Automated model extraction: From non-deterministic C code to active objects

Abstract

• A fully automatic extraction of models without approximation from C programs. • Unspecified behavior modeled by non-deterministic scheduling of asynchronous calls. • A fully formal account of all aspects of a theoretical model extraction process. • Implementation based on this theoretical model extraction process validated with examples. The C programming language is well-known to have a large amount of underspecified behavior that often results in non-determinism even of sequential programs. In many application areas, not necessarily safety-critical ones, this is highly undesirable. A number of approaches and tools that statically analyze such behavior have been suggested, but they suffer from a high number of false positives and negatives. We present a novel model-based approach to analyzing non-determinism that works by automatic extraction of a faithful model of a given C program in a concurrent active object language. The extracted model renders any non-deterministic behavior of the C program in terms of explicit concurrency. This opens the door to global, semantic analyses. We give a fully formal account of the model extraction process and present an experimental evaluation of its implementation in the model extraction tool C2ABS.