More documentation can be found in the doc/
directory.
CPAchecker is licensed under the Apache 2.0 License
with copyright by Dirk Beyer and others
(cf. Authors.md for full list of all contributors).
Third-party libraries are under various other licenses and copyrights,
cf. the files in the directory LICENSES
for the full license texts.
In particular, MathSAT is available for research and evaluation purposes only
(cf. LICENSES/LicenseRef-MathSAT-CPAchecker.txt
),
so make sure to use a different SMT solver if necessary.
Note that although a GPL program is distributed together with CPAchecker,
CPAchecker is separate from that program and thus not under the terms of the GPL.
All programs need to pre-processed with the C pre-processor,
i.e., they may not contain #define
and #include
directives.
You can enable pre-processing inside CPAchecker
by specifying --preprocess
on the command line.
Multiple C files can be given and will be linked together
and verified as a single program (experimental feature).
CPAchecker is able to parse and analyze a large subset of (GNU)C. If parsing fails for your program, please send a report to cpachecker-users@googlegroups.com.
-
Choose a source code file that you want to be checked. If you use your own program, remember to pre-process it as mentioned above. Example:
doc/examples/example.c
ordoc/examples/example_bug.c
A good source for more example programs is the SV-Benchmarks repository that is for example used by the International Competition on Software Verification. -
Optionally: If you want to choose certain analyses like predicate analysis, specify a configuration file. This file defines for example which CPAs are used. Standard configuration files can be found in the directory
config/
. If you do not want a specific analysis, we recommend the default configuration of CPAchecker. However, note that if you are on MacOS you need to provide specifically-compiled MathSAT binaries for the default configuration to work (or use Docker in order to run the Linux version of CPAchecker). The configuration of CPAchecker is explained indoc/Configuration.md
. -
Choose a specification file (you may not need this for some configurations). The standard configurations use
config/specification/default.spc
as the default specification. With this one, CPAchecker will look for labels namedERROR
(case insensitive) and assertions in the source code file. Other examples for specifications can be found inconfig/specification/
in the CPAchecker directory. -
Execute
bin/cpachecker [ --config <CONFIG_FILE> ] [ --spec <SPEC_FILE> ] <SOURCE_FILE>
Additional command-line arguments are described indoc/Configuration.md
. To use the default configuration of CPAchecker, pass only the source file:bin/cpachecker doc/examples/example.c
. A specific analysis (like k-induction) can be chosen for example withbin/cpachecker --config/kInduction.properties doc/examples/example.c
or the equivalent abbreviationbin/cpachecker --kInduction doc/examples/example.c
. Java 17 or later is necessary. If it is not in your PATH, you need to specify it in the environment variable JAVA. Example:export JAVA=/usr/lib/jvm/java-17-openjdk-amd64/bin/java
for 64bit OpenJDK 17 on Ubuntu.Please note that not all analysis configurations are available for MacOS because we do not ship binaries for SMT solvers for this platform. You either need to build the appropriate binaries yourself or use less powerful analyses that work with Java-based solvers, for example this one instead of CPAchecker's default configuration:
--predicateAnalysis-linear --option solver.solver=SMTInterpol
Of course you can also use solutions like Docker for executing the Linux version of CPAchecker.If you installed CPAchecker using Docker, the above example command line would look like this:
docker run -v $(pwd):/workdir -u $UID:$GID sosylab/cpachecker /cpachecker/doc/examples/example.c
This command makes the current directory available in the container, so to verify a program in the current directory just provide its file name instead of the example that is bundled with CPAchecker. Output files of CPAchecker will be placed in./output/
. -
Additionally to the console output, an interactive HTML report is generated in the directory
output/
, either namedReport.html
(for result TRUE) orCounterexample.*.html
(for result FALSE). Open these files in a browser to view the CPAchecker analysis result (cf.doc/Report.md
)
There are also additional output files in the directory output/
:
ARG.dot
: Visualization of abstract reachability tree (Graphviz format)cfa*.dot
: Visualization of control flow automaton (Graphviz format)reached.dot
: Visualization of control flow automaton with the abstract states visualized on top (Graphviz format)coverage.info
: Coverage information (similar to those of testing tools) inGcov
format Use the following command line to generate an HTML report asoutput/index.html
:genhtml output/coverage.info --output-directory output --legend
Counterexample.*.txt
: A path through the program that leads to an errorCounterexample.*.assignment.txt
: Assignments for all variables on the error path.Counterexample.*.harness.c
: A test harness that can reproduce the error path through test execution. See doc/tutorials/test-harness.md for an example use.predmap.txt
: Predicates used by predicate analysis to prove program safetyreached.txt
: Dump of all reached abstract statesStatistics.txt
: Time statistics (can also be printed to console with--stats
)
Note that not all of these files will be available for all configurations. Also some of these files are only produced if an error is found (or vice-versa). CPAchecker will overwrite files in this directory!
You can validate violation witnesses with CPA-witness2test, which is part of CPAchecker.
-
To do so, you need a violation witness, a specification file that fits the violation witness, and the source code file that fits the violation witness.
-
To validate the witness, execute the following command:
bin/cpa-witness2test --witness <WITNESS_FILE> --spec <SPEC_FILE> <SOURCE_FILE>`
Addtional command-line arguments are viewed with
bin/cpa-witness2test -h
. -
When finished, and if the violation witness is successfully validated, the console output shows
Verification result: FALSE
. Additionally to the console output, CPA-witness2test also creates a fileoutput/*.harness.c
. This file can be compiled against the source file to create an executable test that reflects the violation witness.
Note that if the violation witness does not contain enough information to create an executable test,
the validation result will be ERROR
and the console output will contain the following line:
Could not export a test harness, some test-vector values are missing.