A theory of platform-dependent low-level software

Nita, Marius; Grossman, Dan; Chambers, Craig

doi:10.1145/1328438.1328465

Cited by 12 publications

(5 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, it supports the platformdependent idiom of treating an array of: struct { short i1; short i2; short i3; short i4;}; as an array of short. We have proven safety given this subtyping rule (Nita et al 2007). …”

Section: Arraysmentioning

confidence: 85%

“…See the technical report (Nita et al 2007) for the complete system, which includes rules for run-time forms (such as w) and heaps.…”

Section: Metatheory and Low-level Static Semanticsmentioning

confidence: 99%

“…Additional discussion of extensions, including support for readonly (const) pointers, for platforms that choose to skip pad bytes when copying values, and for proper recursive subtyping (Amadio and Cardelli 1993), can be found in the companion technical report (Nita et al 2007). All these extensions permit more subtyping.…”

Section: Other Extensionsmentioning

confidence: 99%

See 2 more Smart Citations

A theory of platform-dependent low-level software

2008

Self Cite

View full text Add to dashboard Cite

The C language definition leaves the sizes and layouts of types partially unspecified. When a C program makes assumptions about type layout, its semantics is defined only on platforms (C compilers and the underlying hardware) on which those assumptions hold. Previous work on formalizing C-like languages has ignored this issue, either by assuming that programs do not make such assumptions or by assuming that all valid programs target only one platform. In the latter case, the platform's choices are hard-wired in the language semantics.In this paper, we present a practically-motivated model for a C-like language in which the memory layouts of types are left largely unspecified. The dynamic semantics is parameterized by a platform's layout policy and makes manifest the consequence of platform-dependent (i.e., unspecified) steps. A type-and-effect system produces a layout constraint: a logic formula encoding layout conditions under which the program is memory-safe. We prove that if a program type-checks, it is memory-safe on all platforms satisfying its constraint.Based on our theory, we have implemented a tool that discovers unportable layout assumptions in C programs. Our approach should generalize to other kinds of platform-dependent assumptions.

show abstract

Section: Arraysmentioning

confidence: 85%

“…See the technical report (Nita et al 2007) for the complete system, which includes rules for run-time forms (such as w) and heaps.…”

Section: Metatheory and Low-level Static Semanticsmentioning

confidence: 99%

See 1 more Smart Citation

A theory of platform-dependent low-level software

2008

Self Cite

View full text Add to dashboard Cite

show abstract

“…We can also imagine implementing a read-only filesystem that allows access to the real, underlying filesystem, but treats writes (and other dangerous operations, like execve) as noops. We consider platform-specific filesystems, like /proc, as out of scope; we could in theory apply platform-dependent reasoning [Nita et al 2008].…”

Section: Simulating Posixmentioning

confidence: 99%

Executable formal semantics for the POSIX shell

Greenberg

Blatt²

2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

The POSIX shell is a widely deployed, powerful tool for managing computer systems. The shell is the expert's control panel, a necessary tool for configuring, compiling, installing, maintaining, and deploying systems. Even though it is powerful, critical infrastructure, the POSIX shell is maligned and misunderstood. Its power and its subtlety are a dangerous combination.We define a formal, mechanized, executable small-step semantics for the POSIX shell, which we call Smoosh. We compared Smoosh against seven other shells that aim for some measure of POSIX compliance (bash, dash, zsh, OSH, mksh, ksh93, and yash). Using three test suites-the POSIX test suite, the Modernish test suite and shell diagnosis, and a test suite of our own device-we found Smoosh's semantics to be the most conformant to the POSIX standard. Modernish judges Smoosh to have the fewest bugs (just one, from using dash's parser) and no quirks. To show that our semantics is useful beyond yielding a conformant, executable shell, we also implemented a symbolic stepper to illuminate the subtle behavior of the shell.Smoosh will serve as a foundation for formal study of the POSIX shell, supporting research on and development of new shells, new tooling for shells, and new shell designs.Additional Key Words and Phrases: command line interfaces, POSIX, formalization, small-step semantics * Work done while at Pomona College. 1 A misunderstanding of expansion in a Steam script wiped hard drives:

show abstract

“…This means we cannot catch undefined behavior related to alignment restrictions. Note that others have worked on formalizing alignment requirements [20], but it has never been incorporated into a full semantics for C. We also do not handle type qualifiers (like const or volatile); we simply ignore them. This is safe to do when interpreting correct programs, but it means we are not detecting problems related to those features in incorrect programs.…”

Section: Limitations and Future Workmentioning

confidence: 99%

An executable formal semantics of C with applications

Ellison

Roşu

2012

Proceedings of the 39th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages

157

View full text Add to dashboard Cite

This paper describes an executable formal semantics of C. Being executable, the semantics has been thoroughly tested against the GCC torture test suite and successfully passes 99.2% of 776 test programs. It is the most complete and thoroughly tested formal definition of C to date. The semantics yields an interpreter, debugger, state space search tool, and model checker "for free". The semantics is shown capable of automatically finding program errors, both statically and at runtime. It is also used to enumerate nondeterministic behavior.

show abstract

A theory of platform-dependent low-level software

Cited by 12 publications

References 29 publications

A theory of platform-dependent low-level software

A theory of platform-dependent low-level software

Executable formal semantics for the POSIX shell

An executable formal semantics of C with applications

Contact Info

Product

Resources

About