CN106294148B - C programmer software verification method and device based on escape character transition system - Google Patents

Abstract

The present invention provides a kind of C programmer software verification methods and device based on escape character transition system.This method comprises: being inserted into verifying attribute description to object C programmer source code to be measured；System ELTS syntactic constructs ELTS procedural model is changed according to the symbol of extension to the C programmer source code of insertion verifying attribute；According to the ELTS procedural model, the model path of satisfiability solving SMT is generated；The analysis and verifying of accessibility are carried out to the ELTS procedural model model path using SMT tool；ELTS procedural model counter-example is generated according to approachability analysis and the result of verifying, is mapped according to the ELTS procedural model counter-example and generates C programmer counter-example.ELTS procedural model is established in automation of the embodiment of the present invention, binding model detection and stringent mathematical reasoning are verified result, have the characteristics that accuracy rate is higher, program coverage rate is more preferable compared to other forms method, improves the efficiency and accuracy of software verification.

Description

C programmer software verification method and device based on escape character transition system

Technical field

The present invention relates to field of computer technology, and in particular to a kind of C programmer based on escape character transition system Software verification method and device.

Background technique

Software test is to guarantee an important means of software systems correctness, it by run selected test case come It was found that the mistake in software, and so that the quality of software is reached requirement by correcting mistake.Traditional software test can only pass through survey The structure problem of example on probation passively test software, cannot directly analyze software configuration.And traditional test method Artificial, the semi-artificial method mainly used, heavy workload, test period is long, is easy to appear omission, and effectiveness is low.

Software verification use form verification technique is planted in stringent mathematics and logic, to the correctness for guaranteeing software It is had a very important significance with reliability.It than more typical technology is model inspection in formal Verification Techniques.Model inspection It is a kind of algorithmic method about property of system verifying, it detects a given calculating by the method for state space search Whether model meets some specific character indicated with temporal logic formula.The advantages of model inspection technology is the degree of automation It is higher, it does not need user and grasps a large amount of logic knowledge, but since software is related to the operation on infinite data field, so state Explosion issues are very prominent, it has also become model inspection is applied to a challenging problem of software systems.

It proposes and embedded software is modeled in the prior art using finite state machine, use SMV language description shape State machine model, and verified by state machine model of the symbolic model checking tool SMV to SMV language description.However the party Method needs manually to be modeled using finite state machine, the not automatic building of implementation model.

The software testing validating method based on reachability tree analysis method in Petri network is proposed in the prior art.This method It needs manually to carry out pitching pile to measurand key point, program structure piecemeal is modeled further according to pitching pile information, finally combines, obtains To the Petri net model of entire program.This method provides a kind of automanual modeling methods, do not avoid procedural model still Artificial participation in establishment process.

In existing software verification method, have the disadvantage that

(1) procedural model can not construct automatically according to program source code, need manually to understand code, and complete to model；

(2) verifying of procedural model can not be automatically performed, and need manually to participate in specific authentication condition；

(3) efficiency and accuracy rate of software verification are to be improved；

(4) the inadequate specification of procedural model syntactic structure design is perfect, and be beyond expression complete Program Semantics.

Summary of the invention

The embodiment of the present invention provides a kind of C programmer software verification method and dress based on escape character transition system Set, for solve existing software verification method need manually to understand code, construction procedures model and influence the effect of software verification The problem of rate and accuracy.

The embodiment of the invention provides a kind of C programmer software verification method based on escape character transition system, packets It includes:

Verifying attribute description is inserted into object C programmer source code to be measured；

System ELTS syntactic constructs ELTS is changed according to the symbol of extension to the C programmer source code of insertion verifying attribute Procedural model；

According to the ELTS procedural model, the model path of satisfiability solving SMT is generated；

The analysis and verifying of accessibility are carried out to the ELTS procedural model model path using SMT tool；

ELTS procedural model counter-example is generated according to approachability analysis and the result of verifying, it is anti-according to the ELTS procedural model Example mapping generates C programmer counter-example.

Optionally, described includes: according to verifying demand to object C programmer source code to be measured insertion verifying attribute description First function, second function, third function and the 4th function are inserted into the C voice program source code；

The first function, for describe a uncertain variate-value, the return value of the first function be one not Determining value；

The second function, for describing one it is assumed that program can just continue to execute when default expression formula is true；

The third function, if program goes to the errors present, has invoked described for describing an errors present Third function, then read-me malfunctions；

4th function is asserted, the attribute of the expression formula representation program asserted for describing one, if described disconnected The expression formula of speech is very that then program is errorless, if the expression formula asserted is false, program error；

Wherein, the 4th function is based on the first function and preset condition sentence is realized.

