Formal Aspects of Computing

, Volume 23, Issue 5, pp 607–626 | Cite as

Building a push-button RESOLVE verifier: Progress and challenges

  • Murali Sitaraman
  • Bruce Adcock
  • Jeremy Avigad
  • Derek Bronish
  • Paolo Bucci
  • David Frazier
  • Harvey M. Friedman
  • Heather Harton
  • Wayne Heym
  • Jason Kirschenbaum
  • Joan Krone
  • Hampton Smith
  • Bruce W. Weide
Original Article


A central objective of the verifying compiler grand challenge is to develop a push-button verifier that generates proofs of correctness in a syntax-driven fashion similar to the way an ordinary compiler generates machine code. The software developer’s role is then to provide suitable specifications and annotated code, but otherwise to have no direct involvement in the verification step. However, the general mathematical developments and results upon which software correctness is based may be established through a separate formal proof process in which proofs might be mechanically checked, but not necessarily automatically generated. While many ideas that could conceivably form the basis for software verification have been known “in principle” for decades, and several tools to support an aspect of verification have been devised, practical fully automated verification of full software behavior remains a grand challenge. This paper explains how RESOLVE takes a step towards addressing this challenge by integrating foundational and practical elements of software engineering, programming languages, and mathematical logic into a coherent framework. Current versions of the RESOLVE verifier generate verification conditions (VCs) for the correctness of component-based software in a modular fashion—one component at a time. The VCs are currently verified using automated capabilities of the Isabelle proof assistant, the SMT solver Z3, a minimalist rewrite prover, and some specialized decision procedures. Initial experiments with the tools and further analytic considerations show both the progress that has been made and the challenges that remain.


