Automated Generation of Non-Linear Loop Invariants Utilizing Hypergeometric Sequences

Analyzing and reasoning about safety properties of software systems becomes an especially challenging task for programs with complex flow and, in particular, with loops or recursion. For such programs one needs additional information, for example in the form of loop invariants, expressing properties to hold at intermediate program points. In this paper we study program loops with non-trivial arithmetic, implementing addition and multiplication among numeric program variables. We present a new approach for automatically generating all polynomial invariants of a class of such programs. Our approach turns programs into linear ordinary recurrence equations and computes closed form solutions of these equations. These closed forms express the most precise inductive property, and hence invariant. We apply Gr\"obner basis computation to obtain a basis of the polynomial invariant ideal, yielding thus a finite representation of all polynomial invariants. Our work significantly extends the class of so-called P-solvable loops by handling multiplication with the loop counter variable. We implemented our method in the Mathematica package Aligator and showcase the practical use of our approach.Comment: A revised version of this paper is published in the proceedings of ISSAC 201

Invariant Generation for Multi-Path Loops with Polynomial Assignments

Program analysis requires the generation of program properties expressing conditions to hold at intermediate program locations. When it comes to programs with loops, these properties are typically expressed as loop invariants. In this paper we study a class of multi-path program loops with numeric variables, in particular nested loops with conditionals, where assignments to program variables are polynomial expressions over program variables. We call this class of loops extended P-solvable and introduce an algorithm for generating all polynomial invariants of such loops. By an iterative procedure employing Gr\"obner basis computation, our approach computes the polynomial ideal of the polynomial invariants of each program path and combines these ideals sequentially until a fixed point is reached. This fixed point represents the polynomial ideal of all polynomial invariants of the given extended P-solvable loop. We prove termination of our method and show that the maximal number of iterations for reaching the fixed point depends linearly on the number of program variables and the number of inner loops. In particular, for a loop with m program variables and r conditional branches we prove an upper bound of m*r iterations. We implemented our approach in the Aligator software package. Furthermore, we evaluated it on 18 programs with polynomial arithmetic and compared it to existing methods in invariant generation. The results show the efficiency of our approach

Abstract proof structures : A uniform framework

Zusammenfassung in deutscher SpracheText in englischer SpracheAbstraktionen von formalen Beweisen, sogenannte abstrakte Beweisstrukturen, dienen als anerkanntes Werkzeug um Struktur und Eigenschaften von formalen Beweisen zu untersuchen. Für einen Beweis in einem Sequentialkalkül existieren verschiedenste Abstraktionen, wie Beweisskelett, Beweisnetz und Logischer Flussgraph (im speziellen Atomarer Flussgraph). Diese abstrakten Beweisstrukturen haben ihren Ursprung in verschiedenen Gebieten der Beweistheorie und eine gründliche Untersuchung der Zusammenhänge dieser existiert noch nicht. Durch die Definition einer Tupel-Darstellung von LK-Beweisen wird die Grundlage eines einheitlichen Rahmens zur Untersuchung von Beweisstrukturen im Sequentialkalkül LK gelegt. Diese Tupel-Darstellung erlaubt es, die oben genannten abstrakten Beweisstrukturen geeignet darzustellen und zu untersuchen. Wir zeigen, dass es bei geeigneter Behandlung der Abschwächung für jedes Paar der oben genannten Abstraktionen eine Struktur gibt, sodass beide zu dieser reduziert werden können. Neben den Einblicken in die Zusammenhänge der Beweisstrukturen entsteht ein Rahmen zur Verallgemeinerung von Resultaten und Algorithmen. So definierten etwa Krajicek und Pudlak einen Algorithmus zur Herleitung von Schranken bezüglich der minimalen Größe von Beweisen. Durch Verallgemeinerung dieses Algorithmus ergeben sich dieselben Schranken für Beweisnetze. Außerdem untersuchen wir die Kardinalitäten der Äquivalenzklassen, welche von den Abstraktionen generiert werden. Wir zeigen, dass es endlich viele Beweise gibt, welche dasselbe Beweisnetz (denselben Atomaren Flussgraphen) besitzen. Für Beweisskelette gibt es im Allgemeinen unendlich viele dazugehörige Beweise.Abstractions of formal proofs, so-called abstract proof structures, serve as a well-accepted tool for studying structure and properties of formal proofs. Given a sequent calculus proof, there are various abstractions including proof skeleton, proof net and logical flow graph (in particular atomic flow graph). These abstract proof structures emerged in different areas of proof theory and a thorough investigation of their interrelationship does not exist so far. By introducing a tuple-based representation of proofs, which allows a suitable representation of the before-mentioned abstractions, we establish a uniform framework for classical first-order logic which clarifies the relationship between these proof structures in the context of the sequent calculus LK. We show that, in case of a suitable treatment of the weakening rules, there exists a structure for every pair of the above-mentioned abstractions such that both abstractions can be reduced to it. Besides the gained insights of the interrelationship by defining this uniform framework, we get a framework for generalizing results and algorithms. For instance, Krajicek and Pudlak introduced an algorithm defined on proof skeletons for deriving bounds on the minimal size of proofs. We generalize this result to proof nets by generalizing the algorithm to proof net skeletons. A proof net skeleton is an abstraction of both, proof nets and proof skeletons. Furthermore, we investigate the cardinalities of the equivalences generated by the abstractions. We show that there exist finitely many proofs having the same proof net (atomic flow graph). For proof skeletons there exists an infinite number of associated proofs.4

