Juan Zhai,Hanfei Wang,Jianhua Zhao

DOI: https://doi.org/10.1109/sere-c.2014.40

2014-01-01

Abstract:In the automatic code verification, it is often necessary for programmers to provide logical annotations in the form of pre-/post-conditions and loop invariants. In this paper, we propose a framework that automatically infers loop invariants of loops manipulating commonly-used data structures. These data structures include one-dimensional arrays, singly-linked lists, doubly-linked lists and static lists. In practical cases, a majority of the loops operating on such data structures work by iterating over the elements of these data structures. The loop invariants of this kind of loops are usually similar in form with their corresponding post-conditions. The framework takes advantage of this observation by generating invariant candidates automatically from a given post-condition following several heuristics. These invariant candidates are subsequently validated via the SMT solver Z3 and the weakest-precondition calculator provided in the interactive code-verification tool Accumulator. The framework, which has been implemented for a small C-like language, suffices to infer suitable loop invariants of a range of loops w.r.t. given post-conditions. The framework has been integrated into the tool Accumulator to ease the verification tasks by alleviating the burden of providing loop invariants manually.

Juan Zhai,Bin Li,Zhenhao Tang,Jianhua Zhao,Xuandong Li

DOI: https://doi.org/10.1109/QRS.2016.25

2016-01-01

Abstract:Precondition calculation is a fundamental program verification technique. Many previous works tried to solve this problem, but ended with limited capability due to loop statements. We conducted a survey on loops manipulating commonly-used data structures occurring in several real-world open-source programs, and found that about 80% of such loops iterate over elements of a data structure, indicating that automatic calculation of preconditions with respect to post-conditions of these loops would cover a great number of real-world programs and greatly ease code verification tasks. In this paper, we specify the execution effect of a program statement using the memories modified by the statement and the new values stored in these memories after executing the statement. Thus, conditional statements and loop statements can be uniformly reduced to a sequence of assignments. Also we present an approach to calculate preconditions with respect to given post-conditions of various program statements including loops that iterate over elements of commonly-used data structures (e.g., acyclic singly-linked lists) based on execution effects of these statements. With execution effects, post-conditions and loop invariants can also be generated. Our approach handles various types of data including numeric, boolean, arrays and user-defined structures. We have implemented the approach and integrated it into the code verification tool, Accumulator. We also evaluated the approach with a variety of programs, and the results show that our approach is able to calculate preconditions for different kinds of post-conditions, including linear ones and universally quantified ones. Preconditions generated with our approach can ease the verification task by reducing the burden of providing loop invariants and preconditions of loop statements manually, which improves the automatic level and efficiency, and makes the verification less error-prone.

Shengchao Qin,Guanhua He,Chenguang Luo,Wei-Ngan Chin,Xin Chen

DOI: https://doi.org/10.1016/j.jsc.2012.08.007

IF: 0.97

2013-01-01

Journal of Symbolic Computation

Abstract:Automated verification of memory safety and functional correctness for heap-manipulating programs has been a challenging task, especially when dealing with complex data structures with strong invariants involving both shape and numerical properties. Existing verification systems usually rely on users to supply annotations to guide the verification, which can be cumbersome and error-prone by hand and can significantly restrict the usability of the verification system. In this paper, we reduce the need for some user annotations by automatically inferring loop invariants over an abstract domain with both shape and numerical information. Our loop invariant synthesis is conducted automatically by a fixed-point iteration process, equipped with newly designed abstraction mechanism, together with join and widening operators over the combined domain. We have also proven the soundness and termination of our approach. Initial experiments confirm that we can synthesise loop invariants with non-trivial constraints.

Elizabeth Dinella,Shuvendu Lahiri,Mayur Naik

2024-08-17

Abstract:We introduce a novel approach for inferring natural preconditions from code. Our technique produces preconditions of high quality in terms of both correctness (modulo a test generator) and naturalness. Prior works generate preconditions from scratch through combinations of boolean predicates, but fall short in readability and ease of comprehension. Our innovation lies in, instead, leveraging the structure of a target method as a seed to infer a precondition through program transformations. Our evaluation shows that humans can more easily reason over preconditions inferred using our approach. Lastly, we instantiate our technique into a framework which can be applied at scale. We present a dataset of ~18k Java (method, precondition) pairs obtained by applying our framework to 87 real-world projects. We use this dataset to both evaluate our approach and draw useful insights for future research in precondition inference.

