Advertisement

Automating Induction for Solving Horn Clauses

  • Hiroshi UnnoEmail author
  • Sho Torii
  • Hiroki Sakamoto
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10427)

Abstract

Verification problems of programs in various paradigms can be reduced to problems of solving Horn clause constraints on predicate variables that represent unknown inductive invariants. This paper presents a novel Horn constraint solving method based on inductive theorem proving: the method reduces Horn constraint solving to validity checking of first-order formulas with inductively defined predicates, which are then checked by induction on the derivation of the predicates. To automate inductive proofs, we introduce a novel proof system tailored to Horn constraint solving, and use a PDR-based Horn constraint solver as well as an SMT solver to discharge proof obligations arising in the proof search. We prove that our proof system satisfies the soundness and relative completeness with respect to ordinary Horn constraint solving schemes. The two main advantages of the proposed method are that (1) it can deal with constraints over any background theories supported by the underlying SMT solver, including nonlinear arithmetic and algebraic data structures, and (2) the method can verify relational specifications across programs in various paradigms where multiple function calls need to be analyzed simultaneously. The class of specifications includes practically important ones such as functional equivalence, associativity, commutativity, distributivity, monotonicity, idempotency, and non-interference. Our novel combination of Horn clause constraints with inductive theorem proving enables us to naturally and automatically axiomatize recursive functions that are possibly non-terminating, non-deterministic, higher-order, exception-raising, and over non-inductively defined data types. We have implemented a relational verification tool for the OCaml functional language based on the proposed method and obtained promising results in preliminary experiments.

Notes

Acknowledgments

We would like to thank Tachio Terauchi for useful discussions, and anonymous referees for their constructive comments. This work was partially supported by Kakenhi 16H05856 and 15H05706.

