Abstract
Branching-time temporal logics (e.g. CTL, CTL*, modal mu-calculus) allow us to ask sophisticated questions about the nondeterminism that appears in systems. Applications of this type of reasoning include planning, games, security analysis, disproving, precondition synthesis, environment synthesis, etc. Unfortunately, existing automatic branching-time verification tools have limitations that have traditionally restricted their applicability (e.g. push-down systems only, universal path quantifiers only, etc).
In this paper we introduce an automation strategy that lifts many of these previous restrictions. Our method works reliably for properties with non-trivial mixtures of universal and existential modal operators. Furthermore, our approach is designed to support (possibly infinite-state) programs.
The basis of our approach is the observation that existential reasoning can be reduced to universal reasoning if the system's state-space is appropriately restricted. This restriction on the state-space must meet a constraint derived from recent work on proving non-termination. The observation leads to a new route for implementation based on existing tools. To demonstrate the practical viability of our approach, we report on the results applying our preliminary implementation to a set of benchmarks drawn from the Windows operating system, the PostgreSQL database server, SoftUpdates patching system, as well as other hand-crafted examples.
- Bernholtz, O., Vardi, M. Y., and Wolper, P. An automata-theoretic approach to branching-time model checking (extended abstract). In CAV'94 (1994), D. L. Dill, Ed., vol. 818, Springer, pp. 142--155. Google Scholar
Digital Library
- Beyer, D., Henzinger, T. A., Jhala, R., and Majumdar, R. The software model checker blast. STTT 9, 5--6 (2007), 505--525. Google Scholar
Digital Library
- Bradley, A., Manna, Z., and Sipma, H. The polyranking principle. Automata, Languages and Programming (2005), 1349--1361. Google Scholar
Digital Library
- Burch, J., Clarke, E., et al. Symbolic model checking: 10 20 states and beyond. Information and computation 98, 2 (1992), 142--170. Google Scholar
Digital Library
- Chaki, S., Clarke, E. M., Grumberg, O., Ouaknine, J., Sharygina, N., Touili, T., and Veith, H. State/event software verification for branching-time specifications. In IFM'05 (2005), J. Romijn, G. Smith, and J. van de Pol, Eds., vol. 3771, pp. 53--69. Google Scholar
Digital Library
- Clarke, E., Jha, S., Lu, Y., and Veith, H. Tree-like counterexamples in model checking. In LICS (2002), pp. 19--29. Google Scholar
Digital Library
- Clarke, E. M., Emerson, E. A., and Sistla, A. P. Automatic verification of finite-state concurrent systems using temporal logic specifications. TOPLAS 8 (April 1986), 244--263. Google Scholar
Digital Library
- Cook, B., Gotsman, A., Podelski, A., Rybalchenko, A., and Vardi, M. Y. Proving that programs eventually do something good. In POPL'07 (2007), pp. 265--276. Google Scholar
Digital Library
- Cook, B., and Koskinen, E. Making prophecies with decision predicates. In POPL'11 (2011), T. Ball and M. Sagiv, Eds., ACM, pp. 399--410. Google Scholar
Digital Library
- Cook, B., Koskinen, E., and Vardi, M. Temporal verification as a program analysis task {extended version}. FMSD (2012). Google Scholar
Digital Library
- Cook, B., Koskinen, E., and Vardi, M. Y. Temporal property verification as a program analysis task. In CAV'11 (2011), G. Gopalakrishnan and S. Qadeer, Eds., vol. 6806, Springer, pp. 333--348. Google Scholar
Digital Library
- Cook, B., Podelski, A., and Rybalchenko, A. Termination proofs for systems code. In PLDI'06 (2006), M. I. Schwartzbach and T. Ball, Eds., pp. 415--426. Google Scholar
Digital Library
- Cousot, P., and Cousot, R. An abstract interpretation framework for termination. In POPL'12 (2012), ACM, pp. 245--258. Google Scholar
Digital Library
- Dams, D., and Namjoshi, K. S. The existence of finite abstractions for branching time model checking. In LICS (2004), pp. 335--344. Google Scholar
Digital Library
- de Alfaro, L., Godefroid, P., and Jagadeesan, R. Three-valued abstractions of games: Uncertainty, but with precision. In LICS (2004), pp. 170--179. Google Scholar
Digital Library
- Emerson, E. A., and Halpern, J. Y. "sometimes" and "not never" revisited: on branching versus linear time temporal logic. J. ACM 33, 1 (1986), 151--178. Google Scholar
Digital Library
- Emerson, E. A., and Namjoshi, K. S. Automatic verification of parameterized synchronous systems (extended abstract). In CAV'96 (1996), vol. 1102, pp. 87--98. Google Scholar
Digital Library
- Giesl, J., Schneider-Kamp, P., and Thiemann, R. Aprove 1.2: Automatic termination proofs in the dependency pair framework. Automated Reasoning (2006), 281--286. Google Scholar
Digital Library
