A formal verification framework for static analysis
Authors: 
Elvira Albert, Richard Bubel, Samir Genaim, Reiner Hähnle, Germán Puebla, Guillermo Román-DíezAuthors Info & Claims
Elvira Albert, Richard Bubel, Samir Genaim, Reiner Hähnle, Germán Puebla, Guillermo Román-DíezAuthors Info & ClaimsPages 987 - 1012
Abstract
Static analysis tools, such as resource analyzers, give useful information on software systems, especially in real-time and safety-critical applications. Therefore, the question of the reliability of the obtained results is highly important. State-of-the-art static analyzers typically combine a range of complex techniques, make use of external tools, and evolve quickly. To formally verify such systems is not a realistic option. In this work, we propose a different approach whereby, instead of the tools, we formally verify the results of the tools. The central idea of such a formal verification framework for static analysis is the method-wise translation of the information about a program gathered during its static analysis into specification contracts that contain enough information for them to be verified automatically. We instantiate this framework with costa, a state-of-the-art static analysis system for sequential Java programs, for producing resource guarantees and KeY, a state-of-the-art verification tool, for formally verifying the correctness of such resource guarantees. Resource guarantees allow to be certain that programs will run within the indicated amount of resources, which may refer to memory consumption, number of instructions executed, etc. Our results show that the proposed tool cooperation can be used for automatically producing verified resource guarantees.
References
[1]
Albert, E., Arenas, P., Codish, M., Genaim, S., Puebla, G., Zanardini, D.: Termination analysis of Java bytecode. In: Proceedings of FMOODS'08, vol. 5051 of LNCS, pp. 2---18. Springer (2008)
[2]
Albert, E., Arenas, P., Genaim, S., Puebla, G.: Field-sensitive value analysis by field-insensitive analysis. In: Proceedings of FM'09, vol. 5850 of LNCS, pp. 370---386. Springer (2009)
[3]
Albert, E., Arenas, P., Genaim, S., Puebla, G.: Closed-form upper bounds in static cost analysis. J. Autom. Reason. 46(2), 161---203 (2011)
[4]
Albert, E., Arenas, P., Genaim, S., Puebla, G., Román-Díez, G.: Conditional termination of loops over heap-allocated data. Sci. Comput. Program. 92, 2---24 (2014)
[5]
Albert, E., Arenas, P., Genaim, S., Puebla, G., Zanardini, D.: Cost analysis of Java bytecode. In: European Symposium on Programming (ESOP'07), vol. 4421 of LNCS. Springer (2007)
[6]
Albert, E., Arenas, P., Genaim, S., Puebla, G., Zanardini, D.: Cost analysis of object-oriented bytecode programs. Theor. Comput. Sci. 413(1), 142---159 (2012)
[7]
Albert, E., Arenas, P., Puebla, G., Hermenegildo, M.: Certificate size reduction in abstraction-carrying code. Theory Pract. Log. Progr. 12(3), 283---318 (2012)
[8]
Albert, E., Bubel, R., Genaim, S., Hähnle, R., Puebla, G., Román-Díez, G.: Verified resource guarantees using COSTA and KeY. In: Proceedings of PEPM'11, pp. 73---76 (2011)
[9]
Albert, E., Bubel, R., Genaim, S., Hähnle, R., Román-Díez, G.: Verified resource guarantees for heap manipulating programs. In: Proceedings of FASE'12, vol. 7212 of LNCS, pp. 130---145. Springer, March (2012)
[10]
Albert, E., Genaim, S., Gómez-Zamalloa, M.: Parametric inference of memory requirements for garbage collected languages. In: Proceeding of ISMM'10, pp. 121---130. ACM Press (2010)
[11]
Albert, E., Genaim, S., Masud, A.N.: On the inference of resource usage upper and lower bounds. ACM Trans. Comput. Log. 14(3), 22:1---22:35 (2013)
[12]
Albert, E., Arenas, P., Correas, J., Gómez-Zamalloa, M., Genaim, S., Puebla, G., Román-Díez, G.: Object-Sensitive Cost Analysis for Concurrent Objects, Technical Report. http://costa.ls.fi.upm.es/papers/costa/AlbertACGGPRtr.pdf (2014)
[13]
Ball, T., Bounimova, E., Levin, V., Kumar, R., Lichtenberg, J.: The static driver verifier research platform. In: Proceeding of CAV'10, vol. 6174 of LNCS, pp. 119---122. Springer (2010)
[14]
Barnett, M., Chang, B., DeLine, R., Jacobs, B., Rustan K., Leino, M.: Boogie: A modular reusable verifier for object-oriented programs. In: Proceedings of FMCO'06, vol. 4111 of LNCS, pp. 364---387. Springer (2006)
[15]
Beckert, B., Hähnle, R., Schmitt, P.: Verification of object-oriented software: the KeY approach, vol. 4334 of LNCS. Springer (2006)
[16]
Beyer, D., Erkan Keremoglu M.: CPAchecker: A tool for configurable software verification. In: Computer Aided Verification, vol. 6806 of LNCS, pp. 184---190. Springer (2011)
