Periodic Reporting for period 3 - SVIS (Supervised Verification of Infinite-State Systems)
Reporting period: 2022-11-01 to 2024-04-30
The SVIS project addresses the problem of formally verifying the correctness of software and hardware systems. As modern society relies more and more on computing for managing highly complex and safety-critical tasks (e.g. in medicine, avionics, economy, etc.), ensuring the correctness of such systems becomes paramount since incorrect behaviors might lead to disastrous outcomes, both economic and human.
The current practice in the industry mainly employs testing, which can detect bugs but cannot ensure their absence. In order to provide definitive correctness guarantees, formal verification is needed. Unfortunately, existing formal verification approaches are still very limited in their applicability to real world systems: automatic approaches are either too restrictive, too imprecise, or do not scale, and interactive approaches require substantial human efforts.
The goal of this project is to introduce a new methodology, dubbed supervised verification, that will combine the advantages of automatic verification and interactive verification while avoiding their shortcomings. The key idea is to find ways to divide the verification process into tasks that are well suited for automation, and tasks that are best done by a human supervisor, and find a suitable mode of interaction between the human and the machine. The objective is to obtain practical verifications approaches, and to shed new light on the asymptotic complexity of verification.
The current practice in the industry mainly employs testing, which can detect bugs but cannot ensure their absence. In order to provide definitive correctness guarantees, formal verification is needed. Unfortunately, existing formal verification approaches are still very limited in their applicability to real world systems: automatic approaches are either too restrictive, too imprecise, or do not scale, and interactive approaches require substantial human efforts.
The goal of this project is to introduce a new methodology, dubbed supervised verification, that will combine the advantages of automatic verification and interactive verification while avoiding their shortcomings. The key idea is to find ways to divide the verification process into tasks that are well suited for automation, and tasks that are best done by a human supervisor, and find a suitable mode of interaction between the human and the machine. The objective is to obtain practical verifications approaches, and to shed new light on the asymptotic complexity of verification.
We have made progress in two main directions.
The first direction is the development of supervised verification approaches with various degrees of automation, in different settings. This includes deductive verification of both safety and temporal properties of distributed protocols (including fault tolerant threshold-based protocols), where we ensure that all automated tasks, which are solved by SAT/SMT solvers, reside within decidable fragments. To do so, we harness modularity, and develop a new language for expressing threshold-based protocols and their invariants. For automatic invariant inference algorithms, we propose proof sketches as a way for a human user to guide verification. For programs that manipulate inductively defined data structures, we develop a PDR-based algorithm that receives from a user recursively defined functions that are needed in the inductive invariant and automatically finds the invariant. Beyond regular temporal properties, we introduce an automatic approach for verifying k-safety properties in which the human is responsible for providing the predicates from which the correctness proof is constructed. We also propose a new approach for analyzing the time complexity of programs that mimics induction over the size of the program state by means of `state squeezers’ that match states to states of a smaller size, where squeezers are either provided by the user or synthesized automatically from a user-provided grammar.
The second direction is a theoretical investigation of SAT-based invariant inference algorithms and their complexity. Specifically, we showed an exponential gap between algorithms based on Hoare queries and algorithms based on inductiveness only. We came up with conditions that ensure efficiency of an interpolation-based algorithm, by relating it to exact learning in the monotone theory. Based on the monotone theory we also provided a characterization of the overapproximation performed by IC3/PDR. We further investigated the relation between invariant inference and exact learning, and showed intricate connections, as well as discrepancies.
The first direction is the development of supervised verification approaches with various degrees of automation, in different settings. This includes deductive verification of both safety and temporal properties of distributed protocols (including fault tolerant threshold-based protocols), where we ensure that all automated tasks, which are solved by SAT/SMT solvers, reside within decidable fragments. To do so, we harness modularity, and develop a new language for expressing threshold-based protocols and their invariants. For automatic invariant inference algorithms, we propose proof sketches as a way for a human user to guide verification. For programs that manipulate inductively defined data structures, we develop a PDR-based algorithm that receives from a user recursively defined functions that are needed in the inductive invariant and automatically finds the invariant. Beyond regular temporal properties, we introduce an automatic approach for verifying k-safety properties in which the human is responsible for providing the predicates from which the correctness proof is constructed. We also propose a new approach for analyzing the time complexity of programs that mimics induction over the size of the program state by means of `state squeezers’ that match states to states of a smaller size, where squeezers are either provided by the user or synthesized automatically from a user-provided grammar.
The second direction is a theoretical investigation of SAT-based invariant inference algorithms and their complexity. Specifically, we showed an exponential gap between algorithms based on Hoare queries and algorithms based on inductiveness only. We came up with conditions that ensure efficiency of an interpolation-based algorithm, by relating it to exact learning in the monotone theory. Based on the monotone theory we also provided a characterization of the overapproximation performed by IC3/PDR. We further investigated the relation between invariant inference and exact learning, and showed intricate connections, as well as discrepancies.
We will continue to investigate ways to let a human supervise the verification process, including identifying new decidable sub-problems, designing new algorithms, and understanding the theoretical complexity of verification.