Frama-C: A software analysis perspective

Frama-C is a source code analysis platform that aims at conducting verification of industrial-size C programs. It provides its users with a collection of plug-ins that perform static analysis, deductive verification, and testing, for safety- and security-critical software. Collaborative verification across cooperating plug-ins is enabled by their integration on top of a shared kernel and datastructures, and their compliance to a common specification language. This foundational article presents a consolidated view of the platform, its main and composite analyses, and some of its industrial achievements.

[1]  R. Stephenson A and V , 1962, The British journal of ophthalmology.

[2]  Edsger W. Dijkstra,et al.  A constructive approach to the problem of program correctness , 1968 .

[3]  Amir Pnueli,et al.  The temporal logic of programs , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[4]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[5]  C. A. R. Hoare,et al.  An axiomatic basis for computer programming , 1969, CACM.

[6]  Joe D. Warren,et al.  The program dependence graph and its use in optimization , 1987, TOPL.

[7]  簡聰富,et al.  物件導向軟體之架構(Object-Oriented Software Construction)探討 , 1989 .

[8]  David W. Binkley,et al.  Interprocedural slicing using dependence graphs , 1990, TOPL.

[9]  Philippe Granger,et al.  Static Analysis of Linear Congruence Equalities among Variables of a Program , 1991, TAPSOFT, Vol.1.

[10]  Robert W. Floyd,et al.  Assigning Meanings to Programs , 1993 .

[11]  Jean Souyris,et al.  Applying Formal Proof Techniques to Avionics Software: A Pragmatic Approach , 1999, World Congress on Formal Methods.

[12]  Richard Bornat,et al.  Proving Pointer Programs in Hoare Logic , 2000, MPC.

[13]  Joxan Jaffar,et al.  A framework for combining analysis and verification , 2000, POPL '00.

[14]  Bruno Marre,et al.  Test sequences generation from LUSTRE descriptions: GATEL , 2000, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering.

[15]  Christine Paulin-Mohring,et al.  The coq proof assistant reference manual , 2000 .

[16]  Paul Gastin,et al.  Fast LTL to Büchi Automata Translation , 2001, CAV.

[17]  George C. Necula,et al.  CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs , 2002, CC.

[18]  Michael D. Ernst,et al.  An overview of JML tools and applications , 2003, Electron. Notes Theor. Comput. Sci..

[19]  Michael D. Ernst,et al.  An overview of JML tools and applications , 2003, International Journal on Software Tools for Technology Transfer.

[20]  Yannis Smaragdakis,et al.  JCrasher: an automatic robustness tester for Java , 2004, Softw. Pract. Exp..

[21]  David R. Cok,et al.  ESC/Java2: Uniting ESC/Java and JML , 2004, CASSIS.

[22]  David W. Binkley,et al.  Interprocedural slicing using dependence graphs , 1988, SIGP.

[23]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[24]  Patrick Cousot,et al.  The ASTREÉ Analyzer , 2005, ESOP.

[25]  Xavier Rival,et al.  Trace Partitioning in Abstract Interpretation Based Static Analyzers , 2005, ESOP.

[26]  John M. Rushby An Evidential Tool Bus , 2005, ICFEM.

[27]  Bruno Marre,et al.  PathCrawler: Automatic Generation of Path Tests by Combining Static and Dynamic Analysis , 2005, EDCC.

[28]  Thomas A. Henzinger,et al.  SYNERGY: a new algorithm for property checking , 2006, SIGSOFT '06/FSE-14.

[29]  Thomas Wagner,et al.  Dining Philosophers Problem , 2006 .

[30]  Yannis Smaragdakis,et al.  Dynamically discovering likely interface invariants , 2006, ICSE '06.

[31]  David S. Rosenblum,et al.  A historical perspective on runtime assertion checking in software development , 2006, SOEN.

[32]  Yannis Smaragdakis,et al.  Combining Static and Dynamic Reasoning for Bug Detection , 2007, TAP.

[33]  Claude Marché,et al.  The Why/Krakatoa/Caduceus Platform for Deductive Program Verification , 2007, CAV.

[34]  Stephen McCamant,et al.  The Daikon system for dynamic detection of likely invariants , 2007, Sci. Comput. Program..

[35]  Thomas A. Henzinger,et al.  The software model checker Blast , 2007, International Journal on Software Tools for Technology Transfer.

[36]  Thomas A. Henzinger,et al.  The software model checker B last : Applications to software engineering , 2007 .

[37]  Xavier Leroy,et al.  Formal Verification of a C-like Memory Model and Its Uses for Verifying Program Transformations , 2008, Journal of Automated Reasoning.

[38]  J. Filliâtre,et al.  ACSL: ANSI/ISO C Specification Language , 2008 .

[39]  Damien Doligez,et al.  Hashconsing in an incrementally garbage-collected system: a story of weak pointers and hashconsing in ocaml 3.10.2 , 2008, ML '08.

[40]  Alain Giorgetti,et al.  Verification of class liveness properties with java modelling language , 2008, IET Softw..

[41]  Nikolai Tillmann,et al.  Automating Software Testing Using Program Analysis , 2008, IEEE Software.

[42]  James Demmel,et al.  IEEE Standard for Floating-Point Arithmetic , 2008 .

[43]  Nikolai Kosmatov,et al.  Automating structural testing of C programs: Experience with PathCrawler , 2009, 2009 ICSE Workshop on Automation of Software Test.

[44]  Yannick Moy Automatic modular static safety checking for C programs , 2009 .

[45]  Julien Signoles,et al.  Foncteurs impératifs et composés: la notion de projets dans Frama-C , 2009, Stud. Inform. Univ..

[46]  Frédéric Tronel,et al.  SIDAN: A tool dedicated to software instrumentation for detecting attacks on non-control-data , 2009, 2009 Fourth International Conference on Risks and Security of Internet and Systems (CRiSIS 2009).

[47]  Wolfram Schulte,et al.  VCC: Contract-based modular verification of concurrent C , 2009, 2009 31st International Conference on Software Engineering - Companion Volume.

[48]  Julien Signoles,et al.  Experience report: OCaml for an industrial-strength static analysis framework , 2009, ICFP.

[49]  David Pichardie,et al.  A Provably Correct Stackless Intermediate Representation for Java Bytecode , 2010, APLAS.

[50]  Julien Signoles,et al.  Taster, a Frama-C plug-in to enforce Coding Standards , 2010 .

[51]  Nikolai Kosmatov Constraint-Based Techniques for Software Testing , 2010 .

[52]  Karine Heydemann,et al.  Attack model for verification of interval security properties for smart card C codes , 2010, PLAS '10.

[53]  Marie-Laure Potet,et al.  Taint Dependency Sequences: A Characterization of Insecure Execution Paths Based on Input-Sensitive Cause Sequences , 2010, 2010 Third International Conference on Software Testing, Verification, and Validation Workshops.

[54]  Robert J. Simmons,et al.  Proofs from Tests , 2008, IEEE Transactions on Software Engineering.

[55]  Philippe Herrmann,et al.  OSMOSE: automatic structural testing of executables , 2011, Softw. Test. Verification Reliab..

[56]  Philippe Herrmann,et al.  Refinement-Based CFG Reconstruction from Unstructured Programs , 2011, VMCAI.

[57]  Pascal Cuoq,et al.  A Mergeable Interval Map , 2011, Stud. Inform. Univ..

[58]  V. S. Costa,et al.  Theory and Practice of Logic Programming , 2010 .

[59]  Roberto M. Amadio,et al.  Certifying and Reasoning on Cost Annotations of Functional Programs , 2011, FOPARA.

[60]  Bertrand Meyer,et al.  Usable Verification of Object-Oriented Programs by Combining Static and Dynamic Techniques , 2011, SEFM.

