Popis: |
In this paper we describe an Assertion Checking Environment (ACE) for compositional verification of programs, which are written in an industrially sponsored safe subset of C programming language called MISRA C [Guidelines for the Use of the C Language in Vehicle Based Software, 1998]. The theory is based on Hoare logic [Commun. ACM 12 (1969) 576] and the C programs are verified using static assertion checking technique. First the functional specifications of the program, captured in the form of pre- and post-conditions for each C function, are derived from the specifications. These pre- and post-conditions are then introduced as assertions (also called annotations or formal comments) in the program code. The assertions are then proved formally using ACE and theorem proving tool called Stanford Temporal Prover [The Stanford Temporal Prover User's Manual, 1998]. ACE has been developed by us and consists mainly of a translator c2spl, a GUI and some utility programs. The technique and tools developed are targeted towards verification of real-time embedded software. |