Abstract
In this article, we propose a unified framework for designing static analysers based on program synthesis. For this purpose, we identify a fragment of second-order logic with restricted quantification that is expressive enough to model numerous static analysis problems (e.g., safety proving, bug finding, termination and non-termination proving, refactoring). As our focus is on programs that use bit-vectors, we build a decision procedure for this fragment over finite domains in the form of a program synthesiser. We provide instantiations of our framework for solving a diverse range of program verification tasks such as termination, non-termination, safety and bug finding, superoptimisation, and refactoring. Our experimental results show that our program synthesiser compares positively with specialised tools in each area as well as with general-purpose synthesisers.
Supplemental Material
Available for Download
- Alessandro Abate, Iury Bessa, Dario Cattaruzza, Lucas Cordeiro, Cristina David, Pascal Kesseli, and Daniel Kroening. 2017. Sound and automated synthesis of digital stabilizing controllers for continuous plants. In Proceedings of the 20th International Conference on Hybrid Systems: Computation and Control (HSCC’17). ACM, New York, 197--206. Google Scholar
Digital Library
- Alessandro Abate, Iury Bessa, Dario Cattaruzza, Lucas C. Cordeiro, Cristina David, Pascal Kesseli, Daniel Kroening, and Elizabeth Polgreen. 2017. Automated formal synthesis of digital controllers for state-space physical plants. In Proceedings of the 29th International Conference on Computer Aided Verification (CAV’17). 462--482.Google Scholar
Cross Ref
- Rajeev Alur, Rastislav Bodík, Garvit Juniwal, Milo M. K. Martin, Mukund Raghothaman, Sanjit A. Seshia, Rishabh Singh, Armando Solar-Lezama, Emina Torlak, and Abhishek Udupa. 2013. Syntax-guided synthesis. In Proceedings on Formal Methods in Computer-Aided Design (FMCAD’13). 1--8.Google Scholar
Cross Ref
- Rajeev Alur, Rastislav Bodík, Garvit Juniwal, Milo M. K. Martin, Mukund Raghothaman, Sanjit A. Seshia, Rishabh Singh, Armando Solar-Lezama, Emina Torlak, and Abhishek Udupa. 2013. Syntax-guided synthesis. In Proceedings on Formal Methods in Computer-Aided Design (FMCAD’13). IEEE, 1--8.Google Scholar
Cross Ref
- Karl Johan Astrom and Richard M. Murray. 2008. Feedback Systems: An Introduction for Scientists and Engineers. Princeton University Press, Princeton, NJ. Google Scholar
Digital Library
- Karl J. Åström and Björn Wittenmark. 1990. Computer-Controlled Systems: Theory and Design. Prentice-Hall, Inc., Upper Saddle River, NJ. Google Scholar
Digital Library
- James Avery. 2006. Size-change termination and bound analysis. In Proceedings of the 8th International Conference on Functional and Logic Programming (FLOPS’06). Springer, 192--207. Google Scholar
Digital Library
- Thomas Ball, Ella Bounimova, Vladimir Levin, Rahul Kumar, and Jakob Lichtenberg. 2010. The static driver verifier research platform. In Proceedings on Computer Aided Verification (CAV’10). Springer, 119--122. Google Scholar
Digital Library
- Amir M. Ben-Amram. 2010. Size-change termination, monotonicity constraints and ranking functions. Logical Methods in Computer Science 6, 3 (2010).Google Scholar
- Amir M. Ben-Amram and Samir Genaim. 2013. On the linear ranking problem for integer linear-constraint loops. In Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’13). ACM, New York, 51--62. Google Scholar
Digital Library
- Tewodros A. Beyene, Marc Brockschmidt, and Andrey Rybalchenko. 2014. CTL+FO verification as constraint solving. In Proceedings of the 2014 International SPIN Symposium on Model Checking of Software (SPIN’14). ACM, New York, 101--104. Google Scholar
Digital Library
- Tewodros A. Beyene, Corneliu Popeea, and Andrey Rybalchenko. 2013. Solving existentially quantified horn clauses. In Proceedings of the 25th International Conference on Computer Aided Verification (CAV’13). Springer, 869--882.Google Scholar
Cross Ref
- Dirk Beyer and M. Erkan Keremoglu. 2011. CPAchecker: A tool for configurable software verification. In Computer Aided Verification, Ganesh Gopalakrishnan and Shaz Qadeer (Eds.). Lecture Notes in Computer Science, Vol. 6806. Springer, 184--190. Google Scholar
