research-article

Making prophecies with decision predicates

Authors:

Eric KoskinenAuthors Info & Claims

POPL '11: Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

Pages 399 - 410

https://doi.org/10.1145/1926385.1926431

Published: 26 January 2011 Publication History

Abstract

We describe a new algorithm for proving temporal properties expressed in LTL of infinite-state programs. Our approach takes advantage of the fact that LTL properties can often be proved more efficiently using techniques usually associated with the branching-time logic CTL than they can with native LTL algorithms. The caveat is that, in certain instances, nondeterminism in the system's transition relation can cause CTL methods to report counter examples that are spurious with respect to the original LTL formula. To address this problem we describe an algorithm that, as it attempts to apply CTL proof methods, finds and then removes problematic nondeterminism via an analysis on the potentially spurious counterexamples. Problematic nondeterminism is characterized using decision predicates, and removed using a partial, symbolic determinization procedure which introduces new prophecy variables to predict the future outcome of these choices. We demonstrate---using examples taken from the PostgreSQL database server, Apache web server, and Windows OS kernel---that our method can yield enormous performance improvements in comparison to known tools, allowing us to automatically prove properties of programs where we could not prove them before.

Supplementary Material

MP4 File (36-mpeg-4.mp4)

Download
436.03 MB

References

[1]

Cadence SMV. http://www.kenmcmil.com/smv.html.

[2]

The Z3 Theorem Prover. research.microsoft.com/projects/Z3.

[3]

Abadi, M., and Lamport, L. The existence of refinement mappings. Theoretical Computer Science 82, 2 (1991), 253--284.

Digital Library

[4]

Abdulla, P. A., Jonsson, B., Nilsson, M., d'Orso, J., and Saksena, M. Regular model checking for LTL(MSO). In CAV (2004).

[5]

Ball, T., Bounimova, E., Cook, B., Levin, V., Lichtenberg, J., McGarvey, C., Ondrusek, B., Rajamani, S., and Ustuner, A. Thorough static analysis of device drivers. ACM SIGOPS Operating Systems Review 40, 4 (2006), 85.

Digital Library

[6]

Bouajjani, A., Legay, A., and Wolper, P. Handling liveness properties in (ω-) regular model checking. Electronic Notes in Theoretical Computer Science 138, 3 (2005), 101--115.

Digital Library

[7]

Bradley, A., Manna, Z., and Sipma, H. Termination of polynomial programs. In VMCAI (2005).

Digital Library

[8]

Bradley, A. R., Manna, Z., and Sipma, H. B. Linear ranking with reachability. In CAV (2005).

Digital Library

[9]

Burch, J., Clarke, E., McMillan, K., Dill, D., and Hwang, L. Symbolic model checking: 10 to the 20 states and beyond. Information and Computation 98, 2 (1992).

Digital Library

[10]

Clarke, E., Emerson, E., and Sistla, A. Automatic verification of finite-state concurrent systems using temporal logic specifications. TOPLAS 8, 2 (1986), 263.

Digital Library

[11]

Clarke, E., Grumberg, O., Jha, S., Lu, Y., and Veith, H. Counterexample-guided abstraction refinement for symbolic model checking. JACM 50, 5 (2003), 794.

Digital Library

[12]

Clarke, E., Grumberg, O., and Peled, D. Model checking. Springer, 1999.

Digital Library

[13]

Clarke, E., Jha, S., Lu, Y., and Veith, H. Tree-like counterexamples in model checking. In LICS (2002).

Digital Library

[14]

Clarke, E. M., Grumberg, O., and Hamaguchi, K. Another look at LTL model checking. Form. Methods Syst. Des. 10, 1 (1997), 47--71.

Digital Library

[15]

Cook, B., Gotsman, A., Podelski, A., Rybalchenko, A., and Vardi, M. Y. Proving that programs eventually do something good. In POPL (2007).

Digital Library

[16]

Cook, B., and Koskinen, E. Making prophecies with decision predicates. Tech. Rep. UCAM-CL-TR-789, University of Cambridge, Computer Laboratory, Jan. 2011.

Digital Library

[17]

Cook, B., Koskinen, E., and Vardi, M. Branching-time reasoning for programs. Tech. Rep. UCAM-CL-TR-788, University of Cambridge, Computer Laboratory, Jan. 2011.

[18]

Cook, B., Podelski, A., and Rybalchenko, A. Termination proofs for systems code. In PLDI (2006).

Digital Library

[19]

Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., and Rival, X. The ASTREE analyzer. In ESOP (2005).

Digital Library

[20]

Dutertre, B., and de Moura, L. M. A fast linear-arithmetic solver for dpll(t). In CAV (2006), T. Ball and R. B. Jones, Eds., vol. 4144 of LNCS, Springer, pp. 81--94.

