Certifying proofs for SAT-based model checking

In the context of formal verification, certifying proofs are evidences of the correctness of a model in a deduction system produced automatically as outcome of the verification. They are quite appealing for high-assurance systems because they can be verified independently by proof checkers, which are usually simpler to certify than the proof-generating tools. Model checking is one of the most prominent approaches to formal verification of temporal properties and is based on an algorithmic search of the system state space. Although modern algorithms integrate deductive methods, the generation of proofs is typically restricted to invariant properties only. Moreover, it assumes that the verification produces an inductive invariant of the original system, while model checkers usually involve a variety of complex pre-processing simplifications. In this paper we show how, exploiting the k-liveness algorithm, to extend proof generation capabilities for invariant checking to cover full linear-time temporal logic (LTL) properties, in a simple and efficient manner, with essentially no overhead for the model checker. Besides the basic k-liveness algorithm, we integrate in the proof generation a variety of widely used pre-processing techniques such as temporal decomposition, model simplification via computation of equivalences with ternary simulation, and the use of stabilizing constraints. These techniques are essential in many cases to prove that a property holds, both for invariant and for LTL model checking, and thus need to be considered within the proof. We implemented the proof generation techniques on top of IC3 engines, and show the feasibility of the approach on a variety of benchmarks taken from the literature and from the Hardware Model Checking Competition. Our results confirm that proof generation results in negligible overhead for the model checker.

[1]  Adrian Francalanza,et al.  An LTL Proof System for Runtime Verification , 2015, TACAS.

[2]  Mordechai Ben-Ari,et al.  Mathematical Logic for Computer Science , 2012, Springer London.

[3]  Yan Zhang,et al.  An incremental approach to model checking progress properties , 2011, 2011 Formal Methods in Computer-Aided Design (FMCAD).

[4]  Alberto Griggio,et al.  The MathSAT5 SMT Solver , 2013, TACAS.

[5]  Ofer Strichman,et al.  Bounded model checking , 2003, Adv. Comput..

[6]  Randal E. Bryant,et al.  Formal verification by symbolic evaluation of partially-ordered trajectories , 1995, Formal Methods Syst. Des..

[7]  Orna Kupferman,et al.  From complementation to certification , 2005, Theor. Comput. Sci..

[8]  Saharon Shelah,et al.  On the temporal analysis of fairness , 1980, POPL '80.

[9]  Jason Baumgartner,et al.  Enhanced verification by temporal decomposition , 2009, 2009 Formal Methods in Computer-Aided Design.

[10]  Marco Roveri,et al.  Comparing Different Variants of the ic3 Algorithm for Hardware Model Checking , 2016, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[11]  Viktor Schuppan,et al.  Evaluating LTL Satisfiability Solvers , 2011, ATVA.

[12]  Doron A. Peled,et al.  From model checking to a temporal proof , 2001, SPIN '01.

[13]  Cesare Tinelli,et al.  Proof certificates for SMT-based model checkers for infinite-state systems , 2016, 2016 Formal Methods in Computer-Aided Design (FMCAD).

[14]  Boris Konev,et al.  TeMP: A Temporal Monodic Prover , 2004, IJCAR.

[15]  Keijo Heljanko,et al.  Increasing Confidence in Liveness Model Checking Results with Proofs , 2013, Haifa Verification Conference.

[16]  Per Bjesse,et al.  Automatic generalized phase abstraction for formal verification , 2005, ICCAD-2005. IEEE/ACM International Conference on Computer-Aided Design, 2005..

[17]  Niklas Sörensson,et al.  An Extensible SAT-solver , 2003, SAT.

[18]  Marco Roveri,et al.  The nuXmv Symbolic Model Checker , 2014, CAV.

[19]  Cesare Tinelli,et al.  Qualification of a Model Checker for Avionics Software Verification , 2017, NFM.

[20]  Martin Hofmann,et al.  A Proof System for the Linear Time µ-Calculus , 2006, FSTTCS.

[21]  A. Prasad Sistla,et al.  On model checking for the µ-calculus and its fragments , 2001, Theor. Comput. Sci..

[22]  Alberto Griggio,et al.  Infinite-State Liveness-to-Safety via Implicit Abstraction and Well-Founded Relations , 2016, CAV.

[23]  Kathi Fisler,et al.  Verifying VHDL Designs with COSPAN , 1997, Formal Hardware Verification.

[24]  Aaron R. Bradley,et al.  SAT-Based Model Checking without Unrolling , 2011, VMCAI.

[25]  Carlo Ghezzi,et al.  From Model Checking to a Temporal Proof for Partial Models , 2017, SEFM.

[26]  D. Prawitz Natural Deduction: A Proof-Theoretical Study , 1965 .

[27]  Kedar S. Namjoshi,et al.  Certifying Model Checkers , 2001, CAV.

[28]  Amir Pnueli,et al.  The temporal logic of programs , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[29]  Amir Pnueli,et al.  From Falsification to Verification , 2001, FSTTCS.

[30]  Boris Konev,et al.  TRP++2.0: A Temporal Resolution Prover , 2003, CADE.

[31]  Viktor Schuppan,et al.  Liveness Checking as Safety Checking , 2002, FMICS.

[32]  Armando Tacchella,et al.  Theory and Applications of Satisfiability Testing: 6th International Conference, Sat 2003, Santa Margherita Ligure, Italy, May 5-8 2003: Selected Revised Papers (Lecture Notes in Computer Science, 2919) , 2004 .

[33]  Edmund M. Clarke,et al.  Another Look at LTL Model Checking , 1994, Formal Methods Syst. Des..

[34]  Tobias Nipkow,et al.  A Fully Verified Executable LTL Model Checker , 2013, CAV.

[35]  Marco Roveri,et al.  Certifying Proofs for LTL Model Checking , 2018, 2018 Formal Methods in Computer Aided Design (FMCAD).

[36]  Marco Bozzano,et al.  Formal Design and Safety Analysis of AIR6110 Wheel Brake System , 2015, CAV.

[37]  Clark W. Barrett,et al.  The SMT-LIB Standard Version 2.0 , 2010 .

[38]  Moshe Y. Vardi An Automata-Theoretic Approach to Linear Temporal Logic , 1996, Banff Higher Order Workshop.

[39]  David A. Basin,et al.  Optimal Proofs for Linear Temporal Logic on Lasso Words , 2018, ATVA.

[40]  Armin Biere,et al.  Hardware model checking competition 2017 , 2017, 2017 Formal Methods in Computer Aided Design (FMCAD).