Abstract
Many invariant inference techniques reason simultaneously about states and predicates, and it is well-known that these two kinds of reasoning are in some sense dual to each other. We present a new formal duality between states and predicates, and use it to derive a new primal-dual invariant inference algorithm. The new induction duality is based on a notion of provability by incremental induction that is formally dual to reachability, and the duality is surprisingly symmetric. The symmetry allows us to derive the dual of the well-known Houdini algorithm, and by combining Houdini with its dual image we obtain primal-dual Houdini, the first truly primal-dual invariant inference algorithm. An early prototype of primal-dual Houdini for the domain of distributed protocol verification can handle difficult benchmarks from the literature.
Supplemental Material
- Rajeev Alur, Rastislav Bodík, Garvit Juniwal, Milo M. K. Martin, Mukund Raghothaman, Sanjit A. Seshia, Rishabh Singh, Armando Solar-Lezama, Emina Torlak, and Abhishek Udupa. 2013. Syntax-guided synthesis. In Formal Methods in Computer-Aided Design, FMCAD 2013, Portland, OR, USA, October 20-23, 2013. IEEE, 1–8. https://doi.org/10.1109/FMCAD.2013.6679385 Google Scholar
- Thomas Ball, Rupak Majumdar, Todd D. Millstein, and Sriram K. Rajamani. 2001. Automatic Predicate Abstraction of C Programs. In Proceedings of the 2001 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Snowbird, Utah, USA, June 20-22, 2001, Michael Burke and Mary Lou Soffa (Eds.). ACM, 203–213. https://doi.org/10.1145/378795.378846 Google Scholar
Digital Library
- Clark W. Barrett, Christopher L. Conway, Morgan Deters, Liana Hadarean, Dejan Jovanovic, Tim King, Andrew Reynolds, and Cesare Tinelli. 2011. CVC4. In Computer Aided Verification - 23rd International Conference, CAV 2011, Snowbird, UT, USA, July 14-20, 2011. Proceedings, Ganesh Gopalakrishnan and Shaz Qadeer (Eds.) (Lecture Notes in Computer Science, Vol. 6806). Springer, 171–177. https://doi.org/10.1007/978-3-642-22110-1_14 Google Scholar
Cross Ref
- Aaron R. Bradley. 2011. SAT-Based Model Checking without Unrolling. In Verification, Model Checking, and Abstract Interpretation - 12th International Conference, VMCAI 2011, Austin, TX, USA, January 23-25, 2011. Proceedings, Ranjit Jhala and David A. Schmidt (Eds.) (Lecture Notes in Computer Science, Vol. 6538). Springer, 70–87. isbn:978-3-642-18274-7 https://doi.org/10.1007/978-3-642-18275-4_7 Google Scholar
- Aaron R. Bradley. 2012. Understanding IC3. In Theory and Applications of Satisfiability Testing - SAT 2012 - 15th International Conference, Trento, Italy, June 17-20, 2012. Proceedings. 1–14. https://doi.org/10.1007/978-3-642-31612-8_1 Google Scholar
Digital Library
- Aaron R. Bradley and Zohar Manna. 2008. Property-directed incremental invariant generation. Formal Asp. Comput., 20, 4-5 (2008), 379–405. https://doi.org/10.1007/s00165-008-0080-9 Google Scholar
Digital Library
- Edmund M. Clarke, Orna Grumberg, Somesh Jha, Yuan Lu, and Helmut Veith. 2000. Counterexample-Guided Abstraction Refinement. In Computer Aided Verification, 12th International Conference, CAV 2000, Chicago, IL, USA, July 15-19, 2000, Proceedings, E. Allen Emerson and A. Prasad Sistla (Eds.) (Lecture Notes in Computer Science, Vol. 1855). Springer, 154–169. https://doi.org/10.1007/10722167_15 Google Scholar
Cross Ref
- Patrick Cousot and Radhia Cousot. 1977. Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints. In Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages (POPL ’77). ACM, New York, NY, USA. 238–252. https://doi.org/10.1145/512950.512973 Google Scholar
Digital Library
- Patrick Cousot and Radhia Cousot. 1979. Systematic Design of Program Analysis Frameworks. In Proceedings of the 6th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages (POPL ’79). ACM, New York, NY, USA. 269–282. https://doi.org/10.1145/567752.567778 Google Scholar
Digital Library
- Leonardo de Moura and Nikolaj Bjørner. 2008. Z3: An Efficient SMT Solver. In Tools and Algorithms for the Construction and Analysis of Systems, 14th International Conference, TACAS 2008, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2008, Budapest, Hungary, March 29-April 6, 2008. Proceedings, C. R. Ramakrishnan and Jakob Rehof (Eds.) (Lecture Notes in Computer Science, Vol. 4963). Springer, 337–340. https://doi.org/10.1007/978-3-540-78800-3_24 Google Scholar
Cross Ref
- Yotam M. Y. Feldman, James R. Wilcox, Sharon Shoham, and Mooly Sagiv. 2019. Inferring Inductive Invariants from Phase Structures. In Computer Aided Verification - 31st International Conference, CAV 2019, New York City, NY, USA, July 15-18, 2019, Proceedings, Part II, Isil Dillig and Serdar Tasiran (Eds.) (Lecture Notes in Computer Science, Vol. 11562). Springer, 405–425. https://doi.org/10.1007/978-3-030-25543-5_23 Google Scholar
Cross Ref
- Cormac Flanagan, Rajeev Joshi, and K. Rustan M. Leino. 2001. Annotation inference for modular checkers. Inf. Process. Lett., 77, 2-4 (2001), 97–108. https://doi.org/10.1016/S0020-0190(00)00196-4 Google Scholar
Digital Library
- Cormac Flanagan and K. Rustan M. Leino. 2001. Houdini, an Annotation Assistant for ESC/Java. In FME 2001: Formal Methods for Increasing Software Productivity, International Symposium of Formal Methods Europe, Berlin, Germany, March 12-16, 2001, Proceedings, José Nuno Oliveira and Pamela Zave (Eds.) (Lecture Notes in Computer Science, Vol. 2021). Springer, 500–517. https://doi.org/10.1007/3-540-45251-6_29 Google Scholar
Cross Ref
- Pranav Garg, Christof Löding, P. Madhusudan, and Daniel Neider. 2014. ICE: A Robust Framework for Learning Invariants. In Computer Aided Verification - 26th International Conference, CAV 2014, Held as Part of the Vienna Summer of Logic, VSL 2014, Vienna, Austria, July 18-22, 2014. Proceedings, Armin Biere and Roderick Bloem (Eds.) (Lecture Notes in Computer Science, Vol. 8559). Springer, 69–87. https://doi.org/10.1007/978-3-319-08867-9_5 Google Scholar
Digital Library
- Patrice Godefroid, Aditya V. Nori, Sriram K. Rajamani, and SaiDeep Tetali. 2010. Compositional may-must program analysis: unleashing the power of alternation. In Proceedings of the 37th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2010, Madrid, Spain, January 17-23, 2010, Manuel V. Hermenegildo and Jens Palsberg (Eds.). ACM, 43–56. https://doi.org/10.1145/1706299.1706307 Google Scholar
Digital Library
- Aman Goel and Karem A. Sakallah. 2021. On Symmetry and Quantification: A New Approach to Verify Distributed Protocols. In NASA Formal Methods - 13th International Symposium, NFM 2021, Virtual Event, May 24-28, 2021, Proceedings, Aaron Dutle, Mariano M. Moscato, Laura Titolo, César A. Muñoz, and Ivan Perez (Eds.) (Lecture Notes in Computer Science, Vol. 12673). Springer, 131–150. https://doi.org/10.1007/978-3-030-76384-8_9 Google Scholar
Digital Library
- Aman Goel and Karem A. Sakallah. 2021. Towards an Automatic Proof of Lamport’s Paxos. In Proceedings of the 21st Conference on Formal Methods in Computer-Aided Design, FMCAD 2021. 2, TU Wien Academic Press, 112–122. https://doi.org/10.34727/2021/isbn.978-3-85448-046-4_20 Google Scholar
Cross Ref
- Travis Hance, Marijn Heule, Ruben Martins, and Bryan Parno. 2021. Finding Invariants of Distributed Systems: It’ s a Small (Enough) World After All. In 18th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2021, April 12-14, 2021, James Mickens and Renata Teixeira (Eds.). USENIX Association, 115–131. https://www.usenix.org/conference/nsdi21/presentation/hanceGoogle Scholar
- Chris Hawblitzel, Jon Howell, Manos Kapritsos, Jacob R. Lorch, Bryan Parno, Michael L. Roberts, Srinath T. V. Setty, and Brian Zill. 2015. IronFleet: proving practical distributed systems correct. In Proceedings of the 25th Symposium on Operating Systems Principles, SOSP 2015, Monterey, CA, USA, October 4-7, 2015, Ethan L. Miller and Steven Hand (Eds.). ACM, 1–17. https://doi.org/10.1145/2815400.2815428 Google Scholar
Digital Library
- Matthias Heizmann, Jochen Hoenicke, and Andreas Podelski. 2009. Refinement of Trace Abstraction. In Static Analysis, 16th International Symposium, SAS 2009, Los Angeles, CA, USA, August 9-11, 2009. Proceedings, Jens Palsberg and Zhendong Su (Eds.) (Lecture Notes in Computer Science, Vol. 5673). Springer, 69–85. https://doi.org/10.1007/978-3-642-03237-0_7 Google Scholar
Digital Library
