Abstract
In this paper, the applicability of model checking to C code for embedded systems is studied. The paper is divided into two parts. In the first part, 13 existing model checkers for C code are detailed and evaluated for their applicability in the verification of C code for embedded systems. A case study is presented that applied CBMC as one representative C code model checker to an exemplary microcontroller program. As a consequence of this case study, we decided to develop a new model checker for source code for microcontrollers, called [mc]square. It is described in the second part of this paper. We present the architecture and the peculiarities of [mc]square, and we successfully applied [mc]square to the same microcontroller program used in the case study.
Similar content being viewed by others
References
Andrews, T., Qadeer, S., Rajamani, S.K., Rehof, J., Xie, Y.: Zing: A model checker for concurrent software. Tech. Rep. MSR-TR-2004-10, Microsoft Research (2004)
Ball, T., Kupferman, O., Yorsh, G.: Abstraction for falsification. Tech. Rep. MSR-TR-2005-50, Microsoft Research (2005)
Ball, T., Rajamani, S.: Boolean programs: A model and process for software analysis. Tech. Rep. 2000-14, Microsoft Research (2000)
Ball, T., Rajamani, S.K.: Bebop: A symbolic model checker for boolean programs. In: Proceedings of the 7th International SPIN Workshop SPIN Model Checking and Software Verification. Lecture Notes In Computer Science, vol. 1885, pp. 113–130. Springer, Berlin (2000)
Ball, T., Rajamani, S.K.: Automatically validating temporal safety properties of interfaces. In: SPIN 2001, Workshop on Model Checking of Software, Lecture Notes in Computer Science, vol. 2057, pp. 103–122 (2001)
Ball, T., Rajamani, S.K.: The SLAM toolkit. In: CAV’01, Lecture Notes in Computer Science, vol. 2102. Paris, France (2001)
Berard B., Bidoit M., Finkel A., Laroussinie F., Petit A., Petrucci L., Schnoebelen P.: Systems and Software Verification: Model Checking Techniques and Tools. Springer, Berlin (2001)
Chaki S., Clarke E., Groce A., Jha S., Veith H.: Modular verification of software components in C. Trans. Softw. Eng. (TSE) 30(6), 388–402 (2004)
Chaki S., Clarke E., Groce A., Ouaknine J., Strichman O., Yorav K.: Efficient verification of sequential and concurrent C programs. Formal Methods Syst. Des. (FMSD) 25(2–3), 129–166 (2004)
Chen, H., Wagner, D.: MOPS: an infrastructure for examining security properties of software. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS), ACM, pp. 235–244 (2002)
Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement. In: Computer Aided Verification, pp. 154–169 (1998)
Clarke E., Kroening D., Lerda F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds) Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2004). Lecture Notes in Computer Science, vol. 2988, pp. 168–176. Springer, Berlin (2004)
Clarke E., Kroening D., Sharygina N., Yorav K.: Predicate abstraction of ANSI–C programs using SAT. Formal Methods Syst. Des. (FMSD) 25, 105–127 (2004)
Clarke, E., Kroening, D., Sharygina, N., Yorav, K.: Satabs: Sat-based predicate abstraction for ANSI-C. In: Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2005). Lecture Notes in Computer Science, vol. 3440, pp. 570–574. Springer, Berlin (2005)
Clarke E.M., Grumberg O., Peled D.A.: Model Checking. The MIT Press, Cambridge (1999)
Colon, M., Uribe, T.: Generating finite-state abstractions of reactive systems using decision procedures. In: Computer Aided Verification, pp. 293–304 (1998)
Ganai, M.K., Gupta, A., Ashar, P.: DiVer: SAT-based model checking platform for verifying large scale systems. In: TACAS, Lecture Notes in Computer Science, vol. 3440, pp. 575–580. Springer, Berlin (2005)
Graf, S., Saidi, H.: Construction of abstract state graphs with PVS. In: Proc. 9th International Conference on Computer Aided Verification (CAV’97), vol. 1254, pp. 72–83 (1997)
Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: ACM SIGPLAN-SIGACT Conference on Principles of Programming Languages (POPL), ACM, pp. 58–70 (2002)
Herberich, G., Noll, T., Schlich, B., Weise, C.: Proving correctness of an efficient abstraction for interrupt handling. In: Proceedings of the 3rd Internaitonal Workshop Systems Software Verification (SSV 08). Electronic Notes in Theoretical Computer Science. Elsevier, Amsterdam (2008, to appear)
Holzmann G.J.: The Spin Model Checker: Primer and Reference Manual. Addison-Wesley Professional, Reading (2004)
Holzmann, G.J., Smith, M.H.: Software model checking: Extracting verification models from source code. In: Formal Methods for Protocol Engineering and Distributed Systems (FORTE/PSTV99), pp. 481–497 (1999)
Ivanicic, F., Shlyakhter, I., Gupta, A., Ganai, M.K.: Model checking C programs using F-Soft. In: Proceedings of the 2005 International Conference on Computer Design (ICCD ’05), pp. 297–308. IEEE Computer Society (2005). doi:10.1109/ICCD.2005.77
