Practical Comparison of Tableau-based Decision

Procedures for Epistemic Logic

Honours Paper

Gregory Cowan (2395453)

University of Witwatersrand
Supervised by Dmitry Shkatov and Valentin Goranko
October 2023

Abstract
In this research project, I shall implement two tableau-based procedures used for satisfiability
checking in Epistemic Logic, namely the procedure developed by Goranko and Shkatov [2],
and the procedure developed by Abate, Gore and Widmann [1]. These procedures did not have
any implementations up until now. I shall then investigate and compare the two procedures
by devising 20 Epistemic Logic test formulae to run the procedures on, and capturing the
average running times of the two procedures.

1
Background
Multi-agent Epistemic Logic (MAEL) is a branch of logic concerned with reason-
ing about the knowledge of rational agents. MAEL is most prominently applied
to design and verification of distributed systems, where each component in the
system is treated as an agent [8]. However, with recent advances in Artificial In-
telligence, more serious attempts are being made to develop agents with greater
abilities in reasoning, and so MAEL offers a powerful existing framework to
develop these agents from [3], [4].

Syntax
A recursive definition of the language of MAEL is given as follows:

• All atomic propositions p, q, r, etc. are in the language

• If the formulae φ and ψ are in the language, then so is ¬φ, φ ∨ ψ, φ ∧ ψ,
φ→ψ

• If the formula φ is in the language, then so is Ki φ

• If the formula φ is in the language, then so is KA φ, where A is a nonempty
set of agents
• If the formula φ is in the language, then so is DA φ

• If the formula φ is in the language, then so is CA φ

Syntax Description
Intuitively, distributed knowledge DA φ is knowledge that can be derived by
combining agents’ individual knowledge. For example, Ann knows that Bob
loves either Catherine or Dora, and Emma knows that Bob loves either Dora or
Fiona, therefore together Ann and Emma know that Bob loves Dora. Written
formally as Ka (φ ∨ ψ) ∧ Ke (ψ ∨ ω) ⇒ D{a,e} ψ.

Common knowledge CA φ is knowledge that everyone knows, and everyone

knows that everyone knows, and everyone knows that everyone knows that
everyone knows, and so on ad infinitum. An example is that it is common
knowledge that (in South Africa) we drive on the left side of the road, because
everyone knows we drive on the left, and we all know that everyone else knows
it (otherwise we’d all be too frightened to drive), and so on.

2
Semantics
MAEL formulae are interpreted over a ‘many-worlds’ model. Intuitively this
means that each agent, given his knowledge, considers a number of states of
the world as the possible true state of the world. For example, sitting here in
my room in Johannesburg I do not know the weather in London. I consider it
both possible that it is raining, or not raining in London, hence these are two
possible states of the world I consider. We say that these possible states are
indistinguishable to me.

Definition 1. A Multi-agent Epistemic Model (MAEM), which is a slight

modification of a Kripke Structure [10], is a tuple ⟨Ag, AP, S, ∼1 , ∼2 , ..., ∼n , L⟩
where

• Ag = {1, ..., n} is the set of all n agents.

• AP is a non-empty set of atomic propositions.

• S is a non-empty set of possible states of the world.
• ∼i ⊆ S 2 is an equivalence relation, known as the indistinguishability rela-
tion of agent i.

• L : S → P(AP ) is a labelling function, mapping atomic propositions to

possible states where they are true.

The truth of a formula φ is interpreted at a possible world u in a MAEM.

This is defined inductively:

• M, u ⊨ p if p ∈ L(u), where p ∈ AP
• M, u ⊨ ¬φ if M, u ⊭ φ
• M, u ⊨ φ ∧ ψ if M, u ⊨ φ and M, u ⊨ ψ

• M, u ⊨ Ka φ if M, v ⊨ φ for all v ∈ S such that u ∼a v

• M, u ⊨SKA φ if M, v ⊨ φ for all v ∈ S such that u ∼E
A v where
∼E
A = i∈A ∼ i

• M, u ⊨TDA φ if M, v ⊨ φ for all v ∈ S such that u ∼D

A v where
∼D
A = i∈A ∼ i

• M, u ⊨ CA φ if M, v ⊨ φ for all v ∈ S such that u ∼C

A v where
∼C
A is the reflexive and transitive closure of ∼ E
A

3
Introduction
To understand satisfiability checking, we must first define satisfiability.
Definition 2. A MAEL formula φ is satisfiable if there exists some MAEM
M = ⟨Ag, AP, S, ∼1 , ∼2 , ..., ∼n , L⟩ and a possible state s ∈ S, for which
M, s ⊨ φ.

