vLLM ESBMC Verification PoC: Formal Method-Based Validation of Integer Operations in LLM Inference Engines

This project applies ESBMC's Python frontend to validate integer and index operations in vLLM, successfully discovering and reporting the first CLI-triggerable vulnerability to the vLLM upstream, demonstrating the application potential of formal methods in security validation for LLM inference engines. The project is maintained by lucasccordeiro, sourced from a GitHub repository (published on 2026-05-24).

vLLM is a popular LLM inference engine known for high throughput and memory efficiency, but its underlying layer may have issues like boundary errors and integer overflows. This project explores using formal verification to check vLLM's core operation logic, attempting to apply ESBMC's Python frontend to its integer and index operations.

ESBMC is an SMT-based model checker supporting multiple languages; its Python frontend can detect defects like array out-of-bounds and integer overflows. The project's verification scope includes 4 function targets and 1 CLI path target in vLLM. The process is automated end-to-end (via the make verify command), completing two-stage analysis of 9 entry points in 33 seconds.

The project discovered and reported a vulnerability to the vLLM upstream (issue #43496), which can be triggered via normal CLI paths and affects real users. This discovery shows that formal verification can systematically explore state spaces and find deeply hidden defects that are hard to detect with conventional testing, directly benefiting the vLLM community.

Challenges include Python's dynamic features (dynamic typing, flexible indexing), vLLM's complexity (tensor operations, memory management), and verification scalability. Solutions: context-bounded checking, selective verification of key paths, and incremental verification using previous results.

Prospects: Can be used for memory safety validation of LLM inference engines, proof of semantic preservation in model conversion, and certification of AI applications in safety-critical domains. Limitations: Limited coverage, context-bounded checking cannot guarantee infinite states, and high manual workload.

The project proves that formal verification can be applied to real Python projects to find actual defects. Insights: Formal verification is becoming practical and can complement testing; the concept of 'shift-left security' is important; interdisciplinary collaboration (formal experts + domain experts) is key.