Model checking C++ programs

From Wiley via Jisc Publications RouterHistory: received 2021-05-24, rev-recd 2021-08-05, accepted 2021-08-06, pub-electronic 2021-09-08Article version: VoRPublication status: PublishedFunder: Engineering and Physical Sciences Research Council; Id: http://dx.doi.org/10.13039/501100000266Funder: Nokia Institute of TechnologyFunder: UK Research and Innovation; Id: http://dx.doi.org/10.13039/100014013Summary: In the last three decades, memory safety issues in system programming languages such as C or C++ have been one of the most significant sources of security vulnerabilities. However, there exist only a few attempts with limited success to cope with the complexity of C++ program verification. We describe and evaluate a novel verification approach based on bounded model checking (BMC) and satisfiability modulo theories (SMT) to verify C++ programs. Our verification approach analyses bounded C++ programs by encoding into SMT various sophisticated features that the C++ programming language offers, such as templates, inheritance, polymorphism, exception handling, and the Standard Template Libraries. We formalize these features within our formal verification framework using a decidable fragment of first‐order logic and then show how state‐of‐the‐art SMT solvers can efficiently handle that. We implemented our verification approach on top of ESBMC. We compare ESBMC to LLBMC and DIVINE, which are state‐of‐the‐art verifiers to check C++ programs directly from the LLVM bitcode. Experimental results show that ESBMC can handle a wide range of C++ programs, presenting a higher number of correct verification results. Additionally, ESBMC has been applied to a commercial C++ application in the telecommunication domain and successfully detected arithmetic‐overflow errors, which could potentially lead to security vulnerabilities