qn). A global state (p1, p2, · · · , pn) ∈ Q is called coherent iff

for all i, j ∈ Loc : fi(pi)(j) �j fj(pj)(j).

Denote the set of all coherent states of the ETS as bQ. In the rest of the paper, we

consider only ETS’s whose initial state (q01 , · · · , q0n) is coherent.

Definition 25 The epistemic product automaton of an ETS fM is defined to be

(cM(bQ,−→, (q01 , · · · , q0n)), bF ) where

1. bQ is the set of all coherent global states,

2. (q01 , · · · , q0n) is the initial state,

3. bF ⊆ bQ ∩ F is the set of final states,

4. −→ ⊆ (bQ×Σ × bQ) is the transition relation defined as :

(p1, · · · , pn)a−→(q1, · · · , qn) iff

(a) for all i 6∈ loc(a), pi = qi.

(b) for all i ∈ loc(a), pia−→iqi.

(c) for all i, j ∈ loc(a), fi(qi) = fj(qj).

The last condition (4c) above represents perfect exchange: immediately after a synchro-

nization has taken place, agents participating in the action have complete knowledge

of the observables of all other participants, as well as a consensus on the observables

of all non-participating agents.

The class of languages over eΣ accepted by ETS’s is denoted as ETS eΣ . Formally,

ETS eΣ={L⊆Σ∗ | ∃eC and an ETS fM over ( eΣ, eC) such that L=L(cM,F )}.

From the definition of the epistemic product above, the following theorem is easily

established.

9

Theorem 1 Given an ETS fM , checking whether L(cM,F ) = ∅ is decidable in time

linear in the size of the epistemic product.

2.4 Behaviours

What kind of languages do we see inside ETS eΣ ? To answer this question, it is useful

to consider them as being closed under a natural equivalence relation.

Given a distributed alphabet eΣ, let d be the component projection map: d: (Σ∗ ×

Loc)→ Σ∗ defined as: xdi =

8<:ε if x = ε,

ydi if x = ya and i 6∈ loc(a), and

(ydi) · a if x = y · a and i ∈ loc(a).

Suppose xdi = a`1 · · · a`m . Define the sequence ρdi = t0b1t1 · · · tm−1bmtm by:

t0 = s0[i], and for all j ∈ {1, . . . ,m}, bj = a`j and tj = s`j [i].

We wish to study systems in which an agent, at a history h considers another h′ to

be possible because her information cannot distinguish between the two. This suggests

that the behaviour of systems should be closed under the equivalence relation, where

strings x and y are equated when they are indistinguishable by any agent in the system.

The resulting languages are called Regular consistent languages (RCL) below, and these

are essentially the same as Regular trace languages (RTL) of [18].

Definition 26 Define the relation ∼ on Σ∗ as: for all x, y ∈ Σ∗, x ∼ ydef= for all

i ∈ Loc, xdi = ydi. It is easy to see that ∼ is an equivalence. The equivalence classes

of ∼ are called traces.

Note that the closure of a regular language under ∼ need not be regular. For

example, if the distributed alphabet is ({a}, {b}) and L = (ab)∗ then the closure of L

under ∼ is the language containing strings with equal number of a’s and b’s, which is

not regular any more.

Definition 27 A language L ⊆ Σ∗ is said to be a regular consistent language iff

L ∈ RegΣ and is closed under ∼.

Let L(RCL eΣ) denote the class of all regular consistent languages over eΣ. With a

little bit of work, one can show that this class is closed under boolean operations as

well as a special kind of concatenation and its iteration( [22]).

Since the definition of epistemic product includes the asynchrony condition (4a),

it is easy to see that ETS eΣ ⊆ RCL eΣ . Interestingly, we can show that the perfect

exchange condition above implies that epistemic products exactly characterize regular

consistent languages.

Theorem 2 ETS eΣ = RCL eΣ .

An important corollary of the theorem above, to be proved later, is that the class

ETS eΣ is closed under all the boolean operations.

10

3 A Kleene theorem for regular epistemic languages

Kleene’s theorem asserts that the class of regular languages over the alphabet Σ can

be given by the syntax of regular expressions:

REGΣ ::= ∅ | a ∈ Σ | p+ q | p; q | p∗

In order to give a syntactic representation of regular epistemic languages over a

distributed alphabet, we can consider epistemic assertions inside regular expression

much in the same way as we annotate the states of epistemic automata with knowledge

assertions. Below, we show that regular epistemic languages can indeed be presented by

the syntax below. An important motivation for this is that such expressions are strongly

related to models used in Dynamic Epistemic Logic and Public Announcement Logics.

Every epistemic assertion can be thought of as an announcement, and composing these

results in knowledge update.

Fix a distributed alphabet eΣ = (Σ1, . . . , Σn) and a finite epistemic alphabet eC.Recall that Φ

def= {φ : Loc 7→ C | ∀i ∈ Loc, φ(i) ∈ Ci}. Since each Ci is finite, |Φ| is

finite.

K-exp ::= c@j, c ∈ Cj | ¬κ | κ1 ∨ κ2

AREGi ::= ∅ | a ∈ Σi | κ ∈ K-exp | p+ q | p; q | p∗

EREG ::= r1 ‖ · · · ‖ rn, ri ∈ AREGi | R1 +R2, Ri ∈ EREG

The semantics of EREG expressions are in terms of compatible shuffle languages

that are described in the following.

3.1 Compatible Shuffle Languages

Given a distributed alphabet eΣ, recall that d is the component projection map: d:(Σ∗ × Loc)→ Σ∗ defined as:

xdi =

8<:ε if x = ε,


(ydi) · a if x = y · a and i ∈ loc(a).A string x over Σ is said to be generated by the shuffle of strings x1, · · · , xn, xi ∈

Σi∗, i ∈ Loc if for all i ∈ Loc, xdi = xi. Thus a shuffle of n local strings gives rise to a

set of strings over Σ.

Definition 31 Given a distributed alphabet eΣ and an epistemic alphabet eC, we define

extended alphabets as follows:

ΣCidef= {〈a, φ〉 | a∈Σi, φ∈Φ}; gΣC def

= 〈ΣC1 , · · · , ΣCn〉; ΣCdef=

[i∈Loc

ΣCi .

We want to now define shuffle for strings x1, · · · , xn, where xi ∈ ΣCi∗, i ∈ Loc. By

their structure, each xi has a knowledge map at every point essentially denoting the

knowledge of the agent at the local state corresponding to xi. Hence, globally, at every

point one has n knowledge maps, one for each string, denoting a global state. For a

valid shuffle of the given strings, the global states that occur at each point have to

be compatible. In terms of strings, the collection of local knowledge maps have to be

compatible. Moreover, the perfect exchange condition must be met.

11

Let Ξ denote the set of all possible epistemic tuples for all the agents in the system.

Formally, Ξ = {ξ | ξ : Loc → Φ}. For any i, j ∈ Loc, ξ(i) is a knowledge map, and

ξ(i)(j) ∈ Cj is i’s knowledge about j. We speak of ξ as an epistemic environment.

Definition 32 Let ξ ∈ Ξ. ξ is said to be feasible iff ∀ i, j ∈ Loc, ξ(i)(j) �j ξ(j)(j).

The pair 〈a, ξ〉, where a ∈ Σ, is feasible if ξ is feasible and for all i, j ∈ loc(a), ξ(i) =

ξ(j).

Definition 33 ΣΞ = {〈a, ξ〉 | a ∈ Σ and ξ ∈ Ξ}.

We use bx, by, . . . to denote strings over ΣΞ which, intuitively, stand for sequences of

global states. Since our goal is to establish a correspondence between global strings and

the runs of an epistemic product automaton, such global strings cannot be arbitrary.

They have to somehow capture the compatibility condition internally. We call these

strings good. Formally,

Definition 34 Let bx = 〈a1, ξ1〉〈a2, ξ2〉, . . . , 〈ak, ξk〉 ∈ ΣΞ∗. Then, bx is good w.r.t. an

initial environment ξ0 iff

1. for all 1 ≤ l ≤ k, for all j 6∈ loc(al), ξl−1(j) = ξl(j), and

2. ξ0 is feasible and for all 1 ≤ l ≤ k, 〈al, ξl〉 is feasible.

By this definition, ε is good w.r.t. some initial environment ξ iff ξ is feasible.

Now we define the notion of when strings over local alphabets can generate global

strings. For this we will need two kinds of projection maps. The first is the knowledge

erasure map: σ : ΣC∗ → Σ∗ defined as: σ(〈a1, φ1〉 · · · 〈ak, φk〉)

def= a1 · · · ak. We use

σ as a knowledge erasure map on strings over ΣΞ as well since there is no scope of

confusion here.

The second projection map is the component projection map: bd: (ΣΞ∗×Loc)→ ΣC∗

defined by:

bxbdi =

8><>:ε if x = ε,bybdi if bx = by · 〈a, ξ〉 and i 6∈ loc(a), and

(bybdi) · 〈a, ξ(i)〉 if bx = by · 〈a, ξ〉 and i ∈ loc(a).

Recall that d is the component projection map: d: (Σ∗×Loc)→ Σ∗ defined earlier.

Definition 35 A string bx ∈ ΣΞ∗ is called a witness for x ∈ Σ∗ under ξ ∈ Ξ if bx is

good w.r.t. ξ and σ(bx) = x.

Let xi ∈ ΣCi∗, i ∈ {1, . . . , n}. A string x ∈ Σ∗ is said to be generated by

(x1, x2, . . . , xn) under ξ if there is a witness bx for x under ξ such that for all i ∈Loc, xi = bxbdi.