In this paper I investigate two procedures for testing satisfiability of formu-

lae. One developed by Ajspur, Goranko and Shkatov [2], and one developed
by Abate, Gore and Widdmann [1]. Both procedures are tableau algorithms
in which an attempt is made to construct a tableau (a graph equivalent to a
MAEM), using a finite set of well-defined rules. Hence the procedures solve
the satisfiability problem constructively, because if the inputted formula is sat-
isfiable then the procedures return “yes” as well as information from which a
corresponding MAEM can be constructed.

Up until now, Ajspur et al.’s procedure has only been developed theoreti-
cally, with no implementation [2]. I developed software to run these procedures
in Java 17, which can be used to check if a MAEL formula is satisfiable or not,
as in most cases this would require too much work to be done by hand. The
programs for satisfiability checking can also form part of a larger artificial in-
telligence system

The first procedure developed by Ajspur et al. is an incremental tableau

building procedure (first introduced by Pratt for PDL in [9]), meaning that the
tableau is constructed step-by-step with new nodes being added as rules are
applied. A major advantage of this style of tableau building is that it won’t
always run in the worst-case time complexity. The procedure is also a two-pass
tableau method, where one pass is used to build a cyclic graph of nodes, and
another pass is used to prune this graph.

The second procedure developed by Abate et al. is also an incremental

tableau building procedure, however it is a single-pass tableau method, in which
the decision procedure requires only a single pass of the tableau which can be
done as it is created. Due to this the authors claim their tableau procedure has
a superior average-case behaviour to traditional two-pass methods.

It is especially this average-case behaviour that I seek to investigate in this

paper. Ajspur et al.’s procedure is in EXPTIME [2], as is Abate et al.’s proce-
dure, however in the worst case it exhibits 2EXPTIME behaviour [1]. To anal-
yse and compare the two procedures, I tested and timed them with 20 formulae.

Note that Abate et al.’s procedure was not designed for the distributed knowl-
edge operator, and can only accept the common knowledge operator for the full
set of agents. So a simplified version of Ajspur et al.’s procedure [7] was used in
this comparison instead, where coalitions of agents are not considered.

4
Goranko and Shkatov’s Procedure
The procedure attempts to construct not a MAEM, but a Hintikka structure.
The main difference is that while a MAEM determines the truth of every for-
mula of the language at every state, the Hintikka structure focuses only on the
truth value of formulae relevant to the inputted formula. With that said, it is
shown that if a formula is satisfiable in some MAEM, then there exists a Hin-
tikka structure for it, and vice versa [7].

To be exact, the procedure attempts to build a tableau, which is a directed

graph whose nodes (which shall be referred to as ‘states’) are sets of formulae.
The tableau represents all possible Hintikka structures for an inputted formula.

The actual procedure is carried out in three phases: the construction phase,
the prestate elimination phase, and the state elimination phase. If at the end
there is a state containing the inputted formula θ, then θ is declared satisfiable.

Construction Phase
During this phase, a pretableau is built. This pretableau consists of two types
of nodes: states (∆) and prestates (Γ), and two types of edges which connect
prestates to states, or states to prestates.

The construction phase begins with a single prestate containing θ. Then the
following rules are applied:

• (SR) Creates states from prestates.

It creates a new state ∆ by fully expanding the formulae of a given prestate
Γ. This full expansion is given in Definition 3.1 in [7]. Γ is then connected
to ∆ with an unlabeled, dashed arrow, Γ 99K ∆. However, if there already
exists a ∆′ such that ∆′ = ∆, then don’t add a second copy of ∆ and put
Γ 99K ∆′ .
• (KR) Creates prestates from states.
For a state ∆ containing ¬Ka φ for some arbitrary φ and agent a. If ∆
does not contain a patent inconsistency, meaning that there is no formula
ψ such that ψ ∈ ∆ and ¬ ψ ∈ ∆, then create a new prestate Γ = {¬φ} ∪
{Ka ψ | Ka ψ ∈ ∆} ∪ {¬Ka ψ | ¬Ka ψ ∈ ∆}. ∆ is then connected to Γ with
¬Ka φ
an arrow labeled ¬Ka φ, ∆ −−−−→ Γ. However, if there already exists a Γ′
¬Ka φ
such that Γ′ = Γ, then don’t add a second copy of Γ and put ∆ −−−−→ Γ′ .

