Into the depths of C: elaborating the de facto standards

@article{Memarian2016IntoTD,
  title={Into the depths of C: elaborating the de facto standards},
  author={Kayvan Memarian and Justus Matthiesen and James Lingard and Kyndylan Nienhuis and David Chisnall and Robert N. M. Watson and Peter Sewell},
  journal={Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation},
  year={2016}
}
C remains central to our computing infrastructure. It is notionally defined by ISO standards, but in reality the properties of C assumed by systems code and those implemented by compilers have diverged, both from the ISO standards and from each other, and none of these are clearly understood. We make two contributions to help improve this error-prone situation. First, we describe an in-depth analysis of the design space for the semantics of pointers and memory in C as it is used in practice. We… 

Figures from this paper

Cerberus-BMC: A Principled Reference Semantics and Exploration Tool for Concurrent and Sequential C
TLDR
A tool is described, Cerberus-BMC, that for the first time provides a principled reference semantics that simultaneously supports a choice of concurrency memory model, a modern memory object model, and a well-validated thread-local semantics for a large fragment of the language.
Exploring C semantics and pointer provenance
TLDR
This paper aims to reconcile the ISO C standard, mainstream compiler behaviour, and the semantics relied on by the corpus of existing C code, and presents two coherent proposals, tracking provenance via integers and not; both address many design questions.
A Formal Model of Checked C
TLDR
This work presents a formal model of Checked C, a dialect of C that aims to enforce spatial memory safety, and formalizes this model in Coq, and proves that any spatial memorySafety errors can be blamed on portions of the program labeled unchecked.
RefinedC: automating the foundational verification of C code with refined ownership types
TLDR
A type system which combines ownership types for modular reasoning about shared state and concurrency with refinement types for encoding precise invariants on C data types and Hoare-style specifications for C functions, and is designed to be encodable in a new “separation logic programming” language the authors call Lithium.
Pointer Disambiguation via Strict Inequalities Maroua
TLDR
This paper constructs a program representation that bestows the Static Single Information (SSI) property onto the authors' dataflow analysis, and implements its static analysis in LLVM, which can be as much as six times more precise than the pointer disambiguation techniques already in place in that compiler.
Version of « Pointer Disambiguation via Strict Inequalities
TLDR
This paper constructs a program representation that bestows the Static Single Information (SSI) property onto the authors' dataflow analysis, and implements its static analysis in LLVM, which can be as much as six times more precise than the pointer disambiguation techniques already in place in that compiler.
VIP: verifying real-world C idioms with integer-pointer casts
TLDR
A verification tool, RefinedC-VIP, is built for verifying programs under VIP semantics, a new memory object model aimed at supporting C verification, and proves VIP compatible with PNVI, thus enabling verification on top of VIP to benefit from PN VI’s validation with respect to practice.
An operational semantics for C/C++11 concurrency
TLDR
This work develops an operational model for C/C++11 concurrency that covers all the features of the previous formalised axiomatic model, and has a mechanised proof that the two are equivalent, in Isabelle/HOL.
ISO / IEC JTC 1 / SC 22 / WG 14 N 2311 , 2018-1109 Exploring C Semantics and Pointer Provenance
TLDR
This paper aims to reconcile the ISO C standard, mainstream compiler behaviour, and the semantics relied on by the corpus of existing C code, and presents two coherent proposals, tracking provenance via integers and not; both address many design questions.
Pointer disambiguation via strict inequalities
TLDR
This paper constructs a program representation that bestows the Static Single Information (SSI) property onto the authors' dataflow analysis, and implements its static analysis in LLVM, which can be as much as six times more precise than the pointer disambiguation techniques already in place in that compiler.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 59 REFERENCES
An operational semantics for C/C++11 concurrency
TLDR
This work develops an operational model for C/C++11 concurrency that covers all the features of the previous formalised axiomatic model, and has a mechanised proof that the two are equivalent, in Isabelle/HOL.
A Precise and Abstract Memory Model for C Using Symbolic Values
TLDR
This work proposes a formal semantics which gives a well-defined meaning to those behaviours for the C dialect of the CompCert compiler which builds upon a novel memory model leveraging a notion of symbolic values.
Types, bytes, and separation logic
TLDR
A formal model of memory is presented that both captures the low-level features of C's pointers and memory, and forms the basis for an expressive implementation of separation logic that is applicable to real, security- and safety-critical code by formally verifying the memory allocator of the L4 microkernel.
Beyond the PDP-11: Architectural Support for a Memory-Safe C Abstract Machine
TLDR
A new memory-safe interpretation of the C abstract machine that provides stronger protection to benefit security and debugging, and refine the CHERI ISA and abstract model for C, by combining elements of theCHERI capability model and fat pointers.
A formal C memory model supporting integer-pointer casts
TLDR
This work presents the first formal memory model that allows many common optimizations and fully supports operations on the representation of pointers and all arithmetic operations are well-defined for pointers that have been cast to integers.
The CompCert Memory Model, Version 2
TLDR
The present research report describes version 2 of this memory model, improving over the main limitations of version 1, and integrating a fine-grained mechanism of permissions (access rights) that paves the way towards shared-memory, data-race-free concurrency in the style of Appel's Verified Software Toolchain project.
Mathematizing C++ concurrency
TLDR
This work establishes a mathematical (yet readable) semantics for C++ concurrency, which will aid discussion of any further changes, provide a correctness condition for compilers, and give a much-needed basis for analysis and verification of concurrent C and C++ programs.
A Value Analysis for C Programs
TLDR
The value analysis of Frama-C is a plug-in based on abstract interpretation that computes and stores supersets of possible values for all the variables at each statement of the analyzed program and produces run-time-error alarms.
Defining the undefinedness of C
TLDR
It is argued that this work is the most comprehensive and complete semantic treatment of undefined behavior in C, and thus of the C language itself.
A Concrete Memory Model for CompCert
TLDR
This paper presents the proof of an enhanced and more concrete memory model for the CompCert C compiler which assigns a definite meaning to more C programs and proves formally the soundness of CompCert’s abstract semantics of pointers.
...
1
2
3
4
5
...