SlideShare a Scribd company logo

Automatic Verification of Loop Invariants Using Constraint-Based Program Verification

ICSM 2010
ICSM 2010
1 of 8
Download to read offline
AUTOMATIC VERIFICATION OF LOOP INVARIANTS Olivier Ponsini, Hélène Collavizza, Carine Fédèle, ICSM 2010 Claude Michel, Michel Rueher
Outline 2/8  Loop invariants are useful  Automatic generation may produce spurious loop invariants We contribute a constraint-based approach for effectively filtering out spurious invariants
Why loop invariants? 3/8 Program testing and verification Program design and implementation Program maintenance • Program understanding and documentation • Error finding and correction • Optimization and refactoring
How to obtain loop invariants? 4/8 Correct Automatic generation Interproc Time demanding of correct invariants InvGen Weak invariants Fast Automatic generation Daikon Strong invariants of candidate invariants Gin-Pink Spurious Fast Candidate Invariant Strong invariants checking Correct
Verification of loop invariants 5/8 {I  Cond} Body {I} Hoare rule: {I} while (Cond) Body {I  Cond} /*@ requires Pre  Base case: @ ensures Post @*/ ... method(...) { Pre  enc(Init)  I Init while (Cond) {  Inductive case: Body } I  Cond  enc(Body)  I Final }
CPBPV 6/8  Constraint-based program verification  JML (Java Modeling Language) pre and post conditions  On-the-fly execution path exploration  Refutation proof with counter-example JML annotated methods  Bounded approach method2 method3  Integer domain size method1  Array size False assertions + test cases CPLEX CP  True CPBPV assertions
Experimentations 7/8  5 classical programs from # checked invariants (32 bits) verification domain 160 Time out 140 < 1min 120  180 candidate invariants 100 from different sources 80  Heuristics (125) <1s 60  Daikon (48) 40  InvGen (3) 20 Time out < 1min  Textbooks (7) 0 <1s Valid Spurious  8, 16, and 32-bit integers
Conclusion and perspectives 8/8  An effective checker for candidate loop invariants  Refuting spurious invariants is fast  No false positive  Test cases are produced as counter-examples  Perspectives  Extend to programs with multiple and nested loops  Integrate CPBPV

Recommended

An introduction to mutation testing
An introduction to mutation testingAn introduction to mutation testing
An introduction to mutation testingdavidmus
 
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...Dongsun Kim
 
Verilog Lecture3 hust 2014
Verilog Lecture3 hust 2014Verilog Lecture3 hust 2014
Verilog Lecture3 hust 2014Béo Tú
 
MUTANTS KILLER - PIT: state of the art of mutation testing system
MUTANTS KILLER - PIT: state of the art of mutation testing system MUTANTS KILLER - PIT: state of the art of mutation testing system
MUTANTS KILLER - PIT: state of the art of mutation testing system Tarin Gamberini
 
IEEE ACM Studying the Relationship between Exception Handling Practices and P...
IEEE ACM Studying the Relationship between Exception Handling Practices and P...IEEE ACM Studying the Relationship between Exception Handling Practices and P...
IEEE ACM Studying the Relationship between Exception Handling Practices and P...Gui Padua
 
Www javatpoint-com-corejava-interview-questions-2
Www javatpoint-com-corejava-interview-questions-2Www javatpoint-com-corejava-interview-questions-2
Www javatpoint-com-corejava-interview-questions-2ssuserd2d58b
 
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum CrackmeHES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum CrackmeHackito Ergo Sum
 
Social Networking
Social NetworkingSocial Networking
Social Networkingankush_kumar
 

Recommended

An introduction to mutation testing
An introduction to mutation testingAn introduction to mutation testing
An introduction to mutation testingdavidmus
 
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...Dongsun Kim
 
Verilog Lecture3 hust 2014
Verilog Lecture3 hust 2014Verilog Lecture3 hust 2014
Verilog Lecture3 hust 2014Béo Tú
 
MUTANTS KILLER - PIT: state of the art of mutation testing system
MUTANTS KILLER - PIT: state of the art of mutation testing system MUTANTS KILLER - PIT: state of the art of mutation testing system
MUTANTS KILLER - PIT: state of the art of mutation testing system Tarin Gamberini
 
