Download - VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification
![Page 1: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/1.jpg)
VS3: Verification and Synthesis usingSMT Solvers
SMT Solvers for Program Verification
Saurabh Srivastava *Sumit Gulwani ** Jeffrey S. Foster *
* University of Maryland, College Park** Microsoft Research, Redmond
![Page 2: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/2.jpg)
What VS3 will let you do!
A. Discover invariants with arbitrary quantification and boolean structure– ∀: E.g. Sortedness
– ∀∃: E.g. Permutation
..∀k1,k2 k1 k2
€
≤
j....
Aold
∀k∃jAnew
k
Selection Sort:
for i = 0…n { for j = i…n { find min index } if (min ≠ i) swap A[min], A[i] }
![Page 3: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/3.jpg)
Selection Sort:
What VS3 will let you do!
A. Discover invariants with arbitrary quantification and boolean structure– ∀: E.g. Sortedness
– ∀∃: E.g. Permutation
..∀k1,k2 k1 k2
€
≤
j....
Aold
∀k∃jAnew
k
Outputarray
i<n
j<n
Find min index
if (min != i) swap A[i], A[min]
i:=0
j:=i
![Page 4: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/4.jpg)
Selection Sort:
Outputarray
i<n
j<n
Find min index
if (min != i) swap A[i], A[min]
i:=0
j:=i
Verification: Proving Programs Correct
Iouter
IinnerSortednessPermutatio
n
Output state
trueInput state
The difficult task is program state
(invariant) inference:
Iinner, Iouter, Input state, Output state
![Page 5: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/5.jpg)
Selection Sort:
Outputarray
i<n
j<n
Find min index
if (min != i) swap A[i], A[min]
i:=0
j:=i
Verification: Proving Programs Correct
SortednessPermutatio
n
Output state
trueInput state
The difficult task is program state
(invariant) inference:
Iinner, Iouter, Input state, Output state
∀k1,k2 : 0≤k1<k2<n ∧ k1<i => A[k1] ≤A[k2]
i < j i ≤ min < n
∀k2 : 0≤k2∧i≤k2<j => A[min] ≤A[k2]
∀k1,k2 : 0≤k1<k2<n ∧ k1<i => A[k1] ≤A[k2]
∀k1,k2 : 0≤k1<k2<n => A[k1] ≤A[k2]
![Page 6: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/6.jpg)
Selection Sort:
Outputarray
i<n
j<n
Find min index
if (min != i) swap A[i], A[min]
i:=0
j:=i
Verification: Proving Programs Correct
SortednessPermutatio
n
Output state
trueInput state
The difficult task is program state
(invariant) inference:
Iinner, Iouter, Input state, Output state
∀k1,k2 : 0≤k1<k2<n ∧ k1<i => A[k1] ≤A[k2]
∀k1,k2 : 0≤k1<k2<n => A[k1] ≤A[k2]
∀k1,k2 : 0≤k1<k2<n ∧ k1<i => A[k1] ≤A[k2]
i < j i ≤ min < n
∀k1,k2 : 0≤k1<k2<n ∧ k1<i => A[k1] ≤A[k2]
∀k2 : 0≤k2∧i≤k2<j => A[min] ≤A[k2] ∀k2 : (-----------) => A[min] ≤A[k2]
∀k1,k2 : (---------------) => A[k1] ≤A[k2]
(-------------------)
∀k1,k2 : (----------------) => A[k1] ≤A[k2]
![Page 7: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/7.jpg)
Selection Sort:
Outputarray
i<n
j<n
Find min index
if (min != i) swap A[i], A[min]
i:=0
j:=i
Verification: Proving Programs Correct
SortednessPermutatio
n
Output state
trueInput state
The difficult task is program state
(invariant) inference:
Iinner, Iouter, Input state, Output state
∀k1,k2 : 0≤k1<k2<n => A[k1] ≤A[k2]
∀k2 : (-----------) => A[min] ≤A[k2]
∀k1,k2 : (---------------) => A[k1] ≤A[k2]
(-------------------)
∀k1,k2 : (----------------) => A[k1] ≤A[k2]∀k2 : (-----------) => A[min] ≤A[k2]
(-------------------)
![Page 8: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/8.jpg)
Bubble Sort:
Outputarray
i>0
j<i
if (a[j] > a[j+1]) swap A[j], A[j+1]
i:=n-1
j:=0
Verification: Proving Programs Correct
∀k1,k2 : 0≤k1<k2<n => A[k1] ≤A[k2]
∀k1,k2 : (----------) => A[k1] ≤A[k2]
∀k1,k2 : (---------------) => A[k1] ≤A[k2]
(-------------------)
∀k1,k2 : (----------------) => A[k1] ≤A[k2]∀k1,k2 : (----------) => A[k1] ≤A[k2]
(-------------------)
![Page 9: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/9.jpg)
User Input:Templates and Predicates• Templates
– Intuitive and simple• Depending on the property being proved; form straight-forward• Limited to the quantification and disjunction€
∀k1∃k2 : (−)⇒ (−)
€
∀k1,k2 : (−)⇒ (−)Unknown
