logics for hyperproperties
play

Logics for Hyperproperties Martin Zimmermann Saarland University - PowerPoint PPT Presentation

Oct 16, 2023 •6 likes •1.11k views

Logics for Hyperproperties Martin Zimmermann Saarland University May, 19th 2017 Centre Fdr en Vrification, Brussels, Belgium Martin Zimmermann Saarland University Logics for Hyperproperties 1/40 Hyperproperties I secret O secret S

  1. What about Finite Models? Fix AP = { a } and consider the conjunction ϕ of ∀ π. ( ¬ a π ) U ( a π ∧ X G ¬ a π ) ∃ π. a π ∀ π. ∃ π ′ . F ( a π ∧ X a π ′ ) { a } ∅ ∅ ∅ ∅ ∅ ∅ ∅ · · · ∅ { a } ∅ ∅ ∅ ∅ ∅ ∅ · · · ∅ ∅ { a } ∅ ∅ ∅ ∅ ∅ · · · . . . . . . . . . . . . . . . . . . . . . . . . The unique model of ϕ is {∅ n { a } ∅ ω | n ∈ N } . Theorem There is a satisfiable HyperLTL sentence that is not satisfied by any finite set of traces. Martin Zimmermann Saarland University Logics for Hyperproperties 13/40

  2. What about Countable Models? Theorem Every satisfiable HyperLTL sentence has a countable model. Martin Zimmermann Saarland University Logics for Hyperproperties 14/40

  3. What about Countable Models? Theorem Every satisfiable HyperLTL sentence has a countable model. Proof W.l.o.g. ϕ = ∀ π 0 . ∃ π ′ 0 . · · · ∀ π k . ∃ π ′ k . ψ with quantifier-free ψ . Fix a Skolem function f j for every existentially quantified π ′ j . Martin Zimmermann Saarland University Logics for Hyperproperties 14/40

  4. What about Countable Models? Theorem Every satisfiable HyperLTL sentence has a countable model. Proof W.l.o.g. ϕ = ∀ π 0 . ∃ π ′ 0 . · · · ∀ π k . ∃ π ′ k . ψ with quantifier-free ψ . Fix a Skolem function f j for every existentially quantified π ′ j . t Martin Zimmermann Saarland University Logics for Hyperproperties 14/40

  5. What about Countable Models? Theorem Every satisfiable HyperLTL sentence has a countable model. Proof W.l.o.g. ϕ = ∀ π 0 . ∃ π ′ 0 . · · · ∀ π k . ∃ π ′ k . ψ with quantifier-free ψ . Fix a Skolem function f j for every existentially quantified π ′ j . f 0 ( t ) f k ( t , . . . , t ) t f 1 ( t , t ) · · · Martin Zimmermann Saarland University Logics for Hyperproperties 14/40

  6. What about Countable Models? Theorem Every satisfiable HyperLTL sentence has a countable model. Proof W.l.o.g. ϕ = ∀ π 0 . ∃ π ′ 0 . · · · ∀ π k . ∃ π ′ k . ψ with quantifier-free ψ . Fix a Skolem function f j for every existentially quantified π ′ j . t Martin Zimmermann Saarland University Logics for Hyperproperties 14/40

  7. What about Countable Models? Theorem Every satisfiable HyperLTL sentence has a countable model. Proof W.l.o.g. ϕ = ∀ π 0 . ∃ π ′ 0 . · · · ∀ π k . ∃ π ′ k . ψ with quantifier-free ψ . Fix a Skolem function f j for every existentially quantified π ′ j . · · · · · · t Martin Zimmermann Saarland University Logics for Hyperproperties 14/40

  8. What about Countable Models? Theorem Every satisfiable HyperLTL sentence has a countable model. Proof W.l.o.g. ϕ = ∀ π 0 . ∃ π ′ 0 . · · · ∀ π k . ∃ π ′ k . ψ with quantifier-free ψ . Fix a Skolem function f j for every existentially quantified π ′ j . · · · · · · t The limit is a model of ϕ and countable. Martin Zimmermann Saarland University Logics for Hyperproperties 14/40

  9. What about Regular Models? Theorem There is a satisfiable HyperLTL sentence that is not satisfied by any ω -regular set of traces. Martin Zimmermann Saarland University Logics for Hyperproperties 15/40

  10. What about Regular Models? Theorem There is a satisfiable HyperLTL sentence that is not satisfied by any ω -regular set of traces. Proof Express that a model T contains.. 1. .. ( { a }{ b } ) n ∅ ω for every n . Martin Zimmermann Saarland University Logics for Hyperproperties 15/40

  11. What about Regular Models? Theorem There is a satisfiable HyperLTL sentence that is not satisfied by any ω -regular set of traces. Proof { a } { b } { a } { b } { a } { b } ∅ ω Express that a model T contains.. 1. .. ( { a }{ b } ) n ∅ ω for every n . Martin Zimmermann Saarland University Logics for Hyperproperties 15/40

  12. What about Regular Models? Theorem There is a satisfiable HyperLTL sentence that is not satisfied by any ω -regular set of traces. Proof { a } { b } { a } { b } { a } { b } ∅ ω Express that a model T contains.. 1. .. ( { a }{ b } ) n ∅ ω for every n . 2. .. for every trace of the form x { b }{ a } y in T , also the trace x { a }{ b } y . Martin Zimmermann Saarland University Logics for Hyperproperties 15/40

