Reachability and Büchi Games
Barbara Jobstmann
CNRS/Verimag
Hierarchy
Reactivity: Parity
Recurrence: Büchi
Persistence: co-Büchi
Obligation: Weak-Parity
Reachability
Safety
Reachability and Safety Games
Reachability and Safety Games
Theorem
In a reachability game (G, F ) with G = (S, S0 , E) and F ⊆ S, the
winning regions W0 and W1 are computable. Both players have
corresponding memoryless winning strategies.
Proof.
W0 are all the states from which Player 0 can “force” a visit to F .
Idea: define the i-attractor of Player 0, which are all the states from
which Player 0 can “force” a visit to F in i steps.
Then, define the attractor of Player 0 as union of the i-attractor of
Player 0 for all i.
Reachability and Safety Games
Theorem
In a reachability game (G, F ) with G = (S, S0 , E) and F ⊆ S, the
winning regions W0 and W1 are computable. Both players have
corresponding memoryless winning strategies.
Proof.
W0 are all the states from which Player 0 can “force” a visit to F .
Idea: define the i-attractor of Player 0, which are all the states from
which Player 0 can “force” a visit to F in i steps.
Then, define the attractor of Player 0 as union of the i-attractor of
Player 0 for all i.
Claim (1): Attractor of Player 0 is computable
Claim (2): W0 = Attractor and W1 = S \ Attractor
“Forced” Visit in Next Step (“Controlled Next”)
Given a set of states, compute the set of states CNext0 (F ) from
which of Player 0 can force to visit F in the next step. I.e., for each
state s ∈ CNext0 (F ) Player 0 can fix a strategy s.t. all plays starting
in s visit F in the first step.
CNext0 (F ) = {s ∈ S0 | ∃s′ ∈ S : (s, s′ ) ∈ E ∧ s′ ∈ Attri0 (F )}∪
{s ∈ S1 | ∀s′ ∈ S : (s, s′ ) ∈ E → s′ ∈ Attri0 (F )}
Observations about CNext(F )
1. Player 0 has a memoryless winning strategy from CNext(F ) to
reach F in the next step.
2. Player 1 has a memoryless winning strategy from S \ CNext(F )
to avoid F in the next step.
3. S \ CNext(F ) is a sub-game, i.e., every state has at least one
successor.
4. S \ CNext(F ) is a trap for Player 0, i.e., she cannot leave it.
Computing the Attractor
Construction of i−Attractor Attri0 (F ):
Attr00 (F )
= F
Attri+1
0 (F )
= Attri0 (F ) ∪ CNext0 (Attri0 (F ))
Attr0 (F )
=
S∞
i
i=0 Attr0 (F )=
S|S|
i
i=0 Attr0 (F )
Computing the Attractor
Construction of i−Attractor Attri0 (F ):
Attr00 (F )
= F
Attri+1
0 (F )
= Attri0 (F ) ∪ CNext0 (Attri0 (F ))
Attr0 (F )
=
S∞
i
i=0 Attr0 (F )=
S|S|
i
i=0 Attr0 (F )
Then Attr00 (F ) ⊆ Attr10 (F ) ⊆ Attr20 (F ) ⊆ . . . and since S is finite,
there exists k ≤ |S| s.t. Attrk0 (F ) = Attrk+1
0 (F ).
The attractor of Player 0 can be computed as
Attr0 (F ) =
|S|
[
i=0
Attri0 (F )
Computing the Attractor
Construction of i−Attractor Attri0 (F ):
Attr00 (F )
= F
Attri+1
0 (F )
= Attri0 (F ) ∪ CNext0 (Attri0 (F ))
Attr0 (F )
=
S∞
i
i=0 Attr0 (F )
=
S|S|
i
i=0 Attr0 (F )
Computing the Attractor
Construction of i−Attractor Attri0 (F ):
Attr00 (F )
= F
Attri+1
0 (F )
= Attri0 (F ) ∪ CNext0 (Attri0 (F ))
Attr0 (F )
=
S∞
i
i=0 Attr0 (F )
=
S|S|
i
i=0 Attr0 (F )
Or, in fixpoint notation:
f(G,F ) (X) = F ∪ CNext0 (X)
Attr0 (F )
= µX.f(G,F ) = µX.F ∪ CNext0 (X)
Computing the Attractor
Construction of i−Attractor Attri0 (F ):
Attr00 (F )
= F
Attri+1
0 (F )
= Attri0 (F ) ∪ CNext0 (Attri0 (F ))
Attr0 (F )
=
S∞
i
i=0 Attr0 (F )
=
S|S|
i
i=0 Attr0 (F )
Or, in fixpoint notation:
f(G,F ) (X) = F ∪ CNext0 (X)
Attr0 (F )
Claim (1): proved.
