Verified symbolic execution with Kripke specification monads (and no meta-programming)

Verifying soundness of symbolic execution-based program verifiers is a significant challenge. This especially true if the resulting tool needs to be usable outside proof assistant, in which case we cannot rely on shallowly embedded assertion logics and meta-programming. The manipulate deeply assertions, it crucial for efficiency eagerly prune unreachable paths simplify intermediate assertions way that can justified towards proof. Only few such tools exist literature, their proofs are intricate hard generalize or reuse. We contribute novel, systematic approach construction verifier. first implement shallow verification condition generator as an object language interpreter specification monad, using abstract interface featuring angelic demonic nondeterminism. Next, build executor by implementing similar interpreter, monad. monad lives universe Kripke-indexed variables scope path condition. Finally, reduce execution relating both executors Kripke logical relation. report practical application these techniques Katamaran, verifying security guarantees offered instruction set architectures (ISAs). fully verified combining our machinery with conditions against axiomatized separation logic, Iris-based implementation axioms, proven sound operational semantics. Based experience good results practicality tool, demonstrating viability approach.