C Code Verification based on the Extended Labeled Transition System Model

The C programming language is widely used in safety-critical software systems. With its large appliance and increasing complexity, the need of ensuring the correctness of C codes emerged. This paper presents Ceagle , a fully automated program verifier for finding assertion violations in C programs. It is decent in both accuracy and efficiency by using a semantically equivalent program model language that is specifically designed for C program, together with various optimizations that make the satisfiability checking faster and memoryfriendly. More specifically, Ceagle uses LLVM clang as front-end parser, an extended labeled transition system as program model, and Z3 SMT solver as the back-end satisfiability checker. Ceagle is designed to be fully automatic and requires no user interaction as long as the assertions are provided. For evaluation, we compare Ceagle with existing C program verifiers based on open benchmarks. Ceagle outperforms others in terms of accuracy, and time and memory consumption.

[1]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[2]  Lui Sha,et al.  Data-Centered Runtime Verification of Wireless Medical Cyber-Physical System , 2017, IEEE Transactions on Industrial Informatics.

[3]  Dirk Beyer Reliable and Reproducible Competition Results with BenchExec and Witnesses (Report on SV-COMP 2016) , 2016, TACAS.

[4]  Dirk Beyer,et al.  CPAchecker: A Tool for Configurable Software Verification , 2009, CAV.

[5]  Tiziana Margaria,et al.  Tools and algorithms for the construction and analysis of systems: a special issue for TACAS 2017 , 2001, International Journal on Software Tools for Technology Transfer.

[6]  Zvonimir Rakamaric,et al.  SMACK: Decoupling Source Language Details from Verifier Implementations , 2014, CAV.

[7]  Yu Jiang,et al.  Design and Optimization of Multiclocked Embedded Systems Using Formal Techniques , 2015, IEEE Transactions on Industrial Electronics.

[8]  Yu Jiang,et al.  Design of Mixed Synchronous/Asynchronous Systems with Multiple Clocks , 2015, IEEE Transactions on Parallel and Distributed Systems.

[9]  Yu Jiang,et al.  Tsmart-GalsBlock: a toolkit for modeling, validation, and synthesis of multi-clocked embedded systems , 2014, FSE 2014.

[10]  Thomas A. Henzinger,et al.  Program Analysis with Dynamic Precision Adjustment , 2008, 2008 23rd IEEE/ACM International Conference on Automated Software Engineering.

[11]  Dirk Beyer,et al.  Explicit-State Software Model Checking Based on CEGAR and Interpolation , 2013, FASE.

[12]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[13]  Carsten Sinz,et al.  LLBMC: Bounded Model Checking of C and C++ Programs Using a Compiler IR , 2012, VSTTE.

[14]  Carsten Sinz,et al.  A Precise Memory Model for Low-Level Bounded Model Checking , 2010, SSV.