Slide 1
Slide 1 text
Specification Synthesis with
Constrainted Horn Clauses
Prabhu+
Slide 2
Slide 2 text
WHAT IS THIS
• This material is something I used at a private reading seminar where
every attendee picks one paper from PLDIʼ21 and explains its gist to
the audience.
• The copyrights of pictures shown in the remaining slides are, when no
explicit notes are given, attributed to the authors of the paper [Prabhu+
PLDIʼ21].
• I took some exact slides from the pdf for the oral presentation of the paper. [1]
• I have some background but am not an expert, so Iʼm not 100% sure
about what I think I grasped. Please contact me if you find any false
statements or misinterpretations.
• [1] Specification Synthesis with Constrained Horn Clauses, Sumanth Prabhu S, PLDI 2021. https://fmindia.cmi.ac.in/update2021/slides/sumanth-fmupdate2021.pdf
Slide 3
Slide 3 text
(輪読会としての)概要
• 別の著者の2016年の論⽂(かなり⾯⽩い)の改良
• Maximal specification synthesis [Albarghouthi+ POPL'16]
• PLDI ですがプログラム検証の論⽂です
• 僕は平均よりは詳しいと思いますが専⾨家ではありません
• 時間もないので分野と問題意識についての説明がメインになります
• ⾔語実装界隈の⼈でもなるべくついてこられるように説明します
Slide 4
Slide 4 text
ᴫせ
䝥䝻䜾䝷䝮᳨ド䛸䛛䛾ᩥ⬦䛷ᵝྜᡂ (Specification Synthesis) 䛸
䜀䜜䜛ၥ㢟䛜䛒䜛䜘
ᛂ⏝ୖ䚸ྜᡂ䛥䜜䜛ᵝ䛜௨ୗ䛾ᛶ㉁䜢‶䛯䛧䛶ḧ䛧䛔䜘
ᴟ (Maximal)
㠀✵ (Non-vacuous)
᪤Ꮡ䛾ᡭἲ䛷ј䛾୧᪉䜢‶䛯䛩ᵝ䜢ぢ䛴䛡䜛᪂䛧䛔䜰䝹䝂䝸䝈䝮
䜢స䛳䛯䜘
≉䛻䝛䝇䝖䛧䛯 while ᩥ䜢ᣢ䛴䜘䛖䛺䝥䝻䜾䝷䝮䛾᳨ド䛻ᑐ䛧䛶ຠ⋡ⓗ䛰䜘
ᥦ䛧䛯䜰䝹䝂䝸䝈䝮䜢ᐇ䛧䚸ホ౯䛧䛯䜘
Slide 5
Slide 5 text
ᵝྜᡂ (Specification Synthesis)
Slide 6
Slide 6 text
ᵝྜᡂ (Specification Synthesis)
㠀Ỵᐃⓗ㑅ᢥ
Slide 7
Slide 7 text
ᵝྜᡂ (Specification Synthesis)
㛵ᩘ f 䛸 g 䛾୰㌟䛿ᮍ▱
㠀Ỵᐃⓗ㑅ᢥ
Slide 8
Slide 8 text
ᵝྜᡂ (Specification Synthesis)
㛵ᩘ f 䛸 g 䛾୰㌟䛿ᮍ▱
ၥ㢟: 䛣䛾⾜䛜ⴠ䛱䛺䛔䜘
䛖䛺 f 䛸 g 䛾ᵝ䜢ぢ䛴䛡
