Explaining Counterexamples with Giant-Step Assertion Checking

Explaining Counterexamples with Giant-Step Assertion Checking

Identifying the cause of a proof failure during deductive verification of programs is hard: it may be due to an incorrectness in the program, an incompleteness in the program annotations, or an incompleteness of the prover. The changes needed to resolve a proof failure depend on its category, but th...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:arXiv.org 2021-08
Hauptverfasser: Becker, Benedikt, Cláudio Belo Lourenço, Marché, Claude
Format: Artikel
Sprache:eng
Schlagworte:
Annotations
Computer programming
Computer Science - Logic in Computer Science
Computer Science - Programming Languages
Failure
Program verification (computers)
Semantics
Solvers
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title arXiv.org
container_volume
creator Becker, Benedikt
Cláudio Belo Lourenço
Marché, Claude
description Identifying the cause of a proof failure during deductive verification of programs is hard: it may be due to an incorrectness in the program, an incompleteness in the program annotations, or an incompleteness of the prover. The changes needed to resolve a proof failure depend on its category, but the prover cannot provide any help on the categorisation. When using an SMT solver to discharge a proof obligation, that solver can propose a model from a failed attempt, from which a possible counterexample can be derived. But the counterexample may be invalid, in which case it may add more confusion than help. To check the validity of a counterexample and to categorise the proof failure, we propose the comparison between the run-time assertion-checking (RAC) executions under two different semantics, using the counterexample as an oracle. The first RAC execution follows the normal program semantics, and a violation of a program annotation indicates an incorrectness in the program. The second RAC execution follows a novel "giant-step" semantics that does not execute loops nor function calls but instead retrieves return values and values of modified variables from the oracle. A violation of the program annotations only observed under giant-step execution characterises an incompleteness of the program annotations. We implemented this approach in the Why3 platform for deductive program verification and evaluated it using examples from prior literature.
doi_str_mv 10.48550/arxiv.2108.02967
format Article
fullrecord <record><control><sourceid>proquest_arxiv</sourceid><recordid>TN_cdi_arxiv_primary_2108_02967</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2559548098</sourcerecordid><originalsourceid>FETCH-LOGICAL-a528-bddcc88c02ce6dcc8b82f18f6fe1200b2e343f08856ed2e0f37287547772f91d3</originalsourceid><addsrcrecordid>eNotj0FPwkAUhDcmJhLkB3iyiefi69tu9_XggTSIJiQe5N4s7VtZhLbuFsV_bwFPM4eZyXxC3CUwTUkpeDT-6L6nmABNAfNMX4kRSpnElCLeiEkIWwDATKNSciSe5sduZ1zjmo-oaA9Nz56PZt_tOEQ_rt9EC2eaPn7vuYtmIbDvXdtExYarz6FyK66t2QWe_OtYrJ7nq-IlXr4tXovZMjYKKV7XdVURVYAVZye7JrQJ2cxyggBrZJlKC0Qq4xoZrNRIWqVaa7R5UsuxuL_MntnKzru98b_libE8Mw6Jh0ui8-3XgUNfbtuDb4ZP5cCZq5QgJ_kHSvVUNQ</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2559548098</pqid></control><display><type>article</type><title>Explaining Counterexamples with Giant-Step Assertion Checking</title><source>arXiv.org</source><source>Free E- Journals</source><creator>Becker, Benedikt ; Cláudio Belo Lourenço ; Marché, Claude</creator><creatorcontrib>Becker, Benedikt ; Cláudio Belo Lourenço ; Marché, Claude</creatorcontrib><description>Identifying the cause of a proof failure during deductive verification of programs is hard: it may be due to an incorrectness in the program, an incompleteness in the program annotations, or an incompleteness of the prover. The changes needed to resolve a proof failure depend on its category, but the prover cannot provide any help on the categorisation. When using an SMT solver to discharge a proof obligation, that solver can propose a model from a failed attempt, from which a possible counterexample can be derived. But the counterexample may be invalid, in which case it may add more confusion than help. To check the validity of a counterexample and to categorise the proof failure, we propose the comparison between the run-time assertion-checking (RAC) executions under two different semantics, using the counterexample as an oracle. The first RAC execution follows the normal program semantics, and a violation of a program annotation indicates an incorrectness in the program. The second RAC execution follows a novel "giant-step" semantics that does not execute loops nor function calls but instead retrieves return values and values of modified variables from the oracle. A violation of the program annotations only observed under giant-step execution characterises an incompleteness of the program annotations. We implemented this approach in the Why3 platform for deductive program verification and evaluated it using examples from prior literature.</description><identifier>EISSN: 2331-8422</identifier><identifier>DOI: 10.48550/arxiv.2108.02967</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Annotations ; Computer programming ; Computer Science - Logic in Computer Science ; Computer Science - Programming Languages ; Failure ; Program verification (computers) ; Semantics ; Solvers</subject><ispartof>arXiv.org, 2021-08</ispartof><rights>2021. This work is published under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><rights>http://creativecommons.org/licenses/by/4.