CN106294148A - C programmer software verification method based on escape character transition system and device - Google Patents

C programmer software verification method based on escape character transition system and device Download PDF

Info

Publication number
CN106294148A
CN106294148A CN201610645892.XA CN201610645892A CN106294148A CN 106294148 A CN106294148 A CN 106294148A CN 201610645892 A CN201610645892 A CN 201610645892A CN 106294148 A CN106294148 A CN 106294148A
Authority
CN
China
Prior art keywords
elts
programmer
program
procedural model
model
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610645892.XA
Other languages
Chinese (zh)
Other versions
CN106294148B (en
Inventor
孙家广
王得希
张超
陈�光
贺飞
顾明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tsinghua University
Original Assignee
Tsinghua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tsinghua University filed Critical Tsinghua University
Priority to CN201610645892.XA priority Critical patent/CN106294148B/en
Publication of CN106294148A publication Critical patent/CN106294148A/en
Application granted granted Critical
Publication of CN106294148B publication Critical patent/CN106294148B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3604Software analysis for verifying properties of programs
    • G06F11/3608Software analysis for verifying properties of programs using formal methods, e.g. model checking, abstract interpretation

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention provides a kind of C programmer software verification method based on escape character transition system and device.The method includes: object C programmer source code to be measured inserts checking attribute description;To the C programmer source code symbol transition system ELTS syntactic constructs ELTS procedural model according to extension inserting checking attribute;According to described ELTS procedural model, generate the model path of satisfiability solving SMT;Use SMT instrument that described ELTS procedural model model path carries out analysis and the checking of accessibility;Result according to approachability analysis and checking generates ELTS procedural model counter-example, maps according to described ELTS procedural model counter-example and generates C programmer counter-example.Embodiment of the present invention automatization sets up ELTS procedural model, combination model detection and strict mathematical reasoning are verified result, have compared to other formalization method that accuracy rate is higher, the more preferable feature of program coverage rate, improve efficiency and the accuracy of software verification.

Description

C programmer software verification method based on escape character transition system and device
Technical field
The present invention relates to field of computer technology, be specifically related to a kind of C programmer based on escape character transition system Software verification method and device.
Background technology
Software test is to ensure that an important means of software system correctness, and it comes by running selected test case Find the mistake in software, and make the quality of software reach requirement by correcting mistake.Traditional software test can only be by surveying The structure problem of the test software that example on probation is passive, it is impossible to directly software configuration is analyzed.And traditional method of testing Main artificial, the semi-artificial method used, workload is big, test period length, easily occur omitting, and effectiveness is low.
Software verification type of service verification technique, is planted in strict mathematics and logic, to the correctness ensureing software It is of great significance with reliability tool.Formal Verification Techniques is model inspection than more typical technology.Model inspection Being a kind of algorithmic method about property of system checking, it detects a given calculating by the method for state space search Whether model meets certain specific character represented with temporal logic formula.The advantage of model inspection technology is automaticity Higher, it is not necessary to user grasps substantial amounts of logic knowledge, but owing to software relates to the computing on infinite data field, so state Explosion issues is the most prominent, it has also become model inspection is applied to a challenging difficult problem of software system.
Prior art proposes employing finite state machine embedded software is modeled, use SMV language to describe shape State machine model, and the state machine model described SMV language by symbolic model checking instrument SMV verified.But the party Method needs artificial employing finite state machine to be modeled, not the automatic structure of implementation model.
Prior art proposes based on the software testing validating method of reachability tree analysis method in Petri network.The method Need manually measurand key point to be carried out pitching pile, further according to pitching pile information, program structure piecemeal is modeled, finally combine, Petri network model to whole program.This method provide a kind of automanual modeling method, still do not avoid procedural model Artificial participation during foundation.
In existing software verification method, have the disadvantage that
(1) procedural model cannot build automatically according to program source code, needs manually to understand code, and completes modeling;
(2) checking of procedural model cannot be automatically performed, and needs artificial participation specific authentication condition;
(3) efficiency and the accuracy rate of software verification has much room for improvement;
(4) the inadequate specification of procedural model grammatical structure design is perfect, it is impossible to express complete Program Semantics.
Summary of the invention
The embodiment of the present invention provides a kind of C programmer software verification method based on escape character transition system and dress Put, need manually to understand that code, construction procedures model affect the effect of software verification for solving existing software verification method Rate and the problem of accuracy.
Embodiments provide a kind of C programmer software verification method based on escape character transition system, bag Include:
Object C programmer source code to be measured is inserted checking attribute description;
To C programmer source code symbol transition system ELTS syntactic constructs ELTS according to extension inserting checking attribute Procedural model;
According to described ELTS procedural model, generate the model path of satisfiability solving SMT;
Use SMT instrument that described ELTS procedural model model path carries out analysis and the checking of accessibility;
Result according to approachability analysis and checking generates ELTS procedural model counter-example, anti-according to described ELTS procedural model Example maps and generates C programmer counter-example.
Alternatively, the described checking attribute description that inserts object C programmer source code to be measured includes: according to checking demand The first function, the second function, the 3rd function and the 4th function is inserted in described C voice program source code;
Described first function, for describe a uncertain variate-value, the return value of described first function be one not The value determined;
Described second function, for description one it is assumed that be true time when presetting expression formula, program just can continue executing with;
Described 3rd function, for describing an errors present, if program goes to described errors present, have invoked described 3rd function, then read-me is made mistakes;
Described 4th function, asserts for describing one, described in the attribute of expression formula representation program asserted, if described disconnected The expression formula of speech is true, then program is errorless, if described in the expression formula asserted be false, then program is made mistakes;
Wherein, described 4th function realizes based on described first function and pre-conditioned statement.
Alternatively, described C programmer source code symbol transition system ELTS according to extension to inserting checking attribute Syntactic constructs ELTS procedural model, including:
C programmer source code use compiler is resolved, obtains intermediate language program;
Described intermediate language program is optimized, deletes the temporary variable of described intermediate language program, merge described in Between the code block of LISP program LISP;
Described intermediate language program structure is generated ELTS procedural model.
Alternatively, described ELTS procedural model includes:
ELTS system, ELTS module, ELTS variable, ELTS position, ELTS transition and ELTS instruction;
Wherein, described ELTS system corresponds to object C programmer source code to be measured;
Described ELTS module is corresponding to the function in C programmer source code;
Described ELTS variable is corresponding to the variable in C programmer source code;
Described ELTS position is corresponding to the lines of code in C programmer source code;
Described ELTS transition represent the transition from an ELTS position to the 2nd ELTS position;
Described ELTS instructs corresponding to the line statement in C programmer source code;
Described ELTS transition include at least one ELTS instruction.
Alternatively, described described intermediate language program is optimized, deletes the temporary variable of described intermediate language program, Merge the code block of described intermediate language program, including:
Use inline mode that the function call in described intermediate language program is merged into the main letter of intermediate language program In number;
Use the mode that limited number of time launches by the linear conditional statement of loop unrolling in described intermediate language program;
Described intermediate language program will there is the code block of multiple successor block to be split as F1 code block and second filial generation Code block, wherein first sub-code block is used for storing in described code block all of programmed instruction and jumps to described second son Code block, described second filial generation code block is used for jumping to successor block and not storing any programmed instruction;
It is merged into a code block combination by described intermediate language program does not has multiple code blocks of branch;
Delete in described intermediate language program in structure from the inaccessible code block of program initial position;
Delete the temporary variable in described intermediate language program.
Alternatively, described intermediate language program structure generation ELTS procedural model is included:
By the function in described intermediate language program, it is converted into ELTS module successively;
