Advertisement

Symbolic Computation and Automated Reasoning for Program Analysis

  • Laura KovácsEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9681)

Abstract

This talk describes how a combination of symbolic computation techniques with first-order theorem proving can be used for solving some challenges of automating program analysis, in particular for generating and proving properties about the logically complex parts of software. The talk will first present how computer algebra methods, such as Gröbner basis computation, quantifier elimination and algebraic recurrence solving, help us in inferring properties of program loops with non-trivial arithmetic. Typical properties inferred by our work are loop invariants and expressions bounding the number of loop iterations. The talk will then describe our work to generate first-order properties of programs with unbounded data structures, such as arrays. For doing so, we use saturation-based first-order theorem proving and extend first-order provers with support for program analysis. Since program analysis requires reasoning in the combination of first-order theories of data structures, the talk also discusses new features in first-order theorem proving, such as inductive reasoning and built-in boolean sort. These extensions allow us to express program properties directly in first-order logic and hence use further first-order theorem provers to reason about program properties.

Notes

Acknowledgments

The work described in this talk is based on joint work with a number of authors, including Tudor Jebelean (RISC-Linz), Evgeny Kotelnikov and Simon Robillard (Chalmers University of Technology), and Andrei Voronkov (The University of Manchester and Chalmers University of Technology).

The author acknowledges funding from the ERC Starting Grant 2014 SYMCAR 639270, the Wallenberg Academy Fellowship 2014, the Swedish VR grant D0497701 and the Austrian research project FWF S11409-N23

References

  1. 1.
    Ahrendt, W., Kovács, L., Robillard, S.: Reasoning About Loops Using Vampire in KeY. In: Davis, M., Fehnker, A., McIver, A., Voronkov, A. (eds.) LPAR-20 2015. LNCS, vol. 9450, pp. 434–443. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48899-7_30 CrossRefGoogle Scholar
  2. 2.
    Buchberger, B.: An algorithm for finding the basis elements of the residue class ring of a zero dimensional polynomial ideal. J. Symbolic Comput. 41(3–4), 475–511 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Clarke, E.M., Emerson, E.A.: Design and synthesis of synchronization skeletons using branching-time temporal logic. In: Kozen, D. (ed.) Logic of Programs. LNCS, pp. 52–71. Springer, Heidelberg (1981)Google Scholar
  4. 4.
    Collins, G.E.: Quantifier elimination for real closed fields by cylindrical algebraic decomposition. In: Brakhage, H. (ed.) ATFL. LNCS, pp. 134–183. Springer, Heidelberg (1975)Google Scholar
  5. 5.
    Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL, pp. 238–252 (1977)Google Scholar
  6. 6.
    de Moura, L., Passmore, G.O.: Computation in real closed infinitesimal and transcendental extensions of the rationals. In: Bonacina, M.P. (ed.) CADE 2013. LNCS, vol. 7898, pp. 178–192. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  7. 7.
    de Moura, L.M., Bjorner, N.: Proofs and refutations, and z3. In: CEUR Workshop Proceedings (2008)Google Scholar
  8. 8.
    Hamon, G., de Moura, L., Rushby, J.M.: Generating efficient test sets with a model checker. In: SEFM, pp. 261–270 (2004)Google Scholar
  9. 9.
    Jhala, R., McMillan, K.L.: A practical and complete approach to predicate refinement. In: Hermanns, H., Palsberg, J. (eds.) TACAS 2006. LNCS, vol. 3920, pp. 459–473. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Kotelnikov, E., Kovács, L., Reger, G., Voronkov, A.: The Vampire and the FOOL. In: Proceedings of CPP, pp. 37–48. ACM (2016)Google Scholar
  11. 11.
    Kovács, L.: Reasoning algebraically about P-solvable loops. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 249–264. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Kovács, L.: A complete invariant generation approach for P-solvable loops. In: Pnueli, A., Virbitskaite, I., Voronkov, A. (eds.) PSI 2009. LNCS, vol. 5947, pp. 242–256. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  13. 13.
    Kovács, L., Voronkov, A.: Finding loop invariants for programs over arrays using a theorem prover. In: Chechik, M., Wirsing, M. (eds.) FASE 2009. LNCS, vol. 5503, pp. 470–485. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  14. 14.
    Kovács, L., Voronkov, A.: First-order theorem proving and vampire. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 1–35. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  15. 15.
    McMillan, K.L.: Quantified invariant generation using an interpolating saturation prover. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 413–427. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  16. 16.
    Nelson, G., Oppen, D.C.: Fast decision procedures based on congruence closure. J. ACM 27(2), 356–364 (1980)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Robinson, J.A., Voronkov, A.: Handbook of Automated Reasoning (in 2 Volumes). Elsevier and MIT Press, Cambridge (2001)zbMATHGoogle Scholar
  18. 18.
    Sifakis, J.: A unified approach for studying the properties of transition systems. Theor. Comput. Sci. 18, 227–258 (1982)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Chalmers University of TechnologyGothenburgSweden
  2. 2.TU WienViennaAustria

Personalised recommendations