research-article

Reasoning about nondeterminism in programs

Authors:

Eric KoskinenAuthors Info & Claims

PLDI '13: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation

Pages 219 - 230

https://doi.org/10.1145/2491956.2491969

Published: 16 June 2013 Publication History

Abstract

Branching-time temporal logics (e.g. CTL, CTL*, modal mu-calculus) allow us to ask sophisticated questions about the nondeterminism that appears in systems. Applications of this type of reasoning include planning, games, security analysis, disproving, precondition synthesis, environment synthesis, etc. Unfortunately, existing automatic branching-time verification tools have limitations that have traditionally restricted their applicability (e.g. push-down systems only, universal path quantifiers only, etc).

In this paper we introduce an automation strategy that lifts many of these previous restrictions. Our method works reliably for properties with non-trivial mixtures of universal and existential modal operators. Furthermore, our approach is designed to support (possibly infinite-state) programs.

The basis of our approach is the observation that existential reasoning can be reduced to universal reasoning if the system's state-space is appropriately restricted. This restriction on the state-space must meet a constraint derived from recent work on proving non-termination. The observation leads to a new route for implementation based on existing tools. To demonstrate the practical viability of our approach, we report on the results applying our preliminary implementation to a set of benchmarks drawn from the Windows operating system, the PostgreSQL database server, SoftUpdates patching system, as well as other hand-crafted examples.

References

[1]

Bernholtz, O., Vardi, M. Y., and Wolper, P. An automata-theoretic approach to branching-time model checking (extended abstract). In CAV'94 (1994), D. L. Dill, Ed., vol. 818, Springer, pp. 142--155.

Digital Library

[2]

Beyer, D., Henzinger, T. A., Jhala, R., and Majumdar, R. The software model checker blast. STTT 9, 5--6 (2007), 505--525.

Digital Library

[3]

Bradley, A., Manna, Z., and Sipma, H. The polyranking principle. Automata, Languages and Programming (2005), 1349--1361.

Digital Library

[4]

Burch, J., Clarke, E., et al. Symbolic model checking: 10 20 states and beyond. Information and computation 98, 2 (1992), 142--170.

Digital Library

[5]

Chaki, S., Clarke, E. M., Grumberg, O., Ouaknine, J., Sharygina, N., Touili, T., and Veith, H. State/event software verification for branching-time specifications. In IFM'05 (2005), J. Romijn, G. Smith, and J. van de Pol, Eds., vol. 3771, pp. 53--69.

Digital Library

[6]

Clarke, E., Jha, S., Lu, Y., and Veith, H. Tree-like counterexamples in model checking. In LICS (2002), pp. 19--29.

Digital Library

[7]

Clarke, E. M., Emerson, E. A., and Sistla, A. P. Automatic verification of finite-state concurrent systems using temporal logic specifications. TOPLAS 8 (April 1986), 244--263.

Digital Library

[8]

Cook, B., Gotsman, A., Podelski, A., Rybalchenko, A., and Vardi, M. Y. Proving that programs eventually do something good. In POPL'07 (2007), pp. 265--276.

Digital Library

[9]

Cook, B., and Koskinen, E. Making prophecies with decision predicates. In POPL'11 (2011), T. Ball and M. Sagiv, Eds., ACM, pp. 399--410.

Digital Library

[10]

Cook, B., Koskinen, E., and Vardi, M. Temporal verification as a program analysis task {extended version}. FMSD (2012).

Digital Library

[11]

Cook, B., Koskinen, E., and Vardi, M. Y. Temporal property verification as a program analysis task. In CAV'11 (2011), G. Gopalakrishnan and S. Qadeer, Eds., vol. 6806, Springer, pp. 333--348.

Digital Library

[12]

Cook, B., Podelski, A., and Rybalchenko, A. Termination proofs for systems code. In PLDI'06 (2006), M. I. Schwartzbach and T. Ball, Eds., pp. 415--426.

Digital Library

[13]

Cousot, P., and Cousot, R. An abstract interpretation framework for termination. In POPL'12 (2012), ACM, pp. 245--258.

Digital Library

[14]

Dams, D., and Namjoshi, K. S. The existence of finite abstractions for branching time model checking. In LICS (2004), pp. 335--344.

Digital Library

[15]

de Alfaro, L., Godefroid, P., and Jagadeesan, R. Three-valued abstractions of games: Uncertainty, but with precision. In LICS (2004), pp. 170--179.

Digital Library

[16]

Emerson, E. A., and Halpern, J. Y. "sometimes" and "not never" revisited: on branching versus linear time temporal logic. J. ACM 33, 1 (1986), 151--178.

Digital Library

[17]

Emerson, E. A., and Namjoshi, K. S. Automatic verification of parameterized synchronous systems (extended abstract). In CAV'96 (1996), vol. 1102, pp. 87--98.

