Results 1  10
of
30
Automatic Generation of Polynomial Loop Invariants: Algebraic Foundations
 In International Symposium on Symbolic and Algebraic Computation 2004 (ISSAC04
, 2004
"... This paper presents the algebraic foundation for an approach for generating polynomial loop invariants in imperative programs. It is first shown that the set of polynomials serving as loop invariants has the algebraic structure of an ideal. Using this connection, a procedure for finding loop invaria ..."
Abstract

Cited by 29 (4 self)
 Add to MetaCart
This paper presents the algebraic foundation for an approach for generating polynomial loop invariants in imperative programs. It is first shown that the set of polynomials serving as loop invariants has the algebraic structure of an ideal. Using this connection, a procedure for finding loop invariants is given in terms of operations on ideals, for which Gröbner basis constructions can be employed. Most importantly, it is proved that if the assignment statements in a loop are solvable (in particular, affine) mappings with positive eigenvalues, then the procedure terminates in at most 2m + 1 iterations, where m is the number of variables in the loop. The proof is done by showing that the irreducible subvarieties of the variety associated with the polynomial ideal approximating the invariant polynomial ideal of the loop either stay the same or increase their dimension in every iteration. This yields a correct and complete algorithm for inferring conjunctions of polynomial equations as invariants. The method has been implemented in Maple using the Groebner package. The implementation has been used to automatically discover nontrivial invariants for several examples to illustrate the power of the techniques.
Calculating Functional Programs
 Algebraic and Coalgebraic Methods in the Mathematics of Program Construction, volume 2297 of LNCS, chapter 5
, 2000
"... A good way of developing a correct program is to calculate it from its specification. Functional programming languages are especially suitable for this, because their referential transparency greatly helps calculation. We discuss the ideas behind program calculation, and illustrate with an examp ..."
Abstract

Cited by 26 (8 self)
 Add to MetaCart
A good way of developing a correct program is to calculate it from its specification. Functional programming languages are especially suitable for this, because their referential transparency greatly helps calculation. We discuss the ideas behind program calculation, and illustrate with an example (the maximum segment sum problem). We show that calculations are driven by promotion, and that promotion properties arise from universal properties of the data types involved. 1 Context The history of computing is a story of two contrasting trends. On the one hand, the cost and cost/performance ratio of computer hardware plummets; on the other, computer software is overcomplex, unreliable and almost inevitably over budget. Clearly, we have learnt how to build computers, but not yet how to program them. It is now widely accepted that adhoc approaches to constructing software break down as projects get more ambitious. A more formal approach, based on sound mathematical foundations, i...
Predicate Transformer Semantics of a Higher Order Imperative Language With . . .
 SCIENCE OF COMPUTER PROGRAMMING
, 1998
"... Using a settheoretic model of predicate transformers and ordered data types, we give a totalcorrectness semantics for a typed higherorder imperative programming language that includes record extension, local variables, and proceduretype variables and parameters. The language includes infeasibl ..."
Abstract

Cited by 19 (9 self)
 Add to MetaCart
Using a settheoretic model of predicate transformers and ordered data types, we give a totalcorrectness semantics for a typed higherorder imperative programming language that includes record extension, local variables, and proceduretype variables and parameters. The language includes infeasible speci cation constructs, for a calculus of re nement. Procedures may have global variables, subject to mild syntactic restrictions to avoid the semantic complications of Algollike languages. The semantics is used to validate simple proof rules for noninterference, type extension, and calls of procedure variables and constants.
Invariant Discovery via Failed Proof Attempts
 In Proc. LOPSTR '98, LNCS 1559
, 1998
"... . We present a framework for automating the discovery of loop invariants based upon failed proof attempts. The discovery of suitable loop invariants represents a bottleneck for automatic verification of imperative programs. Using the proof planning framework we reconstruct standard heuristics fo ..."
Abstract

Cited by 18 (2 self)
 Add to MetaCart
. We present a framework for automating the discovery of loop invariants based upon failed proof attempts. The discovery of suitable loop invariants represents a bottleneck for automatic verification of imperative programs. Using the proof planning framework we reconstruct standard heuristics for developing invariants. We relate these heuristics to the analysis of failed proof attempts allowing us to discover invariants through a process of refinement. 1 Introduction Loop invariants are a well understood technique for specifying the behaviour of programs involving loops. The discovery of suitable invariants, however, is a major bottleneck for automatic verification of imperative programs. Early research in this area [18, 24] exploited both theorem proving techniques as well as domain specific heuristics. However, the potential for interaction between these components was not fully exploited. The proof planning framework, in which we reconstruct the standard heuristics, couples ...
An abstract interpretation approach for automatic generation of polynomial invariants
 In 11th Static Analysis Symposium
, 2004
"... www.cs.unm.edu/~kapur Abstract. A method for generating polynomial invariants of imperative programs is presented using the abstract interpretation framework. It is shown that for programs with polynomial assignments, an invariant consisting of a conjunction of polynomial equalities can be automatic ..."
Abstract