IEEE ACM Studying the Relationship between Exception Handling Practices and P...
IEEE ACM Studying the Relationship between Exception Handling Practices and P...IEEE ACM Studying the Relationship between Exception Handling Practices and P...
IEEE ACM Studying the Relationship between Exception Handling Practices and P...Gui Padua
 
Www javatpoint-com-corejava-interview-questions-2
Www javatpoint-com-corejava-interview-questions-2Www javatpoint-com-corejava-interview-questions-2
Www javatpoint-com-corejava-interview-questions-2ssuserd2d58b
 
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum CrackmeHES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum CrackmeHackito Ergo Sum
 
Social Networking
Social NetworkingSocial Networking
Social Networkingankush_kumar
 
Mutation Testing and MuJava
Mutation Testing and MuJavaMutation Testing and MuJava
Mutation Testing and MuJavaKrunal Parmar
 
Nanometer Testing: Challenges and Solutions
Nanometer Testing: Challenges and SolutionsNanometer Testing: Challenges and Solutions
Nanometer Testing: Challenges and SolutionsDVClub
 
Abraham q3 2008
Abraham q3 2008Abraham q3 2008
Abraham q3 2008Obsidian Software
 
ACSAC2016: Code Obfuscation Against Symbolic Execution Attacks
ACSAC2016: Code Obfuscation Against Symbolic Execution AttacksACSAC2016: Code Obfuscation Against Symbolic Execution Attacks
ACSAC2016: Code Obfuscation Against Symbolic Execution AttacksSebastian Banescu
 
Assessing Test Case Prioritization on Real Faults and Mutants
Assessing Test Case Prioritization on Real Faults and MutantsAssessing Test Case Prioritization on Real Faults and Mutants
Assessing Test Case Prioritization on Real Faults and MutantsKevin Moran
 
Mining Assumptions for Software Components using Machine Learning
Mining Assumptions for Software Components using Machine LearningMining Assumptions for Software Components using Machine Learning
Mining Assumptions for Software Components using Machine LearningLionel Briand
 
Serigene Nonconfidential 03 15 2012
Serigene Nonconfidential 03 15 2012Serigene Nonconfidential 03 15 2012
Serigene Nonconfidential 03 15 2012silyin
 
Continuous Change-Driven Build Verification
Continuous Change-Driven Build Verification Continuous Change-Driven Build Verification
Continuous Change-Driven Build Verification Perforce
 
2011 course on Molecular Diagnostic Automation - Part 2 - Amplification
2011 course on Molecular Diagnostic Automation - Part 2 - Amplification2011 course on Molecular Diagnostic Automation - Part 2 - Amplification
2011 course on Molecular Diagnostic Automation - Part 2 - AmplificationPatrick Merel
 
ma52009id420
ma52009id420ma52009id420
ma52009id420matsushimalab
 
01 software test engineering (manual testing)
01 software test engineering (manual testing)01 software test engineering (manual testing)
01 software test engineering (manual testing)Siddireddy Balu
 
Model-driven trace diagnostics for pattern-based temporal specifications
Model-driven trace diagnostics for pattern-based temporal specificationsModel-driven trace diagnostics for pattern-based temporal specifications
Model-driven trace diagnostics for pattern-based temporal specificationsLionel Briand
 
Making smarter choices on c dna clones
Making smarter choices on c dna clonesMaking smarter choices on c dna clones
Making smarter choices on c dna clonesOriGene Technologies, Inc.
 
Lect 1.pptx
Lect 1.pptxLect 1.pptx
Lect 1.pptxJimingKang
 
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis ViolationsAVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis ViolationsDongsun Kim
 
Pragmatic implementation of single use technologies to deliver clinical supply
Pragmatic implementation of single use technologies to deliver clinical supplyPragmatic implementation of single use technologies to deliver clinical supply
Pragmatic implementation of single use technologies to deliver clinical supplyDr. Priyabrata Pattnaik
 
Paper presentation: Taverna, reloaded
Paper presentation: Taverna, reloadedPaper presentation: Taverna, reloaded
Paper presentation: Taverna, reloadedPaolo Missier
 
Mi rna data analysis 2013
Mi rna data analysis 2013Mi rna data analysis 2013
Mi rna data analysis 2013Elsa von Licy
 
Effective and Efficient API Misuse Detection via Exception Propagation and Se...
Effective and Efficient API Misuse Detection via Exception Propagation and Se...Effective and Efficient API Misuse Detection via Exception Propagation and Se...
Effective and Efficient API Misuse Detection via Exception Propagation and Se...XavierDevroey
 
