C source code-oriented automatic formal verification tool and method

Abstract

The invention discloses a C source code-oriented automatic formal verification tool and method, and the method comprises the steps: inserting a compiled code function specification into a C source code, automatically converting the function specification and the C source code into an intermediate representation which can be processed by a program verifier, converting the intermediate representation into an intermediate verification language code through the program verifier for formal verification input; by the adoption of the formalization method, automatic formalization verification can be conducted on the converted source code so as to verify the functionality and safety of the source code. On the basis that each interface function passes code function correctness verification, an abstract model is constructed by utilizing a behavior modeling language and a combined verification technology; and then an interaction behavior is simulated by utilizing a model simulation engine and an attribute detection engine, a security attribute is verified, and whether the code meets a security attribute specification or not is judged. According to the invention, formalized verification of the C source code can be realized in an automatic form, the used intermediate representation generator can automatically generate the intermediate representation, the program verifier can automatically generate the intermediate verification language code, and the model simulation engine and the attribute detection engine can automatically verify the security attribute. The measures can greatly improve the C source code verification efficiency and reduce the manual participation degree.

Description

technical field [0001] The invention relates to the technical field of C language source code security, in particular to an automatic formal verification tool and method for C source code. Background technique [0002] Formal verification methods use mathematical formulas, theorems and systems to verify the correctness of a system. The formal verification process can prove that a system does not exist a certain defect or conforms to a certain property or properties. Software testing cannot prove that a system is free from defects, nor that it conforms to certain properties. A system cannot be proven or tested to be defect-free because it is impossible to formally specify what is "defect-free". All that can be done is to prove that a system is free of every conceivable defect and satisfies all functional specifications and safety properties. [0003] C language is a general-purpose programming language. Because of its high efficiency, flexibility, rich functions, strong ex...

AI Technical Summary

Problems solved by technology

[0004] The purpose of the present invention is to provide an automated formal verification tool and method for C source code, which solves the security problems faced by the above-mentioned C language code and the problems of large workload and low verification efficiency of traditional formal verification

Images