Preservation of Proof Pbligations for Hybrid Verification Methods

Program verification environments increasingly rely on hybrid methods that combine static analyses and verification condition generation. While such verification environments operate on source programs, it is often preferable to achieve guarantees about executable code. We show that, for a hybrid verification method based on numerical static analysis and verification condition generation, compilation preserves proof obligations and therefore it is possible to transfer evidence from source to compiled programs. Our result relies on the preservation of the solutions of analysis by compilation; this is achieved by relying on a byte code analysis that performs symbolic execution of stack expressions in order to overcome the loss of precision incurred by performing static analyses on compiled (rather than source) code. Finally, we show that hybrid verification methods are sound by proving that every program provable by hybrid methods is also provable (at a higher cost) by standard methods.

[1]  David Pichardie,et al.  Result certification for relational program analysis , 2007 .

[2]  Sumit Gulwani,et al.  Combining abstract interpreters , 2006, PLDI '06.

[3]  Gilles Barthe,et al.  Certificate Translation in Abstract Interpretation , 2008, ESOP.

[4]  Benjamin Grégoire,et al.  Preservation of Proof Obligations from Java to the Java Virtual Machine , 2008, IJCAR.

[5]  Tarmo Uustalu,et al.  A Compositional Natural Semantics and Hoare Logic for Low-Level Languages , 2006, SOS@ICALP.

[6]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[7]  Patrick Cousot,et al.  Semantic foundations of program analysis , 1981 .

[8]  Tobias Nipkow,et al.  Prototyping Proof Carrying Code , 2004, IFIP TCS.

[9]  Tobias Nipkow,et al.  Bytecode Analysis for Proof Carrying Code , 2005, Bytecode@ETAPS.

[10]  Peter Müller,et al.  Proof-transforming compilation of programs with abrupt termination , 2007, SAVCBS '07.

[11]  Manuel Fähndrich,et al.  On the Relative Completeness of Bytecode Analysis Versus Source Code Analysis , 2008, CC.

[12]  Benjamin Grégoire,et al.  Combining a Verification Condition Generator for a Bytecode Language with Static Analyses , 2007, TGC.

[13]  Martin Hofmann,et al.  MOBIUS: Mobility, Ubiquity, Security , 2006, TGC.

[14]  Benjamin Grégoire,et al.  Certificate translation for optimizing compilers , 2009, TOPL.

[15]  Nicolas Halbwachs,et al.  Discovering properties about arrays in simple programs , 2008, PLDI '08.

[16]  A. Miné Weakly Relational Numerical Abstract Domains , 2004 .

[17]  Bertrand Meyer,et al.  Proof-Transforming Compilation of Eiffel Programs , 2008, TOOLS.

[18]  David Pichardie,et al.  Semantic Foundations and Inference of Non-null Annotations , 2008, FMOODS.

[19]  Gilles Barthe,et al.  Proof Obligations Preserving Compilation , 2005, Formal Aspects in Security and Trust.

[20]  Hongseok Yang,et al.  Automatic Construction of Hoare Proofs from Abstract Interpretation Results , 2003, APLAS.

[21]  Songtao Xia,et al.  Towards array bound check elimination in Java TM virtual machine language , 1999, CASCON.

[22]  Peter Müller,et al.  A Program Logic for Bytecode , 2005, Electron. Notes Theor. Comput. Sci..