Code block in described intermediate language program is converted into ELTS transition;
Conditional jump instructions in described intermediate language program is converted into the precondition expression formula in ELTS transition;
Ordinary instruction in described intermediate language program is converted into ELTS instruction, and described ordinary instruction includes that arithmetic is transported Calculation, type conversion, comparison operation, bit arithmetic;
Call to be converted into by the attribute function in described intermediate language program and include precondition expression formula and default ELTS The transition of position.
Alternatively, according to described ELTS procedural model, generate the model path of satisfiability solving SMT, including:
Delete the inaccessible position of structure in described ELTS procedural model;
Described ELTS procedural model is carried out depth-first traversal, the transition in described ELTS procedural model are converted into SMT expression formula;
Solve instrument by SMT and described SMT expression formula is carried out satisfiability solving, generate the SMT of satisfiability solving Model path.
Alternatively, described ELTS procedural model is carried out depth-first traversal, by the transition in described ELTS procedural model It is converted into SMT expression formula, including:
ELTS in described ELTS procedural model is instructed and standardizes, make all ELTS in ELTS transition instruct Lvalue only occurs once, and is replaced its r value;
The ELTS variable changed by each ELTS changes position in the paths according to ELTS increases Digital ID, is used for marking The different value that bright ELTS variable is contained in difference changes;
ELTS statement will be reconstructed according to the Digital ID of ELTS variable contained by it, for the through normalized ELTS transition I ELTS transition, the lvalue of its all ELTS statements all has Digital ID i, and it is the ELTS of Digital ID that r value is use i-1 The expression formula that variable is constituted;
By all ELTS variablees in ELTS system, state its corresponding SMT variable;
By each ELTS path, construct corresponding SMT expression formula successively;
Each ELTS statement in being changed by ELTS, is converted into corresponding SMT expression statement;
All ELTS on one ELTS path are changed the SMT expression formula conjunction changed, obtains ultimately corresponding to this The SMT expression formula in ELTS path;
Wherein, i is the integer more than 1.
Embodiments provide a kind of C programmer software verification device based on escape character transition system, bag Include:
Checking attribute description inserts unit, for object C programmer source code to be measured inserts checking attribute description;
ELTS procedural model structural unit, for the C programmer source code symbol according to extension inserting checking attribute Number transition system ELTS syntactic constructs ELTS procedural model;
Model coordinates measurement unit, for according to described ELTS procedural model, generating the model road of satisfiability solving SMT Footpath;
Analysis verification unit, divides for described ELTS procedural model model path being carried out accessibility by SMT instrument Analysis and checking;
Program counter-example signal generating unit, generates ELTS procedural model counter-example for the result according to approachability analysis and checking, Map according to described ELTS procedural model counter-example and generate C programmer counter-example.
C programmer software verification method and the device of the system that changes based on escape character that the embodiment of the present invention provides, Proposing a kind of strict software verification formalization method, automatization sets up ELTS procedural model, and combination model detection is with strict Mathematical reasoning is verified result, has compared to other formalization method that accuracy rate is higher, the more preferable feature of program coverage rate; All variablees in program, statement, structure are automatically modeled, and checking full-automatic to procedural model, it is not necessary to manually join With, during solving software verification, model is set up and the problem of checking difficulty, improves efficiency and the accuracy of software verification.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing In having technology to describe, the required accompanying drawing used is briefly described, it should be apparent that, the accompanying drawing in describing below is the present invention Some embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to according to These accompanying drawings obtain other accompanying drawing.
Fig. 1 is the stream of one embodiment of the invention C programmer software verification method based on escape character transition system Journey schematic diagram;
Fig. 2 is the C programmer software verification device based on escape character transition system of one embodiment of the invention Structural representation;
Fig. 3 shows one embodiment of the invention C programmer software verification method based on escape character transition system Schematic diagram.
Detailed description of the invention
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is carried out clear, complete description, it is clear that described embodiment is The a part of embodiment of the present invention rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art The every other embodiment obtained under not making creative work premise, broadly falls into the scope of protection of the invention.
Fig. 1 is the C programmer software verification method based on escape character transition system of one embodiment of the invention Schematic flow sheet.As it is shown in figure 1, should include based on the C programmer software verification method of escape character transition system:
S11: object C programmer source code to be measured is inserted checking attribute description;
S12: to the C programmer source code symbol transition system ELTS syntactic constructs according to extension inserting checking attribute ELTS procedural model;
S13: according to described ELTS procedural model, generates satisfiability solving (Satisfiability Modulo Theories, SMT) model path;
S14: use SMT instrument that described ELTS procedural model model path carries out analysis and the checking of accessibility;
S15: generate ELTS procedural model counter-example, according to described ELTS program mould according to the result of approachability analysis and checking Type counter-example maps and generates C programmer counter-example.
It should be noted that symbol transition system (the Extended Labeled of the extension of embodiment of the present invention design Transition System, ELTS) language both had the grammatical structure of formal semantics, also facing software verification specialized designs Dependent parser unit, it is adaptable to describe general procedural model.
The C programmer software verification method based on escape character transition system of the embodiment of the present invention, proposes a kind of tight The software verification formalization method of lattice, automatization sets up ELTS procedural model, and combination model detection and strict mathematical reasoning obtain To the result, have compared to other formalization method that accuracy rate is higher, the more preferable feature of program coverage rate;To in program All variablees, statement, structure automatically model, and checking full-automatic to procedural model, it is not necessary to manually participate in, solve soft In part proof procedure, model is set up and the problem of checking difficulty, improves efficiency and the accuracy of software verification.
The embodiment of the present invention one preferred embodiment in, described to object C programmer source code to be measured insert Enter and verify that attribute description includes: according to checking demand insert in described C voice program source code the first function, the second function, 3rd function and the 4th function;
Described first function, for describe a uncertain variate-value, the return value of described first function be one not The value determined;
Described second function, for description one it is assumed that be true time when presetting expression formula, program just can continue executing with;