Software Engineering,Programming Languages

ZHAI Juan,TANG Zhen-Hao,LI Bin,ZHAO Jian-Hua,LI Xuan-Dong

DOI: https://doi.org/10.13328/j.cnki.jos.005211

2017-01-01

Abstract:Formal verification is an effective method to guarantee software reliability by proving the correctness of a program.Analyzing and verifying loops which are important and frequently-used statements is not only vital for formal verification,but also a hottopic in the research area of software development.This paper proposes using memories modified by a loop and new values stored inthese memories after executing the loop to describe the execution effect of the loop.Such execution effect is defined as loop summary.Inaddition,this paper proposes an approach to automatically synthesize loop summaries for loops manipulating commonly-used datastructures,including nested loops.Based on loop summaries,specifications can be generated automatically,including loop invariants,preconditions and post-conditions of loops.The proposed approach is implemented and integrated into the code-verification toolAccumulator.The approach is also evaluated with a variety of programs,and the results show that it is able to generate loop summaries and different kinds of specifications,therefore helping to ease the verification task by reducing the burden for programmers and improving the automatic level and efficiency.

Andreas Humenberger,Daneshvar Amrollahi,Nikolaj Bjørner,Laura Kovács

DOI: https://doi.org/10.48550/arXiv.2206.11495

2022-06-23

Logic in Computer Science

Abstract:Provably correct software is one of the key challenges of our software-driven society. Program synthesis -- the task of constructing a program satisfying a given specification -- is one strategy for achieving this. The result of this task is then a program which is correct by design. As in the domain of program verification, handling loops is one of the main ingredients to a successful synthesis procedure. We present an algorithm for synthesizing loops satisfying a given polynomial loop invariant. The class of loops we are considering can be modeled by a system of algebraic recurrence equations with constant coefficients, encoding thus program loops with affine operations among program variables. We turn the task of loop synthesis into a polynomial constraint problem, by precisely characterizing the set of all loops satisfying the given invariant. We prove soundness of our approach, as well as its completeness with respect to an a priori fixed upper bound on the number of program variables. Our work has applications towards synthesizing loops satisfying a given polynomial loop invariant, program verification, as well as generating number sequences from algebraic relations. To understand viability of the methodology and heuristics for synthesizing loops, we implement and evaluate the method using the Absynth tool.

Hong Lu,Jiacheng Gui,Chengyi Wang,Hao Huang

DOI: https://doi.org/10.1109/tase49443.2020.00011

2020-01-01

Abstract:Inspired by the procedure that experts construct loop invariants, we propose a novel data-driven approach to generate verified loop invariants automatically. The approach consists of the prediction phase and the evaluation phase. The prediction phase aims to generate candidate loop invariants automatically by solving polynomial equations and synthesizing the extended loop conditions. The evaluation phase aims to generate verified loop invariants that can be utilized to prove the correctness of program postconditions. The spurious candidate invariants are first pruned out using the method of predicate abstraction. Then, the redundant relations are removed from the candidate invariants using an Satisfiability Modulo Theories (SMT) solver. The proposed approach is compared with state-of-the-art methods on 32 benchmarks collected by the recent papers. The experimental results demonstrate that the novel data-driven approach generates 29 verified loop invariants successfully. The proposed approach is efficient at discovering verified loop invariants automatically for executable loop programs. Meanwhile, compared with other methods of generating loop invariants, the proposed approach not only costs less time to generate invariants, but also generates invariants with better quality.

