RV-Match: Practical Semantics-Based Program Analysis

We present RV-Match, a tool for checking C programs for undefined behavior and other common programmer mistakes. Our tool is extracted from the most complete formal semantics of the C11 language. Previous versions of this tool were used primarily for testing the correctness of the semantics, but we have improved it into a tool for doing practical analysis of real C programs. It beats many similar tools in its ability to catch a broad range of undesirable behaviors. We demonstrate this with comparisons based on a third-party benchmark.

[1]  Shinichi Shiraishi,et al.  Test suites for benchmarks of static analysis tools , 2015, 2015 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW).

[2]  Chucky Ellison,et al.  Defining the undefinedness of C , 2015, PLDI.

[3]  Chucky Ellison,et al.  An executable formal semantics of C with applications , 2011, POPL '12.

[4]  Benjamin Monate,et al.  A Value Analysis for C Programs , 2009, 2009 Ninth IEEE International Working Conference on Source Code Analysis and Manipulation.

[5]  Charles McEwen Ellison,et al.  A formal semantics of C with applications , 2012 .

[6]  Nicholas Nethercote,et al.  Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.

[7]  Rupak Majumdar,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 1997, Lecture Notes in Computer Science.

[8]  Grigore Rosu,et al.  An overview of the K semantic framework , 2010, J. Log. Algebraic Methods Program..

[9]  Dirk Beyer,et al.  Reliable and Reproducible Competition Results with BenchExec and Witnesses (Report on SV-COMP 2016) , 2016, TACAS.

[10]  Brian Campbell,et al.  An Executable Semantics for CompCert C , 2012, CPP.