Noname manuscript No. (will be inserted by the editor) Automata for epistemic temporal logic with synchronous communication Swarup Mohalik · R. Ramanujam Received: date / Accepted: date Abstract We suggest that developing automata theoretic foundations is relevant for knowledge theory, so that we study not only what is known by agents, but also the mechanisms by which such knowledge is arrived at. We define a class of epistemic automata, in which agents’ local states are annotated with abstract knowledge asser- tions about others. These are finite state agents who communicate synchronously with each other and information exchange is ‘perfect’. We show that the class of recogniz- able languages has good closure properties, leading to a Kleene-type theorem using what we call regular knowledge expressions. These automata model distributed causal knowledge in the following way: each agent in the system has a partial knowledge of the temporal evolution of the system, and every time agents synchronize, they update each other’s knowledge, resulting in a more up-to-date view of the system state. Hence we show that these automata can be used to solve the satisfiability problem for a natural epistemic temporal logic for local properties. Finally, we characterize the class of lan- guages recognized by epistemic automata as the regular consistent languages studied in concurrency theory. Keywords Epistemic logic, Automata theory, Decidability, Knowledge expressions 1 Background 1.1 Knowledge and memory We often hear someone exclaim, I used to know it very well, but now have trouble remembering it, give me some time to recall it. The speaker knows that she knew it S. Mohalik India Science Lab, General Motors Bangalore, India E-mail: [email protected]Ramanujam Institute of Mathematical Sciences Chennai, India E-mail: [email protected]
30
Embed
Automata for epistemic temporal logic with synchronous ...
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Noname manuscript No.(will be inserted by the editor)
Automata for epistemic temporal logic with synchronouscommunication
Swarup Mohalik · R. Ramanujam
Received: date / Accepted: date
Abstract We suggest that developing automata theoretic foundations is relevant for
knowledge theory, so that we study not only what is known by agents, but also the
mechanisms by which such knowledge is arrived at. We define a class of epistemic
automata, in which agents’ local states are annotated with abstract knowledge asser-
tions about others. These are finite state agents who communicate synchronously with
each other and information exchange is ‘perfect’. We show that the class of recogniz-
able languages has good closure properties, leading to a Kleene-type theorem using
what we call regular knowledge expressions. These automata model distributed causal
knowledge in the following way: each agent in the system has a partial knowledge of the
temporal evolution of the system, and every time agents synchronize, they update each
other’s knowledge, resulting in a more up-to-date view of the system state. Hence we
show that these automata can be used to solve the satisfiability problem for a natural
epistemic temporal logic for local properties. Finally, we characterize the class of lan-
guages recognized by epistemic automata as the regular consistent languages studied
We often hear someone exclaim, I used to know it very well, but now have trouble
remembering it, give me some time to recall it. The speaker knows that she knew it
S. MohalikIndia Science Lab, General MotorsBangalore, IndiaE-mail: [email protected]
RamanujamInstitute of Mathematical SciencesChennai, IndiaE-mail: [email protected]
2
earlier, but not now, and yet she has not lost the knowledge either. Indeed, she cannot
be said to have forgotten it either, since she can recall or reconstruct the knowledge.
This could be even an instance of propositional knowledge, where the speaker holds a
true belief that is asserted immediately whereas its justification requires the effort of
recall.
Formal theories of knowledge, especially logical studies following Hintikka, discuss
agents’ propositional knowledge. The theory addresses the questions of when an agent
can be said to know that a proposition is true, what are the properties of such knowl-
edge, how such knowledge changes due to interactions with other agents, how such
knowledge informs the agents’ actions, and so on. Relatively less is said about the
mechanisms by which agents acquire knowledge, store it and recall it when needed. In
studies of how knowledge and communication interdetermine each other, such mecha-
nisms may play a critical role, since the meaning of a message may depend not only
on message content, but also the mode of communication.
It is clear that knowledge is closely linked to memory, but understanding how
memory limitations impact knowledge requires study. It is common to speak of perfect
recall in epistemic logic and game theory. Typically, perfect recall is carefully defined,
and imperfect recall is merely its negation. However, there is structure to forgetting as
well.
Theory of computation provides models for memory structures of reasoning agents,
of which finite state automata provide the most elegant and robust class of machines.
From such a perspective, an agent has only bounded memory, and all knowledge that
the agent has (about the world, about other agents’ knowledge, about other agents’
knowledge about others, and so on) needs to be explicitly represented in memory.
Background or common knowledge may be “programmed” into the transition structure
of the automaton.
Such a view of a knower may seem severely limiting, and it is indeed unclear whether
complex notions of knowledge storage and recall can be studied in automata theoretic
terms. However, when we consider the dynamics of how knowledge changes due to in-
teraction between agents, explicit modelling of knowledge mechanisms is advantageous,
since we can then precisely delineate how knowledge is updated.
Specifically, consider the central question studied in epistemic logics: when an event
e occurs, how does its occurrence affect the epistemic attitudes of a participating agent
i ? When the agent is finite state, this raises the supplementary question: how is the
agent’s memory structured to accommodate information regarding e ?
1.2 Global and local views
In Hintikka-style logics of knowledge, the knowledge of a reasoning agent is given by
an indistinguishability relation on system states. An agent is said to know α at a
state s if α holds at every state s′ such that s and s′ are indistinguishable to the
agent. Reasoning about knowledge in multi-agent systems has proved to be extremely
interesting, especially from the viewpoint of computational agents. Fagin et al. [11]
provide an extensive treatment of such logics of knowledge.
In the context of distributed systems of agents, agents’ knowledge of temporal
properties is of special interest. Each agent evolves with time, and an agent has only a
limited visibility of what is happening to other agents. Communication between agents
leads to updating of their knowledge, and indeed the purpose of communication is
3
(often) to cause such updating ([25]). Starting with [24], [6], [12] and [13] there have
been many discussions of logical interaction between knowledge and time. [14] provide
axiomatizations of Epistemic Temporal Logics (ETL) interpreted over many interesting
classes of distributed systems. [23] discuss how the architecture of communications may
impact on reasoning in ETL.
The semantics of these logics are presented using temporal evolutions (histories),
and indistinguishability relations are imposed on time points, possibly from different
system trajectories. Knowledge update corresponds to how the partitions defined by
the indistinguishability relations change. We can define conditions that correspond
to whether agents have perfect recall of past event occurrences, or not. Note that
mechanisms for acquiring and storing knowledge as well as using the knowledge for
acting appropriately, are implicit in the logical description, as well as in the models.
In contrast to this temporal picture, we can conceive of the model as a transition
system where every event occurrence causes a change in information partitions. Such
structures are studied in Dynamic Epistemic Logics (DEL) ([9], [1], [2]) and Update
Logics ([32]). We can derive temporal behaviour by unfolding such systems.
There is a close relationship between these approaches, and [5] provide an illu-
minating discussion. [3], [4] provide a formal relationship between DEL models and
ETL models: they not only embed the former into the latter, but also characterize the
subclass of ETL models from which DEL models may be extracted. Indeed, there is
a duality between transition system based presentations and those based on temporal
evolutions: associated with every transition system is a domain of computations (of its
unfoldings) which is a temporal picture, and associated with classes of partial orders
representing temporal trajectories, there is a natural transition system on its config-
urations. In the context of knowledge in distributed message passing systems, such a
duality is shown to be a categorical adjunction in [15].
One aspect that is common to both DEL models as well as ETL models is the global
nature of specification, in the sense that these are knowledge structures perceived by
observers ‘hovering above’ the system, ascribing knowledge to agents in the system.
The indistinguishability relations are externally specified in the sense that they are not
built structurally from system characteristics. These relations describe agents’ knowl-
edge, without reference to mechanisms for acquiring knowledge. Thus global system
behaviour (and knowledge of global properties) is non-compositional.
A natural question then is to ask whether we can have a compositional presentation
of knowledge: in this picture, properties are local and associated with agents. We only
describe agents, and the mechanisms by which they acquire information about local
properties relating to other agents. Global properties are compositionally derived from
local properties. In terms of systems, we obtain global behaviour by taking products of
local behaviours. In the local / product presentation, knowledge mechanisms have to
be brought into states and transitions.
We suggest that automata theory provides a natural formalism for such local /
product presentations. To some extent, this was initiated in [15] and [28], but the
structure of such systems and their behaviour was not studied there. This is the ques-
tion we take up in this paper.
4
1.3 Epistemic automata
Automata theory has played an important role in the study of temporal logics. The
seminal work of Buchi related definability in monadic second order logics with recogniz-
ability by automata ([30]). [31] showed that we can associate a finite state automaton
with every linear time temporal logic formula such that the models of the formula give
the language of the associated automaton. The satisfiability problem from the logic
can then be reduced to emptiness checking of the automaton. Since then, extensive re-
search on such topics has led to important advances in practical verification of temporal
properties of systems. Thus seeking a similar automata theoretic treatment of epistemic
temporal logics is reasonable, a priori. In this paper, we attempt such an account for a
special subclass of epistemic agents. We can then hope to develop an automata theory
of knowledge change, exploring issues like complementation and minimization. This is
also required to develop an algebraic theory of knowledge composition.
Before we can describe epistemic automata, an observation on epistemic temporal
logics is relevant. In these logics, knowledge modalities quantify over the uncertainties
that an agent has about the “world”. Temporal modalities describe past and future.
Due to the interplay between the two, we have a presentation of what each agent is
(un)certain about in the past, present and future. Thus we arrive at the question:
what can an agent confidently assert about, say, the past ? A short answer: whatever
causally implies the present; alternatively, whatever the present is causally dependent
on. Reflectively, this means that what an agent knows about its future is whatever
causality entails from the present. However, such causal dependency is not absolute
but local to the system (or world) in which the agent reasons: clearly, if in all possible
system evolutions, event occurrence e2 follows that of e1, then this property is common
knowledge to all agents in the system and hence an agent who sees e2 knows for certain
that e1 has occurred in the past, and thus e2 is causally dependent on e1 vis a vis agents’
knowledge.
Indeed, there is more: if every agent has only a limited capability to remember,
such “forgetting” is common knowledge as well, and agents can be certain about the
uncertainties other agents have about the past or future. Thus the computational
capabilities of epistemic agents play a significant role in epistemic temporal reasoning.
