ICE: A Robust Framework for Learning Invariants

We introduce ICE, a robust learning paradigm for synthesizing invariants, that learns using examples, counter-examples, and implications, and show that it admits honest teachers and strongly convergent mechanisms for invariant synthesis. We observe that existing algorithms for black-box abstract interpretation can be interpreted as ICE-learning algorithms. We develop new strongly convergent ICE-learning algorithms for two domains, one for learning Boolean combinations of numerical invariants for scalar variables and one for quantified invariants for arrays and dynamic lists. We implement these ICE-learning algorithms in a verification tool and show they are robust, practical, and efficient.

[1]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[2]  Sanjit A. Seshia,et al.  Combinatorial sketching for finite programs , 2006, ASPLOS XII.

[3]  Ranjit Jhala,et al.  Array Abstractions from Proofs , 2007, CAV.

[4]  Kenneth L. McMillan,et al.  Quantified Invariant Generation Using an Interpolating Saturation Prover , 2008, TACAS.

[5]  Alexander Aiken,et al.  Interpolants as Classifiers , 2012, CAV.

[6]  Thomas A. Henzinger,et al.  SYNERGY: a new algorithm for property checking , 2006, SIGSOFT '06/FSE-14.

[7]  Christof Löding,et al.  Learning Universally Quantified Invariants of Linear Data Structures , 2013, CAV.

[8]  Dana Angluin,et al.  Learning Regular Sets from Queries and Counterexamples , 1987, Inf. Comput..

[9]  Antoine Mid The Octagon Abstract Domain , 2001 .

[10]  Cormac Flanagan,et al.  Predicate abstraction for software verification , 2002, POPL '02.

[11]  Alexander Aiken,et al.  A Data Driven Approach for Algebraic Loop Invariants , 2013, ESOP.

[12]  Jorge A. Navas,et al.  Abstract Interpretation over Non-lattice Abstract Domains , 2013, SAS.

[13]  C. A. R. HOARE,et al.  An axiomatic basis for computer programming , 1969, CACM.

[14]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[15]  George C. Necula,et al.  Guided GUI testing of android apps with minimal restart and approximate learning , 2013, OOPSLA.

[16]  Aws Albarghouthi,et al.  Beautiful Interpolants , 2013, CAV.

[17]  Andreas Podelski,et al.  Abstraction Refinement for Quantified Array Assertions , 2009, SAS.

[18]  Gilberto Filé,et al.  The Powerset Operator on Abstract Interpretations , 1999, Theor. Comput. Sci..

[19]  Ranjit Jhala,et al.  A Practical and Complete Approach to Predicate Refinement , 2006, TACAS.

[20]  C. A. J. van Eijk,et al.  Sequential equivalence checking without state space traversal , 1998, DATE.

[21]  Rajeev Alur,et al.  Syntax-guided synthesis , 2013, 2013 Formal Methods in Computer-Aided Design.

[22]  Mark A. Hillebrand,et al.  VCC: A Practical System for Verifying Concurrent C , 2009, TPHOLs.

[23]  K. Rustan M. Leino,et al.  Houdini, an Annotation Assistant for ESC/Java , 2001, FME.

[24]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[25]  Sumit Gulwani,et al.  Program analysis as constraint solving , 2008, PLDI '08.

[26]  Bernhard Beckert,et al.  Formal Verification of Object-Oriented Software - International Conference, FoVeOOS 2010, Paris, France, June 28-30, 2010, Revised Selected Papers , 2011, FoVeOOS.

[27]  Robert W. Floyd,et al.  Assigning meaning to programs , 1967 .

[28]  G. M. Clemence,et al.  Blow up of smooth solutions to the barotropic compressible magnetohydrodynamic equations with finite mass and energy , 2008, 0811.4359.

[29]  José Nuno Oliveira,et al.  FME 2001: Formal Methods for Increasing Software Productivity , 2001, Lecture Notes in Computer Science.

[30]  Shuvendu K. Lahiri,et al.  Predicate abstraction with indexed predicates , 2004, TOCL.

[31]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[32]  Patrick Cousot,et al.  A parametric segmentation functor for fully automatic and scalable array content analysis , 2011, POPL '11.

[33]  Soonho Kong,et al.  Automatically Inferring Quantified Loop Invariants by Algorithmic Learning from Simple Templates , 2010, APLAS.