Described 3rd function, for describing an errors present, if program goes to described errors present, have invoked described 3rd function, then read-me is made mistakes;
Described 4th function, asserts for describing one, described in the attribute of expression formula representation program asserted, if described disconnected The expression formula of speech is true, then program is errorless, if described in the expression formula asserted be false, then program is made mistakes;
Wherein, described 4th function realizes based on described first function and pre-conditioned statement.
In actual applications, the embodiment of the present invention needs user to provide checking attribute description to carry out C programmer Checking.Checking attribute description relies primarily on four kinds of functions of present invention design and completes, the comprehensive use of above four kinds of described functions, Just the checking attribute description of a C programmer can be understood, it is simple to the present invention verifies.
The syntactic description of checking attribute is as follows:
First function: _ _ VERIFIER_nondet_TYPE (), describes a uncertain variate-value, the return of this function Value is the uncertain value of " TYPE " type, and " TYPE " here should specifically change in use such as " int ", " float " Etc. the variable fundamental type in C language;
Second function: _ _ VERIFIER_nondet_assume (expression), describes one it is assumed that be only used for explanation Having expression is true time, and program just can continue executing with, and is often used for reducing the checking scope of program;
3rd function: _ _ VERIFIER_nondet_error (), describes an errors present, if program goes to this In, have invoked this function, read-me is made mistakes;
4th function: _ _ VERIFIER_nondet_assert (expression), describes one and asserts, this table asserted Reaching formula expression and be often referred to as the attribute of program, if expression is true, then program is errorless, if Expression is false, then program is made mistakes, and _ _ VERIFIER_nondet_assert is often based upon _ _ VERIFIER_nondet_ Error realizes.
Owing to C language standard not having this class function built-in, calling program can be made to compile if being individually added into function, So the C language that present invention also offers this class function realizes;Realization in use, only need to be copied to C to be verified by user Above language file, it is possible to normal compilation, verify.
For example, four kinds of functions to realize code as follows:
// here as a example by " double "
double__VERIFIER_nondet_double()
{double val;return val;}
extern void__VERIFIER_error();
void__VERIFIER_assert(int e)
{if(!e){__VERIFIER_error();}return;}
void__VERIFIER_assume(int e)
{if(!e){LOOP:goto LOOP;}return;}
// it is here inserted into verifying the function body of attribute description
double__VERIFIER_nondet_double()
{double val;return val;}
extern void__VERIFIER_error();
void__VERIFIER_assert(int e)
{if(!e){__VERIFIER_error();}return;}
void__VERIFIER_assume(int e)
{if(!e){LOOP:goto LOOP;}return;}
// insert the original program verifying attribute description
#define RATE 0.1
double foo(int a){return a*RATE;}
double bar(int a){return a/RATE;}
int main(){
int nm;
_ _ VERIFIER_assume (nm==15);
Double r1=foo (bar (nm));//15.0
Double r2=bar (foo (nm));//10.0
Double r3=foo (bar (nm));//15.0
Double r4=__VERIFIER_nondet_double ();
_ _ VERIFIER_assert (r1==nm);//safe
__VERIFIER_assert(r1!=r2);//safe
_ _ VERIFIER_assert (r1==r3);//safe
_ _ VERIFIER_assert (r4==r4);//unsafe
return 0;
}
In the above example, " _ _ VERIFIER_assume (nm==15) " to variable " nm " describes and makes " nm " Value is considered as " 15 " in the verification;The initial value of variable " r4 " is employed " _ _ VERIFIER_nondet_double () " retouch State so that " r4 " is provided with the uncertain value that type is " double ";Last four " _ _ VERIFIER_assert " then It it is program attribute to be verified.
Further, the described C programmer source code symbol transition system according to extension to inserting checking attribute ELTS syntactic constructs ELTS procedural model, including:
C programmer source code use compiler is resolved, obtains intermediate language program;
Described intermediate language program is optimized, deletes the temporary variable of described intermediate language program, merge described in Between the code block of LISP program LISP;
Described intermediate language program structure is generated ELTS procedural model.
It should be noted that use LLVM clang compiler to resolve C programmer source code, obtain LLVM IR intermediate language program.For example, for C language file f oo.c, following command-line language is used i.e. to can get it right The LLVM IR intermediate language program answered:
clang-emit-llvm-g-S–w foo.c
Further, described ELTS procedural model includes:
ELTS system, ELTS module, ELTS variable, ELTS position, ELTS transition and ELTS instruction;
Wherein, described ELTS system corresponds to object C programmer source code to be measured;
Described ELTS module is corresponding to the function in C programmer source code;
Described ELTS variable is corresponding to the variable in C programmer source code;
Described ELTS position is corresponding to the lines of code in C programmer source code;
Described ELTS transition represent the transition from an ELTS position to the 2nd ELTS position;
Described ELTS instructs corresponding to the line statement in C programmer source code;
Described ELTS transition include at least one ELTS instruction.
It should be noted that ELTS module is corresponding to the function in C programmer source code to be verified, just as C language Multiple function can be had in program source code such, and 1 ELTS system can have multiple ELTS module;ELTS variable is corresponding to wanting The C programmer variable of checking, its type the most also includes integer, floating type, array, structure etc., all of change in C language Amount type has correspondence in ELTS;ELTS position is corresponding to the lines of code in C programmer to be verified, for execution Code be marked, sort out, owing to lines of code can be concentrated in ELTS transition by ELTS, so the position of ELTS It is not necessarily continuous print, it may be possible to inter-bank;ELTS changes corresponding to a line in C programmer to be verified or many langs Sentence, then an ELTS changes i.e. from the transition of an ELTS position to another ELTS position, correspond to phase in C programmer Answer the C language statement between code line.
It will be appreciated that LLVM IR is the language of a kind of relative low layer, and defer to single static assignment principle (Single Static Assignment), can be in the mistake that C programmer source program changes into LLVM IR intermediate language program Journey introduces more temporary variable and new program code block, needs to be optimized LLVM IR.The target of optimizing phase is just To delete temporary variable and consolidation procedure code block as much as possible so that LLVM IR when translating into ELTS can more quickly, Accurately.
Specifically, described described intermediate language program is optimized, deletes the temporary variable of described intermediate language program, Merge the code block of described intermediate language program, including:
Use inline mode that the function call in described intermediate language program is merged into the main letter of intermediate language program In number;
Use the mode that limited number of time launches by the linear conditional statement of loop unrolling in described intermediate language program;
By described intermediate language program has multiple successor block code block (such as CC condition code block just have two follow-up Block) it is split as F1 code block and second filial generation code block, wherein first sub-code block is used for storing institute in described code block Some programmed instruction and jump to described second filial generation code block, described second filial generation code block is used for jumping to successor block and not depositing Store up any programmed instruction;
It is merged into a code block combination by described intermediate language program does not has multiple code blocks of branch;
