CN106294148B - C programmer software verification method and device based on escape character transition system - Google Patents
C programmer software verification method and device based on escape character transition system Download PDFInfo
- Publication number
- CN106294148B CN106294148B CN201610645892.XA CN201610645892A CN106294148B CN 106294148 B CN106294148 B CN 106294148B CN 201610645892 A CN201610645892 A CN 201610645892A CN 106294148 B CN106294148 B CN 106294148B
- Authority
- CN
- China
- Prior art keywords
- elts
- program
- programmer
- intermediate language
- procedural model
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3608—Software analysis for verifying properties of programs using formal methods, e.g. model checking, abstract interpretation
Abstract
The present invention provides a kind of C programmer software verification methods and device based on escape character transition system.This method comprises: being inserted into verifying attribute description to object C programmer source code to be measured;System ELTS syntactic constructs ELTS procedural model is changed according to the symbol of extension to the C programmer source code of insertion verifying attribute;According to the ELTS procedural model, the model path of satisfiability solving SMT is generated;The analysis and verifying of accessibility are carried out to the ELTS procedural model model path using SMT tool;ELTS procedural model counter-example is generated according to approachability analysis and the result of verifying, is mapped according to the ELTS procedural model counter-example and generates C programmer counter-example.ELTS procedural model is established in automation of the embodiment of the present invention, binding model detection and stringent mathematical reasoning are verified result, have the characteristics that accuracy rate is higher, program coverage rate is more preferable compared to other forms method, improves the efficiency and accuracy of software verification.
Description
Technical field
The present invention relates to field of computer technology, and in particular to a kind of C programmer based on escape character transition system
Software verification method and device.
Background technique
Software test is to guarantee an important means of software systems correctness, it by run selected test case come
It was found that the mistake in software, and so that the quality of software is reached requirement by correcting mistake.Traditional software test can only pass through survey
The structure problem of example on probation passively test software, cannot directly analyze software configuration.And traditional test method
Artificial, the semi-artificial method mainly used, heavy workload, test period is long, is easy to appear omission, and effectiveness is low.
Software verification use form verification technique is planted in stringent mathematics and logic, to the correctness for guaranteeing software
It is had a very important significance with reliability.It than more typical technology is model inspection in formal Verification Techniques.Model inspection
It is a kind of algorithmic method about property of system verifying, it detects a given calculating by the method for state space search
Whether model meets some specific character indicated with temporal logic formula.The advantages of model inspection technology is the degree of automation
It is higher, it does not need user and grasps a large amount of logic knowledge, but since software is related to the operation on infinite data field, so state
Explosion issues are very prominent, it has also become model inspection is applied to a challenging problem of software systems.
It proposes and embedded software is modeled in the prior art using finite state machine, use SMV language description shape
State machine model, and verified by state machine model of the symbolic model checking tool SMV to SMV language description.However the party
Method needs manually to be modeled using finite state machine, the not automatic building of implementation model.
The software testing validating method based on reachability tree analysis method in Petri network is proposed in the prior art.This method
It needs manually to carry out pitching pile to measurand key point, program structure piecemeal is modeled further according to pitching pile information, finally combines, obtains
To the Petri net model of entire program.This method provides a kind of automanual modeling methods, do not avoid procedural model still
Artificial participation in establishment process.
In existing software verification method, have the disadvantage that
(1) procedural model can not construct automatically according to program source code, need manually to understand code, and complete to model;
(2) verifying of procedural model can not be automatically performed, and need manually to participate in specific authentication condition;
(3) efficiency and accuracy rate of software verification are to be improved;
(4) the inadequate specification of procedural model syntactic structure design is perfect, and be beyond expression complete Program Semantics.
Summary of the invention
The embodiment of the present invention provides a kind of C programmer software verification method and dress based on escape character transition system
Set, for solve existing software verification method need manually to understand code, construction procedures model and influence the effect of software verification
The problem of rate and accuracy.
The embodiment of the invention provides a kind of C programmer software verification method based on escape character transition system, packets
It includes:
Verifying attribute description is inserted into object C programmer source code to be measured;
System ELTS syntactic constructs ELTS is changed according to the symbol of extension to the C programmer source code of insertion verifying attribute
Procedural model;
According to the ELTS procedural model, the model path of satisfiability solving SMT is generated;
The analysis and verifying of accessibility are carried out to the ELTS procedural model model path using SMT tool;
ELTS procedural model counter-example is generated according to approachability analysis and the result of verifying, it is anti-according to the ELTS procedural model
Example mapping generates C programmer counter-example.
Optionally, described includes: according to verifying demand to object C programmer source code to be measured insertion verifying attribute description
First function, second function, third function and the 4th function are inserted into the C voice program source code;
The first function, for describe a uncertain variate-value, the return value of the first function be one not
Determining value;
The second function, for describing one it is assumed that program can just continue to execute when default expression formula is true;
The third function, if program goes to the errors present, has invoked described for describing an errors present
Third function, then read-me malfunctions;
4th function is asserted, the attribute of the expression formula representation program asserted for describing one, if described disconnected
The expression formula of speech is very that then program is errorless, if the expression formula asserted is false, program error;
Wherein, the 4th function is based on the first function and preset condition sentence is realized.
