A machine-checked soundness proof for an efficient verification condition generator

摘要

Verification conditions (VCs) are logical formulae whose validity implies the correctness of a program with respect to a specification. The technique of checking software properties by specifying them in a program logic, then generating VCs, and finally feeding these VCs to a theorem prover, is several decades old. It is the underlying technology for state-of-the-art program verifiers such as the Spec' programming system, or ESC/Java. The classic way of computing VCs is by means of Dijkstra's weakest precondition calculus. However, modern verification condition generators (Vcgens), including Spec' and ESC/Java's Vcgens, are based on an optimized version of this algorithm, that avoids an exponential growth of the VCs in the length of the program to be verified. For this optimized Vcgen algorithm, only informal soundness arguments are available. The main contribution of this paper is a fully formal, machine-checked proof of the soundness of such an efficient Vcgen algorithm.