ESBMC v7.6: Enhanced Model Checking of C++ Programs with Clang AST
Xianzhiyu Li, Kunjian Song, Mikhail R. Gadelha, Franz Brauße, Rafael S. Menezes, Konstantin Korovin, Lucas C. Cordeiro
TL;DR
This work advances ESBMC by integrating a Clang AST-based front-end to enhance verification of modern C++ programs. By upgrading memory management, adding robust support for rvalue references, templates, and exception handling, and updating STL-oriented operational models, ESBMC v7.6 broadens language feature coverage and verification accuracy. Experimental results show improved pass rates and competitive timing across benchmarks relative to v2.1 and v7.3, with Boolector emerging as the fastest SMT solver in this setup. While gains are substantial, remaining limitations in AST coverage and certain C++11 features motivate further development and broader STL integration, aiming toward scalable verification of real-world C++ software.
Abstract
This paper presents Efficient SMT-Based Context-Bounded Model Checker (ESBMC) v7.6, an extended version based on previous work on ESBMC v7.3 by K. Song et al. The v7.3 introduced a new Clang-based C++ front-end to address the challenges posed by modern C++ programs. Although the new front-end has demonstrated significant potential in previous studies, it remains in the developmental stage and lacks several essential features. ESBMC v7.6 further enhanced this foundation by adding and extending features based on the Clang AST, such as 1) exception handling, 2) extended memory management and memory safety verification, including dangling pointers, duplicate deallocation, memory leaks and rvalue references and 3) new operational models for STL updating the outdated C++ operational models. Our extensive experiments demonstrate that ESBMC v7.6 can handle a significantly broader range of C++ features introduced in recent versions of the C++ standard.