Open Access
An Executable Formal Semantics of C with Applications: Technical Report
Chucky Ellison,Grigore Rosu +1 more
TLDR
In this paper, the authors present an executable formal semantics of C. The semantics yields an interpreter, debugger, state space search tool, and model checker, which is shown capable of automatically finding program errors, both statically and at runtime.Abstract:
This paper describes an executable formal semantics of C. Being executable, the semantics has been thoroughly tested against the GCC torture test suite and successfully passes 770 of 776 test programs. It is the most complete and thoroughly tested formal definition of C to date. The semantics yields an interpreter, debugger, state space search tool, and model checker “for free”. The semantics is shown capable of automatically finding program errors, both statically and at runtime. It is also used to enumerate nondeterministic behavior.read more
Citations
More filters
Proceedings ArticleDOI
Compiler validation via equivalence modulo inputs
TL;DR: This work introduces equivalence modulo inputs (EMI), a simple, widely applicable methodology for validating optimizing compilers, and profiles a program's test executions and stochastically prune its unexecuted code to create a practical implementation.
Proceedings ArticleDOI
KEVM: A Complete Formal Semantics of the Ethereum Virtual Machine
Everett Hildenbrandt,Manasvi Saxena,Nishant Rodrigues,Xiaoran Zhu,Philip Daian,Dwight Guth,Brandon Moore,Daejun Park,Yi Zhang,Andrei Stefanescu,Grigore Rosu +10 more
TL;DR: KEVM is presented, an executable formal specification of the EVM's bytecode stack-based language built with the K Framework, designed to serve as a solid foundation for further formal analyses and to demonstrate the usability of the semantics.
Proceedings ArticleDOI
Test-case reduction for C compiler bugs
TL;DR: It is concluded that effective program reduction requires more than straightforward delta debugging, so three new, domain-specific test-case reducers are designed and implemented based on a novel framework in which a generic fixpoint computation invokes modular transformations that perform reduction operations.
Proceedings ArticleDOI
K-Java: A Complete Semantics of Java
Denis Bogdanas,Grigore Rosu +1 more
TL;DR: K-Java is presented, a complete executable formal semantics of Java 1.4 that is applied to model-check multi-threaded programs and is generic and ready to be used in other Java-related projects.
Proceedings ArticleDOI
Towards optimization-safe systems: analyzing the impact of undefined behavior
TL;DR: A novel model is proposed, which views unstable code in terms of optimizations that leverage undefined behavior, and a new static checker called Stack is introduced that precisely identifies unstable code.
References
More filters
Book
A retargetable C compiler : design and implementation
TL;DR: This new text examines the design and implementation of Icc, a production-quality, retargetable compiler, designed at ATT, and encourages a deeper understanding of programming in C, by providing C programmers with a tour of the language from the perspective of compiler authors.
Book ChapterDOI
The Semantics of the C Programming Language
Yuri Gurevich,James K. Huggins +1 more
TL;DR: This paper presents formal operational semantics for the C programming language, and presents a series of four evolving algebras, each a renement of the previous one of the ANSI standard for C.
Journal ArticleDOI
Mechanized Semantics for the Clight Subset of the C Language
Sandrine Blazy,Xavier Leroy +1 more
TL;DR: The formal semantics of a large subset of the C language called Clight is presented, which includes pointer arithmetic, struct and union types, C loops and structured switch statements, and is mechanized using the Coq proof assistant.
C formalised in HOL
TL;DR: This chapter proves a series of derived rules that provide C with Floyd-Hoare style “axiomatic” rules for verifying properties of programs, and proves the correctness of an automatic tool for constructing post-conditions for loops with break and return statements.
Book ChapterDOI
Matching logic: an alternative to hoare/floyd logic
TL;DR: Using a simple imperative language (IMP), it is shown that a restricted use of the matching logicProof system is equivalent to IMP's Hoare logic proof system, in that any proof derived using either can be turned into a proof using the other.