skip to main content

Solving constrained Horn clauses modulo algebraic data types and recursive functions

Published:12 January 2022Publication History
Skip Abstract Section

Abstract

This work addresses the problem of verifying imperative programs that manipulate data structures, e.g., Rust programs. Data structures are usually modeled by Algebraic Data Types (ADTs) in verification conditions. Inductive invariants of such programs often require recursively defined functions (RDFs) to represent abstractions of data structures. From the logic perspective, this reduces to solving Constrained Horn Clauses (CHCs) modulo both ADT and RDF. The underlying logic with RDFs is undecidable. Thus, even verifying a candidate inductive invariant is undecidable. Similarly, IC3-based algorithms for solving CHCs lose their progress guarantee: they may not find counterexamples when the program is unsafe.

We propose a novel IC3-inspired algorithm Racer for solving CHCs modulo ADT and RDF (i.e., automatically synthesizing inductive invariants, as opposed to only verifying them as is done in deductive verification). Racer ensures progress despite the undecidability of the underlying theory, and is guaranteed to terminate with a counterexample for unsafe programs. It works with a general class of RDFs over ADTs called catamorphisms. The key idea is to represent catamorphisms as both CHCs, via relationification, and RDFs, using novel abstractions. Encoding catamorphisms as CHCs allows learning inductive properties of catamorphisms, as well as preserving unsatisfiabilty of the original CHCs despite the use of RDF abstractions, whereas encoding catamorphisms as RDFs allows unfolding the recursive definition, and relying on it in solutions. Abstractions ensure that the underlying theory remains decidable. We implement our approach in Z3 and show that it works well in practice.

Skip Supplemental Material Section

Supplemental Material

Auxiliary Presentation Video

This is a presentation video for my paper titled "Solving constrained horn clauses modulo algebraic data types and recursive functions" published at POPL 2022.