  13. What about Regular Models? Theorem There is a satisfiable HyperLTL sentence that is not satisfied by any ω -regular set of traces. Proof { a } { b } { a } { b } { a } { b } ∅ ω Express that a model T contains.. 1. .. ( { a }{ b } ) n ∅ ω for every n . { a } { a } { b } { b } { a } { b } ∅ ω 2. .. for every trace of the form x { b }{ a } y in T , also the trace x { a }{ b } y . Martin Zimmermann Saarland University Logics for Hyperproperties 15/40

  14. What about Regular Models? Theorem There is a satisfiable HyperLTL sentence that is not satisfied by any ω -regular set of traces. Proof { a } { b } { a } { b } { a } { b } ∅ ω Express that a model T contains.. 1. .. ( { a }{ b } ) n ∅ ω for every n . { a } { a } { b } { b } { a } { b } ∅ ω 2. .. for every trace of the form { a } { a } { b } { a } { b } { b } ∅ ω x { b }{ a } y in T , also the trace x { a }{ b } y . Martin Zimmermann Saarland University Logics for Hyperproperties 15/40

  15. What about Regular Models? Theorem There is a satisfiable HyperLTL sentence that is not satisfied by any ω -regular set of traces. Proof { a } { b } { a } { b } { a } { b } ∅ ω Express that a model T contains.. 1. .. ( { a }{ b } ) n ∅ ω for every n . { a } { a } { b } { b } { a } { b } ∅ ω 2. .. for every trace of the form { a } { a } { b } { a } { b } { b } ∅ ω x { b }{ a } y in T , also the trace x { a }{ b } y . { a } { a } { a } { b } { b } { b } ∅ ω Martin Zimmermann Saarland University Logics for Hyperproperties 15/40

  16. What about Regular Models? Theorem There is a satisfiable HyperLTL sentence that is not satisfied by any ω -regular set of traces. Proof { a } { b } { a } { b } { a } { b } ∅ ω Express that a model T contains.. 1. .. ( { a }{ b } ) n ∅ ω for every n . { a } { a } { b } { b } { a } { b } ∅ ω 2. .. for every trace of the form { a } { a } { b } { a } { b } { b } ∅ ω x { b }{ a } y in T , also the trace x { a }{ b } y . { a } { a } { a } { b } { b } { b } ∅ ω Then, T ∩ { a } ∗ { b } ∗ ∅ ω = {{ a } n { b } n ∅ ω | n ∈ N } is not ω -regular. Martin Zimmermann Saarland University Logics for Hyperproperties 15/40

  17. What about Ultimately Periodic Models? Theorem There is a satisfiable HyperLTL sentence that is not satisfied by any set of traces that contains an ultimately periodic trace. Martin Zimmermann Saarland University Logics for Hyperproperties 16/40

  18. What about Ultimately Periodic Models? Theorem There is a satisfiable HyperLTL sentence that is not satisfied by any set of traces that contains an ultimately periodic trace. One can even encode the prime numbers in HyperLTL! Martin Zimmermann Saarland University Logics for Hyperproperties 16/40

  19. References Bernd Finkbeiner and Martin Zimmermann. The first-order logic of hyperproperties. In Proceedings of STACS 2017 . Martin Zimmermann Saarland University Logics for Hyperproperties 17/40

  20. Outline 1. HyperLTL 2. The Models Of HyperLTL 3. HyperLTL Satisfiability 4. HyperLTL Model-checking 5. The First-order Logic of Hyperproperties 6. Conclusion Martin Zimmermann Saarland University Logics for Hyperproperties 18/40

  21. Undecidability The HyperLTL satisfiability problem: Given ϕ , is there a non-empty set T of traces with T | = ϕ ? Theorem HyperLTL satisfiability is undecidable. Martin Zimmermann Saarland University Logics for Hyperproperties 19/40

  22. Undecidability The HyperLTL satisfiability problem: Given ϕ , is there a non-empty set T of traces with T | = ϕ ? Theorem HyperLTL satisfiability is undecidable. Proof: By a reduction from Post’s correspondence problem. Example Blocks ( a , baa ) ( ab , aa ) ( bba , bb ) Martin Zimmermann Saarland University Logics for Hyperproperties 19/40

  23. Undecidability The HyperLTL satisfiability problem: Given ϕ , is there a non-empty set T of traces with T | = ϕ ? Theorem HyperLTL satisfiability is undecidable. Proof: By a reduction from Post’s correspondence problem. Example Blocks ( a , baa ) ( ab , aa ) ( bba , bb ) A solution: a a a a b b b b b a a a a b b b b b Martin Zimmermann Saarland University Logics for Hyperproperties 19/40

  24. Undecidability The HyperLTL satisfiability problem: Given ϕ , is there a non-empty set T of traces with T | = ϕ ? Theorem HyperLTL satisfiability is undecidable. Proof: By a reduction from Post’s correspondence problem. Example Blocks ( a , baa ) ( ab , aa ) ( bba , bb ) A solution: a a a a b b b b b a a a a b b b b b Martin Zimmermann Saarland University Logics for Hyperproperties 19/40