References

  1. 1.
    Angelis, E., Fioravanti, F., Pettorossi, A., Proietti, M.: Relational verification through horn clause transformation. In: Rival, X. (ed.) SAS 2016. LNCS, vol. 9837, pp. 147–169. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53413-7_8 CrossRefGoogle Scholar
  2. 2.
    Asada, K., Sato, R., Kobayashi, N.: Verifying relational properties of functional programs by first-order refinement. In: PEPM 2015, pp. 61–72. ACM (2015)Google Scholar
  3. 3.
    Barnett, M., Chang, B.-Y.E., DeLine, R., Jacobs, B., Leino, K.R.M.: Boogie: a modular reusable verifier for object-oriented programs. In: Boer, F.S., Bonsangue, M.M., Graf, S., Roever, W.-P. (eds.) FMCO 2005. LNCS, vol. 4111, pp. 364–387. Springer, Heidelberg (2006). doi: 10.1007/11804192_17 CrossRefGoogle Scholar
  4. 4.
    Barthe, G., Crespo, J.M., Kunz, C.: Relational verification using product programs. In: Butler, M., Schulte, W. (eds.) FM 2011. LNCS, vol. 6664, pp. 200–214. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-21437-0_17 CrossRefGoogle Scholar
  5. 5.
    Barthe, G., D’Argenio, P.R., Rezk, T.: Secure information flow by self-composition. In: CSFW 2004, pp. 100–114. IEEE (2004)Google Scholar
  6. 6.
    Barthe, G., Gaboardi, M., Gallego Arias, E.J., Hsu, J., Roth, A., Strub, P.-Y.: Higher-order approximate relational refinement types for mechanism design and differential privacy. In: POPL 2015, pp. 55–68. ACM (2015)Google Scholar
  7. 7.
    Barthe, G., Köpf, B., Olmedo, F., Zanella Béguelin, S.: Probabilistic relational reasoning for differential privacy. In: POPL 2012, pp. 97–110. ACM (2012)Google Scholar
  8. 8.
    Bobot, F., Filliâtre, J.-C., Marché, C., Paskevich, A.: Why3: Shepherd your herd of provers. In: Boogie 2011, pp. 53–64 (2011)Google Scholar
  9. 9.
    Bouhoula, A., Kounalis, E., Rusinowitch, M.: SPIKE, an automatic theorem prover. In: Voronkov, A. (ed.) LPAR 1992. LNCS, vol. 624, pp. 460–462. Springer, Heidelberg (1992). doi: 10.1007/BFb0013087 CrossRefGoogle Scholar
  10. 10.
    Bradley, A.R.: SAT-based model checking without unrolling. In: Jhala, R., Schmidt, D. (eds.) VMCAI 2011. LNCS, vol. 6538, pp. 70–87. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-18275-4_7 CrossRefGoogle Scholar
  11. 11.
    Brotherston, J.: Cyclic proofs for first-order logic with inductive definitions. In: Beckert, B. (ed.) TABLEAUX 2005. LNCS (LNAI), vol. 3702, pp. 78–92. Springer, Heidelberg (2005). doi: 10.1007/11554554_8 CrossRefGoogle Scholar
  12. 12.
    Brotherston, J., Distefano, D., Petersen, R.L.: Automated cyclic entailment proofs in separation logic. In: Bjørner, N., Sofronie-Stokkermans, V. (eds.) CADE 2011. LNCS (LNAI), vol. 6803, pp. 131–146. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-22438-6_12 CrossRefGoogle Scholar
  13. 13.
    Brotherston, J., Fuhs, C., Navarro, J.A.P., Gorogiannis, N.: A decision procedure for satisfiability in separation logic with inductive predicates. In: CSL-LICS 2014, pp. 25:1–25:10. ACM (2014)Google Scholar
  14. 14.
    Bundy, A., van Harmelen, F., Horn, C., Smaill, A.: The OYSTER-CLAM system. In: Stickel, M.E. (ed.) CADE 1990. LNCS, vol. 449, pp. 647–648. Springer, Heidelberg (1990). doi: 10.1007/3-540-52885-7_123 CrossRefGoogle Scholar
  15. 15.
    Chamarthi, H.R., Dillinger, P., Manolios, P., Vroon, D.: The ACL2 sedan theorem proving system. In: Abdulla, P.A., Leino, K.R.M. (eds.) TACAS 2011. LNCS, vol. 6605, pp. 291–295. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19835-9_27 CrossRefGoogle Scholar
  16. 16.
    Chu, D.-H., Jaffar, J., Trinh, M.-T.: Automatic induction proofs of data-structures in imperative programs. In: PLDI 2015, pp. 457–466. ACM (2015)Google Scholar
  17. 17.
    Ciobâcă, Ş., Lucanu, D., Rusu, V., Roşu, G.: A language-independent proof system for mutual program equivalence. In: Merz, S., Pang, J. (eds.) ICFEM 2014. LNCS, vol. 8829, pp. 75–90. Springer, Cham (2014). doi: 10.1007/978-3-319-11737-9_6 Google Scholar
  18. 18.
    Claessen, K., Johansson, M., Rosén, D., Smallbone, N.: Automating inductive proofs using theory exploration. In: Bonacina, M.P. (ed.) CADE 2013. LNCS (LNAI), vol. 7898, pp. 392–406. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38574-2_27 CrossRefGoogle Scholar
  19. 19.
