Automatically learning shape specifications

This paper presents a novel automated procedure for discovering expressive shape specifications for sophisticated functional data structures. Our approach extracts potential shape predicates based on the definition of constructors of arbitrary user-defined inductive data types, and combines these predicates within an expressive first-order specification language using a lightweight data-driven learning procedure. Notably, this technique requires no programmer annotations, and is equipped with a type-based decision procedure to verify the correctness of discovered specifications. Experimental results indicate that our implementation is both efficient and effective, capable of automatically synthesizing sophisticated shape specifications over a range of complex data types, going well beyond the scope of existing solutions.

[1]  Ranjit Jhala,et al.  Type-based data structure verification , 2009, PLDI '09.

[2]  Christof Löding,et al.  Learning Universally Quantified Invariants of Linear Data Structures , 2013, CAV.

[3]  Bertrand Jeannet,et al.  A Relational Approach to Interprocedural Shape Analysis , 2004, SAS.

[4]  Armando Solar-Lezama,et al.  Program synthesis by sketching , 2008 .

[5]  Filip Maric,et al.  meSAT: multiple encodings of CSP to SAT , 2014, Constraints.

[6]  Suresh Jagannathan,et al.  Dependent Array Type Inference from Tests , 2015, VMCAI.

[7]  Viktor Kuncak,et al.  Satisfiability Modulo Recursive Programs , 2011, SAS.

[8]  Thomas W. Reps,et al.  Symbolic Implementation of the Best Transformer , 2004, VMCAI.

[9]  Ranjit Jhala,et al.  Refinement types for Haskell , 2014, ICFP.

[10]  Nikolaj Bjørner,et al.  Property-Directed Shape Analysis , 2014, CAV.

[11]  Viktor Kuncak,et al.  Decision procedures for algebraic data types with abstractions , 2010, POPL '10.

[12]  Shuvendu K. Lahiri,et al.  Back to the future: revisiting precise program verification using SMT solvers , 2008, POPL '08.

[13]  Thomas W. Reps,et al.  Abstraction Refinement via Inductive Learning , 2005, CAV.

[14]  Bor-Yuh Evan Chang,et al.  Relational inductive shape analysis , 2008, POPL '08.

[15]  Xiaokang Qiu,et al.  Recursive proofs for inductive tree data-structures , 2012, POPL '12.

[16]  Ankur Taly,et al.  Automated synthesis of symbolic instruction encodings from I/O samples , 2012, PLDI.

[17]  Shengchao Qin,et al.  Shape Analysis via Second-Order Bi-Abduction , 2014, CAV.

[18]  Frank Pfenning,et al.  Dependent types in practical programming , 1999, POPL '99.

[19]  Patrick Maxim Rondon,et al.  Liquid types , 2008, PLDI '08.

[20]  Mark A. Hillebrand,et al.  VCC: A Practical System for Verifying Concurrent C , 2009, TPHOLs.

[21]  Thomas W. Reps,et al.  Symbolically Computing Most-Precise Abstract Operations for Shape Analysis , 2004, TACAS.

[22]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[23]  Antoine Meyer,et al.  A logic of reachable patterns in linked data-structures , 2006, J. Log. Algebraic Methods Program..

[24]  Xiaokang Qiu,et al.  Natural proofs for structure, data, and separation , 2013, PLDI.

[25]  David Van Horn,et al.  Relatively complete counterexamples for higher-order programs , 2015, PLDI.

[26]  Christof Löding,et al.  ICE: A Robust Framework for Learning Invariants , 2014, CAV.

[27]  Shmuel Sagiv,et al.  TVLA: A System for Implementing Static Analyses , 2000, SAS.

[28]  Thomas W. Reps,et al.  PostHat and All That: Automating Abstract Interpretation , 2015, Electron. Notes Theor. Comput. Sci..

[29]  Koen Claessen,et al.  QuickCheck: a lightweight tool for random testing of Haskell programs , 2011, SIGP.

[30]  Shengchao Qin,et al.  Automated Verification of Shape and Size Properties Via Separation Logic , 2007, VMCAI.

[31]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[32]  Adam Chlipala,et al.  Mostly-automated verification of low-level programs in computational separation logic , 2011, PLDI '11.

[33]  Peter W. O'Hearn,et al.  Scalable Shape Analysis for Systems Code , 2008, CAV.

