Chucky Ellison
ABSTRACT
This paper describes an executable formal semantics of C. Being executable, the semantics has been thoroughly tested against the GCC torture test suite and successfully passes 99.2% of 776 test programs. It is the most complete and thoroughly tested formal definition of C to date. The semantics yields an interpreter, debugger, state space search tool, and model checker "for free". The semantics is shown capable of automatically finding program errors, both statically and at runtime. It is also used to enumerate nondeterministic behavior.
Supplemental Material
- S. Blazy and X. Leroy. Mechanized semantics for the Clight subset of the C language. Journal Of Automated Reasoning, 43 (3): 263--288, 2009.Google Scholar
Cross Ref
- R. S. Boyer and J. S. Moore. A Computational Logic Handbook. Academic Press, second edition, 1998.Google Scholar
- M. Clavel, F. Durán, S. Eker, J. Meseguer, P. Lincoln, N. Martı-Oliet, and C. Talcott. All About Maude, A High-Performance Logical Framework, volume 4350 of LNCS. Springer, 2007. Google ScholarDigital Library
- J. V. Cook and S. Subramanian. A formal semantics for C in Nqthm. Technical Report 517D, Trusted Information Systems, November 1994.Google Scholar
- J. V. Cook, E. L. Cohen, and T. S. Redmond. A formal denotational semantics for C. Technical Report 409D, Trusted Information Systems, September 1994.Google Scholar
- P. Cuoq, J. Signoles, P. Baudin, R. Bonichon, G. Canet, L. Correnson, B. Monate, V. Prevosto, and A. Puccetti. Experience report: OCaml for an industrial-strength static analysis framework. SIGPLAN Not., 44: 281--286, August 2009. Google ScholarDigital Library
- T. Duff. On Duff's device, 1988. URL http://www.lysator.liu.se/c/duffs-device.html. Msg. to the comp.lang.c Usenet group.Google Scholar
- C. Ellison, T. F. Serbanuta, and G. Rosu. A rewriting logic approach to type inference. In 19th International Workshop on Algebraic Development Techniques (WADT'08), volume 5486 of LNCS, pages 135--151, 2009. Google ScholarDigital Library
- F. GNU compiler collection, 2010. URL http://gcc.gnu.org.Google Scholar
- F. C language testsuites: "C-torture" version 4.4.2, 2010. URL http://gcc.gnu.org/onlinedocs/gccint/C-Tests.html.Google Scholar
- Y. Gurevich and J. K. Huggins. The semantics of the C programming language. In Computer Science Logic, volume 702 of LNCS, pages 274--308, 1993. Google ScholarDigital Library
- D. R. Hanson and C. W. Fraser. A Retargetable C Compiler: Design and Implementation. Addison-Wesley, 1995. Google ScholarDigital Library
- JTC 1, SC 22, WG 14. ISO/IEC 9899:1999: Programming languages--C. Technical Report n1256, International Organization for Standardization, December 1999.Google Scholar
- ISO/IEC JTC 1, SC 22, WG 14. Rationale for international standard--programming languages--C. Technical Report 5.10, International Organization for Standardization, April 2003.Google Scholar
- ISO/IEC JTC 1, SC 22, WG 14. ISO/IEC 9899:201x: Programming languages--C. Technical Report n1570, International Organization for Standardization, August 2011.Google Scholar
- D. M. Jones. The New C Standard: An Economic and Cultural Commentary. Self-published, December 2008. URL http://www.knosof.co.uk/cbook/cbook.html.Google Scholar
- B. W. Kernighan and D. M. Ritchie. The C Programming Language. Prentice Hall, second edition, 1988. Google ScholarDigital Library
- J. Meseguer. Conditional rewriting logic as a unified model of concurrency. Theoretical Computer Science, 96 (1): 73--155, 1992. Google ScholarDigital Library
- G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In International Conference on Compiler Construction, pages 213--228, 2002. Google ScholarDigital Library
- M. Nita, D. Grossman, and C. Chambers. A theory of platform-dependent low-level software. In 35th ACM Symposium on Principles of Programming Languages (POPL'08), 2008. Google ScholarDigital Library
