Results 1  10
of
49
Finding Loop Invariants for Programs over Arrays Using a Theorem Prover
 In Proc. of FASE
, 2009
"... Abstract. We present a new method for automatic generation of loop invariants for programs containing arrays. Unlike all previously known methods, our method allows one to generate firstorder invariants containing alternations of quantifiers. The method is based on the automatic analysis of the so ..."
Abstract

Cited by 45 (7 self)
 Add to MetaCart
(Show Context)
Abstract. We present a new method for automatic generation of loop invariants for programs containing arrays. Unlike all previously known methods, our method allows one to generate firstorder invariants containing alternations of quantifiers. The method is based on the automatic analysis of the socalled update predicates of loops. An update predicate for an array A expresses updates made to A. We observe that many properties of update predicates can be extracted automatically from the loop description and loop properties obtained by other methods such as a simple analysis of counters occurring in the loop, recurrence solving and quantifier elimination over loop variables. We run the theorem prover Vampire on some examples and show that nontrivial loop invariants can be generated. 1
A parametric segmentation functor for fully automatic and scalable array content analysis
, 2011
"... ..."
(Show Context)
Interpolants from Z3 Proofs.
 In Proc. of FMCAD,
, 2011
"... AbstractInterpolating provers have a number of applications in formal verification, including abstraction refinement and invariant generation. It has proved difficult, however, to construct efficient interpolating provers for rich theories. We consider the problem of deriving interpolants from pro ..."
Abstract

Cited by 19 (3 self)
 Add to MetaCart
(Show Context)
AbstractInterpolating provers have a number of applications in formal verification, including abstraction refinement and invariant generation. It has proved difficult, however, to construct efficient interpolating provers for rich theories. We consider the problem of deriving interpolants from proofs generated by the highly efficient SMT solver Z3 in the quantified theory of arrays, uninterpreted function symbols and linear integer arithmetic (AUFLIA) a theory that is commonly used in program verification. We do not directly interpolate the proofs from Z3. Rather, we divide them into small lemmas that can be handled by a secondary interpolating prover for a restricted theory. We show experimentally that the overhead of this secondary prover is negligible. Moreover, the efficiency of Z3 makes it possible to handle problems that are beyond the reach of existing interpolating provers, as we demonstrate using benchmarks derived from bounded verification of sequential and concurrent programs.
On Solving Universally Quantified Horn Clauses
"... Program proving can be viewed as solving for unknown relations (such as loop invariants, procedure summaries and so on) that occur in the logical verification conditions of a program, such that the verification conditions are valid. Generic logical tools exist that can solve such problems modulo ce ..."
Abstract

Cited by 16 (2 self)
 Add to MetaCart
(Show Context)
Program proving can be viewed as solving for unknown relations (such as loop invariants, procedure summaries and so on) that occur in the logical verification conditions of a program, such that the verification conditions are valid. Generic logical tools exist that can solve such problems modulo certain background theories, and therefore can be used for program analysis. Here, we extend these techniques to solve for quantified relations. This makes it possible to guide the solver by constraining the form of the proof, allowing it to converge when it otherwise would not. We show how to simulate existing abstract domains in this way, without having to directly implement program analyses or make certain heuristic choices, such as the terms and predicates that form the parameters of the abstract domain. Moreover, the approach gives the flexibility to go beyond these domains and experiment quickly with various invariant forms.
Abstraction Refinement for Quantified Array Assertions
 IN: SAS, SPRINGERVERLAG (2009) 3
, 2009
"... We present an abstraction refinement technique for the verification of universally quantified array assertions such as “all elements in the array are sorted”. Our technique can be seamlessly combined with existing software model checking algorithms. We implemented our technique in the ACSAR softwar ..."
Abstract

Cited by 15 (0 self)
 Add to MetaCart
(Show Context)
We present an abstraction refinement technique for the verification of universally quantified array assertions such as “all elements in the array are sorted”. Our technique can be seamlessly combined with existing software model checking algorithms. We implemented our technique in the ACSAR software model checker and successfully verified quantified array assertions for both text book examples and reallife examples taken from the Linux operating system kernel.
Refinement of trace abstraction
 in 16th International Symposium on Static Analysis (SAS
, 2009
"... Abstract. We present a new counterexampleguided abstraction refinement scheme. The scheme refines an overapproximation of the set of possible traces. Each refinement step introduces a finite automaton that recognizes a set of infeasible traces. A central idea enabling our approach is to use inter ..."
Abstract

Cited by 14 (4 self)
 Add to MetaCart
(Show Context)
Abstract. We present a new counterexampleguided abstraction refinement scheme. The scheme refines an overapproximation of the set of possible traces. Each refinement step introduces a finite automaton that recognizes a set of infeasible traces. A central idea enabling our approach is to use interpolants (assertions generated, e.g., by the infeasibility proof for an error trace) in order to automatically construct such an automaton. A data base of interpolant automata has an interesting potential for reuse of theorem proving work (from one program to another).
Interpolation and symbol elimination
 Automated Deduction  CADE22, 22nd International Conference on Automated Deduction. Proceedings. LNCS 5663
, 2009
"... Abstract. We prove several results related to local proofs, interpolation and superposition calculus and discuss their use in predicate abstraction and invariant generation. Our proofs and results suggest that symboleliminating inferences may be an interesting alternative to interpolation. 1 ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
(Show Context)
Abstract. We prove several results related to local proofs, interpolation and superposition calculus and discuss their use in predicate abstraction and invariant generation. Our proofs and results suggest that symboleliminating inferences may be an interesting alternative to interpolation. 1
SMTBased Array Invariant Generation
, 2013
"... This paper presents a constraintbased method for generating universally quantified loop invariants over array and scalar variables. Constraints are solved by means of an SMT solver, thus leveraging recent advances in SMT solving for the theory of nonlinear arithmetic. The method has been implemen ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
(Show Context)
This paper presents a constraintbased method for generating universally quantified loop invariants over array and scalar variables. Constraints are solved by means of an SMT solver, thus leveraging recent advances in SMT solving for the theory of nonlinear arithmetic. The method has been implemented in a prototype of program analyzer, and a wide sample of examples illustrating its power is shown.
Automatic Verification of Integer Array Programs
, 2009
"... Abstract. We provide a verification technique for a class of programs working on integer arrays of finite, but not a priori bounded length. We use the logic of integer arrays SIL [13] to specify pre and postconditions of programs and their parts. Effects of nonlooping parts of code are computed s ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We provide a verification technique for a class of programs working on integer arrays of finite, but not a priori bounded length. We use the logic of integer arrays SIL [13] to specify pre and postconditions of programs and their parts. Effects of nonlooping parts of code are computed syntactically on the level of SIL. Loop preconditions derived during the computation in SIL are converted into counter automata (CA). Loops are automatically translated— purely on the syntactical level—to transducers. Precondition CA and transducers are composed, and the composition overapproximated by flat automata with difference bound constraints, which are next converted back into SIL formulae, thus inferring postconditions of the loops. Finally, validity of postconditions specified by the user in SIL may be checked as entailment is decidable for SIL. 1