Optionally, the C programmer source code of described pair of insertion verifying attribute changes system ELTS according to the symbol of extension Syntactic constructs ELTS procedural model, comprising:

C programmer source code is parsed using compiler, obtains intermediate language program；

The intermediate language program is optimized, the temporary variable of the intermediate language program is deleted, is merged in described Between LISP program LISP code block；

The intermediate language program structure is generated into ELTS procedural model.

Optionally, the ELTS procedural model includes:

ELTS system, ELTS module, ELTS variable, the position ELTS, ELTS transition and ELTS instruction；

Wherein, the ELTS system corresponds to object C programmer source code to be measured；

The ELTS module corresponds to the function in C programmer source code；

The ELTS variable corresponds to the variable in C programmer source code；

The position ELTS corresponds to the lines of code in C programmer source code；

The ELTS transition represent the transition from the first position ELTS to the 2nd position ELTS；

The ELTS instruction corresponds to the line statement in C programmer source code；

The ELTS transition include that at least one ELTS is instructed.

Optionally, described that the intermediate language program is optimized, the temporary variable of the intermediate language program is deleted, Merge the code block of the intermediate language program, comprising:

Function call in the intermediate language program is merged into the main letter of intermediate language program by the way of inline In number；

By the linear conditional statement of loop unrolling in the intermediate language program by the way of limited times expansion；

The code block for there are multiple successor blocks in the intermediate language program is split as first child code block and second filial generation Code block, wherein first sub- code block is for storing program instruction all in the code block and jumping to second son Code block, the second filial generation code block is for jumping to successor block and not storing any program instruction；

The multiple code blocks for not having branch in the intermediate language program are merged into a code block combination；

It deletes in the intermediate language program in structure from the inaccessible code block of program initial position；

Delete the temporary variable in the intermediate language program.

Optionally, include: by intermediate language program structure generation ELTS procedural model

By the function in the intermediate language program, it is successively converted into ELTS module；

Code block in the intermediate language program is converted into ELTS transition；

Conditional jump instructions in the intermediate language program are converted into the precondition expression formula in ELTS transition；

Ordinary instruction in the intermediate language program is converted into ELTS instruction, the ordinary instruction includes arithmetic fortune It calculates, type conversion, comparison operation, bit arithmetic；

Attribute function calling in the intermediate language program is converted into including precondition expression formula and default ELTS The transition of position.

Optionally, according to the ELTS procedural model, the model path of satisfiability solving SMT is generated, comprising:

Delete the inaccessible position of structure in the ELTS procedural model；

Depth-first traversal is carried out to the ELTS procedural model, the transition in the ELTS procedural model are converted into SMT expression formula；

Tool is solved by SMT, satisfiability solving is carried out to the SMT expression formula, generate the SMT of satisfiability solving Model path.

Optionally, depth-first traversal is carried out to the ELTS procedural model, by the transition in the ELTS procedural model It is converted into SMT expression formula, comprising:

Standardize to the ELTS instruction in the ELTS procedural model, makes all ELTS instruction in ELTS transition Lvalue only occurs once, and is replaced to its r value；

The ELTS variable that each ELTS is changed changes position in the paths according to ELTS and increases number mark, for marking Bright ELTS variable different value contained in different transition；

By the number mark reconstruct ELTS sentence of ELTS transition ELTS variable according to contained by it by standardization, for the I ELTS transition, the lvalue of all ELTS sentences have number mark i, and r value is the ELTS using i-1 for number mark The expression formula that variable is constituted；

By all ELTS variables in ELTS system, its corresponding SMT variable is stated；

By the path each ELTS, corresponding SMT expression formula is successively constructed；

By ELTS change in each ELTS sentence, be converted into corresponding SMT expression statement；

ELTS all on one path ELTS are changed to the SMT expression formula conjunction converted, obtain ultimately corresponding to this The SMT expression formula in the path ELTS；

Wherein, i is the integer greater than 1.

The embodiment of the invention provides a kind of C programmer software verification device based on escape character transition system, packets It includes:

It verifies attribute description and is inserted into unit, for being inserted into verifying attribute description to object C programmer source code to be measured；

ELTS procedural model structural unit, for the C programmer source code to insertion verifying attribute according to the symbol of extension Number transition system ELTS syntactic constructs ELTS procedural model；

Model coordinates measurement unit, for generating the model road of satisfiability solving SMT according to the ELTS procedural model Diameter；

Authentication unit is analyzed, is divided for carrying out accessibility to the ELTS procedural model model path by SMT tool Analysis and verifying；

Program counter-example generation unit, for generating ELTS procedural model counter-example according to the result of approachability analysis and verifying, It is mapped according to the ELTS procedural model counter-example and generates C programmer counter-example.

