Hostname: page-component-848d4c4894-nmvwc Total loading time: 0 Render date: 2024-06-21T06:00:29.515Z Has data issue: false hasContentIssue false

An iterative approach to precondition inference using constrained Horn clauses

Published online by Cambridge University Press:  10 August 2018

BISHOKSAN KAFLE
Affiliation:
The University of Melbourne
JOHN P. GALLAGHER
Affiliation:
Roskilde University and IMDEA Software Institute
GRAEME GANGE
Affiliation:
Monash University
PETER SCHACHTE
Affiliation:
The University of Melbourne
HARALD SØNDERGAARD
Affiliation:
The University of Melbourne
PETER J. STUCKEY
Affiliation:
The University of Melbourne
Rights & Permissions [Opens in a new window]

Abstract

Core share and HTML view are not available for this content. However, as you have access to this content, a full PDF is available via the ‘Save PDF’ action button.

We present a method for automatic inference of conditions on the initial states of a program that guarantee that the safety assertions in the program are not violated. Constrained Horn clauses (CHCs) are used to model the program and assertions in a uniform way, and we use standard abstract interpretations to derive an over-approximation of the set of unsafe initial states. The precondition then is the constraint corresponding to the complement of that set, under-approximating the set of safe initial states. This idea of complementation is not new, but previous attempts to exploit it have suffered from the loss of precision. Here we develop an iterative specialisation algorithm to give more precise, and in some cases optimal safety conditions. The algorithm combines existing transformations, namely constraint specialisation, partial evaluation and a trace elimination transformation. The last two of these transformations perform polyvariant specialisation, leading to disjunctive constraints which improve precision. The algorithm is implemented and tested on a benchmark suite of programs from the literature in precondition inference and software verification competitions.

