Verification and Synthesis using SMT Solvers

This paper explores the use of SMT solvers for program verification and synthesis, focusing on discovering invariants with arbitrary quantification and boolean structure. It delves into proving programs correct by inferring program states and discusses tasks like sortedness and permutation. The authors present methodologies for verifying and synthesizing programs by leveraging SMT solvers to find invariants and ensure program correctness.

• Program Verification
• SMT Solvers
• Invariants
• Synthesis
• Program Correctness

wafi_619 Follow

Uploaded on Feb 21, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. VS3: Verification and Synthesis using SMT Solvers SMT Solvers for Program Verification Saurabh Srivastava * Sumit Gulwani ** Jeffrey S. Foster * * University of Maryland, College Park ** Microsoft Research, Redmond

2. What VS3will let you do! A. Discover invariants with arbitrary quantification and boolean structure : E.g. Sortedness Selection Sort: for i = 0 n { for j = i n { find min index } if (min i) swap A[min], A[i] } .. k1,k2 k1 k2 : E.g. Permutation Aold .... j k Anew k j

3. What VS3 will let you do! A. Discover invariants with arbitrary quantification and boolean structure : E.g. Sortedness Selection Sort: i:=0 i<n .. k1,k2 k1 k2 j:=i j<n : E.g. Permutation Output array Find min index Aold .... j k if (min != i) swap A[i], A[min] Anew k j

4. Verification: Proving Programs Correct Input state true Selection Sort: i:=0 Iouter i<n j:=i Output state Iinner j<n Sortedness Permutation Output array Find min index The difficult task is program state (invariant) inference: Iinner, Iouter, Input state, Output state if (min != i) swap A[i], A[min]

5. Verification: Proving Programs Correct Input state true Selection Sort: k1,k2 : 0 k1<k2<n k1<i => A[k1] A[k2] i:=0 i < j i min < n i<n j:=i k1,k2 : 0 k1<k2<n k1<i => A[k1] A[k2] Output state k2 : 0 k2 i k2<j => A[min] A[k2] j<n Sortedness Permutation Output array Find min index The difficult task is program state (invariant) inference: Iinner, Iouter, Input state, Output state k1,k2 : 0 k1<k2<n => A[k1] A[k2] if (min != i) swap A[i], A[min]

6. Verification: Proving Programs Correct Input state true Selection Sort: k1,k2 : (----------------) => A[k1] A[k2] k1,k2 : 0 k1<k2<n k1<i => A[k1] A[k2] k1,k2 : 0 k1<k2<n k1<i => A[k1] A[k2] i:=0 i < j (------------------- ) i min < n i<n j:=i k1,k2 : 0 k1<k2<n k1<i => A[k1] A[k2] k1,k2 : (---------------) => A[k1] A[k2] Output state k2 : 0 k2 i k2<j => A[min] A[k2] k2 : (-----------) => A[min] A[k2] j<n Sortedness Permutation Output array Find min index The difficult task is program state (invariant) inference: Iinner, Iouter, Input state, Output state k1,k2 : 0 k1<k2<n => A[k1] A[k2] if (min != i) swap A[i], A[min]

7. Verification: Proving Programs Correct Input state true Selection Sort: (------------------- ) k1,k2 : (----------------) => A[k1] A[k2] k2 : (-----------) => A[min] A[k2] i:=0 (------------------- ) i<n j:=i k1,k2 : (---------------) => A[k1] A[k2] Output state k2 : (-----------) => A[min] A[k2] j<n Sortedness Permutation Output array Find min index The difficult task is program state (invariant) inference: Iinner, Iouter, Input state, Output state k1,k2 : 0 k1<k2<n => A[k1] A[k2] if (min != i) swap A[i], A[min]

8. Verification: Proving Programs Correct Bubble Sort: (------------------- ) k1,k2 : (----------------) => A[k1] A[k2] k1,k2 : (----------) => A[k1] A[k2] i:=n-1 (------------------- ) i>0 j:=0 k1,k2 : (---------------) => A[k1] A[k2] k1,k2 : (----------) => A[k1] A[k2] j<i Output array if (a[j] > a[j+1]) swap A[j], A[j+1] k1,k2 : 0 k1<k2<n => A[k1] A[k2]

9. User Input:Templates and Predicates Templates Unknown holes Intuitive and simple Depending on the property being proved; form straight-forward Limited to the quantification and disjunction Predicate Abstraction Enumerate predicates of the form Program variables, array elements Relational operator <, , >, E.g., {i<j, i>j, i j, i j }

10. Tool architecture Microsoft s Phoenix Compiler Cut-Set VS3 Verification Conditions C Program CFG Templates for invariants Iterative Fixed-point GFP/LFP Constraint- based Fixed-Point Predicate Sets SMT Solver Candidate Solutions Boolean Constraint SAT Solver Preconditions Postconditions Invariants

11. Fixed-point Computation Constraint-based (VMCAI 09) Separately encode each VC as SAT constraint Local constraints SAT clauses Use SAT solver to do fixed-point computation Compare against trivial approach: 1.6e14 minutes Iterative (PLDI 09) Facts do not form a lattice, but power-set does We ensure that if there exists an invariant we find it Intelligent lattice search: SMT solver for tx-functions

12. Weakest Preconditions Weakest conditions on input? k2 k1 < i:=0 i<n j:=i Worst case behavior: swap every time it can j<n Output array Find min index if (min != i) swap A[i], A[min]

13. Example analyses Tool can verify: Sorting algorithms: Selection, Insertion, Bubble, Quick, Merge Sort Properties Output is Sorted Output contains all and only elements from the input Tool can infer preconditions: Worst case input (precondition) for sorting: Reverse sorted array, all but Selection Sort Selection Sort: sorted array except last elem is smallest Inputs for functional correctness: Binary search requires sorted array Merge in merge sort expect sorted inputs Missing initializers

14. Demo: Selection Sort Input state true Selection Sort: k1,k2 : 0 k1<k2<n k1<i => A[k1] A[k2] i:=0 i < j i min < n i<n j:=i k1,k2 : 0 k1<k2<n k1<i => A[k1] A[k2] Output state k2 : 0 k2 i k2<j => A[min] A[k2] j<n Sortedness Permutation Output array Find min index The difficult task is program state (invariant) inference: Iinner, Iouter, Input state, Output state k1,k2 : 0 k1<k2<n => A[k1] A[k2] if (min != i) swap A[i], A[min]

15. Demo: Program

16. Demo: Output

17. Conclusions VS3: Verification tool over predicate abstraction Verification Can infer quantified invariants Maximally-weak preconditions Builds on SMT Solvers, so exploits their power Project Webpage http://www.cs.umd.edu/~saurabhs/pacs Future work

18. Recent extension: Synthesis Verification tool for quantified invariants Reasoning about full functional specifications possible What if we had missing program fragments? Still possible to verify if we allow the tool to plug-in equality predicates over program variables Equality predicates translated to statements We can synthesize Strassen s Matrix Multiplication! Sorting algorithms!