Facilitating Verification in Program Loops by Identification of Static Iteration Patterns

Generating invariants for loops is often a grueling obstacle in formal program verification. Researchers have employed methods from formal techniques based on abstract interpretation to test-driven dynamic analysis to tackle this problem. Even though powerful techniques for generating conjunctive invariants (invariants that employ only conjunction of terms) have been developed, disjunctive invariants have remained a sore thumb for formal techniques. In this paper, we propose a technique to transform certain category of loops, those that have a static iteration pattern, into loops that can be handled by conjunctive invariant generators. The key idea is to identify a static iteration pattern that distributes the disjunction in an invariant in a manner that can be captured by only conjunctive invariants. To broaden the scope of our algorithm, we also propose the idea of parametric verification, while attempting to verify specialized versions of the program where a subset of the input variables is instantiated with certain test-inputs. Note that parametric verification distinguishes it from program testing as testing requires all of its variables to be instantiated with test-inputs. We discuss our ideas on loops drawn from real programs to establish real-world applicability of our algorithms.

[1]  Isil Dillig,et al.  Simplifying Loop Invariant Generation Using Splitter Predicates , 2011, CAV.

[2]  Parosh Aziz Abdulla,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 1996, Lecture Notes in Computer Science.

[3]  Cormac Flanagan,et al.  Avoiding exponential explosion: generating compact verification conditions , 2001, POPL '01.

[4]  Sriram Sankaranarayanan,et al.  Refining the control structure of loops using static analysis , 2009, EMSOFT '09.

[5]  Koushik Sen DART: Directed Automated Random Testing , 2009, Haifa Verification Conference.

[6]  Shaoying Liu Utilizing Hoare Logic to Strengthen Testing for Error Detection in Programs , 2012, Turing-100.

[7]  Aditya V. Thakur,et al.  The Yogi Project : Software Property Checking via Static Analysis and Testing , 2009 .

[8]  Mark N. Wegman,et al.  Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.

[9]  Ashutosh Gupta,et al.  InvGen: An Efficient Invariant Generator , 2009, CAV.

[10]  Vikram S. Adve,et al.  LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..

[11]  Sumit Gulwani,et al.  Control-flow refinement and progress invariants for symbolic complexity bounds , 2009 .

[12]  Nikolai Tillmann,et al.  DySy: dynamic symbolic execution for invariant inference , 2008, ICSE.

[13]  Stephen McCamant,et al.  The Daikon system for dynamic detection of likely invariants , 2007, Sci. Comput. Program..

[14]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[15]  Samarjit Chakraborty,et al.  Proceedings of the seventh ACM international conference on Embedded software , 2009, EMSOFT 2009.