References

  1. Francesco Alberti, Roberto Bruttomesso, Silvio Ghilardi, Silvio Ranise, and Natasha Sharygina. 2012. Lazy Abstraction with Interpolants for Arrays. In Logic for Programming, Artificial Intelligence, and Reasoning - 18th International Conference, LPAR-18, Mérida, Venezuela, March 11-15, 2012. Proceedings, Nikolaj Bjørner and Andrei Voronkov (Eds.) (Lecture Notes in Computer Science, Vol. 7180). Springer, 46–61. https://doi.org/10.1007/978-3-642-28717-6_7 Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Nada Amin, K. Rustan M. Leino, and Tiark Rompf. 2014. Computing with an SMT Solver. In Tests and Proofs - 8th International Conference, [email protected] 2014, York, UK, July 24-25, 2014. Proceedings, Martina Seidl and Nikolai Tillmann (Eds.) (Lecture Notes in Computer Science, Vol. 8570). Springer, 20–35. https://doi.org/10.1007/978-3-319-09099-3_2 Google ScholarGoogle ScholarCross RefCross Ref
  3. Clark Barrett, Pascal Fontaine, and Cesare Tinelli. 2017. The SMT-LIB Standard: Version 2.6. Department of Computer Science, The University of Iowa. Available at www.SMT-LIB.org.Google ScholarGoogle Scholar
  4. Clark W. Barrett, Igor Shikanian, and Cesare Tinelli. 2007. An Abstract Decision Procedure for a Theory of Inductive Data Types. J. Satisf. Boolean Model. Comput., 3, 1-2 (2007), 21–46. https://doi.org/10.3233/sat190028 Google ScholarGoogle ScholarCross RefCross Ref
  5. Nikolaj Bjørner. 1999. Integrating Decision Procedures for Temporal Verification. Ph.D. Dissertation. Stanford University. Stanford, CA, USA. isbn:0599239840 AAI9924398.Google ScholarGoogle Scholar
  6. Nikolaj Bjørner, Arie Gurfinkel, Kenneth L. McMillan, and Andrey Rybalchenko. 2015. Horn Clause Solvers for Program Verification. In Fields of Logic and Computation II - Essays Dedicated to Yuri Gurevich on the Occasion of His 75th Birthday, Lev D. Beklemishev, Andreas Blass, Nachum Dershowitz, Bernd Finkbeiner, and Wolfram Schulte (Eds.) (Lecture Notes in Computer Science, Vol. 9300). Springer, 24–51. https://doi.org/10.1007/978-3-319-23534-9_2 Google ScholarGoogle ScholarCross RefCross Ref
  7. Nikolaj Bjørner and Mikolás Janota. 2015. Playing with Quantified Satisfaction. In 20th International Conferences on Logic for Programming, Artificial Intelligence and Reasoning - Short Presentations, LPAR 2015, Suva, Fiji, November 24-28, 2015, Ansgar Fehnker, Annabelle McIver, Geoff Sutcliffe, and Andrei Voronkov (Eds.) (EPiC Series in Computing, Vol. 35). EasyChair, 15–27.Google ScholarGoogle Scholar
  8. Denis Bueno and Karem A. Sakallah. 2019. EUForia: Complete Software Model Checking with Uninterpreted Functions. In Verification, Model Checking, and Abstract Interpretation - 20th International Conference, VMCAI 2019, Cascais, Portugal, January 13-15, 2019, Proceedings, Constantin Enea and Ruzica Piskac (Eds.) (Lecture Notes in Computer Science, Vol. 11388). Springer, 363–385. https://doi.org/10.1007/978-3-030-11245-5_17 Google ScholarGoogle ScholarCross RefCross Ref
  9. Adrien Champion, Tomoya Chiba, Naoki Kobayashi, and Ryosuke Sato. 2018. ICE-Based Refinement Type Discovery for Higher-Order Functional Programs. In Tools and Algorithms for the Construction and Analysis of Systems - 24th International Conference, TACAS 2018, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018, Thessaloniki, Greece, April 14-20, 2018, Proceedings, Part I, Dirk Beyer and Marieke Huisman (Eds.) (Lecture Notes in Computer Science, Vol. 10805). Springer, 365–384. https://doi.org/10.1007/978-3-319-89960-2_20 Google ScholarGoogle ScholarCross RefCross Ref
  10. CHC-COMP. 2021. CHC-COMP. https://chc-comp.github.ioGoogle ScholarGoogle Scholar
  11. Emanuele De Angelis, Fabio Fioravanti, Alberto Pettorossi, and Maurizio Proietti. 2018. Solving Horn Clauses on Inductive Data Types Without Induction. Theory Pract. Log. Program., 18, 3-4 (2018), 452–469. https://doi.org/10.1017/S1471068418000157 Google ScholarGoogle ScholarCross RefCross Ref
  12. Emanuele De Angelis, Fabio Fioravanti, Alberto Pettorossi, and Maurizio Proietti. 2020. Removing Algebraic Data Types from Constrained Horn Clauses Using Difference Predicates. In Automated Reasoning - 10th International Joint Conference, IJCAR 2020, Paris, France, July 1-4, 2020, Proceedings, Part I, Nicolas Peltier and Viorica Sofronie-Stokkermans (Eds.) (Lecture Notes in Computer Science, Vol. 12166). Springer, 83–102. https://doi.org/10.1007/978-3-030-51074-9_6 Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Grigory Fedyukovich, Samuel J. Kaufman, and Rastislav Bodík. 2017. Sampling invariants from frequency distributions. In 2017 Formal Methods in Computer Aided Design, FMCAD 2017, Vienna, Austria, October 2-6, 2017, Daryl Stewart and Georg Weissenbacher (Eds.). IEEE, 100–107. https://doi.org/10.23919/FMCAD.2017.8102247 Google ScholarGoogle ScholarCross RefCross Ref
