skip to main content
research-article
Open Access
Artifacts Available
Artifacts Evaluated & Functional

Reducing liveness to safety in first-order logic

Published:27 December 2017Publication History
Skip Abstract Section

Abstract

We develop a new technique for verifying temporal properties of infinite-state (distributed) systems. The main idea is to reduce the temporal verification problem to the problem of verifying the safety of infinite-state systems expressed in first-order logic. This allows to leverage existing techniques for safety verification to verify temporal properties of interesting distributed protocols, including some that have not been mechanically verified before. We model infinite-state systems using first-order logic, and use first-order temporal logic (FO-LTL) to specify temporal properties. This general formalism allows to naturally model distributed systems, while supporting both unbounded-parallelism (where the system is allowed to dynamically create processes), and infinite-state per process.

The traditional approach for verifying temporal properties of infinite-state systems employs well-founded relations (e.g. using linear arithmetic ranking functions). In contrast, our approach is based the idea of fair cycle detection. In finite-state systems, temporal verification can always be reduced to fair cycle detection (a system contains a fair cycle if it revisits a state after satisfying all fairness constraints). However, with both infinitely many states and infinitely many fairness constraints, a straightforward reduction to fair cycle detection is unsound. To regain soundness, we augment the infinite-state transition system by a dynamically computed finite set, that exploits the locality of transitions. This set lets us define a form of fair cycle detection that is sound in the presence of both infinitely many states, and infinitely many fairness constraints. Our approach allows a new style of temporal verification that does not explicitly involve ranking functions. This fits well with pure first-order verification which does not explicitly reason about numerical values. In particular, it can be used with effectively propositional first-order logic (EPR), in which case checking verification conditions is decidable. We applied our technique to verify temporal properties of several interesting protocols. To the best of our knowledge, we have obtained the first mechanized liveness proof for both TLB Shootdown, and Stoppable Paxos.