    Clarkson, M.R., Schneider, F.B.: Hyperproperties. In: CSF 2008, pp. 51–65. IEEE (2008)Google Scholar
  20. 20.
    Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL 1977, pp. 238–252. ACM (1977)Google Scholar
  21. 21.
    Craig, W.: Three uses of the Herbrand-Gentzen theorem in relating model theory and proof theory. J. Symbolic Logic 22, 269–285 (1957)MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-78800-3_24 CrossRefGoogle Scholar
  23. 23.
    Dixon, L., Fleuriot, J.: IsaPlanner: a prototype proof planner in isabelle. In: Baader, F. (ed.) CADE 2003. LNCS (LNAI), vol. 2741, pp. 279–283. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-45085-6_22 CrossRefGoogle Scholar
  24. 24.
    Felsing, D., Grebing, S., Klebanov, V., Rümmer, P., Ulbrich, M.: Automating regression verification. In: ASE 2014, pp. 349–360. ACM (2014)Google Scholar
  25. 25.
    Giesl, J.: Context-moving transformations for function verification. In: Bossi, A. (ed.) LOPSTR 1999. LNCS, vol. 1817, pp. 293–312. Springer, Heidelberg (2000). doi: 10.1007/10720327_17 CrossRefGoogle Scholar
  26. 26.
    Godlin, B., Strichman, O.: Regression verification: proving the equivalence of similar programs. Softw. Test. Verification Reliab. 23(3), 241–258 (2013)CrossRefGoogle Scholar
  27. 27.
    Grebenshchikov, S., Lopes, N.P., Popeea, C., Rybalchenko, A.: Synthesizing software verifiers from proof rules. In: PLDI 2012, pp. 405–416. ACM (2012)Google Scholar
  28. 28.
    Gupta, A., Popeea, C., Rybalchenko, A.: Predicate abstraction and refinement for verifying multi-threaded programs. In: POPL 2011, pp. 331–344. ACM (2011)Google Scholar
  29. 29.
    Gupta, A., Popeea, C., Rybalchenko, A.: Solving recursion-free horn clauses over LI+UIF. In: Yang, H. (ed.) APLAS 2011. LNCS, vol. 7078, pp. 188–203. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-25318-8_16 CrossRefGoogle Scholar
  30. 30.
    Gurfinkel, A., Kahsai, T., Komuravelli, A., Navas, J.A.: The seahorn verification framework. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9206, pp. 343–361. Springer, Cham (2015). doi: 10.1007/978-3-319-21690-4_20 CrossRefGoogle Scholar
  31. 31.
    Hawblitzel, C., Kawaguchi, M., Lahiri, S.K., Rebêlo, H.: Towards modularly comparing programs using automated theorem provers. In: Bonacina, M.P. (ed.) CADE 2013. LNCS (LNAI), vol. 7898, pp. 282–299. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38574-2_20 CrossRefGoogle Scholar
  32. 32.
    Hoder, K., Bjørner, N.: Generalized property directed reachability. In: Cimatti, A., Sebastiani, R. (eds.) SAT 2012. LNCS, vol. 7317, pp. 157–171. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-31612-8_13 CrossRefGoogle Scholar
  33. 33.
    Hoder, K., Bjørner, N., de Moura, L.: \(\mu \)Z – an efficient engine for fixed points with constraints. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 457–462. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-22110-1_36 CrossRefGoogle Scholar
  34. 34.
    Ireland, A., Bundy, A.: Productive use of failure in inductive proof. J. Autom. Reas. 16(1–2), 79–111 (1996)MathSciNetCrossRefzbMATHGoogle Scholar
  35. 35.
    Jaffar, J., Maher, M.J.: Constraint logic programming: a survey. J. Logic Program. 19, 503–581 (1994)MathSciNetCrossRefzbMATHGoogle Scholar
  36. 36.
    Kahsai, T., Rümmer, P., Sanchez, H., Schäf, M.: JayHorn: a framework for verifying java programs. In: Chaudhuri, S., Farzan, A. (eds.) CAV 2016. LNCS, vol. 9779, pp. 352–358. Springer, Cham (2016). doi: 10.1007/978-3-319-41528-4_19 Google Scholar
  37. 37.
    Kaufmann, M., Moore, J.S., Manolios, P.: Computer Aided-Reasoning: An Approach. Kluwer Academic Publishers, Heidelberg (2000)Google Scholar
  38. 38.
    Lahiri, S.K., Hawblitzel, C., Kawaguchi, M., Rebêlo, H.: SYMDIFF: a language-agnostic semantic diff tool for imperative programs. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 712–717. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-31424-7_54 CrossRefGoogle Scholar
  39. 39.
    Le, Q.L., Sun, J., Chin, W.-N.: Satisfiability modulo heap-based programs. In: Chaudhuri, S., Farzan, A. (eds.) CAV 2016. LNCS, vol. 9779, pp. 382–404. Springer, Cham (2016). doi: 10.1007/978-3-319-41528-4_21 Google Scholar
  40. 40.
