OASIS: ILP-Guided Synthesis of Loop Invariants

Finding appropriate inductive loop invariants for a program is a key challenge in verifying its functional properties. Although the problem is undecidable in general, several heuristics have been proposed to handle practical programs that tend to have simple control-flow structures. However, these heuristics only work well when the space of invariants is small. On the other hand, machine-learned techniques that use continuous optimization have a high sample complexity, i.e., the number of invariant guesses and the associated counterexamples, since the invariant is required to exactly satisfy a specification. We propose a novel technique that is able to solve complex verification problems involving programs with larger number of variables and non-linear specifications. We formulate an invariant as a piecewise low-degree polynomial, and reduce the problem of synthesizing it to a set of integer linear programming (ILP) problems. This enables the use of state-of-the-art ILP techniques that combine enumerative search with continuous optimization; thus ensuring fast convergence for a large class of verification tasks while still ensuring low sample complexity. We instantiate our technique as the open-source oasis tool using an off-the-shelf ILP solver, and evaluate it on more than 300 benchmark tasks collected from the annual SyGuS competition and recent prior work. Our experiments show that oasis outperforms the state-of-the-art tools, including the winner of last year's SyGuS competition, and is able to solve 9 challenging tasks that existing tools fail on.

[1]  Todd D. Millstein,et al.  Data-driven precondition inference with learned features , 2016, PLDI.

[2]  Todd Millstein,et al.  Overfitting in Synthesis: Theory and Practice (Extended Version) , 2019, CAV.

[3]  Andrew Ruef,et al.  Counterexample-guided approach to finding numerical invariants , 2017, ESEC/SIGSOFT FSE.

[4]  Juan Chen,et al.  Secure distributed programming with value-dependent types , 2013, J. Funct. Program..

[5]  Robert W. Floyd,et al.  Assigning meaning to programs , 1967 .

[6]  C. A. R. HOARE,et al.  An axiomatic basis for computer programming , 1969, CACM.

[7]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[8]  Yanjun Wang,et al.  Reconciling enumerative and deductive program synthesis , 2020, PLDI.

[9]  Isil Dillig,et al.  Inductive invariant generation via abductive inference , 2013, OOPSLA.

[10]  Henny B. Sipma,et al.  Linear Invariant Generation Using Non-linear Constraint Solving , 2003, CAV.

[11]  Robert S. Boyer,et al.  Program Verification , 1985, J. Autom. Reason..

[12]  Edwin Brady,et al.  Idris, a general-purpose dependently typed programming language: Design and implementation , 2013, Journal of Functional Programming.

[13]  Alexander Aiken,et al.  From invariant checking to invariant inference using randomized search , 2014, Formal Methods Syst. Des..

[14]  Viktor Kuncak,et al.  Counterexample-Guided Quantifier Instantiation for Synthesis in SMT , 2015, CAV.

[15]  Suresh Jagannathan,et al.  A data-driven CHC solver , 2018, PLDI.

[16]  Le Song,et al.  Learning Loop Invariants for Program Verification , 2018, NeurIPS.

[17]  Ranjit Jhala,et al.  A Practical and Complete Approach to Predicate Refinement , 2006, TACAS.

[18]  Rajeev Alur,et al.  Results and Analysis of SyGuS-Comp'15 , 2015, SYNT.

[19]  Jean-Christophe Filliâtre,et al.  Why3 - Where Programs Meet Provers , 2013, ESOP.

[20]  Sumit Gulwani,et al.  Recursive Program Synthesis , 2013, CAV.

[21]  Dan Roth,et al.  Learning invariants using decision trees and implication counterexamples , 2016, POPL.

[22]  Alexander Aiken,et al.  Verification as Learning Geometric Concepts , 2013, SAS.

[23]  Rajeev Alur,et al.  SyGuS-Comp 2017: Results and Analysis , 2017, SYNT@CAV.

[24]  Patrick Cousot,et al.  The ASTREÉ Analyzer , 2005, ESOP.

[25]  Todd Millstein,et al.  Automatic predicate abstraction of C programs , 2001, PLDI '01.