Proof-Carrying Parameters in Certified Symbolic Execution: The Case Study of Antiunification
Unification and antiunification are essential algorithms used by symbolic execution engines and verification tools. Complex frameworks for defining programming languages, such as K, aim to generate various tools (e.g., interpreters, symbolic execution engines, deductive verifiers, etc.) using only the formal definition of a language. K is the best effort implementation of Matching Logic, a logical framework for defining languages. When used at an industrial scale, a tool like the K framework is constantly updated, and in the same time it is required to be trustworthy. Ensuring the correctness of such a framework is practically impossible. A solution is to generate proof objects as correctness certificates that can be checked by an external trusted checker. In K, symbolic execution makes intensive use of unification and antiunification algorithms to handle conjunctions and disjunctions of term patterns. Conjunctions and disjunctions of formulae have to be automatically normalised and the generation of proof objects needs to take such normalisations into account. The executions of these algorithms can be seen as parameters of the symbolic execution steps and they have to provide proof objects that are used then to generate the proof object for the program execution step. We show in this paper that Plotkin's antiunification can be used to normalise disjunctions and to generate the corresponding proof objects. We provide a prototype implementation of our proof object generation technique and a checker for certifying the generated objects.
READ FULL TEXT