javastatic-analysiscbmcabstract-interpretation

Unable to use JBMC (Bounded Model Checker) Commands for Java


Am new to the JBMC(Bounded Model Checker). We have a requirement to find out the possibilities of RunTime Exception which may occur in java program without running it. We searched some abstract interpretation framework and found JBMC would help in this case.

for Example :

public class SampleClass {

    public static void main(String[] args) 
    { 
        int ar[] = {1, 2, 3, 4, 5}; 
        for (int i=0; i<=ar.length; i++) 
          System.out.println(ar[i]); 
    } 

}

In the above program, we will get the ArrayIndexOutOfBoundException when the loop runs during the 6th iteration. But how to predict this using JBMC? We have found the command sheet which provides the details of Command line options in JBMC, but we were not able to find the combinations of commands and how to use it as well. Is there any Java API or Docs available for JBMC?

Kindly suggest!!.


Solution

  • Differently from CBMC, JBMC does not support all the options listed here. You can notice that by running jbmc --help. If you run something like jbmc <class> --bounds-check you will obtain an "usage error".

    About your java class: jbmc works on .jar or .class. Try generate a .class first as follows:

    javac SampleClass.java

    then run jbmc on SampleClass.class as follows:

    jbmc SampleClass.class --unwind N (try with different value of N to become more confident)

    Below the result for N=6:

    JBMC version 5.12 (cbmc-5.11-3477-gcd70727ed) 64-bit x86_64 linux
    Parsing SampleClass.class
    
    ...
    
    ** Results:
    [array-create-negative-size.1] Array size should be >= 0: SUCCESS
    [array-create-negative-size.2] Array size should be >= 0: SUCCESS
    [array-create-negative-size.3] Array size should be >= 0: SUCCESS
    [array-create-negative-size.4] Array size should be >= 0: SUCCESS
    [array-create-negative-size.5] Array size should be >= 0: SUCCESS
    [array-create-negative-size.6] Array size should be >= 0: SUCCESS
    [array-create-negative-size.7] Array size should be >= 0: SUCCESS
    [array-create-negative-size.8] Array size should be >= 0: SUCCESS
    [array-create-negative-size.9] Array size should be >= 0: SUCCESS
    SampleClass.java function java::SampleClass.main:([Ljava/lang/String;)V
    [java::SampleClass.main:([Ljava/lang/String;)V.null-pointer-exception.1] line 4 Null pointer check: SUCCESS
    [java::SampleClass.main:([Ljava/lang/String;)V.array-index-out-of-bounds-high.5] line 4 Array index should be < length: SUCCESS
    [java::SampleClass.main:([Ljava/lang/String;)V.array-index-out-of-bounds-high.2] line 4 Array index should be < length: SUCCESS
    [java::SampleClass.main:([Ljava/lang/String;)V.null-pointer-exception.3] line 4 Null pointer check: SUCCESS
    [java::SampleClass.main:([Ljava/lang/String;)V.array-index-out-of-bounds-low.3] line 4 Array index should be >= 0: SUCCESS
    [java::SampleClass.main:([Ljava/lang/String;)V.array-index-out-of-bounds-high.3] line 4 Array index should be < length: SUCCESS
    [java::SampleClass.main:([Ljava/lang/String;)V.null-pointer-exception.4] line 4 Null pointer check: SUCCESS
    [java::SampleClass.main:([Ljava/lang/String;)V.array-index-out-of-bounds-low.4] line 4 Array index should be >= 0: SUCCESS
    [java::SampleClass.main:([Ljava/lang/String;)V.array-index-out-of-bounds-high.4] line 4 Array index should be < length: SUCCESS
    [java::SampleClass.main:([Ljava/lang/String;)V.null-pointer-exception.5] line 4 Null pointer check: SUCCESS
    [java::SampleClass.main:([Ljava/lang/String;)V.1] line 4 no uncaught exception: SUCCESS
    [java::SampleClass.main:([Ljava/lang/String;)V.array-index-out-of-bounds-low.5] line 4 Array index should be >= 0: SUCCESS
    [java::SampleClass.main:([Ljava/lang/String;)V.array-create-negative-size.1] line 4 Array size should be >= 0: SUCCESS
    [java::SampleClass.main:([Ljava/lang/String;)V.null-pointer-exception.2] line 4 Null pointer check: SUCCESS
    [java::SampleClass.main:([Ljava/lang/String;)V.array-index-out-of-bounds-low.1] line 4 Array index should be >= 0: SUCCESS
    [java::SampleClass.main:([Ljava/lang/String;)V.array-index-out-of-bounds-high.1] line 4 Array index should be < length: SUCCESS
    [java::SampleClass.main:([Ljava/lang/String;)V.array-index-out-of-bounds-low.2] line 4 Array index should be >= 0: SUCCESS
    [java::SampleClass.main:([Ljava/lang/String;)V.null-pointer-exception.6] line 5 Null pointer check: SUCCESS
    [java::SampleClass.main:([Ljava/lang/String;)V.null-pointer-exception.7] line 6 Null pointer check: SUCCESS
    [java::SampleClass.main:([Ljava/lang/String;)V.array-index-out-of-bounds-low.6] line 6 Array index should be >= 0: SUCCESS
    [java::SampleClass.main:([Ljava/lang/String;)V.array-index-out-of-bounds-high.6] line 6 Array index should be < length: FAILURE
    [java::SampleClass.main:([Ljava/lang/String;)V.null-pointer-exception.8] line 6 Null pointer check: SUCCESS
    
    ** 1 of 31 failed (2 iterations)
    VERIFICATION FAILED
    

    I hope this helps. I am also new to jbmc. I have used cbmc in the past, and further documentation can be found here and here, but very few documentation is available for jbmc.