Specifically, when all agents are finite state, this has crucial implications for the way
each agent’s knowledge is structured.
In this paper, we present an automata theoretic account of finite state epistemic
agents, but in the special restricted context of co-operative agents who exchange infor-
mation in the synchronous mode. That is, while local activity of agents is asynchronous,
whenever a group of agents are to communicate, they wait until they are together, share
information and proceed thence asynchronously. This simplifies the study considerably
since unbounded buffers associated with asynchronous message passing can easily lead
to infinite state behaviours. (Note that systems with bounded buffers are easily mod-
elled as synchronizing systems anyway.) Clearly, the study of knowledge in message
passing systems in which agents may have conflicting goals is more important and in-
teresting, but this paper is intended more as an argument for an epsitemic automata
theory, rather than as proposing any definitive such theory.
In the automaton model we propose here, each agent is finite state, and the local
state of an agent is annotated with what the agent knows about the rest of the system
at that state. Clearly, this depends on what the agent can observe about the system,
and since such observations have to be recorded held in the agent’s memory, they must
5
be finite as well. Since the global state of a synchronously communicating system is
given as a tuple of agents’ local states, each agent’s knowledge (at any state) can also
be tuples of observables (which can be seen as abstract projections of states).
Thus the description of epistemic agents constrains global system behaviour: the
possible evolutions of the system must unfold in such a manner that agents do observe
(and thus know) in their local histories what the annotations assert. Therefore, the
global system is not a simple product of automata but an epistemic product that satis-
fies natural conditions: when an event occurs, the state (and knowledge) of those not
participating in it remains unchanged, and among those who do participate, informa-
tion exchange is perfect and maximal. We can see this as causality information being
transferred between agents during a synchronization event.
Having defined epistemic automata and epistemic products, we are in a position to
develop automata theoretic foundations for the class of behaviours, termed recognizable
languages:
– We show that the class of recognizable languages enjoys several important prop-
erties: closure under boolean operations and homomorphisms, decidability of algo-
ritheoremic questions like checking non-emptiness.
– We prove a Kleene-type theorem showing that epistemic automata can be equiva-
lently described by a class of ‘knowledge regular expressions’.
– We employ these automata to decide the satisfiability of a naturally specified epis-
temic temporal logic.
– We show that the behaviour of epistemic products corresponds to a class that
is well studied in concurrency theory, that of regular trace languages([18]). Thus,
in this special case of synchronously communicating agents, epistemic automata
correspond to Zielonka automata ([33]).
What do such automata theoretic results signify ? As an example, consider the
Kleene-type theorem mentioned above. It can be seen as a result in the spirit of [4],
merging the DEL and ETL frameworks, in the following sense. ‘Knowledge regular
expressions’, where knowledge assertions are mixed inside regular expressions are akin
to DEL formulas, whereas computations of epistemic transition systems correspond to
ETL models. The Kleene theorem provides a formal relationship between these two in
the restricted case of finite state agents with synchronous interaction. Admittedly, this
is only an analogy, but motivates the need for relating frameworks in the context of
finite state agents.
While a mere transference of results is not interesting in itself, we merely remark
that notions like epistemic homomorphisms can lead to new insights into the structure
of agents’ knowledge. We hope that developing an algebraic theory of (finite state
agents’) knowledge will further lead to insights on compositional theories of knowledge.
2 Automata
Before we present automata whose runs act as models for the logic, some preliminaries
setting up the notation are in order.
6
2.1 Transition systems and automata
Let Σ be a finite and nonempty alphabet. Σ∗ is the set of all finite strings over Σ. We
use a, b, c, ... for the letters of Σ and x, y, z, ... for strings. The empty string is denoted
as ε. Concatenation of strings x and y is denoted either by x · y or just xy. Any subset
L ⊆ Σ∗ is called a language over Σ.
A transition system (TS) over Σ is a tuple M = (Q,−→, I), where Q is a finite set
of states, −→ ⊆ (Q × Σ × Q) is the transition relation and I ⊆ Q is the set of initial
states. We use letters p, q etc. for the states of a TS. When (q, a, q′) ∈ −→, we write it
as qa−→q′.
The one step transition on letters is extended to transitions on strings over Σ∗ and
the extended transition relation is denoted by =⇒ : Q×Σ∗ ×Q. When px
=⇒q, we say
that there is a run of M from p to q on x.
We call a TS deterministic (DTS) if −→ is a function on (Q × Σ) and I is a
singleton, namely {q0}. This entails that whenever pa−→q and p
a−→q′ we have q = q′.Notice that if M is a DTS, the extended transition relation is a function, and given
any p ∈ Q and x ∈ Σ∗, there is a unique q such that px
=⇒q. In this case, we denote by
(x)M the state q such that q0x
=⇒q.A finite state automaton (FA) is a tuple A = (M,F ), where M is is a TS and
F ⊆ Q, is the set of its final states. When qx
=⇒qk for some q ∈ I and qk ∈ F , we say
that the string x is accepted by A. The set of all strings accepted by A (also called the
language of A) is denoted as L(A) or L(M,F ).
Definition 21 Given Σ, the class of languages accepted by FA’s over Σ is defined as:
L(FAΣ)def= {L⊆Σ∗ | there is an FA (M,F ) such that L=L(M,F )}.
We call this class of languages recognizable and denote it as RecΣ .
An FA (M,F ) is called deterministic (DFA) if M is a DTS. We denote the class of
languages accepted by DFA over Σ as L(DFAΣ). It is easy to show that L(DFAΣ) =
L(FAΣ) = RecΣ . RecΣ has many nice properties: it is closed under boolean opera-
tions, concatenation and finite iteration (the Kleene star “*”).
2.2 Distributed alphabets
Since we will be considering agents as finite state automata, we will associate agents’
views with strings over finite alphabets that automata take as inputs. For systems of
autonomous agents, we have distributed alphabets.
We consider systems of n agents, for a fixed n, and the finite set of agents is called
Loc = {1, · · · , n}, n > 0. We model the distribution of actions among the agents (also
referred to as processes) by a distributed alphabet eΣ. It is a tuple (Σ1, · · · , Σn), where
each Σi is a finite nonempty set of actions and is called an agent alphabet. These
alphabets are not required to be disjoint. In fact, when a ∈ Σi ∩Σj , i 6= j, we think of
it as a potential synchronization action between i and j.
Given a distributed alphabet eΣ, we call the setΣdef= Σ1 ∪ ... ∪ Σn as the alphabet
of the system since the overall behaviour of the system is expressed by strings from
Σ∗. For any action in Σ, we have the notion of agents participating in this action. Let
loc : Σ → 2{1,...,n} be defined by loc(a)def= {i | a ∈ Σi}. So loc(a)(called “locations
7
of a”) gives the set of agents that participate (or, synchronize) in the action a. By
definition, for all a ∈ Σ, loc(a) 6= ∅. The notion of locations (or, participating processes)
is easily extended to strings over Σ∗. If x ∈ Σ∗, alph(x)def= {a ∈ Σ | a occurs in x }.
Then, loc(x)def=
[a∈alph(x)
loc(a).
From the definition of locations, we can derive an irreflexive and symmetric relation
I on Σ. We call this an independence relation. The independence relation is defined to
be I def= {(a, b) ∈ Σ×Σ | loc(a)∩ loc(b) = ∅}. Informally, (a, b) ∈ I if the participants
in the actions a and b are disjoint. Since processes are spatially distributed, it entails
that the participants of b remain unaffected by the execution of a and vice versa.
Hence in the system, independent actions may proceed asynchronously. We call this
the asynchrony property of the systems. Extending the same idea to strings over Σ∗,we say two strings x and y are independent, i.e., (x, y) ∈ I iff loc(x) ∩ loc(y) = ∅.Two independent strings can be thought of as independent execution sequences of two
disjoint sets of processes.
Lastly, we say that the distributed alphabet eΣ is non-trivial iff the independence
relation on Σ is non-empty. For example, the distributed alphabet (Σ1 = {a, b}, Σ2 =
{b, c}) is non-trivial because (a, c) ∈ I. On the other hand, the distributed alphabeteΣ = (Σ1 = {a, b}, Σ2 = {b, c}, Σ3 = {c, a}) is trivial because loc(a) ∩ loc(b) = {1} 6=∅ and so on for every pair of letters and hence I is empty. Since trivial alphabets
constrain systems so that agents cannot proceed asynchronously, knowledge properties
are essentially the same as in the case of one reasoning agent. Hence in this paper we
consider only systems over non-trivial distributed alphabets.
2.3 Epistemic Transition Systems
In the definition of epistemic automata attempted below, we seek an alternative to
global indistinguishability relations; this can be achieved by enriching local states with
structure.
If Qi is the states of agent i, q ∈ Qi can be thought of as a tuple (q[1], . . . , q[n]),
where q[j] is the knowledge agent i has about agent j. But then the question arises:
what about what i knows about what j knows about k ? Should q[j] be another tuple
? But this is infinite regress.
Automata theory offers a standard technique for this problem: use an alphabet of
observations, which we call an epistemic alphabet.
Fix a distributed alphabet eΣ=(Σ1, · · · , Σn). Additionally consider an epistemic
alphabet eC = ((C1,�1), · · · , (Cn,�n)).
where each Ci is a nonempty set and for all i 6= j, Ci ∩ Cj = {⊥}. �i is a (reflexive
and transitive) pre-ordering on Ci with the least element ⊥. The element ⊥ stands for
trivial knowledge, or null information. We call C = C1 ∪ . . . ∪ Cn the knowledge set.
Since we work with finite state systems, it suffices to consider finite Ci. An alternate
presentation of C is given by the knowledge map:
Φdef= {φ : Loc 7→ C | ∀i ∈ Loc, φ(i) ∈ Ci}.
8
It may be convenient to view elements of C as formulas of some logic of knowl-
edge and implication as the ordering. In general, the modelling above corresponds to
observations of each agent’s state being recorded in a separate vocabulary.
Note that the entire hierarchy of i-propositions (what is true about i, what i knows
about j, what i knows about what j knows about k etc) is collapsed into (ci,�i). This
may be reminiscent of Harsanyi type spaces.
Definition 22 Let i ∈ {1, 2, . . . , n}. An epistemic agent (EA) over (Σi, eC) is a
tuple (M i, fi) where M i = (Qi,−→i, q0i ) is a TS over Σi and fi : Qi → Φ is called a
knowledge map.
