This page supplies additional material for the paper “A New Invariant Rule for the Analysis of Loops with Non-standard Control Flows“, accepted for iFM 2017.
The extended technical report based on the iFM submission can be found here. The technical report additionally contains material that we had to leave out in the submission for space reasons.Complete Statistics Table
| Problem | Proof Nodes | % Diff. | Symb.Ex.Steps | % Difference | ||
|---|---|---|---|---|---|---|
| Old Rule | Loop Scope Rule | # Nodes | Old Rule | New Rule | # Symb.Ex.Steps | |
| coincidence_count | 14.199 | 50.957 | 258.88 | 210 | 153 | -27.14 |
| ArrayList.remove.1 | 12.269 | 14.575 | 18.80 | 258 | 191 | -25.97 |
| saddleback_search | 30.119 | 32.203 | 6.92 | 235 | 181 | -22.98 |
| list_recursiveSpec | 5.243 | 5.557 | 5.99 | 184 | 170 | -7.61 |
| removeDups | 19.891 | 19.736 | -0.78 | 373 | 308 | -17.43 |
| ArrayList_add | 6.451 | 6.380 | -1.10 | 458 | 444 | -3.06 |
| polishFlagSort | 4.299 | 4.242 | -1.33 | 93 | 83 | -10.75 |
| ArrayList_concatenate | 23.205 | 22.585 | -2.67 | 641 | 564 | -12.01 |
| list_recursiveSpec | 6.131 | 5.937 | -3.16 | 216 | 184 | -14.81 |
| BinarySearch_search | 4.462 | 4.269 | -4.33 | 182 | 149 | -18.13 |
| Simple_square | 840 | 794 | -5.48 | 53 | 42 | -20.75 |
| MemoryAllocator_alloc | 1.067 | 1.003 | -6.00 | 90 | 77 | -14.44 |
| reverseArray | 5.348 | 4.997 | -6.56 | 151 | 139 | -7.95 |
| Node_search | 7.768 | 7.256 | -6.59 | 97 | 57 | -41.24 |
| gcdHelp-post | 2.634 | 2.456 | -6.76 | 39 | 28 | -28.21 |
| ExampleSubject_addObserver | 4.557 | 4.241 | -6.93 | 168 | 133 | -20.83 |
| Queens_isConsistent | 3.677 | 3.420 | -6.99 | 167 | 135 | -19.16 |
| ArrayList.enlarge | 3.051 | 2.824 | -7.44 | 106 | 79 | -25.47 |
| ArrayList.contains | 2.414 | 2.225 | -7.83 | 98 | 60 | -38.78 |
| UpdateAbstraction_ex9_secure | 1.457 | 1.319 | -9.47 | 183 | 162 | -11.48 |
| MemoryAllocator_alloc_unsigned | 1.362 | 1.232 | -9.54 | 91 | 78 | -14.29 |
| ArrayList_enlarge | 2.764 | 2.499 | -9.59 | 152 | 125 | -17.76 |
| arrayMax | 1.921 | 1.734 | -9.73 | 97 | 72 | -25.77 |
| arrayFillNonAtomic | 5.376 | 4.852 | -9.75 | 294 | 268 | -8.84 |
| ArrayList_enlarge | 3.195 | 2.871 | -10.14 | 157 | 130 | -17.20 |
| SumAndMax_sumAndMax | 4.101 | 3.676 | -10.36 | 140 | 114 | -18.57 |
| ArrayList.add | 2.302 | 2.060 | -10.51 | 144 | 131 | -9.03 |
| LinkedList_get_normal | 6.889 | 6.160 | -10.58 | 184 | 159 | -13.59 |
| segsum | 822 | 727 | -11.56 | 64 | 51 | -20.31 |
| removeDups_arrayPart | 1.735 | 1.533 | -11.64 | 102 | 89 | -12.75 |
| reverseArray2 | 2.224 | 1.964 | -11.69 | 134 | 110 | -17.91 |
| selection_sort | 5.512 | 4.829 | -12.39 | 278 | 205 | -26.26 |
| ArrayList.remFirst | 2.485 | 2.175 | -12.47 | 168 | 133 | -20.83 |
