Tame Your Annotations with MetAcsl: Specifying, Testing and Proving High-Level Properties
A common way to specify software properties is to associate a contract to each function, allowing the use of various techniques to assess (e.g. to prove or to test) that the implementation is valid with respect to these contracts. However, in practice, high-level properties are not always easily expressible through function contracts. Furthermore, such properties may span across multiple functions, making the specification task tedious, and its assessment difficult and error-prone, especially on large code bases. To address these issues, we propose a new specification mechanism called meta-properties. Meta-properties are enhanced global invariants specified for a set of functions, capable of expressing predicates on values of variables as well as memory related conditions (such as separation) and read or write access constraints. This paper gives a detailed presentation of meta-properties and their support in a dedicated Frama-C plugin MetAcsl, and shows that they are automatically amenable to both deductive verification and testing. This is demonstrated by applying these techniques on two illustrative case studies.
This work was partially supported by the project VESSEDIA, which has received funding from the EU Horizon 2020 research and innovation programme under grant agreement No 731453. This work was also partially supported by ANR (grant ANR-18-CE25-0015-01). The work of the first author was partially funded by a Ph.D. grant of the French Ministry of Defense. Many thanks to the anonymous referees for their helpful comments.
- 2.Baudin, P.: ACSL: ANSI/ISO C Specification Language (2018). https://framac.com/acsl.html
- 4.Baudin, P., Bobot, F., Correnson, L., Dargaye, Z.: WP plugin manual (2010). http://frama-c.com/wp.html
- 5.Signoles, J., Kosmatov, N., Vorobyov, K.: E-ACSL, a runtime verification tool for safety and security of C programs (tool paper). In: International Workshop on Competitions, Usability, Benchmarks, Evaluation, and Standardisation for Runtime Verification Tools, pp. 164–173 (2017)Google Scholar
- 8.Cheon, Y., Perumandla, A.: Specifying and checking method call sequences in JML. In: International Conference on Software Engineering Research and Practice, pp. 511–516 (2005)Google Scholar
- 10.Stouls, N., Groslambert, J.: Vérification de propriéts LTL sur des programmes C par génération d’annotations. Research Report (French) (2011)Google Scholar
- 11.de Oliveira, S., Prevosto, V., Bensalem, S.: CaFE: a model-checker collaboratif. In: Approches Formelles dans l’Assistance au Developpement Logiciel (2017)Google Scholar
- 12.Blatter, L., Kosmatov, N., Le Gall, P., Prevosto, V., Petiot, G.: Static and dynamic verification of relational properties on self-composed C code. In: Dubois, C., Wolff, B. (eds.) TAP 2018. LNCS, vol. 10889, pp. 44–62. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-92994-1_3CrossRefGoogle Scholar
- 13.Pavlova, M., Barthe, G., Burdy, L., Huisman, M., Lanet, J.L.: Enforcing high-level security properties for applets. In: Quisquater, J.J., Paradinas, P., Deswarte, Y., El Kalam, A.A. (eds.) Smart Card Research and Advanced Applications VI. IFIP International Federation for Information Processing, vol. 153, pp. 1–16. Springer, Boston (2004). https://doi.org/10.1007/1-4020-8147-2_1CrossRefGoogle Scholar