Optionally, the C programmer source code of described pair of insertion verifying attribute changes system ELTS according to the symbol of extension
Syntactic constructs ELTS procedural model, comprising:
C programmer source code is parsed using compiler, obtains intermediate language program;
The intermediate language program is optimized, the temporary variable of the intermediate language program is deleted, is merged in described
Between LISP program LISP code block;
The intermediate language program structure is generated into ELTS procedural model.
Optionally, the ELTS procedural model includes:
ELTS system, ELTS module, ELTS variable, the position ELTS, ELTS transition and ELTS instruction;
Wherein, the ELTS system corresponds to object C programmer source code to be measured;
The ELTS module corresponds to the function in C programmer source code;
The ELTS variable corresponds to the variable in C programmer source code;
The position ELTS corresponds to the lines of code in C programmer source code;
The ELTS transition represent the transition from the first position ELTS to the 2nd position ELTS;
The ELTS instruction corresponds to the line statement in C programmer source code;
The ELTS transition include that at least one ELTS is instructed.
Optionally, described that the intermediate language program is optimized, the temporary variable of the intermediate language program is deleted,
Merge the code block of the intermediate language program, comprising:
Function call in the intermediate language program is merged into the main letter of intermediate language program by the way of inline
In number;
By the linear conditional statement of loop unrolling in the intermediate language program by the way of limited times expansion;
The code block for there are multiple successor blocks in the intermediate language program is split as first child code block and second filial generation
Code block, wherein first sub- code block is for storing program instruction all in the code block and jumping to second son
Code block, the second filial generation code block is for jumping to successor block and not storing any program instruction;
The multiple code blocks for not having branch in the intermediate language program are merged into a code block combination;
It deletes in the intermediate language program in structure from the inaccessible code block of program initial position;
Delete the temporary variable in the intermediate language program.
Optionally, include: by intermediate language program structure generation ELTS procedural model
By the function in the intermediate language program, it is successively converted into ELTS module;
Code block in the intermediate language program is converted into ELTS transition;
Conditional jump instructions in the intermediate language program are converted into the precondition expression formula in ELTS transition;
Ordinary instruction in the intermediate language program is converted into ELTS instruction, the ordinary instruction includes arithmetic fortune
It calculates, type conversion, comparison operation, bit arithmetic;
Attribute function calling in the intermediate language program is converted into including precondition expression formula and default ELTS
The transition of position.
Optionally, according to the ELTS procedural model, the model path of satisfiability solving SMT is generated, comprising:
Delete the inaccessible position of structure in the ELTS procedural model;
Depth-first traversal is carried out to the ELTS procedural model, the transition in the ELTS procedural model are converted into
SMT expression formula;
Tool is solved by SMT, satisfiability solving is carried out to the SMT expression formula, generate the SMT of satisfiability solving
Model path.
Optionally, depth-first traversal is carried out to the ELTS procedural model, by the transition in the ELTS procedural model
It is converted into SMT expression formula, comprising:
Standardize to the ELTS instruction in the ELTS procedural model, makes all ELTS instruction in ELTS transition
Lvalue only occurs once, and is replaced to its r value;
The ELTS variable that each ELTS is changed changes position in the paths according to ELTS and increases number mark, for marking
Bright ELTS variable different value contained in different transition;
By the number mark reconstruct ELTS sentence of ELTS transition ELTS variable according to contained by it by standardization, for the
I ELTS transition, the lvalue of all ELTS sentences have number mark i, and r value is the ELTS using i-1 for number mark
The expression formula that variable is constituted;
By all ELTS variables in ELTS system, its corresponding SMT variable is stated;
By the path each ELTS, corresponding SMT expression formula is successively constructed;
By ELTS change in each ELTS sentence, be converted into corresponding SMT expression statement;
ELTS all on one path ELTS are changed to the SMT expression formula conjunction converted, obtain ultimately corresponding to this
The SMT expression formula in the path ELTS;
Wherein, i is the integer greater than 1.
The embodiment of the invention provides a kind of C programmer software verification device based on escape character transition system, packets
It includes:
It verifies attribute description and is inserted into unit, for being inserted into verifying attribute description to object C programmer source code to be measured;
ELTS procedural model structural unit, for the C programmer source code to insertion verifying attribute according to the symbol of extension
Number transition system ELTS syntactic constructs ELTS procedural model;
Model coordinates measurement unit, for generating the model road of satisfiability solving SMT according to the ELTS procedural model
Diameter;
Authentication unit is analyzed, is divided for carrying out accessibility to the ELTS procedural model model path by SMT tool
Analysis and verifying;
Program counter-example generation unit, for generating ELTS procedural model counter-example according to the result of approachability analysis and verifying,
It is mapped according to the ELTS procedural model counter-example and generates C programmer counter-example.
C programmer software verification method and device provided in an embodiment of the present invention based on escape character transition system,
It is proposed a kind of stringent software verification formalization method, ELTS procedural model is established in automation, binding model detection and stringent
Mathematical reasoning is verified as a result, having the characteristics that accuracy rate is higher, program coverage rate is more preferable compared to other forms method;
All variables in program, sentence, structure are automatically modeled, and procedural model is automatically verified, without artificial ginseng
With solve the problems, such as that model foundation and verifying are difficult during software verification, improve the efficiency and accuracy of software verification.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is the present invention
Some embodiments for those of ordinary skill in the art without creative efforts, can also basis
These attached drawings obtain other attached drawings.
