Logic in Computer Science 19 JAN, 2015

Sciduction: Combining Induction, Deduction, and Structure for Verification and Synthesis

Sciduction: Combining Induction, Deduction, and Structure for Verification and Synthesis

Even with impressive advances in automated formal methods, certain problems in system verification and synthesis remain challenging. Examples include the verification of quantitative properties of software involving constraints on timing and energy consumption, and the automatic synthesis of systems from specifications. The major challenges include environment modeling, incompleteness in specifications, and the complexity of underlying decision problems. This position paper proposes sciduction, an approach to tackle these challenges by integrating inductive inference, deductive reasoning, and structure hypotheses. Deductive reasoning, which leads from general rules or concepts to conclusions about specific problem instances, includes techniques such as logical inference and constraint solving. Inductive inference, which generalizes from specific instances to yield a concept, includes algorithmic learning from examples. Structure hypotheses are used to define the class of artifacts, such as invariants or program fragments, generated during verification or synthesis. Sciduction constrains inductive and deductive reasoning using structure hypotheses, and actively combines inductive and deductive reasoning: for instance, deductive techniques generate examples for learning, and inductive reasoning is used to guide the deductive engines. We illustrate this approach with three applications: (i) timing analysis of software; (ii) synthesis of loop-free programs, and (iii) controller synthesis for hybrid systems. Some future applications are also discussed.

💡 Research Summary

The paper introduces “sciduction,” a novel methodological framework that seeks to overcome persistent difficulties in formal verification and synthesis by tightly integrating three components: inductive inference, deductive reasoning, and a structure hypothesis. The authors argue that many of the hardest problems—such as quantitative timing or energy analysis of software, synthesis of programs from high‑level specifications, and controller synthesis for hybrid systems—are hampered by three interrelated challenges: (1) incomplete or overly abstract models of the environment, (2) underspecified or ambiguous requirements, and (3) the intrinsic computational hardness of the underlying decision problems (e.g., SAT/SMT, reachability, optimal control). Sciduction tackles these issues by using a structure hypothesis to explicitly delimit the class of artifacts (invariants, program fragments, control policies) that the verification or synthesis process may generate. This delimitation reduces the search space for both learning and solving, thereby making the overall process more tractable.

In the sciductive loop, a deductive engine (e.g., a theorem prover, SAT/SMT solver, or numerical simulator) first produces concrete examples—both positive instances that satisfy the current hypothesis and counter‑examples that violate it. These examples are fed to an inductive learner, which generalizes them into a candidate artifact that respects the structure hypothesis. The candidate is then handed back to the deductive engine for validation. If validation succeeds, the artifact is accepted; if it fails, the counter‑example becomes a new training datum and the loop repeats. This bidirectional interaction allows each component to compensate for the weaknesses of the other: deduction supplies soundness and concrete data, while induction supplies generalization and guidance for the deductive search.

The authors demonstrate the practicality of sciduction through three case studies.

  1. Timing analysis of real‑time software – Traditional worst‑case execution time (WCET) analysis often yields overly conservative bounds because it must consider all possible paths and hardware states. Sciduction instead uses a deductive model of the processor to generate feasible execution paths and their measured runtimes, then inductively learns a parametric timing model that captures the observed behavior while still being amenable to formal verification. Experiments on benchmark programs show that the sciductive approach produces tighter bounds with comparable or lower computational effort than pure WCET analysis.

  2. Synthesis of loop‑free programs – The goal is to automatically construct a program fragment that satisfies a given input‑output specification. The structure hypothesis restricts the search to a finite set of “condition‑action” templates. A SAT‑based deductive engine enumerates concrete input‑output pairs consistent with the specification; an inductive learner then infers the minimal set of condition‑action rules that cover the examples. The resulting program is finally verified against the full specification using the deductive engine. Compared with existing SAT‑based synthesis tools, the sciductive method reduces both solving time and memory consumption, especially when the specification admits many equivalent implementations.

  3. Controller synthesis for hybrid systems – Hybrid systems combine continuous dynamics with discrete control logic, making safety verification notoriously hard. The authors define a structure hypothesis that the controller be a piecewise‑affine policy over a finite partition of the state space. A numerical simulator (the deductive component) explores trajectories to locate unsafe regions, providing counter‑examples. An inductive learner then refines the partition and the affine control law to exclude the unsafe trajectories while preserving system performance. The loop converges to a provably safe controller, and experimental results on a benchmark automotive cruise‑control model illustrate that sciduction can handle non‑linear dynamics that are out of reach for purely symbolic methods.

The paper also discusses limitations and future work. The quality of the structure hypothesis is critical: an overly restrictive hypothesis may exclude feasible solutions, while an overly permissive one can cause the inductive learner to overfit and the deductive engine to explode combinatorially. Designing hypotheses therefore requires domain expertise and may benefit from automated meta‑learning techniques. Moreover, the current prototype relies heavily on SAT/SMT solvers; extending sciduction to incorporate more expressive deductive engines (e.g., nonlinear optimization, probabilistic model checkers) is an open research direction. Finally, scalability to industrial‑size systems will likely demand distributed learning and parallel deduction, as well as incremental hypothesis refinement.

In summary, sciduction offers a principled way to blend learning‑based generalization with sound deductive reasoning under a user‑defined structural constraint. By doing so, it addresses three fundamental obstacles in verification and synthesis—environment modeling, specification incompleteness, and decision‑problem complexity—and opens a path toward more automated, scalable, and reliable system design.