A Framework for Array Invariants Synthesis in Induction-Loop Programs

Abstract interpretation is capable of inferring a wide variety of quantifier-free program invariants. In this paper, we propose a general framework for building universally quantified abstract domains that leverage existing quantifier-free domains in induction-loop programs. This method is sound and converges in finite time. We instantiate this framework using two quantifier-free domains: difference-bound matrices with disequality constraints (dDBM) domain and polynomial equations domain. The experiments on a variety of programs using arrays demonstrate the feasibility of the approach.

[1]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[2]  Thomas W. Reps,et al.  A framework for numeric analysis of array operations , 2005, POPL '05.

[3]  Shuvendu K. Lahiri,et al.  Constructing Quantified Invariants via Predicate Abstraction , 2004, VMCAI.

[4]  Jeffrey D. Ullman,et al.  Monotone data flow analysis frameworks , 1977, Acta Informatica.

[5]  Patrick Cousot,et al.  Design and Implementation of a Special-Purpose Static Program Analyzer for Safety-Critical Real-Time Embedded Software, invited chapter , 2002 .

[6]  Cormac Flanagan,et al.  Predicate abstraction for software verification , 2002, POPL '02.

[7]  Zvonimir Rakamaric,et al.  SMACK+Corral: A Modular Verifier - (Competition Contribution) , 2015, TACAS.

[8]  Ranjit Jhala,et al.  Array Abstractions from Proofs , 2007, CAV.

[9]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[10]  Shuvendu K. Lahiri,et al.  A Symbolic Approach to Predicate Abstraction , 2003, CAV.

[11]  Patrick Cousot,et al.  A parametric segmentation functor for fully automatic and scalable array content analysis , 2011, POPL '11.

[12]  Kenneth L. McMillan,et al.  Quantified Invariant Generation Using an Interpolating Saturation Prover , 2008, TACAS.

[13]  Andrei Voronkov,et al.  Finding Loop Invariants for Programs over Arrays Using a Theorem Prover , 2009, FASE.

[14]  Nicolas Halbwachs,et al.  An Abstract Domain Extending Difference-Bound Matrices with Disequality Constraints , 2007, VMCAI.

[15]  Sumit Gulwani,et al.  Program verification using templates over predicate abstraction , 2009, PLDI '09.

[16]  Nicolas Halbwachs,et al.  Discovering properties about arrays in simple programs , 2008, PLDI '08.

[17]  Thomas A. Henzinger,et al.  Path invariants , 2007, PLDI '07.

[18]  Thomas Reps,et al.  Numeric program analysis techniques with applications to array analysis and library summarization , 2007 .

[19]  Patrick Cousot,et al.  A static analyzer for large safety-critical software , 2003, PLDI.

[20]  Enric Rodríguez-Carbonell,et al.  An Abstract Interpretation Approach for Automatic Generation of Polynomial Invariants , 2004, SAS.

[21]  Antoine Miné,et al.  The octagon abstract domain , 2001, High. Order Symb. Comput..

[22]  Thomas W. Reps,et al.  Numeric Domains with Summarized Dimensions , 2004, TACAS.

[23]  Sumit Gulwani,et al.  Lifting abstract interpreters to quantified logical domains , 2008, POPL '08.

[24]  Shuvendu K. Lahiri,et al.  Indexed Predicate Discovery for Unbounded System Verification , 2004, CAV.