An executable formal semantics of C with applications

This paper describes an executable formal semantics of C. Being executable, the semantics has been thoroughly tested against the GCC torture test suite and successfully passes 99.2% of 776 test programs. It is the most complete and thoroughly tested formal definition of C to date. The semantics yields an interpreter, debugger, state space search tool, and model checker "for free". The semantics is shown capable of automatically finding program errors, both statically and at runtime. It is also used to enumerate nondeterministic behavior.

[1]  Brian W. Kernighan,et al.  The C Programming Language , 1978 .

[2]  Robert S. Boyer,et al.  A computational logic handbook , 1979, Perspectives in computing.

[3]  Peter D. Mosses,et al.  Denotational semantics , 1995, LICS 1995.

[4]  José Meseguer,et al.  Conditioned Rewriting Logic as a United Model of Concurrency , 1992, Theor. Comput. Sci..

[5]  Yuri Gurevich,et al.  The Semantics of the C Programming Language , 1992, CSL.

[6]  Christopher W. Fraser,et al.  A Retargetable C Compiler: Design and Implementation , 1995 .

[7]  Steve Summit C Programming FAQs: Frequently Asked Questions , 1995 .

[8]  Steven S. Muchnick,et al.  Advanced Compiler Design and Implementation , 1997 .

[9]  Michael Norrish C formalised in HOL , 1998 .

[10]  Nikolaos Papaspyrou,et al.  A Formal Semantics for the C Programming Language , 2000 .

[11]  Dragan Macos,et al.  A study of evaluation order semantics in expressions with side effects , 2000, J. Funct. Program..

[12]  Nikolaos S. Papaspyrou Denotational semantics of ANSI C , 2001, Comput. Stand. Interfaces.

[13]  George C. Necula,et al.  CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs , 2002, CC.

[14]  Axel Dold,et al.  A Framework for Modeling the Semantics of Expression Evaluation with Abstract State Machines , 2003, Abstract State Machines.

[15]  Gordon D. Plotkin,et al.  The origins of structural operational semantics , 2004, J. Log. Algebraic Methods Program..

[16]  Derek M. Jones The New C Standard An Economic and Cultural Commentary , 2004 .

[17]  Michael Norrish A formal semantics for c , 2007 .

[18]  Narciso Martí-Oliet,et al.  All About Maude - A High-Performance Logical Framework, How to Specify, Program and Verify Systems in Rewriting Logic , 2007, All About Maude.

[19]  T. Wenzel C Torture , 2007 .

[20]  Chucky Ellison,et al.  A Rewriting Logic Approach to Type Inference , 2009, WADT.

[21]  Dan Grossman,et al.  A theory of platform-dependent low-level software , 2008, POPL '08.

[22]  Xavier Leroy,et al.  Mechanized Semantics for the Clight Subset of the C Language , 2009, Journal of Automated Reasoning.

[23]  Julien Signoles,et al.  Experience report: OCaml for an industrial-strength static analysis framework , 2009, ICFP.

[24]  Grigore Rosu,et al.  Runtime Verification of C Memory Safety , 2009, RV.

[25]  Chucky Ellison,et al.  Matching Logic: An Alternative to Hoare/Floyd Logic , 2010, AMAST.

[26]  Grigore Rosu,et al.  K-Maude: A Rewriting Based Tool for Semantics of Programming Languages , 2010, WRLA.

[27]  Grigore Rosu,et al.  An overview of the K semantic framework , 2010, J. Log. Algebraic Methods Program..

[28]  Grigore Rosu,et al.  Matching logic: a new program verification approach (NIER track) , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[29]  Xuejun Yang,et al.  Finding and understanding bugs in C compilers , 2011, PLDI '11.

[30]  An executable formal semantics of C with applications , 2012, POPL.