Rida Ait El Manssour,George Kenison,Mahsa Shirmohammadi,Anton Varonka

2024-07-12

Abstract:Automatic generation of loop invariants is a fundamental challenge in software verification. While this task is undecidable in general, it is decidable for certain restricted classes of programs. This work focuses on invariant generation for (branching-free) loops with a single linear update. Our primary contribution is a polynomial-space algorithm that computes the strongest algebraic invariant for simple linear loops, generating all polynomial equations that hold among program variables across all reachable states. The key to achieving our complexity bounds lies in mitigating the blowup associated with variable elimination and Gröbner basis computation, as seen in prior works. Our procedure runs in polynomial time when the number of program variables is fixed. We examine various applications of our results on invariant generation, focusing on invariant verification and loop synthesis. The invariant verification problem investigates whether a polynomial ideal defining an algebraic set serves as an invariant for a given linear loop. We show that this problem is coNP-complete and lies in PSPACE when the input ideal is given in dense or sparse representations, respectively. In the context of loop synthesis, we aim to construct a loop with an infinite set of reachable states that upholds a specified algebraic property as an invariant. The strong synthesis variant of this problem requires the construction of loops for which the given property is the strongest invariant. In terms of hardness, synthesising loops over integers (or rationals) is as hard as Hilbert's Tenth problem (or its analogue over the rationals). When loop constants are constrained to bit-bounded rational numbers, we demonstrate that loop synthesis and its strong variant are both decidable in PSPACE, and in NP when the number of program variables is fixed.

Computational Complexity,Algebraic Geometry

Steven de Oliveira,Saddek Bensalem,Virgile Prevosto

DOI: https://doi.org/10.48550/arXiv.1611.07753

2016-11-23

Abstract:When proving invariance properties of a program, we face two problems. The first problem is related to the necessity of proving tautologies of considered assertion language, whereas the second manifests in the need of finding sufficiently strong invariants. This paper focuses on the second problem and describes a new method for the automatic generation of loop invariants that handles polynomial and non deterministic assignments. This technique is based on the eigenvector generation for a given linear transformation and on the polynomial optimization problem, which we implemented in the open-source tool Pilat.

Logic in Computer Science

Thomas Wies,Viktor Kuncak,Karen Zee,Andreas Podelski,Martin Rinard

DOI: https://doi.org/10.48550/arXiv.cs/0609104

2006-09-18

Programming Languages

Abstract:One of the main challenges in the verification of software systems is the analysis of unbounded data structures with dynamic memory allocation, such as linked data structures and arrays. We describe Bohne, a new analysis for verifying data structures. Bohne verifies data structure operations and shows that 1) the operations preserve data structure invariants and 2) the operations satisfy their specifications expressed in terms of changes to the set of objects stored in the data structure. During the analysis, Bohne infers loop invariants in the form of disjunctions of universally quantified Boolean combinations of formulas. To synthesize loop invariants of this form, Bohne uses a combination of decision procedures for Monadic Second-Order Logic over trees, SMT-LIB decision procedures (currently CVC Lite), and an automated reasoner within the Isabelle interactive theorem prover. This architecture shows that synthesized loop invariants can serve as a useful communication mechanism between different decision procedures. Using Bohne, we have verified operations on data structures such as linked lists with iterators and back pointers, trees with and without parent pointers, two-level skip lists, array data structures, and sorted lists. We have deployed Bohne in the Hob and Jahob data structure analysis systems, enabling us to combine Bohne with analyses of data structure clients and apply it in the context of larger programs. This report describes the Bohne algorithm as well as techniques that Bohne uses to reduce the ammount of annotations and the running time of the analysis.

Caleb Voss,David Heath,William Harris

DOI: https://doi.org/10.48550/arXiv.1710.03357

2017-10-10

Programming Languages

Abstract:The automatic verification of programs that maintain unbounded low-level data structures is a critical and open problem. Analyzers and verifiers developed in previous work can synthesize invariants that only describe data structures of heavily restricted forms, or require an analyst to provide predicates over program data and structure that are used in a synthesized proof of correctness. In this work, we introduce a novel automatic safety verifier of programs that maintain low-level data structures, named LTTP. LTTP synthesizes proofs of program safety represented as a grammar of a given program's control paths, annotated with invariants that relate program state at distinct points within its path of execution. LTTP synthesizes such proofs completely automatically, using a novel inductive-synthesis algorithm. We have implemented LTTP as a verifier for JVM bytecode and applied it to verify the safety of a collection of verification benchmarks. Our results demonstrate that LTTP can be applied to automatically verify the safety of programs that are beyond the scope of previously-developed verifiers.