= µX.f(G,F ) = µX.F ∪ CNext0 (X)
Computing the Attractor
Construction of i−Attractor Attri0 (F ):
Attr00 (F )
= F
Attri+1
0 (F )
= Attri0 (F ) ∪ CNext0 (Attri0 (F ))
Attr0 (F )
=
S∞
i
i=0 Attr0 (F )
=
S|S|
i
i=0 Attr0 (F )
Or, in fixpoint notation:
f(G,F ) (X) = F ∪ CNext0 (X)
Attr0 (F )
= µX.f(G,F ) = µX.F ∪ CNext0 (X)
Claim (1): proved. Claim (2): W0 = Attr0 (F ) and W1 = S \ Attr0 (F )
Example
s5
s6
s3
s4
s0
s1
s7
s2
Example
s5
s6
s3
s4
s0
s1
s7
s2
Attr00 = {s3 , s4 }
Example
s5
s6
s3
s4
s0
s1
s7
s2
Attr00 = {s3 , s4 }
Attr10 = {s0 , s3 , s4 }
Example
s5
s6
s3
s4
s0
s1
s7
s2
Attr00 = {s3 , s4 }
Attr10 = {s0 , s3 , s4 }
Attr20 = {s0 , s3 , s4 , s7 }
Example
s5
s6
s3
s4
s0
s1
s7
s2
Attr00
Attr10
Attr20
Attr30
Attr40
Attr50
= {s3 , s4 }
= {s0 , s3 , s4 }
= {s0 , s3 , s4 , s7 }
= {s0 , s3 , s4 , s6 , s7 }
= {s0 , s3 , s4 , s5 , s6 , s7 }
= Attr40
Example
s5
s6
s3
s4
s0
s1
s7
s2
Attr00
Attr10
Attr20
Attr30
Attr40
Attr50
= {s3 , s4 }
= {s0 , s3 , s4 }
= {s0 , s3 , s4 , s7 }
= {s0 , s3 , s4 , s6 , s7 }
= {s0 , s3 , s4 , s5 , s6 , s7 }
= Attr40
Duality Between Players
Assume we have a partition of the state space S = P0 ∪ P1 (i.e.,
P0 ∩ P1 = ∅) and we want to prove W0 = P0 and W1 = P1 .
We need to prove P0 ⊇ W0 , P0 ⊆ W0 , P1 ⊇ W1 , and P1 ⊆ W1 .
Since we know that W0 ∩ W1 = ∅ holds, it is sufficient to prove
P0 ⊆ W0 and P1 ⊆ W1 .
P0 ⊆ W0
P1 ⊆ W1
S \ P0 ⊇ S \ W0
S \ P1 ⊇ S \ W1
P1 ⊇ S \ W0 ⊇ W1
P0 ⊇ S \ W1 ⊇ W0
P1 ⊇ W1
P0 ⊇ W0
Strategy of Player 0
To show Attr0 (F ) ⊆ W0 and S \ Attr0 (F ) ⊆ W1 , construct strategies,
s.t. Player 0 reaches F in finitely many steps from Attr0 (F ) and
Player 1 avoids F for infinitely many steps from S \ Attr0 (F ).
Strategy of Player 0
To show Attr0 (F ) ⊆ W0 and S \ Attr0 (F ) ⊆ W1 , construct strategies,
s.t. Player 0 reaches F in finitely many steps from Attr0 (F ) and
Player 1 avoids F for infinitely many steps from S \ Attr0 (F ).
