Abstract
Witnesses record automated program analysis results and make them exchangeable. To validate correctness witnesses through abstract interpretation, we introduce a novel abstract operation unassume. This operator incorporates witness invariants into the abstract program state. Given suitable invariants, the unassume operation can accelerate fixpoint convergence and yield more precise results. We demonstrate the feasibility of this approach by augmenting an abstract interpreter with unassume operators and evaluating the impact of incorporating witnesses on performance and precision. Using manually crafted witnesses, we can confirm verification results for multi-threaded programs with a reduction in effort ranging from 7% to 47% in CPU time. More intriguingly, we discover that using witnesses from model checkers can guide our analyzer to verify program properties that it could not verify on its own.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Data Availability Statement
The benchmarks, tools and scripts used, as well as the raw results of the evaluation, are openly archived on Zenodo [52].
Notes
- 1.
Redundant constraints are grayed out. They can be derived from non-redundant (non-grayed out) constraints using the octagon closure algorithm.
- 2.
Complete computations for this and the following examples can be found in the extended version [51].
References
Albert, E., Arenas, P., Puebla, G., Hermenegildo, M.: Reduced certificates for abstraction-carrying code. In: Etalle, S., Truszczyński, M. (eds.) ICLP 2006. LNCS, vol. 4079, pp. 163–178. Springer, Heidelberg (2006). https://doi.org/10.1007/11799573_14
Albert, E., Puebla, G., Hermenegildo, M.: Abstraction-carrying code. In: Baader, F., Voronkov, A. (eds.) LPAR 2005. LNCS (LNAI), vol. 3452, pp. 380–397. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-32275-7_25
Amato, G., Scozzari, F.: Localizing widening and narrowing. In: Logozzo, F., Fähndrich, M. (eds.) SAS 2013. LNCS, vol. 7935, pp. 25–42. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38856-9_4
Amato, G., Scozzari, F., Seidl, H., Apinis, K., Vojdani, V.: Efficiently intertwining widening and narrowing. Sci. Comput. Program. 120, 1–24 (2016). https://doi.org/10.1016/j.scico.2015.12.005
Apinis, K., Seidl, H., Vojdani, V.: Side-effecting constraint systems: a swiss army knife for program analysis. In: Jhala, R., Igarashi, A. (eds.) APLAS 2012. LNCS, vol. 7705, pp. 157–172. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35182-2_12
Arceri, V., Mastroeni, I., Zaffanella, E.: Decoupling the ascending and descending phases in abstract interpretation. In: Programming Languages and Systems, pp. 25–44. Springer, Switzerland (2022), https://doi.org/10.1007/978-3-031-21037-2_2
Ayaziová, P., Chalupa, M., Strejček, J.: Symbiotic-Witch: a Klee-based violation witness checker. In: TACAS 2022. LNCS, vol. 13244, pp. 468–473. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-99527-0_33
Bagnara, R., Hill, P.M., Ricci, E., Zaffanella, E.: Precise widening operators for convex polyhedra. Sci. Comput. Program. 58(1–2), 28–56 (2005). https://doi.org/10.1016/j.scico.2005.02.003
Baudin, P., et al.: The dogged pursuit of bug-free c programs: the frama-C software analysis platform. Commun. ACM 64(8), 56–68 (2021). https://doi.org/10.1145/3470569
Baudin, P., Cuoq, P., Filliâtre, J.C., Marché, C., Monate, B., Moy, Y., Prevosto, V.: ANSI/ISO C specification language version 1.19 (2023). http://frama-c.com/download/acsl.pdf
Benhamou, F., Goualard, F., Granvilliers, L., Puget, J.F.: Revising hull and box consistency. In: Logic Programming, pp. 230–244. The MIT Press (1999). https://doi.org/10.7551/mitpress/4304.003.0024
Besson, F., Jensen, T., Pichardie, D.: Proof-carrying code from certified abstract interpretation and fixpoint compression. Theor. Comput. Sci. 364(3), 273–291 (2006). https://doi.org/10.1016/j.tcs.2006.08.012
Besson, F., Jensen, T., Turpin, T.: Small witnesses for abstract interpretation-based proofs. In: De Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 268–283. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71316-6_19
Beyer, D.: Competition on software verification and witness validation: SV-COMP 2023. In: Tools and Algorithms for the Construction and Analysis of Systems, pp. 495–522. Springer, Switzerland (2023), https://doi.org/10.1007/978-3-031-30820-8_29
Beyer, D., Dangl, M., Dietsch, D., Heizmann, M.: Correctness witnesses: exchanging verification results between verifiers. In: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 326–337. ACM (2016). https://doi.org/10.1145/2950290.2950351
Beyer, D., Dangl, M., Dietsch, D., Heizmann, M., Lemberger, T., Tautschnig, M.: Verification witnesses. ACM Trans. Softw. Eng. Methodol. 31(4), 1–69 (2022). https://doi.org/10.1145/3477579
Beyer, D., Dangl, M., Dietsch, D., Heizmann, M., Stahlbauer, A.: Witness validation and stepwise testification across software verifiers. In: Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering, pp. 721–733, ACM (2015). https://doi.org/10.1145/2786805.2786867
