Skip to main content
SpringerLink
Log in

Memory Management Test-Case Generation of C Programs Using Bounded Model Checking

  • Conference paper
  • First Online:
Software Engineering and Formal Methods (SEFM 2015)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 9276))

Included in the following conference series:

Abstract

We describe a novel method to automatically generate and verify memory management test cases for unit tests, which are based on assertions extracted from safety properties typically generated by bounded model checking (BMC) tools. In particular, the proposed method checks for properties related to pointer safety, memory leaks, and invalid deallocation. To investigate our method’s effectiveness, we developed a tool called Map2Check that adopts the ESBMC model checker and the CUnit testing framework. Additionally, Map2Check provides an integration of BMC tools with unit testing frameworks, which helps developers not very familiar with formal methods to verify large C programs. We use Map2Check to perform an empirical evaluation over publicly available benchmarks and compare the results to recognized tools, e.g., Valgrind’s Memcheck, CBMC, LLBMC, CPAChecker, Predator, and ESBMC. Experimental results show that our proposed method detects at least as many memory management defects as existing tools; and it does not report any false positive and negative. We compared Map2Check with tools on the Competition on Software Verification 2014 (SVCOMP), in the MemorySafety category. Map2Check would have the same score than the 1st place and it would win the 2st place when ranking the evaluated tools on memory consumption.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://cunit.sourceforge.net/doc/introduction.html#usage.

  2. 2.

    https://sites.google.com/site/map2check/.

  3. 3.

    Available at https://github.com/eliben/pycparser.

References

  1. Baier, C., Katoen, J.P.: Principles of Model Checking. MIT Press, Cambridge (2008)

    Google Scholar 

  2. Beyer, D.: Status report on software verification. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014 (ETAPS). LNCS, vol. 8413, pp. 373–388. Springer, Heidelberg (2014)

    Google Scholar 

  3. Beyer, D.: Competition on Software Verification (SV-COMP) - Results of the Competition (2015). http://sv-comp.sosy-lab.org/2015/results/MemorySafety.table.html

  4. Beyer, D., Keremoglu, M.E.: CPAchecker: a tool for configurable software verification. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 184–190. Springer, Heidelberg (2011)

    Google Scholar 

  5. Clarke, E., Kroning, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168–176. Springer, Heidelberg (2004)

    Google Scholar 

  6. Clarke, E.M.: The birth of model checking. In: Grumberg, Orna, Veith, Helmut (eds.) 25 Years of Model Checking. LNCS, vol. 5000, pp. 1–26. Springer, Heidelberg (2008)

    Google Scholar 

  7. Clause, J., Orso, A.: LEAKPOINT: pinpointing the causes of memory leaks. In: ICSE, pp. 515–524. ACM (2010)

    Google Scholar 

  8. Comar, C., Kanig, J., Moy, Y.: Integrating formal program verification with testing. In: ERTS (2012)

    Google Scholar 

  9. Cordeiro, L., Fischer, B., Marques-Silva, J.: SMT-Based bounded model checking for embedded ANSI-C software. In: TSE, pp. 957–974. IEEE (2012)

    Google Scholar 

  10. Delahaye, M., Kosmatov, N., Signoles, J.: Common specification language for static and dynamic analysis of C programs. In: SAC, pp. 1230–1235. ACM (2013)

    Google Scholar 

  11. Dudka, K., Peringer, P., Vojnar, T.: Predator: a shape analyzer based on symbolic memory graphs. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014 (ETAPS). LNCS, vol. 8413, pp. 412–414. Springer, Heidelberg (2014)

    Google Scholar 

  12. Flanagan, C., Saxe, J.B.: Avoiding exponential explosion: generating compact verification conditions. In: POPL, pp. 193–205. ACM (2001)

    Google Scholar 

  13. Groce, A., Joshi, R.: Extending model checking with dynamic analysis. In: Logozzo, F., Peled, D.A., Zuck, L.D. (eds.) VMCAI 2008. LNCS, vol. 4905, pp. 142–156. Springer, Heidelberg (2008)

    Google Scholar 

  14. Holik, L., Hruska, M., Lengal, O., Rogalewicz, A., Simacek, J., Vojnar, T.: Forester, (2015). http://www.fit.vutbr.cz/research/groups/verifit/tools/forester/

  15. Holzer, A., Schallhart, C., Tautschnig, M., Veith, H.: FShell: systematic test case generation for dynamic analysis and measurement. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 209–213. Springer, Heidelberg (2008)

    Google Scholar 

  16. Kahsai, T., Gurfinkel, A., Navas, J.A.: SeaHorn - A software verification tool (2015). https://bitbucket.org/lememta/seahorn/wiki/Home

  17. Kebrt, M., Šerý, O.: UnitCheck: unit testing and model checking combined. In: Liu, Z., Ravn, A.P. (eds.) ATVA 2009. LNCS, vol. 5799, pp. 97–103. Springer, Heidelberg (2009)

    Google Scholar 

  18. Kumar, A.: CUnit (2014). http://cunit.sourceforge.net/

  19. Merz, F., Falke, S., Sinz, C.: LLBMC: bounded model checking of C and C++ programs using a compiler IR. In: Joshi, R., Müller, P., Podelski, A. (eds.) VSTTE 2012. LNCS, vol. 7152, pp. 146–161. Springer, Heidelberg (2012)

    Google Scholar 

  20. Myers, G.J., Sandler, C.: The Art of Software Testing. Wiley, New York (2004)

    Google Scholar 

  21. Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: CETS: compiler enforced temporal safety for C. In: ISMM, pp. 31–40. ACM (2010)

    Google Scholar 

  22. Nethercote, N., Seward, J.: Valgrind: a framework for heavyweight dynamic binary instrumentation. In: PLDI, pp. 89–100. ACM (2007)

    Google Scholar 

  23. Rocha, H., Cordeiro, L., Barreto, R., Netto, J.: Exploiting safety properties in bounded model checking for test cases generation of C programs. In: SAST, pp. 121–130. SBC (2010)

    Google Scholar 

  24. Ströder, T., Giesl, J., Brockschmidt, M., Frohn, F., Fuhs, C., Hensel, J., Schneider-Kamp, P.: Proving termination and memory safety for programs with pointer arithmetic. In: Demri, S., Kapur, D., Weidenbach, C. (eds.) IJCAR 2014. LNCS, vol. 8562, pp. 208–223. Springer, Heidelberg (2014)

    Google Scholar 

  25. Williams, N., Marre, B., Mouy, P., Roger, M.: PathCrawler: automatic generation of path tests by combining static and dynamic analysis. In: Dal Cin, M., Kaâniche, M., Pataricza, A. (eds.) EDCC 2005. LNCS, vol. 3463, pp. 281–292. Springer, Heidelberg (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Federal University of Amazonas, Manaus, Brazil

    Herbert Rocha, Raimundo Barreto & Lucas Cordeiro

Authors
  1. Herbert Rocha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Raimundo Barreto
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lucas Cordeiro
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Herbert Rocha .

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of York, York, United Kingdom

    Radu Calinescu

  2. Software Engineering, Department of Computer Science, RWTH Aachen University, Aachen, Germany

    Bernhard Rumpe

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Rocha, H., Barreto, R., Cordeiro, L. (2015). Memory Management Test-Case Generation of C Programs Using Bounded Model Checking. In: Calinescu, R., Rumpe, B. (eds) Software Engineering and Formal Methods. SEFM 2015. Lecture Notes in Computer Science(), vol 9276. Springer, Cham. https://doi.org/10.1007/978-3-319-22969-0_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-22969-0_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-22968-3

  • Online ISBN: 978-3-319-22969-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation