Model-Based Static Code Analysis for MATLAB Models

MATLAB is widely used in scientific, engineering, and numerical computations. Complex systems such as digital signal processors, process control systems, etc. are modeled in MATLAB and analyzed; C implementation of the system can be automatically generated from the validated MATLAB model. We combine static analysis techniques with model-based deductive verification using SMT solvers to provide a framework to analyze MATLAB code. The analyzer is generated by translating the collecting semantics of a MATLAB script to a formula in first order logic over multiple underlying theories. Function calls in a script can be handled by importing SMT assertions obtained by analyzing MATLAB files containing function definitions. Logical specification of the desired program behavior (rather its negation) is incorporated as a first order logic formula. An SMT-LIB formula solver treats the combined formula as a "constraint" and "solves" it. The "solved form" can be used to identify logical errors in the MATLAB model.

[1]  Boris Beizer,et al.  Software testing techniques (2. ed.) , 1990 .

[2]  Alexander Aiken,et al.  Detecting Races in Relay Ladder Logic Programs , 1998, TACAS.

[3]  Ilene Burnstein,et al.  Practical Software Testing , 2003, Springer Professional Computing.

[4]  L. D. Moura,et al.  The YICES SMT Solver , 2006 .

[5]  Rajeev Alur,et al.  Counterexample-guided predicate abstraction of hybrid systems , 2006, Theor. Comput. Sci..

[6]  Pablo de la Fuente,et al.  UML Automatic Verification Tool with Formal Methods , 2005, VLFM.

[7]  Paul Anderson,et al.  Tool Support for Fine-Grained Software Inspection , 2003, IEEE Softw..

[8]  Boris Beizer,et al.  Software Testing Techniques , 1983 .

[9]  Jacob Kornerup,et al.  Formal verification of LabVIEW programs using the ACL2 Theorem Prover , 2009, ACL2 '09.

[10]  Gerard J. Holzmann,et al.  Software Analysis and Model Checking , 2002, CAV.

[11]  David Hovemeyer,et al.  Using Static Analysis to Find Bugs , 2008, IEEE Software.

[12]  Prithviraj Banerjee,et al.  Correctly detecting intrinsic type errors in typeless languages such as MATLAB , 2000, ACM SIGAPL APL Quote Quad.

[13]  David A. Wagner Static Analysis and Software Assurance , 2001, SAS.

[14]  Manfred Broy,et al.  Proceedings of the NATO Advanced Study Institute on Deductive Program Design, Marktoberdorf, Germany , 1996, NATO ASI DPD.

[15]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[16]  Yang Meng Tan,et al.  LCLint: a tool for using specifications to check code , 1994, SIGSOFT '94.

[17]  Richard C. T. Lee,et al.  Symbolic logic and mechanical theorem proving , 1973, Computer science classics.

[18]  Sorin Lerner,et al.  ESP: path-sensitive program verification in polynomial time , 2002, PLDI '02.

[19]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[20]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[21]  Florian Martin,et al.  PAG – an efficient program analyzer generator , 1998, International Journal on Software Tools for Technology Transfer.

[22]  Laurie J. Hendren,et al.  Kind analysis for MATLAB , 2011, OOPSLA '11.

[23]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[24]  Benjamin Livshits,et al.  Context-sensitive program analysis as database queries , 2005, PODS.

[25]  Nicolas Halbwachs,et al.  Cartesian Factoring of Polyhedra in Linear Relation Analysis , 2003, SAS.

[26]  M. Ghiassi,et al.  Dual programming approach to software testing , 2004, Software Quality Journal.

[27]  Dawson R. Engler,et al.  A system and language for building system-specific, static analyses , 2002, PLDI '02.

[28]  Nicolas Halbwachs,et al.  Verification of Real-Time Systems using Linear Relation Analysis , 1997, Formal Methods Syst. Des..