Fig. 1 is the stream of C programmer software verification method of the one embodiment of the invention based on escape character transition system
Journey schematic diagram;
Fig. 2 is the C programmer software verification device based on escape character transition system of one embodiment of the invention
Structural schematic diagram;
Fig. 3 shows C programmer software verification method of the one embodiment of the invention based on escape character transition system
Schematic diagram.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, the technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
Fig. 1 is the C programmer software verification method based on escape character transition system of one embodiment of the invention
Flow diagram.As shown in Figure 1, should include: based on the C programmer software verification method of escape character transition system
S11: verifying attribute description is inserted into object C programmer source code to be measured;
S12: system ELTS syntactic constructs are changed according to the symbol of extension to the C programmer source code of insertion verifying attribute
ELTS procedural model;
S13: according to the ELTS procedural model, satisfiability solving (Satisfiability Modulo is generated
Theories, SMT) model path;
S14: the analysis and verifying of accessibility are carried out to the ELTS procedural model model path using SMT tool;
S15: ELTS procedural model counter-example is generated according to approachability analysis and the result of verifying, according to the ELTS program mould
The mapping of type counter-example generates C programmer counter-example.
It should be noted that the symbol of the extension of design of the embodiment of the present invention changes system (Extended Labeled
Transition System, ELTS) language both had the syntactic structure of formal semantics, it is specially devised also facing software verification
Dependent parser unit, suitable for describing general procedural model.
The C programmer software verification method based on escape character transition system of the embodiment of the present invention proposes a kind of tight
ELTS procedural model is established in the software verification formalization method of lattice, automation, and binding model detection and stringent mathematical reasoning obtain
To verification result, have the characteristics that accuracy rate is higher, program coverage rate is more preferable compared to other forms method;To in program
All variables, sentence, structure are automatically modeled, and are automatically verified to procedural model, participate in, solve soft without artificial
The problem of model foundation and verifying difficulty, improves the efficiency and accuracy of software verification in part verification process.
It is described that object C programmer source code to be measured is inserted in a kind of preferred embodiment of the embodiment of the present invention
Enter to verify attribute description include: be inserted into the C voice program source code according to verifying demand first function, second function,
Third function and the 4th function;
The first function, for describe a uncertain variate-value, the return value of the first function be one not
Determining value;
The second function, for describing one it is assumed that program can just continue to execute when default expression formula is true;
The third function, if program goes to the errors present, has invoked described for describing an errors present
Third function, then read-me malfunctions;
4th function is asserted, the attribute of the expression formula representation program asserted for describing one, if described disconnected
The expression formula of speech is very that then program is errorless, if the expression formula asserted is false, program error;
Wherein, the 4th function is based on the first function and preset condition sentence is realized.
In practical applications, the embodiment of the present invention needs user to provide verifying attribute description to carry out to C programmer
Verifying.Verifying attribute description relies primarily on four kinds of functions that the present invention designs and completes, and the comprehensive of above four kinds of described functions uses,
The verifying attribute description of one C programmer can be understood, convenient for present invention verifying.
The syntactic description for verifying attribute is as follows:
First function: _ _ VERIFIER_nondet_TYPE () describes a uncertain variate-value, the return of the function
Value is the uncertain value of " TYPE " type, and " TYPE " here should be specifically changed to when in use such as " int ", " float "
Etc. variable fundamental type in C languages;
Second function: _ _ VERIFIER_nondet_assume (expression), description one is it is assumed that for illustrating only
When to have expression be true, program can just be continued to execute, and be often used for reducing the verifying range of program;
Third function: _ _ VERIFIER_nondet_error () describes an errors present, if program goes to this
In, have invoked the function, read-me error;
4th function: _ _ VERIFIER_nondet_assert (expression) describes one and asserts, the table asserted
The attribute of program is often referred to as up to formula expression, if expression is very, program is errorless, if
Expression is vacation, then program malfunctions, and _ _ VERIFIER_nondet_assert is often based upon _ _ VERIFIER_nondet_
Error is realized.
Due to that, there is no this built-in class function, can make calling program that can not compile if being individually added into function in C language standard,
So the present invention also provides the realizations of the C language of this class function;Realization when in use, need to only be copied to the C to be verified by user
Above language file, so that it may which normal compilation is verified.
For example, the realization code of four kinds of functions is as follows:
// here by taking " double " as an example
double__VERIFIER_nondet_double()
{double val;return val;}
extern void__VERIFIER_error();
void__VERIFIER_assert(int e)
{if(!e){__VERIFIER_error();}return;}
void__VERIFIER_assume(int e)
{if(!e){LOOP:goto LOOP;}return;}
// it is here inserted into the function body for verifying attribute description
double__VERIFIER_nondet_double()
{double val;return val;}
extern void__VERIFIER_error();
void__VERIFIER_assert(int e)
{if(!e){__VERIFIER_error();}return;}
void__VERIFIER_assume(int e)
{if(!e){LOOP:goto LOOP;}return;}
// insert the original program for verifying attribute description
#define RATE 0.1
double foo(int a){return a*RATE;}
double bar(int a){return a/RATE;}
int main(){
int nm;
_ _ VERIFIER_assume (nm==15);
Double r1=foo (bar (nm));//15.0
Double r2=bar (foo (nm));//10.0
Double r3=foo (bar (nm));//15.0
Double r4=__VERIFIER_nondet_double ();
_ _ VERIFIER_assert (r1==nm);//safe
__VERIFIER_assert(r1!=r2);//safe
_ _ VERIFIER_assert (r1==r3);//safe
_ _ VERIFIER_assert (r4==r4);//unsafe
return 0;
}
In the above example, " _ _ VERIFIER_assume (nm==15) " of variable " nm " is described so that " nm "
Value is considered as " 15 " in the verification;" _ _ VERIFIER_nondet_double () " has been used to the initial value of variable " r4 "
Description, so that " r4 " is provided with the uncertain value that a type is " double ";Four last " _ _ VERIFIER_assert "
It is then the attribute to be verified of program.
Further, the C programmer source code of described pair of insertion verifying attribute changes system according to the symbol of extension
ELTS syntactic constructs ELTS procedural model, comprising:
C programmer source code is parsed using compiler, obtains intermediate language program;
The intermediate language program is optimized, the temporary variable of the intermediate language program is deleted, is merged in described
Between LISP program LISP code block;
The intermediate language program structure is generated into ELTS procedural model.
It should be noted that parsing to C programmer source code using LLVM clang compiler, LLVM is obtained
IR intermediate language program.For example, for a C language file f oo.c, it is right that its can be obtained using following command-line language
The LLVM IR intermediate language program answered:
clang-emit-llvm-g-S–w foo.c
Further, the ELTS procedural model includes:
ELTS system, ELTS module, ELTS variable, the position ELTS, ELTS transition and ELTS instruction;
Wherein, the ELTS system corresponds to object C programmer source code to be measured;
The ELTS module corresponds to the function in C programmer source code;
The ELTS variable corresponds to the variable in C programmer source code;
The position ELTS corresponds to the lines of code in C programmer source code;
The ELTS transition represent the transition from the first position ELTS to the 2nd position ELTS;
The ELTS instruction corresponds to the line statement in C programmer source code;
The ELTS transition include that at least one ELTS is instructed.
It should be noted that ELTS module corresponds to the function in the C programmer source code to be verified, just as C language
There can be multiple functions such in program source code, 1 ELTS system there can be multiple ELTS modules;ELTS variable, which corresponds to, to be wanted
The C programmer variable of verifying, type equally also include integer, floating type, array, structural body etc., all changes in C language
Amount type has correspondence in ELTS;The position ELTS corresponds to the lines of code in the C programmer to be verified, for execution
Code be marked, sort out, since ELTS can concentrate on lines of code in one ELTS transition, so the position of ELTS
It is not necessarily continuous, it may be possible to inter-bank;ELTS transition correspond to a line or multirow language in the C programmer to be verified
Sentence, then transition of the ELTS transition i.e. from a position ELTS to another position ELTS, correspond to phase in C programmer
Answer the C language sentence between code line.
It will be appreciated that LLVM IR is a kind of language of opposite low layer, and defer to single static assignment principle
(Single Static Assignment), can be in the mistake that C programmer source program is converted to LLVM IR intermediate language program
More temporary variable and new program code block are introduced in journey, need to optimize LLVM IR.The target of optimizing phase is just
Be delete temporary variable and consolidation procedure code block as much as possible so that LLVM IR when translating into ELTS can more quickly,
Accurately.
Specifically, described that the intermediate language program is optimized, the temporary variable of the intermediate language program is deleted,
Merge the code block of the intermediate language program, comprising:
Function call in the intermediate language program is merged into the main letter of intermediate language program by the way of inline
In number;
By the linear conditional statement of loop unrolling in the intermediate language program by the way of limited times expansion;
By the code block for having multiple successor blocks in the intermediate language program, (such as CC condition code block is just there are two subsequent
Block) it is split as first child code block and second filial generation code block, wherein first sub- code block is for storing institute in the code block
Some program instructions and the second filial generation code block is jumped to, the second filial generation code block is for jumping to successor block and not depositing
Store up any program instruction;
The multiple code blocks for not having branch in the intermediate language program are merged into a code block combination;
It deletes in the intermediate language program in structure from the inaccessible code block of program initial position;
Delete the temporary variable in the intermediate language program.
It should be noted that in structure in LLVM IR program from the inaccessible code block of program initial position, by it
It deletes, is to save the expense that post transition is verified to ELTS and ELTS.For facing present in LLVM IR program code block
Variations per hour is eliminated using the methods of macro-analysis, expression formula replacement, and the most common temporary variable is that transmitting expression formula
The variable of operation result.
Specifically, include: by intermediate language program structure generation ELTS procedural model
By the function in the intermediate language program, it is successively converted into ELTS module;
Code block in the intermediate language program is converted into ELTS transition;
Conditional jump instructions in the intermediate language program are converted into the precondition expression formula in ELTS transition;
Ordinary instruction in the intermediate language program is converted into ELTS instruction, the ordinary instruction includes arithmetic fortune
It calculates, type conversion, comparison operation, bit arithmetic;
Attribute function calling in the intermediate language program is converted into including precondition expression formula and default ELTS
The transition of position.
Specifically, according to the ELTS procedural model, the model path of satisfiability solving SMT is generated, comprising:
Delete the inaccessible position of structure in the ELTS procedural model;
Depth-first traversal is carried out to the ELTS procedural model, the transition in the ELTS procedural model are converted into
SMT expression formula;
Tool is solved by SMT, satisfiability solving is carried out to the SMT expression formula, generate the SMT of satisfiability solving
Model path.
It will be appreciated that ELTS procedural model is considered as a kind of digraph after beta pruning, pass through depth-first traversal
DFS can enumerate the ELTS procedural model path that each terminates from initial position to errors present.
