Automatic verification tools, such as model checkers and tools based on static analysis or on abstract interpretation, have become popular in software and hardware development. They increase confidence and potentially provide rich feedback. However, with increasing complexity, verification tools themselves are more likely to contain errors. In contrast to automatic verification tools, higher-order theorem provers use mathematically founded proof strategies checked by a small proof checker to guarantee selected properties. Thus, they enjoy a high level of trustability. Properties of software and hardware systems and their justifications can be encapsulated into a certificate, thereby guaranteeing correctness of the systems, with respect to the properties. These results offer a much higher degree of confidence than results achieved by verification tools. However, higher-order theorem provers are usually slow, due to their general and minimalistic nature. Even for small systems, a lot of human interaction is required for establishing a certificate. In this work, we combine the advantages of automatic verification tools (i.e., speed and automation) with those of higher-order theorem provers (i.e., high level of trustability). The verification tool generates a certificate for each invocation. This is checked by the higher-order theorem prover, thereby guaranteeing the desired property. The generation of certificates is much easier than producing the analysis results of the verification tool in the first place. In our work, we are able to create certificates that come with an algorithmic description of the proof of the desired property as justification. We concentrate on verification tools that generate invariants of systems and certify automatically that these do indeed hold. Our approach is applied to the certification of the verdicts of a deadlock-detection tool for an asynchronous component-based language.
Read full abstract