C programmer software verification method and device provided in an embodiment of the present invention based on escape character transition system, It is proposed a kind of stringent software verification formalization method, ELTS procedural model is established in automation, binding model detection and stringent Mathematical reasoning is verified as a result, having the characteristics that accuracy rate is higher, program coverage rate is more preferable compared to other forms method； All variables in program, sentence, structure are automatically modeled, and procedural model is automatically verified, without artificial ginseng With solve the problems, such as that model foundation and verifying are difficult during software verification, improve the efficiency and accuracy of software verification.

Detailed description of the invention

In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is the present invention Some embodiments for those of ordinary skill in the art without creative efforts, can also basis These attached drawings obtain other attached drawings.

Fig. 1 is the stream of C programmer software verification method of the one embodiment of the invention based on escape character transition system Journey schematic diagram；

Fig. 2 is the C programmer software verification device based on escape character transition system of one embodiment of the invention Structural schematic diagram；

Fig. 3 shows C programmer software verification method of the one embodiment of the invention based on escape character transition system Schematic diagram.

Specific embodiment

In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, the technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.

Fig. 1 is the C programmer software verification method based on escape character transition system of one embodiment of the invention Flow diagram.As shown in Figure 1, should include: based on the C programmer software verification method of escape character transition system

S11: verifying attribute description is inserted into object C programmer source code to be measured；

S12: system ELTS syntactic constructs are changed according to the symbol of extension to the C programmer source code of insertion verifying attribute ELTS procedural model；

S13: according to the ELTS procedural model, satisfiability solving (Satisfiability Modulo is generated Theories, SMT) model path；

S14: the analysis and verifying of accessibility are carried out to the ELTS procedural model model path using SMT tool；

S15: ELTS procedural model counter-example is generated according to approachability analysis and the result of verifying, according to the ELTS program mould The mapping of type counter-example generates C programmer counter-example.

It should be noted that the symbol of the extension of design of the embodiment of the present invention changes system (Extended Labeled Transition System, ELTS) language both had the syntactic structure of formal semantics, it is specially devised also facing software verification Dependent parser unit, suitable for describing general procedural model.

The C programmer software verification method based on escape character transition system of the embodiment of the present invention proposes a kind of tight ELTS procedural model is established in the software verification formalization method of lattice, automation, and binding model detection and stringent mathematical reasoning obtain To verification result, have the characteristics that accuracy rate is higher, program coverage rate is more preferable compared to other forms method；To in program All variables, sentence, structure are automatically modeled, and are automatically verified to procedural model, participate in, solve soft without artificial The problem of model foundation and verifying difficulty, improves the efficiency and accuracy of software verification in part verification process.

It is described that object C programmer source code to be measured is inserted in a kind of preferred embodiment of the embodiment of the present invention Enter to verify attribute description include: be inserted into the C voice program source code according to verifying demand first function, second function, Third function and the 4th function；

The first function, for describe a uncertain variate-value, the return value of the first function be one not Determining value；

The second function, for describing one it is assumed that program can just continue to execute when default expression formula is true；

The third function, if program goes to the errors present, has invoked described for describing an errors present Third function, then read-me malfunctions；

4th function is asserted, the attribute of the expression formula representation program asserted for describing one, if described disconnected The expression formula of speech is very that then program is errorless, if the expression formula asserted is false, program error；

Wherein, the 4th function is based on the first function and preset condition sentence is realized.

In practical applications, the embodiment of the present invention needs user to provide verifying attribute description to carry out to C programmer Verifying.Verifying attribute description relies primarily on four kinds of functions that the present invention designs and completes, and the comprehensive of above four kinds of described functions uses, The verifying attribute description of one C programmer can be understood, convenient for present invention verifying.

The syntactic description for verifying attribute is as follows:

First function: _ _ VERIFIER_nondet_TYPE () describes a uncertain variate-value, the return of the function Value is the uncertain value of " TYPE " type, and " TYPE " here should be specifically changed to when in use such as " int ", " float " Etc. variable fundamental type in C languages；

Second function: _ _ VERIFIER_nondet_assume (expression), description one is it is assumed that for illustrating only When to have expression be true, program can just be continued to execute, and be often used for reducing the verifying range of program；

Third function: _ _ VERIFIER_nondet_error () describes an errors present, if program goes to this In, have invoked the function, read-me error；

4th function: _ _ VERIFIER_nondet_assert (expression) describes one and asserts, the table asserted The attribute of program is often referred to as up to formula expression, if expression is very, program is errorless, if Expression is vacation, then program malfunctions, and _ _ VERIFIER_nondet_assert is often based upon _ _ VERIFIER_nondet_ Error is realized.

