Scaling Bounded Model Checking By Transforming Programs With Arrays

TL;DR

This paper introduces a transformation technique that converts array-manipulating programs into array-free, loop-free versions, enabling more efficient bounded model checking of array properties in large programs.

Contribution

The authors propose a formal transformation method that simplifies array programs for bounded model checkers, improving verification efficiency for a specific class of properties.

Findings

Effective verification of array properties in large programs.

Formal characterization of properties for which the transformation is precise.

Successful application on industry and academic benchmarks.

Abstract

Bounded Model Checking is one the most successful techniques for finding bugs in program. However, for programs with loops iterating over large-sized arrays, bounded model checkers often exceed the limit of resources available to them. We present a transformation that enables bounded model checkers to verify a certain class of array properties. Our technique transforms an array-manipulating program in ANSI-C to an array-free and loop-free program. The transformed program can efficiently be verified by an off-the-shelf bounded model checker. Though the transformed program is, in general, an abstraction of the original program, we formally characterize the properties for which the transformation is precise. We demonstrate the applicability and usefulness of our technique on both industry code as well as academic benchmarks.