Presentation is loading. Please wait.

Presentation is loading. Please wait.

Inferring Simple Solutions to Recursion-free Horn Clauses via Sampling

Published byKory Perry Modified over 5 years ago

Similar presentations

Presentation on theme: "Inferring Simple Solutions to Recursion-free Horn Clauses via Sampling"— Presentation transcript:

1 Inferring Simple Solutions to Recursion-free Horn Clauses via Sampling
Hiroshi Unno (University of Tsukuba) Tachio Terauchi (JAIST) 2015/4/13 TACAS 2015

2 Program Verification with CEGAR
Iteratively refine candidate predicate set Δ⊆𝑃𝑟𝑒𝑑𝑠 𝑇 until Δ witnesses the safety of given program 𝑃 background FOL theory (e.g., QFLRA) Check if Δ⊢𝑃 safe Δ≔Δ∪Γ Counterexample path 𝜋∈𝑃𝑎𝑡ℎ𝑠 𝑃 s.t. Δ⊢𝜋 Discover Preds. Γ s.t. Γ⊢𝜋 unsafe How to guarantee convergence of CEGAR? Our talk at ESOP on Thursday 16 How to find “good” solutions achieving faster convergence? This talk Much success for imperative programs (SLAM, BLAST, …) for concurrent programs (Threader, SymmPA, …) for functional programs (Depcegar, MoCHi, …) 2015/4/13 TACAS 2015

3 Horn Clause Solving as Unified Framework for Predicate Discovery [U
Horn Clause Solving as Unified Framework for Predicate Discovery [U.+2009] [Terauchi2010] [Gupta+2011] [Grebenshchikov+2012] [Rümmer+2013] … Generate and solve a set of constraints 𝐻 s.t. 𝐻 has a solution 𝜃⟹Rng(𝜃)⊢𝜋 Recursion-free Horn clause constraint set on predicate variables that represent (over-approx. of) reachable states of (each location in) 𝜋 Substitution for the predicate variables 𝐻= 𝑄 𝑥,𝑦 ⇐ 𝑥≥0∧𝑦≥2∨ 𝑥≥1∧𝑦≥1∨ 𝑥≥2∧𝑦≥0 , ⊥⇐𝑄 𝑥,𝑦 ∧𝑄 −𝑥,−𝑦 𝜃= 𝑄↦𝜆 𝑥,𝑦 . 𝑥+𝑦≥2 2015/4/13 TACAS 2015

4 Example: Solutions of Recursion-Free Horn Clauses
𝑥+𝑦≥−2 is not a solution because it overlaps with −𝑥 + −𝑦 ≥−2 Example: Solutions of Recursion-Free Horn Clauses Recursion-free Horn clauses: 𝑄 𝑥,𝑦 ⇐ 𝑥≥0∧𝑦≥2∨ 𝑥≥1∧𝑦≥1∨ 𝑥≥2∧𝑦≥0 ⊥⇐𝑄 𝑥,𝑦 ∧𝑄 −𝑥,−𝑦 , 𝑦 2 1 𝑥 Solutions for 𝑄 𝑥,𝑦 : 𝑥+𝑦≥2 𝑥≥0∧𝑦≥2∨ 𝑥≥1∧𝑦≥1∨ 𝑥≥2∧𝑦≥0 −2 −1 1 2 −1 −2 2015/4/13 TACAS 2015

5 Simple Preds. aid in Faster Convergence
Simple Preds. aid in Faster Convergence? [Hoder+2012] [Albarghouthi+2013] Correct programs tend to be correct for simple reasons, per Occam’s razor Simple predicates often covers emerging patterns 𝑦 𝑦 2 2 1 1 𝑥 𝑥 −2 −1 1 2 −2 −1 1 2 −1 −1 𝑥≥0∧𝑦≥2∨ 𝑥≥1∧𝑦≥1∨ 𝑥≥2∧𝑦≥0 −2 −2 𝑥+𝑦≥2 2015/4/13 TACAS 2015

6 Contribution New algorithm for finding simple solutions of recursion-free Horn clauses over QFLRA based on Iterative sampling Constraint decomposition for head-joining predicate variables for body-joining predicate variables Solution composition using solution space Implementation and experiments 2015/4/13 TACAS 2015

7 Contribution New algorithm for finding simple solutions of recursion-free Horn clauses over QFLRA based on Iterative sampling Constraint decomposition for head-joining predicate variables for body-joining predicate variables Solution composition using solution space Implementation and experiments 2015/4/13 TACAS 2015

