Canonical models and the complexity of modal team logic

(1)

Team Logic

Martin Lück

Institut für Theoretische Informatik, Leibniz Universität Hannover Appelstraße 4, 30167 Hannover, Germany

lueck@thi.uni-hannover.de Abstract

We study modal team logic MTL, the team-semantical extension of classical modal logic closed under Boolean negation. Its fragments, such as modal dependence, independence, and inclusion logic, are well-understood. However, due to the unrestricted Boolean negation, the satisfiability problem of full MTL has been notoriously resistant to a complexity theoretical classification.

In our approach, we adapt the notion of canonical models for team semantics. By construction of such a model, we reduce the satisfiability problem of MTL to simple model checking.

Afterwards, we show that this method is optimal in the sense that MTL-formulas can efficiently enforce canonicity.

Furthermore, to capture these results in terms of computational complexity, we introduce a non-elementary complexity class, TOWER(poly), and prove that the satisfiability and validity problem of MTL are complete for it. We also show that the fragments of MTL with bounded modal depth are complete for the levels of the elementary hierarchy (with polynomially many alternations).

2012 ACM Subject Classification Theory of computation→Complexity theory and logic, The- ory of computation→Logic

Keywords and phrases team semantics, modal logic, complexity, satisfiability Digital Object Identifier 10.4230/LIPIcs.CSL.2018.30

Related Version A full version of the paper is available at [30],https://arxiv.org/abs/1709.

05253.

Acknowledgements The author wishes to thank Heribert Vollmer, Irena Schindler and Arne Meier, as well as the anonymous referees, for numerous helpful comments and hints.

1 Introduction

It is well-known that non-linear quantifier dependencies, such as w depending only on z in the sentence ∀x∃y∀z∃w ϕ, cannot be expressed in first-order logic. To overcome this restriction, logics of incomplete information such asindependence-friendly logic [19] have been studied. Later, Hodges [20] introducedteam semantics to provide these logics with a compositional interpretation. The fundamental idea is to not consider only plain assignments to free variables, but instead whole sets of assignments, calledteams.

In this vein, Väänänen [38] expressed non-linear quantifier dependencies by thedepen- dence atom =(x1, . . . , xn, y), which intuitively states that the values ofy in the team must depend only on those ofx₁, . . . , x_n. Logics with numerous other non-classical atoms such asindependence ⊥[9], inclusion ⊆andexclusion |[7] have been studied since, and have found manifold application in scientific areas such as statistics, database theory, physics, cryptography and social choice theory (see also Abramsky et al. [1]).

licensed under Creative Commons License CC-BY

(2)

Table 1Complexity landscape of propositional and modal logics of dependence (∗DL), independence (∗IL), inclusion (∗Inc) and team logic (∗TL). Entries are completeness results unless stated otherwise.

Logic Satisfiability Validity References

PDL NP NEXPTIME [26, 36]

MDL NEXPTIME NEXPTIME [33, 11]

PIL NP NEXPTIME-hard,inΠ^E₂ [13]

MIL NEXPTIME Π^E₂-hard [23, 10]

PInc EXPTIME co-NP [13]

MInc EXPTIME co-NEXPTIME-hard [16]

PTL ATIME-ALT(exp,poly) ATIME-ALT(exp,poly) [12, 14]

MTLk ATIME-ALT(exp_k+1,poly) ATIME-ALT(exp_k+1,poly) Theorem 6.1

MTL TOWER(poly) TOWER(poly) Theorem 6.1

Team semantics have also been adapted to a range of propositional [39, 12], modal [35], and temporal logics [25]. Not only havepropositional dependence logicPDL [39] andmodal dependence logic MDL[35] been extensively studied, but propositional and modal logics of independence and inclusion as well [23, 13, 18, 11]. Here, the non-classical atoms, such as the dependence atom, range over whole formulas. For example, the instance =(p₁, . . . , p_n,♦unsafe) of a modal dependence atom may specify that the reachability of an unsafe state depends on an “access code”p₁· · ·p_n (and on nothing else), but instead of exhibiting the explicit function in question, it only stipulates the existence of such.

Most team logics lack a Boolean negation, and adding it as a connective∼usually increases both the expressive power and the complexity tremendously. The respective extensions of propositional and modal logic are calledpropositional team logic PTL[12, 40, 14] and modal team logic MTL [31, 22]. By means of the negation∼, these logics can express all the non-classical atoms mentioned above, and in fact are expressively complete for their respective class of models [22, 40]. For these reasons, they are both interesting and natural logics.

The expressive power ofMTL is well-understood [22], and a complete axiomatization was presented by the author [27]. Yet the complexity of the satisfiability problem has been an open question [31, 22, 6, 15]. Recently, certain fragments ofMTLwith restricted negation were shown ATIME-ALT(exp,poly)-complete using the well-known filtration method [28]. In the same paper, however, it was shown that no elementary upper bound for fullMTLcan be established by the same approach, whereas the best known lower bound is ATIME-ALT(exp,poly)- hardness, inherited from the fragmentPTL[14]. Analogously, the best known model size lower bound is – as for ordinary modal logic – exponential in the size of the formula.

Contribution. We show that MTL is complete for a non-elementary class we call TOWER(poly), which contains, roughly speaking, the problems decidable in a runtime that is a tower of nested exponentials with polynomial height. Likewise, we show that the fragments MTLk of bounded modal depthkare complete for a class we call ATIME-ALT(exp_k+1,poly) and which corresponds to (k+ 1)-fold exponential runtime and polynomially many alternations. These results fill a long-standing gap in the active field of propositional and modal team logics (see Table 1).

(3)

In our approach, we considercanonicaloruniversalmodels. Loosely speaking, a canonical model satisfies every satisfiable formula in some of its submodels, and such models have been long known for, e.g., many systems of modal logic [2]. In Section 3, we adapt this notion for modal logics with team semantics, and prove that such models exist forMTL. This enables us to reduce the satisfiability problem to simple model checking, albeit on models that are of non-elementary size with respect to|Φ|+k, where Φ are the available propositional variables andkis a bound on the modal depth.

Nonetheless, this approach is essentially optimal: In Section 4 and 5, we show thatMTL can, in a certain sense,efficiently enforcecanonical models, that is, with formulas that are of size polynomial in|Φ|+k. In this vein, we then obtain the matching complexity lower bounds in Section 6 by encoding computations of non-elementary length in such large models.

