Earth System Models (ESMs) exhibit large codebases, geographically distributed development teams, and heterogeneous hardware deployments—especially GPU acceleration—rendering traditional bit-for-bit reproducibility verification infeasible; manual validation is subjective and inefficient, while existing formal methods lack domain-specific support for climate modeling. Method: We propose the first domain-specific formal specification and verification framework for ESMs, integrating abstract modeling with the CIVL model checker to transcend bit-level reproducibility constraints and enable cross-architecture trustworthy verification. Contribution/Results: Applied to an ocean mixing parameterization scheme, our framework successfully specified and verified the correctness of critical bug fixes. This constitutes the first empirical demonstration of formal methods’ feasibility and effectiveness in real-world climate model development, significantly enhancing reliability assurance for model modifications.

Earth System Models (ESMs) are critical for understanding past climates and projecting future scenarios. However, the complexity of these models, which include large code bases, a wide community of developers, and diverse computational platforms, poses significant challenges for software quality assurance. The increasing adoption of GPUs and heterogeneous architectures further complicates verification efforts. Traditional verification methods often rely on bitwise reproducibility, which is not always feasible, particularly under new compilers or hardware. Manual expert evaluation, on the other hand, is subjective and time-consuming. Formal methods offer a mathematically rigorous alternative, yet their application in ESM development has been limited due to the lack of climate model-specific representations and tools. Here, we advocate for the broader adoption of formal methods in climate modeling. In particular, we identify key aspects of ESMs that are well suited to formal specification and introduce abstraction approaches for a tailored framework. To demonstrate this approach, we present a case study using CIVL model checker to formally verify a bug fix in an ocean mixing parameterization scheme. Our goal is to develop accessible, domain-specific formal tools that enhance model confidence and support more efficient and reliable ESM development.