At a state p ∈ Qi, if fi(p) = φ then φ(j) is what M i knows about Mj at p;
strictly speaking, φ(j) is irrelevant in the theory presented here when j = i, but it is
notationally simpler to have a uniform map.
Definition 23 An epistemic transition system(ETS) over the alphabet ( eΣ, eC) is
given by a tuple fM = (M1, · · · ,Mn, 〈f1, f2, · · · , fn〉, F ),
where for each i ∈ Loc, (M i = (Qi,−→i, q0i ), fi) is an EA over (Σi, eC), and F ⊆
(Q1 × . . .×Qn).
The global behaviour of fM is given below as that of the product automaton cMassociated with the system. The product automaton is not over the whole global state
space but over global states where knowledge assertions at local states are mutually
compatible.
Definition 24 Let fM = (M1, · · · ,Mn, 〈f1, · · · , fn〉, F ) be an ETS and let Q = (Q1 ×. . .×Qn). A global state (p1, p2, · · · , pn) ∈ Q is called coherent iff
for all i, j ∈ Loc : fi(pi)(j) �j fj(pj)(j).
Denote the set of all coherent states of the ETS as bQ. In the rest of the paper, we
consider only ETS’s whose initial state (q01 , · · · , q0n) is coherent.
Definition 25 The epistemic product automaton of an ETS fM is defined to be
(cM(bQ,−→, (q01 , · · · , q0n)), bF ) where
1. bQ is the set of all coherent global states,
2. (q01 , · · · , q0n) is the initial state,
3. bF ⊆ bQ ∩ F is the set of final states,
4. −→ ⊆ (bQ×Σ × bQ) is the transition relation defined as :
(p1, · · · , pn)a−→(q1, · · · , qn) iff
(a) for all i 6∈ loc(a), pi = qi.
(b) for all i ∈ loc(a), pia−→iqi.
(c) for all i, j ∈ loc(a), fi(qi) = fj(qj).
The last condition (4c) above represents perfect exchange: immediately after a synchro-
nization has taken place, agents participating in the action have complete knowledge
of the observables of all other participants, as well as a consensus on the observables
of all non-participating agents.
The class of languages over eΣ accepted by ETS’s is denoted as ETS eΣ . Formally,
ETS eΣ={L⊆Σ∗ | ∃eC and an ETS fM over ( eΣ, eC) such that L=L(cM,F )}.
From the definition of the epistemic product above, the following theorem is easily
established.
9
Theorem 1 Given an ETS fM , checking whether L(cM,F ) = ∅ is decidable in time
linear in the size of the epistemic product.
2.4 Behaviours
What kind of languages do we see inside ETS eΣ ? To answer this question, it is useful
to consider them as being closed under a natural equivalence relation.
Given a distributed alphabet eΣ, let d be the component projection map: d: (Σ∗ ×
4 Epistemic automata for an epistemic temporal logic
In this section, we define a natural epistemic temporal logic of local properties and
prove it decidable by associating epistemic transition systems with formulas of the
logic. Before we discuss the logic, we illustrate what the perfect exchange condition
entails in behaviours.
4.1 Distributed Agents and Views
Consider a system of 4 agents P1, P2, P3, P4 who manipulate local variables x, y, z, w
respectively (see Fig. 1). Suppose that the only local computations are increment (by
1), which are shown as horizontal rectangles. Suppose also that when agents exchange
information (denoted in the figure by horizontal lines with blobs denoting participating
agents in the exchange), they know about the values of the variables of participating
agents. Lastly, suppose that the initial value of all variables are zero and all the pro-
cesses know this. Denote by K(Pi) the values of variables of which Pi has knowledge.
So, initially, K(Pi) = 〈0, 0, 0, 0〉 for all processes.
After a period of local computations, P1 and P2 interact through the action a;
simultaneously and independently, P3 and P4 interact via b. At this stage, actual values
of variables are 〈x, y, z, w〉 = 〈1, 0, 1, 1〉. But since P1 has no way of knowing the value
of z, K(P1) = 〈1, 0, 0, 0〉; because of the action a, K(P2) also is 〈1, 0, 0, 0〉. Similarly,
1 Proof in Appendix B
14
Fig. 1 Interacting processes.
∅
18 Mohalik, Ramanujam
a b
c
d
P1 P2 P3 P4
Figure 1. Interacting processes.
Local states of agents in the system describe their views of thesystem as a whole.
Synchronization is the exchange of information whereby the syn-chronizing agents update their views so that they have identicalviews immediately after synchronization.
It was shown in Ramanujam (1995) that these transitions systemsexactly described (in a categorical sense) a class of labelled event struc-tures called synchronization structures. Since these event structuresarise naturally from traces (a la Mazurkiewicz) one asks whether sim-ilar finite state transition systems with some acceptance condition willaccept regular consistent languages. This question is answered affirma-tively here.
4.2. Views Associated with Strings
Associated with any computation on a string x ∈ Σ∗ of actions, eachagent (or a group of agents) has only a partial view. One natural wayto define this partial view for an agent is to take the effect of only(and all) those actions such that either the agent participates in itor there is a causal chain from the action occurrence to some otheraction occurrence in which the agent participates. This allows for thepossibility that computation by other agents may go on independently,of which the concerned agent does not have any information.
Main.tex; 26/11/2009; 15:24; p.18
K(P3) = 〈0, 0, 1, 1〉 and K(P4) = 〈0, 0, 1, 1〉. So, P2 has more recent information than
P3 about the value of x, and P3 has better information about w than P2.
Now suppose, P2 and P3 increment their local variables and then exchange infor-
mation via c. Since P1 and P2 do not participate in this action, their knowledge about
the values remain same. But now, K(P2) = 〈1, 1, 2, 1〉 = K(P3). Note that even if P2
never directly interacted with P4, it gets the information about w indirectly through P3
and hence can update its information about w. This sort of view updating is common
in distributed protocols.
In [27], distributed transition systems for such models were studied. These systems
were locally presented and reflected the ideas discussed above. Informally, these systems
are structured as follows:
– Local states of agents in the system describe their views of the system as a whole.
– Synchronization is the exchange of information whereby the synchronizing agents
update their views so that they have identical views immediately after synchro-
nization.
It was shown in [27] that these transitions systems exactly described (in a cat-
egorical sense) a class of labelled event structures called synchronization structures.
Since these event structures arise naturally from traces (a la Mazurkiewicz) one asks
whether similar finite state transition systems with some acceptance condition will
accept regular consistent languages. This question is answered affirmatively here.
4.2 Views Associated with Strings
Associated with any computation on a string x ∈ Σ∗ of actions, each agent (or a group
of agents) has only a partial view. One natural way to define this partial view for an
agent is to take the effect of only (and all) those actions such that either the agent
participates in it or there is a causal chain from the action occurrence to some other
action occurrence in which the agent participates. This allows for the possibility that
15
Fig. 2 Distributed computation on the string abcdeab.
∅
Epistemic Automata 19
1 2 3 4
a b
c
d
e
a b
Figure 2. Distributed computation on the string abcdeab.
As an example, take a distributed alphabet Σ = (Σ1, Σ2, Σ3, Σ4),where Σ1 = {a}, Σ2 = {a, c, e}, Σ3 = {b, c, d, e} and Σ4 = {b, d}. Asubsequence of a string is formed by picking arbitrarily letters in thesame order as in the given string. Hence, the subsequences of abc are{ε, a, b, c, ab, bc, ac, abc}.
Call a string causally connected if consecutive actions in the stringhave a common participating agent. For example, cdea is causally con-nected, since loc(c)∩loc(d) = {3}, loc(d)∩loc(e) = {3}, loc(e)∩loc(a) ={2}. Similarly, ac, acb and acd are all causally connected whereas aband ad are not causally-connected.
Now let x = abcdeab. The computation associated with x is shownin Fig. 2. Then the 1-view (the view of agent 1) is abcdea. Note thateven if 1 does not participate in the second action b, there is a causallyconnected subsequence bcdea at the end of which 1 participates in a.Hence this occurrence of b should be considered in the 1-view. The lastb in x, however, is not in 1-view because neither does 1 participate init nor is there any causally connected chain to some 1-action (actionsfrom Σ1).
When we consider group views, we consider actions in which at leastone in the group participates and the actions with causally relatedchains to any action of the former kind. Then, in the example, we havethat {1, 3}-view of x is abcdeab. Reasoning along this line, we give somei-views and group-views for the string abcdeab in the following table.
Main.tex; 26/11/2009; 15:24; p.19
computation by other agents may go on independently, of which the concerned agent
does not have any information.
As an example, take a distributed alphabet eΣ = (Σ1, Σ2, Σ3, Σ4), where Σ1 = {a},Σ2 = {a, c, e}, Σ3 = {b, c, d, e} and Σ4 = {b, d}. A subsequence of a string is formed
by picking arbitrarily letters in the same order as in the given string. Hence, the
subsequences of abc are {ε, a, b, c, ab, bc, ac, abc}.Call a string causally connected if consecutive actions in the string have a common
participating agent. For example, cdea is causally connected, since loc(c)∩loc(d) = {3},loc(d) ∩ loc(e) = {3}, loc(e) ∩ loc(a) = {2}. Similarly, ac, acb and acd are all causally
connected whereas ab and ad are not causally-connected.
Now let x = abcdeab. The computation associated with x is shown in Fig. 2. Then
the 1-view (the view of agent 1) is abcdea. Note that even if 1 does not participate
in the second action b, there is a causally connected subsequence bcdea at the end of
which 1 participates in a. Hence this occurrence of b should be considered in the 1-view.
The last b in x, however, is not in 1-view because neither does 1 participate in it nor
is there any causally connected chain to some 1-action (actions from Σ1).
When we consider group views, we consider actions in which at least one in the
group participates and the actions with causally related chains to any action of the
former kind. Then, in the example, we have that {1, 3}-view of x is abcdeab. Reasoning
along this line, we give some i-views and group-views for the string abcdeab in the
following table.
abcdeab
i-views group-views
1-view abcdea {1,2}-view abcdea
2-view abcdea {2,3}-view abcdeab
3-view abcdeb {3,4}-view abcdeb
4-view abcdeb {1,2,3,4}-view abcdeab
16
Our interest in views stems from the fact they constitute causal knowledge that
agents build up during temporal system evolution, and which is updated by agents
during synchronization. For later purposes, it is convenient to work with the collective
view of a group of agents, rather than that of an individual agent. This is formalized
below.
