Invariant relations for affine loops

Acta Informatica, May 2024

Invariant relations are used to analyze while loops; while their primary application is to derive the function of a loop, they can also be used to derive loop invariants, weakest preconditions, strongest postconditions, sufficient conditions of correctness, necessary conditions of correctness, and termination conditions of loops. In this paper we present two generic invariant relations that capture the semantics of loops whose loop body applies affine transformations on numeric variables.

Article PDF cannot be displayed. You can download it here:

https://link.springer.com/content/pdf/10.1007/s00236-024-00457-9.pdf

Invariant relations for affine loops

Acta Informatica https://doi.org/10.1007/s00236-024-00457-9 ORIGINAL ARTICLE Invariant relations for affine loops Wided Ghardallou1 · Hessamaldin Mohammadi2 · Richard C. Linger3 · Mark Pleszkoch4 · JiMeng Loh2 · Ali Mili2 Received: 16 July 2023 / Accepted: 15 March 2024 © The Author(s) 2024 Abstract Invariant relations are used to analyze while loops; while their primary application is to derive the function of a loop, they can also be used to derive loop invariants, weakest preconditions, strongest postconditions, sufficient conditions of correctness, necessary conditions of correctness, and termination conditions of loops. In this paper we present two generic invariant relations that capture the semantics of loops whose loop body applies affine transformations on numeric variables. 1 Introduction 1.1 Position of the problem This work is part of an effort to derive the function of C-like programs, including while loops. Given a while loop, an invariant relation thereof is a binary relation that includes pairs of states that are separated by an arbitrary number of iterations of the loop. Invariant This work is partially supported by NSF through Grant Number DGE1565478. B Ali Mili Wided Ghardallou Hessamaldin Mohammadi Richard C. Linger Mark Pleszkoch JiMeng Loh 1 University of Sousse, Sousse, Tunisia 2 New Jersey Institute of Technology, Newark, NJ, USA 3 AssuranceLabs, Gaithersburg, MD, USA 4 Institute for Defense Analysis, Alexandria, VA, USA 123 W. Ghardallou et al. relations are shown to be useful in analyzing while loop semantics: they can be used to derive the function of a loop [48, 49, 51], to generate loop invariants of a loop [31], to prove or disprove the correctness of a loop [45], to compute or approximate the weakest precondition and the strongest postcondition of a loop [19], to repair a faulty loop [18], and to compute or approximate the termination condition of a loop [10]. But invariant relations are useful in practice only to the extent that we can generate them automatically; to this effect, we adopt a pattern matching-based approach discussed in [10, 18, 19, 31, 45, 49, 51]. We define and store templates (which we call recognizers) that represent commonly occuring patterns in program functions (e.g. for a particular application domain), alongside the corresponding patterns that represent their invariant relations; these recognizers are selected to capture the requisite programming knowledge and domain knowledge that are needed to analyse programs in the targeted application domain. Invariant relations are generated by matching the actual function of the guarded loop body against formal recognizers; in case of a match, we generate an actual invariant relation for the loop by instantiating the formal invariant relation of the recognizer with the actual variables of the program. The success of this pattern matching approach is critically dependent on the availability of recognizers that are generally applicable and produce a precise invariant relation pattern. In this paper, we present two generic recognizers for loops that apply affine transformations on numeric variables; we argue that these two recognizers are sufficient to capture the semantics of any loop that performs affine transformations on numeric variables, regardless of their number. By extension, these two recognizers are also applicable to loops that perform a transformation of the form X  = AX + B, where X and B are vectors of size N and A is a matrix of size N × N , provided A is diagonalisable. 1.2 Related work Loops that perform affine transformations have been the focus of some research interest in the past [1, 21, 22, 28]. In [28] Jeannet et al. justify this level of interest by the fact that such loops occur very often in control and digital signal processing software, due to the presence of filters, integrators and iterative loops for solving equations or interpolating complex functions by means of splines. The analysis of affine loops has focused on deriving their loop invariants, and has generally been restricted to deriving loop invariants that have the form of affine equalities (AX = B) and affine inequalities (AX ≤ B) [1, 21, 22, 28, 32]. This has come to be known under the name Linear Relations Analysis [22] and has relied primarily on abstract interpretation [6] and an optimized version thereof, abstract acceleration [20]. In [1] Ancourt et al. propose to automate the analysis of affine loops by approximating loop behaviors with affine equalities and inequalities; but unlike the traditional approach that is based on state assertions [6], Ancourt et al. focus on state transformers, and attempt to capture approximations of the transitive closure of the function of the guarded loop body by means of affine formulae; as such, their quest is similar to the derivation of invariant relations, which we pursue in this paper. In [12] Farzan and Kincaid present a semantic definition of C-like programs modeled by control flow automata where edges are labeled by program statements. A semantic function maps control flow edges to transformations of the state of the program, where the function of a path is the relational composition of the transformations associated with the edges that form the path. Since iteration creates an infinity of paths of unbounded length, Farzan and Kincaid proceed by formulating iterative transformations as recurrence equations, then solving the recurrence equation by eliminating the recurrence variable to derive relationships between 123 Invariant relations for affine loops the initial and final state variable values of iterative statements. Farzan and Kincaid make provisions for simple recurrence, where a variable is updated iteratively according to some recurrence formula, and stratified recurrence, where a variable that is defined by a recurrence formula is involved in the recurrence equation of another variable. In [26], Humenberger et al. discuss the automatic generation of polynomial form loop invariants for a class of P-solvable loops that includes sums and products of hypergeometric and C-finite sequences; the technique is implemented in Mathematica (©Wolfram Research) on top of the loop invariant generator tool Aligator [24, 39]. The proposed method applies to loops whose loop body only includes a sequence of assignments of the form vi = fi (v1, v2, ... vn); where v1 , v2 , ..., vn are scalar variables and f i are rational functions. This approach is applicable under some restrictive conditions on the control structure of the loop body. These restrictions are lifted in [27] where Humenberger et al. discuss how to derive loop invariants for multi-path loops with polynomial assignments; multi-path loops arise when we have branching logic in the loop body, rather than a single sequence of assignments. Humenberger et al. proceed in three steps: (i) turn the multi-path loop into a sequence of single-path loops; (ii) generate t (...truncated)


This is a preview of a remote PDF: https://link.springer.com/content/pdf/10.1007/s00236-024-00457-9.pdf
Article home page: https://link.springer.com/article/10.1007/s00236-024-00457-9

Ghardallou, Wided, Mohammadi, Hessamaldin, Linger, Richard C., Pleszkoch, Mark, Loh, JiMeng, Mili, Ali. Invariant relations for affine loops, Acta Informatica, 2024, pp. 1-54, DOI: 10.1007/s00236-024-00457-9