Chang Liu,Xiwei Wu,Yuan Feng,Qinxiang Cao,Junchi Yan

DOI: https://doi.org/10.48550/arXiv.2311.10483

2023-01-01

Abstract:Loop invariants, essential for program verification, are challenging to auto-generate especially for programs incorporating complex memory manipulations. Existing approaches for generating loop invariants rely on fixed sets or templates, hampering adaptability to real-world programs. Recent efforts have explored machine learning for loop invariant generation, but the lack of labeled data and the need for efficient generation are still troublesome. We consider that the advent of the large language model (LLM) presents a promising solution, which can analyze the separation logic assertions after symbolic execution to infer loop invariants. To overcome the data scarcity issue, we propose a self-supervised learning paradigm to fine-tune LLM, using the split-and-reassembly of predicates to create an auxiliary task and generate rich synthetic data for offline training. Meanwhile, the proposed interactive system between LLM and traditional verification tools provides an efficient online querying process for unseen programs. Our framework can readily extend to new data structures or multi loop programs, aiming to bridge the gap between existing capabilities and requirements of loop invariant generation in practical scenarios. Experiments across diverse memory-manipulated programs have demonstrated the performance advantage of our proposed method compared to the state-of-the-art baselines with respect to both efficiency and effectiveness.

Computer Science

Saikat Chakraborty,Shuvendu K. Lahiri,Sarah Fakhoury,Madanlal Musuvathi,Akash Lal,Aseem Rastogi,Aditya Senthilnathan,Rahul Sharma,Nikhil Swamy

2024-02-13

Abstract:Synthesizing inductive loop invariants is fundamental to automating program verification. In this work, we observe that Large Language Models (such as gpt-3.5 or gpt-4) are capable of synthesizing loop invariants for a class of programs in a 0-shot setting, yet require several samples to generate the correct invariants. This can lead to a large number of calls to a program verifier to establish an invariant. To address this issue, we propose a {\it re-ranking} approach for the generated results of LLMs. We have designed a ranker that can distinguish between correct inductive invariants and incorrect attempts based on the problem definition. The ranker is optimized as a contrastive ranker. Experimental results demonstrate that this re-ranking mechanism significantly improves the ranking of correct invariants among the generated candidates, leading to a notable reduction in the number of calls to a verifier. The source code and the experimental data for this paper are available in \url{<a class="link-external link-https" href="https://github.com/microsoft/NeuralInvariantRanker" rel="external noopener nofollow">this https URL</a>}.

Programming Languages,Artificial Intelligence,Computation and Language,Software Engineering

Ruibang Liu,Guoqiang Li,Minyu Chen,Ling-I Wu,Jingyu Ke

2024-12-13

Abstract:Automated program verification has always been an important component of building trustworthy software. While the analysis of real-world programs remains a theoretical challenge, the automation of loop invariant analysis has effectively resolved the problem. However, real-world programs that often mix complex data structures and control flows pose challenges to traditional loop invariant generation tools. To enhance the applicability of invariant generation techniques, we proposed ACInv, an Automated Complex program loop Invariant generation tool, which combines static analysis with Large Language Models (LLMs) to generate the proper loop invariants. We utilize static analysis to extract the necessary information for each loop and embed it into prompts for the LLM to generate invariants for each loop. Subsequently, we employ an LLM-based evaluator to assess the generated invariants, refining them by either strengthening, weakening, or rejecting them based on their correctness, ultimately obtaining enhanced invariants. We conducted experiments on ACInv, which showed that ACInv outperformed previous tools on data sets with data structures, and maintained similar performance to the state-of-the-art tool AutoSpec on numerical programs without data structures. For the total data set, ACInv can solve 21% more examples than AutoSpec and can generate reference data structure templates.

Software Engineering,Artificial Intelligence,Programming Languages

Chang Liu,Xiwei Wu,Yuan Feng,Qinxiang Cao,Junchi Yan

2024-06-07

Abstract:Program verification is vital for ensuring software reliability, especially in the context of increasingly complex systems. Loop invariants, remaining true before and after each iteration of loops, are crucial for this verification process. Traditional provers and machine learning based methods for generating loop invariants often require expert intervention or extensive labeled data, and typically only handle numerical property verification. These methods struggle with programs involving complex data structures and memory manipulations, limiting their applicability and automation capabilities. In this paper, we introduce a new benchmark named LIG-MM, specifically for programs with complex data structures and memory manipulations. We collect 312 programs from various sources, including daily programs from college homework, the international competition (SV-COMP), benchmarks from previous papers (SLING), and programs from real-world software systems (Linux Kernel, GlibC, LiteOS, and Zephyr). Based on LIG-MM, our findings indicate that previous methods, including GPT-4, fail to automate verification for these programs. Consequently, we propose a novel LLM-SE framework that coordinates LLM with symbolic execution, fine-tuned using self-supervised learning, to generate loop invariants. Experimental results on LIG-MM demonstrate that our LLM-SE outperforms state-of-the-art methods, offering a new direction toward automated program verification in real-world scenarios.

Programming Languages

Shiwen Yu,Ting Wang,Ji Wang

DOI: https://doi.org/10.1145/3597926.3598047

2023-01-01

Abstract:Inferring loop invariants is one of the most challenging problems in program verification. It is highly desired to incorporate machine learning when inferring. This paper presents a Reinforcement Learning (RL) pruning framework to infer loop invariants over a general nonlinear hypothesis space. The key idea is to synergize the RL-based pruning and SMT solving to generate candidate invariants efficiently. To address the sparse reward problem in learning, we design a novel two-dimensional reward mechanism that enables the RL pruner to recognize the capability boundary of SMT solvers and learn the pruning heuristics in a few rounds. We have implemented our approach with Z3 SMT solver in the tool called LIPuS and conducted extensive experiments over the linear and nonlinear benchmarks. Experiment results show that LIPuS can solve the most cases compared to the state-of-the-art loop invariant inference tools such as Code2Inv, ICE-DT, GSpacer, SymInfer, ImplCheck, and Eldarica. Especially, LIPuS outperforms them significantly on nonlinear benchmarks.

Herbert Rocha,Hussama Ismail,Lucas Cordeiro,Raimundo Barreto

DOI: https://doi.org/10.48550/arXiv.1502.02327

2015-02-09

Logic in Computer Science

Abstract:We present a novel proof by induction algorithm, which combines k-induction with invariants to model check C programs with bounded and unbounded loops. The k-induction algorithm consists of three cases: in the base case, we aim to find a counterexample with up to k loop unwindings; in the forward condition, we check whether loops have been fully unrolled and that the safety property P holds in all states reachable within k unwindings; and in the inductive step, we check that whenever P holds for k unwindings, it also holds after the next unwinding of the system. For each step of the k-induction algorithm, we infer invariants using affine constraints (i.e., polyhedral) to specify pre- and post-conditions. The algorithm was implemented in two different ways, with and without invariants using polyhedral, and the results were compared. Experimental results show that both forms can handle a wide variety of safety properties; however, the k-induction algorithm adopting polyhedral solves more verification tasks, which demonstrate an improvement of the induction algorithm effectiveness.

Cheng Yang,Chufan Shi,Siheng Li,Bo Shui,Yujiu Yang,Wai Lam

2024-12-29

Abstract:Large language models (LLMs) have exhibited impressive capabilities across a myriad of tasks, yet they occasionally yield undesirable outputs. We posit that these limitations are rooted in the foundational autoregressive architecture of LLMs, which inherently lacks mechanisms for differentiating between desirable and undesirable results. Drawing inspiration from the dual-process theory of human cognition, we introduce LLM2, a novel framework that combines an LLM (System 1) with a process-based verifier (System 2). Within LLM2, the LLM is responsible for generating plausible candidates, while the verifier provides timely process-based feedback to distinguish desirable and undesirable outputs. The verifier is trained with a pairwise comparison loss on synthetic process-supervision data generated through our token quality exploration strategy. Empirical results on mathematical reasoning benchmarks substantiate the efficacy of LLM2, exemplified by an accuracy enhancement from 50.3 to 57.8 (+7.5) for Llama3-1B on GSM8K. Furthermore, when combined with self-consistency, LLM2 achieves additional improvements, boosting major@20 accuracy from 56.2 to 70.2 (+14.0).

