Abstract
This work addresses the problem of verifying imperative programs that manipulate data structures, e.g., Rust programs. Data structures are usually modeled by Algebraic Data Types (ADTs) in verification conditions. Inductive invariants of such programs often require recursively defined functions (RDFs) to represent abstractions of data structures. From the logic perspective, this reduces to solving Constrained Horn Clauses (CHCs) modulo both ADT and RDF. The underlying logic with RDFs is undecidable. Thus, even verifying a candidate inductive invariant is undecidable. Similarly, IC3-based algorithms for solving CHCs lose their progress guarantee: they may not find counterexamples when the program is unsafe.
We propose a novel IC3-inspired algorithm Racer for solving CHCs modulo ADT and RDF (i.e., automatically synthesizing inductive invariants, as opposed to only verifying them as is done in deductive verification). Racer ensures progress despite the undecidability of the underlying theory, and is guaranteed to terminate with a counterexample for unsafe programs. It works with a general class of RDFs over ADTs called catamorphisms. The key idea is to represent catamorphisms as both CHCs, via relationification, and RDFs, using novel abstractions. Encoding catamorphisms as CHCs allows learning inductive properties of catamorphisms, as well as preserving unsatisfiabilty of the original CHCs despite the use of RDF abstractions, whereas encoding catamorphisms as RDFs allows unfolding the recursive definition, and relying on it in solutions. Abstractions ensure that the underlying theory remains decidable. We implement our approach in Z3 and show that it works well in practice.
Supplemental Material
- Francesco Alberti, Roberto Bruttomesso, Silvio Ghilardi, Silvio Ranise, and Natasha Sharygina. 2012. Lazy Abstraction with Interpolants for Arrays. In Logic for Programming, Artificial Intelligence, and Reasoning - 18th International Conference, LPAR-18, Mérida, Venezuela, March 11-15, 2012. Proceedings, Nikolaj Bjørner and Andrei Voronkov (Eds.) (Lecture Notes in Computer Science, Vol. 7180). Springer, 46–61. https://doi.org/10.1007/978-3-642-28717-6_7 Google Scholar
Digital Library
- Nada Amin, K. Rustan M. Leino, and Tiark Rompf. 2014. Computing with an SMT Solver. In Tests and Proofs - 8th International Conference, [email protected] 2014, York, UK, July 24-25, 2014. Proceedings, Martina Seidl and Nikolai Tillmann (Eds.) (Lecture Notes in Computer Science, Vol. 8570). Springer, 20–35. https://doi.org/10.1007/978-3-319-09099-3_2 Google Scholar
Cross Ref
- Clark Barrett, Pascal Fontaine, and Cesare Tinelli. 2017. The SMT-LIB Standard: Version 2.6. Department of Computer Science, The University of Iowa. Available at www.SMT-LIB.org.Google Scholar
- Clark W. Barrett, Igor Shikanian, and Cesare Tinelli. 2007. An Abstract Decision Procedure for a Theory of Inductive Data Types. J. Satisf. Boolean Model. Comput., 3, 1-2 (2007), 21–46. https://doi.org/10.3233/sat190028 Google Scholar
Cross Ref
- Nikolaj Bjørner. 1999. Integrating Decision Procedures for Temporal Verification. Ph.D. Dissertation. Stanford University. Stanford, CA, USA. isbn:0599239840 AAI9924398.Google Scholar
- Nikolaj Bjørner, Arie Gurfinkel, Kenneth L. McMillan, and Andrey Rybalchenko. 2015. Horn Clause Solvers for Program Verification. In Fields of Logic and Computation II - Essays Dedicated to Yuri Gurevich on the Occasion of His 75th Birthday, Lev D. Beklemishev, Andreas Blass, Nachum Dershowitz, Bernd Finkbeiner, and Wolfram Schulte (Eds.) (Lecture Notes in Computer Science, Vol. 9300). Springer, 24–51. https://doi.org/10.1007/978-3-319-23534-9_2 Google Scholar
Cross Ref
- Nikolaj Bjørner and Mikolás Janota. 2015. Playing with Quantified Satisfaction. In 20th International Conferences on Logic for Programming, Artificial Intelligence and Reasoning - Short Presentations, LPAR 2015, Suva, Fiji, November 24-28, 2015, Ansgar Fehnker, Annabelle McIver, Geoff Sutcliffe, and Andrei Voronkov (Eds.) (EPiC Series in Computing, Vol. 35). EasyChair, 15–27.Google Scholar