Next-generation sequencing course, part 1: technologies
Next-generation sequencing course, part 1: technologiesNext-generation sequencing course, part 1: technologies
Next-generation sequencing course, part 1: technologiesJan Aerts
 
A tree kernel based approach for clone detection
A tree kernel based approach for clone detectionA tree kernel based approach for clone detection
A tree kernel based approach for clone detectionICSM 2010
 
Scalable Semantic Web-based Source Code Search Infrastructure
Scalable Semantic Web-based Source Code Search InfrastructureScalable Semantic Web-based Source Code Search Infrastructure
Scalable Semantic Web-based Source Code Search InfrastructureICSM 2010
 

More Related Content

Similar to Automatic Verification of Loop Invariants Using Constraint-Based Program Verification

Mutation Testing and MuJava
Mutation Testing and MuJavaMutation Testing and MuJava
Mutation Testing and MuJavaKrunal Parmar
 
Nanometer Testing: Challenges and Solutions
Nanometer Testing: Challenges and SolutionsNanometer Testing: Challenges and Solutions
Nanometer Testing: Challenges and SolutionsDVClub
 
ACSAC2016: Code Obfuscation Against Symbolic Execution Attacks
ACSAC2016: Code Obfuscation Against Symbolic Execution AttacksACSAC2016: Code Obfuscation Against Symbolic Execution Attacks
ACSAC2016: Code Obfuscation Against Symbolic Execution AttacksSebastian Banescu
 
Assessing Test Case Prioritization on Real Faults and Mutants
Assessing Test Case Prioritization on Real Faults and MutantsAssessing Test Case Prioritization on Real Faults and Mutants
Assessing Test Case Prioritization on Real Faults and MutantsKevin Moran
 
Mining Assumptions for Software Components using Machine Learning
Mining Assumptions for Software Components using Machine LearningMining Assumptions for Software Components using Machine Learning
Mining Assumptions for Software Components using Machine LearningLionel Briand
 
Serigene Nonconfidential 03 15 2012
Serigene Nonconfidential 03 15 2012Serigene Nonconfidential 03 15 2012
Serigene Nonconfidential 03 15 2012silyin
 
Continuous Change-Driven Build Verification
Continuous Change-Driven Build Verification Continuous Change-Driven Build Verification
Continuous Change-Driven Build Verification Perforce
 
2011 course on Molecular Diagnostic Automation - Part 2 - Amplification
2011 course on Molecular Diagnostic Automation - Part 2 - Amplification2011 course on Molecular Diagnostic Automation - Part 2 - Amplification
2011 course on Molecular Diagnostic Automation - Part 2 - AmplificationPatrick Merel
 
01 software test engineering (manual testing)
01 software test engineering (manual testing)01 software test engineering (manual testing)
01 software test engineering (manual testing)Siddireddy Balu
 
Model-driven trace diagnostics for pattern-based temporal specifications
Model-driven trace diagnostics for pattern-based temporal specificationsModel-driven trace diagnostics for pattern-based temporal specifications
Model-driven trace diagnostics for pattern-based temporal specificationsLionel Briand
 
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis ViolationsAVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis ViolationsDongsun Kim
 
Pragmatic implementation of single use technologies to deliver clinical supply
Pragmatic implementation of single use technologies to deliver clinical supplyPragmatic implementation of single use technologies to deliver clinical supply
Pragmatic implementation of single use technologies to deliver clinical supplyDr. Priyabrata Pattnaik
 
Paper presentation: Taverna, reloaded
Paper presentation: Taverna, reloadedPaper presentation: Taverna, reloaded
Paper presentation: Taverna, reloadedPaolo Missier
 
Mi rna data analysis 2013
Mi rna data analysis 2013Mi rna data analysis 2013
Mi rna data analysis 2013Elsa von Licy
 
Effective and Efficient API Misuse Detection via Exception Propagation and Se...
Effective and Efficient API Misuse Detection via Exception Propagation and Se...Effective and Efficient API Misuse Detection via Exception Propagation and Se...
Effective and Efficient API Misuse Detection via Exception Propagation and Se...XavierDevroey
 
Next-generation sequencing course, part 1: technologies
Next-generation sequencing course, part 1: technologiesNext-generation sequencing course, part 1: technologies
Next-generation sequencing course, part 1: technologiesJan Aerts
 

