# Using dynamic analysis to discover polynomial and array invariants

@article{Nguyen2012UsingDA, title={Using dynamic analysis to discover polynomial and array invariants}, author={ThanhVu Nguyen and Deepak Kapur and Westley Weimer and Stephanie Forrest}, journal={2012 34th International Conference on Software Engineering (ICSE)}, year={2012}, pages={683-693} }

Dynamic invariant analysis identifies likely properties over variables from observed program traces. These properties can aid programmers in refactoring, documenting, and debugging tasks by making dynamic patterns visible statically. Two useful forms of invariants involve relations among polynomials over program variables and relations among array variables. Current dynamic analysis methods support such invariants in only very limited forms. We combine mathematical techniques that have not…

## 71 Citations

Automating Program Verification and Repair Using Invariant Analysis and Test Input Generation

- Computer Science
- 2010

This dissertation presents DIG, a static and dynamic analysis framework for discovering several useful classes of program invariants, including nonlinear polynomial relations, which are fundamental to many scientific applications; disjunctive invariantes, which express branching behaviors in programs; and properties about multidimensional arrays, which appear in many practical applications.

DIG: A Dynamic Invariant Generator for Polynomial and Array Invariants

- Computer ScienceTSEM
- 2014

DIG is a dynamic invariant generator that infers invariants from observed program traces, focusing on numerical and array variables that supports both nonlinear equalities and inequalities of arbitrary degree defined over numerical program variables.

Using dynamic analysis to generate disjunctive invariants

- Computer ScienceICSE
- 2014

This work proposes a method for generating disjunctive invariants over numerical domains, which are inexpressible using classical convex polyhedra, and proposes to verify these invariants statically using k-inductive SMT theorem proving which allows us to validate invariants that are not classically inductive.

Counterexample-guided approach to finding numerical invariants

- Computer ScienceESEC/SIGSOFT FSE
- 2017

NumInv, a tool that implements a counterexample-guided invariant generation (CEGIR) technique to automatically discover numerical invariants, which are polynomial equality and inequality relations among numerical variables, performs competitively comparing to state of the art numerical invariant analysis tools.

Dynaplex: analyzing program complexity using dynamically inferred recurrence relations

- Computer ScienceProc. ACM Program. Lang.
- 2021

A new dynamic approach for inferring the asymptotic complexity bounds of recursive programs, which allows for efficiently infer simple recurrence relations that represent nontrivial, potentially nonlinear polynomial and non-polynomial, complexity bounds.

Analyzing Array Manipulating Programs by Program Transformation

- Computer ScienceLOPSTR
- 2014

A transformational approach to the problem of verifying simple array-manipulating programs by defining a simple abstract machine which allows for set-valued variables and showing how to translate programs with array operations to array-free code for this machine.

A Data Driven Approach for Algebraic Loop Invariants

- Computer Science, MathematicsESOP
- 2013

It is shown how Guess-and-Check can be extended to generate arbitrary boolean combinations of linear equalities as invariants, which enables the technique to generate expressive invariants to be consumed by tools that cannot handle non-linear arithmetic.

Dependent Array Type Inference from Tests

- Computer ScienceVMCAI
- 2015

This work presents a type-based program analysis capable of inferring expressive invariants over array programs, and combines dependent types with two additional key elements, yielding a sound flow-sensitive dependent type system that can capture invariants associated with side-effecting array programs.

Loop invariants: Analysis, classification, and examples

- Computer ScienceCSUR
- 2014

This article analyzes the patterns, as uncovered in this study, governing how invariants are derived from postconditions; it proposes a taxonomy of invariants according to these patterns; and it presents its application to the algorithms reviewed.

From Invariant Checking to Invariant Inference Using Randomized Search

- Computer ScienceCAV
- 2014

A general framework c2i is described, given a checker and a language of possible invariants, that generates an inference procedure that iteratively invokes two phases that prove safety properties of numerical programs, and prove functional specifications of heap manipulating programs that use linked list data structures.

## References

SHOWING 1-10 OF 38 REFERENCES

Dynamically discovering likely program invariants

- Computer Science
- 2000

This dissertation shows how invariants can be dynamically detected from program traces that capture variable values at program points of interest and presents techniques for detecting such invariants from traces, assesses their efficacy, and points the way for future research.

ABCD: eliminating array bounds checks on demand

- Computer SciencePLDI '00
- 2000

ABCD is a light-weight algorithm for elimination of Array Bounds Checks on Demand that can be applied to a set of frequently executed (hot) bounds checks, which makes it suitable for the dynamic-compilation setting, in which compile-time cost is constrained but hot statements are known.

Generating all polynomial invariants in simple loops

- Mathematics, Computer ScienceJ. Symb. Comput.
- 2007

A new structural coverage criterion for dynamic detection of program invariants

- Computer Science18th IEEE International Conference on Automated Software Engineering, 2003. Proceedings.
- 2003

A new structural coverage criterion called invariant-coverage criterion for dynamic detection of program invariants is proposed and it is shown how this criterion can be used to improve the accuracy of dynamically detected invariants.

Tracking down software bugs using automatic anomaly detection

- Computer ScienceICSE '02
- 2002

DIDUCE, a practical and effective tool that aids programmers in detecting complex program errors and identifying their root causes, is introduced and suggests that detecting and checking program invariants dynamically is a simple and effective methodology for debugging many different kinds of program errors across a wide variety of application domains.

A static analyzer for large safety-critical software

- Computer SciencePLDI '03
- 2003

We show that abstract interpretation-based static program analysis can be made efficient and precise enough to formally verify a class of properties for a family of large programs with few or no…

Precise interprocedural dataflow analysis via graph reachability

- Computer SciencePOPL '95
- 1995

The paper shows how a large class of interprocedural dataflow-analysis problems can be solved precisely in polynomial time by transforming them into a special kind of graph-reachability problem. The…

Implementation of an array bound checker

- Computer SciencePOPL
- 1977

This paper describes a system which checks correctness of array accesses automatically without any inductive assertions or human interaction and creates logical assertions immediately before array elements such that these assertions must be true whenever the control passes the assertion in order for the access to be valid.

Automated support for program refactoring using invariants

- Computer ScienceProceedings IEEE International Conference on Software Maintenance. ICSM 2001
- 2001

The feasibility of automatically finding places in the program that are candidates for specific refactoring, using an invariant pattern matcher for several common refactorings, is demonstrated and applied to an existing Java code base.

The Daikon system for dynamic detection of likely invariants

- Computer ScienceSci. Comput. Program.
- 2007