frama c wp tutorial
play

Frama-C WP Tutorial Virgile Prevosto , Nikolay Kosmatov and Julien - PowerPoint PPT Presentation

Nov 28, 2022 •227 likes •704 views

Frama-C WP Tutorial Virgile Prevosto , Nikolay Kosmatov and Julien Signoles June 11 th , 2013 Motivation Main objective: Rigorous, mathematical proof of semantic properties of a program functional properties safety: all memory

  1. Frama-C WP Tutorial Virgile Prevosto , Nikolay Kosmatov and Julien Signoles June 11 th , 2013

  2. Motivation Main objective: Rigorous, mathematical proof of semantic properties of a program ◮ functional properties ◮ safety: ◮ all memory accesses are valid, ◮ no arithmetic overflow, ◮ no division by zero, . . . ◮ termination ◮ . . .

  3. Our goal In this tutorial, we will see ◮ how to specify a C program with ACSL ◮ how to prove it automatically with Frama-C/WP ◮ how to understand and fix proof failures

  4. Presentation of Frama-C Context First steps Frama-C plugins Basic function contract A little bit of background ACSL and WP Specifying side-effects Loops Background Loop invariants in ACSL Loop termination Advanced contracts Behaviors User-defined predicates

  5. Presentation of Frama-C Context First steps Frama-C plugins Basic function contract A little bit of background ACSL and WP Specifying side-effects Loops Background Loop invariants in ACSL Loop termination Advanced contracts Behaviors User-defined predicates

  6. Presentation of Frama-C Context A brief history ◮ 90’s: CAVEAT, an Hoare logic-based tool for C programs at CEA ◮ 2000’s: CAVEAT used by Airbus during certification process of the A380 (DO-178 level A qualification) ◮ 2002: Why and its C front-end Caduceus (at INRIA) ◮ 2006: Joint project to write a successor to CAVEAT and Caduceus ◮ 2008: First public release of Frama-C (Hydrogen) ◮ 2010: start of Device-Soft project between Fraunhofer FIRST (now FOKUS) and CEA LIST ◮ today: ◮ Frama-C Fluorine (v9) ◮ Multiple projects around the platform ◮ A growing community of users ◮ and of plug-ins developers

  7. Presentation of Frama-C Context Frama-C at a glance ◮ A framework for modular analysis of C code. ◮ http://frama-c.com/ ◮ Developed at CEA LIST and INRIA Saclay (Proval, now Toccata team). ◮ Released under LGPL license (Fluorine v1/v2 in April-May) ◮ Kernel based on CIL (Necula et al. – Berkeley). ◮ ACSL annotation language. ◮ Extensible platform ◮ Collaboration of analysis over same code ◮ Inter plug-in communication through ACSL formulas. ◮ Adding specialized plug-in is easy

  8. Presentation of Frama-C Context ACSL: ANSI/ISO C Specification Language Presentation ◮ Based on the notion of contract, like in Eiffel ◮ Allows the users to specify functional properties of their programs ◮ Allows communication between various plugins ◮ Independent from a particular analysis ◮ ACSL manual at http://frama-c.com/acsl Basic Components ◮ First-order logic ◮ Pure C expressions ◮ C types + Z (integer) and R (real) ◮ Built-ins predicates and logic functions, particularly over pointers: \valid(p) \valid(p+0..2), \separated(p+0..2,q+0..5), \block_length(p)

  9. Presentation of Frama-C First steps Installation On Linux ◮ On Debian, Ubuntu, Fedora, Gentoo, OpenSuse, Linux Mint, ... ◮ Compile from sources using OCaml package managers: ◮ Godi ( http://godi.camlcity.org/godi/index.html ) ◮ Opam ( http://opam.ocamlpro.com/ ) On Windows ◮ Godi ◮ Wodi ( http://wodi.forge.ocamlcore.org/ ) On Mac OS X ◮ Binary package available ◮ Source compilation through homebrew.