To the author’s best knowledge, the classes ATIME-ALT(exp_k,poly) and TOWER(poly) have not explicitly been considered before. However, there are several candidates for other natural complete problems. More precisely, there exist problems in TOWER(poly) that are provably non-elementary, such as the satisfiability problem of separated first-order logic [37], the equivalence problem for star-free expressions [34], or the first-order theory of finite trees [4], to only name a few.

Another example is the two-variable fragment of first-order team logic, FO²(∼). It is related to MTL in the same fashion as classical two-variable logic FO² toML. Due to a reduction fromMTLtoFO²(∼) (see [29]), the satisfiability and validity problems ofFO²(∼) are TOWER(poly)-complete problems as a corollary of this paper, while its fragmentsFO²_k(∼) of bounded quantifier rankkare ATIME-ALT(exp_k+1,poly)-hard.

Due to space constraints, several technical proofs (which are marked with (?)) are omitted or only sketched. They can be found in the full version of this paper [30].

2 Preliminaries

The power set of a setX isP(X). We let|X|denote the length of the encoding of a formula or structureX. The sets of all satisfiable resp. valid formulas of a given logicLareSAT(L) andVAL(L), respectively.

We assume the reader to be familiar with alternating Turing machines [3]. We assume all reductions in this paper implicitly as logspace reductions ≤^log_m .

The class ATIME-ALT(exp,poly) contains the problems decidable by an alternating Turing machine in time 2^p(n) with p(n) alternations, for a polynomial p. It is a natural class that has several complete problems [13, 21, 14]. Here, we generalize it to capture the elementary hierarchy exp_k(n), defined by exp₀(n) :=nand exp_k+1(n) := 2^exp^k⁽ⁿ⁾.

IDefinition 2.1. Fork≥0, ATIME-ALT(exp_k,poly) is the class of problems decided by an alternating Turing machine with at mostp(n) alternations and runtime at most exp_k(p(n)), for a polynomialp.

Note that settingk= 0 ork= 1 yields the classes PSPACE and ATIME-ALT(exp,poly), respectively [3]. Ifkis replaced by a polynomial instead, we obtain the following class.

IDefinition 2.2. TOWER(poly) is the class of problems that are decided by a deterministic Turing machine in time exp_p(n)(1) for some polynomialp.

Note that a similar class, TOWER, is defined by replacingpby an arbitrary elementary function [32]. By contrast, to the author’s best knowledge, TOWER(poly) has not yet been explicitly studied. The reader may verify that both ATIME-ALT(exp_k,poly) and TOWER(poly) are closed under polynomial time reductions (and hence also≤^log_m ).

(4)

Modal team logic

We fix a countably infinite setPSof propositional symbols. Modal team logicMTL, introduced by Müller [31], extends classical modal logicMLas in the following grammar, whereϕdenotes anMTL-formula,αanML-formula, andp∈ PS.

ϕ::=∼ϕ|ϕ∧ϕ|ϕ∨ϕ|ϕ|♦ϕ|α α::=¬α|α∧α|α∨α|α|♦α|p| >

The set of propositional variables occurring inϕ∈MTLis denoted byProp(ϕ).

We use the common abbreviations ⊥:= ¬>, α→ β := ¬α∨β andα ↔ β := (α∧ β)∨(¬α∧ ¬β). For easier distinction, we have classical formulas denoted byα, β, γ, . . .and reserveϕ, ψ, ϑ, . . .for general team-logical formulas.

The modal depthmd(θ) of an (MLorMTL) formulaθis recursively defined:

md(p) :=md(>) := 0 md(∼ϕ) :=md(¬ϕ) :=md(ϕ)

md(ϕ∧ψ) :=md(ϕ∨ψ) := max{md(ϕ),md(ψ)}

md(♦ϕ) :=md(ϕ) :=md(ϕ) + 1

ML_k andMTL_k are the fragments ofML andMTL with modal depth≤k, respectively. If the propositions are restricted to a fixed set Φ⊆ PS as well, then the fragment is denoted byML^Φ_k, orMTL^Φ_k, respectively.

Let Φ ⊆ PS be a finite set of propositions. A Kripke structure (over Φ) is a tuple K= (W, R, V), whereW is a set ofworlds, (W, R) is a directed graph, andV: Φ→P(W) is thevaluation. Occasionally, by slight abuse of notation, we use the mappingV⁻¹:W →P(Φ) defined byV⁻¹(w) :={p∈Φ|w∈V(p)} instead ofV, i.e., the set of propositions that are true in a given world.

Ifw∈W, then (K, w) is calledpointed structure. MLis evaluated on pointed structures in the classical Kripke semantics. By contrast, MTL is evaluated on pairs (K, T), called structures with teams, where T ⊆W is calledteam (inK).

Every teamT has animage RT :={v |w∈T,(w, v)∈R} , and if w∈W, we simply writeRwinstead ofR{w}. RⁱT is inductively defined asR⁰T :=T andRⁱ⁺¹T :=RRⁱT. A successor team ofT is a teamS such thatS⊆RT and T ⊆R⁻¹S, whereR⁻¹:={(v, w)| (w, v)∈R}. Intuitively, S is formed by picking at least one successor of every world inT.

The semantics ofMTLcan now be defined as follows.¹

(K, T)α ⇔ ∀w∈T: (K, w)α ifα∈ML, and otherwise as (K, T)∼ψ ⇔ (K, T)2ψ,

(K, T)ψ∧θ⇔ (K, T)ψand (K, T)θ,

(K, T)ψ∨θ⇔ ∃S, U ⊆T such that T =S∪U, (K, S)ψ, and (K, U)θ, (K, T) ♦ψ ⇔ (K, S)ψfor some successor teamS ofT,

(K, T) ψ ⇔ (K, RT)ψ.

We often omitK and writeT ϕor wα.

1 Often, the “atoms” ofMTLare restricted to literalsp,¬pinstead ofML-formulasα. However, this implies a restriction to formulas in negation normal form, and both definitions are equivalent due to the flatnessproperty ofML(cf. [22, Proposition 2.2]).

(5)

AnMTL-formulaϕis satisfiableif it is true in some structure with team over Prop(ϕ), which is then called amodel ofϕ. Analogously,ϕisvalid if it is true in every structure with team overProp(ϕ).

Note that the empty team is usually excluded in the above definition, since most∼-free logics with team semantics have the empty team property, i.e., the empty team trivially satisfying every formula [35, 23, 18]. However, this distinction is unnecessary forMTL: ϕis satisfiable iff> ∨ϕis true in some non-empty team², andϕis true in some non-empty team iff∼⊥ ∧ϕis satisfiable.

The modality-free fragmentMTL₀ syntactically coincides with propositional team logic PTL[12, 14, 40]. The usual interpretations of the latter, i.e., sets of Boolean assignments, can easily be represented as teams in Kripke structures. For this reason, we identifyPTL andMTL0 in this paper.

Note that the connectives ∨, → and¬are not the usual truth-functional connectives on the level of teams, i.e., Boolean disjunction, implication and negation. The exception are singleton teams, on which team semantics and Kripke semantics coincide. Using∧and

∼however, we can define Boolean disjunctionϕ16ϕ2:=∼(∼ϕ1∧ ∼ϕ2) and implication ϕ1_ϕ2:=∼ϕ16ϕ2.

The notationⁱϕis defined via ⁰ϕ:=ϕandⁱ⁺¹ϕ:=ⁱϕ, and analogously for♦ⁱϕ.

To state that at least one element of a team satisfiesα∈ML, we writeEα:=∼¬α. That the truth value ofαis constant in the team is expressed by theconstancy atom =(α) :=α6¬α.

The well-knownbisimulation relation^Φk fundamentally defines the expressive power of modal logic [2] and plays a key role in our results.

I Definition 2.3. Let Φ ⊆ PS and k ≥ 0. For i ∈ {1,2}, let (Ki, wi) be a pointed structure, where Ki = (Wi, Ri, Vi). Then (K1, w1) and (K2, w2) are (Φ, k)-bisimilar, in symbols (K1, w₁)^Φk (K2, w₂), if

∀p∈Φ :w₁∈V₁(p)⇔w₂∈V₂(p), and ifk >0,

∀v1∈R1w1:∃v2∈R2w2: (K1, v1)^Φk−1(K2, v2) (forward condition),

∀v2∈R2w2:∃v1∈R1w1: (K1, v1)^Φk−1(K2, v2) (backward condition).

The notion of bisimulation was also lifted to team semantics by Hella et al. [17]:

I Definition 2.4 (cf. [17, 23, 22]). Let Φ ⊆ PS and k ≥ 0. For i ∈ {1,2}, let (Ki, Ti) be a structure with team. Then (K1, T1) and (K2, T2) are (Φ, k)-team-bisimilar, written (K1, T1)^Φk (K2, T2), if

∀w1∈T1:∃w2∈T2: (K1, w1)^Φk (K2, w2),

∀w2∈T2:∃w1∈T1: (K1, w1)^Φk (K2, w2).

If no confusion can arise, we will also refer to teamsT1, T2 that are (Φ, k)-team-bisimilar simply as (Φ, k)-bisimilar. The proofs of the following propositions are straightforward and can be found in the full version [30].

IProposition 2.5 (?). LetΦ⊆ PS be finite, andk ≥0. Fori∈ {1,2}, let (Ki, wi)be a pointed structure, whereK_i= (W_i, R_i, V_i). Then the following statements are equivalent:

1. ∀α∈ML^Φ_k: (K₁, w₁)α⇔(K₂, w₂)α, 2. (K1, w1)^Φk (K2, w2),

2 In team semantics,> ∨ϕis not tautologically true, but rather existentially quantifies a subteam.

(6)

3. (K1,{w1})^Φk (K2,{w2}).

Moreover, ifk >0, they are equivalent to:

4. (K1, w1)^Φ0 (K2, w2)and(K1, R1w1)^Φk−1(K2, R2w2).

As a result, theforward andbackward condition from Definition 2.3 can be equivalently stated in terms of team-bisimilarity of the respective images. On the level of teams, a similar characterization holds:

IProposition 2.6(?). Let Φ⊆ PS be finite, andk≥0. Let (Ki, T_i) be a structure with team for i∈ {1,2}. Then the following statements are equivalent:

1. ∀α∈ML^Φ_k: (K1, T1)α⇔(K2, T2)α, 2. ∀ϕ∈MTL^Φ_k: (K₁, T₁)ϕ⇔(K₂, T₂)ϕ, 3. (K₁, T₁)^Φk (K₂, T₂),

3 Types and canonical models

Many modal logics admit a “universal” model, also calledcanonical model. Given a canonical modelK, and a satisfiable formula (or set of formulas), the latter is then also true in some point ofK. See also Blackburn et al. [2, Section 4.2] for the explicit construction of such a model forML.

Unfortunately, a canonical model forMLis necessarily infinite, and consequently imprac- tical for complexity theoretic considerations. Instead, we define (Φ, k)-canonical modelsfor finite Φ⊆ PS andk∈N, which are then proved canonical for the fragment ML^Φ_k. However, by Proposition 2.5, the size of a (Φ, k)-canonical model is necessarily at least the number of equivalence classes of^Φk.

The equivalence classes of^Φk are proper classes. However, speaking about teams would require sets of such classes. For this reason, we inductively define types, which properly reflect bisimulation, but exist as sets. We usually refer to types asτ.

IDefinition 3.1. Let Φ ⊆ PS be finite. The set of (Φ, k)-types, written ∆^Φ_k, is defined inductively as ∆^Φ₀ :=P(Φ)× {∅}and ∆^Φ_k+1:=P(Φ)×P(∆^Φ_k).

Let (K, w) = (W, R, V, w) be a pointed structure. Then its (Φ, k)-type, writtenJK, wK

Φ k, is the unique (Φ⁰,∆⁰) ∈ ∆^Φ_k such that V⁻¹(w) = Φ⁰ and, in case k > 0, additionally

∀τ⁰∈∆^Φ_k−1:τ⁰ ∈∆⁰ ⇔ ∃v∈Rw:JK, vK

Φ k−1=τ⁰.

