Abstract
Program invariants are important for defect detection, program verification, and program repair. However, existing techniques have limited support for important classes of invariants such as disjunctions, which express the semantics of conditional statements. We propose a method for generating disjunctive invariants over numerical domains, which are inexpressible using classical convex polyhedra. Using dynamic analysis and reformulating the problem in non-standard ''max-plus'' and ''min-plus'' algebras, our method constructs hulls over program trace points. Critically, we introduce and infer a weak class of such invariants that balances expressive power against the computational cost of generating nonconvex shapes in high dimensions. Existing dynamic inference techniques often generate spurious invariants that fit some program traces but do not generalize. With the insight that generating dynamic invariants is easy, we propose to verify these invariants statically using k-inductive SMT theorem proving which allows us to validate invariants that are not classically inductive. Results on difficult kernels involving nonlinear arithmetic and abstract arrays suggest that this hybrid approach efficiently generates and proves correct program invariants.
| Original language | English (US) |
|---|---|
| Pages (from-to) | 608-619 |
| Number of pages | 12 |
| Journal | Proceedings - International Conference on Software Engineering |
| Issue number | 1 |
| DOIs | |
| State | Published - May 31 2014 |
| Externally published | Yes |
| Event | 36th International Conference on Software Engineering, ICSE 2014 - Hyderabad, India Duration: May 31 2014 → Jun 7 2014 |
Keywords
- Program analysis
- disjunctive invariants
- invariant generation
- static and dynamic analyses
- theorem proving
ASJC Scopus subject areas
- Software