diff --git a/src/driver/commands/refinement.rs b/src/driver/commands/refinement.rs
index 3f5c285e..6d29e8cd 100644
--- a/src/driver/commands/refinement.rs
+++ b/src/driver/commands/refinement.rs
@@ -24,6 +24,7 @@ use crate::{
         quant_proof::{lower_quant_prove_task, QuantVcProveTask},
         smt_proof::run_smt_prove_task,
     },
+    proof_rules::calculus::ProcSoundness,
     resource_limits::{LimitError, LimitsRef},
     servers::SharedServer,
 };
@@ -163,6 +164,7 @@ async fn verify_entailment(
             server,
             slice_vars,
             vc_is_valid,
+            &ProcSoundness::default(),
         )?;
 
         // Handle reasons to stop the verifier.
diff --git a/src/driver/commands/verify.rs b/src/driver/commands/verify.rs
index 4fcf54e7..2c6e8abc 100644
--- a/src/driver/commands/verify.rs
+++ b/src/driver/commands/verify.rs
@@ -22,6 +22,7 @@ use crate::{
         quant_proof::lower_quant_prove_task,
         smt_proof::{run_smt_prove_task, set_global_z3_params},
     },
+    proof_rules::calculus::get_soundness_map,
     resource_limits::{await_with_resource_limits, LimitError, LimitsRef},
     servers::{Server, SharedServer},
 };
@@ -186,6 +187,8 @@ fn verify_files_main(
     // based on the provided calculus annotations
     module.check_calculus_rules(&mut tcx)?;
 
+    let soundness_map = get_soundness_map(&mut module, &mut tcx);
+
     // Desugar encodings from source units.
     module.apply_encodings(&mut tcx, server)?;
 
@@ -215,7 +218,14 @@ fn verify_files_main(
         .items
         .into_iter()
         .flat_map(|item| {
-            item.flat_map(|unit| CoreVerifyTask::from_source_unit(unit, &mut depgraph))
+            let soundness_blame = soundness_map.get(item.name()).cloned().unwrap_or_default();
+            item.flat_map(|unit| {
+                let core_verify_task = CoreVerifyTask::from_source_unit(unit, &mut depgraph);
+                core_verify_task.map(|mut task| {
+                    task.proc_soundness = soundness_blame.clone();
+                    task
+                })
+            })
         })
         .collect();
 
@@ -254,6 +264,8 @@ fn verify_files_main(
         // (depending on options).
         let vc_is_valid = lower_quant_prove_task(options, &limits_ref, &mut tcx, name, vc_expr)?;
 
+        let soundness_blame = &verify_unit.proc_soundness;
+
         // Running the SMT prove task: translating to Z3, running the solver.
         let result = run_smt_prove_task(
             options,
@@ -264,6 +276,7 @@ fn verify_files_main(
             server,
             slice_vars,
             vc_is_valid,
+            soundness_blame,
         )?;
 
         // Handle reasons to stop the verifier.
diff --git a/src/driver/core_verify.rs b/src/driver/core_verify.rs
index 16a7219e..9fc5b6d3 100644
--- a/src/driver/core_verify.rs
+++ b/src/driver/core_verify.rs
@@ -24,6 +24,7 @@ use crate::{
         proc_verify::{encode_proc_verify, to_direction_lower_bounds},
         SpecCall,
     },
+    proof_rules::calculus::ProcSoundness,
     resource_limits::LimitsRef,
     servers::Server,
     slicing::{
@@ -70,6 +71,7 @@ pub struct CoreVerifyTask {
     pub deps: Dependencies,
     pub direction: Direction,
     pub block: Block,
+    pub proc_soundness: ProcSoundness,
 }
 
 impl CoreVerifyTask {
@@ -96,6 +98,7 @@ impl CoreVerifyTask {
                             deps,
                             direction,
                             block,
+                            proc_soundness: ProcSoundness::default(),
                         })
                     }
                     DeclKind::DomainDecl(_domain_decl) => None, // TODO: check that the axioms are not contradictions
@@ -107,6 +110,7 @@ impl CoreVerifyTask {
                 deps,
                 direction: Direction::Down,
                 block,
+                proc_soundness: ProcSoundness::default(),
             }),
         }
     }
diff --git a/src/driver/smt_proof.rs b/src/driver/smt_proof.rs
index 098c5884..23a61527 100644
--- a/src/driver/smt_proof.rs
+++ b/src/driver/smt_proof.rs
@@ -28,6 +28,7 @@ use crate::driver::commands::verify::VerifyCommand;
 use crate::driver::error::CaesarError;
 use crate::driver::item::SourceUnitName;
 use crate::driver::quant_proof::{BoolVcProveTask, QuantVcProveTask};
+use crate::proof_rules::calculus::ProcSoundness;
 use crate::slicing::transform::SliceStmts;
 use crate::smt::funcs::axiomatic::{AxiomInstantiation, AxiomaticFunctionEncoder, PartialEncoding};
 use crate::smt::funcs::fuel::literals::LiteralExprCollector;
@@ -141,6 +142,7 @@ pub fn run_smt_prove_task(
     server: &mut dyn Server,
     slice_vars: SliceStmts,
     vc_is_valid: BoolVcProveTask,
+    proc_soundness: &ProcSoundness,
 ) -> Result<ProveResult, CaesarError> {
     let ctx = Context::new(&z3::Config::default());
     let function_encoder = mk_function_encoder(tcx, depgraph, options)?;
@@ -161,7 +163,7 @@ pub fn run_smt_prove_task(
         vc_is_valid.run_solver(options, limits_ref, name, &ctx, &mut translate, &slice_vars)?;
 
     server
-        .handle_vc_check_result(name, &mut result, &mut translate)
+        .handle_vc_check_result(name, &mut result, &mut translate, proc_soundness)
         .map_err(CaesarError::ServerError)?;
 
     Ok(result.prove_result)
@@ -558,6 +560,7 @@ impl<'ctx> SmtVcProveResult<'ctx> {
         span: Span,
         server: &mut dyn Server,
         translate: &mut TranslateExprs<'smt, 'ctx>,
+        proc_soundness: &ProcSoundness,
     ) -> Result<(), CaesarError> {
         // TODO: batch all those messages
 
@@ -567,8 +570,25 @@ impl<'ctx> SmtVcProveResult<'ctx> {
             }
         }
 
+        let approximation_labels = proc_soundness.diagnostic_labels();
+        let approx_note = proc_soundness.diagnostic_note();
+
         match &mut self.prove_result {
-            ProveResult::Proof => {}
+            ProveResult::Proof => {
+                if !proc_soundness.sound_proofs() {
+                    let msg = if let Some(note) = approx_note {
+                        format!("The verification result might be unsound because {}", note)
+                    } else {
+                        "The verification result might be unsound.".to_string()
+                    };
+
+                    let diag = Diagnostic::new(ReportKind::Warning, span)
+                        .with_message(msg)
+                        .with_labels(approximation_labels);
+
+                    server.add_diagnostic(diag)?;
+                }
+            }
             ProveResult::Counterexample => {
                 let model = self.model.as_ref().unwrap();
                 let mut labels = vec![];
@@ -618,6 +638,14 @@ impl<'ctx> SmtVcProveResult<'ctx> {
                 let diagnostic = Diagnostic::new(ReportKind::Error, span)
                     .with_message(text)
                     .with_labels(labels);
+
+                let diagnostic = if proc_soundness.sound_refutations() {
+                    diagnostic
+                } else {
+                    diagnostic
+                        .with_note("This counter-example might be spurious and might not apply to the real program.")
+                        .with_labels(approximation_labels)
+                };
                 server.add_diagnostic(diagnostic)?;
             }
             ProveResult::Unknown(reason) => {
diff --git a/src/intrinsic/annotations.rs b/src/intrinsic/annotations.rs
index 27f44856..afdfdf97 100644
--- a/src/intrinsic/annotations.rs
+++ b/src/intrinsic/annotations.rs
@@ -12,8 +12,7 @@ use crate::{
         resolve::{Resolve, ResolveError},
         tycheck::{Tycheck, TycheckError},
     },
-    proof_rules::calculus::RecursiveProcBlame,
-    proof_rules::Encoding,
+    proof_rules::{calculus::RecursiveProcBlame, Encoding, FixpointSemanticsKind},
     slicing::selection::SliceAnnotation,
     tyctx::TyCtx,
 };
@@ -54,12 +53,6 @@ pub enum AnnotationUnsoundnessError {
         span: Span,
         enc_name: Ident,
     },
-    CalculusEncodingMismatch {
-        direction: Direction,
-        span: Span,
-        calculus_name: Ident,
-        enc_name: Ident,
-    },
     CalculusCallMismatch {
         span: Span,
         context_calculus: Ident,
@@ -125,16 +118,6 @@ impl AnnotationUnsoundnessError {
                         "There must not be any statements after this annotated statement (and the annotated statement must not be nested in a block).",
                     ))
             }
-            AnnotationUnsoundnessError::CalculusEncodingMismatch{direction, span, calculus_name, enc_name } => {
-                Diagnostic::new(ReportKind::Error, span)
-                    .with_message(format!(
-                        "In {}s, the `{}` calculus does not support the `{}` proof rule.",
-                        direction.prefix("proc"), calculus_name.name, enc_name.name
-                    ))
-                    .with_label(Label::new(span).with_message(
-                        "The calculus, proof rule, and direction are incompatible.",
-                    ))
-            }
             AnnotationUnsoundnessError::CalculusCallMismatch{span,context_calculus,call_calculus} => {
                 Diagnostic::new(ReportKind::Error, span)
                     .with_message(format!(
@@ -175,6 +158,12 @@ pub struct Calculus {
     pub calculus_type: CalculusType,
 }
 
+impl std::fmt::Display for Calculus {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{}", self.name)
+    }
+}
+
 #[derive(Debug, Clone, Copy, PartialEq)]
 pub enum CalculusType {
     Wp,
@@ -182,6 +171,16 @@ pub enum CalculusType {
     Ert,
 }
 
+impl std::fmt::Display for CalculusType {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            CalculusType::Wp => write!(f, "wp"),
+            CalculusType::Wlp => write!(f, "wlp"),
+            CalculusType::Ert => write!(f, "ert"),
+        }
+    }
+}
+
 impl CalculusType {
     pub fn is_induction_allowed(&self, direction: Direction) -> bool {
         matches!(
@@ -191,6 +190,13 @@ impl CalculusType {
                 | (CalculusType::Ert, Direction::Up)
         )
     }
+
+    pub fn to_fixed_point_semantics_kind(self) -> FixpointSemanticsKind {
+        match self {
+            CalculusType::Wp | CalculusType::Ert => FixpointSemanticsKind::LeastFixedPoint,
+            CalculusType::Wlp => FixpointSemanticsKind::GreatestFixedPoint,
+        }
+    }
 }
 
 #[derive(Debug, Clone)]
diff --git a/src/proof_rules/calculus/calculus_checker.rs b/src/proof_rules/calculus/calculus_checker.rs
index 6dfcb905..f0dea30d 100644
--- a/src/proof_rules/calculus/calculus_checker.rs
+++ b/src/proof_rules/calculus/calculus_checker.rs
@@ -1,10 +1,7 @@
 use std::{collections::HashMap, ops::DerefMut};
 
 use crate::{
-    ast::{
-        visit::{walk_stmt, VisitorMut},
-        DeclKind, DeclRef, Diagnostic, Expr, ExprKind, Ident, ProcDecl, Stmt, StmtKind,
-    },
+    ast::{visit::VisitorMut, DeclKind, DeclRef, Diagnostic, Expr, ExprKind, Ident, ProcDecl},
     intrinsic::annotations::{
         AnnotationError, AnnotationKind, AnnotationUnsoundnessError, Calculus,
     },
@@ -143,50 +140,4 @@ impl<'tcx> VisitorMut for CalculusVisitor<'tcx> {
 
         res
     }
-
-    fn visit_stmt(&mut self, s: &mut Stmt) -> Result<(), Self::Err> {
-        match &mut s.node {
-            // If the statement is an annotation, transform it
-            StmtKind::Annotation(_, ident, _, inner_stmt) => {
-                // First visit the statement that is annotated and handle inner annotations
-                self.visit_stmt(inner_stmt)?;
-
-                if let DeclKind::AnnotationDecl(AnnotationKind::Encoding(anno_ref)) =
-                    self.tcx.get(*ident).unwrap().as_ref()
-                {
-                    // Try to get the current procedure context
-                    let proc_context = self
-                        .proc_context
-                        .as_ref()
-                        // If there is no procedure context, throw an error
-                        .ok_or(CalculusVisitorError::AnnotationError(
-                            AnnotationError::NotInProcedure {
-                                span: s.span,
-                                annotation_name: *ident,
-                            },
-                        ))?;
-
-                    // Unpack the current procedure context
-                    let direction = proc_context.direction;
-
-                    // Check if the calculus annotation is compatible with the encoding annotation
-                    if let Some(calculus) = proc_context.calculus {
-                        // If calculus is not allowed, return an error
-                        if !anno_ref.is_calculus_allowed(calculus, direction) {
-                            return Err(CalculusVisitorError::UnsoundnessError(
-                                AnnotationUnsoundnessError::CalculusEncodingMismatch {
-                                    direction,
-                                    span: s.span,
-                                    calculus_name: calculus.name,
-                                    enc_name: anno_ref.name(),
-                                },
-                            ));
-                        };
-                    }
-                }
-            }
-            _ => walk_stmt(self, s)?,
-        }
-        Ok(())
-    }
 }
diff --git a/src/proof_rules/calculus/mod.rs b/src/proof_rules/calculus/mod.rs
index ae226a29..5ac3927e 100644
--- a/src/proof_rules/calculus/mod.rs
+++ b/src/proof_rules/calculus/mod.rs
@@ -2,6 +2,8 @@ mod calculus_checker;
 pub use calculus_checker::*;
 mod recursion_checker;
 pub use recursion_checker::*;
+mod soundness_checker;
+pub use soundness_checker::*;
 
 #[cfg(test)]
 mod tests;
diff --git a/src/proof_rules/calculus/soundness_checker.rs b/src/proof_rules/calculus/soundness_checker.rs
new file mode 100644
index 00000000..cb802df0
--- /dev/null
+++ b/src/proof_rules/calculus/soundness_checker.rs
@@ -0,0 +1,425 @@
+use std::{
+    collections::HashMap,
+    fmt,
+    ops::{BitAnd, BitOr, DerefMut},
+    vec,
+};
+
+use itertools::Itertools;
+
+use crate::{
+    ast::{Block, DeclKind, Direction, Label, ProcDecl, Span, Stmt, StmtKind},
+    driver::{
+        front::{Module, SourceUnit},
+        item::SourceUnitName,
+    },
+    intrinsic::annotations::{AnnotationKind, Calculus},
+    proof_rules::{get_proc_calculus, infer_fixpoint_semantics_kind},
+    tyctx::TyCtx,
+};
+
+#[derive(Debug, Clone)]
+pub enum StmtKindName {
+    Stmt,
+    Loop,
+}
+
+impl fmt::Display for StmtKindName {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        match self {
+            StmtKindName::Stmt => write!(f, "statement"),
+            StmtKindName::Loop => write!(f, "loop"),
+        }
+    }
+}
+
+#[derive(Debug, Clone)]
+pub struct ApproximationRecord {
+    pub span: Span,
+    pub stmt_kind: StmtKindName,
+    pub kind: ApproximationKind,
+}
+
+pub type ApproximationList = Vec<ApproximationRecord>;
+
+/// Compute the infimum of approximation kinds in the given approximation list.
+///
+/// This is done by folding the list with the `BitAnd` operation defined for `ApproximationKind`.
+///
+/// ---
+///
+/// Examples:
+///
+/// If `approximations` is empty, the default value is `ApproximationKind::EXACT` as an empty list means no approximations were made.
+/// ```
+/// let approximations = vec![];
+/// assert_eq!(infimum_of_approximation_list(&approximations), ApproximationKind::EXACT);
+/// ```
+///
+///
+/// If it contains only one entry, that entry's kind is returned.
+///
+/// ```
+/// let approximations = vec![
+///     ApproximationRecord { span: Span::dummy_span(), stmt_kind: StmtKindName::Stmt, kind: ApproximationKind::OVER },
+/// ];
+/// assert_eq!(infimum_of_approximation_list(&approximations), ApproximationKind::OVER);
+/// ```
+///
+/// If it contains two or more entries, the infimum of all their kinds is returned.
+///
+/// ```
+/// let approximations = vec![
+///     ApproximationRecord { span: Span::dummy_span(), stmt_kind: StmtKindName::Stmt, kind: ApproximationKind::OVER },
+///     ApproximationRecord { span: Span::dummy_span(), stmt_kind: StmtKindName::Loop, kind: ApproximationKind::UNDER },
+/// ];
+/// assert_eq!(infimum_of_approximation_list(&approximations), ApproximationKind::UNKNOWN);
+pub fn infimum_of_approximation_list(approximations: &ApproximationList) -> ApproximationKind {
+    approximations
+        .iter()
+        .fold(ApproximationKind::EXACT, |acc, approx_entry| {
+            acc & approx_entry.kind
+        })
+}
+
+#[derive(Debug, Clone, Default)]
+pub struct ProcSoundness {
+    sound_proofs: bool,
+    sound_refutations: bool,
+    approximations: ApproximationList,
+    calculus: Option<Calculus>,
+}
+
+impl ProcSoundness {
+    /// Create a new ProcSoundness instance by analyzing the given approximations and calculus in the given direction.
+    pub fn new(
+        direction: Direction,
+        approximations: ApproximationList,
+        calculus: Option<Calculus>,
+    ) -> Self {
+        // If the approximation list is empty, it means no approximations were made, therefore the infimum is EXACT
+        let approx = infimum_of_approximation_list(&approximations);
+        let (sound_proofs, sound_refutations) = match direction {
+            Direction::Down => match approx {
+                ApproximationKind::EXACT => (true, true), // Both proofs and refutations are sound
+                ApproximationKind::UNDER => (true, false), // Only proofs are guaranteed to be sound
+                ApproximationKind::OVER => (false, true), // Only refutations are guaranteed to be sound
+                ApproximationKind::UNKNOWN => (false, false), // Neither proofs nor refutations are sound
+            },
+            Direction::Up => match approx {
+                ApproximationKind::EXACT => (true, true), // Both proofs and refutations are sound
+                ApproximationKind::UNDER => (false, true), // Only refutations are guaranteed to be sound
+                ApproximationKind::OVER => (true, false),  // Only proofs are guaranteed to be sound
+                ApproximationKind::UNKNOWN => (false, false), // Neither proofs nor refutations are sound
+            },
+        };
+        Self {
+            sound_proofs,
+            sound_refutations,
+            approximations,
+            calculus,
+        }
+    }
+
+    /// Get whether proofs for this procedure are sound.
+    pub fn sound_proofs(&self) -> bool {
+        self.sound_proofs
+    }
+
+    /// Get whether refutations for this procedure are sound.
+    pub fn sound_refutations(&self) -> bool {
+        self.sound_refutations
+    }
+
+    /// Generate diagnostic labels for all approximating statements in the procedure.
+    pub fn diagnostic_labels(&self) -> Vec<Label> {
+        self.approximations
+            .iter()
+            .map(|approx| {
+                let mut label = Label::new(approx.span).with_message(format!(
+                    "This statement is an {} of the real program behavior",
+                    approx.kind
+                ));
+
+                if let Some(calculus) = self.calculus {
+                    match approx.kind {
+                        ApproximationKind::OVER => {
+                            label = label.with_message(format!(
+                                "For this {} S, {} is over-approximated i.e., vc[S] ≥ {}[S]",
+                                approx.stmt_kind, calculus, calculus
+                            ))
+                        }
+                        ApproximationKind::UNDER => {
+                            label = label.with_message(format!(
+                                "For this {} S, {} is under-approximated i.e., vc[S] ≤ {}[S]",
+                                approx.stmt_kind, calculus, calculus
+                            ));
+                        }
+                        _ => {}
+                    }
+                }
+                label
+            })
+            .collect_vec()
+    }
+
+    /// Generate a diagnostic note explaining the overall approximation of the procedure.
+    pub fn diagnostic_note(&self) -> Option<String> {
+        let is_both_over_and_under = self
+            .approximations
+            .iter()
+            .any(|approx| approx.kind == ApproximationKind::OVER)
+            && self
+                .approximations
+                .iter()
+                .any(|approx| approx.kind == ApproximationKind::UNDER);
+
+        if let Some(calculus) = self.calculus {
+            match self.overall_approximation() {
+                ApproximationKind::OVER => Some(format!(
+                    "the {} of the program is over-approximated, i.e., vc[program] ≥ {}[program]",
+                    calculus, calculus
+                )),
+                ApproximationKind::UNDER => Some(format!(
+                    "the {} of the program is under-approximated, i.e., vc[program] ≤ {}[program]",
+                    calculus, calculus
+                )),
+                ApproximationKind::UNKNOWN => {
+                    if is_both_over_and_under {
+                        Some(format!(
+                            "the {} of the program is both over- and under-approximated in different parts of the program, therefore the approximation relationship for the whole program is unknown.",
+                            calculus,
+                        ))
+                    } else {
+                        Some(format!(
+                            "the approximation relationship of the vc and the {} of the program is unknown.",
+                            calculus,
+                        ))
+                    }
+                }
+                _ => None,
+            }
+        } else {
+            None
+        }
+    }
+
+    fn overall_approximation(&self) -> ApproximationKind {
+        infimum_of_approximation_list(&self.approximations)
+    }
+}
+
+/// Represents the kind of approximation that the vc semantics introduce for the original program semantics.
+///
+/// Approximations can be introduced by encoding annotations on loops or by negations in the program.
+///
+/// - If the the field `under` is true, it means that the vc semantics under-approximates the original program semantics, i.e. vc\[S\] ≤ semantics\[S\].
+/// - If the field `over` is true, it means that the vc semantics over-approximates the original program semantics, i.e. vc\[S\] ≥ semantics\[S\].
+/// - If both fields are true, it means that the vc semantics both under- and over-approximates the original program semantics, therefore it exactly matches the original program semantics, i.e. (vc\[S\] ≤ semantics\[S\]) and (vc\[S\] ≥ semantics\[S\]) hence (vc\[S\] = semantics\[S\]).
+/// - If both fields are false, it means that the vc semantics neither under- nor over-approximates the original program semantics, therefore the approximation is unknown. i.e. !(vc\[S\] ≤ semantics\[S\]) and !(vc\[S\] ≥ semantics\[S\]).
+///
+/// The original program semantics is based on the calculus annotation or the default fixpoint semantics for loops based on the direction and the encoding used.
+///
+/// See also [`infer_fixpoint_semantics_kind`] for more details on how the semantics kind is inferred.
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub struct ApproximationKind {
+    /// True if the vc semantics under-approximates the original program semantics.
+    pub under: bool,
+    /// True if the vc semantics over-approximates the original program semantics.
+    pub over: bool,
+}
+
+impl BitAnd for ApproximationKind {
+    type Output = ApproximationKind;
+
+    // This corresponds to infimum in the lattice of approximations
+    fn bitand(self, rhs: Self) -> Self::Output {
+        ApproximationKind {
+            under: self.under && rhs.under,
+            over: self.over && rhs.over,
+        }
+    }
+}
+
+impl BitOr for ApproximationKind {
+    type Output = ApproximationKind;
+
+    // This corresponds to supremum in the lattice of approximations
+    fn bitor(self, rhs: Self) -> Self::Output {
+        ApproximationKind {
+            under: self.under || rhs.under,
+            over: self.over || rhs.over,
+        }
+    }
+}
+
+impl ApproximationKind {
+    /// vc is both under- and over-approximating the original program semantics.
+    pub const EXACT: Self = Self {
+        under: true,
+        over: true,
+    };
+    /// vc under-approximates the original program semantics.
+    pub const UNDER: Self = Self {
+        under: true,
+        over: false,
+    };
+    /// vc over-approximates the original program semantics.
+    pub const OVER: Self = Self {
+        under: false,
+        over: true,
+    };
+    /// vc neither under- nor over-approximates the original program semantics.
+    ///
+    /// This means !(vc[S] ≤ semantics[S]) and !(vc[S] ≥ semantics[S]).
+    pub const UNKNOWN: Self = Self {
+        under: false,
+        over: false,
+    };
+}
+
+impl fmt::Display for ApproximationKind {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        match *self {
+            ApproximationKind::EXACT => write!(f, "exact approximation"),
+            ApproximationKind::UNDER => write!(f, "under-approximation"),
+            ApproximationKind::OVER => write!(f, "over-approximation"),
+            ApproximationKind::UNKNOWN => write!(f, "unknown approximation"),
+        }
+    }
+}
+
+/// Get a map from source unit names to their corresponding [`ProcSoundness`].
+pub fn get_soundness_map(
+    module: &mut Module,
+    tcx: &mut TyCtx,
+) -> HashMap<SourceUnitName, ProcSoundness> {
+    let mut soundness_map = HashMap::new();
+    let source_units = &mut module.items;
+
+    for source_unit in source_units {
+        let soundness = match source_unit.enter_mut().deref_mut() {
+            SourceUnit::Decl(decl) => match decl {
+                DeclKind::ProcDecl(proc_decl) => soundness_blame_of_proc(&proc_decl.borrow(), tcx),
+                _ => None,
+            },
+            SourceUnit::Raw(ref block) => Some(soundness_blame_of_raw(block, tcx)),
+        };
+        if let Some(soundness_blame) = soundness {
+            soundness_map.insert(source_unit.name().clone(), soundness_blame);
+        }
+    }
+    soundness_map
+}
+
+/// Track under-, over- and unknown approximating statements in a block.
+///
+/// Returns a list of spans and their corresponding approximation kinds of non-exact approximating statements.
+fn track_approximation_in_block(
+    block: &Block,
+    direction: Direction,
+    calculus: Option<Calculus>,
+    tcx: &mut TyCtx,
+) -> ApproximationList {
+    block
+        .node
+        .iter()
+        .flat_map(|stmt| track_approximation_in_statement(stmt, direction, calculus, tcx))
+        .collect()
+}
+
+/// Determine the approximation kind of a statement and track approximation in its sub-statements.
+fn track_approximation_in_statement(
+    s: &Stmt,
+    direction: Direction,
+    calculus: Option<Calculus>,
+    tcx: &mut TyCtx,
+) -> ApproximationList {
+    match &s.node {
+        // Composite statements are handled recursively to collect approximations from sub-statements
+        StmtKind::Seq(stmts) => stmts
+            .iter()
+            .flat_map(|stmt| track_approximation_in_statement(stmt, direction, calculus, tcx))
+            .collect(),
+        StmtKind::If(_, ref block1, ref block2)
+        | StmtKind::Demonic(ref block1, ref block2)
+        | StmtKind::Angelic(ref block1, ref block2) => {
+            let mut acc = track_approximation_in_block(block1, direction, calculus, tcx);
+            acc.extend(track_approximation_in_block(
+                block2, direction, calculus, tcx,
+            ));
+            acc
+        }
+        // A loop itself do not introduce an approximation, but an encoding annotation on top of it may do so.
+        // Therefore, we only track the approximation inside the loop body recursively in this case.
+        // This means that the approximation kind of a while loop is the approximation kind of the loop body.
+        // While loops can not be used without an encoding annotation therefore this inner approximation is never directly recorded.
+        // Instead this will be used by the annotation case below.
+        StmtKind::While(_, ref block) => {
+            track_approximation_in_block(block, direction, calculus, tcx)
+        }
+        // Encoding annotations may cause approximations
+        // This approximation is based on the direction, calculus and the approximation in the loop body
+        StmtKind::Annotation(_, ident, _, inner_stmt) => {
+            // This inner statement is the While case above
+            let mut inner_approximation_list =
+                track_approximation_in_statement(inner_stmt, direction, calculus, tcx);
+
+            // If the annotation is an encoding annotation
+            if let DeclKind::AnnotationDecl(AnnotationKind::Encoding(anno_ref)) =
+                tcx.get(*ident).unwrap().as_ref()
+            {
+                let semantics_type = infer_fixpoint_semantics_kind(
+                    // Qualified because of the RefCell::borrow naming clash
+                    std::borrow::Borrow::borrow(anno_ref),
+                    calculus,
+                    direction,
+                );
+
+                let inner_approximation = infimum_of_approximation_list(&inner_approximation_list);
+
+                // Ask the respective annotation what the resulting approximation(s) will be
+                let approximation = anno_ref.get_approximation(semantics_type, inner_approximation);
+                inner_approximation_list.push(ApproximationRecord {
+                    span: s.span,
+                    stmt_kind: StmtKindName::Loop,
+                    kind: approximation,
+                });
+            }
+            inner_approximation_list
+        }
+        // Negations lead to unknown approximations
+        StmtKind::Negate(_) => vec![ApproximationRecord {
+            span: s.span,
+            stmt_kind: StmtKindName::Stmt,
+            kind: ApproximationKind::UNKNOWN,
+        }],
+        // All other statements do not change the approximation kind, which means they have the EXACT approximation kind
+        _ => vec![],
+    }
+}
+
+/// Compute the [`ProcSoundness`] of a procedure declaration.
+///
+/// Returns `None` if the procedure has no body.
+pub fn soundness_blame_of_proc(decl: &ProcDecl, tcx: &mut TyCtx) -> Option<ProcSoundness> {
+    if let Some(block) = decl.body.borrow_mut().as_mut() {
+        // Get the calculus of the procedure
+        let calculus = get_proc_calculus(decl, tcx).ok().flatten();
+        let direction = decl.direction;
+
+        let approx_list = track_approximation_in_block(block, direction, calculus, tcx);
+
+        return Some(ProcSoundness::new(direction, approx_list, calculus));
+    }
+    None
+}
+
+/// Compute the [`ProcSoundness`] of a raw block (without a procedure declaration).
+///
+/// This assumes no calculus annotation and uses the default fixpoint semantics for loops based on the direction and the encoding used.
+pub fn soundness_blame_of_raw(block: &Block, tcx: &mut TyCtx) -> ProcSoundness {
+    let approx_list = track_approximation_in_block(block, Direction::Down, None, tcx);
+    // Insert the soundness into the map
+    ProcSoundness::new(Direction::Down, approx_list, None)
+}
diff --git a/src/proof_rules/calculus/tests.rs b/src/proof_rules/calculus/tests.rs
index 47c76843..85096ec6 100644
--- a/src/proof_rules/calculus/tests.rs
+++ b/src/proof_rules/calculus/tests.rs
@@ -1,21 +1,4 @@
-use crate::driver::{commands::verify::verify_test, error::CaesarError};
-
-#[test]
-fn test_wp_with_kind_fail() {
-    let source = r#"
-    @wp
-    proc main() -> () {
-        var x: UInt
-        @k_induction(1, x)
-        while 1 <= x {
-            x = x - 1
-        }
-    }
-    "#;
-    let res = matches!(verify_test(source).0, Err(CaesarError::Diagnostic(_)));
-
-    assert!(res);
-}
+use crate::driver::commands::verify::verify_test;
 
 #[test]
 fn test_wp_with_kind_ok() {
@@ -49,28 +32,6 @@ fn test_wlp_with_kind_ok() {
     assert!(!res)
 }
 
-#[test]
-fn test_calculus_encoding_mismatch() {
-    // this should produce an error
-    let source = r#"
-        @wp
-        proc main() -> () {
-            var x: UInt
-            @invariant(x) // invariant encoding within wp reasoning is not sound!
-            while 1 <= x {
-                x = x - 1
-            }
-        }
-    "#;
-    let res = verify_test(source).0;
-    assert!(res.is_err());
-    let err = res.unwrap_err();
-    assert_eq!(
-        err.to_string(),
-        "Error: In procs, the `wp` calculus does not support the `invariant` proof rule."
-    );
-}
-
 #[test]
 fn test_wrong_annotation_usage() {
     // this should produce an error
diff --git a/src/proof_rules/induction.rs b/src/proof_rules/induction.rs
index fd1c83be..83ac1c79 100644
--- a/src/proof_rules/induction.rs
+++ b/src/proof_rules/induction.rs
@@ -21,6 +21,7 @@ use crate::{
     intrinsic::annotations::{
         tycheck_annotation_call, AnnotationDecl, AnnotationError, Calculus, CalculusType,
     },
+    proof_rules::{calculus::ApproximationKind, FixpointSemanticsKind},
     slicing::{wrap_with_error_message, wrap_with_success_message},
     tyctx::TyCtx,
 };
@@ -93,6 +94,25 @@ impl Encoding for InvariantAnnotation {
         )
     }
 
+    fn get_approximation(
+        &self,
+        fixpoint_semantics: FixpointSemanticsKind,
+        inner_approximation_kind: ApproximationKind,
+    ) -> ApproximationKind {
+        let approx = match fixpoint_semantics {
+            FixpointSemanticsKind::LeastFixedPoint => ApproximationKind::OVER,
+            FixpointSemanticsKind::GreatestFixedPoint => ApproximationKind::UNDER,
+        };
+        approx & inner_approximation_kind
+    }
+
+    fn default_fixpoint_semantics(&self, direction: Direction) -> FixpointSemanticsKind {
+        match direction {
+            Direction::Up => FixpointSemanticsKind::LeastFixedPoint,
+            Direction::Down => FixpointSemanticsKind::GreatestFixedPoint,
+        }
+    }
+
     fn transform(
         &self,
         tcx: &TyCtx,
@@ -177,6 +197,25 @@ impl Encoding for KIndAnnotation {
         )
     }
 
+    fn get_approximation(
+        &self,
+        fixpoint_semantics: FixpointSemanticsKind,
+        inner_approximation_kind: ApproximationKind,
+    ) -> ApproximationKind {
+        let approx = match fixpoint_semantics {
+            FixpointSemanticsKind::LeastFixedPoint => ApproximationKind::OVER,
+            FixpointSemanticsKind::GreatestFixedPoint => ApproximationKind::UNDER,
+        };
+        approx & inner_approximation_kind
+    }
+
+    fn default_fixpoint_semantics(&self, direction: Direction) -> FixpointSemanticsKind {
+        match direction {
+            Direction::Up => FixpointSemanticsKind::LeastFixedPoint,
+            Direction::Down => FixpointSemanticsKind::GreatestFixedPoint,
+        }
+    }
+
     fn transform(
         &self,
         tcx: &TyCtx,
diff --git a/src/proof_rules/mciver_ast.rs b/src/proof_rules/mciver_ast.rs
index d95afb30..196a53f4 100644
--- a/src/proof_rules/mciver_ast.rs
+++ b/src/proof_rules/mciver_ast.rs
@@ -25,6 +25,7 @@ use crate::{
     intrinsic::annotations::{
         tycheck_annotation_call, AnnotationDecl, AnnotationError, Calculus, CalculusType,
     },
+    proof_rules::{calculus::ApproximationKind, FixpointSemanticsKind},
     tyctx::TyCtx,
 };
 
@@ -131,6 +132,23 @@ impl Encoding for ASTAnnotation {
         matches!(calculus.calculus_type, CalculusType::Wp) && direction == Direction::Down
     }
 
+    fn get_approximation(
+        &self,
+        fixpoint_semantics: FixpointSemanticsKind,
+        inner_approximation_kind: ApproximationKind,
+    ) -> ApproximationKind {
+        match (fixpoint_semantics, inner_approximation_kind) {
+            (FixpointSemanticsKind::LeastFixedPoint, ApproximationKind::EXACT) => {
+                ApproximationKind::EXACT
+            }
+            _ => ApproximationKind::UNKNOWN,
+        }
+    }
+
+    fn default_fixpoint_semantics(&self, _direction: Direction) -> FixpointSemanticsKind {
+        FixpointSemanticsKind::LeastFixedPoint
+    }
+
     fn transform(
         &self,
         tcx: &TyCtx,
diff --git a/src/proof_rules/mod.rs b/src/proof_rules/mod.rs
index 44587a1c..006da946 100644
--- a/src/proof_rules/mod.rs
+++ b/src/proof_rules/mod.rs
@@ -37,6 +37,7 @@ use crate::{
     intrinsic::annotations::{
         AnnotationError, AnnotationKind, AnnotationUnsoundnessError, Calculus,
     },
+    proof_rules::calculus::ApproximationKind,
     tyctx::TyCtx,
 };
 
@@ -63,6 +64,34 @@ pub struct EncodingEnvironment {
     pub stmt_span: Span,
     pub call_span: Span,
     pub direction: Direction,
+    pub calculus: Option<Calculus>,
+}
+
+/// The type of loop semantics used in the encoding annotations
+pub enum FixpointSemanticsKind {
+    LeastFixedPoint,
+    GreatestFixedPoint,
+}
+
+/// Determine the loop semantics type based on the annotation, calculus, and direction
+///  The semantics are determined by the provided calculus if available; otherwise,
+///  they are inferred from the annotation and direction.
+///
+/// The semantics are primarily determined by the calculus type:
+///  - `CalculusType::Wp` and `CalculusType::Ert` use least fixed point semantics,
+///  - `CalculusType::Wlp` uses greatest fixed point semantics.
+///
+/// If no calculus is provided, the semantics are inferred from the annotation's
+/// default (sound) behavior based on the direction.
+pub fn infer_fixpoint_semantics_kind(
+    encoding: &dyn Encoding,
+    calculus: Option<Calculus>,
+    direction: Direction,
+) -> FixpointSemanticsKind {
+    match calculus {
+        Some(calculus) => calculus.calculus_type.to_fixed_point_semantics_kind(),
+        None => encoding.default_fixpoint_semantics(direction),
+    }
 }
 
 /// The trait that all encoding annotations must implement
@@ -77,7 +106,7 @@ pub trait Encoding: fmt::Debug {
         args: &mut [Expr],
     ) -> Result<(), ResolveError>;
 
-    /// Typecheck the arguments of the annotation call
+    /// Typecheck the arguments of the annotation call.
     fn tycheck(
         &self,
         tycheck: &mut Tycheck<'_>,
@@ -85,7 +114,7 @@ pub trait Encoding: fmt::Debug {
         args: &mut [Expr],
     ) -> Result<(), TycheckError>;
 
-    /// Transform the annotated loop into a sequence of statements and declarations
+    /// Transform the annotated loop into a sequence of statements and declarations.
     fn transform(
         &self,
         tyctx: &TyCtx,
@@ -94,10 +123,22 @@ pub trait Encoding: fmt::Debug {
         enc_env: EncodingEnvironment,
     ) -> Result<GeneratedEncoding, AnnotationError>;
 
-    /// Check if the given calculus annotation is compatible with the encoding annotation
+    /// Check if the given calculus annotation is compatible with the encoding annotation.
     fn is_calculus_allowed(&self, calculus: Calculus, direction: Direction) -> bool;
 
-    /// Indicates if the encoding annotation is required to be the last statement of a procedure
+    /// Select an approximation kind based on the fixpoint semantics and inner approximation kind used.
+    fn get_approximation(
+        &self,
+        fixpoint_semantics: FixpointSemanticsKind,
+        inner_approximation_kind: ApproximationKind,
+    ) -> ApproximationKind;
+
+    /// Get the sound fixpoint semantics kind for this encoding annotation based on the direction.
+    ///
+    /// This function is used when there is no calculus annotation present on the procedure.
+    fn default_fixpoint_semantics(&self, direction: Direction) -> FixpointSemanticsKind;
+
+    /// Indicates if the encoding annotation is required to be the last statement of a procedure.
     fn is_terminator(&self) -> bool;
 
     /// Return an [`Any`] reference for this encoding.
@@ -174,15 +215,15 @@ impl<'tcx> EncodingVisitor<'tcx> {
 /// UnsoundnessError are thrown when the usage of an annotation is unsound (e.g. mismatched calculus, not a terminator, etc.)
 #[derive(Debug)]
 pub enum EncodingVisitorError {
-    AnnotationError(AnnotationError),
-    UnsoundnessError(AnnotationUnsoundnessError),
+    Annotation(AnnotationError),
+    Unsoundness(AnnotationUnsoundnessError),
 }
 
 impl EncodingVisitorError {
     pub fn diagnostic(self) -> Diagnostic {
         match self {
-            EncodingVisitorError::AnnotationError(err) => err.diagnostic(),
-            EncodingVisitorError::UnsoundnessError(err) => err.diagnostic(),
+            EncodingVisitorError::Annotation(err) => err.diagnostic(),
+            EncodingVisitorError::Unsoundness(err) => err.diagnostic(),
         }
     }
 }
@@ -194,28 +235,8 @@ impl<'tcx> VisitorMut for EncodingVisitor<'tcx> {
         let proc_ref = proc_ref.clone(); // lose the reference to &mut self
         let proc = proc_ref.borrow();
 
-        let mut curr_calculus: Option<Calculus> = None;
-        // If the procedure has a calculus annotation, store it as the current calculus
-        if let Some(ident) = proc.calculus.as_ref() {
-            match self.tcx.get(*ident) {
-                Some(decl) => {
-                    if let DeclKind::AnnotationDecl(AnnotationKind::Calculus(calculus)) =
-                        decl.as_ref()
-                    {
-                        curr_calculus = Some(*calculus);
-                    }
-                }
-                None => {
-                    // If there isn't any calculus declaration that matches the annotation, throw an error
-                    return Err(EncodingVisitorError::AnnotationError(
-                        AnnotationError::UnknownAnnotation {
-                            span: proc.span,
-                            annotation_name: *ident,
-                        },
-                    ));
-                }
-            }
-        }
+        let curr_calculus =
+            get_proc_calculus(&proc, self.tcx).map_err(EncodingVisitorError::Annotation)?;
 
         // Store the current procedure context
         self.proc_context = Some(ProcContext {
@@ -252,7 +273,7 @@ impl<'tcx> VisitorMut for EncodingVisitor<'tcx> {
                         .proc_context
                         .as_ref()
                         // If there is no procedure context, throw an error
-                        .ok_or(EncodingVisitorError::AnnotationError(
+                        .ok_or(EncodingVisitorError::Annotation(
                             AnnotationError::NotInProcedure {
                                 span: s.span,
                                 annotation_name: *ident,
@@ -267,7 +288,7 @@ impl<'tcx> VisitorMut for EncodingVisitor<'tcx> {
                     // Check whether the calculus annotation is actually on a while loop (annotations can only be on while loops)
                     if let StmtKind::While(_, _) = inner_stmt.node {
                     } else {
-                        return Err(EncodingVisitorError::AnnotationError(
+                        return Err(EncodingVisitorError::Annotation(
                             AnnotationError::NotOnWhile {
                                 span: annotation_span,
                                 annotation_name: *ident,
@@ -278,7 +299,7 @@ impl<'tcx> VisitorMut for EncodingVisitor<'tcx> {
 
                     // A terminator annotation can't be nested in a block
                     if anno_ref.is_terminator() && self.nesting_level > 0 {
-                        return Err(EncodingVisitorError::UnsoundnessError(
+                        return Err(EncodingVisitorError::Unsoundness(
                             AnnotationUnsoundnessError::NotTerminator {
                                 span: s.span,
                                 enc_name: anno_ref.name(),
@@ -291,12 +312,13 @@ impl<'tcx> VisitorMut for EncodingVisitor<'tcx> {
                         stmt_span: s.span,
                         call_span: annotation_span, // TODO: if I change this to stmt_span, explain core vc works :(
                         direction,
+                        calculus: proc_context.calculus,
                     };
 
                     // Generate new statements (and declarations) from the annotated loop
                     let mut enc_gen = anno_ref
                         .transform(self.tcx, inputs, inner_stmt, enc_env)
-                        .map_err(EncodingVisitorError::AnnotationError)?;
+                        .map_err(EncodingVisitorError::Annotation)?;
 
                     // Visit generated statements
                     self.visit_block(&mut enc_gen.block)?;
@@ -340,7 +362,7 @@ impl<'tcx> VisitorMut for EncodingVisitor<'tcx> {
             | StmtKind::Demonic(_, _)
             | StmtKind::Seq(_) => {
                 if let Some(anno_name) = self.terminator_annotation {
-                    return Err(EncodingVisitorError::UnsoundnessError(
+                    return Err(EncodingVisitorError::Unsoundness(
                         AnnotationUnsoundnessError::NotTerminator {
                             span: s.span,
                             enc_name: anno_name,
@@ -355,7 +377,7 @@ impl<'tcx> VisitorMut for EncodingVisitor<'tcx> {
             _ => {
                 // If there was a terminator annotation before, don't allow further statements
                 if let Some(anno_name) = self.terminator_annotation {
-                    return Err(EncodingVisitorError::UnsoundnessError(
+                    return Err(EncodingVisitorError::Unsoundness(
                         AnnotationUnsoundnessError::NotTerminator {
                             span: s.span,
                             enc_name: anno_name,
@@ -369,3 +391,31 @@ impl<'tcx> VisitorMut for EncodingVisitor<'tcx> {
         Ok(())
     }
 }
+
+/// Get the calculus from a procedure declaration if it exists.
+///
+/// Returns an error if the annotation is not valid.
+pub fn get_proc_calculus(
+    proc: &ProcDecl,
+    tcx: &TyCtx,
+) -> Result<Option<Calculus>, AnnotationError> {
+    // If the procedure has a calculus annotation, try to extract it
+    if let Some(ident) = proc.calculus.as_ref() {
+        match tcx.get(*ident) {
+            Some(decl) => {
+                if let DeclKind::AnnotationDecl(AnnotationKind::Calculus(calculus)) = decl.as_ref()
+                {
+                    return Ok(Some(*calculus));
+                }
+            }
+            None => {
+                // If there isn't any calculus declaration that matches the annotation, throw an error
+                return Err(AnnotationError::UnknownAnnotation {
+                    span: proc.span,
+                    annotation_name: *ident,
+                });
+            }
+        }
+    }
+    Ok(None)
+}
diff --git a/src/proof_rules/omega.rs b/src/proof_rules/omega.rs
index 0e9a8f4f..37f0ceba 100644
--- a/src/proof_rules/omega.rs
+++ b/src/proof_rules/omega.rs
@@ -21,6 +21,7 @@ use crate::{
     intrinsic::annotations::{
         tycheck_annotation_call, AnnotationDecl, AnnotationError, Calculus, CalculusType,
     },
+    proof_rules::{calculus::ApproximationKind, FixpointSemanticsKind},
     tyctx::TyCtx,
 };
 
@@ -109,6 +110,25 @@ impl Encoding for OmegaInvAnnotation {
         )
     }
 
+    fn get_approximation(
+        &self,
+        fixpoint_semantics: FixpointSemanticsKind,
+        inner_approximation_kind: ApproximationKind,
+    ) -> ApproximationKind {
+        let approx = match fixpoint_semantics {
+            FixpointSemanticsKind::LeastFixedPoint => ApproximationKind::UNDER,
+            FixpointSemanticsKind::GreatestFixedPoint => ApproximationKind::OVER,
+        };
+        approx & inner_approximation_kind
+    }
+
+    fn default_fixpoint_semantics(&self, direction: Direction) -> FixpointSemanticsKind {
+        match direction {
+            Direction::Up => FixpointSemanticsKind::GreatestFixedPoint,
+            Direction::Down => FixpointSemanticsKind::LeastFixedPoint,
+        }
+    }
+
     fn transform(
         &self,
         tcx: &TyCtx,
diff --git a/src/proof_rules/ost.rs b/src/proof_rules/ost.rs
index 33c8d687..f101fcd6 100644
--- a/src/proof_rules/ost.rs
+++ b/src/proof_rules/ost.rs
@@ -23,6 +23,7 @@ use crate::{
     intrinsic::annotations::{
         tycheck_annotation_call, AnnotationDecl, AnnotationError, Calculus, CalculusType,
     },
+    proof_rules::{calculus::ApproximationKind, FixpointSemanticsKind},
     tyctx::TyCtx,
 };
 
@@ -96,6 +97,26 @@ impl Encoding for OSTAnnotation {
         matches!(calculus.calculus_type, CalculusType::Wp) && direction == Direction::Down
     }
 
+    fn get_approximation(
+        &self,
+        fixpoint_semantics: FixpointSemanticsKind,
+        inner_approximation_kind: ApproximationKind,
+    ) -> ApproximationKind {
+        match (fixpoint_semantics, inner_approximation_kind) {
+            (FixpointSemanticsKind::LeastFixedPoint, ApproximationKind::EXACT) => {
+                ApproximationKind::EXACT
+            }
+            _ => ApproximationKind::UNKNOWN,
+        }
+    }
+
+    fn default_fixpoint_semantics(&self, direction: Direction) -> FixpointSemanticsKind {
+        match direction {
+            Direction::Up => FixpointSemanticsKind::LeastFixedPoint,
+            Direction::Down => FixpointSemanticsKind::GreatestFixedPoint,
+        }
+    }
+
     fn transform(
         &self,
         tcx: &TyCtx,
diff --git a/src/proof_rules/past.rs b/src/proof_rules/past.rs
index ac6124f8..54bb5aa3 100644
--- a/src/proof_rules/past.rs
+++ b/src/proof_rules/past.rs
@@ -24,6 +24,7 @@ use crate::{
     intrinsic::annotations::{
         tycheck_annotation_call, AnnotationDecl, AnnotationError, Calculus, CalculusType,
     },
+    proof_rules::{calculus::ApproximationKind, FixpointSemanticsKind},
     tyctx::TyCtx,
 };
 
@@ -89,6 +90,26 @@ impl Encoding for PASTAnnotation {
         matches!(calculus.calculus_type, CalculusType::Ert) && direction == Direction::Up
     }
 
+    fn get_approximation(
+        &self,
+        fixpoint_semantics: FixpointSemanticsKind,
+        inner_approximation_kind: ApproximationKind,
+    ) -> ApproximationKind {
+        match (fixpoint_semantics, inner_approximation_kind) {
+            (FixpointSemanticsKind::LeastFixedPoint, ApproximationKind::EXACT) => {
+                ApproximationKind::EXACT
+            }
+            _ => ApproximationKind::UNKNOWN,
+        }
+    }
+
+    fn default_fixpoint_semantics(&self, direction: Direction) -> FixpointSemanticsKind {
+        match direction {
+            Direction::Up => FixpointSemanticsKind::LeastFixedPoint,
+            Direction::Down => FixpointSemanticsKind::GreatestFixedPoint,
+        }
+    }
+
     fn transform(
         &self,
         tcx: &TyCtx,
diff --git a/src/proof_rules/unroll.rs b/src/proof_rules/unroll.rs
index 0d8bf048..6b8a3b34 100644
--- a/src/proof_rules/unroll.rs
+++ b/src/proof_rules/unroll.rs
@@ -20,6 +20,7 @@ use crate::{
     intrinsic::annotations::{
         tycheck_annotation_call, AnnotationDecl, AnnotationError, Calculus, CalculusType,
     },
+    proof_rules::{calculus::ApproximationKind, FixpointSemanticsKind},
     tyctx::TyCtx,
 };
 
@@ -90,6 +91,25 @@ impl Encoding for UnrollAnnotation {
         )
     }
 
+    fn get_approximation(
+        &self,
+        fixpoint_semantics: FixpointSemanticsKind,
+        inner_approximation_kind: ApproximationKind,
+    ) -> ApproximationKind {
+        let approx = match fixpoint_semantics {
+            FixpointSemanticsKind::LeastFixedPoint => ApproximationKind::UNDER,
+            FixpointSemanticsKind::GreatestFixedPoint => ApproximationKind::OVER,
+        };
+        approx & inner_approximation_kind
+    }
+
+    fn default_fixpoint_semantics(&self, direction: Direction) -> FixpointSemanticsKind {
+        match direction {
+            Direction::Up => FixpointSemanticsKind::GreatestFixedPoint,
+            Direction::Down => FixpointSemanticsKind::LeastFixedPoint,
+        }
+    }
+
     fn transform(
         &self,
         tcx: &TyCtx,
diff --git a/src/servers/cli.rs b/src/servers/cli.rs
index b96b8299..4e355538 100644
--- a/src/servers/cli.rs
+++ b/src/servers/cli.rs
@@ -16,6 +16,7 @@ use crate::{
         item::{Item, SourceUnitName},
         smt_proof::SmtVcProveResult,
     },
+    proof_rules::calculus::ProcSoundness,
     smt::translate_exprs::TranslateExprs,
     vc::explain::VcExplanation,
 };
@@ -112,6 +113,7 @@ impl Server for CliServer {
         name: &SourceUnitName,
         result: &mut SmtVcProveResult<'ctx>,
         translate: &mut TranslateExprs<'smt, 'ctx>,
+        _proc_soundness: &ProcSoundness,
     ) -> Result<(), ServerError> {
         result.print_prove_result(self, translate, name);
         Ok(())
diff --git a/src/servers/lsp.rs b/src/servers/lsp.rs
index 089ab525..650c8f55 100644
--- a/src/servers/lsp.rs
+++ b/src/servers/lsp.rs
@@ -28,6 +28,7 @@ use crate::{
         item::{Item, SourceUnitName},
         smt_proof::SmtVcProveResult,
     },
+    proof_rules::calculus::ProcSoundness,
     servers::{FileStatus, FileStatusType},
     smt::translate_exprs::TranslateExprs,
     vc::explain::VcExplanation,
@@ -427,8 +428,9 @@ impl Server for LspServer {
         name: &SourceUnitName,
         result: &mut SmtVcProveResult<'ctx>,
         translate: &mut TranslateExprs<'smt, 'ctx>,
+        proc_soundness: &ProcSoundness,
     ) -> Result<(), ServerError> {
-        result.emit_diagnostics(name.span(), self, translate)?;
+        result.emit_diagnostics(name.span(), self, translate, proc_soundness)?;
         let statuses = &mut self
             .file_statuses
             .entry(name.span().file)
diff --git a/src/servers/mod.rs b/src/servers/mod.rs
index 4316516a..c06d5d25 100644
--- a/src/servers/mod.rs
+++ b/src/servers/mod.rs
@@ -12,6 +12,7 @@ use crate::{
         item::{Item, SourceUnitName},
         smt_proof::SmtVcProveResult,
     },
+    proof_rules::calculus::ProcSoundness,
     smt::translate_exprs::TranslateExprs,
     vc::explain::VcExplanation,
 };
@@ -191,6 +192,7 @@ pub trait Server: Send {
         name: &SourceUnitName,
         result: &mut SmtVcProveResult<'ctx>,
         translate: &mut TranslateExprs<'smt, 'ctx>,
+        proc_soundness: &ProcSoundness,
     ) -> Result<(), ServerError>;
 
     /// Return an exit code for the process.
diff --git a/src/servers/test.rs b/src/servers/test.rs
index 371a0371..ba9acd3c 100644
--- a/src/servers/test.rs
+++ b/src/servers/test.rs
@@ -13,6 +13,7 @@ use crate::{
         item::{Item, SourceUnitName},
         smt_proof::SmtVcProveResult,
     },
+    proof_rules::calculus::ProcSoundness,
     servers::FileStatus,
     smt::translate_exprs::TranslateExprs,
     vc::explain::VcExplanation,
@@ -105,6 +106,7 @@ impl Server for TestServer {
         name: &SourceUnitName,
         result: &mut SmtVcProveResult<'ctx>,
         _translate: &mut TranslateExprs<'smt, 'ctx>,
+        _proc_soundness: &ProcSoundness,
     ) -> Result<(), ServerError> {
         let statuses = &mut self
             .file_statuses
diff --git a/src/vc/explain.rs b/src/vc/explain.rs
index 9fcde836..35f5726e 100644
--- a/src/vc/explain.rs
+++ b/src/vc/explain.rs
@@ -270,6 +270,7 @@ fn explain_unroll(
         stmt_span,
         call_span,
         direction,
+        calculus: None, // calculus only affects the approximation, which is not relevant while explaining unrolling
     };
 
