Bounded game-theoretic semantics for modal mu-calculus

We introduce a new game-theoretic semantics (GTS) for the modal mu-calculus. Our so-called bounded GTS replaces parity games with novel alternative evaluation games where only finite paths arise. Infinite paths are not needed even when the considered transition system is infinite.


Introduction
The modal µ-calculus [4] is a well-known formalism that plays a central role in, e.g., program verification. The standard semantics of µ-calculus is based on fixed points, but the system has also a well-known game theoretic semantics that makes use of parity games. The related games generally involve infinite plays, and the parity condition is used for determining the winner (see, e.g., [1] for further details).
In this article we present an alternative game theoretic semantics for the modal µcalculus. Our so-called bounded GTS is based on games that resemble the parity games for the µ-calculus, but there is an extra feature that ensures that the plays within the novel framework always end after a finite number of rounds. Thereby only finite paths arise in related evaluation games even when investigating infinite transition systems.
In the novel games, the evaluation of a fixed point formula begins by one of the players declaring an ordinal number. This ordinal is then lowered as the game proceeds, and since ordinals are well-founded, the game will end in finite time i.e., after a finite number of game steps. In general, infinite ordinals are needed in the games. However, finite ordinals suffice on finite models.
While we of course will prove that the bounded GTS is equivalent to the standard semantics of the µ-calculus, our approach also leads naturally to a range of alternative semantic systems that are not equivalent to the standard semantics. For example, if only finite ordinals are allowed, the resulting semantics differs from the standard semantics (unless only finite models are considered). However, we will show that these alternative systems of GTS are equivalent to natural variants of the standard compositional semantics of the µ-calculus.
It is worth noting that the difference between the standard and bounded GTS for the µ-calculus is analogous to the relationship between while-loops and for-loops. While-loops are iterated possibly infinitely long, whereas for-loops run for k ∈ N rounds, where k can generally be an input to the loop.

Syntax
Let Φ be a set of proposition symbols and Λ a set of label symbols. Formulae of the modal µ-calculus are defined as follows: Let ϕ be a formula of the µ-calculus. The set of nodes in the syntax tree of ϕ is denoted by Sf(ϕ). All of these nodes correspond to some subformula of ϕ, but the same subformula may have several occurrences in the syntax tree of ϕ, as for example in the case of the formula p ∨ p. It is important that we can always distinguish between different occurrences of the same subformula, and thus we always assume that the position in the syntax tree of ϕ is known for any given subformula of ϕ. We also use the following notation: Sf µν (ϕ) := {θ ∈ Sf(ϕ) | θ = µXψ or θ = νXψ for some ψ ∈ Sf(ϕ)}.

Compositional semantics
where W is a nonempty set, R a binary relation over W and V : Φ → P(W ) a valuation for proposition symbols in Φ. An assignment s : Λ → P(W ) for M maps every label symbol X to some subset of W . Definition 2.1. Let M = (W, R, V ) be a Kripke model, w ∈ W . Let ϕ be a formula of the µ-calculus. We define truth of ϕ in M and w, denoted by M, w ϕ, recursively: • M, w s X iff w ∈ s(X).
• M, w s ψ ∧ θ iff M, w s ψ and M, w s θ.
To deal with the operators µ and ν, we define an operator ϕ X,s : P(W ) → P(W ) such that where s[A/X] is the assignment that sends X to A and treats other label symbols the same as s. The operators ϕ X,s are always monotone, and thus have least and greatest fixed points. We are now ready to formulate the semantics for the logical operators µX and νX: • M, w s µXψ iff w is in the least fixed point of the operator ψ X,s .
• M, w s νXψ iff w is in the greatest fixed point of the operator ψ X,s .
A label symbol X is said to occur free in a formula ϕ if it is not a subformula of any formula of the form µXψ or νXψ. A formula ϕ is called a sentence if it does not contain any free label symbols. If ϕ is a sentence, its truth is independent of assignments s. Hence we may simply write M, w ϕ instead of M, w s ϕ for a sentence ϕ.

Bounded game-theoretic semantics
In this section we define the bounded game-theoretic semantics (GTS) for the µ-calculus. The semantics shares some features with a similar GTS for the Alternating-time Temporal Logic (ATL) defined in [2]. See also [3].