- L. C. Noll, S. Cooper, P. Seebach, and L. A. Broukhis. The international obfuscated C code contest, 2010. URL http://www.ioccc.org/.Google Scholar
- M. Norrish. C formalised in HOL. Technical Report UCAM-CL-TR-453, University of Cambridge, December 1998.Google Scholar
- M. Norrish. A formal semantics for CC. Technical report, NICTA, 2008. URL http://nicta.com.au/people/norrishm/attachments/bibliographies_and_papers/C-TR.pdf.Google Scholar
- N. S. Papaspyrou. A Formal Semantics for the C Programming Language. PhD thesis, \National Technical University of Athens, 1998.Google Scholar
- N. S. Papaspyrou. Denotational semantics of ANSI C. Computer Standards and Interfaces, 23 (3): 169--185, 2001. Google ScholarDigital Library
- N. S. Papaspyrou and D. Maćos. A study of evaluation order semantics in expressions with side effects. Journal Of Functional Programming, 10 (3): 227--244, 2000. Google ScholarDigital Library
- G. D. Plotkin. The origins of structural operational semantics. Journal Of Logic and Algebraic Programming, 60: 60--61, 2004.Google Scholar
- G. Rosu and T. F. Serbanuta. An overview of the K semantic framework. Journal Of Logic and Algebraic Programming, 79 (6): 397--434, 2010.Google ScholarCross Ref
- G. Rosu and A. Stefanescu. Matching logic: A new program verification approach (NIER track). In 30th International Conference on Software Engineering (ICSE'11), pages 868--871, 2011. Google ScholarDigital Library
- G. Rosu, W. Schulte, and T. F. Serbanuta. Runtime verification of C memory safety. In Runtime Verification (RV'09), volume 5779 of LNCS, pages 132--152, 2009.Google ScholarDigital Library
- G. Rosu, C. Ellison, and W. Schulte. Matching logic: An alternative to Hoare/Floyd logic. In 13th International Conference on Algebraic Methodology and Software Technology (AMAST'10), volume 6486 of LNCS, pages 142--162, 2010. Google ScholarDigital Library
- T. F. Serbanuta and G. Rosu. K-Maude: A rewriting based tool for semantics of programming languages. In 8th International Workshop on Rewriting Logic and its Applications (WRLA'09), volume 6381 of LNCS, pages 104--122, 2010. Google ScholarDigital Library
- S. Subramanian and J. V. Cook. Mechanical verification of C programs. In ACM SIGSOFT Workshop on Formal Methods in Software Practice, January 1996.Google Scholar
- S. Summit. C programming FAQs: Frequently asked questions, 2005. URL http://www.c-faq.com/. Google ScholarDigital Library
- X. Yang, Y. Chen, E. Eide, and J. Regehr. Finding and understanding bugs in C compilers. In 32nd Conference on Programming Language Design and Implementation (PLDI'11), pages 283--294, 2011. Google ScholarDigital Library
- W. Zimmermann and A. Dold. A framework for modeling the semantics of expression evaluation with abstract state machines. In Abstract State Machines, volume 2589 of LNCS, pages 391--406, 2003. Google ScholarDigital Library
Index Terms
- An executable formal semantics of C with applications
Recommendations
Modular, compositional, and executable formal semantics for LLVM IR
This paper presents a novel formal semantics, mechanized in Coq, for a large, sequential subset of the LLVM IR. In contrast to previous approaches, which use relationally-specified operational semantics, this new semantics is based on monadic ...
An executable formal semantics of C with applications
POPL '12This paper describes an executable formal semantics of C. Being executable, the semantics has been thoroughly tested against the GCC torture test suite and successfully passes 99.2% of 776 test programs. It is the most complete and thoroughly tested ...
A formal executable semantics of Verilog
MEMOCODE '10: Proceedings of the Eighth ACM/IEEE International Conference on Formal Methods and Models for CodesignThis paper describes a formal executable semantics for the Verilog hardware description language. The goal of our formalization is to provide a concise and mathematically rigorous reference augmenting the prose of the official language standard, and ...
Comments