Combining theorem proving and narrowing for rewriting-logic specifications

International audienceWe present an approach for verifying dynamic systems specified in rewriting logic, a formal specification language implemented in the Maude system. Our approach is tailored for invariants, i.e., properties that hold on all states reachable from a given class of initial states. The approach consists in encoding invariance properties into inductive properties written in membership equational logic, a sublogic of rewriting logic also implemented in Maude. The invariants can then be verified using an inductive theorem prover available for membership equational logic, possibly in interaction with narrowing-based symbolic analysis tools for rewriting-logic specifications also available in the Maude environment. We show that it is possible, and useful, to automatically test invariants by symbolic analysis before interactively proving them

Size-Change Termination as a Contract

Termination is an important but undecidable program property, which has led to a large body of work on static methods for conservatively predicting or enforcing termination. One such method is the size-change termination approach of Lee, Jones, and Ben-Amram, which operates in two phases: (1) abstract programs into "size-change graphs," and (2) check these graphs for the size-change property: the existence of paths that lead to infinite decreasing sequences. We transpose these two phases with an operational semantics that accounts for the run-time enforcement of the size-change property, postponing (or entirely avoiding) program abstraction. This choice has two key consequences: (1) size-change termination can be checked at run-time and (2) termination can be rephrased as a safety property analyzed using existing methods for systematic abstraction. We formulate run-time size-change checks as contracts in the style of Findler and Felleisen. The result compliments existing contracts that enforce partial correctness specifications to obtain contracts for total correctness. Our approach combines the robustness of the size-change principle for termination with the precise information available at run-time. It has tunable overhead and can check for nontermination without the conservativeness necessary in static checking. To obtain a sound and computable termination analysis, we apply existing abstract interpretation techniques directly to the operational semantics, avoiding the need for custom abstractions for termination. The resulting analyzer is competitive with with existing, purpose-built analyzers

On Counterexample Guided Quantifier Instantiation for Synthesis in CVC4

We introduce the first program synthesis engine implemented inside an SMT solver. We present an approach that extracts solution functions from unsatisfiability proofs of the negated form of synthesis conjectures. We also discuss novel counterexample-guided techniques for quantifier instantiation that we use to make finding such proofs practically feasible. A particularly important class of specifications are single-invocation properties, for which we present a dedicated algorithm. To support syntax restrictions on generated solutions, our approach can transform a solution found without restrictions into the desired syntactic form. As an alternative, we show how to use evaluation function axioms to embed syntactic restrictions into constraints over algebraic datatypes, and then use an algebraic datatype decision procedure to drive synthesis. Our experimental evaluation on syntax-guided synthesis benchmarks shows that our implementation in the CVC4 SMT solver is competitive with state-of-the-art tools for synthesis

Learning-powered computer-assisted counterexample search

Treballs Finals de Grau de Matemàtiques, Facultat de Matemàtiques, Universitat de Barcelona, Any: 2023, Director: Kolja Knauer[en] This thesis explores the great potential of computer-assisted proofs in the advancement of mathematical knowledge, with a special focus on using computers to refute conjectures by finding counterexamples, sometimes a humanly impossible task. In recent years, mathematicians have become more aware that machine learning techniques can be extremely helpful for finding counterexamples to conjectures in a more efficient way than by using exhaustive search methods. In this thesis we do not only present the theoretical background behind some of these methods but also implement them to try to refute some graph theory conjectures

Verifying procedural programs via constrained rewriting induction

This paper aims to develop a verification method for procedural programs via a transformation into Logically Constrained Term Rewriting Systems (LCTRSs). To this end, we extend transformation methods based on integer TRSs to handle arbitrary data types, global variables, function calls and arrays, as well as encode safety checks. Then we adapt existing rewriting induction methods to LCTRSs and propose a simple yet effective method to generalize equations. We show that we can automatically verify memory safety and prove correctness of realistic functions. Our approach proves equivalence between two implementations, so in contrast to other works, we do not require an explicit specification in a separate specification language

