We introduce the abstract domain of correlations to denote equality relations between parts of inputs and outputs of programs. We formalise the theory of correlations, and mechanically verify their semantic properties. We design a static inter-procedural dataflow analysis for automatically inferring correlations for programs written in a first-order language equipped with algebraic data-types and arrays. The analysis, its precision and execution cost, have been evaluated on the code and functional specification of an industrial-size micro-kernel. We exploit the inferred correlations to automatically discharge two thirds of the proof obligations related to the preservation of invariants for this micro-kernel. Inferring Frame Conditions with Static Correlation Analysis 47:3 type state = / / States { procs: procs; / / the table of processes sched: sched } / / the scheduler s t a t e type procs = / / Process table array> type proc = / / Process descriptor { nr: int; / / process index regs: regs; / / r e g i s t e r s exe_name: string; / / name of executable ipc_status: ipc_status } / / IPC status type regs = / / Registers { r0: int; r1: int; r2: int; r3: int } type ipc_status = / / Process IPC statuses | Ready / / ready to run | Sleeping / / sleeping process | Sending (int dst)/ / blocked sending | Receiving (int src) / / blocked re ceiving type option = | Some (A x) | None type bool = | T | F type sched / / Scheduler s t a t e ( i m p l i c i t ) Fig. 1. Type definitions for the state of a minimalist OS.
International audienceIn the context of interactive formal verification of complex systems, much effort is spent on proving the preservation of the systems invariants. However, most operations have a localized effect on the system, which only really impacts few invariants at the same time. Identifying those invariants that are unaffected by an operation can substantially ease the proof burden for the programmer. We present a dependency analysis for a strongly-typed, functional language, which computes a conservative approximation of the input fragments on which the operations depend. It is a flow-sensitive interprocedural analysis that handles arrays, structures and variant data types. For the latter, it simultaneously computes a subset of possible constructors. We have validated the scalability of the analysis to complex transition systems by applying it to a functional specification of the MINIX operating system
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.