Symbolic execution and program testing
Communications of the ACM
Automatic discovery of linear restraints among variables of a program
POPL '78 Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Automatic generation of program specifications
ISSTA '02 Proceedings of the 2002 ACM SIGSOFT international symposium on Software testing and analysis
Counterexample-Guided Abstraction Refinement
CAV '00 Proceedings of the 12th International Conference on Computer Aided Verification
Non-linear loop invariant generation using Gröbner bases
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Computing polynomial program invariants
Information Processing Letters
Generalized Principal Component Analysis (GPCA)
IEEE Transactions on Pattern Analysis and Machine Intelligence
SYNERGY: a new algorithm for property checking
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
Automatic generation of polynomial invariants of bounded degree using abstract interpretation
Science of Computer Programming
Generating all polynomial invariants in simple loops
Journal of Symbolic Computation
An overview of the saturn project
PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
The Daikon system for dynamic detection of likely invariants
Science of Computer Programming
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Generation of basic semi-algebraic invariants using convex polyhedra
SAS'05 Proceedings of the 12th international conference on Static Analysis
A complete invariant generation approach for p-solvable loops
PSI'09 Proceedings of the 7th international Andrei Ershov Memorial conference on Perspectives of Systems Informatics
Discovering invariants via simple component analysis
Journal of Symbolic Computation
Using dynamic analysis to discover polynomial and array invariants
Proceedings of the 34th International Conference on Software Engineering
IJCAR'12 Proceedings of the 6th international joint conference on Automated Reasoning
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Inference of polynomial invariants for imperative programs: a farewell to gröbner bases
SAS'12 Proceedings of the 19th international conference on Static Analysis
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Data-driven equivalence checking
Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
Bridging boolean and quantitative synthesis using smoothed proof search
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
| Hi-index | 0.00 |
We describe a Guess-and-Check algorithm for computing algebraic equation invariants of the form ∧ifi(x1,…,xn)=0, where each fi is a polynomial over the variables x1,…,xn of the program. The "guess" phase is data driven and derives a candidate invariant from data generated from concrete executions of the program. This candidate invariant is subsequently validated in a "check" phase by an off-the-shelf SMT solver. Iterating between the two phases leads to a sound algorithm. Moreover, we are able to prove a bound on the number of decision procedure queries which Guess-and-Check requires to obtain a sound invariant. We show how Guess-and-Check can be extended to generate arbitrary boolean combinations of linear equalities as invariants, which enables us to generate expressive invariants to be consumed by tools that cannot handle non-linear arithmetic. We have evaluated our technique on a number of benchmark programs from recent papers on invariant generation. Our results are encouraging --- we are able to efficiently compute algebraic invariants in all cases, with only a few tests.