Operational Semantics and Assertional Reasoning

  • Sandip Ray


We present a method to convert (a) an operational semantics for a given machine language, and (b) an off-the-shelf theorem prover, into a high assurance verification condition generator (VCG). Given a program annotated with assertions at cutpoints, we show how to use the theorem prover directly on the operational semantics to generate verification conditions analogous to those produced by a custom-built VCG. Thus, no separate VCG is necessary, and the theorem prover can be employed both to generate and to discharge the verification conditions. The method handles both partial and total correctness. It is also compositional in that the correctness of a subroutine needs to be proved once, rather than at each call site.


Theorem Prover Ranking Function Operational Semantic Block Cipher Recursive Call 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 4.
    A. W. Appel. Foundational Proof-Carrying Code. InProceedings of the 16th IEEE International Symposium on Logic in Computer Science (LICS 2001), pages 247–258, Washington, DC, 2001. IEEE Computer Society Press.Google Scholar
  2. 11.
    T. Ball and S. K. Rajamani. Automatically Validating Temporal Safety Properties of Interfaces. In M. B. Dwyer, editor,Proceedings of the 8th International SPIN Workshop on Model Checking of Software, volume 2057 ofLNCS, pages 103–122, Toronta, ON, 2001. Springer-Verlag.Google Scholar
  3. 19.
    R. S. Boyer, D. Goldshlag, M. Kaufmann, and J. S. Moore. Functional Instantiation in First Order Logic. In V. Lifschitz, editor,Artificial Intelligence and Mathematical Theory of Computation: Papers in Honor of John McCarthy, pages 7–26. Academic Press, 1991.Google Scholar
  4. 58.
    C. Colby, P. Lee, G. C. Necula, F. Blau, M. Plesko, and K. Cline. A Certifying Compiler for Java. InACM SIGPLAN 2000 Conference on Programming Language Design and Implementation (PLDI 2000), pages 95–107. ACM Press, 2000.Google Scholar
  5. 66.
    D. L. Detlefs, K. R. M. Leino, G. Nelson, and J. B. Saxe. Extended Static Checking for Java. Technical Report 159, Compaq Systems Research Center, December 1998.Google Scholar
  6. 67.
    E. W. Dijkstra. Guarded Commands, Non-determinacy and a Calculus for Derivation of Programs.Language Hierarchies and Interfaces, pages 111–124, 1975.Google Scholar
  7. 75.
    C. Flanagan and J. B. Saxe. Avoiding Exponential Explosion: Generating Compact Verification Conditions. InProceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of Programming Languages (POPL 2001), pages 193–205, London, UK, 2001. ACM Press.Google Scholar
  8. 77.
    R. Floyd. Assigning Meanings to Programs. InMathematical Aspects of Computer Science, Proceedings of Symposia in Applied Mathematcs, volume XIX, pages 19–32, Providence, Rhode Island, 1967. American Mathematical Society.Google Scholar
  9. 80.
    P. Y. Gloess. Imperative Program Verification in PVS. Technical Report, École Nationale Supérieure Électronique, Informatique et Radiocommunications de bordeaux, 1999. See URL Scholar
  10. 84.
    H. H. Goldstein and J. von Neumann. Planning and Coding Problems for an Electronic Computing Instrument. InJohn von Neumann, Collected Works, Volume V. Pergamon Press, Oxford, 1961.Google Scholar
  11. 91.
    D. Greve, M. Wilding, and D. Hardin. High-Speed, Analyzable Simulators. In M. Kaufmann, P. Manolios, and J. S. Moore, editors,Computer-Aided Reasoning: ACL2 Case Studies, pages 89–106, Boston, MA, June 2000. Kluwer Academic Publishers.Google Scholar
  12. 97.
    D. Hardin, E. W. Smith, and W. D. Young. A Robust Machine Code Proof Framework for Highly Secure Applications. In P. Manolios and M. Wilding, editors,Proceedings of the 6th International Workshop on the ACL2 Theorem Prover and Its Applications (ACL2 2006), pages 11–20, Seattle, WA, July 2006. ACM.Google Scholar
  13. 103.
    C. A. R. Hoare. An Axiomatic Basis for Computer Programming.Communications of the ACM, 12(10):576–583, 1969.MATHCrossRefGoogle Scholar
  14. 106.
    P. Homeier and D. Martin. A Mechanically Verified Verification Condition Generator.The Computer Journal, 38(2):131–141, July 1995.CrossRefGoogle Scholar
  15. 134.
    J. C. King.A Program Verifier. PhD thesis, Carnegie-Melon University, 1969.Google Scholar
  16. 153.
    P. Manolios and J. S. Moore. Partial Functions in ACL2.Journal of Automated Reasoning, 31(2):107–127, 2003.MathSciNetMATHCrossRefGoogle Scholar
  17. 159.
    J. Matthews, J. S. Moore, S. Ray, and D. Vroon. Verification Condition Generation via Theorem Proving. In M. Hermann and A. Voronkov, editors,Proceedings of the 13th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning (LPAR 2006), volume 4246 ofLNCS, pages 362–376, Phnom Penh, Cambodia, November 2006. Springer.Google Scholar
  18. 160.
    J. Matthews and D. Vroon. Partial Clock Functions in ACL2. In M. Kaufmann and J. S. Moore, editors,5th International Workshop on the ACL2 Theorem Prover and Its Applications (ACL2 2004), Austin, TX, November 2004.Google Scholar
  19. 168.
    F. Mehta and T. Nipkow. Proving Pointer Programs in Higher Order Logic. In F. Baader, editor,Proceedings of the 19th International Conference on Automated Deduction (CADE 2003), volume 2741 ofLNAI, pages 121–135, Miami, FL, 2003. Springer-Verlag.Google Scholar
  20. 177.
    J. S. Moore. Inductive Assertions and Operational Semantics. In D. Geist, editor,Proceedings of the 12th International Conference on Correct Hardware Design and Verification Methods, volume 2860 ofLNCS, pages 289–303, L‘Aquila, Italy, October 2003. Springer-Verlag.Google Scholar
  21. 178.
    J. S. Moore. Proving Theorems About Java and the JVM with ACL2. In M. Broy and M. Pizka, editors,Models, Algebras, and Logic of Engineering Software, pages 227–290. IOS Press, 2003.Google Scholar
  22. 185.
    G. Necula.Compiling with Proofs. PhD thesis, Carnegie-Melon University, September 1998.Google Scholar
  23. 186.
    G. C. Necula. Proof-Carrying Code. InProceedings of the 24th ACM SIGPLAN SIGACT Conference on Principles of Programming Languages (POPL 1997), pages 106–119, Paris, France, 1997. ACM Press.Google Scholar
  24. 190.
    M. Norrish.C Formalised in HOL. PhD thesis, University of Cambridge, 1998.Google Scholar
  25. 232.
    B. Schneier.Applied Cryptography (2nd ed.): Protocols, Algorithms, and Source Code in C. John Wiley & Sons, Inc., 1995.Google Scholar
  26. 238.
    K. Slind and J. Hurd. Applications of Polytypism in Theorem Proving. In D. Basin and B. Wolff, editors,Proceedings of the 16th International Conference on Theorem Proving in Higher Order Logics (TPHOLs 2003), volume 2978 ofLNCS, pages 103–119, Rom, Italy, 2003. Springer-Verlag.CrossRefGoogle Scholar
  27. 249.
    D. Toma and D. Borrione. Formal verification of a SHA-1 Circuit Core Using ACL2. In J. Hurd and T. Melham, editors,Proceedings of the 18th International Conference on Theorem Proving in Higher-Order Logics (TPHOLS 2005), volume 3603 ofLNCS, pages 326–341, Oxford, UK, 2005. Springer-Verlag.CrossRefGoogle Scholar
  28. 251.
    A. M. Turing. Checking a Large Routine. InReport of a Conference on High Speed Automatic Calculating Machine, pages 67–69, University Mathematical Laboratory, Cambridge, England, June 1949.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  1. 1.Department of Computer SciencesUniversity of Texas, AustinAustinUSA

Personalised recommendations