Skip to main content
QUICK REVIEW

[论文解读] Inductive Predicate Synthesis Modulo Programs

Scott Wesley, Maria Christakis|arXiv (Cornell University)|Jan 1, 2024
Computability, Logic, AI Algorithms被引用 1
一句话总结

本文提出了归纳谓词合成模程序(IPS-MP)这一新框架,可在程序规范中高效合成归纳谓词——即纯的、无循环的布尔函数。通过将IPS-MP归约为受限霍恩子句(CHC)满足性问题,该方法利用现成的CHC求解器实现可扩展验证,在布尔情况下实现多项式时间可判定性,并通过与SeaHorn集成,在智能合约验证中展现出实际有效性。

ABSTRACT

A growing trend in program analysis is to encode verification conditions within the language of the input program. This simplifies the design of analysis tools by utilizing off-the-shelf verifiers, but makes communication with the underlying solver more challenging. Essentially, the analyzer operates at the level of input programs, whereas the solver operates at the level of problem encodings. To bridge this gap, the verifier must pass along proof-rules from the analyzer to the solver. For example, an analyzer for concurrent programs built on an inductive program verifier might need to declare Owicki-Gries style proof-rules for the underlying solver. Each such proof-rule further specifies how a program should be verified, meaning that the problem of passing proof-rules is a form of invariant synthesis. Similarly, many program analysis tasks reduce to the synthesis of pure, loop-free Boolean functions (i.e., predicates), relative to a program. From this observation, we propose Inductive Predicate Synthesis Modulo Programs (IPS-MP) which extends high-level languages with minimal synthesis features to guide analysis. In IPS-MP, unknown predicates appear under assume and assert statements, acting as specifications modulo the program semantics. Existing synthesis solvers are inefficient at IPS-MP as they target more general problems. In this paper, we show that IPS-MP admits an efficient solution in the Boolean case, despite being generally undecidable. Moreover, we show that IPS-MP reduces to the satisfiability of constrained Horn clauses, which is less general than existing synthesis problems, yet expressive enough to encode verification tasks. We provide reductions from challenging verification tasks -- such as parameterized model checking -- to IPS-MP. We realize these reductions with an efficient IPS-MP-solver based on SeaHorn, and describe a application to smart-contract verification.

研究动机与目标

  • 为解决从程序分析工具向现成验证器(如SeaHorn)传达声明式证明规则的挑战。
  • 形式化一种新的合成问题——归纳谓词合成模程序(IPS-MP),以捕捉常见验证任务,如不变式合成与组合验证。
  • 证明IPS-MP在布尔情况下可高效判定,尽管其在一般情况下是不可判定的。
  • 通过与SeaHorn集成并在真实世界验证任务(包括智能合约验证)上进行评估,证明IPS-MP的实际可行性。

提出的方法

  • 将IPS-MP形式化为一个合成问题,其中未知谓词出现在assume和assert语句中,作为程序语义模下的规范。
  • 将IPS-MP归约为受限霍恩子句(CHC)满足性问题,从而可利用现有高效CHC求解器。
  • 利用布尔程序的结构,证明IPS-MP在状态数上具有多项式时间可判定性。
  • 在SeaHorn验证框架内实现IPS-MP求解器,重用其现有的CHC求解流水线。
  • 提供从复杂验证任务(如参数化模型检查和组合不变式合成)到IPS-MP的归约方法。
  • 在包括智能合约验证在内的基准测试上评估求解器性能,并与通用合成工具HornSpec和CVC4进行对比。

实验结果

研究问题

  • RQ1归纳谓词合成能否被形式化为一种问题,从而实现分析工具与验证器之间高效传递证明规则?
  • RQ2IPS-MP在布尔情况下是否可判定?若是,其计算复杂度如何?
  • RQ3IPS-MP能否在保持实际验证任务表达力的前提下,归约为CHC满足性问题?
  • RQ4基于现成CHC求解器的IPS-MP求解器在性能上是否优于通用合成工具(如HornSpec和CVC4)?
  • RQ5IPS-MP能否有效应用于真实世界的验证问题,如参数化系统和智能合约验证?

主要发现

  • 尽管IPS-MP在一般情况下不可判定,但在布尔情况下其具有多项式时间复杂度,与状态数成正比,因此可高效判定。
  • 将IPS-MP归约为CHC满足性问题,使得高性能CHC求解器得以应用,从而在性能上显著优于HornSpec和CVC4等通用合成工具。
  • 集成到SeaHorn中的IPS-MP求解器通过自动合成组合不变式,成功验证了智能合约,消除了对手动规范的依赖。
  • CVC4在所有基准测试中均超时,可能是因为IPS-MP缺乏语法支持,这对其枚举式搜索策略构成挑战。
  • HornSpec不适用于IPS-MP,因其依赖于正则树语法和代数数据类型的约束,而这类约束在效率上低于布尔或线性算术约束。
  • 该框架实现了模块化验证中不变式合成的端到端自动化,如Solidity智能合约的SmartACE用例所示。

更好的研究,从现在开始

从论文设计到论文写作,大幅缩短您的研究时间。

无需绑定信用卡

本解读由 AI 生成,并经人工编辑审核。