Proof.
Attri0 (F ) ⊆ W0 (by induction over i).
Hypothesis: for every state s ∈ Attri0 (F ) Player 0 has a positional
strategy starting from s to reach F in ≤ i steps.
◮
(Base) s ∈ Attr00 (F ) = F
◮
i
i
(Induction) s ∈ Attri+1
0 (F ) = Attr0 (F ) ∪ CNext0 (Attr0 (F ))
If s ∈ Attri0 (F ), hypothesis applies, else s ∈ CNext0 (Attri0 )\Attri0
and Player 0 can force a visit to Attri0 (F ) in one step and from
where she needs (by induction) at most i steps to reach F .
So, F is reached after a finite number of moves.
Strategy of Player 1
Proof cont.
S \ Attr0 (F ) ⊆ W1
Assume s ∈ S \ Attr0 (F ), then s ∈
/ CNext0 (Attr0 (F )) and
we have two cases:
(a) s ∈ S0 ∩ S \ Attr0 (F ) ∀s′ ∈ S: (s, s′ ) ∈ E → s′ 6∈ Attr0 (F )
(b) s ∈ S1 ∩ S \ Attr0 (F ) ∃s′ ∈ S: (s, s′ ) ∈ E ∧ s′ 6∈ Attr0 (F )
In S \ Attr0 (F ) Player 1 can choose edges according to (b) leading
again to S \ Attr0 (F ) and by (a) Player 0 cannot escape from
S \ Attr0 (F ). So, F will be avoided forever.
W0 = Attr0 (F ) and W1 = S \ Attr0 (F )
Safety Games
Given a safety game (G, F ) with G = (S, S0 , E), i.e.,
φS = {ρ ∈ S ω | Occ(ρ) ⊆ F },
consider the reachability game (G, S \ F ), i.e.,
φR = {ρ ∈ S ω | Occ(ρ) ∩ (S \ F ) 6= ∅}.
Then, S ω \ φR = {ρ ∈ S ω | Occ(ρ) ∩ (S \ F ) = ∅}
= {ρ ∈ S ω | Occ(ρ) ⊆ F }.
Player 0 has a safety objective in (G, F ).
Player 1 has a reachability objective in (G, F ).
So, W0 in the safety game (G, F ) corresponds to W1 in the
reachability game (G, S \ F ).
Example: View of Player 1 (box)
s5
s6
s3
s4
s0
s1
s7
s2
Example: View of Player 1 (box)
s5
s6
s3
s4
s0
s1
s7
s2
Attr01 = {s5 , s6 } = “Bad” states
Example: View of Player 1 (box)
s5
s6
s3
s4
s0
s1
s7
s2
Attr01 = {s5 , s6 } = “Bad” states
Attr11 = {s3 , s5 , s6 }
Example: View of Player 1 (box)
s5
s6
s3
s4
s0
s1
s7
s2
Attr01 = {s5 , s6 } = “Bad” states
Attr11 = {s3 , s5 , s6 }
Attr21 = {s3 , s5 , s6 , s7 }
Example: View of Player 1 (box)
s5
s6
s3
s4
s0
s1
s7
s2
Attr01
Attr11
Attr21
Attr31
= {s5 , s6 } = “Bad” states
= {s3 , s5 , s6 }
= {s3 , s5 , s6 , s7 }
= Attr21 = Attr1
Example: View of Player 1 (box)
s5
s6
s3
s4
s0
s1
s7
s2
Attr01 = {s5 , s6 } = “Bad” states
Attr11 = {s3 , s5 , s6 }
Attr21 = {s3 , s5 , s6 , s7 }
Attr31 = Attr21 = Attr1
W0 = S \ Attr1 = {s0 , s1 , s2 , s4 }
Example: View of Player 1 (box)
s5
s6
s3
s4
s0
s1
s7
Attr01 = {s5 , s6 } = “Bad” states
Attr11 = {s3 , s5 , s6 }
Attr21 = {s3 , s5 , s6 , s7 }
Attr31 = Attr21 = Attr1
W0 = S \ Attr1 = {s0 , s1 , s2 , s4 }
s2
Computed using least fixpoint:
Attr1 (S \ F ) = µX.(S \ F ) ∪ CNext1 (X)
Example: View of Player 0 (circle)
s5
s6
s3
s4
s0
s1
s7
s2
Safei0 ... states from which P0 can
force at least i-steps within safe reg.
