Skip to main content
SpringerLink
Log in

Frama-C: A software analysis perspective

  • Original Article
  • Published:
Formal Aspects of Computing

Abstract

Frama-C is a source code analysis platform that aims at conducting verification of industrial-size C programs. It provides its users with a collection of plug-ins that perform static analysis, deductive verification, and testing, for safety- and security-critical software. Collaborative verification across cooperating plug-ins is enabled by their integration on top of a shared kernel and datastructures, and their compliance to a common specification language. This foundational article presents a consolidated view of the platform, its main and composite analyses, and some of its industrial achievements.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Ayache N, Amadio R, Régis-Gianas Y (2012) Certifying and reasoning on cost annotations in C programs. In: 17th International workshop on formal methods for industrial critical systems (FMICS 2012)

  2. Adelard LLP Simple concurrency analysis plugin for Frama-C. https://bitbucket.org/adelard/simple-concurrency/

  3. Assaf M, Signoles J, Totel E, Tronel F (2013) Program transformation for non-interference verification on programs with pointers. In: (eds) The 28th IFIP TC-11 international information security and privacy conference (SEC 2013). Springer, Berlin, pp 231–244

    Google Scholar 

  4. Bishop P, Bloomfield R, Cyra L (2013) Combining testing and proof to gain high assurance in software: a case study. In: Proceedings of IEEE international symposium on software reliability engineering (ISSRE)

  5. Bonichon R, Cuoq P (2011) A mergeable interval map. Studia Informatica Universalis 9(1): 5–37

    Google Scholar 

  6. Burdy L, Cheon Y, Cok DR, Ernst MD, Kiniry JR, Leavens GT, Leino KRM, Poll E (2005) An overview of JML tools and applications. Softw Tools Technol Transf 7(3): 212–232

    Article  Google Scholar 

  7. Barnett M, Evan Chang B-Y, DeLine R, Jacobs B, Rustan K, Leino M (2006) Boogie: A modular reusable verifier for object-oriented programs. In: Proceedings of 4th international symposium on formal methods components and objects (FMCO 2005), volume 4111 of LNCS. Springer, Berlin

  8. Bouajjani A, Dragoi C, Enea C, Sighireanu M (2011) On inter-procedural analysis of programs with lists and data. In: The 32nd ACM SIGPLAN conference on programming language design and implementation (PLDI, 2011), ACM, pp 578–589

  9. Botella B, Delahaye M, Hong-Tuan-Ha S, Kosmatov N, Mouy P, Roger M, Williams N (2009) Automating structural testing of C programs: experience with PathCrawler. In: The 4th international workshop on automation of software test (AST 2009), IEEE Computer Society, pp 70–78

  10. Baudin P, Filliâtre J-C, Hubert T, Marché C, Monate B, Moy Y, Prevosto V (2013) ACSL: ANSI/ISO C specification language, v1.6, April 2013. http://frama-c.com/acsl.html

  11. Bardin S, Herrmann P (2011) OSMOSE: automatic structural testing of executables. Softw Test Verif Reliab 21(1): 29–54

    Article  Google Scholar 

  12. Beyer D, Henzinger TA, Jhala R, Majumdar R (2007) The software model checker Blast: applications to software engineering. Int J Softw Tools Technol Transf 9(5–6): 505–525

    Article  Google Scholar 

  13. Berthomé P, Heydemann K, Kauffmann-Tourkestansky X, Lalande J-F (2010) Attack model for verification of interval security properties for smart card C codes. In: The 5th ACM SIGPLAN workshop on programming languages and analysis for security (PLAS 2010), ACM, pp 1–12

  14. Bardin S, Herrmann P, Védrine F (2011) Refinement-based CFG reconstruction from unstructured programs. In: The 12th international conference on verification, model checking, and abstract interpretation (VMCAI, 2011), volume 6538 of LNCS. Springer, pp 54–69

  15. Black Paul E (2014) SATE V Ockham sound analysis criteria. http://samate.nist.gov/SATE5Workshop.html

  16. Beckman NE, Nori AV, Rajamani SK, Simmons RJ, Tetali S, Thakur AV (2010) Proofs from tests. IEEE Trans Softw Eng 36(4): 495–508

    Article  Google Scholar 

  17. Bornat R (2000) Proving pointer programs in Hoare logic. In: The 5th international conference on mathematics of program construction (MPC, 2000), volume 1837 of LNCS. Springer

