towards automatic inference of inductive invariants
play

Towards Automatic Inference of Inductive Invariants Haojun Ma , Aman - PowerPoint PPT Presentation

Mar 22, 2023 •199 likes •390 views

Towards Automatic Inference of Inductive Invariants Haojun Ma , Aman Goel, Jean-Baptiste Jeannin Manos Kapritsos, Baris Kasikci, Karem A. Sakallah University of Michigan Distributed systems are subtle 1 The alternative: formal verification

  1. Towards Automatic Inference of Inductive Invariants Haojun Ma , Aman Goel, Jean-Baptiste Jeannin Manos Kapritsos, Baris Kasikci, Karem A. Sakallah University of Michigan

  2. Distributed systems are subtle 1

  3. The alternative: formal verification Formal specification or property Proving the system maintains the property Successful on distributed systems Drawback: Manual effort 2

  4. Existing verification approaches Verdi(Coq) IronFleet(Dafny) Ivy I4 Manual Effort Person-years Person-months Person-hours Automated All existing approaches require the human to find an inductive invariant We want to automatically find inductive invariants 3

  5. Formal verification in 2 minutes Goal: prove that the safety property holds at all times An execution: Initial . . . 0 1 2 k k+1 state Inductive proof Base case: prove initial state is safe ● Inductive step: if state k is safe, prove state k+1 is safe ● 4

  6. Safety property vs. inductive invariant All states Inductive Reachable invariant states Safe states 5

  7. Lock server protocol Client0 Server0 Safety property: no two clients can be linked to the same server Client1 Server1 Client2 6

  8. Finding an inductive invariant using Ivy Automatically checks if an invariant is inductive (Screenshot from Ivy) Requires the human to find an inductive invariant Existing approaches rely on lock_hold manual effort and human intuition Safety property Strengthening assertion 7

  9. Outline I4: a new approach Design of I4 Evaluation Future work 8

  10. I4: a new approach Goal: Find an inductive invariant without relying on human intuition. Insight: Distributed protocols exhibit regularity . • Behavior doesn’t fundamentally change as the size increases • E.g. lock server, Paxos, … Implication: We can use inductive invariants from small instances to infer a generalized inductive invariant that holds for all instances. 9

  11. Leveraging model checking Model checking J Fully automated L Doesn’t scale to distributed systems I4 applies model checking to small, finite instances … … and then generalizes the result to all instances. 10

  12. Outline Design of I4 Evaluation Future work 11

  13. Overview Invariant generation on Invariant Correct a finite instance generalization Protocol.ivy ✓ (Model Checking) (Ivy) Increase Size 12

  14. Invariant generation on a finite instance Debug Counterexample (manually) Invariant Protocol.v Create Small Model Correct generalization Protocol.ivy ✓ (Finite) Instance Checker (Ivy) Protocol.finv Increase Size 13

  15. Invariant Generalization Debug Strengthening Counterexample Weaken (manually) Assertion Violation Protocol.v Create Small Model Correct Protocol.ivy Protocol_inv.ivy Ivy ✓ (Finite) Instance Checker Safety Protocol.finv Generalize Property Violation Increase Size 14

  16. Outline Evaluation Future work 15

  17. Evaluation Lock Server Leader Election Distributed lock 1 server 3 nodes 2 nodes 2 clients 3 IDs 4 epochs ~3s ~8s ~12s ✓ ✓ ✓ 16

  18. Outline Future work 17

  19. Future work More automation Scalability to larger protocols Verification of Implementations 18

Recommend

Inductive Definitions with Inference Rules 1 / 25 Outline Introduction Specifying inductive

Inductive Definitions with Inference Rules 1 / 25 Outline Introduction Specifying inductive

Inductive Definitions with Inference Rules 1 / 25 Outline Introduction Specifying inductive definitions Inference rules in action Judgments, axioms, and rules Reasoning about inductive definitions Direct proofs Admissibility Rule induction

498 views • 25 slides
Small Inductive Safe Invariants Alexander Ivrii, Arie Gurfinkel, Anton Belov Introduction

Small Inductive Safe Invariants Alexander Ivrii, Arie Gurfinkel, Anton Belov Introduction

Small Inductive Safe Invariants Alexander Ivrii, Arie Gurfinkel, Anton Belov Introduction Consider a verification problem (INIT, TR, P) In the case that P holds, a Model Checker may produce a proof in terms of a safe inductive

538 views • 32 slides
Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of

Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of

Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of Recurrence Sets via Constraint Solving Andreas Podelski January 17, 2012 1 Program Verification and Constraints Reasoning about program

422 views • 28 slides
Hindley-Milner Type Checking Automatic Type Inference What can be inferred about type of f or x

Hindley-Milner Type Checking Automatic Type Inference What can be inferred about type of f or x

