pa2kmj8i3
/
cbmc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'dev'
${ noResults }
cbmc/codedetect/docs/cbmc-integration-guide.md

1977 lines
46 KiB
Raw Permalink Blame History Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# CBMC集成指南
本指南详细介绍如何在CodeDetect系统中集成和使用CBMCC Bounded Model Checker进行形式化验证。涵盖CBMC安装、配置、优化以及与CodeDetect的深度集成。
## 目录
1. [CBMC简介](#cbmc简介)
2. [系统要求](#系统要求)
3. [CBMC安装](#cbmc安装)
4. [基础配置](#基础配置)
5. [高级配置](#高级配置)
6. [验证模式](#验证模式)
7. [性能优化](#性能优化)
8. [故障排除](#故障排除)
9. [最佳实践](#最佳实践)
10. [扩展开发](#扩展开发)
---
## CBMC简介
### 什么是CBMC
CBMC是一个针对C/C++程序的有界模型检查器Bounded Model Checker它可以
- **验证程序属性**: 检查数组越界、空指针解引用、整数溢出等
- **查找运行时错误**: 内存泄漏、断言失败、除零错误等
- **生成反例**: 当验证失败时提供具体的反例路径
- **支持并发**: 验证多线程程序的正确性
### CBMC在CodeDetect中的作用
CodeDetect系统使用CBMC作为核心验证引擎
```
C/C++代码 → 解析 → 规范生成 → CBMC验证 → 结果分析
```
**集成架构**:
```
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ CodeDetect │ │ 规范生成 │ │ CBMC引擎 │
│ 解析器 │───▶│ LLM驱动 │───▶│ 模型检查 │
└─────────────────┘ └─────────────────┘ └─────────────────┘
┌─────────────────┐
│ 结果解析 │
│ 错误分析 │
└─────────────────┘
```
---
## 系统要求
### 硬件要求
- **CPU**: 64位处理器推荐4核以上
- **内存**: 最少4GB推荐8GB以上
- **存储**: 最少2GB可用空间
- **操作系统**: Linux (Ubuntu 18.04+), macOS 10.14+, Windows 10+
### 软件要求
- **Python**: 3.8+
- **CMake**: 3.10+
- **构建工具**: GCC 7+ 或 Clang 6+
- **依赖库**:
- GMP (GNU Multiple Precision Arithmetic Library)
- MiniSat (SAT求解器)
- CUDD (BDD包可选)
---
## CBMC安装
### 方法1: 包管理器安装
#### Ubuntu/Debian
```bash
# 更新包列表
sudo apt-get update
# 安装CBMC
sudo apt-get install cbmc
# 安装可选组件
sudo apt-get install cbmc-viewer # 可视化工具
sudo apt-get install cbmc-test # 测试套件
```
#### macOS (Homebrew)
```bash
# 安装Homebrew如果尚未安装
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
# 安装CBMC
brew install cbmc
```
#### Windows (Scoop)
```powershell
# 安装Scoop
iwr -useb get.scoop.sh | iex
# 添加extras bucket
scoop bucket add extras
# 安装CBMC
scoop install cbmc
```
### 方法2: 源码编译
#### 1. 获取源码
```bash
# 克隆CBMC仓库
git clone https://github.com/diffblue/cbmc.git
cd cbmc
# 初始化子模块
git submodule update --init --recursive
```
#### 2. 编译依赖
```bash
# Ubuntu/Debian
sudo apt-get install -y \
build-essential \
cmake \
libgmp-dev \
libminisat-dev \
flex \
bison
# macOS
brew install cmake gmp minisat flex bison
```
#### 3. 编译CBMC
```bash
# 创建构建目录
mkdir build && cd build
# 配置CMake
cmake .. \
-DCMAKE_BUILD_TYPE=Release \
-DWITH_JBMC=OFF \
-DWITH_CBMC_TESTS=OFF
# 编译
make -j$(nproc)
# 安装(可选)
sudo make install
```
#### 4. 验证安装
```bash
# 检查CBMC版本
cbmc --version
# 预期输出类似:
# CBMC 5.72.0
```
### 方法3: Docker容器
```dockerfile
# Dockerfile
FROM ubuntu:20.04
# 安装依赖
RUN apt-get update && apt-get install -y \
cbmc \
python3 \
python3-pip \
&& rm -rf /var/lib/apt/lists/*
# 设置工作目录
WORKDIR /app
# 复制应用代码
COPY . .