- Denis Bueno and Karem A. Sakallah. 2019. EUForia: Complete Software Model Checking with Uninterpreted Functions. In Verification, Model Checking, and Abstract Interpretation - 20th International Conference, VMCAI 2019, Cascais, Portugal, January 13-15, 2019, Proceedings, Constantin Enea and Ruzica Piskac (Eds.) (Lecture Notes in Computer Science, Vol. 11388). Springer, 363–385. https://doi.org/10.1007/978-3-030-11245-5_17 Google Scholar
Cross Ref
- Adrien Champion, Tomoya Chiba, Naoki Kobayashi, and Ryosuke Sato. 2018. ICE-Based Refinement Type Discovery for Higher-Order Functional Programs. In Tools and Algorithms for the Construction and Analysis of Systems - 24th International Conference, TACAS 2018, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018, Thessaloniki, Greece, April 14-20, 2018, Proceedings, Part I, Dirk Beyer and Marieke Huisman (Eds.) (Lecture Notes in Computer Science, Vol. 10805). Springer, 365–384. https://doi.org/10.1007/978-3-319-89960-2_20 Google Scholar
Cross Ref
- CHC-COMP. 2021. CHC-COMP. https://chc-comp.github.ioGoogle Scholar
- Emanuele De Angelis, Fabio Fioravanti, Alberto Pettorossi, and Maurizio Proietti. 2018. Solving Horn Clauses on Inductive Data Types Without Induction. Theory Pract. Log. Program., 18, 3-4 (2018), 452–469. https://doi.org/10.1017/S1471068418000157 Google Scholar
Cross Ref
- Emanuele De Angelis, Fabio Fioravanti, Alberto Pettorossi, and Maurizio Proietti. 2020. Removing Algebraic Data Types from Constrained Horn Clauses Using Difference Predicates. In Automated Reasoning - 10th International Joint Conference, IJCAR 2020, Paris, France, July 1-4, 2020, Proceedings, Part I, Nicolas Peltier and Viorica Sofronie-Stokkermans (Eds.) (Lecture Notes in Computer Science, Vol. 12166). Springer, 83–102. https://doi.org/10.1007/978-3-030-51074-9_6 Google Scholar
Digital Library
- Grigory Fedyukovich, Samuel J. Kaufman, and Rastislav Bodík. 2017. Sampling invariants from frequency distributions. In 2017 Formal Methods in Computer Aided Design, FMCAD 2017, Vienna, Austria, October 2-6, 2017, Daryl Stewart and Georg Weissenbacher (Eds.). IEEE, 100–107. https://doi.org/10.23919/FMCAD.2017.8102247 Google Scholar
Cross Ref
- Grigory Fedyukovich, Samuel J. Kaufman, and Rastislav Bodík. 2020. Learning inductive invariants by sampling from frequency distributions. Formal Methods Syst. Des., 56, 1 (2020), 154–177. https://doi.org/10.1007/s10703-020-00349-x Google Scholar
Digital Library
- Jean-Christophe Filliâtre and Andrei Paskevich. 2013. Why3 - Where Programs Meet Provers. In Programming Languages and Systems - 22nd European Symposium on Programming, ESOP 2013, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2013, Rome, Italy, March 16-24, 2013. Proceedings, Matthias Felleisen and Philippa Gardner (Eds.) (Lecture Notes in Computer Science, Vol. 7792). Springer, 125–128. https://doi.org/10.1007/978-3-642-37036-6_8 Google Scholar
Digital Library
- Cormac Flanagan, Rajeev Joshi, and K. Rustan M. Leino. 2001. Annotation inference for modular checkers. Inf. Process. Lett., 77, 2-4 (2001), 97–108. https://doi.org/10.1016/S0020-0190(00)00196-4 Google Scholar
Digital Library
- Cormac Flanagan and K. Rustan M. Leino. 2001. Houdini, an Annotation Assistant for ESC/Java. In FME 2001: Formal Methods for Increasing Software Productivity, International Symposium of Formal Methods Europe, Berlin, Germany, March 12-16, 2001, Proceedings, José Nuno Oliveira and Pamela Zave (Eds.) (Lecture Notes in Computer Science, Vol. 2021). Springer, 500–517. https://doi.org/10.1007/3-540-45251-6_29 Google Scholar
Cross Ref
- Pranav Garg, Daniel Neider, P. Madhusudan, and Dan Roth. 2016. Learning invariants using decision trees and implication counterexamples. In Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2016, St. Petersburg, FL, USA, January 20 - 22, 2016, Rastislav Bodík and Rupak Majumdar (Eds.). ACM, 499–512. https://doi.org/10.1145/2837614.2837664 Google Scholar
Digital Library
- Sergey Grebenshchikov, Nuno P. Lopes, Corneliu Popeea, and Andrey Rybalchenko. 2012. Synthesizing software verifiers from proof rules. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’12, Beijing, China - June 11 - 16, 2012, Jan Vitek, Haibo Lin, and Frank Tip (Eds.). ACM, 405–416. https://doi.org/10.1145/2254064.2254112 Google Scholar
Digital Library
