A Unit Proofing Framework for Code-level Verification: A Research Agenda
Paschal C. Amusuo, Parth V. Patil, Owen Cochell, Taylor Le Lievre, James C. Davis
TL;DR
The paper addresses the challenge of scalable, reliable verification of code-level software implementations, where harness-based unit proofs are labor-intensive and error-prone. It presents an exploratory study of AWS-style unit proofs in FreeRTOS, showing that unit proofs can detect many memory-safety vulnerabilities but miss others due to incomplete properties, modeling gaps, or outdated proofs. It then proposes a principled Unit Proofing Framework with four tools—Software Decomposer, Proof Builder, Proof Repairer, and Proof Updater—to automate proof construction, repair, and maintenance within real development workflows. If realized, the framework could enable earlier discovery of code-level defects, reduce manual effort, and scale formal verification to real-world software used in safety-critical domains.
Abstract
Formal verification provides mathematical guarantees that a software is correct. Design-level verification tools ensure software specifications are correct, but they do not expose defects in actual implementations. For this purpose, engineers use code-level tools. However, such tools struggle to scale to large software. The process of "Unit Proofing" mitigates this by decomposing the software and verifying each unit independently. We examined AWS's use of unit proofing and observed that current approaches are manual and prone to faults that mask severe defects. We propose a research agenda for a unit proofing framework, both methods and tools, to support software engineers in applying unit proofing effectively and efficiently. This will enable engineers to discover code-level defects early.