䜘
㠀Ỵᐃⓗ㑅ᢥ
Slide 9
Slide 9 text
ᵝྜᡂ (Specification Synthesis)
Slide 10
Slide 10 text
ᵝྜᡂ (Specification Synthesis)
ゎ1
F(z) :֞ z = -1
G(y) :֞ y = 19
Slide 11
Slide 11 text
ᵝྜᡂ (Specification Synthesis)
ゎ1
F(z) :֞ z = -1
G(y) :֞ y = 19
ゎ2
F(z) :֞ z < 0
G(y) :֞ y = 19 || y = 20
Slide 12
Slide 12 text
ᵝྜᡂ (Specification Synthesis)
ゎ1
F(z) :֞ z = -1
G(y) :֞ y = 19
ゎ2
F(z) :֞ z < 0
G(y) :֞ y = 19 || y = 20
ゎ3
F(z) :֞ z <= 0
G(y) :֞ y >= 19
Slide 13
Slide 13 text
ᵝྜᡂ (Specification Synthesis)
ゎ1
F(z) :֞ z = -1
G(y) :֞ y = 19
ゎ2
F(z) :֞ z < 0
G(y) :֞ y = 19 || y = 20
ゎ3
F(z) :֞ z <= 0
G(y) :֞ y >= 19
Maximal
Slide 14
Slide 14 text
䛱䛺䜏䛻: ᴟ䛺ᵝ䛾ྜᡂ
ᴟ䛺ᵝ䛾ྜᡂ䛻䛴䛔䛶䛿2016ᖺ䛾ඛ⾜◊✲䛜㠃ⓑ䛔
Maximal specification synthesis [Albarghouthi+ POPL'16]
⣧⢋䛻ㄽ⌮Ꮫⓗ䛺⤖ᯝ䜢ฟ䛧䛯ୖ䛷䛭䜜䜢䛳䛶Windows䛾䜹䞊䝛
䝹䝗䝷䜲䝞䞊䜢䛳䛶䝕䝰䛧䛶䜛
ᵝ䛾ᴟᛶ䛾ᩘᏛⓗᐃ⩏䛾ᥦ
ᴟ䛺ᵝ䛾ྜᡂ䜢⾜䛖䜰䝹䝂䝸䝈䝮䛾ᥦ
Windows䛾䜹䞊䝛䝹䝗䝷䜲䝞䞊䛾stub䛾୰䛾assertion䛸䛾ẚ㍑
⌮ㄽ䛛䜙ᛂ⏝䜎䛷㒊⧅䛢䛶䛶ᙉ䛟䛶㠃ⓑ䛔䛾䛷䛬䜂ㄞ䜣䛷䜏䛶䛟
䛰䛥䛔
Slide 15
Slide 15 text
ちなみに: 個⼈的所⾒(間違ってるかも)
• 先程⾒せた例なんかは先⾏研究の⽅法ですでに計算できる(と思う)
• 今回の論⽂はそれをCHCを使うやり⽅にしてみたという論⽂
• CHCはプログラム検証界隈ではよく使う中間表現で、⾼速なソルバーも複
数ある
• なので極⼤仕様合成を普通のCHCに帰着できればうれしいというのはわか
る
• 先⾏研究は問題を直接解く専⽤のソルバーを提案していてモジュラーじゃない
• けど、今回は問題を普通のCHCじゃなくCHCの拡張に帰着するので別に
既存のソルバーが使えるわけでもないので、CHCにした意味が曖昧に感じ
る(?)
• 結果的にはパフォーマンスは上がったようだけど結果論のような気も
• 詳しい⼈おしえてください!
Slide 16
Slide 16 text
CHC 䜢⏝䛔䛯䝥䝻䜾䝷䝮᳨ド
୍᪦ᵝྜᡂ䛾ヰ䛿ᛀ䜜䛶䚸䝥䝻䜾䝷䝮᳨ド䛾ヰ
https://ece.uwaterloo.ca/~agurfink/ece750t29f18/assets/pdf/07_CHC_LIA.pdf
Slide 17
Slide 17 text
CHC 䜢⏝䛔䛯䝥䝻䜾䝷䝮᳨ド
୍᪦ᵝྜᡂ䛾ヰ䛿ᛀ䜜䛶䚸䝥䝻䜾䝷䝮᳨ド䛾ヰ
https://ece.uwaterloo.ca/~agurfink/ece750t29f18/assets/pdf/07_CHC_LIA.pdf
ၥ㢟: 䛣䛾⾜䛜ⴠ䛱䛺䛔䛣
䛸䜢⮬ື䛷ุᐃ䛫䜘
Slide 18
Slide 18 text
CHC 䜢⏝䛔䛯䝥䝻䜾䝷䝮᳨ド
䝥䝻䜾䝷䝮䛛䜙 CHC (䛾㞟ྜ)䜢⏕ᡂ
