Symbolic Abstract Contract Synthesis in a Rewriting Framework

  • María Alpuente
  • Daniel PardoEmail author
  • Alicia Villanueva
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10184)


We propose an automated technique for inferring software contracts from programs that are written in a non-trivial fragment of C, called KernelC, that supports pointer-based structures and heap manipulation. Starting from the semantic definition of KernelC in the \(\mathbb {K}\) framework, we enrich the symbolic execution facilities recently provided by C with novel capabilities for assertion synthesis that are based on abstract subsumption. Roughly speaking, we define an abstract symbolic technique that explains the execution of a (modifier) C function by using other (observer) routines in the same program. We implemented our technique in the automated tool KindSpec 2.0, which generates logical axioms that define the precise input/output behavior of the C routines.


  1. 1.
    Alpuente, M., Feliú, M.A., Villanueva, A.: Automatic inference of specifications using matching logic. In: Proceedings of PEPM 2013, pp. 127–136. ACM (2013)Google Scholar
  2. 2.
    Alpuente, M., Pardo, D., Villanueva, A.: Automatic inference of specifications in the K framework. EPTCS 200, 1–17 (2015)CrossRefGoogle Scholar
  3. 3.
    Anand, S., Păsăreanu, C.S., Visser, W.: Symbolic execution with abstraction. STTT 11(1), 53–67 (2008)CrossRefGoogle Scholar
  4. 4.
    Arusoaie, A., Lucanu, D., Rusu, V.: Symbolic execution based on language transformation. Comput. Lang. Syst. Struct. 44(Part A), 48–71 (2015)Google Scholar
  5. 5.
    Calcagno, C., Distefano, D., O’Hearn, P.W., Yang, H.: Footprint analysis: a shape analysis that discovers preconditions. In: Nielson, H.R., Filé, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 402–418. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74061-2_25 CrossRefGoogle Scholar
  6. 6.
    Claessen, K., Smallbone, N., Hughes, J.: QuickSpec: guessing formal specifications using testing. In: Fraser, G., Gargantini, A. (eds.) TAP 2010. LNCS, vol. 6143, pp. 6–21. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13977-2_3 CrossRefGoogle Scholar
  7. 7.
    Cousot, P., Cousot, R., Fähndrich, M., Logozzo, F.: Automatic inference of necessary preconditions. In: Giacobazzi, R., Berdine, J., Mastroeni, I. (eds.) VMCAI 2013. LNCS, vol. 7737, pp. 128–148. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-35873-9_10 CrossRefGoogle Scholar
  8. 8.
    Ellison, C., Roşu, G.: An executable formal semantics of C with applications. In: Proceedings of POPL 2012, pp. 533–544. ACM (2012)Google Scholar
  9. 9.
    Gulavani, B.S., Chakraborty, S., Ramalingam, G., Nori, A.V.: Bottom-up shape analysis using LISF. ACM Trans. Program. Lang. Syst. 33(5), 17 (2011)CrossRefzbMATHGoogle Scholar
  10. 10.
    Henkel, J., Diwan, A.: Discovering algebraic specifications from Java classes. In: Cardelli, L. (ed.) ECOOP 2003. LNCS, vol. 2743, pp. 431–456. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-45070-2_19 CrossRefGoogle Scholar
  11. 11.
    Khurshid, S., PĂsĂreanu, C.S., Visser, W.: Generalized symbolic execution for model checking and testing. In: Garavel, H., Hatcliff, J. (eds.) TACAS 2003. LNCS, vol. 2619, pp. 553–568. Springer, Heidelberg (2003). doi: 10.1007/3-540-36577-X_40 CrossRefGoogle Scholar
  12. 12.
    King, J.C.: Symbolic execution and program testing. Comm. ACM 19(7), 385–394 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Liskov, B., Guttag, J.: Abstraction and Specification in Program Development. MIT Press, Cambridge (1986)zbMATHGoogle Scholar
  14. 14.
    Magill, S., Nanevski, A., Clarke, E., Lee, P.: Inferring invariants in separation logic for imperative list-processing programs. In: Proceedings of SPACE Workshop (2006)Google Scholar
  15. 15.
    Meyer, B.: Applying ‘design by contract’. Computer 25(10), 40–51 (1992)CrossRefGoogle Scholar
  16. 16.
    Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-78800-3_24 CrossRefGoogle Scholar
  17. 17.
    Moy, Y., Marché, C.: Modular inference of subprogram contracts for safety checking. J. Symbolic Comput. 45(11), 1184–1211 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Roşu, G., Şerbănuţă, T.F.: An overview of the K semantic framework. JLAP 79(6), 397–434 (2010)MathSciNetzbMATHGoogle Scholar
  19. 19.
    Tillmann, N., Chen, F., Schulte, W.: Discovering likely method specifications. In: Liu, Z., He, J. (eds.) ICFEM 2006. LNCS, vol. 4260, pp. 717–736. Springer, Heidelberg (2006). doi: 10.1007/11901433_39 CrossRefGoogle Scholar
  20. 20.
    Wei, Y., Furia, C.A., Kazmin, N., Meyer, B.: Inferring better contracts. In: Proceedings of the ICSE 2011, 191–200. ACM (2011)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • María Alpuente
    • 1
  • Daniel Pardo
    • 1
    Email author
  • Alicia Villanueva
    • 1
  1. 1.DSIC, Universitat Politècnica de ValènciaValenciaSpain

Personalised recommendations