     // 1. generate the explanations for the loop body in k-1 iterations
diff --git a/website/docs/proof-rules/approximations.md b/website/docs/proof-rules/approximations.md
new file mode 100644
index 00000000..ac89962e
--- /dev/null
+++ b/website/docs/proof-rules/approximations.md
@@ -0,0 +1,273 @@
+---
+sidebar_position: 6
+description: Approximating original program semantics
+---
+
+```mdx-code-block
+import Link from '@docusaurus/Link';
+```
+
+As mentioned [before](https://www.caesarverifier.org/docs/heyvl/statements#semantics), HeyVL statements are interpreted via the (quantitative) verification condition semantics (vc), which are similar to other calculi such as wp, wlp, and ert. For such calculi, exactly computing the pre-expectation of a loop requires computing a least or greatest fixed point, which is infeasible in general. Instead, we use [proof rules](./README.md) to *approximate* the actual pre-expectation. In addition, other statements such as [negations](../heyvl/statements#negations) can also cause approximations.
+
+Caesar keeps track of these approximations and derives soundness diagnostics based on them. This means that Caesar can indicate that a verification result might be unsound. There are four possible approximation kinds: _Over_, _Under_, _Exact_, and _Unknown_.
+
+- **Exact** means no approximation is performed.
+- **Under** means the pre-expectation is approximated from below.
+- **Over** means the pre-expectation is approximated from above.
+- **Unknown** means it is not known whether the approximation is an over- or under-approximation.
+
+Formally, let $\text{calculus}[S](X)$ be the pre-expectation of a statement $S$ with post-expectation $X$ in some pre-expectation calculus, and let $\text{vc}[S](X)$ be the verification condition semantics of $S$ with post-expectation $X$. The approximations are defined as follows:
+
+- **Exact**: $\text{calculus}[S](X) = \text{vc}[S](X)$ for all $X$
+- **Under**: $\text{calculus}[S](X) \geq \text{vc}[S](X)$ for all $X$
+- **Over**: $\text{vc}[S](X) \geq \text{calculus}[S](X)$ for all $X$
+- **Unknown**: none of the above holds
+
+Every HeyVL statement can be assigned one of these approximations based on information about the scope in which the statement appears (e.g., whether it is in a `proc` or a `coproc`, and which [calculus annotation](./calculi) is used).
+
+Currently, every statement except proof-rule-annotated loops and negations is assigned the **Exact** approximation. Of these two exceptions, **negations always yield an Unknown approximation**, whereas proof-rule-annotated loops can yield all four approximations depending on the proof rule used. We discuss these cases in more detail below.
+
+It is also possible to order these approximation types using a partial order. This is useful when combining approximations from multiple statements. The following diagram shows this ordering:
+
+```mermaid
+graph TD;
+    Exact-->Over;
+    Exact-->Under;
+    Over-->Unknown;
+    Under-->Unknown;
+```
+
+As can be seen, this ordering forms a lattice with **Exact** as the most precise approximation and **Unknown** as the least precise one.
+
+For a block of statements, the approximation is computed by combining the approximations of the individual statements in the block. When combining approximations, Caesar uses the least upper bound (join) operation of this lattice.
+
+For example, if one statement in a block yields an **Over** approximation and another yields an **Exact** approximation, the combined approximation for the block is **Over**. Intuitively, if one statement in a block yields an **Over** approximation, the entire block cannot be more precise than that. Similarly, if one statement yields an **Under** approximation and another yields an **Exact** approximation, the combined approximation for the block is **Under**. If there are multiple statements with **Over** and **Under** approximations, the combined approximation is **Unknown**.
+
+In the following sections, we explain how proof rules yield different approximations depending on the fixed point semantics used for loops.
+
+## Fixed Point Semantics
+
+How a proof rule approximates the original program semantics depends on the fixed point semantics used for loops (least or greatest). Each calculus (`wp`, `wlp`, `ert`) uses either least or greatest fixed point semantics for loops. The following table summarizes this:
+
+| Calculus | Fixed Point Semantics for Loops |
+| -------- | ------------------------------- |
+| `@wp`    | Least Fixed Point               |
+| `@wlp`   | Greatest Fixed Point            |
+| `@ert`   | Least Fixed Point               |
+
+Therefore, if a `proc` or `coproc` is annotated with a calculus (`@wp`, `@wlp`, or `@ert`), the fixed point semantics are determined according to the table above. Calculus annotations are optional; if no annotation is present, Caesar assumes default fixed point semantics based on whether the construct is a `proc` or a `coproc`. The following table summarizes these defaults:
+
+| Procedure Kind | Default Fixed Point Semantics for Loops |
+| -------------- | --------------------------------------- |
+| `proc`         | Least Fixed Point                       |
+| `coproc`       | Greatest Fixed Point                    |
+
+Some proof rules are only sound for certain fixed point semantics. Additionally, some proof rules have variants and therefore yield different approximations depending on the fixed point semantics.
+
+## Proof Rule Approximations
+
+Each proof rule yields different approximations depending on the fixed point semantics used for loops. Additionally, the approximation of the loop body also affects the overall approximation of the loop statement.
+
+The following table summarizes which proof rules yield which approximations depending on the fixed point semantics used for loops, **assuming the loop body has an Exact approximation**.
+
+<table>
+    <thead>
+        <tr>
+            <td>Proof Rule</td>
+            <td>Approximation for LFP (`@wp`, `@ert`, or `proc` without annotation)</td>
+            <td>Approximation for GFP (`@wlp` or `coproc` without annotation)</td>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td><Link to="./induction">(k)-Induction</Link></td>
+            <td>Overapproximation</td>
+            <td>Underapproximation</td>
+        </tr>
+        <tr>
+            <td><Link to="./unrolling">Loop Unrolling</Link></td>
+            <td>Underapproximation</td>
+            <td>Overapproximation</td>
+        </tr>
+        <tr>
+            <td><Link to="./omega-invariants">ω-invariants</Link></td>
+            <td>Underapproximation</td>
+            <td>Overapproximation</td>
+        </tr>
+        <tr>
+            <td><Link to="./ast">Almost-Sure Termination Rule</Link></td>
+            <td>Exact</td>
+            <td>Unknown</td>
+        </tr>
+        <tr>
+            <td><Link to="./past">Positive Almost-Sure Termination Rule</Link></td>
+            <td>Exact</td>
+            <td>Unknown</td>
+        </tr>
+        <tr>
+            <td><Link to="./ost">Optional Stopping Theorem</Link></td>
+            <td>Exact</td>
+            <td>Unknown</td>
+        </tr>
+    </tbody>
+</table>
+
+For the following proof rules, the approximation of the loop body is directly combined with the default approximation yielded by the proof rule according to the table above:
+- <Link to="./induction">(k)-Induction</Link>
+- <Link to="./unrolling">Loop Unrolling</Link>
+- <Link to="./omega-invariants">ω-invariants</Link>
+
+For example, consider the following code:
+
+```heyvl
+@wp proc example() -> () {
+    @invariant(...)
+    while (...) {
+        // loop body with Under approximation
+    }
+}
+```
+
+Here, the loop uses the (k)-Induction proof rule with the `@wp` calculus annotation. According to the table above, (k)-Induction with LFP semantics yields an **Over** approximation. However, since the loop body has an **Under** approximation, the overall approximation for the loop is computed by combining **Over** and **Under**, which results in an **Unknown** approximation.
+
+The following proof rules assume that you do not approximate within your `while` loops, but instead encode the *exact* `wp`/`ert` semantics of your program:
+- <Link to="./ast">Almost-Sure Termination Rule</Link>
+- <Link to="./past">Positive Almost-Sure Termination Rule</Link>
+- <Link to="./ost">Optional Stopping Theorem</Link>
+
+This is because these proof rules implicitly perform both lower- and upper-bound checks on the loop body and therefore require the exact loop body semantics. Consequently, if the loop body does not have an **Exact** approximation, the overall approximation for the loop is set to **Unknown**.
+
+# Soundness
+
+Caesar uses these approximations to derive soundness diagnostics for verification results. An important use case for these diagnostics is when you want to *refute* a lower or upper bound instead of verifying it. In other words, the user can intentionally use Caesar to show that a certain expectation is **not** a lower or upper bound. If such a refutation is unsound, Caesar will indicate this via soundness diagnostics. Similarly, if the user wants to verify a lower or upper bound but the verification is unsound, Caesar will also indicate this.
+
+We now explain when a verification or refutation is sound or unsound based on the approximations derived above. This is based on a simple transitivity argument.
+
+## Sound and Unsound Verifications
+
+Consider the following HeyVL procedure:
+
+```heyvl
+@wp proc example() -> ()
+    pre L // some lower-bound expectation
+    post X
+{
+    S;  // some statement
+}
+```
+
+Note that this is a `proc` annotated with the `@wp` calculus. Therefore, the goal of the verification is to prove that $L \leq wp[S](X)$, where $wp[S](X)$ is the pre-expectation of statement $S$ with post-expectation $X$ in the `@wp` calculus (i.e., the weakest pre-expectation). However, as explained above, Caesar might not compute the exact weakest pre-expectation $wp[S](X)$, but instead computes an approximation $vc[S](X)$ based on the derived approximations. Therefore, what Caesar actually verifies is $L \leq vc[S](X)$. This is exactly the verification condition semantics of statement $S$ with post-expectation $X$.
+
+If $vc[S](X)$ is an **Under** approximation of $wp[S](X)$, i.e., $vc[S](X) \leq wp[S](X)$, then we have:
+$$
+L \leq vc[S](X) \leq wp[S](X).
+$$
+By transitivity of $\leq$, it follows that $L \leq wp[S](X)$, and thus the verification is sound.
+
+If instead $vc[S](X)$ is an **Over** approximation of $wp[S](X)$, i.e., $wp[S](X) \leq vc[S](X)$, then we cannot derive any relation between $L$ and $wp[S](X)$ from $L \leq vc[S](X)$ and $vc[S](X) \geq wp[S](X)$. Therefore, in this case, the verification might be unsound.
+
+To summarize:
+
+<table>
+    <thead>
+        <tr>
+            <td>Procedure Kind</td>
+            <td>Exact</td>
+            <td>Over</td>
+            <td>Under</td>
+            <td>Unknown</td>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td>`proc`</td>
+            <td>Sound</td>
+            <td>Unsound</td>
+            <td>Sound</td>
+            <td>Unsound</td>
+        </tr>
+        <tr>
+            <td>`coproc`</td>
+            <td>Sound</td>
+            <td>Sound</td>
+            <td>Unsound</td>
+            <td>Unsound</td>
+        </tr>
+    </tbody>
+</table>
+
+In the case of an *unsound* verification, Caesar reports this as a diagnostic in the verification result.
+
+## Sound and Unsound Refutations
+
+We now consider the same HeyVL procedure as above, but assume that the user wants to refute the lower bound $L$. Suppose the verification fails, i.e., Caesar shows that $L \nleq vc[S](X)$.
+
+If $vc[S](X)$ is an **Over** approximation of $wp[S](X)$, i.e., $wp[S](X) \leq vc[S](X)$, then $L$ cannot be a lower bound of $wp[S](X)$. Otherwise, we would have:
+$$
+L \leq wp[S](X) \leq vc[S](X),
+$$
+which contradicts the assumption that $L \nleq vc[S](X)$. Therefore, it follows that $L \nleq wp[S](X)$, and hence the refutation is sound.
+
+If instead $vc[S](X)$ is an **Under** approximation of $wp[S](X)$, i.e., $vc[S](X) \leq wp[S](X)$, then we cannot derive any relation between $L$ and $wp[S](X)$ from $L \nleq vc[S](X)$ and $vc[S](X) \leq wp[S](X)$, because $L$ might still lie between $vc[S](X)$ and $wp[S](X)$. Therefore, in this case, the refutation might be unsound.
+
+To summarize:
+
+<table>
+    <thead>
+        <tr>
+            <td>Procedure Kind</td>
+            <td>Exact</td>
+            <td>Over</td>
+            <td>Under</td>
+            <td>Unknown</td>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td>`proc`</td>
+            <td>Sound</td>
+            <td>Sound</td>
+            <td>Unsound</td>
+            <td>Unsound</td>
+        </tr>
+        <tr>
+            <td>`coproc`</td>
+            <td>Sound</td>
+            <td>Unsound</td>
+            <td>Sound</td>
+            <td>Unsound</td>
+        </tr>
+    </tbody>
+</table>
+
+In the case of an *unsound* refutation (counterexample), Caesar will indicate that this counterexample might not apply to the original program.
+
+## Example
+
+Ultimately, whether a verification result or counterexample is sound or unsound depends on multiple factors explained above: the procedure kind, the calculus annotation, the proof rules used, and the approximations of the loop bodies.
+
+We now illustrate how these factors come together with an example. Consider the following HeyVL procedure:
+
+```heyvl
+@wp proc am_i_sound() -> ()
+pre ...
+post ...
+{
+    @invariant(...)
+    while (...) {
+        ... // loop body with Exact approximation
+    }
+}
+```
+
+We explain step by step whether a verification of a lower bound in this procedure is sound or unsound.
+
+First we notice that there is a calculus annotation here, which means the procedure kind (`proc`) does not determine the fixed point semantics. Instead, the `@wp` annotation indicates that the loop uses least fixed point semantics. 
+
+Next, we look at the proof rule used for the loop. The loop uses the <Link to="./induction">Induction</Link> proof rule, which according to the table above yields an **Over** approximation for least fixed point semantics. Combining **Over** (from the proof rule) and **Exact** (from the loop body) yields an overall **Over** approximation for the loop.
+
+Finally, we look at the procedure kind, which is a `proc`. According to the soundness table for verifications, a `proc` with an **Over** approximation yields an *unsound* verification. Therefore, if Caesar verifies a lower bound in this procedure, it will indicate that the verification might be unsound. 
+
+Let's instead assume that Caesar refutes the lower bound in this procedure, i.e., the verification fails. According to the soundness table for refutations, a `proc` with an **Over** approximation yields a *sound* refutation.
+
+If we change the calculus annotation from `@wp` to `@wlp`, the fixed point semantics change from least to greatest. Therefore the procedure now becomes sound for verifications and unsound for refutations.