Specifying and Verifying Concurrent C Programs with TLA+

  • Amira Methni
  • Matthieu Lemerre
  • Belgacem Ben Hedia
  • Serge Haddad
  • Kamel Barkaoui
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 476)

Abstract

Verifying software systems automatically from their source code rather than modelling them in a dedicated language gives more confidence in establishing their properties. Here we propose a formal specification and verification approach for concurrent C programs directly based on the semantics of C. We define a set of translation rules and implement it in a tool (C2TLA+) that automatically translates C code into a TLA+ specification. The TLC model checker can use this specification to generate a model, allowing to check the absence of runtime errors and dead code in the C program in a given configuration. In addition, we show how translated specifications interact with manually written ones to: check the C code against safety or liveness properties; provide concurrency primitives or model hardware that cannot be expressed in C; and use abstract versions of translated C functions to address the state explosion problem. All these verifications have been conducted on an industrial case study, which is a part of the microkernel of the PharOS real-time system.

References

  1. 1.
    Akhtar, S., Merz, S., Quinson, M.: A high-level language for modeling algorithms and their properties. In: Davies, J. (ed.) SBMF 2010. LNCS, vol. 6527, pp. 49–63. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  2. 2.
    Ball, T., Rajamani, S.K.: The SLAM project: debugging system software via static analysis. SIGPLAN Not. 37(1), 1–3 (2002)CrossRefGoogle Scholar
  3. 3.
    Baudin, P., Filliâtre, J.C., Marché, C., Monate, B., Moy, Y., Prevosto, V.: ACSL: ANSI/ISO C Specification Language, version 1.4 (2009). http://frama-c.cea.fr/acsl.html
  4. 4.
    Clarke, E., Kroning, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168–176. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  5. 5.
    Clarke, E.M., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 154–169. Springer, Heidelberg (2000) CrossRefGoogle Scholar
  6. 6.
    Clarke Jr., E.M., Grumberg, O., Peled, D.A.: Model Checking. MIT Press, Cambridge (1999) Google Scholar
  7. 7.
    Cohen, E., Dahlweid, M., Hillebrand, M., Leinenbach, D., Moskal, M., Santen, T., Schulte, W., Tobies, S.: VCC: a practical system for verifying concurrent C. In: Berghofer, S., Nipkow, T., Urban, C., Wenzel, M. (eds.) TPHOLs 2009. LNCS, vol. 5674, pp. 23–42. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  8. 8.
    Cousineau, D., Doligez, D., Lamport, L., Merz, S., Ricketts, D., Vanzetto, H.: TLA\(^ \text{+ } \) Proofs. In: Giannakopoulou, D., Méry, D. (eds.) FM 2012. LNCS, vol. 7436, pp. 147–154. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  9. 9.
    Cuoq, P., Kirchner, F., Kosmatov, N., Prevosto, V., Signoles, J., Yakobowski, B.: Frama-C: a software analysis perspective. In: Eleftherakis, G., Hinchey, M., Holcombe, M. (eds.) SEFM 2012. LNCS, vol. 7504, pp. 233–247. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  10. 10.
    D’Silva, V., Kroening, D., Weissenbacher, G.: A survey of automated techniques for formal software verification. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. (TCAD) 27(7), 1165–1178 (2008)CrossRefGoogle Scholar
  11. 11.
    Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Software verification with BLAST. In: Ball, T., Rajamani, S.K. (eds.) SPIN 2003. LNCS, vol. 2648, pp. 235–239. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  12. 12.
    Holzmann, G.J.: The model checker SPIN. IEEE Trans. Softw. Eng. 23(5), 279–295 (1997)CrossRefMathSciNetGoogle Scholar
  13. 13.
    Holzmann, G.J.: Trends in software verification. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 40–50. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  14. 14.
    Holzmann, G.J., Smith, M.H.: An automated verification method for distributed systems software based on model extraction. IEEE Trans. Soft. Eng. 28, 364–377 (2002)CrossRefGoogle Scholar
  15. 15.
    Lamport, L.: Concurrent reading and writing of clocks. ACM Trans. Comput. Syst. 8(4), 305–310 (1990)CrossRefGoogle Scholar
  16. 16.
    Lamport, L.: The temporal logic of actions. ACM Trans. Program. Lang. Syst. 16(3), 872–923 (1994)CrossRefGoogle Scholar
  17. 17.
    Lamport, L.: Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley, MA (2002) Google Scholar
  18. 18.
    Lamport, L.: The PlusCal algorithm language. In: Leucker, M., Morgan, C. (eds.) ICTAC 2009. LNCS, vol. 5684, pp. 36–60. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  19. 19.
    Lemerre, M., Ohayon, E., Chabrol, D., Jan, M., Jacques, M.B.: Method and tools for mixed-criticality real-time applications within PharOS. In: Proceedings of AMICS 2011: 1st International Workshop on Architectures and Applications for Mixed-Criticality Systems (2011)Google Scholar
  20. 20.
    Manna, Z., Pnueli, A.: The Temporal Logic of Reactive and Concurrent Systems. Springer, New York (1992) CrossRefGoogle Scholar
  21. 21.
    Necula, G.C., Mcpeak, S., Rahul, S.P., Weimer, W.: CIL: intermediate language and tools for analysis and transformation of C programs. In: International Conference on Compiler Construction. pp. 213–228 (2002)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Amira Methni
    • 1
    • 4
  • Matthieu Lemerre
    • 2
  • Belgacem Ben Hedia
    • 1
  • Serge Haddad
    • 3
  • Kamel Barkaoui
    • 4
  1. 1.Embedded Real-Time System LabCEA, LISTGif-sur-yvetteFrance
  2. 2.Software Safety LabCEA, LISTGif-sur-yvetteFrance
  3. 3.LSV, ENS CachanCNRS&INRIAParisFrance
  4. 4.CNAM, CEDRICParisFrance

Personalised recommendations