Bounded evaluation games
Let ϕ be a sentence of the µ-calculus and X ∈ Sf(ϕ). The reference formula of X, rf(X), is the unique subformula of ϕ that binds X. That is, rf(X) is of the form µXψ or νXψ for some ψ, X ∈ Sf(rf(X)) and there is no θ ∈ Sf µν (rf(X)) \ {rf(X)} s.t. X ∈ Sf(θ) and θ is of the form µXψ or νXψ. Since ϕ is a sentence, every label symbol has a reference formula (and the reference formula is unique for each label symbol).
The game begins from the initial position (w 0 , ϕ 0 , c 0 ), where c 0 (θ) = Γ for every θ ∈ Sf µν (ϕ 0 ). The game is then played according to the following rules: • In a position (w, p, c) for some p ∈ Φ, Eloise wins the game if w ∈ V (p). Otherwise Abelard wins the game.
• In a position (w, ¬p, c) for some p ∈ Φ, Eloise wins the game if w / ∈ V (p). Otherwise Abelard wins the game.
• In a position (w, ♦ψ, c), Eloise selects some v ∈ W s.t. wRv and the next position of the game is (v, ψ, c). If there is no such v, then Abelard wins the game.
• In a position (w, ψ, c), Abelard selects some v ∈ W s.t. wRv and the next position of the game is (v, ψ, c). If there is no such v, then Eloise wins the game.
• In a position (w, µXψ, c), Eloise chooses an ordinal γ < Γ. Then the game continues from the position (w, ψ, c[γ/µXψ]). Here c[γ/µXψ] is the clock mapping that sends µXψ to γ and treats other formulae as c.
• Suppose that the game is in a position (w, X, c). Let c(rf(X)) = γ.
-Suppose that rf(X) = µXψ for some ψ. * If γ = 0, then Abelard wins the game. * Else, Eloise must select some γ ′ < γ, and the game continues from the -Suppose that rf(X) = νXψ for some ψ. * If γ = 0, then Eloise wins the game. * Else, Abelard must select some γ ′ < γ, and the game continues from the The positions where one of the players wins the game, are called ending positions. The execution of the rules related to a position of the game constitutes one round of the game. The number of rounds in a play of the game is called the length of the play. We call the ordinals γ < Γ clock values and the ordinal Γ the clock value bound.
Note that in GTS we have no need for assignments s. A label symbol in Λ is simply a marker that points to a node (i.e., a formula) in the syntax tree of the sentence ϕ 0 . Hence label symbols are conceptually quite different in GTS and compositional semantics. Proof. For each positive integer k, let ≺ k denote the "canonical lexicographic order" of k-tuples in of ordinals. That is, i and γ j = γ ′ j for all j < i. Consider a branch in the syntax tree of ϕ. Let ψ 1 , . . . , ψ k ∈ Sf µν (ϕ) be the µν-formulae occurring on this branch in this order (starting from the root). In each round of the game, each such sequence (ψ 1 , . . . , ψ k ) is associated with the k-tuple (c(ψ 1 ), . . . , c(ψ k )) of clock values (that are ordinals less or equal to Γ). It is easy to see that if c and c ′ are clock mappings such that c ′ occurs later than c in the game, then we have (c ′ (ψ 1 ), . . . , c ′ (ψ k )) k (c(ψ 1 ), . . . , c(ψ k )). Therefore, and since ordinals are well-founded, it is easy to see that the game will always end after a finite number of rounds.
The game tree T (G) of an evaluation game G = (M, w, ϕ, Γ) is formed by beginning from the initial position and adding transitions to all possible successor positions. This procedure is then repeated from the successor positions until an ending position is reached. In the game tree, the initial position is of course the root and ending positions are leafs. Complete branches correspond to possible plays of the game. Due to Proposition 3.2, the game tree of any bounded evaluation game is well-founded, i.e., it does not contain infinite branches. However, if the clock value bound Γ is infinite, then the width of the game tree becomes infinite.

