Daniel Neider

ICE: äAäRobustäFrameworkäforäLearningäInvariants

We introduce ICE, a robust learning paradigm for synthesizing invariants, that learns using examples, counter-examples, and implications, and show that it admits honest teachers and strongly convergent mechanisms for invariant synthesis. We observe that existing algorithms for black-box abstract interpretation can be interpreted as ICE-learning algorithms. We develop new strongly convergent ICE-learning algorithms for two domains, one for learning Boolean combinations of numerical invariants for scalar variables and one for quantified invariants for arrays and dynamic lists. We implement these ICE-learning algorithms in a verification tool and show they are robust, practical, and efficient.

libalf: the automata learning framework

This paper presents libalf, a comprehensive, open-source library for learning formal languages libalf covers various well-known learning techniques for finite automata (e.g Angluins L*, Biermann, RPNI etc.) as well as novel learning algorithms (such as for NFA and visibly one-counter automata) libalf is flexible and allows facilely interchanging learning algorithms and combining domain-specific features in a plug-and-play fashion Its modular design and C++ implementation make it a suitable platform for adding and engineering further learning algorithms for new target models (e.g., Buchi automata).

Learning invariants using decision trees and implication counterexamples

Inductive invariants can be robustly synthesized using a learning model where the teacher is a program verifier who instructs the learner through concrete program configurations, classified as positive, negative, and implications. We propose the first learning algorithms in this model with implication counter-examples that are based on machine learning techniques. In particular, we extend classical decision-tree learning algorithms in machine learning to handle implication samples, building new scalable ways to construct small decision trees using statistical measures. We also develop a decision-tree learning algorithm in this model that is guaranteed to converge to the right concept (invariant) if one exists. We implement the learners and an appropriate teacher, and show that the resulting invariant synthesis is efficient and convergent for a large suite of programs.

Learning universally quantified invariants of linear data structures

We propose a new automaton model, called quantified data automata over words, that can model quantified invariants over linear data structures, and build poly-time active learning algorithms for them, where the learner is allowed to query the teacher with membership and equivalence queries. In order to express invariants in decidable logics, we invent a decidable subclass of QDAs, called elastic QDAs, and prove that every QDA has a unique minimally-over-approximating elastic QDA. We then give an application of these theoretically sound and efficient active learning algorithms in a passive learning framework and show that we can efficiently learn quantified linear data structure invariants from samples obtained from dynamic runs for a large class of programs.

Regular Model Checking Using Solver Technologies and Automata Learning

Regular Model Checking is a popular verification technique where large and even infinite sets of program configurations can be encoded symbolically by finite automata. Thereby, the handling of regular sets of initial and bad configurations often imposes a serious restriction in practical applications. We present two new algorithms both utilizing modern solver technologies and automata learning. The first one works in a CEGAR-like fashion by iteratively refining an abstraction of the reachable state space using counterexamples, while the second one is based on Angluin’s prominent learning algorithm. We show the feasibility and competitiveness of our approaches on different benchmarks and compare them to other established tools.

Learning minimal deterministic automata from inexperienced teachers

A prominent learning algorithm is Angluins L∗ algorithm, which allows to learn a minimal deterministic automaton using so-called membership and equivalence queries addressed to a teacher. In many applications, however, a teacher might be unable to answer some of the membership queries because parts of the object to learn are not completely specified, not observable, it is too expensive to resolve these queries, etc. Then, these queries may be answered inconclusively. In this paper, we survey different algorithms to learn minimal deterministic automata in this setting in a coherent fashion. Moreover, we provide modifications and improvements for these algorithms, which are enabled by recent developments.

Small strategies for safety games

We consider safety games on finite, edge-labeled graphs and present an algorithm based on automata learning to compute small strategies. Our idea is as follows: we incrementally learn regular sets of winning plays until a winning strategy can be derived. For this purpose we develop a modified version of Kearns and Vaziranis learning algorithm. Since computing a minimal strategy in this setting is hard (we prove that the corresponding decision problem is NP-complete), our algorithm, which runs in polynomial time, is an interesting and effective heuristic that yields small strategies in our experiments.

Down the Borel Hierarchy: Solving Muller Games via Safety Games

We transform a Muller game with n vertices into a safety game with (n!)^3 vertices whose solution allows to determine the winning regions of the Muller game and to compute a finite-state winning strategy for one player. This yields a novel antichain-based memory structure and a natural notion of permissive strategies for Muller games. Moreover, we generalize our construction by presenting a new type of game reduction from infinite games to safety games and show its applicability to several other winning conditions.

Abstract Learning Frameworks for Synthesis

We develop abstract learning frameworks for synthesis that embody the principles of the CEGIS counterexample-guided inductive synthesis algorithms in current literature. Our framework is based on iterative learning from a hypothesis space that captures synthesized objects, using counterexamples from an abstract sample space, and a concept space that abstractly defines the semantics of synthesis. We show that a variety of synthesis algorithms in current literature can be embedded in this general framework. We also exhibit three general recipes for convergent synthesis: the first two recipes based on finite spaces and Occam learners generalize all techniques of convergence used in existing engines, while the third, involving well-founded quasi-orderings, is new, and we instantiate it to concrete synthesis problems.

Computing minimal separating DFAs and regular invariants using SAT and SMT solvers

We develop a generic technique to compute minimal separating DFAs (deterministic finite automata) and regular invariants. Our technique works by expressing the desired properties of a solution in terms of logical formulae and using SAT or SMT solvers to find solutions. We apply our technique to three concrete problems: computing minimal separating DFAs (e.g., used in compositional verification), regular model checking, and synthesizing loop invariants of integer programs that are expressible in Presburger arithmetic.