- Godefroid, P., Nori, A. V., Rajamani, S. K., and Tetali, S. Compositional may-must program analysis: unleashing the power of alternation. In POPL'10 (2010), ACM, pp. 43--56. Google Scholar
Digital Library
- Gulavani, B. S., Henzinger, T. A., Kannan, Y., Nori, A. V., and Rajamani, S. K. SYNERGY: a new algorithm for property checking. In FSE'06 (2006), ACM, pp. 117--127. Google Scholar
Digital Library
- Gulwani, S., Jain, S., and Koskinen, E. Control-flow refinement and progress invariants for bound analysis. In PLDI'09 (2009), pp. 375--385. Google Scholar
Digital Library
- Gupta, A., Henzinger, T. A., Majumdar, R., Rybalchenko, A., and Xu, R.-G. Proving non-termination. SIGPLAN Not. 43 (January 2008), 147--158. Google Scholar
Digital Library
- Gurfinkel, A., Wei, O., and Chechik, M. Yasm: A software model-checker for verification and refutation. In CAV'06 (2006), vol. 4144, pp. 170--174. Google Scholar
Digital Library
- Harris, W. R., Lal, A., Nori, A. V., and Rajamani, S. K. Alternation for termination. In SAS (2010). Google Scholar
Digital Library
- Hayden, C. M., Magill, S., Hicks, M., Foster, N., and Foster, J. S. Specifying and verifying the correctness of dynamic software updates. In VSTTE'12 (2012), vol. 7152, pp. 278--293. Google Scholar
Digital Library
- Iosif, R., Bozga, M., Bouajjani, A., Habermehl, P., Moro, P., , and Vojnar, T. Programs with lists are counter automata. In CAV (2006). Google Scholar
Digital Library
- Kesten, Y., and Pnueli, A. A compositional approach to ctl* verification. Theor. Comput. Sci. 331, 2-3 (2005), 397--428. Google Scholar
Digital Library
- Kupferman, O., Vardi, M., and Wolper, P. An automata-theoretic approach to branching-time model checking. Journal of the ACM 47, 2 (2000), 312--360. Google Scholar
Digital Library
- Magill, S., Tsai, M.-H., Lee, P., and Tsay, Y.-K. Automatic numeric abstractions for heap-manipulating programs. In POPL'10 (2010), ACM, pp. 211--222. Google Scholar
Digital Library
- McMillan, K. L. Lazy abstraction with interpolants. In CAV'06 (2006), T. Ball and R. B. Jones, Eds., vol. 4144, pp. 123--136. Google Scholar
Digital Library
- Nelson, G. A generalization of Dijkstra's calculus. TOPLAS 11, 4 (1989), 517--561. Google Scholar
Digital Library
- Pistore, M., and Traverso, P. Planning as model checking for extended goals in non-deterministic domains. In IJCAI'01 (2001), Springer. Google Scholar
Digital Library
- Pnueli, A., and Zaks, A. Psl model checking and run-time verification via testers. In FM (2006), pp. 573--586. Google Scholar
Digital Library
- Podelski, A., and Rybalchenko, A. Transition invariants. In LICS (2004), pp. 32--41. Google Scholar
Digital Library
- Solar-Lezama, A., Tancau, L., Bodík, R., Seshia, S. A., and Saraswat, V. A. Combinatorial sketching for finite programs. In PLDI (2006), ACM, pp. 404--415.Google Scholar
- Song, F., and Touili, T. Pushdown model checking for malware detection. In TACAS (2012). Google Scholar
Digital Library
- Stirling, C. Games and modal mu-calculus. In TACAS (1996), vol. 1055, pp. 298--312. Google Scholar
Digital Library
- Vardhan, A., and Viswanathan, M. Learning to verify branching time properties. FMSD 31, 1 (2007), 35--61. Google Scholar
Digital Library
- Walukiewicz, I. Pushdown processes: Games and model checking. In CAV (1996), vol. 1102, pp. 62--74. Google Scholar
Digital Library
- Walukiewicz, I. Model checking ctl properties of pushdown systems. In FSTTCS (2000), S. Kapoor and S. Prasad, Eds., vol. 1974, pp. 127--138. Google Scholar
Digital Library
- Yang, Z., Al-Rawi, B., Sakallah, K. A., Huang, X., Smolka, S. A., and Grosu, R. Dynamic path reduction for software model checking. In IFM (2009), vol. 5423, pp. 322--336. Google Scholar
Digital Library
Index Terms
Reasoning about nondeterminism in programs
Recommendations
Reasoning about nondeterminism in programs
PLDI '13: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and ImplementationBranching-time temporal logics (e.g. CTL, CTL*, modal mu-calculus) allow us to ask sophisticated questions about the nondeterminism that appears in systems. Applications of this type of reasoning include planning, games, security analysis, disproving, ...
Temporal property verification as a program analysis task
We describe a reduction from temporal property verification to a program analysis problem. First we present a proof system that, unlike the standard formulation, is more amenable to reasoning about infinite-state systems: disjunction is treated by ...
Making prophecies with decision predicates
POPL '11: Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesWe describe a new algorithm for proving temporal properties expressed in LTL of infinite-state programs. Our approach takes advantage of the fact that LTL properties can often be proved more efficiently using techniques usually associated with the ...







Comments