# 安装Python依赖
RUN pip3 install -r requirements.txt
# 暴露端口
EXPOSE 8080
# 启动命令
CMD ["python3", "src/ui/web_app.py"]
```
---
## 基础配置
### CodeDetect配置
#### 1. 配置文件设置
编辑 `config/default.yaml`:
```yaml
# CBMC配置
cbmc:
# CBMC可执行文件路径
path: "cbmc" # 或完整路径如 "/usr/bin/cbmc"
# 默认超时时间(秒)
timeout: 300
# 验证深度
depth: 20
# 循环展开限制
unwind: 10
# 内存模型
memory_model: "little-endian"
# 输出格式
output_format: "text"
# 最大并发作业数
max_concurrent_jobs: 4
# 搜索策略
search_strategy: "depth_first"
# CBMC命令行选项
options:
- "--bounds-check"
"--pointer-check"
"--div-by-zero-check"
"--undefined-value-check"
"--float-overflow-check"
"--nan-check"
# 验证配置
verification:
# 验证类型
types:
- "memory_safety"
- "overflow_detection"
- "pointer_validity"
# 质量阈值
quality_threshold: 0.7
# 最大验证时间
max_verification_time: 600
```
#### 2. 环境变量配置
```bash
# CBMC路径
export CBMC_PATH="/usr/bin/cbmc"
# CBMC超时
export CBMC_TIMEOUT="300"
# CBMC深度
export CBMC_DEPTH="20"
# CBMC展开限制
export CBMC_UNWIND="10"
# 并发限制
export CBMC_MAX_CONCURRENT="4"
```
### CBMC运行器配置
#### 1. 运行器初始化
```python
from src.verify.cbmc_runner import CBMCRunner
# 基础配置
config = {
"path": "/usr/bin/cbmc",
"timeout": 300,
"depth": 20,
"unwind": 10,
"options": [
"--bounds-check",
"--pointer-check",
"--div-by-zero-check"
]
}
# 创建运行器
runner = CBMCRunner(config)
```
#### 2. 验证执行
```python
import asyncio
from src.verify.cbmc_runner import CBMCRunner
async def run_verification_example():
"""运行验证示例"""
runner = CBMCRunner()
# 函数元数据
function_metadata = {
"name": "add",
"return_type": "int",
"parameters": [
{"name": "a", "type": "int"},
{"name": "b", "type": "int"}
]
}
# 源文件
source_file = "test.c"
# 验证规范
specification = """
void add_harness() {
int a = nondet_int();
int b = nondet_int();
int result = add(a, b);
__CPROVER_assert(result == a + b, "addition_correctness");
}
"""
# 运行验证
result = await runner.run_verification(
function_metadata=function_metadata,
source_file=source_file,
specification=specification
)
print(f"验证结果: {result.status}")
print(f"执行时间: {result.execution_time}s")
return result
# 运行示例
asyncio.run(run_verification_example())
```
---
## 高级配置
### CBMC选项详解
#### 1. 基础验证选项
```yaml
cbmc:
options:
# 数组边界检查
- "--bounds-check"
# 指针有效性检查
- "--pointer-check"
# 除零错误检查
- "--div-by-zero-check"
# 未定义值检查
- "--undefined-value-check"
# 内存泄漏检查
- "--memory-leak-check"
# 死锁检查(并发程序)
- "--deadlock-check"
# 数据竞争检查(并发程序)
- "--data-race-check"
```
#### 2. 高级验证选项
```yaml
cbmc:
options:
# 整数溢出检查
- "--overflow-check"
# 浮点数溢出检查
- "--float-overflow-check"
# NaN检查
- "--nan-check"
# 符号检查
- "--signed-overflow-check"
# 无符号溢出检查
- "--unsigned-overflow-check"
# 指针算术检查
- "--pointer-overflow-check"
# 转换检查
- "--conversion-check"
```
#### 3. 性能优化选项
```yaml
cbmc:
options:
# 简化条件
- "--simplify"
# 优化表达式
- "--optimize"
# 剪枝无关代码
- "--slice-formula"
# 使用SAT求解器
- "--sat-solver minisat2"
# 并行验证
- "--threads 4"
# 内存限制
- "--max-memory 4096"
```
### 验证类型配置
#### 1. 内存安全验证
```yaml
verification_types:
memory_safety:
name: "内存安全验证"
description: "检查内存访问安全性"
cbmc_options:
- "--bounds-check"
- "--pointer-check"
- "--memory-leak-check"
- "--pointer-primitive-check"
priority: "high"
overflow_detection:
name: "整数溢出检测"
description: "检测整数运算溢出"
cbmc_options:
- "--overflow-check"
- "--signed-overflow-check"
- "--unsigned-overflow-check"
- "--div-by-zero-check"
priority: "medium"
pointer_validity:
name: "指针有效性验证"
description: "验证指针操作的正确性"
cbmc_options:
- "--pointer-check"
- "--pointer-overflow-check"
- "--pointer-primitive-check"
priority: "high"
```
#### 2. 并发验证配置
```yaml
verification_types:
concurrency:
name: "并发性验证"
description: "验证多线程程序的正确性"
cbmc_options:
- "--deadlock-check"
- "--data-race-check"
- "--context-switch"
supported_features:
- "pthread_create"
- "pthread_mutex"
- "pthread_cond"
- "semaphores"
data_races:
name: "数据竞争检测"
description: "专门检测数据竞争"
cbmc_options:
- "--data-race-check"
- "--no-unwinding-assertions"
```
### 特定平台配置
#### 1. FreeRTOS配置
```yaml
platforms:
freertos:
name: "FreeRTOS"
description: "FreeRTOS实时操作系统"
# 头文件路径
include_paths:
- "/path/to/FreeRTOS/Source/include"
- "/path/to/FreeRTOS/Source/portable/GCC/Linux"
# 宏定义
defines:
- "FREERTOS"
- "configUSE_PREEMPTION=1"
