Danger Invariants

Cristina David, Pascal Kesseli*, Matt Lewis

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

11 Citations (Scopus)
129 Downloads (Pure)

Abstract

Static analysers search for overapproximating proofs of safety commonly known as safety invariants. Conversely, static bug finders (e.g. Bounded Model Checking) give evidence for the failure of an assertion in the form of a counterexample trace. As opposed to safety invariants, the size of a counterexample is dependent on the depth of the bug, i.e., the length of the execution trace prior to the error state, which also determines the computational effort required to find them. We propose a way of expressing danger proofs that is independent of the depth of bugs. Essentially, such danger proofs constitute a compact representation of a counterexample trace, which we call a danger invariant. Danger invariants summarise sets of traces that are guaranteed to be able to reach an error state. Our conjecture is that such danger proofs will enable the design of bug finding analyses for which the computational effort is independent of the depth of bugs, and thus find deep bugs more efficiently. As an exemplar of an analysis that uses danger invariants, we design a bug finding technique based on a synthesis engine. We implemented this technique and compute danger invariants for intricate programs taken from SV-COMP 2016.
Original languageEnglish
Title of host publicationFormal Methods
EditorsJohn Fitzgerald, Constance Heitmeyer, Stefania Gnesi, Anna Philippou
PublisherSpringer Nature
Pages182-198
Number of pages17
ISBN (Electronic)978-3-319-48989-6
ISBN (Print)978-3-319-48988-9
DOIs
Publication statusE-pub ahead of print - 8 Nov 2016

Publication series

Name Lecture Notes in Computer Science
PublisherSpringer Nature
Volume9995
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Research Groups and Themes

  • Programming Languages

Fingerprint

Dive into the research topics of 'Danger Invariants'. Together they form a unique fingerprint.

Cite this