Ivy: Safety verification by interactive generalization

Oded Padon; Kenneth L. McMillan; Aurojit Panda; Mooly Sagiv; Sharon Shoham

doi:10.1145/2908080.2908118

Ivy: Safety verification by interactive generalization

Oded Padon, Kenneth L. McMillan, Aurojit Panda, Mooly Sagiv, Sharon Shoham

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Despite several decades of research, the problem of formal verification of infinite-state systems has resisted effective automation. We describe a system - Ivy - for interactively verifying safety of infinite-state systems. Ivy's key principle is that whenever verification fails, Ivy graphically displays a concrete counterexample to induction. The user then interactively guides generalization from this counterexample. This process continues until an inductive invariant is found. Ivy searches for universally quantified invariants, and uses a restricted modeling language. This ensures that all verification conditions can be checked algorithmically. All user interactions are performed using graphical models, easing the user's task. We describe our initial experience with verifying several distributed protocols.

Original language	English (US)
Title of host publication	PLDI 2016 - Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation
Editors	Chandra Krintz, Emery Berger
Publisher	Association for Computing Machinery
Pages	614-630
Number of pages	17
ISBN (Electronic)	9781450342612
DOIs	https://doi.org/10.1145/2908080.2908118
State	Published - Jun 2 2016
Event	37th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2016 - Santa Barbara, United States Duration: Jun 13 2016 → Jun 17 2016

Publication series

Name	Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI)
Volume	13-17-June-2016

Other

Other	37th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2016
Country/Territory	United States
City	Santa Barbara
Period	6/13/16 → 6/17/16

Keywords

Counterexamples to induction
Distributed systems
Invariant inference
Safety verification

ASJC Scopus subject areas

Software

Access to Document

10.1145/2908080.2908118

Cite this

Padon, O., McMillan, K. L., Panda, A., Sagiv, M., & Shoham, S. (2016). Ivy: Safety verification by interactive generalization. In C. Krintz, & E. Berger (Eds.), PLDI 2016 - Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation (pp. 614-630). (Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI); Vol. 13-17-June-2016). Association for Computing Machinery. https://doi.org/10.1145/2908080.2908118

Ivy: Safety verification by interactive generalization. / Padon, Oded; McMillan, Kenneth L.; Panda, Aurojit et al.
PLDI 2016 - Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation. ed. / Chandra Krintz; Emery Berger. Association for Computing Machinery, 2016. p. 614-630 (Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI); Vol. 13-17-June-2016).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Padon, O, McMillan, KL, Panda, A, Sagiv, M & Shoham, S 2016, Ivy: Safety verification by interactive generalization. in C Krintz & E Berger (eds), PLDI 2016 - Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation. Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), vol. 13-17-June-2016, Association for Computing Machinery, pp. 614-630, 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2016, Santa Barbara, United States, 6/13/16. https://doi.org/10.1145/2908080.2908118

Padon O, McMillan KL, Panda A, Sagiv M, Shoham S. Ivy: Safety verification by interactive generalization. In Krintz C, Berger E, editors, PLDI 2016 - Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation. Association for Computing Machinery. 2016. p. 614-630. (Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI)). doi: 10.1145/2908080.2908118

Padon, Oded ; McMillan, Kenneth L. ; Panda, Aurojit et al. / Ivy : Safety verification by interactive generalization. PLDI 2016 - Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation. editor / Chandra Krintz ; Emery Berger. Association for Computing Machinery, 2016. pp. 614-630 (Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI)).

@inproceedings{f804c3381f744933b5ffcfaa974dd8e6,

title = "Ivy: Safety verification by interactive generalization",

abstract = "Despite several decades of research, the problem of formal verification of infinite-state systems has resisted effective automation. We describe a system - Ivy - for interactively verifying safety of infinite-state systems. Ivy's key principle is that whenever verification fails, Ivy graphically displays a concrete counterexample to induction. The user then interactively guides generalization from this counterexample. This process continues until an inductive invariant is found. Ivy searches for universally quantified invariants, and uses a restricted modeling language. This ensures that all verification conditions can be checked algorithmically. All user interactions are performed using graphical models, easing the user's task. We describe our initial experience with verifying several distributed protocols.",

keywords = "Counterexamples to induction, Distributed systems, Invariant inference, Safety verification",

