Precondition Calculation for Loops Iterating over Data Structures

Precondition calculation is a fundamental program verification technique. Many previous works tried to solve this problem, but ended with limited capability due to loop statements. We conducted a survey on loops manipulating commonly-used data structures occurring in several real-world open-source programs, and found that about 80% of such loops iterate over elements of a data structure, indicating that automatic calculation of preconditions with respect to post-conditions of these loops would cover a great number of real-world programs and greatly ease code verification tasks. In this paper, we specify the execution effect of a program statement using the memories modified by the statement and the new values stored in these memories after executing the statement. Thus, conditional statements and loop statements can be uniformly reduced to a sequence of assignments. Also we present an approach to calculate preconditions with respect to given post-conditions of various program statements including loops that iterate over elements of commonly-used data structures (e.g., acyclic singly-linked lists) based on execution effects of these statements. With execution effects, post-conditions and loop invariants can also be generated. Our approach handles various types of data including numeric, boolean, arrays and user-defined structures. We have implemented the approach and integrated it into the code verification tool, Accumulator. We also evaluated the approach with a variety of programs, and the results show that our approach is able to calculate preconditions for different kinds of post-conditions, including linear ones and universally quantified ones. Preconditions generated with our approach can ease the verification task by reducing the burden of providing loop invariants and preconditions of loop statements manually, which improves the automatic level and efficiency, and makes the verification less error-prone.

[1]  Joost-Pieter Katoen,et al.  Juggrnaut: using graph grammars for abstracting unbounded heap structures , 2015, Formal Methods Syst. Des..

[2]  Daniel Kroening,et al.  Loop Summarization and Termination Analysis , 2011, TACAS.

[3]  Thomas Noll,et al.  Generating Abstract Graph-Based Procedure Summaries for Pointer Programs , 2014, ICGT.

[4]  Thomas A. Henzinger,et al.  Invariant Synthesis for Combined Theories , 2007, VMCAI.

[5]  Edsger W. Dijkstra,et al.  Guarded commands, nondeterminacy and formal derivation of programs , 1975, Commun. ACM.

[6]  Corina S. Pasareanu,et al.  Verification of Java Programs Using Symbolic Execution and Invariant Generation , 2004, SPIN.

[7]  Sylvain Conchon,et al.  Invariants for finite instances and beyond , 2013, 2013 Formal Methods in Computer-Aided Design.

[8]  Lamia Labed Jilani,et al.  Invariant assertions, invariant relations, and invariant functions , 2013, Sci. Comput. Program..

[9]  Andrei Voronkov,et al.  Finding Loop Invariants for Programs over Arrays Using a Theorem Prover , 2009, FASE.

[10]  Sumit Gulwani,et al.  Proving Conditional Termination , 2008, CAV.

[11]  José C. Monteiro,et al.  Weakest Precondition Synthesis for Compiler Optimizations , 2014, VMCAI.

[12]  Yannick Moy,et al.  Sufficient Preconditions for Modular Assertion Checking , 2008, VMCAI.

[13]  K. Rustan M. Leino,et al.  Efficient weakest preconditions , 2005, Inf. Process. Lett..

[14]  Marius Bozga,et al.  Deciding Conditional Termination , 2012, TACAS.

[15]  Eran Yahav,et al.  Interprocedural Shape Analysis for Effectively Cutpoint-Free Programs , 2013, Programming Logics.

[16]  Juan Zhai,et al.  Assertion-Directed Precondition Synthesis for Loops over Data Structures , 2015, SETTA.

[17]  Daniel Kroening,et al.  Counterexample-Guided Precondition Inference , 2013, ESOP.

[18]  David Brumley,et al.  Efficient Directionless Weakest Preconditions , 2011 .

[19]  Sumit Gulwani,et al.  Ranking Abstractions , 2008, ESOP.

[20]  Sarfraz Khurshid,et al.  Feedback-driven dynamic invariant discovery , 2014, ISSTA 2014.

[21]  Lamia Labed Jilani,et al.  Computing Preconditions and Postconditions of While Loops , 2011, ICTAC.

[22]  K. Rustan M. Leino,et al.  Weakest-precondition of unstructured programs , 2005, PASTE '05.

[23]  Cormac Flanagan,et al.  Avoiding exponential explosion: generating compact verification conditions , 2001, POPL '01.

[24]  Jianhua Zhao,et al.  Scope Logic: An Extension to Hoare Logic for Pointers and Recursive Data Structures , 2013, ICTAC.

[25]  Thomas W. Reps,et al.  A framework for numeric analysis of array operations , 2005, POPL '05.

[26]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[27]  Patrice Godefroid,et al.  Automatic partial loop summarization in dynamic test generation , 2011, ISSTA '11.

[28]  Juan Zhai,et al.  Post-condition-Directed Invariant Inference for Loops over Data Structures , 2014, 2014 IEEE Eighth International Conference on Software Security and Reliability-Companion.