Algebra-based loop reasoning - invariant generation and synthesis for numeric loops

Provably correct software is one of the key challenges in our software-driven society. Program verification – the task of proving correctness of a given program with respect to a given specification – and program synthesis – the task of constructing a program satisfying a given specification – are strategies for achieving this. While formal verification establishes the correctness of a given program, the result of program synthesis is a program which is correct by construction. In both domains, handling loops is one of the main ingredients to a successful procedure. A so-called loop invariant is a property of a given loop describing its behavior, and is therefore the central notion for reasoning about program loops. In verification, the task is to compute invariants for a given loop, we call this task invariant generation. The reverse challenge, that is, synthesizing a loop which satisfies a given invariant, is called loop synthesis. We present algorithms for both scenarios based on techniques from the area of computer algebra. In particular, we develop techniques for generating invariants for numerical multi-path loops, and for the synthesis of numerical single-path loops. The central aspect in both settings is that we model loops as systems of recurrence equations. Every program variable of a loop induces a number sequence, and we reduce the invariant generation task to the task of computing the set of all algebraic relations among those sequences. In fact, we consider single-path loops whose variables induce number sequences which can be represented as a finite sum of hypergeometric sequences (so-called P-solvable sequences). We compute the invariants of multi-path loops by an iterative procedure employing Gröbner bases computations. Our approach computes the set of polynomial equality invariants of each program path and combines these ideals sequentially until a fixed point is reached. This fixed point represents the polynomial ideal of all polynomial invariants of the given P-solvable loop. We prove termination of our method and show that the maximal number of iterations for reaching the fixed point depends linearly on the number of program variables and the number of paths. The class of loops we are considering in loop synthesis can be modeled by a system of recurrence equations with constant coefficients (a subclass of P-solvable recurrences). We then turn the task of loop synthesis into a polynomial constraint problem by precisely characterizing the set of all loops satisfying a given set of polynomial equality invariants. Our approach is sound, and complete when the number of auxiliary variables is bounded. Furthermore, we show that it can be automated by leveraging SMT solvers for solving our polynomial constraint problems. The combination of the two techniques provides a strong foundation for a successful procedure in the context of loop optimizations such as strength reduction.9

Subject-Matter Didactics

Hefendehl-Hebeker L, vom Hofe R, Büchter A, Humenberger H, Schulz A, Wartha S. Subject-Matter Didactics. In: Jahnke HN, Hefendehl-Hebeker L, eds. Traditions in German-Speaking Mathematics Education Research. ICME-13 Monographs. Cham: Springer International Publishing; 2019: 25-59