| loop2 | 1.032 | 892 | -13.57 | 83 | 57 | -31.33 |
| AddAndMultiply_add | 1.351 | 1.165 | -13.77 | 109 | 83 | -23.85 |
| oldForParams | 544 | 469 | -13.79 | 48 | 37 | -22.92 |
| cubicSum | 909 | 775 | -14.74 | 64 | 53 | -17.19 |
| permissions_method3 | 1.656 | 1.401 | -15.40 | 91 | 57 | -37.36 |
| contains | 1.021 | 863 | -15.48 | 73 | 49 | -32.88 |
| sum0 | 769 | 646 | -15.99 | 85 | 58 | -31.76 |
| project | 6.137 | 5.088 | -17.09 | 433 | 293 | -32.33 |
| for_ReferenceArray | 664 | 550 | -17.17 | 70 | 44 | -37.14 |
| for_Array | 827 | 684 | -17.29 | 95 | 68 | -28.42 |
| ArrayList_get | 1.830 | 1.496 | -18.25 | 157 | 121 | -22.93 |
| loopInvFree | 403 | 329 | -18.36 | 56 | 44 | -21.43 |
| sum2 | 785 | 631 | -19.62 | 100 | 58 | -42.00 |
| sum1 | 939 | 753 | -19.81 | 85 | 58 | -31.76 |
| sum3 | 820 | 646 | -21.22 | 100 | 58 | -42.00 |
| ArrayList_contains_dep | 6.069 | 4.393 | -27.62 | 396 | 213 | -46.21 |
| ArrayList.remove.0 | 3.689 | 2.473 | -32.96 | 186 | 69 | -62.90 |
| jml-information-flow | 48.215 | 31.659 | -34.34 | 474 | 369 | -22.15 |
| Simple_unnecessaryLoopInvariant | 110 | 71 | -35.45 | 27 | 13 | -51.85 |
| lcp | 3.132 | 1.927 | -38.47 | 235 | 104 | -55.74 |
| for_Iterable | 622 | 300 | -51.77 | 130 | 58 | -55.38 |
Complementary Files
Below you find the versions of KeY needed to reproduce the examples mentioned in the paper, as well as the problem (.key) and proof (.proof) files representing the examples. You can download the KeY versions using the
green buttons. After downloading and unzipping the linked files, start KeY by running java -jar KeY.jar in the newly created directory.
A Java Runtime Environment of version 8 or higher is required to start the KeY versions linked on this page. If a file won’t load, please check that there has not been an absolute directory path accidentally left over (.key and .proof files are plain text files, just open them with an editor if there is a problem).
If you have questions regarding or problems with running KeY or loading the provided examples, please feel free to contact “steinhoefel (a-t) cs.tu-darmstadt.de”
.
Loop Scope Invariant Rule
Below you find the KeY version including the loop scope invariant rule, as well as the examples mentioned in the paper, once for the old and once for the new rule. When loading an existing.proof (or .key) file, the information
about which invariant rule to use is already encoded in the file header. Otherwise, you can switch between the invariant rules by setting the desired value for “Loop treatment” in the “Proof Search Strategy” tab of KeY. Please use the corresponding
KeY versions when loading .proof files for the examples with the old and the new rule.
