learning loop invariants for program verification
play

Learning Loop Invariants for Program Verification Xujie Si*, Hanjun - PowerPoint PPT Presentation

Learning Loop Invariants for Program Verification Xujie Si*, Hanjun Dai*, Mukund Raghothaman, Mayur Naik, Le Song University of Pennsylvania Georgia Institute of Technology NeurIPS 2018 Code: https://github.com/PL-ML/code2inv * equal


  1. Learning Loop Invariants for Program Verification Xujie Si*, Hanjun Dai*, Mukund Raghothaman, Mayur Naik, Le Song University of Pennsylvania Georgia Institute of Technology NeurIPS 2018 Code: https://github.com/PL-ML/code2inv * equal contribution

  2. Program verification • Prove whether your code is bug-free

  3. Program verification • Prove whether your code is bug-free -- Some of rules can be automated: sequence rule, conditional rule, ......

  4. Program verification • Prove whether your code is bug-free -- Some of rules can be automated: sequence rule, conditional rule, ...... -- Except ‘while rule’ Loop Invariant <> Halting Problem

  5. What is loop invariant?

  6. What is loop invariant? Program

  7. What is loop invariant? Loop Invariant Program

  8. What is loop invariant? Loop Invariant Program Requirement:

  9. Loop Invariant Checker

  10. Loop Invariant Checker

  11. Loop Invariant Checker

  12. Difficulties of learning loop Invariant 1. Highly sparse and non-smooth reward code

  13. Difficulties of learning loop Invariant 1. Highly sparse and non-smooth reward Agent code

  14. Difficulties of learning loop Invariant 1. Highly sparse and non-smooth reward Agent code

  15. Difficulties of learning loop Invariant 1. Highly sparse and non-smooth reward Agent code 0 / 1 (Correct or not)

  16. Difficulties of learning loop invariant 2. Generalization ability ! ≥ 1 ⋁ % = 0 ( ) ≤ 2 ⋀ ( - > 0 ...... Agent Agent Agent codeN code2 code1 0 / 1 (Correct or not) 0 / 1 (Correct or not) 0 / 1 (Correct or not)

  17. Difficulties of learning loop invariant 2. Generalization ability ! ≥ 1 ⋁ % = 0 ( ) ≤ 2 ⋀ ( - > 0 ...... Agent Agent Agent codeN code2 code1 0 / 1 (Correct or not) 0 / 1 (Correct or not) 0 / 1 (Correct or not) New code => Agent

  18. Solution to sparsity and non-smoothness Agent code 0 (not correct)

  19. Solution to sparsity and non-smoothness Agent code 0 (not correct) Counter-example: why am I wrong? ! = 1, % = −10

  20. Solution to sparsity and non-smoothness Collection of counter-examples: Agent code 0 (not correct) Counter-example: why am I wrong? ! = 1, % = −10

  21. Solution to sparsity and non-smoothness Collection of counter-examples: ! = 3, % = −2 Agent ! = 3, % = −1 code ! = 3, % = −1 ! = 0, % = −2 ! = 2, % = −2 0 (not correct) ! = 0, % = −1 ! = 2, % = −1 ! = 0, % = −4 ! = 1, % = −1 ! = 2, % = −1 ! = 0, % = −3 Counter-example: why am I wrong? Pre Inv Post ! = 1, % = −10

  22. Solution to sparsity and non-smoothness Collection of counter-examples: ! = 3, % = −2 Agent ! = 3, % = −1 code ! = 3, % = −1 ! = 0, % = −2 ! = 2, % = −2 0 (not correct) ! = 0, % = −1 ! = 2, % = −1 ! = 0, % = −4 ! = 1, % = −1 ! = 2, % = −1 ! = 0, % = −3 Counter-example: why am I wrong? Pre Inv Post ! = 1, % = −10 • Smoothed reward

  23. Solution to sparsity and non-smoothness Collection of counter-examples: ! = 3, % = −2 Agent ! = 3, % = −1 code ! = 3, % = −1 ! = 0, % = −2 ! = 2, % = −2 0 (not correct) ! = 0, % = −1 ! = 2, % = −1 ! = 0, % = −4 ! = 1, % = −1 ! = 2, % = −1 ! = 0, % = −3 Counter-example: why am I wrong? Pre Inv Post ! = 1, % = −10 • Smoothed reward • Reduced Z3 calls

  24. Solution to generalization • Transferable graph representation of source code => SSA Transformation =>

  25. Code2Inv: End-to-end learning framework ...... ! ≥ 0 && ! < 4 ' ≥ 100

  26. Experimental evaluation of Code2Inv • We collect 133 benchmark programs OOPSLA 2013, Dillig et al POPL 2016, Garag et al

  27. Experimental evaluation of Code2Inv • We collect 133 benchmark programs OOPSLA 2013, Dillig et al POPL 2016, Garag et al

  28. Code2Inv as an out-of-the-box solver Ours Solved more instances with same # Z3 calls

  29. Generalize to new programs void main (int n) { int x = 0 int m = 0 while (x < n) { if (unknown()) { m = x } x = x + 1 } if (n > 0) { assert (m < n) } }

  30. Generalize to new programs void main (int n) { int x = 0 int w = 0 int m = 0 int z = 0 while (x < n) { if (unknown()) { m = x } x = x + 1 } if (n > 0) { assert (m < n) } }

  31. Generalize to new programs void main (int n) { int x = 0 int w = 0 int m = 0 int z = 0 while (x < n) { z = z + 1 if (unknown()) { m = x z = m + 1 } x = x + 1 w = m + x } if (n > 0) { assert (m < n) } }

  32. Generalize to new programs void main (int n) { void main (int n) { int x = 0 int x = 0 int w = 0 int w = 0 int m = 0 int m = 0 int z = 0 int z = 0 while (x < n) { while (x < n) { z = z + 1 z = z + 1 if (unknown()) { if (unknown()) { m = x m = x z = m + 1 z = m + 1 } } x = x + 1 x = x + 1 w = m + x w = m + x } } if (n > 0) { if (n > 0) { assert (m < n) assert (m < n) } } } }

  33. 1 confounding variable 3 confounding variables 5 confounding variables Generalization ability of Code2Inv

  34. Poster session: 05:00 -- 07:00 PM Room 210 & 230 AB #23

Recommend


More recommend