Property-directed incremental invariant generation

A fundamental method of analyzing a system such as a program or a circuit is invariance analysis, in which one proves that an assertion holds on all reachable states. Typically, the proof is performed via induction; however, an assertion, while invariant, may not be inductive (provable via induction). Invariant generation procedures construct auxiliary inductive assertions for strengthening the assertion to be inductive. We describe a general method of generating invariants that is incremental and property-directed. Rather than generating one large auxiliary inductive assertion, our method generates many simple assertions, each of which is inductive relative to those generated before it. Incremental generation is amenable to parallelization. Our method is also property-directed in that it generates inductive assertions that are relevant for strengthening the given assertion. We describe two instances of our method: a procedure for generating clausal invariants of finite-state systems and a procedure for generating affine inequalities of numerical infinite-state systems. We provide evidence that our method scales to checking safety properties of some large finite-state systems.

[1]  Andreas Zeller,et al.  Yesterday, my program worked. Today, it does not. Why? , 1999, ESEC/FSE-7.

[2]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[3]  Kenneth L. McMillan,et al.  Automatic Abstraction without Counterexamples , 2003, TACAS.

[4]  Ulrich Junker Conflict Detection for Arbitrary Constraint Propagation Algorithms , 2001 .

[5]  Stephen P. Boyd,et al.  Structured and Simultaneous Lyapunov Functions for System Stability Problems , 1989 .

[6]  Zohar Manna,et al.  A closer look at termination , 1975, Acta Informatica.

[7]  Harald Ruess,et al.  Bounded Model Checking and Induction: From Refutation to Verification (Extended Abstract, Category A) , 2003, CAV.

[8]  Daniel Kroening,et al.  Word level predicate abstraction and refinement for verifying RTL Verilog , 2005, Proceedings. 42nd Design Automation Conference, 2005..

[9]  Gilles Dowek,et al.  Principles of programming languages , 1981, Prentice Hall International Series in Computer Science.

[10]  Alexander Aiken,et al.  Introduction to Set Constraint-Based Program Analysis , 1999, Sci. Comput. Program..

[11]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[12]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching Time Temporal Logic , 2008, 25 Years of Model Checking.

[13]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[14]  Zohar Manna,et al.  Verification Constraint Problems with Strengthening , 2006, ICTAC.

[15]  Henny B. Sipma,et al.  Synthesis of Linear Ranking Functions , 2001, TACAS.

[16]  A. Papachristodoulou,et al.  On the construction of Lyapunov functions using the sum of squares decomposition , 2002, Proceedings of the 41st IEEE Conference on Decision and Control, 2002..

[17]  Kenneth L. McMillan,et al.  Applying SAT Methods in Unbounded Symbolic Model Checking , 2002, CAV.

[18]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[19]  Mary Sheeran,et al.  Checking Safety Properties Using Induction and a SAT-Solver , 2000, FMCAD.

[20]  Helmut Veith,et al.  Counterexample-guided abstraction refinement for symbolic model checking , 2003, JACM.

[21]  Michael Karr,et al.  Affine relationships among variables of a program , 1976, Acta Informatica.

[22]  George E. Collins,et al.  Quantifier elimination for real closed fields by cylindrical algebraic decomposition , 1975 .

[23]  Andreas Podelski,et al.  A Complete Method for the Synthesis of Linear Ranking Functions , 2004, VMCAI.

[24]  Zohar Manna,et al.  Temporal Verification of Reactive Systems , 1995, Springer New York.

[25]  Henny B. Sipma,et al.  Linear Ranking with Reachability , 2005, CAV.

[26]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 2002, TOPL.

[27]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[28]  Michael S. Hsiao,et al.  Fast illegal state identification for improving SAT-based induction , 2006, 2006 43rd ACM/IEEE Design Automation Conference.

[29]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[30]  Patrick Cousot,et al.  Proving Program Invariance and Termination by Parametric Abstraction, Lagrangian Relaxation and Semidefinite Programming , 2005, VMCAI.

[31]  A. Tarski A Decision Method for Elementary Algebra and Geometry , 2023 .

[32]  D. Avis A Revised Implementation of the Reverse Search Vertex Enumeration Algorithm , 2000 .

[33]  Henny B. Sipma,et al.  Constraint-Based Linear-Relations Analysis , 2004, SAS.

[34]  Zohar Manna,et al.  The calculus of computation - decision procedures with applications to verification , 2007 .

[35]  Zohar Manna,et al.  Checking Safety by Inductive Generalization of Counterexamples to Induction , 2007, Formal Methods in Computer Aided Design (FMCAD'07).

[36]  Antoine Miné,et al.  The octagon abstract domain , 2001, High. Order Symb. Comput..

[37]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[38]  Moshe Y. Vardi,et al.  SAT-based Induction for Temporal Safety Properties , 2005, BMC@CAV.

[39]  Henny B. Sipma,et al.  Linear Invariant Generation Using Non-linear Constraint Solving , 2003, CAV.

[40]  David Avis,et al.  Computational experience with the reverse search vertex enumeration algorithm , 1998 .

[41]  Zohar Manna,et al.  Temporal verification of reactive systems - safety , 1995 .

[42]  Fabio Somenzi,et al.  Prime clauses for fast enumeration of satisfying assignments to Boolean circuits , 2005, Proceedings. 42nd Design Automation Conference, 2005..

[43]  A. Tarski A LATTICE-THEORETICAL FIXPOINT THEOREM AND ITS APPLICATIONS , 1955 .

[44]  Ali Jadbabaie,et al.  Safety Verification of Hybrid Systems Using Barrier Certificates , 2004, HSCC.

[45]  Henny B. Sipma,et al.  Petri Net Analysis Using Invariant Generation , 2003, Verification: Theory and Practice.

[46]  Henny B. Sipma,et al.  Scalable Analysis of Linear Systems Using Mathematical Programming , 2005, VMCAI.

[47]  Henny B. Sipma,et al.  Practical Methods for Proving Program Termination , 2002, CAV.

[48]  Alexander Aiken,et al.  Solving systems of set constraints , 1992, [1992] Proceedings of the Seventh Annual IEEE Symposium on Logic in Computer Science.

[49]  Alexander Schrijver,et al.  Theory of linear and integer programming , 1986, Wiley-Interscience series in discrete mathematics and optimization.

[50]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[51]  Fabio Somenzi,et al.  Automatic invariant strengthening to prove properties in bounded model checking , 2006, 2006 43rd ACM/IEEE Design Automation Conference.

[52]  Robert W. Floyd,et al.  Assigning Meanings to Programs , 1993 .

[53]  Cadence Berkeley Labs Applications of Craig Interpolants in Model Checking , 2005 .

[54]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[55]  Sharad Malik,et al.  Chaff: engineering an efficient SAT solver , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).