{"id":28837344,"url":"https://github.com/viperproject/boogie-proofgen","last_synced_at":"2026-02-13T13:44:53.320Z","repository":{"id":43319477,"uuid":"343892466","full_name":"viperproject/boogie-proofgen","owner":"viperproject","description":null,"archived":false,"fork":false,"pushed_at":"2024-12-21T12:02:40.000Z","size":100942,"stargazers_count":3,"open_issues_count":4,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-06-19T12:07:01.522Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Boogie","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/viperproject.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-03-02T19:42:50.000Z","updated_at":"2024-12-21T12:02:46.000Z","dependencies_parsed_at":"2023-02-19T10:16:11.763Z","dependency_job_id":"be72fde3-6b99-476a-b6e0-ecffdcf27697","html_url":"https://github.com/viperproject/boogie-proofgen","commit_stats":null,"previous_names":["viperproject/boogie-proofgen"],"tags_count":140,"template":false,"template_full_name":null,"purl":"pkg:github/viperproject/boogie-proofgen","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/viperproject%2Fboogie-proofgen","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/viperproject%2Fboogie-proofgen/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/viperproject%2Fboogie-proofgen/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/viperproject%2Fboogie-proofgen/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/viperproject","download_url":"https://codeload.github.com/viperproject/boogie-proofgen/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/viperproject%2Fboogie-proofgen/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274938661,"owners_count":25377597,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-13T02:00:10.085Z","response_time":70,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-19T12:06:28.833Z","updated_at":"2026-02-13T13:44:48.253Z","avatar_url":"https://github.com/viperproject.png","language":"Boogie","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Proof Generation for Boogie\n\nThis is a version of the [Boogie verifier](https://github.com/boogie-org/boogie) \nthat extends the verifier with proof generation capabilities for a subset of\nthe Boogie intermediate verification language (see below for the currently\nsupported subset).\n\nThe goal of this project is to increase the reliability of the Boogie verifier.\nWhenever the tool is run on a program, the proof generation extension generates \nan Isabelle proof that shows a transformed version of the input program is \ncorrect under the assumption of the VC that Boogie generates.\n\nMost of the source code in the `Source` folder is directly forked from the original\nsource. The main extension is implemented as a C# project in `Source/ProofGeneration`.\nMoreover, the existing source has been instrumented to generate calls to the \nproof generation module such that enough information is obtained to generate \na proof.\n\n\n## What do the proofs show\nBoogie performs various transformations on the input program before finally\ngenerating an AST. For the default Boogie options, the steps performed by \nBoogie are roughly as follows (and also in this order):\n\n1. Parse source AST program to an internal CFG representation (from this point onwards\nonly CFG representations are used)\n2. Basic transformations 1: eliminate dead variables, coalesce blocks, prune unreachable blocks\n3. CFG-to-DAG phase: eliminate cycles via loop invariants\n4. Basic transformations 2: insert pre- and postconditions (in potentially new blocks), \nensure that no join block (a block with multiple predecessors) has a predecessor\nwith multiple successors\n5. Passification phase: eliminate assignments via variable versioning and assumptions + perform\nconstant propagation\n6. Basic transformations 3: Remove empty blocks, prune unreachable blocks\n7. VC phase: generate VC using weakest precondition\n\nOur certificate shows for each procedure that the CFG right before the CFG-to-DAG \nphase is correct under the assumption of the VC. That is, we support all the \ntransformation listed above except those listed in points 1 and 2.\n\n**Note: points 1 and 2 are also handled on [a separate branch](https://github.com/viperproject/boogie-proofgen/tree/cfg_optimizations) that has not yet been merged into this default branch.**\n\n## Modifications to the VC\nWe change the VC that Boogie generates in the following ways:\n1. We do not generate any axioms about built-in types that we do not support.\n2. We do not generate any counterexample-related variables in the VC (since our \nresults are mainly relevant for verifying programs we do not need these variables)\n\nBoth of these changes are trivial: The first change just requires commenting out\nsome lines and the second change just requires invoking a VC generation method\nwith a \"null\" argument where a counterexample-related argument is expected.\n\n\n## Supported subset\nWe currently support only the default Boogie options and we do not\nsupport any attributes (the subsumption attribute is one exception). In terms of\nlanguage features, we currently support:\n* Integers and booleans\n* Type constructors\n* (Polymorphic) functions\n* Most operations on integers/booleans\n* Type and value quantification\n* Old expressions\n* Any gotos/labels/while loops that Boogie accepts\n* Commands: assertions, assumptions, assignments, havocs\n\nMoreover, we currently do not support files that contain type constructors without\nany polymorphism. The reason is that Boogie currently monomorphizes such programs,\nwhich leads to a different VC. If you want to try such programs, just add some \npolymorphic function to the program such as `function test\u003cT\u003e(x:T):T` (that\ndoes not have to be used anywhere).\n\n## Dependencies\nOur tool has the same dependencies as Boogie for the generation of Isabelle proofs:\n* [.NET Core](https://dotnet.microsoft.com)\n* a supported SMT solver (see the [original Boogie repository](https://github.com/boogie-org/boogie)\nfor details)\n\nTo check Isabelle proofs, one additionally requires Isabelle 2021, as well as \nan installation of the Isabelle session that provides the [formalization of \nBoogie](https://github.com/gauravpartha/foundational_boogie/). Installation\nof this session can be done by adding the path to `foundational_boogie/BoogieLang`\nto the `ROOTS` file in the Isabelle home directory.\n\n## Building\n\nTo build the Boogie proof generation extension run:\n\n```\ndotnet build Source/Boogie.sln\n```\n\nThe compiled Boogie binary is\n`Source/BoogieDriver/bin/${CONFIGURATION}/${FRAMEWORK}/BoogieDriver`.\n\n## Running the tool\nOne can run the tool with any standard Boogie options that do not affect the \ntransformations executed by the verifier. For example, running \n```BoogieDriver /proverLog:vc.smt2 \u003cboogie_file\u003e```\nis fine, since this just stores the generated VC in `vc.smt2`.\n\nThe main new non-experimental option that we provide is `/proofOutputDir`.\n`BoogieDriver /proofOutputDir:\u003cdir_path\u003e \u003cboogie_file\u003e` creates a directory \nwith path `dir_path` in which the Isabelle proofs are stored. If there already\nis a directory at `dir_path`, then an error is reported. If this option is not \nprovided (i.e., one invokes `boogieproof \u003cboogie_file\u003e`), then a new folder with \nthe name `\u003cboogie_file\u003e_proofs` is created (and possibly some suffix if such a \ndirectory already exists) in which the proofs are stored.\n\nIn the proof generation output folder, a separate folder is created for each \nprocedure. There are multiple Isabelle theory files in each folder. The main\ntheorem for the procedure is the last Isabelle lemma in the file with the suffix\n`cfg_to_dag_proof.thy`. This final lemma shows that the validity of the VC \nimplies correctness of the input CFG of the CFG-to-DAG phase.\n\nWhen using the tool, one currently needs to make sure that no special characters\nare used that are reserved in Isabelle (such as `#` or `'`). Moreover, for\nfiles that do not verify, the tool cannot provide detailed information, since\nthe counterexample information is not available.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fviperproject%2Fboogie-proofgen","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fviperproject%2Fboogie-proofgen","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fviperproject%2Fboogie-proofgen/lists"}