Delete in described intermediate language program in structure from the inaccessible code block of program initial position;
Delete the temporary variable in described intermediate language program.
It should be noted that in structure in LLVM IR program from the inaccessible code block of program initial position, by it Delete, be to save the expense that later stage conversion is verified to ELTS and ELTS.Face present in LLVM IR program code block Variations per hour, the method such as macroanalysis, expression formula replacement of use eliminates, and modal temporary variable is that transmission expression formula The variable of operation result.
Specifically, described intermediate language program structure generation ELTS procedural model is included:
By the function in described intermediate language program, it is converted into ELTS module successively;
Code block in described intermediate language program is converted into ELTS transition;
Conditional jump instructions in described intermediate language program is converted into the precondition expression formula in ELTS transition;
Ordinary instruction in described intermediate language program is converted into ELTS instruction, and described ordinary instruction includes that arithmetic is transported Calculation, type conversion, comparison operation, bit arithmetic;
Call to be converted into by the attribute function in described intermediate language program and include precondition expression formula and default ELTS The transition of position.
Specifically, according to described ELTS procedural model, generate the model path of satisfiability solving SMT, including:
Delete the inaccessible position of structure in described ELTS procedural model;
Described ELTS procedural model is carried out depth-first traversal, the transition in described ELTS procedural model are converted into SMT expression formula;
Solve instrument by SMT and described SMT expression formula is carried out satisfiability solving, generate the SMT of satisfiability solving Model path.
It will be appreciated that ELTS procedural model is considered as a kind of directed graph after beta pruning, pass through depth-first traversal DFS can enumerate each the ELTS procedural model path terminated from initial position to errors present.
Specifically, described ELTS procedural model is carried out depth-first traversal, by the transition in described ELTS procedural model It is converted into SMT expression formula, including:
ELTS in described ELTS procedural model is instructed and standardizes, make all ELTS in ELTS transition instruct Lvalue only occurs once, and is replaced its r value;
The ELTS variable changed by each ELTS changes position in the paths according to ELTS increases Digital ID, is used for marking The different value that bright ELTS variable is contained in difference changes;
ELTS statement will be reconstructed according to the Digital ID of ELTS variable contained by it, for the through normalized ELTS transition I ELTS transition, the lvalue of its all ELTS statements all has Digital ID i, and it is the ELTS of Digital ID that r value is use i-1 The expression formula that variable is constituted;
By all ELTS variablees in ELTS system, state its corresponding SMT variable;
By each ELTS path, construct corresponding SMT expression formula successively;
Each ELTS statement in being changed by ELTS, is converted into corresponding SMT expression statement;
All ELTS on one ELTS path are changed the SMT expression formula conjunction changed, obtains ultimately corresponding to this The SMT expression formula in ELTS path;
Wherein, i is the integer more than 1.
Using SMT to solve instrument Z3 and SMT expression formula carries out satisfiability solving, Z3 supports SMT file or SMT control station Text is as input;The embodiment of the present invention is by the way of using control station script input SMT expression formula text, backstage to start Z3 Carry out real-time, interactive with Z3, obtain the satisfiability solving result of Z3.
The embodiment of the present invention carries out satisfiability solving respectively for the SMT expression formula of every ELTS path configuration, so that it may To determine this ELTS path whether necessary being: if SMT expression formula can meet, illustrate to exist the value of one group of variable, Make the errors present in ELTS path up to, if SMT expression formula can not meet, illustrate that the errors present in ELTS path can not Reach;The existence situation in comprehensive all ELTS paths is it is concluded that whether program meets attribute: if from ELTS entry position to All ELTS paths of errors present are the most unreachable, then explanation ELTS procedural model attribute meets, simply by the presence of an ELTS road Footpath up to, then explanation ELTS procedural model be unsatisfactory for attribute;If ELTS procedural model attribute meets, then C programmer is described Attribute meets, if ELTS procedural model attribute is unsatisfactory for, then explanation C programmer attribute is unsatisfactory for.
The embodiment of the present invention only had when C programmer attribute is ungratified time, namely when SMT expression formula is satiable Wait, just need to provide counter-example;Z3, after judging that SMT expression formula can meet, can provide one and can meet model, and indicate SMT table Reaching the value of all variablees occurred in formula, these variable-values will be used for constructing ELTS procedural model counter-example, and then map back C The counter-example of LISP program LISP;The ELTS path of current solution is the ELTS path needing to construct ELTS counter-example;Expiring for Z3 Foot model, owing to SMT variable therein and ELTS variable are of the same name, therefore can determine each according to SMT variable name and value thereof The value of ELTS variable in ELTS transition.
For each ELTS path, due to the code block in LLVM IR program and ELTS change be one to one, LLVM IR variable name and the ELTS variable name removing Digital ID are one to one, position in can changing according to each ELTS The title put maps back the code block in LLVM IR program, and then obtains LLVM IR program counter-example path.
LLVM IR program can store Debugging message when being generated by LLVM clang compiling, can according to these Debugging message To find the code line of C programmer, the variable that the code block of LLVM IR, variable are corresponding, then LLVM IR program counter-example road Footpath can obtain C programmer counter-example path according to the Debugging message in LLVM IR program.
Fig. 2 is the C programmer software verification device based on escape character transition system of one embodiment of the invention Structural representation.As in figure 2 it is shown, should include that checking belonged to based on the C programmer software verification device of escape character transition system Property describe and insert unit 21, ELTS procedural model structural unit 22, model coordinates measurement unit 23, analysis verification unit 24 and journey Sequence counter-example signal generating unit 25, specifically:
Checking attribute description inserts unit 21, for object C programmer source code to be measured inserts checking attribute description;
ELTS procedural model structural unit 22, for inserting the C programmer source code of checking attribute according to extension Symbol transition system ELTS syntactic constructs ELTS procedural model;
Model coordinates measurement unit 23, for according to described ELTS procedural model, generating the model of satisfiability solving SMT Path;
Analysis verification unit 24, for carrying out accessibility by SMT instrument to described ELTS procedural model model path Analyze and checking;
Program counter-example signal generating unit 25, generates ELTS procedural model for the result according to approachability analysis and checking anti- Example, maps according to described ELTS procedural model counter-example and generates C programmer counter-example.
The C programmer software verification device based on escape character transition system of the embodiment of the present invention may be used for performing Said method embodiment, its principle is similar with technique effect, and here is omitted.
