25 research outputs found
Reachability in Concurrent Uninterpreted Programs
We study the safety verification (reachability problem) for concurrent programs with uninterpreted functions/relations. By extending the notion of coherence, recently identified for sequential programs, to concurrent programs, we show that reachability in coherent concurrent programs under various scheduling restrictions is decidable by a reduction to multistack pushdown automata, and establish precise complexity bounds for them. We also prove that the coherence restriction for these various scheduling restrictions is itself a decidable property
Affine Disjunctive Invariant Generation with Farkas' Lemma
Invariant generation is the classical problem that aims at automated
generation of assertions that over-approximates the set of reachable program
states in a program. We consider the problem of generating affine invariants
over affine while loops (i.e., loops with affine loop guards, conditional
branches and assignment statements), and explore the automated generation of
disjunctive affine invariants. Disjunctive invariants are an important class of
invariants that capture disjunctive features in programs such as multiple
phases, transitions between different modes, etc., and are typically more
precise than conjunctive invariants over programs with these features. To
generate tight affine invariants, existing constraint-solving approaches have
investigated the application of Farkas' Lemma to conjunctive affine invariant
generation, but none of them considers disjunctive affine invariants
A Deductive Verification Infrastructure for Probabilistic Programs
This paper presents a quantitative program verification infrastructure for discrete probabilistic programs. Our infrastructure can be viewed as the probabilistic analogue of Boogie: its central components are an intermediate verification language (IVL) together with a real-valued logic. Our IVL provides a programming-language-style for expressing verification conditions whose validity implies the correctness of a program under investigation. As our focus is on verifying quantitative properties such as bounds on expected outcomes, expected run-times, or termination probabilities, off-the-shelf IVLs based on Boolean first-order logic do not suffice. Instead, a paradigm shift from the standard Boolean to a real-valued domain is required.
Our IVL features quantitative generalizations of standard verification constructs such as assume- and assert-statements. Verification conditions are generated by a weakest-precondition-style semantics, based on our real-valued logic. We show that our verification infrastructure supports natural encodings of numerous verification techniques from the literature. With our SMT-based implementation, we automatically verify a variety of benchmarks. To the best of our knowledge, this establishes the first deductive verification infrastructure for expectation-based reasoning about probabilistic programs
Relatively Complete Verification of Probabilistic Programs: An Expressive Language for Expectation-Based Reasoning
We study a syntax for specifying quantitative âassertionsâ - functions mapping program states to numbers - for probabilistic program verification. We prove that our syntax is expressive in the following sense: Given any probabilistic program C, if a function f is expressible in our syntax, then the function mapping each initial state Ï to the expected value of f evaluated in the final states reached after termination C on Ï (also called the weakest preexpectation wp[C](f)) is also expressible in our syntax. As a consequence, we obtain a relatively complete verification system for verifying expected values and probabilities in the sense of Cook: Apart from a single reasoning step about the inequality of two functions given as syntactic expressions in our language, given f, g, and C, we can check whether g †wp[C](f)
A Deductive Verification Infrastructure for Probabilistic Programs
This paper presents a quantitative program verification infrastructure for
discrete probabilistic programs. Our infrastructure can be viewed as the
probabilistic analogue of Boogie: its central components are an intermediate
verification language (IVL) together with a real-valued logic. Our IVL provides
a programming-language-style for expressing verification conditions whose
validity implies the correctness of a program under investigation. As our focus
is on verifying quantitative properties such as bounds on expected outcomes,
expected run-times, or termination probabilities, off-the-shelf IVLs based on
Boolean first-order logic do not suffice. Instead, a paradigm shift from the
standard Boolean to a real-valued domain is required.
Our IVL features quantitative generalizations of standard verification
constructs such as assume- and assert-statements. Verification conditions are
generated by a weakest-precondition-style semantics, based on our real-valued
logic. We show that our verification infrastructure supports natural encodings
of numerous verification techniques from the literature. With our SMT-based
implementation, we automatically verify a variety of benchmarks. To the best of
our knowledge, this establishes the first deductive verification infrastructure
for expectation-based reasoning about probabilistic programs
Solving Infinite-State Games via Acceleration
Two-player graph games have found numerous applications, most notably in the
synthesis of reactive systems from temporal specifications, but also in
verification. The relevance of infinite-state systems in these areas has lead
to significant attention towards developing techniques for solving
infinite-state games.