Due to that, there is no this built-in class function, can make calling program that can not compile if being individually added into function in C language standard, So the present invention also provides the realizations of the C language of this class function；Realization when in use, need to only be copied to the C to be verified by user Above language file, so that it may which normal compilation is verified.

For example, the realization code of four kinds of functions is as follows:

// here by taking " double " as an example

double__VERIFIER_nondet_double()

{double val；return val；}

extern void__VERIFIER_error()；

void__VERIFIER_assert(int e)

{if(！e){__VERIFIER_error()；}return；}

void__VERIFIER_assume(int e)

{if(！e){LOOP:goto LOOP；}return；}

// it is here inserted into the function body for verifying attribute description

double__VERIFIER_nondet_double()

{double val；return val；}

extern void__VERIFIER_error()；

void__VERIFIER_assert(int e)

{if(！e){__VERIFIER_error()；}return；}

void__VERIFIER_assume(int e)

{if(！e){LOOP:goto LOOP；}return；}

// insert the original program for verifying attribute description

#define RATE 0.1

double foo(int a){return a*RATE；}

double bar(int a){return a/RATE；}

int main(){

int nm；

_ _ VERIFIER_assume (nm==15)；

Double r1=foo (bar (nm))；//15.0

Double r2=bar (foo (nm))；//10.0

Double r3=foo (bar (nm))；//15.0

Double r4=__VERIFIER_nondet_double ()；

_ _ VERIFIER_assert (r1==nm)；//safe

__VERIFIER_assert(r1！=r2)；//safe

_ _ VERIFIER_assert (r1==r3)；//safe

_ _ VERIFIER_assert (r4==r4)；//unsafe

return 0；

}

In the above example, " _ _ VERIFIER_assume (nm==15) " of variable " nm " is described so that " nm " Value is considered as " 15 " in the verification；" _ _ VERIFIER_nondet_double () " has been used to the initial value of variable " r4 " Description, so that " r4 " is provided with the uncertain value that a type is " double "；Four last " _ _ VERIFIER_assert " It is then the attribute to be verified of program.

Further, the C programmer source code of described pair of insertion verifying attribute changes system according to the symbol of extension ELTS syntactic constructs ELTS procedural model, comprising:

C programmer source code is parsed using compiler, obtains intermediate language program；

The intermediate language program is optimized, the temporary variable of the intermediate language program is deleted, is merged in described Between LISP program LISP code block；

The intermediate language program structure is generated into ELTS procedural model.

It should be noted that parsing to C programmer source code using LLVM clang compiler, LLVM is obtained IR intermediate language program.For example, for a C language file f oo.c, it is right that its can be obtained using following command-line language The LLVM IR intermediate language program answered:

clang-emit-llvm-g-S–w foo.c

Further, the ELTS procedural model includes:

ELTS system, ELTS module, ELTS variable, the position ELTS, ELTS transition and ELTS instruction；

Wherein, the ELTS system corresponds to object C programmer source code to be measured；

The ELTS module corresponds to the function in C programmer source code；

The ELTS variable corresponds to the variable in C programmer source code；

The position ELTS corresponds to the lines of code in C programmer source code；

The ELTS transition represent the transition from the first position ELTS to the 2nd position ELTS；

The ELTS instruction corresponds to the line statement in C programmer source code；

The ELTS transition include that at least one ELTS is instructed.

It should be noted that ELTS module corresponds to the function in the C programmer source code to be verified, just as C language There can be multiple functions such in program source code, 1 ELTS system there can be multiple ELTS modules；ELTS variable, which corresponds to, to be wanted The C programmer variable of verifying, type equally also include integer, floating type, array, structural body etc., all changes in C language Amount type has correspondence in ELTS；The position ELTS corresponds to the lines of code in the C programmer to be verified, for execution Code be marked, sort out, since ELTS can concentrate on lines of code in one ELTS transition, so the position of ELTS It is not necessarily continuous, it may be possible to inter-bank；ELTS transition correspond to a line or multirow language in the C programmer to be verified Sentence, then transition of the ELTS transition i.e. from a position ELTS to another position ELTS, correspond to phase in C programmer Answer the C language sentence between code line.

It will be appreciated that LLVM IR is a kind of language of opposite low layer, and defer to single static assignment principle (Single Static Assignment), can be in the mistake that C programmer source program is converted to LLVM IR intermediate language program More temporary variable and new program code block are introduced in journey, need to optimize LLVM IR.The target of optimizing phase is just Be delete temporary variable and consolidation procedure code block as much as possible so that LLVM IR when translating into ELTS can more quickly, Accurately.

