the first order logic of hyperproperties
play

The First-Order Logic of Hyperproperties Joint work with Bernd - PowerPoint PPT Presentation

Nov 30, 2023 •133 likes •801 views

The First-Order Logic of Hyperproperties Joint work with Bernd Finkbeiner (Saarland University) Martin Zimmermann Saarland University March, 3rd 2017 RWTH Aachen University, Aachen, Germany Martin Zimmermann Saarland University The

  1. The First-Order Logic of Hyperproperties Joint work with Bernd Finkbeiner (Saarland University) Martin Zimmermann Saarland University March, 3rd 2017 RWTH Aachen University, Aachen, Germany Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 1/19

  2. Hyperproperties I secret O secret S I public O public Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 2/19

  3. Hyperproperties I secret O secret S I public O public The system S is input-deterministic: for all traces t , t ′ of S t = I t ′ t = O t ′ implies Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 2/19

  4. Hyperproperties I secret O secret S I public O public The system S is input-deterministic: for all traces t , t ′ of S t = I t ′ t = O t ′ implies Noninterference: for all traces t , t ′ of S t = I public t ′ t = O public t ′ implies Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 2/19

  5. Hyperproperties Both properties are not trace properties, but hyperproperties, i.e., sets of sets of traces. A system S satisfies a hyperproperty H , if Traces ( S ) ∈ H . Many information flow properties can be expressed as hyperproperties. Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 3/19

  6. Hyperproperties Both properties are not trace properties, but hyperproperties, i.e., sets of sets of traces. A system S satisfies a hyperproperty H , if Traces ( S ) ∈ H . Many information flow properties can be expressed as hyperproperties. Specification languages for hyperproperties [Clarkson et al. ’14] HyperLTL: Extend LTL by trace quantifiers. HyperCTL ∗ : Extend CTL ∗ by trace quantifiers. Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 3/19

  7. HyperLTL HyperLTL = LTL + ψ ::= a | ¬ ψ | ψ ∨ ψ | X ψ | ψ U ψ where a ∈ AP (atomic propositions) Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 4/19

  8. HyperLTL HyperLTL = LTL + trace quantification ϕ ::= ∃ π. ϕ | ∀ π. ϕ | ψ ψ ::= a π | ¬ ψ | ψ ∨ ψ | X ψ | ψ U ψ where a ∈ AP (atomic propositions) and π ∈ V (trace variables). Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 4/19

  9. HyperLTL HyperLTL = LTL + trace quantification ϕ ::= ∃ π. ϕ | ∀ π. ϕ | ψ ψ ::= a π | ¬ ψ | ψ ∨ ψ | X ψ | ψ U ψ where a ∈ AP (atomic propositions) and π ∈ V (trace variables). Shortcuts as usual: G ψ = ¬ F ¬ ψ F ψ = true U ψ Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 4/19

  10. Semantics ϕ = ∀ π. ∀ π ′ . G ( on π ↔ on π ′ ) T ⊆ (2 AP ) ω is a model of ϕ iff Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 5/19

  11. Semantics ϕ = ∀ π. ∀ π ′ . G ( on π ↔ on π ′ ) T ⊆ (2 AP ) ω is a model of ϕ iff = ∀ π. ∀ π ′ . G ( on π ↔ on π ′ ) {} | Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 5/19

  12. Semantics ϕ = ∀ π. ∀ π ′ . G ( on π ↔ on π ′ ) T ⊆ (2 AP ) ω is a model of ϕ iff = ∀ π. ∀ π ′ . G ( on π ↔ on π ′ ) {} | = ∀ π ′ . G ( on π ↔ on π ′ ) { π �→ t } | for all t ∈ T Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 5/19

  13. Semantics ϕ = ∀ π. ∀ π ′ . G ( on π ↔ on π ′ ) T ⊆ (2 AP ) ω is a model of ϕ iff = ∀ π. ∀ π ′ . G ( on π ↔ on π ′ ) {} | = ∀ π ′ . G ( on π ↔ on π ′ ) { π �→ t } | for all t ∈ T { π �→ t , π ′ �→ t ′ } | for all t ′ ∈ T = G ( on π ↔ on π ′ ) Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 5/19

