Formal Verification of Industrial Software with Dynamic Memory Management

Tool-based analytic techniques such as formal verification may be used to justify the quality, correctness and dependability of software involved in digital control systems. This paper reports on the development and application of a tool-based methodology, the purpose of which is the formal verification of freedom from intrinsic software faults related to dynamic memory management. The paper introduces the operational and research context in the power generation industry, in which this work takes place. The theoretical framework and the tool at the cornerstone of the methodology are then presented. The paper also presents the practical aspects of the research: software under analysis, experimental results and lessons learned. The results are seen promising, as the methodology scales accurately in identified conditions of analysis, and has a number of perspectives which are currently under study in ongoing work.

[1]  Ahmed Bouajjani,et al.  TReX: A Tool for Reachability Analysis of Complex Systems , 2001, CAV.

[2]  Thuy Nguyen,et al.  Dependability assessment of safety-critical system software by static analysis methods , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[3]  Nicolas Halbwachs,et al.  Combining Widening and Acceleration in Linear Relation Analysis , 2006, SAS.

[4]  Alain Finkel,et al.  How to Compose Presburger-Accelerations: Applications to Broadcast Protocols , 2002, FSTTCS.

[5]  Andreas Podelski,et al.  Boolean Heaps , 2005, SAS.

[6]  David Nowak,et al.  Towards symbolic verification of programs handling pointers , 2004 .

[7]  Edmund M. Clarke,et al.  Arithmetic Strengthening for Shape Analysis , 2007, SAS.

[8]  Peter W. O'Hearn,et al.  A Local Shape Analysis Based on Separation Logic , 2006, TACAS.

[9]  Alain Finkel,et al.  From pointer systems to counter systems using shape analysis , 2006 .

[10]  Laure Petrucci,et al.  FAST: Fast Acceleration of Symbolikc Transition Systems , 2003, CAV.

[11]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[12]  Ahmed Bouajjani,et al.  Programs with lists are counter automata , 2011, Formal Methods Syst. Des..

[13]  Alain Finkel,et al.  FASTer Acceleration of Counter Automata in Practice , 2004, TACAS.

[14]  Ahmed Bouajjani,et al.  Abstract Regular Tree Model Checking of Complex Dynamic Data Structures , 2006, SAS.

[15]  Alain Finkel,et al.  Towards Model-Checking Programs with Lists , 2007, ILC.