Fig. 3 shows one embodiment of the invention C programmer software verification method based on escape character transition system Schematic diagram.As it is shown on figure 3, the C programmer software verification method based on escape character transition system of the embodiment of the present invention Including:
The first step, submits measurand C programmer source code, user's request document, test environment document to, and according to rule C programmer source code is inserted checking attribute description by the formula that fixes;
Second step, resolves according to checking attribute description measurand C programmer source code, optimize and automatically builds Mould, according to ELTS syntactic constructs ELTS procedural model: C programmer source code use LLVM clang is converted into LLVM IR Program;LLVM IR program intermediate language is expressed and is optimized, be allowed to be more suitable for being transformed into ELTS procedural model;By LLVM IR Program intermediate language is expressed and is translated into ELTS procedural model;
Due to during ELTS procedural model language design with the correspondence of C language, so the groundwork of translation process is exactly According to the structure ELTS procedural model transition of LLVM IR program code block, the dependent instruction in LLVM IR is translated into ELTS language Sentence.
3rd step, the ELTS procedural model obtained according to second step, generate the model path of SMT: to ELTS procedural model It is optimized, removes inaccessible state, by simple map analysis, it may be determined that having which state is the original state from program The most inaccessible to error condition, by by these the most inaccessible state beta prunings, can very effectively reduce ELTS program mould The scale of type, it is simple to checking below;ELTS procedural model is carried out depth-first traversal, enumerates ELTS procedural model road Footpath;ELTS procedural model path is carried out SMT conversion;To each the ELTS procedural model path enumerated, according to the language of SMT Method rule, translates into SMT statement;
4th step, uses SMT instrument that ELTS procedural model path carries out analysis and the checking of accessibility;
The satisfiability of path SMT statement is verified, it is possible to determine this path whether necessary being by SMT instrument; If path necessary being, then prove to have found a path that can arrive errors present, thus prove C programmer is deposited In mistake.
5th step, processes analysis and the result, generates ELTS procedural model counter-example, ultimately generates C language journey Sequence counter-example: for the counter-example of SMT, maps back ELTS procedural model counter-example, re-maps back LLVM IR program intermediate language and expresses anti- Example, finally maps back C programmer counter-example.
The C voice program software verification method based on escape character transition system of the embodiment of the present invention, has and has as follows Benefit effect:
1) present invention proposes a kind of strict software verification formalization method, combination model detection and strict mathematical reasoning It is verified result, has compared to other formalization method that accuracy rate is higher, the more preferable feature of program coverage rate;
2) all variablees in program, statement, structure are automatically modeled by the present invention, and full-automatic to procedural model Checking, it is not necessary to manually participate in, during solving software verification, model is set up and the problem of checking difficulty.
3) present invention application ELTS and SMT is analyzed checking, around the analysis theories that ELTS design is perfect, and SMT merit Powerful can be enriched, can largely avoid the defect of program.
C programmer software verification method and the device of the system that changes based on escape character that the embodiment of the present invention provides, Proposing a kind of strict software verification formalization method, automatization sets up ELTS procedural model, and combination model detection is with strict Mathematical reasoning is verified result, has compared to other formalization method that accuracy rate is higher, the more preferable feature of program coverage rate; All variablees in program, statement, structure are automatically modeled, and checking full-automatic to procedural model, it is not necessary to manually join With, during solving software verification, model is set up and the problem of checking difficulty, improves efficiency and the accuracy of software verification.
Those skilled in the art are it should be appreciated that embodiments of the invention can be provided as method, system or computer program Product.Therefore, the reality in terms of the present invention can use complete hardware embodiment, complete software implementation or combine software and hardware Execute the form of example.And, the present invention can use at one or more computers wherein including computer usable program code The upper computer program product implemented of usable storage medium (including but not limited to disk memory, CD-ROM, optical memory etc.) The form of product.
The present invention is with reference to method, equipment (system) and the flow process of computer program according to embodiments of the present invention Figure and/or block diagram describe.It should be understood that can the most first-class by computer program instructions flowchart and/or block diagram Flow process in journey and/or square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided Instruction arrives the processor of general purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce A raw machine so that the instruction performed by the processor of computer or other programmable data processing device is produced for real The device of the function specified in one flow process of flow chart or multiple flow process and/or one square frame of block diagram or multiple square frame now.
It should be noted that term " includes ", " comprising " or its any other variant are intended to the bag of nonexcludability Contain, so that include that the process of a series of key element, method, article or equipment not only include those key elements, but also include Other key elements being not expressly set out, or also include the key element intrinsic for this process, method, article or equipment. In the case of there is no more restriction, statement " including ... " key element limited, it is not excluded that including described key element Process, method, article or equipment in there is also other identical element.
In the description of the present invention, illustrate a large amount of detail.Although it is understood that, embodiments of the invention can To put into practice in the case of there is no these details.In some instances, it is not shown specifically known method, structure and skill Art, in order to do not obscure the understanding of this description.Similarly, it will be appreciated that disclose to simplify the present invention and help to understand respectively One or more in individual inventive aspect, above in the description of the exemplary embodiment of the present invention, each of the present invention is special Levy and be sometimes grouped together in single embodiment, figure or descriptions thereof.But, should be by the method solution of the disclosure Release in reflecting an intention that i.e. the present invention for required protection requires than the feature being expressly recited in each claim more Many features.More precisely, as the following claims reflect, inventive aspect is less than single reality disclosed above Execute all features of example.Therefore, it then follows claims of detailed description of the invention are thus expressly incorporated in this detailed description of the invention, The most each claim itself is as the independent embodiment of the present invention.
Above example is merely to illustrate technical scheme, is not intended to limit;Although with reference to previous embodiment The present invention is described in detail, it will be understood by those within the art that: it still can be to aforementioned each enforcement Technical scheme described in example is modified, or wherein portion of techniques feature is carried out equivalent;And these are revised or replace Change, do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.

