Existing temporal verification frameworks for realistic programs—featuring side effects, nondeterminism, and non-termination—typically rely on trace- or automaton-based models that abstract away program structure, thereby forfeiting the modularity and compositional reasoning benefits of Hoare logic; moreover, they depend on low-level (co)inductive techniques, incurring high verification overhead. Method: We propose Ticl, a structured temporal logic that internalizes complex temporal reasoning as program-level reasoning guided by variants, invariants, and structural lemmas. Ticl extends a Hoare-style logic with temporal operators and integrates Coq’s guardedness mechanisms and induction principles to formally model and verify programs involving scheduling, shared memory, and distributed consensus. Contribution/Results: We fully mechanize proofs of safety and liveness properties in Coq, achieving significantly reduced code-to-proof-size ratios. Ticl delivers strong modularity and compositional reasoning capabilities while enabling scalable, semantics-aware temporal verification.

Mechanized verification of liveness properties for realistic programs, with effects, nondeterminism, and nontermination is challenging. Existing temporal reasoning frameworks operate on the level of models (traces, automata) not programs, creating a verification gap and losing the benefits of modularity and composition enjoyed by structural program logics (i.e: Hoare Logic). Reasoning about infinite traces and automata can be fairly low-level, requiring complex (co-)inductive proof techniques and familiarity with proof assistant mechanics (e.g., guardedness checker). We propose a modular approach to the verification of general temporal properties with a new temporal logic that we call Ticl. Using Ticl, we internalize complex (co-)inductive proof techniques to structural lemmas and reasoning about variants and invariants. We show that it is possible to perform modular proofs of general temporal properties in a proof assistant, while working in a high-level of abstraction. We demonstrate the benefits of Ticl by giving mechanized proofs of safety and liveness properties for programs with scheduling, shared memory and distributed consensus, exhibiting a low program-to-proof ratio.