A Formal Study of Boolean Games with Random Formulas as Payoff Functions
T Y P E S
A Formal Study of Boolean Games with Random Formulas as Payoff Functions
Érik MartinDorel 0 2
0 Sergei Soloviev
1 Lab. IRIT, Univ. of Toulouse, CNRS, IRIT Université Paul Sabatier , 118 route de Narbonne, 31062 Toulouse Cedex 9 , France
2 Lab. IRIT, Univ. of Toulouse, CNRS, IRIT Université Paul Sabatier , 118 route de Narbonne, 31062 Toulouse Cedex 9, France https://orcid.org/0000000197169491
In this paper, we present a probabilistic analysis of Boolean games. We consider the class of Boolean games where payoff functions are given by random Boolean formulas. This permits to study certain properties of this class in its totality, such as the probability of existence of a winning strategy, including its asymptotic behaviour. With the help of the Coq proof assistant, we develop a Coq library of Boolean games, to provide a formal proof of our results, and a basis for further developments. 2012 ACM Subject Classification Theory of computation → Higher order logic, Theory of computation → Algorithmic game theory, Mathematics of computing → Stochastic processes Funding This work was partly supported by the FAGames project of LabEx CIMI. Acknowledgements The authors would like to thank Evgeny Dantsin and JanGeorg Smaus for fruitful discussions on algorithmic games and other topics, as well as the anonymous referees for their remarks and feedback on our article. The first author also wishes to thank Cyril Cohen and Enrico Tassi for advice and enhancement suggestions for our under tactic.
and phrases Boolean games; Random process; Coq formal proofs

One of the main motivations to consider the classes of games with random parameters is
that it is a good method to explore these classes in their totality and to understand the
relative importance of various properties of games (such as simultaneous or alternating moves,
different assumptions concerning the access to information, etc.)
The situation when, for a given game, only its type can be known in advance but its
parameters cannot, is common when the gametheoretic approach is used to study the
behaviour of embedded systems, i.e., when at least some of the players are programs and the
1 S. Soloviev was partly supported by the Government of Russian Federation Grant 0808 at ITMO
University, SaintPetersburg, Russia (associated researcher).
parameters are not fully controlled. The augmented frequency of interaction that usually
surpasses any conceivable capacity of human players, and rapid evolution of parameters of
interaction makes the use of probabilistic methods quite natural.
In this paper we present the first results obtained via this approach applied to Boolean
Games [11, 10, 7, 3]. More precisely, we limit our study to Boolean Games with random
formulas that represent payoff functions. This model is naturally related to the situation
when games between automated systems (e.g., embedded systems in computer networks) are
considered. Indeed, assuming that the players are finite nondeterministic machines, they
can be simulated by a family of Boolean formulas.
Before the exploration may start, several choices have to be made concerning the
probabilistic model.
Regarding elementary events: we have chosen Boolean functions as elementary events.
Another possible choice would be to consider formulas as syntactic objects, but the former
choice makes it easier to define probability distributions that are naturally related to the
properties on the associated Boolean games (while the latter choice would require to cope
with the complex behaviour of the logical equivalence of formulas).
It seems natural also to consider a probability space for each n, where n is the number of
variables. Indeed, n is one of the key parameters involved when considering the complexity
of Boolean functions, and if we shall need to consider different values of n, it is possible to
combine in some way the spaces built for each n.
Let us recall some basic properties of Boolean functions.
(i) The domain of these functions is 2n = {false, true}n, the set of all Boolean vectors of
length n (which contains 2n elements).
(ii) Each Boolean function can be identified with a characteristic function of a subset
of 2n and thus with the subset itself, so the set of all elementary events is Ω = 22n .
(iii) A subset of 2n may be identified with a formula of n variables in the full disjunctive
normal form2 that is satisfied by exactly these vectors (to each vector corresponds the
conjunction of variables and their negations: to true at the ith place corresponds vi and to
false corresponds ¬vi).
(iv) The set Ω is a complete Boolean algebra, and logical operators on elements of Ω
correspond to the settheoretic operators on 2n. The top element of this algebra is the set
2n ∈ Ω (it represents the Boolean function true) and the bottom element of this algebra is
the set ∅ ∈ Ω (it represents the Boolean function false). How these logical operators “interact”
with probability on Ω is a separate question, for example, P(true) needs not of course be
equal to 1.
(v) There is a natural partial order on the elements of Ω, that is defined by the inclusion
of subsets of 2n and at the same time by Boolean implication (see Definition 1 below).
Since the elements of Ω may be seen at the same time as Boolean functions and as sets
of Boolean vectors, we pose the following definition:
I Definition 1. Let ω1, ω2 be two Boolean functions (ω1, ω2 ∈ Ω := 22n ). We shall write
ω1 ⇒0 ω2 and say that “ω2 is true on ω1” if for each vector v ∈ 2n, ω1(v) = true implies
ω2(v) = true. Also, this is equivalent to the inclusion of ω1 in ω2, seen as subsets of 2n:
∀ω1, ω2 ∈ 22n . (ω1 ⇒0 ω2) ⇐⇒ (ω1 ⊆ ω2) .
2 In particular, the empty subset may be identified with the empty DNF, that is the constant false (the
neutral element of the disjunction).
I Remark. We may see random Boolean functions as (not necessarily independent) vectors
of 2n random variables with values in 2 = {false, true}.
Regarding the sigmaalgebra of events: as usual for finite probability spaces, we consider
the sigmaalgebra S of all subsets of Ω:
S = 222n .
Regarding the probability distributions on the spaces of Boolean formulas: as it is noticed
in [8], it is often assumed that all Boolean functions on a given number of variables have
the same probability (see also [16]). In this paper where we start our study, we decided to
consider a slightly more general class of probability distributions, where Boolean functions
are generated by a Bernoulli scheme on Boolean vectors, with any probability p as parameter.
Some more sophisticated ways to define probability distributions on Boolean expressions are
discussed in [8] and we plan to explore them in a near future.
In Section 2, we prove several general results on the probability of winning strategies
assuming an arbitrary probability distribution. Then in Section 3, we study the case of
Boolean functions constructed through a finite Bernoulli process, specialise our results in this
simpler setting, then discuss the relevance of these results. In Section 4, we further study
the probability that a winning strategy exists for player A, with the new assumption that
player A knows s bits of the opponent player. Then in Section 5, we study the growth rate of
the aforementioned probability, with respect to the knowledge of the second player’s choices.