Given two strings x and y of Σ∗, x is called a subsequence of y, denoted x� y, if x =
a1 . . . an and there exist strings x0, . . . , xn ∈ Σ∗ such that y = x0a1x1a2x2 . . . anxn.
Note that � is a partial order on Σ∗.Let α ⊆ Loc and u = a1 . . . an. For any j, 1 ≤ j ≤ n, aj is said to have an α-chain
in u if there is a sequence j = i0 < i1 < i2 < . . . < im ≤ n such that
– loc(aim) ∩ α 6= ∅, and
– ∀k, 0 ≤ k < m, loc(aik ) ∩ loc(aik+1) 6= ∅.
In this case, ajai1ai2 . . . aim is called an α-chain of u.
Informally, an α-chain of u is a causally connected subsequence of u ending in an
α-action (an action with a participant from the set of agents α).
In the previous example, if u = bcad, then a does not have a {4}-chain in u since
4 6∈ loc(a) and loc(a) ∩ loc(d) = ∅. On the other hand, b has a {4}-chain cd in u since
loc(c) ∩ loc(d) = {3} and 4 ∈ loc(d).
For α ⊆ Loc and u = a1 . . . an ∈ Σ∗, u is said to be α-connected iff ∀j ∈ {1, . . . , n},aj has an α-chain in u. For the example alphabet, cad is not 4-connected (a does not
have any 4-chain) while caed is 4-connected because now a has the 4-chain aed.
Let Cα(x) denote the α-connected subsequences of a given string x. Essentially,
Cα(x) contains all the causally connected chains that are candidates for the α-view of
x. We observe that if x� y then Cα(x) ⊆ Cα(y). Also if α ⊆ β, then Cα(x) ⊆ Cβ(x).
The following proposition asserts that the α-connected subsequences of x have a
maximum. This has crucial implications for what follows, as such subsequences con-
stitute the causal knowledge agents in α can pool together and construct about the
global history represented by x. The maximum then constitutes definitive knowledge
of the past and an agent needs only to keep track of it as the system evolves to act as
an epistemic agent with causal knowledge of past and future.
Proposition 1 For all α ⊆ Loc and for all x ∈ Σ∗, Cα(x) has a �-maximum 2.
We now define the group view of a string, the notion that is central to causal
temporal reasoning:
Definition 41 Let x ∈ Σ∗, α ⊆ Loc. The α-view of x, denoted x ↓ α is defined to be
the �-maximum α-connected subsequence of x.
(In the following we use the notation x ↓ i to denote x ↓ {i}.)We state two crucial properties of views which describe how views are updated. To
simplify notation, we use x ↓ i to denote x ↓ {i}.
Proposition 2 a. When loc(a) ∩ α = ∅, the �-maximum α-connected subsequence
of x is same as that of xa. In other words, x ↓ α = xa ↓ α. In particular, for
i 6∈ loc(a), x ↓ i = xa ↓ i.b. When loc(a) ∩ α 6= ∅, if z is the �-maximum α-connected subsequence of x then
za is the �-maximum α-connected subsequence of xa. In other words, xa ↓ α =
(x ↓ (α ∪ loc(a))) · a. In particular, for i ∈ loc(a), xa ↓ i = (x ↓ loc(a)) · a.
2 Proof in Appendix A
17
As the reader may realise, this proposition describes how an automaton may store
views in its local states and update them upon action a.
4.3 A logic
In epistemic temporal logics, assertions are typically made at local histories. The central
idea is that an agent knows a property α if it holds in all global histories which have
the same local history. Being a temporal logic, the formula α is an assertion about the
past and future as well. Note that the non-trivial part of α is what it asserts about
the past and future of other agents, including knowledge assertions, in turn, about this
agent. In some sense, we have properties of agents observable by others and epistemic
assertions relate to knowledge of such observable properties.
Fix a set of agents [n] = {1, 2, · · · , n}, a distributed alphabet eΣ and sets of atomic
propositions {P1, P2, · · · , Pn}, where each Pi is a countably infinite set. Agent formulas
are given by the syntax below. Let u ⊆ [n], we define Γu below. The logic is given by
formulas in Γ (= Γ[n]).
∆i ::= p ∈ Pi | ¬α | α ∨ β | 〈a〉ψ, a ∈ Σi, ψ ∈ Γloc(a) | ♦α | Kiφ, φ ∈ Γ
Γu ::= α@i, i ∈ u, α ∈ ∆i | ¬φ | φ1 ∨ φ2
The logic acts locally like a temporal logic, with past and future modalities, with a
knowledge operator. The critical differences are in the next and knowledge modalities,
which are both global; since a is a synchronization of agent i with other agents, the
formula asserted after a can refer to what has been learnt about them. The knowledge
operator is standard, and refers to what the agnt knows about the global state of the
system.
The other connectives ∧,⇒,≡ are defined as: φ1 ∧ φ2def= ¬(¬φ1 ∨ ¬φ2),
φ1⇒φ2def= ¬φ1 ∨ φ2 and φ1 ≡ φ2
def= (φ1⇒φ2) ∧ (φ2⇒φ1). The dual modalities
[a],�, L are defined as: [a]ψdef= ¬(< a > ¬ψ), �α
def= ¬♦¬α and Liφ
def= ¬Ki¬φ.
4.4 Histories and Local Histories
Models are sets of global histories of systems of finite state agents who communicate
synchronously. We need some preliminaries to set up the machinery of histories so that
causal knowledge can be defined.
Let (Q1, Q2, · · · , Qn) be finite sets. Qi represents the set of possible local states of
agent i. Let S = Q1 × Q2 × · · · × Qn be the set of global system states. Given s =
〈q1, · · · , qn〉 ∈ S, we denote qi by s[i]. A history is a sequence ρ = s0a1s1 · · · sk−1aksk,
k ≥ 0, where for all i, si ∈ S and ai ∈ Σ, such that ρ satisfies the asynchrony condition:
for all i ∈ {1, . . . , k}, if si−1aisi, then for all j 6∈ loc(a), si−1[j] = si[j]. For ρ as above
the eΣ word associated with ρ is defined to be w(ρ) = a1 · · · ak.
Let ρ = s0a1s1 · · · sk−1aksk be a history, and let w(ρ) ↓ i be the subsequence of
a1 · · · ak defined below, say aj1 · · · ajm . Define ρ ↓ i to be the sequence t0aj1t1 · · · ajmtm,
where t0 = s0, and t`+1[i′] = sj`+1[i′], for i′ ∈ loc(aj`), and t`+1[i′] = t`[i′], for
18
i′ /∈ loc(aj`). It is easy to check that ρ ↓ i satisfies the asynchrony condition and hence
is a legal history as well.
Define ρ ∼i ρ′ iff ρ ↓ i = ρ′ ↓ i. This is the indistinguishability relation on which
we will interpret knowledge assertions. Define ρ ≈ ρ′ iff for all i ∈ [n], ρ ∼i ρ′. We call
a set H closed if whenever ρ ∈ H and ρ ≈ ρ′, we have that ρ′ ∈ H as well.
Consider a history ρ = s0a1s1 · · · sk−1aksk, and x = w(ρ) = a1 · · · ak. If we think
of the indices {1, . . . , k} as the temporal instants of this global history, we can ask which
of these are visible to agent i. These are clearly those j such that i ∈ loc(aj). This is
formalized as follows. Given a distributed alphabet eΣ, let d be the component projection
map: d: (Σ∗ × Loc)→ Σ∗ defined as: xdi =
8<:ε if x = ε,
ydi if x = ya and i 6∈ loc(a), and
(ydi) · a if x = y · a and i ∈ loc(a).Suppose xdi = a`1 · · · a`m . Define the sequence ρdi = t0b1t1 · · · tm−1bmtm by:
t0 = s0[i], and for all j ∈ {1, . . . ,m}, bj = a`j and tj = s`j [i]. ρdi is then the i-local
history associated with ρ. Note that xdi is different from x ↓ i: the latter represents the
view of agent i, as obtained by communication with other agents. The former merely
points to instants at which such updates take place. Thus, associated with every history
ρ and agent i, we have a map τi : {0, . . . , k} → {0, . . . ,m} defined by τi(0) = 0, and
τi(j) = max{0,max{`|` ≤ j, i ∈ loc(a`)}}. We can think of τi(j) as the i-local instant
at j; thus τi is the local clock for i in ρ. We denote the association with ρ by τρi , when
necessary.
4.5 Semantics
A frame on S is a closed set of histories. A model is a tuple M = (S,H , V ) where
S = Q1×Q2×· · ·×Qn, H is a closed set of histories on S and eΣ and V = (V1, · · · , Vn),
where Vi : Qi → 2Pi . Let ρ ∈ H such that ρ = s0a1s1 · · · sk−1aksk. Let i ∈ [n],
δ = ρdi = t0b1t1 · · · tm−1bmtm, and let j such that 0 ≤ j ≤ k. The notion δ, τi(j) |=i α,
where α ∈ ∆i, and the notion ρ, j |= φ, where φ ∈ Γ are defined by mutual recursion
below.
1. δ, ` |=i p iff p ∈ Vi(t`), for p ∈ Pi.2. δ, ` |=i ¬α iff δ, ` 6|=i α.
3. δ, ` |=i α ∨ β iff δ, ` |=i α or δ, ` |=i β.
4. δ, ` |=i 〈a〉ψ iff there exists j < k such that τρi (j) = `, aj+1 = a and ρ, j + 1 |= ψ,
where ψ ∈ Γloc(a).5. δ, ` |=i ♦α iff there exists `′ such that ` ≤ `′ and δ, `′ |=i α.
6. δ, ` |=i Kiφ iff for every ρ′ ∈ H such that ρ ∼i ρ′, for all j′ ≤ |ρ′| such that
τρ′
i (j′) = `, ρ′, j′ |= φ, where φ ∈ Γ .
1. ρ, j |= α@i iff ρdi, τρi (j) |=i α.
2. ρ, j |= ¬φ iff ρ, j 6|= φ.
3. ρ, j |= φ ∨ ψ iff ρ, j |= φ or ρ, j |= ψ.