CSE340 Principles of Programming Languages Hindley-Milner Type Checking Automatic Type Inference What can be inferred about type of f or x from this definition? f(x) = x Automatic Type Inference f(x) = x f is a function that takes a single

1.31k views • 73 slides
Leveraging Program Invariants to Promote Population Diversity in Search-Based Automatic Program

Leveraging Program Invariants to Promote Population Diversity in Search-Based Automatic Program

Leveraging Program Invariants to Promote Population Diversity in Search-Based Automatic Program Repair Zhen Yu Ding , Yiwei Lyu , Christopher S. Timperley , Claire Le Goues University of Pittsburgh, Carnegie Mellon

991 views • 64 slides
The Practical Assessment of Test Sets with Inductive Inference Techniques Neil Walkinshaw

The Practical Assessment of Test Sets with Inductive Inference Techniques Neil Walkinshaw

The Practical Assessment of Test Sets with Inductive Inference Techniques Neil Walkinshaw Department of Computer Science University of Leicester September 4, 2010 B ACKGROUND Test Adequacy Assessing the ability of a test set to identify

295 views • 25 slides
GLMC Connecting ACL2 with Hardware Model Checkers Proving Invariants in Hardware Verification

GLMC Connecting ACL2 with Hardware Model Checkers Proving Invariants in Hardware Verification

GLMC Connecting ACL2 with Hardware Model Checkers Proving Invariants in Hardware Verification Inductive invariants are easy to prove Provable by SAT for finite state machines In ACL2, can use GL. Downsides:

596 views • 12 slides
Prediction and Solomonoff Pter Gcs Boston University Quantum Foundations worshop, August

Prediction and Solomonoff Pter Gcs Boston University Quantum Foundations worshop, August

Prediction and Solomonoff Pter Gcs Boston University Quantum Foundations worshop, August 2014 Inductive inference Much of the discussion on the first day of the workshop dealt with the problem of inductive inference in generalquantum

571 views • 8 slides
Towards Automatic Inference of Task Hierarchies in Complex Systems Haohui Mai Chongnan Gao

Towards Automatic Inference of Task Hierarchies in Complex Systems Haohui Mai Chongnan Gao

Overview Design & Implementation Case Study Conclusion Acknowledgment References Towards Automatic Inference of Task Hierarchies in Complex Systems Haohui Mai Chongnan Gao Xuezheng Liu Xi Wang Geoffrey M. Voelker

566 views • 22 slides
Automatic Inference of Structural Changes for Matching Across Program Versions Miryung Kim,

Automatic Inference of Structural Changes for Matching Across Program Versions Miryung Kim,

Automatic Inference of Structural Changes for Matching Across Program Versions Miryung Kim, David Notkin, Dan Grossman Computer Science & Engineering University of Washington Foo.mA(float) Foo.mA() Foo.mB(float) Foo.mB() Foo.mC()

730 views • 52 slides
Automatic Posterior Transformation for Likelihood-free Inference David S Greenberg Marcel

Automatic Posterior Transformation for Likelihood-free Inference David S Greenberg Marcel

Automatic Posterior Transformation for Likelihood-free Inference David S Greenberg Marcel Nonnenmacher Jakob H Macke Technical University of Munich Computational Neuroengineering Department of Electrical and Computer Engineering For many

270 views • 8 slides
Safety Proofs using Appearance and Behaviours Sumanth Prabhu S, Kumar Madhukar, R Venkatesh

Safety Proofs using Appearance and Behaviours Sumanth Prabhu S, Kumar Madhukar, R Venkatesh

Safety Proofs using Appearance and Behaviours Sumanth Prabhu S, Kumar Madhukar, R Venkatesh TRDDC, Pune July 20, 2018 Safe Inductive Invariants: x y x y x int x = y = 0 while (*) { x = x + 1 y = y + x } assert(y >= 0) Inductive

605 views • 43 slides
Towards Automatic Inference of Kernel Object Semantics from Binary Code Junyuan Zeng, and Zhiqiang

Towards Automatic Inference of Kernel Object Semantics from Binary Code Junyuan Zeng, and Zhiqiang

Introduction A RGOS Design Experimental Results Discussions & Related Work Summary & References Towards Automatic Inference of Kernel Object Semantics from Binary Code Junyuan Zeng, and Zhiqiang Lin Department of Computer Science

738 views • 53 slides
Automatic physical inference with information maximising neural networks Physical Review D 97 ,

Automatic physical inference with information maximising neural networks Physical Review D 97 ,

Automatic physical inference with information maximising neural networks Physical Review D 97 , 083004 arXiv:1802.03537 github:information_maximiser Tom Charnock Institut dAstrophysique de Paris charnock@iap.fr DOI 10.5281/zenodo.1175196

