Foundational program verification in Coq with automated proofs

Abstract

Most people who know of the proof assistant Coq associate it with long, manual proofs via tactic scripts. In contrast, classical verification tools, based on automated theorem-provers for first-order logic, are well established as supporting program verification without any manual proof steps. However, there is a price to pay: program verifiers are large, complex bodies of code, and believing their outputs requires believing in much more than the correct implementation of Coq's proof-checking kernel. In this tutorial, I will demonstrate how to use the Bedrock Coq library to get the best of both worlds. Our focus will be on the kinds of programs with the most tedious detail and the most opportunity to benefit from automation: namely, those written in assembly language. I will show how to build automated correctness proofs of simple imperative data structures, while dealing with first-class code pointers and producing Coq proof terms for theorems whose statements depend on little beyond operational semantics of machine code.