- "configUSE_IDLE_HOOK=0"
# CBMC选项
cbmc_options:
- "--function __CPROVER_initialize"
- "--nondet-static"
# 专门的验证类型
verification_types:
- "task_safety"
- "queue_safety"
- "interrupt_safety"
- "memory_safety"
```
#### 2. 嵌入式系统配置
```yaml
platforms:
embedded:
name: "嵌入式系统"
description: "通用嵌入式系统"
# 内存模型
memory_model: "embedded"
# 端大小
pointer_width: 16
# 字节序
endianness: "little"
# 硬件相关宏
defines:
- "__EMBEDDED__"
- "NO_STDIO"
# 简化选项
cbmc_options:
- "--no-library"
- "--no-built-in-functions"
- "--16"
```
---
## 验证模式
### 1. 基本验证模式
#### 单函数验证
```python
async def verify_single_function():
"""验证单个函数"""
# C代码
c_code = """
int factorial(int n) {
if (n <= 1) return 1;
return n * factorial(n - 1);
}
"""
# 生成测试线束
harness = """
void factorial_harness() {
int n = nondet_int();
__CPROVER_assume(n >= 0 && n <= 10); // 限制输入范围
int result = factorial(n);
__CPROVER_assert(result >= 1, "factorial_positive");
}
"""
# 运行验证
result = await runner.run_verification(
function_metadata={"name": "factorial"},
source_file="factorial.c",
specification=harness
)
return result
```
#### 多函数验证
```python
async def verify_multiple_functions():
"""验证多个函数"""
specifications = [
{
"function": "add",
"spec": """
void add_harness() {
int a = nondet_int();
int b = nondet_int();
int result = add(a, b);
__CPROVER_assert(result == a + b, "add_correct");
}
"""
},
{
"function": "multiply",
"spec": """
void multiply_harness() {
int a = nondet_int();
int b = nondet_int();
int result = multiply(a, b);
__CPROVER_assert(result == a * b, "multiply_correct");
}
"""
}
]
# 并行验证
tasks = []
for spec in specifications:
task = runner.run_verification(
function_metadata={"name": spec["function"]},
source_file="math.c",
specification=spec["spec"]
)
tasks.append(task)
results = await asyncio.gather(*tasks)
return results
```
### 2. 增量验证模式
#### 分阶段验证
```python
async def incremental_verification():
"""增量验证示例"""
# 第一阶段:基本验证
basic_options = ["--bounds-check", "--pointer-check"]
basic_result = await runner.run_verification(
function_metadata={"name": "complex_function"},
source_file="complex.c",
specification="basic_harness",
cbmc_options=basic_options
)
if basic_result.status == "success":
# 第二阶段:深入验证
advanced_options = basic_options + [
"--overflow-check",
"--undefined-value-check"
]
advanced_result = await runner.run_verification(
function_metadata={"name": "complex_function"},
source_file="complex.c",
specification="advanced_harness",
cbmc_options=advanced_options
)
return [basic_result, advanced_result]
else:
return [basic_result]
```
#### 自适应验证
```python
async def adaptive_verification():
"""自适应验证策略"""
def get_verification_options(complexity_score):
"""根据复杂度选择验证选项"""
if complexity_score < 0.3:
return ["--bounds-check", "--pointer-check"]
elif complexity_score < 0.6:
return ["--bounds-check", "--pointer-check", "--overflow-check"]
else:
return [
"--bounds-check", "--pointer-check", "--overflow-check",
"--undefined-value-check", "--memory-leak-check"
]
# 分析代码复杂度
complexity_score = analyze_code_complexity("target.c")
# 选择验证策略
options = get_verification_options(complexity_score)
# 运行验证
result = await runner.run_verification(
function_metadata={"name": "target_function"},
source_file="target.c",
specification="adaptive_harness",
cbmc_options=options
)
return result
```
### 3. 专门验证模式
#### 内存安全专项验证
```python
async def memory_safety_verification():
"""内存安全专项验证"""
memory_options = [
"--bounds-check",
"--pointer-check",
"--pointer-primitive-check",
"--memory-leak-check",
"--pointer-overflow-check"
]
# 专门的内存安全测试线束
memory_harness = """
void memory_safety_harness() {
// 测试数组访问
int arr[10];
int index = nondet_int();
__CPROVER_assume(index >= 0 && index < 10);
arr[index] = 42;
// 测试指针操作
int *ptr = malloc(sizeof(int));
if (ptr != NULL) {
*ptr = 100;
free(ptr);
}
}
"""
result = await runner.run_verification(
function_metadata={"name": "memory_operations"},
source_file="memory_test.c",
specification=memory_harness,
cbmc_options=memory_options
)
return result
```
#### 并发安全验证
```python
async def concurrency_verification():
"""并发安全验证"""
concurrency_options = [
"--deadlock-check",
"--data-race-check",
"--context-switch",
"--unwind 5"
]
# 并发测试线束
concurrency_harness = """
#include <pthread.h>
int shared_data = 0;
pthread_mutex_t mutex;
void* thread_func(void* arg) {
pthread_mutex_lock(&mutex);
shared_data++;
pthread_mutex_unlock(&mutex);
return NULL;
}
void concurrency_harness() {
pthread_t t1, t2;
pthread_mutex_init(&mutex, NULL);
pthread_create(&t1, NULL, thread_func, NULL);
pthread_create(&t2, NULL, thread_func, NULL);
pthread_join(t1, NULL);
pthread_join(t2, NULL);
pthread_mutex_destroy(&mutex);
__CPROVER_assert(shared_data == 2, "data_consistency");
}
"""
result = await runner.run_verification(
function_metadata={"name": "concurrent_operations"},
source_file="concurrent_test.c",
specification=concurrency_harness,
cbmc_options=concurrency_options
)
return result
```
---
## 性能优化
### CBMC性能调优
#### 1. 搜索策略优化
```python
def get_optimized_search_strategy(code_complexity):
"""根据代码复杂度选择搜索策略"""
strategies = {
"low": {
"strategy": "depth_first",
"depth": 15,
"unwind": 8,
"options": ["--simplify"]
},
"medium": {
"strategy": "breadth_first",
"depth": 25,
"unwind": 12,
"options": ["--simplify", "--optimize"]
},
"high": {
"strategy": "hybrid",
"depth": 35,
"unwind": 15,
"options": ["--simplify", "--optimize", "--slice-formula"]
}
}
return strategies.get(code_complexity, strategies["medium"])
```
#### 2. 并行验证
```python
async def parallel_verification():
"""并行验证多个规范"""
specifications = [
"spec1.c",
"spec2.c",
"spec3.c",
"spec4.c"
]
# 配置并行选项
parallel_config = {
"max_concurrent": 4,
"timeout_per_job": 120,
"memory_limit": "2048MB"
}
# 创建并行任务
tasks = []
for spec_file in specifications:
task = runner.run_verification(
function_metadata={"name": "test_function"},
source_file="test.c",
specification=read_specification(spec_file),
cbmc_options=["--threads 2"] # 每个任务使用2个线程
)
tasks.append(task)
# 等待所有任务完成
results = await asyncio.gather(*tasks, return_exceptions=True)
return results
```
#### 3. 缓存优化
```python
from functools import lru_cache
import hashlib
class VerificationCache:
"""验证结果缓存"""
def __init__(self, max_size=1000):
self.cache = {}
self.max_size = max_size
def _generate_cache_key(self, source_file, specification, options):
"""生成缓存键"""
content = f"{source_file}:{specification}:{str(options)}"
return hashlib.md5(content.encode()).hexdigest()
def get_cached_result(self, source_file, specification, options):
"""获取缓存结果"""
cache_key = self._generate_cache_key(source_file, specification, options)
return self.cache.get(cache_key)
def cache_result(self, source_file, specification, options, result):
"""缓存验证结果"""
cache_key = self._generate_cache_key(source_file, specification, options)
if len(self.cache) >= self.max_size:
# 移除最旧的条目
oldest_key = next(iter(self.cache))
del self.cache[oldest_key]
self.cache[cache_key] = result
```
### 资源管理
#### 1. 内存限制
```python
def configure_memory_limits():
"""配置内存限制"""
import psutil
# 获取系统内存信息
total_memory = psutil.virtual_memory().total
available_memory = psutil.virtual_memory().available
# 根据可用内存调整CBMC配置
if available_memory > 8 * 1024 * 1024 * 1024: # 8GB+
memory_limit = "4096"
max_concurrent = 4
elif available_memory > 4 * 1024 * 1024 * 1024: # 4GB+
memory_limit = "2048"
max_concurrent = 2
else:
memory_limit = "1024"
max_concurrent = 1
return {
"max_memory": memory_limit,
"max_concurrent": max_concurrent,
"cbmc_options": [f"--max-memory {memory_limit}"]
}
```
#### 2. CPU优化
```python
def configure_cpu_optimization():
"""配置CPU优化"""
import multiprocessing
cpu_count = multiprocessing.cpu_count()
# 根据CPU核心数配置
if cpu_count >= 8:
threads_per_job = 2
max_concurrent = 4
elif cpu_count >= 4:
threads_per_job = 2
max_concurrent = 2
else:
threads_per_job = 1
max_concurrent = 1
return {
"threads_per_job": threads_per_job,
"max_concurrent": max_concurrent,
"cbmc_options": [f"--threads {threads_per_job}"]
}
```
### 验证效率优化
#### 1. 规范简化
```python
def simplify_specification(specification):
"""简化验证规范"""
import re
# 移除注释
spec = re.sub(r'//.*?\n', '\n', specification)
spec = re.sub(r'/\*.*?\*/', '', spec, flags=re.DOTALL)
# 移除空行
spec = re.sub(r'\n\s*\n', '\n', spec)
# 简化重复的断言
lines = spec.split('\n')
unique_lines = []
