Abstract
Many problems in program analysis, verification, and synthesis require inferring specifications of unknown procedures. Motivated by a broad range of applications, we formulate the problem of maximal specification inference: Given a postcondition Phi and a program P calling a set of unknown procedures F_1,…,F_n, what are the most permissive specifications of procedures F_i that ensure correctness of P? In other words, we are looking for the smallest number of assumptions we need to make about the behaviours of F_i in order to prove that $P$ satisfies its postcondition. To solve this problem, we present a novel approach that utilizes a counterexample-guided inductive synthesis loop and reduces the maximal specification inference problem to multi-abduction. We formulate the novel notion of multi-abduction as a generalization of classical logical abduction and present an algorithm for solving multi-abduction problems. On the practical side, we evaluate our specification inference technique on a range of benchmarks and demonstrate its ability to synthesize specifications of kernel routines invoked by device drivers.
- Infer. http://fbinfer.com/.Google Scholar
- The LLVM compiler infrastructure. http://llvm.org.Google Scholar
- Windows driver kit (WDK). https://msdn.microsoft.com/en-us/ library/windows/hardware/ff557573(v=vs.85).aspx.Google Scholar
- A. Albarghouthi, A. Gurfinkel, and M. Chechik. Craig interpretation. In SAS, 2012. Google Scholar
Digital Library
- A. Albarghouthi, A. Gurfinkel, and M. Chechik. From Underapproximations to Over-approximations and Back. In TACAS, 2012. Google Scholar
Digital Library
- A. Albarghouthi, Y. Li, A. Gurfinkel, and M. Chechik. UFO: A framework for abstraction-and interpolation-based software verification. In CAV, 2012. Google Scholar
Digital Library
- R. Alur, P. ˇ Cern`y, P. Madhusudan, and W. Nam. Synthesis of interface specifications for Java classes. In POPL, 2005. Google Scholar
Digital Library
- R. Alur, R. Bodik, G. Juniwal, M. M. Martin, M. Raghothaman, S. A. Seshia, R. Singh, A. Solar-Lezama, E. Torlak, and A. Udupa. Syntaxguided synthesis. In FMCAD, 2013.Google Scholar
- G. Ammons, R. Bod´ık, and J. R. Larus. Mining specifications. In POPL, 2002. Google Scholar
Digital Library
- T. Ball and S. K. Rajamani. The SLAM toolkit. In CAV, 2001. Google Scholar
Digital Library
- M. Barnett and K. R. M. Leino. Weakest-precondition of unstructured programs. In PASTE, 2005. Google Scholar
Digital Library
- O. Bastani, S. Anand, and A. Aiken. Specification inference using context-free language reachability. In POPL, 2015. Google Scholar
Digital Library
- N. E. Beckman and A. V. Nori. Probabilistic, modular and scalable inference of typestate specifications. In PLDI, 2011. Google Scholar
Digital Library
- T. Beyene, S. Chaudhuri, C. Popeea, and A. Rybalchenko. A constraint-based approach to solving games on infinite graphs. In POPL, 2014. Google Scholar
Digital Library
- T. A. Beyene, C. Popeea, and A. Rybalchenko. Solving existentially quantified horn clauses. In CAV, 2013. Google Scholar
Digital Library
- D. Beyer. Status report on software verification - (Competition summary SV-COMP 2014). In TACAS, 2014.Google Scholar
- D. Beyer, T. A. Henzinger, R. Jhala, and R. Majumdar. The software model checker BLAST. STTT, (5-6), 2007. Google Scholar
Digital Library
- D. Beyer, A. Cimatti, A. Griggio, M. E. Keremoglu, and R. Sebastiani. Software Model Checking via Large-Block Encoding. In FMCAD, 2009.Google Scholar
Cross Ref
- N. Bjørner. Linear quantifier elimination as an abstract decision procedure. In IJCAR, 2010.Google Scholar
Digital Library
- S. Blackshear and S. K. Lahiri. Almost-correct specifications: A modular semantic framework for assigning confidence to warnings. In PLDI, 2013. Google Scholar
Digital Library
- D. Brumley, H. Wang, S. Jha, and D. X. Song. Creating vulnerability signatures using weakest preconditions. In CSF, 2007. Google Scholar
Digital Library
- C. Calcagno, D. Distefano, P. O’Hearn, and H. Yang. Compositional shape analysis by means of bi-abduction. POPL, (1), 2009. Google Scholar
Digital Library
- A. Cimatti, A. Griggio, S. Mover, and S. Tonetta. Parameter synthesis with IC3. In FMCAD, 2013.Google Scholar
Cross Ref
- E. Clarke, D. Kroening, and F. Lerda. A Tool for Checking ANSI-C Programs. In TACAS, pages 168–176, 2004.Google Scholar
Cross Ref
- D. Cooper. Theorem proving in arithmetic without multiplication. Machine Intelligence, (91-99), 1972.Google Scholar
- M. Costa, M. Castro, L. Zhou, L. Zhang, and M. Peinado. Bouncer: Securing software by blocking bad input. In SOSP, 2007. Google Scholar
Digital Library
- A. Das, S. K. Lahiri, A. Lal, and Y. Li. Angelic verification: Precise verification modulo unknowns. In CAV, 2015.Google Scholar
- L. de Moura and N. Bjrner. Z3: An efficient SMT solver. In TACAS. 2008. Google Scholar
Digital Library
- M. Denecker and A. C. Kakas. Abduction in logic programming. In Computational Logic: Logic Programming and Beyond, Essays in Honour of Robert A. Kowalski, Part I, 2002. Google Scholar
Digital Library
- I. Dillig, T. Dillig, and A. Aiken. Automated error diagnosis using abductive inference. PLDI, 2012. Google Scholar
Digital Library
- R. Giacobazzi. Abductive analysis of modular logic programs. In ISLP, 1994. Google Scholar
Digital Library
- S. Grebenshchikov, A. Gupta, N. P. Lopes, C. Popeea, and A. Rybalchenko. HSF (C): a software verifier based on Horn clauses. In TACAS. 2012. Google Scholar
Digital Library
- S. Grebenshchikov, N. P. Lopes, C. Popeea, and A. Rybalchenko. Synthesizing software verifiers from proof rules. In PLDI, 2012. Google Scholar
Digital Library
- S. Gulwani. Synthesis from examples. WAMBSE, (2), 2012.Google Scholar
- T. A. Henzinger, R. Jhala, and R. Majumdar. Permissive interfaces. In ESEC/SIGSOFT FSE, 2005. Google Scholar
Digital Library
- K. Hoder and N. Bjørner. Generalized property directed reachability. In SAT, 2012. Google Scholar
Digital Library
- B. Jobstmann, A. Griesmayer, and R. Bloem. Program repair as a game. In CAV, 2005. Google Scholar
Digital Library
- V. Kuncak, M. Mayer, R. Piskac, and P. Suter. Complete functional synthesis. In PLDI, 2010. Google Scholar
Digital Library
- A. Lal. personal communication, 2015.Google Scholar
- A. Lal, S. Qadeer, and S. Lahiri. Corral: A solver for reachability modulo theories. In CAV, 2012. Google Scholar
Digital Library
- B. Livshits, A. V. Nori, S. K. Rajamani, and A. Banerjee. Merlin: Specification inference for explicit information flow problems. In PLDI, 2009. Google Scholar
Digital Library
- F. Long, S. Sidiroglou-Douskos, D. Kim, and M. Rinard. Sound input filter generation for integer overflow errors. 2014.Google Scholar
- S. McIlraith. Logic-based abductive inference. Technical Report KSL- 98-19, Knowledge Systems Laboratory, July 1998.Google Scholar
- K. L. McMillan. Lazy abstraction with interpolants. In CAV, 2006. Google Scholar
Digital Library
- J. W. Nimmer and M. D. Ernst. Automatic generation of program specifications. In ISSTA, 2002. Google Scholar
Digital Library
- W. Pugh. The Omega Test: a fast and practical integer programming algorithm for dependence analysis. CACM, 1992.Google Scholar
- S. Qin, C. Luo, G. He, F. Craciun, and W. Chin. Verifying heapmanipulating programs with unknown procedure calls. In ICFEM, 2010. Google Scholar
Digital Library
- M. K. Ramanathan, A. Grama, and S. Jagannathan. Static specification inference using predicate mining. PLDI ’07, 2007. Google Scholar
Digital Library
- M. N. Seghir and D. Kroening. Counterexample-guided precondition inference. In ESOP, 2013. Google Scholar
Digital Library
- S. Shoham, E. Yahav, S. Fink, and M. Pistoia. Static specification mining using automata-based abstractions. ISSTA, 2007. Google Scholar
Digital Library
- A. Solar Lezama. Program Synthesis By Sketching. PhD thesis, EECS Department, University of California, Berkeley, Dec 2008.Google Scholar
- M. Veanes, N. Bjørner, L. Nachmanson, and S. Bereg. Monadic decomposition. In CAV, 2014. Google Scholar
Digital Library
- J. Yang, D. Evans, D. Bhardwaj, T. Bhat, and M. Das. Perracotta: mining temporal api rules from imperfect traces. ICSE, 2006. Google Scholar
Digital Library
- H. Zhu, T. Dillig, and I. Dillig. Automated inference of library specifications for source-sink property verification. In APLAS, 2013. Google Scholar
Digital Library
Index Terms
Maximal specification synthesis
Recommendations
Maximal specification synthesis
POPL '16: Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming LanguagesMany problems in program analysis, verification, and synthesis require inferring specifications of unknown procedures. Motivated by a broad range of applications, we formulate the problem of maximal specification inference: Given a postcondition Phi ...
A formal requirements engineering method for specification, synthesis, and verification
SEE '97: Proceedings of the 8th International Conference on Software Engineering Environments (SEE '97)This paper presents a formal requirements engineering method capturing specification, synthesis, and verification. Being multi-paradigm, our approach integrates individual established formal methods: temporal logics are used to express abstract ...
Specification, Refinement and Verification of Concurrent Systems—An Integration of Object-Z and CSP
This paper presents a method of formally specifying, refining and verifying concurrent systems which uses the object-oriented state-based specification language Object-Z together with the process algebra CSP. Object-Z provides a convenient way of ...






Comments