Specifically, described that the intermediate language program is optimized, the temporary variable of the intermediate language program is deleted, Merge the code block of the intermediate language program, comprising:

Function call in the intermediate language program is merged into the main letter of intermediate language program by the way of inline In number；

By the linear conditional statement of loop unrolling in the intermediate language program by the way of limited times expansion；

By the code block for having multiple successor blocks in the intermediate language program, (such as CC condition code block is just there are two subsequent Block) it is split as first child code block and second filial generation code block, wherein first sub- code block is for storing institute in the code block Some program instructions and the second filial generation code block is jumped to, the second filial generation code block is for jumping to successor block and not depositing Store up any program instruction；

The multiple code blocks for not having branch in the intermediate language program are merged into a code block combination；

It deletes in the intermediate language program in structure from the inaccessible code block of program initial position；

Delete the temporary variable in the intermediate language program.

It should be noted that in structure in LLVM IR program from the inaccessible code block of program initial position, by it It deletes, is to save the expense that post transition is verified to ELTS and ELTS.For facing present in LLVM IR program code block Variations per hour is eliminated using the methods of macro-analysis, expression formula replacement, and the most common temporary variable is that transmitting expression formula The variable of operation result.

Specifically, include: by intermediate language program structure generation ELTS procedural model

By the function in the intermediate language program, it is successively converted into ELTS module；

Code block in the intermediate language program is converted into ELTS transition；

Conditional jump instructions in the intermediate language program are converted into the precondition expression formula in ELTS transition；

Ordinary instruction in the intermediate language program is converted into ELTS instruction, the ordinary instruction includes arithmetic fortune It calculates, type conversion, comparison operation, bit arithmetic；

Attribute function calling in the intermediate language program is converted into including precondition expression formula and default ELTS The transition of position.

Specifically, according to the ELTS procedural model, the model path of satisfiability solving SMT is generated, comprising:

Delete the inaccessible position of structure in the ELTS procedural model；

Depth-first traversal is carried out to the ELTS procedural model, the transition in the ELTS procedural model are converted into SMT expression formula；

Tool is solved by SMT, satisfiability solving is carried out to the SMT expression formula, generate the SMT of satisfiability solving Model path.

It will be appreciated that ELTS procedural model is considered as a kind of digraph after beta pruning, pass through depth-first traversal DFS can enumerate the ELTS procedural model path that each terminates from initial position to errors present.

Specifically, depth-first traversal is carried out to the ELTS procedural model, by the transition in the ELTS procedural model It is converted into SMT expression formula, comprising:

Standardize to the ELTS instruction in the ELTS procedural model, makes all ELTS instruction in ELTS transition Lvalue only occurs once, and is replaced to its r value；

The ELTS variable that each ELTS is changed changes position in the paths according to ELTS and increases number mark, for marking Bright ELTS variable different value contained in different transition；

By the number mark reconstruct ELTS sentence of ELTS transition ELTS variable according to contained by it by standardization, for the I ELTS transition, the lvalue of all ELTS sentences have number mark i, and r value is the ELTS using i-1 for number mark The expression formula that variable is constituted；

By all ELTS variables in ELTS system, its corresponding SMT variable is stated；

By the path each ELTS, corresponding SMT expression formula is successively constructed；

By ELTS change in each ELTS sentence, be converted into corresponding SMT expression statement；

ELTS all on one path ELTS are changed to the SMT expression formula conjunction converted, obtain ultimately corresponding to this The SMT expression formula in the path ELTS；

Wherein, i is the integer greater than 1.

Tool Z3 being solved using SMT, satisfiability solving being carried out to SMT expression formula, Z3 supports SMT file or SMT console Text is as input；The embodiment of the present invention starts the mode of Z3 by using console script input SMT expression formula text, backstage Real-time, interactive is carried out with Z3, obtains the satisfiability solving result of Z3.

The embodiment of the present invention carries out satisfiability solving for the SMT expression formula of every ELTS path configuration respectively, so that it may With determine the path this ELTS whether necessary being: if SMT expression formula can satisfy, illustrate there are the value of one group of variable, So that the errors present in the path ELTS is reachable, if SMT expression formula can not meet, illustrate that the errors present in the path ELTS can not It reaches；Comprehensive all paths ELTS there are situation it is concluded that whether program meets attribute: if from the entry position ELTS to All paths ELTS of errors present are unreachable, then illustrate that ELTS procedural model attribute meets, simply by the presence of a road ELTS Diameter is reachable, then illustrates that ELTS procedural model is unsatisfactory for attribute；If ELTS procedural model attribute meets, illustrate C programmer Attribute meets, if ELTS procedural model attribute is unsatisfactory for, illustrates that C programmer attribute is unsatisfactory for.