  25. Undecidability 1. There is a (solution) trace where top matches bottom. Martin Zimmermann Saarland University Logics for Hyperproperties 20/40

  26. Undecidability { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω 1. There is a (solution) trace where top matches bottom. Martin Zimmermann Saarland University Logics for Hyperproperties 20/40

  27. Undecidability { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω 1. There is a (solution) trace where top matches bottom. 2. Every trace is finite and starts with a block or is empty . Martin Zimmermann Saarland University Logics for Hyperproperties 20/40

  28. Undecidability { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω 1. There is a (solution) trace where top matches bottom. 2. Every trace is finite and starts with a block or is empty . Martin Zimmermann Saarland University Logics for Hyperproperties 20/40

  29. Undecidability { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω 1. There is a (solution) trace where top matches bottom. 2. Every trace is finite and starts with a block or is empty . 3. For every non-empty trace, the trace obtained by removing the first block also exists. Martin Zimmermann Saarland University Logics for Hyperproperties 20/40

  30. Undecidability { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω 1. There is a (solution) trace where top { a } { b } { b } { b } { a } { a } ∅ ω ∅ ∅ ∅ matches bottom. { a } { a } { b } { b } { b } { a } { a } ∅ ω ∅ ∅ 2. Every trace is finite and starts with a block or is empty . 3. For every non-empty trace, the trace obtained by removing the first block also exists. Martin Zimmermann Saarland University Logics for Hyperproperties 20/40

  31. Undecidability { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω 1. There is a (solution) trace where top { a } { b } { b } { b } { a } { a } ∅ ω ∅ ∅ ∅ matches bottom. { a } { a } { b } { b } { b } { a } { a } ∅ ω ∅ ∅ 2. Every trace is finite and starts with a block or is empty . 3. For every non-empty trace, the trace obtained by removing the first block also exists. Martin Zimmermann Saarland University Logics for Hyperproperties 20/40

  32. Undecidability { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω 1. There is a (solution) trace where top { a } { b } { b } { b } { a } { a } ∅ ω ∅ ∅ ∅ matches bottom. { a } { a } { b } { b } { b } { a } { a } ∅ ω ∅ ∅ 2. Every trace is finite and starts with a block or is empty . 3. For every non-empty trace, the trace obtained by removing the first block also exists. Martin Zimmermann Saarland University Logics for Hyperproperties 20/40

  33. Undecidability { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω 1. There is a (solution) trace where top { a } { b } { b } { b } { a } { a } ∅ ω ∅ ∅ ∅ matches bottom. { a } { a } { b } { b } { b } { a } { a } ∅ ω ∅ ∅ 2. Every trace is finite and starts with a ∅ ω { b } { b } { a } { a } ∅ ∅ ∅ ∅ ∅ block or is empty . { b } { b } { b } { a } { a } ∅ ω ∅ ∅ ∅ ∅ 3. For every non-empty trace, the trace obtained by removing the first block also exists. Martin Zimmermann Saarland University Logics for Hyperproperties 20/40

  34. Undecidability { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω 1. There is a (solution) trace where top { a } { b } { b } { b } { a } { a } ∅ ω ∅ ∅ ∅ matches bottom. { a } { a } { b } { b } { b } { a } { a } ∅ ω ∅ ∅ 2. Every trace is finite and starts with a ∅ ω { b } { b } { a } { a } ∅ ∅ ∅ ∅ ∅ block or is empty . { b } { b } { b } { a } { a } ∅ ω ∅ ∅ ∅ ∅ 3. For every non-empty trace, the trace obtained by removing the first block also exists. Martin Zimmermann Saarland University Logics for Hyperproperties 20/40

  35. Undecidability { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω 1. There is a (solution) trace where top { a } { b } { b } { b } { a } { a } ∅ ω ∅ ∅ ∅ matches bottom. { a } { a } { b } { b } { b } { a } { a } ∅ ω ∅ ∅ 2. Every trace is finite and starts with a ∅ ω { b } { b } { a } { a } ∅ ∅ ∅ ∅ ∅ block or is empty . { b } { b } { b } { a } { a } ∅ ω ∅ ∅ ∅ ∅ 3. For every non-empty trace, the trace obtained by removing the first block also exists. Martin Zimmermann Saarland University Logics for Hyperproperties 20/40

  36. Undecidability { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω 1. There is a (solution) trace where top { a } { b } { b } { b } { a } { a } ∅ ω ∅ ∅ ∅ matches bottom. { a } { a } { b } { b } { b } { a } { a } ∅ ω ∅ ∅ 2. Every trace is finite and starts with a ∅ ω { b } { b } { a } { a } ∅ ∅ ∅ ∅ ∅ block or is empty . { b } { b } { b } { a } { a } ∅ ω ∅ ∅ ∅ ∅ 3. For every non-empty trace, the trace { a } ∅ ω ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ obtained by { b } { a } { a } ∅ ω ∅ ∅ ∅ ∅ ∅ ∅ removing the first block also exists. Martin Zimmermann Saarland University Logics for Hyperproperties 20/40

