Verification Condition Generation Via Theorem Proving

  • John Matthews
  • J. Strother Moore
  • Sandip Ray
  • Daron Vroon
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4246)


We present a method to convert (i) an operational semantics for a given machine language, and (ii) an off-the-shelf theorem prover, into a high assurance verification condition generator (VCG). Given a program annotated with assertions at cutpoints, we show how to use the theorem prover directly on the operational semantics to generate verification conditions analogous to those produced by a custom-built VCG. Thus no separate VCG is necessary, and the theorem prover can be employed both to generate and to discharge the verification conditions. The method handles both partial and total correctness. It is also compositional in that the correctness of a subroutine needs to be proved once, rather than at each call site. The method has been used to verify several machine-level programs using the ACL2 theorem prover.


Theorem Prover Operational Semantic Block Cipher High Order Logic Total Correctness 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Boyer, R.S., Moore, J.S.: Mechanized Formal Reasoning about Programs and Computing Machines. In: Veroff, R. (ed.) Automated Reasoning and Its Applications: Essays in Honor of Larry Wos, pp. 141–176. MIT Press, Cambridge (1996)Google Scholar
  2. 2.
    Moore, J.S.: Proving Theorems about Java and the JVM with ACL2. In: Broy, M., Pizka, M. (eds.) Models, Algebras, and Logic of Engineering Software, pp. 227–290. IOS Press, Amsterdam (2003)Google Scholar
  3. 3.
    Floyd, R.: Assigning Meanings to Programs. In: Mathematical Aspects of Computer Science, Proceedings of Symposia in Applied Mathematcs, Providence, Rhode Island, vol. XIX, pp. 19–32. American Mathematical Society (1967)Google Scholar
  4. 4.
    Hoare, C.A.R.: An Axiomatic Basis for Computer Programming. Communications of the ACM 12, 576–583 (1969)MATHCrossRefGoogle Scholar
  5. 5.
    Ray, S., Moore, J.S.: Proof Styles in Operational Semantics. In: Hu, A.J., Martin, A.K. (eds.) FMCAD 2004. LNCS, vol. 3312, pp. 67–81. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Manna, Z.: The Correctness of Programs. JCSS 3, 119–127 (1969)MathSciNetGoogle Scholar
  7. 7.
    von Oheimb, D., Nipkow, T.: Machine-checking the java specification: Proving type-safety. In: Alves-Foss, J. (ed.) Formal Syntax and Semantics of Java. LNCS, vol. 1523, pp. 119–156. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  8. 8.
    Greve, D., Wilding, M., Hardin, D.: High-Speed, Analyzable Simulators. In: Kaufmann, M., Manolios, P., Moore, J.S. (eds.) Computer-Aided Reasoning: ACL2 Case Studies, pp. 89–106. Kluwer Academic Publishers, Dordrecht (2000)Google Scholar
  9. 9.
    Shankar, N.: Machine-Assisted Verification Using Theorem Proving and Model Checking. In: Broy, M., Schieder, B. (eds.) Mathematical Methods in Program Development. NATO ASI Series F: Computer and Systems Science, vol. 158, pp. 499–528. Springer, Heidelberg (1997)Google Scholar
  10. 10.
    Colby, C., Lee, P., Necula, G.C., Blau, F., Plesko, M., Cline, K.: A Certifying Compiler for Java. In: ACM SIGPLAN 2000 conference on Programming language design and implementation, pp. 95–107 (2000)Google Scholar
  11. 11.
    Kaufmann, M., Manolios, P., Moore, J.S.: Computer-Aided Reasoning: An Approach. Kluwer Academic Publishers, Dordrecht (2000)Google Scholar
  12. 12.
    Nipkow, T., Paulson, L., Wenzel, M.: Isabelle/HOL. LNCS, vol. 2283. Springer, Heidelberg (2002)Google Scholar
  13. 13.
    Manolios, P., Moore, J.S.: Partial Functions in ACL2. Journal of Automated Reasoning 31, 107–127 (2003)MATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Boyer, R.S., Goldshlag, D., Kaufmann, M., Moore, J.S.: Functional Instantiation in First Order Logic. In: Lifschitz, V. (ed.) Artificial Intelligence and Mathematical Theory of Computation: Papers in Honor of John McCarthy, pp. 7–26. Academic Press, London (1991)Google Scholar
  15. 15.
    Moore, J.S.: Inductive Assertions and Operational Semantics. In: Geist, D., Tronci, E. (eds.) CHARME 2003. LNCS, vol. 2860, pp. 289–303. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Slind, K., Hurd, J.: Applications of polytypism in theorem proving. In: Basin, D., Wolff, B. (eds.) TestCom 2004. LNCS, vol. 2978, pp. 103–119. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Toma, D., Borrione, D.: Formal verification of a SHA-1 circuit core using ACL2. In: Hurd, J., Melham, T. (eds.) TPHOLs 2005. LNCS, vol. 3603, pp. 326–341. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    Schneier, B.: Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd edn. John Wiley, Chichester (1995)Google Scholar
  19. 19.
