skip to main content
article

Maximal specification synthesis

Published:11 January 2016Publication History
Skip Abstract Section

Abstract

Many problems in program analysis, verification, and synthesis require inferring specifications of unknown procedures. Motivated by a broad range of applications, we formulate the problem of maximal specification inference: Given a postcondition Phi and a program P calling a set of unknown procedures F_1,…,F_n, what are the most permissive specifications of procedures F_i that ensure correctness of P? In other words, we are looking for the smallest number of assumptions we need to make about the behaviours of F_i in order to prove that $P$ satisfies its postcondition. To solve this problem, we present a novel approach that utilizes a counterexample-guided inductive synthesis loop and reduces the maximal specification inference problem to multi-abduction. We formulate the novel notion of multi-abduction as a generalization of classical logical abduction and present an algorithm for solving multi-abduction problems. On the practical side, we evaluate our specification inference technique on a range of benchmarks and demonstrate its ability to synthesize specifications of kernel routines invoked by device drivers.

References

  1. Infer. http://fbinfer.com/.Google ScholarGoogle Scholar
  2. The LLVM compiler infrastructure. http://llvm.org.Google ScholarGoogle Scholar
  3. Windows driver kit (WDK). https://msdn.microsoft.com/en-us/ library/windows/hardware/ff557573(v=vs.85).aspx.Google ScholarGoogle Scholar
  4. A. Albarghouthi, A. Gurfinkel, and M. Chechik. Craig interpretation. In SAS, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. A. Albarghouthi, A. Gurfinkel, and M. Chechik. From Underapproximations to Over-approximations and Back. In TACAS, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. A. Albarghouthi, Y. Li, A. Gurfinkel, and M. Chechik. UFO: A framework for abstraction-and interpolation-based software verification. In CAV, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. R. Alur, P. ˇ Cern`y, P. Madhusudan, and W. Nam. Synthesis of interface specifications for Java classes. In POPL, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. R. Alur, R. Bodik, G. Juniwal, M. M. Martin, M. Raghothaman, S. A. Seshia, R. Singh, A. Solar-Lezama, E. Torlak, and A. Udupa. Syntaxguided synthesis. In FMCAD, 2013.Google ScholarGoogle Scholar
  9. G. Ammons, R. Bod´ık, and J. R. Larus. Mining specifications. In POPL, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. T. Ball and S. K. Rajamani. The SLAM toolkit. In CAV, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. M. Barnett and K. R. M. Leino. Weakest-precondition of unstructured programs. In PASTE, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. O. Bastani, S. Anand, and A. Aiken. Specification inference using context-free language reachability. In POPL, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. N. E. Beckman and A. V. Nori. Probabilistic, modular and scalable inference of typestate specifications. In PLDI, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. T. Beyene, S. Chaudhuri, C. Popeea, and A. Rybalchenko. A constraint-based approach to solving games on infinite graphs. In POPL, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. T. A. Beyene, C. Popeea, and A. Rybalchenko. Solving existentially quantified horn clauses. In CAV, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. D. Beyer. Status report on software verification - (Competition summary SV-COMP 2014). In TACAS, 2014.Google ScholarGoogle Scholar
  17. D. Beyer, T. A. Henzinger, R. Jhala, and R. Majumdar. The software model checker BLAST. STTT, (5-6), 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. D. Beyer, A. Cimatti, A. Griggio, M. E. Keremoglu, and R. Sebastiani. Software Model Checking via Large-Block Encoding. In FMCAD, 2009.Google ScholarGoogle ScholarCross RefCross Ref
  19. N. Bjørner. Linear quantifier elimination as an abstract decision procedure. In IJCAR, 2010.Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. S. Blackshear and S. K. Lahiri. Almost-correct specifications: A modular semantic framework for assigning confidence to warnings. In PLDI, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. D. Brumley, H. Wang, S. Jha, and D. X. Song. Creating vulnerability signatures using weakest preconditions. In CSF, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. C. Calcagno, D. Distefano, P. O’Hearn, and H. Yang. Compositional shape analysis by means of bi-abduction. POPL, (1), 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. A. Cimatti, A. Griggio, S. Mover, and S. Tonetta. Parameter synthesis with IC3. In FMCAD, 2013.Google ScholarGoogle ScholarCross RefCross Ref
  24. E. Clarke, D. Kroening, and F. Lerda. A Tool for Checking ANSI-C Programs. In TACAS, pages 168–176, 2004.Google ScholarGoogle ScholarCross RefCross Ref
  25. D. Cooper. Theorem proving in arithmetic without multiplication. Machine Intelligence, (91-99), 1972.Google ScholarGoogle Scholar
