In [42]:
!pip install -q -U google-generativeai

In [43]:
import pathlib
import textwrap

import google.generativeai as genai

from IPython.display import display
from IPython.display import Markdown


def to_markdown(text):
  text = text.replace('•', '  *')
  return Markdown(textwrap.indent(text, '> ', predicate=lambda _: True))

In [44]:
# Used to securely store your API key
from google.colab import userdata

In [45]:
GOOGLE_API_KEY=userdata.get('GOOGLE_API_KEY')

genai.configure(api_key=GOOGLE_API_KEY)

In [46]:
model = genai.GenerativeModel('gemini-1.5-flash')

In [47]:
query_code = f"""
#include <stdio.h>
#include <stdlib.h>

struct node{{
    struct node *leftNode;
    int data;
    struct node *rightNode;
}};

struct node *newNode(int data){{
    struct node *node = (struct node *)malloc(sizeof(struct node));

    node->leftNode = NULL;
    node->data = data;
    node->rightNode = NULL;

    return node;
}}

int main(void){{
    return 0;
}}
"""

In [48]:
query_method = "newNode"

In [49]:
input_text = f"""
# Preamble
You are given a C program. We need to create a proof harness function.

# Code generation example
Q: Write a method "void proof_harness_withdraw()" that tests method withdraw below for all possible inputs.

// Define the Account structure
struct Account {{
    unsigned short bal;
}};

// Function to withdraw an amount from an account
void withdraw(struct Account *account, unsigned short amount) {{
    unsigned short de = account->bal;
    account->bal = de - amount;
}}

A:
struct Account {{
    unsigned short bal;
}};


void withdraw(struct Account *account, unsigned short amount) {{
    unsigned short de = account->bal;
    account->bal = de - amount;
}}

void proof_harness_withdraw() {{
    struct Account *account = (struct Account *)malloc(sizeof(struct Account));
    __CPROVER_assume(account != NULL);  // Ensure account is not NULL

    unsigned short amount;

    __CPROVER_assume(account->bal >= 0);
    __CPROVER_assume(amount > 0);
    __CPROVER_assume(account->bal >= amount);

    unsigned short initial_balance = account->bal;

    withdraw(account, amount);
    assert(account->bal == initial_balance - amount);

    free(account);
}}


# Instruction
Give me a proof harness code of the below C code.

# Query
Q: Write method 'void proof_harness()' that tests the method {query_method} below for all possible inputs.

{query_code}


# Constraints
Here are some constraints that you should respect:
- Give me only the translated code, don’t add explanations or anything else.
- Use only safe C.
- Do not use custom generics. # fuzzer limitation
- You're only allowed to modify the proof harness function.
"""


In [50]:
response = model.generate_content(input_text)
to_markdown(response.text)

> ```c
> #include <stdio.h>
> #include <stdlib.h>
> 
> struct node{
>     struct node *leftNode;
>     int data;
>     struct node *rightNode;
> };
> 
> struct node *newNode(int data){
>     struct node *node = (struct node *)malloc(sizeof(struct node));
> 
>     node->leftNode = NULL;
>     node->data = data;
>     node->rightNode = NULL;
> 
>     return node;
> }
> 
> int main(void){
>     return 0;
> }
> 
> void proof_harness() {
>     int data;
>     __CPROVER_assume(data >= 0);
>     __CPROVER_assume(data <= 2147483647);
>     struct node *node = newNode(data);
>     assert(node->data == data);
>     assert(node->leftNode == NULL);
>     assert(node->rightNode == NULL);
>     free(node);
> }
> ```

CBMC calling:


In [51]:
%%bash
# download and install CBMC
wget https://github.com/diffblue/cbmc/releases/download/cbmc-5.95.1/ubuntu-20.04-cbmc-5.95.1-Linux.deb
apt-get install bash-completion
dpkg -i ubuntu-20.04-cbmc-5.95.1-Linux.deb

Reading package lists...
Building dependency tree...
Reading state information...
bash-completion is already the newest version (1:2.11-5ubuntu1).
0 upgraded, 0 newly installed, 0 to remove and 45 not upgraded.
(Reading database ... 122730 files and directories currently installed.)
Preparing to unpack ubuntu-20.04-cbmc-5.95.1-Linux.deb ...
Unpacking cbmc (5.95.1) over (5.95.1) ...
Setting up cbmc (5.95.1) ...
Processing triggers for man-db (2.10.2-1) ...