Beyer, D., Dangl, M., Lemberger, T., Tautschnig, M.: Tests from witnesses. In: Dubois, C., Wolff, B. (eds.) TAP 2018. LNCS, vol. 10889, pp. 3–23. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-92994-1_1
Beyer, D., Kanav, S.: CoVeriTeam: on-demand composition of cooperative verification systems. In: TACAS 2022. LNCS, vol. 13243, pp. 561–579. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-99524-9_31
Beyer, D., Keremoglu, M.E.: CPAchecker: a tool for configurable software verification. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 184–190. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22110-1_16
Beyer, D., Löwe, S., Wendler, P.: Reliable benchmarking: requirements and solutions. Int. J. Softw. Tools Technol. Transf. 21(1), 1–29 (2017). https://doi.org/10.1007/s10009-017-0469-y
Beyer, D., Spiessl, M., Umbricht, S.: Cooperation between automatic and interactive software verifiers. In: Software Engineering and Formal Methods, pp. 111–128. Springer, Cham (2022), https://doi.org/10.1007/978-3-031-17108-6_7
Beyer, D., Strejček, J.: Case study on verification-witness validators: where we are and where we go. In: Static Analysis, pp. 160–174. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-22308-2_8
Beyer, D., Wehrheim, H.: Verification artifacts in cooperative verification: survey and unifying component framework. In: Margaria, T., Steffen, B. (eds.) ISoLA 2020. LNCS, vol. 12476, pp. 143–167. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-61362-4_8
Blanchet, B., et al.: A static analyzer for large safety-critical software. ACM SIGPLAN Not. 38(5), 196–207 (2003). https://doi.org/10.1145/780822.781153
Boutonnet, R., Halbwachs, N.: Improving the results of program analysis by abstract interpretation beyond the decreasing sequence. Formal Methods Syst. Des. 53(3), 384–406 (2017). https://doi.org/10.1007/s10703-017-0310-y
Cousot, P.: The calculational design of a generic abstract interpreter. In: Calculational System Design, NATO ASI Series F. IOS Press, Amsterdam (1999). https://www.di.ens.fr/cousot/COUSOTpapers/publications.www/Cousot-Marktoberdorf98.pdf.gz
Cousot, P.: Abstracting induction by extrapolation and interpolation. In: D’Souza, D., Lal, A., Larsen, K.G. (eds.) VMCAI 2015. LNCS, vol. 8931, pp. 19–42. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46081-8_2
Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages, pp. 238–252. ACM Press (1977). https://doi.org/10.1145/512950.512973
Cousot, P., Cousot, R.: Abstract interpretation frameworks. J. Log. Comput. 2(4), 511–547 (1992). https://doi.org/10.1093/logcom/2.4.511
Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Rival, X.: Why does Astrée scale up? Formal Methods Syst. Des. 35(3), 229–264 (2009). https://doi.org/10.1007/s10703-009-0089-6
Dangl, M., Löwe, S., Wendler, P.: CPAchecker with support for recursive programs and floating-point arithmetic. In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 423–425. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46681-0_34
Farzan, A., Kincaid, Z.: Verification of parameterized concurrent programs by modular reasoning about data and control. In: Proceedings of the 39th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 297–308. ACM (2012). https://doi.org/10.1145/2103656.2103693
Flanagan, C., Saxe, J.B.: Avoiding exponential explosion: generating compact verification conditions. In: Proceedings of the 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 193–205. ACM (2001). https://doi.org/10.1145/360204.360220
Gopan, D., Reps, T.: Lookahead widening. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 452–466. Springer, Heidelberg (2006). https://doi.org/10.1007/11817963_41
Goualard, F., Granvilliers, L.: Controlled propagation in continuous numerical constraint networks. In: Proceedings of the 2005 ACM Symposium on Applied Computing. ACM (2005). https://doi.org/10.1145/1066677.1066765
Halbwachs, N., Henry, J.: When the decreasing sequence fails. In: Miné, A., Schmidt, D. (eds.) SAS 2012. LNCS, vol. 7460, pp. 198–213. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33125-1_15
Haltermann, J., Wehrheim, H.: Information exchange between over- and underapproximating software analyses. In: Software Engineering and Formal Methods, pp. 37–54. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-17108-6_3
Heizmann, M., et al.: Ultimate automizer and the commuhash normal form. In: Tools and Algorithms for the Construction and Analysis of Systems, pp. 577–581. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-30820-8_39
Heizmann, M., Hoenicke, J., Podelski, A.: Software model checking for people who love automata. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 36–52. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_2
