AUTOMATIC
            VERIFICATION OF
            LOOP INVARIANTS
            Olivier Ponsini, Hélène Collavizza, Carine F...
Outline
2/8


       Loop invariants are useful
       Automatic generation may produce spurious loop
        invariants...
Why loop invariants?
3/8




                             Program testing and
                                 verificatio...
How to obtain loop invariants?
4/8


                                  Correct
      Automatic generation                ...
Verification of loop invariants
5/8

                                {I  Cond} Body {I}
          Hoare rule:
           ...
CPBPV
6/8


       Constraint-based program verification
           JML (Java Modeling Language) pre and post conditions...
Experimentations
7/8

  5 classical programs from    # checked invariants (32 bits)
   verification domain          160  ...
Conclusion and perspectives
8/8


       An effective checker for candidate loop invariants
           Refuting spurious...
Upcoming SlideShare
Loading in …5
×

Ponsini automatic slides

492 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
492
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Ponsini automatic slides

  1. 1. AUTOMATIC VERIFICATION OF LOOP INVARIANTS Olivier Ponsini, Hélène Collavizza, Carine Fédèle, ICSM 2010 Claude Michel, Michel Rueher
  2. 2. Outline 2/8  Loop invariants are useful  Automatic generation may produce spurious loop invariants We contribute a constraint-based approach for effectively filtering out spurious invariants
  3. 3. Why loop invariants? 3/8 Program testing and verification Program design and implementation Program maintenance • Program understanding and documentation • Error finding and correction • Optimization and refactoring
  4. 4. How to obtain loop invariants? 4/8 Correct Automatic generation Interproc Time demanding of correct invariants InvGen Weak invariants Fast Automatic generation Daikon Strong invariants of candidate invariants Gin-Pink Spurious Fast Candidate Invariant Strong invariants checking Correct
  5. 5. Verification of loop invariants 5/8 {I  Cond} Body {I} Hoare rule: {I} while (Cond) Body {I  Cond} /*@ requires Pre  Base case: @ ensures Post @*/ ... method(...) { Pre  enc(Init)  I Init while (Cond) {  Inductive case: Body } I  Cond  enc(Body)  I Final }
  6. 6. CPBPV 6/8  Constraint-based program verification  JML (Java Modeling Language) pre and post conditions  On-the-fly execution path exploration  Refutation proof with counter-example JML annotated methods  Bounded approach method2 method3  Integer domain size method1  Array size False assertions + test cases CPLEX CP  True CPBPV assertions
  7. 7. Experimentations 7/8  5 classical programs from # checked invariants (32 bits) verification domain 160 Time out 140 < 1min 120  180 candidate invariants 100 from different sources 80  Heuristics (125) <1s 60  Daikon (48) 40  InvGen (3) 20 Time out < 1min  Textbooks (7) 0 <1s Valid Spurious  8, 16, and 32-bit integers
  8. 8. Conclusion and perspectives 8/8  An effective checker for candidate loop invariants  Refuting spurious invariants is fast  No false positive  Test cases are produced as counter-examples  Perspectives  Extend to programs with multiple and nested loops  Integrate CPBPV

×