Using dynamic analysis to discover polynomial and array invariants

@article{Nguyen2012UsingDA,
  title={Using dynamic analysis to discover polynomial and array invariants},
  author={ThanhVu Nguyen and Deepak Kapur and Westley Weimer and Stephanie Forrest},
  journal={2012 34th International Conference on Software Engineering (ICSE)},
  year={2012},
  pages={683-693}
}
  • ThanhVu Nguyen, D. Kapur, S. Forrest
  • Published 2 June 2012
  • Computer Science, Mathematics
  • 2012 34th International Conference on Software Engineering (ICSE)
Dynamic invariant analysis identifies likely properties over variables from observed program traces. These properties can aid programmers in refactoring, documenting, and debugging tasks by making dynamic patterns visible statically. Two useful forms of invariants involve relations among polynomials over program variables and relations among array variables. Current dynamic analysis methods support such invariants in only very limited forms. We combine mathematical techniques that have not… 

Figures and Tables from this paper

Automating Program Verification and Repair Using Invariant Analysis and Test Input Generation
TLDR
This dissertation presents DIG, a static and dynamic analysis framework for discovering several useful classes of program invariants, including nonlinear polynomial relations, which are fundamental to many scientific applications; disjunctive invariantes, which express branching behaviors in programs; and properties about multidimensional arrays, which appear in many practical applications.
DIG: A Dynamic Invariant Generator for Polynomial and Array Invariants
TLDR
DIG is a dynamic invariant generator that infers invariants from observed program traces, focusing on numerical and array variables that supports both nonlinear equalities and inequalities of arbitrary degree defined over numerical program variables.
Using dynamic analysis to generate disjunctive invariants
TLDR
This work proposes a method for generating disjunctive invariants over numerical domains, which are inexpressible using classical convex polyhedra, and proposes to verify these invariants statically using k-inductive SMT theorem proving which allows us to validate invariants that are not classically inductive.
Counterexample-guided approach to finding numerical invariants
TLDR
NumInv, a tool that implements a counterexample-guided invariant generation (CEGIR) technique to automatically discover numerical invariants, which are polynomial equality and inequality relations among numerical variables, performs competitively comparing to state of the art numerical invariant analysis tools.
Dynaplex: analyzing program complexity using dynamically inferred recurrence relations
TLDR
A new dynamic approach for inferring the asymptotic complexity bounds of recursive programs, which allows for efficiently infer simple recurrence relations that represent nontrivial, potentially nonlinear polynomial and non-polynomial, complexity bounds.
Analyzing Array Manipulating Programs by Program Transformation
TLDR
A transformational approach to the problem of verifying simple array-manipulating programs by defining a simple abstract machine which allows for set-valued variables and showing how to translate programs with array operations to array-free code for this machine.
A Data Driven Approach for Algebraic Loop Invariants
TLDR
It is shown how Guess-and-Check can be extended to generate arbitrary boolean combinations of linear equalities as invariants, which enables the technique to generate expressive invariants to be consumed by tools that cannot handle non-linear arithmetic.
Dependent Array Type Inference from Tests
TLDR
This work presents a type-based program analysis capable of inferring expressive invariants over array programs, and combines dependent types with two additional key elements, yielding a sound flow-sensitive dependent type system that can capture invariants associated with side-effecting array programs.
Loop invariants: Analysis, classification, and examples
TLDR
This article analyzes the patterns, as uncovered in this study, governing how invariants are derived from postconditions; it proposes a taxonomy of invariants according to these patterns; and it presents its application to the algorithms reviewed.
From Invariant Checking to Invariant Inference Using Randomized Search
TLDR
A general framework c2i is described, given a checker and a language of possible invariants, that generates an inference procedure that iteratively invokes two phases that prove safety properties of numerical programs, and prove functional specifications of heap manipulating programs that use linked list data structures.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 38 REFERENCES
Dynamically discovering likely program invariants
TLDR
This dissertation shows how invariants can be dynamically detected from program traces that capture variable values at program points of interest and presents techniques for detecting such invariants from traces, assesses their efficacy, and points the way for future research.
ABCD: eliminating array bounds checks on demand
TLDR
ABCD is a light-weight algorithm for elimination of Array Bounds Checks on Demand that can be applied to a set of frequently executed (hot) bounds checks, which makes it suitable for the dynamic-compilation setting, in which compile-time cost is constrained but hot statements are known.
Generating all polynomial invariants in simple loops
A new structural coverage criterion for dynamic detection of program invariants
  • Neelam Gupta, Z. Heidepriem
  • Computer Science
    18th IEEE International Conference on Automated Software Engineering, 2003. Proceedings.
  • 2003
TLDR
A new structural coverage criterion called invariant-coverage criterion for dynamic detection of program invariants is proposed and it is shown how this criterion can be used to improve the accuracy of dynamically detected invariants.
Tracking down software bugs using automatic anomaly detection
TLDR
DIDUCE, a practical and effective tool that aids programmers in detecting complex program errors and identifying their root causes, is introduced and suggests that detecting and checking program invariants dynamically is a simple and effective methodology for debugging many different kinds of program errors across a wide variety of application domains.
A static analyzer for large safety-critical software
We show that abstract interpretation-based static program analysis can be made efficient and precise enough to formally verify a class of properties for a family of large programs with few or no
Precise interprocedural dataflow analysis via graph reachability
The paper shows how a large class of interprocedural dataflow-analysis problems can be solved precisely in polynomial time by transforming them into a special kind of graph-reachability problem. The
Implementation of an array bound checker
TLDR
This paper describes a system which checks correctness of array accesses automatically without any inductive assertions or human interaction and creates logical assertions immediately before array elements such that these assertions must be true whenever the control passes the assertion in order for the access to be valid.
Automated support for program refactoring using invariants
TLDR
The feasibility of automatically finding places in the program that are candidates for specific refactoring, using an invariant pattern matcher for several common refactorings, is demonstrated and applied to an existing Java code base.
The Daikon system for dynamic detection of likely invariants
...
1
2
3
4
...