Computation and Language,Artificial Intelligence

Ashish Kumar,Jilaun Zhang,Saeid Tizpaz-Niari,Gang Tan

2024-12-14

Abstract:Despite the crucial need for formal safety and security verification of programs, discovering loop invariants remains a significant challenge. Static analysis is a primary technique for inferring loop invariants but often relies on substantial assumptions about underlying theories. Data-driven methods supported by dynamic analysis and machine learning algorithms have shown impressive performance in inferring loop invariants for some challenging programs. However, state-of-the-art data-driven techniques do not offer theoretical guarantees for finding loop invariants. We present a novel technique that leverages the simulated annealing (SA) search algorithm combined with SMT solvers and computational geometry to provide probabilistic guarantees for inferring loop invariants using data-driven methods. Our approach enhances the SA search with real analysis to define the search space and employs parallelism to increase the probability of success. To ensure the convergence of our algorithm, we adapt e-nets, a key concept from computational geometry. Our tool, DLIA2, implements these algorithms and demonstrates competitive performance against state-of-the-art techniques. We also identify a subclass of programs, on which we outperform the current state-of-the-art tool GSpacer.

Programming Languages

Hong Lu,Jiacheng Gui,Chengyi Wang,Hao Huang

DOI: https://doi.org/10.1109/tase49443.2020.00011

2020-01-01

Abstract:Inspired by the procedure that experts construct loop invariants, we propose a novel data-driven approach to generate verified loop invariants automatically. The approach consists of the prediction phase and the evaluation phase. The prediction phase aims to generate candidate loop invariants automatically by solving polynomial equations and synthesizing the extended loop conditions. The evaluation phase aims to generate verified loop invariants that can be utilized to prove the correctness of program postconditions. The spurious candidate invariants are first pruned out using the method of predicate abstraction. Then, the redundant relations are removed from the candidate invariants using an Satisfiability Modulo Theories (SMT) solver. The proposed approach is compared with state-of-the-art methods on 32 benchmarks collected by the recent papers. The experimental results demonstrate that the novel data-driven approach generates 29 verified loop invariants successfully. The proposed approach is efficient at discovering verified loop invariants automatically for executable loop programs. Meanwhile, compared with other methods of generating loop invariants, the proposed approach not only costs less time to generate invariants, but also generates invariants with better quality.

Tzu-Han Hsu,César Sánchez,Sarai Sheinvald,Borzoo Bonakdarpour

DOI: https://doi.org/10.48550/arXiv.2301.06209

2023-01-26

Abstract:Bounded model checking (BMC) is an effective technique for hunting bugs by incrementally exploring the state space of a system. To reason about infinite traces through a finite structure and to ultimately obtain completeness, BMC incorporates loop conditions that revisit previously observed states. This paper focuses on developing loop conditions for BMC of HyperLTL- a temporal logic for hyperproperties that allows expressing important policies for security and consistency in concurrent systems, etc. Loop conditions for HyperLTL are more complicated than for LTL, as different traces may loop inconsistently in unrelated moments. Existing BMC approaches for HyperLTL only considered linear unrollings without any looping capability, which precludes both finding small infinite traces and obtaining a complete technique. We investigate loop conditions for HyperLTL BMC, where the HyperLTL formula can contain up to one quantifier alternation. We first present a general complete automata-based technique which is based on bounds of maximum unrollings. Then, we introduce alternative simulation-based algorithms that allow exploiting short loops effectively, generating SAT queries whose satisfiability guarantees the outcome of the original model checking problem. We also report empirical evaluation of the prototype implementation of our BMC techniques using Z3py.