Type
Original Article
Copyright
Copyright © Cambridge University Press 2018 

References

Bagnara, R., Hill, P. M., and Zaffanella, E. 2008. The Parma Polyhedra Library: Toward a complete set of numerical abstractions for the analysis and verification of hardware and software systems. Sci. Comput. Program. 72, 1–2, 321.Google Scholar
Bakhirkin, A., Berdine, J., and Piterman, N. 2014. Backward analysis via over-approximate abstraction and under-approximate subtraction. In Static Analysis, Müller-Olm, M. and Seidl, H., Eds. LNCS, vol. 8723. Springer, 3450.Google Scholar
Bakhirkin, A. and Monniaux, D. 2017. Combining forward and backward abstract interpretation of Horn clauses. In Static Analysis, Ranzato, F., Ed. LNCS, vol. 10422. Springer, 2345.Google Scholar
Ball, T., Cook, B., Levin, V., and Rajamani, S. K. 2004. SLAM and static driver verifier: Technology transfer of formal methods inside Microsoft. In Integrated Formal Methods, Boiten, E. A., Derrick, J., and Smith, G., Eds. LNCS, vol. 2999. Springer, 120.Google Scholar
Beyer, D. 2013. SV-COMP 2013. In Tools and Algorithms for the Construction and Analysis of Systems, Piterman, N. and Smolka, S. A., Eds. LNCS, vol. 7795. Springer, 594609.Google Scholar
Beyer, D., Henzinger, T. A., Majumdar, R., and Rybalchenko, A. 2007. Path invariants. In Programming Language Design and Implementation, Ferrante, J. and McKinley, K. S., Eds. ACM, 300309.Google Scholar
Cassez, F., Jensen, P. G., and Larsen, K. G. 2017. Refinement of trace abstraction for real-time programs. In Reachability Problems, Hague, M. and Potapov, I., Eds. LNCS, vol. 10506. Springer, 4258.Google Scholar
Clarke, E. M., Grumberg, O., Jha, S., Lu, Y., and Veith, H. 2003. Counterexample-guided abstraction refinement for symbolic model checking. J. ACM 50, 5, 752794.Google Scholar
Cousot, P. and Cousot, R. 1992. Abstract interpretation and application to logic programs. J. Log. Program. 13, 2&3, 103179.Google Scholar
Cousot, P., Cousot, R., and Logozzo, F. 2011. Precondition inference from intermittent assertions and applications to contracts on collections. In Verification, Model Checking and Abstract Interpretation, Jhala, R. and Schmidt, D., Eds. LNCS, vol. 6538. Springer, 150168.Google Scholar
De Angelis, E., Fioravanti, F., Pettorossi, A., and Proietti, M. 2014. Program verification via iterated specialization. Sci. Comput. Program. 95, 149175.Google Scholar
De Angelis, E., Fioravanti, F., Pettorossi, A., and Proietti, M. 2017. Semantics-based generation of verification conditions via program specialization. Sci. Comput. Program. 147, 78108.Google Scholar
Dutertre, B. 2014. Yices 2.2. In Computer-Aided Verification, Biere, A. and Bloem, R., Eds. LNCS, vol. 8559. Springer, 737744.Google Scholar
Gallagher, J. P. 1993. Specialisation of logic programs: A tutorial. In Proc. ACM SIGPLAN Symp. PEPM'93. ACM Press, 8898.Google Scholar
Gallagher, J. P. and Lafave, L. 1996. Regular approximation of computation paths in logic and functional languages. In Partial Evaluation, Danvy, O., Glück, R., and Thiemann, P., Eds. LNCS, vol. 1110. Springer, 115136.Google Scholar
Graf, S. and Saïdi, H. 1997. Construction of abstract state graphs with PVS. In Computer Aided Verification, 9th International Conference, CAV, Grumberg, O., Ed. Lecture Notes in Computer Science, vol. 1254. Springer, 7283.Google Scholar
Grebenshchikov, S., Lopes, N. P., Popeea, C., and Rybalchenko, A. 2012. Synthesizing software verifiers from proof rules. In Proc. 33rd ACM SIGPLAN Conf. Programming Language Design and Implementation, Vitek, J., Lin, H., and Tip, F., Eds. ACM, 405–416.Google Scholar
Gulavani, B. S., Chakraborty, S., Nori, A. V., and Rajamani, S. K. 2008. Automatically refining abstract interpretations. In Tools and Algorithms for the Construction and Analysis of Systems, Ramakrishnan, C. R. and Rehof, J., Eds. LNCS, vol. 4963. Springer, 443458.Google Scholar
Gupta, A. and Rybalchenko, A. 2009. InvGen: An efficient invariant generator. In Computer-Aided Verification, Bouajjani, A. and Maler, O., Eds. LNCS, vol. 5643. Springer, 634640.Google Scholar
Gurfinkel, A., Kahsai, T., Komuravelli, A., and Navas, J. A. 2015. The SeaHorn verification framework. In Computer Aided Verification, Kroening, D. and Păsăreanu, C. S., Eds. LNCS, vol. 9206. Springer, 343361.Google Scholar
Hermenegildo, M. V., Bueno, F., Carro, M., López-García, P., Mera, E., Morales, J. F., and Puebla, G. 2012. An overview of Ciao and its design philosophy. TPLP 12, 1-2, 219252.Google Scholar
Howe, J. M., King, A., and Lu, L. 2004. Analysing logic programs by reasoning backwards. In Program Development in Computational Logic, Bruynooghe, M. and Lau, K., Eds. LNCS, vol. 3049. Springer, 152188.Google Scholar
Jaffar, J., Maher, M., Marriott, K., and Stuckey, P. J. 1998. The semantics of constraint logic programs. J. Log. Program. 37, 1–3, 146.Google Scholar
Jaffar, J., Murali, V., Navas, J. A., and Santosa, A. E. 2012. TRACER: A symbolic execution tool for verification. In Computer-Aided Verification, Madhusudan, P. and Seshia, S. A., Eds. LNCS, vol. 7358. Springer, 758766.Google Scholar
Jhala, R. and McMillan, K. L. 2006. A practical and complete approach to predicate refinement. In Tools and Algorithms for the Construction and Analysis of Systems, Hermanns, H. and Palsberg, J., Eds. LNCS, vol. 3920. Springer, 459473.Google Scholar
Jones, N., Gomard, C., and Sestoft, P. 1993. Partial Evaluation and Automatic Software Generation. Prentice Hall.Google Scholar
Kafle, B. and Gallagher, J. P. 2017a. Constraint specialisation in Horn clause verification. Sci. Comput. Program. 137, 125140.Google Scholar
Kafle, B. and Gallagher, J. P. 2017b. Horn clause verification with convex polyhedral abstraction and tree automata-based refinement. Computer Languages, Systems & Structures 47, 218.Google Scholar
Kafle, B., Gallagher, J. P., and Morales, J. F. 2016. RAHFT: A tool for verifying Horn clauses using abstract interpretation and finite tree automata. In Computer-Aided Verification, Chaudhuri, S. and Farzan, A., Eds. LNCS, vol. 9779. Springer, 261268.Google Scholar
Marriott, K. and Søndergaard, H. 1993. Precise and efficient groundness analysis for logic programs. ACM LOPLAS 2, 1–4, 181196.Google Scholar
Miné, A. 2006. The octagon abstract domain. Higher-Order and Symbolic Computation 19, 1, 31100.Google Scholar
Miné, A. 2012a. Inferring sufficient conditions with backward polyhedral under-approximations. Electr. Notes Theor. Comput. Sci. 287, 89100.Google Scholar
Miné, A. 2012b. Sufficient condition polyhedral prototype analyzer. https://www-apr.lip6.fr/~mine/banal/syntax.html. Accessed: 2018-01-23.Google Scholar
Moy, Y. 2008. Sufficient preconditions for modular assertion checking. In Verification, Model Checking and Abstract Interpretation, Logozzo, F., Peled, D. A., and Zuck, L. D., Eds. LNCS, vol. 4905. Springer, 188202.Google Scholar
Peralta, J. C., Gallagher, J. P. and Sağlam, H. 1998. Analysis of imperative programs through analysis of constraint logic programs. In Static Analysis, Levi, G., Ed. LNCS, vol. 1503. 246261.Google Scholar