Software & Systems Modeling

, Volume 15, Issue 4, pp 987–1012 | Cite as

A formal verification framework for static analysis

As well as its instantiation to the resource analyzer COSTA and formal verification tool KeY
  • Elvira Albert
  • Richard Bubel
  • Samir Genaim
  • Reiner Hähnle
  • Germán Puebla
  • Guillermo Román-DíezEmail author
Theme Section Paper


Static analysis tools, such as resource analyzers, give useful information on software systems, especially in real-time and safety-critical applications. Therefore, the question of the reliability of the obtained results is highly important. State-of-the-art static analyzers typically combine a range of complex techniques, make use of external tools, and evolve quickly. To formally verify such systems is not a realistic option. In this work, we propose a different approach whereby, instead of the tools, we formally verify the results of the tools. The central idea of such a formal verification framework for static analysis is the method-wise translation of the information about a program gathered during its static analysis into specification contracts that contain enough information for them to be verified automatically. We instantiate this framework with costa, a state-of-the-art static analysis system for sequential Java programs, for producing resource guarantees and KeY, a state-of-the-art verification tool, for formally verifying the correctness of such resource guarantees. Resource guarantees allow to be certain that programs will run within the indicated amount of resources, which may refer to memory consumption, number of instructions executed, etc. Our results show that the proposed tool cooperation can be used for automatically producing verified resource guarantees.


Cost analysis Closed-form upper bounds Resource analysis Resource guarantees 



We gratefully thank the anonymous referees for many useful comments and suggestions that greatly helped to improve this article. This work was funded partially by the EU Project FP7-ICT-610582 ENVISAGE: Engineering Virtualized Services (, by the Spanish MINECO Project TIN2012-38137, and by the CM Project S2013/ICE-3006.


