Hostname: page-component-78c5997874-fbnjt Total loading time: 0 Render date: 2024-11-10T17:42:03.706Z Has data issue: false hasContentIssue false
  • English
  • Français

Transformation-Enabled Precondition Inference

Published online by Cambridge University Press:  23 September 2021

BISHOKSAN KAFLE Open the ORCID record for BISHOKSAN KAFLE [Opens in a new window] ,
GRAEME GANGE ,
PETER J. STUCKEY ,
PETER SCHACHTE  and
HARALD SØNDERGAARD
BISHOKSAN KAFLE
Affiliation:
IMDEA Software Institute, Madrid, Spain (e-mail: bishoksan.kafle@imdea.org)
GRAEME GANGE
Affiliation:
Faculty of IT, Monash University, Clayton Vic. 3800, Australia (e-mails: graeme.gange@monash.edu, peter.stuckey@monash.edu)
PETER J. STUCKEY
Affiliation:
Faculty of IT, Monash University, Clayton Vic. 3800, Australia (e-mails: graeme.gange@monash.edu, peter.stuckey@monash.edu)
PETER SCHACHTE
Affiliation:
School of Computing and Information Systems, The University of Melbourne, Vic. 3010, Australia (e-mails: schachte@unimelb.edu.au, harald@unimelb.edu.au)
HARALD SØNDERGAARD
Affiliation:
School of Computing and Information Systems, The University of Melbourne, Vic. 3010, Australia (e-mails: schachte@unimelb.edu.au, harald@unimelb.edu.au)
Get access Rights & Permissions [Opens in a new window]

Abstract

Precondition inference is a non-trivial problem with important applications in program analysis and verification. We present a novel iterative method for automatically deriving preconditions for the safety and unsafety of programs. Each iteration maintains over-approximations of the set of safe and unsafe initial states, which are used to partition the program’s initial states into those known to be safe, known to be unsafe and unknown. We then construct revised programs with those unknown initial states and iterate the procedure until the approximations are disjoint or some termination criteria are met. An experimental evaluation of the method on a set of software verification benchmarks shows that it can infer precise preconditions (sometimes optimal) that are not possible using previous methods.

Keywords

precondition inferenceprogram transformationabstract interpretationoptimal precondition
Type
Original Article
Information
Theory and Practice of Logic Programming , Volume 21 , Special Issue 6: 37th International Conference on Logic Programming Special Issue II , November 2021 , pp. 700 - 716
Check for updates
Copyright
© The Author(s), 2021. Published by Cambridge University Press

