On the Expressive Power of TeamLTL and First-Order Team Logic over Hyperproperties

Abstract

In this article we study linear temporal logics with team semantics (\(\mathrm {TeamLTL}\)) that are novel logics for defining hyperproperties. We define Kamp-type translations of these logics into fragments of first-order team logic and second-order logic. We also characterize the expressive power and the complexity of model-checking and satisfiability of team logic and second-order logic by relating them to second- and third-order arithmetic. Our results set in a larger context the recent results of Lück showing that the extension of TeamLTL by the Boolean negation is highly undecidable under the so-called synchronous semantics. We also study stutter-invariant fragments of extensions of TeamLTL.

Appendix

Proofs

Proof

(Sketch of the proof of Theorem 1). Let \(T'\subseteq T\) and \(i:T'\rightarrow \mathbb {N}\). We use \(T'\) and i as a means to refer to any team that might be relevant for the evaluation of \(\mathrm {TeamLTL} ^a(\sim )\) formulas when starting the evaluation with T. On the first-order side the corresponding team will be

$$ S^x_{T',i} := \{ s \mid s(x)= (t,i(t)) \text{ and } t \in T' \}. $$

We can now show using simultaneous induction on \(\varphi \) that for all \(T'\subseteq T\), \(i:T'\rightarrow \mathbb {N}\), and \(u\in \{x,y,z\}\)

$$ \{t[i(t),\infty )\mid t\in T'\}\models \varphi \Leftrightarrow \mathcal {M}_T\models _{S^u_{T',i}} ST_u(\varphi ).$$

• Assume \(\varphi = p_i\) and \(T'\subseteq T\), \(i:T'\rightarrow \mathbb {N}\) are arbitrary. Now

  $$\begin{aligned} \{t[i(t),\infty )\mid t\in T'\}\models \varphi\Leftrightarrow & {} p_i \in t(i(t)) \text{ for } \text{ all } t\in T' \\\Leftrightarrow & {} (t,i(t))\in P^{ \mathcal {M}_T}_i \text{ for } \text{ all } t\in T' \\\Leftrightarrow & {} \mathcal {M}_T\models _{S^x_{T',i}} P_i(x)\\\Leftrightarrow & {} \mathcal {M}_T\models _{S^x_{T',i}} ST_x(\varphi ) \end{aligned}$$

  Note that the second equivalence holds by the definition of the structure \(\mathcal {M}_T\) and the third equivalence by first-order team semantics of atomic formulas.

• Assume \(\varphi = X\psi \) and \(T'\subseteq T\) and \(i:T'\rightarrow \mathbb {N}\) are arbitrary. Let \(i^+\) be defined by \(i^+(t):=i(t)+1\) for all t. Now

  $$\begin{aligned} \{t[i(t),\infty )\mid t\in T'\}\models \varphi\Leftrightarrow & {} \{t[i^+(t),\infty )\mid t\in T'\}\models \psi \\\Leftrightarrow & {} \mathcal {M}_T\models _{S^y_{T',i^+}} ST_y(\psi )\\\Leftrightarrow & {} \mathcal {M}_T\models _{S^x_{T',i}} \exists y(S(x,y)\wedge ST_y(\psi ))\\\Leftrightarrow & {} \mathcal {M}_T\models _{S^x_{T',i}} ST_x(X\varphi ) \end{aligned}$$

  The second equivalence above holds by the induction assumption for \(ST_y(\psi )\). For the the third equivalence we use the facts that the supplementation function F for y is uniquely determined by the formula and x is not free in \(ST_y(\psi )\). Note that by locality it holds that

  $$ \mathcal {M}_T\models _{S^x_{T',i} [F/y]} ST_y(\psi ) \Leftrightarrow \mathcal {M}_T\models _{S^y_{T',i^+}} ST_y(\psi ), $$

  since \(S^y_{T',i^+}\) is the reduct of \(S^x_{T',i}[F/y]\) to the team with domain \(\{y\}\).

The proof for the connectives is straightforward and for the temporal operator U it is similar to the case of X.

Proof

(Proof of Corollary 1). We show that \(T\models \varphi \) if and only if \(\mathcal {M}_T\models \psi \), where \(\psi \) is the sentence:

$$\forall x ( \exists y (y<x) \vee (\forall y (\lnot y<x )\wedge ST_x(\varphi ))). $$

Note that

$$\begin{aligned} \mathcal {M}_T\models \psi\Leftrightarrow & {} \mathcal {M}_T\models _{\{\emptyset \}[\mathrm {dom}(\mathcal {M}_T)/x]} \exists y (y<x) \vee (\forall y \lnot (y<x) \wedge ST_x(\varphi )). \\\Leftrightarrow & {} \mathcal {M}_T\models _{S^x_{T} } ST_x(\varphi ). \end{aligned}$$

In the second line the team \(\{\emptyset \}[\mathrm {dom}(\mathcal {M}_T)/]x]\) (i.e., \(\mathrm {dom}(\mathcal {M}_T)\)) has to be split into two disjoint parts: the subset of elements having a predecessor and to those not having a predecessor (\(=S^x_{T} \)). The first disjunct is then trivially satisfied (by flatness it behaves classically) hence we arrive at the case which is equivalent to \(T\models \varphi \) by Theorem 1.

Proof

(Proof of Lemma 1). Suppose 2. Now \(T = T \cup \emptyset \), however the empty set is only stutter equivalent to itself. Thus \(T \equiv _{st}^a T'\).