Section 6 is devoted to technical remarks about the formalisation of our results within the
Coq [5] formal proof assistant. Finally, a discussion on the notion of “nonguaranteed win”
and its relationship with the order of moves is presented in Appendix A.
All the results of the paper have been formally verified within Coq.3
The Coq code is available online at https://github.com/erikmd/coqboolgames and
it also has been archived, see [14].
Beyond the fact that formal certification is interesting in itself to the types community, it
is nowadays common in the development and characterisation of the behaviour of autonomous
programs, which is one of the subjects of this study.
2
Probability of Winning Strategies
Building upon the material of the previous section, we can consider any probability P defined
on the sigmaalgebra S = 222n , and thus obtain a probability space (Ω, S, P). We shall show
in this section that several results can be derived in this setting, however general as it may
sound.
I Example 2 (using Definition 1). The probability of the event “ω is true on ω0”, with fixed
ω0 ∈ Ω, is
P(ω0 ⇒0 ω) =
ω0⇒ω 0ω
X P({ω}).
Below we shall consider the Boolean Games of two players A and B with a random
Boolean function F of n variables as the payoff function of A, and its negation as the payoff
3 In the sequel of the paper, all definitions and theorems will be stated in mathematical syntax, and the
corresponding Coq identifier will be given between brackets.
function for B. We shall assume that A controls the first k variables, and B the remaining
n − k variables.
The strategy of A is any vector that belongs to 2k (valuation of the first k variables) and
the strategy of B any valuation of the remaining n − k variables (a vector of 2n−k).
The outcome of the game is given by player A’s payoff function F : 2n → 2, which can
thereby be viewed as a function F : 2k × 2n−k → 2 (mapping a profile strategy to a Boolean
outcome). In the sequel of the paper, we shall identify these two possible types for the
function F – while in the formal development they will be encoded respectively as (bool_fun
n) and (bool_game n k).
I Definition 3 (winA). For any game F : 2k × 2n−k → 2, a strategy a = (a1, . . . , ak) of
player A is winning if it wins against any strategy b ∈ 2n−k of B:
winA[F ](a) := ∀b ∈ 2n−k. F (a, b) = true.
If there is no ambiguity, we shall omit the name of the game and simply write winA(a).
In other words, a is winning if the payoff function is equal to true on all vectors of length
n that “extend” a. This led us to introduce the following
I Definition 4 (w_, W_). For any a ∈ 2k, let ωa be the set of vectors in 2n that extend a:
ωa := {v ∈ 2n  v1 = a1 ∧ · · · ∧ vk = ak} ∈ Ω
and Wa be the set of all Boolean functions that are true on ωa:
Wa := {ω ∈ Ω  ωa ⇒0 ω} ∈ S.
These definitions straightforwardly imply the following lemma:
I Lemma 5 (winA_eq). For any Boolean function F : 2n → 2 and any strategy a ∈ 2k of
player A in the associated Boolean game, we have:
winA(a) ⇐⇒ F ∈ Wa.
Lemma 5 implies that the probability that a winning strategy exists satisfies:
P(∃a : 2k. winA(a)) = P [ Wa .
a∈2k
Then we shall rely on the inclusionexclusion formula, which we proved in full generality
as follows:
I Theorem 6 (Pr_bigcup_incl_excl). For any finite probability space (Ω, S, P) and any
sequence of events (Si)0≤i<n, we have:
P [ Si =
0≤i<n
n
X (−1)m−1
m=1
X
J⊆N∩[0,n)
Card J=m
P \ Sj .
j∈J
(1)
(2)
Proof. For proving this theorem in Coq we formalise a small theory of indicator functions
IndS : Ω → {0, 1} for any finite set S ⊆ Ω, including the fact that the expectation satisfies
E(IndS ) = P(S), then formalise an algebraic proof of the inclusionexclusion formula.4
These proofs strongly rely on the bigop theory of the MathComp library, as well as on the
tactic “under” that we developed in Ltac to easily “rewrite under lambdas” (e.g., under the
P symbol). These tactics facilities will be further detailed in Section 6. J
Hence the following result:
I Theorem 7 (Pr_ex_winA). For any finite probability space (Ω, S, P), the probability that
there exists some strategy a = (a1, . . . , ak) of A that is winning satisfies:
P(∃a : 2k. winA(a)) = X P(Wa) −
P(Wa ∩ Wa0 ) + · · ·
a∈2k
=
I Definition 8 (winB). For any game F : 2k × 2n−k → 2, a strategy b = (b1, . . . , bn−k) of
player B is winning if it wins against any strategy a ∈ 2k of A:
winB[F ](b) := ∀a ∈ 2k. F (a, b) = false.
If there is no ambiguity, we shall omit the name of the game and simply write winB(b).
A first result consists in showing that player B wins in a given game if and only if player
A wins in the “dual game”.
I Lemma 9 (winB_eq). Any Boolean game F : 2k × 2n−k → 2 (with n variables, k of which
are controlled by player A) can be associated with a dual Boolean game F 0 : 2n−k × 2k → 2
such that
winB[F ](b) ⇐⇒
winA[F 0](b)
F 0 := (b, a) 7→ ¬F (a, b).
Proof. First, we define the dual game F 0 := bool_game_sym(F ) associated with F as:
Then, we define bool_game_sym’ (the inverse of function bool_game_sym) and show that
both functions are bijections. In the formal development, the related lemmas are named
bool_game_sym_bij and bool_game_sym’_bij. J
We then deduce the following result, which relates the probability of existence of a winning
strategy for player B with respect to that of player A.
4 taking inspiration from the proof path presented at https://en.wikipedia.org/wiki/
Inclusionexclusion_principle#Algebraic_proof
I Theorem 10 (Pr_ex_winB). For any finite probability space (Ω, S, P), the probability that
there exists some strategy b = (b1, . . . , bn−k) of B that is winning satisfies:
P ∃b : 2n−k. winB[F ](b) = P ∃a : 2n−k. winA[F 0](a) ,
where F 0 := bool_game_sym(F ).
Proof. The proof straightforwardly derives from Lemma 9.
