Inferring Inductive Invariants from Phase Structures

Feldman, Yotam M. Y.; Wilcox, J. R.; Shoham, Sharon; Sagiv, Mooly

doi:10.1007/978-3-030-25543-5_23

Cited by 17 publications

(11 citation statements)

References 60 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This evaluation set includes fairly complex models of consensus algorithms as well as protocols such as two-phase commit, chord ring, hybrid reliable broadcast, etc. Several studies [15,31,42,46,53,63] have indicated the challenges involved in verifying these protocols.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

On Symmetry and Quantification: A New Approach to Verify Distributed Protocols

Goel

Sakallah

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Proving that an unbounded distributed protocol satisfies a given safety property amounts to finding a quantified inductive invariant that implies the property for all possible instance sizes of the protocol. Existing methods for solving this problem can be described as search procedures for an invariant whose quantification prefix fits a particular template. We propose an alternative constructive approach that does not prescribe, a priori, a specific quantifier prefix. Instead, the required prefix is automatically inferred without any search by carefully analyzing the structural symmetries of the protocol. The key insight underlying this approach is that symmetry and quantification are closely related concepts that express protocol invariance under different re-arrangements of its components. We propose symmetric incremental induction, an extension of the finite-domain IC3/PDR algorithm, that automatically derives the required quantified inductive invariant by exploiting the connection between symmetry and quantification. While various attempts have been made to exploit symmetry in verification applications, to our knowledge, this is the first demonstration of a direct link between symmetry and quantification in the context of clause learning during incremental induction. We also describe a procedure to automatically find a minimal finite size, the cutoff, that yields a quantified invariant proving safety for any size.Our approach is implemented in IC3PO, a new verifier for distributed protocols that significantly outperforms the state-of-the-art, scales orders of magnitude faster, and robustly derives compact inductive invariants fully automatically.

show abstract

Section: Discussionmentioning

confidence: 99%

“…Several recent approaches (e.g., UPDR [45], QUIC3 [41], Phase-UPDR [31], fol-ic3 [46]) extend IC3/PDR to automatically infer quantified inductive invariants. Unlike IC3PO, these techniques rely heavily on unbounded SMT solving.…”

Section: Related Workmentioning

confidence: 99%

On Symmetry and Quantification: A New Approach to Verify Distributed Protocols

Goel

Sakallah

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Our benchmark is composed of invariant inference problems from prior work on distributed protocols [28,27,7,26,29,2,9], written in or translated to the mypyvy tool's input language [25]. Our benchmark contains a total of 30 problems (Table 1), ranging from simple (toy-consensus, firewall) to complex (stoppablepaxos-epr, bosco-3t-safety).…”

Section: Invariant Inference Benchmarkmentioning

confidence: 99%

Inferring Invariants with Quantifier Alternations: Taming the Search Space Explosion

Koenig¹,

Padon²,

Shoham³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

We present a PDR/IC3 algorithm for finding inductive invariants with quantifier alternations. We tackle scalability issues that arise due to the large search space of quantified invariants by combining a breadth-first search strategy and a new syntactic form for quantifierfree bodies. The breadth-first strategy prevents inductive generalization from getting stuck in regions of the search space that are expensive to search and focuses instead on lemmas that are easy to discover. The new syntactic form is well-suited to lemmas with quantifier alternations by allowing both limited conjunction and disjunction in the quantifier-free body, while carefully controlling the size of the search space. Combining the breadth-first strategy with the new syntactic form results in useful inductive bias by prioritizing lemmas according to: (i) well-defined syntactic metrics for simple quantifier structures and quantifier-free bodies, and (ii) the empirically useful heuristic of preferring lemmas that are fast to discover. On a benchmark suite of primarily distributed protocols and complex Paxos variants, we demonstrate that our algorithm can solve more of the most complicated examples than state-of-the-art techniques.

show abstract

“…Not only is induction a very interesting theoretical concept, it is also of high practical importance, since it is required to reason about software reliability, safety and security, see e.g. [13,7,10,22,11]. Such and similar software requirement typically involve properties over natural numbers, recursion, unbounded loop iterations, or recursive data structures like lists, and trees.…”

Section: Introductionmentioning

confidence: 99%

Automating Induction by Reflection

Schoisswohl

Kovács

2021

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

Despite recent advances in automating theorem proving in full first-order theories, inductive reasoning still poses a serious challenge to state-of-the-art theorem provers. The reason for that is that in first-order logic induction requires an infinite number of axioms, which is not a feasible input to a computer-aided theorem prover requiring a finite input. Mathematical practice is to specify these infinite sets of axioms as axiom schemes. Unfortunately these schematic definitions cannot be formalized in first-order logic, and therefore not supported as inputs for first-order theorem provers.In this work we introduce a new method, inspired by the field of axiomatic theories of truth, that allows to express schematic inductive definitions, in the standard syntax of multi-sorted first-order logic. Further we test the practical feasibility of the method with state-of-the-art theorem provers, comparing it to solvers' native techniques for handling induction.

show abstract

Inferring Inductive Invariants from Phase Structures

Cited by 17 publications

References 60 publications

On Symmetry and Quantification: A New Approach to Verify Distributed Protocols

On Symmetry and Quantification: A New Approach to Verify Distributed Protocols

Inferring Invariants with Quantifier Alternations: Taming the Search Space Explosion

Automating Induction by Reflection

Contact Info

Product

Resources

About