  37. Undecidability { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω 1. There is a (solution) trace where top { a } { b } { b } { b } { a } { a } ∅ ω ∅ ∅ ∅ matches bottom. { a } { a } { b } { b } { b } { a } { a } ∅ ω ∅ ∅ 2. Every trace is finite and starts with a ∅ ω { b } { b } { a } { a } ∅ ∅ ∅ ∅ ∅ block or is empty . { b } { b } { b } { a } { a } ∅ ω ∅ ∅ ∅ ∅ 3. For every non-empty trace, the trace { a } ∅ ω ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ obtained by { b } { a } { a } ∅ ω ∅ ∅ ∅ ∅ ∅ ∅ removing the first block also exists. Martin Zimmermann Saarland University Logics for Hyperproperties 20/40

  38. Undecidability { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω { b } { b } { a } { a } { b } { b } { b } { a } { a } ∅ ω 1. There is a (solution) trace where top { a } { b } { b } { b } { a } { a } ∅ ω ∅ ∅ ∅ matches bottom. { a } { a } { b } { b } { b } { a } { a } ∅ ω ∅ ∅ 2. Every trace is finite and starts with a ∅ ω { b } { b } { a } { a } ∅ ∅ ∅ ∅ ∅ block or is empty . { b } { b } { b } { a } { a } ∅ ω ∅ ∅ ∅ ∅ 3. For every non-empty trace, the trace { a } ∅ ω ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ obtained by { b } { a } { a } ∅ ω ∅ ∅ ∅ ∅ ∅ ∅ removing the first block also exists. ∅ ω ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ ω ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ Martin Zimmermann Saarland University Logics for Hyperproperties 20/40

  39. Decidability Theorem ∃ ∗ -HyperLTL satisfiability is PSpace -complete. Martin Zimmermann Saarland University Logics for Hyperproperties 21/40

  40. Decidability Theorem ∃ ∗ -HyperLTL satisfiability is PSpace -complete. Proof: Membership: Consider ϕ = ∃ π 0 . . . ∃ π k . ψ . Obtain ψ ′ from ψ by replacing each a π j by a fresh proposition a j . Then: ϕ and the LTL formula ψ ′ are equi-satisfiable. Hardness: trivial reduction from LTL satisfiability Martin Zimmermann Saarland University Logics for Hyperproperties 21/40

  41. Decidability Theorem ∀ ∗ -HyperLTL satisfiability is PSpace -complete. Martin Zimmermann Saarland University Logics for Hyperproperties 22/40

  42. Decidability Theorem ∀ ∗ -HyperLTL satisfiability is PSpace -complete. Proof: Membership: Consider ϕ = ∀ π 0 . . . ∀ π k . ψ . Obtain ψ ′ from ψ by replacing each a π j by a . Then: ϕ and the LTL formula ψ ′ are equi-satisfiable. Hardness: trivial reduction from LTL satisfiability Martin Zimmermann Saarland University Logics for Hyperproperties 22/40

  43. Decidability Theorem ∃ ∗ ∀ ∗ -HyperLTL satisfiability is ExpSpace -complete. Martin Zimmermann Saarland University Logics for Hyperproperties 23/40

  44. Decidability Theorem ∃ ∗ ∀ ∗ -HyperLTL satisfiability is ExpSpace -complete. Proof: Membership: Consider ϕ = ∃ π 0 . . . ∃ π k . ∀ π ′ 0 . . . ∀ π ′ ℓ . ψ . Let k k ϕ ′ = ∃ π 0 . . . ∃ π k � � · · · ψ j 0 ,..., j ℓ j 0 = 0 j ℓ = 0 where ψ j 0 ,..., j ℓ is obtained from ψ by replacing each occurrence of π ′ i by π j i . Then: ϕ and ϕ ′ are equi-satisfiable. Hardness: encoding of exponential-space Turing machines. Martin Zimmermann Saarland University Logics for Hyperproperties 23/40

  45. Further Results HyperLTL implication checking: given ϕ and ϕ ′ , does, for every T , = ϕ ′ ? T | = ϕ imply T | Lemma ϕ does not imply ϕ ′ iff ( ϕ ∧ ¬ ϕ ′ ) is satisfiable. Martin Zimmermann Saarland University Logics for Hyperproperties 24/40

  46. Further Results HyperLTL implication checking: given ϕ and ϕ ′ , does, for every T , = ϕ ′ ? T | = ϕ imply T | Lemma ϕ does not imply ϕ ′ iff ( ϕ ∧ ¬ ϕ ′ ) is satisfiable. Corollary Implication checking for alternation-free HyperLTL formulas is ExpSpace -complete. Tool EAHyper : satisfiability, implication, and equivalence checking for HyperLTL Martin Zimmermann Saarland University Logics for Hyperproperties 24/40

  47. References Bernd Finkbeiner and Christopher Hahn. Deciding Hyperproperties. In Proceedings of CONCUR 2016 . Bernd Finkbeiner, Christopher Hahn, and Marvin Stenger. EAHyper: Satisfiability, Implication, and Equivalence Checking of Hyperproperties. In Proceedings of CAV 2017 . Martin Zimmermann Saarland University Logics for Hyperproperties 25/40