5
 • (DR) Creates prestates from states.
For a state ∆ containing ¬Dφ for some arbitrary φ and agent a (note
that the operator D refers to distributed knowledge among all agents).
If ∆ does not contain a patent inconsistency, then create a new prestate
Γ = {¬φ} ∪ {Dψ | Dψ ∈ ∆} ∪ {¬Dψ | ¬Dψ ∈ ∆} ∪ {Ka χ | Ka χ ∈
∆} ∪ {¬Ka χ | ¬Ka χ ∈ ∆}. ∆ is then connected to Γ with an arrow
¬Dφ
labeled ¬Dφ, ∆ −−−→ Γ. However, if there already exists a Γ′ such that
¬Dφ
Γ′ = Γ, then ignore Γ and put ∆ −−−→ Γ′ .
Note that while no formulae with the distributed knowledge operator
will be tested, the procedure expands knowledge-operator-formulae into
distributed-knowledge-operator-formulae in Definition 3.1 [7], and hence
it is necessary to include this rule.

The rules are applied alternatively. First (SR) is applied to create states,
then (KR) and (DR) are applied to create prestates, then repeat. The con-
struction phase ends when every prestate which gets created by (KR) and
(DR) is already in the pretableau, or when there are only states to which nei-
ther (KR) nor (DR) is applicable (i.e. states not containing formulae of the
form ¬Ka φ or ¬Dφ, or containing patent inconsistencies). It can be proven
that the construction phase does in fact terminate [7].

Prestate Elimination Phase

This is a straightforward phase where all the prestates are removed and we are
left with the initial tableau. This is done through the use of the rule

(PR) For every prestate Γ in the pretableau, remove Γ, and if there is a state
χ χ
∆ such that ∆ −
→ Γ, then for every state ∆′ that Γ points to, put ∆ − → ∆′ .

State Elimination Phase

During this phase, states that cannot be satisfied in any Hintikka Structure are
removed. This is done through the use of three rules applied iteratively:

• (E1) If a state contains a patent inconsistency, then remove it.

• (E2) If a state ∆ contains a formula χ of the form ¬Ka φ or ¬Dφ, and

all states reachable from ∆ by arrows labeled χ have been removed, then
remove ∆.
• (E3) If a state ∆ contains an unrealized eventuality, then remove it. An
eventuality is a formula of the form ¬Cφ. An eventuality is realized if
there exists a path starting from ∆, with arrows labeled by some χ, such
that the final state in the path contains ¬φ.

(E1) is applied once, and then (E2) and (E3) are applied repeatedly.

6
Abate, Gore and Widmann’s Procedure
The tableau which this procedure attempts to build varies from Goranko and
Shkatov’s procedure. For starters, this tableau is a tree, meaning it doesn’t
allow for cycles.
The nodes in the tableau store additional information known as histories and
variables. A history is used to pass information down from parent nodes to
child nodes, and a variable is used to propagate information up from children
to parents.
The procedure also only allows for one rule to be applied to a node. A summary
of the rules is given; for exact details on the rules the reader should refer to [1]:

1. Terminal Rule
This rule closes a node if it contains an inconsistency in its formula set
of the form {p, ¬p} where p ∈ AP . Closing a node means changing the
node’s variable, which in turns passes information up to its parent. This
can lead to a chain reaction of nodes closing.

