Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Background
Conclusion
References
All Topics
Computer Science
Computational Theory and Mathematics

Code2Inv: A Deep Learning Framework for Program Verification

Profile image of Aaditya NaikAaditya Naik

2020, Computer Aided Verification

https://doi.org/10.1007/978-3-030-53291-8_9
visibility

description

14 pages

link

1 file

Abstract

We propose a general end-to-end deep learning framework Code2Inv, which takes a verification task and a proof checker as input, and automatically learns a valid proof for the verification task by interacting with the given checker. Code2Inv is parameterized with an embedding module and a grammar: the former encodes the verification task into numeric vectors while the latter describes the format of solutions Code2Inv should produce. We demonstrate the flexibility of Code2Inv by means of two small-scale yet expressive instances: a loop invariant synthesizer for C programs, and a Constrained Horn Clause (CHC) solver.

Related papers

HOL-Boogie — An Interactive Prover for the Boogie Program-Verifier
Sascha Böhme

Lecture Notes in Computer Science, 2008

Boogie is a program verification condition generator for an imperative core language. It has front-ends for the programming languages C# and C enriched by annotations in first-order logic. Its verification conditions -constructed via a wp calculus from these annotations -are usually transferred to automated theorem provers such as Simplify or Z3. In this paper, however, we present a proofenvironment, HOL-Boogie, that combines Boogie with the interactive theorem prover Isabelle/HOL. In particular, we present specific techniques combining automated and interactive proof methods for codeverification. We will exploit our proof-environment in two ways: First, we present scenarios to "debug" annotations (in particular: invariants) by interactive proofs. Second, we use our environment also to verify "background theories", i.e. theories for data-types used in annotations as well as memory and machine models underlying the verification method for C.

View PDFchevron_right
VerifyThis 2019: A Program Verification Competition (Extended Report)
Rosemary Monahan

2020

VerifyThis is a series of program verification competitions that emphasize the human aspect: participants tackle the verification of detailed behavioral properties---something that lies beyond the capabilities of fully automatic verification, and requires instead human expertise to suitably encode programs, specifications, and invariants. This paper describes the 8th edition of VerifyThis, which took place at ETAPS 2019 in Prague. Thirteen teams entered the competition, which consisted of three verification challenges and spanned two days of work. The report analyzes how the participating teams fared on these challenges, reflects on what makes a verification challenge more or less suitable for the typical VerifyThis participants, and outlines the difficulties of comparing the work of teams using wildly different verification approaches in a competition focused on the human aspect.

View PDFchevron_right
Towards Neural-Guided Program Synthesis for Linear Temporal Logic Specifications
Alberto Javier Jaya Camacho

ArXiv, 2019

Synthesizing a program that realizes a logical specification is a classical problem in computer science. We examine a particular type of program synthesis, where the objective is to synthesize a strategy that reacts to a potentially adversarial environment while ensuring that all executions satisfy a Linear Temporal Logic (LTL) specification. Unfortunately, exact methods to solve so-called LTL synthesis via logical inference do not scale. In this work, we cast LTL synthesis as an optimization problem. We employ a neural network to learn a Q-function that is then used to guide search, and to construct programs that are subsequently verified for correctness. Our method is unique in combining search with deep learning to realize LTL synthesis. In our experiments the learned Q-function provides effective guidance for synthesis problems with relatively small specifications.

View PDFchevron_right
Directed Proof Generation for Machine Code
Matt Elder

2010

We present the algorithms used in MCVETO (Machine-Code VErification TOol), a tool to check whether a stripped machinecode program satisfies a safety property. The verification problem that MCVETO addresses is challenging because it cannot assume that it has access to (i) certain structures commonly relied on by source-code verification tools, such as control-flow graphs and call-graphs, and (ii) metadata, such as information about variables, types, and aliasing. It cannot even rely on out-of-scope local variables and return addresses being protected from the program's actions. What distinguishes MCVETO from other work on software model checking is that it shows how verification of machine-code can be performed, while avoiding conventional techniques that would be unsound if applied at the machine-code level.