J
Finally, we prove the intuitive fact that the events “∃a. winA(a)” and “∃b. winB(b)” are
disjoint, and thereby their probability adds up:
I Lemma 11 (Pr_ex_winA_winB_disj). For any finite probability space (Ω, S, P), we have:
P (∃a. winA(a) ∨ ∃b. winB(b)) = P (∃a. winA(a)) + P (∃b. winB(b)) .
Proof. Given the definitions of winA and winB, for a given game F and any strategies a and
b, the events “winA(a)” and “winB(b)” are disjoint. So the proof path just amounts to lift
this fact (considering existence) and use the additivity of P. J
3
Bernoulli Process and Winning Strategies
Ienndtohwisesdecwtiiotnh wtheestdililsccorentseidσeratlhgeebspraacSe Ω==22222nn, oafnrdantdhoemasBsoooclieaatnedfoBr mooulleaasnofgnamvaesriawbiltehs
parameter 0 ≤ k ≤ n. But now, we assume that the Boolean formulas (in DNF) are
determined by a random choice of the Boolean vectors that satisfy the formulas.
To be more precise, we assume the probability that each vector v ∈ 2n belongs to the
truthset of the formula F is equal to p, (0 ≤ p ≤ 1). As usual, we write q = 1 − p.
In the sequel, we shall often identify Boolean functions F : 2n → 2 and their truthset
F −1 ({true}) ∈ 22n . In the Coq formalisation, the distinction between the two is always
made explicit, and the function that gives the truthset of a Boolean function is implemented
by a function
finset_of_bool_fun : ∀ n : nat, bool_fun n > {set bool_vec n}
and the inverse of this function is formalised as a function DNF_of (disjunctive normal form).
Our setup amounts to constructing a Bernoulli process, that is a series of independent
Bernoulli trials, to decide whether each vector v ∈ 2n belongs to the truthset of F or not.
We obtain the following result:
I Lemma 12 (dist_BernoulliE). For any F ∈ Ω, the probability of an elementary event
{F } with respect to the considered probability Pn; p (modelling a series of 2n independent
Bernoulli trials of parameter p) is:
Pn; p({F }) = pm(1 − p)2n−m
where m denotes the number of vectors in the truthset of F , and 2n − m denotes the number
of vectors in the truthset of the negation of F .
Proof. The proof (and its formal counterpart in Coq) straightforwardly derives from the
definitions. J
For now, we assume that the choices of player A and B are done simultaneously. A wins
if the value of F is true, otherwise B wins. What is the probability that A has a winning
strategy?
First, suppose that the strategy a of A is fixed, and let us compute the probability that
it is winning. We first prove the following
I Lemma 13 (Pr_implies0_Bern). Let S ⊆ 2n, and let us write m := Card S. Then the
probability that F is true on S satisfies: Pn; p(S ⇒0 F ) = pm.
Proof. We follow the following proof path:
Pn; p(S ⇒0 F ) =
X Pn; p({F })
F
S⊆F
X
Pn; p({F })
=
=
S0⊆2n\S
F =S∪S0
X
S0⊆2n\S
2n−m
= X
m0=0
2n−m
= pm X
m0=0
= pm(p + q)2n−m
= pm.
pCard(S∪S0)q2n−Card(S∪S0) by Lemma 12
I Lemma 14 (card_w_a_Bern). For any strategy a of player A, we have
Card wa = 2n−k.
Proof. This lemma easily follows from the fact that wa is the image of the strategy space
2n−k of B by an injective function. J
Hence the following theorem, which gives the probability that a fixed strategy of A is
winning:
I Theorem 15 (Pr_winA_Bern). For any strategy a of player A, we have
Pn; p(winA(a)) = p2n−k .
Proof. This result is an immediate consequence of Lemmas 13 and 14.
Now, let us determine what is the probability that A has at least one winning strategy.
One may first notice the following
I Lemma 16 (w_trivIset). The truthsets of wa (for a ∈ J ⊂ 2k) are pairwise disjoint.
Proof. By contradiction: if we had a, a0 ∈ 2k such that wa 6= wa0 and wa ∩ wa0 6= ∅, then let
us pose x ∈ wa ∩ wa0 . By unfolding Definition 4, this means that the first k bits of x coincides
with all bits of a, and likewise for a0. This implies that a = a0 and thereby wa = wa0 , which
contradicts the initial hypothesis. J
J
J
Lemma 16 implies that we have
Card
We can now prove the following
By duality, one can derive the existence of a winning strategy for player B:
I Corollary 18 (Pr_ex_winB_Bern). For any p, n, k, if Pn; p denotes the considered Bernoulli
scheme (with parameters 0 ≤ p ≤ 1 and n ∈ N) and if k denotes the number of variables
controlled by player A, then the probability that player B has a winning strategy is:
Pn; p(∃b : 2n−k. winB(b)) = 1 − 1 − (1 − p)2k 2n−k .
Proof. The result follows from Theorems 10 and 17. Also, the proof makes use of our under
tactic for rewriting under lambdas (it will be presented in Section 6). J
I Theorem 17 (Pr_ex_winA_Bern). For any n and k, if Pn; p follows the Bernoulli scheme
that we previously constructed, the probability that player A has a winning strategy is:
Pn; p(∃a. winA(a)) = 1 − 1 − p2n−k 2k .
Proof. Thanks to Theorem 7, we can write:
Pn; p(∃a : 2k. winA(a)) =
(3)
I Corollary 19 (Pr_nex_winA_winB_Bern). For any p, n, k, if Pn; p denotes the considered
Bernoulli scheme (with parameters 0 ≤ p ≤ 1 and n ∈ N) and if k denotes the number of
variables controlled by player A, then the probability that no player has a winning strategy is:
Pn; p ¬ (∃a. winA(a)) ∨ (∃b. winB(b))
= 1 − p
2n−k 2k+ 1 − (1 − p)2k 2n−k− 1. (4)
Proof. The result follows from Lemma 11, Theorem 17 and Corollary 18.
J
3.1
Discussion
The computations above may seem elementary, but lead to some observations that are less
trivial. As we may see, there is a considerable probability that there is no winning strategy
at all. For example, if p ∈ { 4 , 12 , 34 }, n ∈ {10, 20}, 0 < k < n, the probability that a winning
1
strategy exists neither for A nor for B (cf. Equation (4)) is given in Tables 1 and 2 (the
values were computed using Sollya5 with 3digit decimal output). In both tables, it should
be noted that 1 actually means a value extremely close to 1, not 1 exactly.
