Installation Instructions: INSTALL.txt
Develop and Contribute: doc/Developing.txt
More details can be found in doc/*.txt
This codebase builds on top of v1.4 (stable) of CPAChecker, obtained from https://svn.sosy-lab.org/software/cpachecker/tags/cpachecker-1.4/ with an Apache 2.0 license. It is an implementation for extending the Impact algorithm to handle heaps, as part of an oracle-guided heap invariant synthesis algorithm.
All programs need to pre-processed with the C pre-processor, i.e., they may not contain #define and #include directives. You can enable pre-processing inside CPAchecker by specifying -preprocess on the command line. Multiple C files can be given and will be linked together and verified as a single program (experimental feature).
CPAchecker is able to parse and analyze a large subset of (GNU)C. If parsing fails for your program, please send a report to cpachecker-users@googlegroups.com.
-
Choose a source code file that you want to be checked. If you use your own program, remember to pre-process it as mentioned above. Example:
doc/examples/example.c
. A good source for more example programs is the benchmark set of the TACAS 2013 Competition on Software Verification, which can be checked out from https://svn.sosy-lab.org/software/sv-benchmarks/trunk. -
If you want to enable certain analyses like predicate analysis, choose a configuration file. This file defines for example which CPAs are used. Standard configuration files can be found in the directory
config/
. Example:config/predicateAnalysis.properties
. The configuration of CPAchecker is explained indoc/Configuration.txt
. -
Choose a specification file (you may not need this for some CPAs). The standard configuration files use
config/specification/default.spc
as the default specification. With this one, CPAchecker will look for labels namedERROR
(case insensitive) and assertions in the source code file. Other examples for specifications can be found inconfig/specification/
-
Execute
scripts/cpa.sh [ -config <CONFIG_FILE> ] [ -spec <SPEC_FILE> ] <SOURCE_FILE>
. Either a configuration file or a specification file needs to be given. The current directory should be the CPAchecker project directory. Additional command line switches are described indoc/Configuration.txt
. Example:scripts/cpa.sh -config config/predicateAnalysis.properties doc/examples/example.c
. This example can also be abbreviated toscripts/cpa.sh -predicateAnalysis doc/examples/example.c
. A Java 1.7 compatible JVM is necessary. If it is not in your PATH, you need to specify it in the environment variable JAVA. Example:export JAVA=/usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java
for 64bit OpenJDK 7 on Ubuntu. On Windows, you need to usecpa.bat
instead ofcpa.sh
. Also, predicateAnalysis is currently not supported on Windows, so you need to use other analyses like explicitAnalysis. -
Additionally to the console output, there will be several files in the directory
output/
:ARG.dot
: Visualization of abstract reachability tree (Graphviz format)cfa*.dot
: Visualization of control flow automaton (Graphviz format)reached.dot
: Visualization of control flow automaton with the abstract states visualized on top (Graphviz format)counterexample.msat
: Formula representation of the error pathcoverage.info
: Coverage information (similar to those of testing tools) in Gcov format. Use the following command line to generate an HTML report asoutput/index.html
:genhtml output/coverage.info --output-directory output --legend
ErrorPath.*.txt
: A path through the program that leads to an errorErrorPath.*.assignment.txt
: Assignments for all variables on the error pathpredmap.txt
: Predicates used by predicate analysis to prove program safetyreached.txt
: Dump of all reached abstract statesStatistics.txt
: Time statistics (can also be printed to console with "-stats")
Note that not all of these files will be available for all configurations. Also some of these files are only produced if an error is found (or vice-versa). CPAchecker will overwrite files in this directory! A graphical report which can be viewed in a browser can be generated from these files by running scripts/report-generator.py
(Cf. doc/BuildReport.txt
).