View PDFchevron_right
Accurate Theorem Proving for Program Verification
Natasha Sharygina

Lecture Notes in Computer Science, 2006

Symbolic software verification engines such as Slam and ESC/Java often use automatic theorem provers to implement forms of symbolic simulation. The theorem provers that are used, such as Simplify, usually combine decision procedures for the theories of uninterpreted functions, linear arithmetic, and sometimes bit vectors using techniques proposed by Nelson-Oppen or Shostak. Programming language constructs such as pointers, structures and unions are not directly supported by the provers, and are often encoded imprecisely using axioms and uninterpreted functions.

View PDFchevron_right
DeepSaucer: Unified Environment for Verifying Deep Neural Networks
Thai Son Hoang

ArXiv, 2018

In recent years, a number of methods for verifying DNNs have been developed. Because the approaches of the methods differ and have their own limitations, we think that a number of verification methods should be applied to a developed DNN. To apply a number of methods to the DNN, it is necessary to translate either the implementation of the DNN or the verification method so that one runs in the same environment as the other. Since those translations are time-consuming, a utility tool, named DeepSaucer, which helps to retain and reuse implementations of DNNs, verification methods, and their environments, is proposed. In DeepSaucer, code snippets of loading DNNs, running verification methods, and creating their environments are retained and reused as software assets in order to reduce cost of verifying DNNs. The feasibility of DeepSaucer is confirmed by implementing it on the basis of Anaconda, which provides virtual environment for loading a DNN and running a verification method. In a...

View PDFchevron_right
Cogent: Accurate Theorem Proving for Program Verification
Natasha Sharygina

Lecture Notes in Computer Science, 2005

Symbolic software verification engines such as Slam and ESC/Java often use automatic theorem provers to implement forms of symbolic simulation. The theorem provers that are used, such as Simplify, usually combine decision procedures for the theories of uninterpreted functions, linear arithmetic, and sometimes bit vectors using techniques proposed by Nelson-Oppen or Shostak. Programming language constructs such as pointers, structures and unions are not directly supported by the provers, and are often encoded imprecisely using axioms and uninterpreted functions.

View PDFchevron_right
VS3: SMT Solvers for Program Verification
Saurabh Srivastava

2009

We present VS3, a tool that automatically verifies complex properties of programs and infers maximally weak preconditions and maximally strong postconditions by leveraging the power of SMT solvers. VS3 discovers program invariants with arbitrary, but prespecified, quantification and logical structure. The user supplies VS3 with a set of predicates and invariant templates. VS3 automatically finds instantiations of the unknowns in the templates as subsets of the predicate set. We have used VS3 to automatically verify ∀ ∃ properties of programs and to infer worst case upper bounds and preconditions for functional correctness.

View PDFchevron_right
VerifyThis 2017 : A Program Verification Competition
Rosemary Monahan

2017

VerifyThis 2017 was a two-day program verification competition which took place from April 22-23rd, 2017 in Uppsala, Sweden as part of the European Joint Conferences on Theory and Practice of Software (ETAPS 2017). It was the sixth instalment in the VerifyThis competition series. This article provides an overview of the VerifyThis 2017 event, the challenges that were posed during the competition, and a high-level overview of the solutions to these challenges. It concludes with the results of the competition.

View PDFchevron_right
Mind the Gap A Verification Framework for Low-Level C
June Andronick, Simon Winwood, Michael Norrish

2000

This paper presents the formal Isabelle/HOL framework we use to prove refinement between an executable, monadic specification and the C implementation of the seL4 microkernel. We describe the refinement framework itself, the automated tactics it supports, and the connection to our previous C verification framework. We also report on our experience in applying the framework to seL4. The characteristics of

View PDFchevron_right

References (40)

  1. Allamanis, M., Brockschmidt, M., Khademi, M.: Learning to represent programs with graphs. In: Proceedings of the International Conference on Learning Repre- sentations (ICLR) (2018)
  2. Alur, R., et al.: Syntax-guided synthesis. In: Proceedings of Formal Methods in Computer-Aided Design (FMCAD) (2013)
  3. Alur, R., Radhakrishna, A., Udupa, A.: Scaling enumerative program synthesis via divide and conquer. In: Legay, A., Margaria, T. (eds.) TACAS 2017. LNCS, vol. 10205, pp. 319-336. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3- 662-54577-5 18
  4. Alur, R., Singh, R., Fisman, D., Solar-Lezama, A.: Search-based program synthesis. Commun. ACM 61(12), 84-93 (2018)
  5. Bahdanau, D., Cho, K., Bengio, Y.: Neural machine translation by jointly learning to align and translate. In: Proceedings of the International Conference on Learning Representations (ICLR) (2015)
  6. Bjørner, N., Gurfinkel, A., McMillan, K., Rybalchenko, A.: Horn clause solvers for program verification. In: Beklemishev, L.D., Blass, A., Dershowitz, N., Finkbeiner, B., Schulte, W. (eds.) Fields of Logic and Computation II. LNCS, vol. 9300, pp. 24-51.
  7. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-23534-9 2
  8. Chung, J., Gülçehre, C ¸., Cho, K., Bengio, Y.: Empirical evaluation of gated recur- rent neural networks on sequence modeling. CoRR abs/1412.3555 (2014)
  9. Dai, H., Dai, B., Song, L.: Discriminative embeddings of latent variable models for structured data. In: Proceedings of the International Conference on Machine Learning (ICML) (2016)
  10. Garg, P., Löding, C., Madhusudan, P., Neider, D.: ICE: a robust frame- work for learning invariants. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 69-87. Springer, Cham (2014). https://doi.org/10.1007/978-3-319- 08867-9 5
  11. Garg, P., Neider, D., Madhusudan, P., Roth, D.: Learning invariants using decision trees and implication counterexamples. In: Proceedings of the ACM Symposium on Principles of Programming Languages (POPL) (2016)
  12. Gilmer, J., Schoenholz, S.S., Riley, P.F., Vinyals, O., Dahl, G.E.: Neural message passing for quantum chemistry. In: Proceedings of the International Conference on Machine Learning (ICML), pp. 1263-1272 (2017)
  13. Graves, A., Wayne, G., Danihelka, I.: Neural turing machines. CoRR abs/1410.5401 (2014)
  14. Grefenstette, E., Hermann, K.M., Suleyman, M., Blunsom, P.: Learning to trans- duce with unbounded memory. In: Proceedings of the Conference on Neural Infor- mation Processing Systems (NIPS), pp. 1828-1836 (2015)
  15. Gurfinkel, A., Kahsai, T., Komuravelli, A., Navas, J.A.: The SeaHorn verification framework. In: Kroening, D., Pȃsȃreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9206, pp. 343-361. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21690- 4 20
  16. Heo, K., Raghothaman, M., Si, X., Naik, M.: Continuously reasoning about pro- grams using differential Bayesian inference. In: Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI) (2019)
  17. Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735-1780 (1997)
  18. Jha, S., Gulwani, S., Seshia, S.A., Tiwari, A.: Oracle-guided component-based pro- gram synthesis. In: Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering (2010)
  19. Komuravelli, A., Gurfinkel, A., Chaki, S.: SMT-based model checking for recursive programs. Formal Methods Syst. Des. 48(3), 175-205 (2016)
  20. Li, Y., Tarlow, D., Brockschmidt, M., Zemel, R.: Gated graph sequence neural networks. arXiv preprint arXiv:1511.05493 (2015)