--2024-07-02 03:40:48--  https://github.com/diffblue/cbmc/releases/download/cbmc-5.95.1/ubuntu-20.04-cbmc-5.95.1-Linux.deb
Resolving github.com (github.com)... 140.82.112.4
Connecting to github.com (github.com)|140.82.112.4|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/51877056/864bd4de-5709-41a5-93c5-8b3307700ba3?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240702%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240702T034049Z&X-Amz-Expires=300&X-Amz-Signature=3f31a9e7ab0b455353706016fa15f61156de7ca4a7b854dceb6c5605e03ccf25&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=51877056&response-content-disposition=attachment%3B%20filename%3Dubuntu-20.04-cbmc-5.95.1-Linux.deb&response-content-type=application%2Foctet-stream [following]
--2024-07-02 03:40:49--  https://objects.githubusercontent.com/github-production-release-asset-2e65be/51877056/864bd4

In [52]:
%%file /tmp/ex1.c
#include <stdio.h>
#include <stdlib.h>

struct node{
    struct node *leftNode;
    int data;
    struct node *rightNode;
};

struct node *newNode(int data){
    struct node *node = (struct node *)malloc(sizeof(struct node));

    node->leftNode = NULL;
    node->data = data;
    node->rightNode = NULL;

    return node;
}

int main(void){
    return 0;
}

void proof_harness() {
    int data;
    __CPROVER_assume(data >= 0);
    __CPROVER_assume(data <= 2147483647);

    struct node *node = newNode(data);
    assert(node->data == data);
    assert(node->leftNode == NULL);
    assert(node->rightNode == NULL);

    free(node);
}

Overwriting /tmp/ex1.c


In [53]:
cbmc_call = 'cbmc /tmp/ex1.c --function proof_harness --unwind 10 --trace --json-ui'

In [54]:
import os

In [55]:
import subprocess

file_ = open('/tmp/output.txt', 'w+')

subprocess.run('cbmc /tmp/ex1.c --function proof_harness --unwind 10 --trace --json-ui', shell=True, stdout=file_)

file_.close()

CBMC Query

In [66]:
with open('/tmp/output.txt', 'r') as file1:
    cbmc_result = file1.read()

with open('/tmp/ex1.c', 'r') as file2:
    cbmc_context = file2.read

proof_function = f"""
void proof_harness() {{
    int data;
    __CPROVER_assume(data >= 0);
    __CPROVER_assume(data <= 2147483647);
    struct node *node = newNode(data);
    assert(node->data == data);
    assert(node->leftNode == NULL);
    assert(node->rightNode == NULL);
    free(node);
}}
"""

In [67]:
cbmc_input = f"""
# Context
A C program has been verified using C Bounded Model Checker (CBMC) on the 'proof_harness' function.
The results of this program have been parsed as a JSON file.


Below is the original C program:

{query_code}

Below is the proof harness function passed to cbmc to verify the original C program:

{proof_function}

Below is the function applied to call the CBMC verifier:

{cbmc_call}

Below is the result recieved from the CBMC verifier:

{cbmc_result}

# Instructions
Give me the improved the C program based on the results of the CBMC verifier.

# Constraints
- Give me only the translated code, d o n t add explanations or anything else.
- Use only safe C.
- Leave the C program alone if all tests were passed successfully.
"""


In [68]:
response = model.generate_content(cbmc_input)
to_markdown(response.text)

> ```c
> #include <stdio.h>
> #include <stdlib.h>
> #include <assert.h>
> 
> struct node{
>     struct node *leftNode;
>     int data;
>     struct node *rightNode;
> };
> 
> struct node *newNode(int data){
>     struct node *node = (struct node *)malloc(sizeof(struct node));
> 
>     node->leftNode = NULL;
>     node->data = data;
>     node->rightNode = NULL;
> 
>     return node;
> }
> 
> int main(void){
>     return 0;
> }
> ```