Program verification as probabilistic inference

In this paper, we propose a new algorithm for proving the validity or invalidity of a pre/postcondition pair for a program. The algorithm is motivated by the success of the algorithms for probabilistic inference developed in the machine learning community for reasoning in graphical models. The validity or invalidity proof consists of providing an invariant at each program point that can be locally verified. The algorithm works by iteratively randomly selecting a program point and updating the current abstract state representation to make it more locally consistent (with respect to the abstractions at the neighboring points). We show that this simple algorithm has some interesting aspects: (a) It brings together the complementary powers of forward and backward analyses; (b) The algorithm has the ability to recover itself from excessive under-approximation or over-approximation that it may make. (Because the algorithm does not distinguish between the forward and backward information, the information could get both under-approximated and over-approximated at any step.) (c) The randomness in the algorithm ensures that the correct choice of updates is eventually made as there is no single deterministic strategy that would provably work for any interesting class of programs. In our experiments we use this algorithm to produce the proof of correctness of a small (but non-trivial) example. In addition, we empirically illustrate several important properties of the algorithm.

[1]  Ranjit Jhala,et al.  A Practical and Complete Approach to Predicate Refinement , 2006, TACAS.

[2]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[3]  David L. Dill,et al.  Verification of Real-Time Systems by Successive Over and Under Approximation , 1995, CAV.

[4]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[5]  Sumit Gulwani,et al.  Discovering affine equalities using random interpretation , 2003, POPL '03.

[6]  Brendan J. Frey,et al.  A comparison of algorithms for inference and learning in probabilistic graphical models , 2005, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[7]  X. Jin Factor graphs and the Sum-Product Algorithm , 2002 .

[8]  Nebojsa Jojic,et al.  Probabilistic inference of programs from input/output examples , 2006 .

[9]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[10]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[11]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[12]  Alex Groce,et al.  Modular verification of software components in C , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[13]  William Craig,et al.  Three uses of the Herbrand-Gentzen theorem in relating model theory and proof theory , 1957, Journal of Symbolic Logic.

[14]  Patrick Cousot,et al.  Abstract Interpretation and Application to Logic Programs , 1992, J. Log. Program..

[15]  Patrick Cousot,et al.  Refining Model Checking by Abstract Interpretation , 2004, Automated Software Engineering.

[16]  Sumit Gulwani,et al.  Global value numbering using random interpretation , 2004, POPL '04.

[17]  Sumit Gulwani,et al.  Precise interprocedural analysis using random interpretation , 2005, POPL '05.

[18]  K. Rustan M. Leino,et al.  Loop Invariants on Demand , 2005, APLAS.

[19]  Sriram K. Rajamani,et al.  Counterexample Driven Refinement for Abstract Interpretation , 2006, TACAS.