Skip Supplemental Material Section

Supplemental Material

firstorderlogic.webm

References

  1. Martín Abadi. 1989. The Power of Temporal Proofs. Theor. Comput. Sci. 65, 1 (1989), 35–83. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Parosh Aziz Abdulla, Bengt Jonsson, Ahmed Rezine, and Mayank Saksena. 2006. Proving Liveness by Backwards Reachability. In CONCUR (Lecture Notes in Computer Science), Vol. 4137. Springer, 95–109. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Kyungmin Bae and José Meseguer. 2011. State/Event-Based LTL Model Checking under Parametric Generalized Fairness. In Computer Aided Verification: 23rd International Conference, CAV 2011, Snowbird, UT, USA, July 14-20, 2011. Proceedings, Ganesh Gopalakrishnan and Shaz Qadeer (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 132–148. Google ScholarGoogle ScholarCross RefCross Ref
  4. Kyungmin Bae and José Meseguer. 2014. Infinite-State Model Checking of LTLR Formulas Using Narrowing. In Rewriting Logic and Its Applications - 10th International Workshop, WRLA 2014, Held as a Satellite Event of ETAPS, Grenoble, France, April 5-6, 2014, Revised Selected Papers. 113–129. Google ScholarGoogle ScholarCross RefCross Ref
  5. Kyungmin Bae and José Meseguer. 2015. Model checking linear temporal logic of rewriting formulas under localized fairness. Science of Computer Programming 99, Supplement C (2015), 193 – 234. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Amir M. Ben-Amram. 2002. General Size-Change Termination and Lexicographic Descent. In The Essence of Computation (Lecture Notes in Computer Science), Vol. 2566. Springer, 3–17. Google ScholarGoogle ScholarCross RefCross Ref
  7. Armin Biere, Cyrille Artho, and Viktor Schuppan. 2002. Liveness Checking as Safety Checking. Electr. Notes Theor. Comput. Sci. 66, 2 (2002), 160–177. Google ScholarGoogle ScholarCross RefCross Ref
  8. D. L. Black, R. F. Rashid, D. B. Golub, and C. R. Hill. 1989. Translation Lookaside Buffer Consistency: A Software Approach. In Proceedings of the Third International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS III). ACM, New York, NY, USA, 113–122. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Roderick Bloem, Swen Jacobs, Ayrat Khalimov, Igor Konnov, Sasha Rubin, Helmut Veith, and Josef Widder. 2015. Decidability of Parameterized Verification. Morgan & Claypool Publishers. Google ScholarGoogle ScholarCross RefCross Ref
  10. B. Cook, A. Gotsman, A. Podelski, A. Rybalchenko, and M. Y. Vardi. 2007. Proving that programs eventually do something good. In POPL, Martin Hofmann and Matthias Felleisen (Eds.). 265–276. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. B. Cook, A. Podelski, and A. Rybalchenko. 2006. Termination proofs for systems code. In PLDI. 415–426. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Jonathan Corbet. 2008. Ticket spinlocks. https://lwn.net/Articles/267968/ . (2008).Google ScholarGoogle Scholar
  13. P. Cousot and R. Cousot. 2012. An abstract interpretation framework for termination. In POPL. 245–258. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Jakub Daniel, Alessandro Cimatti, Alberto Griggio, Stefano Tonetta, and Sergio Mover. 2016. Infinite-State Liveness-to-Safety via Implicit Abstraction and Well-Founded Relations. In Computer Aided Verification - 28th International Conference, CAV 2016, Toronto, ON, Canada, July 17-23, 2016, Proceedings, Part I (Lecture Notes in Computer Science), Swarat Chaudhuri and Azadeh Farzan (Eds.), Vol. 9779. Springer, 271–291. Google ScholarGoogle ScholarCross RefCross Ref
  15. Leonardo de Moura and Nikolaj Bjørner. 2008. Z3: An Efficient SMT Solver. In Tools and Algorithms for the Construction and Analysis of Systems, 14th International Conference, TACAS 2008, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2008, Budapest, Hungary, March 29-April 6, 2008. Proceedings (Lecture Notes in Computer Science), Vol. 4963. Springer, 337–340.Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Daniel Dietsch, Matthias Heizmann, Vincent Langenfeld, and Andreas Podelski. 2015. Fairness Modulo Theory: A New Approach to LTL Software Model Checking. In CAV (Lecture Notes in Computer Science), Vol. 9206. Springer, 49–66. Google ScholarGoogle ScholarCross RefCross Ref
