Learning Loop Invariants for Program Verification Xujie Si*, Hanjun - - PowerPoint PPT Presentation
Learning Loop Invariants for Program Verification Xujie Si*, Hanjun Dai*, Mukund Raghothaman, Mayur Naik, Le Song University of Pennsylvania Georgia Institute of Technology NeurIPS 2018 Code: https://github.com/PL-ML/code2inv * equal
Xujie Si*, Hanjun Dai*, Mukund Raghothaman, Mayur Naik, Le Song University of Pennsylvania Georgia Institute of Technology NeurIPS 2018 Code: https://github.com/PL-ML/code2inv
* equal contribution
sequence rule, conditional rule, ......
sequence rule, conditional rule, ......
code
code
code
code
Agent 0 / 1 (Correct or not) code1
Agent 0 / 1 (Correct or not) codeN
! ≥ 1 ⋁ % = 0
Agent 0 / 1 (Correct or not) code2
() ≤ 2 ⋀ (- > 0
Agent 0 / 1 (Correct or not) code1
Agent 0 / 1 (Correct or not) codeN
! ≥ 1 ⋁ % = 0
Agent 0 / 1 (Correct or not) code2
() ≤ 2 ⋀ (- > 0
Agent New code =>
Agent 0 (not correct)
code
Agent 0 (not correct)
code
Counter-example: why am I wrong?
! = 1, % = −10
Agent 0 (not correct)
code
Counter-example: why am I wrong?
! = 1, % = −10
Collection of counter-examples:
Agent 0 (not correct)
code
Counter-example: why am I wrong?
! = 1, % = −10
! = 1, % = −1 ! = 0, % = −1 ! = 0, % = −2 ! = 2, % = −1 ! = 2, % = −1 ! = 2, % = −2 ! = 3, % = −1 ! = 3, % = −1 ! = 3, % = −2 ! = 0, % = −3 ! = 0, % = −4
Pre Inv Post Collection of counter-examples:
Agent 0 (not correct)
code
Counter-example: why am I wrong?
! = 1, % = −10
! = 1, % = −1 ! = 0, % = −1 ! = 0, % = −2 ! = 2, % = −1 ! = 2, % = −1 ! = 2, % = −2 ! = 3, % = −1 ! = 3, % = −1 ! = 3, % = −2 ! = 0, % = −3 ! = 0, % = −4
Pre Inv Post Collection of counter-examples:
Agent 0 (not correct)
code
Counter-example: why am I wrong?
! = 1, % = −10
! = 1, % = −1 ! = 0, % = −1 ! = 0, % = −2 ! = 2, % = −1 ! = 2, % = −1 ! = 2, % = −2 ! = 3, % = −1 ! = 3, % = −1 ! = 3, % = −2 ! = 0, % = −3 ! = 0, % = −4
Pre Inv Post Collection of counter-examples:
SSA Transformation
! ≥ 0 && ! < 4 ' ≥ 100
OOPSLA 2013, Dillig et al POPL 2016, Garag et al
OOPSLA 2013, Dillig et al POPL 2016, Garag et al
Solved more instances with same # Z3 calls
Ours
void main (int n) { int x = 0 int m = 0 while (x < n) { if (unknown()) { m = x } x = x + 1 } if (n > 0) { assert (m < n) } }
void main (int n) { int x = 0 int m = 0 while (x < n) { if (unknown()) { m = x } x = x + 1 } if (n > 0) { assert (m < n) } } int w = 0 int z = 0
void main (int n) { int x = 0 int m = 0 while (x < n) { if (unknown()) { m = x } x = x + 1 } if (n > 0) { assert (m < n) } } int w = 0 int z = 0 z = z + 1 w = m + x z = m + 1
void main (int n) { int x = 0 int m = 0 while (x < n) { if (unknown()) { m = x } x = x + 1 } if (n > 0) { assert (m < n) } } void main (int n) { int x = 0 int w = 0 int m = 0 int z = 0 while (x < n) { z = z + 1 if (unknown()) { m = x z = m + 1 } x = x + 1 w = m + x } if (n > 0) { assert (m < n) } } int w = 0 int z = 0 z = z + 1 w = m + x z = m + 1
1 confounding variable 3 confounding variables 5 confounding variables