Logic in Computer Science

Zhenwen Liang,Ye Liu,Tong Niu,Xiangliang Zhang,Yingbo Zhou,Semih Yavuz

2024-10-05

Abstract:Despite significant advancements in the general capability of large language models (LLMs), they continue to struggle with consistent and accurate reasoning, especially in complex tasks such as mathematical and code reasoning. One key limitation is that LLMs are trained primarily on correct solutions, reducing their ability to detect and learn from errors, which hampers their ability to reliably verify and rank outputs. To address this, we scale up the inference-time computation by generating multiple reasoning paths and employing verifiers to assess and rank the generated outputs by correctness. To facilitate this, we introduce a comprehensive dataset consisting of correct and incorrect solutions for math and code tasks, generated by multiple LLMs. This diverse set of solutions enables verifiers to more effectively distinguish and rank correct answers from erroneous outputs. The training methods for building verifiers were selected based on an extensive comparison of existing approaches. Moreover, to leverage the unique strengths of different reasoning strategies, we propose a novel collaborative method integrating Chain-of-Thought (CoT) and Program-of-Thought (PoT) solutions for verification. CoT provides a clear, step-by-step reasoning process that enhances interpretability, while PoT, being executable, offers a precise and error-sensitive validation mechanism. By taking both of their strengths, our approach significantly improves the accuracy and reliability of reasoning verification. Our verifiers, Math-Rev and Code-Rev, demonstrate substantial performance gains to existing LLMs, achieving state-of-the-art results on benchmarks such as GSM8k and MATH and even outperforming GPT-4o with Qwen-72B-Instruct as the reasoner.

Machine Learning,Artificial Intelligence

Rui Wang,Wanwei Liu,Tun Li,Xiaoguang Mao,Ji Wang

DOI: https://doi.org/10.1155/2013/462532

2013-01-01

Journal of Applied Mathematics

Abstract:As a complementary technique of the BDD-based approach, bounded model checking (BMC) has been successfully applied to LTL symbolic model checking. However, the expressiveness of LTL is rather limited, and some important properties cannot be captured by such logic. In this paper, we present a semantic BMC encoding approach to deal with the mixture of ETLf and ETLl. Since such kind of temporal logic involves both finite and looping automata as connectives, all regular properties can be succinctly specified with it. The presented algorithm is integrated into the model checker ENuSMV, and the approach is evaluated via conducting a series of imperial experiments.

Hong Lu,Chengyi Wang,Jiacheng Gui,Hao Huang

DOI: https://doi.org/10.1109/qrs51102.2020.00013

2020-01-01

Abstract:It is challenging to generate loop invariants for programs automatically in the field of software analysis and verification. Loop invariants are the weakened forms of the postconditions for loops. Therefore, we propose PBLInv, a postcondition-based approach to generate loop invariants for C programs with the machine learning method. First, we generate the postcondition for a loop program automatically. Second, we learn classifiers as the updated candidate loop invariants with the Kernel Support Vector Machine (KSVM) method iteratively. PBLInv is evaluated with 60 benchmark programs collected from the recent papers and the 2019 Software Verification Competitions (SV-Comp 2019). The experimental results show that PBLInv is efficient at learning loop invariants for C programs. Compared with five state-of-the-art methods of generating loop invariants, PBLInv not only generates loop invariants for more benchmarks, but also reduces the number of used samples and iterations for learning loop invariants.

Shengchao Qin,Guanhua He,Chenguang Luo,Wei-Ngan Chin,Xin Chen

DOI: https://doi.org/10.1016/j.jsc.2012.08.007

IF: 0.97

2013-01-01

Journal of Symbolic Computation

Abstract:Automated verification of memory safety and functional correctness for heap-manipulating programs has been a challenging task, especially when dealing with complex data structures with strong invariants involving both shape and numerical properties. Existing verification systems usually rely on users to supply annotations to guide the verification, which can be cumbersome and error-prone by hand and can significantly restrict the usability of the verification system. In this paper, we reduce the need for some user annotations by automatically inferring loop invariants over an abstract domain with both shape and numerical information. Our loop invariant synthesis is conducted automatically by a fixed-point iteration process, equipped with newly designed abstraction mechanism, together with join and widening operators over the combined domain. We have also proven the soundness and termination of our approach. Initial experiments confirm that we can synthesise loop invariants with non-trivial constraints.

