Reducibility
Glossary Contents
← Ch X
Chapter XI 3-Satisfiability
Ch XII →
  1. 31 — Three is enough
  2. 32 — WalkSAT in Clojure
  3. 33 — Verifying the JVM
33

Verifying the JVM

Every time the Java verifier checks a class file, it is solving an instance of bounded model checking — which compiles to 3-SAT under the hood.

Software model checking takes a program plus a property ("nothing is ever null-dereferenced", "this lock is always released") and asks: does there exist any input causing the property to fail? Bounded model checking unrolls the program k steps and encodes the question as a CNF formula — typically a few million 3-clauses for k = 50 in a real Java method. The JBMC, SPIN, and CBMC tool families all do this. The same template runs symbolic execution (KLEE, Coverity, GitHub CodeQL) and most of static analysis. When Microsoft's SLAM device-driver verifier was deployed in Windows, it caught crashes that traditional QA missed for years; it was, mechanically, a 3-SAT solver.

In plain terms

Software bugs can be encoded as logic puzzles: "is there an input that makes this code crash?" If yes, the puzzle has a solution and you have a bug. Modern bug-finders ask exactly this question, and the puzzle they solve is 3-SAT.

Scan to come back to page 33

End of Chapter XI
Chapter XII Chromatic Number →
← 32 WalkSAT in Clojure
3/3 · 33/63
34 Color the map →