Auditing User-Provided Axioms in Software Verification Conditions [chapter]

Paul Jackson, Florian Schanda, Angela Wallenburg
2013 Lecture Notes in Computer Science  
A common approach to formally checking assertions inserted into a program is to first generate verification conditions, logical sentences that, if then proven, ensure the assertions are correct. Sometimes users provide axioms that get incorporated into verification conditions. Such axioms can capture aspects of the program's specification or can be hints to help automatic provers. There is always the danger of mistakes in these axioms. In the worst case these mistakes introduce inconsistencies
more » ... nd verification conditions become erroneously provable. We discuss here our use of an SMT solver to investigate the quality of user-provided axioms, to check for inconsistencies in axioms and to verify expected relationships between axioms, for example. Specification axioms provide essential specification-related information. For example, such axioms can capture information about the environment a program is to operate in, information that might be difficult to capture in the preconditions of individual functions and procedures. Such axioms can also describe properties of constants, functions and relations that are introduced to help with program specification. For example, if verifying a sorting program, relations are needed to describe how the output is sorted and how the output is a permutation of the input. Prover-hint axioms address incompletenesses in automatic provers, their failure to prove VCs that are logically valid. VCs frequently include quantified assumptions and can involve non-linear integer or real arithmetic. In general such VCs are intractable or undecidable. While automatic provers are continually improving, it is usually unrealistic to expect them to prove all VCs that might be generated for a program.
doi:10.1007/978-3-642-41010-9_11 fatcat:x67mvo77d5fzxp7jtywn2klhwq