  18. Burstall RM (1972) Some techniques for proving correctness of programs which alter data structures. Mach Intell 7: 23–50

    MATH  Google Scholar 

  19. Conchon S et al The Alt-Ergo automated theorem prover http://alt-ergo.lri.f..

  20. Cousot P, Cousot R (1977) Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: The 4th symposium on principles of programming languages (POPL, 1977), pp 238–252

  21. Cousot P, Cousot R, Feret J, Mauborgne L, Miné A, Monniaux D, Rival X (2005) The ASTRÉE analyzer. In: The 14th European symposium on programming (ESOP 2005), part of the joint European conferences on theory and practice of software (ETAPS, 2005), volume 3444 of LNCS. Springer, Berlin pp 21–30

  22. Chebaro O, Cuoq P, Kosmatov N, Marre B, Pacalet A, Williams N, Yakobowski B (2013) Behind the scenes in SANTE: a combination of static and dynamic analyses. Autom Softw Eng. Published online

  23. Cuoq P, Doligez D (2008) Hashconsing in an incrementally garbage-collected system: a story of weak pointers and hashconsing in OCaml 3.10.2.. In: Proceedings of the ACM SigPlan ML workshop, pp 13–22

  24. Cuoq P, Delmas D, Duprat S, Moya Lamiel V (2012) Fan-C, a Frama-C plug-in for data flow verification. In: The embedded real-time software and systems congress (ERTS2 2012)

  25. Cuoq P, Doligez D, Signoles J (2011) Lightweight typed customizable unmarshaling. In: ACM SIGPLAN Workshop on ML. ACM

  26. Cuoq P, Hilsenkopf P, Kirchner F, Labbé S, Thuy N, Yakobowski B (2012) Formal verification of software important to safety using the Frama-C tool suite. In: The 8th international conference on nuclear plant instrumentation and control (NPIC, 2012)

  27. Cruanes S, Hamon G, Owre S, Shankar N (2013) Tool integration with the evidential tool bus. In: Proceedings of verification, model-checking and abstract interpretation (VMCAI), volume 7737 of LNCS, pp 275–294

  28. Cok David R, Kiniry Joseph R (2004) ESC/Java2: uniting ESC/Java and JML. In: The international workshop on construction and analysis of safe, secure and interoperable smart devices (CASSIS, 2004), volume 3362 of LNCS. Springer, pp 108–128

  29. Chatzieleftheriou G, Katsaros P (2011) Test-driving static analysis tools in search of C code vulnerabilities. In: COMPSAC workshops. IEEE Computer Society, pp 96–103

  30. Chebaro O, Kosmatov N, Giorgetti A, Julliand J (2012) Program slicing enhances a verification technique combining static and dynamic analysis. In: The ACM symposium on applied computing (SAC, 2012), ACM, pp 1284–1291

  31. Comar C, Kanig J, Moy Y (2012) Integrating formal program verification with testing. In: Proceedings of ERTS, 2012

  32. Clang Static Analyzer. http://clang-analyzer.llvm.org/

  33. Ceara D, Mounier L, Potet M-L (2010) Taint dependency sequences: a characterization of insecure execution paths based on input-sensitive cause sequences. In: The 3rd international conference on software testing, verification and validation workshops (ICSTW, 2010), pp 371–380

  34. Coq Development Team (2011) The Coq proof assistant reference manual, v8.3 edition. http://coq.inria.fr/

  35. Clarke LA, Rosenblum DS (2006) A historical perspective on runtime assertion checking in software development. ACM SIGSOFT Softw Eng Notes 31(3): 25–37

    Article  Google Scholar 

  36. Csallner C, Smaragdakis Y (2004) JCrasher: An automatic robustness tester for Java. Softw—Pract Exp 34(11): 1025–1050

    Google Scholar 

  37. Csallner C, Smaragdakis Y (2006) Dynamically discovering likely interface invariants. In: The 28th ACM/IEEE international conference on software engineering (ICSE, 2006), Emerging Results Track, ACM, pp 861–864

  38. Correnson L, Signoles J (2012) Combining analyses for C programverification. In: The 17th internationalworkshop on formal methods for industrial critical systems (FMICS, 2012)