https://ece.uwaterloo.ca/~agurfink/ece750t29f18/assets/pdf/07_CHC_LIA.pdf
z = x & i = 0 & y > 0 ֜ Inv(x,y,z,i)
Inv(x,y,z,i) & i < y & t = z + 1 & u = i + 1 ֜ Inv(x,y,t,u)
Inv(x,y,z,i) & i >= y & z != x + y ֜ false
Slide 19
Slide 19 text
CHC 䜢⏝䛔䛯䝥䝻䜾䝷䝮᳨ド
䝥䝻䜾䝷䝮䛛䜙 CHC (䛾㞟ྜ)䜢⏕ᡂ
https://ece.uwaterloo.ca/~agurfink/ece750t29f18/assets/pdf/07_CHC_LIA.pdf
z = x & i = 0 & y > 0 ֜ Inv(x,y,z,i)
Inv(x,y,z,i) & i < y & t = z + 1 & u = i + 1 ֜ Inv(x,y,t,u)
Inv(x,y,z,i) & i >= y & z != x + y ֜ false
䛣䜜䛜ゎ䜢ᣢ䛴䛣䛸䛸ᕥ䛾䝥䝻䜾䝷䝮䛜ⴠ䛱䛺䛔䛣䛸䛜ྠ್
Slide 20
Slide 20 text
CHC 䜢⏝䛔䛯䝥䝻䜾䝷䝮᳨ド
䝥䝻䜾䝷䝮䛛䜙 CHC (䛾㞟ྜ)䜢⏕ᡂ
https://ece.uwaterloo.ca/~agurfink/ece750t29f18/assets/pdf/07_CHC_LIA.pdf
z = x & i = 0 & y > 0 ֜ Inv(x,y,z,i)
Inv(x,y,z,i) & i < y & t = z + 1 & u = i + 1 ֜ Inv(x,y,t,u)
Inv(x,y,z,i) & i >= y & z != x + y ֜ false
䛣䜜䛜ゎ䜢ᣢ䛴䛣䛸䛸ᕥ䛾䝥䝻䜾䝷䝮䛜ⴠ䛱䛺䛔䛣䛸䛜ྠ್
ゎ
Inv(x,y,z,i) :֞
z = x + i & z <= x + y
Slide 21
Slide 21 text
ᵝྜᡂ
CHC䛻䜘䜛䝥䝻䜾䝷䝮᳨ド䛾⪃䛘᪉䜢ᵝྜᡂ䛻ᣑᙇ䛧䛶䜏䜛
Slide 22
Slide 22 text
ᵝྜᡂ
CHC䛻䜘䜛䝥䝻䜾䝷䝮᳨ド䛾⪃䛘᪉䜢ᵝྜᡂ䛻ᣑᙇ䛧䛶䜏䜛
Slide 23
Slide 23 text
ᵝྜᡂ
CHC䛻䜘䜛䝥䝻䜾䝷䝮᳨ド䛾⪃䛘᪉䜢ᵝྜᡂ䛻ᣑᙇ䛧䛶䜏䜛
䛣䜜䛾ゎ䜢᥈䛫䜀Ⰻ䛔䠛
Slide 24
Slide 24 text
ᵝྜᡂ
CHC䛻䜘䜛䝥䝻䜾䝷䝮᳨ド䛾⪃䛘᪉䜢ᵝྜᡂ䛻ᣑᙇ䛧䛶䜏䜛
䛣䜜䛾ゎ䜢᥈䛫䜀Ⰻ䛔䠛
ᠱᛕ1 ᖐ⣡ⓗ䛺CHC䛜䛒䜛䛸ồゎ䛻
㛫䛜䛛䛛䜛 (᭱ᙉz3䛷10ศ䛛䛛
䜛䜙䛧䛔)
Slide 25
Slide 25 text
ᵝྜᡂ
CHC䛻䜘䜛䝥䝻䜾䝷䝮᳨ド䛾⪃䛘᪉䜢ᵝྜᡂ䛻ᣑᙇ䛧䛶䜏䜛
䛣䜜䛾ゎ䜢᥈䛫䜀Ⰻ䛔䠛
ᠱᛕ2 䛣䛖䛔䛖ゎ䛿㝖እ䛧䛯䛔
F(z) :֞ false
G(y) :֞ false
Inv(x) :֞ true
ᠱᛕ1 ᖐ⣡ⓗ䛺CHC䛜䛒䜛䛸ồゎ䛻
㛫䛜䛛䛛䜛 (᭱ᙉz3䛷10ศ䛛䛛
䜛䜙䛧䛔)
Slide 26
Slide 26 text
ᵝྜᡂ
CHC䛻䜘䜛䝥䝻䜾䝷䝮᳨ド䛾⪃䛘᪉䜢ᵝྜᡂ䛻ᣑᙇ䛧䛶䜏䜛
䛣䜜䛾ゎ䜢᥈䛫䜀Ⰻ䛔䠛
ᠱᛕ2 䛣䛖䛔䛖ゎ䛿㝖እ䛧䛯䛔
F(z) :֞ false
G(y) :֞ false
Inv(x) :֞ true
Vacuous
ᠱᛕ1 ᖐ⣡ⓗ䛺CHC䛜䛒䜛䛸ồゎ䛻
㛫䛜䛛䛛䜛 (᭱ᙉz3䛷10ศ䛛䛛
䜛䜙䛧䛔)
Slide 27
Slide 27 text
ᵝྜᡂ
CHC䛻䜘䜛䝥䝻䜾䝷䝮᳨ド䛾⪃䛘᪉䜢ᵝྜᡂ䛻ᣑᙇ䛧䛶䜏䜛
䛣䜜䛾ゎ䜢᥈䛫䜀Ⰻ䛔䠛
ᠱᛕ2 䛣䛖䛔䛖ゎ䛿㝖እ䛧䛯䛔
F(z) :֞ false