holes
€
x opr yRelational operator
<, ≤, >, ≥ …
Program variables,array elements
– E.g., {i<j, i>j, i≤j, i≥j… }
– Enumerate predicates of the form• Predicate Abstraction
![Page 10: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/10.jpg)
Tool architecture
C Program
Templates for invariants
Predicate Sets
CFG
Cut-Set
PreconditionsPostconditions
Invariants
Microsoft’s Phoenix Compiler VS3
SMT Solver
Verification Conditions
IterativeFixed-point
GFP/LFP
Constraint-based
Fixed-Point
Candidate Solutions
Boolean Constraint
SAT Solver
![Page 11: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/11.jpg)
Fixed-point Computation• Constraint-based (VMCAI’09)
– Separately encode each VC as SAT constraint• Local constraints SAT clauses
– Use SAT solver to do fixed-point computation– Compare against trivial approach: 1.6e14 minutes
• Iterative (PLDI’09)– Facts do not form a lattice, but power-set does– We ensure that if there exists an invariant we find it– Intelligent lattice search: SMT solver for tx-functions
![Page 12: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/12.jpg)
Weakest Preconditions
k1 k2
€
≤
<
Weakest conditions on input?
Outputarray
i<n
j<n
Find min index
if (min != i) swap A[i], A[min]
i:=0
j:=i Worst case behavior: swap every time it can
![Page 13: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/13.jpg)
Example analyses• Tool can verify:
– Sorting algorithms: • Selection, Insertion, Bubble, Quick, Merge Sort
– Properties• Output is Sorted• Output contains all and only elements from the input
• Tool can infer preconditions:– Worst case input (precondition) for sorting:
• Reverse sorted array, all but Selection Sort• Selection Sort: sorted array except last elem is smallest
– Inputs for functional correctness:• Binary search requires sorted array• Merge in merge sort expect sorted inputs• Missing initializers
![Page 14: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/14.jpg)
Selection Sort:
Outputarray
i<n
j<n
Find min index
if (min != i) swap A[i], A[min]
i:=0
j:=i
Demo: Selection Sort
SortednessPermutatio
n
Output state
trueInput state
The difficult task is program state
(invariant) inference:
Iinner, Iouter, Input state, Output state
∀k1,k2 : 0≤k1<k2<n ∧ k1<i => A[k1] ≤A[k2]
i < j i ≤ min < n
∀k2 : 0≤k2∧i≤k2<j => A[min] ≤A[k2]
∀k1,k2 : 0≤k1<k2<n ∧ k1<i => A[k1] ≤A[k2]
∀k1,k2 : 0≤k1<k2<n => A[k1] ≤A[k2]
![Page 15: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/15.jpg)
Demo: Program
![Page 16: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/16.jpg)
Demo: Output
![Page 17: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/17.jpg)
Conclusions• VS3: Verification tool over predicate abstraction
• Verification– Can infer quantified invariants
• Maximally-weak preconditions
• Builds on SMT Solvers, so exploits their power
• Project Webpage http://www.cs.umd.edu/~saurabhs/pacs
Future work
![Page 18: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/18.jpg)
Recent extension: Synthesis
• Verification tool for quantified invariants– Reasoning about full functional specifications possible
• What if we had missing program fragments?– Still possible to verify if we allow the tool to plug-in
equality predicates over program variables– Equality predicates translated to statements
• We can synthesize – Strassen’s Matrix Multiplication!– Sorting algorithms!
![Page 19: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/19.jpg)
![Page 20: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/20.jpg)
Constraint-based over Predicate Abstraction
post
pre
I1
I2
vc(pre,I1)
vc(I1,post) vc(I1,I2)
vc(I2,I2)vc(I2,I1)
![Page 21: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/21.jpg)
Constraint-based over Predicate Abstraction
vc(pre,I1)
vc(I1,post)vc(I1,I2)
vc(I2,I2)
vc(I2,I1)
pred(I1)
€
∀k : (−)⇒ (−) template
p1,p2…pr p1,p2…pr
unknown 1 unknown 2
predicates
b11,b2
1…br
1b1
2,b22…br
2 boolean indicators
I1VCs are FOL formulae over unknowns I1,
I2
If we find assignments
bji = T/F
Then we are done!