Digital Library

[21]

Esparza, J., Kucera, A., and Schwoon, S. Model-checking LTL with regular valuations for pushdown systems. In TACS (2001).

Digital Library

[22]

Fang, Y., Piterman, N., Pnueli, A., and Zuck, L. Liveness with invisible ranking. International Journal on Software Tools for Technology Transfer (STTT) 8, 3 (2006), 261--279.

Digital Library

[23]

Farkas, J. Uber die theorie der einfachen ungleichungen. Journal fur die Reine und Angewandte Mathematik 124 (1902), 1--27.

[24]

Gastin, P., and Oddoux, D. Fast LTL to Büchi automata translation. In CAV (July 2001).

Digital Library

[25]

Havelund, K., and Pressburger, T. Model checking Java programs using Java pathfinder. International Journal on Software Tools for Technology Transfer (STTT) 2, 4 (2000), 366--381.

[26]

Henzinger, T. A., Jhala, R., Majumdar, R., Necula, G. C., Sutre, G., and Weimer, W. Temporal-safety proofs for systems code. In CAV (2002).

Digital Library

[27]

Hobor, A., Appel, A. W., and Nardelli, F. Z. Oracle semantics for concurrent separation logic. In ESOP (2008).

Digital Library

[28]

Holzmann, G. J. The model checker SPIN. IEEE Trans. Software Eng. 23, 5 (1997), 279--295.

Digital Library

[29]

Kwiatkowska, M., Norman, G., and Parker, D. PRISM: Probabilistic symbolic model checker. LNCS 2324 (2002), 200--204.

Digital Library

[30]

Magill, S., Berdine, J., Clarke, E., and Cook, B. Arithmetic strengthening for shape analysis. LNCS 4634 (2007), 419.

Digital Library

[31]

Maidl, M. The common fragment of CTL and LTL. In FOCS (2000).

Digital Library

[32]

Nain, S., and Vardi, M. Branching vs. linear time: Semantical perspective. In ATVA (2007).

Digital Library

[33]

Pnueli, A. The temporal logic of programs. In 18th Annual Symposium on Foundations of Computer Science (1977), IEEE, pp. 46--57.

Digital Library

[34]

Pnueli, A., and Zaks, A. PSL model checking and run-time verification via testers. In FM (2006), J. Misra, T. Nipkow, and E. Sekerinski, Eds., vol. 4085 of LNCS, Springer, pp. 573--586.

Digital Library

[35]

Podelski, A., and Rybalchenko, A. A Complete Method for the Synthesis of Linear Ranking Functions. LNCS (2003), 239--251.

[36]

Podelski, A., and Rybalchenko, A. Transition invariants. In LICS (2004), pp. 32--41.

Digital Library

[37]

Podelski, A., and Rybalchenko, A. ARMC: the logical choice for software model checking with abstraction refinement. In PADL (2007).

Digital Library

[38]

Qadeer, S., Sezgin, A., and Tasiran, S. Back and forth: Prophecy variables for static verification of concurrent programs. Tech. Rep. MSR-TR-2009-142, Microsoft, 2009.

[39]

Safra, S. On the complexity of omega-automata. In SFCS (1988).

Digital Library

[40]

Sankaranarayanan, S., Sipma, H., and Manna, Z. Constraint-based linear-relations analysis. In SAS (2004).

[41]

Schneider, K. Model checking on product structures. FMCAD (1998).

Digital Library

[42]

Schuppan, V., and Biere, A. Liveness checking as safety checking for infinite state spaces. In Workshop on Verification of Infinite-State Systems (INFINITY) (2005).

[43]

Vardhan, A., Sen, K., Viswanathan, M., and Agha, G. Using language inference to verify Omega-regular properties. In TACAS (2005).

Digital Library

[44]

Vardi, M. Branching time vs. linear time: Final showdown. In TACAS (2001).

Digital Library

[45]

Vardi, M. Y., and Wolper, P. An automata-theoretic approach to automatic program verification (preliminary report). In LICS (1986).

Cited By

Chatterjee KGoharshady AGoharshady EKarrabi MŽikelić Đ(2024)Sound and Complete Witnesses for Template-Based Verification of LTL Properties on Polynomial ProgramsFormal Methods10.1007/978-3-031-71162-6_31(600-619)Online publication date: 11-Sep-2024
https://doi.org/10.1007/978-3-031-71162-6_31
Fan KWang M(2023)DAG-Based Formal Modeling of Spark Applications with MSVLInformation10.3390/info1412065814:12(658)Online publication date: 12-Dec-2023
https://doi.org/10.3390/info14120658
Lamport LMerz S(2022)Prophecy Made SimpleACM Transactions on Programming Languages and Systems10.1145/349254544:2(1-27)Online publication date: 6-Apr-2022
https://dl.acm.org/doi/10.1145/3492545
Show More Cited By

