Abstract—

The C-lightVer system for the deductive verification of C-programs is developed at the A.P. Ershov Institute of Informatics Systems of the Siberian Branch of the Russian Academy of Sciences. The C-light input language is translated into the intermediate C-kernel language based on the two-level architecture of the system. The C-kernel program and Hoare logic for the C-kernel are the input of the metagenerator. The definite iteration approach is used to solve the well-known problem of defining loop invariants. The body of a definite iteration loop is executed once for each element of the finite dimensional data structure, and the inference rule for them uses the replacement operation rep, which represents the action of the loop in a symbolic form. Also, the method of semantic labeling of verification conditions is implemented and extended in our metagenerator. This makes it possible to generate explanations for unproven conditions and simplifies error localization. Finally, if the ACL2 system fails to prove a verification condition, it is possible to focus on proving that it is false. Previously, we developed a method for checking the falsity of verification conditions for the ACL2 system. The need for more detailed explanations of the verification conditions containing the replacement operation rep has led to changes in the algorithms for generating the replacement operation, extracting semantic labels, and generating explanations for unproven verification conditions. The article presents modifications of these algorithms. These modifications make it possible to mark the source code of the rep function with semantic labels, extract semantic labels from the rep definition, and generate a description of the break statement execution condition.

中文翻译：

---

C-lightVer系统在C程序中自动错误定位的复杂方法

摘要-

俄罗斯科学院西伯利亚分校的AP Ershov信息系统研究所开发了用于演绎验证C程序的C-lightVer系统。基于系统的两级体系结构，将C-light输入语言转换为中间C内核语言。C内核程序和C内核的Hoare逻辑是生成器的输入。定迭代法用于解决定义循环不变性的众所周知的问题。确定迭代循环的主体对有限维数据结构的每个元素执行一次，并且它们的推理规则使用替换操作rep，该替换操作以符号形式表示循环的动作。也，验证条件的语义标记方法在我们的生成器中实现并扩展。这样就可以生成未证明条件的解释，并简化错误定位。最后，如果ACL2系统无法证明验证条件，则可以集中精力证明它是错误的。以前，我们开发了一种方法来检查ACL2系统验证条件的虚假性。需要对包含替换操作rep的验证条件进行更详细的说明，导致生成替换操作，提取语义标签以及生成未经验证的验证条件的解释的算法发生了变化。本文介绍了这些算法的修改。