Project description
A scalable breakthrough to boost software verification
In the realm of software verification, Satisfiability Modulo Theories (SMT) stands as a crucial framework. However, scalability remains a significant hurdle, particularly for verifying extensive program segments. In this context, the ERC-funded SPES project aims to leverage the inherent structural sparsity in programs (reflected in their bounded treewidth and pathwidth). SPES aims to design bespoke SMT-solvers that are faster and more efficient. This approach involves decomposing control-flow graphs into smaller, manageable parts, guiding the solver with promising decision orders. As a result, the project will enhance algorithmic efficiency in satisfiability checking and variable elimination. It will pave the way for more scalable and effective software verification processes.
Objective
Satisfiability modulo theories (SMT) is a ubiquitous framework in modern software verification. It can express a significant number of classical program verification tasks, e.g. invariant generation, reachability and pre/post-conditions, in complex programs with arrays, pointers, real/integer variables, and user-defined data structures. State-of-the-art SMT solvers, such as cvc5/Z3, form the backbone of modern verification suites.
Unfortunately, SMT-based verification methods are far from perfect in terms of scalability. They are especially slow when the desired property depends on a large portion of the program, such as a function with hundreds/thousands of lines. A primary reason is that solvers are designed for *general-purpose* constraint-solving. When a program analysis tool, such as Boogie, reduces a verification task to SMT and passes it to a solver, such as Z3, the solver has no knowledge of the original program or any of its structural and sparsity properties that are inherited by the SMT instance. Thus, it spends significant time exploring unpromising solution paths or applying unproductive heuristics.
In this project, we will exploit the structural sparsity of programs to design faster bespoke SMT-solving algorithms for software verification tasks. It is well-known that control-flow graphs of structured programs are sparse and decomposable. Formally, they have bounded treewidth/pathwidth. Thus, one can successively find small cuts that decompose the graphs into parts of a small size. The idea is to guide the SMT-solver with a promising approximation or decision order based on these decompositions. This is because the SMT instance inherits the sparsity and structure of the underlying program. Thus, it can be decomposed into small parts by successively solving low-dimensional sub-instances. More specifically, this project will use the decomposition to design faster algorithms for satisfiability checking and (approximate) quantifier/variable elimination.
Fields of science (EuroSciVoc)
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: The European Science Vocabulary.
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: The European Science Vocabulary.
- natural sciences computer and information sciences software
- natural sciences computer and information sciences artificial intelligence heuristic programming
You need to log in or register to use this function
Keywords
Project’s keywords as indicated by the project coordinator. Not to be confused with the EuroSciVoc taxonomy (Fields of science)
Project’s keywords as indicated by the project coordinator. Not to be confused with the EuroSciVoc taxonomy (Fields of science)
Programme(s)
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
-
HORIZON.1.1 - European Research Council (ERC)
MAIN PROGRAMME
See all projects funded under this programme
Topic(s)
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Funding Scheme
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
HORIZON-ERC - HORIZON ERC Grants
See all projects funded under this funding scheme
Call for proposal
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
(opens in new window) ERC-2025-STG
See all projects funded under this callHost institution
Net EU financial contribution. The sum of money that the participant receives, deducted by the EU contribution to its linked third party. It considers the distribution of the EU financial contribution between direct beneficiaries of the project and other types of participants, like third-party participants.
OX1 2JD Oxford
United Kingdom
The total costs incurred by this organisation to participate in the project, including direct and indirect costs. This amount is a subset of the overall project budget.