Tame Your Annotations with MetAcsl: Specifying, Testing and Proving High-Level Properties

  • Virgile RoblesEmail author
  • Nikolai Kosmatov
  • Virgile Prevosto
  • Louis Rilling
  • Pascale Le Gall
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11823)


A common way to specify software properties is to associate a contract to each function, allowing the use of various techniques to assess (e.g. to prove or to test) that the implementation is valid with respect to these contracts. However, in practice, high-level properties are not always easily expressible through function contracts. Furthermore, such properties may span across multiple functions, making the specification task tedious, and its assessment difficult and error-prone, especially on large code bases. To address these issues, we propose a new specification mechanism called meta-properties. Meta-properties are enhanced global invariants specified for a set of functions, capable of expressing predicates on values of variables as well as memory related conditions (such as separation) and read or write access constraints. This paper gives a detailed presentation of meta-properties and their support in a dedicated Frama-C plugin MetAcsl, and shows that they are automatically amenable to both deductive verification and testing. This is demonstrated by applying these techniques on two illustrative case studies.



This work was partially supported by the project VESSEDIA, which has received funding from the EU Horizon 2020 research and innovation programme under grant agreement No 731453. This work was also partially supported by ANR (grant ANR-18-CE25-0015-01). The work of the first author was partially funded by a Ph.D. grant of the French Ministry of Defense. Many thanks to the anonymous referees for their helpful comments.


  1. 1.
    Kirchner, F., Kosmatov, N., Prevosto, V., Signoles, J., Yakobowski, B.: Frama-C: a software analysis perspective. Formal Aspects Comput. 27, 573–609 (2015)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Baudin, P.: ACSL: ANSI/ISO C Specification Language (2018).
  3. 3.
    Robles, V., Kosmatov, N., Prevosto, V., Rilling, L., Le Gall, P.: MetAcsl: specification and verification of high-level properties. In: Vojnar, T., Zhang, L. (eds.) TACAS 2019. LNCS, vol. 11427, pp. 358–364. Springer, Cham (2019). Scholar
  4. 4.
    Baudin, P., Bobot, F., Correnson, L., Dargaye, Z.: WP plugin manual (2010).
  5. 5.
    Signoles, J., Kosmatov, N., Vorobyov, K.: E-ACSL, a runtime verification tool for safety and security of C programs (tool paper). In: International Workshop on Competitions, Usability, Benchmarks, Evaluation, and Standardisation for Runtime Verification Tools, pp. 164–173 (2017)Google Scholar
  6. 6.
    Petiot, G., Kosmatov, N., Botella, B., Giorgetti, A., Julliand, J.: How testing helps to diagnose proof failures. Formal Aspects Comput. 30, 629–657 (2018)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Leavens, G.T., Baker, A.L., Ruby, C.: JML: a notation for detailed design. In: Kilov, H., Rumpe, B., Simmonds, I. (eds.) Behavioral Specifications of Businesses and Systems. SECS, vol. 523, pp. 175–188. Springer, Boston (1999). Scholar
  8. 8.
    Cheon, Y., Perumandla, A.: Specifying and checking method call sequences in JML. In: International Conference on Software Engineering Research and Practice, pp. 511–516 (2005)Google Scholar
  9. 9.
    Trentelman, K., Huisman, M.: Extending JML specifications with temporal logic. In: Kirchner, H., Ringeissen, C. (eds.) AMAST 2002. LNCS, vol. 2422, pp. 334–348. Springer, Heidelberg (2002). Scholar
  10. 10.
    Stouls, N., Groslambert, J.: Vérification de propriéts LTL sur des programmes C par génération d’annotations. Research Report (French) (2011)Google Scholar
  11. 11.
    de Oliveira, S., Prevosto, V., Bensalem, S.: CaFE: a model-checker collaboratif. In: Approches Formelles dans l’Assistance au Developpement Logiciel (2017)Google Scholar
  12. 12.
    Blatter, L., Kosmatov, N., Le Gall, P., Prevosto, V., Petiot, G.: Static and dynamic verification of relational properties on self-composed C code. In: Dubois, C., Wolff, B. (eds.) TAP 2018. LNCS, vol. 10889, pp. 44–62. Springer, Cham (2018). Scholar
  13. 13.
    Pavlova, M., Barthe, G., Burdy, L., Huisman, M., Lanet, J.L.: Enforcing high-level security properties for applets. In: Quisquater, J.J., Paradinas, P., Deswarte, Y., El Kalam, A.A. (eds.) Smart Card Research and Advanced Applications VI. IFIP International Federation for Information Processing, vol. 153, pp. 1–16. Springer, Boston (2004). Scholar
  14. 14.
    Kiczales, G., et al.: Aspect-oriented programming. In: Akşit, M., Matsuoka, S. (eds.) ECOOP 1997. LNCS, vol. 1241, pp. 220–242. Springer, Heidelberg (1997). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Institut LIST, CEAUniversité Paris-SaclayPalaiseauFrance
  2. 2.Thales Research and TechnologyPalaiseauFrance
  3. 3.DGARennesFrance
  4. 4.Laboratoire de Mathématiques et Informatique pour la Complexité et les Systèmes, CentraleSupélecUniversité Paris-SaclayGif-Sur-YvetteFrance

Personalised recommendations