  26. M. Costa, M. Castro, L. Zhou, L. Zhang, and M. Peinado. Bouncer: Securing software by blocking bad input. In SOSP, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. A. Das, S. K. Lahiri, A. Lal, and Y. Li. Angelic verification: Precise verification modulo unknowns. In CAV, 2015.Google ScholarGoogle Scholar
  28. L. de Moura and N. Bjrner. Z3: An efficient SMT solver. In TACAS. 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. M. Denecker and A. C. Kakas. Abduction in logic programming. In Computational Logic: Logic Programming and Beyond, Essays in Honour of Robert A. Kowalski, Part I, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. I. Dillig, T. Dillig, and A. Aiken. Automated error diagnosis using abductive inference. PLDI, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. R. Giacobazzi. Abductive analysis of modular logic programs. In ISLP, 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. S. Grebenshchikov, A. Gupta, N. P. Lopes, C. Popeea, and A. Rybalchenko. HSF (C): a software verifier based on Horn clauses. In TACAS. 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. S. Grebenshchikov, N. P. Lopes, C. Popeea, and A. Rybalchenko. Synthesizing software verifiers from proof rules. In PLDI, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. S. Gulwani. Synthesis from examples. WAMBSE, (2), 2012.Google ScholarGoogle Scholar
  35. T. A. Henzinger, R. Jhala, and R. Majumdar. Permissive interfaces. In ESEC/SIGSOFT FSE, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. K. Hoder and N. Bjørner. Generalized property directed reachability. In SAT, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. B. Jobstmann, A. Griesmayer, and R. Bloem. Program repair as a game. In CAV, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. V. Kuncak, M. Mayer, R. Piskac, and P. Suter. Complete functional synthesis. In PLDI, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. A. Lal. personal communication, 2015.Google ScholarGoogle Scholar
  40. A. Lal, S. Qadeer, and S. Lahiri. Corral: A solver for reachability modulo theories. In CAV, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. B. Livshits, A. V. Nori, S. K. Rajamani, and A. Banerjee. Merlin: Specification inference for explicit information flow problems. In PLDI, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. F. Long, S. Sidiroglou-Douskos, D. Kim, and M. Rinard. Sound input filter generation for integer overflow errors. 2014.Google ScholarGoogle Scholar
  43. S. McIlraith. Logic-based abductive inference. Technical Report KSL- 98-19, Knowledge Systems Laboratory, July 1998.Google ScholarGoogle Scholar
  44. K. L. McMillan. Lazy abstraction with interpolants. In CAV, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. J. W. Nimmer and M. D. Ernst. Automatic generation of program specifications. In ISSTA, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. W. Pugh. The Omega Test: a fast and practical integer programming algorithm for dependence analysis. CACM, 1992.Google ScholarGoogle Scholar
  47. S. Qin, C. Luo, G. He, F. Craciun, and W. Chin. Verifying heapmanipulating programs with unknown procedure calls. In ICFEM, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. M. K. Ramanathan, A. Grama, and S. Jagannathan. Static specification inference using predicate mining. PLDI ’07, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. M. N. Seghir and D. Kroening. Counterexample-guided precondition inference. In ESOP, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. S. Shoham, E. Yahav, S. Fink, and M. Pistoia. Static specification mining using automata-based abstractions. ISSTA, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. A. Solar Lezama. Program Synthesis By Sketching. PhD thesis, EECS Department, University of California, Berkeley, Dec 2008.Google ScholarGoogle Scholar
  52. M. Veanes, N. Bjørner, L. Nachmanson, and S. Bereg. Monadic decomposition. In CAV, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. J. Yang, D. Evans, D. Bhardwaj, T. Bhat, and M. Das. Perracotta: mining temporal api rules from imperfect traces. ICSE, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. H. Zhu, T. Dillig, and I. Dillig. Automated inference of library specifications for source-sink property verification. In APLAS, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Maximal specification synthesis

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM SIGPLAN Notices
        ACM SIGPLAN Notices  Volume 51, Issue 1
        POPL '16
        January 2016
        815 pages
        ISSN:0362-1340
        EISSN:1558-1160
        DOI:10.1145/2914770
        • Editor:
        • Andy Gill
        Issue’s Table of Contents
        • cover image ACM Conferences
          POPL '16: Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
          January 2016
          815 pages
          ISBN:9781450335492
          DOI:10.1145/2837614

        Copyright © 2016 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 11 January 2016

        Check for updates

        Qualifiers

        • article

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!