We propose novel symbolic semi-algorithms for solving infinite-state games
with -regular winning conditions. The novelty of our approach lies in
the introduction of an acceleration technique that enhances fixpoint-based
game-solving methods and helps to avoid divergence. Classical fixpoint-based
algorithms, when applied to infinite-state games, are bound to diverge in many
cases, since they iteratively compute the set of states from which one player
has a winning strategy. Our proposed approach can lead to convergence in cases
where existing algorithms require an infinite number of iterations. This is
achieved by acceleration: computing an infinite set of states from which a
simpler sub-strategy can be iterated an unbounded number of times in order to
win the game. Ours is the first method for solving infinite-state games to
employ acceleration. Thanks to this, it is able to outperform state-of-the-art
techniques on a range of benchmarks, as evidenced by our evaluation of a
prototype implementation
Perfect Is the Enemy of Good: Best-Effort Program Synthesis
Program synthesis promises to help software developers with everyday tasks by generating code snippets automatically from input-output examples and other high-level specifications. The conventional wisdom is that a synthesizer must always satisfy the specification exactly. We conjecture that this all-or-nothing paradigm stands in the way of adopting program synthesis as a developer tool: in practice, the user-written specification often contains errors or is simply too hard for the synthesizer to solve within a reasonable time; in these cases, the user is left with a single over-fitted result or, more often than not, no result at all. In this paper we propose a new program synthesis paradigm we call best-effort program synthesis, where the synthesizer returns a ranked list of partially-valid results, i.e. programs that satisfy some part of the specification.
To support this paradigm, we develop best-effort enumeration, a new synthesis algorithm that extends a popular program enumeration technique with the ability to accumulate and return multiple partially-valid results with minimal overhead. We implement this algorithm in a tool called BESTER, and evaluate it on 79 synthesis benchmarks from the literature. Contrary to the conventional wisdom, our evaluation shows that BESTER returns useful results even when the specification is flawed or too hard: i) for all benchmarks with an error in the specification, the top three BESTER results contain the correct solution, and ii) for most hard benchmarks, the top three results contain non-trivial fragments of the correct solution. We also performed an exploratory user study, which confirms our intuition that partially-valid results are useful: the study shows that programmers use the output of the synthesizer for comprehension and often incorporate it into their solutions
Local Reasoning for Global Graph Properties
Separation logics are widely used for verifying programs that manipulate
complex heap-based data structures. These logics build on so-called separation
algebras, which allow expressing properties of heap regions such that
modifications to a region do not invalidate properties stated about the
remainder of the heap. This concept is key to enabling modular reasoning and
also extends to concurrency. While heaps are naturally related to mathematical
graphs, many ubiquitous graph properties are non-local in character, such as
reachability between nodes, path lengths, acyclicity and other structural
invariants, as well as data invariants which combine with these notions.
Reasoning modularly about such graph properties remains notoriously difficult,
since a local modification can have side-effects on a global property that
cannot be easily confined to a small region.
In this paper, we address the question: What separation algebra can be used
to avoid proof arguments reverting back to tedious global reasoning in such
cases? To this end, we consider a general class of global graph properties
expressed as fixpoints of algebraic equations over graphs. We present
mathematical foundations for reasoning about this class of properties, imposing
minimal requirements on the underlying theory that allow us to define a
suitable separation algebra. Building on this theory we develop a general proof
technique for modular reasoning about global graph properties over program
heaps, in a way which can be integrated with existing separation logics. To
demonstrate our approach, we present local proofs for two challenging examples:
a priority inheritance protocol and the non-blocking concurrent Harris list
Proving Expected Sensitivity of Probabilistic Programs with Randomized Variable-Dependent Termination Time
The notion of program sensitivity (aka Lipschitz continuity) specifies that
changes in the program input result in proportional changes to the program
output. For probabilistic programs the notion is naturally extended to expected
sensitivity. A previous approach develops a relational program logic framework
for proving expected sensitivity of probabilistic while loops, where the number
of iterations is fixed and bounded. In this work, we consider probabilistic
while loops where the number of iterations is not fixed, but randomized and
depends on the initial input values. We present a sound approach for proving
expected sensitivity of such programs. Our sound approach is martingale-based
and can be automated through existing martingale-synthesis algorithms.
Furthermore, our approach is compositional for sequential composition of while
loops under a mild side condition. We demonstrate the effectiveness of our
approach on several classical examples from Gambler's Ruin, stochastic hybrid
systems and stochastic gradient descent. We also present experimental results
showing that our automated approach can handle various probabilistic programs
in the literature