  39. Cuoq P, Signoles J, Baudin P, Bonichon R, Canet G, Correnson L, Monate B, Prevosto V, Puccetti A (2009) Experience report: OCaml for an industrial-strength static analysis framework. In: The 14th ACM SIGPLAN international conference on functional programming (ICFP, 2009), ACM, pp 281–286

  40. Cuoq P, Yakobowski B, Prevosto V (2013) Frama-C’s value analysis plug-in, fluorine-20130601 edition. June, http://frama-c.com/download/frama-c-value-analysis.pdf

  41. Delmas D, Duprat S, Moya Lamiel V, Signoles J (2010) Taster, a Frama-C plug-in to encode coding standards. In: The embedded real-time software and systems congress (ERTS2)

  42. Dross C, Efstathopoulos P, Lesens D, Mentré D, Moy Y (2014) Rail, space, security: three case studies for spark 2014. In: Proceedings of ERTS, 2014

  43. Dijkstra EW (1968) A constructive approach to program correctness. BIT Numerical Mathematics Springer, Berlin

    Google Scholar 

  44. Demange D, Jensen T, Pichardie D (2010) A provably correct stackless intermediate representation for java bytecode. In: The 8th Asian symposium on programming languages and systems (APLAS, 2010), volume 6461 of LNCS. Springer, pp 97–113

  45. Delahaye M, Kosmatov N, Signoles J (2013) Common specification language for static and dynamic analysis of C programs. In: The 28th annual ACM symposium on applied computing (SAC), ACM, pp 1230–1235

  46. Dahlweid M, Moskal M, Santen T, Tobies S, Schulte W (2009) VCC: Contract-based modular verification of concurrent C. In: ICSE Companion, IEEE Computer Society, pp 429–430

  47. Demay J-C, Totel E, Tronel F (2009) SIDAN: a tool dedicated to software instrumentation for detecting attacks on non-control-data. In: CRiSIS

  48. Elberzhager F, Münch J, Tran Ngoc Nha V (2012) A systematic mapping study on the combination of static and dynamic quality assurance techniques. Inform Softw Technol 54(1): 1–15

    Article  Google Scholar 

  49. Ernst Michael D, Perkins Jeff H, Guo Philip J (2007) Stephen McCamant, Carlos Pacheco, Matthew S. Tschantz, and Chen Xiao. The Daikon system for dynamic detection of likely invariants. Sci Comput Program 69(1–3): 35–45

    Article  MATH  Google Scholar 

  50. Filliâtre Jean-Christophe (2000) Hash consing in an ML framework. Research Report 1368, LRI, Université Paris Sud

  51. Filliâtre J-C (2003) Why: a multi-language multi-prover verification tool. Research Report 1366, LRI, Université Paris Sud

  52. Floyd RW (1967) Assigning meanings to programs. In: Proceedings of the American Mathematical Society Symposia on Applied Mathematics, vol 19

  53. Filliâtre J-C, Marché C (2007) The why/krakatoa/caduceus platform for deductive program verification. In: CAV, volume 4590 of LNCS. Springer, pp 173–177

  54. Ferrante J, Ottenstein K.J, Warren J.D (1987) The program dependence graph and its use in optimization. ACM Trans Program Lang Syst 9(3): 319–349

    Article  MATH  Google Scholar 

  55. Filliâtre J-C, Paskevich A (2013) Why3—where programs meet provers. In: The 22nd European symposium on programming (ESOP, 2013), volume 7792 of LNCS. Springer

  56. Godefroid P, de Halleux J, Nori Aditya V, Rajamani Sriram K, Schulte W, Tillmann N, Levin Michael Y (2008) Automating software testing using program analysis. IEEE Softw 25(5): 30–37

    Article  Google Scholar 

  57. Giorgetti A, Groslambert J, Julliand J, Kouchnarenko O (2008) Verification of class liveness properties with Java Modeling Language. IET Softw 2(6)

  58. Gulavani Bhargav S, Henzinger Thomas A, Kannan Y, Nori Aditya V, Rajamani Sriram K (2006) SYNERGY: a new algorithm for property checking. In: The 14th ACM SIGSOFT international symposium on foundations of software engineering (FSE 2006), ACM, pp 117–127

  59. Gmp: Gnu multiple precision arithmetic library. http://gmplib.org/

  60. Gastin P, Oddoux D (2001) Fast LTL to Büchi automata translation. In: The 13th international conference on computer aided verification (CAV, 2001), volume 2102 of LNCS. Springer, pp 53–65