The embodiment of the present invention only work as C programmer attribute it is ungratified when namely SMT expression formula it is satiable when It waits, just needs to provide counter-example；For Z3 after determining that SMT expression formula can meet, can provide one can meet model, and indicate SMT table Up to the value of all variables occurred in formula, these variable-values will be used to construct ELTS procedural model counter-example, and then map back C The counter-example of LISP program LISP；The path ELTS of current solution is the path ELTS for needing to construct ELTS counter-example；For expiring for Z3 Sufficient model since SMT variable therein and ELTS variable are of the same name, therefore can determine each according to SMT variable name and its value The value of ELTS variable in ELTS transition.

For the path each ELTS, due in LLVM IR program code block and ELTS transition be it is one-to-one, LLVM IR variable name and the ELTS variable name for removing number mark be it is one-to-one, can be changed according to each ELTS in position The title set maps back the code block in LLVM IR program, and then obtains LLVM IR program counter-example path.

LLVM IR program can store Debugging message when generating by LLVM clang compiling, can according to these Debugging message To find code line, the variable of the corresponding C programmer of code block, variable of LLVM IR, then LLVM IR program counter-example road Diameter can obtain C programmer counter-example path according to the Debugging message in LLVM IR program.

Fig. 2 is the C programmer software verification device based on escape character transition system of one embodiment of the invention Structural schematic diagram.As shown in Fig. 2, should include that verifying belongs to based on the C programmer software verification device of escape character transition system Property description insertion unit 21, ELTS procedural model structural unit 22, model coordinates measurement unit 23, analysis authentication unit 24 and journey Sequence counter-example generation unit 25, specifically:

It verifies attribute description and is inserted into unit 21, for being inserted into verifying attribute description to object C programmer source code to be measured；

ELTS procedural model structural unit 22, for the C programmer source code to insertion verifying attribute according to extension Symbol changes system ELTS syntactic constructs ELTS procedural model；

Model coordinates measurement unit 23, for generating the model of satisfiability solving SMT according to the ELTS procedural model Path；

Authentication unit 24 is analyzed, for carrying out accessibility to the ELTS procedural model model path by SMT tool Analysis and verifying；

Program counter-example generation unit 25, it is anti-for generating ELTS procedural model according to the result of approachability analysis and verifying Example maps according to the ELTS procedural model counter-example and generates C programmer counter-example.

The C programmer software verification device based on escape character transition system of the embodiment of the present invention can be used for executing Above method embodiment, principle is similar with technical effect, and details are not described herein again.

Fig. 3 shows C programmer software verification method of the one embodiment of the invention based on escape character transition system Schematic diagram.As shown in figure 3, the C programmer software verification method based on escape character transition system of the embodiment of the present invention Include:

The first step submits measurand C programmer source code, user demand document, test environment document, and according to rule The formula that fixes is inserted into verifying attribute description to C programmer source code；

Second step is parsed, optimized and is built automatically to measurand C programmer source code according to verifying attribute description Mould, according to ELTS syntactic constructs ELTS procedural model: C programmer source code is converted into LLVM IR using LLVM clang Program；The expression of LLVM IR program intermediate language is optimized, is allowed to be more suitable for being transformed into ELTS procedural model；By LLVM IR ELTS procedural model is translated into the expression of program intermediate language；

When due to ELTS procedural model language design and the correspondence of C language, so the groundwork of translation process is exactly The transition of ELTS procedural model are constructed according to LLVM IR program code block, the dependent instruction in LLVM IR is translated into ELTS language Sentence.

Third step, the ELTS procedural model obtained according to second step generate the model path of SMT: to ELTS procedural model It optimizes, removes inaccessible state, by simple map analysis, can determine which state is the original state from program It is forever inaccessible to error condition, by can very effectively reduce ELTS program mould for these inaccessible state beta prunings forever The scale of type is convenient for subsequent verifying；Depth-first traversal is carried out to ELTS procedural model, enumerates ELTS procedural model road Diameter；SMT conversion is carried out to ELTS procedural model path；To each ELTS procedural model path enumerated, according to the language of SMT Method rule, translates into SMT sentence；

4th step carries out the analysis and verifying of accessibility using SMT tool to ELTS procedural model path；

The satisfiability of path SMT sentence is verified by SMT tool, so that it may determine the path whether necessary being； If path necessary being, prove that the path of errors present can be reached by having found one, to prove to deposit in C programmer In mistake.

5th step handles analysis and verification result, generates ELTS procedural model counter-example, ultimately generates C language journey Sequence counter-example: for the counter-example of SMT, mapping back ELTS procedural model counter-example, and it is anti-to re-map back the expression of LLVM IR program intermediate language Example, finally maps back C programmer counter-example.