Digital Library
- Aaron R. Bradley, Zohar Manna, and Henny B. Sipma. 2005. Linear ranking with reachability. In Proceedings of the 17th International Conference on Computer Aided Verification (CAV’05). Springer, 491--504. Google Scholar
Digital Library
- Aaron R. Bradley, Zohar Manna, and Henny B. Sipma. 2005. The polyranking principle. In Proceedings of the 32nd International Conference on Automata, Languages and Programming (ICALP’05). Springer, 1349--1361. Google Scholar
Digital Library
- Aaron R. Bradley, Zohar Manna, and Henny B. Sipma. 2005. Termination of polynomial programs. In Proceedings of the 6th International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI’05). Springer, 113--129. Google Scholar
Digital Library
- Martin Brain and others. 2006. TOAST: Applying answer set programming to superoptimisation. In Proceedings of ICLP. Google Scholar
Digital Library
- M. F. Brameier and W. Banzhaf. 2007. Linear Genetic Programming. Springer. Google Scholar
Digital Library
- Marc Brockschmidt, Byron Cook, and Carsten Fuhs. 2013. Better termination proving through cooperation. In Proceedings of the 25th International Conference on Computer Aided Verification (CAV’13). Springer, 413--429.Google Scholar
Cross Ref
- Hong-Yi Chen, Byron Cook, Carsten Fuhs, Kaustubh Nimkar, and Peter O’Hearn. 2014. Proving Nontermination via Safety. Springer, 156--171.Google Scholar
- Hong Yi Chen, Shaked Flur, and Supratik Mukhopadhyay. 2012. Termination proofs for linear simple loops. In Proceedings of Static Analysis (SAS’12). Springer, 422--438. Google Scholar
Digital Library
- Alvin Cheung, Armando Solar-Lezama, and Samuel Madden. 2013. Optimizing database-backed applications with query synthesis. In Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’13). ACM, New York, 3--14. Google Scholar
Digital Library
- Alonzo Church. 1962. Logic, arithmetic, automata. In Proceedings of the International Congress of Mathematicians. 23--35.Google Scholar
- Edmund Clarke, Armin Biere, Richard Raimi, and Yunshan Zhu. 2001. Bounded model checking using satisfiability solving. Formal Methods in Systems Design. 19, 1 (July 2001), 7--34. Google Scholar
Digital Library
- Edmund Clarke, Daniel Kroening, and Karen Yorav. 2003. Behavioral consistency of C and verilog programs using bounded model checking. In Proceedings of the 40th Annual Design Automation Conference (DAC’03). ACM, New York, 368--371. Google Scholar
Digital Library
- Edmund M. Clarke, Orna Grumberg, and David E. Long. 1994. Model checking and abstraction. ACM Transactions on Programming Languages and Systems 16, 5 (Sept. 1994), 1512--1542. Google Scholar
Digital Library
- Michael Codish and Samir Genaim. 2003. Proving termination one loop at a time. In Proceedings of the 13th Workshop on Logic Programming Environments. 48--59.Google Scholar
- Byron Cook, Daniel Kroening, Philipp Rümmer, and Christoph M. Wintersteiger. 2010. Ranking function synthesis for bit-vector relations. In Proceedings of the 16th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’10). Springer, 236--250. Google Scholar
Digital Library
- Byron Cook, Andreas Podelski, and Andrey Rybalchenko. 2006. Termination proofs for systems code. In Proceedings of the ACM SIGPLAN 2006 Conference on Programming Language Design and Implementation. 415--426. Google Scholar
Digital Library
- Byron Cook, Abigail See, and Florian Zuleger. 2013. Ramsey vs. lexicographic termination proving. In Proceedings of the 19th International Coference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’13). 47--61. Google Scholar
Digital Library
- Patrick Cousot and Radhia Cousot. 1977. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Conference Record of the 4th ACM Symposium on Principles of Programming Languages (POPL’77). 238--252. Google Scholar
Digital Library
- Cristina David, Pascal Kesseli, and Daniel Kroening. 2016. Kayak: Safe Semantic Refactoring to Java Streams. Technical Report. University of Oxford. https://www.cs.ox.ac.uk/files/9156/stream-extended.pdf.Google Scholar