  61. Granger P (1991) Static analysis of linear congruence equalities among variables of a program. In: TAPSOF, volume 493 of LNCS. Springer, pp 169–192

  62. Groslambert J, Stouls N (2009) Vérification de propriétés LTL sur des programmes C par génération d’annotations. In: Approches Formelles dans l’Assistance au Développement de Logiciels (AFADL 2009), in French

  63. Heintze N, Jaffar J, Voicu R (2000) A framework for combining analysis and verification. In: The 27th symposium on principles of programming languages (POPL 2000)

  64. Herms P, Marché C, Monate B (2012) A certified multi-prover verification condition generator. In: The 4th international conference on verified software: theories, tools, experiments (VSTTE 2012), volume 7152 of LNCS. Springer, pp 2–17

  65. Hoare CAR (1969) An axiomatic basis for computer programming. Commun ACM 12(10)

  66. Horwitz S, Reps T, Binkley D (1988) Interprocedural slicing using dependence graphs. In: The ACM SIGPLAN conference on programming language design and implementation (PLDI 1988), volume 23–7, pp 35–46

  67. Herrmann P, Signoles J (2013) Annotation generation: Frama-C’s RTE plug-in, April. http://frama-c.com/download/frama-c-rte-manual.pdf

  68. IEEE Std 754-2008 (2008) IEEE standard for floating-point arithmetic. Technical report. http://dx.doi.org/10.1109/IEEESTD.2008.4610935

  69. ISO/IEC JTC1/SC22/WG14 (2007) 9899:TC3: programming languages—C. http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1256.pdf

  70. Jobredeaux R, Wang Timothy E, Feron Eric M (2011) Autocoding Control Software with Proofs I: annotation translation. In: Proceedings of the IEEE/AIAA digital avionics systems conference (DASC)

  71. Johannes K, Rod C, Cyrille C, Jerome G, Yannick M, Emyr R (2014) Explicit assumptions—a prenup for marrying static and dynamic program verification. In: Proceedings of TAP, 2014, To appear

  72. Kosmatov N. Online version of PathCrawler. http://pathcrawler-online.com/

  73. Kosmatov N (2010) Artificial intelligence applications for improved software engineering development: new prospects, chapter XI: Constraint-Based Techniques for Software Testing. IGI Global

  74. Kosmatov N, Petiot G, Signoles J (2013) An optimized memory monitoring for runtime assertion checking of C programs. In: The 4th international conference on runtime verification (RV 2013), volume 8174 of LNCS. Springer, pp 167–182

  75. Kosmatov N, Signoles J (2013) A lesson on runtime assertion checking with Frama-C. In: The 4th international conference on runtime verification (RV, 2013), volume 8174 of LNCS. Springer, pp 386–399

  76. Leroy X, Blazy S (2008) Formal verification of a C-like memory model and its uses for verifying program transformations. J Automa Reason 41(1): 1–31

    Article  MATH  MathSciNet  Google Scholar 

  77. Leroy X, Doligez D, Frisch A, Garrigue J Rémy Didier, Vouillon Jéróme (2013) The OCaml system release 4.01. INRIA, 2013. http://caml.inria.fr/pub/docs/manual-ocaml-4.01/

  78. Leino KRM (2008) This is Boogie 2. Micros Res

  79. Marre B, Arnould A (2000) Test sequences generation from Lustre descriptions: GATeL. In: The 15th IEEE international conference on automated software engineering (ASE 2000). IEEE Computer Society, pp 229–237

  80. MathWorks. Polyspace. http://www.mathworks.com/products/polyspace

  81. Meyer B (1997) Object-oriented software construction. Prentice Hall, New Jersey

    MATH  Google Scholar 

  82. Miné Antoine (2012) Static analysis of run-time errors in embedded real-time parallel c programs. Log Methods Comput Sci 8(1): –

  83. Marché C, Moy Y (2012) The Jessie plug-in for deduction verification: In: Frama-C, version 2.30. INRIA, 2012. http://krakatoa.lri.fr/jessie.pd.