75 views • 6 slides
Automatic Inference of High-Level Network Intents by Mining Forwarding Patterns Ali Kheradmand

Automatic Inference of High-Level Network Intents by Mining Forwarding Patterns Ali Kheradmand

Automatic Inference of High-Level Network Intents by Mining Forwarding Patterns Ali Kheradmand University of Illinois at Urbana-Champaign 1 SOSR, March 2020 Typical network configuration procedure Mostly manual in todays networks

667 views • 25 slides
Inductive types in Coq Wessel van Staal November 23, 2012 Inductive types Inductive nattree :

Inductive types in Coq Wessel van Staal November 23, 2012 Inductive types Inductive nattree :

Inductive types in Coq Wessel van Staal November 23, 2012 Inductive types Inductive nattree : Set := leaf : nat -> nattree | node : nattree -> nattree -> nattree. Adds constant or function with final type Prop , Set or Type to

325 views • 14 slides
Is automatic cognate detection good enough for phylogenetic inference? Jena, CESC 2017 September

Is automatic cognate detection good enough for phylogenetic inference? Jena, CESC 2017 September

Is automatic cognate detection good enough for phylogenetic inference? Jena, CESC 2017 September 13, 2017 Rama, List, Wahle & Jger cognate detection & phylogenetic inference CESC2017 1 / 19 Taraka Rama 1 , 2 , Johann-Mattis List 3 ,

868 views • 31 slides
Synthesis, Verification, and Synthesis, Verification, and Inductive Learning Inductive Learning

Synthesis, Verification, and Synthesis, Verification, and Inductive Learning Inductive Learning

Synthesis, Verification, and Synthesis, Verification, and Inductive Learning Inductive Learning Sanjit A. Seshia EECS Department UC Berkeley Joint work with Susmit Jha (UTC) Dagstuhl Seminar Verified SW Working Group August 2014 July

661 views • 28 slides
Hierarchical Bayesian ARX models for robust inference Johan Dahlin, Fredrik Lindsten, Thomas B.

Hierarchical Bayesian ARX models for robust inference Johan Dahlin, Fredrik Lindsten, Thomas B.

Hierarchical Bayesian ARX models for robust inference Johan Dahlin, Fredrik Lindsten, Thomas B. Sch on, Adrian Wills Division of Automatic Control, Link oping University School of EECS, University of Newcastle, Australia AUTOMATIC

326 views • 17 slides
Inductive Types for Free Representing Nested Inductive Types using W-types Michael Abbott (U.

Inductive Types for Free Representing Nested Inductive Types using W-types Michael Abbott (U.

Inductive Types for Free Representing Nested Inductive Types using W-types Michael Abbott (U. Leicester) Thorsten Altenkirch (U. Nottingham) Neil Ghani (U. Leicester) Inductive Types for Free p.1/22 Ideology Inductive Types for Free

1.07k views • 81 slides
Inductive Programming A Unifying Framework for Analysis and Evaluation of Inductive Programming

Inductive Programming A Unifying Framework for Analysis and Evaluation of Inductive Programming

Inductive Programming A Unifying Framework for Analysis and Evaluation of Inductive Programming Systems Hofmann, Kitzelmann, Schmid Cognitive Systems Group University of Bamberg AGI 2009 CogSys Group (Univ. Bamberg) Inductive Programming

504 views • 47 slides
Interpreting inductive-inductive definitions as indexed inductive definitions Fredrik Nordvall

Interpreting inductive-inductive definitions as indexed inductive definitions Fredrik Nordvall

Interpreting inductive-inductive definitions as indexed inductive definitions Fredrik Nordvall Forsberg Swansea University csfnf@swansea.ac.uk (Work in progress) What is induction-induction? What is induction-induction? Induction-induction

915 views • 70 slides
Searching for Program Invariants using Genetic Programming and Mutation Testing Sam Ratcliff,

Searching for Program Invariants using Genetic Programming and Mutation Testing Sam Ratcliff,

Searching for Program Invariants using Genetic Programming and Mutation Testing Sam Ratcliff, David R. White and John A. Clark. The 13th CREST Open Workshop Thursday 12 May 2011 Outline Invariants Using GP to find Invariants Identifying

417 views • 38 slides
GENERATING INVARIANTS IN POSITIVE CHARACTERISTIC VISU MAKAM Abstract. The ring of invariants for a

GENERATING INVARIANTS IN POSITIVE CHARACTERISTIC VISU MAKAM Abstract. The ring of invariants for a

GENERATING INVARIANTS IN POSITIVE CHARACTERISTIC VISU MAKAM Abstract. The ring of invariants for a rational representation of a reductive group is finitely generated by the results of Hilbert, Nagata and Haboush. However, the proof is not

482 views • 3 slides

More recommend