Bounded Program Verification Using an SMT Solver: A Case Study

We present a novel approach to bounded program verification that exploits recent advances of SMT solvers in modular checking of object-oriented code against its full specification. Bounded program verification techniques exhaustively check the specifications of a bounded program with respect to a bounded domain. To our knowledge, however, those techniques that target data-structure-rich programs reduce the problem to propositional logic directly, and use a SAT solver as the backend engine. Scalability, therefore, becomes a major issue due to bit blasting problems. In this paper, we present a novel approach that translates bounded Java programs and their JML specifications to quantified bit-vector formulas (QBVF) with arrays, and solves them using an SMT solver. QBVF allows logical constraints that are structurally closer to the original program and specification, and can be significantly simplified via high-level reasonings before being flattened in a basic logic. We also present a case study on a large-scale implementation of Dijkstra's shortest path algorithm. The results indicate that our approach provides significant speedups over a SAT-based approach.