skip to main content
10.1145/3317550.3321451acmconferencesArticle/Chapter ViewAbstractPublication PageshotosConference Proceedingsconference-collections
research-article

Towards Automatic Inference of Inductive Invariants

Published: 13 May 2019 Publication History

Abstract

Distributed systems are notoriously difficult to design and implement correctly. Formal verification provides correctness proofs, and has recently been successfully applied to various distributed systems. At the heart of a typical formal verification is a computer-checked proof with an inductive invariant. Finding this inductive invariant is the hardest part of the proof: a part that is currently undertaken manually by the developer and is responsible for most of the effort associated with formal verification.
In this paper, we present a new approach: Incremental Inference of Inductive Invariants (I4), to automatically generate inductive invariants for distributed protocols. We start from a simple idea: the inductive invariant of a finite instance of the protocol must be an instance of a general inductive invariant for the infinite distributed protocol. In I4, we instantiate a finite instance of the protocol, work out the finite inductive invariant of this instance, then figure out the general inductive invariant as a generalization of the finite invariant. Our experiments show that I4 can finish the general proof of correctness of several systems with minimal human effort.

References

[1]
IEEE Standard for System Verilog--Unified Hardware Design, Specification, and Verification Language. IEEE Std 1800-2017 (Revision of IEEE Std 1800-2012), pages 1--1315, Feb 2018.
[2]
W. J. Bolosky, J. R. Douceur, and J. Howell. The farsite project: A retrospective. SIGOPS Oper. Syst. Rev., 41(2):17--26, Apr. 2007.
[3]
R. S. Boyer, B. Elspas, and K. N. Levitt. SELECT -- a formal system for testing and debugging programs by symbolic execution. In Intl. Conf. on Reliable Software, 1975.
[4]
A. R. Bradley. Sat-based model checking without unrolling. In International Workshop on Verification, Model Checking, and Abstract Interpretation, pages 70--87. Springer, 2011.
[5]
C. Cadar, D. Dunbar, and D. Engler. Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. In USENIX Conference on Operating Systems Design and Implementation, 2008.
[6]
E. Chang and R. Roberts. An improved algorithm for decentralized extrema-finding in circular configurations of processes. Communications of the ACM, 22(5):281--283, 1979.
[7]
H. Chen, T. Chajed, A. Konradi, S. Wang, A. İleri, A. Chlipala, M. F. Kaashoek, and N. Zeldovich. Verifying a high-performance crash-safe file system using a tree specification. In Proceedings of the 26th Symposium on Operating Systems Principles, SOSP '17, pages 270--286, New York, NY, USA, 2017. ACM.
[8]
H. Chen, D. Ziegler, T. Chajed, A. Chlipala, M. F. Kaashoek, and N. Zeldovich. Using crash hoare logic for certifying the fscq file system. In Proceedings of the 25th Symposium on Operating Systems Principles, SOSP '15, pages 18--37, New York, NY, USA, 2015. ACM.
[9]
A. Cimatti and A. Griggio. Software model checking via ic3. In International Conference on Computer Aided Verification, pages 277--293. Springer, 2012.
[10]
CVE-2016-5195. Dirty cow vulnerability. https://dirtycow.mnja/, 2017.
[11]
C. development team. The coq proof assistant reference manual. http://coq.inria.fr/distrib/current/refman/.
[12]
D. D'Souza, P. Ezudheen, P. Garg, P. Madhusudan, and D. Neider. Hornice learning for synthesizing invariants and contracts. arXiv preprint arXiv:1712.09418, 2017.
[13]
N. Een, A. Mishchenko, and R. Brayton. Efficient implementation of property directed reachability. In Proceedings of the International Conference on Formal Methods in Computer-Aided Design, pages 125--134. FMCAD Inc, 2011.
[14]
M. D. Ernst, A. Czeisler, W. G. Griswold, and D. Notkin. Quickly detecting relevant program invariants. In Proceedings of the 22nd international conference on Software engineering, pages 449--458. ACM, 2000.
[15]
C. Flanagan and K. R. M. Leino. Houdini, an annotation assistant for esc/java. In International Symposium of Formal Methods Europe, pages 500--517. Springer, 2001.
[16]
P. Garg, C. Löding, P. Madhusudan, and D. Neider. Ice: A robust framework for learning invariants. In International Conference on Computer Aided Verification, pages 69--87. Springer, 2014.
[17]
P. Godefroid, N. Klarlund, and K. Sen. DART: Directed automated random testing. In PLDI' 05, pages 213--223, 2005.
[18]
A. Goel and K. Sakallah. Averroes 2. http://www.github.com/aman-goel/avr.
[19]
A. Goel and K. Sakallah. Empirical evaluation of ic3-based model checking techniques on verilog rtl designs. In Proceedings of the Conference on Design, Automation and Test in Europe. EDA Consortium, 2019.
