Results 1 
6 of
6
Powerful Techniques for the Automatic Generation of Invariants
 In CAV
, 1996
"... . When proving invariance properties of programs one is faced with two problems. The first problem is related to the necessity of proving tautologies of the considered assertion language, whereas the second manifests in the need of finding sufficiently strong invariants. This paper focuses on the se ..."
Abstract

Cited by 89 (9 self)
 Add to MetaCart
. When proving invariance properties of programs one is faced with two problems. The first problem is related to the necessity of proving tautologies of the considered assertion language, whereas the second manifests in the need of finding sufficiently strong invariants. This paper focuses on the second problem and describes techniques for the automatic generation of invariants. The first set of these techniques is applicable on sequential transition systems and allows to derive socalled local invariants, i.e. predicates which are invariant at some control location. The second is applicable on networks of transition systems and allows to combine local invariants of the sequential components to obtain local invariants of the global systems. Furthermore, a refined strengthening technique is presented that allows to avoid the problem of sizeincrease of the considered predicates which is the main drawback of the usual strengthening technique. The proposed techniques are illustrated by ex...
Invariant Inference for Static Checking: An Empirical Evaluation
 In Proceedings of the ACM SIGSOFT 10th International Symposium on the Foundations of Software Engineering (FSE 2002
, 2002
"... Static checking can verify the absence of errors in a program, but often requires written annotations or speci cations. As a result, static checking can be dicult to use eectively: it can be dicult to determine a speci cation and tedious to annotate programs. Automated tools that aid the annotatio ..."
Abstract

Cited by 58 (15 self)
 Add to MetaCart
Static checking can verify the absence of errors in a program, but often requires written annotations or speci cations. As a result, static checking can be dicult to use eectively: it can be dicult to determine a speci cation and tedious to annotate programs. Automated tools that aid the annotation process can decrease the cost of static checking and enable it to be more widely used.
Proving Theorems about LISP Functions
, 1975
"... Program verification is the idea that properties of programs can be precisely stated and proved in the mathematical sense. In this paper, some simple heuristics combining evaluation and mathematical induction are described, which the authors have implemented in a program that automatically proves a ..."
Abstract

Cited by 50 (2 self)
 Add to MetaCart
Program verification is the idea that properties of programs can be precisely stated and proved in the mathematical sense. In this paper, some simple heuristics combining evaluation and mathematical induction are described, which the authors have implemented in a program that automatically proves a wide variety of theorems about recursive LISP functions. The method the program uses to generate induction formulas is described at length. The theorems proved by the program include that REVERSE is its own inverse and that a particular SORT program is correct. A list of theorems proved by the program is given. key words and phrases: LISP, automatic theoremproving, structural induction, program verification cr categories: 3.64, 4.22, 5.21 1 Introduction We are concerned with proving theorems in a firstorder theory of lists, akin to the elementary theory of numbers. We use a subset of LISP as our language because recursive list processing functions are easy to write in LISP and because ...
Automatic Generation and Checking of Program Specifications
, 2001
"... Producing specifications by dynamic (runtime) analysis of program executions is potentially unsound, because the analyzed executions may not fully characterize all possible executions of the program. In practice, how accurate are the results of a dynamic analysis? This paper describes the results of ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
Producing specifications by dynamic (runtime) analysis of program executions is potentially unsound, because the analyzed executions may not fully characterize all possible executions of the program. In practice, how accurate are the results of a dynamic analysis? This paper describes the results of an investigation into this question, comparing specifications generalized from program runs with specifications verified by a static checker. The surprising result is that for a collection of modest programs, small test suites captured all or nearly all program behavior necessary for a specific type of static checking, permitting the inference and verification of useful specifications. For ten programs of 100800 lines, the average precision, a measure of correctness, was .95 and the average recall, a measure of completeness, was .94. This is a
AUTOMATIC SYNTHESlS OF OPTIMAL INVARIANT ASSERTIONS: MATHEMATICAL FOUNDATIONS
"... The problem of discovering invariant assertions of programs is explored in light of the fixpoint approach in the static analysis of programs, Cousot [1977a], Cousot[1977b]. ..."
Abstract
 Add to MetaCart
The problem of discovering invariant assertions of programs is explored in light of the fixpoint approach in the static analysis of programs, Cousot [1977a], Cousot[1977b].