A Formal C Memory Model for Separation Logic

Krebbers, Robbert

doi:10.1007/s10817-016-9369-1

Cited by 8 publications

(13 citation statements)

References 51 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the above definition, symbolic memory models are simple liftings of the concrete ones. In the implementation, we employ heavy optimisation: for example, in Gillian-C, we have developed a complex tree representation of symbolic blocks inspired by [29], enabling tractable reasoning about arrays of symbolic size.…”

Section: Compositional Memory Models: Javascript and Cmentioning

confidence: 99%

“…Despite a large body of work on separation logic for C, we were unable to find a partial C memory model that captures the negative resource in its entirety. The nearest is probably the CH20 formalism [29], which handles freed locations but not block bounds. Negative resource for freed locations has also been used in incorrectness logic [39], and for block bounds in a program logic for WebAssembly [48].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Gillian, Part II: Real-World Verification for JavaScript and C

Maksimovic

Ayoun

Santos

et al. 2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We introduce verification based on separation logic to Gillian, a multi-language platform for the development of symbolic analysis tools which is parametric on the memory model of the target language. Our work develops a methodology for constructing compositional memory models for Gillian, leading to a unified presentation of the JavaScript and C memory models. We verify the JavaScript and C implementations of the AWS Encryption SDK message header deserialisation module, specifically designing common abstractions used for both verification tasks, and find two bugs in the JavaScript and three bugs in the C implementation.

show abstract

Section: Compositional Memory Models: Javascript and Cmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Gillian, Part II: Real-World Verification for JavaScript and C

Maksimovic

Ayoun

Santos

et al. 2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…C Semantics. There has been a considerable body of work on formal semantics for the C language, including several large projects that aimed to formalize substantial subsets of C [17,20,30,37,41,44], and projects that focused on specific aspects like its memory model [10,13,27,28,31,38,40,41], weak memory concurrency [4,36,43], non-local control flow [35], verified compilation [37,48], etc.…”

Section: Related Workmentioning

confidence: 99%

“…The focus of this paper-non-determinism in C expressions-has been treated formally a number of times, notably by Norrish [44], Ellison and Rosu [17], Krebbers [31], and Memarian et al [41]. The first three have in common that they model the sequence point restriction by keeping track of the locations that have been written to.…”

Section: Related Workmentioning

confidence: 99%

“…The treatment of sequence points in our definitional semantics is closely inspired by the work of Ellison and Rosu [17], which resembles closely what is in the C standard. Krebbers [31] used a more restrictive version of the semantics by Ellison and Rosu-he assigned undefined behavior in some corner cases to ease the soundness theorem of his logic. We directly proved soundness of the logic w.r.t.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Semi-automated Reasoning About Non-determinism in C Expressions

Frumin

Gondelman

Krebbers

2019

Programming Languages and Systems

Self Cite

View full text Add to dashboard Cite

Research into C verification often ignores that the C standard leaves the evaluation order of expressions unspecified, and assigns undefined behavior to write-write or read-write conflicts in subexpressionsso called "sequence point violations". These aspects should be accounted for in verification because C compilers exploit them.We present a verification condition generator (vcgen) that enables one to semi-automatically prove the absence of undefined behavior in a given C program for any evaluation order. The key novelty of our approach is a symbolic execution algorithm that computes a frame at the same time as a postcondition. The frame is used to automatically determine how resources should be distributed among subexpressions.We prove correctness of our vcgen with respect to a new monadic definitional semantics of a subset of C. This semantics is modular and gives a concise account of non-determinism in C.We have implemented our vcgen as a tactic in the Coq interactive theorem prover, and have proved correctness of it using a separation logic for the new monadic definitional semantics of a subset of C.

show abstract

The Trusted Computing Base of the CompCert Verified Compiler

Monniaux

Boulmé

2022

Programming Languages and Systems

View full text Add to dashboard Cite

is the first realistic formally verified compiler: it provides a machine-checked mathematical proof that the code it generates matches the source code. Yet, there could be loopholes in this approach. We comprehensively analyze aspects of where errors could lead to incorrect code being generated. Possible issues range from the modeling of the source and the target languages to some techniques used to call external algorithms from within the compiler.

show abstract

A Formal C Memory Model for Separation Logic

Cited by 8 publications

References 51 publications

Gillian, Part II: Real-World Verification for JavaScript and C

Gillian, Part II: Real-World Verification for JavaScript and C

Semi-automated Reasoning About Non-determinism in C Expressions

The Trusted Computing Base of the CompCert Verified Compiler

Contact Info

Product

Resources

About