Implicit Rankings for Verifying Liveness Properties in First-Order Logic
Raz Lotan, Sharon Shoham
TL;DR
We address liveness verification in first-order logic by introducing implicit rankings that approximate the reduction of a ranking function without explicit definition. An implicit ranking is a pair ($\varphi_{\leq}$, $\varphi_{<}$) that under-approximates conservation and reduction of some ranking function $f$ mapping states to a well-founded partial order, enabling sound FO-based proofs via SMT solvers. The authors develop a rich, compositional toolkit of constructors (Binary, Position-in-Order, Pointwise, Lexicographic, Domain-Pointwise, Domain-Permuted-Pointwise, Domain-Lexicographic) to build complex implicit rankings and prove their soundness for finite domains. They implement these constructors in a Python tool that automatically generates the FO premises and leverages Z3 to verify liveness properties expressed as $ (\bigwedge_i \forall \vec{x} \square \lozenge r_i(\vec{x})) \to \square (p \to \lozenge q) $. Empirical evaluation on Dijkstra-style self-stabilizing protocols (including 3-state and 4-state variants) demonstrates practical, automated verification under finite-domain assumptions, highlighting the method’s scalability and potential to automate challenging liveness proofs in FO settings.
Abstract
Liveness properties are traditionally proven using a ranking function that maps system states to some well-founded set. Carrying out such proofs in first-order logic enables automation by SMT solvers. However, reasoning about many natural ranking functions is beyond reach of existing solvers. To address this, we introduce the notion of implicit rankings - first-order formulas that soundly approximate the reduction of some ranking function without defining it explicitly. We provide recursive constructors of implicit rankings that can be instantiated and composed to induce a rich family of implicit rankings. Our constructors use quantifiers to approximate reasoning about useful primitives such as cardinalities of sets and unbounded sums that are not directly expressible in first-order logic. We demonstrate the effectiveness of our implicit rankings by verifying liveness properties of several intricate examples, including Dijkstra's k-state, 4-state and 3-state self-stabilizing protocols.