In the context of formal verification, certifying proofs are evidences of the correctness of a model in a deduction system produced automatically as outcome of the verification. They are quite appealing for high-assurance systems because they can be verified independently by proof checkers, which are usually simpler to certify than the proof-generating tools. Model checking is one of the most prominent approaches to formal verification of temporal properties and is based on an algorithmic search of the system state space. Although modern algorithms integrate deductive methods, the generation of proofs is typically restricted to invariant properties only. Moreover, it assumes that the verification produces an inductive invariant of the original system, while model checkers usually involve a variety of complex pre-processing simplifications. In this paper we show how, exploiting the k-liveness algorithm, to extend proof generation capabilities for invariant checking to cover full linear-time temporal logic (LTL) properties, in a simple and efficient manner, with essentially no overhead for the model checker. Besides the basic k-liveness algorithm, we integrate in the proof generation a variety of widely used pre-processing techniques such as temporal decomposition, model simplification via computation of equivalences with ternary simulation, and the use of stabilizing constraints. These techniques are essential in many cases to prove that a property holds, both for invariant and for LTL model checking, and thus need to be considered within the proof. We implemented the proof generation techniques on top of IC3 engines, and show the feasibility of the approach on a variety of benchmarks taken from the literature and from the Hardware Model Checking Competition. Our results confirm that proof generation results in negligible overhead for the model checker.

在形式验证的上下文中，证明证明是作为验证结果自动生成的推论系统中模型正确性的证据。它们对高保证系统非常有吸引力，因为它们可以由证明检查器独立验证，证明检查器通常比证明生成工具更容易验证。模型检查是对时间属性进行形式验证的最突出的方法之一，它基于系统状态空间的算法搜索。尽管现代算法集成了演绎方法，但证明的生成通常仅限于不变属性。此外，它假设验证产生原始系统的归纳不变量，而模型检查器通常涉及各种复杂的预处理简化。在本文中，我们展示了如何利用 k-liveness 算法，以简单有效的方式扩展不变检查的证明生成能力，以涵盖完整的线性时间时间逻辑 (LTL) 属性，而模型检查器基本上没有开销. 除了基本的 k-liveness 算法之外，我们还在证明生成中集成了各种广泛使用的预处理技术，例如时间分解、通过三元模拟的等价计算来简化模型以及使用稳定约束。在许多情况下，这些技术对于证明属性成立是必不可少的，无论是对于不变性还是 LTL 模型检查，因此需要在证明中加以考虑。我们在 IC3 引擎之上实施了证明生成技术，并展示该方法在取自文献和硬件模型检查竞赛的各种基准上的可行性。我们的结果证实，证明生成导致模型检查器的开销可以忽略不计。