Formal verification of binary programs—across languages (C/C++/Rust), toolchains, and architectures (x86/RISC-V)—remains challenging in source-unavailable settings, especially for establishing both correctness and incorrectness guarantees. Method: This paper introduces IsaBIL, the first formal verification framework integrating Incorrectness Logic into binary analysis. Built on Isabelle/HOL, it leverages BAP’s Binary Intermediate Language (BIL), employs a custom ML parser and proof tactics, and features a multi-level abstraction model grounded in big-step semantics. Contributions/Results: Key innovations include (1) a multi-level abstraction modeling mechanism based on big-step semantics; (2) higher-order inference rules tailored for RISC-V; and (3) automated proof strategies adapted to C-compiled binaries. Evaluated on JSF coding standard routines and MITRE-identified vulnerability samples, IsaBIL automatically discharges hundreds of proof goals, demonstrating substantial improvements in generality and automation for binary-level formal verification.

This paper presents IsaBIL, a binary analysis framework in Isabelle/HOL that is based on the widely used Binary Analysis Platform (BAP). Specifically, in IsaBIL, we formalise BAP's intermediate language, called BIL and integrate it with Hoare logic (to enable proofs of correctness) as well as incorrectness logic (to enable proofs of incorrectness). IsaBIL inherits the full flexibility of BAP, allowing us to verify binaries for a wide range of languages (C, C++, Rust), toolchains (LLVM, Ghidra) and target architectures (x86, RISC-V), and can also be used when the source code for a binary is unavailable. To make verification tractable, we develop a number of big-step rules that combine BIL's existing small-step rules at different levels of abstraction to support reuse. We develop high-level reasoning rules for RISC-V instructions (our main target architecture) to further optimise verification. Additionally, we develop Isabelle proof tactics that exploit common patterns in C binaries for RISC-V to discharge large numbers of proof goals (often in the 100s) automatically. IsaBIL includes an Isabelle/ML based parser for BIL programs, allowing one to automatically generate the associated Isabelle/HOL program locale from a BAP output. Taken together, IsaBIL provides a highly flexible proof environment for program binaries. As examples, we prove correctness of key examples from the Joint Strike Fighter coding standards and the MITRE database.