Results 1  10
of
25
Using Dynamic Analysis to Discover Polynomial and Array Invariants
"... Abstract—Dynamic invariant analysis identifies likely properties over variables from observed program traces. These properties can aid programmers in refactoring, documenting, and debugging tasks by making dynamic patterns visible statically. Two useful forms of invariants involve relations among po ..."
Abstract

Cited by 18 (2 self)
 Add to MetaCart
(Show Context)
Abstract—Dynamic invariant analysis identifies likely properties over variables from observed program traces. These properties can aid programmers in refactoring, documenting, and debugging tasks by making dynamic patterns visible statically. Two useful forms of invariants involve relations among polynomials over program variables and relations among array variables. Current dynamic analysis methods support such invariants in only very limited forms. We combine mathematical techniques that have not previously been applied to this problem, namely equation solving, polyhedra construction, and SMT solving, to bring new capabilities to dynamic invariant detection. Using these methods, we show how to find equalities and inequalities among nonlinear polynomials over program variables, and linear relations among array variables of multiple dimensions. Preliminary experiments on 24 mathematical algorithms and an implementation of AES encryption provide evidence that the approach is effective at finding these invariants. Keywordsprogram analysis; dynamic analysis; invariant generation; nonlinear invariants; array invariants I.
A data driven approach for algebraic loop invariants
, 2012
"... We describe a GuessandCheck algorithm for computing algebraic equation invariants of the form ∧ifi(x1,..., xn) = 0, where each fi is a polynomial over the variables x1,..., xn of the program. The “guess” phase is data driven and derives a candidate invariant from data generated from concrete exe ..."
Abstract

Cited by 13 (6 self)
 Add to MetaCart
We describe a GuessandCheck algorithm for computing algebraic equation invariants of the form ∧ifi(x1,..., xn) = 0, where each fi is a polynomial over the variables x1,..., xn of the program. The “guess” phase is data driven and derives a candidate invariant from data generated from concrete executions of the program. This candidate invariant is subsequently validated in a “check ” phase by an offtheshelf SMT solver. Iterating between the two phases leads to a sound algorithm. Moreover, we are able to prove a bound on the number of decision procedure queries which GuessandCheck requires to obtain a sound invariant. We show how GuessandCheck can be extended to generate arbitrary boolean combinations of linear equalities as invariants, which enables us to generate expressive invariants to be consumed by tools that cannot handle nonlinear arithmetic. We have evaluated our technique on a number of benchmark programs from recent papers on invariant generation. Our results are encouraging – we are able to efficiently compute algebraic invariants in all cases, with only a few tests.
Interpolants as Classifiers ⋆
"... Abstract. We show how interpolants can be viewed as classifiers in supervised machine learning. This view has several advantages: First, we are able to use offtheshelf classification techniques, in particular support vector machines (SVMs), for interpolation. Second, we show that SVMs can find rel ..."
Abstract