  10. Presentation of Frama-C First steps Installed files Executables ◮ frama-c : Console-based interface ◮ frama-c-gui : Graphical User Interface Others ◮ FRAMAC_PLUGINS : location of plug-ins ◮ FRAMAC_SHARE : various configuration files ◮ FRAMAC_SHARE/libc : standard headers

  11. Presentation of Frama-C First steps Documentation Manuals ◮ http://frama-c.com/support.html ◮ In directory $(frama-c -print-share-path)/manuals ◮ inline help ( frama-c -kernel-help , frama-c - plugin -help ) Support ◮ frama-c-discuss@gforge.inria.fr ◮ tag frama-c on http://stackoverflow.com

  12. Presentation of Frama-C Frama-C plugins Main plug-ins included in main distribution distributed externally Value Analysis Jessie WP Aoraï Agen Specification Generation Mthread Abstract Interpretation Deductive Verification Concurrency Formal Methods Executable-ACSL Code Transformation Frama-C Plug-Ins Dynamic Analysis PathCrawler Spare code Semantic constant folding SANTE Browsing of unfamiliar code Slicing Scope & Data-flow browsing Variable occurrences Metrics computation Impact Analysis

  13. Presentation of Frama-C Frama-C plugins External plugins ◮ Taster (coding rules, Atos/Airbus, Delmas &al., ERTS 2010) ◮ Dassault’s internal plug-ins (Pariente & Ledinot, FoVeOOs 2010) ◮ Fan-C (flow dependencies, Atos/Airbus, Duprat &al., ERTS 2012) ◮ Simple Concurrency plug-in (Adelard, first release in 2013) ◮ Various academic experiments (mostly security and/or concurrency related)

  14. Presentation of Frama-C Context First steps Frama-C plugins Basic function contract A little bit of background ACSL and WP Specifying side-effects Loops Background Loop invariants in ACSL Loop termination Advanced contracts Behaviors User-defined predicates

  15. Basic function contract A little bit of background Summary Contracts Goal: specification of imperative functions Approach: give assertions (i.e. properties) about the functions Precondition is supposed to be true on entry (ensured by callers of the function) Postcondition must be true on exit (ensured by the function if it terminates) Nothing is guaranteed when the precondition is not satisfied Termination may or may not be guaranteed (total or partial correctness)

  16. Basic function contract A little bit of background Hoare Logic ◮ Hoare Triples: /*@ requires R; ensures E; */ { P } S { Q } int f( int * x) { ◮ Weakest Preconditions: ∀ P , ( P ⇒ wp ( S , Q )) S_1; ⇒ { P } S { Q } ◮ Proof Obligation (PO): S_2; R ⇒ wp ( Body , E ) }

  17. Basic function contract A little bit of background Hoare Logic ◮ Hoare Triples: /*@ requires R; ensures E; */ { P } S { Q } int f( int * x) { ◮ Weakest Preconditions: ∀ P , ( P ⇒ wp ( S , Q )) S_1; ⇒ { P } S { Q } ◮ Proof Obligation (PO): S_2; R ⇒ wp ( Body , E ) /*@ assert E; */ }

  18. Basic function contract A little bit of background Hoare Logic ◮ Hoare Triples: /*@ requires R; ensures E; */ { P } S { Q } int f( int * x) { ◮ Weakest Preconditions: ∀ P , ( P ⇒ wp ( S , Q )) S_1; ⇒ { P } S { Q } /*@ assert wp(S_2,E); */ ◮ Proof Obligation (PO): S_2; R ⇒ wp ( Body , E ) /*@ assert E; */ }

  19. Basic function contract A little bit of background Hoare Logic ◮ Hoare Triples: /*@ requires R; ensures E; */ { P } S { Q } int f( int * x) { ◮ Weakest Preconditions: /*@ assert wp(S_1,wp(S_2,E)); */ ∀ P , ( P ⇒ wp ( S , Q )) S_1; ⇒ { P } S { Q } /*@ assert wp(S_2,E); */ ◮ Proof Obligation (PO): S_2; R ⇒ wp ( Body , E ) /*@ assert E; */ }

  20. Basic function contract ACSL and WP A first example #include " l i m i t s . h" // returns the maximum of x and y int max ( int x, int y ) { if ( x >=y ) return x ; return y ; }

  21. Basic function contract ACSL and WP WP plug-in Credits ◮ Loïc Correnson ◮ Zaynah Dargaye ◮ Anne Pacalet ◮ François Bobot ◮ a few others Basic usage ◮ frama-c-gui -wp file.c ◮ WP tab on the GUI ◮ Inspect (failed) proof obligation ◮ http://frama-c.com/download/wp-manual.pdf

  22. Basic function contract ACSL and WP Avoiding run-time errors Example // returns the absolute value of x int abs ( int x ) { if ( x >=0 ) return x ; return -x ; } Command ◮ frama-c-gui -pp-annot -wp -wp-rte abs.c ◮ or use switch directly in GUI

  23. Basic function contract Specifying side-effects Dealing with pointers Example // returns the maximum of *p and *q int max_ptr ( int *p, int *q ) { if ( *p >= *q ) return *p ; return *q ; } Main ingredients ◮ built-in predicate \valid (...) ◮ assigns clause

  24. Basic function contract Specifying side-effects Setting values Example // swap the content of both arguments void swap( int * p, int * q) { int tmp = *q; *q = *p; *p = tmp; }

  25. Basic function contract Specifying side-effects Function Calls ◮ Contract as a cut /*@ requires R_1; ◮ First PO: f must call g in a ensures E_1; correct context: assigns A; */ R_2 ⇒ wp ( S_1 , R_1 ) void g(); ◮ Second PO: State after g has the /*@ requires R_2; desired properties: ensures E_2; */ ∀ State , E_1 ⇒ wp ( S_2 , E_2 ) void f() { ◮ Must specify effects (Frame rule) S_1; g(); ∀ x ∈ State \ A , g does not change x S_2; }

  26. Basic function contract Specifying side-effects Function Calls ◮ Contract as a cut /*@ requires R_1; ◮ First PO: f must call g in a ensures E_1; correct context: assigns A; */ R_2 ⇒ wp ( S_1 , R_1 ) void g(); ◮ Second PO: State after g has the /*@ requires R_2; desired properties: ensures E_2; */ ∀ State , E_1 ⇒ wp ( S_2 , E_2 ) void f() { ◮ Must specify effects (Frame rule) S_1; g(); ∀ x ∈ State \ A , g does not change x S_2; }

  27. Basic function contract Specifying side-effects Function Calls ◮ Contract as a cut /*@ requires R_1; ◮ First PO: f must call g in a ensures E_1; correct context: assigns A; */ R_2 ⇒ wp ( S_1 , R_1 ) void g(); ◮ Second PO: State after g has the /*@ requires R_2; desired properties: ensures E_2; */ ∀ State , E_1 ⇒ wp ( S_2 , E_2 ) void f() { ◮ Must specify effects (Frame rule) S_1; g(); ∀ x ∈ State \ A , g does not change x S_2; }

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Towards Secure Things, or How to Verify IoT Software with Frama-C Tutorial at ZINC 2018 Allan

Towards Secure Things, or How to Verify IoT Software with Frama-C Tutorial at ZINC 2018 Allan

Towards Secure Things, or How to Verify IoT Software with Frama-C Tutorial at ZINC 2018 Allan Blanchard, Nikolai Kosmatov, Fr ed eric Loulergue some slides authored by Julien Signoles Email: allan.blanchard@inria.fr,

1.79k views • 151 slides
Secure Your Things: Verification of IoT Software with Frama-C Tutorial at HPCS 2018 Allan

Secure Your Things: Verification of IoT Software with Frama-C Tutorial at HPCS 2018 Allan

Secure Your Things: Verification of IoT Software with Frama-C Tutorial at HPCS 2018 Allan Blanchard, Nikolai Kosmatov, Fr ed eric Loulergue some slides authored by Julien Signoles Email: allan.blanchard@inria.fr, nikolai.kosmatov@cea.fr,

1.52k views • 151 slides
CONC 2 SEQ : A Frama-C Plugin for the Verification of Parallel Compositions of C Programs Allan

CONC 2 SEQ : A Frama-C Plugin for the Verification of Parallel Compositions of C Programs Allan

CONC 2 SEQ : A Frama-C Plugin for the Verification of Parallel Compositions of C Programs Allan Blanchard 3 , 2 Nikolai Kosmatov 2 Frdric Loulergue 1 , 3 1 School of Informatics, 2 CEA LIST 3 Laboratoire dInformatique Computing, and Cyber

661 views • 19 slides
Frama-C Training Session Introduction to ACSL and its GUI Virgile Prevosto CEA List October 21

Frama-C Training Session Introduction to ACSL and its GUI Virgile Prevosto CEA List October 21

Frama-C Training Session Introduction to ACSL and its GUI Virgile Prevosto CEA List October 21 st , 2010 outline Presentation ACSL Specifications Function contracts First-order logic Loops Assertions Deductive Verification Hoare logic

612 views • 40 slides
A Case Study on Formal Verification of the Anaxagoros Paging System with Frama-C Allan

A Case Study on Formal Verification of the Anaxagoros Paging System with Frama-C Allan

A Case Study on Formal Verification of the Anaxagoros Paging System with Frama-C Allan Blanchard Nikolai Kosmatov Matthieu Lemerre Fr ed eric Loulergue FMICS 2015 June 22, 2015 CONTENTS Anaxagoros Virtual Memory Formal

590 views • 31 slides
Cybersecurity for IoT: Verify your Software Today! Allan Blanchard, Nikolai Kosmatov (based on a

Cybersecurity for IoT: Verify your Software Today! Allan Blanchard, Nikolai Kosmatov (based on a

Cybersecurity for IoT: Verify your Software Today! Allan Blanchard, Nikolai Kosmatov (based on a tutorial prepared with Frdric Loulergue) Outline Introduction Verification of absence of runtime errors using Frama-C/Eva Deductive

694 views • 58 slides
A GAMS TUTORIAL A GAMS TUTORIAL A GAMS TUTORIAL WHAT IS GAMS ? General Algebraic Modeling

A GAMS TUTORIAL A GAMS TUTORIAL A GAMS TUTORIAL WHAT IS GAMS ? General Algebraic Modeling

A GAMS TUTORIAL A GAMS TUTORIAL A GAMS TUTORIAL WHAT IS GAMS ? General Algebraic Modeling System Modeling linear, nonlinear and mixed integer optimization problems Useful with large, complex problems A GAMS TUTORIAL A GAMS TUTORIAL

274 views • 24 slides
This tutorial is part of an upcoming publication on knifemaking. Please visit

This tutorial is part of an upcoming publication on knifemaking. Please visit

This tutorial teaches you how to make a narrow tang knife. ABS Matersmith, Kevin Harvey, created both the knife and the tutorial to promote the 2019 Non -guild Members Competition of the Knifemakers Guild of Southern Africa. This tutorial

2.01k views • 151 slides
Comp 1402 Winter 2008 Tutorial #1 Tutorial 1 The objectives of this tutorial will be:

Comp 1402 Winter 2008 Tutorial #1 Tutorial 1 The objectives of this tutorial will be:

Comp 1402 Winter 2008 Tutorial #1 Tutorial 1 The objectives of this tutorial will be: Create and access your Linux account. Become familiar with the Linux terminal. Become familiar with the vi text editor. Compile a

264 views • 8 slides
Open Data for Urban Research Session 4 Presenting Data frama.link/odur-2018-s4 This course

Open Data for Urban Research Session 4 Presenting Data frama.link/odur-2018-s4 This course

Open Data for Urban Research Session 4 Presenting Data frama.link/odur-2018-s4 This course Open Data for Urban Research This session Presenting Data, Spatial Visualization Replication material github.com/datactivist/

659 views • 64 slides
Excel Tutorial 1 Getting Started with Excel Tutorial 2 Formatting a Workbook Tutorial 3

Excel Tutorial 1 Getting Started with Excel Tutorial 2 Formatting a Workbook Tutorial 3

Excel Tutorial 1 Getting Started with Excel Tutorial 2 Formatting a Workbook Tutorial 3 Working with Formulas and Functions COMPREHENSIVE Excel Tutorial 1 Getting Started with Excel COMPREHENSIVE Objectives XP XP Understand

1.18k views • 81 slides
UPPAAL Tutorial UPPAAL Tutorial UPPAAL Tutorial Introduction Introduction Alexandre David

UPPAAL Tutorial UPPAAL Tutorial UPPAAL Tutorial Introduction Introduction Alexandre David

UPPAAL Tutorial UPPAAL Tutorial UPPAAL Tutorial Introduction Introduction Alexandre David Paul Pettersson RTSS05 Collaborators @UPPsala @AALborg Wang Yi Kim G Larsen Paul Pettersson Gerd Behrman John Hkansson

926 views • 36 slides
Tutorial 1: Overview of CS 136 1 CS 136 Spring 2020 Tutorial 1 Course Personnel

Tutorial 1: Overview of CS 136 1 CS 136 Spring 2020 Tutorial 1 Course Personnel

Tutorial 1: Overview of CS 136 1 CS 136 Spring 2020 Tutorial 1 Course Personnel Instructors: Adrian Reetz, John Akinyemi Course Coordinator: Scott King (Full-Time) Instructional Support Assistants (ISA)s: Jack Bai, Jiayi Wang

284 views • 26 slides
Do Fifty- Two Motivation Overview of the Language

Do Fifty- Two Motivation Overview of the Language

Do Fifty- Two Motivation Overview of the Language Tutorial Tutorial Tutorial Tutorial Tutorial Tutorial //A Sample Program configure numberOfPlayers: 2 configure

568 views • 34 slides
PROGRAMMING TUTORIAL Thierry Lepley, April 4 th 2016 TUTORIAL GOAL Intermediate Tutorial for

PROGRAMMING TUTORIAL Thierry Lepley, April 4 th 2016 TUTORIAL GOAL Intermediate Tutorial for

