Refinement calculus for a simple certification of static polyhedral analysis with code transformations

A static analyzer such as ASTRÉE [CCF05, BCC10] is able to ensure safety of critical software, i.e. the absence of runtime overflows. But ASTRÉE is itself a very complex software and its full formal verification seems currently impossible. A more feasible alternative might be to make the analyzer produce a formally verifiable certificate. Such a certificate would summarize the proof of safety found by the analyzer. As a preliminary step to address this challenge, we experiment in COQ with the design of a tiny language of certificates, called “SCAT”1. We believe that instrumented analyzers could produce SCAT certificates when analysis is successful. Roughly, a SCAT certificate annotates the source with loop invariants that are hard to re-infer and also with code transformations used during the analysis. These code transformations come typically from trace-partitioning (loop unrolling, etc) [MR05] and linearization of arithmetic expressions [Min06]. Hence, this paper presents the SCAT language and an automatic checker of SCAT certificates which is formally verified in COQ [The12]. Our main COQ theorem ensures that if the SCAT certificate is accepted by the checker then the original source is safe.