Specifically, depth-first traversal is carried out to the ELTS procedural model, by the transition in the ELTS procedural model
It is converted into SMT expression formula, comprising:
Standardize to the ELTS instruction in the ELTS procedural model, makes all ELTS instruction in ELTS transition
Lvalue only occurs once, and is replaced to its r value;
The ELTS variable that each ELTS is changed changes position in the paths according to ELTS and increases number mark, for marking
Bright ELTS variable different value contained in different transition;
By the number mark reconstruct ELTS sentence of ELTS transition ELTS variable according to contained by it by standardization, for the
I ELTS transition, the lvalue of all ELTS sentences have number mark i, and r value is the ELTS using i-1 for number mark
The expression formula that variable is constituted;
By all ELTS variables in ELTS system, its corresponding SMT variable is stated;
By the path each ELTS, corresponding SMT expression formula is successively constructed;
By ELTS change in each ELTS sentence, be converted into corresponding SMT expression statement;
ELTS all on one path ELTS are changed to the SMT expression formula conjunction converted, obtain ultimately corresponding to this
The SMT expression formula in the path ELTS;
Wherein, i is the integer greater than 1.
Tool Z3 being solved using SMT, satisfiability solving being carried out to SMT expression formula, Z3 supports SMT file or SMT console
Text is as input;The embodiment of the present invention starts the mode of Z3 by using console script input SMT expression formula text, backstage
Real-time, interactive is carried out with Z3, obtains the satisfiability solving result of Z3.
The embodiment of the present invention carries out satisfiability solving for the SMT expression formula of every ELTS path configuration respectively, so that it may
With determine the path this ELTS whether necessary being: if SMT expression formula can satisfy, illustrate there are the value of one group of variable,
So that the errors present in the path ELTS is reachable, if SMT expression formula can not meet, illustrate that the errors present in the path ELTS can not
It reaches;Comprehensive all paths ELTS there are situation it is concluded that whether program meets attribute: if from the entry position ELTS to
All paths ELTS of errors present are unreachable, then illustrate that ELTS procedural model attribute meets, simply by the presence of a road ELTS
Diameter is reachable, then illustrates that ELTS procedural model is unsatisfactory for attribute;If ELTS procedural model attribute meets, illustrate C programmer
Attribute meets, if ELTS procedural model attribute is unsatisfactory for, illustrates that C programmer attribute is unsatisfactory for.
The embodiment of the present invention only work as C programmer attribute it is ungratified when namely SMT expression formula it is satiable when
It waits, just needs to provide counter-example;For Z3 after determining that SMT expression formula can meet, can provide one can meet model, and indicate SMT table
Up to the value of all variables occurred in formula, these variable-values will be used to construct ELTS procedural model counter-example, and then map back C
The counter-example of LISP program LISP;The path ELTS of current solution is the path ELTS for needing to construct ELTS counter-example;For expiring for Z3
Sufficient model since SMT variable therein and ELTS variable are of the same name, therefore can determine each according to SMT variable name and its value
The value of ELTS variable in ELTS transition.
For the path each ELTS, due in LLVM IR program code block and ELTS transition be it is one-to-one,
LLVM IR variable name and the ELTS variable name for removing number mark be it is one-to-one, can be changed according to each ELTS in position
The title set maps back the code block in LLVM IR program, and then obtains LLVM IR program counter-example path.
LLVM IR program can store Debugging message when generating by LLVM clang compiling, can according to these Debugging message
To find code line, the variable of the corresponding C programmer of code block, variable of LLVM IR, then LLVM IR program counter-example road
Diameter can obtain C programmer counter-example path according to the Debugging message in LLVM IR program.
Fig. 2 is the C programmer software verification device based on escape character transition system of one embodiment of the invention
Structural schematic diagram.As shown in Fig. 2, should include that verifying belongs to based on the C programmer software verification device of escape character transition system
Property description insertion unit 21, ELTS procedural model structural unit 22, model coordinates measurement unit 23, analysis authentication unit 24 and journey
Sequence counter-example generation unit 25, specifically:
It verifies attribute description and is inserted into unit 21, for being inserted into verifying attribute description to object C programmer source code to be measured;
ELTS procedural model structural unit 22, for the C programmer source code to insertion verifying attribute according to extension
Symbol changes system ELTS syntactic constructs ELTS procedural model;
Model coordinates measurement unit 23, for generating the model of satisfiability solving SMT according to the ELTS procedural model
Path;
Authentication unit 24 is analyzed, for carrying out accessibility to the ELTS procedural model model path by SMT tool
Analysis and verifying;
Program counter-example generation unit 25, it is anti-for generating ELTS procedural model according to the result of approachability analysis and verifying
Example maps according to the ELTS procedural model counter-example and generates C programmer counter-example.
The C programmer software verification device based on escape character transition system of the embodiment of the present invention can be used for executing
Above method embodiment, principle is similar with technical effect, and details are not described herein again.