Claims (9)

1. a C programmer software verification method based on escape character transition system, it is characterised in that including:
Object C programmer source code to be measured is inserted checking attribute description;
To the C programmer source code symbol transition system ELTS syntactic constructs ELTS program according to extension inserting checking attribute Model;
According to described ELTS procedural model, generate the model path of satisfiability solving SMT;
Use SMT instrument that described ELTS procedural model model path carries out analysis and the checking of accessibility;
Result according to approachability analysis and checking generates ELTS procedural model counter-example, reflects according to described ELTS procedural model counter-example Penetrate generation C programmer counter-example.
C programmer software verification method based on escape character transition system the most according to claim 1, its feature exists In, the described checking attribute description that inserts object C programmer source code to be measured includes: according to checking demand at described C voice Program source code inserts the first function, the second function, the 3rd function and the 4th function;
Described first function, for describe a uncertain variate-value, the return value of described first function be one uncertain Value;
Described second function, for description one it is assumed that be true time when presetting expression formula, program just can continue executing with;
Described 3rd function, for describing an errors present, if program goes to described errors present, have invoked the described 3rd Function, then read-me is made mistakes;
Described 4th function, asserts for describing one, described in the attribute of expression formula representation program asserted, if described in assert Expression formula is true, then program is errorless, if described in the expression formula asserted be false, then program is made mistakes;
Wherein, described 4th function realizes based on described first function and pre-conditioned statement.
C programmer software verification method based on escape character transition system the most according to claim 1, its feature exists In, described C programmer source code symbol transition system ELTS syntactic constructs ELTS according to extension to inserting checking attribute Procedural model, including:
C programmer source code use compiler is resolved, obtains intermediate language program;
Described intermediate language program is optimized, deletes the temporary variable of described intermediate language program, merge described middle language The code block of speech program;
Described intermediate language program structure is generated ELTS procedural model.
C programmer software verification method based on escape character transition system the most according to claim 3, its feature exists In, described ELTS procedural model includes:
ELTS system, ELTS module, ELTS variable, ELTS position, ELTS transition and ELTS instruction;
Wherein, described ELTS system corresponds to object C programmer source code to be measured;
Described ELTS module is corresponding to the function in C programmer source code;
Described ELTS variable is corresponding to the variable in C programmer source code;
Described ELTS position is corresponding to the lines of code in C programmer source code;
Described ELTS transition represent the transition from an ELTS position to the 2nd ELTS position;
Described ELTS instructs corresponding to the line statement in C programmer source code;
Described ELTS transition include at least one ELTS instruction.
C programmer software verification method based on escape character transition system the most according to claim 4, its feature exists In, described described intermediate language program is optimized, deletes the temporary variable of described intermediate language program, merge described centre The code block of LISP program LISP, including:
Inline mode is used the function call in described intermediate language program to be merged in the principal function of intermediate language program;
Use the mode that limited number of time launches by the linear conditional statement of loop unrolling in described intermediate language program;
Described intermediate language program will there is the code block of multiple successor block be split as F1 code block and second filial generation code block, Wherein first sub-code block is used for storing in described code block all of programmed instruction and jumps to described second filial generation code Block, described second filial generation code block is used for jumping to successor block and not storing any programmed instruction;
It is merged into a code block combination by described intermediate language program does not has multiple code blocks of branch;
Delete in described intermediate language program in structure from the inaccessible code block of program initial position;
Delete the temporary variable in described intermediate language program.
C programmer software verification method based on escape character transition system the most according to claim 4, its feature exists In, described intermediate language program structure generation ELTS procedural model is included:
By the function in described intermediate language program, it is converted into ELTS module successively;
Code block in described intermediate language program is converted into ELTS transition;
Conditional jump instructions in described intermediate language program is converted into the precondition expression formula in ELTS transition;
Ordinary instruction in described intermediate language program is converted into ELTS instruction, and described ordinary instruction includes arithmetical operation, class Type conversion, comparison operation, bit arithmetic;
Call the attribute function in described intermediate language program to be converted into and include precondition expression formula and default ELTS position Transition.
C programmer software verification method based on escape character transition system the most according to claim 4, its feature exists In, according to described ELTS procedural model, generate the model path of satisfiability solving SMT, including:
Delete the inaccessible position of structure in described ELTS procedural model;
Described ELTS procedural model is carried out depth-first traversal, the transition in described ELTS procedural model are converted into SMT table Reach formula;
Solve instrument by SMT and described SMT expression formula is carried out satisfiability solving, generate the mould of the SMT of satisfiability solving Type path.
C programmer software verification method based on escape character transition system the most according to claim 7, its feature exists In, described ELTS procedural model is carried out depth-first traversal, the transition in described ELTS procedural model is converted into SMT and expresses Formula, including:
ELTS in described ELTS procedural model is instructed and standardizes, make the lvalue that all ELTS in ELTS transition instruct Only occur once, and its r value is replaced;
The ELTS variable changed by each ELTS changes position in the paths according to ELTS increases Digital ID, is used for indicating The different value that ELTS variable is contained in difference changes;
ELTS statement will be reconstructed, for i-th according to the Digital ID of ELTS variable contained by it through normalized ELTS transition ELTS changes, and the lvalue of its all ELTS statements all has Digital ID i, and r value is the ELTS using i-1 to be Digital ID and becomes The expression formula that amount is constituted;
By all ELTS variablees in ELTS system, state its corresponding SMT variable;
By each ELTS path, construct corresponding SMT expression formula successively;
Each ELTS statement in being changed by ELTS, is converted into corresponding SMT expression statement;
All ELTS on one ELTS path are changed the SMT expression formula conjunction changed, obtains ultimately corresponding to this ELTS The SMT expression formula in path;
Wherein, i is the integer more than 1.
9. a C programmer software verification device based on escape character transition system, it is characterised in that including:
Checking attribute description inserts unit, for object C programmer source code to be measured inserts checking attribute description;
ELTS procedural model structural unit, for becoming according to the symbol of extension the C programmer source code inserting checking attribute Move system ELTS syntactic constructs ELTS procedural model;
Model coordinates measurement unit, for according to described ELTS procedural model, generating the model path of satisfiability solving SMT;
Analysis verification unit, for by SMT instrument described ELTS procedural model model path carried out accessibility analysis and Checking;
Program counter-example signal generating unit, generates ELTS procedural model counter-example for the result according to approachability analysis and checking, according to Described ELTS procedural model counter-example maps and generates C programmer counter-example.
CN201610645892.XA 2016-08-08 2016-08-08 C programmer software verification method and device based on escape character transition system Expired - Fee Related CN106294148B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610645892.XA CN106294148B (en) 2016-08-08 2016-08-08 C programmer software verification method and device based on escape character transition system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610645892.XA CN106294148B (en) 2016-08-08 2016-08-08 C programmer software verification method and device based on escape character transition system