Let Lang(φ) = {w(ρ) | ρ, 0 |= φ}. The following proposition asserts that the truth of
i-local formulas at a history ρ depends only on the i-view at ρ.
Proposition 3 Suppose ρ, ρ′ ∈ H such that ρ ∼ ρ′. Let j ≤ |ρ|, k ≤ |ρ′| such that
τρi (j) = τρ′
i (k) = `. Then for every α ∈ ∆i, ρdi, ` |=i α iff ρ′di, ` |=i α.
19
4.6 Decidability of Satisfiability
We now show epistemic products help in proving that the satisfiability problem for the
logic is decidable.
Theorem 6 For every formula φ ∈ Γ , there is an epistemic transition system Mφ overeΣ and a knowledge alphabet C such that Lang(φ) = L(Mφ). Moreover, the knowledge
alphabet C[i] is simply the set of i-local formulas among the subformulas of φ. The size
of Mφ is at most singly exponential in the length of φ.
Corollary 1 The satisfiability problem for the logic is decidable in time 2O(nm), where
n is the number of agents and m is the length of the formula being decided.
Note that ¬(α@i) ≡ (¬α)@i is valid, as also (α ∨ β)@i ≡ (α@i ∨ β@i). Hence,
every formula φ ∈ Γ can be rewritten equivalently as a finite disjunction of formulas
of the form φ′ =^i∈[n]
αi@i. From now on, we will assume that formulas in Γ are thus
given, and by abuse of notation, write φ′ above as < α1, . . . , αn >, which is further
abbreviated as α. Moreover for i ∈ [n], we can speak of α ∈ φdi, where φ ∈ Φi.Now let u = i1, · · · , im. We denote the tuple 〈αi1 , . . . , αim〉 by αdu. Clearly we can
define (αdu)dv, for v ⊆ u. (By convention, the empty tuple denotes the formula True,
which is some fixed propositional tautology in Γ[n].)
The construction of Mφ proceeds as follows. Let φ = α as above. For u ⊆ [n], u 6=∅,the u-subformula closure of α, denoted CL′u(α) is defined by simultaneous induction,
as follows: below, we denote CL′{i} by CL′i.
– φ ∈ CL′[n](φ).
– If βv ∈ CL′u(α) then for v′ ⊆ v, (βv)dv′ ∈ CL′v′(α).
– If ¬ψ ∈ CL′u(φ) then ψ ∈ CL′u(φ) .
– If ψ1 ∨ ψ2 ∈ CL′u(φ) then ψ1 ∈ CL′u(φ) and ψ2 ∈ CL′u(φ).
– If ¬β ∈ CL′i(φ) then β ∈ CL′i(φ) .
– If β1 ∨ β2 ∈ CL′i(φ) then β1 ∈ CL′i(φ) and β2 ∈ CL′i(φ).
– If < a > βv ∈ CL′i(φ) then βv ∈ CL′v(φ) where v ⊆ loc(a) and if i ∈ v then
< a > β@i ∈ CL′i(φ).
– If Kiψ ∈ CL′i(φ) then ψ ∈ CL′[n](φ) and if α ∈ ψdj then Kiα@j ∈ CL′i(φ).
under negation, where we equate ¬¬ψ with ψ. |CLu(φ)| = |φ| ·O(2n), but note that n
is a constant for our purposes.
From now on, fix a formula φ0 for which we wish to construct the epistemic tran-
sition system, and we simply write CLu for the set CLu(φ0). Let A ⊆ CLi. We call
A an i-atom if it is propositionally consistent: for every formula β ∈ CLi, ¬β ∈ A iff
β 6∈ A, and for every β1 ∨ β2 in CLi, β1 ∨ β2 ∈ A iff β1 ∈ A or β2 ∈ A. Similarly, we
can define subsets of CLu(φ) to be u-atoms. Let ATu denote the set of all u-atoms.
Consider 〈A1, · · · , An〉, where Ai is an i-atom. Let φ ∈ Γ . The notion that φ ∈〈A1, · · · , An〉 is defined easily: α@i ∈ 〈A1, · · · , An〉 if α ∈ Ai; ¬ψ ∈ 〈A1, · · · , An〉 if ψ 6∈〈A1, · · · , An〉, and ψ1 ∨ ψ2 ∈ 〈A1, · · · , An〉 if ψ1 ∈ 〈A1, · · · , An〉 or ψ2 ∈ 〈A1, · · · , An〉.
We define the epistemic alphabet to be C, where ci = 2CLi and �i=⊆. We define
the set of initial states I = {(A1, · · · , An) | φ0 ∈ 〈A1, · · · , An〉} For each of the initial
states, we define an ETS.
20
Fix an initial state 〈A1, · · · , An〉. Epistemic agents Mi’s are defined as Mi =
((ATi,→i, Ai), fi) where →i⊆ (ATi × Σi × ATi) is given by: Aa−→iB iff for every
〈a〉αloc(a) ∈ CLi, 〈a〉αi@i ∈ A iff αi ∈ B. fi : ATi → C is given by: fi(A)[j] = {α |Kiα@j ∈ A}. This corresponds to our intuition about what an agent knows at a local
state.
Call A ∈ ATi final iff for every �α ∈ CLi, if �α ∈ A then α ∈ A as well. Let
Fi = {A ∈ ATi | A is final}.Now consider the ETS Mφ0 = (M1, · · · ,Mn, 〈f1, · · · , fn〉, F ). Then the proof that
the language accepted by Mφ0 is the same as the language of φ0 is standard.
Given any model of φ0 say, ρ = s0a1s1 · · · sk−1aksk, define, for i ∈ [n], and j such
that 0 ≤ j ≤ k, µi(sj) = {α ∈ CLi | ρ, j |=i α}. We can then show that µi(sj) is
an i-atom, and that the tuple (µ1(sj), · · · , µn(sj)) is compatible. It is then easy to see
that every move in ρ is a transition of Mφ0 , and hence that we get an accepting run
of Mφ0 .
Conversely, given an accepting run of the constructed ETS, say ρ = s0a1s1 · · · sk−1aksk,
where sj = (A1, · · · , An), we can show that for every formula φ ∈ CL, ρ, j |= φ
iff φ ∈ (A1, · · · , An). This is proved by induction on formulas, and the main case
of knowledge modality is proved using the perfect exchange condition on compatible
products.
Now decidability of the logic follows from the fact that emptiness checking for ETS
is decidable.
5 Connections with concurrency theory
We now address the main business that we have left unfinished: the equivalence of
regular epistemic languages and regular consistent languages asserted by the theorem
mentioned earlier:
Theorem 7 ETS eΣ = RCL eΣ .
When we construct the epistemic system for a given regular consistent language L,
the local states are constructed from the views associated with strings. The existence
of an epistemic automaton accepting L essentially means that these views can be
captured by a finite number of states. The exact correspondence between the epistemic
system and the language is then established by the connection between views and the
knowledge map at states of the epistemic agents. Before we proceed to this proof, an
intermediate result that is classical in concurrency theory is relevant.
5.1 Zielonka automaton and views
The concept of using views to recognize regular consistent languages is not new; in
a different form, this is precisely what Zielonka’s theorem is about, which uses an
automaton with global transitions for this purpose. Views as defined above are implicit
in Zielonka’s proof, what we do here is to make their epistemic content explicit. We
briefly define Zielonka automata below, simply to make use of them for proving the
main theorem. For a detailed treatment of these automata, see [8].
21
A Zielonka automaton [33] on eΣ with n processes is given as a tupleA= (A1, . . . , An,
∆, F ), where for every i ∈ Loc,Ai = (Qi, Σi,∆i, s0i ) is the i-th automaton. Let
Q = Πi∈LocQi and let Qa denote Πi∈loc(a)Qi. F ⊆ Q is the set of final states.
The transition relation is ∆ = {δa | a ∈ Σ}, where δa ⊆ (Qa × Qa). For each δa,
where {i1, . . . , ik} = loc(a), and pj = qj , for all j 6∈ loc(a).
This transition among the global states is extended to words over Σ∗ in the natural
way. An immediate corollary of the transition on global states is the following.
Proposition 4 If (a, b) ∈ I then for all s, s′ ∈ Q, sab⇒As′ iff s
ba⇒As′. Consequently
L(A ) is closed under ∼.
The language accepted by A is defined as: L(A ) = {x ∈ Σ∗ | ∃s ∈ F.s0 x⇒As}.Then from the above proposition, we know that L(A ) is consistent. Further, since the
global automaton bA is an DFA, L(A ) ∈ RCL eΣ . Zielonka’s theorem states that the
converse is also true i.e., for every L ∈ RCL eΣ there is a Zielonka automaton A such
that L = L(A ). Thus the class of Zielonka automata over eΣ characterize RCL eΣ .
Theorem 8 (Zielonka)
1. For every Zielonka automaton A , L(A ) ∈ RCL eΣ .
2. For every regular consistent language L ∈ RCL eΣ there exists a deterministic
Zielonka automaton A such that L = L(A ).
The connection between a given deterministic Zielonka automaton A and the i-
views of a string is based on a simple idea. We know that if x ∼ y then (x)A = (y)Ai.e., both the strings lead to the same state in A . We also observe that by commutation
of independent actions in the string, we can factor any string x into an ∼-equivalent zy
such that z is the i-view of x and i does not take part in y. Then it is the case that the
i-state of a global state in A reached via x depends only on the i-view of x (namely,
x ↓ i). For a pictorial idea, see Fig. 3. In the following, we make this idea precise.
Proposition 5 For all x ∈ Σ∗, i ∈ Loc, (x)A [i] = (x ↓ i)A [i]. 3
5.2 Epistemic systems for regular consistent languages
As we have seen, the languages accepted by epistemic systems are indeed regular and
consistent. We now prove the converse, i.e., RCL eΣ ⊆ L(ETS eΣ). Since the class of
deterministic Zielonka automata over eΣ characterize RCL eΣ , it suffices to prove the
following theorem.
3 Proof in Appendix A
22
Fig. 3 Relating Zielonka automaton and i-views.
∅
28 Mohalik, Ramanujam
y
x
i
i
i
p
p’
p’
x ↓ i
Figure 3. Relating Zielonka automaton and i-views.
the i-view of x (namely, x ↓ i). For a pictorial idea, see Fig. 3. In thefollowing, we make this idea precise.