    Leino, K.R.M.: Automating induction with an SMT solver. In: Kuncak, V., Rybalchenko, A. (eds.) VMCAI 2012. LNCS, vol. 7148, pp. 315–331. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-27940-9_21 CrossRefGoogle Scholar
  41. 41.
    McMillan, K., Rybalchenko, A.: Computing relational fixed points using interpolation. Technical report MSR-TR-2013-6, Microsoft Research (2013)Google Scholar
  42. 42.
    McMillan, K.L.: An interpolating theorem prover. Theor. Comput. Sci. 345(1), 101–121 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  43. 43.
    Nipkow, T., Wenzel, M., Paulson, L.C. (eds.): Isabelle/HOL: A Proof Assistant for Higher-Order Logic. LNCS, vol. 2283. Springer, Heidelberg (2002). doi: 10.1007/3-540-45949-9 zbMATHGoogle Scholar
  44. 44.
    Pek, E., Qiu, X., Madhusudan, P.: Natural proofs for data structure manipulation in C using separation logic. In: PLDI 2014, pp. 440–451. ACM (2014)Google Scholar
  45. 45.
    Reddy, U.S.: Term rewriting induction. In: Stickel, M.E. (ed.) CADE 1990. LNCS, vol. 449, pp. 162–177. Springer, Heidelberg (1990). doi: 10.1007/3-540-52885-7_86 CrossRefGoogle Scholar
  46. 46.
    Reynolds, A., Kuncak, V.: Induction for SMT solvers. In: D’Souza, D., Lal, A., Larsen, K.G. (eds.) VMCAI 2015. LNCS, vol. 8931, pp. 80–98. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46081-8_5 Google Scholar
  47. 47.
    Rondon, P., Kawaguchi, M., Jhala, R.: Liquid types. In: PLDI 2008, pp. 159–169. ACM (2008)Google Scholar
  48. 48.
    Rümmer, P., Hojjat, H., Kuncak, V.: Disjunctive interpolants for horn-clause verification. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 347–363. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-39799-8_24 CrossRefGoogle Scholar
  49. 49.
    Sonnex, W., Drossopoulou, S., Eisenbach, S.: Zeno: an automated prover for properties of recursive data structures. In: Flanagan, C., König, B. (eds.) TACAS 2012. LNCS, vol. 7214, pp. 407–421. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-28756-5_28 CrossRefGoogle Scholar
  50. 50.
    Suter, P., Köksal, A.S., Kuncak, V.: Satisfiability modulo recursive programs. In: Yahav, E. (ed.) SAS 2011. LNCS, vol. 6887, pp. 298–315. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-23702-7_23 CrossRefGoogle Scholar
  51. 51.
    Ta, Q.-T., Le, T.C., Khoo, S.-C., Chin, W.-N.: Automated mutual explicit induction proof in separation logic. In: Fitzgerald, J., Heitmeyer, C., Gnesi, S., Philippou, A. (eds.) FM 2016. LNCS, vol. 9995, pp. 659–676. Springer, Cham (2016). doi: 10.1007/978-3-319-48989-6_40 CrossRefGoogle Scholar
  52. 52.
    Terauchi, T.: Dependent types from counterexamples. In: POPL 2010, pp. 119–130. ACM (2010)Google Scholar
  53. 53.
    Terauchi, T., Aiken, A.: Secure information flow as a safety problem. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 352–367. Springer, Heidelberg (2005). doi: 10.1007/11547662_24 CrossRefGoogle Scholar
  54. 54.
    Unno, H., Kobayashi, N.: On-demand refinement of dependent types. In: Garrigue, J., Hermenegildo, M.V. (eds.) FLOPS 2008. LNCS, vol. 4989, pp. 81–96. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-78969-7_8 CrossRefGoogle Scholar
  55. 55.
    Unno, H., Kobayashi, N.: Dependent type inference with interpolants. In: PPDP 2009, pp. 277–288. ACM (2009)Google Scholar
  56. 56.
    Unno, H., Kobayashi, N., Yonezawa, A.: Combining type-based analysis and model checking for finding counterexamples against non-interference. In: PLAS 2006, pp. 17–26. ACM (2006)Google Scholar
  57. 57.
    Unno, H., Terauchi, T.: Inferring simple solutions to recursion-free horn clauses via sampling. In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 149–163. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46681-0_10 Google Scholar
  58. 58.
    Unno, H., Torii, S., Sakamoto, H.: Automating induction for solving horn clauses. (2017) http://www.cs.tsukuba.ac.jp/~uhiro/
  59. 59.
    Vazou, N., Seidel, E.L., Jhala, R., Vytiniotis, D., Peyton Jones, S.L.: Refinement types for Haskell. In: ICFP 2014, pp. 269–282. ACM (2014)Google Scholar
  60. 60.
    Xi, H., Pfenning, F.: Dependent types in practical programming. In: POPL 1999, pp. 214–227. ACM (1999)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.University of TsukubaTsukubaJapan

Personalised recommendations