Also, one may notice that when p ∈ (0, 1) is fixed, k = c · n for a given constant 0 < c < 1,
and n tending towards +∞, the probability that a winning strategy exists neither for player
A, nor for player B, tends to 1.
If (for some game F ) a winning strategy exists neither for A nor for B, then the order
of moves becomes important. Indeed, let a be an arbitrary strategy of A. Since it is not
winning, there exists at least one b of B such that F (a, b) = false. If B makes his choice after
A, he may always win. Similarly, if A makes his choice after B, he may always win.
We shall elaborate on this observation and give a motivating example in Appendix A.
Bradfield, Gutierrez and Wooldridge notice [4] (as do some other authors): “As they
are conventionally formulated, Boolean games assume that players make their choices in
ignorance of the choices being made by other players – they are games of simultaneous moves.
5 http://sollya.gforge.inria.fr/
For many settings, this is clearly unrealistic.” Our simple probabilistic analysis provides a
direct quantitative argument to support this general observation.
4
Partial Information on the Opponent’s Choices
Now, let us consider the case when A may have partial information about the choices
of B before making his own choice. Without loss of generality, we may assume that he
knows the values of the first s variables among the variables vk+1, ..., vn controlled by B.
We shall consider the probability of existence of strategies of A such that for every vector
b1:s = (b1, ..., bs) ∈ 2s there exists a strategy a ∈ 2k that wins against any strategy b ∈ 2n−k
where first s values coincide with b1:s.
In other words, we are interested in the probability of guaranteed win by A when s choices
by B among n − k are known (assuming 0 ≤ s ≤ n − k). We thus introduce the following
predicate:
I Definition 20 (winA_knowing). For any game F : 2k × 2n−k → 2 and any b1:s ∈ 2s, we say that a strategy a ∈ 2k is winning under the knowledge of b1:s if it is winning against all strategy profile (a, b) ∈ 2k × 2n−k that is compatible with b1:s:
winA(a  b1:s) := ∀b ∈ 2n−k. compat_knowing(b1:s, b) =⇒ F (a, b) = 1,
where
compat_knowing(b1:s, b) := ∀i ∈ 2s. (b1:s)i = bi.
For relating this predicate with that of Definition 3, the proof of the following lemma is
immediate:
I Lemma 21 (winA_knowingE). For any game F : 2k × 2n−k → 2 and any bitvectors
b1:s ∈ 2s and a ∈ 2k, we have:
winA[F ](a  b1:s) = winA[bgk(F, b1:s)](a)
bgk(F, b1:s)(a, b0) = F (a, (b1:s, b0)).
where bgk(F, b1:s) : 2k × 2n−s−k is the Boolean game defined by:
Now, to compute the probability Pn; p ∀b1:s ∈ 2s. ∃a ∈ 2k. winA(a  b1:s) in the space
(Ω, S, Pn; p) introduced in Section 3, we shall first construct a probability space (Ω0, S0, P0)
that is provably isomorphic to (Ω, S, Pn; p), but which is simpler to handle.
First, we note that there are 2s possible Boolean vectors b1:s = (b1, ..., bs) and for all b1:s,
we pose
Bb1:s = {v ∈ 2n  vk+1 = b1 ∧ · · · ∧ vk+s = bs}.
The family (Bb1:s )b1:s∈2s constitutes a partition of 2n (we have 2n = Sb1:s∈2s Bb1:s ,
intersections of Bb1:s for different b1:s are empty, and no set Bb1:s is empty).
Second, we define Ωb1:s := 2Bb1:s as the powerset of Bb1:s and show that there is a
obnijeecttoioonnsebycogrr:eΩspb1o:snd→en2c2en−bsetawnedehn :Ω2b21n:s−sand 22n−s . We shall denote the corresponding
→ Ωb1:s . In the formal development, the related
lemmas are named bool_fun_of_OmegaB_bij and OmegaB_of_bool_fun_bij.
Next, we consider the probability Pb1:s := Pn−s; p ◦ h−1 defined as the pushforward
distribution (with respect to function h) of the Bernoulli process Pn−s; p with parameters
n − s and p.
We then consider the product space (Ω0, S0, P0) defined by:
Relying on functions g and h, we finally show that there is a onetoone correspondence
between Ω0 and Ω = 22n . We shall denote the corresponding bijections by g0 : Ω0 → Ω and h0 :
Ω → Ω0. In the formal development, the related lemmas are named bool_fun_of_Omega’_bij
and Omega’_of_bool_fun_bij.
We now prove that the spaces (Ω, S, Pn; p) and (Ω0, S0, P0) are isomorphic:
I Lemma 22 (isom_dist_Omega’). The probability distribution Pn; p (defined in Section 3
as the Bernoulli process with parameters n and p) is extensionally equal to the pushforward
distribution of P0 with respect to function g0.
Proof. In the Coq formal proof, this lemma amounts to splitting a bigoperator expression
with respect to the partition of 2n, reindexing bigoperator expressions halfadozen times,
and rewriting “cancellation lemmas” for simplifying the composition of a bijection and its
inverse function. Also, the use of our under tactic (see Section 6) contributed to simplify the
mechanisation of this proof. J
A key ingredient for the sequel will be the following
I Lemma 23 (ProductDist.indep). Given a finite type I and a family of finite probability
spaces (Ωi, Si=2Ωi , Pi)i∈I , the product space defined by
I Theorem 24 (Pr_ex_winA_knowing_Bern). For all p ∈ [0, 1] and for all integers n, k, s
satisfying 0 ≤ s ≤ n − k ≤ n, if Pn; p is the Bernoulli process with parameters n and p defined
in Section 3, the probability of guaranteed win for player A knowing s choices of player B
among his n − k variables is:
s
Pn; p ∀b1:s ∈ 2s. ∃a ∈ 2k. winA(a  b1:s) = 1 − 1 − p2n−k−s 2k 2 .
(5)
ΩΠ = Qi∈I Ωi
SΠ = 2ΩΠ
PΠ = Ni∈I Pi
PΠ
!
