On Hyperproperty Verification, Quantifier Alternations, and Games under Partial Information
Raven Beutner, Bernd Finkbeiner
TL;DR
The paper tackles the verification of hyperproperties expressed in HyperLTL with arbitrary quantifier alternations by introducing multiplayer parity games under partial information (MPG$_{ii}$). It shows how to encode HyperLTL satisfaction as a game where players control traces, with observations aligned to the quantifier prefix, and proves soundness and decidability under hierarchical information. Completeness is established for the $\exists^*\forall^*$ fragment, and prophecy variables are developed to extend the framework to broader prefixes, yielding a sound-and-certificate approach for interactive proofs. The framework supports interactive proof construction, easy-to-check certificates, and broad applicability to hyperproperty verification, with future work exploring completeness for broader prefixes and practical solver integration.
Abstract
Hyperproperties generalize traditional trace properties by relating multiple execution traces rather than reasoning about individual runs in isolation. They provide a unified way to express important requirements such as information flow and robustness properties. Temporal logics like HyperLTL capture these properties by explicitly quantifying over executions of a system. However, many practically relevant hyperproperties involve quantifier alternations, a feature that poses substantial challenges for automated verification. Complete verification methods require a system complementation for each quantifier alternation, making it infeasible in practice. A cheaper (but incomplete) method interprets the verification of a HyperLTL formula as a two-player game between universal and existential quantifiers. The game-based approach is significantly cheaper, facilitates interactive proofs, and allows for easy-to-check certificates of satisfaction. It is, however, limited to $\forall^*\exists^*$ properties, leaving important properties out of reach. In this paper, we show that we can use games to verify hyperproperties with arbitrary quantifier alternations by utilizing multiplayer games under partial information. While games under partial information are, in general, undecidable, we show that our game is played under hierarchical information and thus falls in a decidable class of games. We discuss the completeness of the game and study prophecy variables in the setting of partial information.