Invariant Synthesis for Incomplete Verification Engines

We propose a framework for synthesizing inductive invariants for incomplete verification engines, which soundly reduce logical problems in undecidable theories to decidable theories. Our framework is based on the counter-example guided inductive synthesis principle (CEGIS) and allows verification engines to communicate non-provability information to guide invariant synthesis. We show precisely how the verification engine can compute such non-provability information and how to build effective learning algorithms when invariants are expressed as Boolean combinations of a fixed set of predicates. Moreover, we evaluate our framework in two verification settings, one in which verification engines need to handle quantified formulas and one in which verification engines have to reason about heap properties expressed in an expressive but undecidable separation logic. Our experiments show that our invariant synthesis framework based on non-provability information can both effectively synthesize inductive invariants and adequately strengthen contracts across a large suite of programs.

[1]  Lauretta O. Osho,et al.  Axiomatic Basis for Computer Programming , 2013 .

[2]  Nikolaj Bjørner,et al.  Property-Directed Shape Analysis , 2014, CAV.

[3]  Nikolaj Bjørner,et al.  Property-Directed Inference of Universal Invariants or Proving Their Absence , 2015, CAV.

[4]  Zvonimir Pavlinovic,et al.  Inferring annotations for device drivers from verification histories , 2016, 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE).

[5]  Xiaokang Qiu,et al.  Natural proofs for data structure manipulation in C using separation logic , 2014, PLDI.

[6]  Alexander Aiken,et al.  Interpolants as Classifiers , 2012, CAV.

[7]  Rui Wang,et al.  Securing Multiparty Online Services Via Certification of Symbolic Transactions , 2015, 2015 IEEE Symposium on Security and Privacy.

[8]  Robert K. Brayton,et al.  Efficient implementation of property directed reachability , 2011, 2011 Formal Methods in Computer-Aided Design (FMCAD).

[9]  Shuvendu K. Lahiri,et al.  A Solver for Reachability Modulo Theories , 2012, CAV.

[10]  Neil Immerman,et al.  Effectively-Propositional Reasoning about Reachability in Linked Data Structures , 2013, CAV.

[11]  Christof Löding,et al.  Abstract Learning Frameworks for Synthesis , 2015, TACAS.

[12]  Henny B. Sipma,et al.  Linear Invariant Generation Using Non-linear Constraint Solving , 2003, CAV.

[13]  Srinath T. V. Setty,et al.  IronFleet: proving practical distributed systems correct , 2015, SOSP.

[14]  Aws Albarghouthi,et al.  Spatial Interpolants , 2015, ESOP.

[15]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[16]  William G. Griswold,et al.  Quickly detecting relevant program invariants , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[17]  Alexander Aiken,et al.  From invariant checking to invariant inference using randomized search , 2014, Formal Methods Syst. Des..

[18]  Aaron R. Bradley,et al.  SAT-Based Model Checking without Unrolling , 2011, VMCAI.

[19]  Samuel T. King,et al.  Verifying security invariants in ExpressOS , 2013, ASPLOS '13.

[20]  Wolfgang J. Paul,et al.  Theory of Multi Core Hypervisor Verification , 2013, SOFSEM.

[21]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[22]  Adam Betts,et al.  GPUVerify: a verifier for GPU kernels , 2012, OOPSLA '12.

[23]  Todd Millstein,et al.  Automatic predicate abstraction of C programs , 2001, PLDI '01.

[24]  Xiaokang Qiu,et al.  Natural proofs for structure, data, and separation , 2013, PLDI.

[25]  Umesh V. Vazirani,et al.  An Introduction to Computational Learning Theory , 1994 .

[26]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[27]  Danfeng Zhang,et al.  Ironclad Apps: End-to-End Security via Automated Full-System Verification , 2014, OSDI.

[28]  Ashutosh Gupta,et al.  InvGen: An Efficient Invariant Generator , 2009, CAV.

[29]  Leonardo Mendonça de Moura,et al.  Complete Instantiation for Quantified Formulas in Satisfiabiliby Modulo Theories , 2009, CAV.

[30]  Todd D. Millstein,et al.  Data-driven precondition inference with learned features , 2016, PLDI.

[31]  Thomas Wies,et al.  Learning Invariants using Decision Trees , 2015, ArXiv.

[32]  K. Rustan M. Leino,et al.  Houdini, an Annotation Assistant for ESC/Java , 2001, FME.

[33]  Sumit Gulwani,et al.  Program analysis as constraint solving , 2008, PLDI '08.

[34]  Dan Roth,et al.  Learning invariants using decision trees and implication counterexamples , 2016, POPL.

[35]  Alexander Aiken,et al.  A Data Driven Approach for Algebraic Loop Invariants , 2013, ESOP.

[36]  Joxan Jaffar,et al.  Automatic induction proofs of data-structures in imperative programs , 2015, PLDI.

[37]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[38]  Dirk Beyer,et al.  CPAchecker: A Tool for Configurable Software Verification , 2009, CAV.

[39]  Christof Löding,et al.  Foundations for natural proofs and quantifier instantiation , 2017, Proc. ACM Program. Lang..

[40]  Ruzica Piskac,et al.  Automating Separation Logic Using SMT , 2013, CAV.

[41]  Christof Löding,et al.  ICE: A Robust Framework for Learning Invariants , 2014, CAV.

[42]  Christof Löding,et al.  Learning Universally Quantified Invariants of Linear Data Structures , 2013, CAV.

[43]  Isil Dillig,et al.  Inductive invariant generation via abductive inference , 2013, OOPSLA.

[44]  Mark A. Hillebrand,et al.  VCC: A Practical System for Verifying Concurrent C , 2009, TPHOLs.

[45]  Robert W. Floyd,et al.  Assigning Meanings to Programs , 1993 .

[46]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[47]  Shengchao Qin,et al.  Shape Analysis via Second-Order Bi-Abduction , 2014, CAV.

[48]  John R. Gilbert,et al.  Parallel sparse matrix-vector and matrix-transpose-vector multiplication using compressed sparse blocks , 2009, SPAA '09.

[49]  Tom Ridge,et al.  The 1st Verified Software Competition: Experience Report , 2011, FM.

[50]  Nikolaj Bjørner,et al.  Property-Directed Inference of Universal Invariants or Proving Their Absence , 2015, CAV.

[51]  Chris Hawblitzel,et al.  Safe to the last instruction: automated verification of a type-safe operating system , 2011, CACM.

[52]  David Detlefs,et al.  Simplify: a theorem prover for program checking , 2005, JACM.

[53]  Suresh Jagannathan,et al.  Learning refinement types , 2015, ICFP.

[54]  ChinWei-Ngan,et al.  Automated verification of shape, size and bag properties via user-defined predicates in separation logic , 2012 .

[55]  Nikolaj Bjørner,et al.  Efficient E-Matching for SMT Solvers , 2007, CADE.

[56]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[57]  Peter W. O'Hearn,et al.  Compositional Shape Analysis by Means of Bi-Abduction , 2011, JACM.

[58]  Alexander Aiken,et al.  Verification as Learning Geometric Concepts , 2013, SAS.