PRISM-games Model Checker

Updated 24 January 2026

PRISM-games is a formal verification tool for multi-agent probabilistic systems that supports stochastic and interval games with both adversarial and cooperative objectives.
It employs an advanced extension of rPATL logic to specify quantitative temporal properties and equilibrium-based outcomes.
Its scalable algorithms use linear programming, SMT, and nonlinear programming to efficiently verify and synthesize strategies even in large state spaces.

The PRISM-games model checker is a formal verification and strategy synthesis tool for multi-agent, probabilistic systems with competitive or cooperative dynamics. Extending the established PRISM platform, PRISM-games offers comprehensive support for stochastic games, enabling automated analysis against quantitative temporal logic specifications, including both zero-sum and nonzero-sum objectives through coalitional and equilibrium-based reasoning. Its theoretical foundations, algorithms, and tool architecture collectively enable advanced reasoning about rational autonomous agents, concurrent stochastic phenomena, and robust decision-making under uncertainty.

1. Formal Models Supported

PRISM-games generalizes probabilistic model checking to encompass sophisticated multi-agent scenarios. The main classes of supported models are:

Markov Decision Processes (MDPs): $M=(S,s_0,\mathrm{Act},P,\mathrm{AP},L)$ , with $P:S\times\mathrm{Act}\rightarrow\mathrm{Dist}(S)$ (Kwiatkowska et al., 2021).
Partially Observable MDPs (POMDPs): Extend MDPs with observations $(\Omega,O)$ .
Turn-based Stochastic Games (TSGs): $G=(S,s_0,\mathrm{Act}_1,\mathrm{Act}_2,T,\mathrm{AP},L)$ ; players alternate control.
Concurrent Stochastic Games (CSGs): $G=(N,S,s_0,A,\Delta,\delta,\mathcal{R})$ , with $N$ players choosing actions concurrently and probabilistic transitions $\delta:S\times A\rightarrow\mathrm{Dist}(S)$ ; supports reward structures $r=(r_S,r_A)$ (Kwiatkowska et al., 2022, Kwiatkowska et al., 2020, Kwiatkowska et al., 2020).

For robust verification, PRISM-games supports interval CSGs (ICSGs) in which transitions are specified by intervals $[P̌(s,a,s'), P̂(s,a,s')]$ to capture epistemic uncertainty over probabilities (He et al., 17 Jan 2026). This enables analysis under worst-case (“nature”/adversarial) assumptions about the realisation of probabilistic dynamics.

2. Specification Logics and Expressiveness

The specification formalism at the heart of PRISM-games is an extension of probabilistic alternating-time temporal logic with rewards (rPATL), equipped with both coalitional and equilibrium quantifiers (Kwiatkowska et al., 2022, Kwiatkowska et al., 2020, Kwiatkowska et al., 2020, Kwiatkowska et al., 2018).

Syntax Extensions:

Coalitional quantification: $\langle\!\langle C\rangle\!\rangle P_{\sim q}[\psi]$ , where coalition $C$ can ensure the path property $\psi$ holds with probability $\sim q$ .
Reward objectives: $\langle\!\langle C\rangle\!\rangle R^r_{\sim x}[\rho]$ for expected accumulated or cumulative reward specification.
Equilibrium quantification:
- Nash equilibrium: $\langle\!\langle C_1:\cdots:C_m\rangle\!\rangle_{\mathrm{opt}\sim x}[\theta]$ expresses the existence of a subgame-perfect Nash or correlated equilibrium over coalition partition $\mathbb{C}$ with optimality criteria social welfare ( $\mathrm{SW}$ ) or social fairness ( $\mathrm{SF}$ ) (Kwiatkowska et al., 2022).
- Multi-coalitional extensions generalize rPATL to $m$ coalitions and sum objectives, e.g. $\langle\!\langle C_1:\cdots:C_m\rangle\!\rangle_{\max\geq x} \theta$ (Kwiatkowska et al., 2020).

Semantics: All operators are evaluated with respect to randomized, history-dependent strategies. Equilibrium properties reference subgame-perfect $\varepsilon$ -Nash equilibria (NE) or correlated equilibria (CE), maximizing social welfare (SWNE/SWCE) or social fairness (SFNE/SFCE).

This framework allows expressing both adversarial (zero-sum), collaborative (coalitional), and rational competitive (nonzero-sum/equilibrium) verification objectives over finite- and infinite-horizon properties, with probabilistic and reward-based quantitative reasoning (Kwiatkowska et al., 2021, Kwiatkowska et al., 2022).

3. Core Verification and Strategy Synthesis Algorithms

PRISM-games internally reduces model-checking and synthesis to recursive and iterative numerical games over normal-form subgames:

Zero-sum analysis reduces to repeated solution of matrix games via linear programming (LP), implementing value-iteration or backward induction for the fixpoint equations in MDPs and TSGs (Kwiatkowska et al., 2021, Kwiatkowska et al., 2020).
Nonzero-sum/equilibrium analysis entails solving bimatrix (two-player) or multi-matrix (multi-player) normal-form games for Nash equilibria:
- Bimatrix games: Enumerates all NE supports using the labelled polytope/Lemke–Howson method or SMT encodings (Z3/Yices), selecting the SWNE (Kwiatkowska et al., 2018, Kwiatkowska et al., 2020).
- $m$ -player games: Support enumeration with nonlinear programming (Ipopt) under SMT-based feasibility checks (Z3), then select optimal equilibria (Kwiatkowska et al., 2020).
- Correlated equilibria: Linear programming over joint-action distributions subject to incentive constraints (Kwiatkowska et al., 2022).
Infinite-horizon properties: Approximated by value iteration. Subgame-perfect equilibria for undiscounted infinite-horizon objectives are only guaranteed when certain regularity conditions hold (e.g., stopping games). Convergence is uniform in finite models for both zero-sum and nonzero-sum cases (Kwiatkowska et al., 2020, Kwiatkowska et al., 2018).
Robust (ICSG) analysis: Inner minimization/maximization over interval transitions is handled by greedy allocation (IMDP-style), and the entire CSG is lifted to a 3-player game for robust equilibrium computation (He et al., 17 Jan 2026).