Notice that when x ∈ Σ∗ is generated by (x1, x2, . . . , xn) under ξ, xdi = σ(xi).

This is because, σ(xi) = σ(bxbdi) = σ(bx)di = xdi.We now define the compatible shuffle of languages over local extended alphabets

using the definition of generation.

Definition 36 For all i ∈ Loc, let Li ⊆ ΣCi∗, and let ξ ∈ Ξ. We define the n-

ary compatible shuffle of these languages under the epistemic environment ξ by:

(L1||L2|| . . . Ln)ξdef= {x ∈ Σ∗ | x is generated by a tuple (x1, x2, . . . , xn) under ξ,

where for all i, xi ∈ Li}.

We are interested in the compatible shuffle of regular languages over the agent

alphabets. So we define the following class of languages.

12

Definition 37 (Compatible Shuffle languages) Let L(CSL eΣ) denote the least class

that includes the set {L ⊆ Σ∗ | for some epistemic alphabet eC and epistemic environ-

ment ξ, there exist regular languages Li ⊆ ΣCi∗

and such that L = (L1 ‖ . . . ‖ Ln)ξ}and is closed under union.

We state the main theorem connecting compatible shuffle languages and languages

accepted by epistemic transition systems.

Theorem 3 L(CSL eΣ) = L(ETS eΣ).

3.2 Epistemic Regular Expressions and their Semantics

Recall the syntax of epistemic regular expressions.

K-expi ::= c@j, c ∈ Cj | ¬κ | κ1 ∨ κ2

AREGi ::= ∅ | a ∈ Σi | κ ∈ K-exp | p+ q | p; q | p∗

EREG ::= r1 ‖ · · · ‖ rn, ri ∈ AREGi | R1 +R2, Ri ∈ EREG

Knowledge expressions K-expi in the epistemic regular expressions are merely

boolean formulas over the epistemic alphabets; κ1 ∧ κ2, κ1⇒κ2 etc are easily de-

fined. Agent expressions are regular expressions in which knowledge expressions are

interleaved. The epistemic regular expressions are obtained by top level parallel com-

position.

Recall that Φdef= {φ : Loc 7→ C | ∀i ∈ Loc, φ(i) ∈ Ci}. Since each Ci is finite, |Φ|

is finite. The semantics of K-expi are given by the map []ki : K-expi → Φ.

– [c@j]ki = φ such that φ(j) = c and φ(i) = ⊥ for i 6= j. We may represent this as a

tuple < ⊥, · · · , c, · · · ,⊥ >, where the only non-⊥ value c is in the j’th position.

– [¬κ]ki = Φ \ [κ]ki .

– [κ1 ∨ κ2]ki = [κ1]ki ∨ [κ2]ki .

This semantics definition equates the knowledge expressions with Φ. Hence, in order

to have simpler notation for the subsequent treatment, the agent epistemic expressions

can be equivalently written as :

AREGi ::= ∅ | a ∈ Σi | φ ∈ Φ | p+ q | p; q | p∗

The semantics of epistemic expressions AREGi is given by the map []i : AREGi →Φ.2Σ

Ci∗

. Towards this, we define a concatenation operation ∗ on strings over Φ.2ΣCi∗

as:

φ1.x ∗ φ2.y =

8>><>>:φ1.y if x = ε and φ2 = ⊥,

φ2.y if x = ε and φ2 6= ⊥,

φ1.x′.〈a, φ〉.y if x = x′.〈a, φ〉 and φ2 = ⊥,

φ1.x′.〈a, φ2〉.y if x = x′.〈a, φ〉 and φ2 6= ⊥,

1. [∅]i = ∅2. [a]i = {⊥.〈a,⊥〉}3. [φ]i = {φ}4. [p+ q]i = [p]i ∪ [q]i5. [p; q]i = [p]i ∗ [q]i

13

6. [p∗]i = ([p]i)∗

Let L′ = [r] for some r ∈ AREGi. Since for any string in L′, only the first element

is in Φ and |Φ| is finite, L′ can be expressed as[φ∈Φ

φ ·L′φ where L′φ is regular over ΣCi .

Now we define the map 〈〉 : EREG→ 2Σ∗.

Definition 38 Let [ri]i =[k∈Γi

φikLik for some index set Γi. Then,

〈r1 ‖ r2 ‖ · · · ‖ rn〉def=

[jl∈Γl,l∈Loc

(L1j1b‖ · · · b‖ Lnjn)(φ1j1 ,···,φnjn ).

Further, 〈R1 +R2〉 = 〈R1〉 ∪ 〈R2〉.

The class of regular languages generated by the EREG expressions is denoted as

L(EREG eΣ). Formally, L(EREG eΣ) = {L ⊆ Σ∗ | for some epistemic alphabet eC,there is an R ∈ EREG over fΣC such that L = 〈R〉}.

Theorem 4 L(EREG eΣ) = L(CSL eΣ).

From the Theorems 3 and 4, we get the following characterization

Theorem 5 RCL eΣ = L(ETS eΣ) = L(EREG eΣ) = L(CSL eΣ)1.

4 Epistemic automata for an epistemic temporal logic

In this section, we define a natural epistemic temporal logic of local properties and

prove it decidable by associating epistemic transition systems with formulas of the

logic. Before we discuss the logic, we illustrate what the perfect exchange condition

entails in behaviours.

4.1 Distributed Agents and Views

Consider a system of 4 agents P1, P2, P3, P4 who manipulate local variables x, y, z, w

respectively (see Fig. 1). Suppose that the only local computations are increment (by

1), which are shown as horizontal rectangles. Suppose also that when agents exchange

information (denoted in the figure by horizontal lines with blobs denoting participating

agents in the exchange), they know about the values of the variables of participating

agents. Lastly, suppose that the initial value of all variables are zero and all the pro-

cesses know this. Denote by K(Pi) the values of variables of which Pi has knowledge.

So, initially, K(Pi) = 〈0, 0, 0, 0〉 for all processes.

After a period of local computations, P1 and P2 interact through the action a;

simultaneously and independently, P3 and P4 interact via b. At this stage, actual values

of variables are 〈x, y, z, w〉 = 〈1, 0, 1, 1〉. But since P1 has no way of knowing the value

of z, K(P1) = 〈1, 0, 0, 0〉; because of the action a, K(P2) also is 〈1, 0, 0, 0〉. Similarly,

1 Proof in Appendix B

14

Fig. 1 Interacting processes.

∅

18 Mohalik, Ramanujam

a b

c

d

P1 P2 P3 P4

Figure 1. Interacting processes.

Local states of agents in the system describe their views of thesystem as a whole.

Synchronization is the exchange of information whereby the syn-chronizing agents update their views so that they have identicalviews immediately after synchronization.

It was shown in Ramanujam (1995) that these transitions systemsexactly described (in a categorical sense) a class of labelled event struc-tures called synchronization structures. Since these event structuresarise naturally from traces (a la Mazurkiewicz) one asks whether sim-ilar finite state transition systems with some acceptance condition willaccept regular consistent languages. This question is answered affirma-tively here.

4.2. Views Associated with Strings

Associated with any computation on a string x ∈ Σ∗ of actions, eachagent (or a group of agents) has only a partial view. One natural wayto define this partial view for an agent is to take the effect of only(and all) those actions such that either the agent participates in itor there is a causal chain from the action occurrence to some otheraction occurrence in which the agent participates. This allows for thepossibility that computation by other agents may go on independently,of which the concerned agent does not have any information.

Main.tex; 26/11/2009; 15:24; p.18

K(P3) = 〈0, 0, 1, 1〉 and K(P4) = 〈0, 0, 1, 1〉. So, P2 has more recent information than

P3 about the value of x, and P3 has better information about w than P2.

Now suppose, P2 and P3 increment their local variables and then exchange infor-

mation via c. Since P1 and P2 do not participate in this action, their knowledge about

the values remain same. But now, K(P2) = 〈1, 1, 2, 1〉 = K(P3). Note that even if P2

never directly interacted with P4, it gets the information about w indirectly through P3

and hence can update its information about w. This sort of view updating is common

in distributed protocols.

In [27], distributed transition systems for such models were studied. These systems

were locally presented and reflected the ideas discussed above. Informally, these systems

are structured as follows:

– Local states of agents in the system describe their views of the system as a whole.

– Synchronization is the exchange of information whereby the synchronizing agents

update their views so that they have identical views immediately after synchro-

nization.

It was shown in [27] that these transitions systems exactly described (in a cat-

egorical sense) a class of labelled event structures called synchronization structures.

Since these event structures arise naturally from traces (a la Mazurkiewicz) one asks

whether similar finite state transition systems with some acceptance condition will

accept regular consistent languages. This question is answered affirmatively here.

4.2 Views Associated with Strings

Associated with any computation on a string x ∈ Σ∗ of actions, each agent (or a group

of agents) has only a partial view. One natural way to define this partial view for an

agent is to take the effect of only (and all) those actions such that either the agent

participates in it or there is a causal chain from the action occurrence to some other

action occurrence in which the agent participates. This allows for the possibility that

15

Fig. 2 Distributed computation on the string abcdeab.

∅

Epistemic Automata 19

1 2 3 4

a b

c

d

e

a b

Figure 2. Distributed computation on the string abcdeab.

As an example, take a distributed alphabet Σ = (Σ1, Σ2, Σ3, Σ4),where Σ1 = {a}, Σ2 = {a, c, e}, Σ3 = {b, c, d, e} and Σ4 = {b, d}. Asubsequence of a string is formed by picking arbitrarily letters in thesame order as in the given string. Hence, the subsequences of abc are{ε, a, b, c, ab, bc, ac, abc}.

Call a string causally connected if consecutive actions in the stringhave a common participating agent. For example, cdea is causally con-nected, since loc(c)∩loc(d) = {3}, loc(d)∩loc(e) = {3}, loc(e)∩loc(a) ={2}. Similarly, ac, acb and acd are all causally connected whereas aband ad are not causally-connected.

Now let x = abcdeab. The computation associated with x is shownin Fig. 2. Then the 1-view (the view of agent 1) is abcdea. Note thateven if 1 does not participate in the second action b, there is a causallyconnected subsequence bcdea at the end of which 1 participates in a.Hence this occurrence of b should be considered in the 1-view. The lastb in x, however, is not in 1-view because neither does 1 participate init nor is there any causally connected chain to some 1-action (actionsfrom Σ1).

When we consider group views, we consider actions in which at leastone in the group participates and the actions with causally relatedchains to any action of the former kind. Then, in the example, we havethat {1, 3}-view of x is abcdeab. Reasoning along this line, we give somei-views and group-views for the string abcdeab in the following table.

Main.tex; 26/11/2009; 15:24; p.19

computation by other agents may go on independently, of which the concerned agent

does not have any information.

As an example, take a distributed alphabet eΣ = (Σ1, Σ2, Σ3, Σ4), where Σ1 = {a},Σ2 = {a, c, e}, Σ3 = {b, c, d, e} and Σ4 = {b, d}. A subsequence of a string is formed

by picking arbitrarily letters in the same order as in the given string. Hence, the

subsequences of abc are {ε, a, b, c, ab, bc, ac, abc}.Call a string causally connected if consecutive actions in the string have a common

participating agent. For example, cdea is causally connected, since loc(c)∩loc(d) = {3},loc(d) ∩ loc(e) = {3}, loc(e) ∩ loc(a) = {2}. Similarly, ac, acb and acd are all causally

connected whereas ab and ad are not causally-connected.

Now let x = abcdeab. The computation associated with x is shown in Fig. 2. Then

the 1-view (the view of agent 1) is abcdea. Note that even if 1 does not participate

in the second action b, there is a causally connected subsequence bcdea at the end of

which 1 participates in a. Hence this occurrence of b should be considered in the 1-view.

The last b in x, however, is not in 1-view because neither does 1 participate in it nor

is there any causally connected chain to some 1-action (actions from Σ1).

When we consider group views, we consider actions in which at least one in the

group participates and the actions with causally related chains to any action of the

former kind. Then, in the example, we have that {1, 3}-view of x is abcdeab. Reasoning

along this line, we give some i-views and group-views for the string abcdeab in the

following table.

abcdeab

i-views group-views

1-view abcdea {1,2}-view abcdea

2-view abcdea {2,3}-view abcdeab

3-view abcdeb {3,4}-view abcdeb

4-view abcdeb {1,2,3,4}-view abcdeab

16

Our interest in views stems from the fact they constitute causal knowledge that

agents build up during temporal system evolution, and which is updated by agents

during synchronization. For later purposes, it is convenient to work with the collective

view of a group of agents, rather than that of an individual agent. This is formalized

below.

Given two strings x and y of Σ∗, x is called a subsequence of y, denoted x� y, if x =

a1 . . . an and there exist strings x0, . . . , xn ∈ Σ∗ such that y = x0a1x1a2x2 . . . anxn.

Note that � is a partial order on Σ∗.Let α ⊆ Loc and u = a1 . . . an. For any j, 1 ≤ j ≤ n, aj is said to have an α-chain

in u if there is a sequence j = i0 < i1 < i2 < . . . < im ≤ n such that

– loc(aim) ∩ α 6= ∅, and

– ∀k, 0 ≤ k < m, loc(aik ) ∩ loc(aik+1) 6= ∅.

In this case, ajai1ai2 . . . aim is called an α-chain of u.

Informally, an α-chain of u is a causally connected subsequence of u ending in an

α-action (an action with a participant from the set of agents α).

In the previous example, if u = bcad, then a does not have a {4}-chain in u since

4 6∈ loc(a) and loc(a) ∩ loc(d) = ∅. On the other hand, b has a {4}-chain cd in u since

loc(c) ∩ loc(d) = {3} and 4 ∈ loc(d).

For α ⊆ Loc and u = a1 . . . an ∈ Σ∗, u is said to be α-connected iff ∀j ∈ {1, . . . , n},aj has an α-chain in u. For the example alphabet, cad is not 4-connected (a does not

have any 4-chain) while caed is 4-connected because now a has the 4-chain aed.

Let Cα(x) denote the α-connected subsequences of a given string x. Essentially,

Cα(x) contains all the causally connected chains that are candidates for the α-view of

x. We observe that if x� y then Cα(x) ⊆ Cα(y). Also if α ⊆ β, then Cα(x) ⊆ Cβ(x).

The following proposition asserts that the α-connected subsequences of x have a

maximum. This has crucial implications for what follows, as such subsequences con-

stitute the causal knowledge agents in α can pool together and construct about the

global history represented by x. The maximum then constitutes definitive knowledge

of the past and an agent needs only to keep track of it as the system evolves to act as

an epistemic agent with causal knowledge of past and future.

Proposition 1 For all α ⊆ Loc and for all x ∈ Σ∗, Cα(x) has a �-maximum 2.

We now define the group view of a string, the notion that is central to causal

temporal reasoning:

Definition 41 Let x ∈ Σ∗, α ⊆ Loc. The α-view of x, denoted x ↓ α is defined to be

the �-maximum α-connected subsequence of x.

(In the following we use the notation x ↓ i to denote x ↓ {i}.)We state two crucial properties of views which describe how views are updated. To

simplify notation, we use x ↓ i to denote x ↓ {i}.

Proposition 2 a. When loc(a) ∩ α = ∅, the �-maximum α-connected subsequence

of x is same as that of xa. In other words, x ↓ α = xa ↓ α. In particular, for

i 6∈ loc(a), x ↓ i = xa ↓ i.b. When loc(a) ∩ α 6= ∅, if z is the �-maximum α-connected subsequence of x then

za is the �-maximum α-connected subsequence of xa. In other words, xa ↓ α =

(x ↓ (α ∪ loc(a))) · a. In particular, for i ∈ loc(a), xa ↓ i = (x ↓ loc(a)) · a.

2 Proof in Appendix A

17

As the reader may realise, this proposition describes how an automaton may store

views in its local states and update them upon action a.

4.3 A logic

In epistemic temporal logics, assertions are typically made at local histories. The central

idea is that an agent knows a property α if it holds in all global histories which have

the same local history. Being a temporal logic, the formula α is an assertion about the

past and future as well. Note that the non-trivial part of α is what it asserts about

the past and future of other agents, including knowledge assertions, in turn, about this

agent. In some sense, we have properties of agents observable by others and epistemic

assertions relate to knowledge of such observable properties.

Fix a set of agents [n] = {1, 2, · · · , n}, a distributed alphabet eΣ and sets of atomic

propositions {P1, P2, · · · , Pn}, where each Pi is a countably infinite set. Agent formulas

are given by the syntax below. Let u ⊆ [n], we define Γu below. The logic is given by

formulas in Γ (= Γ[n]).

∆i ::= p ∈ Pi | ¬α | α ∨ β | 〈a〉ψ, a ∈ Σi, ψ ∈ Γloc(a) | ♦α | Kiφ, φ ∈ Γ

Γu ::= α@i, i ∈ u, α ∈ ∆i | ¬φ | φ1 ∨ φ2

The logic acts locally like a temporal logic, with past and future modalities, with a

knowledge operator. The critical differences are in the next and knowledge modalities,

which are both global; since a is a synchronization of agent i with other agents, the

formula asserted after a can refer to what has been learnt about them. The knowledge

operator is standard, and refers to what the agnt knows about the global state of the

system.

The other connectives ∧,⇒,≡ are defined as: φ1 ∧ φ2def= ¬(¬φ1 ∨ ¬φ2),

φ1⇒φ2def= ¬φ1 ∨ φ2 and φ1 ≡ φ2

def= (φ1⇒φ2) ∧ (φ2⇒φ1). The dual modalities

[a],�, L are defined as: [a]ψdef= ¬(< a > ¬ψ), �α

def= ¬♦¬α and Liφ

def= ¬Ki¬φ.

4.4 Histories and Local Histories

Models are sets of global histories of systems of finite state agents who communicate

synchronously. We need some preliminaries to set up the machinery of histories so that

causal knowledge can be defined.

Let (Q1, Q2, · · · , Qn) be finite sets. Qi represents the set of possible local states of

agent i. Let S = Q1 × Q2 × · · · × Qn be the set of global system states. Given s =

〈q1, · · · , qn〉 ∈ S, we denote qi by s[i]. A history is a sequence ρ = s0a1s1 · · · sk−1aksk,

k ≥ 0, where for all i, si ∈ S and ai ∈ Σ, such that ρ satisfies the asynchrony condition:

for all i ∈ {1, . . . , k}, if si−1aisi, then for all j 6∈ loc(a), si−1[j] = si[j]. For ρ as above

the eΣ word associated with ρ is defined to be w(ρ) = a1 · · · ak.

Let ρ = s0a1s1 · · · sk−1aksk be a history, and let w(ρ) ↓ i be the subsequence of

a1 · · · ak defined below, say aj1 · · · ajm . Define ρ ↓ i to be the sequence t0aj1t1 · · · ajmtm,

where t0 = s0, and t`+1[i′] = sj`+1[i′], for i′ ∈ loc(aj`), and t`+1[i′] = t`[i′], for

18

i′ /∈ loc(aj`). It is easy to check that ρ ↓ i satisfies the asynchrony condition and hence

is a legal history as well.