\ πi−1(Qi) = Y Pi(Qi).
i∈I i∈I
We can now prove the following
is such that the projections (πi : ΩΠ → Ωi)i∈I are independent random variables. In other
words, for any family of events (Qi)i∈I ∈ Qi∈I Si, we have:
Proof. We follow the following proof path:
Pn; p ∀b1:s ∈ 2s. ∃a ∈ 2k. winA(a  b1:s)
= Pn; p F ∈ Ω ∀b1:s ∈ 2s. ∃a ∈ 2k. winA[F ](a  b1:s)
hence by using Lemma 21
hence by using Lemma 22
= Pn; p F ∈ Ω
∀b1:s ∈ 2s. ∃a ∈ 2k. winA[bgk(F, b1:s)](a)
= (P0 ◦ g0−1) F ∈ Ω
∀b1:s ∈ 2s. ∃a ∈ 2k. winA[bgk(F, b1:s)](a)
hence by using elementary facts on g, g0 and the bgk function defined in Lemma 21
= P0 f ∈ Ω0 ∀b1:s ∈ 2s. f (b1:s) ∈ S ∈ Ωb1:s ∃a ∈ 2k. winA[g(S)](a)
hence by using Lemma 23
hence by definition of Pb1:s
hence by definition of g and h
= Y
b1:s∈2s
= Y
b1:s∈2s
= Y
b1:s∈2s
= Y
b1:s∈2s
1 − 1 − p2n−s−k 2k
s
= 1 − 1 − p2n−k−s 2k 2 .
Pb1:s S ∈ Ωb1:s ∃a ∈ 2k. winA[g(S)](a)
Pn−s; p ◦ h−1
S ∈ Ωb1:s ∃a ∈ 2k. winA[g(S)](a)
Pn−s; p nF ∈ 22n−s
∃a ∈ 2k. winA[F ](a)o
hence by using Theorem 17 in the case of random Boolean functions with n − s variables
J
We may compare this probability with the probability of existence of unconditionally
winning strategy studied in Section 3 (Theorem 17). The upcoming section will focus on this
question.
I Remark. In Theorems 17 and 24, we formally studied the probability of guaranteed win
(knowing partial information on the opponent), that is, the probability that for every value
taken by the first s variables of B,6 there exists a strategy for A that wins against all strategies
of B given this fixed value of the first s variables of B. This problem is purely combinatorial
and does not depend on the “preferences” of B (regarding the variables that he controls).
So this probability will typically be different from the probability of nonguaranteed win
for player A, as this latter probability could be influenced by the preferences of B for some
choices, the dependency of these choices on F , and so on.
6 Theorem 17 being a particular case of Theorem 24 (s = 0).
Probability of Guaranteed Win: Growth Rate
to:
Using the result given by Theorem 24, we would like to study how the probability of
guaranteed win grows with each bit of information concerning the choice of B.
For fixed values of p ∈ (0, 1), n, k ∈ N such that 0 < k < n, and for 0 ≤ s ≤ n − k, let us
write g(s) the quantity given in Equation (5).
First, we note that when s tends to n − k, the probability of guaranteed win for A tends
g(n − k) =
1 −
Then, an interesting question may be: what is the order of growth of the difference
proba. of guara{nzteed win for B}
φ(s) := g(s) − g(0) (∈ [0, 1])
with respect to s? The following result is a first answer to this question:
I Theorem 25 (phi_ineq). For any p ∈ (0, 1), n, k ∈ N∗ such that 0 ≤ s ≤ n − k, if the
following condition holds:
2kp2n−k−s < 1,
then we have
where
φ(s) >
.
In particular, condition (6) is satisfied as soon as the following, stronger condition is satisfied:
s ≤ (n − k) − log2(k + 1) + log2( log2 p).
2k
1 − (1 − t)2k = 2kt − (2kt)2 X(−1)i2−2k 2k
i
ti−2.
i=2
Proof. Let us write t = p2n−k−s . By the binomial formula, we have:
We notice that if (6) holds, that is if 2kt < 1, then the absolute value of the (i + 1)th
member of the sum P in (9) is less than that of the ith member because it is obtained by
multiplication by ((2k − i)/(i + 1))t < 2kt. So, if (6) holds, then the sum (positive) is less than
or equal to its first term. Moreover, the first term of the sum P in (9) is 2−2k 2k(2k−1) < 12 .
2
So, if (6) is satisfied for some n, k, s, then from (9) we obtain
1 − (1 − t)2k ≥ 2kt − 12 (2kt)2 = 2kt 1 − 12 2kt
> 2k−1t.
Thus, under these conditions
g(s) =
1 −
1 − p
2n−k−s 2k 2
s
> 2(k−1)2s p2n−k .
(6)
(7)
(8)
(9)
(10)
(11)
Next, a similar analysis applied to 1 − 1 − p2n−k 2k
g(0) =
1 −
1 − p
Finally, the following condition is obviously stronger than (6):
Applying the log a second time, we obtain
s ≤ (n − k) − log2(k + 1) + log2( log2 p),
which is thereby a sufficient condition for (6).
For example, if p = 12 , condition (8) becomes
s ≤ (n − k) − log2(k + 1).
(12)
(13)
J
(14)
And if 0 < p < 12 , log2( log2 p) > 0 so we have − log2(k + 1) < − log2(k + 1) + log2( log2 p),
and thereby we can also rely on condition (14).
It can be noted that inequality (7) essentially gives an order of growth of 2(k−1)2s with
respect to the quantity of information s (number of extra bits known by player A), which is
much faster than usual orders of growth of s or 2s.
Still, a more refined study of the behaviour of the function that describes the growth of
g(s) (the probability of a guaranteed win depending on s) requires much more effort and
space that we could give to it in this exploratory paper. For example, it is intuitively clear
that the graph of this function is a typical “Sform” curve (see Figure 1), but it is not easy
to determine where the critical points are placed; and for small values of the parameter s,
the inequality we get in (7) may be too rude to place with sufficient precision. However the
behaviour of this function g may be of interest for strategic planning concerning both players.
This remains subject of future work.
6
6.1
Remarks on the Formal Setup in the Coq Proof Assistant
Related Works on Formal Libraries of Probability
There have been several works focusing on the formalisation of measure theory or probability
using interactive theorem proving. Some of these works only deal with discrete probability, or
focus on the analysis of randomised algorithms; others formalise large fragments of measure
theory up to Lebesgue’s integration theory.