Recommendations

Making prophecies with decision predicates
POPL '11

We describe a new algorithm for proving temporal properties expressed in LTL of infinite-state programs. Our approach takes advantage of the fact that LTL properties can often be proved more efficiently using techniques usually associated with the ...
Temporal property verification as a program analysis task

We describe a reduction from temporal property verification to a program analysis problem. First we present a proof system that, unlike the standard formulation, is more amenable to reasoning about infinite-state systems: disjunction is treated by ...
Conditional model checking: a technique to pass information between verifiers
FSE '12: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering

Software model checking, as an undecidable problem, has three possible outcomes: (1) the program satisfies the specification, (2) the program does not satisfy the specification, and (3) the model checker fails. The third outcome usually manifests itself ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

POPL '11: Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

January 2011

652 pages

ISBN:9781450304900

DOI:10.1145/1926385

General Chair:
Thomas Ball
Microsoft Research, USA
,
Program Chair:
Mooly Sagiv
Tel Aviv University, Israel

ACM SIGPLAN Notices Volume 46, Issue 1
POPL '11
January 2011
624 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/1925844
Issue’s Table of Contents

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

In-Cooperation

SIGACT: ACM Special Interest Group on Algorithms and Computation Theory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 January 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

POPL '11

Sponsor:

SIGPLAN

POPL '11: The 38th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages

January 26 - 28, 2011

Texas, Austin, USA

Acceptance Rates

Overall Acceptance Rate 860 of 4,328 submissions, 20%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

43
Total Citations
View Citations
374
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Chatterjee KGoharshady AGoharshady EKarrabi MŽikelić Đ(2024)Sound and Complete Witnesses for Template-Based Verification of LTL Properties on Polynomial ProgramsFormal Methods10.1007/978-3-031-71162-6_31(600-619)Online publication date: 11-Sep-2024
https://doi.org/10.1007/978-3-031-71162-6_31
Fan KWang M(2023)DAG-Based Formal Modeling of Spark Applications with MSVLInformation10.3390/info1412065814:12(658)Online publication date: 12-Dec-2023
https://doi.org/10.3390/info14120658
Lamport LMerz S(2022)Prophecy Made SimpleACM Transactions on Programming Languages and Systems10.1145/349254544:2(1-27)Online publication date: 6-Apr-2022
https://dl.acm.org/doi/10.1145/3492545
Beutner RFinkbeiner B(2022)Prophecy Variables for Hyperproperty Verification2022 IEEE 35th Computer Security Foundations Symposium (CSF)10.1109/CSF54842.2022.9919658(471-485)Online publication date: Aug-2022
https://doi.org/10.1109/CSF54842.2022.9919658
Padon OHoenicke JMcMillan KPodelski ASagiv MShoham S(2021)Temporal prophecy for proving temporal properties of infinite-state systemsFormal Methods in System Design10.1007/s10703-021-00377-1Online publication date: 23-Jul-2021
https://doi.org/10.1007/s10703-021-00377-1
Kobayashi NFedyukovich GGupta A(2020)Fold/Unfold Transformations for Fixpoint LogicTools and Algorithms for the Construction and Analysis of Systems10.1007/978-3-030-45237-7_12(195-214)Online publication date: 17-Apr-2020
https://doi.org/10.1007/978-3-030-45237-7_12
Jung RLepigre RParthasarathy GRapoport MTimany ADreyer DJacobs B(2019)The future is ours: prophecy variables in separation logicProceedings of the ACM on Programming Languages10.1145/33711134:POPL(1-32)Online publication date: 20-Dec-2019
https://dl.acm.org/doi/10.1145/3371113
Wang MTian CZhang NDuan Z(2019)Verifying Full Regular Temporal Properties of Programs via Dynamic Program ExecutionIEEE Transactions on Reliability10.1109/TR.2018.287633368:3(1101-1116)Online publication date: Sep-2019
https://doi.org/10.1109/TR.2018.2876333
Padon OHoenicke JMcMillan KPodelski ASagiv MShoham S(2018)Temporal Prophecy for Proving Temporal Properties of Infinite-State Systems2018 Formal Methods in Computer Aided Design (FMCAD)10.23919/FMCAD.2018.8603008(1-11)Online publication date: Oct-2018
https://doi.org/10.23919/FMCAD.2018.8603008
Bansal KKoskinen ETripp O(2018)Automatic Generation of Precise and Useful Commutativity ConditionsTools and Algorithms for the Construction and Analysis of Systems10.1007/978-3-319-89960-2_7(115-132)Online publication date: 12-Apr-2018
https://doi.org/10.1007/978-3-319-89960-2_7
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten