Using Program Synthesis for Program Analysis

  • Cristina DavidEmail author
  • Daniel Kroening
  • Matt Lewis
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9450)


In this paper, we propose a unified framework for designing static analysers based on program synthesis. For this purpose, we identify a fragment of second-order logic with restricted quantification that is expressive enough to capture numerous static analysis problems (e.g. safety proving, bug finding, termination and non-termination proving, superoptimisation). We call this fragment the synthesis fragment. We build a decision procedure for the synthesis fragment over finite domains in the form of a program synthesiser. Given our initial motivation to solve static analysis problems, this synthesiser is specialised for such analyses. Our experimental results show that, on benchmarks capturing static analysis problems, our program synthesiser compares positively with other general purpose synthesisers.


Model Check Genetic Programming Decision Procedure Kolmogorov Complexity Finite Domain 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL (1977)Google Scholar
  2. 2.
    Clarke, E.M., Kroening, D., Yorav, K.: Behavioral consistency of C and verilog programs using bounded model checking. In: DAC, pp. 368–371 (2003)Google Scholar
  3. 3.
    Floyd, R.W.: Assigning meanings to programs (1967)Google Scholar
  4. 4.
    Gupta, A., et al.: Proving non-termination. In: POPL (2008)Google Scholar
  5. 5.
    Gulwani, S.: Dimensions in program synthesis. In: Formal Methods in Computer-Aided Design, FMCAD, p. 1 (2010)Google Scholar
  6. 6.
    Kong, S., Jung, Y., David, C., Wang, B.-Y., Yi, K.: Automatically inferring quantified loop invariants by algorithmic learning from simple templates. In: Ueda, K. (ed.) APLAS 2010. LNCS, vol. 6461, pp. 328–343. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  7. 7.
    Alur, R., et al.: Syntax-guided synthesis. In: FMCAD (2013)Google Scholar
  8. 8.
    Grebenshchikov, S., Lopes, N.P., Popeea, C., Rybalchenko, A.: Synthesizing software verifiers from proof rules. In: PLDI, pp. 405–416 (2012)Google Scholar
  9. 9.
    Beyene, T.A., Popeea, C., Rybalchenko, A.: Solving existentially quantified horn clauses. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 869–882. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  10. 10.
    Wintersteiger, C.M., Hamadi, Y., de Moura, L.M.: Efficiently solving quantified bit-vector formulas. In: FMCAD (2010)Google Scholar
  11. 11.
    Piskac, R., de Moura, L.M., Bjørner, N.: Deciding effectively propositional logic using DPLL and substitution sets. J. Autom. Reasoning 44(4), 401–424 (2010)zbMATHCrossRefGoogle Scholar
  12. 12.
    Gulwani, S., Srivastava, S., Venkatesan, R.: Program analysis as constraint solving. In: PLDI, pp. 281–292 (2008)Google Scholar
  13. 13.
    David, C., Kroening, D., Lewis, M.: Unrestricted termination and non-termination arguments for bit-vector programs. In: Vitek, J. (ed.) ESOP 2015. LNCS, vol. 9032, pp. 183–204. Springer, Heidelberg (2015) CrossRefGoogle Scholar
  14. 14.
    David, C., Kroening, D., Lewis, M.: Using program synthesis for program analysis. CoRR abs/1508.07829 (2015)Google Scholar
  15. 15.
    Solar-Lezama, A.: Program sketching. STTT 15(5–6), 475–495 (2013)CrossRefGoogle Scholar
  16. 16.
    Brain, M., Crick, T., De Vos, M., Fitch, J.: TOAST: applying answer set programming to superoptimisation. In: Etalle, S., Truszczyński, M. (eds.) ICLP 2006. LNCS, vol. 4079, pp. 270–284. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  17. 17.
    Langdon, W.B., Poli, R.: Foundations of Genetic Programming. Springer, Heidelberg (2002)zbMATHCrossRefGoogle Scholar
  18. 18.
    Brameier, M., Banzhaf, W.: Linear Genetic Programming. Springer, Heidelberg (2007)zbMATHGoogle Scholar
  19. 19.
    Gomez, F., Miikkulainen, R.: Incremental evolution of complex general behavior. Adapt. Behav. 5, 317–342 (1997)CrossRefGoogle Scholar
  20. 20.
    Gulwani, S., Jha, S., Tiwari, A., Venkatesan, R.: Synthesis of loop-free programs. In: PLDI, pp. 62–73 (2011)Google Scholar
  21. 21.
  22. 22.
    David, C., Kroening, D., Lewis, M.: Danger invariants. CoRR (2015)Google Scholar
  23. 23.
    Reynolds, A., Deters, M., Kuncak, V., Tinelli, C., Barrett, C.: Counterexample-guided quantifier instantiation for synthesis in SMT. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9207, pp. 198–216. Springer, Heidelberg (2015) CrossRefGoogle Scholar
  24. 24.
  25. 25.
    Garg, P., Löding, C., Madhusudan, P., Neider, D.: ICE: a robust framework for learning invariants. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 69–87. Springer, Heidelberg (2014) Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  1. 1.University of OxfordOxfordUK
  2. 2.Improbable Worlds Ltd.LondonUK

Personalised recommendations