Optimal Proofs for Linear Temporal Logic on Lasso Words

  • David Basin
  • Bhargav Nagaraja BhattEmail author
  • Dmitriy TraytelEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11138)


Counterexamples produced by model checkers can be hard to grasp. Often it is not even evident why a trace violates a specification. We show how to provide easy-to-check evidence for the violation of a linear temporal logic (LTL) formula on a lasso word, based on a novel sound and complete proof system for LTL on lasso words. Valid proof trees in our proof system follow the syntactic structure of the formula and provide insight on why each Boolean or temporal operator is violated or satisfied. We introduce the notion of optimal proofs with respect to a user-specified preference order and identify sufficient conditions for efficiently computing optimal proofs. We design and evaluate an algorithm that performs this computation, demonstrating that it can produce optimal proofs for complex formulas in under a second.



We thank Srđan Kristić, Felix Klaedtke, and Joshua Schneider for discussions on using proof trees as explanations. Srđan Kristić, Karel Kubíček, and anonymous reviewers provided useful comments on early drafts of this paper. This work is supported by the Swiss National Science Foundation grant Big Data Monitoring (167162).


  1. 1.
    Explanator: Send in the Explanator–it explains satisfaction/violation of LTL formulas on lasso words (2018).
  2. 2.
    NuSMV: a new symbolic model checker (2018).
  3. 3.
    Ball, T., Naik, M., Rajamani, S.K.: From symptom to cause: Localizing errors in counterexample traces. In: Aiken, A., Morrisett, G. (eds.) POPL 2003, pp. 97–105. ACM (2003)Google Scholar
  4. 4.
    Beer, I., Ben-David, S., Chockler, H., Orni, A., Trefler, R.J.: Explaining counterexamples using causality. Form. Methods Syst. Des. 40(1), 20–40 (2012)CrossRefGoogle Scholar
  5. 5.
    Brünnler, K., Lange, M.: Cut-free sequent systems for temporal logic. J. Log. Algebr. Program. 76(2), 216–225 (2008)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Chechik, M., Gurfinkel, A.: A framework for counterexample generation and exploration. STTT 9(5–6), 429–445 (2007)CrossRefGoogle Scholar
  7. 7.
    Cheney, J., Chiticariu, L., Tan, W.C.: Provenance in databases: Why, how, and where. Found. Trends Databases 1(4), 379–474 (2009)CrossRefGoogle Scholar
  8. 8.
    Cini, C., Francalanza, A.: An LTL proof system for runtime verification. In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 581–595. Springer, Heidelberg (2015). Scholar
  9. 9.
    Daskalakis, C., Karp, R.M., Mossel, E., Riesenfeld, S., Verbin, E.: Sorting and selection in posets. SIAM J. Comput. 40(3), 597–622 (2011)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Filliâtre, J., Conchon, S.: Type-safe modular hash-consing. In: ACM Workshop on ML, pp. 12–19. ACM (2006)Google Scholar
  11. 11.
    Gastin, P., Moro, P.: Minimal counterexample generation for SPIN. In: Bošnački, D., Edelkamp, S. (eds.) SPIN 2007. LNCS, vol. 4595, pp. 24–38. Springer, Heidelberg (2007). Scholar
  12. 12.
    Groce, A., Chaki, S., Kroening, D., Strichman, O.: Error explanation with distance metrics. STTT 8(3), 229–247 (2006)CrossRefGoogle Scholar
  13. 13.
    Groce, A., Kroening, D.: Making the most of BMC counterexamples. Electr. Notes Theor. Comput. Sci. 119(2), 67–81 (2005)CrossRefGoogle Scholar
  14. 14.
    Groce, A., Visser, W.: What went wrong: explaining counterexamples. In: Ball, T., Rajamani, S.K. (eds.) SPIN 2003. LNCS, vol. 2648, pp. 121–136. Springer, Heidelberg (2003). Scholar
  15. 15.
    Kuhtz, L., Finkbeiner, B.: LTL path checking is efficiently parallelizable. In: Albers, S., Marchetti-Spaccamela, A., Matias, Y., Nikoletseas, S., Thomas, W. (eds.) ICALP 2009. LNCS, vol. 5556, pp. 235–246. Springer, Heidelberg (2009). Scholar
  16. 16.
    Kupferman, O.: Sanity checks in formal verification. In: Baier, C., Hermanns, H. (eds.) CONCUR 2006. LNCS, vol. 4137, pp. 37–51. Springer, Heidelberg (2006). Scholar
  17. 17.
    Lange, M., Stirling, C.: Model checking games for branching time logics. J. Log. Comput. 12(4), 623–639 (2002)MathSciNetCrossRefGoogle Scholar
  18. 18.
    Latvala, T., Biere, A., Heljanko, K., Junttila, T.: Simple is better: efficient bounded model checking for past LTL. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 380–395. Springer, Heidelberg (2005). Scholar
  19. 19.
    Manna, Z., Pnueli, A.: The Temporal Logic of Reactive and Concurrent Systems - Specification. Springer, New York (1992)CrossRefGoogle Scholar
  20. 20.
    Maretic, G.P., Dasthi, M.T., Basin, D.A.: Semantic vacuity. In: Grandi, F., Lange, M., Lomuscio, A. (eds.) TIME 2015, pp. 111–120. IEEE Computer Society (2015)Google Scholar
  21. 21.
    Markey, N., Schnoebelen, P.: Model checking a path. In: Amadio, R., Lugiez, D. (eds.) CONCUR 2003. LNCS, vol. 2761, pp. 251–265. Springer, Heidelberg (2003). Scholar
  22. 22.
    Namjoshi, K.S.: Certifying model checkers. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 2–13. Springer, Heidelberg (2001). Scholar
  23. 23.
    Peled, D., Pnueli, A., Zuck, L.: From falsification to verification. In: Hariharan, R., Vinay, V., Mukund, M. (eds.) FSTTCS 2001. LNCS, vol. 2245, pp. 292–304. Springer, Heidelberg (2001). Scholar
  24. 24.
    Peled, D., Zuck, L.: From model checking to a temporal proof. In: Dwyer, M. (ed.) SPIN 2001. LNCS, vol. 2057, pp. 1–14. Springer, Heidelberg (2001). Scholar
  25. 25.
    Schuppan, V., Biere, A.: Shortest counterexamples for symbolic model checking of LTL with past. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 493–509. Springer, Heidelberg (2005). Scholar
  26. 26.
    Sulzmann, M., Zechner, A.: Constructive finite trace analysis with linear temporal logic. In: Brucker, A.D., Julliand, J. (eds.) TAP 2012. LNCS, vol. 7305, pp. 132–148. Springer, Heidelberg (2012). Scholar
  27. 27.
    Wang, C., Yang, Z., Ivančić, F., Gupta, A.: Whodunit? causal analysis for counterexamples. In: Graf, S., Zhang, W. (eds.) ATVA 2006. LNCS, vol. 4218, pp. 82–95. Springer, Heidelberg (2006). Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Institute of Information SecurityDepartment of Computer Science, ETH ZürichZurichSwitzerland

Personalised recommendations