Similar to Automatic Verification of Loop Invariants Using Constraint-Based Program Verification (20)

Mutation Testing and MuJava
Mutation Testing and MuJavaMutation Testing and MuJava
Mutation Testing and MuJava
 
Nanometer Testing: Challenges and Solutions
Nanometer Testing: Challenges and SolutionsNanometer Testing: Challenges and Solutions
Nanometer Testing: Challenges and Solutions
 
Abraham q3 2008
Abraham q3 2008Abraham q3 2008
Abraham q3 2008
 
ACSAC2016: Code Obfuscation Against Symbolic Execution Attacks
ACSAC2016: Code Obfuscation Against Symbolic Execution AttacksACSAC2016: Code Obfuscation Against Symbolic Execution Attacks
ACSAC2016: Code Obfuscation Against Symbolic Execution Attacks
 
Assessing Test Case Prioritization on Real Faults and Mutants
Assessing Test Case Prioritization on Real Faults and MutantsAssessing Test Case Prioritization on Real Faults and Mutants
Assessing Test Case Prioritization on Real Faults and Mutants
 
Mining Assumptions for Software Components using Machine Learning
Mining Assumptions for Software Components using Machine LearningMining Assumptions for Software Components using Machine Learning
Mining Assumptions for Software Components using Machine Learning
 
Serigene Nonconfidential 03 15 2012
Serigene Nonconfidential 03 15 2012Serigene Nonconfidential 03 15 2012
Serigene Nonconfidential 03 15 2012
 
Continuous Change-Driven Build Verification
Continuous Change-Driven Build Verification Continuous Change-Driven Build Verification
Continuous Change-Driven Build Verification
 
2011 course on Molecular Diagnostic Automation - Part 2 - Amplification
2011 course on Molecular Diagnostic Automation - Part 2 - Amplification2011 course on Molecular Diagnostic Automation - Part 2 - Amplification
2011 course on Molecular Diagnostic Automation - Part 2 - Amplification
 
ma52009id420
ma52009id420ma52009id420
ma52009id420
 
01 software test engineering (manual testing)
01 software test engineering (manual testing)01 software test engineering (manual testing)
01 software test engineering (manual testing)
 
Model-driven trace diagnostics for pattern-based temporal specifications
Model-driven trace diagnostics for pattern-based temporal specificationsModel-driven trace diagnostics for pattern-based temporal specifications
Model-driven trace diagnostics for pattern-based temporal specifications
 
Making smarter choices on c dna clones
Making smarter choices on c dna clonesMaking smarter choices on c dna clones
Making smarter choices on c dna clones
 
Lect 1.pptx
Lect 1.pptxLect 1.pptx
Lect 1.pptx
 
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis ViolationsAVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
 
Pragmatic implementation of single use technologies to deliver clinical supply
Pragmatic implementation of single use technologies to deliver clinical supplyPragmatic implementation of single use technologies to deliver clinical supply
Pragmatic implementation of single use technologies to deliver clinical supply
 
Paper presentation: Taverna, reloaded
Paper presentation: Taverna, reloadedPaper presentation: Taverna, reloaded
Paper presentation: Taverna, reloaded
 
Mi rna data analysis 2013
Mi rna data analysis 2013Mi rna data analysis 2013
Mi rna data analysis 2013
 
Effective and Efficient API Misuse Detection via Exception Propagation and Se...
Effective and Efficient API Misuse Detection via Exception Propagation and Se...Effective and Efficient API Misuse Detection via Exception Propagation and Se...
Effective and Efficient API Misuse Detection via Exception Propagation and Se...
 
Next-generation sequencing course, part 1: technologies
Next-generation sequencing course, part 1: technologiesNext-generation sequencing course, part 1: technologies
Next-generation sequencing course, part 1: technologies
 

More from ICSM 2010

A tree kernel based approach for clone detection
A tree kernel based approach for clone detectionA tree kernel based approach for clone detection
A tree kernel based approach for clone detectionICSM 2010
 
Scalable Semantic Web-based Source Code Search Infrastructure
Scalable Semantic Web-based Source Code Search InfrastructureScalable Semantic Web-based Source Code Search Infrastructure
Scalable Semantic Web-based Source Code Search InfrastructureICSM 2010
 