2. Linear (α) Rules

These rules work by unfolding α formulae into their components. These
component formulae are then added to the formula set of the newly-created
child node.
• φ ∧ ψ is unfolded into φ ; ψ
• Eφ, meaning everyone knows φ (which is simply the conjunction of
the knowledge operators for each agent), unfolds into K1 φ ; K2 φ ; ...
; Kn φ, for n agents
• Cφ unfolds into Eφ ; E(Cφ)
3. Universal Branching (β) Rules
These rules work by unfolding β formulae into their components. A new
child node is created for each β component.
• φ ∨ ψ is unfolded into φ ; ψ
• ¬E¬φ unfolds into ¬K1 ¬φ ; ¬K2 ¬φ ; ... ; ¬Kn ¬φ, for n agents
• ¬C¬φ unfolds into ¬E¬φ ; ¬E¬(¬C¬φ)

Histories of nodes may be altered to keep track of which node’s job it is

to fulfill an eventuality.
4. Existential Branching Rule
This rule is used to expand a node containing formulae about what agents
know and what they believe. A new node is created for each agent men-
tioned in the formula set. Some child nodes may be “blocked” from being
created because an ancestor is already doing the job it would be created
for, this ensures termination of the procedure.

7
 The rules are to be applied according to their priority. First the Terminal
Rule, then the Linear Rules, then the Universal Branching Rules, then the Ex-
istential Branching Rule.

The procedure begins with a single node containing the inputted formula θ.
It terminates once no rules can be applied to any of the leaves (often because
they have all been closed). Once this happens, a check is made to see if the
root node is open or closed. If the root is open, then θ is satisfiable, else θ
is unsatisfiable. Note that the procedure can terminate early if the root node
is closed earlier on, hence the procedure will not always exhibit its worst-case
2EXPTIME behaviour.

Implementation
An important decision when implementing these procedures is deciding how the
MAEL formulae will be represented. Simply storing the formulae as strings
could lead to further difficulties later on when they need to be decomposed or
checked for sub-formulae using a recursive call. Instead formulae will stored in
a sort of linked list where each node is a logical operator or atomic proposition,
and points to other operators.

Figure 1: A linked list representation of the formula ¬C(p ∧ q).

Note that the conjunction operator points to two other operator nodes, since
it is a binary operator.

The reader may notice that this is just the syntax directed acyclic graph
(DAG) of the formula [5]. An advantage of using the syntax DAG comes when
checking if two formulae are equal. A string representation is sensitive to re-
dundant brackets, for example the two formulae (Ka p) ∧ (Kb p) and Ka p ∧ Kb p
would be declared not equal if checking string representations, but this is not a
problem with the syntax DAG.

The operator nodes themselves will be represented using classes, one for
each operator and an additional one for atomic propositions. Each class will

8
implement a formula interface, allowing them all to be treated the same when
stored in containers. An advantage of using objects is that the object can
easily store the coalition corresponding to a particular operator. Additionally,
the implication, bi-implication, disjunction and knowledge operators can all be
represented using other operators:
• φ ∨ ψ ≡ ¬(¬φ ∧ ¬ψ)
• φ → ψ ≡ ¬φ ∨ ψ ≡ ¬(φ ∧ ¬ψ)
• φ ↔ ψ ≡ (φ → ψ) ∧ (ψ → φ) ≡ (¬(φ ∧ ¬ψ)) ∧ (¬(ψ ∧ ¬φ))
• Ka φ ≡ D{a} φ
• Eφ ≡ i∈Ag Ki φ ≡ i∈Ag D{i} φ
V V

This allows for the number of classes to be cut down to five.

Figure 2: Class diagram of classes used to represent formulae

The nodes in the tableau will be represented using ArrayLists of Formula

objects for Goranko and Shkatov’s procedure, but there will be an additional
‘Node’ class, capable of storing the extra node information such as histories and
variables, used for Abate, Gore and Widmann’s Procedure.

9
Test Formulae
The following 20 test formulae types were used to evaluate the performance
of the two procedures. The formulae types were chosen to represent a wide
variety of cases. Each formula type is designed to be scalable in n. Note that
all formulae with the common knowledge operator scale in n in the number of
agents.

Satisfiable
1. K1 φ1 ∧ K2 φ2 ∧ ... ∧ Kn φn
2. ¬K1 φ1 ∧ ¬K2 φ2 ∧ ... ∧ ¬Kn φn
3. Cφ
4. ¬C¬φ
5. K1 (φ1 ∨ φ2 ∨ ... ∨ φn ) → (φ1 ∨ φ2 ∨ ... ∨ φn )
6. K1 φ → K1 K1 φ → ... → K1 ...K1 φ ; where n is the number of → operators
7. K1 ((φ1 → φ2 ) ∧ ... ∧ (φn−1 → φn )) → ((K1 φ1 → K1 φ2 ) ∧ ... ∧ (K1 φn−1 →
K1 φn ))
8. K1 φ1 ∧ K2 φ2 ∧ ... ∧ Kn φn ∧ C((φ1 → φ2 ) ∧ ... ∧ (φn−1 → φn )) ∧ Cφn
9. ¬K1 ¬φ ∧ ¬K2 ¬φ ∧ ... ∧ ¬Kn−1 ¬φ ∧ Kn φ
10. (C((φ1 → φ2 ) ∧ ... ∧ (φn−1 → φn )) ∧ Cφ1 ) → Cφn
11. K1 φ ∧ K2 φ ∧ ... ∧ Kn φ ∧ ¬Cφ
12. (Cφ1 ∨ Cφ2 ∨ ... ∨ Cφn ) → (φ1 ∨ φ2 ∨ ... ∨ φn )

Unsatisfiable
1. K1 (φ1 ∨ φ2 ∨ ... ∨ φn ) ∧ ¬φ1 ∧ ¬φ2 ∧ ... ∧ ¬φn
2. K1 (φ1 ∧ φ2 ∧ ... ∧ φn ) ∧ φ1 ∧ φ2 ∧ ... ∧ φn−1 ∧ ¬φn
3. Cφ ∧ K1 φ ∧ K2 φ ∧ ... ∧ Kn−1 φ ∧ ¬Kn φ
4. K1 ((φ1 → φ2 ) ∧ ... ∧ (φn−1 → φn )) ∧ K1 φ1 ∧ ¬K1 φn
5. (Cφ) ∧ ¬φ
6. ¬C(φ ∨ ¬φ)
7. C((φ1 → φ2 ) ∧ ... ∧ (φn−1 → φn )) ∧ Cφ1 ∧ ¬K1 φn
8. K1 φ ∧ K2 φ ∧ ... ∧ Kn φ ∧ KRandom ¬φ

10
Results

Goranko and Shkatov’s Abate, Gore and

Procedure (Proc. 1) Widmann’s Procedure (Proc. 2)
Test
n=5 n = 10 n = 20 n = 50 n=5 n = 10 n = 20 n = 50
Formulae
Satisfiable Test Formulae
S1 34 34 38 43 17 18 18 19
S2 46 50 52 64 17 19 18 20
S3 30 33 40 52 13 16 26 69
S4 42 56 93 287 21 26 70 797
S5 74 93 214 6547 17 18 18 23
S6 163 4172 > 4 hrs > 4 hrs 20 28 73 1464
S7 160 9179 > 4 hrs > 4 hrs 22 705 > 4 hrs > 4 hrs
S8 88 164 911 60653 179 5069 > 4 hrs > 4 hrs
S9 37 39 42 53 18 18 18 20
S10 > 4 hrs > 4 hrs > 4 hrs > 4 hrs 34 319 6403 > 4 hrs
2 hrs
S11 70 172 943 79681 42 230 6962
40 mins
S12 > 4 hrs > 4 hrs > 4 hrs > 4 hrs 2 hrs > 4 hrs > 4 hrs > 4 hrs
Unsatisfiable Test Formulae
US1 60 83 193 2845 17 17 19 37
US2 51 52 51 52 16 19 18 22
US3 43 48 55 78 16 18 19 19
US4 72 131 654 56000 18 20 23 34
US5 34 35 41 47 13 13 15 17
US6 58 62 72 92 18 29 73 721
US7 105 274 2110 408998 20 27 53 483
US8 36 41 42 42 17 17 17 19

Table 1: Average times of both procedures on the test formulae. Measured in

ms.

11
Analysis
Both procedures did similarly well for S1-S4.

Procedure 2 outperformed Procedure 1 for S5, S6 and S7. This is most likely
thanks to the one-pass and cut-free nature of Procedure 2, and that the rules
in Procedure 2 are generally faster operations than those of Procedure 1.