seen_assertions = set()
for line in lines:
if '__CPROVER_assert' in line:
# 提取断言内容
assertion_match = re.search(r'__CPROVER_assert\(([^,]+)', line)
if assertion_match:
assertion_content = assertion_match.group(1).strip()
if assertion_content not in seen_assertions:
seen_assertions.add(assertion_content)
unique_lines.append(line)
else:
unique_lines.append(line)
return '\n'.join(unique_lines)
```
#### 2. 输入域限制
```python
def generate_input_restrictions(parameters):
"""生成输入域限制"""
restrictions = []
for param in parameters:
param_type = param.get('type', 'int')
param_name = param.get('name', 'var')
if param_type == 'int':
# 限制整数范围
restrictions.append(f"__CPROVER_assume({param_name} >= -1000 && {param_name} <= 1000);")
elif param_type == 'unsigned int':
restrictions.append(f"__CPROVER_assume({param_name} <= 1000);")
elif 'char*' in param_type:
# 限制字符串长度
restrictions.append(f"__CPROVER_assume(__CPROVER_r_ok({param_name}, 100));")
return '\n'.join(restrictions)
```
---
## 故障排除
### 常见错误及解决方案
#### 1. CBMC未找到错误
**错误信息**:
```
CBMC installation error: cbmc not found
```
**解决方案**:
```python
def check_cbmc_installation():
"""检查CBMC安装"""
import subprocess
import shutil
# 检查CBMC是否在PATH中
cbmc_path = shutil.which('cbmc')
if cbmc_path:
print(f"CBMC found at: {cbmc_path}")
return cbmc_path
# 检查常见安装路径
common_paths = [
"/usr/bin/cbmc",
"/usr/local/bin/cbmc",
"/opt/cbmc/bin/cbmc"
]
for path in common_paths:
if os.path.exists(path):
print(f"CBMC found at: {path}")
return path
# 提供安装建议
print("CBMC not found. Please install CBMC:")
print("Ubuntu/Debian: sudo apt-get install cbmc")
print("macOS: brew install cbmc")
print("Or compile from source: https://github.com/diffblue/cbmc")
return None
```
#### 2. 验证超时错误
**错误信息**:
```
TimeoutError: CBMC verification timeout
```
**解决方案**:
```python
def handle_verification_timeout(result):
"""处理验证超时"""
if result.status == "timeout":
print("验证超时,尝试以下解决方案:")
# 分析原因并提供建议
suggestions = []
# 检查代码复杂度
if hasattr(result, 'complexity_score') and result.complexity_score > 0.7:
suggestions.append("代码复杂度过高,建议简化函数逻辑")
# 检查循环展开
if hasattr(result, 'unwind_count') and result.unwind_count > 20:
suggestions.append("循环展开过多,建议减少--unwind参数")
# 检查验证深度
if hasattr(result, 'verification_depth') and result.verification_depth > 30:
suggestions.append("验证深度过大,建议减少--depth参数")
# 通用建议
suggestions.extend([
"增加超时时间: --timeout 600",
"启用简化选项: --simplify",
"限制输入域范围",
"分阶段验证"
])
for suggestion in suggestions:
print(f" - {suggestion}")
return result
```
#### 3. 内存不足错误
**错误信息**:
```
CBMC out of memory
```
**解决方案**:
```python
def handle_memory_error():
"""处理内存不足错误"""
import psutil
# 检查系统内存
memory = psutil.virtual_memory()
print(f"系统内存: {memory.total / 1024 / 1024 / 1024:.1f}GB")
print(f"可用内存: {memory.available / 1024 / 1024 / 1024:.1f}GB")
# 优化建议
optimizations = [
"启用公式剪枝: --slice-formula",
"启用表达式优化: --optimize",
"限制内存使用: --max-memory 2048",
"减少并发验证数",
"简化验证条件",
"分模块验证"
]
print("内存优化建议:")
for opt in optimizations:
print(f" - {opt}")
# 返回优化后的配置
return {
"cbmc_options": [
"--slice-formula",
"--optimize",
"--max-memory 2048"
],
"max_concurrent": 1
}
```
#### 4. 解析错误
**错误信息**:
```
CBMC parse error: syntax error
```
**解决方案**:
```python
def handle_parse_error(error_output, source_file):
"""处理解析错误"""
# 分析错误信息
import re
line_match = re.search(r'line (\d+)', error_output)
if line_match:
error_line = int(line_match.group(1))
# 读取错误行附近的代码
with open(source_file, 'r') as f:
lines = f.readlines()
print(f"解析错误在文件 {source_file}{error_line} 行:")
# 显示错误行上下文
start_line = max(0, error_line - 3)
end_line = min(len(lines), error_line + 2)
for i in range(start_line, end_line):
prefix = ">>> " if i == error_line - 1 else " "
print(f"{prefix}{i+1:3d}: {lines[i].rstrip()}")
# 提供修复建议
print("\n可能的修复方案:")
print(" - 检查语法错误(缺少分号、括号不匹配等)")
print(" - 确保所有变量都已声明")
print(" - 检查函数声明和定义")
print(" - 验证宏定义的正确性")
```
### 性能监控
#### 1. 验证性能监控
```python
import time
import psutil
import threading
class VerificationMonitor:
"""验证性能监控"""
def __init__(self):
self.metrics = {
'start_time': None,
'end_time': None,
'memory_usage': [],
'cpu_usage': [],
'is_monitoring': False
}
self.monitor_thread = None