PROPOSITION 5.4. For all x ∈ Σ∗, i ∈ Loc, (x)A [i] = (x ↓ i)A [i]3.
5.2. Epistemic systems for regular consistent languages
As we have seen, the languages accepted by epistemic systems are in-deed regular and consistent. We now prove the converse, i.e., RCL
Σ⊆
L(ETSΣ
). Since the class of deterministic Zielonka automata over Σcharacterize RCL
Σ, it suffices to prove the following theorem.
THEOREM 5.5. Let A be a deterministic Zielonka automaton. Thenthere exists an epistemic system M such that L(A ) = L(M).
Proof: For all x ∈ Σ∗, a ∈ Σ, define the event associated with x as thelast transition on the path for x in A .
3 Proof in Appendix A
Main.tex; 26/11/2009; 15:24; p.28
Theorem 9 Let A be a deterministic Zielonka automaton. Then there exists an epis-
temic system fM such that L(A ) = L(fM).
Proof For all x ∈ Σ∗, a ∈ Σ, define the event associated with x as the last transition
on the path for x in A .
event(x) =
((ε)A , ε, (ε)A ) if x = ε,
((y)A , a, (x)A ) if x = ya.
(Note that (x)A stands for the global state δ(s0, x) in the deterministic Zielonka
automaton A .)
We define by γ(x)def= (event(x ↓ 1), · · · , event(x ↓ n)).
The epistemic alphabet C is taken as follows: Ci = {event(x ↓ i)|x ∈ Σ∗}. The
ordering �i is given by: event(x) �i event(y) iff there exist u, v ∈ Σ∗, u � v and
event(x) = event(u) and event(y) = event(v).
By this definition, event(x ↓ i) �i event(xa ↓ i) for all i ∈ Loc.Now we construct fM = (M1, · · · ,Mn, F ) where, for all i ∈ Loc, Mi = (Qi,−→i
, q0i , fi) such that
– Qi = {γ(x ↓ i) | x ∈ Σ∗}.– q0i = γ(ε).
– pa−→iq if there is some u ∈ Σ∗ such that p = γ(u ↓ i) and q = γ(ua).
We show that L(A ) = L(fM). The proof for left-to-right inclusion follows from the
observation that for every x ∈ Σ∗, there exists a path in cM such that (q01 , · · · , q0n)x
=⇒(γ(x ↓ 1), · · · , γ(x ↓ n)). This is proved by induction on | x |. The proof for right-to-left
inclusion follows from the following claim which is slightly more involved.
Claim Let (q01 , · · · , q0n)x
=⇒(γ(y1 ↓ 1), · · · , γ(yn ↓ n)). Then for every i ∈ Loc, (x)A [i] =
(yi)A [i] 4.
Assume the claim. Let x ∈ L(fM). Then in the product cM , there is a path (q01 , · · · , q0n)x
=⇒qwhere q = (γ(z ↓ 1), · · · , γ(z ↓ n)), for some z ∈ L(A ). By the claim, ∀i ∈ Loc, (x)A [i] =
(z)A [i] meaning thereby (x)A = (z)A . Since z ∈ L(A ), x ∈ L(A ) and we get the
required inclusion. ut
6 Discussion
In this paper we have addressed the question of providing automata theoretic foun-
dations for epistemic models. These are intended to provide a local / compositional /
product presentation unlike the global presentations in models of dynamic epistemic
logics and epistemic temporal logics. In the process, we build a model that takes explicit
account of knowledge mechanisms. In the context of systems of agents that communi-
cate only using synchronous means so that perfect information exchange is possible,
we show the rudiments of such an automata theory: closure under boolean operations
and homomorphisms, algorithms for emptiness checking and Kleene-type theorems. We
define an epistemic temporal logic of local properties and prove it to be decidable us-
ing an epistemic automaton construction. We show that these models can be formally
proved equivalent to the class of regular trace languages, thus establishing a strong
connection between the study of epistemic logics and concurrency theory.
A very important and interesting question is when (and how) models of dynamic
epistemic logics can be decomposed into epistemic transition systems.
Acknowledgements We thank Johan van Benthem and Eric Pacuit for their encouragementand all participants of the ESSLLI workshop in Hamburg (2008) for their comments on thistopic.
References
1. Baltag, A., Moss, Lawrence S., Solecki, S., “The logic of public announcements, commonknowledge, and private suspicions”, Proc. Theoretical Aspects of Rationality and Knowledge,Morgan Kaufmann, pp 111-121 (1998)
2. van Benthem, J., van Eick, J. and Kooi, B., “Logics of Communication and Change”,Information and Computation, 204:11, pp 1620-1662 (2006)
3. van Benthem, J., Gerbrandy, J. and Pacuit, E., “Merging Frameworks for Interaction: DELand ETL”, Proc. Theoretical Aspects of Rationality and Knowledge, Morgan Kaufmann,pp 72-81 (2007)
4. van Benthem, J., Gerbrandy, J., Hoshi, T. and Pacuit, E., “Merging Frameworks for Inter-action”, Journal of Philosophical Logic 38, pgs 491 - 526 (2009)
5. van Benthem, J. and Pacuit, E.: “The Tree of Knowledge in Action: Towards a CommonPerspective”, Advances in Modal Logic, pp 87-106 (2006)
7. Diekert, V. and Muscholl, A., “Deterministic asynchronous automata for infinite traces”,LNCS 665, pp 617-628 (1993)
8. Diekert, V. and Rozenberg, A. (Eds), A book of traces, World Scientific (1995)
9. van Ditmarsch, H., van der Hoek, W., and Kooi, B., Dynamic Epistemic Logic, Springer(2007)
10. Eijck, Jan van and De Vries, Fer-Jan, “Reasoning about update logic”, Journal of Philo-sophical Logic, 24(1), pp 19-45 (1995)
11. Fagin, R., Halpern, J., Moses, Y. and Vardi, M., Reasoning about knowledge, M.I.T. Press(1995)
12. Ladner, Richard E. and Reif, John H., The Logic of Distributed Protocols, Proc. TheoreticalAspects of Reasoning about Knowledge, Morgan Kaufmann, pp 207-222 (1986)
13. Halpern, J. and Moses, Y., “Knowledge and Common Knowledge in a Distributed Envi-ronment”, JACM 37(3), pp 549-587 (1990)
14. Halpern, J., Meyden, R. Van Der, and Vardi, M., ”A Complete Axiomatization of a Logicof Knowledge and Time”, SIAM Journal on Computing, pp. 674-703 (2004)
15. Krasucki, P. and Ramanujam, R., “Knowledge and the ordering of events in distributedsystems”, Proc. Theoretical Aspects of Reasoning about Knowledge, Morgan Kaufmann,pp 267-283 (1994)
16. Fischer, Michael J. and Immerman, N., Foundations of Knowledge for Distributed Systems,Proc. Theoretical Aspects of Reasoning about Knowledge, Morgan Kaufmann, pp 171-185(1986)
17. Lodaya, K., Parikh, R., Ramanujam, R. and Thiagarajan, P.S., “A logical study of dis-tributed transition systems”, Information and Computation, 119, pp 91-118 (1995)
18. Mazurkiewicz, A., “Basic notions of trace theory”, LNCS, 354, pp 285-363 (1989)
19. Misra, J. and Chandy, M., “Proofs of networks of processes”, IEEE Trans. on Soft. Engg.,7, pp 417-426 (1981)
20. Mohalik S.K. and Ramanujam, R., “Assumption-Commitment in automata”, Proc. of FST& TCS in LNCS 1346, pp 153-168 (1997)
21. Mohalik S.K. and Ramanujam, R., “A presentation of regular languages in the assumption-commitment framework”, Proc. of CSD’98, Aizu-Wakamatsu, Japan, pp 250-260 (1998)
22. Ochmanski, E., “Regular behaviour of concurrent systems”, Bulletin of the EATCS, 27,pp 56-67 (1985)
23. Pacuit, E. and Parikh, R., “The Logic of Communication Graphs”, DALT, 256-269 (2004)
24. Parikh, R. and Ramanujam, R., “Distributed Processes and the Logic of Knowledge”,Logic of Programs, pp 256-268 (1985)
25. Parikh, R. and Ramanujam, R., “A Knowledge Based Semantics of Messages”, JOLLI,12(4), pp 453-467 (2003)
26. Ramanujam, R., “Knowledge and the next state modality”, Proc. Indian National Seminarin TCS, pp 62-80 (1994)
27. Ramanujam, R. “A local presentation of synchronizing systems”, in Structures in Con-currency Theory, ed: Jorg Desel, Springer Workshops in Computing, pp 264-278 (1995)
28. Ramanujam, R. “Local knowledge assertions in a changing world”. Proc. TheoreticalAspects of Rationality and Knowledge, Morgan Kaufmann, pp 1-17 (1996)
29. Ramanujam, R., “Locally linear time temporal logic”, Proc. IEEE Logic in ComputerScience, pp 118-127 (1996)
30. Thomas, W., “Automata on infinite objects”, Handbook of Theoretical Computer Science,vol. B, ed: van Leeuwen, Elsevier, 1990, pp 133-191.
31. Vardi, M.Y. and Wolper. P., “An automata-theoretic approach to automatic programverification”, Proc. of the First Symp. on Logic in Computer Science, Cambridge, pp 138-266 (1986)
32. Veltman, F., “Defaults in update semantics”, Journal of Philosophical Logic, 25, pp 221-261 (1996)
33. Zielonka, W., “Notes on finite asynchronous automata”, RAIRO-Inf. Theor. et Appli., 21,pp 99-135 (1987)
25
A Proofs on views and Zielonka automata
A.1 Proof of proposition 1
Proposition 6 For all α ⊆ Loc and for all x ∈ Σ∗, Cα(x) has a �-maximum.
Proof (By induction on the length of x). For x = ε, Cα(x) = {ε}, for all α ⊆ Loc. Then themaximum element is ε.
To prove the induction step, assume that for all strings x of length k, for all α ⊆ Loc,Cα(x) has a �-maximum for all α. Now, let y = xa and consider any α ⊆ Loc. By inductionhypothesis, there is a �-maximum z in Cα(x). We want to show that Cα(xa) also has a�-maximum.
We consider the following two cases.