Publications (2)

Publication Number Publication Date
CN106294148A true CN106294148A (en) 2017-01-04
CN106294148B CN106294148B (en) 2018-12-11

Family

ID=57667250

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610645892.XA Expired - Fee Related CN106294148B (en) 2016-08-08 2016-08-08 C programmer software verification method and device based on escape character transition system

Country Status (1)

Country Link
CN (1) CN106294148B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107797929A (en) * 2017-10-26 2018-03-13 北京广利核系统工程有限公司 The statistical method and device of FPGA emulation testing function coverage
CN110032358A (en) * 2019-01-03 2019-07-19 阿里巴巴集团控股有限公司 A kind of application program generation method, device, equipment and system
CN110543353A (en) * 2019-09-05 2019-12-06 中国人民解放军国防科技大学 MPI program verification method, system and medium combining symbol execution and path model verification
CN112506767A (en) * 2020-12-03 2021-03-16 清华大学 Program verification method and device based on reinforcement learning
CN113434385A (en) * 2021-05-26 2021-09-24 华东师范大学 Method and system for automatically generating test case for software model inspection tool
CN113632018A (en) * 2019-03-28 2021-11-09 三菱电机株式会社 Method, computer program and device for analyzing a programmable logic controller program
CN115496017A (en) * 2022-09-06 2022-12-20 中国科学院软件研究所 Similar SVA (singular value analysis) extension and formal verification method for Chisel assertion language

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070168988A1 (en) * 2006-01-11 2007-07-19 International Business Machines Corporation Software verification using hybrid explicit and symbolic model checking
CN101571828A (en) * 2009-06-11 2009-11-04 北京航空航天大学 Method for detecting code security hole based on constraint analysis and model checking
CN101814053A (en) * 2010-03-29 2010-08-25 中国人民解放军信息工程大学 Method for discovering binary code vulnerability based on function model
CN103336884A (en) * 2013-05-30 2013-10-02 南京大学 Modeling and path-oriented reachability analysis method of non-linear hybrid system
CN105808429A (en) * 2016-03-03 2016-07-27 南京大学 Linear constraint code-oriented bounded reachability verification method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070168988A1 (en) * 2006-01-11 2007-07-19 International Business Machines Corporation Software verification using hybrid explicit and symbolic model checking
CN101571828A (en) * 2009-06-11 2009-11-04 北京航空航天大学 Method for detecting code security hole based on constraint analysis and model checking
CN101814053A (en) * 2010-03-29 2010-08-25 中国人民解放军信息工程大学 Method for discovering binary code vulnerability based on function model
CN103336884A (en) * 2013-05-30 2013-10-02 南京大学 Modeling and path-oriented reachability analysis method of non-linear hybrid system
CN105808429A (en) * 2016-03-03 2016-07-27 南京大学 Linear constraint code-oriented bounded reachability verification method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陈楠: "基于约束系统模型的缓冲区溢出漏洞检测系统", 《中国优秀硕士学位论文全文数据库》 *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107797929A (en) * 2017-10-26 2018-03-13 北京广利核系统工程有限公司 The statistical method and device of FPGA emulation testing function coverage
CN107797929B (en) * 2017-10-26 2021-01-22 北京广利核系统工程有限公司 Statistical method and device for programmable logic simulation test function coverage rate
CN110032358A (en) * 2019-01-03 2019-07-19 阿里巴巴集团控股有限公司 A kind of application program generation method, device, equipment and system
CN113632018A (en) * 2019-03-28 2021-11-09 三菱电机株式会社 Method, computer program and device for analyzing a programmable logic controller program
CN110543353A (en) * 2019-09-05 2019-12-06 中国人民解放军国防科技大学 MPI program verification method, system and medium combining symbol execution and path model verification
CN110543353B (en) * 2019-09-05 2022-05-06 中国人民解放军国防科技大学 MPI program verification method, system and medium combining symbolic execution and path model verification
CN112506767A (en) * 2020-12-03 2021-03-16 清华大学 Program verification method and device based on reinforcement learning
CN112506767B (en) * 2020-12-03 2022-07-05 清华大学 Program verification method and device based on reinforcement learning
CN113434385A (en) * 2021-05-26 2021-09-24 华东师范大学 Method and system for automatically generating test case for software model inspection tool
CN115496017A (en) * 2022-09-06 2022-12-20 中国科学院软件研究所 Similar SVA (singular value analysis) extension and formal verification method for Chisel assertion language
CN115496017B (en) * 2022-09-06 2023-04-11 中国科学院软件研究所 SVA-like extension and formal verification method for Chisel assertion language

Also Published As

Publication number Publication date
CN106294148B (en) 2018-12-11

Similar Documents

Publication Publication Date Title
CN106294148A (en) C programmer software verification method based on escape character transition system and device
Gosain et al. Static analysis: A survey of techniques and tools
JP5659238B2 (en) Source code conversion method and source code conversion program
WO2012032890A1 (en) Source code conversion method and source code conversion program
Lin et al. A testing framework for model transformations
CN107783758B (en) A kind of intelligence contract engineering method
US20130290075A1 (en) Localization quality assurance of localized software
US20110138362A1 (en) Software equivalence checking
Arcaini et al. AsmetaSMV: a way to link high-level ASM models to low-level NuSMV specifications
Zheng et al. CIVL: formal verification of parallel programs
CN105302719B (en) A kind of mutation testing method and device
Pearce et al. Whiley: a platform for research in software verification
CN102799529A (en) Generation method of dynamic binary code test case
JP2009087354A (en) Automatic test generation system and method for web application
Lin et al. Exploratory metamorphic testing for scientific software
Majchrzak Improving software testing: technical and organizational developments
CN104077232A (en) Testing device and method based on use case and source code two-way tracing
CN104090798A (en) Dynamic and static combined interrupt drive program data race detection method
Stattelmann et al. Dominator homomorphism based code matching for source-level simulation of embedded software
Gerasimov et al. Anxiety: A dynamic symbolic execution framework
US10824402B2 (en) Bytecode generation from UML models
Santiesteban et al. Cirfix: Automated hardware repair and its real-world applications
Masci et al. Proof mate: An interactive proof helper for pvs (tool paper)
Fukamachi et al. Modularity for uncertainty
JP6352607B2 (en) Assertion generation apparatus and method, and processor verification apparatus and method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20181211

Termination date: 20190808