[34]  Alexander Aiken,et al.  Verification as Learning Geometric Concepts , 2013, SAS.

[35]  Samin Ishtiaq,et al.  SLAyer: Memory Safety for Systems-Level Code , 2011, CAV.

[36]  Nikolaj Bjørner,et al.  Property-Directed Inference of Universal Invariants or Proving Their Absence , 2015, CAV.

[37]  Neil Immerman,et al.  Modular reasoning about heap paths via effectively propositional formulas , 2014, POPL.

[38]  Neil Immerman,et al.  Effectively-Propositional Reasoning about Reachability in Linked Data Structures , 2013, CAV.

[39]  Viktor Kuncak,et al.  Full functional verification of linked data structures , 2008, PLDI '08.

[40]  Isil Dillig,et al.  Precise and compact modular procedure summaries for heap manipulating programs , 2011, PLDI '11.

[41]  Sumit Gulwani,et al.  Program verification using templates over predicate abstraction , 2009, PLDI '09.

[42]  Deepak Kapur,et al.  Using dynamic analysis to generate disjunctive invariants , 2014, ICSE.

[43]  Ruzica Piskac,et al.  GRASShopper - Complete Heap Verification with Mixed Specifications , 2014, TACAS.

[44]  Carsten Ihlemann,et al.  On Local Reasoning in Verification , 2008, TACAS.

[45]  Aws Albarghouthi,et al.  Beautiful Interpolants , 2013, CAV.

[46]  He Zhu Learning Refinement Types , 2018 .

[47]  Thomas Ball,et al.  Testing, abstraction, theorem proving: better together! , 2006, ISSTA '06.

[48]  Alexander Aiken,et al.  From invariant checking to invariant inference using randomized search , 2014, Formal Methods Syst. Des..

[49]  Mateu Villaret,et al.  Solving constraint satisfaction problems with SAT modulo theories , 2012, Constraints.

[50]  Ruzica Piskac,et al.  Automating Separation Logic with Trees and Data , 2014, CAV.

[51]  Rupak Majumdar,et al.  From Tests to Proofs , 2009, TACAS.

[52]  Peter W. O'Hearn,et al.  Compositional Shape Analysis by Means of Bi-Abduction , 2011, JACM.

[53]  E. McCluskey Minimization of Boolean functions , 1956 .

[54]  Stephen McCamant,et al.  The Daikon system for dynamic detection of likely invariants , 2007, Sci. Comput. Program..

[55]  Alexander Aiken,et al.  A Data Driven Approach for Algebraic Loop Invariants , 2013, ESOP.

[56]  Suresh Jagannathan,et al.  A relational framework for higher-order shape analysis , 2014, ICFP.

[57]  Frank Piessens,et al.  Software verification with VeriFast: Industrial case studies , 2014, Sci. Comput. Program..

[58]  Ranjit Jhala,et al.  Bounded refinement types , 2015, ICFP.

[59]  Rajeev Alur,et al.  Syntax-guided synthesis , 2013, 2013 Formal Methods in Computer-Aided Design.

[60]  K. Rustan M. Leino,et al.  Houdini, an Annotation Assistant for ESC/Java , 2001, FME.

[61]  Dan Roth,et al.  Learning invariants using decision trees and implication counterexamples , 2016, POPL.

[62]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[63]  Eran Yahav,et al.  Predicate Abstraction and Canonical Abstraction for Singly-Linked Lists , 2005, VMCAI.

[64]  Neil Immerman,et al.  Simulating Reachability Using First-Order Logic with Applications to Verification of Linked Data Structures , 2005, CADE.

[65]  Dimitar Dimitrov,et al.  Learning Commutativity Specifications , 2015, CAV.

[66]  Xiaokang Qiu,et al.  Natural proofs for data structure manipulation in C using separation logic , 2014, PLDI.

[67]  David I. August,et al.  Shape analysis with inductive recursion synthesis , 2007, PLDI '07.

[68]  Thomas A. Henzinger,et al.  Abstractions from proofs , 2004, SIGP.

[69]  Nikolaj Bjørner,et al.  Deciding Effectively Propositional Logic Using DPLL and Substitution Sets , 2008, IJCAR.

[70]  Alexander Aiken,et al.  Interpolants as Classifiers , 2012, CAV.