Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Specify What? Enhancing Neural Specification Synthesis by Symbolic Methods

George Granberry, Wolfgang Ahrendt, Moa Johansson

TL;DR

It is demonstrated how the addition of symbolic analysis to the workflow impacts the quality of annotations: information about input/output examples from Pathcrawler produce more context-aware annotations, while the inclusion of EVA reports yields annotations more attuned to runtime errors.

Abstract

We investigate how combinations of Large Language Models (LLMs) and symbolic analyses can be used to synthesise specifications of C programs. The LLM prompts are augmented with outputs from two formal methods tools in the Frama-C ecosystem, Pathcrawler and EVA, to produce C program annotations in the specification language ACSL. We demonstrate how the addition of symbolic analysis to the workflow impacts the quality of annotations: information about input/output examples from Pathcrawler produce more context-aware annotations, while the inclusion of EVA reports yields annotations more attuned to runtime errors. In addition, we show that the method infers rather the programs intent than its behaviour, by generating specifications for buggy programs and observing robustness of the result against bugs.

Specify What? Enhancing Neural Specification Synthesis by Symbolic Methods

TL;DR

It is demonstrated how the addition of symbolic analysis to the workflow impacts the quality of annotations: information about input/output examples from Pathcrawler produce more context-aware annotations, while the inclusion of EVA reports yields annotations more attuned to runtime errors.

Abstract

We investigate how combinations of Large Language Models (LLMs) and symbolic analyses can be used to synthesise specifications of C programs. The LLM prompts are augmented with outputs from two formal methods tools in the Frama-C ecosystem, Pathcrawler and EVA, to produce C program annotations in the specification language ACSL. We demonstrate how the addition of symbolic analysis to the workflow impacts the quality of annotations: information about input/output examples from Pathcrawler produce more context-aware annotations, while the inclusion of EVA reports yields annotations more attuned to runtime errors. In addition, we show that the method infers rather the programs intent than its behaviour, by generating specifications for buggy programs and observing robustness of the result against bugs.
Paper Structure (34 sections, 8 figures)

This paper contains 34 sections, 8 figures.

Table of Contents

  1. Introduction
  2. Tools and Languages
  3. Frama-C and ACSL
  4. Automated Testing: Pathcrawler
  5. Value Analysis: EVA
  6. LLM and Prompts
  7. C-program Test Suites
  8. Generating Annotations
  9. Evaluation
  10. Types of Annotations
  11. Baseline prompt
  12. CoT Inspection
  13. Prompt with Pathcrawler Input/Output Pairs
  14. Abstract Thinking
  15. Over-approximation
  16. ...and 19 more sections

Figures (8)

  • Figure 1: Annotation-type counts for each prompt
  • Figure 2: Specification generated for binary search program with the baseline prompt
  • Figure 3: CSV string representing inputs and outputs generated for Adaptive Differential Pulse Control Modulation (ADPCM) by Pathcrawler
  • Figure 4: BugKPath - Pathcrawler
  • Figure 5: PointerFunction5 - Pathcrawler
  • ...and 3 more figures