def start_monitoring(self):
"""开始监控"""
self.metrics['start_time'] = time.time()
self.metrics['is_monitoring'] = True
# 启动监控线程
self.monitor_thread = threading.Thread(target=self._monitor_resources)
self.monitor_thread.daemon = True
self.monitor_thread.start()
def stop_monitoring(self):
"""停止监控"""
self.metrics['is_monitoring'] = False
self.metrics['end_time'] = time.time()
if self.monitor_thread:
self.monitor_thread.join()
def _monitor_resources(self):
"""监控资源使用"""
process = psutil.Process()
while self.metrics['is_monitoring']:
try:
# 内存使用
memory_info = process.memory_info()
memory_mb = memory_info.rss / 1024 / 1024
self.metrics['memory_usage'].append(memory_mb)
# CPU使用率
cpu_percent = process.cpu_percent()
self.metrics['cpu_usage'].append(cpu_percent)
time.sleep(1) # 每秒采样一次
except Exception:
break
def get_performance_report(self):
"""生成性能报告"""
if not self.metrics['start_time']:
return "监控未开始"
duration = (self.metrics['end_time'] or time.time()) - self.metrics['start_time']
avg_memory = sum(self.metrics['memory_usage']) / len(self.metrics['memory_usage']) if self.metrics['memory_usage'] else 0
max_memory = max(self.metrics['memory_usage']) if self.metrics['memory_usage'] else 0
avg_cpu = sum(self.metrics['cpu_usage']) / len(self.metrics['cpu_usage']) if self.metrics['cpu_usage'] else 0
max_cpu = max(self.metrics['cpu_usage']) if self.metrics['cpu_usage'] else 0
return f"""
性能报告:
- 验证时间: {duration:.2f}s
- 平均内存使用: {avg_memory:.1f}MB
- 峰值内存使用: {max_memory:.1f}MB
- 平均CPU使用率: {avg_cpu:.1f}%
- 峰值CPU使用率: {max_cpu:.1f}%
"""
```
#### 2. 验证结果分析
```python
def analyze_verification_results(results):
"""分析验证结果"""
total_verifications = len(results)
successful = sum(1 for r in results if r.status == "success")
failed = sum(1 for r in results if r.status == "failure")
timeout = sum(1 for r in results if r.status == "timeout")
success_rate = (successful / total_verifications * 100) if total_verifications > 0 else 0
# 执行时间统计
execution_times = [r.execution_time for r in results if hasattr(r, 'execution_time')]
avg_time = sum(execution_times) / len(execution_times) if execution_times else 0
max_time = max(execution_times) if execution_times else 0
# 内存使用统计
memory_usage = [getattr(r, 'memory_used', 0) for r in results]
avg_memory = sum(memory_usage) / len(memory_usage) if memory_usage else 0
analysis = {
"total_verifications": total_verifications,
"successful": successful,
"failed": failed,
"timeout": timeout,
"success_rate": success_rate,
"average_execution_time": avg_time,
"max_execution_time": max_time,
"average_memory_usage": avg_memory
}
# 生成建议
suggestions = []
if success_rate < 80:
suggestions.append("成功率较低,建议检查代码质量和验证条件")
if avg_time > 30:
suggestions.append("平均验证时间较长,考虑优化验证策略")
if timeout > total_verifications * 0.2:
suggestions.append("超时率较高,建议增加超时时间或简化验证")
analysis["suggestions"] = suggestions
return analysis
```
---
## 最佳实践
### 代码编写最佳实践
#### 1. 验证友好的代码结构
```c
// 好的实践:清晰的函数分离
int validate_input(int value) {
if (value < 0 || value > 1000) {
return -1; // 错误值
}
return 0; // 成功
}
int process_data(int data) {
// 输入验证
if (validate_input(data) != 0) {
return -1;
}
// 处理逻辑
int result = data * 2;
// 结果验证
if (result < 0) {
return -1; // 溢出检查
}
return result;
}
```
#### 2. 边界条件处理
```c
// 好的实践:边界条件检查
int array_access(int *array, int size, int index) {
// 参数验证
if (array == NULL || size <= 0) {
return -1;
}
// 边界检查
if (index < 0 || index >= size) {
return -1;
}
return array[index];
}
// 好的实践:整数运算安全
int safe_multiply(int a, int b) {
// 检查乘法溢出
if (a != 0 && b != 0) {
if (a > INT_MAX / b || a < INT_MIN / b) {
return -1; // 溢出
}
}
return a * b;
}
```
#### 3. 内存安全操作
```c
// 好的实践:安全的内存操作
char* safe_string_copy(const char *src, size_t max_len) {
if (src == NULL) {
return NULL;
}
size_t len = strnlen(src, max_len);
char *dest = (char*)malloc(len + 1);
if (dest == NULL) {
return NULL;
}
strncpy(dest, src, len);
dest[len] = '\0';
return dest;
}
// 好的实践:资源管理
void resource_management_example() {
FILE *file = fopen("data.txt", "r");
if (file == NULL) {
return;
}
char *buffer = (char*)malloc(1024);
if (buffer == NULL) {
fclose(file);
return;
}
// 使用资源...
