To Goto Where No Statement Has Gone Before

  • Mike Barnett
  • K. Rustan M. Leino
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6217)


This paper presents a method for deriving an expression from the low-level code compiled from an expression in a high-level language. The input is the low-level code represented as blocks of code connected by goto statements, i.e., a control flow graph (CFG). The derived expression is in a form that can be used as input to an automatic theorem prover. The method is useful for program verification systems that take as input both programs and specifications after they have been compiled from a high-level language. This is the case for systems that encode specifications in an existing programming language and do not have a special compiler. The method always produces an expression, unlike the heuristics for decompilation which may fail. It is efficient: the resulting expression is linear in the size of the CFG by maintaining all sharing of subgraphs.


Theorem Prover Boolean Expression Code Expression Control Flow Graph Automatic Theorem Prover 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Barnett, M., Chang, B.-Y.E., DeLine, R., Jacobs, B., Leino, K.R.M.: Boogie: A modular reusable verifier for object-oriented programs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2005. LNCS, vol. 4111, pp. 364–387. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  2. 2.
    Barnett, M., Fähndrich, M., Logozzo, F.: Embedded contract languages. In: ACM SAC - OOPS, March 2010. ACM, New York (2010)Google Scholar
  3. 3.
    Barnett, M., Leino, K.R.M.: Weakest-precondition of unstructured programs. In: PASTE 2005: The 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, pp. 82–87. ACM Press, New York (2005)CrossRefGoogle Scholar
  4. 4.
    Barnett, M., Leino, K.R.M., Schulte, W.: The Spec# programming system: An overview. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 49–69. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Charguéraud, A.: Program verification through characteristic formulae. In: ACM SIGPLAN International Conference on Functional Programming (to appear, 2010)Google Scholar
  6. 6.
    Chatterjee, S., Lahiri, S.K., Qadeer, S., Rakamarić, Z.: A reachability predicate for analyzing low-level software. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 19–33. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Cifuentes, C., John Gough, K.: Decompilation of binary programs. Software — Practice and Experience 25(7), 811–829 (1995)CrossRefGoogle Scholar
  8. 8.
    de Moura, L., Bjørner, N.: Z3: An efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Detlefs, D., Nelson, G., Saxe, J.B.: Simplify: a theorem prover for program checking. Journal of the ACM 52(3), 365–473 (2005)CrossRefMathSciNetGoogle Scholar
  10. 10.
    Dijkstra, E.W.: A Discipline of Programming. Prentice Hall, Englewood Cliffs (1976)zbMATHGoogle Scholar
  11. 11.
    Filliâtre, J.-C., Marché, C.: The Why/Krakatoa/Caduceus platform for deductive program verification. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 173–177. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Flanagan, C., Saxe, J.B.: Avoiding exponential explosion: Generating compact verification conditions. In: Conference Record of the 28th Annual ACM Symposium on Principles of Programming Languages, January 2001, pp. 193–205. ACM, New York (2001)Google Scholar
  13. 13.
    Leavens, G.T., Baker, A.L., Ruby, C.: JML: A notation for detailed design. In: Kilov, H., Rumpe, B., Simmonds, I. (eds.) Behavioral Specifications of Businesses and Systems, pp. 175–188. Kluwer Academic Publishers, Dordrecht (1999)Google Scholar
  14. 14.
    Rustan, K., Leino, M.: This is Boogie 2. Manuscript KRML 178 (2008),
  15. 15.
    Leino, K.R.M.: Specification and verification of object-oriented software. In: Broy, M., Sitou, W., Hoare, T. (eds.) Engineering Methods and Tools for Software Safety and Security. NATO Science for Peace and Security Series D: Information and Communication Security, vol. 22, pp. 231–266. IOS Press, Amsterdam (2009) (Summer School Marktoberdorf 2008 lecture notes)Google Scholar
  16. 16.
    Leino, K.R.M., Rümmer, P.: A polymorphic intermediate verification language: Design and logical encoding. In: Esparza, J., Majumdar, R. (eds.) TACAS 2010. LNCS, vol. 6015, pp. 312–327. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  17. 17.
    Meyer, B.: Object-oriented Software Construction. Series in Computer Science. Prentice-Hall International, New York (1988)Google Scholar
  18. 18.
    Myreen, M.O., Gordon, M.J.C., Slind, K.: Machine-code verification for multiple architectures - an application of decompilation into logic. In: FMCAD, pp. 1–8 (2008)Google Scholar
  19. 19.
    Nelson, G.: A generalization of Dijkstra’s calculus. ACM Transactions on Programming Languages and Systems 11(4), 517–561 (1989)CrossRefGoogle Scholar
  20. 20.
    Ranise, S., Tinelli, C.: The SMT-LIB Standard: Version 1.2. Technical report, Department of Computer Science, The University of Iowa (2006),

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Mike Barnett
    • 1
  • K. Rustan M. Leino
    • 1
  1. 1.Microsoft ResearchRedmondUSA

Personalised recommendations