Digital Library

[18]

Giesl, J., Schneider-Kamp, P., and Thiemann, R. Aprove 1.2: Automatic termination proofs in the dependency pair framework. Automated Reasoning (2006), 281--286.

Digital Library

[19]

Godefroid, P., Nori, A. V., Rajamani, S. K., and Tetali, S. Compositional may-must program analysis: unleashing the power of alternation. In POPL'10 (2010), ACM, pp. 43--56.

Digital Library

[20]

Gulavani, B. S., Henzinger, T. A., Kannan, Y., Nori, A. V., and Rajamani, S. K. SYNERGY: a new algorithm for property checking. In FSE'06 (2006), ACM, pp. 117--127.

Digital Library

[21]

Gulwani, S., Jain, S., and Koskinen, E. Control-flow refinement and progress invariants for bound analysis. In PLDI'09 (2009), pp. 375--385.

Digital Library

[22]

Gupta, A., Henzinger, T. A., Majumdar, R., Rybalchenko, A., and Xu, R.-G. Proving non-termination. SIGPLAN Not. 43 (January 2008), 147--158.

Digital Library

[23]

Gurfinkel, A., Wei, O., and Chechik, M. Yasm: A software model-checker for verification and refutation. In CAV'06 (2006), vol. 4144, pp. 170--174.

Digital Library

[24]

Harris, W. R., Lal, A., Nori, A. V., and Rajamani, S. K. Alternation for termination. In SAS (2010).

Digital Library

[25]

Hayden, C. M., Magill, S., Hicks, M., Foster, N., and Foster, J. S. Specifying and verifying the correctness of dynamic software updates. In VSTTE'12 (2012), vol. 7152, pp. 278--293.

Digital Library

[26]

Iosif, R., Bozga, M., Bouajjani, A., Habermehl, P., Moro, P., and Vojnar, T. Programs with lists are counter automata. In CAV (2006).

Digital Library

[27]

Kesten, Y., and Pnueli, A. A compositional approach to ctl* verification. Theor. Comput. Sci. 331, 2-3 (2005), 397--428.

Digital Library

[28]

Kupferman, O., Vardi, M., and Wolper, P. An automata-theoretic approach to branching-time model checking. Journal of the ACM 47, 2 (2000), 312--360.

Digital Library

[29]

Magill, S., Tsai, M.-H., Lee, P., and Tsay, Y.-K. Automatic numeric abstractions for heap-manipulating programs. In POPL'10 (2010), ACM, pp. 211--222.

Digital Library

[30]

McMillan, K. L. Lazy abstraction with interpolants. In CAV'06 (2006), T. Ball and R. B. Jones, Eds., vol. 4144, pp. 123--136.

Digital Library

[31]

Nelson, G. A generalization of Dijkstra's calculus. TOPLAS 11, 4 (1989), 517--561.

Digital Library

[32]

Pistore, M., and Traverso, P. Planning as model checking for extended goals in non-deterministic domains. In IJCAI'01 (2001), Springer.

Digital Library

[33]

Pnueli, A., and Zaks, A. Psl model checking and run-time verification via testers. In FM (2006), pp. 573--586.

Digital Library

[34]

Podelski, A., and Rybalchenko, A. Transition invariants. In LICS (2004), pp. 32--41.

Digital Library

[35]

Solar-Lezama, A., Tancau, L., Bodík, R., Seshia, S. A., and Saraswat, V. A. Combinatorial sketching for finite programs. In PLDI (2006), ACM, pp. 404--415.

[36]

Song, F., and Touili, T. Pushdown model checking for malware detection. In TACAS (2012).

Digital Library

[37]

Stirling, C. Games and modal mu-calculus. In TACAS (1996), vol. 1055, pp. 298--312.

Digital Library

[38]

Vardhan, A., and Viswanathan, M. Learning to verify branching time properties. FMSD 31, 1 (2007), 35--61.

Digital Library

[39]

Walukiewicz, I. Pushdown processes: Games and model checking. In CAV (1996), vol. 1102, pp. 62--74.

Digital Library

[40]

Walukiewicz, I. Model checking ctl properties of pushdown systems. In FSTTCS (2000), S. Kapoor and S. Prasad, Eds., vol. 1974, pp. 127--138.

Digital Library

[41]

Yang, Z., Al-Rawi, B., Sakallah, K. A., Huang, X., Smolka, S. A., and Grosu, R. Dynamic path reduction for software model checking. In IFM (2009), vol. 5423, pp. 322--336.

