Citation Context

...In the case of hardware, synthesis usually amounts to constructing a module that implements a specification [23], [20], while for software this can take different shapes: inferring program invariants =-=[16]-=-, finding ranking functions for termination analysis [28], [24], [8], program fragment synthesis [26], or constructing bugfixes following an error-description [27] are all instances of the general syn...

Citation Context

...er work on synthesis of concurrent datastructures [30]. Their system is designed to synthesize efficient synchronization for concurrent programs, and is very different from ours, both in its scope and in the algorithms it uses. Unlike their system, our synthesizer is based on a more general constraint-based approach that allows us to handle extremely large search spaces with no apparent structure. The idea of using a constraint-based approach for abstract interpretation was previously introduced by Gulwani et al. [10]. Recently, their group has used similar techniques to synthesize invariants [11] and even complete programs [29]. Some important distinctions between their work and ours are the use of storyboards to capture insights, as well as our path-based representation of the constraints to support a very large and complex abstract domain. The idea of using a sketch to define the structure of the implementation was adapted from the original work on sketch based synthesis [25]. The idea was originally applied to the domain of bit-stream manipulations [27], such as ciphers and error correction codes, and has been applied more recently to scientific programs [25] and concurrent data-st...

Citation Context

...over-approximation) according to affinity heuristics [37, 33]. Still, in the recent years, much effort has been put into the discovery of disjunctive invariants, for instance in predicate abstraction =-=[25]-=-. Of particular note is the recent work by Gulwani and Zuleger on inferring disjunctive invariants [26] for finding bounds on the number of iterations of loops. We improve on their method on two point...

Citation Context

...viding inductive invariants to a SAT-based property checker [14]. Such analysis is based on BDD techniques. Another line of research on invariant generation builds on predicate abstraction techniques =-=[6, 11]-=-. De Moura et al. describe invariant strengthening techniques based on quantifier elimination. That work is one of the first to use modern SMT solvers as reasoning engines for the verification of safe...

Citation Context

...then uses repeated sound modular reasoning to reject candidates that lead to unproven assertions. This approach produces preconditions that are non-necessary (no assertion would be triggered if violated). Worse, the set of preconditions produced for a method depends on the contexts that call the method. The fewer such contexts exist, the stronger the inferred precondition (in the worst case false). Our approach is more modular. The necessary preconditions inferred for a method do not depend at all on how the method is called. Some authors focused on inferring preconditions of a fixed template [21,34] or summaries on abstract domains of finite height [33,36]. Those approaches to precondition inference inherit the problems of the techniques they are based on. Templates require too much user attention (to provide the template), are brittle, and do not scale up. Finite height abstract domains are not powerful enough [8]. We do not make any of those hypotheses in this work. SnuggleBug [7], the dual analysis of [32], as well as other authors [19,25,35] use under-approximating symbolic backwards or dynamic analyses to find bugs. Our work is different in that we start out with a program verificat...

Citation Context

...riant Generation Existing techniques for loop invariant generation include abstract interpretation [1–4, 34], counterexample guided abstraction refinement (CEGAR) [7, 8, 35], constraint-based methods =-=[5, 6, 36]-=-, guess-and-check approaches [37, 38], and techniques based on Craig interpolation [9–11, 39]. One dimension along which loop invariant generation techniques can be characterized is lazy vs. eager app...

Citation Context

...d analysis that does not use decision procedures to instantiate the templates and limits their use to checking an annotated program. We do not rely on decision procedures to compute a predicate cover =-=[26]-=-, or for fixpoint iterations [18, 50], or on Farkas’ lemma [25, 28, 12, 7]. Hence, c2i is applicable to various decision procedures, including incomplete procedures (Section 4 and Section 5). The lite...

Citation Context

...nd ι will improve the performance by reducing the number of iterations via increasing the number of resolvable queries. Also, a variety of techniques from static analysis or loop invariant generation =-=[12, 17, 28, 16, 19, 21, 23, 25]-=- in particular can be integrated to resolve queries in addition to one SMT solver with coin tossing. Such a set of multiple teachers will increase the number of resolvable queries because it suffices ...

Citation Context

...t can prove the program. This problem formulation has been first proposed in the context of the annotation inference problem in ESC/Java [7] for a restricted case, and more recently by Gulwani et al. =-=[9]-=-. Although the latter has the same motivation as our work, they do not study the complexity of the predicate abstraction problems. In this paper, we study the asymptotic complexity of the decision pro...