Computer Aided Verification

The open access two-volume set LNCS 11561 and 11562 constitutes the refereed proceedings of the 31st International Conference on Computer Aided Verification, CAV 2019, held in New York City, USA, in July 2019. The 52 full papers presented together with 13 tool papers and 2 case studies, were carefully reviewed and selected from 258 submissions. The papers were organized in the following topical sections: Part I: automata and timed systems; security and hyperproperties; synthesis; model checking; cyber-physical systems and machine learning; probabilistic systems, runtime techniques; dynamical, hybrid, and reactive systems; Part II: logics, decision procedures; and solvers; numerical programs; verification; distributed systems and networks; verification and invariants; and concurrency

Optimization of Lyapunov invariants in analysis and implementation of safety-critical software systems

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Aeronautics and Astronautics, 2008.Includes bibliographical references (leaves 168-176).This dissertation contributes to two major research areas in safety-critical software systems, namely, software analysis, and software implementation. In reference to the software analysis problem, the main contribution of the dissertation is the development of a novel framework, based on Lyapunov invariants and convex optimization, for verification of various safety and performance specifications for software systems. The enabling elements of the framework for software analysis are: (i) dynamical system interpretation and modeling of computer programs, (ii) Lyapunov invariants as behavior certificates for computer programs, and (iii) a computational procedure for finding the Lyapunov invariants. (i) The view in this dissertation is that software defines a rule for iterative modification of the operating memory at discrete instances of time. Hence, it can be modeled as a discrete-time dynamical system with the program variables as the state variables, and the operating memory as the state space. Three specific modeling languages are introduced which can represent a broad range of computer programs of interest to the control community. These are: Mixed Integer-Linear Models, Graph Models, and Linear Models with Conditional Switching. (ii) Inspired by the concept of Lyapunov functions in stability analysis of nonlinear dynamical systems, Lyapunov invariants are introduced and proposed for analysis of behavioral properties, and verification of various safety and performance specifications for computer programs. In the same spirit as standard Lyapunov functions, a Lyapunov invariant is an appropriately defined function of the state which satisfies a difference inequality along the trajectories. It is shown that variations of Lyapunov invariants satisfying certain technical conditions can be formulated for verification of several common specifications.(cont.) These include but are not limited to: absence of overflow, absence of division-by-zero, termination in finite time, and certain user-specified program assertions. (iii) A computational procedure based on convex relaxation techniques and numerical optimization is proposed for finding the Lyapunov invariants that prove the specifications. The framework is complemented by the introduction of a notion of optimality for the graph models. This notion can be used for constructing efficient graph models that improve the analysis in a systematic way. It is observed that the application of the framework to (graph models of) programs that are semantically identical but syntactically different does not produce identical results. This suggests that the success or failure of the method is contingent on the choice of the graph model. Based on this observation, the concepts of graph reduction, irreducible graphs, and minimal and maximal realizations of graph models are introduced. Several new theorems that compare the performance of the original graph model of a computer program and its reduced offsprings are presented. In reference to the software implementation problem for safety-critical systems, the main contribution of the dissertation is the introduction of an algorithm, based on optimization of quadratic Lyapunov functions and semidefinite programming, for computing optimal state space implementations for digital filters. The particular implementation that is considered is a finite word-length implementation on a fixed-point processor with quantization before or after multiplication. The objective is to minimize the effects of finite word-length constraints on performance deviation while respecting the overflow limits. The problem is first formulated as a special case of controller synthesis where the controller has a specific structure, which is known to be a hard non-convex problem in general.(cont.) It is then shown that this special case can be convexified exactly and the optimal implementation can be computed by solving a semidefinite optimization problem. It is observed that the optimal state space implementation of a digital filter on a machine with finite memory, does not necessarily define the same transfer function as that of an ideal implementation.by Mardavij Roozbehani.Ph.D

Proceedings of the 21st Conference on Formal Methods in Computer-Aided Design – FMCAD 2021

The Conference on Formal Methods in Computer-Aided Design (FMCAD) is an annual conference on the theory and applications of formal methods in hardware and system verification. FMCAD provides a leading forum to researchers in academia and industry for presenting and discussing groundbreaking methods, technologies, theoretical results, and tools for reasoning formally about computing systems. FMCAD covers formal aspects of computer-aided system design including verification, specification, synthesis, and testing