- Qinheping Hu, Jason Breck, John Cyphert, Loris D’Antoni, and Thomas W. Reps. 2019. Proving Unrealizability for Syntax-Guided Synthesis. In Computer Aided Verification - 31st International Conference, CAV 2019, New York City, NY, USA, July 15-18, 2019, Proceedings, Part I, Isil Dillig and Serdar Tasiran (Eds.) (Lecture Notes in Computer Science, Vol. 11561). Springer, 335–352. https://doi.org/10.1007/978-3-030-25540-4_18 Google Scholar
Cross Ref
- Ranjit Jhala and Kenneth L. McMillan. 2006. A Practical and Complete Approach to Predicate Refinement. In Tools and Algorithms for the Construction and Analysis of Systems, 12th International Conference, TACAS 2006 Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2006, Vienna, Austria, March 25 - April 2, 2006, Proceedings, Holger Hermanns and Jens Palsberg (Eds.) (Lecture Notes in Computer Science, Vol. 3920). Springer, 459–473. https://doi.org/10.1007/11691372_33 Google Scholar
Digital Library
- Aleksandr Karbyshev, Nikolaj Bjørner, Shachar Itzhaky, Noam Rinetzky, and Sharon Shoham. 2017. Property-Directed Inference of Universal Invariants or Proving Their Absence. J. ACM, 64, 1 (2017), 7:1–7:33. https://doi.org/10.1145/3022187 Google Scholar
Digital Library
- Jason R. Koenig, Oded Padon, Neil Immerman, and Alex Aiken. 2020. First-order quantified separators. In Proceedings of the 41st ACM SIGPLAN International Conference on Programming Language Design and Implementation, PLDI 2020, London, UK, June 15-20, 2020, Alastair F. Donaldson and Emina Torlak (Eds.). ACM, 703–717. https://doi.org/10.1145/3385412.3386018 Google Scholar
Digital Library
- Leslie Lamport. 2001. Paxos made simple. ACM SIGACT News (Distributed Computing Column), 32, 4 (2001), December, 51–58. https://doi.org/10.1145/568425.568433 Google Scholar
Digital Library
- F William Lawvere. 1969. Adjointness in foundations. Dialectica, 23, 3-4 (1969), 281–296. http://www.tac.mta.ca/tac/reprints/articles/16/tr16.pdf Republished in Reprints in Theory Appl. Categ.Google Scholar
Cross Ref
- Haojun Ma, Aman Goel, Jean-Baptiste Jeannin, Manos Kapritsos, Baris Kasikci, and Karem A. Sakallah. 2019. I4: incremental inference of inductive invariants for verification of distributed protocols. In Proceedings of the 27th ACM Symposium on Operating Systems Principles, SOSP 2019, Huntsville, ON, Canada, October 27-30, 2019. 370–384. https://doi.org/10.1145/3341301.3359651 Google Scholar
Digital Library
- Dahlia Malkhi, Leslie Lamport, and Lidong Zhou. 2008. Stoppable Paxos. https://www.microsoft.com/en-us/research/publication/stoppable-paxos/Google Scholar
- Zohar Manna and Amir Pnueli. 1995. Temporal Verification of Reactive Systems - Safety. Springer. isbn:978-0-387-94459-3 https://doi.org/10.1007/978-1-4612-4222-2 Google Scholar
Cross Ref
- Kenneth L. McMillan. 2003. Interpolation and SAT-Based Model Checking. In Computer Aided Verification, 15th International Conference, CAV 2003, Boulder, CO, USA, July 8-12, 2003, Proceedings, Warren A. Hunt Jr. and Fabio Somenzi (Eds.) (Lecture Notes in Computer Science, Vol. 2725). Springer, 1–13. https://doi.org/10.1007/978-3-540-45069-6_1 Google Scholar
- Kenneth L. McMillan. 2006. Lazy Abstraction with Interpolants. In Computer Aided Verification, 18th International Conference, CAV 2006, Seattle, WA, USA, August 17-20, 2006, Proceedings, Thomas Ball and Robert B. Jones (Eds.) (Lecture Notes in Computer Science, Vol. 4144). Springer, 123–136. https://doi.org/10.1007/11817963_14 Google Scholar
Digital Library
- Kenneth L. McMillan. 2014. Lazy Annotation Revisited. In Computer Aided Verification - 26th International Conference, CAV 2014, Held as Part of the Vienna Summer of Logic, VSL 2014, Vienna, Austria, July 18-22, 2014. Proceedings. 243–259. https://doi.org/10.1007/978-3-319-08867-9_16 Google Scholar
Digital Library
- Anders Miltner, Saswat Padhi, Todd D. Millstein, and David Walker. 2020. Data-driven inference of representation invariants. In Proceedings of the 41st ACM SIGPLAN International Conference on Programming Language Design and Implementation, PLDI 2020, London, UK, June 15-20, 2020. 1–15. https://doi.org/10.1145/3385412.3385967 Google Scholar
Digital Library