- Krystof Hoder and Nikolaj Bjørner. 2012. Generalized Property Directed Reachability. In Theory and Applications of Satisfiability Testing - SAT 2012 - 15th International Conference, Trento, Italy, June 17-20, 2012. Proceedings, Alessandro Cimatti and Roberto Sebastiani (Eds.) (Lecture Notes in Computer Science, Vol. 7317). Springer, 157–171. https://doi.org/10.1007/978-3-642-31612-8_13 Google Scholar
Digital Library
- Hossein Hojjat and Philipp Rümmer. 2017. Deciding and Interpolating Algebraic Data Types by Reduction. In 19th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing, SYNASC 2017, Timisoara, Romania, September 21-24, 2017, Tudor Jebelean, Viorel Negru, Dana Petcu, Daniela Zaharie, Tetsuo Ida, and Stephen M. Watt (Eds.). IEEE Computer Society, 145–152. https://doi.org/10.1109/SYNASC.2017.00033 Google Scholar
Cross Ref
- Hossein Hojjat and Philipp Rümmer. 2018. The ELDARICA Horn Solver. In 2018 Formal Methods in Computer Aided Design, FMCAD 2018, Austin, TX, USA, October 30 - November 2, 2018, Nikolaj Bjørner and Arie Gurfinkel (Eds.). IEEE, 1–7. https://doi.org/10.23919/FMCAD.2018.8603013 Google Scholar
- Anvesh Komuravelli, Arie Gurfinkel, and Sagar Chaki. 2016. SMT-based model checking for recursive programs. Formal Methods Syst. Des., 48, 3 (2016), 175–205. https://doi.org/10.1007/s10703-016-0249-4 Google Scholar
Digital Library
- Yurii Kostyukov, Dmitry Mordvinov, and Grigory Fedyukovich. 2021. Beyond the elementary representations of program invariants over algebraic data types. In PLDI ’21: 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation, Virtual Event, Canada, June 20-25, 20211, Stephen N. Freund and Eran Yahav (Eds.). ACM, 451–465. https://doi.org/10.1145/3453483.3454055 Google Scholar
Digital Library
- K. Rustan M. Leino. 2010. Dafny: An Automatic Program Verifier for Functional Correctness. In Logic for Programming, Artificial Intelligence, and Reasoning - 16th International Conference, LPAR-16, Dakar, Senegal, April 25-May 1, 2010, Revised Selected Papers, Edmund M. Clarke and Andrei Voronkov (Eds.) (Lecture Notes in Computer Science, Vol. 6355). Springer, 348–370. https://doi.org/10.1007/978-3-642-17511-4_20 Google Scholar
Cross Ref
- K. Rustan M. Leino. 2012. Automating Induction with an SMT Solver. In Verification, Model Checking, and Abstract Interpretation - 13th International Conference, VMCAI 2012, Philadelphia, PA, USA, January 22-24, 2012. Proceedings, Viktor Kuncak and Andrey Rybalchenko (Eds.) (Lecture Notes in Computer Science, Vol. 7148). Springer, 315–331. https://doi.org/10.1007/978-3-642-27940-9_21 Google Scholar
Digital Library
- Christof Löding, P. Madhusudan, and Lucas Peña. 2018. Foundations for natural proofs and quantifier instantiation. Proc. ACM Program. Lang., 2, POPL (2018), 10:1–10:30. https://doi.org/10.1145/3158098 Google Scholar
Digital Library
- Yusuke Matsushita, Takeshi Tsukada, and Naoki Kobayashi. 2020. RustHorn: CHC-Based Verification for Rust Programs. In Programming Languages and Systems - 29th European Symposium on Programming, ESOP 2020, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2020, Dublin, Ireland, April 25-30, 2020, Proceedings, Peter Müller (Ed.) (Lecture Notes in Computer Science, Vol. 12075). Springer, 484–514. https://doi.org/10.1007/978-3-030-44914-8_18 Google Scholar
Digital Library
- Peter Müller, Malte Schwerhoff, and Alexander J. Summers. 2016. Viper: A Verification Infrastructure for Permission-Based Reasoning. In Verification, Model Checking, and Abstract Interpretation - 17th International Conference, VMCAI 2016, St. Petersburg, FL, USA, January 17-19, 2016. Proceedings, Barbara Jobstmann and K. Rustan M. Leino (Eds.) (Lecture Notes in Computer Science, Vol. 9583). Springer, 41–62. https://doi.org/10.1007/978-3-662-49122-5_2 Google Scholar
Digital Library
- Derek C. Oppen. 1980. Reasoning About Recursively Defined Data Structures. J. ACM, 27, 3 (1980), 403–411. https://doi.org/10.1145/322203.322204 Google Scholar
Digital Library
- Tuan-Hung Pham, Andrew Gacek, and Michael W. Whalen. 2016. Reasoning About Algebraic Data Types with Abstractions. J. Autom. Reason., 57, 4 (2016), 281–318. https://doi.org/10.1007/s10817-016-9368-2 Google Scholar
