Machine-Checkable Correctness Proofs forIntra-procedural Dataflow Analyses
This technical report describes our experience using the interactive theorem proverAthena for proving the correctness of abstract interpretation-based dataflow analyses.For each analysis, our methodology requires the analysis designer to formallyspecify the property lattice, the transfer functions, and the desired modeling relationbetween the concrete program states and the results computed by the analysis. Thegoal of the correctness proof is to prove that the desired modeling relation holds.The proof allows the analysis clients to rely on the modeling relation for their owncorrectness. To reduce the complexity of the proofs, we separate the proof of eachdataflow analysis into two parts: a generic part, proven once, independent of anyspecific analysis; and several analysis-specific conditions proven in Athena.