Zachariah Sollenberger,Jay Patel,Christian Munley,Aaron Jarmusch,Sunita Chandrasekaran

2024-08-22

Abstract:Large Language Models (LLM) are evolving and have significantly revolutionized the landscape of software development. If used well, they can significantly accelerate the software development cycle. At the same time, the community is very cautious of the models being trained on biased or sensitive data, which can lead to biased outputs along with the inadvertent release of confidential information. Additionally, the carbon footprints and the un-explainability of these black box models continue to raise questions about the usability of LLMs. With the abundance of opportunities LLMs have to offer, this paper explores the idea of judging tests used to evaluate compiler implementations of directive-based programming models as well as probe into the black box of LLMs. Based on our results, utilizing an agent-based prompting approach and setting up a validation pipeline structure drastically increased the quality of DeepSeek Coder, the LLM chosen for the evaluation purposes.

Programming Languages

Dingbao Xie,Lei Bu,Xuandong Li

DOI: https://doi.org/10.1109/RTSS.2014.22

2014-01-01

Abstract:The behavior space of real time hybrid systems is very complex and hence expensive to conduct the classical full state space model checking. Compared to the classical model checking, bounded model checking (BMC) is much cheaper to conduct and has better scalability. This work presents a technique that can derive, in some cases, a proof of unbounded reach ability argument of Linear Hybrid Automata (LHA) from a BMC procedure. During BMC of LHA, typical procedures can discover sets of unsatisfiable constraint cores, a.k.a. UC or IIS, in the constraint set according to the bounded continuous state space of LHA. Currently, such unsatisfiable constraints are only fed back to the constraint set to accelerate the BMC solving. In this paper, we propose that such unsatisfiable constraint core can be exploited to give general unbounded verification result of the system model. As each constraint can be mapped back to certain semantical elements of the system model, the unsatisfiable constraint cores can be mapped back into path segments, which are not feasible, in the graph structure of the LHA model. Clearly, if all the potential paths to reach the target location in the graph structure have to go through such infeasible path segments, the target location is not reachable in general, not only in the given bound. Based on this observation, we propose to encode the infeasible path segments as linear temporal logic (LTL) formulas, and present the graph structure, the discrete part, of the LHA model as a transition system. Then, we can take advantage of the mature off-the-shelf LTL model checking techniques to verify whether there exists a path to reach the target location without touching any detected IIS path segment in the graph structure of the LHA model. We implement this technique into a bounded LHA checker BACH. The experiments show that most of the benchmarks can be verified by the enhanced BACH with a clearly better performance and scalability.

Kevin Batz,Mingshuai Chen,Benjamin Lucien Kaminski,Joost-Pieter Katoen,Christoph Matheja,Philipp Schroeer

DOI: https://doi.org/10.1007/978-3-030-81688-9_25

2021-01-01

Abstract:We revisit two well-established verification techniques, k-induction and bounded model checking (BMC), in the more general setting of fixed point theory over complete lattices. Our main theoretical contribution is latticed k-induction, which (i) generalizes classical k-induction for verifying transition systems, (ii) generalizes Park induction for bounding fixed points of monotonic maps on complete lattices, and (iii) extends from naturals k to transfinite ordinals kappa, thus yielding kappa-induction. The lattice-theoretic understanding of k-induction and BMC enables us to apply both techniques to the fully automatic verification of infinite-state probabilistic programs. Our prototypical implementation manages to automatically verify non-trivial specifications for probabilistic programs taken from the literature that-using existing techniques-cannot be verified without synthesizing a stronger inductive invariant first.

