Counterexamples from proof failures in the SPARK program verifier

David Hauzar 1, 2 Claude Marché 1, 2 Yannick Moy 3
1 TOCCATA - Certified Programs, Certified Tools, Certified Floating-Point Computations
LRI - Laboratoire de Recherche en Informatique, UP11 - Université Paris-Sud - Paris 11, Inria Saclay - Ile de France, CNRS - Centre National de la Recherche Scientifique : UMR8623
Abstract : A major issue in the activity of deductive program verification is the understanding of the reason for why some proof fails. To help the user understand the problem and decide what needs to be fixed in the code or the specification of her program, it is essential to provide means to investigate such a failure. To that mean, we propose a technique for generating counterexamples, exhibiting some values for the variables of the program where a given part of the specification fails to be validated. To produce such a counterexample, we exploit the ability of SMT (Satisfiability Modulo Theories) solvers to propose, when a proof of a formula is not found, a counter-model. Turning such a counter-model into a counterexample for the initial program is not a trivial task because of the many transformations that lead from a given code and specification to a verification condition. We report on our approach for the design and the implementation of counterexample generation within the SPARK 2014 environment for the development of safety-critical Ada programs
Liste complète des métadonnées

Cited literature [19 references]  Display  Hide  Download
Contributor : Claude Marché <>
Submitted on : Monday, February 8, 2016 - 6:51:59 PM
Last modification on : Wednesday, July 25, 2018 - 1:23:32 AM
Document(s) archivé(s) le : Saturday, November 12, 2016 - 2:15:07 PM


Files produced by the author(s)


  • HAL Id : hal-01271174, version 1


David Hauzar, Claude Marché, Yannick Moy. Counterexamples from proof failures in the SPARK program verifier. [Research Report] RR-8854, Inria. 2016, pp.22. ⟨hal-01271174⟩



Record views


Files downloads