[20]
A. Goel and K. Sakallah. Model checking of verilog rtl using ic3 with syntax-guided abstraction. In NASA Formal Methods Symposium. Springer, 2019.
[21]
S. Grebenshchikov, N. P. Lopes, C. Popeea, and A. Rybalchenko. Synthesizing software verifiers from proof rules. ACM SIGPLAN Notices, 47(6):405--416, 2012.
[22]
C. Hawblitzel, J. Howell, M. Kapritsos, J. R. Lorch, B. Parno, M. L. Roberts, S. Setty, and B. Zill. Ironfleet: proving practical distributed systems correct. In Proceedings of the 25th Symposium on Operating Systems Principles, pages 1--17. ACM, 2015.
[23]
C. Hawblitzel, J. Howell, J. R. Lorch, A. Narayan, B. Parno, D. Zhang, and B. Zill. Ironclad apps: End-to-end security via automated full-system verification. In Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation, OSDI'14, pages 165--181, Berkeley, CA, USA, 2014. USENIX Association.
[24]
K. Hoder and N. Bjørner. Generalized property directed reachability. In International Conference on Theory and Applications of Satisfiability Testing, pages 157--171. Springer, 2012.
[25]
S. Itzhaky, N. Bjørner, T. Reps, M. Sagiv, and A. Thakur. Property-directed shape analysis. In International Conference on Computer Aided Verification, pages 35--51. Springer, 2014.
[26]
A. Karbyshev, N. Bjørner, S. Itzhaky, N. Rinetzky, and S. Shoham. Property-directed inference of universal invariants or proving their absence. Journal of the ACM (JACM), 64(1):7, 2017.
[27]
J.C. King. Symbolic execution and program testing. Communications of the ACM, 1976.
[28]
G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. sel4: Formal verification of an os kernel. In Proceedings of the ACM SIGOPS 22Nd Symposium on Operating Systems Principles, SOSP '09, pages 207--220, New York, NY, USA, 2009. ACM.
[29]
L. Lamport. The part-time parliament. ACM Trans. Comput. Syst., 16(2):133--169, May 1998.
[30]
L. Lamport. Specifying systems: the TLA+ language and tools for hardware and software engineers. Addison-Wesley Longman Publishing Co., Inc., 2002.
[31]
S. Lee and K. A. Sakallah. Unbounded Scalable Verification Based on Approximate Property-Directed Reachability and Datapath Abstraction. In Computer-Aided Verification (CAV), volume LNCS 8559, pages 849--865, Vienna, Austria, July 2014. Springer.
[32]
K. R. M. Leino. Dafny: An automatic program verifier for functional correctness. In Proceedings of the 16th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning, LPAR'10, pages 348--370, Berlin, Heidelberg, 2010. Springer-Verlag.
[33]
R. J. Lipton. Reduction: A method of proving properties of parallel programs. Commun. ACM, 18(12):717--721, Dec. 1975.
[34]
L. Nelson, H. Sigurbjarnarson, K. Zhang, D. Johnson, J. Bornholt, E. Torlak, and X. Wang. Hyperkernel: Push-button verification of an os kernel. In Proceedings of the 26th Symposium on Operating Systems Principles, SOSP '17, pages 252--269, New York, NY, USA, 2017. ACM.
[35]
T. Nipkow, M. Wenzel, and L. C. Paulson. Isabelle/HOL: A Proof Assistant for Higher-order Logic. Springer-Verlag, Berlin, Heidelberg, 2002.
[36]
O. Padon, K. L. McMillan, A. Panda, M. Sagiv, and S. Shoham. Ivy: safety verification by interactive generalization. ACM SIGPLAN Notices, 51(6):614--630, 2016.
[37]
A. Pnueli, S. Ruah, and L. Zuck. Automatic deductive verification with invisible invariants. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems, pages 82--97. Springer, 2001.
[38]
M. Research. Everest project. https://www.microsoft.com/en-us/research/project/project-everest-verified-secure-implementations-https-ecosystem/, 2016.
[39]
K. Sen, D. Marinov, and G. Agha. CUTE: A concolic unit testing engine for C. In 5th joint meeting of the European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE'05), pages 263--272, 2005.
[40]
N. Swamy, J. Chen, C. Fournet, P. Strub, K. Bhargavan, and J. Yang. Secure distributed programming with value-dependent types. In M. M. T. Chakravarty, Z. Hu, and O. Danvy, editors, Proceeding of the 16th ACM SIGPLAN international conference on Functional Programming, pages 266--278. ACM, 2011.
[41]
A. S. Team. Amazon S3 availability event: July 20, 2008. http://status.aws.amazon.com/s3-20080720.html, 2008.
[42]
The Associated Press. General Electric acknowledges Northeastern blackout bug. http://www.securityfocus.com/news/8032, 2004.
[43]
J. R. Wilcox, D. Woos, P. Panchekha, Z. Tatlock, X. Wang, M. D. Ernst, and T. Anderson. Verdi: A framework for implementing and formally verifying distributed systems. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '15, pages 357--368, New York, NY, USA, 2015. ACM.
[44]
J. Yang, A. Cui, S. Stolfo, and S. Sethumadhavan. Concurrency attacks. In The Fourth USENIX Workshop on Hot Topics in Parallelism, 2012.

