Skip to content

Docs News About Contact ↗

CTRL K

GitHub Discussions API Reference

CTRL K

Docs
News
About
Contact ↗

Setup
Usage
Config
Constructs
Function Contracts
Loop Invariants
Coverage Analysis
CWE Mapping
GitHub Action
C and C++
Solidity
Python
Ladder Diagram
Development
Theory

Edit this page on GitHub →

Theory

Theory

This section covers the theory and internals behind ESBMC: how it models programs, the proof algorithms it runs, how verification conditions are encoded for SMT solvers, and the data structures it is built on.

Modeling with Non-determinism

The primitives ESBMC adds to C for non-deterministic values, assumptions, and atomic blocks.

Verification Algorithms

Bounded model checking, falsification, incremental BMC, and k-induction — how ESBMC unwinds loops and proves correctness.

Termination and Non-termination

Proving loops halt via ranking functions, refuting them via recurrent sets, and the reduction to a k-induction reachability check.

Memory Model and Pointer Safety

How ESBMC models pointers as object + offset and derives bounds, NULL, use-after-free, and leak checks.

Concurrency and Context-Bounded MC

Thread interleavings, context bounding, partial-order reduction, and data-race / deadlock detection.

Interval Analysis

Abstract interpretation that infers variable ranges and injects them as assumptions before SMT solving.

Function Contracts

Modular assume-guarantee verification with requires / ensures / assigns and loop contracts.

Integer vs. Bit-Vector Encoding

The –ir integer encoding versus default bit-vectors, and a manual refinement workflow.

SMT Formula Generation

How symbolic execution turns a program into SSA and then into an SMT formula.

Linear Temporal Logic

LTL property checking via Büchi automata over finite prefixes.

ESBMC’s typed, reference-counted, copy-on-write internal representation.

© 2025 Systems & Software Verification Laboratory