Fig. 3 shows C programmer software verification method of the one embodiment of the invention based on escape character transition system
Schematic diagram.As shown in figure 3, the C programmer software verification method based on escape character transition system of the embodiment of the present invention
Include:
The first step submits measurand C programmer source code, user demand document, test environment document, and according to rule
The formula that fixes is inserted into verifying attribute description to C programmer source code;
Second step is parsed, optimized and is built automatically to measurand C programmer source code according to verifying attribute description
Mould, according to ELTS syntactic constructs ELTS procedural model: C programmer source code is converted into LLVM IR using LLVM clang
Program;The expression of LLVM IR program intermediate language is optimized, is allowed to be more suitable for being transformed into ELTS procedural model;By LLVM IR
ELTS procedural model is translated into the expression of program intermediate language;
When due to ELTS procedural model language design and the correspondence of C language, so the groundwork of translation process is exactly
The transition of ELTS procedural model are constructed according to LLVM IR program code block, the dependent instruction in LLVM IR is translated into ELTS language
Sentence.
Third step, the ELTS procedural model obtained according to second step generate the model path of SMT: to ELTS procedural model
It optimizes, removes inaccessible state, by simple map analysis, can determine which state is the original state from program
It is forever inaccessible to error condition, by can very effectively reduce ELTS program mould for these inaccessible state beta prunings forever
The scale of type is convenient for subsequent verifying;Depth-first traversal is carried out to ELTS procedural model, enumerates ELTS procedural model road
Diameter;SMT conversion is carried out to ELTS procedural model path;To each ELTS procedural model path enumerated, according to the language of SMT
Method rule, translates into SMT sentence;
4th step carries out the analysis and verifying of accessibility using SMT tool to ELTS procedural model path;
The satisfiability of path SMT sentence is verified by SMT tool, so that it may determine the path whether necessary being;
If path necessary being, prove that the path of errors present can be reached by having found one, to prove to deposit in C programmer
In mistake.
5th step handles analysis and verification result, generates ELTS procedural model counter-example, ultimately generates C language journey
Sequence counter-example: for the counter-example of SMT, mapping back ELTS procedural model counter-example, and it is anti-to re-map back the expression of LLVM IR program intermediate language
Example, finally maps back C programmer counter-example.
The C voice program software verification method based on escape character transition system of the embodiment of the present invention, have has as follows
Beneficial effect:
1) present invention proposes a kind of stringent software verification formalization method, binding model detection and stringent mathematical reasoning
It is verified as a result, having the characteristics that accuracy rate is higher, program coverage rate is more preferable compared to other forms method;
2) present invention automatically models all variables in program, sentence, structure, and full-automatic to procedural model
Verifying is not necessarily to artificial participation, solves the problems, such as model foundation and verifying difficulty during software verification.
3) present invention carries out analysis verifying using ELTS and SMT, designs perfect analysis theories around ELTS, and SMT function
Powerful can be enriched, the defect of program can be largely avoided.
C programmer software verification method and device provided in an embodiment of the present invention based on escape character transition system,
It is proposed a kind of stringent software verification formalization method, ELTS procedural model is established in automation, binding model detection and stringent
Mathematical reasoning is verified as a result, having the characteristics that accuracy rate is higher, program coverage rate is more preferable compared to other forms method;
All variables in program, sentence, structure are automatically modeled, and procedural model is automatically verified, without artificial ginseng
With solve the problems, such as that model foundation and verifying are difficult during software verification, improve the efficiency and accuracy of software verification.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
It should be noted that the terms "include", "comprise" or its any other variant are intended to the packet of nonexcludability
Contain, so that the process, method, article or equipment for including a series of elements not only includes those elements, but also including
Other elements that are not explicitly listed, or further include for elements inherent to such a process, method, article, or device.
In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including the element
Process, method, article or equipment in there is also other identical elements.
In specification of the invention, numerous specific details are set forth.Although it is understood that the embodiment of the present invention can
To practice without these specific details.In some instances, well known method, structure and skill is not been shown in detail
Art, so as not to obscure the understanding of this specification.Similarly, it should be understood that disclose in order to simplify the present invention and helps to understand respectively
One or more of a inventive aspect, in the above description of the exemplary embodiment of the present invention, each spy of the invention
Sign is grouped together into a single embodiment, figure, or description thereof sometimes.However, should not be by the method solution of the disclosure
Release is in reflect an intention that i.e. the claimed invention requires more than feature expressly recited in each claim
More features.More precisely, as the following claims reflect, inventive aspect is less than single reality disclosed above
Apply all features of example.Therefore, it then follows thus claims of specific embodiment are expressly incorporated in the specific embodiment,
It is wherein each that the claims themselves are regarded as separate embodiments of the invention.
The above examples are only used to illustrate the technical scheme of the present invention, rather than its limitations;Although with reference to the foregoing embodiments
Invention is explained in detail, those skilled in the art should understand that: it still can be to aforementioned each implementation
Technical solution documented by example is modified or equivalent replacement of some of the technical features;And these are modified or replace
It changes, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution.
Claims (8)
1. a kind of C programmer software verification method based on escape character transition system characterized by comprising
Verifying attribute description is inserted into object C programmer source code to be measured;
System ELTS syntactic constructs ELTS program is changed according to the symbol of extension to the C programmer source code of insertion verifying attribute
Model;
According to the ELTS procedural model, the model path of satisfiability solving SMT is generated;
The analysis and verifying of accessibility are carried out to the ELTS procedural model model path using SMT tool;
ELTS procedural model counter-example is generated according to approachability analysis and the result of verifying, is reflected according to the ELTS procedural model counter-example
It penetrates and generates C programmer counter-example;
The C programmer source code of described pair of insertion verifying attribute changes system ELTS syntactic constructs ELTS according to the symbol of extension
Procedural model, comprising:
C programmer source code is parsed using compiler, obtains intermediate language program;
The intermediate language program is optimized, the temporary variable of the intermediate language program is deleted, merges the intermediate language
Say the code block of program;
The intermediate language program structure is generated into ELTS procedural model.
