Structural Temporal Logic for Mechanized Program Verification

Mechanized verification of liveness properties for infinite programs with effects and nondeterminism is challenging. Existing temporal reasoning frameworks operate at the level of models such as traces and automata. Reasoning happens at a very low-level, requiring complex nested (co-)inductive proof...

Full description

Saved in:
Bibliographic Details
Published in:Proceedings of ACM on programming languages Vol. 9; no. OOPSLA2; pp. 1148 - 1175
Main Authors: Ioannidis, Eleftherios, Zakowski, Yannick, Zdancewic, Steve, Angel, Sebastian
Format: Journal Article
Language:English
Published: New York, NY, USA ACM 09.10.2025
Subjects:
Computer Science
Program specifications
Program verification
Programming Languages
Theory of computation
Systems Verification
Formal Verification
Program Verification
Temporal Logic
Semantics
Proof Assistant
CCS Concepts: Theory of computation → Program verification
Program specifications Formal Verification
Theory of computation → Program verification
CCS Concepts
Systems
ISSN:2475-1421, 2475-1421
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Mechanized verification of liveness properties for infinite programs with effects and nondeterminism is challenging. Existing temporal reasoning frameworks operate at the level of models such as traces and automata. Reasoning happens at a very low-level, requiring complex nested (co-)inductive proof techniques and familiarity with proof assistant mechanics (e.g., the guardedness checker). Further, reasoning at the level of models instead of program constructs creates a verification gap that loses the benefits of modularity and composition enjoyed by structural program logics such as Hoare Logic. To address this verification gap, and the lack of compositional proof techniques for temporal specifications, we propose Ticl, a new structural temporal logic. Using Ticl, we encode complex (co-)inductive proof techniques as structural lemmas and focus our reasoning on variants and invariants. We show that it is possible to perform compositional proofs of general temporal properties in a proof assistant, while working at a high level of abstraction. We demonstrate the benefits of Ticl by giving mechanized proofs of safety and liveness properties for programs with scheduling, concurrent shared memory, and distributed consensus, demonstrating a low proof-to-code ratio.
ISSN:2475-1421
2475-1421
DOI:10.1145/3763091