Formal Verification of a C Value Analysis Based on Abstract Interpretation

Blazy, Sandrine; Laporte, Vincent; Maroneze, André; Pichardie, David

doi:10.1007/978-3-642-38856-9_18

Cited by 31 publications

(50 citation statements)

References 28 publications

(39 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A value analysis is usually based on abstract interpretation and uses widening and narrowing operators to speed up fixpoint resolution. The formal verification of a value analysis based on abstract interpretation and operating over a real-world language raises many challenging verification problems that are detailed in [7].…”

Section: Overviewmentioning

confidence: 99%

See 1 more Smart Citation

Formal Verification of Loop Bound Estimation for WCET Analysis

Blazy¹,

Maroneze²,

Pichardie³

2014

Verified Software: Theories, Tools, Experiments

Self Cite

View full text Add to dashboard Cite

Abstract. Worst-case execution time (WCET) estimation tools are complex pieces of software performing tasks such as computation on control flow graphs (CFGs) and bound calculation. In this paper, we present a formal verification (in Coq) of a loop bound estimation. It relies on program slicing and bound calculation. The work has been integrated into the CompCert verified C compiler. Our verified analyses directly operate on non-structured CFGs. We extend the CompCert RTL intermediate language with a notion of loop nesting (a.k.a. weak topological ordering on CFGs) that is useful for reasoning on CFGs. The automatic extraction of our loop bound estimation into OCaml yields a program with competitive results, obtained from experiments on a reference benchmark for WCET bound estimation tools.

show abstract

Section: Overviewmentioning

confidence: 99%

“…the estimated values (represented by an interval) of the program variables. Thus, given a program P and a vertex l, value(P )(l) yields a map such that for any variable x, value(P )(l)(x) is an interval Our formally verified value analysis is detailed in [7].…”

Section: Bounding Local Countersmentioning

confidence: 99%

Formal Verification of Loop Bound Estimation for WCET Analysis

Blazy¹,

Maroneze²,

Pichardie³

2014

Verified Software: Theories, Tools, Experiments

Self Cite

View full text Add to dashboard Cite

show abstract

“…An abstract memory domain is a carrier type along with some primitive operators whose signatures are given in Figure 4. The ab_num type refers to a numeric abstract domain, as described in [3]: we only require that this type is equipped with a concretization to sets of machine integers and abstract transformers corresponding to arithmetic operations.…”

Section: Abstract Interpretermentioning

confidence: 99%

“…In a previous work [3], we formally verified a value analysis for an intermediate language of the Compcert C compiler toolchain. The current work shares the same notion of abstract numerical domain but develops its own notion of memory abstraction, dynamic control-flow graph reconstruction and trace partitioning.…”

Section: A Third Extension: Abstract Decodingmentioning

confidence: 99%

“…Indeed a prerequisite in such semantics is the isolation and the non-modification of code in memory. Turning to verified static analyses, they operate over toy languages [5,16] or more recently over realistic C-like languages [18,3], but they assume that the control-flow graph is extracted by a preliminary step, and thus they do not encompass techniques devoted to self-modifying code.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Verified Abstract Interpretation Techniques for Disassembling Low-level Self-modifying Code

Blazy

Laporte

Pichardie

2014

Interactive Theorem Proving

Self Cite

View full text Add to dashboard Cite

Static analysis of binary code is challenging for several reasons. In particular, standard static analysis techniques operate over control flow graphs, which are not available when dealing with self-modifying programs which can modify their own code at runtime. We formalize in the Coq proof assistant some key abstract interpretation techniques that automatically extract memory safety properties from binary code. Our analyzer is formally proved correct and has been run on several self-modifying challenges, provided by Cai et al. in their PLDI 2007 paper.

show abstract

QuickChecking static analysis properties

Midtgaard

Möller

2017

Software Testing Verif & Rel

View full text Add to dashboard Cite

Abstract-A static analysis can check programs for potential errors. A natural question that arises is therefore: who checks the checker? Researchers have given this question varying attention, ranging from basic testing techniques, informal monotonicity arguments, thorough pen-and-paper soundness proofs, to verified fixed point checking. In this paper we demonstrate how quickchecking can be useful for testing a range of static analysis properties with limited effort. We show how to check a range of algebraic lattice properties, to help ensure that an implementation follows the formal specification of a lattice. Moreover, we offer a number of generic, type-safe combinators to check transfer functions and operators on lattices, to help ensure that these are, e.g., monotone, strict, or invariant. We substantiate our claims by quickchecking a type analysis for the Lua programming language.

show abstract

Formal Verification of a C Value Analysis Based on Abstract Interpretation

Cited by 31 publications

References 28 publications

Formal Verification of Loop Bound Estimation for WCET Analysis

Formal Verification of Loop Bound Estimation for WCET Analysis

Verified Abstract Interpretation Techniques for Disassembling Low-level Self-modifying Code

QuickChecking static analysis properties

Contact Info

Product

Resources

About