    McCarthy, J.: Towards a Mathematical Science of Computation. In: Proceedings of the Information Processing Congress, vol. 62, pp. 21–28. North-Holland, Amsterdam (1962)Google Scholar
  20. 20.
    Yu, Y.: Automated Proofs of Object Code for a Widely Used Microprocessor. PhD thesis, University of Texas at Austin (1992)Google Scholar
  21. 21.
    Strecker, M.: Formal Verification of a Java Compiler in Isabelle. In: Voronkov, A. (ed.) CADE 2002. LNCS, vol. 2392, pp. 63–77. Springer, Heidelberg (2002)Google Scholar
  22. 22.
    Hamon, G., Rushby, J.: An Operational Semantics for Stateflow. In: Wermelinger, M., Margaria-Steffen, T. (eds.) FASE 2004. LNCS, vol. 2984, pp. 229–243. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  23. 23.
    Goldstein, H.H., von Neumann, J.: Planning and Coding Problems for an Electronic Computing Instrument. In: von Neumann, J. (ed.) Collected Works, vol. V, Pergamon Press, Oxford (1961)Google Scholar
  24. 24.
    Turing, A.M.: Checking a Large Routine. In: Report of a Conference on High Speed Automatic Calculating Machine, University Mathematical Laboratory, Cambridge, England, pp. 67–69 (1949)Google Scholar
  25. 25.
    Dijkstra, E.W.: Guarded Commands, Non-determinacy and a Calculus for Derivation of Programs. Communications of the ACM 18, 453–457 (1975)MATHCrossRefMathSciNetGoogle Scholar
  26. 26.
    King, J.C.: A Program Verifier. PhD thesis, Carnegie-Melon University (1969)Google Scholar
  27. 27.
    Detlefs, D.L., Leino, K.R.M., Nelson, G., Saxe, J.B.: Extended Static Checking for Java. Technical Report 159, Compaq Systems Research Center (1998)Google Scholar
  28. 28.
    King, S., Hammond, J., Chapman, R., Pryor, A.: Is Proof More Cost-Effective Than Testing? IEEE Transactions on Software Engineering 26, 675–686 (2000)CrossRefGoogle Scholar
  29. 29.
    Flanagan, C., Saxe, J.B.: Avoiding Exponential Explosion: Generating Compact Verification Conditions. In: Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of Programming Languages, pp. 193–205 (2001)Google Scholar
  30. 30.
    Leino, K.R.M.: Efficient weakest preconditions. Inf. Process. Lett. 93, 281–288 (2005)MATHCrossRefMathSciNetGoogle Scholar
  31. 31.
    Homeier, P., Martin, D.: A Mechanically Verified Verification Condition Generator. The Computer Journal 38, 131–141 (1995)CrossRefGoogle Scholar
  32. 32.
    Gloess, P.Y.: Imperative Program Verification in PVS. Technical report, École Nationale Supérieure Électronique, Informatique et Radiocommunications de bordeaux (1999)Google Scholar
  33. 33.
    Schirmer, N.: A verification environment for sequential imperative programs in isabelle/HOL. In: Baader, F., Voronkov, A. (eds.) LPAR 2004. LNCS, vol. 3452, pp. 398–414. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  34. 34.
    Norrish, M.: C Formalised in HOL. PhD thesis, University of Cambridge (1998)Google Scholar
  35. 35.
    Mehta, F., Nipkow, T.: Proving Pointer Programs in Higher-Order Logic. In: Baader, F. (ed.) CADE 2003. LNCS, vol. 2741, pp. 121–135. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  36. 36.
    Ortner, V., Schirmer, N.: Verification of BDD normalization. In: Hurd, J., Melham, T. (eds.) TPHOLs 2005. LNCS, vol. 3603, pp. 261–277. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  37. 37.
    Matthews, J., Vroon, D.: Partial Clock Functions in ACL2. In: Kaufmann, M., Moore, J.S. (eds.) 5th ACL2 Workshop (2004)Google Scholar
  38. 38.
    Necula, G.C.: Proof-Carrying Code. In: POPL 1997, pp. 106–119 (1997)Google Scholar
  39. 39.
    Appel, A.W.: Foundational Proof-Carrying Code. In: LICS 2001, pp. 247–258 (2001)Google Scholar
  40. 40.
    Greve, D., Richards, R., Wilding, M.: A Summary of Intrinsic Partitioning Verification. In: Kaufmann, M., Moore, J.S. (eds.) 5th ACL2 Workshop (2004)Google Scholar
  41. 41.
    Hardin, D., Smith, E.W., Young, W.D.: A Robust Machine Code Proof Framework for Highly Secure Applications. In: Manolios, P., Wilding, M. (eds.) 6th ACL2 Workshop (2006)Google Scholar
  42. 42.
    Hunt Jr., W.A., Kaufmann, M., Krug, R.B., Moore, J.S., Smith, E.W.: Meta Reasoning in ACL2. In: Hurd, J., Melham, T. (eds.) TPHOLs 2005. LNCS, vol. 3603, pp. 163–178. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  43. 43.
    Pike, L., Shields, M., Matthews, J.: A Verifying Core for a Cryptographic Language Compiler. In: Manolios, P., Wilding, M. (eds.) 6th ACL2 Workshop (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • John Matthews
    • 1
  • J. Strother Moore
    • 2
  • Sandip Ray
    • 2
  • Daron Vroon
    • 3
  1. 1.Galois Connections Inc.Beaverton
  2. 2.Dept. of Computer SciencesUniversity of Texas at AustinAustin
  3. 3.College of ComputingGeorgia Institute of TechnologyAtlanta

Personalised recommendations