Jeannet, B., Miné, A.: Apron: a library of numerical abstract domains for static analysis. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 661–667. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02658-4_52
Journault, M., Miné, A., Ouadjaout, A.: An abstract domain for trees with numeric relations. In: Caires, L. (ed.) ESOP 2019. LNCS, vol. 11423, pp. 724–751. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17184-1_26
Ponce-de-León, H., Haas, T., Meyer, R.: Dartagnan: SMT-based violation witness validation (competition contribution). In: TACAS 2022. LNCS, vol. 13244, pp. 418–423. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-99527-0_24
Mihaila, B., Sepp, A., Simon, A.: Widening as abstract domain. In: Brat, G., Rungta, N., Venet, A. (eds.) NFM 2013. LNCS, vol. 7871, pp. 170–184. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38088-4_12
Miné, A.: The octagon abstract domain. Higher-Order Symb. Comput. 19(1), 31–100 (2006). https://doi.org/10.1007/s10990-006-8609-1
Miné, A.: Static analysis of run-time errors in embedded real-time parallel C programs. Logical Methods Comput. Sci. 8(1), 1–63 (2012). https://doi.org/10.2168/lmcs-8(1:26)2012
Miné, A.: Tutorial on static inference of numeric invariants by abstract interpretation. Found. Trends® Program. Lang. 4(3–4), 120–372 (2017). https://doi.org/10.1561/2500000034. https://hal.sorbonne-universite.fr/hal-01657536/document
Monat, R., Miné, A.: Precise thread-modular abstract interpretation of concurrent programs using relational interference abstractions. In: Bouajjani, A., Monniaux, D. (eds.) VMCAI 2017. LNCS, vol. 10145, pp. 386–404. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-52234-0_21
Saan, S., et al.: Goblint: thread-modular abstract interpretation using side-effecting constraints. In: TACAS 2021. LNCS, vol. 12652, pp. 438–442. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-72013-1_28
Saan, S., et al.: Goblint: autotuning thread-modular abstract interpretation. In: Tools and Algorithms for the Construction and Analysis of Systems, pp. 547–552. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-30820-8_34
Saan, S., Schwarz, M., Erhard, J., Seidl, H., Tilscher, S., Vojdani, V.: Correctness witness validation by abstract interpretation (2023). https://doi.org/10.48550/arXiv.2310.16572
Saan, S., Schwarz, M., Erhard, J., Seidl, H., Tilscher, S., Vojdani, V.: Correctness witness validation by abstract interpretation (2023). https://doi.org/10.5281/zenodo.8253000, artifact
Schwarz, M., Saan, S., Seidl, H., Apinis, K., Erhard, J., Vojdani, V.: Improving thread-modular abstract interpretation. In: Drăgoi, C., Mukherjee, S., Namjoshi, K. (eds.) SAS 2021. LNCS, vol. 12913, pp. 359–383. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-88806-0_18
Schwarz, M., Saan, S., Seidl, H., Erhard, J., Vojdani, V.: Clustered relational thread-modular abstract interpretation with local traces. In: Programming Languages and Systems, pp. 28–58. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-30044-8_2
Seidl, H., Vogler, R.: Three improvements to the top-down solver. Math. Struct. Comput. Sci. 31(9), 1090–1134 (2021). https://doi.org/10.1017/s0960129521000499
SoSy-Lab: YAML-based exchange format for correctness witnesses (2021). https://gitlab.com/sosy-lab/benchmarking/sv-witnesses/-/blob/main/README-YAML.md
Strejček, J.: Issues related to the fact that the semantics of witnesses are defined over CFAs and the translation from C programs to CFAs is undefined (2022). https://gitlab.com/sosy-lab/benchmarking/sv-witnesses/-/blob/main/GraphML_witness_format_issues.pdf
SV-COMP community: Community meeting (2023)
Švejda, J., Berger, P., Katoen, J.-P.: Interpretation-based violation witness validation for C: NITWIT. In: TACAS 2020. LNCS, vol. 12078, pp. 40–57. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45190-5_3
Vojdani, V., Apinis, K., Rõtov, V., Seidl, H., Vene, V., Vogler, R.: Static race detection for device drivers: the Goblint approach. In: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering. ACM (2016). https://doi.org/10.1145/2970276.2970337
Ziat, G.: A combination of abstract interpretation and constraint programming. Theses, Sorbonne Université (2019). https://theses.hal.science/tel-03987752
Acknowledgements
This work was supported by Deutsche Forschungsgemeinschaft (DFG) - 378803395/2428 ConVeY and Shota Rustaveli National Science Foundation of Georgia under the project FR-21-7973.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Saan, S., Schwarz, M., Erhard, J., Seidl, H., Tilscher, S., Vojdani, V. (2024). Correctness Witness Validation by Abstract Interpretation. In: Dimitrova, R., Lahav, O., Wolff, S. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2024. Lecture Notes in Computer Science, vol 14499. Springer, Cham. https://doi.org/10.1007/978-3-031-50524-9_4
Download citation
DOI: https://doi.org/10.1007/978-3-031-50524-9_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-50523-2
Online ISBN: 978-3-031-50524-9
eBook Packages: Computer ScienceComputer Science (R0)