  21. Logozzo, F., Lahiri, S.K., Fähndrich, M., Blackshear, S.: Verification modulo ver- sions: towards usable verification. In: Proceedings of the ACM Conference on Pro- gramming Language Design and Implementation (PLDI) (2014)
  22. McMillan, K.L., Rybalchenko, A.: Solving constrained horn clauses using interpo- lation. Technical report MSR-TR-2013-6 (2013)
  23. Mnih, V., et al.: Human-level control through deep reinforcement learning. Nature 518(7540), 529-533 (2015)
  24. de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337-340. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3 24
  25. Necula, G.C., McPeak, S., Rahul, S.P., Weimer, W.: CIL: intermediate language and tools for analysis and transformation of C programs. In: Horspool, R.N. (ed.) CC 2002. LNCS, vol. 2304, pp. 213-228. Springer, Heidelberg (2002). https://doi. org/10.1007/3-540-45937-5 16
  26. O'Hearn, P.: Continuous reasoning: scaling the impact of formal methods. In: Pro- ceedings of the Annual ACM/IEEE Symposium on Logic in Computer Science (LICS) (2018)
  27. Padhi, S., Sharma, R., Millstein, T.: Data-driven precondition inference with learned features. In: Proceedings of the ACM Conference on Programming Lan- guage Design and Implementation (PLDI) (2016)
  28. Ryan, G., Wong, J., Yao, J., Gu, R., Jana, S.: CLN2INV: learning loop invariants with continuous logic networks. In: Proceedings of the International Conference on Learning Representations (ICLR) (2020)
  29. Scarselli, F., Gori, M., Tsoi, A.C., Hagenbuchner, M., Monfardini, G.: The graph neural network model. IEEE Trans. Neural Networks 20(1), 61-80 (2009)
  30. Sharma, R., Aiken, A.: From invariant checking to invariant inference using ran- domized search. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 88-105.
  31. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08867-9 6
  32. Si, X., Dai, H., Raghothaman, M., Naik, M., Song, L.: Learning loop invariants for program verification. In: Proceedings of the Conference on Neural Information Processing Systems (NIPS) (2018)
  33. Solar-Lezama, A., Tancau, L., Bodik, R., Saraswat, V., Seshia, S.: Combinatorial sketching for finite programs. In: Proceedings of Architectural Support for Pro- gramming Languages and Operating Systems (ASPLOS) (2006)
  34. Srivastava, S., Gulwani, S., Foster, J.S.: From program verification to program synthesis. In: Proceedings of the ACM Symposium on Principles of Programming Languages (POPL) (2010)
  35. Sukhbaatar, S., Weston, J., Fergus, R., et al.: End-to-end memory networks. In: Proceedings of the Conference on Neural Information Processing Systems (NIPS) (2015)
  36. Sutton, R.S., Barto, A.G.: Reinforcement Learning -An Introduction. MIT Press, Adaptive computation and machine learning (1998)
  37. Tai, K.S., Socher, R., Manning, C.D.: Improved semantic representations from tree- structured long short-term memory networks. In: Proceedings of the Association for Computational Linguistics (ACL) (2015)
  38. Xu, K., Hu, W., Leskovec, J., Jegelka, S.: How powerful are graph neural net- works? In: Proceedings of the International Conference on Learning Representa- tions (ICLR) (2019)
  39. Ying, R., et al.: Hierarchical graph representation learning with differentiable pool- ing. In: Proceedings of the Conference on Neural Information Processing Systems (NIPS) (2018)
  40. Zhu, H., Magill, S., Jagannathan, S.: A data-driven CHC solver. In: Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI) (2018)