  17. Clare Dixon, Michael Fisher, Boris Konev, and Alexei Lisitsa. 2008. Practical First-Order Temporal Reasoning. In TIME. IEEE Computer Society, 156–163. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Cezara Dragoi, Thomas A. Henzinger, and Damien Zufferey. 2016. PSync: A Partially Synchronous Language for FaultTolerant Distributed Algorithms. ACM SIGPLAN Notices 51, 1 (2016), 400–415. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Yi Fang, Kenneth L. McMillan, Amir Pnueli, and Lenore D. Zuck. 2006. Liveness by Invisible Invariants. In Formal Techniques for Networked and Distributed Systems - FORTE 2006, 26th IFIP WG 6.1 International Conference, Paris, France, September 26-29, 2006. (Lecture Notes in Computer Science), Elie Najm, Jean-François Pradat-Peyre, and Véronique Donzeau-Gouge (Eds.), Vol. 4229. Springer, 356–371. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Azadeh Farzan, Zachary Kincaid, and Andreas Podelski. 2016. Proving Liveness of Parameterized Programs. In LICS. ACM, 185–196. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Michael J. Fischer, Nancy A. Lynch, and Michael S. Paterson. 1985. Impossibility of Distributed Consensus with One Faulty Process. J. ACM 32, 2 (April 1985), 374–382. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Alexey Gotsman, Byron Cook, Matthew J. Parkinson, and Viktor Vafeiadis. 2009. Proving that non-blocking algorithms don’t block. In POPL. 16–28. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Chris Hawblitzel, Jon Howell, Manos Kapritsos, Jacob R. Lorch, Bryan Parno, Michael L. Roberts, Srinath T. V. Setty, and Brian Zill. 2015. IronFleet: proving practical distributed systems correct. In Proceedings of the 25th Symposium on Operating Systems Principles, SOSP. 1–17. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Matthias Heizmann, Jochen Hoenicke, and Andreas Podelski. 2014. Termination Analysis by Learning Terminating Programs. CoRR abs/1405.4189 (2014).Google ScholarGoogle Scholar
  25. Jochen Hoenicke, Rupak Majumdar, and Andreas Podelski. 2017. Thread modularity at many levels: a pearl in compositional verification. In POPL. ACM, 473–485. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Aleksandr Karbyshev, Nikolaj Bjørner, Shachar Itzhaky, Noam Rinetzky, and Sharon Shoham. 2015. Property-Directed Inference of Universal Invariants or Proving Their Absence. In Computer Aided Verification - 27th International Conference, CAV 2015, San Francisco, CA, USA, July 18-24, 2015, Proceedings, Part I. 583–602. Google ScholarGoogle ScholarCross RefCross Ref
  27. Igor Konnov, Marijana Lazic, Helmut Veith, and Josef Widder. 2017. A Short Counterexample Property for Safety and Liveness Verification of Fault-Tolerant Distributed Algorithms. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL 2017). ACM, 719–734. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Igor Konnov, Helmut Veith, and Josef Widder. 2015a. SMT and POR Beat Counter Abstraction: Parameterized Model Checking of Threshold-Based Distributed Algorithms. In Computer Aided Verification. Springer, Cham, 85–102. Google ScholarGoogle ScholarCross RefCross Ref
  29. Igor V. Konnov, Helmut Veith, and Josef Widder. 2015b. What You Always Wanted to Know About Model Checking of Fault-Tolerant Distributed Algorithms. In Perspectives of System Informatics - 10th International Andrei Ershov Informatics Conference, PSI 2015, in Memory of Helmut Veith, Kazan and Innopolis, Russia, August 24-27, 2015, Revised Selected Papers (Lecture Notes in Computer Science), Manuel Mazzara and Andrei Voronkov (Eds.), Vol. 9609. Springer, 6–21. Google ScholarGoogle ScholarCross RefCross Ref
  30. Konstantin Korovin. 2008. iProver - An Instantiation-Based Theorem Prover for First-Order Logic (System Description). In Automated Reasoning, 4th International Joint Conference, IJCAR 2008, Sydney, Australia, August 12-15, 2008, Proceedings. 292–298.Google ScholarGoogle Scholar
