Skip to main content
SpringerLink
Log in

Model checking C source code for embedded systems

  • Regular Paper
  • Published:
International Journal on Software Tools for Technology Transfer Aims and scope Submit manuscript

Abstract

In this paper, the applicability of model checking to C code for embedded systems is studied. The paper is divided into two parts. In the first part, 13 existing model checkers for C code are detailed and evaluated for their applicability in the verification of C code for embedded systems. A case study is presented that applied CBMC as one representative C code model checker to an exemplary microcontroller program. As a consequence of this case study, we decided to develop a new model checker for source code for microcontrollers, called [mc]square. It is described in the second part of this paper. We present the architecture and the peculiarities of [mc]square, and we successfully applied [mc]square to the same microcontroller program used in the case study.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Andrews, T., Qadeer, S., Rajamani, S.K., Rehof, J., Xie, Y.: Zing: A model checker for concurrent software. Tech. Rep. MSR-TR-2004-10, Microsoft Research (2004)

  2. Ball, T., Kupferman, O., Yorsh, G.: Abstraction for falsification. Tech. Rep. MSR-TR-2005-50, Microsoft Research (2005)

  3. Ball, T., Rajamani, S.: Boolean programs: A model and process for software analysis. Tech. Rep. 2000-14, Microsoft Research (2000)

  4. Ball, T., Rajamani, S.K.: Bebop: A symbolic model checker for boolean programs. In: Proceedings of the 7th International SPIN Workshop SPIN Model Checking and Software Verification. Lecture Notes In Computer Science, vol. 1885, pp. 113–130. Springer, Berlin (2000)

  5. Ball, T., Rajamani, S.K.: Automatically validating temporal safety properties of interfaces. In: SPIN 2001, Workshop on Model Checking of Software, Lecture Notes in Computer Science, vol. 2057, pp. 103–122 (2001)

  6. Ball, T., Rajamani, S.K.: The SLAM toolkit. In: CAV’01, Lecture Notes in Computer Science, vol. 2102. Paris, France (2001)

  7. Berard B., Bidoit M., Finkel A., Laroussinie F., Petit A., Petrucci L., Schnoebelen P.: Systems and Software Verification: Model Checking Techniques and Tools. Springer, Berlin (2001)

    MATH  Google Scholar 

  8. Chaki S., Clarke E., Groce A., Jha S., Veith H.: Modular verification of software components in C. Trans. Softw. Eng. (TSE) 30(6), 388–402 (2004)

    Article  Google Scholar 

  9. Chaki S., Clarke E., Groce A., Ouaknine J., Strichman O., Yorav K.: Efficient verification of sequential and concurrent C programs. Formal Methods Syst. Des. (FMSD) 25(2–3), 129–166 (2004)

    Article  MATH  Google Scholar 

  10. Chen, H., Wagner, D.: MOPS: an infrastructure for examining security properties of software. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS), ACM, pp. 235–244 (2002)

  11. Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement. In: Computer Aided Verification, pp. 154–169 (1998)

  12. Clarke E., Kroening D., Lerda F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds) Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2004). Lecture Notes in Computer Science, vol. 2988, pp. 168–176. Springer, Berlin (2004)

    Google Scholar 

  13. Clarke E., Kroening D., Sharygina N., Yorav K.: Predicate abstraction of ANSI–C programs using SAT. Formal Methods Syst. Des. (FMSD) 25, 105–127 (2004)

    Article  MATH  Google Scholar 

  14. Clarke, E., Kroening, D., Sharygina, N., Yorav, K.: Satabs: Sat-based predicate abstraction for ANSI-C. In: Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2005). Lecture Notes in Computer Science, vol. 3440, pp. 570–574. Springer, Berlin (2005)

  15. Clarke E.M., Grumberg O., Peled D.A.: Model Checking. The MIT Press, Cambridge (1999)

    Google Scholar 

  16. Colon, M., Uribe, T.: Generating finite-state abstractions of reactive systems using decision procedures. In: Computer Aided Verification, pp. 293–304 (1998)

  17. Ganai, M.K., Gupta, A., Ashar, P.: DiVer: SAT-based model checking platform for verifying large scale systems. In: TACAS, Lecture Notes in Computer Science, vol. 3440, pp. 575–580. Springer, Berlin (2005)

  18. Graf, S., Saidi, H.: Construction of abstract state graphs with PVS. In: Proc. 9th International Conference on Computer Aided Verification (CAV’97), vol. 1254, pp. 72–83 (1997)

  19. Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: ACM SIGPLAN-SIGACT Conference on Principles of Programming Languages (POPL), ACM, pp. 58–70 (2002)

  20. Herberich, G., Noll, T., Schlich, B., Weise, C.: Proving correctness of an efficient abstraction for interrupt handling. In: Proceedings of the 3rd Internaitonal Workshop Systems Software Verification (SSV 08). Electronic Notes in Theoretical Computer Science. Elsevier, Amsterdam (2008, to appear)

  21. Holzmann G.J.: The Spin Model Checker: Primer and Reference Manual. Addison-Wesley Professional, Reading (2004)

    Google Scholar 

  22. Holzmann, G.J., Smith, M.H.: Software model checking: Extracting verification models from source code. In: Formal Methods for Protocol Engineering and Distributed Systems (FORTE/PSTV99), pp. 481–497 (1999)

  23. Ivanicic, F., Shlyakhter, I., Gupta, A., Ganai, M.K.: Model checking C programs using F-Soft. In: Proceedings of the 2005 International Conference on Computer Design (ICCD ’05), pp. 297–308. IEEE Computer Society (2005). doi:10.1109/ICCD.2005.77

