CBMC: The C Bounded Model Checker
read the original abstract
The C Bounded Model Checker (CBMC) demonstrates the violation of assertions in C programs, or proves safety of the assertions under a given bound. CBMC implements a bit-precise translation of an input C program, annotated with assertions and with loops unrolled to a given depth, into a formula. If the formula is satisfiable, then an execution leading to a violated assertion exists. CBMC is one of the most successful software verification tools. Its main advantages are its precision, robustness and simplicity. CBMC is shipped as part of several Linux distributions. It has been used by thousands of software developers to verify real-world software, such as the Linux kernel, and powers commercial software analysis and test generation tools. Table 1 gives an overview of CBMC's features. CBMC is also a versatile tool that can be applied to solve many practical program analysis problems such as bug finding, property checking, test input generation, detection of security vulnerabilities, equivalence checking and program synthesis. This chapter will give an introduction into CBMC, including practical examples and pointers to further reading. Moreover, we give insights about the development of CBMC itself, showing how its performance evolved over the last decade.
This paper has not been read by Pith yet.
Forward citations
Cited by 2 Pith papers
-
Kani: A Model Checker for Rust
Kani is a model checker that compiles Rust proof harnesses from MIR to CBMC for bounded verification of safety properties and supports contracts to extend checks to unbounded correctness.
-
QCP: A Practical Separation Logic-based C Program Verification Tool
QCP combines automatic separation logic verification with Rocq interactive proving for C programs via annotations and a VS Code extension.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.