The C voice program software verification method based on escape character transition system of the embodiment of the present invention, have has as follows Beneficial effect:

1) present invention proposes a kind of stringent software verification formalization method, binding model detection and stringent mathematical reasoning It is verified as a result, having the characteristics that accuracy rate is higher, program coverage rate is more preferable compared to other forms method；

2) present invention automatically models all variables in program, sentence, structure, and full-automatic to procedural model Verifying is not necessarily to artificial participation, solves the problems, such as model foundation and verifying difficulty during software verification.

3) present invention carries out analysis verifying using ELTS and SMT, designs perfect analysis theories around ELTS, and SMT function Powerful can be enriched, the defect of program can be largely avoided.

C programmer software verification method and device provided in an embodiment of the present invention based on escape character transition system, It is proposed a kind of stringent software verification formalization method, ELTS procedural model is established in automation, binding model detection and stringent Mathematical reasoning is verified as a result, having the characteristics that accuracy rate is higher, program coverage rate is more preferable compared to other forms method； All variables in program, sentence, structure are automatically modeled, and procedural model is automatically verified, without artificial ginseng With solve the problems, such as that model foundation and verifying are difficult during software verification, improve the efficiency and accuracy of software verification.

It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more, The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces The form of product.

The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.

It should be noted that the terms "include", "comprise" or its any other variant are intended to the packet of nonexcludability Contain, so that the process, method, article or equipment for including a series of elements not only includes those elements, but also including Other elements that are not explicitly listed, or further include for elements inherent to such a process, method, article, or device. In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including the element Process, method, article or equipment in there is also other identical elements.

In specification of the invention, numerous specific details are set forth.Although it is understood that the embodiment of the present invention can To practice without these specific details.In some instances, well known method, structure and skill is not been shown in detail Art, so as not to obscure the understanding of this specification.Similarly, it should be understood that disclose in order to simplify the present invention and helps to understand respectively One or more of a inventive aspect, in the above description of the exemplary embodiment of the present invention, each spy of the invention Sign is grouped together into a single embodiment, figure, or description thereof sometimes.However, should not be by the method solution of the disclosure Release is in reflect an intention that i.e. the claimed invention requires more than feature expressly recited in each claim More features.More precisely, as the following claims reflect, inventive aspect is less than single reality disclosed above Apply all features of example.Therefore, it then follows thus claims of specific embodiment are expressly incorporated in the specific embodiment, It is wherein each that the claims themselves are regarded as separate embodiments of the invention.

The above examples are only used to illustrate the technical scheme of the present invention, rather than its limitations；Although with reference to the foregoing embodiments Invention is explained in detail, those skilled in the art should understand that: it still can be to aforementioned each implementation Technical solution documented by example is modified or equivalent replacement of some of the technical features；And these are modified or replace It changes, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution.

Claims (8)

1. a kind of C programmer software verification method based on escape character transition system characterized by comprising

Verifying attribute description is inserted into object C programmer source code to be measured；

System ELTS syntactic constructs ELTS program is changed according to the symbol of extension to the C programmer source code of insertion verifying attribute Model；

According to the ELTS procedural model, the model path of satisfiability solving SMT is generated；

The analysis and verifying of accessibility are carried out to the ELTS procedural model model path using SMT tool；

ELTS procedural model counter-example is generated according to approachability analysis and the result of verifying, is reflected according to the ELTS procedural model counter-example It penetrates and generates C programmer counter-example；

The C programmer source code of described pair of insertion verifying attribute changes system ELTS syntactic constructs ELTS according to the symbol of extension Procedural model, comprising:

C programmer source code is parsed using compiler, obtains intermediate language program；

The intermediate language program is optimized, the temporary variable of the intermediate language program is deleted, merges the intermediate language Say the code block of program；

The intermediate language program structure is generated into ELTS procedural model.

2. the C programmer software verification method according to claim 1 based on escape character transition system, feature exist In described includes: according to verifying demand in the C language to object C programmer source code to be measured insertion verifying attribute description First function, second function, third function and the 4th function are inserted into program source code；

The first function, for describing a uncertain variate-value, the return value of the first function is one uncertain Value；

The second function, for describing one it is assumed that program can just continue to execute when default expression formula is true；

The third function has invoked the third if program goes to the errors present for describing an errors present Function, then read-me malfunctions；

4th function is asserted, the attribute of the expression formula representation program asserted for describing one, is asserted if described Expression formula is very that then program is errorless, if the expression formula asserted is false, program error；

Wherein, the 4th function is based on the first function and preset condition sentence is realized.