Figure 1 Graph of g(s), for the parameters p = 12 , n = 10, and k = 6. The vertical line at
s ≈ 1.19 indicates the largest s ∈ R that satisfies (8).
Using the HOL proof assistant, Hurd [13] developed a framework for proving properties of
randomised programs, relying on a formalisation of measure theory, and following a “monadic
transformation” approach that provides the user with an infinite sequence of independent,
identically distributed Bernoulli( 12 ) random variables.
Still using the HOL proof assistant and building upon Hurd’s work, Mhamdi, Hasan
and Tahar [12, 15] developed a comprehensive formalisation of measure theory, including
Lebesgue’s integration theory.
Using the Coq proof assistant, Audebaud and PaulinMohring [2] developed the ALEA
library7 that provides a framework to reason about randomised functional programs. Unlike
Hurd’s approach, it does not require a complete formalisation of measure theory: it is built
upon a Coq axiomatisation of the interval [0, 1] and it interprets randomised programs as
(discrete) probability distributions.
Still using the Coq formal proof assistant, Affeldt, Hagiwara and Sénizergues [1] developed
the Infotheo library8 that provides a formalisation of information theory. This library comes
with a formalisation of finite probability theory and strongly relies on the theories of the
MathComp library9.
For developing our library on random Boolean games, we have chosen to rely on the
Infotheo library. Even though it only deals with finite probability, this setting was sufficient
for formalising our results and, further, it allowed us to benefit from the facilities of the
SSReflect/MathComp library. In the rest of this section, we shall summarise the main
notions that we used from the MathComp library and present our related contributions (in
Section 6.2), then describe the overall setup of the Infotheo probability theory and present
our related contributions (in Section 6.3).
7 https://www.lri.fr/~paulin/ALEA/
8 https://staff.aist.go.jp/reynald.affeldt/shannon
9 https://mathcomp.github.io/mathcomp/
6.2
MathComp and Our Related Contributions
The MathComp library was born in the Mathematical Components project, which aimed at
formalising the Odd Order Theorem in the Coq proof assistant [9], while organising formal
proofs into components to get a reusable library of mathematical facts. It is built upon
SSReflect, an extension of Coq’s proof language that has a native support for the socalled
small scale reflection (and in particular Boolean reflection) and often leads to concise proof
scripts.
For our library of random Boolean games, we have been especially using the following
libraries: (i) fintype for finite types with decidable equality, (ii) finfun for functions over
finite domains, (iii) finset for finite sets, (iv) bigop for properties on “bigoperators”.
Bigoperators and rewriting under lambdas
Regarding bigoperators such as P, Q, T or S, they are formalised in MathComp as a
higherorder function bigop that takes several arguments, including a function that specifies
the “domain predicate” and the “general term”. For example, the sum
4
X i2
ii=od1d
can be formally written as \sum_(1 <= i < 5  odd i) i^2, which amounts to the
following term if we get rid of the \sum notation:
bigop 0 ( index_iota 1 5) ( fun i: nat => BigBody i addn ( odd i) (i ^2))
If we want to transform such a bigoperator expression by rewriting its domain predicate or
general term, the following two MathComp lemmas on bigoperators can be used.
eq_bigr :
forall (R : Type ) ( idx : R) ( op : R > R > R) (I : Type )
(r : seq I) (P : pred I) ( F1 F2 : I > R),
( forall i : I , P i > F1 i = F2 i) >
\ big [ op / idx ]_(i < r  P i) F1 i = \ big [ op / idx ]_(i < r  P i) F2 i
eq_bigl :
forall (R : Type ) ( idx : R) ( op : R > R > R) (I : Type )
(r : seq I) ( P1 P2 : pred I) (F : I > R),
P1 =1 P2 >
\ big [ op / idx ]_(i < r  P1 i) F i = \ big [ op / idx ]_(i < r  P2 i) F i
Still, applying them directly would require to provide the entire term corresponding to the
function we want to obtain.
We thus developed a Coq tactic “under” for rewriting under the lambdas of bigoperators.
A generalised version of our tactic, also applicable for MathComp notions such as matrices,
polynomials, and so on, is available online at https://github.com/erikmd/ssrundertac
and we plan to submit it for possible inclusion in MathComp.
Below is a typical example of use for that generalised implementation of the under tactic.
the proof script
will yield the following goal:
For a goal that looks like
A : finType
n : nat
F : A > nat
========================================================
0 <= \ sum_ (0 <= k < n)
\ sum_ (J in { set A}  # J :&: [ set : A ] == k)
\ sum_ (j in J) F j
under eq_bigr [k Hk ] under eq_bigl [J] rewrite setIT .
A : finType
n : nat
F : A > nat
========================================================
0 <= \ sum_ (0 <= k < n)
\ sum_ (J in { set A}  # J == k)
\ sum_ (j in J) F j
Dependent product of finTypes
MathComp has builtin support for finite functions: for any (A:finType) and (T:Type), the
notation {ffun A > T} stands for the type of finite functions from A to T. If n denotes the
cardinal of A, these functions are represented by a ntuple of elements of T, which allows one
to obtain convenient properties such as the extensionality of finite functions, which wouldn’t
hold otherwise in the constructive, intensional logic of Coq.
If T is also a finite type, then the MathComp library allows one to automatically retrieve
(thanks to type inference and socalled canonical structures) a finite type structure for the
type {ffun A > T} itself. Thus, this construct amounts to the nondependent product of a
finType.
However, for formalising our results and in particularly to construct the type Ω0 that
appears in Section 4, we have been led to formalise the dependent product of a finite family
of finite types. This material is gathered in a file fprod.v which provides a type fprod,
some notations in MathComp style and several support results such as lemmas fprodP and
fprodE, whose signature is as follows:
fprod : forall I : finType , (I > finType ) > finType
fprodP : forall (I : finType ) ( T_ : I > finType ) ( f1 f2 : fprod I T_ ),
( forall x : I , f1 x = f2 x) <> f1 = f2
fprodE : forall (I : finType ) ( T_ : I > finType )
(g : forall i : I , T_ i) (x : I),
[ fprod i => g i] x = g x
This theory involves proofs with dependent types, and to facilitate the formalisation process we
tried to follow a MathComp formalisation style as much as possible, by using finite functions,
records with Boolean conditions, and so on. This enabled us to rely on extensionality
of functions, the AltenkirchStreicher K axiom and proof irrelevance, which can be used
“axiomfree” in the decidable fragment of MathComp finTypes.