April 4-7, 2016 | Silicon Valley PROGRAMMING TUTORIAL Thierry Lepley, April 4 th 2016 TUTORIAL GOAL Intermediate Tutorial for Developers Understand philosophy of the API Understand main features of the API Start developing with VisionWorks

1.52k views • 92 slides
Tutorial Files for this tutorial can be downloaded from:

Tutorial Files for this tutorial can be downloaded from:

Cadence First Encounter Tutorial Files for this tutorial can be downloaded from: www.cs.wright.edu/~emmert/tutorials/enc_files.tar.gz Dr. J M Emmert Configuration File This file contains information used to setup your

560 views • 18 slides
02291: System Integration Design By Contract and OCL Hubert Baumeister huba@dtu.dk DTU Compute

02291: System Integration Design By Contract and OCL Hubert Baumeister huba@dtu.dk DTU Compute

02291: System Integration Design By Contract and OCL Hubert Baumeister huba@dtu.dk DTU Compute Technical University of Denmark Spring 2019 What does this function do? Implementation public List<Integer> f(List<Integer> vector) {

533 views • 35 slides
Proverbs Series Lesson #023 June 30, 2013 Dean Bible Ministries www.deanbible.org Dr. Robert

Proverbs Series Lesson #023 June 30, 2013 Dean Bible Ministries www.deanbible.org Dr. Robert

Proverbs Series Lesson #023 June 30, 2013 Dean Bible Ministries www.deanbible.org Dr. Robert L. Dean, Jr. Prov. 14:12, There is a way that seems right to a man, but its end is the way of death. Proverbs Guide for Skillful Living

380 views • 25 slides
WALK to EMMAUS LIFE is a JOURNEY with an ETERNAL DESTINATION We cant act like were going to

WALK to EMMAUS LIFE is a JOURNEY with an ETERNAL DESTINATION We cant act like were going to

WALK to EMMAUS LIFE is a JOURNEY with an ETERNAL DESTINATION We cant act like were going to live forever without being surprised when we dont. The JESUS MOVEMENT has always been known as THE WAY Our bodies may be growing older, our minds

524 views • 17 slides
The Revolutionary Rescue of Humanity Matthew 28:19-20 Mark 16:15 Sermon 1: The Cross Then and

The Revolutionary Rescue of Humanity Matthew 28:19-20 Mark 16:15 Sermon 1: The Cross Then and

The Revolutionary Rescue of Humanity Matthew 28:19-20 Mark 16:15 Sermon 1: The Cross Then and Now Sermon 2: Why the Cross? Sermon 3 (Good Friday): The Cross: Suffering and Redemption Grounded in Absolute Love Sermon 4 (Easter Sunday): The

354 views • 18 slides
1 Figure 7.3 Figure 7.3 Messages with both Authenticity and Secrecy Messages with both

1 Figure 7.3 Figure 7.3 Messages with both Authenticity and Secrecy Messages with both

Today Today 1. Review/Summary of security technologies Crypto and certificates 2. Combination of techniques in SSL Security Technologies and Hierarchical Trust Security Technologies and Hierarchical Trust The basis for secure HTTP, ssh

269 views • 7 slides
The Trust Anchor Key Renewal Method Applied to DNS Security Presentation by Thierry Moreau,

The Trust Anchor Key Renewal Method Applied to DNS Security Presentation by Thierry Moreau,

The Trust Anchor Key Renewal Method Applied to DNS Security Presentation by Thierry Moreau, CONNOTECH DNSSEC mission: DNS data origin authentication integrity assurance authenticated negative answers DNSSEC omissions, missing and wanted at

395 views • 8 slides
Trust Me An exploration of @trusted code in D Steven Schveigho ff er - DConf Online 2020 Code:

Trust Me An exploration of @trusted code in D Steven Schveigho ff er - DConf Online 2020 Code:

Trust Me An exploration of @trusted code in D Steven Schveigho ff er - DConf Online 2020 Code: https://github.com/schveiguy/dconf2020 Memory Safety! Memory Safety Real Problems Source:

858 views • 51 slides
Welcome! Todays Agenda: Dont Trust the Template The Prefix Sum Parallel

Welcome! Todays Agenda: Dont Trust the Template The Prefix Sum Parallel

/INFOMOV/ Optimization & Vectorization J. Bikker - Sep-Nov 2018 - Lecture 10: GPGPU (3) Welcome! Todays Agenda: Dont Trust the Template The Prefix Sum Parallel Sorting Stream Filtering Optimizing

781 views • 39 slides

More recommend