Define ρ ∼i ρ′ iff ρ ↓ i = ρ′ ↓ i. This is the indistinguishability relation on which

we will interpret knowledge assertions. Define ρ ≈ ρ′ iff for all i ∈ [n], ρ ∼i ρ′. We call

a set H closed if whenever ρ ∈ H and ρ ≈ ρ′, we have that ρ′ ∈ H as well.

Consider a history ρ = s0a1s1 · · · sk−1aksk, and x = w(ρ) = a1 · · · ak. If we think

of the indices {1, . . . , k} as the temporal instants of this global history, we can ask which

of these are visible to agent i. These are clearly those j such that i ∈ loc(aj). This is

formalized as follows. Given a distributed alphabet eΣ, let d be the component projection

map: d: (Σ∗ × Loc)→ Σ∗ defined as: xdi =

8<:ε if x = ε,


(ydi) · a if x = y · a and i ∈ loc(a).Suppose xdi = a`1 · · · a`m . Define the sequence ρdi = t0b1t1 · · · tm−1bmtm by:

t0 = s0[i], and for all j ∈ {1, . . . ,m}, bj = a`j and tj = s`j [i]. ρdi is then the i-local

history associated with ρ. Note that xdi is different from x ↓ i: the latter represents the

view of agent i, as obtained by communication with other agents. The former merely

points to instants at which such updates take place. Thus, associated with every history

ρ and agent i, we have a map τi : {0, . . . , k} → {0, . . . ,m} defined by τi(0) = 0, and

τi(j) = max{0,max{`|` ≤ j, i ∈ loc(a`)}}. We can think of τi(j) as the i-local instant

at j; thus τi is the local clock for i in ρ. We denote the association with ρ by τρi , when

necessary.

4.5 Semantics

A frame on S is a closed set of histories. A model is a tuple M = (S,H , V ) where

S = Q1×Q2×· · ·×Qn, H is a closed set of histories on S and eΣ and V = (V1, · · · , Vn),

where Vi : Qi → 2Pi . Let ρ ∈ H such that ρ = s0a1s1 · · · sk−1aksk. Let i ∈ [n],

δ = ρdi = t0b1t1 · · · tm−1bmtm, and let j such that 0 ≤ j ≤ k. The notion δ, τi(j) |=i α,

where α ∈ ∆i, and the notion ρ, j |= φ, where φ ∈ Γ are defined by mutual recursion

below.

1. δ, ` |=i p iff p ∈ Vi(t`), for p ∈ Pi.2. δ, ` |=i ¬α iff δ, ` 6|=i α.

3. δ, ` |=i α ∨ β iff δ, ` |=i α or δ, ` |=i β.

4. δ, ` |=i 〈a〉ψ iff there exists j < k such that τρi (j) = `, aj+1 = a and ρ, j + 1 |= ψ,

where ψ ∈ Γloc(a).5. δ, ` |=i ♦α iff there exists `′ such that ` ≤ `′ and δ, `′ |=i α.

6. δ, ` |=i Kiφ iff for every ρ′ ∈ H such that ρ ∼i ρ′, for all j′ ≤ |ρ′| such that

τρ′

i (j′) = `, ρ′, j′ |= φ, where φ ∈ Γ .

1. ρ, j |= α@i iff ρdi, τρi (j) |=i α.

2. ρ, j |= ¬φ iff ρ, j 6|= φ.

3. ρ, j |= φ ∨ ψ iff ρ, j |= φ or ρ, j |= ψ.

Let Lang(φ) = {w(ρ) | ρ, 0 |= φ}. The following proposition asserts that the truth of

i-local formulas at a history ρ depends only on the i-view at ρ.

Proposition 3 Suppose ρ, ρ′ ∈ H such that ρ ∼ ρ′. Let j ≤ |ρ|, k ≤ |ρ′| such that

τρi (j) = τρ′

i (k) = `. Then for every α ∈ ∆i, ρdi, ` |=i α iff ρ′di, ` |=i α.

19

4.6 Decidability of Satisfiability

We now show epistemic products help in proving that the satisfiability problem for the

logic is decidable.

Theorem 6 For every formula φ ∈ Γ , there is an epistemic transition system Mφ overeΣ and a knowledge alphabet C such that Lang(φ) = L(Mφ). Moreover, the knowledge

alphabet C[i] is simply the set of i-local formulas among the subformulas of φ. The size

of Mφ is at most singly exponential in the length of φ.

Corollary 1 The satisfiability problem for the logic is decidable in time 2O(nm), where

n is the number of agents and m is the length of the formula being decided.

Note that ¬(α@i) ≡ (¬α)@i is valid, as also (α ∨ β)@i ≡ (α@i ∨ β@i). Hence,

every formula φ ∈ Γ can be rewritten equivalently as a finite disjunction of formulas

of the form φ′ =^i∈[n]

αi@i. From now on, we will assume that formulas in Γ are thus

given, and by abuse of notation, write φ′ above as < α1, . . . , αn >, which is further

abbreviated as α. Moreover for i ∈ [n], we can speak of α ∈ φdi, where φ ∈ Φi.Now let u = i1, · · · , im. We denote the tuple 〈αi1 , . . . , αim〉 by αdu. Clearly we can

define (αdu)dv, for v ⊆ u. (By convention, the empty tuple denotes the formula True,

which is some fixed propositional tautology in Γ[n].)

The construction of Mφ proceeds as follows. Let φ = α as above. For u ⊆ [n], u 6=∅,the u-subformula closure of α, denoted CL′u(α) is defined by simultaneous induction,

as follows: below, we denote CL′{i} by CL′i.

– φ ∈ CL′[n](φ).

– If βv ∈ CL′u(α) then for v′ ⊆ v, (βv)dv′ ∈ CL′v′(α).

– If ¬ψ ∈ CL′u(φ) then ψ ∈ CL′u(φ) .

– If ψ1 ∨ ψ2 ∈ CL′u(φ) then ψ1 ∈ CL′u(φ) and ψ2 ∈ CL′u(φ).

– If ¬β ∈ CL′i(φ) then β ∈ CL′i(φ) .

– If β1 ∨ β2 ∈ CL′i(φ) then β1 ∈ CL′i(φ) and β2 ∈ CL′i(φ).

– If < a > βv ∈ CL′i(φ) then βv ∈ CL′v(φ) where v ⊆ loc(a) and if i ∈ v then

< a > β@i ∈ CL′i(φ).

– If Kiψ ∈ CL′i(φ) then ψ ∈ CL′[n](φ) and if α ∈ ψdj then Kiα@j ∈ CL′i(φ).

Finally define CLu(φ) = CL′u(φ) ∪ {¬ψ | ψ ∈ CL′u(φ)}. Thus, CLu(φ) is closed

under negation, where we equate ¬¬ψ with ψ. |CLu(φ)| = |φ| ·O(2n), but note that n

is a constant for our purposes.

From now on, fix a formula φ0 for which we wish to construct the epistemic tran-

sition system, and we simply write CLu for the set CLu(φ0). Let A ⊆ CLi. We call

A an i-atom if it is propositionally consistent: for every formula β ∈ CLi, ¬β ∈ A iff

β 6∈ A, and for every β1 ∨ β2 in CLi, β1 ∨ β2 ∈ A iff β1 ∈ A or β2 ∈ A. Similarly, we

can define subsets of CLu(φ) to be u-atoms. Let ATu denote the set of all u-atoms.

Consider 〈A1, · · · , An〉, where Ai is an i-atom. Let φ ∈ Γ . The notion that φ ∈〈A1, · · · , An〉 is defined easily: α@i ∈ 〈A1, · · · , An〉 if α ∈ Ai; ¬ψ ∈ 〈A1, · · · , An〉 if ψ 6∈〈A1, · · · , An〉, and ψ1 ∨ ψ2 ∈ 〈A1, · · · , An〉 if ψ1 ∈ 〈A1, · · · , An〉 or ψ2 ∈ 〈A1, · · · , An〉.

We define the epistemic alphabet to be C, where ci = 2CLi and �i=⊆. We define

the set of initial states I = {(A1, · · · , An) | φ0 ∈ 〈A1, · · · , An〉} For each of the initial

states, we define an ETS.

20

Fix an initial state 〈A1, · · · , An〉. Epistemic agents Mi’s are defined as Mi =

((ATi,→i, Ai), fi) where →i⊆ (ATi × Σi × ATi) is given by: Aa−→iB iff for every

〈a〉αloc(a) ∈ CLi, 〈a〉αi@i ∈ A iff αi ∈ B. fi : ATi → C is given by: fi(A)[j] = {α |Kiα@j ∈ A}. This corresponds to our intuition about what an agent knows at a local

state.

Call A ∈ ATi final iff for every �α ∈ CLi, if �α ∈ A then α ∈ A as well. Let

Fi = {A ∈ ATi | A is final}.Now consider the ETS Mφ0 = (M1, · · · ,Mn, 〈f1, · · · , fn〉, F ). Then the proof that

the language accepted by Mφ0 is the same as the language of φ0 is standard.

Given any model of φ0 say, ρ = s0a1s1 · · · sk−1aksk, define, for i ∈ [n], and j such

that 0 ≤ j ≤ k, µi(sj) = {α ∈ CLi | ρ, j |=i α}. We can then show that µi(sj) is

an i-atom, and that the tuple (µ1(sj), · · · , µn(sj)) is compatible. It is then easy to see

that every move in ρ is a transition of Mφ0 , and hence that we get an accepting run

of Mφ0 .