G(y) :֞ false
Inv(x) :֞ true
Vacuous
ᠱᛕ1 ᖐ⣡ⓗ䛺CHC䛜䛒䜛䛸ồゎ䛻
㛫䛜䛛䛛䜛 (᭱ᙉz3䛷10ศ䛛䛛
䜛䜙䛧䛔)
ᠱᛕ3 ᴟ䛺ゎ䜢ồ䜑䛯䛔
Slide 28
Slide 28 text
ᵝྜᡂ
CHC䛻䜘䜛䝥䝻䜾䝷䝮᳨ド䛾⪃䛘᪉䜢ᵝྜᡂ䛻ᣑᙇ䛧䛶䜏䜛
䛣䜜䛾ゎ䜢᥈䛫䜀Ⰻ䛔䠛
ᠱᛕ2 䛣䛖䛔䛖ゎ䛿㝖እ䛧䛯䛔
F(z) :֞ false
G(y) :֞ false
Inv(x) :֞ true
Vacuous
ᠱᛕ1 ᖐ⣡ⓗ䛺CHC䛜䛒䜛䛸ồゎ䛻
㛫䛜䛛䛛䜛 (᭱ᙉz3䛷10ศ䛛䛛
䜛䜙䛧䛔)
ᠱᛕ3 ᴟ䛺ゎ䜢ồ䜑䛯䛔
ј䛾せ௳䜢‶䛯䛩 CHC 䝋䝹䝞䞊䛜
䛺䛛䛳䛯䛾䛷స䛳䛯䜘
Slide 29
Slide 29 text
䜰䝹䝂䝸䝈䝮ᴫせ
Slide 30
Slide 30 text
Non-vacuous solving (1/3)
Slide 31
Slide 31 text
Non-vacuous solving (2/3)
Slide 32
Slide 32 text
Non-vacuous solving (3/3)
Slide 33
Slide 33 text
18/28
Maximality Checking - Definition
Recall:
Given:
S (a system of CHCs)
R (a set of relations)
M is maximal if no solution M0 satisfies
8r 2 R . M(r) =) M0(r)
and
9r 2 R . M0(r) 6
=) M(r)
Slide 34
Slide 34 text
19/28
Maximality Checking - Illustration
inv(x) 7! x 19
f(y) 7! y = 19
Non-Vacuous Solution
⌥ ⌅
x = 19 =) inv(x)
inv(x) ^ x0 = x 1 =) inv(x0)
inv(x) ^ f(y) =) x y
⌃ ⇧
Input CHC
Intuition: Try to weaken interpretations by at
least one more point by adding two conjuncts
Slide 35
Slide 35 text
19/28
Maximality Checking - Illustration
inv(x) 7! x 19
f(y) 7! y = 19
Non-Vacuous Solution
⌥ ⌅
x = 19 =) inv(x)
inv(x) ^ x0 = x 1 =) inv(x0)
inv(x) ^ f(y) =) x y
⌃ ⇧
Input CHC
1. In input CHC, substitute
inv(x) 7! x 19 _ x = px
f(y) 7! y = 19 _ y = py
Slide 36
Slide 36 text
19/28
Maximality Checking - Illustration
inv(x) 7! x 19
f(y) 7! y = 19
Non-Vacuous Solution
⌥ ⌅
x = 19 =) inv(x)
inv(x) ^ x0 = x 1 =) inv(x0)
inv(x) ^ f(y) =) x y
⌃ ⇧
Input CHC
2. Constrain values of placeholder variables px
, py
¬(px
19) _ ¬(py
= 19)
Slide 37
Slide 37 text
19/28