Languages Software engineering Theorem proving Tools Verification 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. AiL97.
    Aichernig BK, Larson PG (1997) A proof obligation generator for VDM-SL, In: Proc. FME 4, LNCS 1313. Springer, New YorkGoogle Scholar
  2. AHL08.
    Alkassar E, Hillebrand M, Leinenbach D, Schirmer NW, Starostin A (2008) The Verisoft approach to system verification. In: Proc. VSTTE 2008. Springer, New YorkGoogle Scholar
  3. Bar02.
    Barnes J (2002) High-integrity Ada: the Spark approach. Addison-Wesley, USAGoogle Scholar
  4. BaC06.
    Barnett M, Chang BYE et al (2006) Boogie: a modular reusable verifier for object-oriented programs. In: de Boer FS, Bonsangue MM, de Roever W-P (eds) Proc. FMCO 4, LNCS 4111. Springer, pp 364–387Google Scholar
  5. BLS04.
    Barnett M, Leino KR, Schulte W (2004) The Spec# programming system: an overview. In: Burdy L, Huisman M (eds) Construction and analysis of safe, secure and interoperable smart devices international workshop, LNCS 3362. Springer, pp 49–69Google Scholar
  6. BaT07.
    Barrett C, Tinelli C (2007) CVC3. In: Damm W, Hermanns H (eds) Proc. CAV 19, LNCS 4590. Springer, pp 298–302Google Scholar
  7. BrM07.
    Bradley A, Manna Z (2007) The calculus of computation: decision procedures with applications to verification. Springer, New YorkzbMATHGoogle Scholar
  8. BCC05.
    Burdy L, Cheon Y, Cok D, Ernst M, Kiniry J, Leavens GT, Leino KRM, Poll E (2005) An overview of JML tools and applications. STTT 7(3): 212–232CrossRefGoogle Scholar
  9. Cok08.
    Cok D (2008) Adapting JML to generic types and Java 1.6. In: Proc. SAVCBS, pp 27–35.
  10. Coq10.
    The Coq proof assistant reference manual version v8.1.
  11. DaM06.
    Darvas Á, Müller P (2006) Reasoning about method calls in interface specifications. J Object Technol (JOT) 5(5): 50–85Google Scholar
  12. deM08.
    de Moura L, Bjørner N (2008) Z3: An efficient SMT solver. In: Proc. TACAS, pp 337–340Google Scholar
  13. DLN98.
    Detlefs DL, Leino KRM, Nelson G, Saxe JB (1998) Extended static checking. Research Report 159, Compaq Systems Research CenterGoogle Scholar
  14. DNS05.
    Detlefs D, Nelson G, Saxe JB (2005) Simplify: a theorem prover for program checking. JACM 52(2):365–473Google Scholar
  15. EHO94.
    Ernst GW, Hookway RJ, Ogden WF (1994) Modular verification of data abstractions with shared realizations. IEEE TSE 20(4): 288–307Google Scholar
  16. FOS80.
    Ferro A, Omodeo EG, Schwartz JT (1980) Decision procedures for elementary sublanguages of set theory. I. Multi-level syllogistic and some extensions. Commun Pure Appl Math 33: 599–608MathSciNetzbMATHCrossRefGoogle Scholar
  17. FiM07.
    Filliâtre J, Marché C (2007) The Why/Krakatoa/Caduceus platform for deductive program verification. In: Damm W, Hermanns H (eds) Proc. CAV 19, LNCS 4590. Springer, New YorkGoogle Scholar
  18. Fri09.
    Friedman HM (2009) Deciding statements about strings with applications to program verification. OSU-CISRC-8/09-TR42, Department of Computer Science and Engineering, The Ohio State UniversityGoogle Scholar
  19. GNR07.
    Ghilardi S, Nicolini E, Ranise S, Zucchelli D (2007) Decision procedures for extensions of the theory of arrays. Ann Math Artif Intell 50(3–4): 231–254MathSciNetzbMATHCrossRefGoogle Scholar
  20. Har08.
    Harrison J (2008) Formal proof—theory and practice. Notices of the AMS 55: 1395–1406zbMATHGoogle Scholar
  21. HaW91.
    Harms DE, Weide BW (1991) Copying and swapping: influences on the design of reusable software components. IEEE TSE 17(5): 424–435Google Scholar
  22. HSK08.
    Harton HK, Sitaraman M, Krone J (2008) Formal program verification. In: Wah B (eds) Wiley Encyclopedia of Computer Science and Engineering.. Wiley, LondonGoogle Scholar
  23. Hey95.