Conversely, given an accepting run of the constructed ETS, say ρ = s0a1s1 · · · sk−1aksk,

where sj = (A1, · · · , An), we can show that for every formula φ ∈ CL, ρ, j |= φ

iff φ ∈ (A1, · · · , An). This is proved by induction on formulas, and the main case

of knowledge modality is proved using the perfect exchange condition on compatible

products.

Now decidability of the logic follows from the fact that emptiness checking for ETS

is decidable.

5 Connections with concurrency theory

We now address the main business that we have left unfinished: the equivalence of

regular epistemic languages and regular consistent languages asserted by the theorem

mentioned earlier:

Theorem 7 ETS eΣ = RCL eΣ .

When we construct the epistemic system for a given regular consistent language L,

the local states are constructed from the views associated with strings. The existence

of an epistemic automaton accepting L essentially means that these views can be

captured by a finite number of states. The exact correspondence between the epistemic

system and the language is then established by the connection between views and the

knowledge map at states of the epistemic agents. Before we proceed to this proof, an

intermediate result that is classical in concurrency theory is relevant.

5.1 Zielonka automaton and views

The concept of using views to recognize regular consistent languages is not new; in

a different form, this is precisely what Zielonka’s theorem is about, which uses an

automaton with global transitions for this purpose. Views as defined above are implicit

in Zielonka’s proof, what we do here is to make their epistemic content explicit. We

briefly define Zielonka automata below, simply to make use of them for proving the

main theorem. For a detailed treatment of these automata, see [8].

21

A Zielonka automaton [33] on eΣ with n processes is given as a tupleA= (A1, . . . , An,

∆, F ), where for every i ∈ Loc,Ai = (Qi, Σi,∆i, s0i ) is the i-th automaton. Let

Q = Πi∈LocQi and let Qa denote Πi∈loc(a)Qi. F ⊆ Q is the set of final states.

The transition relation is ∆ = {δa | a ∈ Σ}, where δa ⊆ (Qa × Qa). For each δa,

(qi1 , . . . , qik ) ∈ δa(pi1 , . . . , pik ), with {i1, . . . , ik} = loc(a) implies

for all ij ∈ loc(a), (pij , a, qij ) ∈ ∆ij .

A is deterministic if ∀a ∈ Σ, δa is a function on Qa.

The behaviour of A is given via the associated global automaton bA which is defined

as: bA = (Q,a⇒A, (s01, . . . , s0n), F ), where the transition relation ⇒A is defined as:

(p1, p2, . . . pn)a⇒A(q1, q2, . . . , qn) iff (qi1 , . . . , qik ) ∈ δa(pi1 , . . . , pik ),

where {i1, . . . , ik} = loc(a), and pj = qj , for all j 6∈ loc(a).

This transition among the global states is extended to words over Σ∗ in the natural

way. An immediate corollary of the transition on global states is the following.

Proposition 4 If (a, b) ∈ I then for all s, s′ ∈ Q, sab⇒As′ iff s

ba⇒As′. Consequently

L(A ) is closed under ∼.

The language accepted by A is defined as: L(A ) = {x ∈ Σ∗ | ∃s ∈ F.s0 x⇒As}.Then from the above proposition, we know that L(A ) is consistent. Further, since the

global automaton bA is an DFA, L(A ) ∈ RCL eΣ . Zielonka’s theorem states that the

converse is also true i.e., for every L ∈ RCL eΣ there is a Zielonka automaton A such

that L = L(A ). Thus the class of Zielonka automata over eΣ characterize RCL eΣ .

Theorem 8 (Zielonka)

1. For every Zielonka automaton A , L(A ) ∈ RCL eΣ .

2. For every regular consistent language L ∈ RCL eΣ there exists a deterministic

Zielonka automaton A such that L = L(A ).

The connection between a given deterministic Zielonka automaton A and the i-

views of a string is based on a simple idea. We know that if x ∼ y then (x)A = (y)Ai.e., both the strings lead to the same state in A . We also observe that by commutation

of independent actions in the string, we can factor any string x into an ∼-equivalent zy

such that z is the i-view of x and i does not take part in y. Then it is the case that the

i-state of a global state in A reached via x depends only on the i-view of x (namely,

x ↓ i). For a pictorial idea, see Fig. 3. In the following, we make this idea precise.

Proposition 5 For all x ∈ Σ∗, i ∈ Loc, (x)A [i] = (x ↓ i)A [i]. 3

5.2 Epistemic systems for regular consistent languages

As we have seen, the languages accepted by epistemic systems are indeed regular and

consistent. We now prove the converse, i.e., RCL eΣ ⊆ L(ETS eΣ). Since the class of

deterministic Zielonka automata over eΣ characterize RCL eΣ , it suffices to prove the

following theorem.


22

Fig. 3 Relating Zielonka automaton and i-views.

∅

28 Mohalik, Ramanujam

y

x

i

i

i

p

p’

p’

x ↓ i

Figure 3. Relating Zielonka automaton and i-views.

the i-view of x (namely, x ↓ i). For a pictorial idea, see Fig. 3. In thefollowing, we make this idea precise.

PROPOSITION 5.4. For all x ∈ Σ∗, i ∈ Loc, (x)A [i] = (x ↓ i)A [i]3.

5.2. Epistemic systems for regular consistent languages

As we have seen, the languages accepted by epistemic systems are in-deed regular and consistent. We now prove the converse, i.e., RCL

Σ⊆

L(ETSΣ

). Since the class of deterministic Zielonka automata over Σcharacterize RCL

Σ, it suffices to prove the following theorem.

THEOREM 5.5. Let A be a deterministic Zielonka automaton. Thenthere exists an epistemic system M such that L(A ) = L(M).

Proof: For all x ∈ Σ∗, a ∈ Σ, define the event associated with x as thelast transition on the path for x in A .


Main.tex; 26/11/2009; 15:24; p.28

Theorem 9 Let A be a deterministic Zielonka automaton. Then there exists an epis-

temic system fM such that L(A ) = L(fM).

Proof For all x ∈ Σ∗, a ∈ Σ, define the event associated with x as the last transition

on the path for x in A .

event(x) =

((ε)A , ε, (ε)A ) if x = ε,

((y)A , a, (x)A ) if x = ya.

(Note that (x)A stands for the global state δ(s0, x) in the deterministic Zielonka

automaton A .)

We define by γ(x)def= (event(x ↓ 1), · · · , event(x ↓ n)).

The epistemic alphabet C is taken as follows: Ci = {event(x ↓ i)|x ∈ Σ∗}. The

ordering �i is given by: event(x) �i event(y) iff there exist u, v ∈ Σ∗, u � v and

event(x) = event(u) and event(y) = event(v).

By this definition, event(x ↓ i) �i event(xa ↓ i) for all i ∈ Loc.Now we construct fM = (M1, · · · ,Mn, F ) where, for all i ∈ Loc, Mi = (Qi,−→i

, q0i , fi) such that

– Qi = {γ(x ↓ i) | x ∈ Σ∗}.– q0i = γ(ε).

– pa−→iq if there is some u ∈ Σ∗ such that p = γ(u ↓ i) and q = γ(ua).

– fi(γ(x)) = γ(x).

– Fdef= {(γ(x ↓ 1), · · · , γ(x ↓ n)) | x ∈ L(A )}.

23

We show that L(A ) = L(fM). The proof for left-to-right inclusion follows from the

observation that for every x ∈ Σ∗, there exists a path in cM such that (q01 , · · · , q0n)x

=⇒(γ(x ↓ 1), · · · , γ(x ↓ n)). This is proved by induction on | x |. The proof for right-to-left

inclusion follows from the following claim which is slightly more involved.

Claim Let (q01 , · · · , q0n)x

=⇒(γ(y1 ↓ 1), · · · , γ(yn ↓ n)). Then for every i ∈ Loc, (x)A [i] =

(yi)A [i] 4.

Assume the claim. Let x ∈ L(fM). Then in the product cM , there is a path (q01 , · · · , q0n)x

=⇒qwhere q = (γ(z ↓ 1), · · · , γ(z ↓ n)), for some z ∈ L(A ). By the claim, ∀i ∈ Loc, (x)A [i] =

(z)A [i] meaning thereby (x)A = (z)A . Since z ∈ L(A ), x ∈ L(A ) and we get the

required inclusion. ut

6 Discussion

In this paper we have addressed the question of providing automata theoretic foun-

dations for epistemic models. These are intended to provide a local / compositional /

product presentation unlike the global presentations in models of dynamic epistemic

logics and epistemic temporal logics. In the process, we build a model that takes explicit

account of knowledge mechanisms. In the context of systems of agents that communi-

cate only using synchronous means so that perfect information exchange is possible,

we show the rudiments of such an automata theory: closure under boolean operations

and homomorphisms, algorithms for emptiness checking and Kleene-type theorems. We

define an epistemic temporal logic of local properties and prove it to be decidable us-

ing an epistemic automaton construction. We show that these models can be formally

proved equivalent to the class of regular trace languages, thus establishing a strong

connection between the study of epistemic logics and concurrency theory.

A very important and interesting question is when (and how) models of dynamic

epistemic logics can be decomposed into epistemic transition systems.

Acknowledgements We thank Johan van Benthem and Eric Pacuit for their encouragementand all participants of the ESSLLI workshop in Hamburg (2008) for their comments on thistopic.

