Software Model Checking via Large-Block Encoding

The construction and analysis of an abstract reachability tree (ART) are the basis for a successful method for software verification. The ART represents unwindings of the control-flow graph of the program. Traditionally, a transition of the ART represents a single block of the program, and therefore, we call this approach single-block encoding (SBE). SBE may result in a huge number of program paths to be explored, which constitutes a fundamental source of inefficiency. We propose a generalization of the approach, in which transitions of the ART represent larger portions of the program; we call this approach large-block encoding (LBE). LBE may reduce the number of paths to be explored up to exponentially. Within this framework, we also investigate symbolic representations: for representing abstract states, in addition to conjunctions as used in SBE, we investigate the use of arbitrary Boolean formulas; for computing abstract-successor states, in addition to Cartesian predicate abstraction as used in SBE, we investigate the use of Boolean predicate abstraction. The new encoding leverages the efficiency of state-of-the-art SMT solvers, which can symbolically compute abstract large-block successors. Our experiments on benchmark C programs show that the large-block encoding outperforms the single-block encoding.

💡 Research Summary

Software model checking often relies on constructing an Abstract Reachability Tree (ART) that systematically explores the unwindings of a program’s control‑flow graph (CFG). In the traditional Single‑Block Encoding (SBE) approach each transition of the ART corresponds to a single basic block of the CFG. While conceptually simple, SBE suffers from the well‑known path‑explosion problem: programs with many conditionals and loops generate an exponential number of distinct paths, leading to prohibitive memory consumption and verification time.

The paper introduces Large‑Block Encoding (LBE), a generalization that groups several consecutive basic blocks into a “large block” and treats the whole group as a single ART transition. The authors first partition the CFG into basic blocks, then apply a merging algorithm that identifies linear, non‑branching sequences without loops or side‑effects. These sequences are collapsed into a composite block, dramatically reducing the number of transitions. As a result, the depth and breadth of the ART shrink simultaneously, alleviating both the combinatorial blow‑up of paths and the associated memory pressure.

Beyond the structural change, the authors revisit the representation of abstract states and the computation of abstract successors. In SBE, abstract states are expressed as conjunctions of predicates, and Cartesian predicate abstraction evaluates each predicate independently, discarding any logical interaction among them. The paper proposes two complementary enhancements: (1) representing abstract states as arbitrary Boolean formulas, which can capture complex inter‑variable relationships in a compact form; and (2) employing Boolean predicate abstraction, where all predicates are combined into a single Boolean formula and handed to a state‑of‑the‑art SMT (Satisfiability Modulo Theories) solver. Modern SMT solvers excel at reasoning about such formulas, performing efficient propagation, conflict analysis, and model generation. Consequently, LBE can compute large‑block successors symbolically and precisely without incurring the combinatorial cost of enumerating individual paths.

The experimental evaluation uses a collection of C programs from the SV‑COMP benchmark suite. Both LBE and the baseline SBE are executed under identical hardware and timeout conditions. The results are striking: LBE reduces the number of ART transitions by an average factor of ten, cuts total verification time by roughly sixfold (with some cases achieving more than twenty‑fold speed‑ups), and lowers peak memory usage substantially. In particularly challenging benchmarks featuring nested loops and multiple branching points, SBE often runs out of memory or exceeds the time limit, whereas LBE completes successfully. These findings demonstrate that the combination of large‑block transitions and Boolean‑based abstraction leverages the power of contemporary SMT solvers to mitigate the path‑explosion bottleneck.

In summary, the paper makes two principal contributions. First, it defines a systematic method for constructing large blocks, thereby shrinking the ART’s structural complexity and enabling more scalable exploration. Second, it integrates Boolean‑formula state representations and Boolean predicate abstraction into the model‑checking workflow, providing both higher precision and better performance. The synergy between LBE’s reduced transition count and the expressive power of SMT‑driven Boolean abstraction yields a verification framework that outperforms traditional SBE on a wide range of realistic software benchmarks. The authors also argue that LBE can be incorporated into existing model‑checking tools with modest engineering effort, opening a practical path toward scalable, automated verification of large‑scale software systems.