skip to main content
10.1145/1480881.1480921acmconferencesArticle/Chapter ViewAbstractPublication PagespoplConference Proceedingsconference-collections
research-article

Unifying type checking and property checking for low-level code

Published: 21 January 2009 Publication History

Abstract

We present a unified approach to type checking and property checking for low-level code. Type checking for low-level code is challenging because type safety often depends on complex, program-specific invariants that are difficult for traditional type checkers to express. Conversely, property checking for low-level code is challenging because it is difficult to write concise specifications that distinguish between locations in an untyped program's heap. We address both problems simultaneously by implementing a type checker for low-level code as part of our property checker.
We present a low-level formalization of a C program's heap and its types that can be checked with an SMT solver, and we provide a decision procedure for checking type safety. Our type system is flexible enough to support a combination of nominal and structural subtyping for C, on a per-structure basis. We discuss several case studies that demonstrate the ability of this tool to express and check complex type invariants in low-level C code, including several small Windows device drivers.

References

[1]
The Coq proof assistant. http://coq.inria.fr/.
[2]
The HAVOC property checker. http://research.microsoft.com/projects/havoc/.
[3]
A. J. Ahmed, A. W. Appel, and R. Virga. A stratified semantics of general references embeddable in higher-order logic. In Logic in Computer Science (LICS), 2002.
[4]
A. W. Appel. Foundational proof-carrying code. In Logic in Computer Science (LICS), 2001.
[5]
A. W. Appel and A. P. Felty. A semantic model of types and machine instructions for proof-carrying code. In Principles of Programming Languages (POPL), 2000.
[6]
A. W. Appel and D. McAllester. An indexed model of recursive types for foundational proof-carrying code. Transactions on Programming Languages and Systems (TOPLAS), 23(5), Sep 2001.
[7]
T. Ball, B. Hackett, S. K. Lahiri, and S. Qadeer. Annotation-based property checking for systems software. Technical Report MSR-TR-2008-82, Microsoft Research, 2008.
[8]
T. Ball, R. Majumdar, T. D. Millstein, and S. K. Rajamani. Automatic predicate abstraction of C programs. In Programming Language Design and Implementation (PLDI), 2001.
[9]
M. Barnett, B.-Y. E. Chang, R. DeLine, B. Jacobs, and K. R. M. Leino. Boogie: A modular reusable verifier for object-oriented programs. In Formal Methods for Components and Objects (FMCO), 2005.
[10]
M. Barnett, K. R. M. Leino, and W. Schulte. The Spec# programming system: An overview. In Construction and Analysis of Safe, Secure, and Interoperable Smart Devices (CASSIS), 2004.
[11]
M. Barnett and R. Leino. Weakest-precondition of unstructured programs. In Program Analysis for Software Tools and Engineering (PASTE), 2005.
[12]
R. Bornat. Proving pointer programs in Hoare logic. In Mathematics of Program Construction (MPC), 2000.
[13]
C. Calcagno, D. Distefano, P. W. O'Hearn, and H. Yang. Beyond reachability: Shape abstraction in the presence of pointer arithmetic. In Static Analysis Symposium (SAS), 2006.
[14]
B.-Y. E. Chang, A. Chlipala, G. C. Necula, and R. R. Schneck. The Open Verifier framework for foundational verifiers. In Types in Language Design and Implementation (TLDI), 2005.
[15]
S. Chatterjee, S. K. Lahiri, S. Qadeer, and Z. Rakamaric. A reachability predicate for analyzing low-level software. In Tools and Algorithms for the Construction and Analysis of Systems (TACAS), 2007.
[16]
B. Chin, S. Markstrum, and T. Millstein. Semantic type qualifiers. In Programming Language Design and Implementation (PLDI), 2005.
[17]
J. Condit, M. Harren, Z. Anderson, D. Gay, and G. Necula. Dependent types for low-level programming. In European Symposium on Programmig (ESOP), 2007.
[18]
K. Crary and J. C. Vanderwaart. An expressive, scalable type theory for certified code. In International Conference on Functional Programming (ICFP), 2002.
[19]
L. de Moura and N. Bjorner. Z3: An efficient SMT solver. In Tools and Algorithms for the Construction and Analysis of Systems (TACAS), 2008.
[20]
E. W. Dijkstra. Guarded commands, nondeterminacy and formal derivation of programs. Communcations of the ACM, 18, 1975.
[21]
X. Feng, Z. Ni, Z. Shao, and Y. Guo. An open framework for foundational proof-carrying code. In Types in Language Design and Implementation (TLDI), 2007.
[22]
J.-C. Filliatre and C. Marche. The Why/Krakatoa/Caduceus platform for deductive program verification. In Computer Aided Verification (CAV), 2007.
[23]
C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended static checking for Java. In Programming Language Design and Implementation (PLDI), 2002.
[24]
T. A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy abstraction. In Principles of Programming Languages (POPL), 2002.
[25]
T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of C. In USENIX Annual Technical Conference, 2002.
[26]
S. K. Lahiri and S. Qadeer. Back to the future: Revisiting precise program verification using SMT solvers. In Principles of Programming Languages (POPL), 2008.
[27]
X. Leroy. Formal certification of a compiler back-end, or: Programming a compiler with a proof assistant. In Principles of Programming Languages (POPL), 2006.
[28]
Microsoft. Windows driver kit. http://www.microsoft.com/whdc/devtools/wdk/default.mspx.
[29]
G. Morrisett, D. Walker, K. Crary, and N. Glew. From System F to typed assembly language. Transactions on Programming Languages and Systems (TOPLAS), 21:3, 1999.
[30]
G. C. Necula. Proof-carrying code. In Principles of Programming Languages (POPL), 1997.
[31]
G. C. Necula, J. Condit, M. Harren, S. McPeak, and W. Weimer. CCured: Type-safe retrofitting of legacy software. Transactions on Programming Languages and Systems (TOPLAS), 27(3), May 2005.
[32]
G. C. Necula and P. Lee. The design and implementation of a certifying compiler. In Programming Language Design and Implementation (PLDI), 1998.
[33]
G. Nelson and D. C. Oppen. Simplification by cooperating decision procedures. Transactions on Programming Languages and Systems (TOPLAS), 1(2), 1979.
[34]
Y. Regis-Gianas and F. Pottier. A Hoare logic for call-by-value functional programs. In Mathematics of Program Construction (MPC), 2008.
[35]
J. C. Reynolds. Separation logic: A logic for shared mutable data structures. In Logic in Computer Science (LICS), 2002.
[36]
Satisfiability Modulo Theories Library (SMT-LIB). Available at http://goedel.cs.uiowa.edu/smtlib/.
[37]
W. Schulte, S. Xia, J. Smans, and F. Piessens. A glimpse of a verifying C compiler. In C/C++ Verification Workshop, 2007.
[38]
H. Xi. Imperative programming with dependent types. In Logic in Computer Science (LICS), 2000.
[39]
H. Xi and F. Pfenning. Dependent types in practical programming. In Principles of Programming Languages (POPL), 1999.
[40]
H. Yang, O. Lee, J. Berdine, C. Calcagno, B. Cook, D. Distefano, and P. O'Hearn. Scalable shape analysis for systems code. In Computer Aided Verification (CAV), 2008.