  1. 1.
    Albert, E., Arenas, P., Codish, M., Genaim, S., Puebla, G., Zanardini, D.: Termination analysis of Java bytecode. In: Proceedings of FMOODS’08, vol. 5051 of LNCS, pp. 2–18. Springer (2008)Google Scholar
  2. 2.
    Albert, E., Arenas, P., Genaim, S., Puebla, G.: Field-sensitive value analysis by field-insensitive analysis. In: Proceedings of FM’09, vol. 5850 of LNCS, pp. 370–386. Springer (2009)Google Scholar
  3. 3.
    Albert, E., Arenas, P., Genaim, S., Puebla, G.: Closed-form upper bounds in static cost analysis. J. Autom. Reason. 46(2), 161–203 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Albert, E., Arenas, P., Genaim, S., Puebla, G., Román-Díez, G.: Conditional termination of loops over heap-allocated data. Sci. Comput. Program. 92, 2–24 (2014)CrossRefGoogle Scholar
  5. 5.
    Albert, E., Arenas, P., Genaim, S., Puebla, G., Zanardini, D.: Cost analysis of Java bytecode. In: European Symposium on Programming (ESOP’07), vol. 4421 of LNCS. Springer (2007)Google Scholar
  6. 6.
    Albert, E., Arenas, P., Genaim, S., Puebla, G., Zanardini, D.: Cost analysis of object-oriented bytecode programs. Theor. Comput. Sci. 413(1), 142–159 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Albert, E., Arenas, P., Puebla, G., Hermenegildo, M.: Certificate size reduction in abstraction-carrying code. Theory Pract. Log. Progr. 12(3), 283–318 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Albert, E., Bubel, R., Genaim, S., Hähnle, R., Puebla, G., Román-Díez, G.: Verified resource guarantees using COSTA and KeY. In: Proceedings of PEPM’11, pp. 73–76 (2011)Google Scholar
  9. 9.
    Albert, E., Bubel, R., Genaim, S., Hähnle, R., Román-Díez, G.: Verified resource guarantees for heap manipulating programs. In: Proceedings of FASE’12, vol. 7212 of LNCS, pp. 130–145. Springer, March (2012)Google Scholar
  10. 10.
    Albert, E., Genaim, S., Gómez-Zamalloa, M.: Parametric inference of memory requirements for garbage collected languages. In: Proceeding of ISMM’10, pp. 121–130. ACM Press (2010)Google Scholar
  11. 11.
    Albert, E., Genaim, S., Masud, A.N.: On the inference of resource usage upper and lower bounds. ACM Trans. Comput. Log. 14(3), 22:1–22:35 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Albert, E., Arenas, P., Correas, J., Gómez-Zamalloa, M., Genaim, S., Puebla, G., Román-Díez, G.: Object-Sensitive Cost Analysis for Concurrent Objects, Technical Report. (2014)
  13. 13.
    Ball, T., Bounimova, E., Levin, V., Kumar, R., Lichtenberg, J.: The static driver verifier research platform. In: Proceeding of CAV’10, vol. 6174 of LNCS, pp. 119–122. Springer (2010)Google Scholar
  14. 14.
    Barnett, M., Chang, B., DeLine, R., Jacobs, B., Rustan K., Leino, M.: Boogie: A modular reusable verifier for object-oriented programs. In: Proceedings of FMCO’06, vol. 4111 of LNCS, pp. 364–387. Springer (2006)Google Scholar
  15. 15.
    Beckert, B., Hähnle, R., Schmitt, P.: Verification of object-oriented software: the KeY approach, vol. 4334 of LNCS. Springer (2006)Google Scholar
  16. 16.
    Beyer, D., Erkan Keremoglu M.: CPAchecker: A tool for configurable software verification. In: Computer Aided Verification, vol. 6806 of LNCS, pp. 184–190. Springer (2011)Google Scholar
  17. 17.
    Blazy, S., Maroneze, A., Pichardie, D.: Formal verification of loop bound estimation for WCET analysis. In: Proceedings of VSTTE’13, vol. 8164 of LNCS, pp. 281–303. Springer (2013)Google Scholar
  18. 18.
    Brockschmidt, M., Cook, B., Fuhs, C.: Better termination proving through cooperation. In: Computer Aided Verification, vol. 8044 of LNCS, pp. 413–429. Springer, Berlin Heidelberg (2013)Google Scholar
  19. 19.
    Bubel, R., Roth, A., Rümmer, P.: Ensuring the correctness of lightweight tactics for JavaCard dynamic logic. Electron. Notes Theor. Comput. Sci. 199, 107–128 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Crary, K., Weirich, S.: Resource bound certification. In: Proceedings of POPL’00, pp. 184–198. ACM (2000)Google Scholar
  21. 21.
    Dios, De., Peña, R.: Certification of safe polynomial memory bounds. In: Proceedings of FM’11, LNCS, pp. 184–199. Springer, June (2011)Google Scholar
  22. 22.
    Filliâtre, J.C., Marché, C.: The Why/Krakatoa/Caduceus platform for deductive program verification. In: Proceeding of CAV’07, vol. 4590 of LNCS, pp. 173–177. Springer (2007)Google Scholar
  23. 23.
    Gulwani, S., Mehra, K. K., Chilimbi, T. M.: Speed: precise and efficient static estimation of program computational complexity. In: Proceeding of POPL’09, pp. 127–139. ACM (2009)Google Scholar
  24. 24.
    Hoffmann, J., Hofmann, M.: Amortized resource analysis with polynomial potential. In: Proceedings of ESOP’10, vol. 6012 of LNCS, pp. 287–306. Springer (2010)Google Scholar
  25. 25.
    Rustan, K., Leino, M.: Dafny: An automatic program verifier for functional correctness. In: Proceeding of LPAR’10, vol. 6355 of LNCS, pp. 348–370. Springer (2010)Google Scholar
  26. 26.
    Leroy, X.: Formal verification of a realistic compiler. Commun ACM 52(7), 107–115 (2009)CrossRefGoogle Scholar
  27. 27.
    Lindholm, T., Yellin, F.: The Java Virtual Machine Specification. Addison-Wesley, Boston (1996)Google Scholar
  28. 28.
    Mauborgne, L., Rival, X.: Trace partitioning in abstract interpretation based static analyzers. In: Sagiv, M. (ed.) European Symposium on Programming (ESOP’05), vol. 3444 of LNCS, pp. 5–20. Springer (2005)Google Scholar
  29. 29.
    Necula, G.: Proof-carrying code. In: Proceedings of POPL’97, pp. 106–119. ACM Press (1997)Google Scholar
  30. 30.
    Pnueli, A., Siegel, M., Singerman, E.: Translation validation. In: Proceeding of TACAS’98, vol. 1384 of LNCS, pp. 151–166. Springer (1998)Google Scholar
  31. 31.
    Podelski, A., Rybalchenko, A.: A complete method for the synthesis of linear ranking functions. In: 5th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI’04), LNCS, pp. 239–251. Springer (2004)Google Scholar
  32. 32.
    Secci, S., Spoto, F.: Pair-sharing analysis of object-oriented programs. In: Proceedings of SAS’05, vol. 3672 of LNCS, pp. 320–335. Springer (2005)Google Scholar
  33. 33.
    Smans, J., Jacobs, B., Piessens, F., Schulte, W.: An automatic verifier for Java-like programs based on dynamic frames. In: Proceeding of FASE’08, vol. 4961 of LNCS, pp. 261–275. Springer (2008)Google Scholar
  34. 34.
    Spoto, F., Hill, P.M., Payet, E.: Path-length analysis of object-oriented programs. In: Proceeding of EAAI’06. (2006)
  35. 35.
    Wegbreit, B.: Mechanical program analysis. Commun ACM 18(9), 528–539 (1975)MathSciNetCrossRefzbMATHGoogle Scholar
  36. 36.
    Weiß, B.: Deductive verification of object-oriented software: dynamic frames, dynamic logic and predicate abstraction. Ph.D. thesis, Karlsruhe Institute of Technology (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  • Elvira Albert
    • 1
  • Richard Bubel
    • 2
  • Samir Genaim
    • 1
  • Reiner Hähnle
    • 2
  • Germán Puebla
    • 3
  • Guillermo Román-Díez
    • 3
    Email author
  1. 1.DSICComplutense University of Madrid (UCM)MadridSpain
  2. 2.CSDTechnical University of DarmstadtDarmstadtGermany
  3. 3.DLSIISTechnical University of Madrid (UPM)MadridSpain

Personalised recommendations