8 𝑦≥2 is not a solution of the original
Iterative Sampling of Horn Clauses (cf. sampling for interpolation [Albarghouthi+2013]) Original Horn clauses: 𝑄 𝑥,𝑦 ⇐ 𝑥≥0∧𝑦≥2∨ 𝑥≥1∧𝑦≥1∨ 𝑥≥2∧𝑦≥0 , ⊥⇐𝑄 𝑥,𝑦 ∧𝑄 −𝑥,−𝑦 𝑦 2 1 𝑦≥2 is not a solution of the original Sampled conjunctive clauses: 𝑄 𝑥,𝑦 ⇐𝑥≥0∧𝑦≥2, ⊥⇐𝑄 𝑥,𝑦 ∧𝑄 −𝑥,−𝑦 Solution: 𝑦≥2 𝑥 −2 −1 1 2 −1 −2 2015/4/13 TACAS 2015

9 𝑥+𝑦≥2 is a genuine solution of the original!
Iterative Sampling of Horn Clauses (cf. sampling for interpolation [Albarghouthi+2013]) Original Horn clauses: 𝑄 𝑥,𝑦 ⇐ 𝑥≥0∧𝑦≥2∨ 𝑥≥1∧𝑦≥1∨ 𝑥≥2∧𝑦≥0 , ⊥⇐𝑄 𝑥,𝑦 ∧𝑄 −𝑥,−𝑦 𝑦 2 1 𝑥+𝑦≥2 is a genuine solution of the original! Sampled conjunctive clauses: 𝑄 𝑥,𝑦 ⇐𝑥≥0∧𝑦≥2, 𝑄 𝑥,𝑦 ⇐𝑥≥2∧𝑦≥0, ⊥⇐𝑄 𝑥,𝑦 ∧𝑄 −𝑥,−𝑦 Solution: 𝑥+𝑦≥2 𝑥 −2 −1 1 2 −1 −2 2015/4/13 TACAS 2015

10 How to Solve Sampled Horn Clauses?
Key Observation: 𝐻 either has an atomic solution or no solution if 𝐻 is sampled conjunctive Horn clauses without head- and body-joining predicate variables 𝑃 is head-joining if 𝑃 occurs multiple times in heads 𝑃 is body-joining if 𝑃 occurs multiple times in bodies Our Approach: If 𝐻 has head- or body- joining predicate variable 𝑃, Decompose 𝐻 into 𝐻 1 ,…, 𝐻 𝑛 to make 𝑃 non-joining Find simple solutions 𝜃 1 ,…, 𝜃 𝑛 for 𝐻 1 ,…, 𝐻 𝑛 Compose a solution for 𝐻 from 𝜃 1 ,…, 𝜃 𝑛 2015/4/13 TACAS 2015

11 Contribution New algorithm for finding simple solutions of recursion-free Horn clauses over QFLRA based on Iterative sampling Constraint decomposition for head-joining predicate variables for body-joining predicate variables Solution composition using solution space Implementation and experiments 2015/4/13 TACAS 2015

12 Contribution New algorithm for finding simple solutions of recursion-free Horn clauses over QFLRA based on Iterative sampling Constraint decomposition for head-joining predicate variables for body-joining predicate variables Solution composition using solution space Implementation and experiments 2015/4/13 TACAS 2015

13 Lazy Constraint Decomposition for Head-Joining Predicate Variables
Sampled conjunctive clauses 𝐻: 𝑹 𝑥,𝑦 ⇐𝑥≥0∧𝑦≥2, 𝑹 𝑥,𝑦 ⇐𝑥≥2∧𝑦≥0, ⊥⇐𝑹 𝑥,𝑦 ∧𝑥≤1∧2⋅𝑦≤3 𝑦 𝑯 has no atomic solution! So, we decompose 𝐻 into 𝐻 1 𝑹 𝑥,𝑦 ⇐𝑥≥0∧𝑦≥2, ⊥⇐𝑹 𝑥,𝑦 ∧𝑥≤1∧2⋅𝑦≤3 and 𝐻 2 𝑹 𝑥,𝑦 ⇐𝑥≥2∧𝑦≥0, ⊥⇐𝑹 𝑥,𝑦 ∧𝑥≤1∧2⋅𝑦≤3 2 1 𝑥 1 2 2015/4/13 TACAS 2015

14 Contribution New algorithm for finding simple solutions of recursion-free Horn clauses over QFLRA based on Iterative sampling Constraint decomposition for head-joining predicate variables for body-joining predicate variables Solution composition using solution space Implementation and experiments 2015/4/13 TACAS 2015