  84. Mauborgne L, Rival X (2005) Trace partitioning in abstract interpretation based static analyzers. In: Sagiv M (ed) European symposium on programming (ESOP’05), volume 3444 of lecture notes in computer science. Springer, pp 5–20

  85. Necula GC, Mcpeak S, Rahul SP, Weimer W (2002) CIL: intermediate language and tools for analysis and transformation of C programs. In: The international conference on compiler construction (CC 2002), volume 2304 of LNCS. Springer, pp 213–228

  86. Pratikakis P, Foster Jeffrey S, Hicks M (2011) Locksmith: practical static race detection for c. ACM Trans Program Lang Syst 33(1): 3

    Google Scholar 

  87. Pariente D, Ledinot E. Formal verification of industrial C code using Frama-C: a case study. In: FoVeOOS

  88. Pnueli A (1977) The temporal logic of programs. In: The 18th annual symposium on foundations of computer science (FOCS 1977). IEEE Computer Society, pp 46–57

  89. Randimbivololona F, Souyris J, Baudin P, Pacalet A, Raguideau J, Schoen D (1999) Applying formal proof techniques to avionics software: a pragmatic approach. In: The wold congress on formal methods in the development of computing systems (FM 1999), volume 1709 of LNCS. Springer, pp 1798–1815

  90. Rushby J (2005) An evidential tool bus. In: Formal methods and software engineering, ICFEM, volume 3785 of LNCS

  91. Smaragdakis Y, Csallner C (2007) Combining static and dynamic reasoning for bug detection. In: The first international conference on tests and proofs (TAP 2007), volume 4454 of LNCS. Springer, pp 1–16

  92. Signoles J, Correnson L, Prevosto V (2013) Frama-C plug-in development guide, April. http://frama-c.com/download/plug-in-developer.pdf

  93. Signoles J (2009) Foncteurs impératifs et composés: la notion de projet dans Frama-C. In: JFLA, volume 7.2 of Studia Informatica Universalis (in French)

  94. Signoles J (2013) E-ACSL: executable ANSI/ISO C specification language. Version 1.7 http://frama-c.com/download/e-acsl/e-acsl.pdf

  95. Signoles J (2014) Comment un chameau peut-il écrire un journal? In JFLA (in French)

  96. Stouls N, Prevosto V (2011) Aoraï plug-in tutorial, version Nitrogen-20111001, October 2011. http://frama-c.com/download/frama-c-aorai-manual.pdf

  97. Schimpf J, Shen K (2011) ECLiPSe - from LP to CLP. Theory Pract Log Program 12(1–2): 127–156

    MathSciNet  Google Scholar 

  98. Tschannen J, Furia CA Nordio M, Meyer B (2011) Usable verification of object-oriented programs by combining static and dynamic techniques. In: The 9th international conference on software engineering and formal methods (SEFM 2011)

  99. Wikipedia. Dining philosophers problem. http://en.wikipedia.org/wiki/Dining_philosophers_problem

  100. Williams N, Marre B, Mouy P, Roger M (2005) PathCrawler: automatic generation of path tests by combining static and dynamic analysis. In: The 5th European dependable computing conference on dependable computing (EDCC 2005), volume 3463 of LNCS, Springer, pp 281–292

Download references

Author information

Authors and Affiliations

  1. CEA, LIST, Software Reliability Laboratory, F-91191, Gif-sur-Yvette, France

    Florent Kirchner, Nikolai Kosmatov, Virgile Prevosto, Julien Signoles & Boris Yakobowski

Authors
  1. Florent Kirchner
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nikolai Kosmatov
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Virgile Prevosto
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Julien Signoles
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Boris Yakobowski
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Boris Yakobowski.

Additional information

George Eleftherakis, Mike Hinchey, and Michael Butler

This work was partly supported by ANR projects U3CAT and Veridyc, FUI9 project Hi-Lite, and FP7 project STANCE. An earlier version of this work was presented at the conference SEFM 2012.

With Patrick Baudin, François Bobot, Richard Bonichon, Bernard Botella, Omar Chebaro, Loïc Correnson, Pascal Cuoq, Zaynah Dargaye, Philippe Herrmann, Matthieu Lemerre, Claude Marché, Benjamin Monate, Yannick Moy, Anne Pacalet, Armand Puccetti, Muriel Roger, Nicolas Stouls and Nicky Williams.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kirchner, F., Kosmatov, N., Prevosto, V. et al. Frama-C: A software analysis perspective. Form Asp Comp 27, 573–609 (2015). https://doi.org/10.1007/s00165-014-0326-7

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00165-014-0326-7

Keywords

Search

Navigation