References

1. Baltag, A., Moss, Lawrence S., Solecki, S., “The logic of public announcements, commonknowledge, and private suspicions”, Proc. Theoretical Aspects of Rationality and Knowledge,Morgan Kaufmann, pp 111-121 (1998)

2. van Benthem, J., van Eick, J. and Kooi, B., “Logics of Communication and Change”,Information and Computation, 204:11, pp 1620-1662 (2006)

3. van Benthem, J., Gerbrandy, J. and Pacuit, E., “Merging Frameworks for Interaction: DELand ETL”, Proc. Theoretical Aspects of Rationality and Knowledge, Morgan Kaufmann,pp 72-81 (2007)

4. van Benthem, J., Gerbrandy, J., Hoshi, T. and Pacuit, E., “Merging Frameworks for Inter-action”, Journal of Philosophical Logic 38, pgs 491 - 526 (2009)

5. van Benthem, J. and Pacuit, E.: “The Tree of Knowledge in Action: Towards a CommonPerspective”, Advances in Modal Logic, pp 87-106 (2006)


24

6. Chandy, K.M. and Misra, J., “How processes learn”, Distributed Computing, 1(1), pp 40-52(1986)

7. Diekert, V. and Muscholl, A., “Deterministic asynchronous automata for infinite traces”,LNCS 665, pp 617-628 (1993)

8. Diekert, V. and Rozenberg, A. (Eds), A book of traces, World Scientific (1995)

9. van Ditmarsch, H., van der Hoek, W., and Kooi, B., Dynamic Epistemic Logic, Springer(2007)

10. Eijck, Jan van and De Vries, Fer-Jan, “Reasoning about update logic”, Journal of Philo-sophical Logic, 24(1), pp 19-45 (1995)

11. Fagin, R., Halpern, J., Moses, Y. and Vardi, M., Reasoning about knowledge, M.I.T. Press(1995)

12. Ladner, Richard E. and Reif, John H., The Logic of Distributed Protocols, Proc. TheoreticalAspects of Reasoning about Knowledge, Morgan Kaufmann, pp 207-222 (1986)

13. Halpern, J. and Moses, Y., “Knowledge and Common Knowledge in a Distributed Envi-ronment”, JACM 37(3), pp 549-587 (1990)

14. Halpern, J., Meyden, R. Van Der, and Vardi, M., ”A Complete Axiomatization of a Logicof Knowledge and Time”, SIAM Journal on Computing, pp. 674-703 (2004)

15. Krasucki, P. and Ramanujam, R., “Knowledge and the ordering of events in distributedsystems”, Proc. Theoretical Aspects of Reasoning about Knowledge, Morgan Kaufmann,pp 267-283 (1994)

16. Fischer, Michael J. and Immerman, N., Foundations of Knowledge for Distributed Systems,Proc. Theoretical Aspects of Reasoning about Knowledge, Morgan Kaufmann, pp 171-185(1986)

17. Lodaya, K., Parikh, R., Ramanujam, R. and Thiagarajan, P.S., “A logical study of dis-tributed transition systems”, Information and Computation, 119, pp 91-118 (1995)

18. Mazurkiewicz, A., “Basic notions of trace theory”, LNCS, 354, pp 285-363 (1989)

19. Misra, J. and Chandy, M., “Proofs of networks of processes”, IEEE Trans. on Soft. Engg.,7, pp 417-426 (1981)

20. Mohalik S.K. and Ramanujam, R., “Assumption-Commitment in automata”, Proc. of FST& TCS in LNCS 1346, pp 153-168 (1997)

21. Mohalik S.K. and Ramanujam, R., “A presentation of regular languages in the assumption-commitment framework”, Proc. of CSD’98, Aizu-Wakamatsu, Japan, pp 250-260 (1998)

22. Ochmanski, E., “Regular behaviour of concurrent systems”, Bulletin of the EATCS, 27,pp 56-67 (1985)

23. Pacuit, E. and Parikh, R., “The Logic of Communication Graphs”, DALT, 256-269 (2004)

24. Parikh, R. and Ramanujam, R., “Distributed Processes and the Logic of Knowledge”,Logic of Programs, pp 256-268 (1985)

25. Parikh, R. and Ramanujam, R., “A Knowledge Based Semantics of Messages”, JOLLI,12(4), pp 453-467 (2003)

26. Ramanujam, R., “Knowledge and the next state modality”, Proc. Indian National Seminarin TCS, pp 62-80 (1994)

27. Ramanujam, R. “A local presentation of synchronizing systems”, in Structures in Con-currency Theory, ed: Jorg Desel, Springer Workshops in Computing, pp 264-278 (1995)

28. Ramanujam, R. “Local knowledge assertions in a changing world”. Proc. TheoreticalAspects of Rationality and Knowledge, Morgan Kaufmann, pp 1-17 (1996)

29. Ramanujam, R., “Locally linear time temporal logic”, Proc. IEEE Logic in ComputerScience, pp 118-127 (1996)

30. Thomas, W., “Automata on infinite objects”, Handbook of Theoretical Computer Science,vol. B, ed: van Leeuwen, Elsevier, 1990, pp 133-191.

31. Vardi, M.Y. and Wolper. P., “An automata-theoretic approach to automatic programverification”, Proc. of the First Symp. on Logic in Computer Science, Cambridge, pp 138-266 (1986)

32. Veltman, F., “Defaults in update semantics”, Journal of Philosophical Logic, 25, pp 221-261 (1996)

33. Zielonka, W., “Notes on finite asynchronous automata”, RAIRO-Inf. Theor. et Appli., 21,pp 99-135 (1987)

25

A Proofs on views and Zielonka automata

A.1 Proof of proposition 1

Proposition 6 For all α ⊆ Loc and for all x ∈ Σ∗, Cα(x) has a �-maximum.

Proof (By induction on the length of x). For x = ε, Cα(x) = {ε}, for all α ⊆ Loc. Then themaximum element is ε.

To prove the induction step, assume that for all strings x of length k, for all α ⊆ Loc,Cα(x) has a �-maximum for all α. Now, let y = xa and consider any α ⊆ Loc. By inductionhypothesis, there is a �-maximum z in Cα(x). We want to show that Cα(xa) also has a�-maximum.

We consider the following two cases.

1. Case loc(a) ∩ α = ∅. For this case, we show that Cα(x) = Cα(xa). Then, z is the �-maximum in Cα(xa).By the observation above, if u� v, then Cα(u) ⊆ Cα(v). Hence, Cα(x) ⊆ Cα(xa).On the other hand, if u ∈ Cα(xa) then u � x, because any string va with v � x is notα-connected under this case. Hence we also have Cα(xa) ⊆ Cα(x).

2. Case loc(a)∩α 6= ∅. Let w stand for the �-maximum subsequence in Cα∪loc(a)(x). Notethat this exists by induction hypothesis. By definition, w is (α ∪ loc(a))-connected.

Claim Let loc(a) ∩ α 6= ∅. Then va is α-connected iff v is (α ∪ loc(a))-connected.

Assume the claim. Then wa is α-connected. In order to show that wa is the �-maximumsubsequence in Cα(xa), let u ∈ Cα(xa). Hence u � xa which means either u � x or(u = va and v � x). We need to show that in either case, u� wa.Case 1: u� x. Since u is α-connected and loc(a)∩α 6= ∅, u is α∪ loc(a)-connected. Sincew is the �-maximum in Cα∪loc(a)(x), u� w and therefore u� wa.Case 2: u = va and v � x. Since u = va is α-connected, by the claim, v is α ∪ loc(a)-connected. Also, since w is the �-maximum in Cα∪loc(a)(x), v � w, and therefore, u =va � wa. Thus we have shown that wa is the �-maximum subsequence in Cα(xa) andthe proposition is proved, pending the proof of claim.

Proof of claim: Let v = a1 . . . ak.(⇒). Since va is α-connected, for every aj , 1 ≤ j ≤ k, aj has an α-chain in va. We have toshow that each aj has α ∪ loc(a)-chain in v.

Fix j. Let the α-chain for aj be w = ajaj1 . . . ajm . If jm < k, then w � v and loc(ajm )∩α 6= ∅, hence loc(ajm ) ∩ (α ∪ loc(a)) 6= ∅.

If jm = k, then ajaj1 . . . ajm−1 � v and loc(ajm−1 )∩ loc(a) 6= ∅. Then loc(ajm−1 )∩ (α∪loc(a)) 6= ∅.

In either case aj has a α∪ loc(a)-chain in v. Since j was arbitrary, therefore, v is α∪ loc(a)-connected.(⇐) Given that v is α∪ loc(a)-connected, we have to show that every aj has an α-chain in va.

For all aj , 1 ≤ j ≤ k, aj has an α ∪ loc(a)-chain, say w, in v. Then, from definition ofα-chain, w is either an α-chain of aj in v or w is a loc(a)-chain of aj in v.

In the first case, w is also an α-chain of aj in va. In the second case, since loc(a)∩α 6= ∅, wais an α-chain of aj in va. Hence va is α-connected, proving the claim and the proposition. ut

A.2 Proof of Proposition 5

Proposition 7 For all x ∈ Σ∗, i ∈ Loc, (x)A [i] = (x ↓ i)A [i].

Proof The following claim pins down the factoring of x into i-view and and i-independentpart.

Claim For all x ∈ Σ∗, for all α ⊆ Loc, there is a y ∈ Σ∗ such that x ∼ (x ↓ α)y and ydα = ε.