Game-theoretic semantics
be an evaluation game. A strategy σ for Eloise in G is a partial mapping on the set of positions (w, ϕ, c) of the game. If σ(w, ϕ, c) is defined, then we have: • σ(w, X, c) ∈ {γ | γ < c(rf(X))} when ϕ = X and rf(X) is of the form µXψ.
We say that Eloise plays according to σ if she makes all her choices according to instructions given by σ (and σ gives instructions for every position where Eloise needs to make a choice). We say that σ is a winning strategy if Eloise can play every game according to σ and she wins every game played according to σ.
We are now ready to define a game-theoretic semantics for the µ-calculus.

Bounded compositional semantics
Let M = (W, R, V ) be a Kripke-model, F : P(W ) → P(W ) an operator and γ an ordinal. We define a set F γ µ recursively as follows: Analogously, we define a set F γ ν recursively as follows: Definition 4.1. We obtain Γ-bounded compositional semantics for the µ-calculus by defining truth for p, ¬p, ψ ∨ θ, ψ ∧ θ, ♦ψ and ψ recursively as in the standard compositional semantics of the µ-calculus, and the semantics for the µ-ν-operators as follows: The truth condition of the µ and ν-operators can be written equivalently as follows: Note that if Γ is a limit ordinal, we can replace the superscript γ + 1 above with γ.
We say that a formula is in normal form if each label symbol in Λ occurs in the formula at most once in the µ-ν-operators (but may occur several times on the atomic level). We let ϕ ′ denote a normal form variant of ϕ obtained simply by renaming label symbols where appropriate. 1 The following lemma is easy to prove. Lemma 4.2. Let ϕ be a sentence of the µ-calculus and let ϕ ′ be its variant in normal form. We now have: By this lemma it suffices to consider only formulae in normal form when proving the following theorem which establishes that the Γ-bounded GTS is equivalent to the Γ-bounded compositional semantics.
Note that since we assumed ϕ 0 to be in normal form, all different occurrences of a label symbol X in ϕ 0 have the same reference formula. Therefore, in the condition (⋆), the values s(X) of each X ∈ Sf(ϕ 0 ) are uniquely defined. The values s(Y ) of label symbols Y ∈ Λ \ Sf(ϕ 0 ) may be arbitrary. We then show how Eloise can maintain the condition (⋆) working inductively from the initial position of the game towards ending positions. We first observe that the condition (⋆) holds trivially in the initial position since M, w 0 Γ ϕ 0 and ϕ 0 is a sentence. We then establish that in every position (w, ϕ, c) of the game: if (⋆) holds for (w, ϕ, c), then Eloise either wins the game or she can maintain this condition to the next position of the game.
• Suppose the game is in a position (w, p, c) or (w, ¬p, c).
If the position is (w, p, c), then by the inductive hypothesis, there is some s such that M, w Γ s p and thus w ∈ V (p). Hence Eloise wins the game. The case for the position (w, ¬p, c) is analogous.
• Suppose the game is in a position (w, ψ ∨ θ, c).
By the inductive hypothesis, there is some assignment s such that M, w Γ s ψ ∨ θ, i.e., M, w Γ s ψ or M Γ s θ. If the former holds, then Eloise can choose the next position to be (w, ψ, c), and if the latter holds, Eloise can choose the next position to be (w, θ, c). In both cases (⋆) holds in the next position of the game.
• Suppose that the game is in a position (w, ψ ∧ θ, c). • Suppose that the game is in a position (w, ♦ψ, c).
By the inductive hypothesis, there is some s such that M, w Γ s ♦ψ, i.e., there exists some v ∈ W s.t. wRv and M, v Γ s ψ. Now Eloise can choose the next position to be (v, ψ, c), and the condition (⋆) holds there.
• Suppose that the game is in a position (w, ψ, c).
By the inductive hypothesis, there is some s such that M, w Γ s ψ, i.e., M, v Γ s ψ for every v ∈ W such that wRv. If there is no v ∈ W such that wRv, then Eloise wins the game. Else (⋆) holds in every possible next position (v, ψ, c) regardless of the choice of Abelard.
• Suppose that the game is in a position (w, µXψ, c).
