Complexity and information in invariant inference

Feldman, Yotam M. Y.; Immerman, Neil; Sagiv, Mooly; Shoham, Sharon

doi:10.1145/3371073

“…All 29 protocols are safe based on manual verification. Even though finding counterexample traces is equally important, we limit our evaluation to safe protocols where the property holds, since inferring inductive invariants is the main bottleneck of existing techniques for verifying distributed protocols [29,30,63].…”

Section: Discussionmentioning

confidence: 99%

On Symmetry and Quantification: A New Approach to Verify Distributed Protocols

Goel

¹

,

Sakallah

²

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Proving that an unbounded distributed protocol satisfies a given safety property amounts to finding a quantified inductive invariant that implies the property for all possible instance sizes of the protocol. Existing methods for solving this problem can be described as search procedures for an invariant whose quantification prefix fits a particular template. We propose an alternative constructive approach that does not prescribe, a priori, a specific quantifier prefix. Instead, the required prefix is automatically inferred without any search by carefully analyzing the structural symmetries of the protocol. The key insight underlying this approach is that symmetry and quantification are closely related concepts that express protocol invariance under different re-arrangements of its components. We propose symmetric incremental induction, an extension of the finite-domain IC3/PDR algorithm, that automatically derives the required quantified inductive invariant by exploiting the connection between symmetry and quantification. While various attempts have been made to exploit symmetry in verification applications, to our knowledge, this is the first demonstration of a direct link between symmetry and quantification in the context of clause learning during incremental induction. We also describe a procedure to automatically find a minimal finite size, the cutoff, that yields a quantified invariant proving safety for any size.Our approach is implemented in IC3PO, a new verifier for distributed protocols that significantly outperforms the state-of-the-art, scales orders of magnitude faster, and robustly derives compact inductive invariants fully automatically.

show abstract

“…All 29 protocols are safe based on manual verification. Even though finding counterexample traces is equally important, we limit our evaluation to safe protocols where the property holds, since inferring inductive invariants is the main bottleneck of existing techniques for verifying distributed protocols [30,31,63].…”

Section: Discussionmentioning

confidence: 99%

“…Algorithm 2 describes the symmetric incremental induction algorithm. The procedure first checks whether the property can be trivially violated (lines [19][20][21][22], and if not, starts recursively deriving and blocking counterexamples-toinduction (CTI) from the topmost frame (lines [24][25][26][27][28][29][30][31][32][33][34][35]. Given a solver model m, < never occurred > --infer ∀ by default (may not be compact, though correct for the current instance) The core of the SymIC3 algorithm is the SymBoost∀∃ algorithm, presented in Algorithm 3.…”

Section: Discussionmentioning

confidence: 99%

On Symmetry and Quantification: A New Approach to Verify Distributed Protocols

Goel,

Sakallah

2021

Preprint

0

View full text Add to dashboard Cite

Proving that an unbounded distributed protocol satisfies a given safety property amounts to finding a quantified inductive invariant that implies the property for all possible instance sizes of the protocol. Existing methods for solving this problem can be described as search procedures for an invariant whose quantification prefix fits a particular template. We propose an alternative constructive approach that does not prescribe, a priori, a specific quantifier prefix. Instead, the required prefix is automatically inferred without any search by carefully analyzing the structural symmetries of the protocol. The key insight underlying this approach is that symmetry and quantification are closely related concepts that express protocol invariance under different re-arrangements of its components. We propose symmetric incremental induction, an extension of the finite-domain IC3/PDR algorithm, that automatically derives the required quantified inductive invariant by exploiting the connection between symmetry and quantification. While various attempts have been made to exploit symmetry in verification applications, to our knowledge, this is the first demonstration of a direct link between symmetry and quantification in the context of clause learning during incremental induction. We also describe a procedure to automatically find a minimal finite size, the cutoff, that yields a quantified invariant proving safety for any size.Our approach is implemented in IC3PO, a new verifier for distributed protocols that significantly outperforms the state-of-the-art, scales orders of magnitude faster, and robustly derives compact inductive invariants fully automatically.

show abstract

“…A study of overfitting in invariant synthesis was conducted in [24]. ICE was compared with IC3/PDR in terms of complexity in [12]. A generalization of ICE with relative inductiveness [31] can implement IC3/PDR following the paradigm of active learning with a learner and a teacher.…”

Section: Introductionmentioning

confidence: 99%

Data-driven Numerical Invariant Synthesis with Automatic Generation of Attributes

Bouajjani¹,

Boutglay²,

Habermehl³

2022

Preprint

View full text Add to dashboard Cite

We propose a data-driven algorithm for numerical invariant synthesis and verification. The algorithm is based on the ICE-DT schema for learning decision trees from samples of positive and negative states and implications corresponding to program transitions. The main issue we address is the discovery of relevant attributes to be used in the learning process of numerical invariants. We define a method for solving this problem guided by the data sample. It is based on the construction of a separator that covers positive states and excludes negative ones, consistent with the implications. The separator is constructed using an abstract domain representation of convex sets. The generalization mechanism of the decision tree learning from the constraints of the separator allows the inference of general invariants, accurate enough for proving the targeted property. We implemented our algorithm and showed its efficiency.

show abstract

Complexity and information in invariant inference

Cited by 12 publications

References 57 publications

On Symmetry and Quantification: A New Approach to Verify Distributed Protocols

On Symmetry and Quantification: A New Approach to Verify Distributed Protocols

On Symmetry and Quantification: A New Approach to Verify Distributed Protocols

Data-driven Numerical Invariant Synthesis with Automatic Generation of Attributes

Contact Info

Product

Resources

About