  14. Semantics ϕ = ∀ π. ∀ π ′ . G ( on π ↔ on π ′ ) T ⊆ (2 AP ) ω is a model of ϕ iff = ∀ π. ∀ π ′ . G ( on π ↔ on π ′ ) {} | = ∀ π ′ . G ( on π ↔ on π ′ ) { π �→ t } | for all t ∈ T { π �→ t , π ′ �→ t ′ } | for all t ′ ∈ T = G ( on π ↔ on π ′ ) { π �→ t [ n , ∞ ) , π ′ �→ t ′ [ n , ∞ ) } | = on π ↔ on π ′ for all n ∈ N Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 5/19

  15. Semantics ϕ = ∀ π. ∀ π ′ . G ( on π ↔ on π ′ ) T ⊆ (2 AP ) ω is a model of ϕ iff = ∀ π. ∀ π ′ . G ( on π ↔ on π ′ ) {} | = ∀ π ′ . G ( on π ↔ on π ′ ) { π �→ t } | for all t ∈ T { π �→ t , π ′ �→ t ′ } | for all t ′ ∈ T = G ( on π ↔ on π ′ ) { π �→ t [ n , ∞ ) , π ′ �→ t ′ [ n , ∞ ) } | = on π ↔ on π ′ for all n ∈ N on ∈ t ( n ) ⇔ on ∈ t ′ ( n ) Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 5/19

  16. LTL vs. HyperLTL LTL has many desirable properties. 1. Every satisfiable LTL formula is satisfied by an ultimately periodic trace, i.e., by a finite and finitely-represented model. 2. LTL and FO[ < ] are expressively equivalent. 3. LTL satisfiability and model-checking are PSpace -complete. Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 6/19

  17. LTL vs. HyperLTL LTL has many desirable properties. 1. Every satisfiable LTL formula is satisfied by an ultimately periodic trace, i.e., by a finite and finitely-represented model. 2. LTL and FO[ < ] are expressively equivalent. 3. LTL satisfiability and model-checking are PSpace -complete. Only partial results for HyperLTL. 3a. HyperLTL satisfiability [F. & Hahn ’16] : alternation-free: PSpace -complete ∃ ∗ ∀ ∗ : ExpSpace -complete ∀ ∗ ∃ ∗ : undecidable 3b. HyperLTL model-checking is decidable [F. et al. ’15] . Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 6/19

  18. The Models of HyperLTL Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 7/19

  19. What about Finite Models? Fix AP = { a } and consider the conjunction ϕ of ∀ π. ( ¬ a π ) U ( a π ∧ X G ¬ a π ) Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 8/19

  20. What about Finite Models? Fix AP = { a } and consider the conjunction ϕ of ∀ π. ( ¬ a π ) U ( a π ∧ X G ¬ a π ) ∃ π. a π Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 8/19

  21. What about Finite Models? Fix AP = { a } and consider the conjunction ϕ of ∀ π. ( ¬ a π ) U ( a π ∧ X G ¬ a π ) ∃ π. a π { a } ∅ ∅ ∅ ∅ ∅ ∅ ∅ · · · Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 8/19

  22. What about Finite Models? Fix AP = { a } and consider the conjunction ϕ of ∀ π. ( ¬ a π ) U ( a π ∧ X G ¬ a π ) ∃ π. a π ∀ π. ∃ π ′ . F ( a π ∧ X a π ′ ) { a } ∅ ∅ ∅ ∅ ∅ ∅ ∅ · · · Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 8/19

  23. What about Finite Models? Fix AP = { a } and consider the conjunction ϕ of ∀ π. ( ¬ a π ) U ( a π ∧ X G ¬ a π ) ∃ π. a π ∀ π. ∃ π ′ . F ( a π ∧ X a π ′ ) { a } ∅ ∅ ∅ ∅ ∅ ∅ ∅ · · · ∅ { a } ∅ ∅ ∅ ∅ ∅ ∅ · · · Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 8/19