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,780,784,885,27925</link.rule.ids><backlink>$$Uhttps://doi.org/10.4204/EPTCS.338.10$$DView published paper (Access to full text may be restricted)$$Hfree_for_read</backlink><backlink>$$Uhttps://doi.org/10.48550/arXiv.2108.02967$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Becker, Benedikt</creatorcontrib><creatorcontrib>Cláudio Belo Lourenço</creatorcontrib><creatorcontrib>Marché, Claude</creatorcontrib><title>Explaining Counterexamples with Giant-Step Assertion Checking</title><title>arXiv.org</title><description>Identifying the cause of a proof failure during deductive verification of programs is hard: it may be due to an incorrectness in the program, an incompleteness in the program annotations, or an incompleteness of the prover. The changes needed to resolve a proof failure depend on its category, but the prover cannot provide any help on the categorisation. When using an SMT solver to discharge a proof obligation, that solver can propose a model from a failed attempt, from which a possible counterexample can be derived. But the counterexample may be invalid, in which case it may add more confusion than help. To check the validity of a counterexample and to categorise the proof failure, we propose the comparison between the run-time assertion-checking (RAC) executions under two different semantics, using the counterexample as an oracle. The first RAC execution follows the normal program semantics, and a violation of a program annotation indicates an incorrectness in the program. The second RAC execution follows a novel "giant-step" semantics that does not execute loops nor function calls but instead retrieves return values and values of modified variables from the oracle. A violation of the program annotations only observed under giant-step execution characterises an incompleteness of the program annotations. We implemented this approach in the Why3 platform for deductive program verification and evaluated it using examples from prior literature.</description><subject>Annotations</subject><subject>Computer programming</subject><subject>Computer Science - Logic in Computer Science</subject><subject>Computer Science - Programming Languages</subject><subject>Failure</subject><subject>Program verification (computers)</subject><subject>Semantics</subject><subject>Solvers</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GOX</sourceid><recordid>eNotj0FPwkAUhDcmJhLkB3iyiefi69tu9_XggTSIJiQe5N4s7VtZhLbuFsV_bwFPM4eZyXxC3CUwTUkpeDT-6L6nmABNAfNMX4kRSpnElCLeiEkIWwDATKNSciSe5sduZ1zjmo-oaA9Nz56PZt_tOEQ_rt9EC2eaPn7vuYtmIbDvXdtExYarz6FyK66t2QWe_OtYrJ7nq-IlXr4tXovZMjYKKV7XdVURVYAVZye7JrQJ2cxyggBrZJlKC0Qq4xoZrNRIWqVaa7R5UsuxuL_MntnKzru98b_libE8Mw6Jh0ui8-3XgUNfbtuDb4ZP5cCZq5QgJ_kHSvVUNQ</recordid><startdate>20210806</startdate><enddate>20210806</enddate><creator>Becker, Benedikt</creator><creator>Cláudio Belo Lourenço</creator><creator>Marché, Claude</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20210806</creationdate><title>Explaining Counterexamples with Giant-Step Assertion Checking</title><author>Becker, Benedikt ; Cláudio Belo Lourenço ; Marché, Claude</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a528-bddcc88c02ce6dcc8b82f18f6fe1200b2e343f08856ed2e0f37287547772f91d3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Annotations</topic><topic>Computer programming</topic><topic>Computer Science - Logic in Computer Science</topic><topic>Computer Science - Programming Languages</topic><topic>Failure</topic><topic>Program verification (computers)</topic><topic>Semantics</topic><topic>Solvers</topic><toplevel>online_resources</toplevel><creatorcontrib>Becker, Benedikt</creatorcontrib><creatorcontrib>Cláudio Belo Lourenço</creatorcontrib><creatorcontrib>Marché, Claude</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science &amp; Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>Proquest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Access via ProQuest (Open Access)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection><collection>arXiv Computer Science</collection><collection>arXiv.org</collection><jtitle>arXiv.org</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Becker, Benedikt</au><au>Cláudio Belo Lourenço</au><au>Marché, Claude</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Explaining Counterexamples with Giant-Step Assertion Checking</atitle><jtitle>arXiv.org</jtitle><date>2021-08-06</date><risdate>2021</risdate><eissn>2331-8422</eissn><abstract>Identifying the cause of a proof failure during deductive verification of programs is hard: it may be due to an incorrectness in the program, an incompleteness in the program annotations, or an incompleteness of the prover. The changes needed to resolve a proof failure depend on its category, but the prover cannot provide any help on the categorisation. When using an SMT solver to discharge a proof obligation, that solver can propose a model from a failed attempt, from which a possible counterexample can be derived. But the counterexample may be invalid, in which case it may add more confusion than help. To check the validity of a counterexample and to categorise the proof failure, we propose the comparison between the run-time assertion-checking (RAC) executions under two different semantics, using the counterexample as an oracle. The first RAC execution follows the normal program semantics, and a violation of a program annotation indicates an incorrectness in the program. The second RAC execution follows a novel "giant-step" semantics that does not execute loops nor function calls but instead retrieves return values and values of modified variables from the oracle. A violation of the program annotations only observed under giant-step execution characterises an incompleteness of the program annotations. We implemented this approach in the Why3 platform for deductive program verification and evaluated it using examples from prior literature.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><doi>10.48550/arxiv.2108.02967</doi><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier EISSN: 2331-8422
ispartof arXiv.org, 2021-08
issn 2331-8422
language eng
recordid cdi_arxiv_primary_2108_02967
source arXiv.org; Free E- Journals
subjects Annotations
Computer programming
Computer Science - Logic in Computer Science
Computer Science - Programming Languages
Failure
Program verification (computers)
Semantics
Solvers
title Explaining Counterexamples with Giant-Step Assertion Checking
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-22T04%3A12%3A22IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_arxiv&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Explaining%20Counterexamples%20with%20Giant-Step%20Assertion%20Checking&rft.jtitle=arXiv.org&rft.au=Becker,%20Benedikt&rft.date=2021-08-06&rft.eissn=2331-8422&rft_id=info:doi/10.48550/arxiv.2108.02967&rft_dat=%3Cproquest_arxiv%3E2559548098%3C/proquest_arxiv%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2559548098&rft_id=info:pmid/&rfr_iscdi=true