Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Source Code Analysis with a Temporal Extension of First-Order Logic

  • Conference paper
  • First Online:
Formal Methods: Foundations and Applications (SBMF 2018)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 11254))

Included in the following conference series:

  • 350 Accesses

Abstract

Formal methods and static analysis are widely used in software development, in particular in the context of safety-critical systems. They can be used to prove that the software behavior complies with its specification: the software correctness. In this article, we address another usage of these methods: the verification of the quality of the source code, i.e., the compliance with guidelines, coding rules, design patterns.

Such rules can refer to the structure of the source code through its Abstract Syntax Tree (AST) or to execution paths in the Control Flow Graph (CFG) of functions. AST and CFGs offer complementary information and current methods are not able to exploit both of them simultaneously. In this article, we propose an approach to automatically verifying the compliance of an application with specifications (coding rules) that reason about both the AST of the source code and the CFG of its functions. To formally express the specification, we introduce \(FO^{++}\), a logic defined as a temporal extension of many-sorted first-order logic. In our framework, verifying the compliance of the source code comes down to the model-checking problem for \(FO^{++}\). We present a correct and complete model checking algorithm for \(FO^{++}\) and establish that the model checking problem of \(FO^{++}\) is PSPACE-complete. This approach is implemented into Pangolin, a tool for analyzing C++ programs. We use Pangolin to analyze two middle-sized open-source projects, looking for violations of six coding rules and report on several detected violations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Not to be confused with functions in the software under study.

  2. 2.

    For any \(x\in \mathcal {D} \) if \(\mathrm {has\_eks} (x)\) if and only if \(\text {eks} (x)\) is defined.

  3. 3.

    For conciseness, we only provide the semantics of a minimal set of Boolean connectives.

  4. 4.

    It applies to both \(\models _{\text {LTL}}\) and \(\models _{\text {CTL}}\) and is thus simply denoted with \(\models \).

  5. 5.

    https://gitlab.com/Davidbrcz/Pangolin.

  6. 6.

    Pangolin is available at https://gitlab.com/Davidbrcz/Pangolin.

  7. 7.

    But all rules are available in Pangolin repository.

References

  1. ISO International Standard ISO/IEC 14882:2014(E) Programming Language C++

    Google Scholar 

  2. Alves, T.L., Hage, J., Rademaker, P.: A comparative study of code query technologies. In: Proceedings - 11th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2011, pp. 145–154 (2011)

    Google Scholar 

  3. Alves, T.L., Visser, J.: Static estimation of test coverage. In: 2009 Ninth IEEE International Working Conference on Source Code Analysis and Manipulation, pp. 55–64, September 2009

    Google Scholar 

  4. Avgustinov, P., De Moor, O., Jones, M.P., Schäfer, M.: QL: object-oriented queries on relational data. In: Ecoop 2016, pp. 1–25 (2016)

    Google Scholar 

  5. Bohn, J., Damm, W., Grumberg, O., Hungar, H., Laster, K.: First-order-CTL model checking. In: Arvind, V., Ramanujam, S. (eds.) FSTTCS 1998. LNCS, vol. 1530, pp. 283–294. Springer, Heidelberg (1998). https://doi.org/10.1007/978-3-540-49382-2_27

    Chapter  Google Scholar 

  6. Brunel, J., Doligez, D., Hansen, R.R., Lawall, J.L., Muller, G.: A foundation for flow-based program matching. ACM SIGPLAN Not. 44(1), 114 (2009)

    Article  Google Scholar 

  7. Cabot, J., Gogolla, M.: Object Constraint Language (OCL): a definitive guide. In: Bernardo, M., Cortellessa, V., Pierantonio, A. (eds.) SFM 2012. LNCS, vol. 7320, pp. 58–90. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30982-3_3

    Chapter  Google Scholar 

  8. Caleiro, C., Sernadas, C., Sernadas, A.: Parameterisation of logics. In: Fiadeiro, J.L. (ed.) WADT 1998. LNCS, vol. 1589, pp. 48–63. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48483-3_4

