Skip to main content
SpringerLink
Log in

From tests to proofs

  • TACAS 2009
  • Published:
International Journal on Software Tools for Technology Transfer Aims and scope Submit manuscript

Abstract

We describe the design and implementation of an automatic invariant generator for imperative programs. While automatic invariant generation through constraint solving has been extensively studied from a theoretical viewpoint as a classical means of program verification, in practice existing tools do not scale even to moderately sized programs. This is because the constraints that need to be solved even for small programs are already too difficult for the underlying (non-linear) constraint solving engines. To overcome this obstacle, we propose to strengthen static constraint generation with information obtained from static abstract interpretation and dynamic execution of the program. The strengthening comes in the form of additional linear constraints that trigger a series of simplifications in the solver, and make solving more scalable. We demonstrate the practical applicability of the approach by an experimental evaluation on a collection of challenging benchmark programs and comparisons with related tools based on abstract interpretation and software model checking.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Notes

  1. Due to short running times, we present the aggregated data and do not provide any table containing entries for individual programs.

References

  1. Ball, T., Rajamani, S.K.: The Slam project: Debugging system software via static analysis, In: Proc. POPL. ACM, pp. 1–3 (2002)

  2. Beyer, D., Henzinger, T., Majumdar, R., RybalchenkoA.: Invariant synthesis for combined theories. In: Proc. VMCAI. LNCS 4349. Springer, pp. 378–394 (2007a)

  3. Beyer, D., Henzinger, T. A., Majumdar, R., Rybalchenko, A.: Path invariants. In: Proc. PLDI. ACM Press, pp. 300–309 (2007b)

  4. Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: A static analyzer for large safety-critical software. In: Proc. PLDI. ACM, pp. 196–207 (2003)

  5. Colón, M., Sankaranarayanan, S., Sipma, H.: Linear invariant generation using non-linear constraint solving. In: Proc. CAV. LNCS 2725. Springer, pp. 420–432 (2003)

  6. Cousot, P.: Proving program invariance and termination by parametric abstraction, lagrangian relaxation and semidefinite programming. In: Proc. VMCAI. Springer, pp. 1–24 (2005)

  7. Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: POPL’78. ACM Press, pp. 84–96 (1978)

  8. de Moura, L.M., Bjørner, N.: Z3: An efficient SMT solver. In: Proc. TACAS. LNCS 4963. Springer, pp. 337–340 (2008)

  9. Ernst, M.D., Cockrell, J., Griswold, W.G., Notkin, D.: Dynamically discovering likely program invariants to support program evolution. IEEE Trans. Software Eng. 27(2), 1–25 (2001)

    Google Scholar 

  10. Floyd, R.W.: Assigning meanings to programs. In: Mathematical Aspects of Computer Science. AMS, pp. 19–32 (1967)

  11. Godefroid, P.: Compositional dynamic test generation. In: Proc. POPL. ACM, pp. 47–54 (2007)

  12. Godefroid, P., Klarlund, N., Sen, K.: Dart: Directed automated random testing. In: Proc. PLDI. ACM, pp. 213–223 (2005)

  13. Gonnord, L., Halbwachs, N.: Combining widening and acceleration in Linear Relation Analysis. In: Proc. SAS. LNCS 4134. Springer, pp. 144–160 (2006)

  14. Gopan, D., Reps, T.: Lookahead widening. In: Proc. CAV. LNCS 4144. Springer, pp. 452–466 (2006)

  15. Gulavani, B.S., Chakraborty, S., Nori, A.V., Rajamani, S.K.: Automatically refining abstract interpretations. In: Proc. TACAS. LNCS 4963. Springer, pp. 443–458 (2008)

  16. Gulwani, S., Srivastava, S., Venkatesan, R.: Program analysis as constraint solving. In: PLDI. ACM, pp. 281–292 (2008)