6.3
Infotheo and Our Related Contributions
The Infotheo library relies on MathComp as well as the Reals theory from Coq’s standard
library. Among the Infotheo theories, the proba theory was the starting point of our
formalisation. It first defines distributions as a dependent record dist, gathering a function
pmf that gives the probability of each elementary event, and a proof that the sum of these
probabilities is equal to 1:
Record dist (A : finType ) :=
mkDist { pmf :> A > R+ ;
pmf1 : \ rsum_ (a in A) pmf a = 1 }.
Then, it defines the probability of a subset of A as the sum of the probabilities of all elementary
events in A:
Definition Pr (A : finType ) (P : dist A) (E : { set A }) :=
\ rsum_ (a in E) P a.
Then, basic properties of probability and expectation are provided in this setting.
On top of the Infotheo theories, we have developed the following contributions:
(i) a formalisation of the pushforward distribution dist_img with the associated lemma
Lemma Pr_dist_img :
forall {A B : finType } (X : A > B) ( PA : dist A) (E : { set B }) ,
Pr ( dist_img X PA ) E = Pr PA (X @ ^ 1: E ).
(ii) a formal proof of a general version of the inclusion–exclusion theorem that we presented
above in Theorem 6; (iii) the product distribution of a family of distributions, whose signature
is as follows:
ProductDist .d :
forall (I : finType ) ( T_ : I > finType ),
( forall i : I , dist ( T_ i )) > dist ( fprod I T_ )
The associated independence result was presented above as Lemma 23.
7
Conclusion
In this work, we used the basics of the theory of Boolean games. In this sense, our work is
obviously related to this area. But to the best of our knowledge, the idea of using probability
theory applied to a certain class of Boolean games as a whole (in difference from merely
random strategies) is new. The analysis of the whole class of games permits to discover some
quantitative properties of these games that would be difficult to discover in the study of an
individual game.
Furthermore, we used type theory and interactive theorem proving to formalise our results
in order to give strong guarantees on their correctness as well as to extend existing formal
libraries with new items.
In particular, we have proved a closed formula for the probability of existence of winning
strategies in those random Boolean games. We specialised this result with a probability
distribution on Boolean functions that are generated by a Bernoulli scheme on Boolean
vectors with any probability p as parameter (it can be noted that this setting subsumes
the simpler case where all Boolean functions have the same probability: this latter case
corresponds to choosing p = 21 in our setting).
In this paper our methods remained elementary, but they permitted to estimate the
relative importance of the cases where the players use simultaneous and alternative moves.
Another interesting phenomenon seems to us to be the growth of probability of the win as
function of the information about the choices of the opponent. Essentially, it is much faster
than usual 2s where s is the quantity of information (number of extra bits) known by the
player. This phenomenon emphasises the difference between the information that is required
for winning and the “measure of knowledge” of the opponent and its strategies.
We already mentioned the interest of machine checked verification for the games between
autonomous programs (embedded systems).
As a future work, we plan to consider more general classes of probability distributions
and explore the “weight” of information with respect to winning in this more general setting.
We plan also to consider more closely the connection with algorithmic games [6].
1
2
3
4
5
6
7
8
9
10
11
A
NonGuaranteed Win: When the Order of Choices Matters
Let us consider an example of three variables a, b, c and two players, Alice who controls a
and Bob who controls b, c. Let us consider all possible Boolean functions as payoff functions.
There are 256 that may be identified with the subsets of the nodes of the cube below. Each
subset is interpreted as the disjunction of the conjunctions in the nodes.
abc
abc
abc
abc
abc
abc
abc
abc
It makes sense to analyse this situation in a purely combinatorial way before we consider
randomly generated payoff functions. We notice the following facts:
Alice has an unconditionally winning strategy in 31 cases (these cases correspond to all
subsets that contain all nodes of either the face with a or the face with a; the number of
subsets is easily counted by the formula of inclusionsexclusions).
Bob has an unconditionally winning strategy in 175 cases (the cases correspond to the
subsets that do not intersect with one of the four edges defined by the choice of two
literals among b, c, b, c; the number is counted as above).
There are 50 cases when neither Alice nor Bob has an unconditionally winning strategy.
In these cases the order of choice matters:
If Alice chooses the value of a first, then Bob has a winning strategy (he may win in
all these cases).
Similarly, if Bob chooses the values of b, c first then Alice may win in all these cases.
Now let us consider in more detail the case where the order of choices is B − A − B. In fact,
here we need to distinguish three subcases:
1. Bob may give a value to any of b, c at his first step.
2. At his first step, Bob gives a value to b, and at his second to c.
3. At his first step, Bob gives a value to c, and at his second to b.
It can be noted that these three variants may correspond to preferences or to obligations
(extra constraints) concerning Bob, in line with the remark at the end of Section 4 (page 12).
We elaborate on these three subcases below.
1. The choice of Bob may be interpreted as the selection of one of the four faces of the cube
that corresponds to b, b, c, c respectively. There are four cases when Alice may win if she
knows the first choice of Bob. One subset is shown below in bold, other are obtained by
rotation. (We exclude the cases of unconditional win that were counted before.)
abc
abc
abc
abc
abc
abc
abc
abc
In the case displayed above, if Bob has chosen b = true then Alice has to choose a = true
and wins because the remaining formula will be c ∨ c.
2. If at the first step Bob must choose the value of b, then it may be seen as the choice of one
of the two faces of the cube that correspond to b or b. This gives Alice more possibilities
to win. Indeed, she may win if the subset of nodes includes either abc, abc, abc, abc or
abc, abc, abc, abc. We may add one or more nodes to each subset of four, but if we exclude
the previously considered cases, we shall have 12 more cases when Alice may win.
3. Similar analysis shows that it will be 12 cases (not considered previously) where Alice
may win if Bob must choose the value of c first.
It is important to notice that the choices of Alice and Bob are not necessarily interpreted
as the choices of logical values of a, b, c. This model may be used to model any binary choice.
