Program analysis as constraint solving

Gulwani, Sumit; Srivastava, Saurabh; Venkatesan, Ramarathnam

doi:10.1145/1375581.1375616

Cited by 148 publications

(118 citation statements)

References 37 publications

Supporting

Mentioning

116

Contrasting

Unclassified

Order By: Relevance

“…Similar to us, Clousot [41] improves its performance by conjoining equalities and inequalities over boxes. Some approaches like [25,26,52,32,34,29,43] can handle disjunctions, but they restrict the number of disjunctions by widening, manual input, or trace based heuristics. In contrast, [28] handles disjunctions of a specific form.…”

Section: Comparison With Linear Invariant Generationmentioning

confidence: 99%

Verification as Learning Geometric Concepts

et al. 2013

View full text Add to dashboard Cite

Abstract. We formalize the problem of program verification as a learning problem, showing that invariants in program verification can be regarded as geometric concepts in machine learning. Safety properties define bad states: states a program should not reach. Program verification explains why a program's set of reachable states is disjoint from the set of bad states. In Hoare Logic, these explanations are predicates that form inductive assertions. Using samples for reachable and bad states and by applying well known machine learning algorithms for classification, we are able to generate inductive assertions. By relaxing the search for an exact proof to classifiers, we obtain complexity theoretic improvements. Further, we extend the learning algorithm to obtain a sound procedure that can generate proofs containing invariants that are arbitrary boolean combinations of polynomial inequalities. We have evaluated our approach on a number of challenging benchmarks and the results are promising.

show abstract

Section: Comparison With Linear Invariant Generationmentioning

confidence: 99%

Verification as Learning Geometric Concepts

et al. 2013

View full text Add to dashboard Cite

show abstract

“…Constraint-based techniques have been recently used for discovering linear arithmetic invariants (conjunctive invariants [11][12][13][14] as well as disjunctive invariants [15] in the context of verifying safety properties as well as discovering ranking functions for proving termination [16,17]). Constraint-based techniques have also been applied for discovering non-linear polynomial invariants [13,18] and invariants in the combined theory of linear arithmetic and uninterpreted functions [19].…”

Section: Weakest Precondition Inferencementioning

confidence: 99%

“…As a result, earlier work on constraint-based techniques (with the exception of [15]) has been limited to program verification as opposed to other program analysis problems such as weakest precondition generation. This paper demonstrates the applicability of constraint-based methodology to the problem of weakest precondition generation, which in turn can be used for generation of most-general counterexamples (assuming program termination).…”

Section: Weakest Precondition Inferencementioning

confidence: 99%

“…This paper demonstrates the applicability of constraint-based methodology to the problem of weakest precondition generation, which in turn can be used for generation of most-general counterexamples (assuming program termination). The technique used for weakest precondition generation in [15] is based on binary search over arithmetic coefficients from a bounded range, while the technique used for weakest precondition generation in this paper relies on monotonicity of implication of a conjunctive set of predicates.…”

Section: Weakest Precondition Inferencementioning

confidence: 99%

See 1 more Smart Citation

Constraint-Based Invariant Inference over Predicate Abstraction

Gulwani

Srivastava

Venkatesan

2008

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. This paper describes a constraint-based invariant generation technique for proving the validity of safety assertions over the domain of predicate abstraction in an interprocedural setting. The key idea of the technique is to represent each invariant in bounded DNF form by means of boolean indicator variables, one for each predicate p and each disjunct d denoting whether p is present in d or not. The verification condition of the program is then encoded by means of a boolean formula over these boolean indicator variables such that any satisfying assignment to the formula yields the inductive invariants for proving the validity of given program assertions. This paper also describes how to use the constraint-based methodology for generating weakest preconditions for safety assertions. An interesting application of weakest precondition generation is to produce mostgeneral counterexamples for safety assertions. We also present preliminary experimental evidence demonstrating the feasibility of this technique.

show abstract

“…Also related but different from ours is work in the areas of invariant generation and specification mining, which extract properties of a program or system model, such as invariants [22,13,23], temporal logic formulas [27,33] or non-deterministic finite automata [6].…”

Section: Introductionmentioning

confidence: 99%

Learning Moore Machines from Input-Output Traces

Giantamidis

Tripakis

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. The problem of learning automata from example traces (but no equivalence or membership queries) is fundamental in automata learning theory and practice. In this paper we study this problem for finite state machines with inputs and outputs, and in particular for Moore machines. We develop three algorithms for solving this problem: (1) the PTAP algorithm, which transforms a set of input-output traces into an incomplete Moore machine and then completes the machine with self-loops; (2) the PRPNI algorithm, which uses the well-known RPNI algorithm for automata learning to learn a product of automata encoding a Moore machine; and (3) the MooreMI algorithm, which directly learns a Moore machine using PTAP extended with state merging. We prove that MooreMI has the fundamental identification in the limit property. We also compare the algorithms experimentally in terms of the size of the learned machine and several notions of accuracy, introduced in this paper. Finally, we compare with OSTIA, an algorithm that learns a more general class of transducers, and find that OSTIA generally does not learn a Moore machine, even when fed with a characteristic sample.

show abstract

Program analysis as constraint solving

Cited by 148 publications

References 37 publications

Verification as Learning Geometric Concepts

Verification as Learning Geometric Concepts

Constraint-Based Invariant Inference over Predicate Abstraction

Learning Moore Machines from Input-Output Traces

Contact Info

Product

Resources

About