Qingchuan Li,Jiatong Li,Tongxuan Liu,Yuting Zeng,Mingyue Cheng,Weizhe Huang,Qi Liu

2024-10-29

Abstract:Large Language Models (LLMs) have exhibited remarkable potential across a wide array of reasoning tasks, including logical reasoning. Although massive efforts have been made to empower the logical reasoning ability of LLMs via external logical symbolic solvers, crucial challenges of the poor generalization ability to questions with different features and inevitable question information loss of symbolic solver-driven approaches remain unresolved. To mitigate these issues, we introduce LINA, a LLM-driven neuro-symbolic approach for faithful logical reasoning. By enabling an LLM to autonomously perform the transition from propositional logic extraction to sophisticated logical reasoning, LINA not only bolsters the resilience of the reasoning process but also eliminates the dependency on external solvers. Additionally, through its adoption of a hypothetical-deductive reasoning paradigm, LINA effectively circumvents the expansive search space challenge that plagues traditional forward reasoning methods. Empirical evaluations demonstrate that LINA substantially outperforms both established propositional logic frameworks and conventional prompting techniques across a spectrum of five logical reasoning tasks. Specifically, LINA achieves an improvement of 24.34% over LINC on the FOLIO dataset, while also surpassing prompting strategies like CoT and CoT-SC by up to 24.02%. Our code is available at <a class="link-external link-https" href="https://github.com/wufeiwuwoshihua/nshy" rel="external noopener nofollow">this https URL</a>.

Computation and Language

Christian Munley,Aaron Jarmusch,Sunita Chandrasekaran

DOI: https://doi.org/10.1016/j.future.2024.05.034

IF: 7.307

2024-05-26

Future Generation Computer Systems

Abstract:Large language models (LLMs) are a new and powerful tool for a wide span of applications involving natural language and demonstrate impressive code generation abilities. The goal of this work is to automatically generate tests and use these tests to validate and verify compiler implementations of a directive-based parallel programming paradigm, OpenACC. To do so, in this paper, we explore the capabilities of state-of-the-art LLMs, including open-source LLMs - Meta's Codellama, Phind's fine-tuned version of Codellama, Deepseek's Deepseek Coder and closed-source LLMs - OpenAI's GPT-3.5-Turbo and GPT-4-Turbo. We further fine-tune the open-source LLMs and GPT-3.5-Turbo using our own testsuite dataset along with using the OpenACC specification. We also explored these LLMs using various prompt engineering techniques that include code template, template with retrieval-augmented generation (RAG), one-shot example, one-shot with RAG, expressive prompt with code template and RAG. This paper highlights our findings from over 5000 tests generated via all the above mentioned methods. Our contributions include: (a) exploring the capabilities of the latest and relevant LLMs for code generation, (b) investigating fine-tuning and prompt methods, and (c) analyzing the outcome of LLMs generated tests including manually analysis of representative set of tests. We found the LLM Deepseek-Coder-33b-Instruct produced the most passing tests followed by GPT-4-Turbo.

computer science, theory & methods

Hong Lu,Huitao Wang,Jiacheng Gui,Panfeng Chen,Hao Huang

DOI: https://doi.org/10.1016/j.cola.2022.101135

IF: 1.778

2022-01-01

Journal of Computer Languages

Abstract:Inspired by the procedure that experts construct loop invariants, we propose a novel data-driven approach to automatically infer loop invariants. The approach consists of two phases, data-driven inference of candidate invariants and validity check of loop invariants. Inspired by the procedure that experts construct loop invariants, we propose a novel data-driven approach to automatically infer loop invariants for C programs. The approach consists of two phases, data-driven inference of candidate invariants and validity check of loop invariants. The first phase generates candidate invariants by solving polynomial equations and synthesizing the extended loop conditions. The second phase prunes out spurious predicates and redundant predicates in the candidate invariants. The experimental results demonstrate that the proposed approach generates valid invariants for 35 benchmarks out of 38. The proposed approach costs less time to generate more informative and precise invariants than the state-of-the-art methods.