# A data-driven CHC solver

@article{Zhu2018ADC, title={A data-driven CHC solver}, author={He Zhu and Stephen Magill and Suresh Jagannathan}, journal={Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation}, year={2018} }

We present a data-driven technique to solve Constrained Horn Clauses (CHCs) that encode verification conditions of programs containing unconstrained loops and recursions. Our CHC solver neither constrains the search space from which a predicate's components are inferred (e.g., by constraining the number of variables or the values of coefficients used to specify an invariant), nor fixes the shape of the predicate itself (e.g., by bounding the number and kind of logical connectives). Instead, our…

## 34 Citations

Constraint-based Relational Verification

- Computer ScienceCAV
- 2021

This paper describes a novel and fully automated constraint-based approach to relational verification and presents a constraint solving method for pfwCSP based on stratified CounterExample-Guided Inductive Synthesis of ordinary, well-founded, and functional predicates.

Solving constrained Horn clauses modulo algebraic data types and recursive functions

- Computer ScienceProc. ACM Program. Lang.
- 2022

This work proposes a novel IC3-inspired algorithm Racer, which ensures progress despite the undecidability of the underlying theory, and is guaranteed to terminate with a counterexample for unsafe programs, with a general class of RDFs over ADTs called catamorphisms.

Program Verification via Predicate Constraint Satisfiability Modulo Theories

- Computer ScienceArXiv
- 2020

This paper presents a verification framework based on a new class of predicate Constraint Satisfaction Problems called pCSP where constraints are represented as clauses modulo first-order theories…

Learning inductive invariants by sampling from frequency distributions

- Computer ScienceFormal Methods Syst. Des.
- 2020

A framework that follows the Syntax-Guided Synthesis paradigm to iteratively sample candidate invariants from a formal grammar and check them with an SMT solver, and is able to check several candidates at the same time to filter them effectively using the well known Houdini algorithm.

Data-driven Lemma Discovery

- Computer Science
- 2020

The approach enables modular verification of client programs by driving a learning process using samples and counter-examples from an SMT solver to discover relations among the predicates that define library method specifications.

Sorcar: Property-Driven Algorithms for Learning Conjunctive Invariants

- Computer ScienceSAS
- 2019

A new learning algorithm Sorcar is presented to synthesize conjunctive inductive invariants for proving that a program satisfies its assertions, and for a fixed finite set of n predicates, guarantees convergence in 2n rounds, taking only polynomial time in each round.

Horn-ICE learning for synthesizing invariants and contracts

- Computer ScienceProc. ACM Program. Lang.
- 2018

A decision-tree learning algorithm that learns from nonlinear Horn-ICE samples, works in polynomial time, and uses statistical heuristics to learn small trees that satisfy the samples.

Global Guidance for Local Generalization in Model Checking

- Computer ScienceCAV
- 2020

The SMT-IC3 paradigm is extended with three novel rules, designed to mitigate fundamental sources of failure that stem from locality, which show that GSpacer, Spacer extended with global guidance, is significantly more effective than both Spacer and sole global reasoning, and, furthermore, is insensitive to interpolation.

Data-driven inference of representation invariants

- Computer SciencePLDI
- 2020

A counterexample-driven algorithm for inferring a representation invariant that is sufficient to imply a desired specification for a module, which ensures that the algorithm makes progress toward its goal as it alternates between weakening and strengthening candidate invariants.

Data-driven abductive inference of library specifications

- Computer ScienceProc. ACM Program. Lang.
- 2021

This paper presents a novel data-driven abductive inference mechanism that infers specifications for library methods sufficient to enable verification of the library's clients and demonstrates the effectiveness of the approach on a wide range of realistic OCaml data structure programs.

## References

SHOWING 1-10 OF 45 REFERENCES

Dynamic inference of likely data preconditions over predicates by tree learning

- Computer ScienceISSTA '08
- 2008

This work presents a technique to infer likely data preconditions for procedures written in an imperative programming language that successfully learns a precondition that captures a safe and permissive calling environment.

A Data Driven Approach for Algebraic Loop Invariants

- Computer Science, MathematicsESOP
- 2013

It is shown how Guess-and-Check can be extended to generate arbitrary boolean combinations of linear equalities as invariants, which enables the technique to generate expressive invariants to be consumed by tools that cannot handle non-linear arithmetic.

Data-driven precondition inference with learned features

- Computer SciencePLDI 2016
- 2016

This work extends the data-driven approach to inferring preconditions for code from a set of test executions and introduces a technique for on-demand feature learning, which automatically expands the search space of candidate precond conditions in a targeted manner as necessary.

ICE-Based Refinement Type Discovery for Higher-Order Functional Programs

- Computer ScienceTACAS
- 2018

A method for automatically finding refinement types of higher-order function programs by generalizing the implication constraints of Garg et al. to those of the form \((\{x_1,\dots ,x_k\}, y)\), which means that if all of x satisfies an invariant, so does y.

Verification as Learning Geometric Concepts

- Computer ScienceSAS
- 2013

It is shown that invariants in program verification can be regarded as geometric concepts in machine learning, and the learning algorithm is extended to obtain a sound procedure that can generate proofs containing invariants that are arbitrary boolean combinations of polynomial inequalities.

SMT-Based Model Checking for Recursive Programs

- Computer ScienceCAV
- 2014

An SMT-based symbolic model checking algorithm for safety verification of recursive programs and shows that for programs and properties over a decidable theory, the algorithm is guaranteed to find a counterexample, if one exists.

Inductive invariant generation via abductive inference

- Computer ScienceOOPSLA 2013
- 2013

A backtracking search that combines Hoare-style verification condition generation with a logical abduction procedure based on quantifier elimination to speculate candidate invariants that are expressible as boolean combinations of linear integer constraints is presented.

Learning Invariants using Decision Trees

- Computer ScienceArXiv
- 2015

A new algorithm is proposed that uses decision trees to learn candidate invariants in the form of arbitrary Boolean combinations of numerical inequalities in order to infer safe invariants for a range of challenging benchmarks and compares favorably to other ML-based invariant inference techniques.

Counterexample-guided approach to finding numerical invariants

- Computer ScienceESEC/SIGSOFT FSE
- 2017

NumInv, a tool that implements a counterexample-guided invariant generation (CEGIR) technique to automatically discover numerical invariants, which are polynomial equality and inequality relations among numerical variables, performs competitively comparing to state of the art numerical invariant analysis tools.

Synthesizing software verifiers from proof rules

- Computer SciencePLDI 2012
- 2012

This paper presents a method for the automatic synthesis of software verification tools and shows how it synthesizes automatic safety and liveness verifiers for programs with procedures, multi-threaded programs, and functional programs.