Property-Directed Inference of Universal Invariants or Proving Their Absence

Karbyshev, Aleksandr; Bjørner, Nikolaj; Itzhaky, Shachar; Rinetzky, Noam; Shoham, Sharon

doi:10.1007/978-3-319-21690-4_40

Cited by 33 publications

(31 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Invariant synthesis is the central problem in automated program verification and, over the years, several techniques have been proposed for synthesizing invariants, including abstract interpretation [Cousot and Cousot 1977], interpolation [Jhala and McMillan 2006;McMillan 2003], IC3 and PDR [Bradley 2011;Karbyshev et al 2015], predicate abstraction [Ball et al 2001], abductive inference [Dillig et al 2013], as well as synthesis algorithms that rely on constraint solving [Colón et al Horn-ICE Learning for Synthesizing Invariants and Contracts 131:21 Gulwani et al 2008;Gupta and Rybalchenko 2009]. Subsequent to Grebenshchikov et al [2012], there has been a lot of work towards Horn-clause solving [Beyene et al 2013;Bjùrner et al 2013], using a combination of these techniques.…”

Section: Related Workmentioning

confidence: 99%

Horn-ICE learning for synthesizing invariants and contracts

Ezudheen¹,

Neider

D’Souza³

et al. 2018

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

We design learning algorithms for synthesizing invariants using Horn implication counterexamples (Horn-ICE), extending the ICE learning model. In particular, we describe a decision tree learning algorithm that learns from non-linear Horn-ICE samples, works in polynomial time, and uses statistical heuristics to learn small trees that satisfy the samples. Since most verification proofs can be modeled using non-linear Horn clauses, Horn-ICE learning is a more robust technique to learn inductive annotations that prove programs correct. Our experiments show that an implementation of our algorithm is able to learn adequate inductive invariants and contracts efficiently for a variety of sequential and concurrent programs.

show abstract

Section: Related Workmentioning

confidence: 99%

Horn-ICE learning for synthesizing invariants and contracts

Ezudheen¹,

Neider

D’Souza³

et al. 2018

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

“…IC3 [10] takes advantage of this by directing the search towards an invariant that is sufficient to prove the postcondition. It was originally developed as a hardware model-checking technique, but proved useful for software as well [17,38]. STNG focuses on a certain family of postconditions, namely those that admit a semantically equivalent implementation in Halide, which naturally implies a corresponding family of adequate invariants.…”

Section: Related Workmentioning

confidence: 99%

Verified lifting of stencil computations

et al. 2016

View full text Add to dashboard Cite

This paper demonstrates a novel combination of program synthesis and verification to lift stencil computations from low-level Fortran code to a high-level summary expressed using a predicate language. The technique is sound and mostly automated, and leverages counterexample guided inductive synthesis (CEGIS) to find provably correct translations. Lifting existing code to a high-performance description language has a number of benefits, including maintainability and performance portability. Our experiments show that the lifted summaries allow domain specific compilers to do a better job of parallelization as compared to an off-the-shelf compiler working on the original code, and can even support fully automatic migration to hardware accelerators such as GPUs. We have implemented verified lifting in a system called STNG and have evaluated it using microbenchmarks, mini-apps, and real-world applications. We demonstrate the benefits of verified lifting by first automatically summarizing Fortran source code into a high-level predicate language, and subsequently translating the lifted summaries into Halide, with the translated code achieving median performance speedups of 4.1× and up to 24× as compared to the original implementation.

show abstract

“…Investigating the decidability of this problem is important to better understand the foundation of existing methods for invariant inference (e.g. abstract interpretation [13], PDR [9,26]): whenever the problem is undecidable, no tool will be Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored.…”

Section: Introductionmentioning

confidence: 99%

Decidability of inferring inductive invariants

et al. 2016

View full text Add to dashboard Cite

Induction is a successful approach for verification of hardware and software systems. A common practice is to model a system using logical formulas, and then use a decision procedure to verify that some logical formula is an inductive safety invariant for the system. A key ingredient in this approach is coming up with the inductive invariant, which is known as invariant inference. This is a major difficulty, and it is often left for humans or addressed by sound but incomplete abstract interpretation. This paper is motivated by the problem of inductive invariants in shape analysis and in distributed protocols. This paper approaches the general problem of inferring firstorder inductive invariants by restricting the language L of candidate invariants. Notice that the problem of invariant inference in a restricted language L differs from the safety problem, since a system may be safe and still not have any inductive invariant in L that proves safety. Clearly, if L is finite (and if testing an inductive invariant is decidable), then inferring invariants in L is decidable. This paper presents some interesting cases when inferring inductive invariants in L is decidable even when L is an infinite language of universal formulas. Decidability is obtained by restricting L and defining a suitable well-quasi-order on the state space. We also present some undecidability results that show that our restrictions are necessary. We further present a framework for systematically constructing infinite languages while keeping the invariant inference problem decidable. We illustrate our approach by showing the decidability of inferring invariants for programs manipulating linked-lists, and for distributed protocols.

show abstract

Property-Directed Inference of Universal Invariants or Proving Their Absence

Cited by 33 publications

References 40 publications

Horn-ICE learning for synthesizing invariants and contracts

Horn-ICE learning for synthesizing invariants and contracts

Verified lifting of stencil computations

Decidability of inferring inductive invariants

Contact Info

Product

Resources

About