Geometric Quantifier Elimination Heuristics for Automatically Generating Octagonal and Max-plus Invariants

Geometric heuristics for the quantifier elimination approach presented by Kapur (2004) are investigated to automatically derive loop invariants expressing weakly relational numerical properties (such as l≤x≤h or l≤±x ±y≤h) for imperative programs. Such properties have been successfully used to analyze commercial software consisting of hundreds of thousands of lines of code (using for example, the Astree tool based on abstract interpretation framework proposed by Cousot and his group). The main attraction of the proposed approach is its much lower complexity in contrast to the abstract interpretation approach (O(n2) in contrast to O(n4), where n is the number of variables) with the ability to still generate invariants of comparable strength. This approach has been generalized to consider disjunctive invariants of the similar form, expressed using maximum function (such as max (x+a,y+b,z+c,d)≤max (x+e,y+f,z+g,h)), thus enabling automatic generation of a subclass of disjunctive invariants for imperative programs as well.

[1]  C. A. R. HOARE,et al.  An axiomatic basis for computer programming , 1969, CACM.

[2]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[3]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[4]  Patrick Cousot,et al.  Abstract Interpretation Frameworks , 1992, J. Log. Comput..

[5]  Rüdiger Loos,et al.  Applying Linear Quantifier Elimination , 1993, Comput. J..

[6]  Michael J. Maher,et al.  Beyond Finite Domains , 1994, PPCP.

[7]  Cormac Flanagan,et al.  Avoiding exponential explosion: generating compact verification conditions , 2001, POPL '01.

[8]  Patrick Cousot,et al.  Design and Implementation of a Special-Purpose Static Program Analyzer for Safety-Critical Real-Time Embedded Software , 2002, The Essence of Computation.

[9]  David A. Schmidt,et al.  The Essence of Computation , 2002 .

[10]  Henny B. Sipma,et al.  Non-linear loop invariant generation using Gröbner bases , 2004, POPL.

[11]  A. Miné Weakly Relational Numerical Abstract Domains , 2004 .

[12]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[13]  D. Kapur Automatically Generating Loop Invariants Using Quantifier Elimination † -Preliminary Report- , 2004 .

[14]  Patrick Cousot,et al.  The ASTREÉ Analyzer , 2005, ESOP.

[15]  Patrick Cousot,et al.  The ASTR ´ EE Analyzer , 2005 .

[16]  Karem A. Sakallah,et al.  A Scalable Method for Solving Satisfiability of Integer Linear Arithmetic Logic , 2005, SAT.

[17]  Deepak Kapur,et al.  A Quantifier-Elimination Based Heuristic for Automatically Generating Inductive Assertions for Programs , 2006, J. Syst. Sci. Complex..

[18]  Ricardo D. Katz,et al.  Max-Plus Convex Geometry , 2006, RelMiCS.

[19]  Sumit Gulwani,et al.  Ranking Abstractions , 2008, ESOP.

[20]  Program analysis as constraint solving , 2008 .

[21]  Sumit Gulwani,et al.  Program analysis as constraint solving , 2008, PLDI '08.

[22]  Sumit Gulwani,et al.  Constraint-Based Approach for Analysis of Hybrid Systems , 2008, CAV.

[23]  Roberto Bagnara,et al.  An Improved Tight Closure Algorithm for Integer Octagonal Constraints , 2007, VMCAI.

[24]  Eric Goubault,et al.  Inferring Min and Max Invariants Using Max-Plus Polyhedra , 2008, SAS.

[25]  Gilles Dowek,et al.  Principles of programming languages , 1981, Prentice Hall International Series in Computer Science.

[26]  Chaochen Zhou,et al.  Recent advances in program verification through computer algebra , 2009, Frontiers of Computer Science in China.

[27]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[28]  Xavier Allamigeon,et al.  Static analysis of memory manipulations by abstract interpretation - Algorithmics of tropical polyhedra, and application to abstract interpretation. (Analyse statique de manipulations de mémoire par interprétation abstraite - Algorithmique des polyèdres tropicaux, et application à l'interprétation a , 2009 .

[29]  P. Butkovic Max-linear Systems: Theory and Algorithms , 2010 .

[30]  Bican Xia,et al.  Termination of linear programs with nonlinear constraints , 2010, J. Symb. Comput..

[31]  Sumit Gulwani,et al.  Synthesizing switching logic using constraint solving , 2010, International Journal on Software Tools for Technology Transfer.

[32]  Enric Rodríguez-Carbonell,et al.  Hard problems in max-algebra, control theory, hypergraphs and other areas , 2010, Inf. Process. Lett..

[33]  Sumit Gulwani,et al.  From program verification to program synthesis , 2010, POPL '10.

[34]  Ashish Tiwari,et al.  Synthesis of optimal switching logic for hybrid systems , 2011, 2011 Proceedings of the Ninth ACM International Conference on Embedded Software (EMSOFT).

[35]  Ashish Tiwari,et al.  Verification and synthesis using real quantifier elimination , 2011, ISSAC '11.

[36]  Sumit Gulwani,et al.  Synthesis of loop-free programs , 2011, PLDI '11.

[37]  Bernhard Möller,et al.  Relations and Kleene Algebras in Computer Science , 2008, J. Log. Algebraic Methods Program..

[38]  R. Gorenflo,et al.  Multi-index Mittag-Leffler Functions , 2014 .

[39]  Thomas A. Henzinger,et al.  Abstractions from proofs , 2004, SIGP.