skip to main content

Induction duality: primal-dual search for invariants

Published:12 January 2022Publication History
Skip Abstract Section

Abstract

Many invariant inference techniques reason simultaneously about states and predicates, and it is well-known that these two kinds of reasoning are in some sense dual to each other. We present a new formal duality between states and predicates, and use it to derive a new primal-dual invariant inference algorithm. The new induction duality is based on a notion of provability by incremental induction that is formally dual to reachability, and the duality is surprisingly symmetric. The symmetry allows us to derive the dual of the well-known Houdini algorithm, and by combining Houdini with its dual image we obtain primal-dual Houdini, the first truly primal-dual invariant inference algorithm. An early prototype of primal-dual Houdini for the domain of distributed protocol verification can handle difficult benchmarks from the literature.

Skip Supplemental Material Section

Supplemental Material

Auxiliary Presentation Video

This is a 5-minute video advertising the full talk and paper appearing in POPL 2022. Many invariant inference techniques reason simultaneously about states and predicates, and it is well-known that these two kinds of reasoning are in some sense dual to each other. We present a new formal duality between states and predicates, and use it to derive a new primal-dual invariant inference algorithm. The new induction duality is based on a notion of provability by incremental induction that is formally dual to reachability, and the duality is surprisingly symmetric. The symmetry allows us to derive the dual of the well-known Houdini algorithm, and by combining Houdini with its dual image we obtain primal-dual Houdini, the first truly primal-dual invariant inference algorithm. An early prototype of primal-dual Houdini for the domain of distributed protocol verification can handle difficult benchmarks from the literature.

References

  1. Rajeev Alur, Rastislav Bodík, Garvit Juniwal, Milo M. K. Martin, Mukund Raghothaman, Sanjit A. Seshia, Rishabh Singh, Armando Solar-Lezama, Emina Torlak, and Abhishek Udupa. 2013. Syntax-guided synthesis. In Formal Methods in Computer-Aided Design, FMCAD 2013, Portland, OR, USA, October 20-23, 2013. IEEE, 1–8. https://doi.org/10.1109/FMCAD.2013.6679385 Google ScholarGoogle Scholar
  2. Thomas Ball, Rupak Majumdar, Todd D. Millstein, and Sriram K. Rajamani. 2001. Automatic Predicate Abstraction of C Programs. In Proceedings of the 2001 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Snowbird, Utah, USA, June 20-22, 2001, Michael Burke and Mary Lou Soffa (Eds.). ACM, 203–213. https://doi.org/10.1145/378795.378846 Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Clark W. Barrett, Christopher L. Conway, Morgan Deters, Liana Hadarean, Dejan Jovanovic, Tim King, Andrew Reynolds, and Cesare Tinelli. 2011. CVC4. In Computer Aided Verification - 23rd International Conference, CAV 2011, Snowbird, UT, USA, July 14-20, 2011. Proceedings, Ganesh Gopalakrishnan and Shaz Qadeer (Eds.) (Lecture Notes in Computer Science, Vol. 6806). Springer, 171–177. https://doi.org/10.1007/978-3-642-22110-1_14 Google ScholarGoogle ScholarCross RefCross Ref
  4. Aaron R. Bradley. 2011. SAT-Based Model Checking without Unrolling. In Verification, Model Checking, and Abstract Interpretation - 12th International Conference, VMCAI 2011, Austin, TX, USA, January 23-25, 2011. Proceedings, Ranjit Jhala and David A. Schmidt (Eds.) (Lecture Notes in Computer Science, Vol. 6538). Springer, 70–87. isbn:978-3-642-18274-7 https://doi.org/10.1007/978-3-642-18275-4_7 Google ScholarGoogle Scholar
  5. Aaron R. Bradley. 2012. Understanding IC3. In Theory and Applications of Satisfiability Testing - SAT 2012 - 15th International Conference, Trento, Italy, June 17-20, 2012. Proceedings. 1–14. https://doi.org/10.1007/978-3-642-31612-8_1 Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Aaron R. Bradley and Zohar Manna. 2008. Property-directed incremental invariant generation. Formal Asp. Comput., 20, 4-5 (2008), 379–405. https://doi.org/10.1007/s00165-008-0080-9 Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Edmund M. Clarke, Orna Grumberg, Somesh Jha, Yuan Lu, and Helmut Veith. 2000. Counterexample-Guided Abstraction Refinement. In Computer Aided Verification, 12th International Conference, CAV 2000, Chicago, IL, USA, July 15-19, 2000, Proceedings, E. Allen Emerson and A. Prasad Sistla (Eds.) (Lecture Notes in Computer Science, Vol. 1855). Springer, 154–169. https://doi.org/10.1007/10722167_15 Google ScholarGoogle ScholarCross RefCross Ref
  8. Patrick Cousot and Radhia Cousot. 1977. Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints. In Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages (POPL ’77). ACM, New York, NY, USA. 238–252. https://doi.org/10.1145/512950.512973 Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Patrick Cousot and Radhia Cousot. 1979. Systematic Design of Program Analysis Frameworks. In Proceedings of the 6th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages (POPL ’79). ACM, New York, NY, USA. 269–282. https://doi.org/10.1145/567752.567778 Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Leonardo de Moura and Nikolaj Bjørner. 2008. Z3: An Efficient SMT Solver. In Tools and Algorithms for the Construction and Analysis of Systems, 14th International Conference, TACAS 2008, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2008, Budapest, Hungary, March 29-April 6, 2008. Proceedings, C. R. Ramakrishnan and Jakob Rehof (Eds.) (Lecture Notes in Computer Science, Vol. 4963). Springer, 337–340. https://doi.org/10.1007/978-3-540-78800-3_24 Google ScholarGoogle ScholarCross RefCross Ref
  11. Yotam M. Y. Feldman, James R. Wilcox, Sharon Shoham, and Mooly Sagiv. 2019. Inferring Inductive Invariants from Phase Structures. In Computer Aided Verification - 31st International Conference, CAV 2019, New York City, NY, USA, July 15-18, 2019, Proceedings, Part II, Isil Dillig and Serdar Tasiran (Eds.) (Lecture Notes in Computer Science, Vol. 11562). Springer, 405–425. https://doi.org/10.1007/978-3-030-25543-5_23 Google ScholarGoogle ScholarCross RefCross Ref
  12. Cormac Flanagan, Rajeev Joshi, and K. Rustan M. Leino. 2001. Annotation inference for modular checkers. Inf. Process. Lett., 77, 2-4 (2001), 97–108. https://doi.org/10.1016/S0020-0190(00)00196-4 Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Cormac Flanagan and K. Rustan M. Leino. 2001. Houdini, an Annotation Assistant for ESC/Java. In FME 2001: Formal Methods for Increasing Software Productivity, International Symposium of Formal Methods Europe, Berlin, Germany, March 12-16, 2001, Proceedings, José Nuno Oliveira and Pamela Zave (Eds.) (Lecture Notes in Computer Science, Vol. 2021). Springer, 500–517. https://doi.org/10.1007/3-540-45251-6_29 Google ScholarGoogle ScholarCross RefCross Ref
  14. Pranav Garg, Christof Löding, P. Madhusudan, and Daniel Neider. 2014. ICE: A Robust Framework for Learning Invariants. In Computer Aided Verification - 26th International Conference, CAV 2014, Held as Part of the Vienna Summer of Logic, VSL 2014, Vienna, Austria, July 18-22, 2014. Proceedings, Armin Biere and Roderick Bloem (Eds.) (Lecture Notes in Computer Science, Vol. 8559). Springer, 69–87. https://doi.org/10.1007/978-3-319-08867-9_5 Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Patrice Godefroid, Aditya V. Nori, Sriram K. Rajamani, and SaiDeep Tetali. 2010. Compositional may-must program analysis: unleashing the power of alternation. In Proceedings of the 37th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2010, Madrid, Spain, January 17-23, 2010, Manuel V. Hermenegildo and Jens Palsberg (Eds.). ACM, 43–56. https://doi.org/10.1145/1706299.1706307 Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Aman Goel and Karem A. Sakallah. 2021. On Symmetry and Quantification: A New Approach to Verify Distributed Protocols. In NASA Formal Methods - 13th International Symposium, NFM 2021, Virtual Event, May 24-28, 2021, Proceedings, Aaron Dutle, Mariano M. Moscato, Laura Titolo, César A. Muñoz, and Ivan Perez (Eds.) (Lecture Notes in Computer Science, Vol. 12673). Springer, 131–150. https://doi.org/10.1007/978-3-030-76384-8_9 Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Aman Goel and Karem A. Sakallah. 2021. Towards an Automatic Proof of Lamport’s Paxos. In Proceedings of the 21st Conference on Formal Methods in Computer-Aided Design, FMCAD 2021. 2, TU Wien Academic Press, 112–122. https://doi.org/10.34727/2021/isbn.978-3-85448-046-4_20 Google ScholarGoogle ScholarCross RefCross Ref
  18. Travis Hance, Marijn Heule, Ruben Martins, and Bryan Parno. 2021. Finding Invariants of Distributed Systems: It’ s a Small (Enough) World After All. In 18th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2021, April 12-14, 2021, James Mickens and Renata Teixeira (Eds.). USENIX Association, 115–131. https://www.usenix.org/conference/nsdi21/presentation/hanceGoogle ScholarGoogle Scholar
  19. Chris Hawblitzel, Jon Howell, Manos Kapritsos, Jacob R. Lorch, Bryan Parno, Michael L. Roberts, Srinath T. V. Setty, and Brian Zill. 2015. IronFleet: proving practical distributed systems correct. In Proceedings of the 25th Symposium on Operating Systems Principles, SOSP 2015, Monterey, CA, USA, October 4-7, 2015, Ethan L. Miller and Steven Hand (Eds.). ACM, 1–17. https://doi.org/10.1145/2815400.2815428 Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Matthias Heizmann, Jochen Hoenicke, and Andreas Podelski. 2009. Refinement of Trace Abstraction. In Static Analysis, 16th International Symposium, SAS 2009, Los Angeles, CA, USA, August 9-11, 2009. Proceedings, Jens Palsberg and Zhendong Su (Eds.) (Lecture Notes in Computer Science, Vol. 5673). Springer, 69–85. https://doi.org/10.1007/978-3-642-03237-0_7 Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Qinheping Hu, Jason Breck, John Cyphert, Loris D’Antoni, and Thomas W. Reps. 2019. Proving Unrealizability for Syntax-Guided Synthesis. In Computer Aided Verification - 31st International Conference, CAV 2019, New York City, NY, USA, July 15-18, 2019, Proceedings, Part I, Isil Dillig and Serdar Tasiran (Eds.) (Lecture Notes in Computer Science, Vol. 11561). Springer, 335–352. https://doi.org/10.1007/978-3-030-25540-4_18 Google ScholarGoogle ScholarCross RefCross Ref
  22. Ranjit Jhala and Kenneth L. McMillan. 2006. A Practical and Complete Approach to Predicate Refinement. In Tools and Algorithms for the Construction and Analysis of Systems, 12th International Conference, TACAS 2006 Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2006, Vienna, Austria, March 25 - April 2, 2006, Proceedings, Holger Hermanns and Jens Palsberg (Eds.) (Lecture Notes in Computer Science, Vol. 3920). Springer, 459–473. https://doi.org/10.1007/11691372_33 Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Aleksandr Karbyshev, Nikolaj Bjørner, Shachar Itzhaky, Noam Rinetzky, and Sharon Shoham. 2017. Property-Directed Inference of Universal Invariants or Proving Their Absence. J. ACM, 64, 1 (2017), 7:1–7:33. https://doi.org/10.1145/3022187 Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Jason R. Koenig, Oded Padon, Neil Immerman, and Alex Aiken. 2020. First-order quantified separators. In Proceedings of the 41st ACM SIGPLAN International Conference on Programming Language Design and Implementation, PLDI 2020, London, UK, June 15-20, 2020, Alastair F. Donaldson and Emina Torlak (Eds.). ACM, 703–717. https://doi.org/10.1145/3385412.3386018 Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Leslie Lamport. 2001. Paxos made simple. ACM SIGACT News (Distributed Computing Column), 32, 4 (2001), December, 51–58. https://doi.org/10.1145/568425.568433 Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. F William Lawvere. 1969. Adjointness in foundations. Dialectica, 23, 3-4 (1969), 281–296. http://www.tac.mta.ca/tac/reprints/articles/16/tr16.pdf Republished in Reprints in Theory Appl. Categ.Google ScholarGoogle ScholarCross RefCross Ref
  27. Haojun Ma, Aman Goel, Jean-Baptiste Jeannin, Manos Kapritsos, Baris Kasikci, and Karem A. Sakallah. 2019. I4: incremental inference of inductive invariants for verification of distributed protocols. In Proceedings of the 27th ACM Symposium on Operating Systems Principles, SOSP 2019, Huntsville, ON, Canada, October 27-30, 2019. 370–384. https://doi.org/10.1145/3341301.3359651 Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Dahlia Malkhi, Leslie Lamport, and Lidong Zhou. 2008. Stoppable Paxos. https://www.microsoft.com/en-us/research/publication/stoppable-paxos/Google ScholarGoogle Scholar
  29. Zohar Manna and Amir Pnueli. 1995. Temporal Verification of Reactive Systems - Safety. Springer. isbn:978-0-387-94459-3 https://doi.org/10.1007/978-1-4612-4222-2 Google ScholarGoogle ScholarCross RefCross Ref
  30. Kenneth L. McMillan. 2003. Interpolation and SAT-Based Model Checking. In Computer Aided Verification, 15th International Conference, CAV 2003, Boulder, CO, USA, July 8-12, 2003, Proceedings, Warren A. Hunt Jr. and Fabio Somenzi (Eds.) (Lecture Notes in Computer Science, Vol. 2725). Springer, 1–13. https://doi.org/10.1007/978-3-540-45069-6_1 Google ScholarGoogle Scholar
  31. Kenneth L. McMillan. 2006. Lazy Abstraction with Interpolants. In Computer Aided Verification, 18th International Conference, CAV 2006, Seattle, WA, USA, August 17-20, 2006, Proceedings, Thomas Ball and Robert B. Jones (Eds.) (Lecture Notes in Computer Science, Vol. 4144). Springer, 123–136. https://doi.org/10.1007/11817963_14 Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Kenneth L. McMillan. 2014. Lazy Annotation Revisited. In Computer Aided Verification - 26th International Conference, CAV 2014, Held as Part of the Vienna Summer of Logic, VSL 2014, Vienna, Austria, July 18-22, 2014. Proceedings. 243–259. https://doi.org/10.1007/978-3-319-08867-9_16 Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Anders Miltner, Saswat Padhi, Todd D. Millstein, and David Walker. 2020. Data-driven inference of representation invariants. In Proceedings of the 41st ACM SIGPLAN International Conference on Programming Language Design and Implementation, PLDI 2020, London, UK, June 15-20, 2020. 1–15. https://doi.org/10.1145/3385412.3385967 Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Daniel Neider, Shambwaditya Saha, Pranav Garg, and P. Madhusudan. 2019. Sorcar: Property-Driven Algorithms for Learning Conjunctive Invariants. In Static Analysis - 26th International Symposium, SAS 2019, Porto, Portugal, October 8-11, 2019, Proceedings, Bor-Yuh Evan Chang (Ed.) (Lecture Notes in Computer Science, Vol. 11822). Springer, 323–346. https://doi.org/10.1007/978-3-030-32304-2_16 Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Oded Padon, Giuliano Losa, Mooly Sagiv, and Sharon Shoham. 2017. Paxos Made EPR: Decidable Reasoning About Distributed Protocols. Proc. ACM Program. Lang., 1, OOPSLA (2017), Article 108, Oct., 31 pages. issn:2475-1421 https://doi.org/10.1145/3140568 Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Oded Padon, Kenneth L. McMillan, Aurojit Panda, Mooly Sagiv, and Sharon Shoham. 2016. Ivy: safety verification by interactive generalization. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2016, Santa Barbara, CA, USA, June 13-17, 2016, Chandra Krintz and Emery Berger (Eds.). ACM, 614–630. isbn:978-1-4503-4261-2 https://doi.org/10.1145/2908080.2908118 Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Oded Padon, James R. Wilcox, Jason Koenig, Kenneth L. McMillan, and Alex Aiken. 2021. Artifact for POPL 2022 Paper: Induction Duality: Primal-Dual Search for Invariants. November, https://doi.org/10.5281/zenodo.5703081 Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Peter Smith. 2010. The Galois connection of syntax and semantics. Cambridge University. http://www.logicmatters.net/resources/pdfs/Galois.pdfGoogle ScholarGoogle Scholar
  39. Fabio Somenzi and Aaron R. Bradley. 2011. IC3: where monolithic and incremental meet. In International Conference on Formal Methods in Computer-Aided Design, FMCAD ’11, Austin, TX, USA, October 30 - November 02, 2011, Per Bjesse and Anna Slobodová (Eds.). FMCAD Inc., 3–8. http://dl.acm.org/citation.cfm?id=2157657Google ScholarGoogle Scholar
  40. Marcelo Taube, Giuliano Losa, Kenneth L. McMillan, Oded Padon, Mooly Sagiv, Sharon Shoham, James R. Wilcox, and Doug Woos. 2018. Modularity for decidability of deductive verification with applications to distributed systems. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2018, Philadelphia, PA, USA, June 18-22, 2018, Jeffrey S. Foster and Dan Grossman (Eds.). ACM, 662–677. https://doi.org/10.1145/3192366.3192414 Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. James R. Wilcox, Doug Woos, Pavel Panchekha, Zachary Tatlock, Xi Wang, Michael D. Ernst, and Thomas E. Anderson. 2015. Verdi: a framework for implementing and formally verifying distributed systems. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, Portland, OR, USA, June 15-17, 2015, David Grove and Stephen M. Blackburn (Eds.). ACM, 357–368. https://doi.org/10.1145/2737924.2737958 Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Jianan Yao, Runzhou Tao, Ronghui Gu, Jason Nieh, Suman Jana, and Gabriel Ryan. 2021. DistAI: Data-Driven Automated Invariant Learning for Distributed Protocols. In 15th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2021, July 14-16, 2021, Angela Demke Brown and Jay R. Lorch (Eds.). USENIX Association, 405–421. https://www.usenix.org/conference/osdi21/presentation/yaoGoogle ScholarGoogle Scholar

Index Terms

  1. Induction duality: primal-dual search for invariants

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!