Abstract
Runtime verification (RV) is an effective lightweight formal method for improving software’s reliability at runtime. There exist no RV tools specially designed for C++ programs. This paper introduces the first one, i.e., CCMOP, which implements an AOP-based RV approach and supports the RV of general properties for C/C++ program. CCMOP provides an AOP language specially designed for C++ program to define the events in RV. The instrumentation of RV monitor is done at AST-level, which improves the efficiency of compilation and the accuracy of RV. CCMOP is implemented based on JavaMOP and an industrial-strength compiler. The results of extensive experiments on 100 real-world C/C++ programs (5584.3K LOCs in total) indicate that CCMOP is robust and supports the RV of real-world C/C++ programs.
CCMOP is available at https://rv-ccmop.github.io.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
We disable the other checkers in AddressSanitizer with options mentioned in website.
References
Allan, C., Avgustinov, P., Christensen, A.S.: Adding trace matching with free variables to aspectJ. In: Proceedings of the 20th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2005, pp. 345–364. ACM (2005)
Bartocci, E., et al.: Specification-based monitoring of cyber-physical systems: a survey on theory, tools and applications. In: Bartocci, E., Falcone, Y. (eds.) Lectures on Runtime Verification. LNCS, vol. 10457, pp. 135–175. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-75632-5_5
Chen, F., Meredith, P.O., Jin, D., Rosu, G.: Efficient formalism-independent monitoring of parametric properties. In: ASE 2009, 24th IEEE/ACM International Conference on Automated Software Engineering, Auckland, pp. 383–394. IEEE Computer Society (2009)
Chen, F., Roşu, G.: Java-MOP: a monitoring oriented programming environment for java. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 546–550. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31980-1_36
Chen, Z., Wang, C., Yan, J.: Runtime detection of memory errors with smart status. In: ISSTA 2021: 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 296–308. ACM (2021)
Chen, Z., Yan, J., Kan, S., Qian, J., Xue, J.: Detecting memory errors at runtime with source-level instrumentation. In: Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2019, pp. 341–351. ACM (2019)
Clang: The AST Matcher Reference. www.clang.llvm.org/docs/LibASTMatchersReference.html
Clang: The Clang TreeTransform Class Template Reference. www.clang.llvm.org/doxygen/classclang_1_1TreeTransform.html
Clang-15.02: Clang - A C language family frontend for LLVM. www.clang.llvm.org/
Clarke, E.M., Grumberg, O., Long, D.E.: Model checking. In: Proceedings of the NATO Advanced Study Institute on Deductive Program Design, pp. 305–349 (1996)
Clarke, E.M., Klieber, W., Nováček, M., Zuliani, P.: Model checking and the state explosion problem. In: Meyer, B., Nordio, M. (eds.) LASER 2011. LNCS, vol. 7682, pp. 1–30. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35746-6_1
Davis, M., Logemann, G., Loveland, D.W.: A machine program for theorem-proving. Commun. ACM 5(7), 394–397 (1962)
Delaitre, A.: Test Suite #100: C test suite for source code analyzer v2 - vulnerable (2015). www.samate.nist.gov/SRD/view.php?tsID=100
Google: sanitizers. www.github.com/google/sanitizers
IBM: The Purify Documentation. www.ibm.com/support/pages/tools-purify
Kiczales, G., Hilsdale, E., Hugunin, J., Kersten, M., Palm, J., Griswold, W.G.: An overview of AspectJ. In: Knudsen, J.L. (ed.) ECOOP 2001. LNCS, vol. 2072, pp. 327–354. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45337-7_18
Leucker, M., Schallhart, C.: A brief account of runtime verification. J. Log. Algeb. Methods Program. 78(5), 293–303 (2009)
LLVM: The LLVM Compiler Infrastructure Project. www.llvm.org/
Loveland, D.W.: Automated theorem proving: a logical basis, Fundamental studies in computer science, vol. 6. North-Holland (1978)
Metzman, J., Szekeres, L., Simon, L.: Fuzzbench: an open fuzzer benchmarking platform and service. In: ESEC/FSE 2021: 29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 1393–1403. ACM (2021)
Milewicz, R., Vanka, R., Tuck, J.: Runtime checking C programs. In: Proceedings of the 30th Annual ACM Symposium on Applied Computing, pp. 2107–2114. ACM (2015)
Nagarakatte, S., Zhao, J., Martin, M.M.K.: CETS: compiler enforced temporal safety for C. In: Proceedings of the 9th International Symposium on Memory Management, ISMM 2010, pp. 31–40. ACM (2010)
Nagarakatte, S., Zhao, J., Martin, M.M.K., Zdancewic, S.: SoftBound: highly compatible and complete spatial memory safety for C. In: Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2009, pp. 245–258. ACM (2009)
Pnueli, A.: The temporal logic of programs. In: 18th Annual Symposium on Foundations of Computer Science, Providence, pp. 46–57. IEEE Computer Society (1977)
ROSE: Main Page. www.rosecompiler.org/ROSE_HTML_Reference/index.html
Serebryany, K., Bruening, D., Potapenko, A., Vyukov, D.: AddressSanitizer: a fast address sanity checker. In: 2012 USENIX Annual Technical Conference, Boston, pp. 309–318. USENIX Association (2012)
Seward, J., Nethercote, N.: Using valgrind to detect undefined value errors with bit-precision. In: Proceedings of the 2005 USENIX Annual Technical Conference, pp. 17–30. USENIX (2005)
Shiraishi, S., Mohan, V., Marimuthu, H.: Test suites for benchmarks of static analysis tools. In: 2015 IEEE International Symposium on Software Reliability Engineering Workshops, ISSRE Workshops, pp. 12–15. IEEE Computer Society (2015)
Signoles, J., Kosmatov, N., Vorobyov, K.: E-ACSL, a runtime verification tool for safety and security of C programs (tool paper). In: RV-CuBES 2017. An International Workshop on Competitions, Usability, Benchmarks, Evaluation, and Standardisation for Runtime Verification Tools. Kalpa Publications in Computing, vol. 3, pp. 164–173. EasyChair (2017)
Simpson, M.S., Barua, R.: MemSafe: ensuring the spatial and temporal memory safety of C at runtime. Softw. Pract. Exp. 43(1), 93–128 (2013)
Spinczyk, O., Lohmann, D., Urban, M.: AspectC++: an AOP extension for C++. Softw. Dev. J. 5, 68–76 (2005)
Stepanov, E., Serebryany, K.: Memorysanitizer: fast detector of uninitialized memory use in C++. In: Proceedings of the 13th Annual IEEE/ACM International Symposium on Code Generation and Optimization, CGO 2015, pp. 46–55. IEEE Computer Society (2015)
WLLVM: The Whole Program LLVM Project. www.github.com/travitch/whole-program-llvm
Zhou, S., Yang, Z., Qiao, D.: Ferry: state-aware symbolic execution for exploring state-dependent program paths. In: 31st USENIX Security Symposium, USENIX Security 2022, pp. 4365–4382. USENIX Association (2022)
Acknowledgments.
This research was supported by National Key R &D Program of China (No. 2022YFB4501903) and the NSFC Programs (No. 62172429 and 62002107).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Xing, Y., Chen, Z., Xu, S., Zhang, Y. (2023). CCMOP: A Runtime Verification Tool for C/C++ Programs. In: Katsaros, P., Nenzi, L. (eds) Runtime Verification. RV 2023. Lecture Notes in Computer Science, vol 14245. Springer, Cham. https://doi.org/10.1007/978-3-031-44267-4_18
Download citation
DOI: https://doi.org/10.1007/978-3-031-44267-4_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-44266-7
Online ISBN: 978-3-031-44267-4
eBook Packages: Computer ScienceComputer Science (R0)