  48. Outline 1. HyperLTL 2. The Models Of HyperLTL 3. HyperLTL Satisfiability 4. HyperLTL Model-checking 5. The First-order Logic of Hyperproperties 6. Conclusion Martin Zimmermann Saarland University Logics for Hyperproperties 26/40

  49. Model-Checking The HyperLTL model-checking problem: Given a transition system S and ϕ , does Traces ( S ) | = ϕ ? Theorem The HyperLTL model-checking problem is decidable. Martin Zimmermann Saarland University Logics for Hyperproperties 27/40

  50. Model-Checking Proof: Consider ϕ = ∃ π 1 . ∀ π 2 . . . . ∃ π k − 1 . ∀ π k . ψ . Rewrite as ∃ π 1 . ¬∃ π 2 . ¬ . . . ∃ π k − 1 . ¬∃ π k . ¬ ψ . Martin Zimmermann Saarland University Logics for Hyperproperties 28/40

  51. Model-Checking Proof: Consider ϕ = ∃ π 1 . ∀ π 2 . . . . ∃ π k − 1 . ∀ π k . ψ . Rewrite as ∃ π 1 . ¬∃ π 2 . ¬ . . . ∃ π k − 1 . ¬∃ π k . ¬ ψ . By induction over quantifier prefix construct non-determinstic Büchi automaton A with L ( A ) � = ∅ iff Traces ( S ) | = ϕ . Induction start: build automaton for LTL formula obtained from ¬ ψ by replacing a π j by a j . For ∃ π j θ restrict automaton for θ in dimension j to traces of S . For ¬ θ complement automaton for θ . Martin Zimmermann Saarland University Logics for Hyperproperties 28/40

  52. Model-Checking Proof: Consider ϕ = ∃ π 1 . ∀ π 2 . . . . ∃ π k − 1 . ∀ π k . ψ . Rewrite as ∃ π 1 . ¬∃ π 2 . ¬ . . . ∃ π k − 1 . ¬∃ π k . ¬ ψ . By induction over quantifier prefix construct non-determinstic Büchi automaton A with L ( A ) � = ∅ iff Traces ( S ) | = ϕ . Induction start: build automaton for LTL formula obtained from ¬ ψ by replacing a π j by a j . For ∃ π j θ restrict automaton for θ in dimension j to traces of S . For ¬ θ complement automaton for θ . ⇒ Non-elementary complexity, but alternation-free fragments are as hard as LTL. Martin Zimmermann Saarland University Logics for Hyperproperties 28/40

  53. References Bernd Finkbeiner, Markus N. Rabe, and César Sánchez. Algorithms for Model Checking HyperLTL and HyperCTL ∗ . In Proceedings of CAV 2015 . Martin Zimmermann Saarland University Logics for Hyperproperties 29/40

  54. Outline 1. HyperLTL 2. The Models Of HyperLTL 3. HyperLTL Satisfiability 4. HyperLTL Model-checking 5. The First-order Logic of Hyperproperties 6. Conclusion Martin Zimmermann Saarland University Logics for Hyperproperties 30/40

  55. First-order Logic vs. LTL FO [ < ] : first-order order logic over signature { < } ∪ { P a | a ∈ AP } over structures with universe N . Theorem (Kamp ’68, Gabbay et al. ’80) LTL and FO [ < ] are expressively equivalent. Martin Zimmermann Saarland University Logics for Hyperproperties 31/40

  56. First-order Logic vs. LTL FO [ < ] : first-order order logic over signature { < } ∪ { P a | a ∈ AP } over structures with universe N . Theorem (Kamp ’68, Gabbay et al. ’80) LTL and FO [ < ] are expressively equivalent. Example ∀ x ( P q ( x ) ∧ ¬ P p ( x )) → ∃ y ( x < y ∧ P p ( y )) and G ( q → F p ) are equivalent. Martin Zimmermann Saarland University Logics for Hyperproperties 31/40

  57. First-order Logic for Hyperproperties N · · · < Martin Zimmermann Saarland University Logics for Hyperproperties 32/40

  58. First-order Logic for Hyperproperties N · · · < · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · T · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Martin Zimmermann Saarland University Logics for Hyperproperties 32/40

  59. First-order Logic for Hyperproperties N · · · < · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · E T · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Martin Zimmermann Saarland University Logics for Hyperproperties 32/40

  60. First-order Logic for Hyperproperties N · · · < · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · E T · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FO [ <, E ] : first-order logic with equality over the signature { <, E } ∪ { P a | a ∈ AP } over structures with universe T × N . Example ∀ x ∀ x ′ E ( x , x ′ ) → ( P on ( x ) ↔ P on ( x ′ )) Martin Zimmermann Saarland University Logics for Hyperproperties 32/40

  61. First-order Logic for Hyperproperties N · · · < · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · E T · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FO [ <, E ] : first-order logic with equality over the signature { <, E } ∪ { P a | a ∈ AP } over structures with universe T × N . Proposition For every HyperLTL sentence there is an equivalent FO [ <, E ] sentence. Martin Zimmermann Saarland University Logics for Hyperproperties 32/40

