Abstract
Despite several decades of research, the problem of formal verification of infinite-state systems has resisted effective automation. We describe a system --- Ivy --- for interactively verifying safety of infinite-state systems. Ivy's key principle is that whenever verification fails, Ivy graphically displays a concrete counterexample to induction. The user then interactively guides generalization from this counterexample. This process continues until an inductive invariant is found. Ivy searches for universally quantified invariants, and uses a restricted modeling language. This ensures that all verification conditions can be checked algorithmically. All user interactions are performed using graphical models, easing the user's task. We describe our initial experience with verifying several distributed protocols.
- P. A. Abdulla, K. Cerans, B. Jonsson, and Y. Tsay. Algorithmic analysis of programs with well quasi-ordered domains. Inf. Comput., 160(1-2):109–127, 2000. Google Scholar
Cross Ref
- A. R. Bradley. Sat-based model checking without unrolling. In Verification, Model Checking, and Abstract Interpretation - 12th International Conference, VMCAI, pages 70–87, 2011. Google Scholar
Digital Library
- E. Chang and R. Roberts. An improved algorithm for decentralized extrema-finding in circular configurations of processes. Communications of the ACM, 22(5):281–283, 1979. Google Scholar
Digital Library
- L. M. de Moura and N. Bjørner. Z3: An efficient SMT solver. In TACAS, pages 337–340, 2008. Google Scholar
Digital Library
- E. W. Dijkstra. A Discipline of Programming. Prentice-Hall, 1976.Google Scholar
Digital Library
- C. Flanagan and K. R. M. Leino. Houdini, an annotation assistant for esc/java. In FME 2001: Formal Methods for Increasing Software Productivity, International Symposium of Formal Methods Europe, pages 500–517, 2001. Google Scholar
Digital Library
- S. M. German and A. P. Sistla. Reasoning about systems with many processes. J. ACM, 39(3):675–735, 1992. Google Scholar
Digital Library
- C. Hawblitzel, J. Howell, M. Kapritsos, J. R. Lorch, B. Parno, M. L. Roberts, S. T. V. Setty, and B. Zill. Ironfleet: proving practical distributed systems correct. In Proceedings of the 25th Symposium on Operating Systems Principles, SOSP, pages 1– 17, 2015. Google Scholar
Digital Library
- J. G. Henriksen, J. L. Jensen, M. E. Jørgensen, N. Klarlund, R. Paige, T. Rauhe, and A. Sandholm. Mona: Monadic second-order logic in practice. In Tools and Algorithms for Construction and Analysis of Systems, First International Workshop, TACAS, pages 89–110, 1995. Google Scholar
Digital Library
- C. A. R. Hoare. An axiomatic basis for computer programming. Commun. ACM, 12(10):576–580, 1969. Google Scholar
Digital Library
- G. Huet, G. Kahn, and C. Paulin-Mohring. The coq proof assistant a tutorial. Rapport Technique, 178, 1997.Google Scholar
- IronFleet Project. Distributed lock service protocol source code. https:// github.com/Microsoft/Ironclad/blob/ 40b281f9f9fa7cfca5a00a7085cb302e6b1a9aa6/ ironfleet/src/Dafny/Distributed/Protocol/ Lock/Node.i.dfy. Accessed: 2016-03-20.Google Scholar
- S. Itzhaky, A. Banerjee, N. Immerman, O. Lahav, A. Nanevski, and M. Sagiv. Modular reasoning about heap paths via effectively propositional formulas. In the 41st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL, pages 385–396, 2014. Google Scholar
Digital Library
- S. Itzhaky, A. Banerjee, N. Immerman, A. Nanevski, and M. Sagiv. Effectively-propositional reasoning about reachability in linked data structures. In Computer Aided Verification - 25th International Conference, CAV, pages 756–772, 2013.Google Scholar
- Ivy PLDI’16 web page. https://www.cs.tau.ac.il/ ˜odedp/ivy/.Google Scholar
- D. Jackson. Software Abstractions: Resources and Additional Materials. MIT Press, 2011.Google Scholar
- A. Karbyshev, N. Bjørner, S. Itzhaky, N. Rinetzky, and S. Shoham. Property-directed inference of universal invariants or proving their absence. In Computer Aided Verification - 27th International Conference, CAV, pages 583–602, 2015.Google Scholar
- G. Klein, J. Andronick, K. Elphinstone, G. Heiser, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. sel4: formal verification of an operating-system kernel. Commun. ACM, 53(6):107– 115, 2010. Google Scholar
Digital Library
- K. R. M. Leino. Dafny: An automatic program verifier for functional correctness. In Logic for Programming, Artificial Intelligence, and Reasoning - 16th International Conference, LPAR-16, pages 348–370, 2010. Google Scholar
Digital Library
- X. Leroy. Formal verification of a realistic compiler. Communications of the ACM, 52(7):107–115, 2009. Google Scholar
Digital Library
- H. R. Lewis. Complexity results for classes of quantificational formulas. Journal of Computer and System Sciences, 21(3):317 – 353, 1980.Google Scholar
Cross Ref
- P. Madhusudan and X. Qiu. Efficient decision procedures for heaps using STRAND. In Static Analysis - 18th International Symposium, SAS 2011, Venice, Italy, September 14-16, 2011. Proceedings, pages 43–59, 2011. Google Scholar
Digital Library
- T. Nipkow, L. C. Paulson, and M. Wenzel. Isabelle/HOL - A Proof Assistant for Higher-Order Logic, volume 2283 of Lecture Notes in Computer Science. Springer, 2002. Google Scholar
Digital Library
- B. Parno. private communication, 2016.Google Scholar
- F. Pérez and B. E. Granger. IPython: a system for interactive scientific computing. Computing in Science and Engineering, 9(3):21–29, May 2007. Google Scholar
Digital Library
- R. Piskac, L. M. de Moura, and N. Bjørner. Deciding effectively propositional logic using DPLL and substitution sets. J. Autom. Reasoning, 44(4):401–424, 2010. Google Scholar
Digital Library
- A. Pnueli, S. Ruah, and L. D. Zuck. Automatic deductive verification with invisible invariants. In Tools and Algorithms for the Construction and Analysis of Systems, 7th International Conference, TACAS, pages 82–97, 2001. Google Scholar
Digital Library
- J. R. Wilcox, D. Woos, P. Panchekha, Z. Tatlock, X. Wang, M. D. Ernst, and T. E. Anderson. Verdi: a framework for implementing and formally verifying distributed systems. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 357– 368, 2015. Google Scholar
Digital Library
- P. Zave. How to make chord correct (using a stable base). CoRR, abs/1502.06461, 2015.Google Scholar
- Y. Zhang, R. Power, S. Zhou, Y. Sovran, M. K. Aguilera, and J. Li. Transaction chains: achieving serializability with low latency in geo-distributed storage systems. In Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles, pages 276–291. ACM, 2013. Google Scholar
Digital Library
Index Terms
Ivy: safety verification by interactive generalization
Recommendations
Paxos made EPR: decidable reasoning about distributed protocols
Distributed protocols such as Paxos play an important role in many computer systems. Therefore, a bug in a distributed protocol may have tremendous effects. Accordingly, a lot of effort has been invested in verifying such protocols. However, checking ...
Ivy: safety verification by interactive generalization
PLDI '16: Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and ImplementationDespite several decades of research, the problem of formal verification of infinite-state systems has resisted effective automation. We describe a system --- Ivy --- for interactively verifying safety of infinite-state systems. Ivy's key principle is ...
Verification and refutation of C programs based on k-induction and invariant inference
AbstractDepthK is a source-to-source transformation tool that employs bounded model checking (BMC) to verify and falsify safety properties in single- and multi-threaded C programs, without manual annotation of loop invariants. Here, we describe and ...







Comments