Example: View of Player 0 (circle)
s5
s6
s7
Safei0 ... states from which P0 can
force at least i-steps within safe reg.
Safe00 = {s0 , s1 , s2 , s3 , s4 , s7 }
s3
s4
s0
s1
s2
Example: View of Player 0 (circle)
s5
s6
s3
s4
s0
s1
s7
Safei0 ... states from which P0 can
force at least i-steps within safe reg.
Safe00 = {s0 , s1 , s2 , s3 , s4 , s7 }
Safe10 = {s0 , s1 , s2 , s4 , s7 }
s2
Example: View of Player 0 (circle)
s5
s6
s3
s4
s0
s1
s7
Safei0 ... states from which P0 can
force at least i-steps within safe reg.
Safe00 = {s0 , s1 , s2 , s3 , s4 , s7 }
Safe10 = {s0 , s1 , s2 , s4 , s7 }
Safe20 = {s0 , s1 , s2 , s4 }
s2
Example: View of Player 0 (circle)
s5
s6
s3
s4
s0
s1
s7
Safei0 ... states from which P0 can
force at least i-steps within safe reg.
Safe00
Safe10
Safe20
Safe30
s2
= {s0 , s1 , s2 , s3 , s4 , s7 }
= {s0 , s1 , s2 , s4 , s7 }
= {s0 , s1 , s2 , s4 }
= Safe20 = Safe0
Example: View of Player 0 (circle)
s5
s6
s3
s4
s0
s1
s7
Safei0 ... states from which P0 can
force at least i-steps within safe reg.
Safe00
Safe10
Safe20
Safe30
= {s0 , s1 , s2 , s3 , s4 , s7 }
= {s0 , s1 , s2 , s4 , s7 }
= {s0 , s1 , s2 , s4 }
= Safe20 = Safe0
s2
Computed using the dual (greatest) fixpoint:
Safe0 (F )
= νX.
F
∩ CNext0 (X)
Example: View of Player 0 (circle)
s5
s6
s3
s4
s0
s1
s7
Safei0 ... states from which P0 can
force at least i-steps within safe reg.
Safe00
Safe10
Safe20
Safe30
= {s0 , s1 , s2 , s3 , s4 , s7 }
= {s0 , s1 , s2 , s4 , s7 }
= {s0 , s1 , s2 , s4 }
= Safe20 = Safe0
s2
Computed using the dual (greatest) fixpoint:
Safe0 (F )
= νX.
F
∩ CNext0 (X)
Attr1 (S \ F ) = µX. (S \ F ) ∪ CNext1 (X)
Summary
We know how to solve reachability and safety games by positional
winning strategies.
Reachability = least fixpoint
Safety = greatest fixpoint
The strategies are
◮
Player 0: Decrease distance to F (called attractor strategy)
◮
Player 1: Stay outside of Attr0 (F )
In LTL, eventually(F ) = reachability and always(F ) = safety.
Next, always(eventually(F )) = Büchi and eventually(always(F )) =
Co-Büchi.
Exercise
1. Given a reachability game (G, F ) with G = (S, S0 , E) and
F ⊆ Q, give an algorithm that computes the attractor(F) of
Player 0 in time O(|E|).
Exercise
1. Given a reachability game (G, F ) with G = (S, S0 , E) and
F ⊆ Q, give an algorithm that computes the attractor(F) of
Player 0 in time O(|E|).
Solution:
1. Preprocessing: Compute for every state s ∈ S1 outdegree out(s)
2. Set n(s) := out(s) for each s ∈ S1
3. To breadth-first search backwards from F with the following
conventions
◮
mark all s ∈ F
◮
mark s ∈ S0 if reached from marked state
◮
mark s ∈ S1 if n(s) = 0, other set n(s) := n(s) − 1.
The marked vertices are the ones of Attr0 (F ).