Keller, C.W., Saha, D., Basu, S., Smolka, S.A.: FocusCheck: A tool for model checking and debugging sequential C programs. In: Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2005), Lecture Notes in Computer Science, vol. 3440, pp. 563–569. Springer, Berlin (2005)
Larsen, K.G., Larsson, F., Pettersson, P., Yi, W.: Efficient verification of real-time systems: Compact data structure and state-space reduction. In: Proceedings of the 18th IEEE Real-Time Systems Symposium (RTSS ’97), pp. 14–24. IEEE, Washington, DC, USA (1997)
Larsen, K.G., Pettersson, P.: Timed and hybrid systems in UPPAAL2k (2000). Presentation at MOVEP 2000
Leven, P., Mehler, T., Edelkamp, S.: Directed error detection in C++ with the assembly-level model checker StEAM. In: Model Checking Software (SPIN), pp. 39–56 (2004)
McMillan, K.L.: Symbolic model checking—an approach to the state explosion problem. Ph.D. thesis, SCS, Carnegie Mellon University (1992)
Mehler, T., Leven, P.: Introduction to StEAM - an assembly-level software model checker. Tech. Rep. 193, University of Dortmund and University of Freiburg (2003)
Mercer, E., Jones, M.: Model checking machine code with the GNU debugger. In: Proceedings of the 12th International SPIN Workshop. Lecture Notes in Computer Science, vol. 3639, pp. 251–265. Springer, Berlin (2005)
Necula, G.C., McPeak, S., Rahul, S.P., Weimer, W.: CIL: Intermediate language and tools for analysis and transformation of C programs. In: Proceedings of the 11th International Conference on Compiler Construction (CC ’02). Lecture Notes In Computer Science, vol. 2304, pp. 213–228. Springer, Berlin (2002)
Noll, T., Schlich, B.: Delayed nondeterminism in model checking embedded systems assembly code. In: Proceedings of the 3rd International Haifa Verification Conference (HVC 2007). Lecture Notes in Computer Science, vol. 4899, pp. 185–201. Springer, Berlin (2008). doi:10.1007/978-3-540-77966-7_16
Rohrbach, M.: An approach for model checking embedded systems software. Diploma thesis, RWTH Aachen University (2006)
Schlich, B., Kowalewski, S.: C model checking: A survey. Tech. Rep. RWTH-I11-2005-2, Embedded Software Laboratory, RWTH Aachen University (2005)
Schlich, B., Kowalewski, S.: Model checking C source code for embedded systems. In: Margaria, T., Steffen, B., Hinchey, M.G. (eds.) Proceedings of the IEEE/NASA Workshop Leveraging Applications of Formal Methods, Verification, and Validation (IEEE/NASA ISoLA 2005), pp. 65–77. NASA, Maryland, USA (2005). NASA/CP-2005-212788
Schlich, B., Kowalewski, S.: [mc]square: A model checker for microcontroller code. In: Margaria, T., Philippou, A., Steffen, B. (eds.) Proceedings of the 2nd International Symposium on Leveraging Applications of Formal Methods, Verification and Validation (IEEE-ISoLA 2006). IEEE Computer Society (2006)
Schlich, B., Kowalewski, S.: An extendable architecture for model checking hardware-specific automotive microcontroller code. In: Schnieder, E., Tarnai, G. (eds.) Proceedings of the 6th Symposiuum on Formal Methods for Automation and Safety in Railway and Automotive Systems (FORMS/FORMAT 2007), pp. 202–212. GZVB, Braunschweig, Germany (2007)
Schlich, B., Löll, J., Kowalewski, S.: Application of static analyses for state space reduction to microcontroller assembly code. In: Proceedings of the 12th International Workshop Formal Methods for Industrial Critical Systems (FMICS 2007). Lecture Notes in Computer Science, vol. 4916. Springer, Berlin (2008)
Schlich, B., Rohrbach, M., Weber, M., Kowalewski, S.: Model checking software for microcontrollers. Tech. Rep. AIB-2006-11 RWTH Aachen University (2006). http://aib.informatik.rwth-aachen.de/2006/2006-11.pdf
Schlich, B., Salewski, F., Kowalewski, S.: Applying model checking to an automotive microcontroller application. In: Proceedings of the IEEE 2nd International Symposium on Industrial Embedded Systems (SIES 2007), pp. 209–216. IEEE (2007). doi:10.1109/SIES.2007.4297337
Schwoon, S.: Model-checking pushdown systems. Ph.D. thesis, TU Munich (2002)
Titzer, B.L.: Avrora: The AVR simulation and analysis framework. Master’s thesis, University of California, Los Angeles (2004)
Titzer, B.L., Lee, D.K., Palsberg, J.: Avrora: Scalable sensor network simulation with precise timing. In: Proceedings of the 4th Internatianal Conference on Information Processing in Sensor Networks (IPSN’05) (2005)
Weißenbacher, G.: An abstraction/refinement scheme for model checking C programs. Master’s thesis, Institut für Softwaretechnologie der Technischen Universität Graz (2003). http://prdownloads.sourceforge.net/boop/thesis.ps.gz?download
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Schlich, B., Kowalewski, S. Model checking C source code for embedded systems. Int J Softw Tools Technol Transfer 11, 187–202 (2009). https://doi.org/10.1007/s10009-009-0106-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10009-009-0106-5