PART\(_\mathrm {PW}\): From Partial Analysis Results to a Proof Witness

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10469)


Today, verification tools do not only output yes or no, but also provide correctness arguments or counterexamples. While counterexamples help to fix bugs, correctness arguments are used to increase the trust in program correctness, e.g., in Proof-Carrying Code (PCC). Correctness arguments are well-studied for single analyses, but not when a set of analyses together verifies a program, each of the analyses checking only a particular part. Such a set of partial, complementary analyses is often used when a single analysis would fail or is inefficient on some program parts.

We propose PART\(_\mathrm {PW}\), a technique which allows us to automatically construct a proof witness (correctness argument) from the analysis results obtained by a set of partial, complementary analyses. The constructed proof witnesses are proven to be valid correctness arguments and in our experiments we use them seamlessly and efficiently in existing PCC approaches.



This work was partially supported by the German Research Foundation (DFG) within the Collaborative Research Centre “On-The-Fly Computing” (SFB 901). The experiments were run in the VerifierCloud hosted by Dirk Beyer and his group.


  1. 1.
    Beyer, D., Chlipala, A.J., Henzinger, T.A., Jhala, R., Majumdar, R.: The Blast query language for software verification. In: Giacobazzi, R. (ed.) SAS 2004. LNCS, vol. 3148, pp. 2–18. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-27864-1_2 CrossRefGoogle Scholar
  2. 2.
    Beyer, D., Henzinger, T.A., Keremoglu, M.E., Wendler, P.: Conditional model checking: A technique to pass information between verifiers. In: FSE, pp. 57:1–57:11. ACM (2012). doi: 10.1145/2393596.2393664
  3. 3.
    Beyer, D., Henzinger, T.A., Théoduloz, G.: Configurable software verification: concretizing the convergence of model checking and program analysis. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 504–518. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-73368-3_51 CrossRefGoogle Scholar
  4. 4.
    Beyer, D., Keremoglu, M.E.: CPAchecker: A tool for configurable software verification. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 184–190. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-22110-1_16 CrossRefGoogle Scholar
  5. 5.
    Beyer, D., Keremoglu, M.E., Wendler, P.: Predicate abstraction with adjustable-block encoding. In: FMCAD, pp. 189–198. FMCAD Inc. (2010)Google Scholar
  6. 6.
    Beyer, D., Löwe, S.: Explicit-state software model checking based on CEGAR and interpolation. In: Cortellessa, V., Varró, D. (eds.) FASE 2013. LNCS, vol. 7793, pp. 146–162. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-37057-1_11 CrossRefGoogle Scholar
  7. 7.
    Beyer, D., Löwe, S., Wendler, P.: Benchmarking and resource measurement. In: Fischer, B., Geldenhuys, J. (eds.) SPIN 2015. LNCS, vol. 9232, pp. 160–178. Springer, Cham (2015). doi: 10.1007/978-3-319-23404-5_12 CrossRefGoogle Scholar
  8. 8.
    Chaieb, A.: Proof-producing program analysis. In: Barkaoui, K., Cavalcanti, A., Cerone, A. (eds.) ICTAC 2006. LNCS, vol. 4281, pp. 287–301. Springer, Heidelberg (2006). doi: 10.1007/11921240_20 CrossRefGoogle Scholar
  9. 9.
    Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL, pp. 238–252. ACM (1977). doi: 10.1145/512950.512973
  10. 10.
    Dong, Y., Wang, S., Zhang, L., Yang, P.: Modular certification of low-level intermediate representation programs. In: COMPSAC, pp. 563–570. IEEE (2009). doi: 10.1109/COMPSAC.2009.81
  11. 11.
    Feng, X., Ni, Z., Shao, Z., Guo, Y.: An open framework for foundational proof-carrying code. In: TLDI, pp. 67–78. ACM (2007). doi: 10.1145/1190315.1190325
  12. 12.
    Garavel, H., Mateescu, R., Smarandache, I.: Parallel state space construction for model-checking. In: Dwyer, M. (ed.) SPIN 2001. LNCS, vol. 2057, pp. 217–234. Springer, Heidelberg (2001). doi: 10.1007/3-540-45139-0_14 CrossRefGoogle Scholar
  13. 13.
    Hamid, N.A., Shao, Z.: Interfacing hoare logic and type systems for foundational proof-carrying code. In: Slind, K., Bunker, A., Gopalakrishnan, G. (eds.) TPHOLs 2004. LNCS, vol. 3223, pp. 118–135. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-30142-4_10 CrossRefGoogle Scholar
  14. 14.
    Henzinger, T.A., Jhala, R., Majumdar, R., Sanvido, M.A.A.: Extreme model checking. In: Dershowitz, N. (ed.) Verification: Theory and Practice. LNCS, vol. 2772, pp. 332–358. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-39910-0_16 CrossRefGoogle Scholar
  15. 15.
    Jakobs, M.-C.: Speed up configurable certificate validation by certificate reduction and partitioning. In: Calinescu, R., Rumpe, B. (eds.) SEFM 2015. LNCS, vol. 9276, pp. 159–174. Springer, Cham (2015). doi: 10.1007/978-3-319-22969-0_12 CrossRefGoogle Scholar
  16. 16.
    Jakobs, M.C., Wehrheim, H.: Certification for configurable program analysis. In: SPIN, pp. 30–39. ACM (2014). doi: 10.1145/2632362.2632372
  17. 17.
    Jeannet, B., Miné, A.: Apron: A library of numerical abstract domains for static analysis. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 661–667. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-02658-4_52 CrossRefGoogle Scholar
  18. 18.
    Jhala, R., Majumdar, R.: Software model checking. ACM Comput. Surv. 41(4), 21:1–21:54 (2009). doi: 10.1145/1592434.1592438 CrossRefGoogle Scholar
  19. 19.
    Necula, G.C.: Proof-carrying code. In: POPL, pp. 106–119. ACM (1997). doi: 10.1145/263699.263712
  20. 20.
    Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis, 1st edn. Springer, Heidelberg (2005). Corr. 2. print. ednMATHGoogle Scholar
  21. 21.
    Rose, E.: Lightweight bytecode verification. J. Autom. Reasoning 31(3), 303–334 (2003). doi: 10.1023/B:JARS.0000021015.15794.82 CrossRefMATHGoogle Scholar
  22. 22.
    Seo, S., Yang, H., Yi, K.: Automatic construction of hoare proofs from abstract interpretation results. In: Ohori, A. (ed.) APLAS 2003. LNCS, vol. 2895, pp. 230–245. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-40018-9_16 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Paderborn UniversityPaderbornGermany

Personalised recommendations