Abstract
Model Checking is an algorithmic technique to determine whether a temporal property holds of a program. For linear time properties, a model checker produces a counterexample computation if the check fails. This computation acts as a “certificate” of failure, as it can be checked easily and independently of the model checker by simulating it on the program. On the other hand, no such certificate is produced if the check succeeds. In this paper, we show how this asymmetry can be eliminated with a certifying model checker. The key idea is that, with some extra bookkeeping, a model checker can produce a deductive proof on either success or failure. This proof acts as a certificate of the result, as it can be checked mechanically by simple, non-fixpoint methods that are independent of the model checker. We develop a deductive proof system for verifying branching time properties expressed in the mu-calculus, and show how to generate a proof in this system from a model checking run. Proofs for linear time properties form a special case. A model checker that generates proofs can be used for many interesting applications, such as better ways of exploring errors in a program, and a tight integration of model checking with automated theorem proving.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
APR+01._T. Arons, A. Pnueli, S. Ruah, J. Xu, and L. Zuck. Parameterized verification with automatically computed inductive assertions. In CAV, 2001.
BBC+00._N. Bjorner, A. Browne, M. Colón, B. Finkbeiner, Z. Manna, H. Sipma, and T. Uribe. Verifying temporal properties of reactive systems: A STeP tutorial. Formal Methods in System Design, 2000.
J. Bradfield and C. Stirling. Local model checking for infinite state spaces. TCS, 96, 1992.
E.M. Clarke and E. A. Emerson. Design and synthesis of synchronization skeletons using branching time temporal logic. In Workshop on Logics of Programs, volume 131 of LNCS, 1981.
K.M. Chandy and Jayadev Misra. Parallel Program Design: A Foundation. Addison-Wesley, 1988.
S.A. Cook. Soundness and completeness of an axiom system for program verification. SIAM J. Comput, 1978.
E.A. Emerson and C.S. Jutla. Tree automata, mu-calculus and determinacy (extended abstract). In FOCS, 1991.
E. Allen Emerson, C.S. Jutla, and A.P. Sistla. On model-checking for fragments of µ-calculus. In CAV, 1993.
E.A. and C-L. Lei. Efficient model checking in fragments of the propositional mu-calculus (extended abstract). In LICS, 1986.
E.A. Emerson. Temporal and modal logic. In J. van Leeuwen, editor, Handbook of Theoretical Computer Science: Volume B, Formal Models and Semantics. North-Holland Pub. Co./MIT Press, 1990.
L. Fix and O. Grumberg. Verification of temporal properties. Journal of Logic and Computation, 1996.
R. Floyd. Assigning meaning to programs. In Mathematical Aspects of Computer Science XIX. American Mathemetical Society, 1967.
R.H. Hardin, Z. Har'el, and R.P. Kurshan. COSPAN. In CAV, volume 1102 of LNCS, 1996.
C.A.R. Hoare. An axiomatic basis for computer programming. Communications of the ACM, 1969.
J.J. Joyce and C-J.H. Seger. The HOL-Voss system: Model-checking inside a general-purpose theorem-prover. In HUG, volume 780 of LNCS, 1993.
D. Janin and I. Walukiewicz. Automata for the modal mu-calulus and related results. In MFCS, 1995.
R.M. Keller. Formal verification of parallel programs. CACM, 1976.
A. Kick. Generation of witnesses for global mu-calculus model checking. available at http://liinwww.ira.uka.de/~kick
D. Kozen. Results on the propositional mu-calculus. In ICALP, 1982.
K.L. McMillan. Verification of infinite state systems by compositional model checking. In CHARME, 1999.
P. Manolios, K.S. Namjoshi, and R. Summers. Linking theorem proving and model-checking with well-founded bisimulation. In CAV, 1999.
Z. Manna and A. Pnueli. How to cook a temporal proof system for your pet language. In POPL, 1983.
Z. Manna and A. Pnueli. Specification and verification of concurrent programs by 8-automata. In POPL, 1987.
G.C. Necula and P. Lee. Safe kernel extensions without run-time checking. In OSDI, 1996.
G.C. Necula and P. Lee. The design and implementation of a certifying compiler. In PLDI, 1998.
A. Pnueli, S. Ruah, and L. Zuck. Automatic deductive verification with invisible invariants. In TACAS, volume 2031 of LNCS, 2001.
D. Peled and L. Zuck. From model checking to a temporal proof. In The 8th International SPIN Workshop on Model Checking of Software, volume 2057 of LNCS, 2001.
J-P. Queille and J. Sifakis. Specification and verification of concurrent systems in CESAR. In Proc. of the 5th International Symposium on Programming, volume 137 of LNCS, 1982.
S. Rajan, N. Shankar, and M.K. Srivas. An integration of model checking with automated proof checking. In CAV, volume 939 of LNCS, 1995.
R.S. Streett and E.A. Emerson. The propositional mu-calculus is elementary. In ICALP, 1984. Full version in Information and Computation 81(3): 249–264, 1989.
C. Sprenger. A verified model checker for the modal µ-calculus in Coq. In TACAS, volume 1384 of LNCS, 1998.
P. Stevens and C. Stirling. Practical model-checking using games. In TACAS, 1998.
C. Stirling and D. Walker. Local model checking in the modal mu-calculus. In TAPSOFT, 1989. Full version in TCS vol.89, 1991.
S. Yu and Z. Luo. Implementing a model checker for LEGO. In FME, volume 1313 of LNCS, 1997.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Namjoshi, K.S. (2001). Certifying Model Checkers. In: Berry, G., Comon, H., Finkel, A. (eds) Computer Aided Verification. CAV 2001. Lecture Notes in Computer Science, vol 2102. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44585-4_2
Download citation
DOI: https://doi.org/10.1007/3-540-44585-4_2
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42345-4
Online ISBN: 978-3-540-44585-2
eBook Packages: Springer Book Archive