Proceedings ArticleDOI
Defining the undefinedness of C
Chris Hathhorn,Chucky Ellison,Grigore Rosu +2 more
- Vol. 50, Iss: 6, pp 336-345
Reads0
Chats0
TLDR
It is argued that this work is the most comprehensive and complete semantic treatment of undefined behavior in C, and thus of the C language itself.Abstract:
We present a ``negative'' semantics of the C11 language---a semantics that does not just give meaning to correct programs, but also rejects undefined programs. We investigate undefined behavior in C and discuss the techniques and special considerations needed for formally specifying it. We have used these techniques to modify and extend a semantics of C into one that captures undefined behavior. The amount of semantic infrastructure and effort required to achieve this was unexpectedly high, in the end nearly doubling the size of the original semantics. From our semantics, we have automatically extracted an undefinedness checker, which we evaluate against other popular analysis tools, using our own test suite in addition to a third-party test suite. Our checker is capable of detecting examples of all 77 categories of core language undefinedness appearing in the C11 standard, more than any other tool we considered. Based on this evaluation, we argue that our work is the most comprehensive and complete semantic treatment of undefined behavior in C, and thus of the C language itself.read more
Citations
More filters
Proceedings ArticleDOI
KEVM: A Complete Formal Semantics of the Ethereum Virtual Machine
Everett Hildenbrandt,Manasvi Saxena,Nishant Rodrigues,Xiaoran Zhu,Philip Daian,Dwight Guth,Brandon Moore,Daejun Park,Yi Zhang,Andrei Stefanescu,Grigore Rosu +10 more
TL;DR: KEVM is presented, an executable formal specification of the EVM's bytecode stack-based language built with the K Framework, designed to serve as a solid foundation for further formal analyses and to demonstrate the usability of the semantics.
Proceedings ArticleDOI
Towards optimization-safe systems: analyzing the impact of undefined behavior
TL;DR: A novel model is proposed, which views unstable code in terms of optimizations that leverage undefined behavior, and a new static checker called Stack is introduced that precisely identifies unstable code.
KEVM: A Complete Semantics of the Ethereum Virtual Machine
Everett Hildenbrandt,Manasvi Saxena,Xiaoran Zhu,Nishant Rodrigues,Philip Daian,Dwight Guth,Grigore Rosu +6 more
TL;DR: KEVM is presented, the first fully executable formal semantics of the EVM, the bytecode language in which smart contracts are executed, in a framework for executable semantics, the K framework, and it is shown that the approach is feasible and not computationally restrictive.
Proceedings ArticleDOI
SAVIOR: Towards Bug-Driven Hybrid Testing
TL;DR: This work proposes SAVIOR, a new hybrid testing framework pioneering a bug-driven principle that outperforms mainstream automated testing techniques, including state-of-the-art hybrid testing systems driven by code coverage.
Proceedings ArticleDOI
Into the depths of C: elaborating the de facto standards
Kayvan Memarian,Justus Matthiesen,James Lingard,Kyndylan Nienhuis,David Chisnall,Robert N. M. Watson,Peter Sewell +6 more
TL;DR: An in-depth analysis of the design space for the semantics of pointers and memory in C as it is used in practice is described, a step towards clear, consistent, and accepted semantics for the various use-cases of C.
References
More filters
Proceedings ArticleDOI
Valgrind: a framework for heavyweight dynamic binary instrumentation
TL;DR: Valgrind is described, a DBI framework designed for building heavyweight DBA tools that can be used to build more interesting, heavyweight tools that are difficult or impossible to build with other DBI frameworks such as Pin and DynamoRIO.
Journal ArticleDOI
Conditional rewriting logic as a unified model of concurrency
José Meseguer,José Meseguer +1 more
TL;DR: Maude as discussed by the authors is a programming language whose modules are rewriting logic theories, which is defined and given denotational and operational semantics, and it provides a simple unification of concurrent programming with functional and object-oriented programming and supports high level declarative programming of concurrent systems.
Journal ArticleDOI
Formal verification of a realistic compiler
TL;DR: This paper reports on the development and formal verification of CompCert, a compiler from Clight (a large subset of the C programming language) to PowerPC assembly code, using the Coq proof assistant both for programming the compiler and for proving its correctness.
Proceedings Article
Cyclone: A Safe Dialect of C
TL;DR: This paper examines safety violations enabled by C’s design, and shows how Cyclone avoids them, without giving up C”s hallmark control over low-level details such as data representation and memory management.
Journal ArticleDOI
CCured: type-safe retrofitting of legacy code
TL;DR: The CCured type system is described, which extends that of C by separating pointer types according to their usage, and allows both pointers whose usage can be verified statically to be type safe, and pointers whose safety must be checked at run time.