Counterexample Driven Quantifier Instantiations with Applications to Distributed Protocols-Reference-Cited by-同舟云学术

Counterexample Driven Quantifier Instantiations with Applications to Distributed Protocols

Published:2023-10-16 Issue:OOPSLA2 Volume:7 Page:1878-1904
ISSN:2475-1421
Container-title:Proceedings of the ACM on Programming Languages
language:en
Short-container-title:Proc. ACM Program. Lang.

Author:

Tamir Orr¹^ORCID,Taube Marcelo¹^ORCID,McMillan Kenneth L.²^ORCID,Shoham Sharon¹^ORCID,Howell Jon³^ORCID,Gueta Guy⁴^ORCID,Sagiv Mooly¹^ORCID

Affiliation:

1. Tel Aviv University, Tel Aviv, Israel

2. University of Texas at Austin, Austin, USA

3. VMware Research, Bellevue, USA

4. VMware Research, Herzliya, Israel

Abstract

Formally verifying infinite-state systems can be a daunting task, especially when it comes to reasoning about quantifiers. In particular, quantifier alternations in conjunction with function symbols can create function cycles that result in infinitely many ground terms, making it difficult for solvers to instantiate quantifiers and causing them to diverge. This can leave users with no useful information on how to proceed. To address this issue, we propose an interactive verification methodology that uses a relational abstraction technique to mitigate solver divergence in the presence of quantifiers. This technique abstracts functions in the verification conditions (VCs) as one-to-one relations, which avoids the creation of function cycles and the resulting proliferation of ground terms. Relational abstraction is sound and guarantees correctness if the solver cannot find counter-models. However, it may also lead to false counterexamples, which can be addressed by refining the abstraction and requiring the existence of corresponding elements. In the domain of distributed protocols, we can refine the abstraction by diagnosing counterexamples and manually instantiating elements in the range of the original function. If the verification conditions are correct, there always exist finitely many refinement steps that eliminate all spurious counter-models, making the approach complete. We applied this approach in Ivy to verify the safety properties of consensus protocols and found that: (1) most verification goals can be automatically verified using relational abstraction, while SMT solvers often diverge when given the original VC, (2) only a few manual instantiations were needed, and the counterexamples provided valuable guidance for the user compared to timeouts produced by the traditional approach, and (3) the technique can be used to derive efficient low-level implementations of tricky algorithms.

Funder

European Union's Horizon 2020 research and innovation programme

Israeli Science Foundation

Publisher

Association for Computing Machinery (ACM)

Subject

Safety, Risk, Reliability and Quality,Software

Link

https://dl.acm.org/doi/pdf/10.1145/3622864

Reference43 articles.

1. Ittai Abraham , Dahlia Malkhi , Kartik Nayak , Ling Ren , and Maofan Yin . 2020 . Sync HotStuff: Simple and Practical Synchronous State Machine Replication. In 2020 IEEE Symposium on Security and Privacy, SP 2020 , San Francisco, CA, USA , May 18-21, 2020. IEEE, 106–118. Ittai Abraham, Dahlia Malkhi, Kartik Nayak, Ling Ren, and Maofan Yin. 2020. Sync HotStuff: Simple and Practical Synchronous State Machine Replication. In 2020 IEEE Symposium on Security and Privacy, SP 2020, San Francisco, CA, USA, May 18-21, 2020. IEEE, 106–118.

2. Stuart F. Allen , Robert L. Constable , Richard Eaton , Christoph Kreitz , and Lori Lorigo . 2000 . The Nuprl Open Logical Environment. In Automated Deduction - CADE-17 , 17th International Conference on Automated Deduction, Pittsburgh, PA, USA, June 17-20, 2000, Proceedings, David A. McAllester (Ed.) (Lecture Notes in Computer Science , Vol. 1831). Springer, 170– 176 . Stuart F. Allen, Robert L. Constable, Richard Eaton, Christoph Kreitz, and Lori Lorigo. 2000. The Nuprl Open Logical Environment. In Automated Deduction - CADE-17, 17th International Conference on Automated Deduction, Pittsburgh, PA, USA, June 17-20, 2000, Proceedings, David A. McAllester (Ed.) (Lecture Notes in Computer Science, Vol. 1831). Springer, 170–176.

3. Protocol combinators for modeling, testing, and execution of distributed systems;Arndal Andersen Kristoffer Just;J. Funct. Program.,2021

4. On natural deduction in classical first-order logic: Curry–Howard correspondence, strong normalization and Herbrand's theorem

5. Rylo Ashmore , Arie Gurfinkel , and Richard J. Trefler . 2019. Local Reasoning for Parameterized First Order Protocols. In NASA Formal Methods - 11th International Symposium , NFM 2019, Houston, TX, USA, May 7-9, 2019, Proceedings, Julia M. Badger and Kristin Yvonne Rozier (Eds.) (Lecture Notes in Computer Science , Vol. 11460). Springer, 36– 53 . Rylo Ashmore, Arie Gurfinkel, and Richard J. Trefler. 2019. Local Reasoning for Parameterized First Order Protocols. In NASA Formal Methods - 11th International Symposium, NFM 2019, Houston, TX, USA, May 7-9, 2019, Proceedings, Julia M. Badger and Kristin Yvonne Rozier (Eds.) (Lecture Notes in Computer Science, Vol. 11460). Springer, 36–53.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Formally Verifying a Rollback-Prevention Protocol for TEEs;Lecture Notes in Computer Science;2024