Given a teamT inK, the types inT are denoted byJK, TK

Φ k :=

JK, wK

Φ

k |w∈T . For a typeτ= (Φ⁰,∆⁰), we define shorthands Φτ:= Φ⁰ andRτ:= ∆⁰.

Intuitively, the first component Φ_τ consists of the propositions which any model of typeτ must satisfy in its root, andRτ is the set of types which any model of typeτ must contain in the image of its root. Roughly speaking, Φ_τ reflects the first condition of Definition 2.3, propositional equivalence, whileRτ reflects the forward and backward conditions.

Every typeτ ∈∆^Φ_k is satisfiable in the sense that there is at least one pointed structure (K, w) such thatJK, wK

Φ k =τ.

The following assertions are straightforward to prove by induction, and ascertain that types properly reflect the notion of bisimulation.

IProposition 3.2 (?). Let Φ⊆ PS be finite andk ≥0. Then (K, w)^Φk (K⁰, w⁰) if and only ifJK, wK

Φ

k =JK⁰, w⁰K

Φ

k, and(K, T)^Φk (K⁰, T⁰) if and only ifJK, TK

Φ

k =JK⁰, T⁰K

Φ k. We are now ready to state the formal definition of canonicity:

(7)

IDefinition 3.3. A structure with team (K, T) is (Φ, k)-canonical ifJK, TK

Φ k = ∆^Φ_k. In the following, we often omit Φ andKand write onlyJwKk orJTKk, and simply say that T is (Φ, k)-canonical ifKis clear.

It is a standard result that for every Φ and k≥0 there exists a (Φ, k)-canonical model (cf. Blackburn et al. [2]), or in other words, that the logicML^Φ_k admits canonical models.

Canonical models in team semantics

The logicMTL is significantly more expressive thanML[22]. Nonetheless, we will show that every satisfiableMTL^Φ_k-formula can be satisfied in a (Φ, k)-canonical model. In other words, the canonical models ofMTL^Φ_k andML^Φ_k actually coincide.

ITheorem 3.4. Let (K, T)be(Φ, k)-canonical and ϕ∈MTL^Φ_k. Then ϕis satisfiable if and only if(K, T⁰)ϕfor someT⁰⊆T.

Proof. Assume (K, T) andϕ are as above. As the direction from right to left is trivial, suppose thatϕis satisfiable, i.e., has a model ( ˆK,Tˆ). As a team inK that satisfiesϕ, we define

T⁰ :=n

w∈T JK, wK

Φ

k ∈JK,ˆ TˆK

Φ k

o .

By Proposition 2.6 and 3.2, it suffices to proveJK,ˆ TˆK

Φ

k =JK, T⁰K

Φ

k. Moreover, the direction

“⊇” is clear by definition. AsT is (Φ, k)-canonical, for everyτ ∈JK,ˆ TˆK

Φ

k there exists a world w∈T of typeτ. Consequently,JK,ˆ TˆK

Φ

k ⊆JK, T⁰K

Φ

k. J

How large is a (Φ, k)-canonical model at least? The number of types can be written via the function exp^∗_k, which is defined by

exp^∗₀(n) :=n, exp^∗_k+1(n) :=n·2^exp^∗^k⁽ⁿ⁾.

Observe that this function resembles exp_k(n) (cf. p. 3) except for an additional factor ofnin every “level” of the nested exponents. By Definition 3.1, we immediately obtain:

IProposition 3.5. |∆^Φ_k|= exp^∗_k 2^|Φ|

for allk≥0 and finite Φ⊆ PS.

Next, we present an algorithm that solves the satisfiability and validity problems of MTLand its fragments MTLk by computing a canonical model. Let us first explicate this construction in a lemma.

ILemma 3.6. There is an algorithm that, givenΦ⊆ PS and k ≥0, computes a (Φ, k)- canonical model in time polynomial in|∆^Φ_k|.

Proof. Let K= (W, R, V) be the computed structure. The idea is to construct sets L0∪ L₁∪ · · · ∪L_k=:W of worlds in stage-wise manner such that L_i is (Φ, i)-canonical.

ForL0, we simply add a worldwfor each Φ⁰∈P(Φ) such thatV⁻¹(w) = Φ⁰.

For i > 0, we iterate over allL⁰ ∈ P(Li−1) and Φ⁰ ∈ P(Φ) and insert a new worldw intoLi such thatRw=L⁰ and againV⁻¹(w) = Φ⁰. An inductive argument shows thatLi

is (Φ, i)-canonical for alli ∈ {0, . . . , k}. Ask ≤ |∆^Φ_k|, and each L_i is constructed in time polynomial in|∆^Φ_i | ≤ |∆^Φ_k|, the overall runtime is polynomial in|∆^Φ_k|. J The next lemma allows, roughly speaking, to replace a polynomial of exp^∗_k by simply exp_k, with only polynomial blowup in its argument.

(8)

I Lemma 3.7. For every polynomial p there is a polynomial q such that p(exp^∗_k(n)) ≤ exp_k(q((k+ 1)·n))for all k≥0 andn≥1.

Proof. Forp(n) bounded bycn^d, withc, d∈N, letq(n) :=cdn^d+c(cf. [30]). J ITheorem 3.8. SAT(MTLk)andVAL(MTLk)are in ATIME-ALT(exp_k+1,poly).

Proof. Consider the following algorithm. Let ϕ ∈ MTL_k be the input, n := |ϕ|, and Φ :=Prop(ϕ). Construct deterministically, as in Lemma 3.6, a (Φ, k)-canonical structure (K, T) = (W, R, V, T) in timep(|∆^Φ_k|) for a polynomial p.

By a result of Müller [31], the model checking problem ofMTLis solvable by an alternating Turing machine that has runtime polynomial in|ϕ|+|K|, and alternations polynomial in|ϕ|.

We call this algorithm as a subroutine: by Theorem 3.4,ϕis satisfiable (resp. valid) if and only if for at least one team (resp. all teams)T⁰⊆T we have (K, T⁰)ϕ. Equivalently, this is the case if and only if (K, T) satisfies> ∨ϕ(resp.∼(> ∨ ∼ϕ)).