Cited by 12 (6 self)
 Add to MetaCart
(Show Context)
Abstract. We show how interpolants can be viewed as classifiers in supervised machine learning. This view has several advantages: First, we are able to use offtheshelf classification techniques, in particular support vector machines (SVMs), for interpolation. Second, we show that SVMs can find relevant predicates for a number of benchmarks. Since classification algorithms are predictive, the interpolants computed via classification are likely to be invariants. Finally, the machine learning view also enables us to handle superficial nonlinearities. Even if the underlying problem structure is linear, the symbolic constraints can give an impression that we are solving a nonlinear problem. Since learning algorithms try to mine the underlying structure directly, we can discover the linear structure for such problems. We demonstrate the feasibility of our approach via experiments over benchmarks from various papers on program verification.
Verification as Learning Geometric Concepts
"... Abstract. We formalize the problem of program verification as a learning problem, showing that invariants in program verification can be regarded as geometric concepts in machine learning. Safety properties define bad states: states a program should not reach. Program verification explains why a pro ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
(Show Context)
Abstract. We formalize the problem of program verification as a learning problem, showing that invariants in program verification can be regarded as geometric concepts in machine learning. Safety properties define bad states: states a program should not reach. Program verification explains why a program’s set of reachable states is disjoint from the set of bad states. In Hoare Logic, these explanations are predicates that form inductive assertions. Using samples for reachable and bad states and by applying well known machine learning algorithms for classification, we are able to generate inductive assertions. By relaxing the search for an exact proof to classifiers, we obtain complexity theoretic improvements. Further, we extend the learning algorithm to obtain a sound procedure that can generate proofs containing invariants that are arbitrary boolean combinations of polynomial inequalities. We have evaluated our approach on a number of challenging benchmarks and the results are promising.
Reasoning Algebraically About PSolvable Loops
 In Proc. of TACAS, volume 4963 of LNCS
, 2008
"... Abstract. We present a method for generating polynomial invariants for a subfamily of imperative loops operating on numbers, called the Psolvable loops. The method uses algorithmic combinatorics and algebraic techniques. The approach is shown to be complete for some special cases. By completeness w ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
(Show Context)
Abstract. We present a method for generating polynomial invariants for a subfamily of imperative loops operating on numbers, called the Psolvable loops. The method uses algorithmic combinatorics and algebraic techniques. The approach is shown to be complete for some special cases. By completeness we mean that it generates a set of polynomial invariants from which, under additional assumptions, any polynomial invariant can be derived. These techniques are implemented in a new software package Aligator written in Mathematica and successfully tried on many programs implementing interesting algorithms working on numbers. 1
Inference of polynomial invariants for imperative programs: A farewell to Gröbner bases
, 2012
"... We propose a static analysis for computing polynomial invariants for imperative programs. The analysis is derived from an abstract interpretation of a backwards semantics, and computes preconditions for equalities like g = 0 to hold at the end of execution. A distinguishing feature of the technique ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
We propose a static analysis for computing polynomial invariants for imperative programs. The analysis is derived from an abstract interpretation of a backwards semantics, and computes preconditions for equalities like g = 0 to hold at the end of execution. A distinguishing feature of the technique is that it computes polynomial loop invariants without resorting to Gröbner base computations. The analysis uses remainder computations over parameterized polynomials in order to handle conditionals and loops efficiently. The algorithm can analyse and find a large majority of loop invariants reported previously in the literature, and executes significantly faster than implementations using Gröbner bases.
Generating Polynomial Invariants with DISCOVERER and QEPCAD
"... This paper investigates how to apply the techniques on solving semialgebraic systems to invariant generation of polynomial programs. By our approach, the generated invariants represented as a semialgebraic system are more expressive than those generated with the wellestablished approaches in the ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
(Show Context)
This paper investigates how to apply the techniques on solving semialgebraic systems to invariant generation of polynomial programs. By our approach, the generated invariants represented as a semialgebraic system are more expressive than those generated with the wellestablished approaches in the literature, which are normally represented as a conjunction of polynomial equations. We implement this approach with the computer algebra tools DISCOVERER and QEPCAD 1. We also explain, through the complexity analysis, why our approach is more efficient and practical than the one of [17] which directly applies firstorder quantifier elimination.
Invariant Generation for Psolvable Loops with Assignments
, 2008
"... We discuss interesting properties of a general technique for inferring polynomial invariants for a subfamily of imperative loops, called the Psolvable loops, with assignments only. The approach combines algorithmic combinatorics, polynomial algebra and computational logic, and it is implemented in ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
We discuss interesting properties of a general technique for inferring polynomial invariants for a subfamily of imperative loops, called the Psolvable loops, with assignments only. The approach combines algorithmic combinatorics, polynomial algebra and computational logic, and it is implemented in a new software package called Aligator. We present a collection of examples illustrating the power of the framework.
Aligator: A Mathematica Package for Invariant Generation
 In Proc. of IJCAR
, 2008
"... Abstract. We describe the new software package Aligator for automatically inferring polynomial loop invariants. The package combines algorithms from symbolic summation and polynomial algebra with computational logic, and is applicable to the rich class of Psolvable loops. Aligator contains routines ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We describe the new software package Aligator for automatically inferring polynomial loop invariants. The package combines algorithms from symbolic summation and polynomial algebra with computational logic, and is applicable to the rich class of Psolvable loops. Aligator contains routines for checking the Psolvability of loops, transforming them into a system of recurrence equations, solving recurrences and deriving closed forms of loop variables, computing the ideal of polynomial invariants by variable elimination, invariant filtering and completeness check of the resulting set of invariants. 1
Automatic Equivalence Checking of UF+IA Programs
"... Abstract. Proving the equivalence of programs has several important applications, including algorithm recognition, regression checking, compiler optimization verification, and information flow checking. Despite being a topic with so many important applications, program equivalence checking has seen ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Proving the equivalence of programs has several important applications, including algorithm recognition, regression checking, compiler optimization verification, and information flow checking. Despite being a topic with so many important applications, program equivalence checking has seen little advances over the past decades due to its inherent (high) complexity. In this paper, we propose, to the best of our knowledge, the first algorithm for the automatic verification of partial equivalence of two programs over the combined theory of uninterpreted function symbols and integer arithmetic (UF+IA). The proposed algorithm supports, in particular, programs with nested loops. The crux of the technique is a transformation of uninterpreted functions (UFs) applications into integer polynomials, which enables the summarization of loops with UF applications using recurrences. The equivalence checking algorithm then proceeds on loopfree, integer only programs. We implemented the proposed technique in CORK, a tool that automatically verifies the correctness of compiler optimizations, and we show that it can prove more optimizations correct than stateoftheart techniques. 1