Related papers

HOL-Boogie—An Interactive Prover-Backend for the Verifying C Compiler
Michal Moskal, Sascha Böhme, Burkhart Wolff

Journal of Automated Reasoning, 2010

Boogie is a verification condition generator for an imperative core language. It has front-ends for the programming languages C# and C enriched by annotations in first-order logic, i. e. pre-and postconditions, assertions, and loop invariants. Moreover, concepts like ghost fields, ghost variables, ghost code and specification functions have been introduced to support a specific modeling methodology. Boogie's verification conditions-constructed via a wp calculus from annotated programs-are usually transferred to automated theorem provers such as Simplify or Z3. This also comprises the expansion of language-specific modeling constructs in terms of a theory describing memory and elementary operations on it; this theory is called a machine/memory model. In this paper, we present a proof environment, HOL-Boogie, that combines Boogie with the interactive theorem prover Isabelle/HOL, for a specific C front-end and a machine/memory model. In particular, we present specific techniques combining automated and interactive proof methods for code verification. The main goal of our environment is to help program verification engineers in their task to "debug" annotations and to find combined proofs where purely automatic proof attempts fail.

View PDFchevron_right
Synthetic Reasoning: Verifiable AI by Modular Program Synthesis
Kamal Pandey

Large Language Models (LLMs) suffer from a critical "faithfulness gap". Their generated explanations, such as Chain-of-Thought (CoT), are often post-hoc rationalizations that do not reflect the true computational process, posing a fundamental risk to AI safety. To resolve this, we propose a paradigm shift from generative to synthetic reasoning. I introduce Modular Reasoning Synthesis Transformers (MRSTs), a neuro-symbolic architecture that, for a given problem, synthesizes an explicit and verifiable reasoning program from a library of specialized modules. This program, a formal computational graph, is then executed to produce the solution. By design, the executed program serves as a complete and faithful audit trail of the model's reasoning, eliminating the faithfulness gap. Our multi-objective training regime optimizes for not only accuracy but also the causal validity and conciseness of the synthesized programs. This synthetic reasoning approach provides a concrete pathway toward building large-scale AI systems that are demonstrably robust, auditable, and trustworthy.

View PDFchevron_right
CLN2INV: Learning Loop Invariants with Continuous Logic Networks
Justin Wong

ArXiv, 2020

Program verification offers a framework for ensuring program correctness and therefore systematically eliminating different classes of bugs. Inferring loop invariants is one of the main challenges behind automated verification of real-world programs which often contain many loops. In this paper, we present Continuous Logic Network (CLN), a novel neural architecture for automatically learning loop invariants directly from program execution traces. Unlike existing neural networks, CLNs can learn precise and explicit representations of formulas in Satisfiability Modulo Theories (SMT) for loop invariants from program execution traces. We develop a new sound and complete semantic mapping for assigning SMT formulas to continuous truth values that allows CLNs to be trained efficiently. We use CLNs to implement a new inference system for loop invariants, CLN2INV, that significantly outperforms existing approaches on the popular Code2Inv dataset. CLN2INV is the first tool to solve all 124 th...

View PDFchevron_right
Verification of C Programs Using Automated Reasoning
David Crocker

Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007), 2007

Much of the embedded software development market has necessarily tight constraints on program size and processor power, hence developers use handwritten C rather than autocode. They rely primarily on testing to find errors in their code. We have an established software development tool known commercially as Perfect Developer, which uses a powerful automatic theorem prover and inference engine to reason about requirements and specifications. We have found that automated reasoning can be used to discharge a very high proportion of verification conditions arising from the specification and refinement of software components described in our formal specification language, Perfect. The Perfect Developer tool set can also generate code in a C++ subset or in Java, and the output code is then virtually certain to meet the stated specification, reducing the need for exhaustive testing. However, this is not helpful to developers of embedded software who are constrained to write code by hand. We therefore decided to investigate whether automated reasoning could provide a similar degree of success in the verification of annotated C code. We present our preliminary findings.

View PDFchevron_right
VerifyThis 2019: a program verification competition
Rosemary Monahan

International Journal on Software Tools for Technology Transfer

VerifyThis is a series of program verification competitions that emphasize the human aspect: participants tackle the verification of detailed behavioral properties—something that lies beyond the capabilities of fully automatic verification and requires instead human expertise to suitably encode programs, specifications, and invariants. This paper describes the 8th edition of VerifyThis, which took place at ETAPS 2019 in Prague. Thirteen teams entered the competition, which consisted of three verification challenges and spanned 2 days of work. This report analyzes how the participating teams fared on these challenges, reflects on what makes a verification challenge more or less suitable for the typical VerifyThis participants, and outlines the difficulties of comparing the work of teams using wildly different verification approaches in a competition focused on the human aspect.

View PDFchevron_right

Related topics

  • Computer Science
  • Parameterized Complexity
    • 580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved