Specifying and Verifying Concurrent C Programs with TLA+
نویسندگان
چکیده
Verifying software systems automatically from their source code rather than modelling them in a dedicated language gives more confidence in establishing their properties. Here we propose a formal specification and verification approach for concurrent C programs directly based on the semantics of C. We define a set of translation rules and implement it in a tool (C2TLA+) that automatically translates C code into a TLA+ specification. The TLC model checker can use this specification to generate a model, allowing to check the absence of runtime errors and dead code in the C program in a given configuration. In addition, we show how translated specifications interact with manually written ones to: check the C code against safety or liveness properties; provide concurrency primitives or model hardware that cannot be expressed in C; and use abstract versions of translated C functions to address the state explosion problem. All these verifications have been conducted on an industrial case study, which is a part of the microkernel of the PharOS real-time system.
منابع مشابه
Verification and Specification of Concurrent Programs
I explore the history of, and lessons learned from, eighteen years of assertional methods for specifying and verifying concurrent programs. I then propose a Utopian future in which mathematics prevails.
متن کاملHarnessing SMT Solvers for TLA+ Proofs
TLA+ is a language based on Zermelo-Fraenkel set theory and linear temporal logic designed for specifying and verifying concurrent and distributed algorithms and systems. The TLA+ proof system TLAPS allows users to interactively verify safety properties of these systems. At the core of TLAPS, a proof manager interprets the proof language, generates corresponding proof obligations and passes the...
متن کاملVerifying and Constructing Abstract TLA Specifications: Application to the Verification of C programs
One approach to verify the correctness of a system is to prove that it implements an executable (specification) model whose correctness is more obvious. Here, we define a kind of automata whose state is the product of values of multiple variables that we name State Transition System (STS). We define the semantics of TLA+ (specification language of the Temporal Logic of Actions) constructs using...
متن کاملVerification and Specifications of Concurrent Programs
I explore the history of, and lessons learned from, eighteen years of assertional methods for specifying and verifying concurrent programs. I then propose a Utopian future in which mathematics prevails.
متن کامل