Cited By

View all
  • (2022)Regularity and quantification: a new approach to verify distributed protocolsInnovations in Systems and Software Engineering10.1007/s11334-022-00460-819:4(359-377)Online publication date: 29-Sep-2022
  • (2021)On Symmetry and Quantification: A New Approach to Verify Distributed ProtocolsNASA Formal Methods10.1007/978-3-030-76384-8_9(131-150)Online publication date: 19-May-2021
  • (2020)AVR: Abstractly Verifying ReachabilityTools and Algorithms for the Construction and Analysis of Systems10.1007/978-3-030-45190-5_23(413-422)Online publication date: 17-Apr-2020

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
HotOS '19: Proceedings of the Workshop on Hot Topics in Operating Systems
May 2019
227 pages
ISBN:9781450367271
DOI:10.1145/3317550
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 May 2019

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

HotOS '19
Sponsor:

Upcoming Conference

HOTOS '25
Workshop on Hot Topics in Operating Systems
May 14 - 16, 2025
Banff , AB , Canada

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)23
  • Downloads (Last 6 weeks)2
Reflects downloads up to 13 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2022)Regularity and quantification: a new approach to verify distributed protocolsInnovations in Systems and Software Engineering10.1007/s11334-022-00460-819:4(359-377)Online publication date: 29-Sep-2022
  • (2021)On Symmetry and Quantification: A New Approach to Verify Distributed ProtocolsNASA Formal Methods10.1007/978-3-030-76384-8_9(131-150)Online publication date: 19-May-2021
  • (2020)AVR: Abstractly Verifying ReachabilityTools and Algorithms for the Construction and Analysis of Systems10.1007/978-3-030-45190-5_23(413-422)Online publication date: 17-Apr-2020

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media