Generating Specifications for Recursive Methods by Abstracting Program States

In this paper we present a novel approach to automatically generate sound specifications for recursive methods. These specifications can help prove the absence of undesired behavior, provide programmers with a foundation to build upon and help locate implementation bugs. Our approach is based on symbolic execution which we use to determine the states of re-entry and exit points. From these we generalize the necessary pre- and postconditions using techniques from abstract interpretation. The presented approach has been prototypically implemented by integration into a faithful and precise program logic for sequential Java programs.

[1]  Salvatore La Torre,et al.  Analyzing recursive programs using a fixed-point calculus , 2009, PLDI '09.

[2]  Philipp Rümmer,et al.  Sequential, Parallel, and Quantified Updates of First-Order Structures , 2006, LPAR.

[3]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[4]  Sriram K. Rajamani,et al.  The SLAM Toolkit , 2001, CAV.

[5]  Alexander Aiken,et al.  Saturn: A scalable framework for error detection using Boolean satisfiability , 2007, TOPL.

[6]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[7]  Reiner Hähnle,et al.  Array Abstraction with Symbolic Pivots , 2016, Theory and Practice of Formal Methods.

[8]  Henny B. Sipma,et al.  Non-linear loop invariant generation using Gröbner bases , 2004, POPL.

[9]  Edmund M. Clarke,et al.  Counterexample-Guided Abstraction Refinement , 2000, CAV.

[10]  Reiner Hähnle,et al.  An Interactive Verification Tool Meets an IDE , 2014, IFM.

[11]  Farn Wang,et al.  Verifying Recursive Programs Using Intraprocedural Analyzers , 2014, SAS.

[12]  K. Rustan M. Leino,et al.  Houdini, an Annotation Assistant for ESC/Java , 2001, FME.

[13]  Bertrand Meyer,et al.  Inferring Loop Invariants Using Postconditions , 2010, Fields of Logic and Computation.

[14]  Bernhard Beckert,et al.  Verification of Object-Oriented Software. The KeY Approach - Foreword by K. Rustan M. Leino , 2007, The KeY Approach.

[15]  Sriram K. Rajamani,et al.  Bebop: A Symbolic Model Checker for Boolean Programs , 2000, SPIN.

[16]  Reiner Hähnle,et al.  Abstract Interpretation of Symbolic Execution with Explicit State Updates , 2009, FMCO.

[17]  Henny B. Sipma,et al.  Linear Invariant Generation Using Non-linear Constraint Solving , 2003, CAV.

[18]  Stephen McCamant,et al.  The Daikon system for dynamic detection of likely invariants , 2007, Sci. Comput. Program..