Cited by 15 (4 self)
 Add to MetaCart
www.cs.unm.edu/~kapur Abstract. A method for generating polynomial invariants of imperative programs is presented using the abstract interpretation framework. It is shown that for programs with polynomial assignments, an invariant consisting of a conjunction of polynomial equalities can be automatically generated for each program point. The proposed approach takes into account tests in conditional statements as well as in loops, insofar as they can be abstracted to be polynomial equalities and disequalities. The semantics of each statement is given as a transformation on polynomial ideals. Merging of paths in a program is defined as the intersection of the polynomial ideals associated with each path. For a loop junction, a widening operator based on selecting polynomials up to a certain degree is proposed. The algorithm for finding invariants using this widening operator is shown to terminate in finitely many steps. The proposed approach has been implemented and successfully tried on many programs. A table providing details about the programs is given. 1
Extracting and Implementing List Homomorphisms in Parallel Program Development
 Science of Computer Programming
, 1997
"... this paper, we study functions called list homomorphisms, which represent a particular pattern of parallelism. ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
this paper, we study functions called list homomorphisms, which represent a particular pattern of parallelism.
Automatic Verification of Functions with Accumulating Parameters
, 1999
"... Proof by mathematical induction plays a crucial role in reasoning about functional programs. A generalization step often holds the key to discovering an inductive proof. We present a generalization technique which is particularly applicable when reasoning about functional programs involving accumula ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
Proof by mathematical induction plays a crucial role in reasoning about functional programs. A generalization step often holds the key to discovering an inductive proof. We present a generalization technique which is particularly applicable when reasoning about functional programs involving accumulating parameters. We provide empirical evidence for the success of our technique and show how it is contributing to the ongoing development of a parallelising compiler for Standard ML. 1 Introduction and Motivations Functional programs, by their very nature, are highly amenable to formal methods of reasoning. This has been exploited within the formal verification community where the majority of theorem proving based tools have a strong functional bias (Boyer & Moore, 1979; Boyer & Moore, 1988; Bundy et al., 1990; Owre et al., 1992; Kapur & Zhang, 1995; ORA, 1996; Hutter & Sengler, 1996; Kaufmann & Moore, 1997). Proof by mathematical induction plays a crucial role in reasoning about recursiv...
Extensions to a Generalization Critic for Inductive Proof
 13th Conference on Automated Deduction
, 1996
"... In earlier papers a critic for automatically generalizing conjectures in the context of failed inductive proofs was presented. The critic exploits the partial success of the search control heuristic known as rippling. Through empirical testing a natural generalization and extension of the basic crit ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
In earlier papers a critic for automatically generalizing conjectures in the context of failed inductive proofs was presented. The critic exploits the partial success of the search control heuristic known as rippling. Through empirical testing a natural generalization and extension of the basic critic emerged. Here we describe our extended generalization critic together with some promising experimental results. 1 Introduction A major obstacle to the automation of proof by mathematical induction is the need for generalization. A generalization is underpinned by the cutrule of inference. In a goaldirected framework, therefore, a generalization introduces an infinite branching point into the search space. It is known [13] that the cutelimination theorem does not hold for inductive theories. Consequently heuristics for controlling generalization play an important role in the automation of inductive proof. There are a number of different kinds of generalization. In this paper we present...
Formal Verification of Iterative Algorithms in Microprocessors
, 2000
"... Contemporary microprocessors implement many iterative algorithms. For example, the frontend of a microprocessor repeatedly fetches and decodes instructions while updating internal state such as the program counter; floatingpoint circuits perform divide and square root computations iteratively. Ite ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
Contemporary microprocessors implement many iterative algorithms. For example, the frontend of a microprocessor repeatedly fetches and decodes instructions while updating internal state such as the program counter; floatingpoint circuits perform divide and square root computations iteratively. Iterative algorithms often have complex implementations because of performance optimizations like result speculation, retiming and circuit redundancies. Verifying these iterative circuits against highlevel specifications requires two steps: reasoning about the algorithm itself and verifying the implementation against the algorithm. In this paper we discuss the verification of four iterative circuits from Intel microprocessor designs. These verifications were performed using Forte, a custombuilt verification system; we discuss the Forte features necessary for our approach. Finally, we discuss how we maintained these proofs in the face of evolving design implementations.