  17. Gupta, A., Majumdar, R., Rybalchenko, A.: From tests to proofs. In: Proc. TACAS (2009)

  18. Gupta, A., Rybalchenko, A.: InvGen: an efficient invariant generator. (2009) http://www7.in.tum.de/guptaa/invgen/

  19. Henzinger, T., Jhala, R., Majumdar, R., McMillan, K.: Abstractions from proofs. In: POPL 04: Principles of Programming Languages. ACM, pp. 232–244 (2004)

  20. Henzinger, T., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: Proc. POPL. ACM, pp. 58–70 (2002)

  21. Hoare, C.A.R.: An axiomatic basis for computer programming. Commun. ACM 12, 576–580 (1969)

    Article  MATH  Google Scholar 

  22. Holzbaur, C.: OFAI clp(q, r) Manual, Edition 1.3.3. Austrian Research Institute for Artificial Intelligence, Vienna, tR-95-09 (1995)

  23. Jain, H., Ivancic, F., Gupta, A., Shlyakhter, I., Wang, C.: Using statically computed invariants inside the predicate abstraction and refinement loop. In: CAV. LNCS 4144. Springer, pp. 137–151 (2006)

  24. Kapur, D.: Automatically generating loop invariants using quantifier elimination. Tech. Rep. 05431 (Deduction and Applications), IBFI Schloss Dagstuhl (2006)

  25. Ku, K., Hart, T., Chechik, M., Lie, D.: A buffer overflow benchmark for software model checkers. In: Proc. ASE (2007)

  26. Lalire, G., Argoud, M., Jeannet, B.: The interproc analyzer (2009) http://pop-art.inrialpes.fr/people/bjeannet/bjeannet-forge/interproc/index.html

  27. Manna, Z., Pnueli, A.: Temporal Verification of Reactive Systems: Safety. Springer (1995)

  28. Miné, A.: The octagon abstract domain. Higher-Order and Symb. Comp. 19, 31–100 (2006)

  29. Necula, G. C., McPeak, S., Rahul, S. P., Weimer, W.: CIL: Intermediate language and tools for analysis and transformation of C programs. In: Proc. CC. Springer, pp. 213–228 (2002)

  30. Sankaranarayanan, S., Sipma, H., Manna, Z.: Constraint-based linear-relations analysis. In: Proc. SAS. LNCS 3148. Springer, pp. 53–68 (2004a)

  31. Sankaranarayanan, S., Sipma, H., Manna, Z.: Non-linear loop invariant generation using Gröbner bases. In: Proc. POPL. ACM, pp. 318–329 (2004b)

  32. Sankaranarayanan, S., Sipma, H., Manna, Z.: Scalable analysis of linear systems using mathematical programming. In: Proc. VMCAI. LNCS 3385. Springer, pp. 25–41 (2005)

  33. Schrijver, A.: Theory of Linear and Integer Programming. Wiley,   (1986)

    MATH  Google Scholar 

  34. Sen, K., Marinov, D., Agha, G.: Cute: A concolic unit testing engine for C. In: Proc. FSE. ACM, pp. 263–272 (2005)

  35. The Intelligent Systems Laboratory.: SICStus Prolog User’s Manual. Swedish Institute of Computer Science, release 3.8.7 (2001)

Download references

Author information

Authors and Affiliations

  1. Technische Universität München, Munich, Germany

    Ashutosh Kumar Gupta & Andrey Rybalchenko

  2. Max Planck Institute for Software Systems, Kaiserslautern, Germany

    Rupak Majumdar

Authors
  1. Ashutosh Kumar Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rupak Majumdar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andrey Rybalchenko
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ashutosh Kumar Gupta.

Additional information

The second author was sponsored in part by the NSF grants CCF-0546170 and CNS-0720881. The third author was supported in part by Microsoft Research through the European Fellowship Programme.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Gupta, A.K., Majumdar, R. & Rybalchenko, A. From tests to proofs. Int J Softw Tools Technol Transfer 15, 291–303 (2013). https://doi.org/10.1007/s10009-012-0267-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10009-012-0267-5

Keywords

Search

Navigation