Advertisement

Ghosts for Lists: From Axiomatic to Executable Specifications

  • Frédéric Loulergue
  • Allan Blanchard
  • Nikolai Kosmatov
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10889)

Abstract

Internet of Things (IoT) applications are becoming increasingly critical and require formal verification. Our recent work presented formal verification of the linked list module of Contiki, an OS for IoT. It relies on a parallel view of a linked list via a companion ghost array and uses an inductive predicate to link both views. In this work, a few interactively proved lemmas allow for the automatic verification of the list functions specifications, expressed in the acsl specification language and proved with the Frama-C/Wp tool.

In a broader verification context, especially as long as the whole system is not yet formally verified, it would be very useful to use runtime verification, in particular, to test client modules that use the list module. It is not possible with the current specifications, which include an inductive predicate and axiomatically defined functions. In this early-idea paper we show how to define a provably equivalent non-inductive predicate and a provably equivalent non-axiomatic function that belong to the executable subset e-acsl of acsl and can be transformed into executable C code. Finally, we propose an extension of Frama-C to handle both axiomatic specifications for deductive verification and executable specifications for runtime verification.

Keywords

Linked lists Executable specification Deductive verification Runtime verification Frama-C Internet of Things 

Notes

Acknowledgment

This work was partially supported by a grant from CPER DATA and the project VESSEDIA, which has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 731453. The authors thank the Frama-C team for providing the tools and support. Many thanks to the anonymous referees for their helpful comments.

References

  1. 1.
    Baudin, P., Cuoq, P., Filliâtre, J.C., Marché, C., Monate, B., Moy, Y., Prevosto, V.: ACSL: ANSI/ISO C Specification Language. http://frama-c.com/acsl.html
  2. 2.
    Blanchard, A., Kosmatov, N., Loulergue, F.: Ghosts for lists: a critical module of Contiki verified in Frama-C. In: Dutle, A., Muñoz, C., Narkawicz, A. (eds.) NFM 2018. LNCS, vol. 10811, pp. 37–53. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-77935-5_3CrossRefGoogle Scholar
  3. 3.
    Darvas, Á., Müller, P.: Proving consistency and completeness of model classes using theory interpretation. In: Rosenblum, D.S., Taentzer, G. (eds.) FASE 2010. LNCS, vol. 6013, pp. 218–232. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-12029-9_16CrossRefGoogle Scholar
  4. 4.
    Delahaye, M., Kosmatov, N., Signoles, J.: Common specification language for static and dynamic analysis of C programs. In: Proceedings of the ACM Symposium on Applied Computing, SAC 2013, pp. 1230–1235. ACM (2013)Google Scholar
  5. 5.
    Dunkels, A., Grönvall, B., Voigt, T.: Contiki - a lightweight and flexible operating system for tiny networked sensors. In: Proceedings of the 29th Annual IEEE Conference on Local Computer Networks, LCN 2004, pp. 455–462. IEEE Computer Society (2004)Google Scholar
  6. 6.
    Gladisch, C., Tyszberowicz, S.S.: Specifying linked data structures in JML for combining formal verification and testing. Sci. Comput. Program. 107–108, 19–40 (2015)CrossRefGoogle Scholar
  7. 7.
    Kirchner, F., Kosmatov, N., Prevosto, V., Signoles, J., Yakobowski, B.: Frama-C: a software analysis perspective. Form. Asp. Comput. 27(3), 573–609 (2015)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.M.: DDoS in the IoT: Mirai and other botnets. IEEE Comput. 50(7), 80–84 (2017)CrossRefGoogle Scholar
  9. 9.
    Necula, G.C., McPeak, S., Rahul, S.P., Weimer, W.: CIL: intermediate language and tools for analysis and transformation of C programs. In: Horspool, R.N. (ed.) CC 2002. LNCS, vol. 2304, pp. 213–228. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45937-5_16CrossRefGoogle Scholar
  10. 10.
    Polikarpova, N., Furia, C.A., Meyer, B.: Specifying reusable components. In: Leavens, G.T., O’Hearn, P., Rajamani, S.K. (eds.) VSTTE 2010. LNCS, vol. 6217, pp. 127–141. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-15057-9_9CrossRefGoogle Scholar
  11. 11.
    Signoles, J.: E-ACSL: Executable ANSI/ISO C Specification Language. http://frama-c.com/download/e-acsl/e-acsl.pdf
  12. 12.
    The Coq Development Team: The Coq proof assistant. http://coq.inria.fr
  13. 13.
    Tollitte, P.-N., Delahaye, D., Dubois, C.: Producing certified functional code from inductive specifications. In: Hawblitzel, C., Miller, D. (eds.) CPP 2012. LNCS, vol. 7679, pp. 76–91. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-35308-6_9CrossRefzbMATHGoogle Scholar
  14. 14.
    Vorobyov, K., Signoles, J., Kosmatov, N.: Shadow state encoding for efficient monitoring of block-level properties. In: Proceedings of the International Symposium on Memory Management, ISMM 2017, pp. 47–58. ACM (2017)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.School of Informatics Computing and Cyber SystemsNorthern Arizona UniversityFlagstaffUSA
  2. 2.Inria Lille — Nord EuropeVilleneuve d’AscqFrance
  3. 3.Software Reliability and Security LabCEA, LISTGif-sur-YvetteFrance

Personalised recommendations