Ivy: Safety verification by interactive generalization

Oded Padon; Kenneth L. McMillan; Aurojit Panda; Mooly Sagiv; Sharon Shoham

doi:10.1145/2980983.2908118

Ivy: Safety verification by interactive generalization

Oded Padon, Kenneth L. McMillan, Aurojit Panda, Mooly Sagiv, Sharon Shoham

Research output: Contribution to journal › Article › peer-review

Abstract

Despite several decades of research, the problem of formal verification of infinite-state systems has resisted effective automation. We describe a system-Ivy-for interactively verifying safety of infinite-state systems. Ivy's key principle is that whenever verification fails, Ivy graphically displays a concrete counterexample to induction. The user then interactively guides generalization from this counterexample. This process continues until an inductive invariant is found. Ivy searches for universally quantified invariants, and uses a restricted modeling language. This ensures that all verification conditions can be checked algorithmically. All user interactions are performed using graphical models, easing the user's task. We describe our initial experience with verifying several distributed protocols.

Original language	English
Pages (from-to)	614-630
Number of pages	17
Journal	ACM SIGPLAN Notices
Volume	51
Issue number	6
DOIs	https://doi.org/10.1145/2980983.2908118
State	Published - Jun 2016

Keywords

counterexamples to induction
distributed systems
invariant inference
safety verification

Access to Document

10.1145/2980983.2908118

Cite this

@article{0e3edf99ad534b5dba2c4286facb23fa,

title = "Ivy: Safety verification by interactive generalization",

abstract = "Despite several decades of research, the problem of formal verification of infinite-state systems has resisted effective automation. We describe a system-Ivy-for interactively verifying safety of infinite-state systems. Ivy's key principle is that whenever verification fails, Ivy graphically displays a concrete counterexample to induction. The user then interactively guides generalization from this counterexample. This process continues until an inductive invariant is found. Ivy searches for universally quantified invariants, and uses a restricted modeling language. This ensures that all verification conditions can be checked algorithmically. All user interactions are performed using graphical models, easing the user's task. We describe our initial experience with verifying several distributed protocols.",

keywords = "counterexamples to induction, distributed systems, invariant inference, safety verification",

author = "Oded Padon and McMillan, {Kenneth L.} and Aurojit Panda and Mooly Sagiv and Sharon Shoham",

note = "Publisher Copyright: {\textcopyright} 2016 ACM.",

year = "2016",

month = jun,

doi = "10.1145/2980983.2908118",

language = "אנגלית",

volume = "51",

pages = "614--630",

journal = "ACM SIGPLAN Notices",

issn = "1523-2867",

publisher = "Association for Computing Machinery (ACM)",

number = "6",

}

TY - JOUR

T1 - Ivy

T2 - Safety verification by interactive generalization

AU - Padon, Oded

AU - McMillan, Kenneth L.

AU - Panda, Aurojit

AU - Sagiv, Mooly

AU - Shoham, Sharon

PY - 2016/6

Y1 - 2016/6

N2 - Despite several decades of research, the problem of formal verification of infinite-state systems has resisted effective automation. We describe a system-Ivy-for interactively verifying safety of infinite-state systems. Ivy's key principle is that whenever verification fails, Ivy graphically displays a concrete counterexample to induction. The user then interactively guides generalization from this counterexample. This process continues until an inductive invariant is found. Ivy searches for universally quantified invariants, and uses a restricted modeling language. This ensures that all verification conditions can be checked algorithmically. All user interactions are performed using graphical models, easing the user's task. We describe our initial experience with verifying several distributed protocols.

AB - Despite several decades of research, the problem of formal verification of infinite-state systems has resisted effective automation. We describe a system-Ivy-for interactively verifying safety of infinite-state systems. Ivy's key principle is that whenever verification fails, Ivy graphically displays a concrete counterexample to induction. The user then interactively guides generalization from this counterexample. This process continues until an inductive invariant is found. Ivy searches for universally quantified invariants, and uses a restricted modeling language. This ensures that all verification conditions can be checked algorithmically. All user interactions are performed using graphical models, easing the user's task. We describe our initial experience with verifying several distributed protocols.

KW - counterexamples to induction

KW - distributed systems

KW - invariant inference

KW - safety verification

UR - http://www.scopus.com/inward/record.url?scp=85119302666&partnerID=8YFLogxK

U2 - 10.1145/2980983.2908118

DO - 10.1145/2980983.2908118

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

AN - SCOPUS:85119302666

SN - 1523-2867

VL - 51

SP - 614

EP - 630

JO - ACM SIGPLAN Notices

JF - ACM SIGPLAN Notices

IS - 6

ER -

Ivy: Safety verification by interactive generalization

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this