Cited By

View all
  • (2021)RefinedC: automating the foundational verification of C code with refined ownership typesProceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3453483.3454036(158-174)Online publication date: 19-Jun-2021
  • (2019)RedLeafProceedings of the Workshop on Hot Topics in Operating Systems10.1145/3317550.3321449(37-44)Online publication date: 13-May-2019
  • (2019)Achieving Safety Incrementally with Checked CPrinciples of Security and Trust10.1007/978-3-030-17138-4_4(76-98)Online publication date: 3-Apr-2019
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
POPL '09: Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
January 2009
464 pages
ISBN:9781605583792
DOI:10.1145/1480881
  • cover image ACM SIGPLAN Notices
    ACM SIGPLAN Notices  Volume 44, Issue 1
    POPL '09
    January 2009
    453 pages
    ISSN:0362-1340
    EISSN:1558-1160
    DOI:10.1145/1594834
    Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 January 2009

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. assertion checking
  2. decision procedure
  3. low-level code
  4. property checking
  5. smt solver
  6. type checking

Qualifiers

  • Research-article

Conference

POPL09

Acceptance Rates

Overall Acceptance Rate 824 of 4,130 submissions, 20%

Upcoming Conference

POPL '26

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)7
  • Downloads (Last 6 weeks)0
Reflects downloads up to 30 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2021)RefinedC: automating the foundational verification of C code with refined ownership typesProceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3453483.3454036(158-174)Online publication date: 19-Jun-2021
  • (2019)RedLeafProceedings of the Workshop on Hot Topics in Operating Systems10.1145/3317550.3321449(37-44)Online publication date: 13-May-2019
  • (2019)Achieving Safety Incrementally with Checked CPrinciples of Security and Trust10.1007/978-3-030-17138-4_4(76-98)Online publication date: 3-Apr-2019
  • (2018)Model Checking Boot Code from AWS Data CentersComputer Aided Verification10.1007/978-3-319-96142-2_28(467-486)Online publication date: 18-Jul-2018
  • (2017)Refining interprocedural change-impact analysis using equivalence relationsProceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3092703.3092719(318-328)Online publication date: 10-Jul-2017
  • (2014)Natural proofs for data structure manipulation in C using separation logicACM SIGPLAN Notices10.1145/2666356.259432549:6(440-451)Online publication date: 9-Jun-2014
  • (2014)Powering the static driver verifier using corralProceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering10.1145/2635868.2635894(202-212)Online publication date: 11-Nov-2014
  • (2014)Natural proofs for data structure manipulation in C using separation logicProceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/2594291.2594325(440-451)Online publication date: 9-Jun-2014
  • (2014)LEAPProceedings of the 16th International Conference on Computer Aided Verification - Volume 855910.1007/978-3-319-08867-9_41(620-627)Online publication date: 18-Jul-2014
  • (2013)Almost-correct specificationsACM SIGPLAN Notices10.1145/2499370.246218848:6(209-218)Online publication date: 16-Jun-2013
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media