1. Case loc(a) ∩ α = ∅. For this case, we show that Cα(x) = Cα(xa). Then, z is the �-maximum in Cα(xa).By the observation above, if u� v, then Cα(u) ⊆ Cα(v). Hence, Cα(x) ⊆ Cα(xa).On the other hand, if u ∈ Cα(xa) then u � x, because any string va with v � x is notα-connected under this case. Hence we also have Cα(xa) ⊆ Cα(x).
2. Case loc(a)∩α 6= ∅. Let w stand for the �-maximum subsequence in Cα∪loc(a)(x). Notethat this exists by induction hypothesis. By definition, w is (α ∪ loc(a))-connected.
Claim Let loc(a) ∩ α 6= ∅. Then va is α-connected iff v is (α ∪ loc(a))-connected.
Assume the claim. Then wa is α-connected. In order to show that wa is the �-maximumsubsequence in Cα(xa), let u ∈ Cα(xa). Hence u � xa which means either u � x or(u = va and v � x). We need to show that in either case, u� wa.Case 1: u� x. Since u is α-connected and loc(a)∩α 6= ∅, u is α∪ loc(a)-connected. Sincew is the �-maximum in Cα∪loc(a)(x), u� w and therefore u� wa.Case 2: u = va and v � x. Since u = va is α-connected, by the claim, v is α ∪ loc(a)-connected. Also, since w is the �-maximum in Cα∪loc(a)(x), v � w, and therefore, u =va � wa. Thus we have shown that wa is the �-maximum subsequence in Cα(xa) andthe proposition is proved, pending the proof of claim.
Proof of claim: Let v = a1 . . . ak.(⇒). Since va is α-connected, for every aj , 1 ≤ j ≤ k, aj has an α-chain in va. We have toshow that each aj has α ∪ loc(a)-chain in v.
Fix j. Let the α-chain for aj be w = ajaj1 . . . ajm . If jm < k, then w � v and loc(ajm )∩α 6= ∅, hence loc(ajm ) ∩ (α ∪ loc(a)) 6= ∅.
If jm = k, then ajaj1 . . . ajm−1 � v and loc(ajm−1 )∩ loc(a) 6= ∅. Then loc(ajm−1 )∩ (α∪loc(a)) 6= ∅.
In either case aj has a α∪ loc(a)-chain in v. Since j was arbitrary, therefore, v is α∪ loc(a)-connected.(⇐) Given that v is α∪ loc(a)-connected, we have to show that every aj has an α-chain in va.
For all aj , 1 ≤ j ≤ k, aj has an α ∪ loc(a)-chain, say w, in v. Then, from definition ofα-chain, w is either an α-chain of aj in v or w is a loc(a)-chain of aj in v.
In the first case, w is also an α-chain of aj in va. In the second case, since loc(a)∩α 6= ∅, wais an α-chain of aj in va. Hence va is α-connected, proving the claim and the proposition. ut
A.2 Proof of Proposition 5
Proposition 7 For all x ∈ Σ∗, i ∈ Loc, (x)A [i] = (x ↓ i)A [i].
Proof The following claim pins down the factoring of x into i-view and and i-independentpart.
Claim For all x ∈ Σ∗, for all α ⊆ Loc, there is a y ∈ Σ∗ such that x ∼ (x ↓ α)y and ydα = ε.
26
Assume the claim and fix an i ∈ Loc. Then there is an y ∈ Σ∗ such that x ∼ (x ↓ i)y andydi = ε. Hence, (x)A = ((x ↓ i)y)A , from which we get:
(x)A [i] = ((x ↓ i)y)A [i] = (x ↓ i)A [i].
Proof (of claim) Fix α ⊆ Loc. Let x = x0a1x1a2x2 . . . anxn such that x ↓ α = a1a2 . . . an,xj ∈ Σ∗, aj ∈ Σ for all j, 0 ≤ j ≤ n. Take y = x0x1 · · ·xn.
Notice that for any α ⊆ Loc, xdα is α-connected. Hence, xdα� x ↓ α. This immediatelyshows, from the construction of y, that ydα = ε.
Now we show that for all i, 0 ≤ i < n, loc(xi) ∩ loc(ai+1 . . . an) = ∅. Suppose not. Thenthere is an i, and b in xi such that loc(b) ∩ loc(aj) 6= ∅ for some j, i + 1 ≤ j ≤ n. But aj hasan α-chain, call it σ, in x. Hence, b · σ is an α-chain of b in x. This implies b is α-connectedin x and hence b = ak for some k. But by the construction of y, again, this is a contradiction.Thus, essentially we get that for all i, j such that 0 ≤ i < n, i < j ≤ n, xi I ai+1.By using this fact and by definition of ∼, we know that
x = x0a1x1a2x2 . . . anxn∼ a1x0x1a2x2 . . . anxn commuting x0 and a1
=⇒(γ(y1 ↓ 1), · · · , γ(yn ↓ n)). Then for every i ∈ Loc, (x)A [i] = (yi)A [i].
The proof is by induction on the length of x. The base case is trivial. For the inductionstep, assume the hypothesis for all x ∈ Σ∗ such that | x | = k. Let y = xa and let the path incM for y = xa be
Since in the following, we use Proposition 5 (relating views and states of Zielonka automaton)many times, we recall it for ready reference: For all x ∈ Σ∗, i ∈ Loc, (x)A [i] = (x ↓ i)A [i].Fix an i ∈ Loc. If i 6∈ loc(a), γ(yi ↓ i) = γ(zi ↓ i). By definition of γ and event, we get(yi ↓ i)A = (zi ↓ i)A . So, in particular for i, (yi ↓ i)A [i] = (zi ↓ i)A [i]. Now, using Propo-sition 5, we get:
(yi)A [i] = (zi)A [i]. (3)
By the induction hypothesis (1), then, we get (x)A [i] = (zi)A [i]. But (x)A [i] = (xa)A [i],since i 6∈ loc(a). So finally, we get (xa)A [i] = (zi)A [i] and we are done.
For i ∈ loc(a), γ(yi ↓ i) a−→iγ(zi ↓ i). So by the construction of−→i, for all i ∈ loc(a),∃ui ∈Σ∗ such that
Now, from the first conjunct, using Proposition 5, we get for all i ∈ loc(a), (yi)A [i] = (ui)A [i].Combining with induction hypothesis (1), we have
for all i ∈ loc(a), (x)A [i] = (ui)A [i]. (4)
Similarly, from the second conjunct, we get:
for all i ∈ loc(a), (zi)A [i] = (uia)A [i]. (5)
Since the transition is a perfect exchange, for all j, k ∈ loc(a), γ(zj ↓ j) = γ(zk ↓ k), hence,for all j, k ∈ loc(a), γ(uja) = γ(uka). From the definition of γ and event, for all j, k ∈ loc(a),(uj ↓ loc(a))A = (uk ↓ loc(a))A , and hence, in particular for k,
for all j, k ∈ loc(a), (uj)A [k] = (uk)A [k]. (6)
Now, by equations 4 and 6 above, for all k, i ∈ loc(a), (x)A [k] = (uk)A [k] = (ui)A [k]. Then,by the property of Zielonka automaton, for all k ∈ loc(a), (xa)A [k] = (uia)A [k]. In particular,when k = i, (xa)A [i] = (uia)A [i]. Using equation 5 then we get (xa)A [i] = (zi)A [i]. Thisproves the claim and the theorem. ut
B Proof of equivalence between ETS’s and CSL
In this section we give the details of the proof of Theorem 3 which establishes the equivalencebetween the classes of languages accepted by ETS’s and CSL’s.
We are on our way to relating compatible shuffle and epistemic product, but before that wehave to climb another step. Agent automata as we have defined them are over the alphabet Σi,whereas agent languages above are over ΣCi . Thus we need to “lift” agent automata to operateover the extended alphabet. But this is easily accomplished: since the states are annotatedwith knowledge maps from Φ, we take these into account (like in a Moore machine) along withtransition labels.
For example, if q0a1−→iq1
a2−→iq2, q0 is the initial state and q2 is the final state, then we saythat this is an accepting path for < a1, fi(q1) > · < a2, fi(q2) >.
Since the local automata are finite state, languages thus accepted by these are regular overΣCi . But, is the reverse true? In other words, for any regular language L over ΣCi , is there anepistemic automaton over Σi that accepts L? We show in the following that this is indeed thecase.
We first define the language acceptance (in the above sense) of E-automata. Let (Mi =(Qi,−→i, q
0i ), fi) be an epistemic automaton over Σi. We transform Mi into a TS M ′i =
(Q′i,−→ci , q
c0i ) over ΣCi where, Qci = Qi, q
c0i = q0i and −→c
i ⊆ Qci × ΣCi × Qci is defined as
follows: p<a,φ>−→c
i q iff pa−→iq and φ = fi(q). This one-step transition can be extended to =⇒c
ifor strings from ΣCi
∗.Then given an epistemic agent automaton ((Mi, fi), Fi), we define
Lm((Mi, fi), Fi)def= L(M ′i , Fi).
Proposition 8 L ∈ RegΣCi iff there is an agent automaton (M,F ) over Σi such that L =
Lm(M,F ).
Proof One direction of the proof follows immediately from the definition of Lm.For the other direction, suppose L ∈ RegΣCi . Since L is regular over ΣCi , there exist some
finite state automaton (A = (Q,−→, q0), F ) such that L = L(A,F ).Note that in A, two transitions with different knowledge maps may be pointing to the
same state. So we refine the states so that transitions that point to a state have the sameknowledge map. This is possible because the number of assumption maps is finite. We do thisas follows.
Define the automaton ((M, f), G) as follows. Let M = (P ,=⇒, p0) where,
28
– P = {q0} ∪[q∈Q
{(q, φ) | there is a transition p<a,φ>−→ q in A},
– p0 = q0,
– (p, φ1)a
=⇒(q, φ2) iff p<a,φ>−→ q and φ2 = φ, and
– for all states (p, φ), f((p, φ)) = φ.
Finally, G = {(p, φ)|p ∈ F}.In order to check that Lm((M, f), G) = L, we transform M in to the following TS (Mc =
(Qc,−→c, qc0), F c) over ΣCi , where
– Qc = Q,– qc0 = p0,
– (p, φ1)<a,φ>−→c (q, φ2) iff (p, φ1)
a=⇒(q, φ2) and φ = f((q, φ2)) = φ2,
– Finally, F c = G.