26

Assume the claim and fix an i ∈ Loc. Then there is an y ∈ Σ∗ such that x ∼ (x ↓ i)y andydi = ε. Hence, (x)A = ((x ↓ i)y)A , from which we get:

(x)A [i] = ((x ↓ i)y)A [i] = (x ↓ i)A [i].

Proof (of claim) Fix α ⊆ Loc. Let x = x0a1x1a2x2 . . . anxn such that x ↓ α = a1a2 . . . an,xj ∈ Σ∗, aj ∈ Σ for all j, 0 ≤ j ≤ n. Take y = x0x1 · · ·xn.

Notice that for any α ⊆ Loc, xdα is α-connected. Hence, xdα� x ↓ α. This immediatelyshows, from the construction of y, that ydα = ε.

Now we show that for all i, 0 ≤ i < n, loc(xi) ∩ loc(ai+1 . . . an) = ∅. Suppose not. Thenthere is an i, and b in xi such that loc(b) ∩ loc(aj) 6= ∅ for some j, i + 1 ≤ j ≤ n. But aj hasan α-chain, call it σ, in x. Hence, b · σ is an α-chain of b in x. This implies b is α-connectedin x and hence b = ak for some k. But by the construction of y, again, this is a contradiction.Thus, essentially we get that for all i, j such that 0 ≤ i < n, i < j ≤ n, xi I ai+1.By using this fact and by definition of ∼, we know that

x = x0a1x1a2x2 . . . anxn∼ a1x0x1a2x2 . . . anxn commuting x0 and a1

∼ a1a2x0x1x2 . . . anxn commuting x0x1 and a2

∼...

∼ a1a2 · · · anx0x1 · · ·xn commuting x0 · · ·xn−1 and an= (x ↓ α)y.

This proves the claim and the proposition. ut

A.3 Proof of Claim in Theorem 9

Claim Let (q01 , · · · , q0n)x

=⇒(γ(y1 ↓ 1), · · · , γ(yn ↓ n)). Then for every i ∈ Loc, (x)A [i] = (yi)A [i].

The proof is by induction on the length of x. The base case is trivial. For the inductionstep, assume the hypothesis for all x ∈ Σ∗ such that | x | = k. Let y = xa and let the path incM for y = xa be

(q01 , · · · , q0n)x

=⇒ (γ(y1 ↓ 1), . . . , γ(yn ↓ n))a−→(γ(z1 ↓ 1), . . . , γ(zn ↓ n)).

By induction hypothesis,

for all i ∈ Loc, (x)A [i] = (yi)A [i]. (1)

In the induction step, We want to show that

for all i ∈ Loc, (xa)A [i] = (zi)A [i]. (2)

Since in the following, we use Proposition 5 (relating views and states of Zielonka automaton)many times, we recall it for ready reference: For all x ∈ Σ∗, i ∈ Loc, (x)A [i] = (x ↓ i)A [i].Fix an i ∈ Loc. If i 6∈ loc(a), γ(yi ↓ i) = γ(zi ↓ i). By definition of γ and event, we get(yi ↓ i)A = (zi ↓ i)A . So, in particular for i, (yi ↓ i)A [i] = (zi ↓ i)A [i]. Now, using Propo-sition 5, we get:

(yi)A [i] = (zi)A [i]. (3)

By the induction hypothesis (1), then, we get (x)A [i] = (zi)A [i]. But (x)A [i] = (xa)A [i],since i 6∈ loc(a). So finally, we get (xa)A [i] = (zi)A [i] and we are done.

For i ∈ loc(a), γ(yi ↓ i) a−→iγ(zi ↓ i). So by the construction of−→i, for all i ∈ loc(a),∃ui ∈Σ∗ such that

1. γ(yi ↓ i) = γ(ui ↓ i), and2. γ(uia ↓ i) = γ(zi ↓ i).

27

Now, from the first conjunct, using Proposition 5, we get for all i ∈ loc(a), (yi)A [i] = (ui)A [i].Combining with induction hypothesis (1), we have

for all i ∈ loc(a), (x)A [i] = (ui)A [i]. (4)

Similarly, from the second conjunct, we get:

for all i ∈ loc(a), (zi)A [i] = (uia)A [i]. (5)

Since the transition is a perfect exchange, for all j, k ∈ loc(a), γ(zj ↓ j) = γ(zk ↓ k), hence,for all j, k ∈ loc(a), γ(uja) = γ(uka). From the definition of γ and event, for all j, k ∈ loc(a),(uj ↓ loc(a))A = (uk ↓ loc(a))A , and hence, in particular for k,

for all j, k ∈ loc(a), (uj)A [k] = (uk)A [k]. (6)

Now, by equations 4 and 6 above, for all k, i ∈ loc(a), (x)A [k] = (uk)A [k] = (ui)A [k]. Then,by the property of Zielonka automaton, for all k ∈ loc(a), (xa)A [k] = (uia)A [k]. In particular,when k = i, (xa)A [i] = (uia)A [i]. Using equation 5 then we get (xa)A [i] = (zi)A [i]. Thisproves the claim and the theorem. ut

B Proof of equivalence between ETS’s and CSL

In this section we give the details of the proof of Theorem 3 which establishes the equivalencebetween the classes of languages accepted by ETS’s and CSL’s.

We are on our way to relating compatible shuffle and epistemic product, but before that wehave to climb another step. Agent automata as we have defined them are over the alphabet Σi,whereas agent languages above are over ΣCi . Thus we need to “lift” agent automata to operateover the extended alphabet. But this is easily accomplished: since the states are annotatedwith knowledge maps from Φ, we take these into account (like in a Moore machine) along withtransition labels.

For example, if q0a1−→iq1

a2−→iq2, q0 is the initial state and q2 is the final state, then we saythat this is an accepting path for < a1, fi(q1) > · < a2, fi(q2) >.

Since the local automata are finite state, languages thus accepted by these are regular overΣCi . But, is the reverse true? In other words, for any regular language L over ΣCi , is there anepistemic automaton over Σi that accepts L? We show in the following that this is indeed thecase.

We first define the language acceptance (in the above sense) of E-automata. Let (Mi =(Qi,−→i, q

0i ), fi) be an epistemic automaton over Σi. We transform Mi into a TS M ′i =

(Q′i,−→ci , q

c0i ) over ΣCi where, Qci = Qi, q

c0i = q0i and −→c

i ⊆ Qci × ΣCi × Qci is defined as

follows: p<a,φ>−→c

i q iff pa−→iq and φ = fi(q). This one-step transition can be extended to =⇒c

ifor strings from ΣCi

∗.Then given an epistemic agent automaton ((Mi, fi), Fi), we define

Lm((Mi, fi), Fi)def= L(M ′i , Fi).

Proposition 8 L ∈ RegΣCi iff there is an agent automaton (M,F ) over Σi such that L =

Lm(M,F ).

Proof One direction of the proof follows immediately from the definition of Lm.For the other direction, suppose L ∈ RegΣCi . Since L is regular over ΣCi , there exist some

finite state automaton (A = (Q,−→, q0), F ) such that L = L(A,F ).Note that in A, two transitions with different knowledge maps may be pointing to the

same state. So we refine the states so that transitions that point to a state have the sameknowledge map. This is possible because the number of assumption maps is finite. We do thisas follows.

Define the automaton ((M, f), G) as follows. Let M = (P ,=⇒, p0) where,

28

– P = {q0} ∪[q∈Q

{(q, φ) | there is a transition p<a,φ>−→ q in A},

– p0 = q0,

– (p, φ1)a

=⇒(q, φ2) iff p<a,φ>−→ q and φ2 = φ, and

– for all states (p, φ), f((p, φ)) = φ.

Finally, G = {(p, φ)|p ∈ F}.In order to check that Lm((M, f), G) = L, we transform M in to the following TS (Mc =

(Qc,−→c, qc0), F c) over ΣCi , where

– Qc = Q,– qc0 = p0,

– (p, φ1)<a,φ>−→c (q, φ2) iff (p, φ1)

a=⇒(q, φ2) and φ = f((q, φ2)) = φ2,

– Finally, F c = G.

Since, by definition, Lm(M,G) = L(Mc, F c), it suffices to show that L(Mc, F c) = L(A,F ).This is done by establishing an one-to-one correspondence between the states of the au-tomata Mc and A through the map Θ where Θ((p, φ)) = p and Θ(q0) = q0 and F ′ ={(p, φ) | Θ((p, φ)) = p ∈ F}. ut

B.1 Relating runs of ETS and good strings over ΣΞ

There is a fairly obvious association between states and runs of an ETS and good strings over

ΣΞ . We make it explicit in the following. Let fM = (M1, . . . ,Mn, < f1, · · · , fn >,F ) be an

ETS and cM = (bQ,−→, (q01 , · · · , q0n), F ) be the epistemic product of fM .

Definition B1 Let (q1, · · · , qn) ∈ bq. Then env(q1, · · · , qn)def= ξ, where ξ(i) = fi(qi), for all

i ∈ Loc.

When (q1, · · · , qn) is a coherent state and ξ = env(q1, · · · , qn), ξ is feasible, because by thedefinition of coherence, for all i, j ∈ Loc, fi(qi)(j) �j fj(qj)(j) and hence by construction, forall i, j ∈ Loc, ξ(i)(j) �j ξ(j)(j).

We can associate strings over ΣC∗ (letters of type < a, φ >) with runs of cM in a canonical

fashion. Fix x = a1a2 . . . ak, and a run ρ = (q1, · · · , qn)a1−→ (q11 , . . . , q

1n) . . .

ak−→ (qk1 , . . . , qkn) =

(p1, · · · , pn) on x in cM . Define c(ρ) =< a1, ξ1 > . . . < ak, ξk >∈ ΣΞ∗ by: for 1 ≤ l ≤ k,ξl = env(ql1, . . . , q

ln).

