This paper addresses the consistency verification problem for event-driven program execution traces—i.e., determining whether a given event trace conforms to the program’s semantics. As this problem is NP-complete, we propose the first axiomatic semantic model for event-driven programs and formally prove its equivalence to the operational semantics. Leveraging trace and execution graph modeling, we reduce consistency checking to a satisfiability (SAT) problem, enabling precise analysis of message ordering even under multi-processor concurrency. We further identify, for the first time, a tractable fragment—namely, traces without nested message delivery—that admits a polynomial-time decision procedure. We design and implement a prototype verification tool, and evaluate it on multiple benchmark suites, demonstrating both the effectiveness and practicality of our approach.

Event-driven programming is a popular paradigm where the flow of execution is controlled by two features: (1) shared memory and (2) sending and receiving of messages between multiple handler threads (just called handler). Each handler has a mailbox (modelled as a queue) for receiving messages, with the constraint that the handler processes its messages sequentially. Executions of messages by different handlers may be interleaved. A central problem in this setting is checking whether a candidate execution is consistent with the semantics of event-driven programs. In this paper, we propose an axiomatic semantics for eventdriven programs based on the standard notion of traces (also known as execution graphs). We prove the equivalence of axiomatic and operational semantics. This allows us to rephrase the consistency problem axiomatically, resulting in the event-driven consistency problem: checking whether a given trace is consistent. We analyze the computational complexity of this problem and show that it is NP-complete, even when the number of handler threads is bounded. We then identify a tractable fragment: in the absence of nested posting, where handlers do not post new messages while processing a message, consistency checking can be performed in polynomial time. Finally, we implement our approach in a prototype tool and report on experimental results on a wide range of benchmarks.