Certifying Proofs for LTL Model Checking

In the context of formal verification, certifying proofs are proofs of the correctness of a model in a deduction system produced automatically as outcome of the verification. They are quite appealing for high-assurance systems because they can be verified independently by proof checkers, which are usually simpler to certify than the proof-generating tools.Model checking is one of the most prominent approaches to formal verification of temporal properties and is based on an algorithmic search of the system state space. Although modern algorithms integrate deductive methods, the generation of proofs is typically restricted to invariant properties only.In this paper, we solve this issue in the context of Linear-time Temporal Logic. By exploiting the k-liveness algorithm, we show how to extend proof generation capabilities for invariant checking to cover full LTL properties, in a simple and efficient manner, with essentially no overhead for the model checker. We implemented the technique on top of an IC3 engine, and show the feasibility of the approach on a variety of benchmarks.

[1]  Martin Hofmann,et al.  A Proof System for the Linear Time µ-Calculus , 2006, FSTTCS.

[2]  Carlo Ghezzi,et al.  From Model Checking to a Temporal Proof for Partial Models , 2017, SEFM.

[3]  Alberto Griggio,et al.  Infinite-State Liveness-to-Safety via Implicit Abstraction and Well-Founded Relations , 2016, CAV.

[4]  Amir Pnueli,et al.  A Deductive Proof System for CTL , 2002, CONCUR.

[5]  Amir Pnueli,et al.  From Falsification to Verification , 2001, FSTTCS.

[6]  Alberto Griggio,et al.  The MathSAT5 SMT Solver , 2013, TACAS.

[7]  Boris Konev,et al.  TRP++2.0: A Temporal Resolution Prover , 2003, CADE.

[8]  Yan Zhang,et al.  An incremental approach to model checking progress properties , 2011, 2011 Formal Methods in Computer-Aided Design (FMCAD).

[9]  Edmund M. Clarke,et al.  Another Look at LTL Model Checking , 1994, Formal Methods Syst. Des..

[10]  Viktor Schuppan,et al.  Evaluating LTL Satisfiability Solvers , 2011, ATVA.

[11]  Tobias Nipkow,et al.  A Fully Verified Executable LTL Model Checker , 2013, CAV.

[12]  E. Allen Emerson,et al.  Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[13]  D. Prawitz Natural Deduction: A Proof-Theoretical Study , 1965 .

[14]  Koen Claessen,et al.  A liveness checking algorithm that counts , 2012, 2012 Formal Methods in Computer-Aided Design (FMCAD).

[15]  Kedar S. Namjoshi,et al.  Certifying Model Checkers , 2001, CAV.

[16]  Boris Konev,et al.  TeMP: A Temporal Monodic Prover , 2004, IJCAR.

[17]  Kathi Fisler,et al.  Verifying VHDL Designs with COSPAN , 1997, Formal Hardware Verification.

[18]  Moshe Y. Vardi An Automata-Theoretic Approach to Linear Temporal Logic , 1996, Banff Higher Order Workshop.

[19]  Orna Kupferman,et al.  From complementation to certification , 2005, Theor. Comput. Sci..

[20]  Doron A. Peled,et al.  From model checking to a temporal proof , 2001, SPIN '01.

[21]  Zohar Manna,et al.  Completing the Temporal Picture , 1989, Theor. Comput. Sci..

[22]  Adrian Francalanza,et al.  An LTL Proof System for Runtime Verification , 2015, TACAS.

[23]  Zohar Manna,et al.  Temporal verification of reactive systems - safety , 1995 .

[24]  Thomas Studer,et al.  Cyclic Proofs for Linear Temporal Logic , 2016 .

[25]  Marco Bozzano,et al.  Formal Design and Safety Analysis of AIR6110 Wheel Brake System , 2015, CAV.

[26]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[27]  Nikolaj Bjørner,et al.  Proofs and Refutations, and Z3 , 2008, LPAR Workshops.

[28]  Viktor Schuppan,et al.  Liveness Checking as Safety Checking , 2002, FMICS.

[29]  Marco Roveri,et al.  The nuXmv Symbolic Model Checker , 2014, CAV.

[30]  David A. Basin,et al.  Optimal Proofs for Linear Temporal Logic on Lasso Words , 2018, ATVA.

[31]  Aaron R. Bradley,et al.  SAT-Based Model Checking without Unrolling , 2011, VMCAI.

[32]  A. Prasad Sistla,et al.  On model checking for the µ-calculus and its fragments , 2001, Theor. Comput. Sci..