Generalizing the template polyhedral domain
ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
| Hi-index | 0.00 |
Program verification relies on the identification of invariant assertions and ranking functions. Invariant assertions characterize the states reachable in a computation of a program; they are essential for proving partial correctness. Ranking functions map program states into well-founded domains and are used for establishing termination. We present a method for invariant generation which searches for candidate invariants among the common consequences of a sequence of assertions produced by executing the program symbolically. The approach extrapolates the limit of this sequence by a single assertion entailed by each element and containing no disjunctions; the correctness of this assertion is then verified using a decision procedure. By prohibiting disjunction, the technique incorporates a logical notion of convexity, and it can be used to generate invariants in decidable domains for which the common consequences of a finite number of assertions can be computed or approximated with reasonable precision. We apply our method to the generation of invariants expressible as systems of linear equalities and inequalities and those expressible by systems of ground equations. For linear equalities and inequalities, the common consequences can be found by computing intersections of spaces and of polyhedral cones, while for ground equations, the common consequences can be approximated by taking products of finite partial algebras . In the case of linear inequalities, we improve the accuracy of the invariants by considering non-extreme rays of the intersection, in addition to the extreme rays, and we extend the analysis to produce invariants containing strict inequalities and disequalities. We also present a method for the automatic generation of ranking functions which are linear in the program variables. The approach reduces the generation of ranking functions to the search for linear inequalities entailed by the transition relation of the program, strengthened by automatically generated invariants. The consequences sought are those guaranteeing that the function defined is both monotone and has a well-founded range.