  62. A Setback Let ϕ be the following property of sets T ⊆ ( 2 { p } ) ω : There is an n such that p / ∈ t ( n ) for every t ∈ T . Theorem (Bozzelli et al. ’15) ϕ is not expressible in HyperLTL. Martin Zimmermann Saarland University Logics for Hyperproperties 33/40

  63. A Setback Let ϕ be the following property of sets T ⊆ ( 2 { p } ) ω : There is an n such that p / ∈ t ( n ) for every t ∈ T . Theorem (Bozzelli et al. ’15) ϕ is not expressible in HyperLTL. But, ϕ is easily expressible in FO [ <, E ] : ∃ x ∀ y E ( x , y ) → ¬ P p ( y ) Corollary FO [ <, E ] strictly subsumes HyperLTL. Martin Zimmermann Saarland University Logics for Hyperproperties 33/40

  64. HyperFO ∃ M x and ∀ M x : quantifiers restricted to initial positions. ∃ G y ≥ x and ∀ G y ≥ x : if x is initial, then quantifiers restricted to positions on the same trace as x . Martin Zimmermann Saarland University Logics for Hyperproperties 34/40

  65. HyperFO ∃ M x and ∀ M x : quantifiers restricted to initial positions. ∃ G y ≥ x and ∀ G y ≥ x : if x is initial, then quantifiers restricted to positions on the same trace as x . HyperFO: sentences of the form ϕ = Q M 1 x 1 . · · · Q M k x k . Q G 1 y 1 ≥ x g 1 . · · · Q G ℓ y ℓ ≥ x g ℓ . ψ Q ∈ {∃ , ∀} , { x 1 , . . . , x k } and { y 1 , . . . , y ℓ } are disjoint, every guard x g j is in { x 1 , . . . , x k } , and ψ is quantifier-free over signature { <, E } ∪ { P a | a ∈ AP } with free variables in { y 1 , . . . , y ℓ } . Martin Zimmermann Saarland University Logics for Hyperproperties 34/40

  66. Equivalence Theorem HyperLTL and HyperFO are equally expressive. Martin Zimmermann Saarland University Logics for Hyperproperties 35/40

  67. Equivalence Theorem HyperLTL and HyperFO are equally expressive. Proof From HyperLTL to HyperFO: structural induction. From HyperFO to HyperLTL: reduction to Kamp’s theorem. Martin Zimmermann Saarland University Logics for Hyperproperties 35/40

  68. From HyperFO to HyperLTL ∀ x ∀ x ′ E ( x , x ′ ) → ( P on ( x ) ↔ P on ( x ′ )) Martin Zimmermann Saarland University Logics for Hyperproperties 36/40

  69. From HyperFO to HyperLTL ∀ x ∀ x ′ E ( x , x ′ ) → ( P on ( x ) ↔ P on ( x ′ )) ∀ M x 1 ∀ M x 2 ∀ G y 1 ≥ x 1 ∀ G y 2 ≥ x 2 E ( y 1 , y 2 ) → ( P on ( y 1 ) ↔ P on ( y 2 )) Martin Zimmermann Saarland University Logics for Hyperproperties 36/40

  70. From HyperFO to HyperLTL ∀ x ∀ x ′ E ( x , x ′ ) → ( P on ( x ) ↔ P on ( x ′ )) ∀ M x 1 ∀ M x 2 ∀ G y 1 ≥ x 1 ∀ G y 2 ≥ x 2 E ( y 1 , y 2 ) → ( P on ( y 1 ) ↔ P on ( y 2 )) x 1 �→ { on } { on } { on } · · · ∅ x 2 �→ { on } { on } · · · ∅ ∅ Martin Zimmermann Saarland University Logics for Hyperproperties 36/40

  71. From HyperFO to HyperLTL ∀ x ∀ x ′ E ( x , x ′ ) → ( P on ( x ) ↔ P on ( x ′ )) ∀ G y 1 ≥ x 1 ∀ G y 2 ≥ x 2 E ( y 1 , y 2 ) → ( P on ( y 1 ) ↔ P on ( y 2 )) x 1 �→ { on } { on } { on } · · · ∅ x 2 �→ { on } { on } · · · ∅ ∅ Martin Zimmermann Saarland University Logics for Hyperproperties 36/40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Linear Temporal Logic for Hyperproperties (HyperLTL) Course: Specification and Verification of

Linear Temporal Logic for Hyperproperties (HyperLTL) Course: Specification and Verification of

Linear Temporal Logic for Hyperproperties (HyperLTL) Course: Specification and Verification of Parallel Systems 29 November 2019 Presented by: Elahe Fazeldehkordi 1 Hyperproperties Trace: a sequence of states System: is modeled by

546 views • 13 slides
Hyperproperties Hypersafety Hyperliveness Presenter: Priyanka Mondal October 7, 2017

Hyperproperties Hypersafety Hyperliveness Presenter: Priyanka Mondal October 7, 2017

Hyperproperties Presenter: Priyanka Mondal Correctness Trace property Hyperproperty Hyperproperties Hypersafety Hyperliveness Presenter: Priyanka Mondal October 7, 2017 Hyperproperties Correctness Presenter: Priyanka Mondal

439 views • 15 slides
Team Semantics for the Specification and Verification of Jonni Virtema Hyperproperties