![Page 22: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/22.jpg)
Constraint-based over Predicate Abstraction
vc(pre,I1)
vc(I1,post)vc(I1,I2)
vc(I2,I2)
vc(I2,I1)
pred(I1)
pred(A) : A to unknown predicate
indicator variables
VCs are FOL formulae over unknowns I1,
I2
![Page 23: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/23.jpg)
Constraint-based over Predicate Abstraction
vc(pre,I1)
vc(I1,post)vc(I1,I2)
vc(I2,I2)
vc(I2,I1)
boolc(pred(I1), pred(I2))
pred(A) : A to unknown predicate
indicator variables
boolc(pred(I1))
boolc(pred(I2), pred(I1))
boolc(pred(I2)) Boolean constraintto satisfying soln
(SAT Solver)
Invariant soln∧
boolc(pred(I1))
Program VCto boolean constraint
SAT formulae over predicate
indicators
Local reasoning Fixed-Point Computation
VCs are FOL formulae over unknowns I1,
I2
![Page 24: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/24.jpg)
( I1 ∧ i≥n ) => ( sorted array )
Outputsortedarray
i<n
j<n
Find min index
if (min != i) swap A[i], A[min]
i:=0
j:=i
VC to Boolean Constraint
I1
I2
![Page 25: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/25.jpg)
( I1 ∧ i≥n ) => ( ∀k1,k2 : 0≤k1<k2<n => A[k1] ≤A[k2] )
Outputsortedarray
i<n
j<n
Find min index
if (min != i) swap A[i], A[min]
i:=0
j:=i
VC to Boolean Constraint
I1
I2
![Page 26: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/26.jpg)
VC to Boolean Constraint( I1 ∧ i≥n ) => ( ∀k1,k2 : 0≤k1<k2<n => A[k1] ≤A[k2] )
€
∀k1,k2 : (−)⇒ (−)template
(∀k1,k2 : ??1 => ??2
∧ i≥n ) => ( ∀k1,k2 : 0≤k1<k2<n => A[k1] ≤A[k2] ) Trivial search:
k x 2|Predicates| queries✗
p1
p2
…
Pred
icate
s
positive negativeΦ :
![Page 27: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/27.jpg)
VC to Boolean Constraint( I1 ∧ i≥n ) => ( ∀k1,k2 : 0≤k1<k2<n => A[k1] ≤A[k2] )
€
∀k1,k2 : (−)⇒ (−)template
(∀k1,k2 : ??1 => ??2
∧ i≥n ) => ( ∀k1,k2 : 0≤k1<k2<n => A[k1] ≤A[k2] )
positive negativep1
p2
…
Pred
icate
s
Φ :
Φ[ ]
Query the SMT solver for the
maximally weakest value of negative
unknown ??2
There might be multiple
maximally weakest
N1 N1’N1’’…
⊤
⊥
Φ[p1 ] contains only negative
unknowns
![Page 28: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/28.jpg)
VC to Boolean Constraint( I1 ∧ i≥n ) => ( ∀k1,k2 : 0≤k1<k2<n => A[k1] ≤A[k2] )
€
∀k1,k2 : (−)⇒ (−)template
(∀k1,k2 : ??1 => ??2
∧ i≥n ) => ( ∀k1,k2 : 0≤k1<k2<n => A[k1] ≤A[k2] )
positive negativep1
p2
…
Pred
icate
s
Φ :
Φ[ ] N1, N1’, N1’’…
…
N2, N2’, N2’’…Φ[ ]
![Page 29: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/29.jpg)
VC to Boolean Constraint( I1 ∧ i≥n ) => ( ∀k1,k2 : 0≤k1<k2<n => A[k1] ≤A[k2] )
€
∀k1,k2 : (−)⇒ (−)template
(∀k1,k2 : ??1 => ??2
∧ i≥n ) => ( ∀k1,k2 : 0≤k1<k2<n => A[k1] ≤A[k2] )
positive negativep1
p2
…
N1, N1’, N1’’…
…
N2, N2’, N2’’…
bp1 bN1 ∨ bN1’ ∨ bN1’’ ∨… =>
Pred
icate
s
Φ :
![Page 30: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/30.jpg)
VC to Boolean Constraint( I1 ∧ i≥n ) => ( ∀k1,k2 : 0≤k1<k2<n => A[k1] ≤A[k2] )
€
∀k1,k2 : (−)⇒ (−)template
(∀k1,k2 : ??1 => ??2
∧ i≥n ) => ( ∀k1,k2 : 0≤k1<k2<n => A[k1] ≤A[k2] )
positive negativep1
p2
…
N1, N1’, N1’’…
…
N2, N2’, N2’’…
bp1 bN1 ∨ bN1’ ∨ bN1’’ ∨… =>
bp2 bN2 ∨ bN2’ ∨ bN2’’ ∨… =>
Pred
icate
s
Φ :
![Page 31: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/31.jpg)
Boolean SAT
formula
VC to Boolean Constraint( I1 ∧ i≥n ) => ( ∀k1,k2 : 0≤k1<k2<n => A[k1] ≤A[k2] )
€
∀k1,k2 : (−)⇒ (−)template
(∀k1,k2 : ??1 => ??2