Procedure 1 outperformed Procedure 2 for S8 and S11 only. This shouldn’t

necessarily be surprising as Procedure 2 is known to exhibit 2EXPTIME be-
haviour in its worst case [1], whilst Procedure 1 is in EXPTIME [2]. These
formulae seem to hit the worst case.

Procedure 2 substantially outperformed Procedure 1 for S10. Interesting to

this test case was the number of nodes Procedure 1 generated, over 1000 nodes
for n = 3. This is probably responsible for Procedure 1’s extremely slow run
time on this test case.

Both procedures performed exceptionally poorly on S12, most likely due to

the numerous common knowledge operators. However, Procedure 2 did still
perform better than Procedure 1.

Onto the unsatisfiable formulae. These were largely variations on the nega-
tions of the axioms of S5 logic [11]. Procedure 2 does better for the unsatisfiable
formulae in general, which is most apparent for US1, US4 and US7. This is
because Procedure 2 has a major advantage when it comes to unsatisfiable for-
mulae, that being it can terminate early. Whilst Procedure 1 works by always
applying the rules of construction and (pre)state elimination until they are no
longer applicable; Procedure 2 will only apply a given rule if the root node has
not been marked. The root node can be marked during the application of any
rule, so this allows it to be marked while there are still rules applicable, and
hence the procedure can terminate early, saving considerable time.

Conclusion
Through this thorough experiment of both procedures, I have been able to
confirm the theoretical results that both procedures are in EXPTIME. This is
in compliance with the known EXPTIME(-complete) lower bound of tableau-
based satisfiability checking for Epistemic Logic [6]. Furthermore I have been
able to provide strong experimental evidence that the average-case behaviour
of Abate, Gore and Widmann’s Procedure is superior to that of Goranko and
Shkatov’s Procedure. Lastly, the results from this experiment can provide some
useful insights into the type of formulae that each procedure struggles and excels
with, which can be helpful for logicians looking to use the developed software
for their own purposes of satisfiability checking.

12
References
[1] P. ABATE, R. GORE, F. WIDMANN, “Cut-free Single-pass Tableaux for
the Logic of Common Knowledge”, 2007
[2] M. AJSPUR, V. GORANKO and D. SHKATOV, “Tableau-based decision
procedure for the multiagent epistemic logic with all coalitional operators
for common and distributed knowledge”, Logic Journal of the IGPL, vol. 21,
no. 3, pp. 407–437, 2013.

[3] S. COSTANTINI, A. FORMISANO, V. PITONI, “An Epistemic Logic for

Modular Development of Multi-Agent Systems”, Engineering Multi-Agent
Systems Lecture Notes in Computer Science, pp. 72-91, 2021.
[4] S. COSTANTINI, A. FORMISANO, V. PITONI, “An Epistemic Logic for
Multi-agent Systems with Budget and Costs”, Logics in Artificial Intelli-
gence, pp. 101-115, 2021.
[5] S. DEMRI, V. GORANKO, and M. LANGE, “Chapter 4: Preliminaries and
Background II”, Temporal Logics in Computer Science, pp. 85–100, 2016.
[6] R. FAGIN, J. HALPERN, Y. MOSES and M. VARDI, “Chapter 2: A Model
for Knowledge”, Reasoning About Knowledge, pp. 15-36, 1995.

[7] V. GORANKO, D. SHKATOV, “Tableau-based decision procedure for the

multi-agent epistemic logic with operators of common and distributed knowl-
edge”, Proceedings - 6th IEEE International Conference on Software Engi-
neering and Formal Methods, SEFM 2008, 2008.

[8] J. HALPERN, “Using Reasoning about Knowledge to Analyze Distributed

Systems”, Annual Review of Computer Science, vol. 2, pp. 37-68, 2003.
[9] V. PRATT, “A practical decision method for propositional dynamic logic
(Preliminary Report)”, STOC ’78: Proceedings of the tenth annual ACM
symposium on Theory of computing, pp. 326-337, 1978.

[10] Kripke Structure sciencedirect.

Available at: sciencedirect.com/topics/computer-science/kripke-structure
(Accessed: October 18, 2023).
[11] Epistemic Logic Stanford Encyclopedia of Philosophy.
Available at: plato.stanford.edu/entries/logic-epistemic/
(Accessed: October 20, 2023)

13