  24. Keller, C.W., Saha, D., Basu, S., Smolka, S.A.: FocusCheck: A tool for model checking and debugging sequential C programs. In: Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2005), Lecture Notes in Computer Science, vol. 3440, pp. 563–569. Springer, Berlin (2005)

  25. Larsen, K.G., Larsson, F., Pettersson, P., Yi, W.: Efficient verification of real-time systems: Compact data structure and state-space reduction. In: Proceedings of the 18th IEEE Real-Time Systems Symposium (RTSS ’97), pp. 14–24. IEEE, Washington, DC, USA (1997)

  26. Larsen, K.G., Pettersson, P.: Timed and hybrid systems in UPPAAL2k (2000). Presentation at MOVEP 2000

  27. Leven, P., Mehler, T., Edelkamp, S.: Directed error detection in C++ with the assembly-level model checker StEAM. In: Model Checking Software (SPIN), pp. 39–56 (2004)

  28. McMillan, K.L.: Symbolic model checking—an approach to the state explosion problem. Ph.D. thesis, SCS, Carnegie Mellon University (1992)

  29. Mehler, T., Leven, P.: Introduction to StEAM - an assembly-level software model checker. Tech. Rep. 193, University of Dortmund and University of Freiburg (2003)

  30. Mercer, E., Jones, M.: Model checking machine code with the GNU debugger. In: Proceedings of the 12th International SPIN Workshop. Lecture Notes in Computer Science, vol. 3639, pp. 251–265. Springer, Berlin (2005)

  31. Necula, G.C., McPeak, S., Rahul, S.P., Weimer, W.: CIL: Intermediate language and tools for analysis and transformation of C programs. In: Proceedings of the 11th International Conference on Compiler Construction (CC ’02). Lecture Notes In Computer Science, vol. 2304, pp. 213–228. Springer, Berlin (2002)

  32. Noll, T., Schlich, B.: Delayed nondeterminism in model checking embedded systems assembly code. In: Proceedings of the 3rd International Haifa Verification Conference (HVC 2007). Lecture Notes in Computer Science, vol. 4899, pp. 185–201. Springer, Berlin (2008). doi:10.1007/978-3-540-77966-7_16

  33. Rohrbach, M.: An approach for model checking embedded systems software. Diploma thesis, RWTH Aachen University (2006)

  34. Schlich, B., Kowalewski, S.: C model checking: A survey. Tech. Rep. RWTH-I11-2005-2, Embedded Software Laboratory, RWTH Aachen University (2005)

  35. Schlich, B., Kowalewski, S.: Model checking C source code for embedded systems. In: Margaria, T., Steffen, B., Hinchey, M.G. (eds.) Proceedings of the IEEE/NASA Workshop Leveraging Applications of Formal Methods, Verification, and Validation (IEEE/NASA ISoLA 2005), pp. 65–77. NASA, Maryland, USA (2005). NASA/CP-2005-212788

  36. Schlich, B., Kowalewski, S.: [mc]square: A model checker for microcontroller code. In: Margaria, T., Philippou, A., Steffen, B. (eds.) Proceedings of the 2nd International Symposium on Leveraging Applications of Formal Methods, Verification and Validation (IEEE-ISoLA 2006). IEEE Computer Society (2006)

  37. Schlich, B., Kowalewski, S.: An extendable architecture for model checking hardware-specific automotive microcontroller code. In: Schnieder, E., Tarnai, G. (eds.) Proceedings of the 6th Symposiuum on Formal Methods for Automation and Safety in Railway and Automotive Systems (FORMS/FORMAT 2007), pp. 202–212. GZVB, Braunschweig, Germany (2007)

  38. Schlich, B., Löll, J., Kowalewski, S.: Application of static analyses for state space reduction to microcontroller assembly code. In: Proceedings of the 12th International Workshop Formal Methods for Industrial Critical Systems (FMICS 2007). Lecture Notes in Computer Science, vol. 4916. Springer, Berlin (2008)

  39. Schlich, B., Rohrbach, M., Weber, M., Kowalewski, S.: Model checking software for microcontrollers. Tech. Rep. AIB-2006-11 RWTH Aachen University (2006). http://aib.informatik.rwth-aachen.de/2006/2006-11.pdf

  40. Schlich, B., Salewski, F., Kowalewski, S.: Applying model checking to an automotive microcontroller application. In: Proceedings of the IEEE 2nd International Symposium on Industrial Embedded Systems (SIES 2007), pp. 209–216. IEEE (2007). doi:10.1109/SIES.2007.4297337

  41. Schwoon, S.: Model-checking pushdown systems. Ph.D. thesis, TU Munich (2002)

  42. Titzer, B.L.: Avrora: The AVR simulation and analysis framework. Master’s thesis, University of California, Los Angeles (2004)

  43. Titzer, B.L., Lee, D.K., Palsberg, J.: Avrora: Scalable sensor network simulation with precise timing. In: Proceedings of the 4th Internatianal Conference on Information Processing in Sensor Networks (IPSN’05) (2005)

  44. Weißenbacher, G.: An abstraction/refinement scheme for model checking C programs. Master’s thesis, Institut für Softwaretechnologie der Technischen Universität Graz (2003). http://prdownloads.sourceforge.net/boop/thesis.ps.gz?download

Download references

Author information

Authors and Affiliations

  1. Embedded Software Laboratory, RWTH Aachen University, Ahornstr. 55, 52074, Aachen, Germany

    Bastian Schlich & Stefan Kowalewski

Authors
  1. Bastian Schlich
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stefan Kowalewski
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bastian Schlich.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Schlich, B., Kowalewski, S. Model checking C source code for embedded systems. Int J Softw Tools Technol Transfer 11, 187–202 (2009). https://doi.org/10.1007/s10009-009-0106-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10009-009-0106-5

Keywords

Search

Navigation