Sorcar: Property-Driven Algorithms for Learning Conjunctive Invariants

We present a new learning algorithm Sorcar to synthesize conjunctive inductive invariants for proving that a program satisfies its assertions. The salient property of this algorithm is that it is property-driven, and for a fixed finite set of n predicates, guarantees convergence in 2n rounds, taking only polynomial time in each round. We implement and evaluate the algorithm and show that its performance is favorable to the existing Houdini algorithm (which is not property-driven) for a class of benchmarks that prove data race freedom of GPU programs and another class that synthesizes invariants for proving separation logic properties for heap manipulating programs.

[1]  Alexander Aiken,et al.  A Data Driven Approach for Algebraic Loop Invariants , 2013, ESOP.

[2]  Adam Betts,et al.  GPUVerify: a verifier for GPU kernels , 2012, OOPSLA '12.

[3]  Mark A. Hillebrand,et al.  VCC: A Practical System for Verifying Concurrent C , 2009, TPHOLs.

[4]  Suresh Jagannathan,et al.  A data-driven CHC solver , 2018, PLDI.

[5]  Thomas W. Reps,et al.  PostHat and All That: Automating Abstract Interpretation , 2015, Electron. Notes Theor. Comput. Sci..

[6]  Christof Löding,et al.  Learning Universally Quantified Invariants of Linear Data Structures , 2013, CAV.

[7]  Sharad Malik,et al.  IC3 - Flipping the E in ICE , 2017, VMCAI.

[8]  Akash Lal,et al.  Powering the static driver verifier using corral , 2014, SIGSOFT FSE.

[9]  Christof Löding,et al.  Foundations for natural proofs and quantifier instantiation , 2017, Proc. ACM Program. Lang..

[10]  Xiaokang Qiu,et al.  Natural proofs for structure, data, and separation , 2013, PLDI.

[11]  Christof Löding,et al.  ICE: A Robust Framework for Learning Invariants , 2014, CAV.

[12]  Naoki Kobayashi,et al.  ICE-Based Refinement Type Discovery for Higher-Order Functional Programs , 2018, Journal of Automated Reasoning.

[13]  Pranav Garg,et al.  Invariant Synthesis for Incomplete Verification Engines , 2017, TACAS.

[14]  Alexander Aiken,et al.  Verification as Learning Geometric Concepts , 2013, SAS.

[15]  Thomas Wies,et al.  Learning Invariants using Decision Trees , 2015, ArXiv.

[16]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[17]  Rajeev Alur,et al.  Syntax-guided synthesis , 2013, 2013 Formal Methods in Computer-Aided Design.

[18]  K. Rustan M. Leino,et al.  Houdini, an Annotation Assistant for ESC/Java , 2001, FME.

[19]  Sumit Gulwani,et al.  Program analysis as constraint solving , 2008, PLDI '08.

[20]  Dan Roth,et al.  Learning invariants using decision trees and implication counterexamples , 2016, POPL.

[21]  N. Littlestone Learning Quickly When Irrelevant Attributes Abound: A New Linear-Threshold Algorithm , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[22]  Umesh V. Vazirani,et al.  An Introduction to Computational Learning Theory , 1994 .

[23]  Shuvendu K. Lahiri,et al.  A Solver for Reachability Modulo Theories , 2012, CAV.

[24]  Sanjit A. Seshia,et al.  Combinatorial sketching for finite programs , 2006, ASPLOS XII.

[25]  Todd Millstein,et al.  Automatic predicate abstraction of C programs , 2001, PLDI '01.

[26]  Alexander Aiken,et al.  Interpolants as Classifiers , 2012, CAV.

[27]  Rastislav Bodík,et al.  Sampling invariants from frequency distributions , 2017, 2017 Formal Methods in Computer Aided Design (FMCAD).

[28]  Vasek Chvátal,et al.  A Greedy Heuristic for the Set-Covering Problem , 1979, Math. Oper. Res..

[29]  P. Ezudheen,et al.  Horn-ICE learning for synthesizing invariants and contracts , 2018, Proc. ACM Program. Lang..

[30]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[31]  Aaron R. Bradley,et al.  SAT-Based Model Checking without Unrolling , 2011, VMCAI.

[32]  Aditya V. Thakur,et al.  The Yogi Project : Software Property Checking via Static Analysis and Testing , 2009 .

[33]  Isil Dillig,et al.  Inductive invariant generation via abductive inference , 2013, OOPSLA.

[34]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[35]  Xiaokang Qiu,et al.  Natural proofs for data structure manipulation in C using separation logic , 2014, PLDI.

[36]  Andrey Rybalchenko,et al.  Synthesizing software verifiers from proof rules , 2012, PLDI.

[37]  Henny B. Sipma,et al.  Linear Invariant Generation Using Non-linear Constraint Solving , 2003, CAV.

[38]  William G. Griswold,et al.  Quickly detecting relevant program invariants , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[39]  Alexander Aiken,et al.  From invariant checking to invariant inference using randomized search , 2014, Formal Methods Syst. Des..

[40]  Patrick Maxim Rondon,et al.  Liquid types , 2008, PLDI '08.

[41]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[42]  Ashutosh Gupta,et al.  InvGen: An Efficient Invariant Generator , 2009, CAV.

[43]  Armando Solar-Lezama,et al.  Program synthesis by sketching , 2008 .

[44]  Paul H. J. Kelly,et al.  Barrier invariants: a shared state abstraction for the analysis of data-dependent GPU kernels , 2013, OOPSLA.

[45]  S. Rajamani,et al.  A decade of software model checking with SLAM , 2011, Commun. ACM.