3. the C programmer software verification method according to claim 1 based on escape character transition system, feature exist In the ELTS procedural model includes:

ELTS system, ELTS module, ELTS variable, the position ELTS, ELTS transition and ELTS instruction；

Wherein, the ELTS system corresponds to object C programmer source code to be measured；

The ELTS module corresponds to the function in C programmer source code；

The ELTS variable corresponds to the variable in C programmer source code；

The position ELTS corresponds to the lines of code in C programmer source code；

The ELTS transition represent the transition from the first position ELTS to the 2nd position ELTS；

The ELTS instruction corresponds to the line statement in C programmer source code；

The ELTS transition include that at least one ELTS is instructed.

4. the C programmer software verification method according to claim 3 based on escape character transition system, feature exist In, it is described that the intermediate language program is optimized, the temporary variable of the intermediate language program is deleted, the centre is merged The code block of LISP program LISP, comprising:

Function call in the intermediate language program is merged into the principal function of intermediate language program by the way of inline；

By the linear conditional statement of loop unrolling in the intermediate language program by the way of limited times expansion；

The code block for there are multiple successor blocks in the intermediate language program is split as first child code block and second filial generation code block, Wherein first sub- code block is for storing program instruction all in the code block and jumping to the second filial generation code Block, the second filial generation code block is for jumping to successor block and not storing any program instruction；

The multiple code blocks for not having branch in the intermediate language program are merged into a code block combination；

It deletes in the intermediate language program in structure from the inaccessible code block of program initial position；

Delete the temporary variable in the intermediate language program.

5. the C programmer software verification method according to claim 3 based on escape character transition system, feature exist In the intermediate language program structure, which is generated ELTS procedural model, includes:

By the function in the intermediate language program, it is successively converted into ELTS module；

Code block in the intermediate language program is converted into ELTS transition；

Conditional jump instructions in the intermediate language program are converted into the precondition expression formula in ELTS transition；

Ordinary instruction in the intermediate language program is converted into ELTS instruction, the ordinary instruction includes arithmetical operation, class Type conversion, comparison operation, bit arithmetic；

Attribute function calling in the intermediate language program is converted into including precondition expression formula and the default position ELTS Transition.

6. the C programmer software verification method according to claim 3 based on escape character transition system, feature exist According to the ELTS procedural model, the model path of generation satisfiability solving SMT, comprising:

Delete the inaccessible position of structure in the ELTS procedural model；

Depth-first traversal is carried out to the ELTS procedural model, the transition in the ELTS procedural model are converted into SMT table Up to formula；

Tool is solved by SMT, satisfiability solving is carried out to the SMT expression formula, generate the mould of the SMT of satisfiability solving Type path.

7. the C programmer software verification method according to claim 6 based on escape character transition system, feature exist In, to the ELTS procedural model carry out depth-first traversal, by the transition in the ELTS procedural model be converted into SMT expression Formula, comprising:

Standardize to the ELTS instruction in the ELTS procedural model, makes the lvalue of all ELTS instruction in ELTS transition Only occur once, and its r value is replaced；

The ELTS variable that each ELTS is changed changes position in the paths according to ELTS and increases number mark, for indicating ELTS variable different value contained in different transition；

By the number mark reconstruct ELTS sentence of ELTS transition ELTS variable according to contained by it by standardization, for i-th ELTS transition, the lvalue of all ELTS sentences have number mark i, and r value is to be become using the ELTS that i-1 is number mark Measure the expression formula constituted；

By all ELTS variables in ELTS system, its corresponding SMT variable is stated；

By the path each ELTS, corresponding SMT expression formula is successively constructed；

By ELTS change in each ELTS sentence, be converted into corresponding SMT expression statement；

ELTS all on one path ELTS are changed to the SMT expression formula conjunction converted, obtain ultimately corresponding to this ELTS The SMT expression formula in path；

Wherein, i is the integer greater than 1.

8. a kind of C programmer software verification device based on escape character transition system characterized by comprising

It verifies attribute description and is inserted into unit, for being inserted into verifying attribute description to object C programmer source code to be measured；

ELTS procedural model structural unit becomes for the C programmer source code to insertion verifying attribute according to the symbol of extension Move system ELTS syntactic constructs ELTS procedural model；

Model coordinates measurement unit, for generating the model path of satisfiability solving SMT according to the ELTS procedural model；

Analyze authentication unit, for by SMT tool to the ELTS procedural model model path carry out accessibility analysis and Verifying；

Program counter-example generation unit, for generating ELTS procedural model counter-example according to the result of approachability analysis and verifying, according to The ELTS procedural model counter-example mapping generates C programmer counter-example；

The C programmer source code of described pair of insertion verifying attribute changes system ELTS syntactic constructs ELTS according to the symbol of extension Procedural model, comprising:

C programmer source code is parsed using compiler, obtains intermediate language program；

The intermediate language program is optimized, the temporary variable of the intermediate language program is deleted, merges the intermediate language Say the code block of program；

The intermediate language program structure is generated into ELTS procedural model.