CAV 2015: Computer Aided Verification pp 583-602 | Cite as

Property-Directed Inference of Universal Invariants or Proving Their Absence

  • A. Karbyshev
  • N. Bjørner
  • S. Itzhaky
  • N. Rinetzky
  • S. Shoham
Conference paper
First Online:
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9206)

Abstract

We present Universal Property Directed Reachability (\(\mathsf PDR ^{\forall }\)), a property-directed procedure for automatic inference of invariants in a universal fragment of first-order logic. \(\mathsf PDR ^{\forall }\) is an extension of Bradley’s PDR/IC3 algorithm for inference of propositional invariants. \(\mathsf PDR ^{\forall }\) terminates when it either discovers a concrete counterexample, infers an inductive universal invariant strong enough to establish the desired safety property, or finds a proof that such an invariant does not exist. We implemented an analyzer based on \(\mathsf PDR ^{\forall }\), and applied it to a collection of list-manipulating programs. Our analyzer was able to automatically infer universal invariants strong enough to establish memory safety and certain functional correctness properties, show the absence of such invariants for certain natural programs and specifications, and detect bugs. All this, without the need for user-supplied abstraction predicates.

Keywords

Bounded Model Checker Predicate Abstraction Inductive Invariant Spurious Counterexample Memory Safety 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Notes

Acknowledgments

We thank Mooly Sagiv and the reviewers for helpful comments. This work was supported by EU FP7 project ADVENT (308830), ERC grant agreement no. [321174-VSSC], by Broadcom Foundation and Tel Aviv University Authentication Initiative, and by BSF grant no. 2012259.

References

  1. 1.
    The Open Networking Foundation. http://opennetworking.org
  2. 2.
    Albarghouthi, A., Berdine, J., Cook, B., Kincaid, Z.: Spatial interpolants. CoRR, abs/1501.04100 (2015)Google Scholar
  3. 3.
    Alberti, F., Bruttomesso, R., Ghilardi, S., Ranise, S., Sharygina, N.: SAFARI: SMT-based abstraction for arrays with interpolants. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 679–685. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  4. 4.
    Berdine, J., Calcagno, C., Cook, B., Distefano, D., O’Hearn, P.W., Wies, T., Yang, H.: Shape analysis for composite data structures. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 178–192. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  5. 5.
    Biere, A., Cimatti, A., Clarke, E.M., Strichman, O., Zhu, Y.: Bounded model checking. Adv. Comput. 58, 118–149 (2003)MATHGoogle Scholar
  6. 6.
    Biere, A., Cimatti, A., Clarke, E., Zhu, Y.: Symbolic model checking without BDDs. In: Cleaveland, W.R. (ed.) TACAS 1999. LNCS, vol. 1579, pp. 193–207. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  7. 7.
    Birgmeier, J., Bradley, A.R., Weissenbacher, G.: Counterexample to induction-guided abstraction-refinement (CTIGAR). In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 831–848. Springer, Heidelberg (2014) Google Scholar
  8. 8.
    Bjørner, N., McMillan, K., Rybalchenko, A.: On solving universally quantified horn clauses. In: Logozzo, F., Fähndrich, M. (eds.) Static Analysis. LNCS, vol. 7935, pp. 105–125. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  9. 9.
    Bradley, A.R.: SAT-based model checking without unrolling. In: Jhala, R., Schmidt, D. (eds.) VMCAI 2011. LNCS, vol. 6538, pp. 70–87. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  10. 10.
    Chang, C., Keisler, H.: Model Theory. Studies in Logic and the Foundations of Mathematics. Elsevier Science, New York (1990) Google Scholar
  11. 11.
    Cimatti, A., Griggio, A.: Software model checking via IC3. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 277–293. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  12. 12.
    Cimatti, A., Griggio, A., Mover, S., Tonetta, S.: IC3 modulo theories via implicit predicate abstraction. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014 (ETAPS). LNCS, vol. 8413, pp. 46–61. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  13. 13.
    Clarke, E., Kroening, D., Yorav, K.: Behavioral consistency of C and Verilog programs using bounded model checking. In: Proceedings of the 40th Annual Design Automation Conference, DAC 2003, pp. 368–371. ACM, New York, NY, USA (2003)Google Scholar
  14. 14.
    Conchon, S., Goel, A., Krstić, S., Mebsout, A., Zaïdi, F.: Cubicle: a parallel SMT-based model checker for parameterized systems. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 718–724. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  15. 15.
    Conchon, S., Goel, A., Krstic, S., Mebsout, A., Zaïdi, F.: Invariants for finite instances and beyond. In: Formal Methods in Computer-Aided Design, FMCAD 2013, Portland, OR, USA, 20–23 October 2013, pp. 61–68. IEEE (2013)Google Scholar
  16. 16.
    Cormen, T., Leiserson, C., Rivest, R.: Introduction To Algorithms. MIT Press, Cambridge (1990) MATHGoogle Scholar
  17. 17.
    Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL, pp. 238–252 (1977)Google Scholar
  18. 18.
    Das, S., Dill, D.L.: Counter-example based predicate discovery in predicate abstraction. In: Aagaard, M.D., O’Leary, J.W. (eds.) FMCAD 2002. LNCS, vol. 2517, pp. 19–32. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  19. 19.
    de Moura, L., Bjørner, N.S.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  20. 20.
    Dillig, I., Dillig, T., Aiken, A.: Symbolic heap abstraction with demand-driven axiomatization of memory invariants. In: Cook, W.R., Clarke, S.. Rinard, M.C. (eds.) ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, pp. 397–410. ACM (2010)Google Scholar
  21. 21.
    Distefano, D., O’Hearn, P.W., Yang, H.: A local shape analysis based on separation logic. In: Hermanns, H., Palsberg, J. (eds.) TACAS 2006. LNCS, vol. 3920, pp. 287–302. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  22. 22.
    Eén, N., Mishchenko, A., Brayton, R.: Efficient implementation of property directed reachability. In: FMCAD (2011)Google Scholar
  23. 23.
    Flanagan, C., M. Leino, K.R.: Houdini, an annotation assistant for ESC/Java. In: Oliveira, J.N., Zave, P. (eds.) FME 2001. LNCS, vol. 2021, pp. 500–517. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  24. 24.
    Flanagan, C., Qadeer, S.: Predicate abstraction for software verification. SIGPLAN Not. 37(1), 191–202 (2002)CrossRefGoogle Scholar
  25. 25.
    Garg, P., Löding, C., Madhusudan, P., Neider, D.: Learning universally quantified invariants of linear data structures. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 813–829. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  26. 26.
    Garg, P., Madhusudan, P., Parlato, G.: Quantified data automata on skinny trees: an abstract domain for lists. In: Logozzo, F., Fähndrich, M. (eds.) Static Analysis. LNCS, vol. 7935, pp. 172–193. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  27. 27.
    Ghilardi, S., Ranise, S.: Backward reachability of array-based systems by SMT solving: termination and invariant synthesis. Log. Methods Comput. Sci. 6(4), 1–48 (2010)MathSciNetCrossRefGoogle Scholar
  28. 28.
    Ghilardi, S., Ranise, S.: MCMT: a model checker modulo theories. In: Giesl, J., Hähnle, R. (eds.) IJCAR 2010. LNCS, vol. 6173, pp. 22–29. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  29. 29.
    Hoder, K., Bjørner, N.: Generalized property directed reachability. In: Cimatti, A., Sebastiani, R. (eds.) SAT 2012. LNCS, vol. 7317, pp. 157–171. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  30. 30.
    Hoder, K., Kovács, L., Voronkov, A.: Invariant generation in vampire. In: Abdulla, P.A., Leino, K.R.M. (eds.) TACAS 2011. LNCS, vol. 6605, pp. 60–64. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  31. 31.
    Itzhaky, S., Banerjee, A., Immerman, N., Nanevski, A., Sagiv, M.: Effectively-propositional reasoning about reachability in linked data structures. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 756–772. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  32. 32.
    Itzhaky, S., Bjørner, N., Reps, T., Sagiv, M., Thakur, A.: Property-directed shape analysis. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 35–51. Springer, Heidelberg (2014) Google Scholar
  33. 33.
    Lahiri, S.K., Bryant, R.E.: Predicate abstraction with indexed predicates. ACM Trans. Comput. Logic 9(1), 4 (2007). doi: 10.1145/1297658.1297662 MathSciNetCrossRefGoogle Scholar
  34. 34.
    Lev-Ami, T., Immerman, N., Sagiv, M.: Abstraction for shape analysis with fast and precise transformers. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 547–561. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  35. 35.
    Manevich, R., Yahav, E., Ramalingam, G., Sagiv, M.: Predicate abstraction and canonical abstraction for singly-linked lists. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 181–198. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  36. 36.
    Podelski, A., Wies, T.: Counterexample-guided focus. In: POPL (2010)Google Scholar
  37. 37.
    Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. TOPLAS 24(3), 217–298 (2002)CrossRefGoogle Scholar
  38. 38.
    Srivastava, S., Gulwani, S.: Program verification using templates over predicate abstraction. In: PLDI, pp. 223–234 (2009)Google Scholar
  39. 39.
    Thakur, A., Lal, A., Lim, J., Reps, T.: PostHat and all that: attaining most-precise inductive invariants. TR-1790, Computer Science Department, University of Wisconsin, Madison, WI, April 2013Google Scholar
  40. 40.
    Thakur, A., Lal, A., Lim, J., Reps, T.: PostHat and all that: automating abstract interpretation. Electronic Notes in Theoretical Computer Science (2013)Google Scholar
  41. 41.
    Yorsh, G., Reps, T., Sagiv, M.: Symbolically computing most-precise abstract operations for shape analysis. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 530–545. Springer, Heidelberg (2004) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • A. Karbyshev
    • 1
  • N. Bjørner
    • 2
  • S. Itzhaky
    • 3
  • N. Rinetzky
    • 1
  • S. Shoham
    • 4
  1. 1.Tel Aviv UniversityTel AvivIsrael
  2. 2.Microsoft ResearchRedmondUSA
  3. 3.Massachusetts Institute of TechnologyCambridgeUSA
  4. 4.The Academic College of Tel Aviv YaffoTel AvivIsrael

Personalised recommendations