Maximality Checking - Illustration
inv(x) 7! x 19
f(y) 7! y = 19
Non-Vacuous Solution
⌥ ⌅
x = 19 =) inv(x)
inv(x) ^ x0 = x 1 =) inv(x0)
inv(x) ^ f(y) =) x y
⌃ ⇧
Input CHC
CTM |= 1 ^ 2
Based on values of px
and py
from
counterexample-to-maximality (CTM), decide
relations to weaken
Slide 38
Slide 38 text
20/28
Maximality Checking - Illustration
⌥ ⌅
x = 19 =) inv(x)
inv(x) ^ x0 = x 1 =) inv(x0)
inv(x) ^ f(y)^ =) x y
y = 19 =) f(y)
¬(y = 19) ^ pf
(y) =) f(y)
⌃ ⇧
New CHCs for Weakening
A non-vacuous solution to pf
ensures that
current solution for M(f) is weakened
Slide 39
Slide 39 text
20/28
Maximality Checking - Illustration
⌥ ⌅
x = 19 =) inv(x)
inv(x) ^ x0 = x 1 =) inv(x0)
inv(x) ^ f(y)^ =) x y
y = 19 =) f(y)
¬(y = 19) ^ pf
(y) =) f(y)
⌃ ⇧
New CHCs for Weakening
pf
(y) 7! y = 20 and f(y) 7! y 19
Slide 40
Slide 40 text
ホ౯
HornSpec 䛸䛔䛖ᐇ䜢స䛳䛯
⫼ᬒ⌮ㄽ䛾䝋䝹䝞䞊䛻䛿z3䜢⏝䛧䛯
ᮍᐃ⩏㛵ᩘ䛾䜃ฟ䛧䜢ྵ䜐䝥䝻䜾䝷䝮65ಶ䛛䜙CHC䜢⏕ᡂ
䛖䛱43ಶ䛿CHC-COMP䛸䛔䛖᳨ド⏺㝰䛷䜘䛟䜟䜜䜛䝔䝇䝖䝉䝑䝖䛛䜙⏕ᡂ
ṧ䜚䛾22ಶ䛿᳨ド䛾䝁䞁䝨䛷䛾㢖ฟ䝟䝍䞊䞁䜢䜒䛸䛻⏕ᡂ
✀㢮䛾䝧䞁䝏䝬䞊䜽䜢ྲྀ䛳䛯
Non-vacuous specification generation
Maximal specification generation
Slide 41
Slide 41 text
Non-vacuous specification
CVC4䛸Z3䛸ẚ㍑
30⛊௨ෆ䛻ゎ䛡䛯䛾䛿
HornSpec: 60/65
CVC4: 51/65
Z3: 23/65
Slide 42
Slide 42 text
Maximal specifications
᪤Ꮡ䛾CHC䝋䝹䝞䞊䛿Maximal Specification䜢ฟຊ䛷䛝䛺䛔
ẚ㍑䛾䛯䜑䛻Non-vacuous specification䜢⏕ᡂ䛩䜛㒊ศ䛰䛡䛾䝋
䝹䝞䞊䛻ኚ䛘䛯 ;і䛭䜜ẚ㍑䛻䛺䛳䛶䛺䛟䛺䛔䠛)
ゎ䛡䛯ၥ㢟ᩘ
HornSpec: 54/65
CVC4: 23/65
Z3: 5/65
Slide 43
Slide 43 text
Related Work
┬␎
Slide 44
Slide 44 text
結論
• MaximalかつNon-vacuousな仕様の合成を⾏うためのCHCソル
バーを作った
• Non-vacuousな解を出⼒する既存のCHCソルバーよりも速い
• Maximalな解を出⼒するCHCソルバーはなかった
• 感想
• なぜCHCソルバーにする必要があったのかの部分がよくわからなかっ
たのでくわしいひとおしえてください