Let us turn to the overall runtime. K is constructed in time polynomial in |∆^Φ_k| = exp^∗_k(2^|Φ|)≤exp^∗_k+1(|Φ|)≤exp^∗_k+1(n). The subsequent model checking runs in time polynomial in|K|+n, and hence polynomial in exp^∗_k+1(n) as well. By Lemma 3.7, we obtain a total runtime of exp_k+1(q((k+ 2)·n)) for a polynomialq. J The upper bound forMTL can be proved similarly, sincek:=md(ϕ) is polynomial in|ϕ|.

Moreover, the alternations can be eliminated with additional exponential blowup.

ICorollary 3.9. SAT(MTL)andVAL(MTL)are in TOWER(poly).

4 Efficiently expressing bisimilarity

Kontinen et al. [22] proved thatMTLis expressively complete up to bisimulation, i.e., it can define every property of teams that is closed under^Φk for some finite Φ andk. Two such team properties are in fact (Φ, k)-bisimilarity itself – in the sense that two worlds in a team have the same type – as well as (Φ, k)-canonicity. Consequently, these properties are defined byMTL^Φ_k-formulas. However, by a simple counting argument, formulas defining arbitrary team properties are of non-elementary size w. r. t. Φ andkin the worst case.

From now on, we always assume some finite Φ⊆ PS and omit it in the notation, i.e., we writek-canonicity,k-bisimilarity,^k, and so on.

In this section, we present an “approximation” (in a sense we clarify below) ofk-bisimilarity that can be expressed in a formulaχk that is of polynomial size in Φ andk. Likewise, in Section 5 we present a formulacanonk of polynomial size that expressesk-canonicity. Finally, in Section 6, we applyχk andcanonk in order to prove the lower bound for Corollary 3.9, i.e., TOWER(poly)-hardness of SAT(MTL) and VAL(MTL) (and an analogous result for Theorem 3.8). Here, the idea is to enforce a sufficiently large structure withcanonk and then to encode a non-elementary computation into it. Clearly,χ_k andcanon_k being polynomial in Φ andkis crucial for the reduction.

Scopes

To implementk-bisimilarity, we pursue a recursive approach. In the spirit of Proposition 2.5, the (k+ 1)-bisimilarity of two points w, vis expressed in terms ofk-team-bisimilarity ofRw andRv. Conversely, to verifyk-team-bisimilarity ofRw andRv, we proceed analogously to theforwardand backward conditions of Definition 2.3 and reduce the problem to checking k-bisimilarity of pairs of points inRwandRv.

(9)

T

S

α1 α2 α3

⇒

α1 α2 α3

S T

_S^α²

Figure 1Example of subteam selection in the scopeα2.

A clear obstacle is that MTLcannot speak about two teamsRw, Rv simultaneously, let alone check for bisimilarity. Instead, we consider a team that is the “marked union” ofRw andRv.

More generally, for all formulasα∈MLwe define the subteamTα:={w∈T |wα}.

The corresponding “decoding” operator α ,→ϕ:=¬α∨(α∧ϕ)

was considered by Kontinen and Nurmi [24] and Galliani [8]. Here,α ,→ϕis true inT if and only ifTαϕ.

Now, instead of defining an n-ary relation on teams, a formula ϕ can define a unary relation – a team property – parameterized by “marker formulas” α1, . . . , αn ∈ML. We emphasize this by writingϕ(α1, . . . , αn).

This is the “approximation” mentioned earlier: In order to compare Rw andRv, we require that Rw =Tα andRv =Tβ for some team T and distinct α, β∈ ML. It will be useful if the “markers” are invariant under traversing edges in the structure:

IDefinition 4.1. LetK= (W, R, V) be a Kripke structure. A formulaα∈MLis called a scope (in K)if (w, v)∈R implieswα⇔vα. Two scopesα, β are calleddisjoint (inK) ifW_αandW_β are disjoint.

In order to avoid interference, we always assume that scopes are formulas in ML^PS\Φ₀ , i.e., they are always purely propositional and do not contain propositions from Φ.

It is desirable to be able to speak about subteams in a specific scope. Formally, if S is a team, let T_S^α :=T_¬α∪(Tα∩S). For singletons{w}, we simply writeT_w^α instead of T_{w}^α . Intuitively,T_S^α is obtained fromT by “shrinking” the subteamT_αdown to S without impairingT\Tα (see Figure 1 for an example).

The following observations are straightforward:

IProposition 4.2 ([30]). Let α, βbe disjoint scopes andS, U, T teams in a Kripke structure K= (W, R, V). Then the following laws hold:

1. Distributive laws: (T∩S)α=Tα∩S=T∩Sα=Tα∩Sα and(T∪S)α=Tα∪Sα. 2. Disjoint selection commutes: T_S^αβ

U = T_U^βα S. 3. Disjoint selection is independent: (T_S^α)^β_U

α=Tα∩S.

4. Image and scope commute: (RT)_α= R(T_α)

α=R(T_α).

5. Selection propagates: IfS ⊆T, thenR T_S^α

= (RT)^α_RS.

Accordingly, we writeRⁱTα instead of (RⁱT)α orRⁱ(Tα) andT_S^α¹^,α²

1,S2 for (T_S^α¹

1)^α_S²

2. Subteam quantifiers

We refer to the following abbreviations as subteam quantifiers, where α∈ML:

∃^⊆_α ϕ:=α∨ϕ ∀^⊆_α ϕ:=∼∃^⊆_α∼ϕ

∃¹_αϕ:=∃^⊆_α

Eα∧ ∀^⊆_α(Eα_ϕ)

∀¹_αϕ:=∼∃¹_α∼ϕ

(10)

α

β

T

z

0 0 0

¹?

⇒

⁰ ⁰ ⁰

⇒

RT

z z

RT_z^β

Figure 2As z violates thebackward condition,χ^∗₀(α, β) detects a 0-free subteam, refuting

∃¹_α∃¹_βχ0(α, β).

Intuitively, they quantify over subteamsS⊆T_α(in case of∃^⊆_α/∀^⊆_α) or over worldsw∈T_α (for∃¹_α/∀¹_α), and require that the shrunk teamT_S^αresp.T_w^αsatisfiesϕ.

