1,354 research outputs found
Invariant Generation through Strategy Iteration in Succinctly Represented Control Flow Graphs
We consider the problem of computing numerical invariants of programs, for
instance bounds on the values of numerical program variables. More
specifically, we study the problem of performing static analysis by abstract
interpretation using template linear constraint domains. Such invariants can be
obtained by Kleene iterations that are, in order to guarantee termination,
accelerated by widening operators. In many cases, however, applying this form
of extrapolation leads to invariants that are weaker than the strongest
inductive invariant that can be expressed within the abstract domain in use.
Another well-known source of imprecision of traditional abstract interpretation
techniques stems from their use of join operators at merge nodes in the control
flow graph. The mentioned weaknesses may prevent these methods from proving
safety properties. The technique we develop in this article addresses both of
these issues: contrary to Kleene iterations accelerated by widening operators,
it is guaranteed to yield the strongest inductive invariant that can be
expressed within the template linear constraint domain in use. It also eschews
join operators by distinguishing all paths of loop-free code segments. Formally
speaking, our technique computes the least fixpoint within a given template
linear constraint domain of a transition relation that is succinctly expressed
as an existentially quantified linear real arithmetic formula. In contrast to
previously published techniques that rely on quantifier elimination, our
algorithm is proved to have optimal complexity: we prove that the decision
problem associated with our fixpoint problem is in the second level of the
polynomial-time hierarchy.Comment: 35 pages, conference version published at ESOP 2011, this version is
a CoRR version of our submission to Logical Methods in Computer Scienc
Proving termination using abstract interpretation
PhDOne way to develop more robust software is to use formal program verification. Formal program
verification requires the construction of a formal mathematical proof of the programs correctness.
In the past ten years or so there has been much progress in the use of automated tools
to formally prove properties of programs. However many such tools focus on proving safety
properties: that something bad does not happen. Liveness properties, where we try to prove
that something good will happen, have received much less attention. Program termination is
an example of a liveness property. It has been known for a long time that to prove program
termination we need to discover some function which maps program states to a well-founded
set. Essentially we need to find one global argument for why the program terminates. Finding
such an argument which overapproximates the entire program is very difficult. Recently, Podelski
and Rybalchenko discovered a more compositional proof rule to find disjunctive termination
arguments. Disjunctive termination arguments requires a series of termination arguments that
individually may only cover part of the program but when put together give a reason for why
the entire program will terminate. Thus we do not need to search for one overall reason for
termination but we can break the problem down and focus on smaller parts of the program.
This thesis develops a series of abstract interpreters for proving the termination of imperative
programs. We make three contributions, each of which makes use of the Podelski-Rybalchenko
result.
Firstly we present a technique to re-use domains and operators from abstract interpreters for
safety properties to produce termination analysers. This technique produces some very fast
termination analysers, but is limited by the underlying safety domain used.
We next take the natural step forward: we design an abstract domain for termination. This
abstract domain is built from ranking functions: in essence the abstract domain only keeps track
of the information necessary to prove program termination. However, the abstract domain is
limited to proving termination for language with iteration.
In order to handle recursion we use metric spaces to design an abstract domain which can handle
recursion over the unit type. We define a framework for designing abstract interpreters for liveness
properties such as termination. The use of metric spaces allows us to model the semantics
of infinite computations for programs with recursion over the unit type so that we can design
an abstract interpreter in a systematic manner. We have to ensure that the abstract interpreter is
well-behaved with respect to the metric space semantics, and our framework gives a way to do
this
A Practical Type Analysis for Verification of Modular Prolog Programs
Regular types are a powerful tool for computing very precise descriptive types for logic programs. However, in the context of real life, modular Prolog programs, the accurate results obtained by regular types often come at the price of efficiency. In this paper we propose a combination of techniques aimed at improving analysis efficiency in this context. As a first technique we allow optionally reducing the accuracy of inferred types by using only the types defined by the user or present in the libraries. We claim that, for the purpose of verifying type signatures given in the form of assertions the precision obtained using this approach is sufficient, and show that analysis times can be reduced significantly. Our second technique is aimed at dealing with situations where we would like to limit the amount of reanalysis performed, especially for library modules. Borrowing some ideas from polymorphic type systems, we show how to solve the problem by admitting parameters in type specifications. This allows us to compose new call patterns with some pre computed analysis info without losing any information. We argue that together these two techniques contribute to the practical and scalable analysis and verification of types in Prolog programs
Enhancing Predicate Pairing with Abstraction for Relational Verification
Relational verification is a technique that aims at proving properties that
relate two different program fragments, or two different program runs. It has
been shown that constrained Horn clauses (CHCs) can effectively be used for
relational verification by applying a CHC transformation, called predicate
pairing, which allows the CHC solver to infer relations among arguments of
different predicates. In this paper we study how the effects of the predicate
pairing transformation can be enhanced by using various abstract domains based
on linear arithmetic (i.e., the domain of convex polyhedra and some of its
subdomains) during the transformation. After presenting an algorithm for
predicate pairing with abstraction, we report on the experiments we have
performed on over a hundred relational verification problems by using various
abstract domains. The experiments have been performed by using the VeriMAP
transformation and verification system, together with the Parma Polyhedra
Library (PPL) and the Z3 solver for CHCs.Comment: Pre-proceedings paper presented at the 27th International Symposium
on Logic-Based Program Synthesis and Transformation (LOPSTR 2017), Namur,
Belgium, 10-12 October 2017 (arXiv:1708.07854
- ā¦