Formally Validating a Practical Verification Condition Generator (extended version)

TL;DR

This paper introduces a method to validate the correctness of verification results produced by the Boogie verifier through certificates, addressing the challenge of verifying complex verifier implementations.

Contribution

It presents a novel approach to certify key transformation phases of Boogie, enhancing trustworthiness without fully verifying the verifier's implementation.

Findings

Certificates successfully verify core Boogie transformations.

Implementation in Isabelle formalizes and automates validation.

Addresses trust issues in complex program verifiers.

Abstract

A program verifier produces reliable results only if both the logic used to justify the program's correctness is sound, and the implementation of the program verifier is itself correct. Whereas it is common to formally prove soundness of the logic, the implementation of a verifier typically remains unverified. Bugs in verifier implementations may compromise the trustworthiness of successful verification results. Since program verifiers used in practice are complex, evolving software systems, it is generally not feasible to formally verify their implementation. In this paper, we present an alternative approach: we validate successful runs of the widely-used Boogie verifier by producing a certificate which proves correctness of the obtained verification result. Boogie performs a complex series of program translations before ultimately generating a verification condition whose validity should imply the correctness of the input program. We show how to certify three of Boogie's core transformation phases: the elimination of cyclic control flow paths, the (SSA-like) replacement of assignments by assumptions using fresh variables (passification), and the final generation of verification conditions. Similar translations are employed by other verifiers. Our implementation produces certificates in Isabelle, based on a novel formalisation of the Boogie language.