We formalize a notion of witnesses for satisfaction of linear temporal logic specifications by infinite state programs. We show how such witnesses may be constructed via predicate abstraction, and validated by generating verification conditions and proving them. We propose the use of SAT-based theorem provers and resolution proofs in proving these verification conditions. In addition to yielding extremely compact proofs, a SAT-based approach overcomes several limitations of conventional theorem provers when applied to the verification of programs written in real-life programming languages. We also formalize a notion of witnesses of simulation conformance between infinite state programs and finite state machine specifications. We present algorithms to construct simulation witnesses of minimal size by solving pseudo-Boolean constraints. We present experimental results on several non-trivial benchmarks which suggest that a SAT-based approach can yield extremely compact proofs, in some cases by a factor of over 105, when compared to existing non-SAT-based theorem provers.


Ranking Function Linear Temporal Logic Label Transition System Simulation Relation Strongly Connect Component 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Aloul, F., Ramani, A., Markov, I., Sakallah, K.: PBS: A backtrack search pseudo Boolean solver. In: Proc. of SAT (2002)Google Scholar
  2. 2.
    Appel, A.: Foundational proof-carrying code. In: Proc. of LICS (2001)Google Scholar
  3. 3.
    Balaban, I., Pnueli, A., Zuck, L.D.: Shape analysis by predicate abstraction. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 164–180. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Ball, T., Rajamani, S.: Automatically validating temporal safety properties of interfaces. In: Proc. of SPIN (2001)Google Scholar
  5. 5.
    Bernard, A., Lee, P.: Temporal logic for proof-carrying code. In: Voronkov, A. (ed.) CADE 2002. LNCS (LNAI), vol. 2392, p. 31. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Chaki, S.: SAT-based Software Certification. Technical report CMU/SEI-2006-TN-004, Carnegie Mellon Software Engineering Institute, Pittsburgh, USA (2006)Google Scholar
  7. 7.
    Chaki, S., Clarke, E., Groce, A., Jha, S., Veith, H.: Modular verification of software components in C. IEEE TSE 30(6), 388–402 (2004)Google Scholar
  8. 8.
    Chaki, S., Clarke, E., Jha, S., Veith, H.: An iterative framework for simulation conformance. Journal of Logic and Computation 15(4) (2005)Google Scholar
  9. 9.
    Chaki, S., Clarke, E.M., Ouaknine, J., Sharygina, N., Sinha, N.: State/Event-based software model checking. In: Boiten, E.A., Derrick, J., Smith, G.P. (eds.) IFM 2004. LNCS, vol. 2999, pp. 128–147. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Chaki, S., Ivers, J., Sharygina, N., Wallnau, K.: The comFoRT reasoning framework. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 164–169. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Clarke, E., Emerson, E.A.: Synthesis of synchronization skeletons for branching time temporal logic. In: Proceedings of WLP (1981)Google Scholar
  12. 12.
    Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement for symbolic model checking. J. ACM 50(5) (2003)Google Scholar
  13. 13.
    Clarke, E., Grumberg, O., Peled, D.: Model Checking. MIT Press, Cambridge (2000)Google Scholar
  14. 14.
    Clarke, E., Kröning, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168–176. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  15. 15.
    Cook, B., Kroening, D., Sharygina, N.: Symbolic model checking for asynchronous boolean programs. In: Proc. of SPIN (2005)Google Scholar
  16. 16.
    Cook, B., Podelski, A., Rybalchenko, A.: Abstraction refinement for termination. In: Proc. of SAS (2005)Google Scholar
  17. 17.
    Graf, S., Saïdi, H.: Construction of abstract state graphs with PVS. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  18. 18.
    Hamid, N., Shao, Z., Trifonov, V., Monnier, S., Ni, Z.: A syntactic approach to foundational proof-carrying code. In: Proc. of LICS (2002)Google Scholar
  19. 19.
    Henzinger, T.A., Jhala, R., Majumdar, R., Necula, G.C., Sutre, G., Weimer, W.: Temporal-safety proofs for systems code. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, p. 526. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  20. 20.
    Henzinger, T., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: POPL 2002 (2002)Google Scholar
  21. 21.
    Kroening, D.: Application specific higher order logic theorem proving. In: VERIFY 2002 (2002)Google Scholar
  22. 22.
    Kupferman, O., Y. Vardi, M.: From complementation to certification. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 591–606. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  23. 23.
    Magill, S., Nanevski, A., Clarke, E., Lee, P.: Simulation-based safety proofs by MAGIC (in preparation)Google Scholar
  24. 24.
    Michael, N., Appel, A.: Machine instruction syntax and semantics in higher order logic. In: McAllester, D. (ed.) CADE 2000. LNCS, vol. 1831, p. 519. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  25. 25.
    Moskewicz, M., Madigan, C., Zhao, Y., Zhang, L., Malik, S.: Chaff: Engineering an efficient SAT solver. In: Proc. of DAC (2001)Google Scholar
  26. 26.
    Namjoshi, K.S.: Certifying model checkers. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, p. 2. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  27. 27.
    Namjoshi, K.S.: Lifting temporal proofs through abstractions. In: Zuck, L.D., Attie, P.C., Cortesi, A., Mukhopadhyay, S. (eds.) VMCAI 2003. LNCS, vol. 2575, pp. 174–188. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  28. 28.
    Necula, G.: Proof-carrying code. In: POPL 1997 (1997)Google Scholar
  29. 29.
    Necula, G., Lee, P.: Efficient representation and validation of proofs. In: LICS 1998 (1998)Google Scholar
  30. 30.
    Necula, G., Lee, P.: Safe kernel extensions without run-time checking. In: OSDI 1996 (1996)Google Scholar
  31. 31.
    Necula, G., Lee, P.: Safe, untrusted agents using proof-carrying code. In: Proc. of Mobile Agents and Security (1998)Google Scholar
  32. 32.
    Necula, G., Rahul, S.P.: Oracle-based checking of untrusted software. In: POPL 2001 (2001)Google Scholar
  33. 33.
    Nelson, G.: Techniques for Program Verification. PhD thesis (1980)Google Scholar
  34. 34.
    Zhang, L., Malik, S.: Validating sat solvers using an independent resolutionbased checker: Practical implementations and other applications. In: DATE 2003 (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Sagar Chaki
    • 1
  1. 1.Carnegie Mellon Software Engineering InstituteUSA

Personalised recommendations