- Daniel Neider, Shambwaditya Saha, Pranav Garg, and P. Madhusudan. 2019. Sorcar: Property-Driven Algorithms for Learning Conjunctive Invariants. In Static Analysis - 26th International Symposium, SAS 2019, Porto, Portugal, October 8-11, 2019, Proceedings, Bor-Yuh Evan Chang (Ed.) (Lecture Notes in Computer Science, Vol. 11822). Springer, 323–346. https://doi.org/10.1007/978-3-030-32304-2_16 Google Scholar
Digital Library
- Oded Padon, Giuliano Losa, Mooly Sagiv, and Sharon Shoham. 2017. Paxos Made EPR: Decidable Reasoning About Distributed Protocols. Proc. ACM Program. Lang., 1, OOPSLA (2017), Article 108, Oct., 31 pages. issn:2475-1421 https://doi.org/10.1145/3140568 Google Scholar
Digital Library
- Oded Padon, Kenneth L. McMillan, Aurojit Panda, Mooly Sagiv, and Sharon Shoham. 2016. Ivy: safety verification by interactive generalization. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2016, Santa Barbara, CA, USA, June 13-17, 2016, Chandra Krintz and Emery Berger (Eds.). ACM, 614–630. isbn:978-1-4503-4261-2 https://doi.org/10.1145/2908080.2908118 Google Scholar
Digital Library
- Oded Padon, James R. Wilcox, Jason Koenig, Kenneth L. McMillan, and Alex Aiken. 2021. Artifact for POPL 2022 Paper: Induction Duality: Primal-Dual Search for Invariants. November, https://doi.org/10.5281/zenodo.5703081 Google Scholar
Digital Library
- Peter Smith. 2010. The Galois connection of syntax and semantics. Cambridge University. http://www.logicmatters.net/resources/pdfs/Galois.pdfGoogle Scholar
- Fabio Somenzi and Aaron R. Bradley. 2011. IC3: where monolithic and incremental meet. In International Conference on Formal Methods in Computer-Aided Design, FMCAD ’11, Austin, TX, USA, October 30 - November 02, 2011, Per Bjesse and Anna Slobodová (Eds.). FMCAD Inc., 3–8. http://dl.acm.org/citation.cfm?id=2157657Google Scholar
- Marcelo Taube, Giuliano Losa, Kenneth L. McMillan, Oded Padon, Mooly Sagiv, Sharon Shoham, James R. Wilcox, and Doug Woos. 2018. Modularity for decidability of deductive verification with applications to distributed systems. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2018, Philadelphia, PA, USA, June 18-22, 2018, Jeffrey S. Foster and Dan Grossman (Eds.). ACM, 662–677. https://doi.org/10.1145/3192366.3192414 Google Scholar
Digital Library
- James R. Wilcox, Doug Woos, Pavel Panchekha, Zachary Tatlock, Xi Wang, Michael D. Ernst, and Thomas E. Anderson. 2015. Verdi: a framework for implementing and formally verifying distributed systems. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, Portland, OR, USA, June 15-17, 2015, David Grove and Stephen M. Blackburn (Eds.). ACM, 357–368. https://doi.org/10.1145/2737924.2737958 Google Scholar
Digital Library
- Jianan Yao, Runzhou Tao, Ronghui Gu, Jason Nieh, Suman Jana, and Gabriel Ryan. 2021. DistAI: Data-Driven Automated Invariant Learning for Distributed Protocols. In 15th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2021, July 14-16, 2021, Angela Demke Brown and Jay R. Lorch (Eds.). USENIX Association, 405–421. https://www.usenix.org/conference/osdi21/presentation/yaoGoogle Scholar
Index Terms
Induction duality: primal-dual search for invariants
Recommendations
Primal or dual strong-duality in nonconvex optimization and a class of quasiconvex problems having zero duality gap
Primal or dual strong-duality (or min-sup, inf-max duality) in nonconvex optimization is revisited in view of recent literature on the subject, establishing, in particular, new characterizations for the second case. This gives rise to a new class of ...
Duality and pseudo duality of dual disjunctive normal forms
The paper introduces the concepts of dual disjunctive normal forms in classical logic and fuzzy logics with involution negation. The laws of their truth values are studied. One is called duality, the other is called pseudo duality. Dual disjunctive ...
Property-Directed Inference of Universal Invariants or Proving Their Absence
We present Universal Property Directed Reachability (PDR∀), a property-directed semi-algorithm for automatic inference of invariants in a universal fragment of first-order logic. PDR∀ is an extension of Bradley’s PDR/IC3 algorithm for inference of ...






Comments