2D and 3D Visualizations In Wikidev2.0 M. Fokaefs, D. Serrano, B. Tansey and ...
2D and 3D Visualizations In Wikidev2.0 M. Fokaefs, D. Serrano, B. Tansey and ...2D and 3D Visualizations In Wikidev2.0 M. Fokaefs, D. Serrano, B. Tansey and ...
2D and 3D Visualizations In Wikidev2.0 M. Fokaefs, D. Serrano, B. Tansey and ...ICSM 2010
 
Wiki dev nlp
Wiki dev nlpWiki dev nlp
Wiki dev nlpICSM 2010
 
iFL: An Interactive Environment for Understanding Feature Implementations
iFL: An Interactive Environment for Understanding Feature ImplementationsiFL: An Interactive Environment for Understanding Feature Implementations
iFL: An Interactive Environment for Understanding Feature ImplementationsICSM 2010
 
Using Clone Detection to Identify Bugs in Concurrent Software
Using Clone Detection to Identify Bugs in Concurrent SoftwareUsing Clone Detection to Identify Bugs in Concurrent Software
Using Clone Detection to Identify Bugs in Concurrent SoftwareICSM 2010
 
Physical and Conceptual Identifier Dispersion: Measures and Relation to Fault...
Physical and Conceptual Identifier Dispersion: Measures and Relation to Fault...Physical and Conceptual Identifier Dispersion: Measures and Relation to Fault...
Physical and Conceptual Identifier Dispersion: Measures and Relation to Fault...ICSM 2010
 
Automatically Repairing Test Cases for Evolving Method Declarations
Automatically Repairing Test Cases for Evolving Method DeclarationsAutomatically Repairing Test Cases for Evolving Method Declarations
Automatically Repairing Test Cases for Evolving Method DeclarationsICSM 2010
 
Automated Identification of Cross-browser Issues in Web Applications
Automated Identification of Cross-browser Issues in Web ApplicationsAutomated Identification of Cross-browser Issues in Web Applications
Automated Identification of Cross-browser Issues in Web ApplicationsICSM 2010
 
Reverse Engineering Object-Oriented Distributed Systems
Reverse Engineering Object-Oriented Distributed SystemsReverse Engineering Object-Oriented Distributed Systems
Reverse Engineering Object-Oriented Distributed SystemsICSM 2010
 
Software asset management
Software asset managementSoftware asset management
Software asset managementICSM 2010
 
Successfulresearch 100915022614-phpapp01
Successfulresearch 100915022614-phpapp01Successfulresearch 100915022614-phpapp01
Successfulresearch 100915022614-phpapp01ICSM 2010
 
Enabling multi tenancy(An Industrial Experience Report)
Enabling multi tenancy(An Industrial Experience Report)Enabling multi tenancy(An Industrial Experience Report)
Enabling multi tenancy(An Industrial Experience Report)ICSM 2010
 
Studying the impact of dependency network measures on software quality
Studying the impact of dependency network measures on software quality Studying the impact of dependency network measures on software quality
Studying the impact of dependency network measures on software quality ICSM 2010
 
Icsm2010 Announcement
Icsm2010 AnnouncementIcsm2010 Announcement
Icsm2010 AnnouncementICSM 2010
 

More from ICSM 2010 (15)

A tree kernel based approach for clone detection
A tree kernel based approach for clone detectionA tree kernel based approach for clone detection
A tree kernel based approach for clone detection
 
Scalable Semantic Web-based Source Code Search Infrastructure
Scalable Semantic Web-based Source Code Search InfrastructureScalable Semantic Web-based Source Code Search Infrastructure
Scalable Semantic Web-based Source Code Search Infrastructure
 
2D and 3D Visualizations In Wikidev2.0 M. Fokaefs, D. Serrano, B. Tansey and ...
2D and 3D Visualizations In Wikidev2.0 M. Fokaefs, D. Serrano, B. Tansey and ...2D and 3D Visualizations In Wikidev2.0 M. Fokaefs, D. Serrano, B. Tansey and ...
2D and 3D Visualizations In Wikidev2.0 M. Fokaefs, D. Serrano, B. Tansey and ...
 