Team Semantics for the Specification and Verification of Jonni Virtema Hyperproperties

Team Semantics for the Specification and Verification of Hyperproperties Team Semantics for the Specification and Verification of Jonni Virtema Hyperproperties Movativation &amp; History Hyperproperties &amp; HyperLTL Jonni Virtema

550 views • 31 slides
Verifying Hyperproperties of Hardware Systems Bernd Finkbeiner Markus N. Rabe Saarland

Verifying Hyperproperties of Hardware Systems Bernd Finkbeiner Markus N. Rabe Saarland

Verifying Hyperproperties of Hardware Systems Bernd Finkbeiner Markus N. Rabe Saarland University UC Berkeley based on joint work with Michael R. Clarkson, Christopher Hahn, Masoud Koleini, Kristopher K. Micinski, and Csar Snchez

1.33k views • 93 slides
Description Logics Description Logics and Logics Enrico Franconi franconi@cs.man.ac.uk

Description Logics Description Logics and Logics Enrico Franconi franconi@cs.man.ac.uk

Description Logics Description Logics and Logics Enrico Franconi franconi@cs.man.ac.uk http://www.cs.man.ac.uk/franconi Department of Computer Science, University of Manchester (1/9) Tense Logic: (point ontology) Tense logic is a

380 views • 9 slides
HyperPCTL: A Temporal Logic for Probabilistic Hyperproperties Erika am 1 Borzoo Bonakdarpour 2

HyperPCTL: A Temporal Logic for Probabilistic Hyperproperties Erika am 1 Borzoo Bonakdarpour 2

Motivation HyperPCTL Syntax and Semantics HyperPCTL in Action HyperPCTL Model Checking Conclusion HyperPCTL: A Temporal Logic for Probabilistic Hyperproperties Erika am 1 Borzoo Bonakdarpour 2 Abrah RWTH Aachen, Germany 1 Iowa State

721 views • 71 slides
Logics in general Logics are formal languages for represen)ng

Logics in general Logics are formal languages for represen)ng

Introduc)on to Ar)ficial Intelligence Lecture 8 Logical reasoning CS/CNS/EE 154 Andreas Krause TexPoint fonts used in EMF. Logics in general

755 views • 53 slides
Fuzzy logics among substructural logics Libor B ehounek and Petr H ajek Institute of

Fuzzy logics among substructural logics Libor B ehounek and Petr H ajek Institute of

2nd School on Universal Logic Xian 2007 Fuzzy logics among substructural logics Libor B ehounek and Petr H ajek Institute of Computer Science Academy of Sciences of the Czech Republic Contents Substructural logics and residuated

1.42k views • 108 slides
Contents 1. Introduction 2. (Un)decidability on modal MTL logics Reducing to PCP The Global

Contents 1. Introduction 2. (Un)decidability on modal MTL logics Reducing to PCP The Global

Introduction (Un)decidability on modal MTL logics Undecidability of some modal MTL logics (formerly product logics) Amanda Vidal Institute of Computer Science, Czech Academy of Sciences September 6, 2016 1 / 19 Introduction (Un)decidability

705 views • 68 slides
Non-classical logics Lecture 18: Description Logics (Part 2) Viorica Sofronie-Stokkermans

Non-classical logics Lecture 18: Description Logics (Part 2) Viorica Sofronie-Stokkermans

Non-classical logics Lecture 18: Description Logics (Part 2) Viorica Sofronie-Stokkermans sofronie@uni-koblenz.de 1 Until now Description logics ALC : Syntax, Semantics Knowledge Base (KB): TBOX, ABOX Reasoning problems; reduction to concept

650 views • 28 slides
Description Logics Propositional Description Logics Enrico Franconi franconi@cs.man.ac.uk

Description Logics Propositional Description Logics Enrico Franconi franconi@cs.man.ac.uk

Description Logics Propositional Description Logics Enrico Franconi franconi@cs.man.ac.uk http://www.cs.man.ac.uk/franconi Department of Computer Science, University of Manchester (1/59) Summary: where we stand Description Logics as a

866 views • 61 slides
Description Logics Structural Description Logics Enrico Franconi franconi@cs.man.ac.uk

Description Logics Structural Description Logics Enrico Franconi franconi@cs.man.ac.uk

Description Logics Structural Description Logics Enrico Franconi franconi@cs.man.ac.uk http://www.cs.man.ac.uk/franconi Department of Computer Science, University of Manchester (1/34) Description Logics A logical reconstruction and

764 views • 41 slides
On logics of formal inconsistency and fuzzy logics . Esteva 2 and L. Godo 2 M Coniglio 1 , F 1

On logics of formal inconsistency and fuzzy logics . Esteva 2 and L. Godo 2 M Coniglio 1 , F 1

On logics of formal inconsistency and fuzzy logics . Esteva 2 and L. Godo 2 M Coniglio 1 , F 1 Department of Philosophy Campinas University (Brasil) and 2 Artificial Intelligence Research Institute (IIIA - CSIC) (Spain) Manyval 2013, Prague 4-6

408 views • 24 slides
Objectives Combinational logics Sequential logics Finite state machine