Digital Library

Cited By

Kobayashi NTanahashi KSato RTsukada T(2023)HFL(Z) Validity Checking for Automated Program VerificationProceedings of the ACM on Programming Languages10.1145/35711997:POPL(154-184)Online publication date: 11-Jan-2023
https://dl.acm.org/doi/10.1145/3571199
Kobayashi N(2021)An Overview of the HFL Model Checking ProjectElectronic Proceedings in Theoretical Computer Science10.4204/EPTCS.344.1344(1-12)Online publication date: 13-Sep-2021
https://doi.org/10.4204/EPTCS.344.1
Zhu SKincaid ZFreund SYahav E(2021)Termination analysis without the tearsProceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3453483.3454110(1296-1311)Online publication date: 19-Jun-2021
https://dl.acm.org/doi/10.1145/3453483.3454110
Show More Cited By

Recommendations

Reasoning about nondeterminism in programs
PLDI '13

Branching-time temporal logics (e.g. CTL, CTL*, modal mu-calculus) allow us to ask sophisticated questions about the nondeterminism that appears in systems. Applications of this type of reasoning include planning, games, security analysis, disproving, ...
Temporal property verification as a program analysis task

We describe a reduction from temporal property verification to a program analysis problem. First we present a proof system that, unlike the standard formulation, is more amenable to reasoning about infinite-state systems: disjunction is treated by ...
Making prophecies with decision predicates
POPL '11: Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

We describe a new algorithm for proving temporal properties expressed in LTL of infinite-state programs. Our approach takes advantage of the fact that LTL properties can often be proved more efficiently using techniques usually associated with the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

PLDI '13: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation

June 2013

546 pages

ISBN:9781450320146

DOI:10.1145/2491956

General Chair:
Hans-J. Boehm
HP Labs
,
Program Chair:
Cormac Flanagan
University of California, Santa Cruz

ACM SIGPLAN Notices Volume 48, Issue 6
PLDI '13
June 2013
515 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/2499370
Issue’s Table of Contents

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 June 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

PLDI '13

Sponsor:

SIGPLAN

PLDI '13: ACM SIGPLAN Conference on Programming Language Design and Implementation

June 16 - 19, 2013

Washington, Seattle, USA

Acceptance Rates

PLDI '13 Paper Acceptance Rate 46 of 267 submissions, 17%;

Overall Acceptance Rate 406 of 2,067 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

47
Total Citations
View Citations
318
Total Downloads

Downloads (Last 12 months)16
Downloads (Last 6 weeks)1

Reflects downloads up to 25 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kobayashi NTanahashi KSato RTsukada T(2023)HFL(Z) Validity Checking for Automated Program VerificationProceedings of the ACM on Programming Languages10.1145/35711997:POPL(154-184)Online publication date: 11-Jan-2023
https://dl.acm.org/doi/10.1145/3571199
Kobayashi N(2021)An Overview of the HFL Model Checking ProjectElectronic Proceedings in Theoretical Computer Science10.4204/EPTCS.344.1344(1-12)Online publication date: 13-Sep-2021
https://doi.org/10.4204/EPTCS.344.1
Zhu SKincaid ZFreund SYahav E(2021)Termination analysis without the tearsProceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3453483.3454110(1296-1311)Online publication date: 19-Jun-2021
https://dl.acm.org/doi/10.1145/3453483.3454110
Mudduluru RWaataja JMilstein SErnst M(2021)Verifying Determinism in Sequential Programs2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE)10.1109/ICSE43902.2021.00017(37-49)Online publication date: May-2021
https://doi.org/10.1109/ICSE43902.2021.00017
Kobayashi NFedyukovich GGupta A(2020)Fold/Unfold Transformations for Fixpoint LogicTools and Algorithms for the Construction and Analysis of Systems10.1007/978-3-030-45237-7_12(195-214)Online publication date: 17-Apr-2020
https://doi.org/10.1007/978-3-030-45237-7_12
Watanabe KTsukada TOshikawa HKobayashi NHermenegildo MIgarashi A(2019)Reduction from branching-time property verification of higher-order programs to HFL validity checkingProceedings of the 2019 ACM SIGPLAN Workshop on Partial Evaluation and Program Manipulation10.1145/3294032.3294077(22-34)Online publication date: 14-Jan-2019
https://dl.acm.org/doi/10.1145/3294032.3294077
Tellez GBrotherston J(2019)Automatically Verifying Temporal Properties of Pointer Programs with Cyclic ProofJournal of Automated Reasoning10.1007/s10817-019-09532-064:3(555-578)Online publication date: 9-Aug-2019
https://doi.org/10.1007/s10817-019-09532-0
Urban CUeltschi SMüller P(2018)Abstract Interpretation of CTL PropertiesStatic Analysis10.1007/978-3-319-99725-4_24(402-422)Online publication date: 29-Aug-2018
https://doi.org/10.1007/978-3-319-99725-4_24
Farzan AKincaid Z(2017)Strategy synthesis for linear arithmetic gamesProceedings of the ACM on Programming Languages10.1145/31581492:POPL(1-30)Online publication date: 27-Dec-2017
https://dl.acm.org/doi/10.1145/3158149
Unno HSatake YTerauchi T(2017)Relatively complete refinement type system for verification of higher-order non-deterministic programsProceedings of the ACM on Programming Languages10.1145/31581002:POPL(1-29)Online publication date: 27-Dec-2017
https://dl.acm.org/doi/10.1145/3158100
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents