Verified Software: Theories, Tools, Experiments

Volume 4171 of the series Lecture Notes in Computer Science pp 374-383

Verify Your Runs

  • Klaus HavelundAffiliated withKestrel Technology
  • , Allen GoldbergAffiliated withKestrel Technology


A program verifier determines whether a program satisfies a specification. Ideally verification is achieved by static analysis without executing the code. However, program verification is unsolvable in general. The interactive approach, for example with a human guiding a theorem prover, does not in practice scale to large software systems. Some restricted kinds of specifications can, however, be checked automatically, for example type definitions. Also static analysis of properties such as un-initialized variables, null-pointer de-referencing, and arraybound violations scales to production programs on the order of hundreds of thousands of lines of code. Even concurrency-related problems such as data races and deadlocks can to some extent be checked statically, although often resulting in false positives. However, going beyond these simple properties to arbitrarily complex behavior specification and scaling to ever-growing production program size is undoubtedly a challenge, and in our opinion we cannot expect regular economic use of program verification of arbitrary properties to be fully achieved within the 15 year time horizon of the challenge.