IProposition 4.3 (?). ∃^⊆_α,∀^⊆_α,∃¹_α,∀¹_α have the following semantics:

T ∃^⊆_αϕ ⇔ ∃S⊆T_α:T_S^αϕ T ∃¹_αϕ ⇔ ∃w∈T_α:T_w^αϕ T ∀^⊆_αϕ ⇔ ∀S⊆Tα:T_S^αϕ T ∀¹_αϕ ⇔ ∀w∈Tα:T_w^αϕ

Proof sketch. Here, we sketch only the existential cases, as the universal ones work dually.

The formula ∃^⊆_αϕ:=α∨ϕallows to splitT into subteamsU1⊆Tαand U2, whereU2ϕ.

AsU₂ must containT_¬α, clearly it is of the formT_S^α for someS. Conversely, every team of the formT_S^α induces a splitting ofT into U1, U2as above.

The singleton quantifier,∃¹_α, states that for some non-emptyU ⊆T_αit holds thatT_S^αϕ for every non-emptyS ⊆U. This is equivalent to T_U^α ϕ being true for some singleton

U ⊆T_α. J

Implementing bisimulation

Finally, we have all ingredients to implementk-bisimulation in the following inductive manner:

χ0(α, β) := (α∨β),→ ^

p∈Φ

=(p)

χk+1(α, β) :=χ0(α, β)∧χ^∗_k(α, β) χ^∗_k(α, β) := (¬α∧ ¬β)6

Eα∧Eβ∧ ∼

(α6β)∨(Eα∧Eβ∧ ∼∃¹_α∃¹_βχ_k(α, β)) Here,,→is defined as on p. 9. Let us prove that these formulas define bisimulation:

ITheorem 4.4 (?). Letk≥0. For all Kripke structuresK, teams T inK, disjoint scopes α, βin K, and pointsw∈Tα andv∈Tβ it holds:

T_w,v^α,β χ_k(α, β) if and only if w^kv, T χ^∗_k(α, β) if and only if T_αkT_β.

Moreover, bothχk(α, β) andχ^∗_k(α, β) areMTLk-formulas that are constructible in space O(log(k+|Φ|+|α|+|β|)).

Proof sketch. By induction on k. First, the formula χ₀(α, β) expresses w 0 v when evaluated on a teamT_w,v^α,β. By the semantics of,→,χ0(α, β) is true if and only if{w, v}=(p)

(11)

s₀ s₁ s₂ s3, 2²²²

|Φ|

= 16 =|∆3|elements

· · ·

3-canonical 2-canonical

1-canonical 0-c.

Offset

Scope:

T

Figure 3Visualization of the 3-staircase for Φ =∅, where the subteamTs_i is i-canonical with offset 3−i.

for allp∈Φ. By definition of =(·), thenwp⇔vpfor allp∈Φ, i.e.,w⁰v. Forχk+1, recall thatwk+1v is equivalent tow0v andRwk Rv. Consequently, χ_k+1defines (k+ 1)-bisimilarity on points under the assumption thatχ^∗_k definesk-bisimilarity on teams.

Finally, χ^∗_k(α, β) checksTα ^k Tβ as follows. If at least one of these teams is empty, then it is easy to see thatχ^∗_k acts correctly. For non-emptyT_αandT_β, the idea is to isolate any single pointz∈Tα∪Tβ that serves as acounter-exampleagainstJTαK^k=JTβK^k by, say, JzKk∈JT_βKk\JT_αKk. We eraseT_β\ {z} fromT using the disjunction∨, asT_β\ {z}α6β.

The remaining team is exactly T_z^β, in which ∃¹_α∃¹_βχk(α, β) fails (see Figure 2). The case JzKk∈JT_αKk\JT_βKk is detected analogously. Moreover, the formulas can be constructed in logspace in a straightforward manner, andmd(χk) =md(χ^∗_k) =k. J Let us again stress that χ_k implements only an approximation of k, as it relies on scopes to be labeled in the structure correctly.

5 Enforcing a canonical model

As discussed before, we now aim at constructing an MTLk-formula that is satisfiable but permitsonly k-canonical models. Fork= 0, Hannula et al. [13] defined thePTL-formula

max(X) :=∼_

x∈X

=(x)

and proved that T max(Φ) if and only if T is 0-canonical, i.e., contains all Boolean assignment over Φ. We generalize this for allk, i.e., construct a satisfiable formulacanonk

that has onlyk-canonical models.

Staircase models

Our approach is to expressk-canonicity by inductively enforcingi-canonical sets of worlds fori= 0, . . . , klocated in different “height” inside the model. For this purpose, we employ distinct scopess0, . . . ,sk (“stairs”), and introduce a specific class of models:

IDefinition 5.1. Letk, i≥0 and let (K, T) be a Kripke structure with team,K= (W, R, V).

A teamTisk-canonical with offsetiif for everyτ∈∆kthere existsw∈TwithJRⁱwK^k={τ}.

(K, T) is called k-staircase if for alli∈ {0, . . . , k} we have thatTs_i isi-canonical with offsetk−i.

(12)

A 3-staircase for Φ =∅ is depicted in Figure 3, which is easily adapted for Φ6=∅and arbitraryk. In particular, it is adirected forest, which means that its underlying undirected graph is acyclic and all its worlds are eitherroots(i.e., without predecessor) or have exactly one predecessor. Moreover, it has boundedheight, where the height of a directed forest is the greatest numberhsuch that every path traverses at mosthedges.

IProposition 5.2. For eachk≥0, there is a finitek-staircase (K, T)such thats0, . . . ,sk

are disjoint scopes in K, and K is a directed forest with height at mostk and its set of roots being exactlyT.

Observe that a model being ak-staircase is a stronger condition thank-canonicity.

ICorollary 5.3. Every satisfiableMTLk-formula has a finite model(K, T)such thatK is a directed forest with height at most kand its set of roots being exactly T.

Enforcing canonicity

In the rest of the section, we illustrate how ak-staircase can be enforced inMTL inductively.

For Φ = ∅, the inductive step – obtaining (k+ 1)-canonicity from k-canonicity – is captured by the formula∀^⊆_α∃¹_βχ^∗_k(α, β). It states that for every subteam T⁰ ⊆Tα there exists apoint w∈Tβ such thatJRT⁰K^k=JRwK^k. Intuitively, every possible set of types is captured as the image of some point inT_β. As a consequence, ifT_αisk-canonical with offset 1, thenTβ will be (k+ 1)-canonical.

