A machine-checked soundness proof for an efficient verification condition generator

Verification conditions (VCs) are logical formulae whose validity implies the correctness of a program with respect to a specification. The technique of checking software properties by specifying them in a program logic, then generating VCs, and finally feeding these VCs to a theorem prover, is several decades old. It is the underlying technology for state-of-the-art program verifiers such as the Spec# programming system, or ESC/Java. The classic way of computing VCs is by means of Dijkstra's weakest precondition calculus. However, modern verification condition generators (VCgens), including Spec# and ESC/Java's VCgens, are based on an optimized version of this algorithm, that avoids an exponential growth of the VCs in the length of the program to be verified. For this optimized VCgen algorithm, only informal soundness arguments are available. The main contribution of this paper is a fully formal, machine-checked proof of the soundness of such an efficient VCgen algorithm.

[1]  Gary T. Leavens,et al.  Specification and verification challenges for sequential object-oriented programs , 2007, Formal Aspects of Computing.

[2]  Frank Piessens,et al.  VeriCool: An Automatic Verifier for a Concurrent Object-Oriented Language , 2008, FMOODS.

[3]  Claude Marché,et al.  Multi-prover Verification of C Programs , 2004, ICFEM.

[4]  K. Rustan M. Leino,et al.  Extended Static Checking: A Ten-Year Perspective , 2001, Informatics.

[5]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[6]  Wolfram Schulte,et al.  A Glimpse of a Verifying C Compiler – Extended Abstract – , 2007 .

[7]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[8]  Claude Marché,et al.  The KRAKATOA tool for certificationof JAVA/JAVACARD programs annotated in JML , 2004, J. Log. Algebraic Methods Program..

[9]  K. Rustan M. Leino,et al.  A Verifying Compiler for a Multi-threaded Object-Oriented Language , 2007 .

[10]  K. Rustan M. Leino,et al.  An Extended Static Checker for Modular-3 , 1998, CC.

[11]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[12]  Frank Piessens,et al.  A Machine Checked Soundness Proof for an Intermediate Verification Language , 2009, SOFSEM.

[13]  Frank Piessens,et al.  A glimpse of a verifying C compiler , 2007 .

[14]  K. Rustan M. Leino,et al.  Efficient weakest preconditions , 2005, Inf. Process. Lett..

[15]  Pierre Castéran,et al.  Interactive Theorem Proving and Program Development , 2004, Texts in Theoretical Computer Science An EATCS Series.

[16]  Peter Müller,et al.  Formal Translation of Bytecode into BoogiePL , 2007, Electron. Notes Theor. Comput. Sci..

[17]  C. A. R. Hoare,et al.  An axiomatic basis for computer programming , 1969, CACM.

[18]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[19]  Cormac Flanagan,et al.  Avoiding exponential explosion: generating compact verification conditions , 2001, POPL '01.

[20]  Claude Marché,et al.  The Why/Krakatoa/Caduceus Platform for Deductive Program Verification , 2007, CAV.