2. the C programmer software verification method according to claim 1 based on escape character transition system, feature exist
In described includes: according to verifying demand in the C language to object C programmer source code to be measured insertion verifying attribute description
First function, second function, third function and the 4th function are inserted into program source code;
The first function, for describing a uncertain variate-value, the return value of the first function is one uncertain
Value;
The second function, for describing one it is assumed that program can just continue to execute when default expression formula is true;
The third function has invoked the third if program goes to the errors present for describing an errors present
Function, then read-me malfunctions;
4th function is asserted, the attribute of the expression formula representation program asserted for describing one, is asserted if described
Expression formula is very that then program is errorless, if the expression formula asserted is false, program error;
Wherein, the 4th function is based on the first function and preset condition sentence is realized.
3. the C programmer software verification method according to claim 1 based on escape character transition system, feature exist
In the ELTS procedural model includes:
ELTS system, ELTS module, ELTS variable, the position ELTS, ELTS transition and ELTS instruction;
Wherein, the ELTS system corresponds to object C programmer source code to be measured;
The ELTS module corresponds to the function in C programmer source code;
The ELTS variable corresponds to the variable in C programmer source code;
The position ELTS corresponds to the lines of code in C programmer source code;
The ELTS transition represent the transition from the first position ELTS to the 2nd position ELTS;
The ELTS instruction corresponds to the line statement in C programmer source code;
The ELTS transition include that at least one ELTS is instructed.
4. the C programmer software verification method according to claim 3 based on escape character transition system, feature exist
In, it is described that the intermediate language program is optimized, the temporary variable of the intermediate language program is deleted, the centre is merged
The code block of LISP program LISP, comprising:
Function call in the intermediate language program is merged into the principal function of intermediate language program by the way of inline;
By the linear conditional statement of loop unrolling in the intermediate language program by the way of limited times expansion;
The code block for there are multiple successor blocks in the intermediate language program is split as first child code block and second filial generation code block,
Wherein first sub- code block is for storing program instruction all in the code block and jumping to the second filial generation code
Block, the second filial generation code block is for jumping to successor block and not storing any program instruction;
The multiple code blocks for not having branch in the intermediate language program are merged into a code block combination;
It deletes in the intermediate language program in structure from the inaccessible code block of program initial position;
Delete the temporary variable in the intermediate language program.
5. the C programmer software verification method according to claim 3 based on escape character transition system, feature exist
In the intermediate language program structure, which is generated ELTS procedural model, includes:
By the function in the intermediate language program, it is successively converted into ELTS module;
Code block in the intermediate language program is converted into ELTS transition;
Conditional jump instructions in the intermediate language program are converted into the precondition expression formula in ELTS transition;
Ordinary instruction in the intermediate language program is converted into ELTS instruction, the ordinary instruction includes arithmetical operation, class
Type conversion, comparison operation, bit arithmetic;
Attribute function calling in the intermediate language program is converted into including precondition expression formula and the default position ELTS
Transition.
6. the C programmer software verification method according to claim 3 based on escape character transition system, feature exist
According to the ELTS procedural model, the model path of generation satisfiability solving SMT, comprising:
Delete the inaccessible position of structure in the ELTS procedural model;
Depth-first traversal is carried out to the ELTS procedural model, the transition in the ELTS procedural model are converted into SMT table
Up to formula;
Tool is solved by SMT, satisfiability solving is carried out to the SMT expression formula, generate the mould of the SMT of satisfiability solving
Type path.
7. the C programmer software verification method according to claim 6 based on escape character transition system, feature exist
In, to the ELTS procedural model carry out depth-first traversal, by the transition in the ELTS procedural model be converted into SMT expression
Formula, comprising:
Standardize to the ELTS instruction in the ELTS procedural model, makes the lvalue of all ELTS instruction in ELTS transition
Only occur once, and its r value is replaced;
The ELTS variable that each ELTS is changed changes position in the paths according to ELTS and increases number mark, for indicating
ELTS variable different value contained in different transition;
By the number mark reconstruct ELTS sentence of ELTS transition ELTS variable according to contained by it by standardization, for i-th
ELTS transition, the lvalue of all ELTS sentences have number mark i, and r value is to be become using the ELTS that i-1 is number mark
Measure the expression formula constituted;
By all ELTS variables in ELTS system, its corresponding SMT variable is stated;
By the path each ELTS, corresponding SMT expression formula is successively constructed;
By ELTS change in each ELTS sentence, be converted into corresponding SMT expression statement;
ELTS all on one path ELTS are changed to the SMT expression formula conjunction converted, obtain ultimately corresponding to this ELTS
The SMT expression formula in path;
Wherein, i is the integer greater than 1.
8. a kind of C programmer software verification device based on escape character transition system characterized by comprising
It verifies attribute description and is inserted into unit, for being inserted into verifying attribute description to object C programmer source code to be measured;
ELTS procedural model structural unit becomes for the C programmer source code to insertion verifying attribute according to the symbol of extension
Move system ELTS syntactic constructs ELTS procedural model;
Model coordinates measurement unit, for generating the model path of satisfiability solving SMT according to the ELTS procedural model;
Analyze authentication unit, for by SMT tool to the ELTS procedural model model path carry out accessibility analysis and
Verifying;
Program counter-example generation unit, for generating ELTS procedural model counter-example according to the result of approachability analysis and verifying, according to
The ELTS procedural model counter-example mapping generates C programmer counter-example;
The C programmer source code of described pair of insertion verifying attribute changes system ELTS syntactic constructs ELTS according to the symbol of extension
Procedural model, comprising:
C programmer source code is parsed using compiler, obtains intermediate language program;
The intermediate language program is optimized, the temporary variable of the intermediate language program is deleted, merges the intermediate language
Say the code block of program;
The intermediate language program structure is generated into ELTS procedural model.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610645892.XA CN106294148B (en) | 2016-08-08 | 2016-08-08 | C programmer software verification method and device based on escape character transition system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610645892.XA CN106294148B (en) | 2016-08-08 | 2016-08-08 | C programmer software verification method and device based on escape character transition system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106294148A CN106294148A (en) | 2017-01-04 |
CN106294148B true CN106294148B (en) | 2018-12-11 |
Family
ID=57667250
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610645892.XA Expired - Fee Related CN106294148B (en) | 2016-08-08 | 2016-08-08 | C programmer software verification method and device based on escape character transition system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106294148B (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107797929B (en) * | 2017-10-26 | 2021-01-22 | 北京广利核系统工程有限公司 | Statistical method and device for programmable logic simulation test function coverage rate |
CN110032358B (en) * | 2019-01-03 | 2022-08-09 | 创新先进技术有限公司 | Application program generation method, device, equipment and system |
EP3715975B1 (en) * | 2019-03-28 | 2023-03-01 | Mitsubishi Electric R&D Centre Europe B.V. | Method and apparatus for analysing a ladder program |
CN110543353B (en) * | 2019-09-05 | 2022-05-06 | 中国人民解放军国防科技大学 | MPI program verification method, system and medium combining symbolic execution and path model verification |
CN112506767B (en) * | 2020-12-03 | 2022-07-05 | 清华大学 | Program verification method and device based on reinforcement learning |
CN113434385A (en) * | 2021-05-26 | 2021-09-24 | 华东师范大学 | Method and system for automatically generating test case for software model inspection tool |
CN115496017B (en) * | 2022-09-06 | 2023-04-11 | 中国科学院软件研究所 | SVA-like extension and formal verification method for Chisel assertion language |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8209667B2 (en) * | 2006-01-11 | 2012-06-26 | International Business Machines Corporation | Software verification using hybrid explicit and symbolic model checking |
CN101571828B (en) * | 2009-06-11 | 2012-07-04 | 北京航空航天大学 | Method for detecting code security hole based on constraint analysis and model checking |
CN101814053B (en) * | 2010-03-29 | 2013-03-13 | 中国人民解放军信息工程大学 | Method for discovering binary code vulnerability based on function model |
CN103336884A (en) * | 2013-05-30 | 2013-10-02 | 南京大学 | Modeling and path-oriented reachability analysis method of non-linear hybrid system |
CN105808429A (en) * | 2016-03-03 | 2016-07-27 | 南京大学 | Linear constraint code-oriented bounded reachability verification method |
-
2016
- 2016-08-08 CN CN201610645892.XA patent/CN106294148B/en not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
CN106294148A (en) | 2017-01-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106294148B (en) | C programmer software verification method and device based on escape character transition system | |
Gosain et al. | Static analysis: A survey of techniques and tools | |
CN107783758B (en) | A kind of intelligence contract engineering method | |
Lin et al. | A testing framework for model transformations | |
WO2012032890A1 (en) | Source code conversion method and source code conversion program | |
Arcaini et al. | AsmetaSMV: a way to link high-level ASM models to low-level NuSMV specifications | |
WO2012057170A1 (en) | Method of converting source code and source code conversion program | |
CN102799529A (en) | Generation method of dynamic binary code test case | |
Monteiro et al. | Bounded model checking of C++ programs based on the Qt cross‐platform framework | |
Bowen et al. | Seven more myths of formal methods: Dispelling industrial prejudices | |
Norling et al. | Informal approaches to developing simulation models | |
CN102520949B (en) | Formalized computer interlocking realization method | |
Bunker et al. | Formal hardware specification languages for protocol compliance verification | |
CN106557412A (en) | A kind of method and device of fuzz testing | |
Liu | An approach to applying SOFL for agile process and its application in developing a test support tool | |
JP6352607B2 (en) | Assertion generation apparatus and method, and processor verification apparatus and method | |
Lai et al. | Defining and verifying behaviour of domain specific language with fUML | |
Karsai et al. | On the correctness of model transformations in the development of embedded systems | |
Todica et al. | Formal verification in web services composition | |
Basold et al. | An open alternative for SMT-based verification of SCADE models | |
Sypsas et al. | Computing Similarities Between Virtual Laboratory Experiments Models Using Petri Nets | |
Archer et al. | Specifying and proving properties of timed I/O automata using Tempo | |
Zaw et al. | A design-aware test code approach for code writing problem in Java programming learning assistant system | |
Mozaffari et al. | Verification and validation of UML 2.0 sequence diagrams using colored Petri nets | |
Fitzgerald et al. | Triumphs and challenges for model-oriented formal methods: The vdm++ experience |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20181211 Termination date: 20190808 |
|
CF01 | Termination of patent right due to non-payment of annual fee |