  24. What about Finite Models? Fix AP = { a } and consider the conjunction ϕ of ∀ π. ( ¬ a π ) U ( a π ∧ X G ¬ a π ) ∃ π. a π ∀ π. ∃ π ′ . F ( a π ∧ X a π ′ ) { a } ∅ ∅ ∅ ∅ ∅ ∅ ∅ · · · ∅ { a } ∅ ∅ ∅ ∅ ∅ ∅ · · · ∅ ∅ { a } ∅ ∅ ∅ ∅ ∅ · · · . . . . . . . . . . . . . . . . . . . . . . . . The unique model of ϕ is {∅ n { a } ∅ ω | n ∈ N } . Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 8/19

  25. What about Finite Models? Fix AP = { a } and consider the conjunction ϕ of ∀ π. ( ¬ a π ) U ( a π ∧ X G ¬ a π ) ∃ π. a π ∀ π. ∃ π ′ . F ( a π ∧ X a π ′ ) { a } ∅ ∅ ∅ ∅ ∅ ∅ ∅ · · · ∅ { a } ∅ ∅ ∅ ∅ ∅ ∅ · · · ∅ ∅ { a } ∅ ∅ ∅ ∅ ∅ · · · . . . . . . . . . . . . . . . . . . . . . . . . The unique model of ϕ is {∅ n { a } ∅ ω | n ∈ N } . Theorem There is a satisfiable HyperLTL sentence that is not satisfied by any finite set of traces. Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 8/19

  26. What about Countable Models? Theorem Every satisfiable HyperLTL sentence has a countable model. Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 9/19

  27. What about Countable Models? Theorem Every satisfiable HyperLTL sentence has a countable model. Proof W.l.o.g. ϕ = ∀ π 0 . ∃ π ′ 0 . · · · ∀ π k . ∃ π ′ k . ψ with quantifier-free ψ . Fix a Skolem function f j for every existentially quantified π ′ j . Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 9/19

  28. What about Countable Models? Theorem Every satisfiable HyperLTL sentence has a countable model. Proof W.l.o.g. ϕ = ∀ π 0 . ∃ π ′ 0 . · · · ∀ π k . ∃ π ′ k . ψ with quantifier-free ψ . Fix a Skolem function f j for every existentially quantified π ′ j . t Martin Zimmermann Saarland University The First-Order Logic of Hyperproperties 9/19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Linear Temporal Logic for Hyperproperties (HyperLTL) Course: Specification and Verification of

Linear Temporal Logic for Hyperproperties (HyperLTL) Course: Specification and Verification of

Linear Temporal Logic for Hyperproperties (HyperLTL) Course: Specification and Verification of Parallel Systems 29 November 2019 Presented by: Elahe Fazeldehkordi 1 Hyperproperties Trace: a sequence of states System: is modeled by

546 views • 13 slides
The First-order Logic of Hyperproperties Joint work with Bernd Finkbeiner (Saarland University)

The First-order Logic of Hyperproperties Joint work with Bernd Finkbeiner (Saarland University)

The First-order Logic of Hyperproperties Joint work with Bernd Finkbeiner (Saarland University) Martin Zimmermann Saarland University September, 13th 2017 Highlights Conference, London, UK Martin Zimmermann Saarland University The

495 views • 27 slides
HyperPCTL: A Temporal Logic for Probabilistic Hyperproperties Erika am 1 Borzoo Bonakdarpour 2

HyperPCTL: A Temporal Logic for Probabilistic Hyperproperties Erika am 1 Borzoo Bonakdarpour 2

Motivation HyperPCTL Syntax and Semantics HyperPCTL in Action HyperPCTL Model Checking Conclusion HyperPCTL: A Temporal Logic for Probabilistic Hyperproperties Erika am 1 Borzoo Bonakdarpour 2 Abrah RWTH Aachen, Germany 1 Iowa State

721 views • 71 slides
Logic as a Tool Chapter 3: Understanding First-order Logic 3.2 Semantics of first-order logic

Logic as a Tool Chapter 3: Understanding First-order Logic 3.2 Semantics of first-order logic

Logic as a Tool Chapter 3: Understanding First-order Logic 3.2 Semantics of first-order logic Valentin Goranko Stockholm University October 2016 Goranko Translation from first-order logic to natural language: examples in the structure of real

994 views • 20 slides
First-order logic Whereas propositional logic assumes world contains facts , first-order logic

First-order logic Whereas propositional logic assumes world contains facts , first-order logic