    Heym W (1995) Computer program verification: improvements for human reasoning. Ph.D. thesis, The Ohio State UniversityGoogle Scholar
  24. Hoa72.
    Hoare CAR (1972) Proof of correctness of data representations. Acta Inform 1: 271–281zbMATHCrossRefGoogle Scholar
  25. Hoa03.
    Hoare CAR (2003) The verifying compiler: a grand challenge for computing research. JACM 50: 63–69CrossRefGoogle Scholar
  26. HML07.
    Hoare CAR, Misra J, Leavens GT, Shankar N (2007) The verified software initiative: a manifesto, Accessed December 2008
  27. HBW00.
    Hollingsworth JE, Blankenship L, Weide BW (2000) Experience report: using RESOLVE/C++ for commercial software. In: Schneir B (ed) Proc. FSE. ACM, pp 11–19Google Scholar
  28. Jac06.
    Jackson D (2006) Software abstractions: logic, language, and analysis. MIT Press, CambridgeGoogle Scholar
  29. Jon03.
    Jones CB (2003) The early search for tractable ways of reasoning about programs. IEEE Ann Hist Comput 25(2): 26–49MathSciNetCrossRefGoogle Scholar
  30. KCJ08.
    Karabotsos G, Chalin P, James PR, Giannas L (2008) Total correctness of recursive functions using JML4 FSPV. In: Proc. SAVCBS, pp 19–27.
  31. Kin70.
    King JC (1970) A Program Verifier. Ph.D. dissertation, Carnegie Tech, 261 ppGoogle Scholar
  32. KHS08.
    Kirschenbaum J, Harton HK, Sitaraman M (2008) A case study in automated verification. In: Shankar N (ed) Proc. CAV AFM WorkshopGoogle Scholar
  33. KAB09.
    Kirschenbaum J, Adcock B, Bronish D, Smith H, Harton H, Sitaraman M, Weide BW (2009) Verifying component-based software: deep mathematics or simple bookkeeping? In: Edwards SH, Kulczycki G (eds) Proc. ICSR 11, LNCS 5791. Springer, pp 31–40Google Scholar
  34. Kro88.
    Krone J (1988) The role of verification in software reusability. Ph.D. Thesis, The Ohio State UniversityGoogle Scholar
  35. KSY08.
    Kulczycki G, Sitaraman M, Yasmin N, Roche K (2008) Formal specification. In: Wah B (eds) Wiley Encyclopedia of Computer Science and Engineering.. Wiley, LondonGoogle Scholar
  36. Kul04.
    Kulczycki G (2004) Direct reasoning, Ph.D. Dissertation, Clemson UniversityGoogle Scholar
  37. KSW06.
    Kulczycki G, Sitaraman M, Weide BW, Rountev A (2006) A specification-based approach to reasoning about pointers. ACM SIGSOFT Softw Eng Notes 31: 55–62CrossRefGoogle Scholar
  38. LBR06.
    Leavens GT, Baker AL, Ruby C (2006) Preliminary design of JML: a behavioral interface specification language for Java. ACM Softw Eng Notes 31: 1–38CrossRefGoogle Scholar
  39. LAB06.
    Leavens GT, Abrial J-R, Batory D, Butler M, Coglio A, Fisler K, Hehner E, Jones C, Miller D, Peyton-Jones S, Sitaraman M, Smith DR, Stump A (2006) Roadmap for enhanced languages and methods to aid verification. In: Proc. GPCE 5. ACM Press, New York, pp 221–236Google Scholar
  40. LLM08.
    Leavens GT, Leino KRM, Müller P (2008) Specification and verification challenges for sequential object-oriented programs. Formal Aspects Comput 19(2): 159–189CrossRefGoogle Scholar
  41. LPP05.
    Leinenbach D, Paul W, Petrova E (2005) Towards the formal verification of a C0 compiler: code generation and implementation correctness. SEFM 3: 2–11Google Scholar
  42. LMW08.
    Leino KRM, Müller P, Wallenburg A (2008) Flexible immutability with frozen objects. In: Shankar N (ed) Proc. VSTTE 2008, LNCS 5295. Springer, New York, pp 192–208Google Scholar
  43. LeM08.
    Leino KRM, Müller P (2008) Using the Spec# language, methodology, and tools to write bug-free programs. LASER 2007/2008 Lecture Notes, Springer, New YorkGoogle Scholar
  44. Lei10.
    Leino KRM (2010) Dafny: An automated program verifier for functional correctness. In: Proc. LPAR 16 (in press)Google Scholar
  45. Mey92.
    Meyer B (1992) Applying design by contract. Computer 25: 40–51CrossRefGoogle Scholar
