1. Overview

2. Syntax

3. Tool support

4. References

5. External links

The ANSI/ISO C Specification Language (ACSL) is a specification language for C programs, using Hoare style pre- and postconditions and invariants, that follows the design by contract paradigm. Specifications are written as C annotation comments to the C program, which hence can be compiled with any C compiler.

The current verification tool for ACSL is Frama-C.

Overview

In 1983, the American National Standards Institute (ANSI) commissioned a committee, X3J11, to standardize the C language. The first standard for C was published by ANSI. Although this document was subsequently adopted by International Organization for Standardization (ISO) and subsequent revisions published by ISO have been adopted by ANSI, the name ANSI C continues to be used.

ACSL is a Behavioral Interface Specification Language (BISL). It aims at specifying behavioral properties of C source code. The main inspiration for this language comes from the specification language of the Caduceus tool for deductive verification of behavioral properties of C programs. The specification language of Caduceus is itself inspired from JML which aims at similar goals for Java source code.

One difference with JML, is that ACSL aims at static verification and deductive verification whereas JML aims both at runtime assertion checking and static verification using for instance the ESC/Java tool.

Syntax

Let us consider the following example for the prototype of a function named incrstar:

 /*@ requires \\valid(p);   @ assigns *p;   @ ensures *p == \\old(*p) + 1;   @*/ void incrstar (int *p);

The contract is given by the comment which starts with /*@. Its meaning is as follows:

• the first line is a precondition: it states that function incrstar must be called with a pointer p that points to a safely allocated memory location.
• Second line is a frame clause, stating that function incrstar does not modify any memory location but the one pointed to by p.
• Finally, the ensures clause is a postcondition, which specifies that the value p is incremented by one.

Tool support

Most of the features of ACSL are supported by Frama-C.

References

• Example of ACSL usage Sufficient Preconditions for Modular Assertion Checking in VMCAI 2008 pages 188-202.
• [https://fraunhoferfokus.github.io/acsl-by-example/ ACSL by Example], a well-documented collection of ACSL specifications of simple algorithms, is developed and maintained by the [https://www.fokus.fraunhofer.de/en/sqc/verification/ VerificationGroup] at Fraunhofer FOKUS
• A tutorial about Frama-C with WP and ACSL for beginners that also provides some ideas about the theory behind the tools (available also in French).
• A [https://arxiv.org/pdf/1508.03894.pdf report] on using ACSL and Frama-C to formulate and verify low-level requirements in the context of a DO-178C compliant project
• Report mentioning the use of ACSL in teaching  , Петренко Ольга Леонидовна and Хорошилов Алексей Владимирович.
• At Technikum Wien ACSL and Frama-C are taught in a [https://www.technikum-wien.at/en/study_programs/master_s/embedded_systems/facts___figures/ course on design and verification].

External links

The complete ACSL specification is available from the download page of Frama-C.

• Isles of Aurora
• Isles Of Scilly
• Isles of Scilly Airport
• Isles of Scilly Council
• Isles of Scilly Council election, 2009
• Isles of Scilly Council election, 2013
• Isles of Shoals Light
• Isles of St Francis
• Isles of St Francis Conservation Park
• Isles of Stirling
• Isles of Wonder
• Isles of Wonder (album)
• Isle sur la Sorgue
• Isleta Diversion Dam
• Isleta diversion dam
• Isleta language
• Isleta Pueblo dialect
• Isleta Pueblo, New Mexico
• Isleta station
• Islet (band)
• Islet cell neuroendocrine tumor
• Islet-cell tumor
• Islet Lake Estates, Alberta
• Islet off NE Groote Eylandt Important Bird Area
• Isleton Asian-American Historic District