Automated creation of verification models for C-programs

Yury YusupovSaint-Petersburg State Polytechnic

University

The Second Spring Young Researchers Colloquium on Software Engineering

Saint-PetersburgMay 29-30

2008

Prof. Vsevolod KotlyarovMotorola Software Center

SYRCoSE 2008 2

IntroductionProblems, goals, and solution

One of the features of modern design – software component reuse

Problems: how to reuse legacy code?

Goals: to quickly understand legacy components for their reuse in a new product

Solution: apply verification technologies Automatic modeling of a legacy component at a higher abstraction level Formal verification of model properties

SYRCoSE 2008 3

Verification process

Requirements Implementation

Formalization:Analysis of program or requirements

and creation of model in formal language

System properties

Verification:Searching inconsistencies

and checking system properties

System model

Program system

Verdict: the system does or does not meet its requirements

SYRCoSE 2008 4

Types of errors found with verification

Documentation inconsistencies – typos, missing or incorrectreferences, absence of definitions, etc.

Transition inconsistency (non-determinism) – non-deterministic behavior.

Safety violations – prohibited events may happen, security violation(unauthorized usage of a system) is a particular case.

Deadlocks – incomplete specifications.

Unreachability – unreachable (never used) system states.

Certain run-time errors – like an uninitialized attribute usage or out ofbounds error – lists overflow, incorrect array indexing, enumerated typeoverflow.

SYRCoSE 2008 5

VRS-based verification process

System basicprotocols

VRS

reqs

formalization

Behaviorproperties

verdict

verification

correction

Behavior formal model in form of

System can be presented with requirements, source program code, or UML model

SYRCoSE 2008 6

Basic protocol –a simple MSC diagram, which specifies:

pre-condition - the state of the system where the system shall perform some activity

process part - the activity itself (transmission of a message or performance of an action)

post-condition - the state of the system after the activity is performed

pre-condition

post-condition

process part

message

action

SYRCoSE 2008 7

Goal of the work

Reqs semi-automatic basicprotocols

formalization

UML

C-program

automatic

Source systemrepresentation

Behavior formal model in form of

basicprotocols

basicprotocols

manual

Problem: high efforts for manual formalization of source codeGoal: reduce manual efforts through automation

SYRCoSE 2008 8

Proposed solutionKlocwork™ as a tool for formalization

Static analysis– Control flow visualization– Graphical view of a program structure– …

Automated analysis of C, C++, and Java source code – checkers– Detect a wide variety of code defects and security vulnerabilities– Klocwork™ allows to write additional C and C++ code checkers– 2 application programming interfaces (API)

• Code style analysis (AST – Abstract Syntax Tree)• Control and data flow (MIR – Medium-level Intermediate Representation)

Klocwork provides automated source code analysis and creation of intermediate views of code

SYRCoSE 2008 9

Klocwork™ extensibility featureDefect detection with checkers

defects

config

enable/disable

custom defectcustom checker

Source code

defects are reported

source file is analyzed,defects are detected

Klocwork™

Klocwork + custom checker = instrument for C code analysis and translation into basic protocols

SYRCoSE 2008 10

Custom checker: realization

Tree traversal module

Nodes handling module:- expression- function call- if-then-else- for- while- switch-case- …

Basic protocols

Pre-condition

Processpart

Post-condition

Abstract Syntax Tree

Klocworkinterface

Checkerinterface

Source code

Code analysis and

AST creation

Module of basic protocol

generation

SYRCoSE 2008 11

The autoformalization featurebased on Klocwork™ toolset

BPX (Basic Protocol eXtractor)– plug-in for Klocwork in form of DLL (dynamically loaded library)– ~3.1 KLOC in C

Input data– Abstract Syntax Trees of source files

Output data– Basic protocols in MSC-PR (Phrase Representation) format

• Reflect usage and change of variables• Reflect function calls• Preserve program control flow• Represent program semantics• Preserve the project structure

Automatic extraction of basic protocols from Klocwork AST

SYRCoSE 2008 12

Simple example

…int function() { int a,b,c; c = 3; if ( c>5 ) {a = 1; } b = a; return 0;} …

Basic protocols automatically extracted from a C-code

SYRCoSE 2008 13

Verification of C-programswith extended VRS technology

Cprogram

VRS

reqs

formalization

Behaviorproperties

verdict

verification

correction

Behavior formal model in form of

BPXKlocWork™basicprotocols

SYRCoSE 2008 14

Creation of multilevel models and architecture recovering

… … … … …

Forward engineering Reverse engineering

Function level

File level

System

High-levelsystem model

Source codemodule level

SYRCoSE 2008 15

First experiment results for C-projects

Size of project source code

Tim

e

Man

ual

ap

pro

ach

small medium large1x

10x

Automatic approach

Decreasing:– formalization time– manual efforts– errors in program model

(human factor)

Simplifying:– program logic understanding– verification process

Formalization time reduction ~10x vs manual formalization

SYRCoSE 2008 16

Further work

Verification of large C-projects with VRS technology– Investigating the scalability limits– Creation multilevel behavior models

• Generation of multilevel behavior scenarios

Adaptation to Java code– Reusing AST traversal and basic protocol generation algorithms

for JAVA checker creation

SYRCoSE 2008 17

THANK YOU

Q&A