[34]  Rupak Majumdar,et al.  From Tests to Proofs , 2009, TACAS.

[35]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[36]  Manuel Fähndrich,et al.  Static Contract Checking with Abstract Interpretation , 2010, FoVeOOS.

[37]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[38]  Thomas W. Reps,et al.  Symbolic Implementation of the Best Transformer , 2004, VMCAI.

[39]  Ashutosh Gupta,et al.  InvGen: An Efficient Invariant Generator , 2009, CAV.

[40]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[41]  Dana Angluin Negative results for equivalence queries , 1990, Mach. Learn..

[42]  Roberto Bruttomesso,et al.  SAFARI: SMT-Based Abstraction for Arrays with Interpolants , 2012, CAV.

[43]  Corina S. Pasareanu,et al.  Learning Assumptions for Compositional Verification , 2003, TACAS.

[44]  Kim G. Larsen,et al.  Memory Efficient Data Structures for Explicit Verification of Timed Systems , 2014, NASA Formal Methods.

[45]  P. Hill,et al.  Widening operators for powerset domains , 2006 .

[46]  Dirk Beyer,et al.  CPAchecker: A Tool for Configurable Software Verification , 2009, CAV.

[47]  J. Schwartz Mathematical Aspects of Computer Science , 1967 .

[48]  Xiaokang Qiu,et al.  Decidable logics combining heap structures and data , 2011, POPL '11.

[49]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[50]  Constantin Enea,et al.  On inter-procedural analysis of programs with lists and data , 2011, PLDI '11.

[51]  Sriram Sankaranarayanan,et al.  Static Analysis in Disjunctive Numerical Domains , 2006, SAS.

[52]  Aaron R. Bradley,et al.  SAT-Based Model Checking without Unrolling , 2011, VMCAI.

[53]  Henny B. Sipma,et al.  What's Decidable About Arrays? , 2006, VMCAI.

[54]  C.A.J. van Eijk Sequential equivalence checking without state space traversal , 1998, Proceedings Design, Automation and Test in Europe.

[55]  Thomas G. Dietterich What is machine learning? , 2020, Archives of Disease in Childhood.

[56]  Marcello M. Bonsangue,et al.  Formal Methods for Components and Objects - 8th International Symposium, FMCO 2009, Eindhoven, The Netherlands, November 4-6, 2009. Revised Selected Papers , 2010, FMCO.

[57]  Thomas Reps,et al.  PostHat and All That : Attaining Most-Precise Inductive Invariants ⋆ , 2013 .

[58]  J. Oncina,et al.  INFERRING REGULAR LANGUAGES IN POLYNOMIAL UPDATED TIME , 1992 .

[59]  Rajeev Alur,et al.  Symbolic Compositional Verification by Learning Assumptions , 2005, CAV.

[60]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[61]  Alexander Aiken,et al.  Verification as Learning Geometric Concepts , 2013, SAS.

[62]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[63]  Henny B. Sipma,et al.  Linear Invariant Generation Using Non-linear Constraint Solving , 2003, CAV.

[64]  David Aspinall,et al.  Formalising Java's Data Race Free Guarantee , 2007, TPHOLs.

[65]  William G. Griswold,et al.  Quickly detecting relevant program invariants , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[66]  Thomas Ball,et al.  Testing, abstraction, theorem proving: better together! , 2006, ISSTA '06.

[67]  Cesare Tinelli,et al.  Incremental Invariant Generation Using Logic-Based Automatic Abstract Transformers , 2013, NASA Formal Methods.

[68]  Antoine Miné,et al.  The octagon abstract domain , 2001, High. Order Symb. Comput..

[69]  Pavol Cerný,et al.  Synthesis of interface specifications for Java classes , 2005, POPL '05.

[70]  Benedikt Bollig,et al.  libalf: The Automata Learning Framework , 2010, CAV.

[71]  Rance Cleaveland,et al.  Automatic Requirement Extraction from Test Cases , 2010, RV.

[72]  Sumit Gulwani,et al.  Lifting abstract interpreters to quantified logical domains , 2008, POPL '08.

[73]  Umesh V. Vazirani,et al.  An Introduction to Computational Learning Theory , 1994 .

[74]  Kenneth L. McMillan,et al.  Lazy Abstraction with Interpolants , 2006, CAV.