Note that the straightforward formula^kmax(Φ) expresses 0-canonicity ofR^kT, butnot 0-canonicity ofT with offsetk(consider, e.g., a singletonT). Instead, we use the formula

max-offi(β) :=β ,→

♦ⁱ> ∧ ⁱmax(Φ)

∧ ∀¹_βⁱ^

p∈Φ

=(p) .

It states thatRⁱT_β is 0-canonical, but thatRⁱwadmits only one propositional assignment for eachw∈Tβ. In this light,k-canonicity with offsetiis altogether defined as follows:

ρⁱ₀(β) := ∃^⊆_βmax-off_i(β)

ρⁱ_k+1(α, β) := ∀^⊆_α∃^⊆_β ρⁱ₀(β)∧ⁱ∀¹_β χ^∗_k(α, β) canonk := ρ^k₀(s0)∧

k

^

m=1

ρ^k−m_m (s_m−1,sm)

ITheorem 5.4 (?). Let k≥0. The formula canonk is anMTLk-formula and constructible in spaceO(log(|Φ|+k)).

Moreover, ifK is a Kripke structure with disjoint scopes s0, . . . ,sk, then (K, T)canonk

if and only if(K, T)is ak-staircase.

Proof sketch. By induction onk. We sketch the induction step.

SupposeT_α is k-canonical with offset i+ 1. For each S ⊆T_α, the formulaρⁱ_k+1(α, β) quantifies a subteamU ⊆Tβ that is 0-canonical with offseti. Additionally, it also forces all points inRⁱU (and hence at least one point of every 0-type) to mimic thek-types ofRⁱ⁺¹S in all points of their image. Together, this results in (k+ 1)-canonicity with offseti. J It remains to demonstrate that the restriction of the si being scopes a priori can be omitted, since we can, in a sense, define it inMTLas well. For this, let Ψ⊆ PS be disjoint

(13)

from Φ. Then the formula below ensures that Ψ is a set of disjoint scopes “up to heightk”, which is sufficient for our purposes.

scopes_k(Ψ) := ^

x,y∈Ψ x6=y

¬(x∧y)∧

k

^

i=1

(x∧ⁱx)∨(¬x∧ⁱ¬x) .

ILemma 5.5. If ϕ∈MTLk, thenϕis satisfiable if and only ifϕ∧^k+1⊥is satisfiable.

Proof. As the direction from right to left is trivial, assume thatϕis satisfiable. By Corol- lary 5.3, it then has a model (K, T) that is a directed forest of height at mostk. But then (K, T) ^k+1⊥, sinceR^k+1T =∅and (K,∅) satisfies allML-formulas, including⊥. J I Theorem 5.6. canonk ∧scopes_k({s0, . . . ,sk})∧^k+1⊥ is satisfiable, but has only k- staircases as models.

Proof. By combining Proposition 5.2, Theorem 5.4 and Lemma 5.5, the formula is satisfiable.

Since in every model (K, T) the propositions s₀, . . . ,s_k must be disjoint scopes due to^k+1

andscopes_k, we can apply Theorem 5.4. J

Let us stress that the formula canon_k is again only an approximation ofk-canonicity, since the scopess0, . . . ,s_k−1 are necessary for the construction as well. However, bothχk

andcanon_k being efficiently constructible is crucial for our main result in the next section.

6 Complexity lower bounds

In this section, we provide the matching lower bounds for Theorem 3.8 and Corollary 3.9:

ITheorem 6.1. SAT(MTL)andVAL(MTL)are complete forTOWER(poly). For allk≥0, SAT(MTLk)andVAL(MTLk)are complete for ATIME-ALT(exp_k+1,poly).

The above complexity classes are complement-closed, and MTL andMTLk are closed under negation. For this reason, it suffices to considerSAT(MTL) andSAT(MTLk). Moreover, the case k= 0 is equivalent to SAT(PTL) being ATIME-ALT(exp,poly)-hard, which was proven by Hannula et al. [14]. Their reduction works in logarithmic space.

Consequently, the result boils down to the following lemma:

ILemma 6.2. If L∈TOWER(poly), thenL≤^log_m SAT(MTL).

If k≥1 andL∈ATIME-ALT(exp_k+1,poly), thenL≤^log_m SAT(MTL_k).

We devise for eachLa reductionx7→ϕxsuch thatϕxis a formula that is satisfiable if and only ifx∈L. By assumption, there exists a single-tape alternating Turing machineM that decidesL(forL∈TOWER(poly), w.l.o.g.M is alternating as well). ThenM = (Q,Γ, δ), whereQis the disjoint union ofQ_∃(existential states),Q_∀(universal states),Q_acc(accepting states) andQrej(rejecting states). Also,Qcontains some initial stateq0. Γ is the finite tape alphabet,[the blank symbol, andδthe transition relation.

We designϕxin a fashion that forces its models (K, T) to encode an accepting computation ofM on x. Let us call any legal sequence of configurations of M (not necessarily starting with the initial configuration) arun. Then, similarly as in Cook’s famous theorem [5], we encode runs as square “grids” with a vertical “time” coordinate and a horizontal “space”

coordinate in the model, i.e., each row of the grid represents a configuration ofM.

(14)

W.l.o.g. M has runtime at most N and tape cells{1, . . . , N}. A run of M is then a functionC:{1, . . . , N}²→Γ∪(Q×Γ). InM’s initial configuration, for instance, we have C(1,1) = (q₀, x₁),C(i,1) =x_i for 2≤i≤n, andC(i,1) =[forn < i≤N.

Due to the semantics ofMTL, such a run must be encoded in (K, T) very carefully. We let T containN²worldswi,j in which the respective value ofC(i, j) is encoded in a propositional assignment. However, we cannot simply pursue the standard approach of assembling a largeN×N-grid in the edge relationRin order to compare successive configurations; by Corollary 5.3, we cannot force the model to containR-paths longer than|ϕx|.