[17]
Blazy, S., Maroneze, A., Pichardie, D.: Formal verification of loop bound estimation for WCET analysis. In: Proceedings of VSTTE'13, vol. 8164 of LNCS, pp. 281---303. Springer (2013)
[18]
Brockschmidt, M., Cook, B., Fuhs, C.: Better termination proving through cooperation. In: Computer Aided Verification, vol. 8044 of LNCS, pp. 413---429. Springer, Berlin Heidelberg (2013)
[19]
Bubel, R., Roth, A., Rümmer, P.: Ensuring the correctness of lightweight tactics for JavaCard dynamic logic. Electron. Notes Theor. Comput. Sci. 199, 107---128 (2008)
[20]
Crary, K., Weirich, S.: Resource bound certification. In: Proceedings of POPL'00, pp. 184---198. ACM (2000)
[21]
Dios, De., Peña, R.: Certification of safe polynomial memory bounds. In: Proceedings of FM'11, LNCS, pp. 184---199. Springer, June (2011)
[22]
Filliâtre, J.C., Marché, C.: The Why/Krakatoa/Caduceus platform for deductive program verification. In: Proceeding of CAV'07, vol. 4590 of LNCS, pp. 173---177. Springer (2007)
[23]
Gulwani, S., Mehra, K. K., Chilimbi, T. M.: Speed: precise and efficient static estimation of program computational complexity. In: Proceeding of POPL'09, pp. 127---139. ACM (2009)
[24]
Hoffmann, J., Hofmann, M.: Amortized resource analysis with polynomial potential. In: Proceedings of ESOP'10, vol. 6012 of LNCS, pp. 287---306. Springer (2010)
[25]
Rustan, K., Leino, M.: Dafny: An automatic program verifier for functional correctness. In: Proceeding of LPAR'10, vol. 6355 of LNCS, pp. 348---370. Springer (2010)
[26]
Leroy, X.: Formal verification of a realistic compiler. Commun ACM 52(7), 107---115 (2009)
[27]
Lindholm, T., Yellin, F.: The Java Virtual Machine Specification. Addison-Wesley, Boston (1996)
[28]
Mauborgne, L., Rival, X.: Trace partitioning in abstract interpretation based static analyzers. In: Sagiv, M. (ed.) European Symposium on Programming (ESOP'05), vol. 3444 of LNCS, pp. 5---20. Springer (2005)
[29]
Necula, G.: Proof-carrying code. In: Proceedings of POPL'97, pp. 106---119. ACM Press (1997)
[30]
Pnueli, A., Siegel, M., Singerman, E.: Translation validation. In: Proceeding of TACAS'98, vol. 1384 of LNCS, pp. 151---166. Springer (1998)
[31]
Podelski, A., Rybalchenko, A.: A complete method for the synthesis of linear ranking functions. In: 5th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI'04), LNCS, pp. 239---251. Springer (2004)
[32]
Secci, S., Spoto, F.: Pair-sharing analysis of object-oriented programs. In: Proceedings of SAS'05, vol. 3672 of LNCS, pp. 320---335. Springer (2005)
[33]
Smans, J., Jacobs, B., Piessens, F., Schulte, W.: An automatic verifier for Java-like programs based on dynamic frames. In: Proceeding of FASE'08, vol. 4961 of LNCS, pp. 261---275. Springer (2008)
[34]
Spoto, F., Hill, P.M., Payet, E.: Path-length analysis of object-oriented programs. In: Proceeding of EAAI'06. http://profs.sci.univr.it/spoto/papers.html (2006)
[35]
Wegbreit, B.: Mechanical program analysis. Commun ACM 18(9), 528---539 (1975)
[36]
Weiß, B.: Deductive verification of object-oriented software: dynamic frames, dynamic logic and predicate abstraction. Ph.D. thesis, Karlsruhe Institute of Technology (2011)
- A formal verification framework for static analysis
Recommendations
Closed-Form Upper Bounds in Static Cost Analysis
The classical approach to automatic cost analysis consists of two phases. Given a program and some measure of cost, the analysis first produces cost relations (CRs), i.e., recursive equations which capture the cost of the program in terms of the size of ...
Formal verification of ASMs using MDGs
We present a framework for the formal verification of abstract state machine (ASM) designs using the multiway decision graphs (MDG) tool. ASM is a state based language for describing transition systems. MDG provides symbolic representation of transition ...
Verified resource guarantees using COSTA and KeY
PEPM '11: Proceedings of the 20th ACM SIGPLAN workshop on Partial evaluation and program manipulationResource guarantees allow being certain that programs will run within the indicated amount of resources, which may refer to memory consumption, number of instructions executed, etc. This information can be very useful, especially in real-time and safety-...
Comments
Information & Contributors
Information
Published In
Copyright © Copyright © 2016 Springer-Verlag Berlin Heidelberg.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 01 October 2016
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 13 Nov 2024
Other Metrics
Citations
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in