Source Code Verification for Embedded Systems using Prolog

TL;DR

This paper presents a Prolog-based approach for verifying embedded system source code, transforming C++ ASTs into Prolog facts to analyze program flow and verify correctness, demonstrated through a satellite flash file system case study.

Contribution

It introduces a novel Prolog-based method for source code verification of embedded systems, utilizing AST transformation and a custom DSL for verification goals.

Findings

Successfully verified a satellite flash file system in Prolog.

Effectively identified incorrect semaphore usage in embedded software.

Demonstrated the advantages of Prolog's non-determinism for program analysis.

Abstract

System relevant embedded software needs to be reliable and, therefore, well tested, especially for aerospace systems. A common technique to verify programs is the analysis of their abstract syntax tree (AST). Tree structures can be elegantly analyzed with the logic programming language Prolog. Moreover, Prolog offers further advantages for a thorough analysis: On the one hand, it natively provides versatile options to efficiently process tree or graph data structures. On the other hand, Prolog's non-determinism and backtracking eases tests of different variations of the program flow without big effort. A rule-based approach with Prolog allows to characterize the verification goals in a concise and declarative way. In this paper, we describe our approach to verify the source code of a flash file system with the help of Prolog. The flash file system is written in C++ and has been developed particularly for the use in satellites. We transform a given abstract syntax tree of C++ source code into Prolog facts and derive the call graph and the execution sequence (tree), which then are further tested against verification goals. The different program flow branching due to control structures is derived by backtracking as subtrees of the full execution sequence. Finally, these subtrees are verified in Prolog. We illustrate our approach with a case study, where we search for incorrect applications of semaphores in embedded software using the real-time operating system RODOS. We rely on computation tree logic (CTL) and have designed an embedded domain specific language (DSL) in Prolog to express the verification goals.