Angello Astorga,Siwakorn Srisakaokul,Xusheng Xiao,Tao Xie

DOI: https://doi.org/10.1109/DSN.2018.00074

2018-01-01

Abstract:When tests fail (e.g., throwing uncaught exceptions), automatically inferred preconditions can bring various debugging benefits to developers. If illegal inputs cause tests to fail, developers can directly insert the preconditions in the method under test to improve its robustness. If legal inputs cause tests to fail, developers can use the preconditions to infer failure-inducing conditions. To automatically infer preconditions for better support of debugging, in this paper, we propose PREINFER, a novel approach that aims to infer accurate and concise preconditions based on symbolic analysis. Specifically, PREINFER includes two novel techniques that prune irrelevant predicates in path conditions collected from failing tests, and that generalize predicates involving collection elements (i.e., array elements) to infer desirable quantified preconditions. Our evaluation on two benchmark suites and two real-world open-source projects shows PREINFER's high effectiveness on precondition inference and its superiority over related approaches.

Hong Lu,Huitao Wang,Jiacheng Gui,Panfeng Chen,Hao Huang

DOI: https://doi.org/10.1016/j.cola.2022.101135

IF: 1.778

2022-01-01

Journal of Computer Languages

Abstract:Inspired by the procedure that experts construct loop invariants, we propose a novel data-driven approach to automatically infer loop invariants. The approach consists of two phases, data-driven inference of candidate invariants and validity check of loop invariants. Inspired by the procedure that experts construct loop invariants, we propose a novel data-driven approach to automatically infer loop invariants for C programs. The approach consists of two phases, data-driven inference of candidate invariants and validity check of loop invariants. The first phase generates candidate invariants by solving polynomial equations and synthesizing the extended loop conditions. The second phase prunes out spurious predicates and redundant predicates in the candidate invariants. The experimental results demonstrate that the proposed approach generates valid invariants for 35 benchmarks out of 38. The proposed approach costs less time to generate more informative and precise invariants than the state-of-the-art methods.

S. Hitarth,George Kenison,Laura Kovács,Anton Varonka

DOI: https://doi.org/10.48550/arXiv.2310.05120

2023-10-08

Logic in Computer Science

Abstract:Invariants are key to formal loop verification as they capture loop properties that are valid before and after each loop iteration. Yet, generating invariants is a notorious task already for syntactically restricted classes of loops. Rather than generating invariants for given loops, in this paper we synthesise loops that exhibit a predefined behaviour given by an invariant. From the perspective of formal loop verification, the synthesised loops are thus correct by design and no longer need to be verified. To overcome the hardness of reasoning with arbitrarily strong invariants, in this paper we construct simple (non-nested) while loops with linear updates that exhibit polynomial equality invariants. Rather than solving arbitrary polynomial equations, we consider loop properties defined by a single quadratic invariant in any number of variables. We present a procedure that, given a quadratic equation, decides whether a loop with affine updates satisfying this equation exists. Furthermore, if the answer is positive, the procedure synthesises a loop and ensures its variables achieve infinitely many different values.

Roderick Chapman,Claire Dross,Stuart Matthews,Yannick Moy

DOI: https://doi.org/10.1145/3624728

IF: 22.7

2024-02-24

Communications of the ACM

Abstract:Proving preservation is typically harder, as the loop invariant expression should not only hold at the corresponding program point, but it should be inductive with respect to the loop body. The elephant in the room is that the VC may contain less information than what the user assumes regarding variables read or written in the loop. A frequently forgotten part of the loop invariant is the so-called frame condition , which denotes the parts of a modified variable preserved inside the loop. While the SPARK analyzer has heuristics to generate the frame condition, this is not sufficient in all cases.

computer science, theory & methods, software engineering, hardware & architecture

Angello Astorga,P. Madhusudan,Shambwaditya Saha,Shiyu Wang,Tao Xie

DOI: https://doi.org/10.1145/3314221.3314641

2019-01-01

Abstract:In this paper, we present a novel learning framework for inferring stateful preconditions (i.e., preconditions constraining not only primitive-type inputs but also non-primitive-type object states) modulo a test generator, where the quality of the preconditions is based on their safety and maximality with respect to the test generator. We instantiate the learning framework with a specific learner and test generator to realize a precondition synthesis tool for C#. We use an extensive evaluation to show that the tool is highly effective in synthesizing preconditions for avoiding exceptions as well as synthesizing conditions under which methods commute.