KeY version with the
Loop Scope Invariant Rule
KeY version with the
old invariant rule
KeY input files
for the new rule
KeY input files
for the old rule
The archives with example files may contain more files than actually referenced in the paper. The .proof files relevant for the paper are:
/heap/block_contracts/Simple__unnecessaryLoopInvariant.key.proof /heap/coincidence_count/project.key.proof /heap/comprehensions/bprodSplit.key.proof /heap/comprehensions/segsum.key.proof /heap/comprehensions/sum0.key.proof /heap/comprehensions/sum1.key.proof /heap/comprehensions/sum2.key.proof /heap/comprehensions/sum3.key.proof /heap/fm12_01_LRS/lcp.key.proof /heap/javacard/arrayFillNonAtomic.key.proof /heap/list/ArrayList_concatenate.key.proof /heap/list/ArrayList_contains_dep.key.proof /heap/list/ArrayList_enlarge.key.proof /heap/list_ghost/ArrayList_enlarge.key.proof /heap/list/LinkedList_get_normal.key.proof /heap/list_recursiveSpec/ListOperationsNonNull_getNextNN_normal_behavior.key.proof /heap/list_recursiveSpec/ListOperationsNonNull_setValueAt_normal_behavior.key.proof /heap/list_seq/ArrayList.contains.key.proof /heap/list_seq/ArrayList.enlarge.key.proof /heap/list_seq/ArrayList.remove.0.key.proof /heap/list_seq/ArrayList.remove.1.key.proof /heap/observer/ExampleSubject_addObserver.key.proof /heap/permissions/permissions_method3.key.proof /heap/removeDups/arrayPart.key.proof /heap/removeDups/contains.key.proof /heap/removeDups/removeDup.key.proof /heap/saddleback_search/Saddleback_search.key.proof /heap/SemanticSlicing/project.key.proof /heap/simple/loop2.key.proof /heap/simple/oldForParams.key.proof /heap/simple/selection_sort.key.proof /heap/SmansEtAl/ArrayList_add.key.proof /heap/vacid0_01_SparseArray/MemoryAllocator_alloc.key.proof /heap/vacid0_01_SparseArray/MemoryAllocator_alloc_unsigned.key.proof /heap/vstte10_01_SumAndMax/SumAndMax_sumAndMax.key.proof /heap/vstte10_03_LinkedList/Node_search.key.proof /heap/vstte10_04_Queens/Queens_isConsistent.key.proof /heap/WeideEtAl_01_AddAndMultiply/AddAndMultiply_add.key.proof /heap/WeideEtAl_02_BinarySearch/BinarySearch_search.key.proof /newBook/09.list_modelfield/ArrayList.add.key.proof /newBook/09.list_modelfield/ArrayList.remFirst.key.proof /standard_key/arith/cubicSum.key.proof /standard_key/arith/euclidean/gcdHelp-post.key.proof /standard_key/arith/gemplusDecimal/add.key.proof /standard_key/java_dl/arrayMax.key.proof /standard_key/java_dl/java5/for_Array.key.proof /standard_key/java_dl/java5/for_Iterable.key.proof /standard_key/java_dl/java5/for_ReferenceArray.key.proof /standard_key/java_dl/jml-free/loopInvFree.key.proof /standard_key/java_dl/jml-information-flow.key.proof /standard_key/java_dl/polishFlagSort.key.proof /standard_key/java_dl/reverseArray2.key.proof /standard_key/java_dl/reverseArray.key.proofFor the manually improved outlier proofs discussed in the paper, the additionally relevant files are
/heap/coincidence_count/project.key.manually-optimized.proof (in the archive with files for the new rule) and ./standard_key/java_dl/jml-information-flow.key.manually-improved.proof (in the archive for the old rule).
State Merging in Loops
Below you find the KeY version which additionally includes an (experimental) implementation of the discussed state merging approach for loops. There is a “Taclet Option” for setting this technique on or off; it’s accessible by “Options” > “Taclet Options” > “mergeAfterLoopScope”. When loading an existing.key or .proof file, the option is set according to the specification in the file. The examples contain several .key files for starting from
scratch with the “partially unrolled find” method discussed in the paper based on different settinsg, as well as finished .proof files.
KeY version for
state merging in loops
KeY input files
for state merging