The invention discloses a C source code-oriented automatic formal verification tool and method, and the method comprises the steps: inserting a compiled code function specification into a C source code, automatically converting the function specification and the C source code into an intermediate representation which can be processed by a program verifier, converting the intermediate representation into an intermediate verification language code through the program verifier for formal verification input; by the adoption of the formalization method, automatic formalization verification can be conducted on the converted source code so as to verify the functionality and safety of the source code. On the basis that each interface function passes code function correctness verification, an abstract model is constructed by utilizing a behavior modeling language and a combined verification technology; and then an interaction behavior is simulated by utilizing a model simulation engine and an attribute detection engine, a security attribute is verified, and whether the code meets a security attribute specification or not is judged. According to the invention, formalized verification of the C source code can be realized in an automatic form, the used intermediate representation generator can automatically generate the intermediate representation, the program verifier can automatically generate the intermediate verification language code, and the model simulation engine and the attribute detection engine can automatically verify the security attribute. The measures can greatly improve the C source code verification efficiency and reduce the manual participation degree.