Daneshvar Amrollahi,Ezio Bartocci,George Kenison,Laura Kovács,Marcel Moosbrugger,Miroslav Stankovič

2024-03-05

Abstract:Automatically generating invariants, key to computer-aided analysis of probabilistic and deterministic programs and compiler optimisation, is a challenging open problem. Whilst the problem is in general undecidable, the goal is settled for restricted classes of loops. For the class of solvable loops, introduced by Kapur and Rodríguez-Carbonell in 2004, one can automatically compute invariants from closed-form solutions of recurrence equations that model the loop behaviour. In this paper we establish a technique for invariant synthesis for loops that are not solvable, termed unsolvable loops. Our approach automatically partitions the program variables and identifies the so-called defective variables that characterise unsolvability. Herein we consider the following two applications. First, we present a novel technique that automatically synthesises polynomials from defective monomials, that admit closed-form solutions and thus lead to polynomial loop invariants. Second, given an unsolvable loop, we synthesise solvable loops with the following property: the invariant polynomials of the solvable loops are all invariants of the given unsolvable loop. Our implementation and experiments demonstrate both the feasibility and applicability of our approach to both deterministic and probabilistic programs.

Programming Languages

George Kenison,Laura Kovács,Anton Varonka

DOI: https://doi.org/10.48550/arXiv.2302.06323

2023-02-13

Logic in Computer Science

Abstract:Loop invariants are software properties that hold before and after every iteration of a loop. As such, invariants provide inductive arguments that are key in automating the verification of program loops. The problem of generating loop invariants; in particular, invariants described by polynomial relations (so called polynomial invariants), is therefore one of the hardest problems in software verification. In this paper we advocate an alternative solution to invariant generation. Rather than inferring invariants from loops, we synthesise loops from invariants. As such, we generate loops that satisfy a given set of polynomials; in other words, our synthesised loops are correct by construction. Our work turns the problem of loop synthesis into a symbolic computation challenge. We employ techniques from algebraic geometry to synthesise loops whose polynomial invariants are described by pure difference binomials. We show that such complex polynomial invariants need ``only'' linear loops, opening up new venues in program optimisation. We prove the existence of non-trivial loops with linear updates for polynomial invariants generated by pure difference binomials. Importantly, we introduce an algorithmic approach that constructs linear loops from such polynomial invariants, by generating linear recurrence sequences that have specified algebraic relations among their terms.

G. W. Hamilton

DOI: https://doi.org/10.48550/arXiv.1708.07223

2017-08-24

Logic in Computer Science

Abstract:Loop invariants play a central role in the verification of imperative programs. However, finding these invariants is often a difficult and time-consuming task for the programmer. We have previously shown how program transformation can be used to facilitate the verification of functional programs, but the verification of imperative programs is more challenging due to the need to discover these loop invariants. In this paper, we describe a technique for automatically discovering loop invariants. Our approach is similar to the induction-iteration method, but avoids the potentially exponential blow-up in clauses that can result when using this and other methods. Our approach makes use of the distil- lation program transformation algorithm to transform clauses into a simplified form that facilitates the identification of similarities and differences between them and thus help discover invariants. We prove that our technique terminates, and demonstrate its successful application to example programs that have proven to be problematic using other approaches. We also characterise the situations where our technique fails to find an invariant, and show how this can be ameliorated to a certain extent.

BISHOKSAN KAFLE,JOHN P. GALLAGHER,GRAEME GANGE,PETER SCHACHTE,HARALD SØNDERGAARD,PETER J. STUCKEY

DOI: https://doi.org/10.1017/s1471068418000091

2018-07-01

Theory and Practice of Logic Programming

Abstract:Abstract We present a method for automatic inference of conditions on the initial states of a program that guarantee that the safety assertions in the program are not violated. Constrained Horn clauses (CHCs) are used to model the program and assertions in a uniform way, and we use standard abstract interpretations to derive an over-approximation of the set of unsafe initial states. The precondition then is the constraint corresponding to the complement of that set, under-approximating the set of safe initial states. This idea of complementation is not new, but previous attempts to exploit it have suffered from the loss of precision. Here we develop an iterative specialisation algorithm to give more precise, and in some cases optimal safety conditions. The algorithm combines existing transformations, namely constraint specialisation, partial evaluation and a trace elimination transformation. The last two of these transformations perform polyvariant specialisation, leading to disjunctive constraints which improve precision. The algorithm is implemented and tested on a benchmark suite of programs from the literature in precondition inference and software verification competitions.

computer science, theory & methods, software engineering,logic