[61]  Michael Hicks,et al.  LOCKSMITH: Practical static race detection for C , 2011, TOPL.

[62]  Panagiotis Katsaros,et al.  Test-Driving Static Analysis Tools in Search of C Code Vulnerabilities , 2011, 2011 IEEE 35th Annual Computer Software and Applications Conference Workshops.

[63]  Julien Groslambert,et al.  Vérification de propriétés LTL sur des programmes C par génération d'annotations , 2011 .

[64]  Constantin Enea,et al.  On inter-procedural analysis of programs with lists and data , 2011, PLDI '11.

[65]  Victoria Moya Lamiel,et al.  Fan-C , a Frama-C plug-in for data flow verification , 2011 .

[66]  Romain Jobredeaux,et al.  Autocoding control software with proofs I: Annotation translation , 2011, 2011 IEEE/AIAA 30th Digital Avionics Systems Conference.

[67]  Kish Shen,et al.  ECLiPSe – From LP to CLP , 2011, Theory and Practice of Logic Programming.

[68]  Nikolai Kosmatov,et al.  Program slicing enhances a verification technique combining static and dynamic analysis , 2012, SAC '12.

[69]  Frank Elberzhager,et al.  A systematic mapping study on the combination of static and dynamic quality assurance techniques , 2012, Inf. Softw. Technol..

[70]  Antoine Miné,et al.  Static Analysis of Run-Time Errors in Embedded Real-Time Parallel C Programs , 2012, Log. Methods Comput. Sci..

[71]  Cyrille Comar,et al.  Integrating Formal Program Verication with Testing , 2012 .

[72]  Julien Signoles,et al.  Combining Analyses for C Program Verification , 2012, FMICS.

[73]  Roberto M. Amadio,et al.  Certifying and Reasoning on Cost Annotations in C Programs , 2012, FMICS.

[74]  Nikolai Kosmatov,et al.  Frama-C - A Software Analysis Perspective , 2012, SEFM.

[75]  Claude Marché,et al.  A Certified Multi-prover Verification Condition Generator , 2012, VSTTE.

[76]  Nikolai Kosmatov,et al.  An Optimized Memory Monitoring for Runtime Assertion Checking of C Programs , 2013, RV.

[77]  R. M. Burstall,et al.  Some Techniques for Proving Correctness of Programs which Alter Data Structures , 2013 .

[78]  Nikolai Kosmatov,et al.  A Lesson on Runtime Assertion Checking with Frama-C , 2013, RV.

[79]  Jean-Christophe Filliâtre,et al.  Why3 - Where Programs Meet Provers , 2013, ESOP.

[80]  Julien Signoles,et al.  Program Transformation for Non-interference Verification on Programs with Pointers , 2013, SEC.

[81]  Natarajan Shankar,et al.  Tool Integration with the Evidential Tool Bus , 2013, VMCAI.

[82]  Nikolai Kosmatov,et al.  Behind the scenes in SANTE: a combination of static and dynamic analyses , 2013, Automated Software Engineering.

[83]  Peter G. Bishop,et al.  Combining testing and proof to gain high assurance in software: A case study , 2013, 2013 IEEE 24th International Symposium on Software Reliability Engineering (ISSRE).

[84]  Nikolai Kosmatov,et al.  Common specification language for static and dynamic analysis of C programs , 2013, SAC '13.

[85]  Yannick Moy,et al.  Rail, Space, Security: Three Case Studies for SPARK 2014 , 2014 .

[86]  Julien Signoles Comment un chameau peut-il écrire un journal ? , 2014, JFLA.

[87]  Cyrille Comar,et al.  Explicit Assumptions - A Prenup for Marrying Static and Dynamic Program Verification , 2014, TAP@STAF.

[88]  K. Rustan M. Leino,et al.  This is Boogie 2 , 2016 .

[89]  Paul E. Black,et al.  SATE V Ockham Sound Analysis Criteria , 2016 .