ABSTRACT
The ISO C standard does not specify the semantics of many valid programs that use non-portable idioms such as integer-pointer casts. Recent efforts at formal definitions and verified implementation of the C language inherit this feature. By adopting high-level abstract memory models, they validate common optimizations. On the other hand, this prevents reasoning about much low-level code relying on the behavior of common implementations, where formal verification has many applications. We present the first formal memory model that allows many common optimizations and fully supports operations on the representation of pointers. All arithmetic operations are well-defined for pointers that have been cast to integers. Crucially, our model is also simple to understand and program with. All our results are fully formalized in Coq.
- F. Besson, S. Blazy, and P. Wilke. A precise and abstract memory model for C using symbolic values. In APLAS, 2014.Google ScholarCross Ref
- C. Ellison and G. Rosu. An executable formal semantics of C with applications. In POPL, 2012. Google ScholarDigital Library
- D. Greenaway, J. Lim, J. Andronick, and G. Klein. Don’t sweat the small stuff: Formal verification of C code without the pain. In PLDI, 2014. Google ScholarDigital Library
- C.-K. Hur, D. Dreyer, G. Neis, and V. Vafeiadis. The marriage of bisimulations and Kripke logical relations. In POPL, 2012. Google ScholarDigital Library
- ISO. ISO/IEC 9899:2011 Information technology – Programming languages – C. 2011.Google Scholar
- R. Krebbers. Aliasing restrictions of C11 formalized in Coq. In CPP, 2013. Google ScholarDigital Library
- R. Krebbers, X. Leroy, and F. Wiedijk. Formal C semantics: CompCert and the C standard. In ITP, 2014.Google ScholarCross Ref
- R. Krebbers and F. Wiedijk. A formalization of the C99 standard in HOL, Isabelle and Coq. In CICM, 2011. Google ScholarDigital Library
- X. Leroy. A formally verified compiler back-end. Journal of Automated Reasoning, 43(4):363–446, 2009. Google ScholarDigital Library
- X. Leroy, A. W. Appel, S. Blazy, and G. Stewart. The CompCert memory model, version 2. Research report RR-7987, INRIA, June 2012.Google Scholar
- M. Norrish. C formalised in HOL. Computer Laboratory Technical Report 453, University of Cambridge, Nov. 1998.Google Scholar
- J. ˇSevˇc´ık, V. Vafeiadis, F. Zappa Nardelli, S. Jagannathan, and P. Sewell. CompCertTSO: A verified compiler for relaxed-memory concurrency. Journal of the ACM, 60(3):22, 2013. Google ScholarDigital Library
- X. Wang, N. Zeldovich, M. F. Kaashoek, and A. Solar-Lezama. Towards optimization-safe systems: Analyzing the impact of undefined behavior. In SOSP, 2013. Google ScholarDigital Library
- X. Yang, Y. Chen, E. Eide, and J. Regehr. Finding and understanding bugs in C compilers. In PLDI, 2011. Google ScholarDigital Library
- J. Zhao, S. Nagarakatte, M. M. Martin, and S. Zdancewic. Formalizing the LLVM intermediate representation for verified program transformations. In POPL, 2012. Google ScholarDigital Library
- J. Zhao, S. Nagarakatte, M. M. Martin, and S. Zdancewic. Formal verification of SSA-based optimizations for LLVM. In PLDI, 2013. Google ScholarDigital Library
Index Terms
- A formal C memory model supporting integer-pointer casts
Recommendations
A formal C memory model supporting integer-pointer casts
PLDI '15The ISO C standard does not specify the semantics of many valid programs that use non-portable idioms such as integer-pointer casts. Recent efforts at formal definitions and verified implementation of the C language inherit this feature. By adopting ...
A Formal Framework for ASTRAL Intralevel Proof Obligations
ASTRAL is a formal specification language for real-time systems. It is intended to support formal software development, and therefore has been formally defined. This paper focuses on how to formally prove the mathematical correctness of ASTRAL ...
A formal approach for the development of reactive systems
Context: This paper deals with the development and verification of liveness properties on reactive systems using the Event-B method. By considering the limitation of the Event-B method to invariance properties, we propose to apply the language TLA^+ to ...
Comments