“…Large-scale verification projects that are based on refinement include seL4 [30], FSCQ [10], Flashix [48], and CompCert [35], with high human effort involved. Correct-by-construction correspondence between low-level code and high-level data types helps to some extent in, e.g., [13] and Cogent [3]. Recent work on "push-button" verification includes a verified TLS library [12], AWS C Common library [11], file system [50], a hyperkernel [42], network functions [56], where the high degree of proof automation is in part achieved by statically bounding the state space of the systems.…”