Proof-Carrying Parameters in Certified Symbolic Execution: The Case Study of Antiunification

by   Andrei Arusoaie, et al.

Unification and antiunification are essential algorithms used by symbolic execution engines and verification tools. Complex frameworks for defining programming languages, such as K, aim to generate various tools (e.g., interpreters, symbolic execution engines, deductive verifiers, etc.) using only the formal definition of a language. K is the best effort implementation of Matching Logic, a logical framework for defining languages. When used at an industrial scale, a tool like the K framework is constantly updated, and in the same time it is required to be trustworthy. Ensuring the correctness of such a framework is practically impossible. A solution is to generate proof objects as correctness certificates that can be checked by an external trusted checker. In K, symbolic execution makes intensive use of unification and antiunification algorithms to handle conjunctions and disjunctions of term patterns. Conjunctions and disjunctions of formulae have to be automatically normalised and the generation of proof objects needs to take such normalisations into account. The executions of these algorithms can be seen as parameters of the symbolic execution steps and they have to provide proof objects that are used then to generate the proof object for the program execution step. We show in this paper that Plotkin's antiunification can be used to normalise disjunctions and to generate the corresponding proof objects. We provide a prototype implementation of our proof object generation technique and a checker for certifying the generated objects.


page 1

page 2

page 3

page 4


Crowbar: Behavioral Symbolic Execution for Deductive Verification of Active Objects

We present the Crowbar tool, a deductive verification system for the ABS...

Certifying C program correctness with respect to CH2O with VeriFast

VeriFast is a powerful tool for verification of various correctness prop...

Certifying C program correctness with respect to CompCert with VeriFast

VeriFast is a powerful tool for verification of various correctness prop...

Gillian: Compositional Symbolic Execution for All

We present Gillian, a language-independent framework for the development...

Engineering a Formally Verified Automated Bug Finder

Symbolic execution is a program analysis technique executing programs wi...

Programming and Symbolic Computation in Maude

Rewriting logic is both a flexible semantic framework within which widel...

Trapezoidal Generalization over Linear Constraints

We are developing a model-based fuzzing framework that employs mathemati...

Please sign up or login with your details

Forgot password? Click here to reset