Digital Library
- Giles Reger and Andrei Voronkov. 2019. Induction in Saturation-Based Proof Search. In Automated Deduction - CADE 27 - 27th International Conference on Automated Deduction, Natal, Brazil, August 27-30, 2019, Proceedings, Pascal Fontaine (Ed.) (Lecture Notes in Computer Science, Vol. 11716). Springer, 477–494. https://doi.org/10.1007/978-3-030-29436-6_28 Google Scholar
Digital Library
- Andrew Reynolds and Viktor Kuncak. 2015. Induction for SMT Solvers. In Verification, Model Checking, and Abstract Interpretation - 16th International Conference, VMCAI 2015, Mumbai, India, January 12-14, 2015. Proceedings, Deepak D’Souza, Akash Lal, and Kim Guldstrand Larsen (Eds.) (Lecture Notes in Computer Science, Vol. 8931). Springer, 80–98. https://doi.org/10.1007/978-3-662-46081-8_5 Google Scholar
Digital Library
- Dan Rosén and Nicholas Smallbone. 2015. TIP: Tools for Inductive Provers. In Logic for Programming, Artificial Intelligence, and Reasoning - 20th International Conference, LPAR-20 2015, Suva, Fiji, November 24-28, 2015, Proceedings, Martin Davis, Ansgar Fehnker, Annabelle McIver, and Andrei Voronkov (Eds.) (Lecture Notes in Computer Science, Vol. 9450). Springer, 219–232. https://doi.org/10.1007/978-3-662-48899-7_16 Google Scholar
Digital Library
- Philippe Suter, Mirco Dotta, and Viktor Kuncak. 2010. Decision procedures for algebraic data types with abstractions. In Proceedings of the 37th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2010, Madrid, Spain, January 17-23, 2010, Manuel V. Hermenegildo and Jens Palsberg (Eds.). ACM, 199–210. https://doi.org/10.1145/1706299.1706325 Google Scholar
Digital Library
- Philippe Suter, Ali Sinan Köksal, and Viktor Kuncak. 2011. Satisfiability Modulo Recursive Programs. In Static Analysis - 18th International Symposium, SAS 2011, Venice, Italy, September 14-16, 2011. Proceedings, Eran Yahav (Ed.) (Lecture Notes in Computer Science, Vol. 6887). Springer, 298–315. https://doi.org/10.1007/978-3-642-23702-7_23 Google Scholar
Cross Ref
- Ting Zhang, Henny B. Sipma, and Zohar Manna. 2004. Decision Procedures for Recursive Data Structures with Integer Constraints. In Automated Reasoning - Second International Joint Conference, IJCAR 2004, Cork, Ireland, July 4-8, 2004, Proceedings, David A. Basin and Michaël Rusinowitch (Eds.) (Lecture Notes in Computer Science, Vol. 3097). Springer, 152–167. https://doi.org/10.1007/978-3-540-25984-8_9 Google Scholar
Cross Ref
- Ting Zhang, Henny B. Sipma, and Zohar Manna. 2006. Decision procedures for term algebras with integer constraints. Inf. Comput., 204, 10 (2006), 1526–1574. https://doi.org/10.1016/j.ic.2006.03.004 Google Scholar
Cross Ref
- He Zhu, Stephen Magill, and Suresh Jagannathan. 2018. A data-driven CHC solver. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2018, Philadelphia, PA, USA, June 18-22, 2018, Jeffrey S. Foster and Dan Grossman (Eds.). ACM, 707–721. https://doi.org/10.1145/3192366.3192416 Google Scholar
Digital Library
Index Terms
Solving constrained Horn clauses modulo algebraic data types and recursive functions
Recommendations
Verifying higher-order functional programs with pattern-matching algebraic data types
POPL '11Type-based model checking algorithms for higher-order recursion schemes have recently emerged as a promising approach to the verification of functional programs. We introduce pattern-matching recursion schemes (PMRS) as an accurate model of computation ...
Combining Theorem Proving with Model Checking through Predicate Abstraction
This article presents a procedure for proving invariants of infinite-state reactive systems using a combination of two formal verification techniques: theorem proving and model checking. This method uses term rewriting on the definition of the target ...
Verifying higher-order functional programs with pattern-matching algebraic data types
POPL '11: Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesType-based model checking algorithms for higher-order recursion schemes have recently emerged as a promising approach to the verification of functional programs. We introduce pattern-matching recursion schemes (PMRS) as an accurate model of computation ...






Comments