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Bagnara, R., Hill, P. M. and Zaffanella, E. 2008. The Parma Polyhedra Library: Toward a complete set of numerical abstractions for the analysis and verification of hardware and software systems. Science of Computer Programming 72, 1–2, 321.CrossRefGoogle Scholar
Bakhirkin, A., Berdine, J. and Piterman, N. 2014. Backward analysis via over-approximate abstraction and under-approximate subtraction. In SAS 2014. LNCS, vol. 8723. Springer, 34–50.Google Scholar
Bakhirkin, A. and Monniaux, D. 2017. Combining forward and backward abstract interpretation of Horn clauses. In SAS 2017. LNCS, vol. 10422. Springer, 23–45.Google Scholar
Beyer, D. 2021. Software verification: 10th comparative evaluation (SV-COMP 2021). In TACAS 2021, Groote, J. F. and Larsen, K. G., Eds. LNCS. Springer, 401–422.Google Scholar
Beyer, D., Henzinger, T. A., Majumdar, R. and Rybalchenko, A. 2007. Path invariants. In PLDI, Ferrante, J. and McKinley, K. S., Eds. ACM, 300–309.Google Scholar
Cassez, F., Jensen, P. G. and Larsen, K. G. 2017. Refinement of trace abstraction for real-time programs. In Reachability Problems. LNCS, vol. 10506. Springer, 42–58.Google Scholar
Codish, M. and Søndergaard, H. 2002. Meta-circular abstract interpretation in Prolog. In The Essence of Computation, T. Mogensen et al., Eds. LNCS, vol. 2566. Springer, 109–134.Google Scholar
Cousot, P. and Cousot, R. 1992. Abstract interpretation and application to logic programs. J. Logic Programming 13, 2&3, 103–179.Google Scholar
Cousot, P., Cousot, R., Fähndrich, M. and Logozzo, F. 2013. Automatic inference of necessary preconditions. In VMCAI’13. LNCS, vol. 7737. Springer, 128–148.Google Scholar
Cousot, P. and Halbwachs, N. 1978. Automatic discovery of linear restraints among variables of a program. In POPL. ACM Press, 84–96.Google Scholar
De Angelis, E., Fioravanti, F., Pettorossi, A. and Proietti, M. 2014. Program verification via iterated specialization. Science of Computer Programming 95, 149175.CrossRefGoogle Scholar
De Angelis, E., Fioravanti, F., Pettorossi, A. and Proietti, M. 2014. VeriMAP: A tool for verifying programs through transformations. In TACAS 2014. LNCS, vol. 8413. Springer, 568–574.Google Scholar
De Angelis, E., Fioravanti, F., Pettorossi, A. and Proietti, M. 2017. Semantics-based generation of verification conditions via program specialization. Science of Computer Programming 147, 78–108.Google Scholar
Dillig, I., Dillig, T., Li, B. and McMillan, K. L. 2013. Inductive invariant generation via abductive inference. In OOPSLA 2013. ACM, 443–456.Google Scholar
Doménech, J. J., Gallagher, J. P. and Genaim, S. 2019. Control-flow refinement by partial evaluation, and its application to termination and cost analysis. Theory and Practice of Logic Programming 19, 5–6, 990–1005.Google Scholar
Dutertre, B. 2014. Yices 2.2. In CAV 2014. LNCS, vol. 8559. Springer, 737–744.Google Scholar
Gallagher, J. P. 2019. Polyvariant program specialisation with property-based abstraction. In VPT 2019. EPTCS, vol. 299. 34–48.Google Scholar
Gallagher, J. P. and Lafave, L. 1996. Regular approximation of computation paths in logic and functional languages. In Partial Evaluation. LNCS, vol. 1110. Springer, 115–136.Google Scholar
Grebenshchikov, S., Lopes, N. P., Popeea, C. and Rybalchenko, A. 2012. Synthesizing software verifiers from proof rules. In PLDI 2012. ACM, 405–416.Google Scholar
Gulavani, B. S., Chakraborty, S., Nori, A. V. and Rajamani, S. K. 2008. Automatically refining abstract interpretations. In TACAS 2008. LNCS, vol. 4963. Springer, 443–458.Google Scholar
Gulwani, S., Jain, S. and Koskinen, E. 2009. Control-flow refinement and progress invariants for bound analysis. In PLDI. ACM, 375–385.Google Scholar
Gupta, A. and Rybalchenko, A. 2009. Invgen: An efficient invariant generator. In CAV, Bouajjani, A. and Maler, O., Eds. LNCS, vol. 5643. Springer, 634–640.Google Scholar
Gurfinkel, A., Kahsai, T., Komuravelli, A. and Navas, J. A. 2015. The SeaHorn verification framework. In CAV 2015. LNCS, vol. 9206. Springer, 343–361.Google Scholar
Hermenegildo, M. V., Bueno, F., Carro, M., et al. 2012. An overview of Ciao and its design philosophy. Theory and Practice of Logic Programming 12, 1-2, 219252.CrossRefGoogle Scholar
Howe, J. M., King, A. and Lu, L. 2004. Analysing logic programs by reasoning backwards. In Program Development in Computational Logic. LNCS, vol. 3049. Springer, 152–188.Google Scholar
Jaffar, J., Murali, V., Navas, J. A. and Santosa, A. E. 2012. TRACER: A symbolic execution tool for verification. In CAV 2012. LNCS, vol. 7358. Springer, 758–766.Google Scholar
Jones, N., Gomard, C. and Sestoft, P. 1993. Partial Evaluation and Automatic Software Generation. Prentice Hall.Google Scholar
Kafle, B. and Gallagher, J. P. 2017a. Constraint specialisation in Horn clause verification. Science of Computer Programming 137, 125140.CrossRefGoogle Scholar
Kafle, B. and Gallagher, J. P. 2017b. Horn clause verification with convex polyhedral abstraction and tree automata-based refinement. Computer Languages, Systems and Structures 47, 218.CrossRefGoogle Scholar
Kafle, B., Gallagher, J. P., Gange, G., et al. 2018. An iterative approach to precondition inference using constrained Horn clauses. Theory and Practice of Logic Programming 18, 553570.CrossRefGoogle Scholar
Karr, M. 1976. Affine relationships among variables of a program. Acta Informatica 6, 133151.CrossRefGoogle Scholar
Marriott, K. and Søndergaard, H. 1993. Precise and efficient groundness analysis for logic programs. ACM Letters on Programming Languages and Systems 2, 1–4, 181196.CrossRefGoogle Scholar
Miné, A. 2006. The octagon abstract domain. Higher-Order and Symbolic Computation 19, 1, 31100.CrossRefGoogle Scholar
Miné, A. 2012. Inferring sufficient conditions with backward polyhedral under-approximations. Electronic Notes in Theoretical Computer Science 287, 89100.CrossRefGoogle Scholar
Moy, Y. 2008. Sufficient preconditions for modular assertion checking. In VMCAI 2008. LNCS, vol. 4905. Springer, 188–202.Google Scholar
Muthukumar, K. and Hermenegildo, M. 1990. Deriving a Fixpoint Computation Algorithm for Top-down Abstract Interpretation of Logic Programs. Technical Report ACT-DC-153-90, Microelectronics and Computer Technology Corporation (MCC), Austin, TX 78759. April.Google Scholar
Padhi, S., Sharma, R. and Millstein, T. D. 2016. Data-driven precondition inference with learned features. In PLDI 2016. ACM, 42–56.Google Scholar
Peralta, J. C., Gallagher, J. P. and Sağlam, H. 1998. Analysis of imperative programs through analysis of constraint logic programs. In SAS 1998. LNCS, vol. 1503. 246–261.Google Scholar
Popeea, C. and Chin, W. 2013. Dual analysis for proving safety and finding bugs. Science of Computer Programming 78, 4, 390411.CrossRefGoogle Scholar
Puebla, G. and Hermenegildo, M. V. 1999. Abstract multiple specialization and its application to program parallelization. Journal of Logical Programming 41, 2–3, 279316.CrossRefGoogle Scholar
Sankaranarayanan, S., Sipma, H. and Manna, Z. 2004. Non-linear loop invariant generation using Gröbner bases. In POPL. ACM, 318–329.Google Scholar
Seghir, M. N. and Schrammel, P. 2014. Necessary and sufficient preconditions via eager abstraction. In APLAS 2014. LNCS, vol. 8858. Springer, 236–254.Google Scholar