Abstract
The C11 standard of the C programming language does not specify the execution order of expressions. Besides, to make more effective optimizations possible (eg. delaying of side-effects and interleaving), it gives compilers in certain cases the freedom to use even more behaviors than just those of all execution orders.
Widely used C compilers actually exploit this freedom given by the C standard for optimizations, so it should be taken seriously in formal verification. This paper presents an operational and axiomatic semantics (based on separation logic) for non-determinism and sequence points in C. We prove soundness of our axiomatic semantics with respect to our operational semantics. This proof has been fully formalized using the Coq proof assistant.
Supplemental Material
- A. W. Appel. Tactics for Separation Logic, 2006. Available at http://www.cs.princeton.edu/~appel/papers/septacs.pdf.Google Scholar
- A. W. Appel and S. Blazy. Separation Logic for Small-Step Cminor. In TPHOLs, volume 4732 of LNCS, pages 5--21, 2007. Google Scholar
Digital Library
- J. Bengtson, J. B. Jensen, and L. Birkedal. Charge! -- A Framework for Higher-Order Separation Logic in Coq. In ITP, volume 7406 of LNCS, pages 315--331, 2012.Google Scholar
- J. Berdine, C. Calcagno, and P.W. O'Hearn. Symbolic Execution with Separation Logic. In APLAS, volume 3780 of LNCS, pages 52--68, 2005. Google Scholar
Digital Library
- P. E. Black and P. J. Windley. Inference Rules for Programming Languages with Side Effects in Expressions. In TPHOLs, volume 1125 of LNCS, pages 51--60, 1996. Google Scholar
Digital Library
- R. Bornat, C. Calcagno, P. W. O'Hearn, and M. J. Parkinson. Permission Accounting in Separation Logic. In POPL, pages 259--270, 2005. Google Scholar
Digital Library
- J. Boyland. Checking Interference with Fractional Permissions. In SAS, volume 2694 of LNCS, pages 55--72, 2003. Google Scholar
Digital Library
- C. Calcagno, P. W. O'Hearn, and H. Yang. Local Action and Abstract Separation Logic. In LICS, pages 366--378, 2007. Google Scholar
Digital Library
- B. Campbell. An Executable Semantics for CompCert C. In CPP, volume 7679 of LNCS, pages 60--75, 2012. Google Scholar
Digital Library
- A. Chlipala. Mostly-automated verification of low-level programs in computational separation logic. In PLDI, pages 234--245. ACM, 2011. Google Scholar
Digital Library
- R. Dockins, A. Hobor, and A. W. Appel. A Fresh Look at Separation Algebras and Share Accounting. In APLAS, volume 5904 of LNCS, pages 161--177, 2009. Google Scholar
Digital Library
- C. Ellison and G. Rosu. An executable formal semantics of C with applications. In POPL, pages 533--544, 2012. Google Scholar
Digital Library
- C. Ellison and G. Rosu. Slides of {12}, 2012. http://fsl.cs.uiuc.edu/pubs/ellison-rosu-2012-popl-slides.pdf.Google Scholar
- M. Felleisen, D. P. Friedman, E. E. Kohlbecker, and B. F. Duba. A syntactic theory of sequential control. Theoretical Computer Science, 52:205--237, 1987. Google Scholar
Digital Library
- P. Herms. Certification of a Tool Chain for Deductive Program Verification. PhD thesis, l'Université Paris-Sud, 2013.Google Scholar
- International Organization for Standardization. ISO/IEC 9899-2011: Programming languages -- C. ISO Working Group 14, 2012.Google Scholar
- B. W. Kernighan and D. M. Ritchie. The C Programming Language. Prentice Hall, 2nd edition, 1988. Google Scholar
Digital Library
- R. Krebbers. Non-determinism and sequence points in C (blog post), 2013. Available at http://gallium.inria.fr/blog/ non-determinism-and-sequence-points-in-c/.Google Scholar
- R. Krebbers. Aliasing restrictions of C11 formalized in Coq. In CPP, volume 8307 of LNCS, 2013.Google Scholar
- R. Krebbers and F. Wiedijk. A Formalization of the C99 Standard in HOL, Isabelle and Coq. In CICM, volume 6824 of LNAI, pages 297--299, 2011. Google Scholar
Digital Library
- R. Krebbers and F. Wiedijk. Separation Logic for Non-local Control Flow and Block Scope Variables. In FoSSaCS, volume 7794 of LNCS, pages 257--272, 2013. Google Scholar
Digital Library
- X. Leroy. A formally verified compiler back-end. Journal of Automated Reasoning, 43(4):363--446, 2009. Google Scholar
Digital Library
- X. Leroy. The CompCert verified compiler, software and commented proof. Available at http://compcert.inria.fr/, 2012.Google Scholar
- X. Leroy, A. W. Appel, S. Blazy, and G. Stewart. The CompCert Memory Model, Version 2. Research report RR-7987, INRIA, 2012.Google Scholar
- M. Norrish. C formalised in HOL. PhD thesis, University of Cambridge, 1998.Google Scholar
- M. Norrish. Deterministic Expressions in C. In ESOP, volume 1576 of LNCS, pages 147--161, 1999. Google Scholar
Digital Library
- P. W. O'Hearn. Resources, Concurrency and Local Reasoning. In CONCUR, volume 3170 of LNCS, pages 49--67, 2004.Google Scholar
- P. W. O'Hearn, J. C. Reynolds, and H. Yang. Local Reasoning about Programs that Alter Data Structures. In CSL, volume 2142 of LNCS, pages 1--19, 2001. Google Scholar
Digital Library
- D. v. Oheimb. Hoare logic for Java in Isabelle/HOL. Concurrency and Computation: Practice and Experience, 13(13):1173--1214, 2001.Google Scholar
Cross Ref
- N. Papaspyrou. A Formal Semantics for the C Programming Language. PhD thesis, National Technical University of Athens, 1998.Google Scholar
- J. Regehr, Y. Chen, P. Cuoq, E. Eide, C. Ellison, and X. Yang. Testcase reduction for C compiler bugs. In PLDI, pages 335--346, 2012. Google Scholar
Digital Library
- J. Sevcík, V. Vafeiadis, F. Z. Nardelli, S. Jagannathan, and P. Sewell. CompCertTSO: A Verified Compiler for Relaxed-Memory Concurrency. Journal of the ACM, 60(3):22, 2013. Google Scholar
Digital Library
- B. Spitters and E. van der Weegen. Type classes for mathematics in type theory. Mathematical Structures in Computer Science, 21(4): 795--825, 2011.Google Scholar
Cross Ref
Index Terms
An operational and axiomatic semantics for non-determinism and sequence points in C
Recommendations
An operational and axiomatic semantics for non-determinism and sequence points in C
POPL '14: Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming LanguagesThe C11 standard of the C programming language does not specify the execution order of expressions. Besides, to make more effective optimizations possible (eg. delaying of side-effects and interleaving), it gives compilers in certain cases the freedom ...
Call-by-push-value in Coq: operational, equational, and denotational theory
CPP 2019: Proceedings of the 8th ACM SIGPLAN International Conference on Certified Programs and ProofsCall-by-push-value (CBPV) is an idealised calculus for functional and imperative programming, introduced as a subsuming paradigm for both call-by-value (CBV) and call-by-name (CBN). We formalise weak and strong operational semantics for (effect-free) ...
Interactive proofs in higher-order concurrent separation logic
POPL '17When using a proof assistant to reason in an embedded logic -- like separation logic -- one cannot benefit from the proof contexts and basic tactics of the proof assistant. This results in proofs that are at a too low level of abstraction because they ...







Comments