Getting Started with CPAchecker
More documentation can be found in the
Prepare Programs for Verification by CPAchecker
All programs need to pre-processed with the C pre-processor, i.e., they may not contain #define and #include directives. You can enable pre-processing inside CPAchecker by specifying -preprocess on the command line. Multiple C files can be given and will be linked together and verified as a single program (experimental feature).
CPAchecker is able to parse and analyze a large subset of (GNU)C. If parsing fails for your program, please send a report to email@example.com.
Verifying a Program with CPAchecker
Choose a source code file that you want to be checked. If you use your own program, remember to pre-process it as mentioned above. Example: doc/examples/example.c A good source for more example programs is the benchmark set of the International Competition on Software Verification, which can be checked out from https://github.com/sosy-lab/sv-benchmarks.
If you want to enable certain analyses like predicate analysis, choose a configuration file. This file defines for example which CPAs are used. Standard configuration files can be found in the directory config/. If you do not want a specific analysis, we recommend
config/default.properties. However, note that if you are on Windows or MacOS you need to provide specifically-compiled MathSAT binaries for this configuration to work. The configuration of CPAchecker is explained in doc/Configuration.md.
Choose a specification file (you may not need this for some CPAs). The standard configuration files use
config/specification/default.spcas the default specification. With this one, CPAchecker will look for labels named
ERROR(case insensitive) and assertions in the source code file. Other examples for specifications can be found in
scripts/cpa.sh [ -config <CONFIG_FILE> ] [ -spec <SPEC_FILE> ] <SOURCE_FILE>Either a configuration file or a specification file needs to be given. The current directory should be the CPAchecker project directory. Additional command line switches are described in doc/Configuration.md. Example:
scripts/cpa.sh -config config/default.properties doc/examples/example.cThis example can also be abbreviated to:
scripts/cpa.sh -default doc/examples/example.cA Java 1.8 compatible JVM is necessary. If it is not in your PATH, you need to specify it in the environment variable JAVA. Example:
export JAVA=/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/javafor 64bit OpenJDK 8 on Ubuntu. On Windows (without Cygwin), you need to use
Please note that not all analysis configurations are available for Windows and Mac because we do not ship binaries for SMT solvers for these platforms. You either need to build the appropriate binaries yourself or use less powerful analyses that work with Java-based solvers, for example this one instead of
-predicateAnalysis-linear -setprop solver.solver=SMTInterpol
Additionally to the console output, an interactive HTML report is generated in the directory
output/, either named
Report.html(for result TRUE) or
Counterexample.*.html(for result FALSE). Open these files in a browser to view the CPAchecker analysis result (cf.
There are also additional output files in the directory
ARG.dot: Visualization of abstract reachability tree (Graphviz format)
cfa*.dot: Visualization of control flow automaton (Graphviz format)
reached.dot: Visualization of control flow automaton with the abstract states visualized on top (Graphviz format)
coverage.info: Coverage information (similar to those of testing tools) in
Gcovformat Use the following command line to generate an HTML report as
genhtml output/coverage.info --output-directory output --legend
Counterexample.*.txt: A path through the program that leads to an error
Counterexample.*.assignment.txt: Assignments for all variables on the error path.
predmap.txt: Predicates used by predicate analysis to prove program safety
reached.txt: Dump of all reached abstract states
Statistics.txt: Time statistics (can also be printed to console with
Note that not all of these files will be available for all configurations. Also some of these files are only produced if an error is found (or vice-versa). CPAchecker will overwrite files in this directory!
Validating a Program with CPA-witness2test
You can validate violation witnesses with CPA-witness2test, which is part of CPAchecker.
To do so, you need a violation witness, a specification file that fits the violation witness, and the source code file that fits the violation witness.
To validate the witness, execute the following command:
scripts/cpa_witness2test.py -witness <WITNESS_FILE> -spec <SPEC_FILE> <SOURCE_FILE>`
Addtional command line switches are viewed with
When finished, and if the violation witness is successfully validated, the console output shows
Verification result: FALSE. Additionally to the console output, CPA-witness2test also creates a file
output/*.harness.c. This file can be compiled against the source file to create an executable test that reflects the violation witness.
Note that if the violation witness does not contain enough information to create an executable test,
the validation result will be
ERROR and the console output will contain the following line:
Could not export a test harness, some test-vector values are missing.