Formal Methods in System Design

, Volume 15, Issue 1, pp 75–92 | Cite as

Automatic Generation of Invariants

  • Saddek Bensalem
  • Yassine Lakhnech


When proving invariance properties of programs, one is faced with two problems. The first problem is related to the necessity of proving tautologies of the considered assertion language, whereas the second manifests itself in the need of finding sufficiently strong invariants. This paper focuses on the second problem and describes techniques for the automatic generation of invariants. The first set of these techniques is applicable to sequential transition systems and allows deriving so-called local invariants, i.e., predicates which are invariant at some control location. The second is applicable on networks of transition systems and allows combining local invariants of the sequential components to obtain local invariants of the global system.

invariance properties auxiliary predicates generation of invariants 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    K. Apt, “Ten years of Hoare's logic: A survey, Part I,” ACM Trans. on Prog. Lang. and Sys., Vol. 3,No. 2, pp. 431–483, 1981.Google Scholar
  2. 2.
    S. Bensalem, Y. Lakhnech, and S. Owre, “Invest: A tool for the verification of invariants,” In A.J. Hu and M.Y. Vardi, editors, Computer Aided Verification, volume 1427 of Lecture Notes in Computer Science, Springer-Verlag, pp. 505–510, 1998.Google Scholar
  3. 3.
    N. Bjørner, A. Browne, and Z. Manna, “Automatic generation of invariants and intermediate assertions,” Theoretical Computer Science, Vol. 173,No. 1, pp. 49–87, 1997.Google Scholar
  4. 4.
    M. Caplain, “Finding invariant assertions for proving programs,” in Proc. Int. Conf. on Reliable Software, Los Angeles, CA, 1975.Google Scholar
  5. 5.
    E. Clarke, E. Emerson, and E. Sistla, “Automatic verification of finite state concurrent systems using temporal logic specifications: A practical approach,” in 10th ACM Symp. of Prog. Lang., ACM Press, 1983.Google Scholar
  6. 6.
    P. Cousot and R. Cousot, “Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints,” in 4th ACM Symp. of Prog. Lang., ACM Press, pp. 238–252, 1977.Google Scholar
  7. 7.
    E.W. Dijkstra, “Guarded commands, nondeterminacy, and formal derivation,” Comm. ACM, Vol. 18,No. 8, pp. 453–457, 1975.Google Scholar
  8. 8.
    B. Elspas, “The semiautomatic generation of inductive assertions for proving program correctness,” Research report, SRI, Menlo Park, CA, 1974.Google Scholar
  9. 9.
    R.W. Floyd, “Assigning meanings to programs,” in Int. Proc. Symp. on Appl. Math. 19, American Mathematical Society, pp. 19–32. 1967.Google Scholar
  10. 10.
    S.M. German and B. Wegbreit, “A synthesizer of inductive assertions,” IEEE Trans. on Software Engineering, Vol. 1, pp. 68–75, March 1975.Google Scholar
  11. 11.
    K. Havelund and N. Shankar, “Experiments in theorem proving and model checking for protocol verification,” in Formal Methods Europe, FME'96 Symposium, volume 1051 of Lecture Notes in Computer Science, Springer-Verlag, 1996.Google Scholar
  12. 12.
    L. Helmink, M. Sellink, and F. Vaandrager, “Proof-checking a data link protocol,” Technical Report CS-R9420, Centrum voor Wiskunde en Informatica (CWI), March 1994.Google Scholar
  13. 13.
    S. Katz and Z. Manna, “A heuristic approach to program verification,” in Proc. 3rd Int. Joint Conf. on Artificial Intelligence, Stanford, CA, pp. 500–512, 1973.Google Scholar
  14. 14.
    S. Katz and Z. Manna, “Logical analysis of programs,” Comm. ACM, Vol. 19,No. 4, pp. 188–206, 1976.Google Scholar
  15. 15.
    L. Lamport, “A new solution of Dijkstra's concurrent programming problem,” Comm. ACM, Vol. 17,No. 8, pp. 453–455, 1974.Google Scholar
  16. 16.
    O. Lichtenstein and A. Pnueli, “Checking that finite state concurrent programs satisfy their linear specification,” in POPL, pp. 97–107, 1985.Google Scholar
  17. 17.
    Z. Manna, A. Anuchitanukul, N. Bjøner, A. Browne, E. Chang, M. Colon, L. de Alfaro, H. Devarajan, H. Sipma, and T. Uribe, “STeP: The Stanford Temporal Prover,” Technical report, Stanford Univ., Stanford, CA, 1994.Google Scholar
  18. 18.
    Z. Manna and A. Pnueli, Temporal Verification of Reactive Systems: Safety, Springer-Verlag, 1995.Google Scholar
  19. 19.
    S. Mauw and G.V. Editors, Algebraic Specification of Communication Protocols, number 36 in Cambridge Tracts in Theoretical Computer Science, 1993.Google Scholar
  20. 20.
    S. Owicki and D. Gries, “An axiomatic proof technique for parallel programs,” Acta Informatica, Vol. 6,No. 2, pp. 319–340, 1976.Google Scholar
  21. 21.
    S. Owre, J. Rushby, N. Shankar, and F. von Henke, “Formal verification for fault-tolerant architectures: Prolegomena to the design of PVS,” IEEE Trans. on Software Engineering, Vol. 21,No. 2, pp. 107–125, 1995.Google Scholar
  22. 22.
    J.P. Queille and J. Sifakis, “Specification and verification of concurrent systems in CESAR,” in Proc. 5th Int. Symp. on Programming, volume 137 of Lecture Notes in Computer Science, Springer-Verlag, pp. 337–351, 1982.Google Scholar
  23. 23.
    B.K. Szymanski, “A simple solution to Lamport's concurrent programming problem verification,” in Proc. Int. Conf. on Supercomputing Sys., pp. 621–626, 1988.Google Scholar
  24. 24.
    B.K. Szymanski and J.M. Vidal, “Automatic verfication of a class of symmetric parallel programs,” in Proc. 13th IFIP World Computer Congress, 1994.Google Scholar
  25. 25.
    M. Vardi and P. Wolper, “An automata-theoretic approach to automatic program verification,” in 1st Symp. on Logic in Computer Science, IEEE, 1986.Google Scholar

Copyright information

© Kluwer Academic Publishers 1999

Authors and Affiliations

  • Saddek Bensalem
    • 1
  • Yassine Lakhnech
    • 2
  1. 1.VERIMAGCentre Equation 2GièresFrance
  2. 2.Institut für Informatik und Praktische MathematikChristian-Albrechts-Universität zu KielKielGermany

Personalised recommendations