Herbert Rocha

Model Checking Embedded C Software Using k-Induction and Invariants

We present a proof by induction algorithm, which combines k-induction with invariants to model check embedded C software with bounded and unbounded loops. The k-induction algorithm consists of three cases: in the base case, we aim to find a counterexample with up to k loop unwindings, in the forward condition, we check whether loops have been fully unrolled and that the safety property ø holds in all states reachable within k unwindings, and in the inductive step, we check that whenever ø holds for k unwindings, it also holds after the next unwinding of the system. For each step of the k-induction algorithm, we infer invariants using affine constraints (i.e., polyhedral) to specify pre-and post-conditions. Experimental results show that our approach can handle a wide variety of safety properties in typical embedded software applications from telecommunications, control systems, and medical devices, we demonstrate an improvement of the induction algorithm effectiveness if compared to other approaches.

Understanding programming bugs in ANSI-C software using bounded model checking counter-examples

One of the main challenges in software development is to ensure the correctness and reliability of software systems. In this sense, a system failure or malfunction can result in a catastrophe especially in critical embedded systems. In the context of software verification, bounded model checkers (BMCs) have already been applied to discover subtle errors in real projects. When a model checker finds an error, it produces a counter-example. On one hand, the value of counter-examples to debug software systems is widely recognized in the state-of-the-practice. On the other hand, model checkers often produce counter-examples that are either too large or difficult to be understood mainly because of the software size and the values chosen by the respective solver. This paper proposes a method with the purpose of automating the collection and manipulation of counter-examples in order to generate new instantiated code to reproduce the identified error. The proposed method may be seen as a complementary technique for the verification performed by state-of-the-art BMC tools. In particular, we used the ESBMC model checker to show the effectiveness of the proposed method over publicly available benchmarks and, additionally, a comparison with the tool Frama-C.

Formal Verification of UML Sequence Diagrams in the Embedded Systems Context

This paper shows a method for translating UML sequence diagrams to Petri nets and verifying deadlockfreeness, reachability, safety and liveness properties by using a model checker. In this proposed method, the user has not to know about temporal logics to describe the property to be verified. Instead, the user may adopt a high-level properties specification interface, which is automatically translated to a suitable temporal logic. We show the application of the proposed method in an embedded control application that consists of a sensory device mounted on a motorized platform that must detect and track specific objects in the environment.

Memory Management Test-Case Generation of C Programs Using Bounded Model Checking

We describe a novel method to automatically generate and verify memory management test cases for unit tests, which are based on assertions extracted from safety properties typically generated by bounded model checking (BMC) tools. In particular, the proposed method checks for properties related to pointer safety, memory leaks, and invalid deallocation. To investigate our method’s effectiveness, we developed a tool called Map2Check that adopts the ESBMC model checker and the CUnit testing framework. Additionally, Map2Check provides an integration of BMC tools with unit testing frameworks, which helps developers not very familiar with formal methods to verify large C programs. We use Map2Check to perform an empirical evaluation over publicly available benchmarks and compare the results to recognized tools, e.g., Valgrind’s Memcheck, CBMC, LLBMC, CPAChecker, Predator, and ESBMC. Experimental results show that our proposed method detects at least as many memory management defects as existing tools; and it does not report any false positive and negative. We compared Map2Check with tools on the Competition on Software Verification 2014 (SVCOMP), in the MemorySafety category. Map2Check would have the same score than the 1st place and it would win the 2st place when ranking the evaluated tools on memory consumption.

JFORTES: Java Formal Unit TESt Generation

The use of computer-based systems has increased significantly over the last years in several domains, mainly when we take into account the applications running on mobile platforms that have exploded in just a few short years, so that software verification and testing now play an important role in ensuring the overall product quality. In this paper, we describe the preliminary results of a work that presents a method to integrate formal verification techniques adopting ESC/Java2 and JCute tools with unit testing by TestNG framework to verify Java programs. This method aims to extract the safety properties generated by ESC/Java2 to automatically generate test cases using the rich set of assertions provided by the TestNG framework and JCute to validate those test cases. It is worth noting that is widely recognized that there is a growing need for automated testing techniques aimed at mobile applications, in platforms, such as: Android or Java Platform, Micro Edition (Java ME). Additionally, a critical challenge is the systematic generation of test cases. We show preliminary results of our proposed method over publicly available benchmarks, and compare the results to recognized tools, e.g., CBMC and JavaPathFinder. Experimental results show that our proposed method detects 86.04% of correct results (i.e., if a property satisfy its specification or is violated), while CBMC has found 79.06%, and JPF has found 93,02%.