An integrated environment for Spin-based C code checking Towards bringing model-driven code checking closer to practitioners

Model-driven code checking (MDCC) has been successfully used for the verification of functional requirements of C code. An environment model that describes the context, which a program is expected to run in, is defined in Promela, translated to a model checker program by Spin, and linked with the pr...

Full description

Saved in:
Bibliographic Details
Published in:International journal on software tools for technology transfer Vol. 21; no. 3; pp. 267 - 286
Main Authors: Ratiu, Daniel, Ulrich, Andreas
Format: Journal Article
Language:English
Published: Berlin/Heidelberg Springer Berlin Heidelberg 01.06.2019
Subjects:
Computer Science
Software Engineering
Software Engineering/Programming and Operating Systems
Spin 2017
Theory of Computation
Model checking
Domain-specific languages
Code sanitizers
Testing
Code verification
ISSN:1433-2779, 1433-2787
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Model-driven code checking (MDCC) has been successfully used for the verification of functional requirements of C code. An environment model that describes the context, which a program is expected to run in, is defined in Promela, translated to a model checker program by Spin, and linked with the program acting as system under verification. In this article, we summarise the practical advantages of MDCC which motivate its use in an industrial setting and discuss the challenges to its broader adoption. Environment models exhibit heavily intertwined Promela and C code statements, which make them hard to write and understand. We propose a high-level language for verification harness definition which hides the Spin engine under the hood. A small number of language concepts is sufficient to define verification harnesses for commonly encountered C programs. Widening the scope of the approach, we provide means to verify programs that exhibit internal state and extend the set of checked properties beyond classical assertions to those checked by LLVM/Clang code sanitizers. Thus, a user can focus on finding the best solution to combine exhaustive exploration of the environment with testing strategies. Our approach is prototypically integrated into mbeddr development platform. We present its instantiation on real-world code examples and discuss our experiences gained with the verification of software from the railway domain.
ISSN:1433-2779
1433-2787
DOI:10.1007/s10009-019-00510-w