Researchers at the University of Manchester Proposes ESBMC-Python: The First BMC-based Python-code Verifier for Formal Verification of Python Programs
What is bounded model checking in software engineering?
Bounded model checking (BMC) is a technique used in software engineering to verify the correctness of a program within specified bounds. It involves checking the program against a given property for a certain number of steps, and is particularly useful for finding errors in programs with loops by incrementally unwinding them up to a bound k.
Why is verifying Python programs inherently difficult?
Verifying Python programs is inherently difficult due to its dynamic nature and lack of explicit type information1. Python determines type information at runtime, making it challenging for traditional static analysis tools to ascertain program correctness1. Additionally, without explicit type annotations, ensuring the safety and correctness of Python programs becomes a formidable task, particularly in large codebases or applications with critical security requirements1.
How does ESBMC-Python handle Python's dynamic typing?
ESBMC-Python handles Python's dynamic typing by converting Python programs into abstract syntax trees (ASTs), then annotating them with type information and formatting them to fit into the bounded model checking (BMC) pipeline. This transformation allows the verification of Python programs by overcoming the difficulties posed by Python's dynamic typing, enabling the verification of properties such as type correctness and logical consistency.