Off-line slicing of abstract interpretation results for automatic construction of economical program proofs

Abstract

Proof-Carrying Code (PCC) is a convincing technology for certifying the safety of mobile code, yet how to generate the safety proof is a matter for investigation. The existing proof construction either assumes that the programmer provides the program invariants, or is limited to a class of properties that are inferable by the type system technology. In this thesis, we propose a program proof construction, which does not require programmer provided invariants, and generates proofs for wider class of properties than types. Our proposal is to combine abstract interpretation and Hoare logic. Our proof construction algorithm generates a Hoare proof of a program from its abstract interpretation results. Abstract interpretation makes the invariant generation automatic and allows wider class of properties applicable to PCC. Hoare logic makes the program proofs general enough to be checkable by common code consumers who do not know which analysis technique has been used to generate the proof. From abstract interpretation, our proof construction algorithm defines a systematic way to construct Hoare proofs using the concretization formula of the abstract values and the prescribed soundness of the abstract operators. One problem in our automatic proof construction is that abstract interpretation results are often unnecessarily informative for intended Hoare proofs. An abstract interpreter is usually designed to compute program invariants that are as strong as possible, while the program proofs are intended to show the satisfaction of a particular property of a program. To handle this over-informative invariants, we propose a framework for designing algorithms called {\\\\em abstract-value slicers}, that filter out unnecessary invariants from abstract interpretation results. Given a property of interest and the invariants generated by an abstract interpreter, abstract-value slicer collects the invariants that are related to the verification of the property. ...