// 清理资源
free(buffer);
fclose(file);
}
```
### 验证策略最佳实践
#### 1. 渐进式验证
```python
def progressive_verification(source_file):
"""渐进式验证策略"""
# 第一阶段:基本语法和类型检查
basic_result = run_verification_with_options(
source_file,
options=["--bounds-check", "--pointer-check"]
)
if basic_result.status != "success":
return basic_result
# 第二阶段:运算和溢出检查
overflow_result = run_verification_with_options(
source_file,
options=["--overflow-check", "--div-by-zero-check"]
)
if overflow_result.status != "success":
return overflow_result
# 第三阶段:完整验证
full_result = run_verification_with_options(
source_file,
options=[
"--bounds-check", "--pointer-check", "--overflow-check",
"--undefined-value-check", "--memory-leak-check"
]
)
return full_result
```
#### 2. 验证覆盖最大化
```python
def maximize_verification_coverage(function_metadata):
"""最大化验证覆盖"""
verification_plans = []
# 为每个函数生成多种验证规范
for func in function_metadata:
# 基本功能验证
basic_spec = generate_basic_spec(func)
verification_plans.append({
"function": func["name"],
"specification": basic_spec,
"priority": "high"
})
# 边界条件验证
boundary_spec = generate_boundary_spec(func)
verification_plans.append({
"function": func["name"],
"specification": boundary_spec,
"priority": "medium"
})
# 错误处理验证
error_spec = generate_error_spec(func)
verification_plans.append({
"function": func["name"],
"specification": error_spec,
"priority": "medium"
})
# 根据优先级排序
priority_order = {"high": 3, "medium": 2, "low": 1}
verification_plans.sort(
key=lambda x: priority_order[x["priority"]],
reverse=True
)
return verification_plans
```
#### 3. 性能优化的验证
```python
def optimized_verification_workflow(source_files, available_resources):
"""优化的验证工作流"""
# 分析代码复杂度
complexity_analysis = analyze_code_complexity(source_files)
# 根据资源分配验证任务
verification_tasks = []
for file_info in complexity_analysis:
if file_info["complexity"] < 0.3:
# 简单代码:快速验证
tasks = create_simple_verification_tasks(file_info)
elif file_info["complexity"] < 0.7:
# 中等复杂度:标准验证
tasks = create_standard_verification_tasks(file_info)
else:
# 复杂代码:分阶段验证
tasks = create_phased_verification_tasks(file_info)
verification_tasks.extend(tasks)
# 资源感知调度
scheduled_tasks = schedule_with_resource_constraints(
verification_tasks, available_resources
)
return scheduled_tasks
```
### CBMC配置最佳实践
#### 1. 环境特定配置
```yaml
# 开发环境配置
development:
cbmc:
timeout: 120
depth: 15
unwind: 8
options:
- "--bounds-check"
- "--pointer-check"
- "--simplify"
verification:
max_concurrent_jobs: 2
# 生产环境配置
production:
cbmc:
timeout: 600
depth: 30
unwind: 15
options:
- "--bounds-check"
- "--pointer-check"
- "--overflow-check"
- "--undefined-value-check"
- "--memory-leak-check"
- "--slice-formula"
verification:
max_concurrent_jobs: 4
```
#### 2. 项目类型配置
```yaml
# 嵌入式项目配置
embedded_project:
cbmc:
pointer_width: 16
endianness: "little"
options:
- "--16"
- "--little-endian"
- "--no-library"
- "--no-built-in-functions"
verification_types:
- "memory_safety"
- "overflow_detection"
# 安全关键项目配置
safety_critical:
cbmc:
timeout: 1800 # 30分钟
depth: 50
unwind: 25
options:
- "--bounds-check"
- "--pointer-check"
- "--overflow-check"
- "--undefined-value-check"
- "--memory-leak-check"
- "--deadlock-check"
- "--data-race-check"
verification:
quality_threshold: 0.95
require_full_coverage: true
```
---
## 扩展开发
### 自定义CBMC选项生成器
#### 1. 选项生成器基类
```python
from abc import ABC, abstractmethod
from typing import List, Dict, Any
class C BMCOptionGenerator(ABC):
"""CBMC选项生成器基类"""
@abstractmethod
def generate_options(self, context: Dict[str, Any]) -> List[str]:
"""生成CBMC选项"""
pass
@abstractmethod
def get_description(self) -> str:
"""获取生成器描述"""
pass
class MemorySafetyOptionGenerator(CBMCOptionGenerator):
"""内存安全选项生成器"""
def generate_options(self, context: Dict[str, Any]) -> List[str]:
options = [
"--bounds-check",
"--pointer-check",
"--pointer-primitive-check"
]
# 根据代码特征调整选项
if context.get("has_dynamic_allocation", False):
options.append("--memory-leak-check")
if context.get("has_array_operations", False):
options.append("--pointer-overflow-check")
return options
def get_description(self) -> str:
return "生成内存安全验证的CBMC选项"
class ConcurrencyOptionGenerator(CBMCOptionGenerator):
"""并发验证选项生成器"""
def generate_options(self, context: Dict[str, Any]) -> List[str]:
options = [
"--deadlock-check",
"--data-race-check"
]
if context.get("has_threads", False):
options.extend([
"--context-switch",
"--unwind 10"
])
return options
def get_description(self) -> str:
return "生成并发验证的CBMC选项"
```
#### 2. 选项生成器注册
```python
class CBMCOptionRegistry:
"""CBMC选项生成器注册表"""
def __init__(self):
self.generators = {}
self._register_default_generators()
def _register_default_generators(self):
"""注册默认生成器"""
generators = [
MemorySafetyOptionGenerator(),
ConcurrencyOptionGenerator(),
OverflowOptionGenerator(),
PerformanceOptionGenerator()
]
for generator in generators:
self.register_generator(generator)
def register_generator(self, generator: CBMCOptionGenerator):
"""注册选项生成器"""
generator_name = generator.__class__.__name__.lower().replace('generator', '')
self.generators[generator_name] = generator
def get_generator(self, name: str) -> CBMCOptionGenerator:
"""获取选项生成器"""
return self.generators.get(name)
def generate_all_options(self, context: Dict[str, Any]) -> List[str]:
"""生成所有选项"""
all_options = []
for generator in self.generators.values():
options = generator.generate_options(context)
all_options.extend(options)
return list(set(all_options)) # 去重
```
### 自定义验证策略
#### 1. 策略基类
```python
from abc import ABC, abstractmethod
from typing import List, Dict, Any, Optional
class VerificationStrategy(ABC):
"""验证策略基类"""
@abstractmethod
async def execute(
self,
source_file: str,
function_metadata: Dict[str, Any],
context: Optional[Dict[str, Any]] = None
) -> List[Dict[str, Any]]:
"""执行验证策略"""
pass
@abstractmethod
def get_strategy_name(self) -> str:
"""获取策略名称"""
pass
@abstractmethod
def get_description(self) -> str:
"""获取策略描述"""
pass
class BasicVerificationStrategy(VerificationStrategy):
"""基础验证策略"""
async def execute(
self,
source_file: str,
function_metadata: Dict[str, Any],
context: Optional[Dict[str, Any]] = None
) -> List[Dict[str, Any]]:
"""执行基础验证"""
# 生成基础测试线束
harness = self._generate_basic_harness(function_metadata)
# 基础CBMC选项
options = [
"--bounds-check",
"--pointer-check"
]
# 执行验证
result = await runner.run_verification(
function_metadata=function_metadata,
source_file=source_file,
specification=harness,
cbmc_options=options
)
return [result]
def _generate_basic_harness(self, function_metadata: Dict[str, Any]) -> str:
"""生成基础测试线束"""
func_name = function_metadata["name"]
params = function_metadata.get("parameters", [])
# 生成参数声明
param_decls = []
param_values = []
for param in params:
param_name = param["name"]
param_type = param["type"]
param_decls.append(f"{param_type} {param_name} = nondet_{param_type}();")
param_values.append(param_name)
# 构建线束
harness = f"""
void {func_name}_harness() {{
{chr.join(chr(10) + ' ', param_decls)}
int result = {func_name}({', '.join(param_values)});
__CPROVER_assert(1, "basic_assertion");
}}
"""
return harness
def get_strategy_name(self) -> str:
return "basic_verification"
def get_description(self) -> str:
return "基础验证策略:检查基本的内存安全和指针操作"
```
#### 2. 组合策略
```python
class CompositeVerificationStrategy(VerificationStrategy):
"""组合验证策略"""
def __init__(self, strategies: List[VerificationStrategy]):
self.strategies = strategies
async def execute(
self,
source_file: str,
function_metadata: Dict[str, Any],
context: Optional[Dict[str, Any]] = None
) -> List[Dict[str, Any]]:
"""执行组合验证"""
all_results = []
for strategy in self.strategies:
try:
results = await strategy.execute(source_file, function_metadata, context)
all_results.extend(results)
except Exception as e:
# 记录错误但继续执行其他策略
print(f"策略 {strategy.get_strategy_name()} 执行失败: {e}")
return all_results
def get_strategy_name(self) -> str:
return "composite_verification"
def get_description(self) -> str:
strategy_names = [s.get_strategy_name() for s in self.strategies]
return f"组合验证策略: {' + '.join(strategy_names)}"
```
### 自定义结果分析器
#### 1. 结果分析器基类
```python
from abc import ABC, abstractmethod
from typing import Dict, Any, List
class ResultAnalyzer(ABC):
"""结果分析器基类"""
@abstractmethod
def analyze(self, results: List[Dict[str, Any]]) -> Dict[str, Any]:
"""分析验证结果"""
pass
@abstractmethod
def generate_recommendations(self, analysis: Dict[str, Any]) -> List[str]:
"""生成改进建议"""
pass
class StatisticalResultAnalyzer(ResultAnalyzer):
"""统计结果分析器"""
def analyze(self, results: List[Dict[str, Any]]) -> Dict[str, Any]:
"""统计分析验证结果"""
if not results:
return {"error": "No results to analyze"}
total = len(results)
successful = sum(1 for r in results if r.get("status") == "success")
failed = sum(1 for r in results if r.get("status") == "failure")
timeout = sum(1 for r in results if r.get("status") == "timeout")
# 执行时间分析
execution_times = [r.get("execution_time", 0) for r in results]
avg_time = sum(execution_times) / len(execution_times) if execution_times else 0
max_time = max(execution_times) if execution_times else 0
# 内存使用分析
memory_usage = [r.get("memory_used", 0) for r in results]
avg_memory = sum(memory_usage) / len(memory_usage) if memory_usage else 0
return {
"summary": {
"total": total,
"successful": successful,
"failed": failed,
"timeout": timeout,
"success_rate": (successful / total * 100) if total > 0 else 0
},
"performance": {
"average_execution_time": avg_time,
"max_execution_time": max_time,
"average_memory_usage": avg_memory
},
"details": results
}
def generate_recommendations(self, analysis: Dict[str, Any]) -> List[str]:
"""生成改进建议"""
recommendations = []
summary = analysis.get("summary", {})
performance = analysis.get("performance", {})
# 成功率分析
success_rate = summary.get("success_rate", 0)
if success_rate < 80:
recommendations.append("成功率较低,建议检查代码质量和验证条件")
# 性能分析
avg_time = performance.get("average_execution_time", 0)
if avg_time > 30:
recommendations.append("平均验证时间较长,考虑优化验证策略")
# 超时分析
timeout_count = summary.get("timeout", 0)
total = summary.get("total", 1)
if timeout_count / total > 0.2: # 超过20%超时
recommendations.append("超时率较高,建议增加超时时间或简化验证")
return recommendations
```
---
*最后更新: 2024年1月*
Reference in new issue View Git Blame Copy Permalink