- Cristina David, Pascal Kesseli, Daniel Kroening, and Matt Lewis. 2016. Danger invariants. In Proceedings of the 21st International Symposium on Formal Methods (FM’16). 182--198.Google Scholar
Cross Ref
- Cristina David and Daniel Kroening. 2017. Program synthesis: Challenges and opportunities. In Philosophical Transactions of the Royal Society A. To appear.Google Scholar
- Cristina David, Daniel Kroening, and Matt Lewis. 2015. Unrestricted termination and non-termination arguments for bit-vector programs. In Proceedings of the 24th European Symposium on Programming Languages and Systems (ESOP’15). 183--204.Google Scholar
Cross Ref
- Cristina David, Daniel Kroening, and Matt Lewis. 2015. Using program synthesis for program analysis. In Proceedings of the 20th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning (LPAR-20). 483--498. Google Scholar
Digital Library
- Leonardo Mendonça de Moura and Nikolaj Bjørner. 2008. Deciding effectively propositional logic using DPLL and substitution sets. In Proceedings of the 4th International Joint Conference on Automated Reasoning (IJCAR’08). 410--425.Google Scholar
Digital Library
- Nachum Dershowitz, Naomi Lindenstrauss, Yehoshua Sagiv, and Alexander Serebrenik. 2001. A general framework for automatic termination analysis of logic programs. Applicable Algebra in Engineering, Communication and Computing 12, 1/2 (2001), 117--156.Google Scholar
Cross Ref
- Ronald Fagin. 1974. Generalized first-order spectra and polynomial-time recognizable sets. In Complexity of Computation, R. Karp (Ed.).Google Scholar
- Robert W. Floyd. 1993. Assigning Meanings to Programs. Springer, Dordrecht, Netherlands, 65--81.Google Scholar
- Gene F. Franklin, David J. Powell, and Abbas Emami-Naeini. 2001. Feedback Control of Dynamic Systems (4th ed.). Prentice Hall PTR, Upper Saddle River, NJ. Google Scholar
Digital Library
- Pranav Garg, Christof Löding, P. Madhusudan, and Daniel Neider. 2014. ICE: A Robust Framework for Learning Invariants. Springer International Publishing, Cham, 69--87.Google Scholar
- Benny Godlin and Ofer Strichman. 2010. Inference rules for proving the equivalence of recursive procedures, Time for Verification. Springer, 167--184. http://dl.acm.org/citation.cfm?id=1880443.1880451 Google Scholar
Digital Library
- Faustino Gomez and Risto Miikkulainen. 1997. Incremental evolution of complex general behavior. Adaptive Behavior 5, 3--4 (1997), 317--342. Google Scholar
Digital Library
- Sergey Grebenshchikov, Nuno P. Lopes, Corneliu Popeea, and Andrey Rybalchenko. 2012. Synthesizing software verifiers from proof rules. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’12). 405--416. Google Scholar
Digital Library
- Sumit Gulwani. 2010. Dimensions in program synthesis. In Proceedings of the 12th International ACM SIGPLAN Symposium on Principles and Practice of Declarative Programming (PPDP’10). ACM, New York, 13--24. Google Scholar
Digital Library
- Sumit Gulwani, Sagar Jain, and Eric Koskinen. 2009. Control-flow refinement and progress invariants for bound analysis. In Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’09). 375--385. Google Scholar
Digital Library
- Sumit Gulwani, Susmit Jha, Ashish Tiwari, and Ramarathnam Venkatesan. 2011. Synthesis of loop-free programs. In Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’11). ACM, New York, 62--73. Google Scholar
Digital Library
- Sumit Gulwani, Saurabh Srivastava, and Ramarathnam Venkatesan. 2008. Program analysis as constraint solving. In Proceedings of the ACM SIGPLAN 2008 Conference on Programming Language Design and Implementation (PLDI’08). 281--292. Google Scholar
Digital Library
- Ashutosh Gupta, Thomas A. Henzinger, Rupak Majumdar, Andrey Rybalchenko, and Ru-Gang Xu. 2008. Proving non-termination. SIGPLAN Notices 43, 1 (Jan. 2008), 147--158. Google Scholar
Digital Library
- Arie Gurfinkel, Temesghen Kahsai, and Jorge A. Navas. 2015. SeaHorn: A framework for verifying C programs (competition contribution). In Tools and Algorithms for the Construction and Analysis of Systems, Christel Baier and Cesare Tinelli (Eds.). Lecture Notes in Computer Science, Vol. 9035. Springer, 447--450. Google Scholar