Algorithmic Complexity: Equilibrium and especially multi-player NE computation is PPAD-complete to PSPACE-hard per state; LP and SMT overheads are mitigated by dominance filtering, caching, and multithreading. Zero-sum queries are solved in polynomial time for MDPs/TSGs, but nonzero-sum CSGs are tractable in practice up to millions of states for a small number of players (Kwiatkowska et al., 2020, Kwiatkowska et al., 2020, Kwiatkowska et al., 2018, He et al., 17 Jan 2026).

4. Language, Toolchain, and Implementation Details

PRISM-games extends the modular guarded-command PRISM modeling language:

Modules: Each player/component is a module specifying local state and transitions.
Actions and synchronization: Concurrent moves encoded by $[a_1,\dots,a_n]$ labels.
Reward structures: State and action rewards may depend on global state and action tuples.
Partial observability: Supported via observation variables and distributions (Kwiatkowska et al., 2021).

Property specification uses extended rPATL syntax, embedding both coalitional and equilibrium operators (Kwiatkowska et al., 2020).

Robust CSGs use explicit interval transitions in the syntax:

1	[a] s=0 → [0.7,0.9] : (s'=2) + [0.1,0.3] : (s'=1);

(He et al., 17 Jan 2026)

Implementation architecture:

Explicit state, action, and reward structures (Java, sparse matrices).
Model checking kernel orchestrates LP solvers (LPSolve/GLPK), SMT engines (Z3/Yices) for NE computation, NLP (Ipopt) for $m$ -player equilibria, and IMDP routines for robust inner optimization.
Per-state and per-iteration caching, multithreading, and modular solver architecture.
Output includes numerical results and synthesized strategies (distributions over actions per state), exportable in various formats for simulation or further analysis (Kwiatkowska et al., 2020, Kwiatkowska et al., 2022).

5. Case Studies, Benchmark Results, and Scalability

PRISM-games has been evaluated across diverse domains:

Case Study	Players	States/Transitions	Objective Type	Solve Time	Reference
Robot grid navigation	2–4	up to 330k/23M	Reachability, reward, SWNE	< 6 min	(Kwiatkowska et al., 2020)
ALOHA protocol	3–5	up to 2.2M	Deadlines, Nash, CE/NE	< 1 hr	(Kwiatkowska et al., 2020)
Public good, secret sharing	3–5	up to 279k	Social-welfare NE	~24 min	(Kwiatkowska et al., 2020)
Power control/media access	2–4	100s–1M	Nash, correlated, rewards	seconds–mins	(Kwiatkowska et al., 2022)
ICSG (Robust) navigation	2–7	up to 330k	Min-max, robust NE	< 2× CSG	(He et al., 17 Jan 2026)

Zero-sum MDP/TSG properties are solved in seconds to minutes for 10k–1M states. Nonzero-sum equilibrium synthesis is typically 3–6× more expensive, but tractable in practice for models with up to several million states and a few players. Robust ICSGs incur at most $2\times$ overhead for zero-sum and remain feasible up to mid-scale for robust NE (He et al., 17 Jan 2026).

6. Limitations and Research Directions

Known limitations:

State-space explosion constrains scalability for high-dimensional or large-population models.
Exact solution of POMDPs is undecidable; CSG NE computation is computationally hard for $n\geq 3$ .
Existence and structure of subgame-perfect NE for infinite-horizon, undiscounted properties remains an open mathematical problem.
Robust NE synthesis overhead grows with uncertainty, model size, and the precision parameter $\epsilon$ (Kwiatkowska et al., 2021, Kwiatkowska et al., 2022, He et al., 17 Jan 2026).

Active and future research themes:

Symbolic and abstraction-refinement algorithms for stochastic games.
Compositional and assume-guarantee reasoning for scalable verification.
Full integration with learning-based (neuro-symbolic) components and continuous domains.
Equilibria with additional constraints (e.g., fairness, correlation, mechanism design).
Efficient algorithms for multi-objective, partial-information, and robust equilibria (Kwiatkowska et al., 2021, He et al., 17 Jan 2026, Kwiatkowska et al., 2022).

7. Extensions: DGRW and Probabilistic LTL Synthesis

As of (Chatterjee et al., 2013), PRISM-games supports probabilistic model checking and synthesis for LTL(F,G) properties via a Safraless translation to deterministic automata with generalized Rabin pairs (DGRW). By leveraging DGRW instead of classical Rabin automata, the product state space is reduced, enabling dramatic speed-ups (up to orders of magnitude) for both probabilistic model checking of MDPs and stochastic games. This extension is integrated as a dedicated engine; automata are generated using the Rabinizer library and the tool invokes DGRW-aware solution routines to avoid exponential degeneralization overhead (Chatterjee et al., 2013).

In summary, PRISM-games constitutes a comprehensive, formally grounded platform for analysis and synthesis in probabilistic, concurrent, and game-theoretic multi-agent systems, supporting both classical and robust (interval-uncertain) models, advanced temporal logic specifications, equilibrium-based reasoning, and a rich spectrum of practical verification and synthesis applications (Kwiatkowska et al., 2021, Kwiatkowska et al., 2020, Kwiatkowska et al., 2018, Kwiatkowska et al., 2020, Kwiatkowska et al., 2022, Chatterjee et al., 2013, He et al., 17 Jan 2026).