Formalization and Verification of a Mail Server in Coq

  • Reynald Affeldt
  • Naoki Kobayashi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2609)


This paper reports on the formalization and verification of a mail server (SMTP server) in Coq. The correctness of a mail server is very important: bugs of the mail server may be abused for eavesdropping mail contents, spreading virus, sending spam messages, etc. We have verified a part of a mail server written in Java, by manually translating the Java program into a Coq function as faithfully as possible, and verifying properties of the Coq function. The results of this experiment indicate the feasibility and usefulness of verification of middle-sized system softwares in this style. The verification has been carried out in a few months, and a few bugs in the mail server have been indeed found during the verification process.


Model Check Theorem Prover High Order Logic Exception Handling Inductive Type 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    D. Bernstein and various contributors. The qmail home page.
  2. 2.
    Y. Bertot. A certified compiler for an imperative language. Technical Report RR-3488, INRIA, Sep. 1998.Google Scholar
  3. 3.
    P. E. Black. Axiomatic Semantics Verification of a Secure Web Server. PhD thesis, Department of Computer Science, Brigham Young University, Feb. 1998.Google Scholar
  4. 4.
    P. E. Black and P. J. Windley. Inference rules for programming languages with side effects in expressions. In J. von Wright, J. Grundy, and J. Harrison, editors, Theorem Proving in Higher Order Logics, volume 1125 of Lecture Notes in Computer Science, pages 51–60. Springer-Verlag, August 1996.Google Scholar
  5. 5.
    E. M. Clarke, O. Grumberg, and D. E. Long. Model checking and abstraction. ACM ransactions on Programming Languages and Systems, 16(5):1512–1542, September 1994.CrossRefGoogle Scholar
  6. 6.
    E. M. Clarke and J. M. Wing. Formal methods: state of the art and future directions. ACM Computing Surveys, 28(4):626–643, 1996.CrossRefGoogle Scholar
  7. 7.
    F. B. Cohen. Why is thttpd secure? Available at
  8. 8.
    T. N. Dieter Nazareth. Formal verification of algorithm W: The monomorphic case. In J. von Wright, J. Grundy, and J. Harrison, editors, Theorem Proving in Higher Order Logics, volume 1125 of Lecture Notes in Computer Science, pages 331–345. Springer-Verlag, Aug. 1996.Google Scholar
  9. 9.
    B. Dutertre and S. Schneider. Using a PVS embedding of CSP to verify authentication protocols. In A. F. Elsa L. Gunter, editor, Theorem Proving in Higher Order Logics, volume 1275 of Lecture Notes in Computer Science, pages 121–136. Springer-Verlag, Aug. 1997.CrossRefGoogle Scholar
  10. 10.
    J.-C. Filliâtre. Preuve de programmes impératifs en théorie des types. PhD thesis, Université Paris-Sud, Jul. 1999. Available at
  11. 11.
    B. C. Pierce and J. Vouillon. Specifying a file synchronizer (full version). Draft, Mar. 2002.Google Scholar
  12. 12.
    J. B. Postel. Rfc 821: Simple mail transfer protocol. Available at, Aug. 1982.
  13. 13.
    E. Shibayama, S. Hagihara, N. Kobayashi, S. Nishizaki, K. Taura, and T. Watanabe. AnZenMail: A secure and certified e-mail system. In M. Okada, B. Pierce, A. Scedrov, H. Tokuda, and A. Yonezawa, editors, Proceedings of International Symposium on Software Security, Keio University, Tokyo, Japan (Nov. 2002), Lecture Notes in Computer Science. Springer-Verlag, Feb. 2003.Google Scholar
  14. 14.
    The Coq Development Team. The Coq proof assistant reference manual. Available at, 2002.
  15. 15.
    P. Wadler. Monads for functional programming. In M. Broy, editor, Marktoberdorf Summer School on Program Design Calculi, volume 118 of NATO ASI Series F: Computer and systems sciences. Springer-Verlag, Aug. 1992. Also in J. Jeuring and E. Meijer, editors, Advanced Functional Programming, Springer Verlag, LNCS 925, 1995. Some errata fixed August 2001.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Reynald Affeldt
    • 1
  • Naoki Kobayashi
    • 2
  1. 1.Department of Computer ScienceUniversity of TokyoJapan
  2. 2.Department of Computer ScienceTokyo Institute of TechnologyJapan

Personalised recommendations