Digital Library
- Arvind Haran, Montgomery Carter, Michael Emmi, Akash Lal, Shaz Qadeer, and Zvonimir Rakamarić. 2015. SMACK+Corral: A modular verifier (competition contribution). In Proceedings of the 21st International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’15), Lecture Notes in Computer Science, Vol. 9035, Christel Baier and Cesare Tinelli (Eds.). Springer, 450--453. Google Scholar
Digital Library
- William R. Harris, Akash Lal, Aditya V. Nori, and Sriram K. Rajamani. 2010. Alternation for termination. In Proceedings of the 17th International Symposium on Static Analysis (SAS’10). 304--319. Google Scholar
Digital Library
- Matthias Heizmann, Jochen Hoenicke, Jan Leike, and Andreas Podelski. 2013. Linear Ranking for Linear Lasso Programs. Springer International Publishing, Cham, 365--380.Google Scholar
- Georg Hofferek, Ashutosh Gupta, Bettina Könighofer, Jie-Hong Roland Jiang, and Roderick Bloem. 2013. Synthesizing multiple Boolean functions using interpolation on a single proof. http://arxiv.org/abs/1308.4767, CoRR abs/1308.4767.Google Scholar
- Ming-Yee Iu, Emmanuel Cecchet, and Willy Zwaenepoel. 2010. JReq: Database queries in imperative languages. In Proceedings of the 19th Joint European Conference on Theory and Practice of Software and International Conference on Compiler Construction (CC’10/ETAPS’10). Springer, 84--103. Google Scholar
Digital Library
- Susmit Jha, Sumit Gulwani, Sanjit A. Seshia, and Ashish Tiwari. 2010. Oracle-guided component-based program synthesis. In Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1 (ICSE’10). ACM, New York, 215--224. Google Scholar
Digital Library
- Lee H. Keel and Shankar P. Bhattacharyya. 1997. Robust, fragile, or optimal? IEEE Transactions on Automatic Control 42, 8 (1997), 1098--1105.Google Scholar
Cross Ref
- Lee H. Keel and Shankar P. Bhattacharyya. 1998. Stability margins and digital implementation of controllers. In Proceedings of the American Control Conference, Vol. 5. 2852--2856.Google Scholar
- Soonho Kong, Yungbum Jung, Cristina David, Bow-Yaw Wang, and Kwangkeun Yi. 2010. Automatically Inferring Quantified Loop Invariants by Algorithmic Learning from Simple Templates. Springer, 328--343.Google Scholar
- Ina Kraan, David Basin, and Alan Bundy. 1993. Logic program synthesis via proof planning. In Logic Program Synthesis and Transformation. 1--14.Google Scholar
- Daniel Kroening, Matt Lewis, and Georg Weissenbacher. 2013. Under-approximating loops in C programs for fast counterexample detection. In Proceedings of the 25th International Conference on Computer Aided Verification (CAV’13). Springer, 381--396.Google Scholar
Cross Ref
- Daniel Kroening, Matt Lewis, and Georg Weissenbacher. 2015. Proving safety with trace automata and bounded model checking. In Proceedings of the 20th International Symposium on Formal Methods (FM’15). 325--341.Google Scholar
Cross Ref
- Daniel Kroening, Natasha Sharygina, Aliaksei Tsitovich, and Christoph M. Wintersteiger. 2010. Termination analysis with compositional transition invariants. In Proceedings of the 22nd International Conference on Computer Aided Verification (CAV’10). 89--103. Google Scholar
Digital Library
- William B. Langdon and Riccardo Poli. 2002. Foundations of Genetic Programming. Springer. Google Scholar
Digital Library
- Daniel Larraz, Albert Oliveras, Enric Rodríguez-Carbonell, and Albert Rubio. 2013. Proving termination of imperative programs using Max-SMT. In Proceedings of 2013 Formal Methods in Computer-Aided Design. 218--225.Google Scholar
Cross Ref
- Zohar Manna and Richard J. Waldinger. 1971. Toward automatic program synthesis. Communications of the ACM 14, 3 (March 1971), 151--165. Google Scholar
Digital Library
- Kenneth L. McMillan. 2006. Lazy abstraction with interpolants. In Proceedings of the 18th International Conference on Computer Aided Verification (CAV’06). Springer, 123--136. Google Scholar
Digital Library
- Aditya V. Nori and Sriram K. Rajamani. 2010. An empirical study of optimizations in yogi. In Proceedings of the International Conference on Software Engineering (ICSE’10). Association for Computing Machinery, Inc. http://research.microsoft.com/apps/pubs/default.aspx?id=117670 Google Scholar
Digital Library
- Aditya V. Nori and Rahul Sharma. 2013. Termination proofs from tests. In Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering (ESEC/FSE’13). ACM, New York, 246--256. Google Scholar
Digital Library
- Andreas Podelski and Andrey Rybalchenko. 2004. A complete method for the synthesis of linear ranking functions. In Proceedings of the, 5th International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI’04). 239--251.Google Scholar
Cross Ref
- Andreas Podelski and Andrey Rybalchenko. 2004. Transition invariants. In Proceedings of the 19th Annual IEEE Symposium on Logic in Computer Science (LICS’04). IEEE Computer Society, 32--41. Google Scholar
Digital Library
- Phillip Porras, Hassen Saïdi, and Vinod Yegneswaran. 2009. A foray into conficker’s logic and rendezvous points. In Proceedings of the 2nd USENIX Conference on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More (LEET’09). USENIX Association, 7--7. http://dl.acm.org/citation.cfm?id=1855676.1855683 Google Scholar
Digital Library
- Andrew Reynolds, Morgan Deters, Viktor Kuncak, Cesare Tinelli, and Clark Barrett. 2015. Counterexample-Guided Quantifier Instantiation for Synthesis in SMT. Springer International Publishing, Cham, 198--216.Google Scholar
- Andrey Rybalchenko. 2011. ARMC. Retrieved November 2014 from http://www7.in.tum.de/rybal/armc.Google Scholar
- Armando Solar-Lezama, Liviu Tancau, Rastislav Bodík, Sanjit A. Seshia, and Vijay A. Saraswat. 2006. Combinatorial sketching for finite programs. In Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’06). 404--415. Google Scholar
Digital Library
- SV-COMP. 2015. Retrieved November 2014 from http://sv-comp.sosy-lab.org/2015/.Google Scholar
- SV-COMP. 2016. Retrieved November 2015 from http://sv-comp.sosy-lab.org/2016/.Google Scholar
- Alan Turing. 1936. On computable numbers with an application to the Entscheidungsproblem. Proceedings of the London Mathematical Society 2 (1936), 230–265.Google Scholar
- Caterina Urban. 2013. The abstract domain of segmented ranking functions. In Proceedings of the 20th International Symposium on Static Analysis (SAS’13). 43--62.Google Scholar
Cross Ref
- Timothy E. Wang, Pierre-Loïc Garoche, Pierre Roux, Romain Jobredeaux, and Eric Feron. 2016. Formal analysis of robustness at model and code level. In Proceedings of the 19th International Conference on Hybrid Systems: Computation and Control (HSCC’16). 125--134. Google Scholar
Digital Library
- Henry S. Warren. 2002. Hacker’s Delight. Addison-Wesley Longman Publishing Co., Inc., Boston, MA.Google Scholar
- Christoph M. Wintersteiger, Youssef Hamadi, and Leonardo Moura. 2013. Efficiently solving quantified bit-vector formulas. Formal Methods in System. Design 42, 1 (Feb. 2013), 3--23. Google Scholar
Digital Library
Index Terms
Program Synthesis for Program Analysis
Recommendations
Algorithmic program synthesis: introduction
Program synthesis is a process of producing an executable program from a specification. Algorithmic synthesis produces the program automatically, without an intervention from an expert. While classical compilation falls under the definition of ...
The PSI Program Model Builder - synthesis of very high-level programs
Proceedings of the 1977 symposium on Artificial intelligence and programming languagesA system called the Program Model Builder (PMB) is being designed and implemented to perform the basic operations required to synthesize and modify programs. PMB plays a central role as one of the expert modules of the PSI (ψ) program synthesis system. ...
Using Program Synthesis for Program Analysis
LPAR-20 2015: Proceedings of the 20th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning - Volume 9450In this paper, we propose a unified framework for designing static analysers based on program synthesis. For this purpose, we identify a fragment of second-order logic with restricted quantification that is expressive enough to capture numerous static ...






Comments