Wiki dev nlp
Wiki dev nlpWiki dev nlp
Wiki dev nlp
 
iFL: An Interactive Environment for Understanding Feature Implementations
iFL: An Interactive Environment for Understanding Feature ImplementationsiFL: An Interactive Environment for Understanding Feature Implementations
iFL: An Interactive Environment for Understanding Feature Implementations
 
Using Clone Detection to Identify Bugs in Concurrent Software
Using Clone Detection to Identify Bugs in Concurrent SoftwareUsing Clone Detection to Identify Bugs in Concurrent Software
Using Clone Detection to Identify Bugs in Concurrent Software
 
Physical and Conceptual Identifier Dispersion: Measures and Relation to Fault...
Physical and Conceptual Identifier Dispersion: Measures and Relation to Fault...Physical and Conceptual Identifier Dispersion: Measures and Relation to Fault...
Physical and Conceptual Identifier Dispersion: Measures and Relation to Fault...
 
Automatically Repairing Test Cases for Evolving Method Declarations
Automatically Repairing Test Cases for Evolving Method DeclarationsAutomatically Repairing Test Cases for Evolving Method Declarations
Automatically Repairing Test Cases for Evolving Method Declarations
 
Automated Identification of Cross-browser Issues in Web Applications
Automated Identification of Cross-browser Issues in Web ApplicationsAutomated Identification of Cross-browser Issues in Web Applications
Automated Identification of Cross-browser Issues in Web Applications
 
Reverse Engineering Object-Oriented Distributed Systems
Reverse Engineering Object-Oriented Distributed SystemsReverse Engineering Object-Oriented Distributed Systems
Reverse Engineering Object-Oriented Distributed Systems
 
Software asset management
Software asset managementSoftware asset management
Software asset management
 
Successfulresearch 100915022614-phpapp01
Successfulresearch 100915022614-phpapp01Successfulresearch 100915022614-phpapp01
Successfulresearch 100915022614-phpapp01
 
Enabling multi tenancy(An Industrial Experience Report)
Enabling multi tenancy(An Industrial Experience Report)Enabling multi tenancy(An Industrial Experience Report)
Enabling multi tenancy(An Industrial Experience Report)
 
Studying the impact of dependency network measures on software quality
Studying the impact of dependency network measures on software quality Studying the impact of dependency network measures on software quality
Studying the impact of dependency network measures on software quality
 
Icsm2010 Announcement
Icsm2010 AnnouncementIcsm2010 Announcement
Icsm2010 Announcement
 

Automatic Verification of Loop Invariants Using Constraint-Based Program Verification

  • 1. AUTOMATIC VERIFICATION OF LOOP INVARIANTS Olivier Ponsini, Hélène Collavizza, Carine Fédèle, ICSM 2010 Claude Michel, Michel Rueher
  • 2. Outline 2/8  Loop invariants are useful  Automatic generation may produce spurious loop invariants We contribute a constraint-based approach for effectively filtering out spurious invariants
  • 3. Why loop invariants? 3/8 Program testing and verification Program design and implementation Program maintenance • Program understanding and documentation • Error finding and correction • Optimization and refactoring
  • 4. How to obtain loop invariants? 4/8 Correct Automatic generation Interproc Time demanding of correct invariants InvGen Weak invariants Fast Automatic generation Daikon Strong invariants of candidate invariants Gin-Pink Spurious Fast Candidate Invariant Strong invariants checking Correct
  • 5. Verification of loop invariants 5/8 {I  Cond} Body {I} Hoare rule: {I} while (Cond) Body {I  Cond} /*@ requires Pre  Base case: @ ensures Post @*/ ... method(...) { Pre  enc(Init)  I Init while (Cond) {  Inductive case: Body } I  Cond  enc(Body)  I Final }
  • 6. CPBPV 6/8  Constraint-based program verification  JML (Java Modeling Language) pre and post conditions  On-the-fly execution path exploration  Refutation proof with counter-example JML annotated methods  Bounded approach method2 method3  Integer domain size method1  Array size False assertions + test cases CPLEX CP  True CPBPV assertions
  • 7. Experimentations 7/8  5 classical programs from # checked invariants (32 bits) verification domain 160 Time out 140 < 1min 120  180 candidate invariants 100 from different sources 80  Heuristics (125) <1s 60  Daikon (48) 40  InvGen (3) 20 Time out < 1min  Textbooks (7) 0 <1s Valid Spurious  8, 16, and 32-bit integers
  • 8. Conclusion and perspectives 8/8  An effective checker for candidate loop invariants  Refuting spurious invariants is fast  No false positive  Test cases are produced as counter-examples  Perspectives  Extend to programs with multiple and nested loops  Integrate CPBPV