Instead, to define grid neighborship, we letw_i,j encodeiandj in itstype. More precisely, we impose a linear order≺k on ∆k that is defined by anMTLk-formulaζk. Then, instead of usingand♦, we examine the grid by lettingζk judge whether a given pair of worlds is deemed (horizontally or vertically) adjacent. Analogously toχ^∗_k, we also define an order

≺^∗_k on teams via a formulaζ_k^∗. Since order is a binary relation, the formulas are once more parameterized by two scopes:

ζ0(α, β) := _

p∈Φ

h

(α ,→ ¬p)∧(β ,→p)∧ ^

q∈Φ q<p

(α∨β),→=(q)i

ζ_k+1(α, β) :=ζ₀(α, β)6 χ₀(α, β)∧ ζ_k^∗(α, β) ζ_k^∗(α, β) :=∃¹_s_k ∃¹_βχk(sk, β)

∧ ∼∃¹_αχk(sk, α)

∧

χ^∗_k(α, β)∧(α∨β)

∨ ∀¹_α∨β∼ζk(sk, α∨β)

We refer the reader to the full paper [30] for the proof that there exist orders≺k and≺^∗_k on ∆k andP(∆k) that are defined by ζk andζ_k^∗ in the following sense:

ITheorem 6.3(?). Letk≥0, and(K, T)be ak-staircase with disjoint scopesα, β,s₀, . . . ,s_k. Ifw∈Tαandv∈Tβ, then

T_w,v^α,β ζ_k(α, β) if and only if JwKk≺_k JvKk, T ζ_k^∗(α, β) if and only if JT_αKk≺^∗_k JT_βKk.

Furthermore, bothζk(α, β)and ζ_k^∗(α, β)areMTLk-formulas that are constructible in space O(log(k+|Φ|+|α|+|β|)).

Encoding runs in a team

Next, we discuss in more detail how runsC:{1, . . . , N}²→Γ∪(Q×Γ) are encoded in a teamT. Given a worldw ∈T, we partition the image Rw with two special propositions t∈/ Φ (“timestep”) andp∈/Φ (“position”). Then we assign towthe pair`(w) := (i, j) such thatJ(Rw)tK^k−1 is thei-th element, andJ(Rw)pK^k−1 is thej-th element in the order≺^∗_k−1. We call the pair`(w) thelocation ofw(in the grid).

Accordingly, we fixN :=|P(∆^Φ_k−1)|. For the case of fixedk,M has runtime bounded by exp_k+1(g(n)) for a polynomialg. Then taking Φ :={p₁, . . . , p_g(n)}yields a sufficiently large coordinate space, as

exp_k+1(g(n)) = exp_k+1(|Φ|) = 2^exp^k−1(²^|Φ|)≤2^exp^∗^k−1(²^|Φ|) = 2^|∆^Φ^k−1^|=|P(∆^Φ_k−1)|

by Proposition 3.5. Likewise, if in the second caseM has runtime bounded by exp_g(n)(1), we let Φ :=∅ and computek:=g(|x|) + 1, but otherwise proceed identically.

(15)

Next, let Ξ be a constant set of propositions disjoint from Φ that encodes the range of C via some bijectionc: Ξ→Γ∪(Q×Γ). If a worldw satisfies exactly one propositionp of those in Ξ, then we definec(w) :=c(p). Intuitively,c(w) is thecontent of the grid cell represented byw.

Using` andc, the functionC can be encoded into a teamT as follows. First, a team T is calledgrid if every point inT satisfies exactly one proposition in Ξ, and if every location (i, j) ∈ {1, . . . , N}² occurs as `(w) for some point w ∈ T. Moreover, a grid T is called pre-tableau if for every location (i, j)and every elementp∈Ξ there is some worldw∈T such that`(w) = (i, j) andwp. Finally, a gridT is atableauif any two elementsw, w⁰∈T with`(w) =`(w⁰) also agree on Ξ, i.e.,c(w) =c(w⁰).

Let us motivate the above definitions. Clearly, the definition of a grid T means that T captures the whole domain ofC, and thatc is well-defined on the level of points. If T is additionally a tableau, thenc is also well-defined on the level oflocations. In other words, every tableau T induces a functionCT: {1, . . . , N}² → Γ∪(Q×Γ) via CT(i, j) := c(w), wherew∈T is arbitrary such that `(w) = (i, j). Finally, a pre-tableau is, roughly speaking, the “union” of all possibleC. In particular, given any pre-tableau, the definition ensures that arbitrary tableaus can be obtained from it by the means of subteam quantification∃^⊆ (cf. p. 9).

A tableau T islegal ifCT is a run ofM, i.e., if every row is a configuration ofM, and if every pair of two successive rows represents a validδ-transition.

The idea of the reduction is now to capture the alternating computation ofM by nesting polynomially many quantifications (via ∃^⊆ and∀^⊆) of legal tableaus, of which each one is the continuation of the computation of the previous one. For this purpose, we devise formulas such asψpre-tableau(α) andψlegal(α) that express thatTαis a pre-tableau, or a legal tableau, respectively. These formulas rely oncanonk to achieve a sufficiently large team, and on ζ_k resp. ζ_k^∗ for accessing adjacent grid cells in order to verify the transitions between configurations.

Due to space constraints, we cannot present their implementation here. Instead, we refer the reader to the appendix or the full version of the paper [30] for details.

7 Concluding remarks

In Theorem 6.1, we settled the open question of the complexity of MTL and established TOWER(poly)-completeness for its satisfiability and validity problem. Likewise, the frag- mentsMTLk are proved complete for ATIME-ALT(exp_k+1,poly), the levels of the elementary hierarchy with polynomially many alternations.

As our main tool, we introduced a suitable notion of canonical models for modal logics with team semantics. We showed that such models exist forMTL andMTL_k, and that some satisfiableMTLk-formulas of polynomial size haveonlyk-canonical models.

Our lower bounds carry over to two-variable first-order team logicFO²(∼) and its fragment FO²_k(∼) of bounded quantifier rank k as well [29]. While the former is TOWER(poly)- complete, the latter is ATIME-ALT(exp_k+1,poly)-hard. However, no matching upper bound for the satisfiability problem ofFO²_k(∼) exists.

In future research, it could be useful to further generalize the concept of canonical models for other logics with team semantics. Do logics such asFO²_k(∼) permit a canonical model in the spirit ofk-canonical models forMTLk, and does this yield a tight upper bound on the complexity of their satisfiability problem? How doMTLk andFO²_k(∼) differ in terms of succinctness?