Abstract
We present a data-driven technique to solve Constrained Horn Clauses (CHCs) that encode verification conditions of programs containing unconstrained loops and recursions. Our CHC solver neither constrains the search space from which a predicate's components are inferred (e.g., by constraining the number of variables or the values of coefficients used to specify an invariant), nor fixes the shape of the predicate itself (e.g., by bounding the number and kind of logical connectives). Instead, our approach is based on a novel machine learning-inspired tool chain that synthesizes CHC solutions in terms of arbitrary Boolean combinations of unrestricted atomic predicates. A CEGAR-based verification loop inside the solver progressively samples representative positive and negative data from recursive CHCs, which is fed to the machine learning tool chain. Our solver is implemented as an LLVM pass in the SeaHorn verification framework and has been used to successfully verify a large number of nontrivial and challenging C programs from the literature and well-known benchmark suites (e.g., SV-COMP).
Supplemental Material
- Aws Albarghouthi, Arie Gurfinkel, and Marsha Chechik. 2012. Whale: An Interpolation-based Algorithm for Inter-procedural Verification. In Proceedings of the 13th International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI'12). Springer-Verlag, Berlin, Heidelberg, 39-55. Google Scholar
Digital Library
- Aaron R. Bradley. 2011. SAT-based Model Checking Without Unrolling. In Proceedings of the 12th International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI'11). Springer-Verlag, Berlin, Heidelberg, 70-87. Google Scholar
Digital Library
- Adrien Champion, Tomoya Chiba, Naoki Kobayashi, and Ryosuke Sato. 2018. ICE-based Refinement Type Discovery for Higher-Order Functional Programs. In Proceedings of the Theory and Practice of Software, 24th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS'18). Springer-Verlag New York, Inc., New York, NY, USA.Google Scholar
Cross Ref
- Chih-Chung Chang and Chih-Jen Lin. 2011. LIBSVM: A Library for Support Vector Machines. ACM Trans. Intell. Syst. Technol. 2, 3, Article 27 (May 2011), 27 pages. Google Scholar
Digital Library
- Edmund Clarke, Armin Biere, Richard Raimi, and Yunshan Zhu. 2001. Bounded Model Checking Using Satisfiability Solving. Form. Methods Syst. Des. 19, 1 (July 2001), 7-34. Google Scholar
Digital Library
- Benjamin Cosman and Ranjit Jhala. 2017. Local Refinement Typing. Proc. ACM Program. Lang. 1, ICFP, Article 26 (Aug. 2017), 27 pages. Google Scholar
Digital Library
- Leonardo De Moura and Nikolaj Bjurner. 2008. Z3: An Efficient SMT Solver. In Proceedings of the Theory and Practice of Software, 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS'08). Springer-Verlag, Berlin, Heidelberg, 337-340. Google Scholar
Digital Library
- Isil Dillig, Thomas Dillig, Boyang Li, and Ken McMillan. 2013. Inductive Invariant Generation via Abductive Inference. In Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages & Applications (OOPSLA '13). ACM, New York, NY, USA, 443-456. Google Scholar
Digital Library
- Yoav Freund and Robert E. Schapire. 1999. Large Margin Classification Using the Perceptron Algorithm. Mach. Learn. 37, 3 (Dec. 1999), 277-296. Google Scholar
Digital Library
- Pranav Garg, Christof Loding, P. Madhusudan, and Daniel Neider. 2014. ICE: A Robust Learning Framework for learning Invariants. In Proceedings of the 26th International Conference on Computer Aided Verification - Volume 8559. Springer-Verlag New York, Inc., New York, NY, USA, 69-87. Google Scholar
Digital Library
- Pranav Garg, Daniel Neider, P. Madhusudan, and Dan Roth. 2016. Learning Invariants Using Decision Trees and Implication Counterexamples. In Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL '16). ACM, New York, NY, USA, 499-512. Google Scholar
Digital Library
- Timon Gehr, Dimitar Dimitrov, and Martin T. Vechev. 2015. Learning Commutativity Specifications. In Computer Aided Verification - 27th International Conference, CAV 2015, San Francisco, CA, USA, Proceedings, Part I. Springer-Verlag New York, Inc., New York, NY, USA, 307-323.Google Scholar
- Sergey Grebenshchikov, Nuno P. Lopes, Corneliu Popeea, and Andrey Rybalchenko. 2012. Synthesizing Software Verifiers from Proof Rules. In Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '12). ACM, New York, NY, USA, 405-416. Google Scholar
Digital Library
- Ashutosh Gupta and Andrey Rybalchenko. 2009. InvGen: An Efficient Invariant Generator. In Proceedings of the 21st International Conference on Computer Aided Verification (CAV '09). Springer-Verlag, Berlin, Heidelberg, 634-640. Google Scholar
Digital Library
- Arie Gurfinkel, Temesghen Kahsai, Anvesh Komuravelli, and Jorge A. Navas. 2015. The SeaHorn Verification Framework. In Computer Aided Verification - 27th International Conference, CAV 2015, San Francisco, CA, USA, Proceedings, Part I. Springer-Verlag New York, Inc., New York, NY, USA, 343-361.Google Scholar
- Matthias Heizmann, Jochen Hoenicke, and Andreas Podelski. 2010. Nested Interpolants. In Proceedings of the 37th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL '10). ACM, New York, NY, USA, 471-482. Google Scholar
Digital Library
- Kry?tof Hoder and Nikolaj Bjurner. 2012. Generalized Property Directed Reachability. In Proceedings of the 15th International Conference on Theory and Applications of Satisfiability Testing (SAT'12). Springer-Verlag, Berlin, Heidelberg, 157-171. Google Scholar
Digital Library
- Temesghen Kahsai, Philipp Rummer, Huascar Sanchez, and Martin Schaf. 2016. JayHorn: A Framework for Verifying Java programs. In Computer Aided Verification - 28th International Conference, CAV 2016, Toronto, ON, Canada, Proceedings, Part I. Springer-Verlag New York, Inc., New York, NY, USA, 352-358.Google Scholar
- Anvesh Komuravelli, Arie Gurfinkel, and Sagar Chaki. 2014. SMT-Based Model Checking for Recursive Programs. In Proceedings of the 26th International Conference on Computer Aided Verification - Volume 8559. Springer-Verlag New York, Inc., New York, NY, USA, 17-34. Google Scholar
Digital Library
- Siddharth Krishna, Christian Puhrsch, and Thomas Wies. 2015. Learning Invariants using Decision Trees. http://cs.nyu.edu/~siddharth/invariants_dt.pdf.Google Scholar
- Jiaying Li, Jun Sun, Li Li, Quang Loc Le, and Shang-Wei Lin. 2017. Automatic Loop-invariant Generation and Refinement Through Selective Sampling. In Proceedings of the 32Nd IEEE/ACM International Conference on Automated Software Engineering (ASE 2017). IEEE Press, Piscataway, NJ, USA, 782-792. Google Scholar
Digital Library
- Kenneth L. McMillan. 2003. Interpolation and SAT-Based Model Checking. In Computer Aided Verification, 15th International Conference, CAV 2003, Boulder, CO, USA, Proceedings. Springer-Verlag, Berlin, Heidelberg, 1-13.Google Scholar
- Kenneth L. McMillan. 2006. Lazy Abstraction with Interpolants. In Proceedings of the 18th International Conference on Computer Aided Verification (CAV'06). Springer-Verlag, Berlin, Heidelberg, 123-136. Google Scholar
Digital Library
- Kenneth L. Mcmillan. 2014. Lazy Annotation Revisited. In Proceedings of the 26th International Conference on Computer Aided Verification - Volume 8559. Springer-Verlag New York, Inc., New York, NY, USA, 243-259. Google Scholar
Digital Library
- K. L. McMillan and A. Rybalchenko. 2013. Computing Relational Fixed Points Using Interpolation. https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/MSR-TR-2013-6.pdf.Google Scholar
- LinearArbitrary. 2018. https://github.com/GaloisInc/LinearArbitrary-SeaHorn/.Google Scholar
- ThanhVu Nguyen, Timos Antonopoulos, Andrew Ruef, and Michael Hicks. 2017. Counterexample-guided Approach to Finding Numerical Invariants. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2017). ACM, New York, NY, USA, 605-615. Google Scholar
Digital Library
- ThanhVu Nguyen, Deepak Kapur, Westley Weimer, and Stephanie Forrest. 2014. Using Dynamic Analysis to Generate Disjunctive Invariants. In Proceedings of the 36th International Conference on Software Engineering (ICSE 2014). ACM, New York, NY, USA, 608-619. Google Scholar
Digital Library
- Saswat Padhi, Rahul Sharma, and Todd Millstein. 2016. Data-driven Precondition Inference with Learned Features. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '16). ACM, New York, NY, USA, 42-56. Google Scholar
Digital Library
- John C. Platt. 1999. Advances in Kernel Methods. MIT Press, Cambridge, MA, USA, Chapter Fast Training of Support Vector Machines Using Sequential Minimal Optimization, 185-208. Google Scholar
Digital Library
- J. Ross Quinlan. 1993. C4.5: Programs for Machine Learning. Morgan Kaufmann Publishers Inc., San Francisco, CA, USA. Google Scholar
Digital Library
- Philipp Rummer, Hossein Hojjat, and Viktor Kuncak. 2013. Disjunctive Interpolants for Horn-clause Verification. In Proceedings of the 25th International Conference on Computer Aided Verification (CAV'13). Springer-Verlag, Berlin, Heidelberg, 347-363. Google Scholar
Digital Library
- Sriram Sankaranarayanan, Swarat Chaudhuri, Franjo Ivancic, and Aarti Gupta. 2008. Dynamic Inference of Likely Data Preconditions over Predicates by Tree Learning. In Proceedings of the 2008 International Symposium on Software Testing and Analysis (ISSTA '08). ACM, New York, NY, USA, 295-306. Google Scholar
Digital Library
- C. E. Shannon. 2001. A Mathematical Theory of Communication. SIGMOBILE Mob. Comput. Commun. Rev. 5, 1 (Jan. 2001), 3-55. Google Scholar
Digital Library
- Rahul Sharma and Alex Aiken. 2014. From Invariant Checking to Invariant Inference Using Randomized Search. In Proceedings of the 26th International Conference on Computer Aided Verification - Volume 8559. Springer-Verlag New York, Inc., New York, NY, USA, 88-105. Google Scholar
Digital Library
- Rahul Sharma, Saurabh Gupta, Bharath Hariharan, Alex Aiken, Percy Liang, and Aditya V. Nori. 2013. A Data Driven Approach for Algebraic Loop Invariants. In Proceedings of the 22Nd European Conference on Programming Languages and Systems (ESOP'13). Springer-Verlag, Berlin, Heidelberg, 574-592. Google Scholar
Digital Library
- Rahul Sharma, Saurabh Gupta, Bharath Hariharan, Alex Aiken, and Aditya V. Nori. 2013. Verification as Learning Geometric Concepts. In Static Analysis - 20th International Symposium, SAS 2013, Seattle, WA, USA, Proceedings. Springer-Verlag, Berlin, Heidelberg, 388-411.Google Scholar
- Rahul Sharma, Aditya V. Nori, and Alex Aiken. 2012. Interpolants As Classifiers. In Proceedings of the 24th International Conference on Computer Aided Verification (CAV'12). Springer-Verlag, Berlin, Heidelberg, 71-87. Google Scholar
Digital Library
- SV-COMP. 2017. http://sv-comp.sosy-lab.org/2017/.Google Scholar
- He Zhu, Gustavo Petri, and Suresh Jagannathan. 2016. Automatically Learning Shape Specifications. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '16). ACM, New York, NY, USA, 491-507. Google Scholar
Digital Library
Index Terms
A data-driven CHC solver
Recommendations
A data-driven CHC solver
PLDI 2018: Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and ImplementationWe present a data-driven technique to solve Constrained Horn Clauses (CHCs) that encode verification conditions of programs containing unconstrained loops and recursions. Our CHC solver neither constrains the search space from which a predicate's ...
Verification and refutation of C programs based on k-induction and invariant inference
AbstractDepthK is a source-to-source transformation tool that employs bounded model checking (BMC) to verify and falsify safety properties in single- and multi-threaded C programs, without manual annotation of loop invariants. Here, we describe and ...
Ivy: safety verification by interactive generalization
PLDI '16: Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and ImplementationDespite several decades of research, the problem of formal verification of infinite-state systems has resisted effective automation. We describe a system --- Ivy --- for interactively verifying safety of infinite-state systems. Ivy's key principle is ...







Comments