  31. Daniel Kroening, Natasha Sharygina, Aliaksei Tsitovich, and Christoph M. Wintersteiger. 2010. Termination Analysis with Compositional Transition Invariants. In CAV (Lecture Notes in Computer Science), Vol. 6174. Springer, 89–103. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Takuya Kuwahara, Tachio Terauchi, Hiroshi Unno, and Naoki Kobayashi. 2014. Automatic Termination Verification for Higher-Order Functional Programs. In ESOP (Lecture Notes in Computer Science), Vol. 8410. Springer, 392–411. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Leslie Lamport. 1974. A New Solution of Dijkstra’s Concurrent Programming Problem. Commun. ACM 17, 8 (Aug. 1974), 453–455. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Leslie Lamport. 1998. The Part-Time Parliament. ACM Trans. Comput. Syst. 16, 2 (1998), 133–169. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Leslie Lamport. 2001. Paxos Made Simple. (December 2001), 51–58. https://www.microsoft.com/en- us/research/publication/ paxos- made- simple/Google ScholarGoogle Scholar
  36. Leslie Lamport. 2006. Fast Paxos. Distributed Computing 19, 2 (2006), 79–103. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Leslie Lamport, Dahlia Malkhi, and Lidong Zhou. 2008. Stoppable Paxos. Technical Report. TechReport, Microsoft Research. https://www.microsoft.com/en- us/research/publication/stoppable- paxos/Google ScholarGoogle Scholar
  38. Leslie Lamport, Dahlia Malkhi, and Lidong Zhou. 2010. Reconfiguring a State Machine. SIGACT News 41, 1 (03 2010), 63–73.Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Chin Soon Lee, Neil D. Jones, and Amir M. Ben-Amram. 2001. The size-change principle for program termination. In POPL. ACM, 81–92. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Wonchan Lee, Bow-Yaw Wang, and Kwangkeun Yi. 2012. Termination Analysis with Algorithmic Learning. In CAV (Lecture Notes in Computer Science), Vol. 7358. Springer, 88–104. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Roman Manevich, Boris Dogadov, and Noam Rinetzky. 2016. From Shape Analysis to Termination Analysis in Linear Time. In CAV (1) (Lecture Notes in Computer Science), Vol. 9779. Springer, 426–446. Google ScholarGoogle ScholarCross RefCross Ref
  42. Zohar Manna and Amir Pnueli. 1983. Verification of Concurrent Programs: A Temporal Proof System. In Foundations of Computer Science: Distributed Systems, J. W. de Bakker and J. van Leeuwen (Eds.). Mathematisch Centrum, Amsterdam, 163–255.Google ScholarGoogle Scholar
  43. Zohar Manna and Amir Pnueli. 1995. Temporal verification of reactive systems - safety. Springer. Google ScholarGoogle ScholarCross RefCross Ref
  44. Kenneth L. McMillan. 2016. Modular specification and verification of a cache-coherent interface. In 2016 Formal Methods in Computer-Aided Design, FMCAD 2016, Mountain View, CA, USA, October 3-6, 2016, Ruzica Piskac and Muralidhar Talupur (Eds.). IEEE, 109–116. Google ScholarGoogle ScholarCross RefCross Ref
  45. José Meseguer. 1992. Conditional rewriting logic as a unified model of concurrency. Theoretical Computer Science 96, 1 (1992), 73–155. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. José Meseguer. 2008. The Temporal Logic of Rewriting: A Gentle Introduction. In Concurrency, Graphs and Models, Essays Dedicated to Ugo Montanari on the Occasion of His 65th Birthday (Lecture Notes in Computer Science), Pierpaolo Degano, Rocco De Nicola, and José Meseguer (Eds.), Vol. 5065. Springer, 354–382. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. José Meseguer. 2012. Twenty years of rewriting logic. J. Log. Algebr. Program. 81, 7-8 (2012), 721–781. Google ScholarGoogle ScholarCross RefCross Ref
  48. Akihiro Murase, Tachio Terauchi, Naoki Kobayashi, Ryosuke Sato, and Hiroshi Unno. 2016. Temporal verification of higher-order functional programs. In POPL. ACM, 57–68. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Oded Padon, Giuliano Losa, Mooly Sagiv, and Sharon Shoham. 2017. Paxos Made EPR: Decidable Reasoning About Distributed Protocols. Proc. ACM Program. Lang. 1, OOPSLA, Article 108 (Oct. 2017), 31 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Oded Padon, Kenneth L. McMillan, Aurojit Panda, Mooly Sagiv, and Sharon Shoham. 2016. Ivy: safety verification by interactive generalization. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2016, Santa Barbara, CA, USA, June 13-17, 2016. 614–630. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Ruzica Piskac, Leonardo Mendonça de Moura, and Nikolaj Bjørner. 2010. Deciding Effectively Propositional Logic Using DPLL and Substitution Sets. J. Autom. Reasoning 44, 4 (2010), 401–424. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. Amir Pnueli, Andreas Podelski, and Andrey Rybalchenko. 2005. Separating Fairness and Well-Foundedness for the Analysis of Fair Discrete Systems. In TACAS (Lecture Notes in Computer Science), Vol. 3440. Springer, 124–139. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Amir Pnueli, Sitvanit Ruah, and Lenore D. Zuck. 2001. Automatic Deductive Verification with Invisible Invariants. In Tools and Algorithms for the Construction and Analysis of Systems, 7th International Conference, TACAS 2001 Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2001 Genova, Italy, April 2-6, 2001, Proceedings (Lecture Notes in Computer Science), Tiziana Margaria and Wang Yi (Eds.), Vol. 2031. Springer, 82–97. Google ScholarGoogle Scholar
  54. Amir Pnueli and Elad Shahar. 2000. Liveness and Acceleration in Parameterized Verification. In CAV (Lecture Notes in Computer Science), Vol. 1855. Springer, 328–343. Google ScholarGoogle ScholarCross RefCross Ref
  55. Andreas Podelski and Andrey Rybalchenko. 2004a. A Complete Method for the Synthesis of Linear Ranking Functions. In VMCAI (Lecture Notes in Computer Science), Vol. 2937. Springer, 239–251. Google ScholarGoogle ScholarCross RefCross Ref
  56. Andreas Podelski and Andrey Rybalchenko. 2004b. Transition Invariants. In LICS. IEEE Computer Society, 32–41. Google ScholarGoogle ScholarCross RefCross Ref
  57. Andreas Podelski and Andrey Rybalchenko. 2011. Transition Invariants and Transition Predicate Abstraction for Program Termination. In TACAS (Lecture Notes in Computer Science), Vol. 6605. Springer, 3–10. Google ScholarGoogle ScholarCross RefCross Ref
  58. F. Ramsey. 1930. On a problem in formal logic. In Proc. London Math. Soc. Google ScholarGoogle ScholarCross RefCross Ref
  59. Alexandre Riazanov and Andrei Voronkov. 2002. The Design and Implementation of VAMPIRE. AI Commun. 15, 2,3 (Aug. 2002), 91–110. http://dl.acm.org/citation.cfm?id=1218615.1218620Google ScholarGoogle Scholar
  60. Shmuel Sagiv, Thomas W. Reps, and Reinhard Wilhelm. 2002. Parametric shape analysis via 3-valued logic. ACM Trans. Program. Lang. Syst. 24, 3 (2002), 217–298. Google ScholarGoogle ScholarDigital LibraryDigital Library
  61. Viktor Schuppan and Armin Biere. 2006. Liveness Checking as Safety Checking for Infinite State Spaces. Electr. Notes Theor. Comput. Sci. 149, 1 (2006), 79–96. Google ScholarGoogle ScholarDigital LibraryDigital Library
  62. Caterina Urban and Antoine Miné. 2017. Inference of ranking functions for proving temporal properties by abstract interpretation. Computer Languages, Systems & Structures 47 (2017), 77–103. Google ScholarGoogle ScholarCross RefCross Ref
  63. M.Y. Vardi and P. Wolper. 1986. An Automata-Theoretic Approach to Automatic Program Verification. In Proc. 1st Symp. on Logic in Computer Science. Cambridge, 332–344. http://www.cs.rice.edu/~vardi/papers/lics86.pdf.gzGoogle ScholarGoogle Scholar
  64. Christoph Weidenbach, Dilyana Dimova, Arnaud Fietzke, Rohit Kumar, Martin Suda, and Patrick Wischnewski. 2009. SPASS Version 3.5. In Automated Deduction - CADE-22, 22nd International Conference on Automated Deduction, Montreal, Canada, August 2-7, 2009. Proceedings. 140–145.Google ScholarGoogle ScholarDigital LibraryDigital Library
  65. James R. Wilcox, Doug Woos, Pavel Panchekha, Zachary Tatlock, Xi Wang, Michael D. Ernst, and Thomas E. Anderson. 2015. Verdi: a framework for implementing and formally verifying distributed systems. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, Portland, OR, USA, June 15-17, 2015. 357–368. Google ScholarGoogle ScholarDigital LibraryDigital Library
  66. Pierre Wolper. 2000. Constructing Automata from Temporal Logic Formulas: A Tutorial. In Lectures on Formal Methods and Performance Analysis, First EEF/Euro Summer School on Trends in Computer Science, Berg en Dal, The Netherlands, July 3-7, 2000, Revised Lectures (Lecture Notes in Computer Science), Ed Brinksma, Holger Hermanns, and Joost-Pieter Katoen (Eds.), Vol. 2090. Springer, 261–277. Google ScholarGoogle ScholarCross RefCross Ref

Index Terms

  1. Reducing liveness to safety in first-order logic

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!