  14. Grigory Fedyukovich, Samuel J. Kaufman, and Rastislav Bodík. 2020. Learning inductive invariants by sampling from frequency distributions. Formal Methods Syst. Des., 56, 1 (2020), 154–177. https://doi.org/10.1007/s10703-020-00349-x Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Jean-Christophe Filliâtre and Andrei Paskevich. 2013. Why3 - Where Programs Meet Provers. In Programming Languages and Systems - 22nd European Symposium on Programming, ESOP 2013, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2013, Rome, Italy, March 16-24, 2013. Proceedings, Matthias Felleisen and Philippa Gardner (Eds.) (Lecture Notes in Computer Science, Vol. 7792). Springer, 125–128. https://doi.org/10.1007/978-3-642-37036-6_8 Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Cormac Flanagan, Rajeev Joshi, and K. Rustan M. Leino. 2001. Annotation inference for modular checkers. Inf. Process. Lett., 77, 2-4 (2001), 97–108. https://doi.org/10.1016/S0020-0190(00)00196-4 Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Cormac Flanagan and K. Rustan M. Leino. 2001. Houdini, an Annotation Assistant for ESC/Java. In FME 2001: Formal Methods for Increasing Software Productivity, International Symposium of Formal Methods Europe, Berlin, Germany, March 12-16, 2001, Proceedings, José Nuno Oliveira and Pamela Zave (Eds.) (Lecture Notes in Computer Science, Vol. 2021). Springer, 500–517. https://doi.org/10.1007/3-540-45251-6_29 Google ScholarGoogle ScholarCross RefCross Ref
  18. Pranav Garg, Daniel Neider, P. Madhusudan, and Dan Roth. 2016. Learning invariants using decision trees and implication counterexamples. In Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2016, St. Petersburg, FL, USA, January 20 - 22, 2016, Rastislav Bodík and Rupak Majumdar (Eds.). ACM, 499–512. https://doi.org/10.1145/2837614.2837664 Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Sergey Grebenshchikov, Nuno P. Lopes, Corneliu Popeea, and Andrey Rybalchenko. 2012. Synthesizing software verifiers from proof rules. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’12, Beijing, China - June 11 - 16, 2012, Jan Vitek, Haibo Lin, and Frank Tip (Eds.). ACM, 405–416. https://doi.org/10.1145/2254064.2254112 Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Krystof Hoder and Nikolaj Bjørner. 2012. Generalized Property Directed Reachability. In Theory and Applications of Satisfiability Testing - SAT 2012 - 15th International Conference, Trento, Italy, June 17-20, 2012. Proceedings, Alessandro Cimatti and Roberto Sebastiani (Eds.) (Lecture Notes in Computer Science, Vol. 7317). Springer, 157–171. https://doi.org/10.1007/978-3-642-31612-8_13 Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Hossein Hojjat and Philipp Rümmer. 2017. Deciding and Interpolating Algebraic Data Types by Reduction. In 19th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing, SYNASC 2017, Timisoara, Romania, September 21-24, 2017, Tudor Jebelean, Viorel Negru, Dana Petcu, Daniela Zaharie, Tetsuo Ida, and Stephen M. Watt (Eds.). IEEE Computer Society, 145–152. https://doi.org/10.1109/SYNASC.2017.00033 Google ScholarGoogle ScholarCross RefCross Ref
  22. Hossein Hojjat and Philipp Rümmer. 2018. The ELDARICA Horn Solver. In 2018 Formal Methods in Computer Aided Design, FMCAD 2018, Austin, TX, USA, October 30 - November 2, 2018, Nikolaj Bjørner and Arie Gurfinkel (Eds.). IEEE, 1–7. https://doi.org/10.23919/FMCAD.2018.8603013 Google ScholarGoogle Scholar
  23. Anvesh Komuravelli, Arie Gurfinkel, and Sagar Chaki. 2016. SMT-based model checking for recursive programs. Formal Methods Syst. Des., 48, 3 (2016), 175–205. https://doi.org/10.1007/s10703-016-0249-4 Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Yurii Kostyukov, Dmitry Mordvinov, and Grigory Fedyukovich. 2021. Beyond the elementary representations of program invariants over algebraic data types. In PLDI ’21: 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation, Virtual Event, Canada, June 20-25, 20211, Stephen N. Freund and Eran Yahav (Eds.). ACM, 451–465. https://doi.org/10.1145/3453483.3454055 Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. K. Rustan M. Leino. 2010. Dafny: An Automatic Program Verifier for Functional Correctness. In Logic for Programming, Artificial Intelligence, and Reasoning - 16th International Conference, LPAR-16, Dakar, Senegal, April 25-May 1, 2010, Revised Selected Papers, Edmund M. Clarke and Andrei Voronkov (Eds.) (Lecture Notes in Computer Science, Vol. 6355). Springer, 348–370. https://doi.org/10.1007/978-3-642-17511-4_20 Google ScholarGoogle ScholarCross RefCross Ref