  46. MuP00.
    Müller P, Poetzsch-Heffter A (2000) Modular specification and verification techniques for object-oriented software components. In: Leavens GT, Sitaraman M (eds) Foundations of component-based systems.. Cambridge University Press, LondonGoogle Scholar
  47. NPW02.
    Nipkow T, Paulson LC, Wenzel M (2002) Isabelle/HOL: a proof assistant for higher-order logic. LNCS 2283. Springer, New YorkGoogle Scholar
  48. ORR96.
    Owre S, Rajan SP, Rushby JM, Shankar N, Srivas M (1996) PVS: combining specification, proof checking, and model checking. In: Alur R, Henzinger TA (eds) Proc. CAV, LNCS 1102. Springer, Berlin, pp 411–414Google Scholar
  49. RiV02.
    Riazanov A, Voronkov A (2002) The design and implementation of VAMPIRE.. AI Commun 15: 91–110zbMATHGoogle Scholar
  50. Sch04.
    Schulz S (2004) System abstract: E 0.81. In: Proc. 2nd IJCAR. LNAI 3097. Springer, Berlin, pp 223–228Google Scholar
  51. SiW94.
    Sitaraman M, Weide BW (1994) Component-based software using RESOLVE. ACM SIGSOFT Softw Eng Notes 19: 21–67CrossRefGoogle Scholar
  52. SWO97.
    Sitaraman M, Weide BW, Ogden WF (1997) On the practical need for abstraction relations to verify abstract data type representations. IEEE TSE 23(3): 157–170Google Scholar
  53. SAK00.
    Sitaraman M, Atkinson S, Kulczycki G, Weide B, Long T, Bucci P, Pike S, Heym W, Hollingsworth J (2000) Reasoning about software-component behavior. In: Proc. ICSR 6, LCNS 1844. Springer, Berlin, pp 266–283Google Scholar
  54. SRS08.
    Smith H, Roche K, Sitaraman M, Krone J, Ogden WF (2008) Integrating math units and proof checking for specification and verification. In: Proc. SAVCBS, pp 59–66.
  55. SHF09.
    Smith H, Harton H, Frazier D, Mohan R, Sitaraman M (2009) Generating verified Java components through RESOLVE. In: Edwards SH, Kulczycki G (eds) Proc. ICSR 11, LNCS 5791. Springer, Berlin, pp 11–20Google Scholar
  56. WSH08.
    Weide BW, Sitaraman M, Harton HK , Adcock B, Bucci P, Bronish D, Heym WD, Kirschenbaum J, Frazier D (2008) Incremental benchmarks for software verification tools and techniques. In: Shankar N (ed) Proc. VSTTE 2008, LNCS 5295. Springer, Berlin, pp 84–98Google Scholar
  57. WeH01.
    Weide BW, Heym W (2001) Specification and verification with references. In: Proc. SAVCBS, pp 50–59Google Scholar
  58. WEH94.
    Weide BW, Edwards SH, Harms DE, Lamb DA (1994) Design and specification of iterators using the swapping paradigm. IEEE TSE 20(8): 631–643Google Scholar
  59. Win90.
    Wing JM (1990) A specifier’s introduction to formal methods. IEEE Comput 23(9): 8–24Google Scholar
  60. ZKR08.
    Zee K, Kuncak V, Rinard M C (2008) Full functional verification of linked data structures. In: Proc. PLDI. ACM Press, New York, pp 349–361Google Scholar
  61. ZKR09.
    Zee K, Kuncak V, Rinard MC (2009) An integrated proof language for imperative programs. In: Proc. PLDI. ACM Press, New York, pp 338–351Google Scholar

Copyright information

© British Computer Society 2010

Authors and Affiliations

  • Murali Sitaraman
    • 1
  • Bruce Adcock
    • 2
  • Jeremy Avigad
    • 3
  • Derek Bronish
    • 2
  • Paolo Bucci
    • 2
  • David Frazier
    • 1
  • Harvey M. Friedman
    • 2
    • 4
  • Heather Harton
    • 1
  • Wayne Heym
    • 2
  • Jason Kirschenbaum
    • 2
  • Joan Krone
    • 5
  • Hampton Smith
    • 1
  • Bruce W. Weide
    • 2
  1. 1.School of ComputingClemson UniversityClemsonUSA
  2. 2.Department of Computer Science and EngineeringThe Ohio State UniversityColumbusUSA
  3. 3.Department of PhilosophyCarnegie Mellon UniversityPittsburghUSA
  4. 4.Department of MathematicsThe Ohio State UniversityColumbusUSA
  5. 5.Department of Mathematics and Computer ScienceDenison UniversityGranvilleUSA

Personalised recommendations