Decidability of inferring inductive invariants

Padon, Oded; Immerman, Neil; Shoham, Sharon; Karbyshev, Aleksandr; Sagiv, Mooly

doi:10.1145/2837614.2837640

Cited by 23 publications

(25 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Only for rare cases, so far, decidability could be shown. In [21], Sagiv et al show that inferring universal inductive invariants is decidable when the transition relation is expressed by formulas with unary predicates and a single binary predicate restricted by the background theory of singly-linked-lists. The same problem becomes undecidable when the binary symbol is not restricted by a background theory.…”

Section: Introductionmentioning

confidence: 99%

Stratified Guarded First-Order Transition Systems

Müller

Seidl

2020

Static Analysis

View full text Add to dashboard Cite

First-order transition systems are a convenient formalism to specify parametric systems such as multi-agent workflows or distributed algorithms. In general, any nontrivial question about such systems is undecidable. Here, we present three subclasses of first-order transition systems where every universal invariant can effectively be decided via fixpoint iteration. These subclasses are defined in terms of syntactical restrictions: negation, stratification and guardedness. While guardedness represents a particular pattern how input predicates control existential quantifiers, stratification limits the information flow between predicates. Guardedness implies that the weakest precondition for every universal invariant is again universal, while the remaining sufficient criteria enforce that either the number of first-order variables, or the number of required instances of input predicates remains bounded, or the number of occurring negated literals decreases in every iteration. We argue for each of these three cases that termination of the fixpoint iteration can be guaranteed.

show abstract

Section: Introductionmentioning

confidence: 99%

Stratified Guarded First-Order Transition Systems

Müller

Seidl

2020

Static Analysis

View full text Add to dashboard Cite

show abstract

“…Our results can be seen as extensions of the results in [4] and [2], since we consider more complex theories. Although there are similarities to the method in [9], our approach is different: The theories we analyze do not typically have the finite model…”

Section: Resultsmentioning

confidence: 99%

“…Finding suitable inductive invariants is nontrivial -the problem is undecidable in general; solutions have been proposed for specific cases e.g. in [4,1,3,8,9]. In this extended abstract we continue our work on automated verification and synthesis in parametric systems [6,11,12].…”

Section: Introductionmentioning

confidence: 92%

“…Assume that T 0 allows quantifier elimination. For every finite set of ground Π C -clauses G, and every finite set T of terms over the signature Π 0 ∪Σ∪Σ P ∪C with est(G) ⊆ T , steps 1-5 of Algorithm 1 yield a universally quantified Π 0 ∪ Σ P -formula ∀xΓ T (x) with the property -which is required in [8,9], and we do not use diagrams associated to finite models for strengthening the invariants. While our method is not guaranteed to terminate in general, we identified situations in which termination is guaranteed.…”

Section: Theorem 2 ([13]mentioning

confidence: 99%

“…We present an incremental method which starts with a given property and successively strengthens it to obtain an inductive invariant. The theories of data types and of updates in the systems we analyze are complex (typically extensions or combinations of theories) and not required to have the finite model propertywhich is required for instance in [8,9]. While we rely on methods similar up to a certain extent with the ones used in IC3 [2], we here exploit efficient methods for symbol elimination in theory extensions established in [13] which allow to devise a correct algorithm for finding invariants in a certain language.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

On Inductive Verification and Synthesis

Peuter¹,

Sofronie-Stokkermans²

Kalpa Publications in Computing

View full text Add to dashboard Cite

We study possibilities of using symbol elimination in program verification and synthesis. We consider programs for which a property is given, which is supposed to hold for all states reachable from the initial states. If it can not be proven that such a formula is an inductive invariant, the task is to find conditions to strengthen the property in order to make it an inductive invariant. We propose a method for property-directed invariant generation and analyze its properties.

show abstract

Inferring Inductive Invariants from Phase Structures

Feldman

Wilcox

Shoham

et al. 2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Infinite-state systems such as distributed protocols are challenging to verify using interactive theorem provers or automatic verification tools. Of these techniques, deductive verification is highly expressive but requires the user to annotate the system with inductive invariants. To relieve the user from this laborintensive and challenging task, invariant inference aims to find inductive invariants automatically. Unfortunately, when applied to infinite-state systems such as distributed protocols, existing inference techniques often diverge, which limits their applicability. This paper proposes user-guided invariant inference based on phase invariants, which capture the different logical phases of the protocol. Users conveys their intuition by specifying a phase structure, an automaton with edges labeled by program transitions; the tool automatically infers assertions that hold in the automaton's states, resulting in a full safety proof. The additional structure from phases guides the inference procedure towards finding an invariant. Our results show that user guidance by phase structures facilitates successful inference beyond the state of the art. We find that phase structures are pleasantly well matched to the intuitive reasoning routinely used by domain experts to understand why distributed protocols are correct, so that providing a phase structure reuses this existing intuition. 1 type key 2 type value 3 type node 4 type sequnum 5 6 relation owner: node, key 7 relation table: node, key, value 8 relation transfer_msg: node, node, 9 key, value, seqnum 10 relation ack_msg: node, node, seqnum 11 relation seqnum_sent: node, seqnum 12 relation unacked: node, node, 13 key, value, seqnum 14 relation seqnum_recvd: node, node, seqnum 15 16 init ∀n1, n2, k. owner(n1,k)∧owner(n2,k) 17 → n1 = n2 18 init // all other relations are empty 19 20 action reshard(n_old:node, n_new:node, 21 k:key, value:sequnum) 22 require table(n_old, k, v)23 ∧¬seqnum_sent(n_old, s) 24 seqnum_sent(n_old, s) := true 25 table(n_old, k, v) := false 26 owner(n_old, k) := false 27 transfer_msg(n_old, n_new, k, v, s) := true 28 unacked(n_old, n_new, k, v, s) := true 29 30 action drop_transfer_msg(src:node, dst:node, 31 k:key, v:value, s:seqnum) 32 require transfer_msg(src, dst, k, v, s) 33 transfer_msg(src, dst, k, v, s) := false 34 35 action retransmit(src:node, dst:node, 36 k:key, v:value, s:seqnum) 37 require unacked(src, dst, k, v, s) 38 transfer_msg(src, dst, k, v, s) := true 39 action recv_transfer_msg(src:node, n:node, 40 k:key, v:value, s:seqnum) 41 require transfer_msg(src, n, k, v, s) 42 ∧¬seqnum_recvd(n, src, s) 43 seqnum_recvd(n, src, s) := true 44 table(n, k, v) := true 45 owner(n, k) := true 46 47 action send_ack(src:node, n:node, 48

show abstract

Decidability of inferring inductive invariants

Cited by 23 publications

References 28 publications

Stratified Guarded First-Order Transition Systems

Stratified Guarded First-Order Transition Systems

On Inductive Verification and Synthesis

Inferring Inductive Invariants from Phase Structures

Contact Info

Product

Resources

About