An Algebraic Framework for Compositional Program Analysis

The purpose of a program analysis is to compute an abstract meaning for a program which approximates its dynamic behaviour. A compositional program analysis accomplishes this task with a divide-and-conquer strategy: the meaning of a program is computed by dividing it into sub-programs, computing their meaning, and then combining the results. Compositional program analyses are desirable because they can yield scalable (and easily parallelizable) program analyses. This paper presents algebraic framework for designing, implementing, and proving the correctness of compositional program analyses. A program analysis in our framework defined by an algebraic structure equipped with sequencing, choice, and iteration operations. From the analysis design perspective, a particularly interesting consequence of this is that the meaning of a loop is computed by applying the iteration operator to the loop body. This style of compositional loop analysis can yield interesting ways of computing loop invariants that cannot be defined iteratively. We identify a class of algorithms, the so-called path-expression algorithms [Tarjan1981,Scholz2007], which can be used to efficiently implement analyses in our framework. Lastly, we develop a theory for proving the correctness of an analysis by establishing an approximation relationship between an algebra defining a concrete semantics and an algebra defining an analysis.Comment: 15 page

Towards a Moral Conception of Allyship

This thesis strives towards a moral conception of allyship rooted in respect in order to address rising critiques that regard allyship as a morally bankrupt and ineffective practice. The thesis proceeds by first examining the pragmatic institutional understanding of allyship and how such an understanding justifies the critiques of re-centering that are raised against allyship. In an effort to address these concerns, this thesis raises concerns about the roles of beneficence and love in allyship and proposes an understanding of allyship rooted in respect where that respect is best understood as respecting the right to self-determination of oppressed communities

When Less Is More: Consequence-Finding in a Weak Theory of Arithmetic

This paper presents a theory of non-linear integer/real arithmetic and algorithms for reasoning about this theory. The theory can be conceived as an extension of linear integer/real arithmetic with a weakly-axiomatized multiplication symbol, which retains many of the desirable algorithmic properties of linear arithmetic. In particular, we show that the conjunctive fragment of the theory can be effectively manipulated (analogously to the usual operations on convex polyhedra, the conjunctive fragment of linear arithmetic). As a result, we can solve the following consequence-finding problem: given a ground formula F, find the strongest conjunctive formula that is entailed by F. As an application of consequence-finding, we give a loop invariant generation algorithm that is monotone with respect to the theory and (in a sense) complete. Experiments show that the invariants generated from the consequences are effective for proving safety properties of programs that require non-linear reasoning

Learning Nonlinear Loop Invariants with Gated Continuous Logic Networks (Extended Version)

Verifying real-world programs often requires inferring loop invariants with nonlinear constraints. This is especially true in programs that perform many numerical operations, such as control systems for avionics or industrial plants. Recently, data-driven methods for loop invariant inference have shown promise, especially on linear invariants. However, applying data-driven inference to nonlinear loop invariants is challenging due to the large numbers of and magnitudes of high-order terms, the potential for overfitting on a small number of samples, and the large space of possible inequality bounds. In this paper, we introduce a new neural architecture for general SMT learning, the Gated Continuous Logic Network (G-CLN), and apply it to nonlinear loop invariant learning. G-CLNs extend the Continuous Logic Network (CLN) architecture with gating units and dropout, which allow the model to robustly learn general invariants over large numbers of terms. To address overfitting that arises from finite program sampling, we introduce fractional sampling---a sound relaxation of loop semantics to continuous functions that facilitates unbounded sampling on real domain. We additionally design a new CLN activation function, the Piecewise Biased Quadratic Unit (PBQU), for naturally learning tight inequality bounds. We incorporate these methods into a nonlinear loop invariant inference system that can learn general nonlinear loop invariants. We evaluate our system on a benchmark of nonlinear loop invariants and show it solves 26 out of 27 problems, 3 more than prior work, with an average runtime of 53.3 seconds. We further demonstrate the generic learning ability of G-CLNs by solving all 124 problems in the linear Code2Inv benchmark. We also perform a quantitative stability evaluation and show G-CLNs have a convergence rate of $97.5\%$ on quadratic problems, a $39.2\%$ improvement over CLN models

Parallel Proofs for Parallel Programs

This dissertation addresses the problem of automated reasoning about multi-threaded programs. Multi-threaded programs are notoriously prone to error, making them an attractive target for formal methods which can be used to \emph{guarantee} that programs satisfy desirable properties. \emph{Automated} formal methods lift the burden of reasoning about concurrency from software developers onto the shoulders of machines. However, concurrency raises some significant algorithmic challenges for formal methods, particularly in reasoning about complex interactions between threads. This dissertation aims to tame this problem by developing \emph{parallel} logical foundations for multi-threaded programs. Classical approaches to reasoning about multi-threaded programs are based on developing clever ways to reason about them as if they were sequential. There are two prototypical examples of this approach: the \emph{interleaving model} and the \emph{thread-modular model}. In the interleaving model, a multi-threaded program is \emph{compiled} into a sequential program that interleaves the behaviour of all threads, after which we may reason about the program using classical techniques for sequential programs. In the thread-modular model, we reason about each thread independently as a sequential program, subject to side-conditions that enforce that the reasoning about each thread is robust under interference from the others. This dissertation takes a different tack: rather than devise a way to apply sequential reasoning to multi-threaded programs, we develop foundations for reasoning about parallelism directly. On these foundations, we build static analysis and software model checking algorithms for verifying and refuting properties of multi-threaded programs. We show that direct and explicit representation of parallelism enables tractable and precise automated reasoning.Ph.D

Solvable Polynomial Ideals: The Ideal Reflection for Program Analysis Artifact

Artifact for POPL24 paper 122: Solvable Polynomial Ideals: The Ideal Reflection for Program Analysis

A New Notion of Compositionality for Concurrent Program Proofs (Invited Talk)

This paper presents a high level overview of Proof Spaces [Farzan, Kincaid, and Podelski, 2015] as an instance of a new approach to compositional verification of concurrent programs and discusses potential future work extending the approach beyond its current scope of applicability