    Chapter  Google Scholar 

  9. Cavada, R., et al.: The nuXmv symbolic model checker. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 334–342. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08867-9_22

    Chapter  Google Scholar 

  10. Crew, R.F.: ASTLOG: a language for examining abstract syntax trees. In: Proceedings of the Conference on Domain-Specific Languages on Conference on Domain-Specific Languages (DSL), DSL 1997, p. 18. USENIX Association, Berkeley (1997)

    Google Scholar 

  11. Dit, B., Revelle, M., Gethers, M., Poshyvanyk, D.: Feature location in source code: a taxonomy and survey. J. Softw. Evol. Process. 25(1), 53–95 (2013)

    Article  Google Scholar 

  12. Ebert, J., Bildhauer, D.: Reverse engineering using graph queries. In: Engels, G., Lewerentz, C., Schäfer, W., Schürr, A., Westfechtel, B. (eds.) Graph Transformations and Model-Driven Engineering. LNCS, vol. 5765, pp. 335–362. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17322-6_15

    Chapter  Google Scholar 

  13. Huang, H., Zhang, S., Cao, J., Duan, Y.: A practical pattern recovery approach based on both structural and behavioral analysis. J. Syst. Softw. 75(1–2), 69–87 (2005)

    Article  Google Scholar 

  14. Kartsaklis, C., Hernandez, O.R.: HERCULES/PL: the pattern language of HERCULES. In: Proceedings of the 1st Workshop on Programming Language Evolution, pp. 5–10 (2014)

    Google Scholar 

  15. Kuperberg, D., Brunel, J., Chemouil, D.: On finite domains in first-order linear temporal logic. In: Artho, C., Legay, A., Peled, D. (eds.) ATVA 2016. LNCS, vol. 9938, pp. 211–226. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46520-3_14

    Chapter  Google Scholar 

  16. Lawall, J.L., Muller, G., Palix, N.: Enforcing the use of API functions in Linux code. In: Proceedings of the 8th Workshop on Aspects, Components, and Patterns for Infrastructure Software - ACP4IS 2009, p. 7 (2009)

    Google Scholar 

  17. Lopes, B.C., Rafael, A.: Getting Started with LLVM Core Libraries (2014)

    Google Scholar 

  18. van Raamsdonk, F.: Higher-order rewriting. In: Narendran, P., Rusinowitch, M. (eds.) RTA 1999. LNCS, vol. 1631, pp. 220–239. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48685-2_17

    Chapter  MATH  Google Scholar 

  19. Huth, M., Ryan, M.: Logic in Computer Science (2004)

    Google Scholar 

  20. Seifert, M., Samlaus, R.: Static source code analysis using OCL. Electron. Commun. EASST 15 (2008)

    Google Scholar 

  21. Stuckey, P.J., Feydy, T., Schutt, A., Tack, G., Fischer, J.: The MiniZinc challenge 2008–2013. AI Mag. 35(2), 55–60 (2014)

    Article  Google Scholar 

  22. Vardi, M.Y.: The complexity of relational query languages (extended abstract). In: Proceedings of the Fourteenth Annual ACM Symposium on Theory of Computing, STOC 1982, pp. 137–146. ACM, New York (1982)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ONERA, Toulouse, France

    David Come, Julien Brunel & David Doose

Authors
  1. David Come
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Julien Brunel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David Doose
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to David Come .

Editor information

Editors and Affiliations

  1. Federal University of Campina Grande, Campina Grande, Brazil

    Tiago Massoni

  2. University of Leicester, Leicester, UK

    Mohammad Reza Mousavi

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Come, D., Brunel, J., Doose, D. (2018). Source Code Analysis with a Temporal Extension of First-Order Logic. In: Massoni, T., Mousavi, M. (eds) Formal Methods: Foundations and Applications. SBMF 2018. Lecture Notes in Computer Science(), vol 11254. Springer, Cham. https://doi.org/10.1007/978-3-030-03044-5_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-03044-5_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-03043-8

  • Online ISBN: 978-3-030-03044-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation