Decidability of inferring inductive invariants

Padon, Oded; Immerman, Neil; Shoham, Sharon; Karbyshev, Aleksandr; Sagiv, Mooly

doi:10.1145/2914770.2837640

Cited by 8 publications

(3 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Under the new notion of coherence, we first study axioms on relations. The EPR (effectively propositional reasoning) [36] fragment of first order logic is one of the few fragments of first order logic that is decidable, and has been exploited for bounded model-checking and verification condition validation in the literature [33,32,31]. We study axioms written in EPR (i.e., universally quantified formulas involving only relations) and show that verification for even coherent programs, modulo EPR axioms, is undecidable.…”

Section: Main Contributionsmentioning

confidence: 99%

What’s Decidable About Program Verification Modulo Axioms?

Mathur

Madhusudan

Viswanathan

2020

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

We consider the decidability of the verification problem of programs modulo axioms -automatically verifying whether programs satisfy their assertions, when the function and relation symbols are interpreted as arbitrary functions and relations that satisfy a set of first-order axioms. Though verification of uninterpreted programs (with no axioms) is already undecidable, a recent work introduced a subclass of coherent uninterpreted programs, and showed that they admit decidable verification [26]. We undertake a systematic study of various natural axioms for relations and functions, and study the decidability of the coherent verification problem. Axioms include relations being reflexive, symmetric, transitive, or total order relations, functions restricted to being associative, idempotent or commutative, and combinations of such axioms as well. Our comprehensive results unearth a rich landscape that shows that though several axiom classes admit decidability for coherent programs, coherence is not a panacea as several others continue to be undecidable. 1 We adapt the definition in a way that preserves the spirit of the definition of coherence. Moreover, if we do not adapt the definition, essentially all axioms classes we study in this paper would be undecidable.

show abstract

Section: Main Contributionsmentioning

confidence: 99%

What’s Decidable About Program Verification Modulo Axioms?

Mathur

Madhusudan

Viswanathan

2020

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

show abstract

“…One case is when there does not exist an inductive phase invariant with universal phase characterizations over the given structure. When this occurs, our tool can return an abstract counterexample trace-a sequence of program transitions and transitions of the automaton (inspired by [39,48])-which constitutes a proof of that fact (see Appendix B). The counterexample trace can assist the user in debugging the automaton or the program and modifying them.…”

Section: Phase-pdr ∀ For Inferring Universally Quantified Characterizmentioning

confidence: 99%

Inferring Inductive Invariants from Phase Structures

Feldman

Wilcox

Shoham

et al. 2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Infinite-state systems such as distributed protocols are challenging to verify using interactive theorem provers or automatic verification tools. Of these techniques, deductive verification is highly expressive but requires the user to annotate the system with inductive invariants. To relieve the user from this laborintensive and challenging task, invariant inference aims to find inductive invariants automatically. Unfortunately, when applied to infinite-state systems such as distributed protocols, existing inference techniques often diverge, which limits their applicability. This paper proposes user-guided invariant inference based on phase invariants, which capture the different logical phases of the protocol. Users conveys their intuition by specifying a phase structure, an automaton with edges labeled by program transitions; the tool automatically infers assertions that hold in the automaton's states, resulting in a full safety proof. The additional structure from phases guides the inference procedure towards finding an invariant. Our results show that user guidance by phase structures facilitates successful inference beyond the state of the art. We find that phase structures are pleasantly well matched to the intuitive reasoning routinely used by domain experts to understand why distributed protocols are correct, so that providing a phase structure reuses this existing intuition. 1 type key 2 type value 3 type node 4 type sequnum 5 6 relation owner: node, key 7 relation table: node, key, value 8 relation transfer_msg: node, node, 9 key, value, seqnum 10 relation ack_msg: node, node, seqnum 11 relation seqnum_sent: node, seqnum 12 relation unacked: node, node, 13 key, value, seqnum 14 relation seqnum_recvd: node, node, seqnum 15 16 init ∀n1, n2, k. owner(n1,k)∧owner(n2,k) 17 → n1 = n2 18 init // all other relations are empty 19 20 action reshard(n_old:node, n_new:node, 21 k:key, value:sequnum) 22 require table(n_old, k, v)23 ∧¬seqnum_sent(n_old, s) 24 seqnum_sent(n_old, s) := true 25 table(n_old, k, v) := false 26 owner(n_old, k) := false 27 transfer_msg(n_old, n_new, k, v, s) := true 28 unacked(n_old, n_new, k, v, s) := true 29 30 action drop_transfer_msg(src:node, dst:node, 31 k:key, v:value, s:seqnum) 32 require transfer_msg(src, dst, k, v, s) 33 transfer_msg(src, dst, k, v, s) := false 34 35 action retransmit(src:node, dst:node, 36 k:key, v:value, s:seqnum) 37 require unacked(src, dst, k, v, s) 38 transfer_msg(src, dst, k, v, s) := true 39 action recv_transfer_msg(src:node, n:node, 40 k:key, v:value, s:seqnum) 41 require transfer_msg(src, n, k, v, s) 42 ∧¬seqnum_recvd(n, src, s) 43 seqnum_recvd(n, src, s) := true 44 table(n, k, v) := true 45 owner(n, k) := true 46 47 action send_ack(src:node, n:node, 48

show abstract

“…Related Work. A large number of different techniques have been proposed to generate loop invariants automatically, especially on numeric domains [9,10], but also in more expressive logics, for programs containing arrays or expressible using combination of theories [26,8,23,18,22,24]. We only briefly review the main ideas of the most popular and successful approaches.…”

Section: Introductionmentioning

confidence: 99%

Ilinva: Using Abduction to Generate Loop Invariants

Echenim

Peltier

Sellami

2019

Frontiers of Combining Systems

View full text Add to dashboard Cite

We describe a system to prove properties of programs. The key feature of this approach is a method to automatically synthesize inductive invariants of the loops contained in the program. The method is generic, i.e., it applies to a large set of programming languages and application domains; and lazy, in the sense that it only generates invariants that allow one to derive the required properties. It relies on an existing system called GPiD for abductive reasoning modulo theories [14], and on the platform for program verification Why3 [16]. Experiments show evidence of the practical relevance of our approach.

show abstract

Decidability of inferring inductive invariants

Cited by 8 publications

References 45 publications

What’s Decidable About Program Verification Modulo Axioms?

What’s Decidable About Program Verification Modulo Axioms?

Inferring Inductive Invariants from Phase Structures

Ilinva: Using Abduction to Generate Loop Invariants

Contact Info

Product

Resources

About