Note that when x = ε, c(ρ) = ε. The initial environment associated with the run is definedas env(q1, · · · , qn).

Proposition 9 Let ρ be a run in (q1, · · · , qn)x

=⇒(p1, · · · , pn). Then, c(ρ) is a witness for xunder env(q1, · · · , qn).

Proof By definition, σ(c(ρ)) = x. Hence it suffices to show that c(ρ) is good w.r.t. env(q1, · · · , qn).

Let the run ρ be (q1, · · · , qn)a1−→ (q11 , . . . , q

n1 ) . . .

ak−→ (q1k, . . . , qnk ) = (p1, · · · , pn).

Fix l such that 1 ≤ l ≤ k. For all j 6∈ loc(al), ql−1j = qlj by asynchrony. Hence, by definition

of c(ρ), ξl−1(j) = fj(ql−1j ) = fj(q

lj) = ξl(j).

Also, since all the states in the product are coherent and the transitions have the perfectexchange property, ξ0 = env(q1, · · · , qn) is feasible and for all l, 1 ≤ l ≤ k,< al, ξl > is feasible.This proves that c(ρ) is good w.r.t. env(q1, · · · , qn). ut

The above propositions give us an important result regarding runs in the product andtheir projections.

Proposition 10 Let ρ denote a run (q1, · · · , qn)x

=⇒(p1, · · · , pn) in cM . Then for all i ∈ Loc,there exist xi ∈ ΣCi

∗ such that qixi

=⇒cipi and x is generated by the tuple (x1, x2, · · · , xn) under

env(q1, · · · , qn).

29

Proof By the previous proposition c(ρ) is a witness for x under env(q1, · · · , qn). Take xi =

c(ρ)bdi, for all i ∈ Loc. Then, x is generated by the tuple (x1, x2, · · · , xn) under env(q1, · · · , qn).

From the definition of bd and −→ci , one can carry out an induction argument on the length of

x to show that qixi

=⇒cipi. ut

Proposition 11 Let bx =< a1, ξ1 >< a2, ξ2 >, . . . , < ak, ξk >∈ ΣΞ∗ be good w.r.t. ξ0 =

env(q1, · · · , qn) such that qibxbdi

=⇒cipi for all i ∈ Loc. Then, ξk(i) = fi(pi) for i ∈ Loc. (Since ξk

is feasible this implies that (p1, · · · , pn) is coherent.)

Proof Let l be the last i-action in bx. If l = 0 (meaning bxbdi), then pi = qi and by goodness ofbx, ξk(i) = ξ0(i) = fi(pi) for all i ∈ Loc.

Otherwise, l ≥ 1 and for every i ∈ Loc, there is an ri ∈ Qi such that qiy

=⇒ci ri

< al,ξl(i) >

−→ci pi,

where bxbdi = y· < al, ξl(i) >. Hence, fi(pi) = ξl(i). By goodness of bx, ξl(i) = ξk(i). Therefore,fi(pi) = ξk(i) and we are done. ut

Proposition 12 Suppose x ∈ Σ∗ and for all i ∈ Loc, there exist xi ∈ ΣCi∗ such that qi

xi=⇒c

ipi and x is generated by the tuple (x1, x2, · · · , xn) under env(q1, · · · , qn). Then (q1, · · · , qn)x

=⇒ (p1, · · · , pn) in cM .

Proof (by induction on length of x) The assumptions of the claim are rephrased as follows:

there exist xi ∈ ΣCi∗ such that qi

xi=⇒c

i pi and there exists a witness bx ∈ ΣΞ∗ of x un-

der env(q1, · · · , qn) such that bxdi = xi. We have to show that (q1, · · · , qn)x

=⇒ (p1, · · · , pn).Note that since bx is good w.r.t. env(q1, · · · , qn), (q1, · · · , qn) is coherent from the definitionof goodness. From Proposition 11 (p1, · · · , pn) is also coherent. Hence both (q1, · · · , qn) and

(p1, · · · , pn) are in cM .Let x = ε. Then the witness bx must be ε since σ(bx) = x. This implies, for all i ∈ Loc

xi = ε. Hence, qi = pi for all i. Then, it is obvious that (q1, · · · , qn)x

=⇒ (p1, · · · , pn).For the induction step, let x = ya. Then the witness bx for x must be of the form bx =by· < a, ξ >, where σ(by) = y. Since bx is a witness under env(q1, · · · , qn) it is good w.r.t.

env(q1, · · · , qn). Hence, by must also be good w.r.t env(q1, · · · , qn). Therefore, by is a witness

of y under env(q1, · · · , qn). Let bybdi = yi for all i ∈ Loc. Then, by is generated by (y1, · · · , yn)under env(q1, · · · , qn).

It is given that for all i ∈ Loc, bxbdi = xi. Hence for every i 6∈ loc(a), xi = bxbdi = bybdi = yiand for every i ∈ loc(a), xi = yi· < a, ξ(i) >.

It is also given that for all i ∈ Loc, qixi

=⇒cipi. Hence, for all i 6∈ loc(a), qi

yi=⇒c

ipi and for all

i ∈ loc(a), there is an ri ∈ Qi such that qiyi

=⇒ci ri

<a,ξ(i)>

−→ci pi. Therefore, fi(pi) = ξ(i).

Since we have:

1. for all i 6∈ loc(a), qiyi

=⇒cipi, and

2. for all i ∈ loc(a), qiyi

=⇒ci ri,

by induction hypothesis, (q1, · · · , qn)y

=⇒(s1, · · · , sn), where for i 6∈ loc(a), si = pi and fori ∈ loc(a) si = ri.

Now, we have got the following facts : (1) for i 6∈ loc(a), si = pi, (2) for i ∈ loc(a),

si = ri<a,ξ(i)>

−→ci pi, hence from the definition of −→c

i , sia−→ipi and ξ(i) = fi(pi), lastly

(3) since < a, ξ > is feasible, for i, j ∈ loc(a), ξ(i) = ξ(j), hence fi(pi) = fj(pj). Hence

from the definition of transition −→ in cM , (s1, · · · , sn)a−→(p1, · · · , pn). Therefore, finally,

(q1, · · · , qn)ya

=⇒(p1, · · · , pn), as required. ut

Proposition 13 Suppose, for all i ∈ Loc, Li = Lm((Mi, fi), Fi). Take an ETS fM =(M1, . . . ,Mn, < f1, · · · , fn >, Πi∈LocFi) with the initial state (q01 , · · · , q0n). Let ξ0 denote

env(q01 , · · · , q0n). Then L(fM) = (‖ Li)ξ0 .

30

Proof (⊆ :) Let x ∈ L(fM). Then there is a final state (qf1 , · · · , qfn) ∈ Πi∈LocFi such that

(q01 , · · · , q0n)x

=⇒(qf1 , · · · , qfn). By Proposition 10, there exist xi ∈ ΣCi

∗ such that q0i

xi=⇒c

i qfi and

x is generated by the tuple (x1, x2, · · · , xn) under ξ0 = env(q01 , · · · , q0n). Since each qfi is in Fi,

each xi is in Li. Hence by definition of E-shuffle, x ∈ (‖ Li)ξ0 . Therefore, L(fM) ⊆ (‖ Li)ξ0 .(⊇:) Let x ∈ (‖ Li)ξ0 . By definition, there exist xi ∈ ΣCi

∗ such that xi ∈ Li and x isgenerated by the tuple (x1, · · · , xn) under ξ0.

Since xi ∈ Li, for all i ∈ Loc, there is some qfi ∈ Fi such that q0i

xi=⇒c

i qfi . By Proposition 12

we have (q01 , · · · , q0n)x

=⇒(qf1 , · · · , qfn) ∈ Πi∈LocFi). Hence x ∈ L(fM). Therefore, (‖ Li)ξ0 ⊆

L(fM). utWe now state the main theorem connecting compatible shuffle languages and languages

accepted by ETS’s.

Theorem 10 L(CSL eΣ) = L(ETS eΣ).

Proof Consider L ∈ L(ETS eΣ). Then L = L(fM) for some fM = (M1,M2, · · · ,Mn, < f1, · · · , fn >,F ). One can then write L as L =

[qf∈F

LfMqf where fMqf = (M1, · · · ,Mn), < f1, · · · , fn >

, {qf}). Let qf = (qf1 , · · · , qfn) and Li = Lm((M i, fi), {qfi }). By the previous proposition

there is an epistemic environment ξ0 such that L(fMqf ) = (‖ Li)ξ0 . This places L(fMqf ) in

L(CSL eΣ). Then, since L(CSL eΣ) is closed under union, L also is placed in it.

Let L = (‖ Li)ξ0 . We show that L ∈ L(CSL eΣ). Since Li’s are regular over ΣCi , by Propo-

sition 8, there are epistemic agent automata ((Mi, fi), Fi) such that Li = Lm((Mi, fi), Fi).By Proposition 13, the ETS M = (M1, · · · ,Mn, < f1, · · · , fn >,Πi∈LocFi) accepts L. SinceM is an automaton over Σ, L ∈ RegΣ . Since any language in CSL eΣ is either a compatible

shuffle or a union of compatible shuffle languages, and L(ETS eΣ) is closed under union, we get

L(AC-shuffle eΣ) ⊆ RegΣ . ut

Automata for epistemic temporal logic with synchronous ...

Documents

Transcript of Automata for epistemic temporal logic with synchronous ...