## Proving a Computer Program's Correctness

This is interesting:

Professor Gernot Heiser, the John Lions Chair in Computer Science in the School of Computer Science and Engineering and a senior principal researcher with NICTA, said for the first time a team had been able to prove with mathematical rigour that an operating-system kernel—the code at the heart of any computer or microprocessor—was 100 per cent bug-free and therefore immune to crashes and failures.

Don’t expect this to be practical any time soon:

Verifying the kernel—known as the seL4 microkernel—involved mathematically proving the correctness of about 7,500 lines of computer code in an project taking an average of six people more than five years.

That’s 250 lines of code verified per man-year. Both Linux and Windows have something like 50 million lines of code; verifying that would take 200,000 man-years, assuming no increased complexity resulting from the increased complexity. Clearly some efficiency improvements are required.

pdf23ds • October 2, 2009 7:19 AM

Technically, it hasn’t proven to be “bug-free”. Part of proving program correctness is picking properties about the code to prove. If they overlooked even trying to prove some important property of the code, then it could still have unforseen problems. However, it’s a great accomplishment. They’ve proved that it’s free of certain classes of bugs that they knew to look for, which presumably cover most common failure modes.

What I’d like to know is how many bugs in the kernel source they found and corrected in the process of proving correctness.