∧ i≥n ) => ( ∀k1,k2 : 0≤k1<k2<n => A[k1] ≤A[k2] )
positive negativep1
p2
…
N1, N1’, N1’’…
…
N2, N2’, N2’’…
bp1 bN1 ∨ bN1’ ∨ bN1’’ ∨… =>
bp2 bN2 ∨ bN2’ ∨ bN2’’ ∨… =>
…Pred
icate
s
Φ :
![Page 32: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/32.jpg)
Constraint-based over Predicate Abstraction
vc(pre,I1)
vc(I1,post)vc(I1,I2)
vc(I2,I2)
vc(I2,I1)
boolc(pred(I1), pred(I2))
pred(A) : A to unknown predicate
indicator variables
boolc(pred(I1))
boolc(pred(I2), pred(I1))
boolc(pred(I2)) Boolean constraintto satisfying soln
(SAT Solver)
Invariant soln∧
boolc(pred(I1))
Program VCto boolean constraint
SAT formulae over predicate
indicators
Local reasoning Fixed-Point Computation
VCs are FOL formulae over unknowns I1,
I2
✓
![Page 33: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/33.jpg)
Engineering: Interface to SMT Solvers
SMT Solver
Axiomatic support, e.g.
reachability for lists
Tool SMT query
Explicit skolemization functions
• Solvers are not very good at handling ∀x∃y:f(x,y) queries
• In program verification such queries have specific forms
• Easy to find explicit skolemization functions: skl
• Convert ∀x∃y:f(x,y) ∀x:f(x,skl(x))
![Page 34: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/34.jpg)
Engineering: Interface to SMT Solvers
SMT Solver
Axiomatic support, e.g.
reachability for lists
Tool SMT query
Explicit skolemization functions
• Induction facts arise in program verification
• E.g. ∀x : x>0 => f(x)=>f(x+1)
• SMT solvers can’t handle• Lift to induction result:
∀x : x>0 => f(1)=>f(x)
Lift inductive facts
![Page 35: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/35.jpg)
Engineering: Interface to SMT Solvers
SMT Solver
Axiomatic support, e.g.
reachability for lists
Tool SMT query
Explicit skolemization functions
• For efficient SMT solving it is advisable to provide patterns for quantified facts
• E.g. ∀x : x>0 => f(x)<f(x+1) • If possible say, pattern set
{ x>0, f(x)<f(x+1) }• Easy to heuristically find
relevant patterns for verif.
Lift inductive facts
Domain specific patterns
![Page 36: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/36.jpg)
Engineering: Interface to SMT Solvers
SMT Solver
Axiomatic support, e.g.
reachability for lists
Tool SMT query
Explicit skolemization functions
Lift inductive facts
Domain specific patterns
![Page 37: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/37.jpg)
Runtimes: Sortedness
Selection Sort Insertion Sort Bubble Sort (n2) Bubble Sort (flag) Quick Sort Merge Sort0
2
4
6
8
10
12
14
16
LFPGFPCFP
seco
nds
Tool can prove sortedness for all
sorting algorithms!
![Page 38: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/38.jpg)
Runtimes: Permutation
Selection Sort Insertion Sort Bubble Sort (n2) Bubble Sort (flag) Quick Sort Merge Sort0
5
10
15
20
25
30
35
40
LFPGFPCFP
∞ ∞
…
94.42
seco
nds
… no loss/no gain part of
permutation too!
![Page 39: VS 3 : V erification and S ynthesis using S MT S olvers SMT Solvers for Program Verification](https://reader035.vdocuments.site/reader035/viewer/2022062520/568161f7550346895dd222de/html5/thumbnails/39.jpg)
Runtimes (GFP): Inferring worst case inputs for sorting
seco
nds
Selection Sort Insertion Sort Bubble Sort (n2) Bubble Sort (flag) Quick Sort Merge Sort0
5
10
15
20
25
30
35
40
45
Tool infers worst case inputs for all
sorting algorithms!
Nothing to infer as all inputs yield the same behavior