  26. K. Rustan M. Leino. 2012. Automating Induction with an SMT Solver. In Verification, Model Checking, and Abstract Interpretation - 13th International Conference, VMCAI 2012, Philadelphia, PA, USA, January 22-24, 2012. Proceedings, Viktor Kuncak and Andrey Rybalchenko (Eds.) (Lecture Notes in Computer Science, Vol. 7148). Springer, 315–331. https://doi.org/10.1007/978-3-642-27940-9_21 Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Christof Löding, P. Madhusudan, and Lucas Peña. 2018. Foundations for natural proofs and quantifier instantiation. Proc. ACM Program. Lang., 2, POPL (2018), 10:1–10:30. https://doi.org/10.1145/3158098 Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Yusuke Matsushita, Takeshi Tsukada, and Naoki Kobayashi. 2020. RustHorn: CHC-Based Verification for Rust Programs. In Programming Languages and Systems - 29th European Symposium on Programming, ESOP 2020, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2020, Dublin, Ireland, April 25-30, 2020, Proceedings, Peter Müller (Ed.) (Lecture Notes in Computer Science, Vol. 12075). Springer, 484–514. https://doi.org/10.1007/978-3-030-44914-8_18 Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Peter Müller, Malte Schwerhoff, and Alexander J. Summers. 2016. Viper: A Verification Infrastructure for Permission-Based Reasoning. In Verification, Model Checking, and Abstract Interpretation - 17th International Conference, VMCAI 2016, St. Petersburg, FL, USA, January 17-19, 2016. Proceedings, Barbara Jobstmann and K. Rustan M. Leino (Eds.) (Lecture Notes in Computer Science, Vol. 9583). Springer, 41–62. https://doi.org/10.1007/978-3-662-49122-5_2 Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Derek C. Oppen. 1980. Reasoning About Recursively Defined Data Structures. J. ACM, 27, 3 (1980), 403–411. https://doi.org/10.1145/322203.322204 Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Tuan-Hung Pham, Andrew Gacek, and Michael W. Whalen. 2016. Reasoning About Algebraic Data Types with Abstractions. J. Autom. Reason., 57, 4 (2016), 281–318. https://doi.org/10.1007/s10817-016-9368-2 Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Giles Reger and Andrei Voronkov. 2019. Induction in Saturation-Based Proof Search. In Automated Deduction - CADE 27 - 27th International Conference on Automated Deduction, Natal, Brazil, August 27-30, 2019, Proceedings, Pascal Fontaine (Ed.) (Lecture Notes in Computer Science, Vol. 11716). Springer, 477–494. https://doi.org/10.1007/978-3-030-29436-6_28 Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Andrew Reynolds and Viktor Kuncak. 2015. Induction for SMT Solvers. In Verification, Model Checking, and Abstract Interpretation - 16th International Conference, VMCAI 2015, Mumbai, India, January 12-14, 2015. Proceedings, Deepak D’Souza, Akash Lal, and Kim Guldstrand Larsen (Eds.) (Lecture Notes in Computer Science, Vol. 8931). Springer, 80–98. https://doi.org/10.1007/978-3-662-46081-8_5 Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Dan Rosén and Nicholas Smallbone. 2015. TIP: Tools for Inductive Provers. In Logic for Programming, Artificial Intelligence, and Reasoning - 20th International Conference, LPAR-20 2015, Suva, Fiji, November 24-28, 2015, Proceedings, Martin Davis, Ansgar Fehnker, Annabelle McIver, and Andrei Voronkov (Eds.) (Lecture Notes in Computer Science, Vol. 9450). Springer, 219–232. https://doi.org/10.1007/978-3-662-48899-7_16 Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Philippe Suter, Mirco Dotta, and Viktor Kuncak. 2010. Decision procedures for algebraic data types with abstractions. In Proceedings of the 37th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2010, Madrid, Spain, January 17-23, 2010, Manuel V. Hermenegildo and Jens Palsberg (Eds.). ACM, 199–210. https://doi.org/10.1145/1706299.1706325 Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Philippe Suter, Ali Sinan Köksal, and Viktor Kuncak. 2011. Satisfiability Modulo Recursive Programs. In Static Analysis - 18th International Symposium, SAS 2011, Venice, Italy, September 14-16, 2011. Proceedings, Eran Yahav (Ed.) (Lecture Notes in Computer Science, Vol. 6887). Springer, 298–315. https://doi.org/10.1007/978-3-642-23702-7_23 Google ScholarGoogle ScholarCross RefCross Ref
  37. Ting Zhang, Henny B. Sipma, and Zohar Manna. 2004. Decision Procedures for Recursive Data Structures with Integer Constraints. In Automated Reasoning - Second International Joint Conference, IJCAR 2004, Cork, Ireland, July 4-8, 2004, Proceedings, David A. Basin and Michaël Rusinowitch (Eds.) (Lecture Notes in Computer Science, Vol. 3097). Springer, 152–167. https://doi.org/10.1007/978-3-540-25984-8_9 Google ScholarGoogle ScholarCross RefCross Ref
  38. Ting Zhang, Henny B. Sipma, and Zohar Manna. 2006. Decision procedures for term algebras with integer constraints. Inf. Comput., 204, 10 (2006), 1526–1574. https://doi.org/10.1016/j.ic.2006.03.004 Google ScholarGoogle ScholarCross RefCross Ref
  39. He Zhu, Stephen Magill, and Suresh Jagannathan. 2018. A data-driven CHC solver. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2018, Philadelphia, PA, USA, June 18-22, 2018, Jeffrey S. Foster and Dan Grossman (Eds.). ACM, 707–721. https://doi.org/10.1145/3192366.3192416 Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Solving constrained Horn clauses modulo algebraic data types and recursive functions

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!