Journal of Automated Reasoning

, Volume 62, Issue 4, pp 505–530 | Cite as

Refinement to Certify Abstract Interpretations: Illustrated on Linearization for Polyhedra

  • Sylvain BoulméEmail author
  • Alexandre Maréchal


Our concern is the modular development of a certified static analyzer in the Coq proof assistant. We focus on the extension of the Verified Polyhedra Library—a certified abstract domain of convex polyhedra—with a linearization procedure to handle polynomial guards. Based on ring rewriting strategies and interval arithmetic, this procedure partitions the variable space to infer precise affine terms which over-approximate polynomials. In order to help formal development, we propose a proof framework, embedded in Coq, that implements a refinement calculus. It is dedicated to the certification of parts of the analyzer—like our linearization procedure—whose correctness does not depend on the implementation of the underlying certified abstract domain. Like standard refinement calculi, it introduces data-refinement diagrams. These diagrams relate “abstract states” computed by the analyzer to “concrete states” of the input program. However, our notions of “specification” and “implementation” are exchanged w.r.t. standard uses: the “specification” (computing on “concrete states”) refines the “implementation” (computing on “abstract states”). Our stepwise refinements of specifications hide several low-level aspects of the computations on abstract domains. In particular, they ignore that the latter may use hints from external untrusted imperative oracles (e.g. a linear programming solver). Moreover, refinement proofs are naturally simplified thanks to computations of weakest preconditions. Using our refinement calculus, we elegantly define our partitioning procedure with a continuation-passing style, thus avoiding an explicit datatype of partitions. This illustrates that our framework is convenient to prove the correctness of such higher-order imperative computations on abstract domains.


Proof assistants Result certification Abstract interpretation 



We thank Alexis Fouilhé, Michaël Périn, David Monniaux and the other members of the Verasco project for their continuous feedback all along this work.


  1. 1.
    Back, R.J., von Wright, J.: Refinement Calculus—A Systematic Introduction. Graduate Texts in Computer Science. Springer, Berlin (1999)Google Scholar
  2. 2.
    Besson, F., Jensen, T.P., Pichardie, D., Turpin, T.: Certified result checking for polyhedral analysis of bytecode programs. In: TGC, pp. 253–267 (2010)Google Scholar
  3. 3.
    Boulmé, S.: Intuitionistic refinement calculus. In: TLCA, LNCS, vol. 4583. Springer (2007)Google Scholar
  4. 4.
    Boulmé, S.: What is the foreign function interface of the coq programming language? Talk at the coq workshop (2018).
  5. 5.
    Boulmé, S., Maréchal, A.: Refinement to certify abstract interpretations, illustrated on linearization for polyhedra. In: ITP, LNCS, vol. 9236. Springer (2015)Google Scholar
  6. 6.
    Boulmé, S., Maréchal, A.: Toward certification for free! Preprint on HAL (2017).
  7. 7.
    Braibant, T., Pous, D.: Deciding kleene algebras in coq. Log. Methods Comput. Sci. 8(1) (2012)Google Scholar
  8. 8.
    Cousot, P.: Constructive design of a hierarchy of semantics of a transition system by abstract interpretation. TCS 277(1–2), 47–103 (2002)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL. ACM (1977)Google Scholar
  10. 10.
    Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: POPL. ACM (1978)Google Scholar
  11. 11.
    Dijkstra, E.W.: Guarded commands, nondeterminacy and formal derivation of programs. Commun. ACM 18(8), 453–457 (1975)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Farouki, R.T.: The Bernstein polynomial basis: a centennial retrospective. Comput. Aided Geom. Des. 29(6), 379–419 (2012)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Fouilhé, A., Boulmé, S.: A certifying frontend for (sub)polyhedral abstract domains. In: VSTTE, LNCS, vol. 8471. Springer (2014)Google Scholar
  14. 14.
    Fouilhé, A., Monniaux, D., Périn, M.: Efficient generation of correctness certificates for the abstract domain of polyhedra. In: SAS, vol. 7935. Springer (2013)Google Scholar
  15. 15.
    Grégoire, B., Mahboubi, A.: Proving equalities in a commutative ring done right in Coq. In: TPHOL, LNCS, vol. 3604, pp. 98–113. Springer (2005)Google Scholar
  16. 16.
    Handelman, D.: Representing polynomials by positive linear functions on compact convex polyhedra. Pac. J. Math. 132(1), 35–62 (1988)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Jourdan, J.H.: Verasco: a formally verified C static analyzer. Theses, Universite Paris Diderot-Paris VII (2016).
  18. 18.
    Jourdan, J.H., Laporte, V., Blazy, S., Leroy, X., Pichardie, D.: A formally-verified C static analyzer. In: POPL. ACM (2015)Google Scholar
  19. 19.
    Laporte, V.: Verified static analyzes for low-level languages. Theses, Université Rennes 1 (2015).
  20. 20.
    Leroy, X.: Formal verification of a realistic compiler. Commun. ACM 52(7), 107–115 (2009)CrossRefGoogle Scholar
  21. 21.
    Liang, S., Hudak, P.: Modular denotational semantics for compiler construction. In: ESOP, vol. 1058, pp. 219–234. Springer (1996)Google Scholar
  22. 22.
    Maréchal, A.: New algorithmics for polyhedral calculus via parametric linear programming. Ph.D. thesis, Université Grenoble Alpes (2017)Google Scholar
  23. 23.
    Maréchal, A., Fouilhé, A., King, T., Monniaux, D., Périn, M.: Polyhedral approximation of multivariate polynomials using Handelman’s theorem. In: VMCAI, pp. 166–184 (2016)Google Scholar
  24. 24.
    Maréchal, A., Périn, M.: Three linearization techniques for multivariate polynomials in static analysis using convex polyhedra. Technical report TR-2014-7, Verimag research report (2014)Google Scholar
  25. 25.
    Mauborgne, L., Rival, X.: Trace partitioning in abstract interpretation based static analyzers. In: ESOP’05, LNCS, vol. 3444 (2005)Google Scholar
  26. 26.
    Miné, A.: Symbolic methods to enhance the precision of numerical abstract domains. In: VMCAI, LNCS, vol. 3855. Springer (2006)Google Scholar
  27. 27.
    Morgan, C.: Programming from Specifications. Prentice Hall International Series in Computer Science, 2nd edn. Prentice Hall, Upper Saddle River (1994)Google Scholar
  28. 28.
    Moscato, M.M., Muñoz, C.A., Smith, A.P.: Affine arithmetic and applications to real-number proving. In: ITP, LNCS, vol. 9236. Springer (2015)Google Scholar
  29. 29.
    Reynolds, J.C.: The discoveries of continuations. Lisp Symb. Comput. 6(3–4), 233–247 (1993)CrossRefGoogle Scholar
  30. 30.
    Spiwack, A.: Abstract interpretation as anti-refinement. CoRR abs/1310.4283 (2013).
  31. 31.
    The Coq Development Team: The Coq proof assistant reference manual—version 8.4. INRIA (2012–2014)Google Scholar
  32. 32.
    Wadler, P.: Monads for functional programming. In: AFP, LNCS, vol. 925. Springer (1995)Google Scholar

Copyright information

© Springer Nature B.V. 2018

Authors and Affiliations

  1. 1.Univ. Grenoble Alpes, CNRS, Grenoble-INP, VERIMAGGrenobleFrance
  2. 2.Sorbonne Université, CNRS, Laboratoire d’Informatique de Paris 6, LIP6ParisFrance

Personalised recommendations