A Verified CompCert Front-End for a Memory Model Supporting Pointer Arithmetic and Uninitialised Data

The CompCert C compiler guarantees that the target program behaves as the source program. Yet, source programs without a defined semantics do not benefit from this guarantee and could therefore be miscompiled. To reduce the possibility of a miscompilation, we propose a novel memory model for CompCert which gives a defined semantics to challenging features such as bitwise pointer arithmetics and access to uninitialised data. We evaluate our memory model both theoretically and experimentally. In our experiments, we identify pervasive low-level C idioms that require the additional expressiveness provided by our memory model. We also show that our memory model provably subsumes the existing CompCert memory model thus cross-validating both semantics. Our memory model relies on the core concepts of symbolic value and normalisation. A symbolic value models a delayed computation and the normalisation turns, when possible, a symbolic value into a genuine value. We show how to tame the expressive power of the normalisation so that the memory model fits the proof framework of CompCert. We also adapt the proofs of correctness of the compiler passes performed by CompCert’s front-end, thus demonstrating that our model is well-suited for proving compiler transformations.

[1]  Marc Pantel,et al.  Formally verified optimizing compilation in ACG-based flight control software , 2012 .

[2]  Xavier Leroy,et al.  Formal Verification of a C-like Memory Model and Its Uses for Verifying Program Transformations , 2008, Journal of Automated Reasoning.

[3]  Michael Norrish C formalised in HOL , 1998 .

[4]  Ganesh Gopalakrishnan,et al.  Computer Aided Verification - 23rd International Conference, CAV 2011, Snowbird, UT, USA, July 14-20, 2011. Proceedings , 2011, CAV.

[5]  Sandrine Blazy,et al.  A Precise and Abstract Memory Model for C Using Symbolic Values , 2014, APLAS.

[6]  Xavier Leroy,et al.  A Formally-Verified C Static Analyzer , 2015, POPL.

[7]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[8]  Robbert Krebbers An operational and axiomatic semantics for non-determinism and sequence points in C , 2014, POPL.

[9]  Sandrine Blazy,et al.  Experiments in validating formal semantics for C , 2007 .

[10]  Xavier Leroy,et al.  A Formally Verified Compiler Back-end , 2009, Journal of Automated Reasoning.

[11]  Wolfram Schulte,et al.  A Precise Yet Efficient Memory Model For C , 2009, Electron. Notes Theor. Comput. Sci..

[12]  Chucky Ellison,et al.  Defining the undefinedness of C , 2015, PLDI.

[13]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[14]  Xavier Leroy,et al.  Formal C Semantics: CompCert and the C Standard , 2014, ITP.

[15]  Robbert Krebbers,et al.  Aliasing Restrictions of C11 Formalized in Coq , 2013, CPP.

[16]  Michael Norrish,et al.  Types, bytes, and separation logic , 2007, POPL '07.

[17]  Andrew W. Appel,et al.  The CompCert memory model , 2014 .

[18]  Gerwin Klein,et al.  Don't sweat the small stuff: formal verification of C code without the pain , 2014, PLDI.

[19]  Xavier Leroy,et al.  Mechanized Semantics for the Clight Subset of the C Language , 2009, Journal of Automated Reasoning.

[20]  Alvin Cheung,et al.  Undefined behavior: what happened to my code? , 2012, APSys.

[21]  Chucky Ellison,et al.  An executable formal semantics of C with applications , 2011, POPL '12.

[22]  Zhong Shao,et al.  End-to-end verification of stack-space bounds for C programs , 2014, PLDI.

[23]  Tanja Lange,et al.  The Security Impact of a New Cryptographic Library , 2012, LATINCRYPT.

[24]  Jeehoon Kang,et al.  A formal C memory model supporting integer-pointer casts , 2015, PLDI.

[25]  Mark A. Hillebrand,et al.  VCC: A Practical System for Verifying Concurrent C , 2009, TPHOLs.

[26]  Eddie Kohler,et al.  The scalable commutativity rule , 2017, Commun. ACM.

[27]  Gerwin Klein,et al.  Bridging the Gap: Automatic Verified Abstraction of C , 2012, ITP.

[28]  Xuejun Yang,et al.  Finding and understanding bugs in C compilers , 2011, PLDI '11.