Suppose 1 and suppose that \(T = T_1 \cup T_2\), hence we have asynchronous stuttering functions F of T and G of \(T'\), such that \(T[F] = U = T'[G]\). We consider the subteams induced by the stuttering function, i.e. \(T_i[F|T_i]\). Since \(T[F] = T'[G]\), there exist subteams \(T'_1,T'_2\) such that \(T'_i[G|T'_i] = T_i[F|T_i]\). Thus \(T_i \equiv _{st}^a T'_i\).

It remains to show that the subteams \(T'_1\) and \(T'_2\) constitute the entirety of the team \(T'\). It is clear that \(T'_1\cup T'_2 \subset T'\), so it remains to show the converse. Let \(t' \in T'\). Now, since \(T \equiv _{st}^a T'\), there exists a \(t \in T\) such that \(t[F|\{t\}] = t'[G|\{t'\}]\). By our assumption, the trace t belongs to either \(T_1\) or \(T_2\). Without loss of generality we may assume that \(t \in T_1\), but then \(t'[G|\{t'\}] \in T'_1[G|T'_1]\). Since the team \(T'\) is a set, i.e. it does not contain duplicates, we may conclude that \(t' \in T'\).

Proof

(Proof of Lemma 2). By the definition of the asynchronous stuttering function, for each coordinate of j(t) there exists a constant \(a_t\) such that \(f_t(a_t) \le j(t)\) and \(t(f_t(a_t)) = t(j(t))\). Let i be the configuration defined by \(i(t) = f_t(a_t)\). Now we can use the stuttering function F to construct stuttering functions \(F'\) and \(F''\) for \(T[i,\infty )\) and \(T[j,\infty )\) respectively. First of we define \(F'\) via \(f'_t(n) = f_t(n + a_t)\) for all \(t \in T\), which clearly is a stuttering function of \(T[i,\infty )\). Next we define

$$\begin{aligned} F''(n) = {\left\{ \begin{array}{ll} (j(t))_{t\in T} &{}\text{ if } n = 0\\ F'(n) &{}\text{ otherwise. } \end{array}\right. } \end{aligned}$$

Since \(t(f_t(a_t)) = t(i(t)) = t(j(t))\) for all \(t \in T\), it follows that \(T[i,\infty )[F'] = T[j,\infty )[F'']\). Thus \(T[i,\infty ) \equiv _{st}^a T[j,\infty )\).

For the second claim we use the assumption that \(T \equiv _{st}^a T'\). We let the configuration i be as above. Now for all n, \(t \in T\) and \(t' \in T'\) it holds that \(t(f_t(n)) = t'(g_{t'}(n))\). Thus there exists some configuration \(k:T' \rightarrow \mathbb N\) such that \(t'(g_{t'}(k(t'))) = t(f_t(i(t)))\), which allows us to define the stuttering function \(G'\) of \(T'[k,\infty )\) as \(g'_{t'}(n) = g_{t'}(n + k(t'))\) for all \(t' \in T'\). Clearly now \(T'[k,\infty )[G'] = T[i,\infty )[F']\), and hence \(T[i,\infty ) \equiv _{st}^a T'[k,\infty )\).

Proof

(Proof of Theorem 4). We define a inductive translation \(\mathrm {Tr}\) from second-order logic to third order arithmetic as follows. The key ideas in the translation are:

• an element of the domain \(T\times \mathbb {N}\) of the structure \(\mathcal {M}_T\) can be uniquely identified by specifying a trace t and \(i\in \mathbb {N}\). Hence, syntactically, a first-order variable x can be encoded by a pair of variables \((R_x, z_x)\) where \(R_x\) is a binary relation and \(z_x\) is a first-order variable;

• a subset of \(T\times \mathbb {N}\) is a set of pairs (t, i) and hence in the translation a unary relation X is encoded by a third-order variable \(\mathfrak {b}_X\) of type ((2), (1)), where the unary relation encodes i by the singleton \(\{ i\}\).

Define now a formula translation \(\mathrm {Tr}\) as follows. We omit below the obvious cases of the Boolean connectives and, for clarity, we consider only unary relations X on the side of SO. It is straightforward to write the corresponding translations also for relations of arbitrary arities.

$$\begin{aligned} \begin{aligned}&\mathrm {Tr}(x = y) := \forall u \forall v (R_x(u,v) \leftrightarrow \\&\quad R_y(u,v))\wedge z_x = z_y\\&\mathrm {Tr}(x \le y) := \forall u \forall v (R_x(u,v) \leftrightarrow \\&\quad R_y(u,v))\wedge z_x \le z_y\\&\mathrm {Tr}(P_i(x)) := \mathfrak {a}(R_x) \wedge R_x(z_x,i)\\ \end{aligned} \quad \begin{aligned}&\mathrm {Tr}(X(x)) := \exists Y(\mathfrak {b}_X (R_{x},Y)\wedge Y=\{z_x\}) \\&\mathrm {Tr}(\exists x\varphi ) := \exists R_x \exists z_x( \mathfrak {a}(R_x) \wedge \mathrm {Tr}(\varphi ))\\&\mathrm {Tr}(\exists X\varphi ) := \exists \mathfrak {b}_X(\forall R\forall Y( \mathfrak {b}_X(R,Y)\rightarrow \mathfrak {a}(R)\wedge \\&\quad |Y|=1)\wedge \mathrm {Tr}(\varphi )) \end{aligned} \end{aligned}$$

In the above formulas, i denotes a (definable) constant. It is now straightforward to show using induction on \(\varphi \) that for all s and \(s^*\):

$$\begin{aligned} \mathcal {M}_T \models _s \varphi \iff (\mathbb {N},+,\times ,\le 0,1)\models _{s^*} \mathrm {Tr}(\varphi )(\mathcal {A}_T /\mathfrak {a}), \end{aligned}$$

where the interpretations s and \(s^*\) relate to each other as described above.