Exploring C semantics and pointer provenance

Memarian, Kayvan; Gomes, Victor B. F.; Davis, Brooks; Kell, Stephen; Richardson, Alexander; Watson, Robert N. M.; Sewell, Peter

doi:10.1145/3290380

Cited by 31 publications

(41 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A priori, one might imagine C follows one of two language-design extremes: a concrete byte-array model with pointers that are simply machine words, or an abstract model with pointers combining abstract block IDs and structured offsets. In fact C is neither of these: it permits casts between pointer and integer types, and manipulation of their byte representations, to support low-level systems programming, but, while at runtime a C pointer will typically just be a machine word, compiler analyses and optimisations reason about abstract notions of the provenance of pointers [27,29,31]. This is a subject of active discussion in the ISO C and C++ committees and in compiler development communities.…”

Section: The Memory Object Modelmentioning

confidence: 99%

“…Then the user can load (or edit in the web interface) a small C program. The tool first applies the Cerberus compositional translation (or elab-oration) into a simple Core language, as in [29,31]; this elaboration addresses (3) by making many of the thread-local subtleties of C explicit, including the loose specification of evaluation order, arithmetic conversions, implementation-defined behaviour, and many kinds of undefined behaviour. Core computation is simply over mathematical integers, with explicit memory actions to interface with the concurrency and memory object models.…”

Section: The Thread-local Sequential Semanticsmentioning

confidence: 99%

“…This is integrated with the concurrency model, also translated into SMT, following the ideas of [5]. These are furthermore integrated with an SMT version of parts of the PNVI (provenance-not-via-integers) memory object model of [29], the basis for ongoing work within the ISO WG14 C standards committee, addressing (2). The resulting SMT problems are passed to Z3 [32].…”

Section: The Thread-local Sequential Semanticsmentioning

confidence: 99%

“…With respect to the thread semantics, our translation to SMT does not currently cover arbitrary pointer type-casting, function pointers, multi-dimensional arrays, unions, floating point, bitwise operations, and variadic functions, and only covers simple structs. In addition, we inherit the limitations of the Cerberus thread semantics as per [29].…”

Section: The Thread-local Sequential Semanticsmentioning

confidence: 99%

See 3 more Smart Citations

Cerberus-BMC: A Principled Reference Semantics and Exploration Tool for Concurrent and Sequential C

Lau

Gomes

Memarian

et al. 2019

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

C remains central to our infrastructure, making verification of C code an essential and much-researched topic, but the semantics of C is remarkably complex, and important aspects of it are still unsettled, leaving programmers and verification tool builders on shaky ground. This paper describes a tool, Cerberus-BMC, that for the first time provides a principled reference semantics that simultaneously supports (1) a choice of concurrency memory model (including substantial fragments of the C11, RC11, and Linux kernel memory models), (2) a modern memory object model, and (3) a well-validated thread-local semantics for a large fragment of the language. The tool should be useful for C programmers, compiler writers, verification tool builders, and members of the C/C++ standards committees.

show abstract

Section: The Memory Object Modelmentioning

confidence: 99%

Section: The Thread-local Sequential Semanticsmentioning

confidence: 99%

Section: The Thread-local Sequential Semanticsmentioning

confidence: 99%

Section: The Thread-local Sequential Semanticsmentioning

confidence: 99%

See 2 more Smart Citations

Cerberus-BMC: A Principled Reference Semantics and Exploration Tool for Concurrent and Sequential C

Lau

Gomes

Memarian

et al. 2019

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

show abstract

“…C Semantics. There has been a considerable body of work on formal semantics for the C language, including several large projects that aimed to formalize substantial subsets of C [17,20,30,37,41,44], and projects that focused on specific aspects like its memory model [10,13,27,28,31,38,40,41], weak memory concurrency [4,36,43], non-local control flow [35], verified compilation [37,48], etc.…”

Section: Related Workmentioning

confidence: 99%

Semi-automated Reasoning About Non-determinism in C Expressions

Frumin

Gondelman

Krebbers

2019

Programming Languages and Systems

View full text Add to dashboard Cite

Research into C verification often ignores that the C standard leaves the evaluation order of expressions unspecified, and assigns undefined behavior to write-write or read-write conflicts in subexpressionsso called "sequence point violations". These aspects should be accounted for in verification because C compilers exploit them.We present a verification condition generator (vcgen) that enables one to semi-automatically prove the absence of undefined behavior in a given C program for any evaluation order. The key novelty of our approach is a symbolic execution algorithm that computes a frame at the same time as a postcondition. The frame is used to automatically determine how resources should be distributed among subexpressions.We prove correctness of our vcgen with respect to a new monadic definitional semantics of a subset of C. This semantics is modular and gives a concise account of non-determinism in C.We have implemented our vcgen as a tactic in the Coq interactive theorem prover, and have proved correctness of it using a separation logic for the new monadic definitional semantics of a subset of C.

show abstract

An SMT Encoding of LLVM’s Memory Model for Bounded Translation Validation

Lee

Kim

Hur

et al. 2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Several automatic verification tools have been recently developed to verify subsets of LLVM’s optimizations. However, none of these tools has robust support to verify memory optimizations.In this paper, we present the first SMT encoding of LLVM’s memory model that 1) is sufficiently precise to validate all of LLVM’s intra-procedural memory optimizations, and 2) enables bounded translation validation of programs with up to hundreds of thousands of lines of code. We implemented our new encoding in Alive2, a bounded translation validation tool, and used it to uncover 21 new bugs in LLVM memory optimizations, 10 of which have been already fixed. We also found several inconsistencies in LLVM IR’s official specification document (LangRef) and fixed LLVM’s code and the document so they are in agreement.

show abstract

Exploring C semantics and pointer provenance

Cited by 31 publications

References 45 publications

Cerberus-BMC: A Principled Reference Semantics and Exploration Tool for Concurrent and Sequential C

Cerberus-BMC: A Principled Reference Semantics and Exploration Tool for Concurrent and Sequential C

Semi-automated Reasoning About Non-determinism in C Expressions

An SMT Encoding of LLVM’s Memory Model for Bounded Translation Validation

Contact Info

Product

Resources

About