First-order logic Whereas propositional logic assumes world contains facts , first-order logic (like natural language) assumes the world contains First-order logic Objects: people, houses, numbers, theories, Ronald McDonald, colors, baseball

245 views • 6 slides
Using first order logic (Ch. 8-9) Review: First order logic In first order logic, we have objects

Using first order logic (Ch. 8-9) Review: First order logic In first order logic, we have objects

Using first order logic (Ch. 8-9) Review: First order logic In first order logic, we have objects and relations between objects The relations are basically a list of all valid tuples that satisfy the relation We can also have variables that

382 views • 24 slides
Using first order logic (Ch. 8-9) Review: First order logic In first order logic, we have objects

Using first order logic (Ch. 8-9) Review: First order logic In first order logic, we have objects

Using first order logic (Ch. 8-9) Review: First order logic In first order logic, we have objects and relations between objects The relations are basically a list of all valid tuples that satisfy the relation We can also have variables that

451 views • 26 slides
Logic as a Tool Chapter 3: Understanding First-order Logic 3.1 First-order structures and

Logic as a Tool Chapter 3: Understanding First-order Logic 3.1 First-order structures and

Logic as a Tool Chapter 3: Understanding First-order Logic 3.1 First-order structures and languages. Terms and formulae of first-order logic. Valentin Goranko Stockholm University October 2016 Goranko Propositional logic is too weak

188 views • 14 slides
Logic as a Tool Chapter 3: Understanding First-order Logic 3.1 First-order structures and

Logic as a Tool Chapter 3: Understanding First-order Logic 3.1 First-order structures and

Logic as a Tool Chapter 3: Understanding First-order Logic 3.1 First-order structures and languages. Terms and formulae of first-order logic. Valentin Goranko Stockholm University October 2016 Goranko Propositional logic is too weak Goranko

1.69k views • 109 slides
Why higher-order logic? Higher-Order logic Expressive Mathematics Verification

Why higher-order logic? Higher-Order logic Expressive Mathematics Verification

Extending SMT solvers to higher-order logic Haniel Barbosa Andrew Reynolds Daniel El Ouraoui Clark Barrett Cesare Tinelli SMT 2019 20190707, Lisbon, PT To be published in the proceedings of CADE 2019 Why higher-order logic?

569 views • 25 slides
First-Order Logic over Active Domain We consider First-Order Logic (FOL) exactly as used in

First-Order Logic over Active Domain We consider First-Order Logic (FOL) exactly as used in

First-Order Logic over Active Domain We consider First-Order Logic (FOL) exactly as used in relational database queries. This requires to drop functions except for constants. In particuar we assume to have a countably infinite set of constants

542 views • 5 slides
ARTIFICIAL INTELLIGENCE Russell &amp; Norvig Chapter 8. First-Order Logic First-Order Logic

ARTIFICIAL INTELLIGENCE Russell &amp; Norvig Chapter 8. First-Order Logic First-Order Logic

ARTIFICIAL INTELLIGENCE Russell &amp; Norvig Chapter 8. First-Order Logic First-Order Logic First-Order Predicate Logic / Calculus Much more powerful the propositional (Boolean) logic Greater expressive power than propositional

589 views • 20 slides
First-order logic 6 AI Slides (5e) c Lin Zuoquan@PKU 2003-2019 6 1 6 First-Order Logic

First-order logic 6 AI Slides (5e) c Lin Zuoquan@PKU 2003-2019 6 1 6 First-Order Logic

First-order logic 6 AI Slides (5e) c Lin Zuoquan@PKU 2003-2019 6 1 6 First-Order Logic 6.1 First-order logic Syntax Semantics 6.2 Knowledge representation in FOL 6.3 Agents in first-order case AI Slides (5e) c Lin

814 views • 45 slides
Markov Logic Markov Logic Probability First-Order Logic Propositional Logic Markov Logic

Markov Logic Markov Logic Probability First-Order Logic Propositional Logic Markov Logic

Putting the Pieces Together Markov Logic Markov Logic Probability First-Order Logic Propositional Logic Markov Logic Definition A Markov Logic Network (MLN) is a set of A logical KB is a set of hard constraints pairs (F, w) where on