Objectives Combinational logics Sequential logics Finite state machine

Objectives Combinational logics Sequential logics Finite state machine Arithmetic circuits Datapath In the previous chapters we have studied how to develop a specification from a given application, and also discussed

1.07k views • 80 slides
Description Logics: an Introductory Course on a Nice Family of Logics Day 2: Tableau Algorithms

Description Logics: an Introductory Course on a Nice Family of Logics Day 2: Tableau Algorithms

Description Logics: an Introductory Course on a Nice Family of Logics Day 2: Tableau Algorithms Uli Sattler University of 1 Manchester Warm up Which of the following subsumptions hold? r some (A and B) is subsumed by r some A r. ( A

938 views • 52 slides
Logics for D Data and K Knowledge L Representation R First Order Logics (FOL) Originally by

Logics for D Data and K Knowledge L Representation R First Order Logics (FOL) Originally by

Logics for D Data and K Knowledge L Representation R First Order Logics (FOL) Originally by Alessandro Agostini and Fausto Giunchiglia Modified by Fausto Giunchiglia, Rui Zhang and Vincenzo Maltese Outline Introduction Syntax

235 views • 19 slides
Hyper-Resolution AUTOMATED REASONING Hyper-resolution generalises ``bottom- (electron) up

Hyper-Resolution AUTOMATED REASONING Hyper-resolution generalises ``bottom- (electron) up

8ai Hyper-Resolution AUTOMATED REASONING Hyper-resolution generalises ``bottom- (electron) up reasoning and combines several Px Qx Rx Qa C SLIDES 8: resolution steps into one big step. (nucleus) Hyper-resolution is the

372 views • 8 slides
Perceptual Asymmetries in Learning Vowel Nasalization Kim Strtjen, Ruben van de Vijver, Dinah

Perceptual Asymmetries in Learning Vowel Nasalization Kim Strtjen, Ruben van de Vijver, Dinah

Perceptual Asymmetries in Learning Vowel Nasalization Kim Strtjen, Ruben van de Vijver, Dinah Baer-Henney OCP13 Budapest, 15.01.2016 Agenda 1 Learning biases 2 Vowel nasalization 3 Experiment 4 Results 5 Discussion 6 Conclusion 7 References

785 views • 39 slides
2. The Colonial and Early National Period (Beginnings 1830) 2.1 Early European Exploration

2. The Colonial and Early National Period (Beginnings 1830) 2.1 Early European Exploration

2. The Colonial and Early National Period (Beginnings 1830) 2.1 Early European Exploration and Writing 2.2 The Colonial Period (1620-1776) 2.3 The Early National Period (1750-1830) 2.1. Early European Exploration and Writing Before the

1.56k views • 153 slides
From HyPer to Hyper Integrating an academic DBMS into a leading analytics and business

From HyPer to Hyper Integrating an academic DBMS into a leading analytics and business

From HyPer to Hyper Integrating an academic DBMS into a leading analytics and business intelligence platform Tobias Muehlbauer, tmuehlbauer@tableau.com Jan Finis, jfinis@tableau.com The Story of Hyper 2020: Hyper as a general-purpose Database

747 views • 37 slides
Hyper-Cube High-Dimensional Hypervisor Fuzzing Sergej Schumilo, Cornelius Aschermann, Ali Abbasi,

Hyper-Cube High-Dimensional Hypervisor Fuzzing Sergej Schumilo, Cornelius Aschermann, Ali Abbasi,

Hyper-Cube High-Dimensional Hypervisor Fuzzing Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wrner and Thorsten Holz Chair for Systems Security Ruhr-Universitt Bochum Motivation Hypervisor Motivation Hypervisor VM 1 VM 2

688 views • 53 slides
COMPUTING WITH HYPERVECTORS Pentti Kanerva Redwood Center for Theoretical Neuroscience UC

COMPUTING WITH HYPERVECTORS Pentti Kanerva Redwood Center for Theoretical Neuroscience UC

COMPUTING WITH HYPERVECTORS Pentti Kanerva Redwood Center for Theoretical Neuroscience UC Berkeley What are Hypervectors? . High-dimensional, e.g., vectors of 10,000 - bits or - integers or - reals or - complex numbers (phase angles) .

814 views • 22 slides
Scalable Hyperparameter Transfer learning Valerio Perrone , Rodolphe Jenatton , C edric

Scalable Hyperparameter Transfer learning Valerio Perrone , Rodolphe Jenatton , C edric

Scalable Hyperparameter Transfer learning Valerio Perrone , Rodolphe Jenatton , C edric Archambeau , Matthias Seeger AWS AI /Amazon Research , Berlin Co-authors R. Jenatton C. Archambeau M. Seeger Most of the material

690 views • 51 slides
PDE-Constrained Optimization Using Hyper-Reduced Models Matthew J. Zahr and Charbel Farhat

PDE-Constrained Optimization Using Hyper-Reduced Models Matthew J. Zahr and Charbel Farhat

PDE-Constrained Optimization HROM-Constrained Optimization Numerical Experiment PDE-Constrained Optimization Using Hyper-Reduced Models Matthew J. Zahr and Charbel Farhat Institute for Computational and Mathematical Engineering Farhat

389 views • 26 slides

More recommend