Indeed, let a = true mean the choice of some value va and a = false mean the choice of va0
by Alice. Similarly, Bob may choose one of vb, vb0 and one of vc, vc0. Instead of conjunction
of literals (e.g., abc) let us take for each such conjunction a predicate10 Pabc(x, y, z) which
is true if and only if x = va, y = vb0, z = vc0. Instead of considering the disjunction of these
conjunctions, let us take the disjunction of corresponding predicates. It appears that the
logical value of the result will exactly be the logical value of the payoff function represented
by the DNF (or Boolean function).
The roles of Alice and Bob may be seen as the roles of “coaches” who choose the players
for a series of matches. Alice wins if her “champion” wins at least one match. Also, to come
back to the situation with random payoff functions, it makes perfect sense that in a real
tournament the coach cannot know in advance which matches will be necessary to play.
10 defined for (x, y, z) ∈ {va, va0} × {vb, vb0} × {vc, vc0}
The same idea may be used to model markets (the choice a = true may mean that Alice
orders to buy a certain product a, a = false that she orders to sell, and the presence of abc
that she makes profit when she buys at the same time when Bob sells his two products).
This analysis also clearly shows what may be the role of introduction of random choice of
payoff functions. It takes into account certain amount of unpredictability in a real situation.
Notice that it does not eliminate some “geometric flavour” displayed in the above example.
However, as we emphasised before, we intend to use probability mostly for the analysis of
the totality of games with all possible Boolean functions as payoff, rather than for considering
one game with a randomlychosen payoff function (though this may sometimes make sense).
The choice of probability distribution will influence the relative “weight” of the cases that
we considered above in a purely combinatorial way, and has to be taken into account when
additional conditions are considered, such as the order of moves or access to the information.
For example, if the probability parameter p takes a value of 12 (i.e., if we focus on the
instance P3; 12 of the Bernoulli process presented in Section 3), this will give the uniform
distribution on the 256 cases considered in the appendix.
Reynald Affeldt , Manabu Hagiwara, and Jonas Sénizergues . Formalization of Shannon's theorems . J. Autom. Reasoning , 53 ( 1 ): 63  103 , 2014 . doi: 10 .1007/s1081701392981.
Philippe Audebaud and Christine PaulinMohring. Proofs of randomized algorithms in Coq . Sci. Comput . Program., 74 ( 8 ): 568  589 , 2009 . doi: 10 .1016/j.scico. 2007 . 09 .002.
Élise Bonzon . Modélisation des interactions entre agents rationnels : les jeux booléens . PhD thesis , Université Toulouse III  Paul Sabatier , Toulouse, France, 2007 .
Julian C. Bradfield , Julian Gutierrez, and Michael Wooldridge . Partialorder Boolean games: informational independence in a logicbased model of strategic interaction . Synthese , 193 ( 3 ): 781  811 , 2016 . doi: 10 .1007/s112290150991y.
The Coq Development Team. The Coq Proof Assistant: Reference Manual: version 8 .8, 2018 . URL: https://coq.inria.fr/distrib/V8.8.0/refman/.
Evgeny Dantsin , JanGeorg Smaus , and Sergei Soloviev . Algorithms in Games Evolving in Time: Winning Strategies Based on Testing . In Isabelle Users Workshop  ITP 2012 , 2012 .
18 pages.
In José Júlio Alferes and João Alexandre Leite, editors, Logics in Artificial Intelligence, 9th European Conference, JELIA 2004 , Lisbon, Portugal, September 2730 , 2004 , Proceedings, volume 3229 of Lecture Notes in Computer Science, pages 347  359 . Springer, 2004 . doi: 10 .1007/9783 540 302278_ 30 .
Danièle Gardy . Random Boolean expressions . In René David, Danièle Gardy, Pierre Lescanne, and Marek Zaionc, editors, Computational Logic and Applications , CLA ' 05 , volume AF of DMTCS Proceedings , pages 1  36 , Chambéry, France, 2006 . Discrete Mathematics and Theoretical Computer Science.
Georges Gonthier , Andrea Asperti, Jeremy Avigad, Yves Bertot, Cyril Cohen, François Garillot, Stéphane Le Roux, Assia Mahboubi, Russell O'Connor , Sidi Ould Biha, Ioana Pasca, Laurence Rideau, Alexey Solovyev, Enrico Tassi, and Laurent Théry . A MachineChecked Proof of the Odd Order Theorem . In Sandrine Blazy, Christine PaulinMohring, and David Pichardie, editors, Interactive Theorem Proving  4th International Conference, ITP 2013 , Rennes, France, July 2226 , 2013 . Proceedings, volume 7998 of Lecture Notes in Computer Science, pages 163  179 . Springer, 2013 . doi: 10 .1007/9783 642 396342_ 14 .
Paul Harrenstein . Logic in Conflict. Logical Explorations in Strategic Equilibrium. PhD thesis , Utrecht University, 2004 .
Paul Harrenstein , Wiebe van der Hoek, JohnJules Meyer, and Cees Witteveen. Boolean Games . In J. van Benthem, editor, Proceedings of the 8th International Conference on Theoretical Aspects of Rationality and Knowledge (TARK'01) , pages 287  298 , San Francisco, 2001 . Morgan Kaufmann.
Osman Hasan and Sofiène Tahar . Using theorem proving to verify expectation and variance for discrete random variables . J. Autom. Reasoning , 41 ( 34 ): 295  323 , 2008 . doi: 10 .1007/ s1081700891136.
Joe Hurd . Formal verification of probabilistic algorithms . PhD thesis , University of Cambridge, 2002 .
Erik MartinDorel and Sergei Soloviev. erikmd/coqboolgames: BoolGames , 2018 . doi: 10 .5281/zenodo.1317609.
Tarek Mhamdi , Osman Hasan, and Sofiène Tahar . On the formalization of the Lebesgue integration theory in HOL . In Matt Kaufmann and Lawrence C. Paulson, editors, Interactive Theorem Proving , First International Conference, ITP 2010, Edinburgh , UK , July 1114 , 2010 . Proceedings, volume 6172 of Lecture Notes in Computer Science, pages 387  402 . Springer, 2010 . doi: 10 .1007/9783 642 140525_ 27 .
Journal of Mathematics and Physics , 21 : 83  93 , 1942 .