Correctness Witness Validation by Abstract Interpretation
Simmo Saan, Michael Schwarz, Julian Erhard, Helmut Seidl, Sarah Tilscher, Vesal Vojdani
TL;DR
The paper tackles validating correctness witnesses for automated program analyzers using abstract interpretation. It introduces the unassume operator to inject witness invariants into the abstract state, accelerating fixpoint convergence and sometimes increasing precision. The authors implement two forms: propagating unassume for non-relational domains and a dual-narrowing variant for relational domains, and validate them in Goblint with hand-crafted and model-checker witnesses. Experiments show speedups of 7–47% CPU time on multi-threaded benchmarks and that model-checker witnesses can enable verification that the analyzer cannot achieve unaided.
Abstract
Witnesses record automated program analysis results and make them exchangeable. To validate correctness witnesses through abstract interpretation, we introduce a novel abstract operation unassume. This operator incorporates witness invariants into the abstract program state. Given suitable invariants, the unassume operation can accelerate fixpoint convergence and yield more precise results. We demonstrate the feasibility of this approach by augmenting an abstract interpreter with unassume operators and evaluating the impact of incorporating witnesses on performance and precision. Using manually crafted witnesses, we can confirm verification results for multi-threaded programs with a reduction in effort ranging from 7% to 47% in CPU time. More intriguingly, we discover that using witnesses from model checkers can guide our analyzer to verify program properties that it could not verify on its own.