author = "Oded Padon and McMillan, {Kenneth L.} and Aurojit Panda and Mooly Sagiv and Sharon Shoham",

note = "Funding Information: We thank Thomas Ball, Nikolaj Bj{\o}rner, Tej Chajed, Constantin Enea, Neil Immerman, Daniel Jackson, Ranjit Jhala, K. Rustan M. Leino, Giuliano Losa, Bryan Parno, Shaz Qadeer, Zachary Tatlock, James R. Wilcox, the anonymous referees, and the anonymous artifact evaluation referees for insightful comments which improved this paper. Padon, Sagiv, and Shoham were supported by the European Research Council under the European Union's Seventh Framework Program (FP7/2007-2013)/ERC grant agreement no. [321174- VSSC], and by a grant from the Israel Science Foundation (652/11). Panda was supported by a grant from Intel Corporation. Parts of this work were done while Padon and Sagiv were visiting Microsoft Research. Publisher Copyright: {\textcopyright} 2016 ACM.; 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2016 ; Conference date: 13-06-2016 Through 17-06-2016",

year = "2016",

month = jun,

day = "2",

doi = "10.1145/2908080.2908118",

language = "English (US)",

series = "Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI)",

publisher = "Association for Computing Machinery",

pages = "614--630",

editor = "Chandra Krintz and Emery Berger",

booktitle = "PLDI 2016 - Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation",

}

TY - GEN

T1 - Ivy

T2 - 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2016

AU - Padon, Oded

AU - McMillan, Kenneth L.

AU - Panda, Aurojit

AU - Sagiv, Mooly

AU - Shoham, Sharon

N1 - Funding Information: We thank Thomas Ball, Nikolaj Bjørner, Tej Chajed, Constantin Enea, Neil Immerman, Daniel Jackson, Ranjit Jhala, K. Rustan M. Leino, Giuliano Losa, Bryan Parno, Shaz Qadeer, Zachary Tatlock, James R. Wilcox, the anonymous referees, and the anonymous artifact evaluation referees for insightful comments which improved this paper. Padon, Sagiv, and Shoham were supported by the European Research Council under the European Union's Seventh Framework Program (FP7/2007-2013)/ERC grant agreement no. [321174- VSSC], and by a grant from the Israel Science Foundation (652/11). Panda was supported by a grant from Intel Corporation. Parts of this work were done while Padon and Sagiv were visiting Microsoft Research. Publisher Copyright: © 2016 ACM.

PY - 2016/6/2

Y1 - 2016/6/2

N2 - Despite several decades of research, the problem of formal verification of infinite-state systems has resisted effective automation. We describe a system - Ivy - for interactively verifying safety of infinite-state systems. Ivy's key principle is that whenever verification fails, Ivy graphically displays a concrete counterexample to induction. The user then interactively guides generalization from this counterexample. This process continues until an inductive invariant is found. Ivy searches for universally quantified invariants, and uses a restricted modeling language. This ensures that all verification conditions can be checked algorithmically. All user interactions are performed using graphical models, easing the user's task. We describe our initial experience with verifying several distributed protocols.

AB - Despite several decades of research, the problem of formal verification of infinite-state systems has resisted effective automation. We describe a system - Ivy - for interactively verifying safety of infinite-state systems. Ivy's key principle is that whenever verification fails, Ivy graphically displays a concrete counterexample to induction. The user then interactively guides generalization from this counterexample. This process continues until an inductive invariant is found. Ivy searches for universally quantified invariants, and uses a restricted modeling language. This ensures that all verification conditions can be checked algorithmically. All user interactions are performed using graphical models, easing the user's task. We describe our initial experience with verifying several distributed protocols.

KW - Counterexamples to induction

KW - Distributed systems

KW - Invariant inference

KW - Safety verification

UR - http://www.scopus.com/inward/record.url?scp=84975883211&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84975883211&partnerID=8YFLogxK

U2 - 10.1145/2908080.2908118

DO - 10.1145/2908080.2908118

M3 - Conference contribution

AN - SCOPUS:84975883211

T3 - Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI)

SP - 614

EP - 630

BT - PLDI 2016 - Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation

A2 - Krintz, Chandra

A2 - Berger, Emery

PB - Association for Computing Machinery

Y2 - 13 June 2016 through 17 June 2016

ER -

Ivy: Safety verification by interactive generalization

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this