Find inputs to a function which break the postcondition on the output

Question

I have a function in a programming language, e.g. C. I require the output of the function to meet a certain condition. If there is some input to this function for which the output does not meet the required condition, I need to find any such exact input.

I need to do this in general, but for rather simple functions, e.g. the number of the loops is fixed and does not depend on the input. Another requirement is that I need to do this very fast. I found that CBMC tool [https://www.cprover.org/cbmc/] may help me, but I am not sure how to use it. I also welcome solutions which convert the problem into the CNF formula (but I still need to retrieve the counterexample input).

An example of the function:

int function(int n) {
    int m = 0;
    for(int i = 1; i < 8; i++) {
        m += n*i;
    }
    int output = m % 11;
    return output;
}
// POSTCONDITION: require the output < 10 for all inputs
// VERIFICATION: this is not true, the counterexample is the input n=9.

What exactly is your question? How to use that tool? How to solve this particular example? What? — kaylum, May 11 '21 at 11:53
Solving my example with CBMC tool should be sufficient. But I welcome other solutions too. A solution should be easy to adapt to different functions. — Dávid Natingga, May 11 '21 at 11:57
`n=10` isn't a counterexample for the above function's postcondition. `n=9` is. — Ian Abbott, May 11 '21 at 12:21

score 0 · Answer 1 · answered May 11 '21 at 13:37

0

Consider this simple function with no loops at all:

bool function (int a, int b, int c)
{
   bool answer = a*a*a + b*b*b + c*c*c != 42;
   // POSTCONDITION: require answer==true
}

It took a few hundred computer-years (or, in real time, a couple of weeks on a 500,000-strong grid of PCs) to discover that there is a counterexample (pdf):

(−80538738812075974)³ + 80435758145817515³ + 12602123297335631³ = 42

A program that can do that very fast is a very, very good program indeed.

answered May 11 '21 at 13:37

n. m. could be an AI

112,515
14
128
243

Thank you for your answer. Of course, I understand computational complexity limits. What I refer to when saying that I need something fast is that the program should be reasonably smart and optimized. So for example, a solution in Python that goes over every possible input is unacceptable. – Dávid Natingga May 11 '21 at 19:18
So what should the program you are looking for do with this function? – n. m. could be an AI May 11 '21 at 19:48
For many functions we do not know anything smarter than just trying all the possibilities. But for many other problems which may seem computationally heavy at first, there are some smart heuristic algorithms which even though in the worst case are expected to run in the exponential number of steps, on average they would still manage to find the solution within the polynomial time. I am looking for a solution could work in a smart way for many functions, but I understand I cannot expect it would work for all. – Dávid Natingga May 12 '21 at 07:09
BTW many open math problems were solved with some clever SAT solvers: http://cs-svr1.swan.ac.uk/~csoliver/papers.html#Boise2017 – Dávid Natingga May 12 '21 at 07:10

Find inputs to a function which break the postcondition on the output

1 Answers1