350 views • 6 slides
Logic-based Program Verification Decidability of Propositional and First-Order Logic. First-Order

Logic-based Program Verification Decidability of Propositional and First-Order Logic. First-Order

Logic-based Program Verification Decidability of Propositional and First-Order Logic. First-Order Theories. Theory of Equality M ad alina Era scu Tudor Jebelean Research Institute for Symbolic Computation, Johannes Kepler University,

1.3k views • 92 slides
Outline First-order logic Syntax and semantics Inference First-order Logic

Outline First-order logic Syntax and semantics Inference First-order Logic

Outline First-order logic Syntax and semantics Inference First-order Logic Propositionalization with ground inference Lifted resolution CS 486/686 Sept 25, 2008 University of Waterloo 1 2 CS486/686 Lecture Slides (c)

81 views • 6 slides
WDM-PON Technology: How it can facilitate the last mile Olivier Couderc Market Development

WDM-PON Technology: How it can facilitate the last mile Olivier Couderc Market Development

WDM-PON Technology: How it can facilitate the last mile Olivier Couderc Market Development Leader, France Middle East and Africa TERENA Amsterdam, December 2008 1 Agenda 1. Market trends and requirements Market dynamics Market

338 views • 22 slides
Water and the Sustainable Development Goals: Water Availability, Pollution, and Ecosystem Health

Water and the Sustainable Development Goals: Water Availability, Pollution, and Ecosystem Health

Water and the Sustainable Development Goals: Water Availability, Pollution, and Ecosystem Health as we look toward 2030. Dorothy Boorse Gordon College Introduction: Colorado *80% of popn in East *2/3 of water leaves state *80% of water

780 views • 30 slides
Practice Your Pitch Webinar Rare Across America 2020 July 21, 2020 Welcome During this

Practice Your Pitch Webinar Rare Across America 2020 July 21, 2020 Welcome During this

Practice Your Pitch Webinar Rare Across America 2020 July 21, 2020 Welcome During this webinar, you will: Receive tips and coaching from communications experts that will help you tell your story with impact, and inspire action

429 views • 24 slides
Computational Methods for Systems Biology and Synthetic Biology Franois Fages, Constraint

Computational Methods for Systems Biology and Synthetic Biology Franois Fages, Constraint

Computational Methods for Systems Biology and Synthetic Biology Franois Fages, Constraint Programming Group, INRIA Rocquencourt mailto:Francois.Fages@inria.fr http://contraintes.inria.fr/ 29/07/10 Franois Fages - Ecoles Jeunes

1.26k views • 70 slides
Fiber Networks - Critical Municipal Infrastructure to Support the New Normal

Fiber Networks - Critical Municipal Infrastructure to Support the New Normal

Fiber Networks - Critical Municipal Infrastructure to Support the New Normal Carl.Meyerhoefer@calix.com Carl Meyerhoefer Sr. Director Strategic and Solutions Marketing 1 The Challenge / Opportunity Broadband Availability

574 views • 32 slides
Fixedmobile Convergence: Structural convergence Access technology opUons Dirk Breuer

Fixedmobile Convergence: Structural convergence Access technology opUons Dirk Breuer

Fixedmobile Convergence: Structural convergence Access technology opUons Dirk Breuer Deutsche Telekom Laboratories, Germany Tibor Cinkler Budapest University of Technology and Economics, Hungary Stphane Gosselin Orange R&amp;D, France

200 views • 6 slides
Arbitral Precedent: A Theoretical and Empirical Inquiry W. Mark C. Weidemaier Background

Arbitral Precedent: A Theoretical and Empirical Inquiry W. Mark C. Weidemaier Background

Arbitral Precedent: A Theoretical and Empirical Inquiry W. Mark C. Weidemaier Background Contrasting (stylized) views Ad hoc, lawless Systemic, law-making Core question (Carbonneau): Do modern-day arbitrators

336 views • 10 slides
Power management styles Static power management: does not depend on activity. Example:

Power management styles Static power management: does not depend on activity. Example:

Power management styles Static power management: does not depend on activity. Example: user-activated power-down mode. Dynamic Power Management (DPM): automatic action based on activity. Example: automatically disabling

431 views • 18 slides

More recommend