• Suppose that the game is in a position (w, νXψ, c).
• Suppose that the game is in a position (w, X, c).
Eloise can lower the clock value of rf(X) from γ to γ − 1, whence (⋆) holds in the next position (w, ψ, c ′ ).
Suppose then that γ is a limit ordinal. Now w ∈ δ<γ ( ψ X,s ′ ,Γ ) δ µ , and thus there is . Thus Eloise can lower the clock value of rf(X) from γ to δ, and then (⋆) holds in the next position of the game by the same reasoning as above.
We have shown that Eloise can maintain the condition (⋆) at every position until reaching a position where she wins the game. By Proposition 3.2 the game in guaranteed to end in a finite number of rounds, and thus Eloise will eventually win the game by maintaining the condition (⋆). Hence Eloise has a winning strategy in G, i.e. M, w 0 Γ ϕ 0 .
We then consider the converse implication of the theorem. Suppose that M, w 0 Γ ϕ 0 , i.e., Eloise has a winning strategy σ in G. We next prove by well-founded induction 2 on the game tree of G that the following claim holds for every position (w, ϕ, c) in T (G): If (w, ϕ, c) can be reached with σ, then (⋆) holds for (w, ϕ, c).
We make the inductive hypothesis that the implication above holds for every position (w ′ , ϕ ′ , c ′ ) that can occur after the position (w, ϕ, c) in the evaluation game G (that is, there is a path from the node (w, ϕ, c) to the node (w ′ , ϕ ′ , c ′ ) in T (G)). Then we prove the implication above for the position (w, ϕ, c).
• Suppose that a position (w, p, c) or (w, ¬p, c) can be reached with σ.
Suppose first that (w, p, c) can be reached with σ. Since σ is a winning strategy, we must have w ∈ V (p). Now M, w Γ s p for any assignment s and thus the condition (⋆) holds for (w, p, c). The case for the position (w, ¬p, c) is analogous.
Now Abelard can choose the next position of the game to be either (w, ψ, c) or (w, θ, c). Since both of these positions can be reached with σ, by the inductive hypothesis, there is s such that M, w Γ s ψ and there is s ′ such that M, w Γ s ′ θ. By the condition (⋆), s ′ must have the same values as s for all label symbols occurring in ϕ 0 , and thus M, w Γ s θ. Hence M, w Γ s ψ ∧θ and thus (⋆) holds for (w, ψ ∧θ, c).
• Suppose that a position (w, ♦ψ, c) can be reached with Eloise's strategy.
Let (v, ψ, c), where v ∈ W s.t. wRv, be the next position that is chosen according to σ. By the inductive hypothesis, there is some s such that M, v Γ s ψ. Therefore M, w Γ s ♦ψ, and thus (⋆) holds for (w, ♦ψ, c).
• Suppose that a position (w, ψ, c) can be reached with σ.
If there is no v ∈ W such that wRv, then M, w Γ s ψ for any any assignment s and thus the condition (⋆) holds for (w, ψ, c). Suppose then that there is some v ′ ∈ W such that wRv ′ . Now Abelard can choose the next position of the game to be (v, ψ, c) for any v ∈ W s.t. wRv. Since all of these positions can be reached with σ, we observe by the inductive hypothesis that for every v ∈ W s.t. wRv, there is some s v such that M, v Γ sv ψ. Define s := s v ′ . Since all the assignments s v have the same values for the label symbols of occurring in ϕ 0 , we have M, v Γ s ψ for all v such that wRv. Therefore M, w Γ s ψ and thus (⋆) holds for (w, ψ, c).
• Suppose that a position (w, µXψ, c) can be reached with σ.
• Suppose that a position (w, νXψ, c) can be reached with σ.
• Suppose that a position (w, X, c) can be reached with σ.
Hence (⋆) holds in the initial position of the game and thus M, w 0 Γ ϕ 0 . Let M be a model. It is well-known that over M, each operator related to a formula of the µ-calculus reaches a fixed point in at most (card(M)) + iterations, where (card(M)) + is the successor cardinal of card(M). Thus it is easy to see that the standard compositional semantics and (card(M)) + -bounded compositional semantics are equivalent in M. Hence obtain the following corollary: Also note that, in the special case of finite models, it suffices to use finite clock values that are at most the cardinality of the model.