15 Eager Constraint Decomposition for Body-Joining Predicate Variables
⋮ ⇓ 𝑷 … 𝑷 … ⇓ 𝑷 … ⇓ ⇓ ⊥ ⋮ ⇓ 𝑷 … 𝜙 ⇓ 𝑷 𝟏 … ⇓ 𝜙 ⇓ 𝑷 𝟐 … ⇓ ⇓ ⊥ 2015/4/13 TACAS 2015

16 Composed solution 𝜆 𝑥 . 𝜙 1 ∧ 𝜙 2 for 𝑷 may not be the simplest
Solution Composition 𝜆 𝑥 . 𝜙 1 ∧ 𝜙 2 ⋮ ⇓ 𝑷 … 𝜙 ⇓ 𝑷 𝟏 … ⇓ 𝜙 ⇓ 𝑷 𝟐 … ⇓ ⇓ ⊥ Iteratively solve each tree component from the root-most one Composed solution 𝜆 𝑥 . 𝜙 1 ∧ 𝜙 2 for 𝑷 may not be the simplest 𝜆 𝑥 . 𝜙 1 𝜆 𝑥 . 𝜙 2 2015/4/13 TACAS 2015

17 Contribution New algorithm for finding simple solutions of recursion-free Horn clauses over QFLRA based on Iterative sampling Constraint decomposition for head-joining predicate variables for body-joining predicate variables Solution composition using solution space Implementation and experiments 2015/4/13 TACAS 2015

18 Solution Composition using Solution Space
𝜆 𝑥 . 𝜙 3 ⋮ ⇓ 𝑷 … 𝜙 ⇓ 𝑷 𝟏 … ⇓ 𝜙 ⇓ 𝑷 𝟐 … ⇓ ⇓ ⊥ Iteratively compute a solution space 𝑺 for each tree component from the root-most one using Farkas’ lemma (see paper for details) We get more chance to obtain a simple solution for 𝑷! 𝑃 1 ↦𝜆 𝑥 . 𝜙 1 , 𝑃 2 ↦𝜆 𝑥 . 𝜙 2 ,… ∈𝑆 𝑃 1 ↦𝜆 𝑥 . 𝜙 3 , 𝑃 2 ↦𝜆 𝑥 . 𝜙 3 ,… ∈𝑆 2015/4/13 TACAS 2015

19 Previous Approaches to Solving Horn Clauses with Body-Joining Pred
Previous Approaches to Solving Horn Clauses with Body-Joining Pred. Vars. Iteration-based [U.+2009] [Terauchi2010] Iteratively solve each Horn clause from the root Expansion-based [McMillan+2013] [Rümmer+2013] Eliminate body-joining pred. vars. by expansion ⋮ ⇓ 𝑷 … 𝑷 … ⇓ 𝑷 … ⇓ ⇓ ⊥ 𝑄 𝑅 𝑷 𝟏 … ⇓ 𝑷 𝟐 … ⇓ ⇓ ⊥ 𝑄 1 𝑅 1 𝑄 2 𝑅 2 2015/4/13 TACAS 2015

20 Prototype Implementation as Predicate Discovery Engine of MoCHi
MoCHi [1]: CEGAR-based safety and termination verifier for higher-order functional programs Our implementation uses: GLPK [2] for operating on solution spaces Z3 [3] for checking candidate solutions [1] MoCHI ( [2] GLPK ( [3] Z3 ( 2015/4/13 TACAS 2015

21 Experiment Results: Elapsed Time of Individual Refinement Runs
Iteration-based Expansion-based New algorithm New algorithm 327 counterexamples generated from 139 benchmark programs Three refinement algorithms: New algorithm, Iteration-based, and Expansion-based 2015/4/13 TACAS 2015

22 Experiment Results: Solution Size of Individual Refinement Runs
Iteration-based Expansion-based New algorithm New algorithm 327 counterexamples generated from 139 benchmark programs Three refinement algorithms: New algorithm, Iteration-based, and Expansion-based 2015/4/13 TACAS 2015

23 Experiment Results: Overall Verification Performance
Iteration-based Expansion-based New algorithm New algorithm 139 benchmark programs MoCHi with each three refinement process: New algorithm, Iteration-based, and Expansion-based 2015/4/13 TACAS 2015

24 Summary New algorithm for finding simple solutions of recursion-free Horn clauses over QFLRA based on Iterative sampling Constraint decomposition for head-joining predicate variables for body-joining predicate variables Solution composition using solution space Implementation and experiments as predicate discovery engine of MoCHi 2015/4/13 TACAS 2015

Download ppt "Inferring Simple Solutions to Recursion-free Horn Clauses via Sampling"

Similar presentations

A practical and complete approach to predicate abstraction Ranjit Jhala UCSD Ken McMillan Cadence Berkeley Labs.

A practical and complete approach to predicate abstraction Ranjit Jhala UCSD Ken McMillan Cadence Berkeley Labs.
Functional Verification III Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture Notes 23.

Functional Verification III Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture Notes 23.
A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.

A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.
Verification of Evolving Software Natasha Sharygina Joint work with Sagar Chaki and Nishant Sinha Carnegie Mellon University.

Verification of Evolving Software Natasha Sharygina Joint work with Sagar Chaki and Nishant Sinha Carnegie Mellon University.
Inferring Disjunctive Postconditions Corneliu Popeea and Wei-Ngan Chin School of Computing National University of Singapore - ASIAN 2006 -

Inferring Disjunctive Postconditions Corneliu Popeea and Wei-Ngan Chin School of Computing National University of Singapore - ASIAN
© Anvesh Komuravelli Spacer Automatic Abstraction in SMT-Based Unbounded Software Model Checking Anvesh Komuravelli Carnegie Mellon University Joint work.

© Anvesh Komuravelli Spacer Automatic Abstraction in SMT-Based Unbounded Software Model Checking Anvesh Komuravelli Carnegie Mellon University Joint work.
© Anvesh Komuravelli Quantified Invariants in Rich Domains using Model Checking and Abstract Interpretation Anvesh Komuravelli, CMU Joint work with Ken.

© Anvesh Komuravelli Quantified Invariants in Rich Domains using Model Checking and Abstract Interpretation Anvesh Komuravelli, CMU Joint work with Ken.
Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by SRC Contract.

Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by SRC Contract.
Automating Relatively Complete Verification of Higher-Order Functional Programs Hiroshi Unno (University of Tsukuba) Tachio Terauchi (Nagoya University)

Automating Relatively Complete Verification of Higher-Order Functional Programs Hiroshi Unno (University of Tsukuba) Tachio Terauchi (Nagoya University)
Logic as the lingua franca of software verification Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A Joint work with Andrey Rybalchenko.

Logic as the lingua franca of software verification Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A Joint work with Andrey Rybalchenko.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 13.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
Relatively Complete Verification of Higher- Order Programs (via Automated Refinement Type Inference) Tachio Terauchi Nagoya University TexPoint fonts used.

Relatively Complete Verification of Higher- Order Programs (via Automated Refinement Type Inference) Tachio Terauchi Nagoya University TexPoint fonts used.
BLAST-A Model Checker for C Developed by Thomas A. Henzinger (EPFL) Rupak Majumdar (UC Los Angeles) Ranjit Jhala (UC San Diego) Dirk Beyer (Simon Fraser.

BLAST-A Model Checker for C Developed by Thomas A. Henzinger (EPFL) Rupak Majumdar (UC Los Angeles) Ranjit Jhala (UC San Diego) Dirk Beyer (Simon Fraser.
The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.

The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.
Revisiting Generalizations Ken McMillan Microsoft Research Aws Albarghouthi University of Toronto.

Revisiting Generalizations Ken McMillan Microsoft Research Aws Albarghouthi University of Toronto.
Thread-modular Abstraction Refinement Tom Henzinger Ranjit Jhala Rupak Majumdar Shaz Qadeer.

Thread-modular Abstraction Refinement Tom Henzinger Ranjit Jhala Rupak Majumdar Shaz Qadeer.
Lazy Abstraction Thomas A. Henzinger Ranjit Jhala Rupak Majumdar Grégoire Sutre UC Berkeley.

Lazy Abstraction Thomas A. Henzinger Ranjit Jhala Rupak Majumdar Grégoire Sutre UC Berkeley.
Relational Data Mining in Finance Haonan Zhang CFWin03-37 03/04/2003.

Relational Data Mining in Finance Haonan Zhang CFWin /04/2003.
Thread-modular Abstraction Refinement Tom Henzinger Ranjit Jhala Rupak Majumdar [UC Berkeley] Shaz Qadeer [Microsoft Research]

Thread-modular Abstraction Refinement Tom Henzinger Ranjit Jhala Rupak Majumdar [UC Berkeley] Shaz Qadeer [Microsoft Research]
1 Path Planning in Expansive C-Spaces D. HsuJ. –C. LatombeR. Motwani Prepared for CS326A, Spring 2003 By Xiaoshan (Shan) Pan.

1 Path Planning in Expansive C-Spaces D. HsuJ. –C. LatombeR. Motwani Prepared for CS326A, Spring 2003 By Xiaoshan (Shan) Pan.

Similar presentations

Ads by Google