Since, by definition, Lm(M,G) = L(Mc, F c), it suffices to show that L(Mc, F c) = L(A,F ).This is done by establishing an one-to-one correspondence between the states of the au-tomata Mc and A through the map Θ where Θ((p, φ)) = p and Θ(q0) = q0 and F ′ ={(p, φ) | Θ((p, φ)) = p ∈ F}. ut
B.1 Relating runs of ETS and good strings over ΣΞ
There is a fairly obvious association between states and runs of an ETS and good strings over
ΣΞ . We make it explicit in the following. Let fM = (M1, . . . ,Mn, < f1, · · · , fn >,F ) be an
ETS and cM = (bQ,−→, (q01 , · · · , q0n), F ) be the epistemic product of fM .
Definition B1 Let (q1, · · · , qn) ∈ bq. Then env(q1, · · · , qn)def= ξ, where ξ(i) = fi(qi), for all
i ∈ Loc.
When (q1, · · · , qn) is a coherent state and ξ = env(q1, · · · , qn), ξ is feasible, because by thedefinition of coherence, for all i, j ∈ Loc, fi(qi)(j) �j fj(qj)(j) and hence by construction, forall i, j ∈ Loc, ξ(i)(j) �j ξ(j)(j).
We can associate strings over ΣC∗ (letters of type < a, φ >) with runs of cM in a canonical
fashion. Fix x = a1a2 . . . ak, and a run ρ = (q1, · · · , qn)a1−→ (q11 , . . . , q
1n) . . .
ak−→ (qk1 , . . . , qkn) =
(p1, · · · , pn) on x in cM . Define c(ρ) =< a1, ξ1 > . . . < ak, ξk >∈ ΣΞ∗ by: for 1 ≤ l ≤ k,ξl = env(ql1, . . . , q
ln).
Note that when x = ε, c(ρ) = ε. The initial environment associated with the run is definedas env(q1, · · · , qn).
Proposition 9 Let ρ be a run in (q1, · · · , qn)x
=⇒(p1, · · · , pn). Then, c(ρ) is a witness for xunder env(q1, · · · , qn).
Proof By definition, σ(c(ρ)) = x. Hence it suffices to show that c(ρ) is good w.r.t. env(q1, · · · , qn).
Let the run ρ be (q1, · · · , qn)a1−→ (q11 , . . . , q
n1 ) . . .
ak−→ (q1k, . . . , qnk ) = (p1, · · · , pn).
Fix l such that 1 ≤ l ≤ k. For all j 6∈ loc(al), ql−1j = qlj by asynchrony. Hence, by definition
of c(ρ), ξl−1(j) = fj(ql−1j ) = fj(q
lj) = ξl(j).
Also, since all the states in the product are coherent and the transitions have the perfectexchange property, ξ0 = env(q1, · · · , qn) is feasible and for all l, 1 ≤ l ≤ k,< al, ξl > is feasible.This proves that c(ρ) is good w.r.t. env(q1, · · · , qn). ut
The above propositions give us an important result regarding runs in the product andtheir projections.
Proposition 10 Let ρ denote a run (q1, · · · , qn)x
=⇒(p1, · · · , pn) in cM . Then for all i ∈ Loc,there exist xi ∈ ΣCi
∗ such that qixi
=⇒cipi and x is generated by the tuple (x1, x2, · · · , xn) under
env(q1, · · · , qn).
29
Proof By the previous proposition c(ρ) is a witness for x under env(q1, · · · , qn). Take xi =
c(ρ)bdi, for all i ∈ Loc. Then, x is generated by the tuple (x1, x2, · · · , xn) under env(q1, · · · , qn).
From the definition of bd and −→ci , one can carry out an induction argument on the length of
x to show that qixi
=⇒cipi. ut
Proposition 11 Let bx =< a1, ξ1 >< a2, ξ2 >, . . . , < ak, ξk >∈ ΣΞ∗ be good w.r.t. ξ0 =
env(q1, · · · , qn) such that qibxbdi
=⇒cipi for all i ∈ Loc. Then, ξk(i) = fi(pi) for i ∈ Loc. (Since ξk
is feasible this implies that (p1, · · · , pn) is coherent.)
Proof Let l be the last i-action in bx. If l = 0 (meaning bxbdi), then pi = qi and by goodness ofbx, ξk(i) = ξ0(i) = fi(pi) for all i ∈ Loc.
Otherwise, l ≥ 1 and for every i ∈ Loc, there is an ri ∈ Qi such that qiy
=⇒ci ri
< al,ξl(i) >
−→ci pi,
where bxbdi = y· < al, ξl(i) >. Hence, fi(pi) = ξl(i). By goodness of bx, ξl(i) = ξk(i). Therefore,fi(pi) = ξk(i) and we are done. ut
Proposition 12 Suppose x ∈ Σ∗ and for all i ∈ Loc, there exist xi ∈ ΣCi∗ such that qi
xi=⇒c
ipi and x is generated by the tuple (x1, x2, · · · , xn) under env(q1, · · · , qn). Then (q1, · · · , qn)x
=⇒ (p1, · · · , pn) in cM .
Proof (by induction on length of x) The assumptions of the claim are rephrased as follows:
there exist xi ∈ ΣCi∗ such that qi
xi=⇒c
i pi and there exists a witness bx ∈ ΣΞ∗ of x un-
der env(q1, · · · , qn) such that bxdi = xi. We have to show that (q1, · · · , qn)x
=⇒ (p1, · · · , pn).Note that since bx is good w.r.t. env(q1, · · · , qn), (q1, · · · , qn) is coherent from the definitionof goodness. From Proposition 11 (p1, · · · , pn) is also coherent. Hence both (q1, · · · , qn) and
(p1, · · · , pn) are in cM .Let x = ε. Then the witness bx must be ε since σ(bx) = x. This implies, for all i ∈ Loc
xi = ε. Hence, qi = pi for all i. Then, it is obvious that (q1, · · · , qn)x
=⇒ (p1, · · · , pn).For the induction step, let x = ya. Then the witness bx for x must be of the form bx =by· < a, ξ >, where σ(by) = y. Since bx is a witness under env(q1, · · · , qn) it is good w.r.t.
env(q1, · · · , qn). Hence, by must also be good w.r.t env(q1, · · · , qn). Therefore, by is a witness
of y under env(q1, · · · , qn). Let bybdi = yi for all i ∈ Loc. Then, by is generated by (y1, · · · , yn)under env(q1, · · · , qn).
It is given that for all i ∈ Loc, bxbdi = xi. Hence for every i 6∈ loc(a), xi = bxbdi = bybdi = yiand for every i ∈ loc(a), xi = yi· < a, ξ(i) >.
It is also given that for all i ∈ Loc, qixi
=⇒cipi. Hence, for all i 6∈ loc(a), qi
yi=⇒c
ipi and for all
i ∈ loc(a), there is an ri ∈ Qi such that qiyi
=⇒ci ri
<a,ξ(i)>
−→ci pi. Therefore, fi(pi) = ξ(i).
Since we have:
1. for all i 6∈ loc(a), qiyi
=⇒cipi, and
2. for all i ∈ loc(a), qiyi
=⇒ci ri,
by induction hypothesis, (q1, · · · , qn)y
=⇒(s1, · · · , sn), where for i 6∈ loc(a), si = pi and fori ∈ loc(a) si = ri.
Now, we have got the following facts : (1) for i 6∈ loc(a), si = pi, (2) for i ∈ loc(a),
si = ri<a,ξ(i)>
−→ci pi, hence from the definition of −→c
i , sia−→ipi and ξ(i) = fi(pi), lastly
(3) since < a, ξ > is feasible, for i, j ∈ loc(a), ξ(i) = ξ(j), hence fi(pi) = fj(pj). Hence
from the definition of transition −→ in cM , (s1, · · · , sn)a−→(p1, · · · , pn). Therefore, finally,
(q1, · · · , qn)ya
=⇒(p1, · · · , pn), as required. ut
Proposition 13 Suppose, for all i ∈ Loc, Li = Lm((Mi, fi), Fi). Take an ETS fM =(M1, . . . ,Mn, < f1, · · · , fn >, Πi∈LocFi) with the initial state (q01 , · · · , q0n). Let ξ0 denote
env(q01 , · · · , q0n). Then L(fM) = (‖ Li)ξ0 .
30
Proof (⊆ :) Let x ∈ L(fM). Then there is a final state (qf1 , · · · , qfn) ∈ Πi∈LocFi such that
(q01 , · · · , q0n)x
=⇒(qf1 , · · · , qfn). By Proposition 10, there exist xi ∈ ΣCi
∗ such that q0i
xi=⇒c
i qfi and
x is generated by the tuple (x1, x2, · · · , xn) under ξ0 = env(q01 , · · · , q0n). Since each qfi is in Fi,
each xi is in Li. Hence by definition of E-shuffle, x ∈ (‖ Li)ξ0 . Therefore, L(fM) ⊆ (‖ Li)ξ0 .(⊇:) Let x ∈ (‖ Li)ξ0 . By definition, there exist xi ∈ ΣCi
∗ such that xi ∈ Li and x isgenerated by the tuple (x1, · · · , xn) under ξ0.
Since xi ∈ Li, for all i ∈ Loc, there is some qfi ∈ Fi such that q0i
, {qf}). Let qf = (qf1 , · · · , qfn) and Li = Lm((M i, fi), {qfi }). By the previous proposition
there is an epistemic environment ξ0 such that L(fMqf ) = (‖ Li)ξ0 . This places L(fMqf ) in
L(CSL eΣ). Then, since L(CSL eΣ) is closed under union, L also is placed in it.
Let L = (‖ Li)ξ0 . We show that L ∈ L(CSL eΣ). Since Li’s are regular over ΣCi , by Propo-
sition 8, there are epistemic agent automata ((Mi, fi), Fi) such that Li = Lm((Mi, fi), Fi).By Proposition 13, the ETS M = (M1, · · · ,Mn, < f1, · · · , fn >,Πi∈LocFi) accepts L. SinceM is an automaton over Σ, L ∈ RegΣ . Since any language in CSL eΣ is either a compatible
shuffle or a union of compatible shuffle languages, and L(ETS eΣ) is closed under union, we get