FM-Agent: Scaling Formal Methods to Large Systems via LLM-Based Hoare-Style Reasoning

2026-06-19 · Source: cs.SE updates on arXiv.org · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Software Development & Engineering · Depth: Expert, extended

Summary

FM-Agent is presented as the first framework enabling automated compositional reasoning for large-scale software systems, addressing the challenge of verifying LLM-generated code. It utilizes Large Language Models (LLMs) to automate the generation of function-level specifications using a top-down paradigm, deriving expected behavior from callers rather than potentially buggy implementations. The framework then generalizes Hoare-style inference to reason against these natural-language specifications and automatically generates system-entry test cases to validate potential bugs. In evaluations, FM-Agent successfully reasoned about systems up to 143k LoC within 2 days, discovering 522 new bugs in systems already tested by developers, including critical issues like system crashes and incorrect execution results.

Key takeaway

For AI Engineers and software architects building or integrating large systems with LLM-generated code, you should consider adopting automated compositional reasoning tools like FM-Agent. This approach helps overcome the manual burden of formal specification writing and scales verification to complex codebases. By employing LLMs for specification generation and natural language reasoning, you can detect subtle, critical bugs that traditional testing might miss, significantly enhancing system reliability and reducing post-deployment issues.

Key insights

LLMs can automate formal specification generation and Hoare-style reasoning for large-scale software systems.

Principles

• Compositional reasoning scales verification for complex systems.
• Specifications should capture developer intent, not just implementation.
• LLMs can accurately predict small code block execution.

Method

FM-Agent uses a top-down, layered specification generator, an LLM-based natural language Hoare-style code reasoner, and a bug validator that generates system-entry test cases.

In practice

• Derive function specifications from caller behavior and domain knowledge.
• Perform Hoare-style reasoning directly with natural language specifications.
• Generate system-entry test cases to confirm and explain bugs.

Topics

• Formal Methods
• LLM-Assisted Development
• Hoare Logic
• Program Verification
• Specification Generation
• Software Reliability

Code references

• anthropics/claude-c-compiler

Best for: AI Architect, Research Scientist, CTO, AI Scientist, Software Engineer, AI Engineer

Related on AIssential

• A Lightweight Multi-Agent Framework for Automated Concrete Barrier Design — A multi-agent framework improves LLM-based engineering design by integrating generation, evaluation, and optimization, achieving high accuracy with smaller models.
• Formal Methods Meet LLMs: Auditing, Monitoring, and Intervention for Compliance of Advanced AI Systems — Formal methods combined with machine learning enhance AI system auditing and runtime monitoring for compliance.
• Beyond Correctness: Enhancing Architectural Reasoning in Code LLMs via Scalable Labeling with Agentic Judgment — Agentic LLM judges offer a scalable solution for evaluating and enhancing architectural reasoning in code generation.
• Interpretable and Verifiable Hardware Generation with LLM-Driven Stepwise Refinement — LLMs can generate verifiable hardware designs by integrating formal methods and stepwise refinement.
• Step-by-Step Guide to Building AI Agents Using LLMs — LLM-powered AI agents enable advanced automation by understanding language, reasoning, and interacting with systems autonomously.
• From Data to Theory: Autonomous Large Language Model Agents for Materials Science — Autonomous LLM agents can perform end-to-end scientific theory development, from equation selection to code execution and validation.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by cs.SE updates on arXiv.org.