Michael A. Colón

Linear Invariant Generation Using Non-linear Constraint Solving

We present a new method for the generation of linear invariants which reduces the problem to a non-linear constraint solving problem. Our method, based on Farkas’ Lemma, synthesizes linear invariants by extracting non-linear constraints on the coefficients of a target invariant from a program. These constraints guarantee that the linear invariant is inductive. We then apply existing techniques, including specialized quantifier elimination methods over the reals, to solve these non-linear constraints. Our method has the advantage of being complete for inductive invariants. To our knowledge, this is the first sound and complete technique for generating inductive invariants of this form. We illustrate the practicality of our method on several examples, including cases in which traditional methods based on abstract interpretation with widening fail to generate sufficiently strong invariants.

Synthesis of Linear Ranking Functions

Deductive verification of progress properties relies on finding ranking functions to prove termination of program cycles. We present an algorithm to synthesize linear ranking functions that can establish such termination. Fundamental to our approach is the representation of systems of linear inequalities and sets of linear expressions as polyhedral cones. This representation allows us to reduce the search for linear ranking functions to the computation of polars, intersections and projections of polyhedral cones, problems which have well-known solutions.

Practical Methods for Proving Program Termination

We present two algorithms to prove termination of programs by synthesizing linear ranking functions. The first uses an invariant generator based on iterative forward propagation with widening and extracts rankingf unctions from the generated invariants by manipulating polyhedral cones. It is capable of finding subtle ranking functions which are linear combinations of many program variables, but is limited to programs with few variables.The second, more heuristic, algorithm targets the class of structured programs with single-variable ranking functions. Its invariant generator uses a heuristic extrapolation operator to avoid iterative forward propagation over program loops. For the programs we have considered, this approach converges faster and the invariants it discovers are sufficiently strong to imply the existence of ranking functions.

STeP: Deductive-Algorithmic Verification of Reactive and Real-Time Systems

The Stanford Temporal Prover, STeP, combines deductive methods with algorithmic techniques to verify linear-time temporal logic specifications of reactive and real-time systems. STeP uses verification rules, verification diagrams, automatically generated invariants, model checking, and a collection of decision procedures to verify finite- and infinite-state systems.

Generating Finite-State Abstractions of Reactive Systems Using Decision Procedures

We present an algorithm that uses decision procedures to generate finite-state abstractions of possibly infinite-state systems. The algorithm compositionally abstracts the transitions of the system, relative to a given, fixed set of assertions. Thus, the number of validity checks is proportional to the size of the system description, rather than the size of the abstract state-space. The generated abstractions are weakly preserving for ∀CTL temporal properties. We describe several applications of the algorithm, implemented using the decision procedures of the Stanford Temporal Prover (STeP).

Verifying Temporal Properties of Reactive Systems: A STeP Tutorial

We review a number of formal verification techniques supported by STeP, the Stanford Temporal Prover, describing how the tool can be used to verify properties of several versions of the Bakery Mutual exclusion algorithm for mutual exclusion. We verify the classic two-process algorithm and simple variants, as well as an atomic parameterized version. The methods used include deductive verification rules, verification diagrams, automatic invariant generation, and finite-state model checking and abstraction.

Efficient strongly relational polyhedral analysis

Polyhedral analysis infers invariant linear equalities and inequalities of imperative programs. However, the exponential complexity of polyhedral operations such as image computation and convex hull limits the applicability of polyhedral analysis. Weakly relational domains such as intervals and octagons address the scalability issue by considering polyhedra whose constraints are drawn from a restricted, user-specified class. On the other hand, these domains rely solely on candidate expressions provided by the user. Therefore, they often fail to produce strong invariants. We propose a polynomial time approach to strongly relational analysis. We provide efficient implementations of join and post condition operations, achieving a trade off between performance and accuracy. We have implemented a strongly relational polyhedral analyzer for a subset of the C language. Initial experimental results on benchmark examples are encouraging.

Approximating the Algebraic Relational Semantics of Imperative Programs

We present a novel static analysis for approximating the algebraic relational semantics of imperative programs. Our method is based on abstract interpretation in the lattice of polynomial pseudo ideals of bounded degree – finite-dimensional vector spaces of polynomials of bounded degree which are closed under bounded degree products. For a fixed bound, the space complexity of our approach and the iterations required to converge on fixed points are bounded by a polynomial in the number of program variables. Nevertheless, for several programs taken from the literature on non-linear polynomial invariant generation, our analysis produces results that are as precise as those produced by more heavy-weight Grobner basis methods.

An Update on STeP: Deductive-Algorithmic Verification of Reactive Systems

The Stanford Temporal Prover, STeP, is a tool for the computer-aided formal verification of reactive systems, including real-time and hybrid systems, based on their temporal specification. STeP integrates methods for deductive and algorithmic verification, including model checking, theorem proving, automatic invariant generation, abstraction and modular reasoning. We describe the most recent version of STeP, Version 2.0.

Schema-guided synthesis of imperative programs by constraint solving

We present a method for schema-guided synthesis of imperative programs computing polynomial functions and their inverses. The schemas of our approach contain parameters representing both fragments of code and fragments of invariants, and they generate programs annotated with loop invariants establishing partial correctness. Schema application entails simultaneously instantiating the code parameters to polynomials and the invariant parameters to systems of polynomial equalities. By bounding the degrees of these polynomials and their number, our method reduces schema instantiation to non-linear constraint solving, based on the theory of polynomial ideals. Although non-linear constraint solving is NP-hard, a solution can be generated automatically when the resulting system contains few constraints. A specialization of our method yields linear constraints by further restricting the form of the invariants. This restriction improves the efficiency of constraint solving, but may fail to synthesize programs derivable by the general method.